| |
| |||||||
Log-Analyse und Auswertung: Trojaner "Trojan.Nymaim", Win 10 EducationWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
16.10.2018, 18:55
| #1 |
 |  Trojaner "Trojan.Nymaim", Win 10 Education Hallo, ich habe mir wohl eine Trojaner eingefangen. Bei Malwarebytes ist er unter dem Namen "Trojan.Nymaim" aufgeführt. Er war in einer Mail angehangen. Diese Mail war, anders als die bisherigen, wirklich täuschend echt. Auch die Absenderadresse war plausibel. Zudem hatten Sie meine kompletten Kontaktdaten inkl. Festnetz. Und da ich vor ca. einem Jahr mein Konto gewechselt habe, hätte es tatsächlich sein können, dass eine Abbuchung ausstand... Bisher habe ich lediglich den Trojaner mit Malwarebytes (vielleicht auch mit Avira, ich weiß es nicht mehr genau) in Quarantäne verschoben. Malwarebytes Code:
ATTFilter Malwarebytes
www.malwarebytes.com
-Protokolldetails-
Scan-Datum: 16.10.18
Scan-Zeit: 11:51
Protokolldatei: 1267515a-d129-11e8-bc2c-c85b769ffce5.json
-Softwaredaten-
Version: 3.6.1.2711
Komponentenversion: 1.0.365
Version des Aktualisierungspakets: 1.0.7379
Lizenz: Testversion
-Systemdaten-
Betriebssystem: Windows 10 (Build 16299.726)
CPU: x64
Dateisystem: NTFS
Benutzer: System
-Scan-Übersicht-
Scan-Typ: Bedrohungs-Scan
Scan gestartet von: Zeitplaner
Ergebnis: Abgeschlossen
Gescannte Objekte: 319700
Erkannte Bedrohungen: 1
In die Quarantäne verschobene Bedrohungen: 1
Abgelaufene Zeit: 7 Min., 19 Sek.
-Scan-Optionen-
Speicher: Aktiviert
Start: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Deaktiviert
Heuristik: Aktiviert
PUP: Erkennung
PUM: Erkennung
-Scan-Details-
Prozess: 0
(keine bösartigen Elemente erkannt)
Modul: 0
(keine bösartigen Elemente erkannt)
Registrierungsschlüssel: 0
(keine bösartigen Elemente erkannt)
Registrierungswert: 0
(keine bösartigen Elemente erkannt)
Registrierungsdaten: 0
(keine bösartigen Elemente erkannt)
Daten-Stream: 0
(keine bösartigen Elemente erkannt)
Ordner: 0
(keine bösartigen Elemente erkannt)
Datei: 1
Trojan.Nymaim, C:\PROGRAMDATA\SWITCHER-7\SWITCHER-0.EXE, In Quarantäne, [519], [582849],1.0.7379
Physischer Sektor: 0
(keine bösartigen Elemente erkannt)
WMI: 0
(keine bösartigen Elemente erkannt)
(end)
Leider weiß ich nicht, wie ich die log files von Avira bekomme. Habe Version 15.0.40.12. Die Anleitung im Forum bezieht sich auf eine alte Version von Avira. Gerne kann ich hier die log files nachliefern. Ich benötige allerdings eine kurze Erklärung, wie das funktioniert. FRST: Code:
ATTFilter Untersuchungsergebnis von Farbar Recovery Scan Tool (FRST) (x64) Version: 10.10.2018
durchgeführt von Daniel (Administrator) auf DESKTOP-K7CJ56O (16-10-2018 18:30:02)
Gestartet von C:\Users\Daniel\Downloads
Geladene Profile: Daniel & (Verfügbare Profile: defaultuser0 & Daniel)
Platform: Windows 10 Education Version 1709 16299.726 (X64) Sprache: Deutsch (Deutschland)
Internet Explorer Version 11 (Standard-Browser: "D:\Firefox\firefox.exe" -osint -url "%1")
Start-Modus: Normal
Anleitung für Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Prozesse (Nicht auf der Ausnahmeliste) =================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Prozess geschlossen. Die Datei wird nicht verschoben.)
(Lenovo.) C:\WINDOWS\System32\ibmpmsvc.exe
(Lenovo.) C:\WINDOWS\System32\LPlatSvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(Intel Corporation) C:\WINDOWS\System32\DriverStore\FileRepository\igdlh64.inf_amd64_ce1af3c67f44ff6b\igfxCUIService.exe
(Cisco Systems, Inc.) C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avguard.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Intel Corporation) C:\WINDOWS\System32\DriverStore\FileRepository\igdlh64.inf_amd64_ce1af3c67f44ff6b\IntelCpHDCPSvc.exe
(Windows (R) Win 7 DDK provider) C:\WINDOWS\System32\drivers\AdminService.exe
(Conexant Systems, Inc.) C:\Program Files\CONEXANT\SAII\CxUtilSvc.exe
(Conexant Systems Inc.) C:\WINDOWS\System32\CxAudMsg64.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
() C:\Program Files (x86)\Telekom\MagentaCloud\Updater\MaintenanceService.exe
(Malwarebytes) D:\Anti-Malware\MBAMService.exe
(Qualcomm Technologies Inc.) C:\WINDOWS\System32\drivers\QcomWlanSrvx64.exe
(Conexant Systems, Inc.) C:\WINDOWS\System32\SASrv.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
(TeamViewer GmbH) D:\Teamviewer\TeamViewer_Service.exe
(Intel Corporation) C:\WINDOWS\System32\DriverStore\FileRepository\igdlh64.inf_amd64_ce1af3c67f44ff6b\IntelCpHeciSvc.exe
(eVenture Limited) C:\Program Files (x86)\hide.me VPN\hidemesvc.exe
(Microsoft Corporation) C:\WINDOWS\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
(Realtek Semiconductor Corp.) C:\WINDOWS\RtsCM64.exe
(Intel Corporation) C:\WINDOWS\System32\DriverStore\FileRepository\igdlh64.inf_amd64_ce1af3c67f44ff6b\igfxEM.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Malwarebytes) D:\Anti-Malware\mbamtray.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avshadow.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
(Realtek semiconductor) C:\WINDOWS\RTFTrack.exe
() C:\Program Files (x86)\Telekom\MagentaCloud\MagentaCloud.App.exe
(Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
(Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
(Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
(Conexant Systems, Inc) C:\Program Files\CONEXANT\SAII\SmartAudio.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avgnt.exe
(Conexant Systems, Inc.) C:\Program Files\CONEXANT\cAudioFilterAgent\CAudioFilterAgent64.exe
() C:\Program Files\Dolby\Dolby DAX2\DAX2_API\DolbyDAX2API.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.Systray.exe
(Dropbox, Inc.) C:\WINDOWS\System32\DbxSvc.exe
(Microsoft Corporation) C:\WINDOWS\SystemApps\Microsoft.LockApp_cw5n1h2txyewy\LockApp.exe
(Lenovo.) C:\WINDOWS\System32\LPlatSvc.exe
(Microsoft Corporation) C:\WINDOWS\System32\dllhost.exe
(Malwarebytes) D:\Anti-Malware\mbam.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avscan.exe
(Mozilla Corporation) D:\Firefox\firefox.exe
(Mozilla Corporation) D:\Firefox\firefox.exe
(Mozilla Corporation) D:\Firefox\firefox.exe
(Mozilla Corporation) D:\Firefox\firefox.exe
(Mozilla Corporation) D:\Firefox\firefox.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
(Microsoft Corporation) C:\WINDOWS\System32\smartscreen.exe
(Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
==================== Registry (Nicht auf der Ausnahmeliste) ===========================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt. Die Datei wird nicht verschoben.)
HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [630168 2017-09-29] (Microsoft Corporation)
HKLM\...\Run: [iTunesHelper] => D:\Itunes\iTunesHelper.exe [176440 2017-01-19] (Apple Inc.)
HKLM\...\Run: [RtsFT] => C:\WINDOWS\RTFTrack.EXE [5456384 2016-11-14] (Realtek semiconductor)
HKLM-x32\...\Run: [Dropbox] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [3784512 2018-10-09] (Dropbox, Inc.)
HKLM-x32\...\Run: [IJNetworkScanUtility] => C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe [206240 2010-08-24] (CANON INC.)
HKLM-x32\...\Run: [Cisco AnyConnect Secure Mobility Agent for Windows] => C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe [766464 2016-02-29] (Cisco Systems, Inc.)
HKLM-x32\...\Run: [Avira SystrayStartTrigger] => C:\Program Files (x86)\Avira\Launcher\Avira.SystrayStartTrigger.exe [98024 2018-08-17] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [601424 2018-07-07] (Oracle Corporation)
HKU\S-1-5-21-3005747062-139439454-937356164-1000-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-10162018172311269\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [519680 2017-09-29] (Microsoft Corporation)
HKU\S-1-5-21-3005747062-139439454-937356164-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-10162018115149972\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [519680 2017-09-29] (Microsoft Corporation)
HKU\S-1-5-21-3005747062-139439454-937356164-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-10162018115227553\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [519680 2017-09-29] (Microsoft Corporation)
HKU\S-1-5-21-3005747062-139439454-937356164-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-10162018115419137\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [519680 2017-09-29] (Microsoft Corporation)
HKU\S-1-5-21-3005747062-139439454-937356164-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-10162018115856229\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [519680 2017-09-29] (Microsoft Corporation)
HKU\S-1-5-21-3005747062-139439454-937356164-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-10162018171924828\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [519680 2017-09-29] (Microsoft Corporation)
HKU\S-1-5-21-3005747062-139439454-937356164-1001\...\Run: [Steam] => E:\Steam\steam.exe [2881824 2017-01-19] (Valve Corporation)
HKU\S-1-5-21-3005747062-139439454-937356164-1001\...\Run: [DAEMON Tools Lite Automount] => D:\Daemon Tools\DAEMON Tools Lite\DTAgent.exe [4701888 2017-02-06] (Disc Soft Ltd)
HKU\S-1-5-21-3005747062-139439454-937356164-1001\...\Run: [Lync] => C:\Program Files (x86)\Microsoft Office\root\Office16\lync.exe [23800400 2018-10-13] (Microsoft Corporation)
HKU\S-1-5-21-3005747062-139439454-937356164-1001\...\Run: [Skype] => D:\Skype\Phone\Skype.exe [27427808 2017-02-08] (Skype Technologies S.A.)
HKU\S-1-5-21-3005747062-139439454-937356164-1001\...\Run: [iDevice Manager Launcher] => D:\iDevice Manager\Software4u.IDMLauncher.exe [224368 2017-10-23] (Marx Softwareentwicklung - www.software4u.de)
HKU\S-1-5-21-3005747062-139439454-937356164-1001\...\Run: [analogue-8] => C:\Users\Daniel\AppData\Local\analogue-5\analogue-7.exe -8f
HKU\S-1-5-21-3005747062-139439454-937356164-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-10162018115150011\...\Run: [Steam] => E:\Steam\steam.exe [2881824 2017-01-19] (Valve Corporation)
HKU\S-1-5-21-3005747062-139439454-937356164-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-10162018115150011\...\Run: [DAEMON Tools Lite Automount] => D:\Daemon Tools\DAEMON Tools Lite\DTAgent.exe [4701888 2017-02-06] (Disc Soft Ltd)
HKU\S-1-5-21-3005747062-139439454-937356164-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-10162018115150011\...\Run: [Lync] => C:\Program Files (x86)\Microsoft Office\root\Office16\lync.exe [23800400 2018-10-13] (Microsoft Corporation)
HKU\S-1-5-21-3005747062-139439454-937356164-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-10162018115150011\...\Run: [Skype] => D:\Skype\Phone\Skype.exe [27427808 2017-02-08] (Skype Technologies S.A.)
HKU\S-1-5-21-3005747062-139439454-937356164-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-10162018115150011\...\Run: [iDevice Manager Launcher] => D:\iDevice Manager\Software4u.IDMLauncher.exe [224368 2017-10-23] (Marx Softwareentwicklung - www.software4u.de)
HKU\S-1-5-21-3005747062-139439454-937356164-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-10162018115150011\...\Run: [analogue-8] => C:\Users\Daniel\AppData\Local\analogue-5\analogue-7.exe -8f
HKU\S-1-5-21-3005747062-139439454-937356164-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-10162018115227592\...\Run: [Steam] => E:\Steam\steam.exe [2881824 2017-01-19] (Valve Corporation)
HKU\S-1-5-21-3005747062-139439454-937356164-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-10162018115227592\...\Run: [DAEMON Tools Lite Automount] => D:\Daemon Tools\DAEMON Tools Lite\DTAgent.exe [4701888 2017-02-06] (Disc Soft Ltd)
HKU\S-1-5-21-3005747062-139439454-937356164-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-10162018115227592\...\Run: [Lync] => C:\Program Files (x86)\Microsoft Office\root\Office16\lync.exe [23800400 2018-10-13] (Microsoft Corporation)
HKU\S-1-5-21-3005747062-139439454-937356164-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-10162018115227592\...\Run: [Skype] => D:\Skype\Phone\Skype.exe [27427808 2017-02-08] (Skype Technologies S.A.)
HKU\S-1-5-21-3005747062-139439454-937356164-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-10162018115227592\...\Run: [iDevice Manager Launcher] => D:\iDevice Manager\Software4u.IDMLauncher.exe [224368 2017-10-23] (Marx Softwareentwicklung - www.software4u.de)
HKU\S-1-5-21-3005747062-139439454-937356164-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-10162018115227592\...\Run: [analogue-8] => C:\Users\Daniel\AppData\Local\analogue-5\analogue-7.exe -8f
HKU\S-1-5-21-3005747062-139439454-937356164-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-10162018115419187\...\Run: [Steam] => E:\Steam\steam.exe [2881824 2017-01-19] (Valve Corporation)
HKU\S-1-5-21-3005747062-139439454-937356164-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-10162018115419187\...\Run: [DAEMON Tools Lite Automount] => D:\Daemon Tools\DAEMON Tools Lite\DTAgent.exe [4701888 2017-02-06] (Disc Soft Ltd)
HKU\S-1-5-21-3005747062-139439454-937356164-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-10162018115419187\...\Run: [Lync] => C:\Program Files (x86)\Microsoft Office\root\Office16\lync.exe [23800400 2018-10-13] (Microsoft Corporation)
HKU\S-1-5-21-3005747062-139439454-937356164-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-10162018115419187\...\Run: [Skype] => D:\Skype\Phone\Skype.exe [27427808 2017-02-08] (Skype Technologies S.A.)
HKU\S-1-5-21-3005747062-139439454-937356164-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-10162018115419187\...\Run: [iDevice Manager Launcher] => D:\iDevice Manager\Software4u.IDMLauncher.exe [224368 2017-10-23] (Marx Softwareentwicklung - www.software4u.de)
HKU\S-1-5-21-3005747062-139439454-937356164-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-10162018115419187\...\Run: [analogue-8] => C:\Users\Daniel\AppData\Local\analogue-5\analogue-7.exe -8f
HKU\S-1-5-21-3005747062-139439454-937356164-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-10162018115856319\...\Run: [Steam] => E:\Steam\steam.exe [2881824 2017-01-19] (Valve Corporation)
HKU\S-1-5-21-3005747062-139439454-937356164-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-10162018115856319\...\Run: [DAEMON Tools Lite Automount] => D:\Daemon Tools\DAEMON Tools Lite\DTAgent.exe [4701888 2017-02-06] (Disc Soft Ltd)
HKU\S-1-5-21-3005747062-139439454-937356164-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-10162018115856319\...\Run: [Lync] => C:\Program Files (x86)\Microsoft Office\root\Office16\lync.exe [23800400 2018-10-13] (Microsoft Corporation)
HKU\S-1-5-21-3005747062-139439454-937356164-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-10162018115856319\...\Run: [Skype] => D:\Skype\Phone\Skype.exe [27427808 2017-02-08] (Skype Technologies S.A.)
HKU\S-1-5-21-3005747062-139439454-937356164-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-10162018115856319\...\Run: [iDevice Manager Launcher] => D:\iDevice Manager\Software4u.IDMLauncher.exe [224368 2017-10-23] (Marx Softwareentwicklung - www.software4u.de)
HKU\S-1-5-21-3005747062-139439454-937356164-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-10162018115856319\...\Run: [analogue-8] => C:\Users\Daniel\AppData\Local\analogue-5\analogue-7.exe -8f
HKU\S-1-5-21-3005747062-139439454-937356164-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-10162018171924902\...\Run: [Steam] => E:\Steam\steam.exe [2881824 2017-01-19] (Valve Corporation)
HKU\S-1-5-21-3005747062-139439454-937356164-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-10162018171924902\...\Run: [DAEMON Tools Lite Automount] => D:\Daemon Tools\DAEMON Tools Lite\DTAgent.exe [4701888 2017-02-06] (Disc Soft Ltd)
HKU\S-1-5-21-3005747062-139439454-937356164-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-10162018171924902\...\Run: [Lync] => C:\Program Files (x86)\Microsoft Office\root\Office16\lync.exe [23800400 2018-10-13] (Microsoft Corporation)
HKU\S-1-5-21-3005747062-139439454-937356164-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-10162018171924902\...\Run: [Skype] => D:\Skype\Phone\Skype.exe [27427808 2017-02-08] (Skype Technologies S.A.)
HKU\S-1-5-21-3005747062-139439454-937356164-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-10162018171924902\...\Run: [iDevice Manager Launcher] => D:\iDevice Manager\Software4u.IDMLauncher.exe [224368 2017-10-23] (Marx Softwareentwicklung - www.software4u.de)
HKU\S-1-5-21-3005747062-139439454-937356164-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-10162018171924902\...\Run: [analogue-8] => C:\Users\Daniel\AppData\Local\analogue-5\analogue-7.exe -8f
Startup: C:\Users\Daniel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\bacteria-14.lnk [2018-10-15]
ShortcutTarget: bacteria-14.lnk -> C:\Users\Daniel\AppData\Roaming\bacteria-4\bacteria-5.exe (Keine Datei)
Startup: C:\Users\Daniel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MagentaCLOUD.lnk [2018-10-16]
ShortcutTarget: MagentaCLOUD.lnk -> C:\Program Files (x86)\Telekom\MagentaCloud\MagentaCloud.App.exe ()
GroupPolicy: Beschränkung ? <==== ACHTUNG
==================== Internet (Nicht auf der Ausnahmeliste) ====================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Eintrag entfernt oder auf den Standardwert zurückgesetzt, wenn es sich um einen Registryeintrag handelt.)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
Tcpip\..\Interfaces\{5e78ada2-0108-4a65-8452-84dbf19aaf54}: [NameServer] 208.67.222.222,208.67.220.220
Tcpip\..\Interfaces\{5e78ada2-0108-4a65-8452-84dbf19aaf54}: [DhcpNameServer] 192.168.178.1
Tcpip\..\Interfaces\{fcb6b519-3f7d-4946-8826-af0af252aa0c}: [DhcpNameServer] 192.168.2.1
Internet Explorer:
==================
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-3005747062-139439454-937356164-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02
SearchScopes: HKU\S-1-5-21-3005747062-139439454-937356164-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02
SearchScopes: HKU\S-1-5-21-3005747062-139439454-937356164-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-10162018115150011 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02
SearchScopes: HKU\S-1-5-21-3005747062-139439454-937356164-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-10162018115150011 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02
SearchScopes: HKU\S-1-5-21-3005747062-139439454-937356164-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-10162018115227592 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02
SearchScopes: HKU\S-1-5-21-3005747062-139439454-937356164-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-10162018115227592 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02
SearchScopes: HKU\S-1-5-21-3005747062-139439454-937356164-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-10162018115419187 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02
SearchScopes: HKU\S-1-5-21-3005747062-139439454-937356164-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-10162018115419187 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02
SearchScopes: HKU\S-1-5-21-3005747062-139439454-937356164-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-10162018115856319 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02
SearchScopes: HKU\S-1-5-21-3005747062-139439454-937356164-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-10162018115856319 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02
SearchScopes: HKU\S-1-5-21-3005747062-139439454-937356164-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-10162018171924902 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02
SearchScopes: HKU\S-1-5-21-3005747062-139439454-937356164-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-10162018171924902 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2018-10-13] (Microsoft Corporation)
BHO: Citavi Picker -> {609D670F-B735-4da7-AC6D-F3BD358E325E} -> C:\WINDOWS\system32\mscoree.dll [2017-09-29] (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_181\bin\ssv.dll [2018-08-16] (Oracle Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_181\bin\jp2ssv.dll [2018-08-16] (Oracle Corporation)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\Office16\OCHelper.dll [2018-09-08] (Microsoft Corporation)
BHO-x32: PDF Architect 4 Helper -> {38279E1A-7019-40C1-B579-E99DFB3312E8} -> C:\Program Files (x86)\PDF Architect 4\creator-ie-helper.dll [2016-08-05] (pdfforge GmbH)
BHO-x32: Citavi Picker -> {609D670F-B735-4da7-AC6D-F3BD358E325E} -> C:\WINDOWS\SysWOW64\mscoree.dll [2017-09-29] (Microsoft Corporation)
Toolbar: HKLM-x32 - PDF Architect 4 Toolbar - {23FD9C33-A9E1-48A1-8404-E5925CF1C8E1} - C:\Program Files (x86)\PDF Architect 4\creator-ie-plugin.dll [2016-08-05] (pdfforge GmbH)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2018-10-03] (Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2018-10-03] (Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2018-10-03] (Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2018-10-03] (Microsoft Corporation)
Edge:
======
Edge Extension: (AutoFormFill) -> AutoFormFill_5ED10D46BD7E47DEB1F3685D2C0FCE08 => C:\WINDOWS\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\AutoFormFill [2017-09-29]
Edge Extension: (LearningTools) -> LearningTools_7706F933-971C-41D1-9899-8A026EB5D824 => C:\WINDOWS\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\LearningTools [2018-03-15]
FireFox:
========
FF DefaultProfile: uvy3n8pd.default
FF ProfilePath: C:\Users\Daniel\AppData\Roaming\Mozilla\Firefox\Profiles\uvy3n8pd.default [2018-10-16]
FF Homepage: Mozilla\Firefox\Profiles\uvy3n8pd.default -> about:home
FF NewTabOverride: Mozilla\Firefox\Profiles\uvy3n8pd.default -> Disabled: mailcheck@gmx.net
FF Extension: (Avira Browserschutz) - C:\Users\Daniel\AppData\Roaming\Mozilla\Firefox\Profiles\uvy3n8pd.default\Extensions\abs@avira.com.xpi [2018-09-08]
FF Extension: (Google Scholar-Schaltfläche) - C:\Users\Daniel\AppData\Roaming\Mozilla\Firefox\Profiles\uvy3n8pd.default\Extensions\button@scholar.google.com.xpi [2018-09-01]
FF Extension: (GMX MailCheck) - C:\Users\Daniel\AppData\Roaming\Mozilla\Firefox\Profiles\uvy3n8pd.default\Extensions\mailcheck@gmx.net.xpi [2018-07-21]
FF Extension: (Video DownloadHelper) - C:\Users\Daniel\AppData\Roaming\Mozilla\Firefox\Profiles\uvy3n8pd.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}.xpi [2018-08-03]
FF Extension: (Telemetry coverage) - C:\Users\Daniel\AppData\Roaming\Mozilla\Firefox\Profiles\uvy3n8pd.default\features\{b5c108f1-0c00-4377-8e7f-0f06b5ae79fe}\telemetry-coverage-bug1487578@mozilla.org.xpi [2018-10-11] [Legacy]
FF SearchPlugin: C:\Users\Daniel\AppData\Roaming\Mozilla\Firefox\Profiles\uvy3n8pd.default\searchplugins\bing-lavasoft.xml [2017-02-11]
FF HKLM\...\Firefox\Extensions: [pdf_architect_4_conv@pdfarchitect.org] - C:\Program Files\PDF Architect 4\resources\pdfarchitect4firefoxextension
FF Extension: (PDF Architect 4 Creator) - C:\Program Files\PDF Architect 4\resources\pdfarchitect4firefoxextension [2017-02-11] [Legacy] [ist nicht signiert]
FF HKLM-x32\...\Firefox\Extensions: [{8AA36F4F-6DC7-4c06-77AF-5035170634FE}] - C:\ProgramData\Swiss Academic Software\Citavi Picker\Firefox
FF Extension: (Citavi Picker) - C:\ProgramData\Swiss Academic Software\Citavi Picker\Firefox [2017-02-11] [Legacy]
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_28_0_0_137.dll [2018-02-02] ()
FF Plugin: @java.com/DTPlugin,version=11.181.2 -> C:\Program Files\Java\jre1.8.0_181\bin\dtplugin\npDeployJava1.dll [2018-08-16] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.181.2 -> C:\Program Files\Java\jre1.8.0_181\bin\plugin2\npjp2.dll [2018-08-16] (Oracle Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_28_0_0_137.dll [2018-02-02] ()
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2018-09-08] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2018-09-08] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-17] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-17] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.2.4 -> D:\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2018-10-06] (Adobe Systems Inc.)
StartMenuInternet: FIREFOX.EXE - D:\Firefox\firefox.exe
Chrome:
=======
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [ohgndokldibnndfnjnagojmheejlengn] - hxxps://clients2.google.com/service/update2/crx
Opera:
=======
OPR StartupUrls: "hxxp://postbank.de/"
OPR Session Restore: -> ist aktiviert.
StartMenuInternet: (HKLM) OperaStable - D:\Opera\Launcher.exe
==================== Dienste (Nicht auf der Ausnahmeliste) ====================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
S2 AntiVirMailService; C:\Program Files (x86)\Avira\Antivirus\avmailc7.exe [895056 2018-09-04] (Avira Operations GmbH & Co. KG)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\Antivirus\sched.exe [226000 2018-09-04] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\Antivirus\avguard.exe [226000 2018-09-04] (Avira Operations GmbH & Co. KG)
S2 AntiVirWebService; C:\Program Files (x86)\Avira\Antivirus\avwebg7.exe [1148568 2018-09-04] (Avira Operations GmbH & Co. KG)
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2016-09-22] (Apple Inc.)
R2 AtherosSvc; C:\WINDOWS\system32\DRIVERS\AdminService.exe [415720 2018-04-01] (Windows (R) Win 7 DDK provider)
R2 Avira.ServiceHost; C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe [436848 2018-08-17] (Avira Operations GmbH & Co. KG)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [9677088 2018-09-29] (Microsoft Corporation)
R2 CxUtilSvc; C:\Program Files\Conexant\SAII\CxUtilSvc.exe [132096 2016-05-12] (Conexant Systems, Inc.) [Datei ist nicht signiert]
R2 DAX2API; C:\Program Files\Dolby\Dolby DAX2\DAX2_API\DolbyDAX2API.exe [154816 2016-07-18] ()
S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2017-01-14] (Dropbox, Inc.)
S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2017-01-14] (Dropbox, Inc.)
R2 DbxSvc; C:\WINDOWS\system32\DbxSvc.exe [51024 2018-10-09] (Dropbox, Inc.)
S3 Disc Soft Lite Bus Service; D:\Daemon Tools\DAEMON Tools Lite\DiscSoftBusServiceLite.exe [1471168 2017-02-06] (Disc Soft Ltd)
R2 hmevpnsvc; C:\Program Files (x86)\hide.me VPN\hidemesvc.exe [138960 2017-04-02] (eVenture Limited)
R2 LPlatSvc; C:\WINDOWS\system32\LPlatSvc.exe [711256 2016-11-01] (Lenovo.)
R2 MagentaCLOUDMaintenanceService; C:\Program Files (x86)\Telekom\MagentaCloud\Updater\MaintenanceService.exe [945352 2018-05-15] ()
R2 MBAMService; D:\Anti-Malware\mbamservice.exe [6347056 2018-09-19] (Malwarebytes)
S3 PDF Architect 4; C:\Program Files\PDF Architect 4\ws.exe [2438880 2016-08-05] (pdfforge GmbH)
S3 PDF Architect 4 CrashHandler; C:\Program Files\PDF Architect 4\crash-handler-ws.exe [1038048 2016-08-05] (pdfforge GmbH)
S4 PDF Architect 4 Creator; C:\Program Files\PDF Architect 4\creator-ws.exe [851168 2016-08-05] (pdfforge GmbH)
S4 PDF Architect 4 Manager; C:\ProgramData\pdfforge\PDF Architect 4 Manager\PDF Architect 4\Architect Manager.exe [972056 2016-05-18] (© pdfforge GmbH.)
R2 QcomWlanSrv; C:\WINDOWS\System32\drivers\QcomWlanSrvx64.exe [190816 2018-06-29] (Qualcomm Technologies Inc.)
R2 SAService; C:\WINDOWS\system32\SAsrv.exe [409088 2016-07-27] (Conexant Systems, Inc.) [Datei ist nicht signiert]
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [4329952 2017-11-26] (Microsoft Corporation)
S4 SkypeUpdate; D:\Skype\Updater\Updater.exe [317400 2017-01-16] (Skype Technologies)
R2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [277000 2018-07-13] (Synaptics Incorporated)
R2 TeamViewer; D:\Teamviewer\TeamViewer_Service.exe [11644656 2018-08-13] (TeamViewer GmbH)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [355304 2017-09-29] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [105944 2017-09-29] (Microsoft Corporation)
R2 NVDisplay.ContainerLocalSystem; "C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe" -s NVDisplay.ContainerLocalSystem -f "C:\ProgramData\NVIDIA\NVDisplay.ContainerLocalSystem.log" -l 3 -d "C:\Program Files\NVIDIA Corporation\Display.NvContainer\plugins\LocalSystem" -r -p 30000
===================== Treiber (Nicht auf der Ausnahmeliste) ======================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
R0 avdevprot; C:\WINDOWS\System32\DRIVERS\avdevprot.sys [69656 2018-08-13] (Avira Operations GmbH & Co. KG)
R2 avgntflt; C:\WINDOWS\System32\DRIVERS\avgntflt.sys [179376 2018-07-10] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\WINDOWS\system32\DRIVERS\avipbb.sys [169864 2018-07-10] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\WINDOWS\system32\DRIVERS\avkmgr.sys [44488 2017-03-29] (Avira Operations GmbH & Co. KG)
R2 avnetflt; C:\WINDOWS\system32\DRIVERS\avnetflt.sys [88488 2017-03-29] (Avira Operations GmbH & Co. KG)
R0 avusbflt; C:\WINDOWS\System32\Drivers\avusbflt.sys [38048 2017-06-21] (Avira Operations GmbH & Co. KG)
R3 BHTPCRDR; C:\WINDOWS\System32\drivers\bhtpcrdr.sys [184856 2016-08-15] (BayHubTech/O2Micro )
R3 BtFilter; C:\WINDOWS\system32\DRIVERS\btfilter.sys [72032 2018-04-01] (Qualcomm)
S3 dg_ssudbus; C:\WINDOWS\system32\DRIVERS\ssudbus.sys [131712 2016-09-05] (Samsung Electronics Co., Ltd.)
R3 dtlitescsibus; C:\WINDOWS\System32\drivers\dtlitescsibus.sys [30264 2017-05-11] (Disc Soft Ltd)
R3 dtliteusbbus; C:\WINDOWS\System32\drivers\dtliteusbbus.sys [47672 2017-05-11] (Disc Soft Ltd)
R1 ESProtectionDriver; C:\WINDOWS\system32\drivers\mbae64.sys [152688 2018-09-11] (Malwarebytes)
R0 iaStorAC; C:\WINDOWS\System32\drivers\iaStorAC.sys [941624 2018-01-26] (Intel Corporation)
R2 MBAMChameleon; C:\WINDOWS\System32\Drivers\MbamChameleon.sys [200232 2018-10-15] (Malwarebytes)
R3 MBAMFarflt; C:\WINDOWS\System32\DRIVERS\farflt.sys [118584 2018-10-16] (Malwarebytes)
R3 MBAMProtection; C:\WINDOWS\system32\DRIVERS\mbam.sys [58400 2018-10-16] (Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [260384 2018-10-16] (Malwarebytes)
R3 MBAMWebProtection; C:\WINDOWS\system32\DRIVERS\mwac.sys [110424 2018-10-16] (Malwarebytes)
R3 nvlddmkm; C:\WINDOWS\System32\DriverStore\FileRepository\nvlt.inf_amd64_6608c7a6e4ffbd7d\nvlddmkm.sys [14456912 2017-05-31] (NVIDIA Corporation)
R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [604160 2017-09-29] (Realtek )
R3 rtsuvc; C:\WINDOWS\system32\DRIVERS\rtsuvc.sys [3150848 2016-11-14] (Realtek Semiconductor Corp.)
R3 SmbDrvI; C:\WINDOWS\system32\DRIVERS\Smb_driver_Intel.sys [54800 2018-07-13] (Synaptics Incorporated)
S3 ssudmdm; C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [165504 2016-09-05] (Samsung Electronics Co., Ltd.)
S3 vpnva; C:\WINDOWS\System32\drivers\vpnva64-6.sys [52592 2016-02-29] (Cisco Systems, Inc.)
S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [44608 2017-09-29] (Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [309144 2017-09-29] (Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [119192 2017-09-29] (Microsoft Corporation)
==================== NetSvcs (Nicht auf der Ausnahmeliste) ===================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
==================== Ein Monat: Erstellte Dateien und Ordner ========
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)
2018-10-16 18:30 - 2018-10-16 18:30 - 000033177 _____ C:\Users\Daniel\Downloads\FRST.txt
2018-10-16 18:29 - 2018-10-16 18:30 - 000000000 ____D C:\FRST
2018-10-16 18:29 - 2018-10-16 18:29 - 002414592 _____ (Farbar) C:\Users\Daniel\Downloads\FRST64.exe
2018-10-16 11:50 - 2018-10-16 17:20 - 000110424 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mwac.sys
2018-10-16 11:50 - 2018-10-16 11:50 - 000260384 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys
2018-10-16 11:50 - 2018-10-16 11:50 - 000118584 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\farflt.sys
2018-10-16 11:50 - 2018-10-16 11:50 - 000058400 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2018-10-15 18:36 - 2018-10-15 18:36 - 000000000 ____D C:\Users\Daniel\AppData\Local\mbam
2018-10-15 18:23 - 2018-10-15 18:23 - 000200232 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamChameleon.sys
2018-10-15 18:23 - 2018-10-15 18:23 - 000000000 ____D C:\Users\Daniel\AppData\Local\mbamtray
2018-10-15 18:23 - 2018-10-15 18:23 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2018-10-15 18:22 - 2018-09-11 13:18 - 000152688 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbae64.sys
2018-10-13 07:26 - 2018-10-13 07:26 - 000002589 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Word.lnk
2018-10-13 07:26 - 2018-10-13 07:26 - 000002585 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Excel.lnk
2018-10-13 07:26 - 2018-10-13 07:26 - 000002564 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PowerPoint.lnk
2018-10-13 07:26 - 2018-10-13 07:26 - 000002542 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype for Business.lnk
2018-10-13 07:26 - 2018-10-13 07:26 - 000002539 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Publisher.lnk
2018-10-13 07:26 - 2018-10-13 07:26 - 000002506 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Access.lnk
2018-10-13 07:26 - 2018-10-13 07:26 - 000002503 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OneNote 2016.lnk
2018-10-13 07:26 - 2018-10-13 07:26 - 000002475 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Outlook.lnk
2018-10-13 07:26 - 2018-10-13 07:26 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Tools
2018-10-11 14:48 - 2018-09-25 07:35 - 002868736 _____ (Microsoft Corporation) C:\WINDOWS\system32\aitstatic.exe
2018-10-11 14:48 - 2018-09-25 07:35 - 001638528 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32full.dll
2018-10-11 14:48 - 2018-09-25 07:35 - 001610752 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2018-10-11 14:48 - 2018-09-25 07:35 - 000792568 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
2018-10-11 14:48 - 2018-09-25 07:35 - 000689664 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2018-10-11 14:48 - 2018-09-25 07:35 - 000612352 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2018-10-11 14:48 - 2018-09-25 07:35 - 000480768 _____ (Microsoft Corporation) C:\WINDOWS\system32\dcntel.dll
2018-10-11 14:48 - 2018-09-25 07:35 - 000462848 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepic.dll
2018-10-11 14:48 - 2018-09-25 07:35 - 000452096 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll
2018-10-11 14:48 - 2018-09-25 07:35 - 000309760 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2018-10-11 14:48 - 2018-09-25 07:35 - 000144896 _____ (Microsoft Corporation) C:\WINDOWS\system32\CompatTelRunner.exe
2018-10-11 14:48 - 2018-09-25 07:35 - 000070136 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32appinventorycsp.dll
2018-10-11 14:48 - 2018-09-25 07:35 - 000035368 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceCensus.exe
2018-10-11 14:48 - 2018-09-25 07:31 - 008619024 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2018-10-11 14:48 - 2018-09-25 07:30 - 002395664 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys
2018-10-11 14:48 - 2018-09-25 07:29 - 000542736 _____ (Microsoft Corporation) C:\WINDOWS\system32\pcasvc.dll
2018-10-11 14:48 - 2018-09-25 07:28 - 002568232 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2018-10-11 14:48 - 2018-09-25 07:27 - 001757824 _____ (Microsoft Corporation) C:\WINDOWS\system32\WindowsCodecs.dll
2018-10-11 14:48 - 2018-09-25 07:27 - 000749584 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys
2018-10-11 14:48 - 2018-09-25 07:27 - 000409104 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys
2018-10-11 14:48 - 2018-09-25 07:26 - 002413816 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml6.dll
2018-10-11 14:48 - 2018-09-25 07:26 - 000494592 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb.sys
2018-10-11 14:48 - 2018-09-25 07:23 - 002774528 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
2018-10-11 14:48 - 2018-09-25 07:23 - 000284744 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmpeffects.dll
2018-10-11 14:48 - 2018-09-25 06:32 - 001433264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32full.dll
2018-10-11 14:48 - 2018-09-25 06:32 - 000380936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aepic.dll
2018-10-11 14:48 - 2018-09-25 06:28 - 025267200 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2018-10-11 14:48 - 2018-09-25 06:17 - 001503504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WindowsCodecs.dll
2018-10-11 14:48 - 2018-09-25 06:16 - 000097792 _____ C:\WINDOWS\system32\runexehelper.exe
2018-10-11 14:48 - 2018-09-25 06:15 - 003661824 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2018-10-11 14:48 - 2018-09-25 06:15 - 001991280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml6.dll
2018-10-11 14:48 - 2018-09-25 06:14 - 000858624 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusUpdateHandlers.dll
2018-10-11 14:48 - 2018-09-25 06:14 - 000402432 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotification.exe
2018-10-11 14:48 - 2018-09-25 06:14 - 000206848 _____ (Microsoft Corporation) C:\WINDOWS\system32\IndexedDbLegacy.dll
2018-10-11 14:48 - 2018-09-25 06:14 - 000100352 _____ (Microsoft Corporation) C:\WINDOWS\system32\utcutil.dll
2018-10-11 14:48 - 2018-09-25 06:13 - 007545344 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2018-10-11 14:48 - 2018-09-25 06:12 - 000200704 _____ (Microsoft Corporation) C:\WINDOWS\system32\EdgeManager.dll
2018-10-11 14:48 - 2018-09-25 06:12 - 000104960 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
2018-10-11 14:48 - 2018-09-25 06:12 - 000041984 _____ (Microsoft Corporation) C:\WINDOWS\system32\LaunchWinApp.exe
2018-10-11 14:48 - 2018-09-25 06:11 - 000251200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wmpeffects.dll
2018-10-11 14:48 - 2018-09-25 06:10 - 023679488 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2018-10-11 14:48 - 2018-09-25 06:10 - 000675328 _____ (Microsoft Corporation) C:\WINDOWS\system32\webplatstorageserver.dll
2018-10-11 14:48 - 2018-09-25 06:10 - 000128000 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmpshell.dll
2018-10-11 14:48 - 2018-09-25 06:08 - 001498112 _____ (Microsoft Corporation) C:\WINDOWS\system32\WebRuntimeManager.dll
2018-10-11 14:48 - 2018-09-25 06:07 - 001574912 _____ (Microsoft Corporation) C:\WINDOWS\system32\enterprisecsps.dll
2018-10-11 14:48 - 2018-09-25 06:05 - 002873856 _____ (Microsoft Corporation) C:\WINDOWS\system32\themeui.dll
2018-10-11 14:48 - 2018-09-25 06:05 - 000430592 _____ (Microsoft Corporation) C:\WINDOWS\system32\PhotoMetadataHandler.dll
2018-10-11 14:48 - 2018-09-25 06:04 - 000984064 _____ (Microsoft Corporation) C:\WINDOWS\system32\IKEEXT.DLL
2018-10-11 14:48 - 2018-09-25 06:03 - 013713920 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmp.dll
2018-10-11 14:48 - 2018-09-25 06:03 - 008065024 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2018-10-11 14:48 - 2018-09-25 06:03 - 004508160 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2018-10-11 14:48 - 2018-09-25 06:01 - 002637312 _____ (Microsoft Corporation) C:\WINDOWS\system32\diagtrack.dll
2018-10-11 14:48 - 2018-09-25 06:01 - 001856512 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml3.dll
2018-10-11 14:48 - 2018-09-25 06:00 - 001808384 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2018-10-11 14:48 - 2018-09-25 05:57 - 002901504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
2018-10-11 14:48 - 2018-09-25 05:57 - 000162304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\IndexedDbLegacy.dll
2018-10-11 14:48 - 2018-09-25 05:56 - 000067584 _____ (Microsoft Corporation) C:\WINDOWS\system32\pcadm.dll
2018-10-11 14:48 - 2018-09-25 05:56 - 000050176 _____ (Microsoft Corporation) C:\WINDOWS\system32\pcalua.exe
2018-10-11 14:48 - 2018-09-25 05:56 - 000012800 _____ (Microsoft Corporation) C:\WINDOWS\system32\pcaevts.dll
2018-10-11 14:48 - 2018-09-25 05:54 - 000155136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\EdgeManager.dll
2018-10-11 14:48 - 2018-09-25 05:54 - 000079360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakradiag.dll
2018-10-11 14:48 - 2018-09-25 05:53 - 000103424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wmpshell.dll
2018-10-11 14:48 - 2018-09-25 05:52 - 000459776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webplatstorageserver.dll
2018-10-11 14:48 - 2018-09-25 05:51 - 019359744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2018-10-11 14:48 - 2018-09-25 05:51 - 018946048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2018-10-11 14:48 - 2018-09-25 05:50 - 000336384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PhotoMetadataHandler.dll
2018-10-11 14:48 - 2018-09-25 05:49 - 012730880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wmp.dll
2018-10-11 14:48 - 2018-09-25 05:49 - 006466560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2018-10-11 14:48 - 2018-09-25 05:47 - 001587712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml3.dll
2018-10-11 14:48 - 2018-09-25 05:46 - 006015488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2018-10-11 14:48 - 2018-09-25 05:45 - 004044800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2018-10-11 14:48 - 2018-09-25 05:45 - 002815488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\themeui.dll
2018-10-11 14:48 - 2018-09-25 05:45 - 001565696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2018-10-11 14:48 - 2018-09-25 02:56 - 000343552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msrd3x40.dll
2018-10-11 14:48 - 2018-09-23 07:26 - 000925064 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
2018-10-11 14:48 - 2018-09-23 07:25 - 001416776 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2018-10-11 14:48 - 2018-09-23 07:25 - 001210688 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2018-10-11 14:48 - 2018-09-23 07:25 - 001092640 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2018-10-11 14:48 - 2018-09-23 07:21 - 000893440 _____ (Microsoft Corporation) C:\WINDOWS\system32\WWAHost.exe
2018-10-11 14:48 - 2018-09-23 07:21 - 000248328 _____ (Microsoft Corporation) C:\WINDOWS\system32\browserbroker.dll
2018-10-11 14:48 - 2018-09-23 07:17 - 001778488 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVEntVirtualization.dll
2018-10-11 14:48 - 2018-09-23 07:17 - 001627960 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVIntegration.dll
2018-10-11 14:48 - 2018-09-23 07:17 - 001420600 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVEntSubsystemController.dll
2018-10-11 14:48 - 2018-09-23 07:17 - 001051640 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVPolicy.dll
2018-10-11 14:48 - 2018-09-23 07:17 - 000963896 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVManifest.dll
2018-10-11 14:48 - 2018-09-23 07:17 - 000831488 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVOrchestration.dll
2018-10-11 14:48 - 2018-09-23 07:17 - 000813880 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVEntStreamingManager.dll
2018-10-11 14:48 - 2018-09-23 07:17 - 000744952 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVReporting.dll
2018-10-11 14:48 - 2018-09-23 07:17 - 000670008 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVCatalog.dll
2018-10-11 14:48 - 2018-09-23 07:17 - 000645624 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVPublishing.dll
2018-10-11 14:48 - 2018-09-23 07:17 - 000616888 _____ (Microsoft Corporation) C:\WINDOWS\system32\services.exe
2018-10-11 14:48 - 2018-09-23 07:17 - 000494904 _____ (Microsoft Corporation) C:\WINDOWS\system32\TransportDSA.dll
2018-10-11 14:48 - 2018-09-23 07:17 - 000397816 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVScripting.dll
2018-10-11 14:48 - 2018-09-23 07:17 - 000231224 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVShNotify.exe
2018-10-11 14:48 - 2018-09-23 07:17 - 000035328 _____ C:\WINDOWS\system32\SyncAppvPublishingServer.exe
2018-10-11 14:48 - 2018-09-23 06:37 - 000793400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WWAHost.exe
2018-10-11 14:48 - 2018-09-23 06:13 - 000293888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WwaApi.dll
2018-10-11 14:48 - 2018-09-23 06:12 - 013704192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2018-10-11 14:48 - 2018-09-23 06:11 - 001329664 _____ (Microsoft Corporation) C:\WINDOWS\system32\usocore.dll
2018-10-11 14:48 - 2018-09-23 06:09 - 002890240 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.Resources.dll
2018-10-11 14:48 - 2018-09-23 06:08 - 000331264 _____ (Microsoft Corporation) C:\WINDOWS\system32\browserexport.exe
2018-10-11 14:48 - 2018-09-23 06:08 - 000033792 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups2.dll
2018-10-11 14:48 - 2018-09-23 06:07 - 001668096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UIAutomationCore.dll
2018-10-11 14:48 - 2018-09-23 06:07 - 000170496 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhosdeployment.dll
2018-10-11 14:48 - 2018-09-23 06:04 - 017160704 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2018-10-11 14:48 - 2018-09-23 06:03 - 000354304 _____ (Microsoft Corporation) C:\WINDOWS\system32\WwaApi.dll
2018-10-11 14:48 - 2018-09-23 06:01 - 002088448 _____ (Microsoft Corporation) C:\WINDOWS\system32\UIAutomationCore.dll
2018-10-11 14:48 - 2018-09-23 06:01 - 001496064 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.desktop.dll
2018-10-11 14:48 - 2018-09-23 05:59 - 002212352 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll
2018-10-11 14:48 - 2018-09-23 05:58 - 002086400 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2018-10-11 14:48 - 2018-09-23 05:57 - 003182080 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2018-10-11 14:48 - 2018-09-23 05:56 - 002785280 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2018-10-11 14:48 - 2018-09-23 05:56 - 000462336 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhext.dll
2018-10-11 14:48 - 2018-09-23 05:55 - 000259072 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srvnet.sys
2018-10-11 14:48 - 2018-09-23 05:53 - 000088576 _____ (Microsoft Corporation) C:\WINDOWS\system32\EnterpriseDesktopAppMgmtCSP.dll
2018-10-11 14:48 - 2018-09-15 06:09 - 021356936 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2018-10-11 14:48 - 2018-09-15 05:25 - 020290152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2018-10-11 14:48 - 2018-08-31 03:15 - 001254184 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvix64.exe
2018-10-11 14:48 - 2018-08-31 03:14 - 001069032 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvax64.exe
2018-10-11 14:48 - 2018-08-31 03:14 - 000600872 _____ (Microsoft Corporation) C:\WINDOWS\system32\securekernel.exe
2018-10-11 14:48 - 2018-08-31 03:14 - 000077096 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hvservice.sys
2018-10-11 14:48 - 2018-08-31 03:13 - 001463424 _____ (Microsoft Corporation) C:\WINDOWS\system32\msctf.dll
2018-10-11 14:48 - 2018-08-31 03:13 - 000078304 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvloader.dll
2018-10-11 14:48 - 2018-08-31 03:10 - 000649376 _____ (Microsoft Corporation) C:\WINDOWS\system32\advapi32.dll
2018-10-11 14:48 - 2018-08-31 03:10 - 000465512 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcryptprimitives.dll
2018-10-11 14:48 - 2018-08-31 03:09 - 003077272 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreUIComponents.dll
2018-10-11 14:48 - 2018-08-31 03:09 - 000898288 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreMessaging.dll
2018-10-11 14:48 - 2018-08-31 03:08 - 000371496 _____ (Microsoft Corporation) C:\WINDOWS\system32\sechost.dll
2018-10-11 14:48 - 2018-08-31 03:07 - 001044976 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecConfig.efi
2018-10-11 14:48 - 2018-08-31 03:05 - 000980448 _____ (Microsoft Corporation) C:\WINDOWS\system32\LicenseManager.dll
2018-10-11 14:48 - 2018-08-31 03:04 - 000677368 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2018-10-11 14:48 - 2018-08-31 03:03 - 007385176 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2018-10-11 14:48 - 2018-08-31 03:02 - 001055704 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvproc.dll
2018-10-11 14:48 - 2018-08-31 03:02 - 000712200 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVideoDSP.dll
2018-10-11 14:48 - 2018-08-31 03:01 - 000204264 _____ (Microsoft Corporation) C:\WINDOWS\system32\basecsp.dll
2018-10-11 14:48 - 2018-08-31 02:31 - 001323408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msctf.dll
2018-10-11 14:48 - 2018-08-31 02:30 - 000566736 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CoreMessaging.dll
2018-10-11 14:48 - 2018-08-31 02:19 - 000481552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\advapi32.dll
2018-10-11 14:48 - 2018-08-31 02:18 - 002316440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CoreUIComponents.dll
2018-10-11 14:48 - 2018-08-31 02:17 - 000268536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sechost.dll
2018-10-11 14:48 - 2018-08-31 02:15 - 000749864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LicenseManager.dll
2018-10-11 14:48 - 2018-08-31 02:14 - 000353936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\bcryptprimitives.dll
2018-10-11 14:48 - 2018-08-31 02:12 - 006482264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
2018-10-11 14:48 - 2018-08-31 02:12 - 001059248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvproc.dll
2018-10-11 14:48 - 2018-08-31 02:11 - 000180720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\basecsp.dll
2018-10-11 14:48 - 2018-08-31 01:54 - 003490816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UIRibbon.dll
2018-10-11 14:48 - 2018-08-31 01:53 - 000584192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UIRibbonRes.dll
2018-10-11 14:48 - 2018-08-31 01:53 - 000466432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UiaManager.dll
2018-10-11 14:48 - 2018-08-31 01:51 - 000150528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\itss.dll
2018-10-11 14:48 - 2018-08-31 01:51 - 000084992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\INETRES.dll
2018-10-11 14:48 - 2018-08-31 01:50 - 003995136 _____ (Microsoft Corporation) C:\WINDOWS\system32\UIRibbon.dll
2018-10-11 14:48 - 2018-08-31 01:50 - 000704000 _____ (Microsoft Corporation) C:\WINDOWS\system32\UiaManager.dll
2018-10-11 14:48 - 2018-08-31 01:50 - 000584192 _____ (Microsoft Corporation) C:\WINDOWS\system32\UIRibbonRes.dll
2018-10-11 14:48 - 2018-08-31 01:50 - 000530944 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatehandlers.dll
2018-10-11 14:48 - 2018-08-31 01:50 - 000084480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppCapture.dll
2018-10-11 14:48 - 2018-08-31 01:49 - 000235520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\scksp.dll
2018-10-11 14:48 - 2018-08-31 01:49 - 000132608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.XamlHost.dll
2018-10-11 14:48 - 2018-08-31 01:48 - 000452608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TileDataRepository.dll
2018-10-11 14:48 - 2018-08-31 01:47 - 000773120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll
2018-10-11 14:48 - 2018-08-31 01:47 - 000547840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cryptui.dll
2018-10-11 14:48 - 2018-08-31 01:47 - 000420352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winspool.drv
2018-10-11 14:48 - 2018-08-31 01:47 - 000406016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\schannel.dll
2018-10-11 14:48 - 2018-08-31 01:47 - 000344064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2018-10-11 14:48 - 2018-08-31 01:47 - 000172032 _____ (Microsoft Corporation) C:\WINDOWS\system32\itss.dll
2018-10-11 14:48 - 2018-08-31 01:47 - 000101376 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppCapture.dll
2018-10-11 14:48 - 2018-08-31 01:47 - 000085504 _____ (Microsoft Corporation) C:\WINDOWS\system32\INETRES.dll
2018-10-11 14:48 - 2018-08-31 01:46 - 006588416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll
2018-10-11 14:48 - 2018-08-31 01:46 - 000886784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\bcastdvr.exe
2018-10-11 14:48 - 2018-08-31 01:45 - 000625152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SmartcardCredentialProvider.dll
2018-10-11 14:48 - 2018-08-31 01:45 - 000107520 _____ (Microsoft Corporation) C:\WINDOWS\system32\dab.dll
2018-10-11 14:48 - 2018-08-31 01:44 - 000268288 _____ (Microsoft Corporation) C:\WINDOWS\system32\ubpm.dll
2018-10-11 14:48 - 2018-08-31 01:44 - 000256000 _____ (Microsoft Corporation) C:\WINDOWS\system32\scksp.dll
2018-10-11 14:48 - 2018-08-31 01:44 - 000167936 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.XamlHost.dll
2018-10-11 14:48 - 2018-08-31 01:43 - 005388800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aclui.dll
2018-10-11 14:48 - 2018-08-31 01:43 - 001113600 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcastdvr.exe
2018-10-11 14:48 - 2018-08-31 01:43 - 000592384 _____ (Microsoft Corporation) C:\WINDOWS\system32\cryptui.dll
2018-10-11 14:48 - 2018-08-31 01:43 - 000571392 _____ (Microsoft Corporation) C:\WINDOWS\system32\TileDataRepository.dll
2018-10-11 14:48 - 2018-08-31 01:42 - 000897024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll
2018-10-11 14:48 - 2018-08-31 01:42 - 000602624 _____ (Microsoft Corporation) C:\WINDOWS\system32\ipnathlp.dll
2018-10-11 14:48 - 2018-08-31 01:42 - 000476160 _____ (Microsoft Corporation) C:\WINDOWS\system32\schannel.dll
2018-10-11 14:48 - 2018-08-31 01:41 - 005500928 _____ (Microsoft Corporation) C:\WINDOWS\system32\aclui.dll
2018-10-11 14:48 - 2018-08-31 01:41 - 000945152 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
2018-10-11 14:48 - 2018-08-31 01:41 - 000930816 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasmans.dll
2018-10-11 14:48 - 2018-08-31 01:41 - 000898560 _____ (Microsoft Corporation) C:\WINDOWS\system32\SmartcardCredentialProvider.dll
2018-10-11 14:48 - 2018-08-31 01:41 - 000532480 _____ (Microsoft Corporation) C:\WINDOWS\system32\winspool.drv
2018-10-11 14:48 - 2018-08-31 01:41 - 000421376 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpshell.exe
2018-10-11 14:48 - 2018-08-31 01:41 - 000320512 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpinit.exe
2018-10-11 14:48 - 2018-08-31 01:40 - 000985600 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll
2018-10-11 14:48 - 2018-08-31 01:39 - 008042496 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll
2018-10-11 14:48 - 2018-08-31 01:39 - 001342976 _____ (Microsoft Corporation) C:\WINDOWS\system32\dosvc.dll
2018-10-11 14:48 - 2018-08-31 01:39 - 000401920 _____ (Microsoft Corporation) C:\WINDOWS\system32\rascustom.dll
2018-10-11 14:48 - 2018-08-31 01:38 - 001081856 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngcsvc.dll
2018-10-11 14:48 - 2018-08-31 01:37 - 000715776 _____ (Microsoft Corporation) C:\WINDOWS\system32\winlogon.exe
2018-10-11 14:48 - 2018-08-31 01:31 - 000146432 _____ (Microsoft Corporation) C:\WINDOWS\system32\MDMAppInstaller.exe
2018-10-11 14:42 - 2018-10-11 14:42 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox
2018-10-09 13:53 - 2018-10-09 13:53 - 000051024 _____ (Dropbox, Inc.) C:\WINDOWS\system32\DbxSvc.exe
2018-10-09 13:53 - 2018-10-09 13:53 - 000050232 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-dev.sys
2018-10-09 13:53 - 2018-10-09 13:53 - 000050232 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-canary.sys
2018-10-09 13:53 - 2018-10-09 13:53 - 000045640 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-stable.sys
2018-10-03 22:14 - 2018-10-03 22:15 - 000000000 ____D C:\Users\Daniel\Desktop\belege_03.10.2018_22_13
2018-10-03 22:13 - 2018-10-03 22:13 - 000527705 _____ C:\Users\Daniel\Downloads\belege_03.10.2018_22_13.zip
2018-10-03 21:58 - 2018-10-03 21:58 - 000142466 _____ C:\Users\Daniel\Downloads\belege_03.10.2018_21_58.zip
2018-09-17 22:30 - 2018-09-17 22:31 - 001596841 _____ C:\Users\Daniel\Downloads\wgidataset.xlsx
==================== Ein Monat: Geänderte Dateien und Ordner ========
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)
2018-10-16 18:09 - 2017-01-14 18:11 - 000000000 ____D C:\Users\Daniel\AppData\LocalLow\Mozilla
2018-10-16 18:02 - 2017-11-29 11:18 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2018-10-16 17:23 - 2018-04-23 12:53 - 000000000 ____D C:\ProgramData\switcher-7
2018-10-16 11:57 - 2017-11-29 11:30 - 004548656 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2018-10-16 11:57 - 2017-09-30 16:35 - 002272712 _____ C:\WINDOWS\system32\perfh007.dat
2018-10-16 11:57 - 2017-09-30 16:35 - 000573182 _____ C:\WINDOWS\system32\perfc007.dat
2018-10-16 11:57 - 2017-09-29 15:46 - 000000000 ___HD C:\Program Files\WindowsApps
2018-10-16 11:57 - 2017-09-29 15:46 - 000000000 ____D C:\WINDOWS\DeliveryOptimization
2018-10-16 11:57 - 2017-09-29 15:46 - 000000000 ____D C:\WINDOWS\AppReadiness
2018-10-16 11:56 - 2017-11-29 11:29 - 000003952 _____ C:\WINDOWS\System32\Tasks\Opera scheduled Autoupdate 1485943771
2018-10-16 11:56 - 2017-06-29 15:50 - 000000700 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera-Browser.lnk
2018-10-16 11:55 - 2017-09-29 15:37 - 000000000 ____D C:\WINDOWS\CbsTemp
2018-10-16 11:50 - 2017-11-29 11:29 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2018-10-16 11:50 - 2017-01-14 17:41 - 000000000 ____D C:\ProgramData\NVIDIA
2018-10-16 11:50 - 2017-01-14 17:35 - 000000000 __SHD C:\Users\Daniel\IntelGraphicsProfiles
2018-10-15 20:26 - 2017-09-29 10:45 - 000524288 _____ C:\WINDOWS\system32\config\BBI
2018-10-15 19:19 - 2017-02-11 19:41 - 000000000 ____D C:\Users\Daniel\Documents\Citavi 5
2018-10-15 18:47 - 2017-09-29 15:46 - 000000000 ____D C:\WINDOWS\rescache
2018-10-15 09:53 - 2018-07-30 03:48 - 000000000 ____D C:\ProgramData\ja
2018-10-15 09:47 - 2017-11-29 11:23 - 000000000 ____D C:\Users\Daniel
2018-10-15 09:25 - 2017-11-29 11:23 - 000000000 ____D C:\Users\Daniel\AppData\Local\Packages
2018-10-15 09:24 - 2017-09-29 15:44 - 000000000 ____D C:\WINDOWS\INF
2018-10-13 07:28 - 2017-09-29 15:46 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2018-10-13 07:25 - 2017-01-15 16:01 - 000000000 ____D C:\Program Files (x86)\Microsoft Office
2018-10-11 19:52 - 2017-11-29 11:31 - 000000000 ___RD C:\Users\Daniel\3D Objects
2018-10-11 19:52 - 2017-11-29 11:18 - 000391624 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2018-10-11 19:52 - 2017-01-14 17:33 - 000000000 __RHD C:\Users\Public\AccountPictures
2018-10-11 15:03 - 2017-09-29 15:46 - 000000000 ____D C:\WINDOWS\TextInput
2018-10-11 15:03 - 2017-09-29 15:46 - 000000000 ____D C:\WINDOWS\system32\appraiser
2018-10-11 15:02 - 2017-09-29 15:46 - 000000000 ____D C:\WINDOWS\ShellExperiences
2018-10-11 15:02 - 2017-09-29 15:46 - 000000000 ____D C:\WINDOWS\bcastdvr
2018-10-11 15:02 - 2017-09-29 15:46 - 000000000 ____D C:\Program Files\Windows Photo Viewer
2018-10-11 15:02 - 2017-09-29 15:46 - 000000000 ____D C:\Program Files (x86)\Windows Photo Viewer
2018-10-11 14:52 - 2017-01-14 18:19 - 136745976 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2018-10-11 14:52 - 2017-01-14 18:19 - 000000000 ____D C:\WINDOWS\system32\MRT
2018-10-11 14:42 - 2017-01-14 19:53 - 000000000 ____D C:\Program Files (x86)\Dropbox
2018-10-10 17:06 - 2017-02-13 00:40 - 000000000 ____D C:\Users\Daniel\AppData\LocalLow\Adobe
2018-10-09 15:18 - 2017-11-29 11:29 - 000004562 _____ C:\WINDOWS\System32\Tasks\Adobe Acrobat Update Task
2018-10-09 15:18 - 2017-02-13 00:29 - 000002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2018-10-02 21:57 - 2018-07-16 18:10 - 000835152 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2018-10-02 21:57 - 2018-07-16 18:10 - 000179792 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2018-09-28 19:16 - 2017-01-14 19:53 - 000001246 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskMachineUA.job
2018-09-28 19:16 - 2017-01-14 19:53 - 000001242 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskMachineCore.job
2018-09-26 11:03 - 2018-08-22 09:15 - 000000000 ____D C:\Users\Daniel\AppData\Local\ElevatedDiagnostics
2018-09-23 15:25 - 2017-11-29 11:29 - 000004306 _____ C:\WINDOWS\System32\Tasks\DropboxUpdateTaskMachineUA
2018-09-23 15:25 - 2017-11-29 11:29 - 000004074 _____ C:\WINDOWS\System32\Tasks\DropboxUpdateTaskMachineCore
==================== Dateien im Wurzelverzeichnis einiger Verzeichnisse =======
2017-03-11 20:56 - 2017-03-11 21:12 - 000030159 _____ () C:\Users\Daniel\AppData\Roaming\Durch Trennzeichen getrennte Werte.ADR
2017-02-17 23:49 - 2018-04-11 12:40 - 000458752 _____ () C:\Users\Daniel\AppData\Local\WebpageIcons.db
==================== Bamital & volsnap ======================
(Es ist kein automatischer Fix für Dateien vorhanden, die an der Verifikation gescheitert sind.)
C:\WINDOWS\system32\winlogon.exe => Datei ist digital signiert
C:\WINDOWS\system32\wininit.exe => Datei ist digital signiert
C:\WINDOWS\explorer.exe => Datei ist digital signiert
C:\WINDOWS\SysWOW64\explorer.exe => Datei ist digital signiert
C:\WINDOWS\system32\svchost.exe => Datei ist digital signiert
C:\WINDOWS\SysWOW64\svchost.exe => Datei ist digital signiert
C:\WINDOWS\system32\services.exe => Datei ist digital signiert
C:\WINDOWS\system32\User32.dll => Datei ist digital signiert
C:\WINDOWS\SysWOW64\User32.dll => Datei ist digital signiert
C:\WINDOWS\system32\userinit.exe => Datei ist digital signiert
C:\WINDOWS\SysWOW64\userinit.exe => Datei ist digital signiert
C:\WINDOWS\system32\rpcss.dll => Datei ist digital signiert
C:\WINDOWS\system32\dnsapi.dll => Datei ist digital signiert
C:\WINDOWS\SysWOW64\dnsapi.dll => Datei ist digital signiert
C:\WINDOWS\system32\Drivers\volsnap.sys => Datei ist digital signiert
LastRegBack: 2018-10-15 18:46
==================== Ende von FRST.txt ============================
Ich benötige Hilfe beim Entfernen des Trojaners. Zudem war an dem befallenen PC ein USB Stick, der dann noch an anderen PCs (Mac und Windows) gesteckt hat. Ist hier nun etwas zu tun bzw. muss ich mir Sorgen machen? Vielen Dank bereits jetzt! DaWassi |
|
16.10.2018, 19:55
| #2 |
| | Trojaner "Trojan.Nymaim", Win 10 Education Teil 2 Und hier noch der Addition log (konnte es nicht im vorherigen Beitrag unterbringen, da zu viele Zeichen. Soweit ich es richtig verstanden habe, ist dies in einem neuem Beitrag und nicht in einer Antwort unter dem alten Post zu veröffentlichen):
__________________Code:
ATTFilter Zusätzliches Untersuchungsergebnis von Farbar Recovery Scan Tool (x64) Version: 10.10.2018
durchgeführt von Daniel (16-10-2018 18:30:43)
Gestartet von C:\Users\Daniel\Downloads
Windows 10 Education Version 1709 16299.726 (X64) (2017-11-29 09:31:17)
Start-Modus: Normal
==========================================================
==================== Konten: =============================
Administrator (S-1-5-21-3005747062-139439454-937356164-500 - Administrator - Disabled)
Daniel (S-1-5-21-3005747062-139439454-937356164-1001 - Administrator - Enabled) => C:\Users\Daniel
DefaultAccount (S-1-5-21-3005747062-139439454-937356164-503 - Limited - Disabled)
defaultuser0 (S-1-5-21-3005747062-139439454-937356164-1000 - Limited - Disabled) => C:\Users\defaultuser0
Gast (S-1-5-21-3005747062-139439454-937356164-501 - Limited - Disabled)
WDAGUtilityAccount (S-1-5-21-3005747062-139439454-937356164-504 - Limited - Disabled)
==================== Sicherheits-Center ========================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er entfernt.)
AV: Avira Antivirus (Enabled - Up to date) {B3F630BD-538D-1B4A-14FA-14B63235278F}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Malwarebytes (Enabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B}
AS: Avira Antivirus (Enabled - Up to date) {0897D159-75B7-14C4-2E4A-2FC449B26D32}
AS: Malwarebytes (Enabled - Up to date) {98619B37-4FC4-67F2-1C99-EEF6D47DBD96}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installierte Programme ======================
(Nur Adware-Programme mit dem Zusatz "Hidden" können in die Fixlist aufgenommen werden, um sie sichtbar zu machen. Die Adware-Programme sollten manuell deinstalliert werden.)
7-Zip 16.04 (x64) (HKLM\...\7-Zip) (Version: 16.04 - Igor Pavlov)
Adobe Acrobat Reader DC - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AC0F074E4100}) (Version: 19.008.20074 - Adobe Systems Incorporated)
Adobe Flash Player 28 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 28.0.0.137 - Adobe Systems Incorporated)
Apple Application Support (32-Bit) (HKLM-x32\...\{9BA1A894-B42F-4805-BC8C-349C905A3930}) (Version: 5.3.1 - Apple Inc.)
Apple Application Support (64-Bit) (HKLM\...\{7EAC8A42-9FAC-4F6B-AABF-C08C9F2E0F13}) (Version: 5.3.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{55BB2110-FB43-49B3-93F4-945A0CFB0A6C}) (Version: 10.0.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{56EC47AA-5813-4FF6-8E75-544026FBEA83}) (Version: 2.2.0.150 - Apple Inc.)
Avira (HKLM-x32\...\{532da46c-2aa3-4588-a4a2-b02bc641bf95}) (Version: 1.2.119.17994 - Avira Operations GmbH & Co. KG)
Avira (HKLM-x32\...\{9620D4C2-CF5B-4DBE-8103-CC9DAB0871C6}) (Version: 1.2.119.17994 - Avira Operations GmbH & Co. KG) Hidden
Avira Antivirus (HKLM-x32\...\Avira Antivirus) (Version: 15.0.40.12 - Avira Operations GmbH & Co. KG)
AVS Document Converter 2.2.5 (HKLM-x32\...\AVS Document Converter_is1) (Version: 2.2.5.218 - Online Media Technologies Ltd.)
Backup and Sync from Google (HKLM\...\{AEFBDB5B-899F-4AE6-B789-BA56A652A476}) (Version: 3.42.9858.3671 - Google, Inc.)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
Canon IJ Network Scan Utility (HKLM-x32\...\Canon_IJ_Network_Scan_UTILITY) (Version: - )
Canon IJ Network Tool (HKLM-x32\...\Canon_IJ_Network_UTILITY) (Version: 3.1.1 - Canon Inc.)
Canon MG5200 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG5200_series) (Version: - Canon Inc.)
Canon MP Navigator EX 4.0 (HKLM-x32\...\MP Navigator EX 4.0) (Version: - )
CDBurnerXP (HKLM-x32\...\{7E265513-8CDA-4631-B696-F40D983F3B07}_is1) (Version: 4.5.7.6521 - CDBurnerXP)
Cisco AnyConnect Secure Mobility Client (HKLM-x32\...\Cisco AnyConnect Secure Mobility Client) (Version: 3.1.14018 - Cisco Systems, Inc.)
Cisco AnyConnect Secure Mobility Client (HKLM-x32\...\{C706092D-491F-4D29-BB49-FF7B47CD12F2}) (Version: 3.1.14018 - Cisco Systems, Inc.) Hidden
Citavi 5 (HKLM-x32\...\{7EB278FB-0C3C-445E-8665-4A6CDD9B794E}) (Version: 5.4.0.2 - Swiss Academic Software)
DAEMON Tools Lite (HKLM\...\DAEMON Tools Lite) (Version: 10.5.1.0230 - Disc Soft Ltd)
Dolby Audio X2 Windows API SDK (HKLM\...\{2A027A37-B09B-44FB-B1C9-2DD6BA0014E8}) (Version: 0.7.2.61 - Dolby Laboratories, Inc.)
Dolby Audio X2 Windows APP (HKLM\...\{D765CF7F-14F9-4C80-B06C-10E68F10EBCC}) (Version: 0.7.2.62 - Dolby Laboratories, Inc.)
Dropbox (HKLM-x32\...\Dropbox) (Version: 59.4.93 - Dropbox, Inc.)
Dropbox Update Helper (HKLM-x32\...\{099218A5-A723-43DC-8DB5-6173656A1E94}) (Version: 1.3.141.1 - Dropbox, Inc.) Hidden
Event Study Metrics (HKLM-x32\...\{C002AFAF-27A7-44E9-BE6B-8C659CA2121E}) (Version: 1.21 - Event Study Metrics UG (haftungsbeschränkt))
Event Study Metrics (HKLM-x32\...\{F0392FF4-8A93-4031-9801-3DFEC1B7D806}) (Version: 1.2 - Event Study Metrics UG (haftungsbeschränkt))
EViews 10 (HKLM-x32\...\{BB4E3FEC-00C9-41E2-9E3F-69A1B3B1E7FE}) (Version: 10.00.0000 - IHS Markit) Hidden
EViews 10 (HKLM-x32\...\InstallShield_{BB4E3FEC-00C9-41E2-9E3F-69A1B3B1E7FE}) (Version: 10.00.0000 - IHS Markit)
EViews 9 Student Version (HKLM-x32\...\{FCCFC807-3AE8-4E9B-BA91-671D4D48BAF9}) (Version: 9.00.0000 - IHS Global Inc.) Hidden
EViews 9 Student Version (HKLM-x32\...\InstallShield_{FCCFC807-3AE8-4E9B-BA91-671D4D48BAF9}) (Version: 9.00.0000 - IHS Global Inc.)
FlashFXP 5 (HKLM-x32\...\FlashFXP 5) (Version: 5.4.0.3970 - OpenSight Software LLC)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.17 - Google Inc.) Hidden
hide.me VPN 1.2.12 (HKLM-x32\...\{0E00BDA5-7998-4889-BE4B-39A4BBD2EDFB}_is1) (Version: 1.2.12 - eVenture Limited)
IBM SPSS Statistics 23 (HKLM\...\{C3BA73A4-2A45-4036-8541-4F5F8146078B}) (Version: 23.0.0.0 - IBM Corp)
iDevice Manager (HKLM-x32\...\FE5AE7DC-7B01-4263-A94C-B4526C276550_is1) (Version: 7.1.1.0 - Marx Software)
iExplorer (HKU\S-1-5-21-3005747062-139439454-937356164-1001\...\262f11f6ff148a12) (Version: 4.0.4.0 - Macroplant LLC)
iExplorer (HKU\S-1-5-21-3005747062-139439454-937356164-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-10162018115150011\...\262f11f6ff148a12) (Version: 4.0.4.0 - Macroplant LLC)
iExplorer (HKU\S-1-5-21-3005747062-139439454-937356164-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-10162018115227592\...\262f11f6ff148a12) (Version: 4.0.4.0 - Macroplant LLC)
iExplorer (HKU\S-1-5-21-3005747062-139439454-937356164-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-10162018115419187\...\262f11f6ff148a12) (Version: 4.0.4.0 - Macroplant LLC)
iExplorer (HKU\S-1-5-21-3005747062-139439454-937356164-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-10162018115856319\...\262f11f6ff148a12) (Version: 4.0.4.0 - Macroplant LLC)
iExplorer (HKU\S-1-5-21-3005747062-139439454-937356164-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-10162018171924902\...\262f11f6ff148a12) (Version: 4.0.4.0 - Macroplant LLC)
iExplorer 3.9.11.0 (HKLM-x32\...\{7FD8B0C1-CDDA-4B4D-A577-B2E3570EA3A3}_is1) (Version: - Macroplant LLC)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 21.20.16.4727 - Intel Corporation)
iTunes (HKLM\...\{9D0D2A8B-7E7B-4D88-8D50-24286ED6A5EB}) (Version: 12.5.5.5 - Apple Inc.)
Java 8 Update 181 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F64180181F0}) (Version: 8.0.1810.13 - Oracle Corporation)
Lenovo Power Management Driver (HKLM\...\Power Management Driver) (Version: 1.67.12.19 - Lenovo) Hidden
MagentaCLOUD Software (HKLM-x32\...\{C1E2C460-C926-4CF2-94D3-5B6D03B065B2}) (Version: 5.5.1.0 - Deutsche Telekom AG)
Malwarebytes Version 3.6.1.2711 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.6.1.2711 - Malwarebytes)
Manager (HKLM-x32\...\{38251B9A-C44B-42D9-9A6A-0697986E334A}) (Version: 4.1.4.27792 - 2015 pdfforge GmbH. All rights reserved) Hidden
MATLAB R2016b (HKLM\...\Matlab R2016b) (Version: 9.1 - MathWorks)
Microsoft Office 365 ProPlus - de-de (HKLM\...\O365ProPlusRetail - de-de) (Version: 16.0.10827.20150 - Microsoft Corporation)
Microsoft OneDrive (HKU\.DEFAULT\...\OneDriveSetup.exe) (Version: 17.3.6743.1212 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24210 (HKLM-x32\...\{23658c02-145e-483d-ba6b-1eb82c580529}) (Version: 14.0.24210.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.40303 - Microsoft Corporation)
Microsoft Visual Studio 2010-Tools für Office-Laufzeit (x64) Language Pack - DEU (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - DEU) (Version: 10.0.40303 - Microsoft Corporation)
Mozilla Firefox 50.1.0 (x86 de) (HKLM-x32\...\Mozilla Firefox 50.1.0 (x86 de)) (Version: 50.1.0 - Mozilla)
Mozilla Firefox 62.0.3 (x64 de) (HKU\S-1-5-21-3005747062-139439454-937356164-1001\...\Mozilla Firefox 62.0.3 (x64 de)) (Version: 62.0.3 - Mozilla)
Mozilla Firefox 62.0.3 (x64 de) (HKU\S-1-5-21-3005747062-139439454-937356164-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-10162018115150011\...\Mozilla Firefox 62.0.3 (x64 de)) (Version: 62.0.3 - Mozilla)
Mozilla Firefox 62.0.3 (x64 de) (HKU\S-1-5-21-3005747062-139439454-937356164-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-10162018115227592\...\Mozilla Firefox 62.0.3 (x64 de)) (Version: 62.0.3 - Mozilla)
Mozilla Firefox 62.0.3 (x64 de) (HKU\S-1-5-21-3005747062-139439454-937356164-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-10162018115419187\...\Mozilla Firefox 62.0.3 (x64 de)) (Version: 62.0.3 - Mozilla)
Mozilla Firefox 62.0.3 (x64 de) (HKU\S-1-5-21-3005747062-139439454-937356164-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-10162018115856319\...\Mozilla Firefox 62.0.3 (x64 de)) (Version: 62.0.3 - Mozilla)
Mozilla Firefox 62.0.3 (x64 de) (HKU\S-1-5-21-3005747062-139439454-937356164-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-10162018171924902\...\Mozilla Firefox 62.0.3 (x64 de)) (Version: 62.0.3 - Mozilla)
NVIDIA Update 10.4.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 10.4.0 - NVIDIA Corporation)
Office 16 Click-to-Run Extensibility Component (HKLM-x32\...\{90160000-008C-0000-0000-0000000FF1CE}) (Version: 16.0.10827.20150 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Extensibility Component 64-bit Registration (HKLM\...\{90160000-00DD-0000-1000-0000000FF1CE}) (Version: 16.0.10827.20150 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-008F-0000-1000-0000000FF1CE}) (Version: 16.0.10827.20150 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM-x32\...\{90160000-008C-0407-0000-0000000FF1CE}) (Version: 16.0.10827.20150 - Microsoft Corporation) Hidden
Opera Stable 56.0.3051.43 (HKLM-x32\...\Opera 56.0.3051.43) (Version: 56.0.3051.43 - Opera Software)
PDF Architect 4 (HKLM-x32\...\PDF Architect 4) (Version: 4.0.34.26215 - pdfforge GmbH)
PDF Architect 4 Create Module (HKLM\...\{72B9DF2C-76FA-40B5-A469-16EAB159CE72}) (Version: 4.1.5.29097 - pdfforge GmbH) Hidden
PDF Architect 4 Edit Module (HKLM\...\{BDF7326B-7ED4-4034-B867-F4E88D4E628B}) (Version: 4.1.5.29097 - pdfforge GmbH) Hidden
PDF Architect 4 View Module (HKLM\...\{03E04B47-9270-4613-8D7E-DA4AD2B259A0}) (Version: 4.1.5.29097 - pdfforge GmbH) Hidden
PDFCreator (HKLM\...\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}) (Version: 2.4.1 - pdfforge GmbH)
R for Windows 3.3.2 (HKLM\...\R for Windows 3.3.2_is1) (Version: 3.3.2 - R Core Team)
R for Windows 3.4.4 (HKLM\...\R for Windows 3.4.4_is1) (Version: 3.4.4 - R Core Team)
RStudio (HKLM-x32\...\RStudio) (Version: 1.1.442 - RStudio)
Sigil 0.9.7 (HKLM-x32\...\Sigil_is1) (Version: - Sigil-Ebook)
Skype™ 7.32 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.32.104 - Skype Technologies S.A.)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
TeamViewer 13 (HKLM-x32\...\TeamViewer) (Version: 13.2.14327 - TeamViewer)
VdhCoApp 1.1.3 (HKLM\...\weh-iss-net.downloadhelper.coapp_is1) (Version: - DownloadHelper)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.4 - VideoLAN)
Vulkan Run Time Libraries 1.0.33.0 (HKLM\...\VulkanRT1.0.33.0) (Version: 1.0.33.0 - LunarG, Inc.) Hidden
Vulkan Run Time Libraries 1.0.33.0 (HKLM\...\VulkanRT1.0.33.0-2) (Version: 1.0.33.0 - LunarG, Inc.) Hidden
Vulkan Run Time Libraries 1.0.33.0 (HKLM\...\VulkanRT1.0.33.0-3) (Version: 1.0.33.0 - LunarG, Inc.)
Vulkan Run Time Libraries 1.0.42.1 (HKLM\...\VulkanRT1.0.42.1) (Version: 1.0.42.1 - LunarG, Inc.)
Winamp (HKLM-x32\...\Winamp) (Version: 5.666 - Nullsoft, Inc)
Windows 7 USB/DVD Download Tool (HKLM-x32\...\{CCF298AF-9CE1-4B26-B251-486E98A34789}) (Version: 1.0.30 - Microsoft Corporation)
Winmail Opener 1.6 (HKLM-x32\...\Winmail Opener) (Version: 1.6 - Eolsoft)
WinRAR 5.40 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 5.40.0 - win.rar GmbH)
XY Chart Labeler 7.1 (HKLM-x32\...\XY Chart Labeler 7.1) (Version: - )
==================== Benutzerdefinierte CLSID (Nicht auf der Ausnahmeliste): ==========================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
CustomCLSID: HKU\S-1-5-21-3005747062-139439454-937356164-1001_Classes\CLSID\{1BF42E4C-4AF4-4CFD-A1A0-CF2960B8F63E}\InprocServer32 -> C:\Users\Daniel\AppData\Local\Microsoft\OneDrive\17.3.6816.0313\amd64\FileSyncShell64.dll => Keine Datei
CustomCLSID: HKU\S-1-5-21-3005747062-139439454-937356164-1001_Classes\CLSID\{7AFDFDDB-F914-11E4-8377-6C3BE50D980C}\InprocServer32 -> C:\Users\Daniel\AppData\Local\Microsoft\OneDrive\17.3.6816.0313\amd64\FileSyncShell64.dll => Keine Datei
CustomCLSID: HKU\S-1-5-21-3005747062-139439454-937356164-1001_Classes\CLSID\{82CA8DE3-01AD-4CEA-9D75-BE4C51810A9E}\InprocServer32 -> C:\Users\Daniel\AppData\Local\Microsoft\OneDrive\17.3.6816.0313\amd64\FileSyncShell64.dll => Keine Datei
ShellIconOverlayIdentifiers: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => -> Keine Datei
ShellIconOverlayIdentifiers: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => -> Keine Datei
ShellIconOverlayIdentifiers: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => -> Keine Datei
ShellIconOverlayIdentifiers: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => -> Keine Datei
ShellIconOverlayIdentifiers: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => -> Keine Datei
ShellIconOverlayIdentifiers: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} => -> Keine Datei
ShellIconOverlayIdentifiers: [ MagentaOverlayIconCheck] -> {1304aef5-c945-357c-99e4-d66e65db66cf} => C:\WINDOWS\system32\mscoree.dll [2017-09-29] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ MagentaOverlayIconError] -> {1d6f582c-f7a7-32d5-8c27-71ff7bb1f64c} => C:\WINDOWS\system32\mscoree.dll [2017-09-29] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ MagentaOverlayIconSync] -> {87b816a5-bd92-3f6b-bce0-c3a42490672d} => C:\WINDOWS\system32\mscoree.dll [2017-09-29] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.25.0.dll [2018-10-09] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.25.0.dll [2018-10-09] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.25.0.dll [2018-10-09] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.25.0.dll [2018-10-09] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.25.0.dll [2018-10-09] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.25.0.dll [2018-10-09] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.25.0.dll [2018-10-09] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.25.0.dll [2018-10-09] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.25.0.dll [2018-10-09] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.25.0.dll [2018-10-09] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files\Google\Drive\googledrivesync64.dll [2018-05-30] (Google)
ShellIconOverlayIdentifiers: [ GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files\Google\Drive\googledrivesync64.dll [2018-05-30] (Google)
ShellIconOverlayIdentifiers: [ GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files\Google\Drive\googledrivesync64.dll [2018-05-30] (Google)
ShellIconOverlayIdentifiers-x32: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => -> Keine Datei
ShellIconOverlayIdentifiers-x32: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => -> Keine Datei
ShellIconOverlayIdentifiers-x32: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => -> Keine Datei
ShellIconOverlayIdentifiers-x32: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => -> Keine Datei
ShellIconOverlayIdentifiers-x32: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => -> Keine Datei
ShellIconOverlayIdentifiers-x32: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} => -> Keine Datei
ShellIconOverlayIdentifiers-x32: [ DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.25.0.dll [2018-10-09] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.25.0.dll [2018-10-09] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.25.0.dll [2018-10-09] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.25.0.dll [2018-10-09] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.25.0.dll [2018-10-09] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.25.0.dll [2018-10-09] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.25.0.dll [2018-10-09] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.25.0.dll [2018-10-09] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.25.0.dll [2018-10-09] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.25.0.dll [2018-10-09] (Dropbox, Inc.)
ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => D:\7Zip\7-zip.dll [2016-10-04] (Igor Pavlov)
ContextMenuHandlers1: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.25.0.dll [2018-10-09] (Dropbox, Inc.)
ContextMenuHandlers1: [GDContextMenu] -> {BB02B294-8425-42E5-983F-41A1FA970CD6} => C:\Program Files\Google\Drive\contextmenu64.dll [2018-05-30] (Google)
ContextMenuHandlers1: [MagentaCopyExtension] -> {58b099b1-34e1-32dc-9845-ac9e9ccb6879} => C:\WINDOWS\system32\mscoree.dll [2017-09-29] (Microsoft Corporation)
ContextMenuHandlers1: [MagentaShareExtension] -> {f516de71-db37-311e-85e4-c899417e6948} => C:\WINDOWS\system32\mscoree.dll [2017-09-29] (Microsoft Corporation)
ContextMenuHandlers1: [PDFArchitect4_ManagerExt] -> {3AECFCB3-8472-48E9-BC7B-5A3CD945C886} => C:\Program Files\PDF Architect 4\creator-context-menu.dll [2016-08-05] (pdfforge GmbH)
ContextMenuHandlers1: [Shell Extension for Malware scanning] -> {45AC2688-0253-4ED8-97DE-B5370FA7D48A} => C:\Program Files (x86)\Avira\Antivirus\shlext64.dll [2018-09-04] (Avira Operations GmbH & Co. KG)
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => D:\Winrar\rarext.dll [2016-08-15] (Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => D:\Winrar\rarext32.dll [2016-08-15] (Alexander Roshal)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => D:\Anti-Malware\mbshlext.dll [2018-09-19] (Malwarebytes)
ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => D:\7Zip\7-zip.dll [2016-10-04] (Igor Pavlov)
ContextMenuHandlers4: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.25.0.dll [2018-10-09] (Dropbox, Inc.)
ContextMenuHandlers4: [GDContextMenu] -> {BB02B294-8425-42E5-983F-41A1FA970CD6} => C:\Program Files\Google\Drive\contextmenu64.dll [2018-05-30] (Google)
ContextMenuHandlers4: [MagentaCopyExtension] -> {58b099b1-34e1-32dc-9845-ac9e9ccb6879} => C:\WINDOWS\system32\mscoree.dll [2017-09-29] (Microsoft Corporation)
ContextMenuHandlers4: [MagentaShareExtension] -> {f516de71-db37-311e-85e4-c899417e6948} => C:\WINDOWS\system32\mscoree.dll [2017-09-29] (Microsoft Corporation)
ContextMenuHandlers5: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.25.0.dll [2018-10-09] (Dropbox, Inc.)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> Keine Datei
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\WINDOWS\System32\DriverStore\FileRepository\igdlh64.inf_amd64_ce1af3c67f44ff6b\igfxDTCM.dll [2017-08-08] (Intel Corporation)
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\WINDOWS\system32\nvshext.dll [2017-05-01] (NVIDIA Corporation)
ContextMenuHandlers6: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => D:\7Zip\7-zip.dll [2016-10-04] (Igor Pavlov)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => D:\Anti-Malware\mbshlext.dll [2018-09-19] (Malwarebytes)
ContextMenuHandlers6: [Shell Extension for Malware scanning] -> {45AC2688-0253-4ED8-97DE-B5370FA7D48A} => C:\Program Files (x86)\Avira\Antivirus\shlext64.dll [2018-09-04] (Avira Operations GmbH & Co. KG)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => D:\Winrar\rarext.dll [2016-08-15] (Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => D:\Winrar\rarext32.dll [2016-08-15] (Alexander Roshal)
ContextMenuHandlers1_.DEFAULT: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => -> Keine Datei
ContextMenuHandlers4_.DEFAULT: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => -> Keine Datei
ContextMenuHandlers5_.DEFAULT: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => -> Keine Datei
==================== Geplante Aufgaben (Nicht auf der Ausnahmeliste) =============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
Task: {1BAE9221-F63B-4167-93D0-71BFD9AE16ED} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-01-15] (Google Inc.)
Task: {1DB99F9D-E144-4F67-96AD-4287D9ACC579} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-01-15] (Google Inc.)
Task: {2CD830EF-9529-4ABD-ACC9-BD701073010A} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2018-09-29] (Microsoft Corporation)
Task: {4FCE4565-D15F-4C72-AC3F-7AFB0C3C0485} - System32\Tasks\Avira\System Speedup\Delayed Startup\Daniel\1 => C:\Program Files (x86)\Google\Drive\googledrivesync.exe <==== ACHTUNG
Task: {5DA9C625-4CE0-479B-A582-44A38637C77D} - System32\Tasks\Avira\System Speedup\SpeedupSysTray => C:\Program Files (x86)\Avira\System Speedup\Avira.SystemSpeedup.UI.Systray.exe
Task: {70F37774-A4D0-4054-A6DE-39539DB0A860} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerRegistration => C:\Program Files (x86)\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [2018-10-13] (Microsoft Corporation)
Task: {715F590A-77AE-4A0D-A974-D51CBEE0CD98} - System32\Tasks\Avira\System Speedup\Delayed Startup\All users\1 => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2016-12-28] (NVIDIA Corporation)
Task: {7747DACE-87DA-4959-8FAF-CB8CFBBBD8C7} - System32\Tasks\RtsCM => C:\WINDOWS\RtsCM64.exe [2016-11-14] (Realtek Semiconductor Corp.)
Task: {791B4152-3233-42BB-AFEB-FA0CED77DEE2} - System32\Tasks\Avira_Antivirus_Systray => C:\Program Files (x86)\Avira\Antivirus\avgnt.exe [2018-09-04] (Avira Operations GmbH & Co. KG)
Task: {8317585A-515C-405E-85D9-1EEC05BBFA7C} - System32\Tasks\Opera scheduled Autoupdate 1485943771 => D:\Opera\launcher.exe [2018-10-10] (Opera Software)
Task: {83D5FB3B-9896-4AEF-8F31-F3B8FD10F767} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe [2018-10-13] (Microsoft Corporation)
Task: {8CEDBA67-649B-4474-970F-8C0C6CE22E20} - System32\Tasks\Microsoft\Windows\Conexant\SA2 => C:\Program Files\CONEXANT\SAII\SACpl.exe [2016-08-30] (Conexant Systems, Inc.)
Task: {8E01999D-D6BB-4647-BE13-848E9D92856A} - \Microsoft\Windows\UNP\RunCampaignManager -> Keine Datei <==== ACHTUNG
Task: {A2AE4A5C-ED56-43BF-989B-DC05FCFFC210} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe [2018-10-13] (Microsoft Corporation)
Task: {A6D566EE-B492-4F88-A3BF-9A5BE7EB1F13} - System32\Tasks\Avira\System Speedup\Delayed Startup\All users\2 => C:\WINDOWS\RTFTrack.EXE [2016-11-14] (Realtek semiconductor)
Task: {A842A135-6988-4546-A8EE-510C3BDCDFC6} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2018-09-29] (Microsoft Corporation)
Task: {B1833CBB-6B7C-4540-AE62-2A86768D51B5} - System32\Tasks\Avira\System Speedup\TestScheduler => C:\Program Files (x86)\Avira\System Speedup\Avira.SystemSpeedup.Core.Common.Starter.exe
Task: {B510C5C9-98B2-4BA1-9621-17EA8CF4D557} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonx86\Microsoft Shared\Office16\OLicenseHeartbeat.exe [2018-10-13] (Microsoft Corporation)
Task: {BFF4D862-F071-483F-87D2-AB59212B13F8} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerLogon => C:\Program Files (x86)\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [2018-10-13] (Microsoft Corporation)
Task: {CA84A48F-E2E6-4A08-AEE8-E39EA3F4BC9D} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2018-08-14] (Adobe Systems Incorporated)
Task: {CBEEFA77-1690-4B8A-B7EA-88667CE19B36} - System32\Tasks\DropboxUpdateTaskMachineCore => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2017-01-14] (Dropbox, Inc.)
Task: {DDF2E756-B2F4-428D-A586-1A7EC980992A} - System32\Tasks\Microsoft\Windows\Display\Brightness\BrightnessReset
Task: {EB6E25C7-D173-4DEF-B599-9CA9F1D42531} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\sdxhelper.exe [2018-10-13] (Microsoft Corporation)
Task: {EBE570C1-78B3-4D78-9092-671CC2625C54} - System32\Tasks\DropboxUpdateTaskMachineUA => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2017-01-14] (Dropbox, Inc.)
Task: {F557E6A4-96E2-4A0E-976B-0CBA0BE985EF} - System32\Tasks\Microsoft\Windows\Conexant\AFA => C:\Program Files\CONEXANT\cAudioFilterAgent\SACpl.exe [2016-07-05] (Conexant Systems, Inc.)
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Aufgabe verschoben. Die Datei, die durch die Aufgabe gestartet wird, wird nicht verschoben.)
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineCore.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineUA.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
==================== Verknüpfungen & WMI ========================
(Die Einträge können gelistet werden, um sie zurückzusetzen oder zu entfernen.)
==================== Geladene Module (Nicht auf der Ausnahmeliste) ==============
2017-09-29 15:41 - 2017-09-29 15:41 - 000184432 _____ () C:\WINDOWS\SYSTEM32\inputhost.dll
2017-01-13 14:56 - 2017-01-13 14:56 - 000092472 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2017-01-13 14:56 - 2017-01-13 14:56 - 001353528 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2018-05-15 09:23 - 2018-05-15 09:23 - 000945352 _____ () C:\Program Files (x86)\Telekom\MagentaCloud\Updater\MaintenanceService.exe
2018-10-15 18:22 - 2018-09-12 11:35 - 002701064 _____ () D:\ANTI-MALWARE\SelfProtectionSdk.dll
2018-10-15 18:22 - 2018-09-12 17:57 - 002785784 _____ () D:\ANTI-MALWARE\MwacLib.dll
2018-10-11 14:48 - 2018-08-31 01:38 - 011044864 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2018-10-11 14:48 - 2018-08-31 01:35 - 001804288 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2018-05-15 09:23 - 2018-05-15 09:23 - 002939592 _____ () C:\Program Files (x86)\Telekom\MagentaCloud\MagentaCloud.App.exe
2016-07-18 10:39 - 2016-07-18 10:39 - 000154816 _____ () C:\Program Files\Dolby\Dolby DAX2\DAX2_API\DolbyDAX2API.exe
2016-02-29 12:16 - 2016-02-29 12:16 - 000070144 _____ () C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\zlib1.dll
2018-08-13 10:19 - 2018-08-13 10:18 - 001204472 _____ () C:\Program Files (x86)\Avira\Antivirus\crypto-42.dll
2018-08-13 10:19 - 2018-08-13 10:18 - 000243352 _____ () C:\Program Files (x86)\Avira\Antivirus\ssl-44.dll
2018-05-15 09:23 - 2018-05-15 09:23 - 001035968 _____ () C:\Program Files (x86)\Telekom\MagentaCloud\CefSharp.Core.dll
2018-05-15 09:23 - 2018-05-15 09:23 - 048943792 _____ () C:\Program Files (x86)\Telekom\MagentaCloud\libcef.dll
2018-10-11 14:42 - 2018-10-09 13:53 - 001140552 _____ () C:\Program Files (x86)\Dropbox\Client\dropbox_watchdog.dll
2018-10-11 14:42 - 2018-10-09 13:53 - 002247496 _____ () C:\Program Files (x86)\Dropbox\Client\dropbox_crashpad.dll
2018-05-15 13:00 - 2018-10-09 13:58 - 000023376 _____ () C:\Program Files (x86)\Dropbox\Client\tornado.speedups.cp35-win32.pyd
2018-10-11 14:42 - 2018-10-09 13:55 - 000025456 _____ () C:\Program Files (x86)\Dropbox\Client\cryptography.hazmat.bindings._constant_time.cp35-win32.pyd
2018-05-15 13:00 - 2018-10-09 13:53 - 000142312 _____ () C:\Program Files (x86)\Dropbox\Client\_cffi_backend.cp35-win32.pyd
2018-10-11 14:42 - 2018-10-09 13:56 - 001953640 _____ () C:\Program Files (x86)\Dropbox\Client\cryptography.hazmat.bindings._openssl.cp35-win32.pyd
2018-10-11 14:42 - 2018-10-09 13:56 - 000025960 _____ () C:\Program Files (x86)\Dropbox\Client\cryptography.hazmat.bindings._padding.cp35-win32.pyd
2018-10-11 14:42 - 2018-10-09 13:53 - 000117720 _____ () C:\Program Files (x86)\Dropbox\Client\pywintypes35.dll
2018-05-15 13:00 - 2018-10-09 13:53 - 000109024 _____ () C:\Program Files (x86)\Dropbox\Client\win32api.cp35-win32.pyd
2018-10-11 14:42 - 2018-10-09 13:56 - 000083784 _____ () C:\Program Files (x86)\Dropbox\Client\fastpath.cp35-win32.pyd
2018-10-11 14:42 - 2018-10-09 13:53 - 000418264 _____ () C:\Program Files (x86)\Dropbox\Client\pythoncom35.dll
2018-05-15 13:00 - 2018-10-09 13:53 - 000027616 _____ () C:\Program Files (x86)\Dropbox\Client\win32event.cp35-win32.pyd
2018-05-15 13:00 - 2018-10-09 13:53 - 000049128 _____ () C:\Program Files (x86)\Dropbox\Client\win32process.cp35-win32.pyd
2018-10-11 14:42 - 2018-10-09 13:56 - 000074072 _____ () C:\Program Files (x86)\Dropbox\Client\psutil._psutil_windows.cp35-win32.pyd
2018-05-15 13:00 - 2018-10-09 13:53 - 000131552 _____ () C:\Program Files (x86)\Dropbox\Client\win32file.cp35-win32.pyd
2018-10-11 14:42 - 2018-10-09 13:55 - 000025944 _____ () C:\Program Files (x86)\Dropbox\Client\cpuid.compiled._cpuid.cp35-win32.pyd
2018-05-15 13:00 - 2018-10-09 13:53 - 000026600 _____ () C:\Program Files (x86)\Dropbox\Client\win32clipboard.cp35-win32.pyd
2018-05-15 13:00 - 2018-10-09 13:53 - 000182752 _____ () C:\Program Files (x86)\Dropbox\Client\win32gui.cp35-win32.pyd
2018-05-15 13:00 - 2018-10-09 13:53 - 000027616 _____ () C:\Program Files (x86)\Dropbox\Client\win32pipe.cp35-win32.pyd
2018-05-15 13:00 - 2018-10-09 13:53 - 000118760 _____ () C:\Program Files (x86)\Dropbox\Client\win32security.cp35-win32.pyd
2018-05-15 13:00 - 2018-10-09 13:58 - 000401752 _____ () C:\Program Files (x86)\Dropbox\Client\win32com.shell.shell.cp35-win32.pyd
2018-05-15 13:00 - 2018-10-09 13:53 - 000028640 _____ () C:\Program Files (x86)\Dropbox\Client\win32job.cp35-win32.pyd
2018-05-15 13:00 - 2018-10-09 13:58 - 000034664 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.kernel32.compiled._winffi_kernel32.cp35-win32.pyd
2018-10-11 14:42 - 2018-10-09 13:53 - 000023704 _____ () C:\Program Files (x86)\Dropbox\Client\mmapfile.cp35-win32.pyd
2018-05-15 13:00 - 2018-10-09 13:53 - 000053736 _____ () C:\Program Files (x86)\Dropbox\Client\win32service.cp35-win32.pyd
2018-05-15 13:00 - 2018-10-09 13:53 - 000064992 _____ () C:\Program Files (x86)\Dropbox\Client\win32evtlog.cp35-win32.pyd
2018-05-15 13:00 - 2018-10-09 13:58 - 000059744 _____ () C:\Program Files (x86)\Dropbox\Client\winshell.compiled._winshell.cp35-win32.pyd
2018-05-15 13:00 - 2018-10-09 13:58 - 000068968 _____ () C:\Program Files (x86)\Dropbox\Client\winenumhandles.compiled._WinEnumHandles.cp35-win32.pyd
2018-05-15 13:00 - 2018-10-09 13:58 - 000028520 _____ () C:\Program Files (x86)\Dropbox\Client\winscreenshot.compiled._CaptureScreenshot.cp35-win32.pyd
2018-10-11 14:42 - 2018-10-09 13:55 - 000027488 _____ () C:\Program Files (x86)\Dropbox\Client\crashpad.compiled._Crashpad.cp35-win32.pyd
2018-05-15 13:00 - 2018-10-09 13:53 - 000032408 _____ () C:\Program Files (x86)\Dropbox\Client\win32ts.cp35-win32.pyd
2018-10-11 14:42 - 2018-10-09 13:56 - 000156504 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebEngineWidgets.cp35-win32.pyd
2018-05-15 13:00 - 2018-10-09 13:58 - 000092488 _____ () C:\Program Files (x86)\Dropbox\Client\sip.cp35-win32.pyd
2018-10-11 14:42 - 2018-10-09 13:56 - 001778000 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtCore.cp35-win32.pyd
2018-10-11 14:42 - 2018-10-09 13:56 - 000518992 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtNetwork.cp35-win32.pyd
2018-10-11 14:42 - 2018-10-09 13:56 - 000052056 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebEngineCore.cp35-win32.pyd
2018-10-11 14:42 - 2018-10-09 13:56 - 001929552 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtGui.cp35-win32.pyd
2018-10-11 14:42 - 2018-10-09 13:57 - 003821392 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWidgets.cp35-win32.pyd
2018-10-11 14:42 - 2018-10-09 13:56 - 000044888 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebChannel.cp35-win32.pyd
2018-10-11 14:42 - 2018-10-09 13:56 - 000132944 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebKit.cp35-win32.pyd
2018-10-11 14:42 - 2018-10-09 13:56 - 000218456 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebKitWidgets.cp35-win32.pyd
2018-10-11 14:42 - 2018-10-09 13:56 - 000205656 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtPrintSupport.cp35-win32.pyd
2018-05-15 13:00 - 2018-10-09 13:53 - 000061408 _____ () C:\Program Files (x86)\Dropbox\Client\win32print.cp35-win32.pyd
2018-05-15 13:00 - 2018-10-09 13:58 - 000051552 _____ () C:\Program Files (x86)\Dropbox\Client\winrpcserver.compiled._RPCServer.cp35-win32.pyd
2018-05-15 13:00 - 2018-10-09 13:53 - 000027624 _____ () C:\Program Files (x86)\Dropbox\Client\win32profile.cp35-win32.pyd
2018-08-03 18:17 - 2018-10-09 13:58 - 000033632 _____ () C:\Program Files (x86)\Dropbox\Client\winreindex.compiled._winreindex.cp35-win32.pyd
2018-05-15 13:00 - 2018-10-09 13:58 - 000028008 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.user32.compiled._winffi_user32.cp35-win32.pyd
2018-05-15 13:00 - 2018-10-09 13:58 - 000025960 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.iphlpapi.compiled._winffi_iphlpapi.cp35-win32.pyd
2018-05-15 13:00 - 2018-10-09 13:58 - 000025448 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.winerror.compiled._winffi_winerror.cp35-win32.pyd
2018-05-15 13:00 - 2018-10-09 13:58 - 000025960 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.wininet.compiled._winffi_wininet.cp35-win32.pyd
2018-10-11 14:42 - 2018-10-09 13:56 - 000031600 _____ () C:\Program Files (x86)\Dropbox\Client\dropbox.infinite.win.compiled._driverinstallation.cp35-win32.pyd
2018-05-15 13:00 - 2018-10-09 13:53 - 000486880 _____ () C:\Program Files (x86)\Dropbox\Client\winxpgui.cp35-win32.pyd
2018-10-11 14:42 - 2018-10-09 13:57 - 000102736 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWinExtras.cp35-win32.pyd
2018-05-15 13:00 - 2018-10-09 13:58 - 000029040 _____ () C:\Program Files (x86)\Dropbox\Client\winverifysignature.compiled._VerifySignature.cp35-win32.pyd
2018-10-11 14:42 - 2018-10-09 13:56 - 000029024 _____ () C:\Program Files (x86)\Dropbox\Client\librsyncffi.compiled._librsyncffi.cp35-win32.pyd
2018-10-11 14:42 - 2018-10-09 13:53 - 000036312 _____ () C:\Program Files (x86)\Dropbox\Client\librsync.dll
2018-10-11 14:42 - 2018-10-09 13:56 - 000036712 _____ () C:\Program Files (x86)\Dropbox\Client\enterprise_data.compiled._enterprise_data.cp35-win32.pyd
2018-10-11 14:42 - 2018-10-09 13:53 - 000293392 _____ () C:\Program Files (x86)\Dropbox\Client\EnterpriseDataAdapter.dll
2018-05-15 13:00 - 2018-10-09 13:58 - 000025960 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.advapi32.compiled._winffi_advapi32.cp35-win32.pyd
2018-10-11 14:42 - 2018-10-09 13:56 - 000433992 _____ () C:\Program Files (x86)\Dropbox\Client\dropbox_sqlite_ext.DLL
2018-05-15 13:00 - 2018-10-09 13:58 - 000035680 _____ () C:\Program Files (x86)\Dropbox\Client\wind3d11.compiled._wind3d11.cp35-win32.pyd
2018-10-11 14:42 - 2018-10-09 13:56 - 000025920 _____ () C:\Program Files (x86)\Dropbox\Client\libEGL.DLL
2018-10-11 14:42 - 2018-10-09 13:56 - 001592128 _____ () C:\Program Files (x86)\Dropbox\Client\libGLESv2.dll
2018-05-15 13:00 - 2018-10-09 13:58 - 000095592 _____ () C:\Program Files (x86)\Dropbox\Client\windisplaytoast.compiled._DisplayToast.cp35-win32.pyd
2018-05-15 13:00 - 2018-10-09 13:58 - 000025960 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.shcore.compiled._winffi_shcore.cp35-win32.pyd
2018-09-13 20:44 - 2018-10-09 13:58 - 000028520 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.shell32.compiled._winffi_shell32.cp35-win32.pyd
2018-05-15 13:00 - 2018-10-09 13:58 - 000029544 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.winhttp.compiled._winffi_winhttp.cp35-win32.pyd
2018-10-11 14:42 - 2018-10-09 13:56 - 000530768 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtQuick.cp35-win32.pyd
2018-10-11 14:42 - 2018-10-09 13:56 - 000348496 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtQml.cp35-win32.pyd
2018-10-11 14:42 - 2018-10-09 13:56 - 000037200 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebEngine.cp35-win32.pyd
==================== Alternate Data Streams (Nicht auf der Ausnahmeliste) =========
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird nur der ADS entfernt.)
AlternateDataStreams: C:\Users\Daniel\Desktop\Dieser PC.lnk:com.dropbox.attributes [168]
AlternateDataStreams: C:\Users\Daniel\Desktop\Excel 2016.lnk:com.dropbox.attributes [168]
==================== Abgesicherter Modus (Nicht auf der Ausnahmeliste) ===================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Der Wert "AlternateShell" wird wiederhergestellt.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
==================== Verknüpfungen (Nicht auf der Ausnahmeliste) ===============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt.)
==================== Internet Explorer Vertrauenswürdig/Eingeschränkt ===============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt.)
IE trusted site: HKU\S-1-5-21-3005747062-139439454-937356164-1001\...\localhost -> localhost
IE trusted site: HKU\S-1-5-21-3005747062-139439454-937356164-1001\...\webcompanion.com -> hxxp://webcompanion.com
IE trusted site: HKU\S-1-5-21-3005747062-139439454-937356164-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-10162018115150011\...\localhost -> localhost
IE trusted site: HKU\S-1-5-21-3005747062-139439454-937356164-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-10162018115150011\...\webcompanion.com -> hxxp://webcompanion.com
IE trusted site: HKU\S-1-5-21-3005747062-139439454-937356164-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-10162018115227592\...\localhost -> localhost
IE trusted site: HKU\S-1-5-21-3005747062-139439454-937356164-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-10162018115227592\...\webcompanion.com -> hxxp://webcompanion.com
IE trusted site: HKU\S-1-5-21-3005747062-139439454-937356164-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-10162018115419187\...\localhost -> localhost
IE trusted site: HKU\S-1-5-21-3005747062-139439454-937356164-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-10162018115419187\...\webcompanion.com -> hxxp://webcompanion.com
IE trusted site: HKU\S-1-5-21-3005747062-139439454-937356164-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-10162018115856319\...\localhost -> localhost
IE trusted site: HKU\S-1-5-21-3005747062-139439454-937356164-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-10162018115856319\...\webcompanion.com -> hxxp://webcompanion.com
IE trusted site: HKU\S-1-5-21-3005747062-139439454-937356164-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-10162018171924902\...\localhost -> localhost
IE trusted site: HKU\S-1-5-21-3005747062-139439454-937356164-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-10162018171924902\...\webcompanion.com -> hxxp://webcompanion.com
==================== Hosts Inhalt: ===============================
(Wenn benötigt kann der Hosts: Schalter in die Fixlist aufgenommen werden um die Hosts Datei zurückzusetzen.)
2016-07-16 13:47 - 2017-05-04 19:56 - 000000822 _____ C:\WINDOWS\system32\Drivers\etc\hosts
==================== Andere Bereiche ============================
(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)
HKU\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-10162018115149935\Control Panel\Desktop\\Wallpaper -> C:\Windows\Web\Wallpaper\Windows\img0.jpg
HKU\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-10162018115227510\Control Panel\Desktop\\Wallpaper -> C:\Windows\Web\Wallpaper\Windows\img0.jpg
HKU\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-10162018115419052\Control Panel\Desktop\\Wallpaper -> C:\Windows\Web\Wallpaper\Windows\img0.jpg
HKU\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-10162018115856129\Control Panel\Desktop\\Wallpaper -> C:\Windows\Web\Wallpaper\Windows\img0.jpg
HKU\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-10162018171924761\Control Panel\Desktop\\Wallpaper -> C:\Windows\Web\Wallpaper\Windows\img0.jpg
HKU\S-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-10162018115149955\Control Panel\Desktop\\Wallpaper -> C:\Windows\Web\Wallpaper\Windows\img0.jpg
HKU\S-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-10162018115227530\Control Panel\Desktop\\Wallpaper -> C:\Windows\Web\Wallpaper\Windows\img0.jpg
HKU\S-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-10162018115419083\Control Panel\Desktop\\Wallpaper -> C:\Windows\Web\Wallpaper\Windows\img0.jpg
HKU\S-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-10162018115856193\Control Panel\Desktop\\Wallpaper -> C:\Windows\Web\Wallpaper\Windows\img0.jpg
HKU\S-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-10162018171924796\Control Panel\Desktop\\Wallpaper -> C:\Windows\Web\Wallpaper\Windows\img0.jpg
HKU\S-1-5-21-3005747062-139439454-937356164-1000-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-10162018172311269\Control Panel\Desktop\\Wallpaper -> C:\Windows\Web\Wallpaper\Windows\img0.jpg
HKU\S-1-5-21-3005747062-139439454-937356164-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-10162018115149972\Control Panel\Desktop\\Wallpaper -> C:\Windows\Web\Wallpaper\Windows\img0.jpg
HKU\S-1-5-21-3005747062-139439454-937356164-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-10162018115227553\Control Panel\Desktop\\Wallpaper -> C:\Windows\Web\Wallpaper\Windows\img0.jpg
HKU\S-1-5-21-3005747062-139439454-937356164-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-10162018115419137\Control Panel\Desktop\\Wallpaper -> C:\Windows\Web\Wallpaper\Windows\img0.jpg
HKU\S-1-5-21-3005747062-139439454-937356164-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-10162018115856229\Control Panel\Desktop\\Wallpaper -> C:\Windows\Web\Wallpaper\Windows\img0.jpg
HKU\S-1-5-21-3005747062-139439454-937356164-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-10162018171924828\Control Panel\Desktop\\Wallpaper -> C:\Windows\Web\Wallpaper\Windows\img0.jpg
HKU\S-1-5-21-3005747062-139439454-937356164-1001\Control Panel\Desktop\\Wallpaper -> C:\Windows\web\wallpaper\Windows\img0.jpg
HKU\S-1-5-21-3005747062-139439454-937356164-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-10162018115150011\Control Panel\Desktop\\Wallpaper -> C:\Windows\web\wallpaper\Windows\img0.jpg
HKU\S-1-5-21-3005747062-139439454-937356164-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-10162018115227592\Control Panel\Desktop\\Wallpaper -> C:\Windows\web\wallpaper\Windows\img0.jpg
HKU\S-1-5-21-3005747062-139439454-937356164-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-10162018115419187\Control Panel\Desktop\\Wallpaper -> C:\Windows\web\wallpaper\Windows\img0.jpg
HKU\S-1-5-21-3005747062-139439454-937356164-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-10162018115856319\Control Panel\Desktop\\Wallpaper -> C:\Windows\web\wallpaper\Windows\img0.jpg
HKU\S-1-5-21-3005747062-139439454-937356164-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-10162018171924902\Control Panel\Desktop\\Wallpaper -> C:\Windows\web\wallpaper\Windows\img0.jpg
DNS Servers: 208.67.222.222 - 208.67.220.220
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin)
Windows Firewall ist aktiviert.
==================== MSCONFIG/TASK MANAGER Deaktivierte Einträge ==
Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er entfernt.
MSCONFIG\Services: hmevpnsvc => 2
MSCONFIG\Services: PDF Architect 4 Creator => 2
MSCONFIG\Services: PDF Architect 4 Manager => 2
MSCONFIG\Services: SkypeUpdate => 2
MSCONFIG\Services: TeamViewer => 2
HKLM\...\StartupApproved\Run: => "iTunesHelper"
HKLM\...\StartupApproved\Run: => "Malwarebytes TrayApp"
HKLM\...\StartupApproved\Run32: => "Avira Safe Shopping"
HKLM\...\StartupApproved\Run32: => "IJNetworkScanUtility"
HKLM\...\StartupApproved\Run32: => "avgnt"
HKLM\...\StartupApproved\Run32: => "Avira System Speedup User Starter"
HKLM\...\StartupApproved\Run32: => "Cisco AnyConnect Secure Mobility Agent for Windows"
HKLM\...\StartupApproved\Run32: => "Avira System Speedup Tray"
HKU\S-1-5-21-3005747062-139439454-937356164-1001\...\StartupApproved\StartupFolder: => "hide.me VPN.lnk"
HKU\S-1-5-21-3005747062-139439454-937356164-1001\...\StartupApproved\Run: => "Steam"
HKU\S-1-5-21-3005747062-139439454-937356164-1001\...\StartupApproved\Run: => "DAEMON Tools Lite Automount"
HKU\S-1-5-21-3005747062-139439454-937356164-1001\...\StartupApproved\Run: => "Lync"
HKU\S-1-5-21-3005747062-139439454-937356164-1001\...\StartupApproved\Run: => "Skype"
HKU\S-1-5-21-3005747062-139439454-937356164-1001\...\StartupApproved\Run: => "iDevice Manager Launcher"
HKU\S-1-5-21-3005747062-139439454-937356164-1001\...\StartupApproved\Run: => "OneDriveSetup"
HKU\S-1-5-21-3005747062-139439454-937356164-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-10162018115150011\...\StartupApproved\StartupFolder: => "hide.me VPN.lnk"
HKU\S-1-5-21-3005747062-139439454-937356164-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-10162018115150011\...\StartupApproved\Run: => "Steam"
HKU\S-1-5-21-3005747062-139439454-937356164-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-10162018115150011\...\StartupApproved\Run: => "DAEMON Tools Lite Automount"
HKU\S-1-5-21-3005747062-139439454-937356164-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-10162018115150011\...\StartupApproved\Run: => "Lync"
HKU\S-1-5-21-3005747062-139439454-937356164-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-10162018115150011\...\StartupApproved\Run: => "Skype"
HKU\S-1-5-21-3005747062-139439454-937356164-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-10162018115150011\...\StartupApproved\Run: => "iDevice Manager Launcher"
HKU\S-1-5-21-3005747062-139439454-937356164-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-10162018115150011\...\StartupApproved\Run: => "OneDriveSetup"
HKU\S-1-5-21-3005747062-139439454-937356164-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-10162018115227592\...\StartupApproved\StartupFolder: => "hide.me VPN.lnk"
HKU\S-1-5-21-3005747062-139439454-937356164-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-10162018115227592\...\StartupApproved\Run: => "Steam"
HKU\S-1-5-21-3005747062-139439454-937356164-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-10162018115227592\...\StartupApproved\Run: => "DAEMON Tools Lite Automount"
HKU\S-1-5-21-3005747062-139439454-937356164-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-10162018115227592\...\StartupApproved\Run: => "Lync"
HKU\S-1-5-21-3005747062-139439454-937356164-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-10162018115227592\...\StartupApproved\Run: => "Skype"
HKU\S-1-5-21-3005747062-139439454-937356164-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-10162018115227592\...\StartupApproved\Run: => "iDevice Manager Launcher"
HKU\S-1-5-21-3005747062-139439454-937356164-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-10162018115227592\...\StartupApproved\Run: => "OneDriveSetup"
HKU\S-1-5-21-3005747062-139439454-937356164-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-10162018115419187\...\StartupApproved\StartupFolder: => "hide.me VPN.lnk"
HKU\S-1-5-21-3005747062-139439454-937356164-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-10162018115419187\...\StartupApproved\Run: => "Steam"
HKU\S-1-5-21-3005747062-139439454-937356164-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-10162018115419187\...\StartupApproved\Run: => "DAEMON Tools Lite Automount"
HKU\S-1-5-21-3005747062-139439454-937356164-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-10162018115419187\...\StartupApproved\Run: => "Lync"
HKU\S-1-5-21-3005747062-139439454-937356164-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-10162018115419187\...\StartupApproved\Run: => "Skype"
HKU\S-1-5-21-3005747062-139439454-937356164-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-10162018115419187\...\StartupApproved\Run: => "iDevice Manager Launcher"
HKU\S-1-5-21-3005747062-139439454-937356164-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-10162018115419187\...\StartupApproved\Run: => "OneDriveSetup"
HKU\S-1-5-21-3005747062-139439454-937356164-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-10162018115856319\...\StartupApproved\StartupFolder: => "hide.me VPN.lnk"
HKU\S-1-5-21-3005747062-139439454-937356164-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-10162018115856319\...\StartupApproved\Run: => "Steam"
HKU\S-1-5-21-3005747062-139439454-937356164-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-10162018115856319\...\StartupApproved\Run: => "DAEMON Tools Lite Automount"
HKU\S-1-5-21-3005747062-139439454-937356164-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-10162018115856319\...\StartupApproved\Run: => "Lync"
HKU\S-1-5-21-3005747062-139439454-937356164-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-10162018115856319\...\StartupApproved\Run: => "Skype"
HKU\S-1-5-21-3005747062-139439454-937356164-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-10162018115856319\...\StartupApproved\Run: => "iDevice Manager Launcher"
HKU\S-1-5-21-3005747062-139439454-937356164-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-10162018115856319\...\StartupApproved\Run: => "OneDriveSetup"
HKU\S-1-5-21-3005747062-139439454-937356164-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-10162018171924902\...\StartupApproved\StartupFolder: => "hide.me VPN.lnk"
HKU\S-1-5-21-3005747062-139439454-937356164-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-10162018171924902\...\StartupApproved\Run: => "Steam"
HKU\S-1-5-21-3005747062-139439454-937356164-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-10162018171924902\...\StartupApproved\Run: => "DAEMON Tools Lite Automount"
HKU\S-1-5-21-3005747062-139439454-937356164-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-10162018171924902\...\StartupApproved\Run: => "Lync"
HKU\S-1-5-21-3005747062-139439454-937356164-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-10162018171924902\...\StartupApproved\Run: => "Skype"
HKU\S-1-5-21-3005747062-139439454-937356164-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-10162018171924902\...\StartupApproved\Run: => "iDevice Manager Launcher"
HKU\S-1-5-21-3005747062-139439454-937356164-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-10162018171924902\...\StartupApproved\Run: => "OneDriveSetup"
==================== Firewall Regeln (Nicht auf der Ausnahmeliste) ===============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
FirewallRules: [{4C7B732E-0FD7-422C-9AC4-BB682E44A967}] => (Allow) D:\iDevice Manager\Software4u.IDeviceManager.exe
FirewallRules: [{2B20FCD4-630C-4471-B98B-2E32A952E407}] => (Allow) D:\iDevice Manager\Software4u.IDeviceManager.exe
FirewallRules: [UDP Query User{EAC87636-C841-4830-A55C-3006E6ABC97C}D:\firefox\firefox.exe] => (Allow) D:\firefox\firefox.exe
FirewallRules: [TCP Query User{51E3D2E5-D134-49E6-AA62-77A19BE7A466}D:\firefox\firefox.exe] => (Allow) D:\firefox\firefox.exe
FirewallRules: [{FB609537-CEE0-43FF-9901-ADFC71D01DFA}] => (Allow) D:\Firefox\firefox.exe
FirewallRules: [{2403435D-2FA7-4BCA-9431-0AAFC53995A4}] => (Allow) D:\Firefox\firefox.exe
FirewallRules: [{4358B7D6-4FAD-4134-A899-0ACBB3CA2C9A}] => (Allow) D:\Winamp\winamp.exe
FirewallRules: [{B8C1A868-A8F7-4524-B022-8C7B1FFF9AB3}] => (Allow) D:\Winamp\winamp.exe
FirewallRules: [{4F717FD6-C5FE-417E-9716-FF8F5BBCC5AC}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe
FirewallRules: [{BAF5465B-0B8C-48EB-8C0E-42E2383E290C}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe
FirewallRules: [{88597239-47B2-44B3-9029-E23C9B747FD5}] => (Allow) E:\Steam\Steam.exe
FirewallRules: [{C376E856-F63C-4A8B-ACAE-A12A986352E1}] => (Allow) E:\Steam\Steam.exe
FirewallRules: [{5B83FF76-B086-42DB-8EDC-13404D4A2D58}] => (Allow) E:\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{4178755B-C789-4F0E-BF1A-D32BE637A59A}] => (Allow) E:\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{FFB6EFF9-6EB2-4D39-90F7-47572C2D02EC}] => (Allow) D:\Skype\Phone\Skype.exe
FirewallRules: [{8A37997D-7EBA-4BF3-84E4-C6221AD96067}] => (Allow) E:\Steam\steamapps\common\Counter-Strike Source\hl2.exe
FirewallRules: [{AA643F16-1860-4227-8DC1-ED1E6C20C202}] => (Allow) E:\Steam\steamapps\common\Counter-Strike Source\hl2.exe
FirewallRules: [{B07DC62A-1A2C-421B-87D9-AF914D66A633}] => (Allow) E:\Steam\steamapps\common\Day of Defeat Source\hl2.exe
FirewallRules: [{96A83318-73B9-4DF3-9A69-3E983E821751}] => (Allow) E:\Steam\steamapps\common\Day of Defeat Source\hl2.exe
FirewallRules: [TCP Query User{12ECF736-F198-49B7-B79D-CB74FEAE49C4}F:\daniel\aoe\aoe2\empires2.exe] => (Allow) F:\daniel\aoe\aoe2\empires2.exe
FirewallRules: [UDP Query User{BB74B76C-88E4-4C23-A3E8-5A4031742C2B}F:\daniel\aoe\aoe2\empires2.exe] => (Allow) F:\daniel\aoe\aoe2\empires2.exe
FirewallRules: [TCP Query User{61FEAAEB-235D-454C-8D87-3B1350A1366A}E:\aoe\aoe2\empires2 crack.exe] => (Allow) E:\aoe\aoe2\empires2 crack.exe
FirewallRules: [UDP Query User{0B7C7E56-6039-4F86-A534-2813178DC6AB}E:\aoe\aoe2\empires2 crack.exe] => (Allow) E:\aoe\aoe2\empires2 crack.exe
FirewallRules: [{1E4624E5-DF0E-48BD-B1AB-1A027BAC0E6C}] => (Allow) D:\SPSS\stats.exe
FirewallRules: [{BD833538-A88D-4B70-9578-E4DF094CE426}] => (Allow) D:\SPSS\stats.exe
FirewallRules: [{B7AEF517-39C0-4F3D-9B0E-0218C05FB5C8}] => (Allow) D:\SPSS\WinWrapIDE.exe
FirewallRules: [{10F5AF86-383D-41E1-A876-CBFF837002F0}] => (Allow) D:\SPSS\WinWrapIDE.exe
FirewallRules: [{71C5BBC3-D8C6-418A-88EA-35A35E856698}] => (Allow) D:\SPSS\stats.com
FirewallRules: [{9CB5B4F7-59B6-4DC7-9855-0E101E6B6326}] => (Allow) D:\SPSS\stats.com
FirewallRules: [{C11BF9F0-742D-4EB7-A311-7D0A15F95957}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{9BE5C2D2-7D93-4701-9A21-EC7E4CB9A2FF}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{7CDF2EFD-2747-4703-9C77-57D20A4FDB69}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{55BFB488-F81C-40C6-8AA0-B9C976C4BF8D}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{DCDAC99F-C5CE-4A0C-BFEB-17F283025894}] => (Allow) D:\Itunes\iTunes.exe
FirewallRules: [TCP Query User{7D4F1500-B52C-4CD3-B06A-B2998926DEDA}D:\matlab 2016\bin\win64\matlab.exe] => (Allow) D:\matlab 2016\bin\win64\matlab.exe
FirewallRules: [UDP Query User{F978D644-6B0B-46E4-9A0C-C5766783175C}D:\matlab 2016\bin\win64\matlab.exe] => (Allow) D:\matlab 2016\bin\win64\matlab.exe
FirewallRules: [TCP Query User{EB421851-6CAD-46FB-8163-5177E2CF4B0D}D:\matlab 2016\bin\win64\matlab.exe] => (Block) D:\matlab 2016\bin\win64\matlab.exe
FirewallRules: [UDP Query User{C19EC5B5-837F-47AF-8F42-D830F0608F44}D:\matlab 2016\bin\win64\matlab.exe] => (Block) D:\matlab 2016\bin\win64\matlab.exe
FirewallRules: [{06CBFB82-76CA-4474-BC1B-250EE30B471A}] => (Allow) D:\Teamviewer\TeamViewer.exe
FirewallRules: [{E163E641-8ACC-4EAA-AD5E-420CF311CB6F}] => (Allow) D:\Teamviewer\TeamViewer.exe
FirewallRules: [{AEBA278D-A196-4AD1-A1EC-4B0E3CE8201E}] => (Allow) D:\Teamviewer\TeamViewer_Service.exe
FirewallRules: [{45BED32D-97CD-4CCD-89E7-0B4EB909905E}] => (Allow) D:\Teamviewer\TeamViewer_Service.exe
FirewallRules: [{7C4437F6-DBE5-4096-9D85-B7FA254AF9B3}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\outlook.exe
FirewallRules: [{8196BBAA-D6D4-4A44-9E56-3CEE0B8A3031}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe
FirewallRules: [{DE563F96-981A-413E-8A2F-AF79AC5D7762}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe
FirewallRules: [{BD0BFB02-80EA-458D-BFD9-5942D14B335E}] => (Allow) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
FirewallRules: [{A19D9854-E6BE-4ABB-85D2-D17B28294BC6}] => (Allow) D:\Opera\56.0.3051.36\opera.exe
FirewallRules: [{5192BB62-D6BE-48E0-BF55-254204915EAE}] => (Allow) D:\Opera\56.0.3051.43\opera.exe
==================== Wiederherstellungspunkte =========================
ACHTUNG: Systemwiederherstellung ist deaktiviert
==================== Fehlerhafte Geräte im Gerätemanager =============
Name: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows x64
Description: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows x64
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Cisco Systems
Service: vpnva
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
==================== Fehlereinträge in der Ereignisanzeige: =========================
Applikationsfehler:
==================
Error: (10/16/2018 11:57:38 AM) (Source: Office 2016 Licensing Service) (EventID: 0) (User: )
Description: Event-ID 0
Error: (10/15/2018 10:12:19 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm audiodg.exe, Version 10.0.16299.248 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Systemsteuerung "Sicherheit und Wartung", um nach weiteren Informationen zum Problem zu suchen.
Prozess-ID: 8
Startzeit: 01d464596b21415a
Beendigungszeit: 4294967295
Anwendungspfad: C:\WINDOWS\System32\audiodg.exe
Berichts-ID: ae173526-4b38-47f2-b3e2-b2d65a48e2e5
Vollständiger Name des fehlerhaften Pakets:
Auf das fehlerhafte Paket bezogene Anwendungs-ID:
Error: (10/15/2018 10:00:18 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm svchost.exe, Version 10.0.16299.15 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Systemsteuerung "Sicherheit und Wartung", um nach weiteren Informationen zum Problem zu suchen.
Prozess-ID: 92c
Startzeit: 01d464596adc09eb
Beendigungszeit: 4294967295
Anwendungspfad: C:\WINDOWS\System32\svchost.exe
Berichts-ID: 539401e3-c710-481e-a8d9-fa7be0970eba
Vollständiger Name des fehlerhaften Pakets:
Auf das fehlerhafte Paket bezogene Anwendungs-ID:
Error: (10/15/2018 09:53:24 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: wab.exe, Version: 10.0.16299.15, Zeitstempel: 0x8a2c87c5
Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 10.0.16299.611, Zeitstempel: 0x966d0f68
Ausnahmecode: 0xe06d7363
Fehleroffset: 0x00104172
ID des fehlerhaften Prozesses: 0x2650
Startzeit der fehlerhaften Anwendung: 0x01d4645c1a852070
Pfad der fehlerhaften Anwendung: C:\Program Files (x86)\Windows Mail\wab.exe
Pfad des fehlerhaften Moduls: C:\WINDOWS\System32\KERNELBASE.dll
Berichtskennung: 1dc6186d-3b20-4f7d-bb7d-c326a927ea95
Vollständiger Name des fehlerhaften Pakets:
Anwendungs-ID, die relativ zum fehlerhaften Paket ist:
Error: (10/15/2018 09:44:38 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm ShellExperienceHost.exe, Version 10.0.16299.492 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Systemsteuerung "Sicherheit und Wartung", um nach weiteren Informationen zum Problem zu suchen.
Prozess-ID: 1fb4
Startzeit: 01d4645972433463
Beendigungszeit: 4294967295
Anwendungspfad: C:\WINDOWS\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe
Berichts-ID: 15d9db4b-e84e-405a-8938-f00a20cb000c
Vollständiger Name des fehlerhaften Pakets: Microsoft.Windows.ShellExperienceHost_10.0.16299.637_neutral_neutral_cw5n1h2txyewy
Auf das fehlerhafte Paket bezogene Anwendungs-ID: App
Error: (10/15/2018 09:23:54 AM) (Source: Office 2016 Licensing Service) (EventID: 0) (User: )
Description: Event-ID 0
Error: (10/15/2018 09:20:25 AM) (Source: SideBySide) (EventID: 35) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files (x86)\Microsoft Office\root\Office16\lync.exe.Manifest". Fehler in Manifest- oder Richtliniendatei "C:\Program Files (x86)\Microsoft Office\root\Office16\UccApi.DLL" in Zeile 1.
Die im Manifest gefundene Komponenten-ID stimmt nicht mit der ID der angeforderten Komponente überein.
Verweis: UccApi,processorArchitecture="AMD64",type="win32",version="16.0.0.0".
Definition: UccApi,processorArchitecture="x86",type="win32",version="16.0.0.0".
Verwenden Sie das Programm "sxstrace.exe" für eine detaillierte Diagnose.
Error: (10/13/2018 08:16:22 AM) (Source: Office 2016 Licensing Service) (EventID: 0) (User: )
Description: Event-ID 0
Systemfehler:
=============
Error: (10/16/2018 06:15:31 PM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-K7CJ56O)
Description: Der Server "{417976B7-917D-4F1E-8F14-C18FCCB0B3A8}" konnte innerhalb des angegebenen Zeitabschnitts mit DCOM nicht registriert werden.
Error: (10/16/2018 06:03:35 PM) (Source: DCOM) (EventID: 10016) (User: DESKTOP-K7CJ56O)
Description: Durch die Berechtigungseinstellungen für "Anwendungsspezifisch" wird dem Benutzer "DESKTOP-K7CJ56O\Daniel" (SID: S-1-5-21-3005747062-139439454-937356164-1001) unter der Adresse "LocalHost (unter Verwendung von LRPC)" keine Berechtigung vom Typ "Lokal Aktivierung" für die COM-Serveranwendung mit der CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
und der APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
im Anwendungscontainer "Nicht verfügbar" (SID: Nicht verfügbar) gewährt. Die Sicherheitsberechtigung kann mit dem Verwaltungstool für Komponentendienste geändert werden.
Error: (10/16/2018 06:03:35 PM) (Source: DCOM) (EventID: 10016) (User: DESKTOP-K7CJ56O)
Description: Durch die Berechtigungseinstellungen für "Anwendungsspezifisch" wird dem Benutzer "DESKTOP-K7CJ56O\Daniel" (SID: S-1-5-21-3005747062-139439454-937356164-1001) unter der Adresse "LocalHost (unter Verwendung von LRPC)" keine Berechtigung vom Typ "Lokal Aktivierung" für die COM-Serveranwendung mit der CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
und der APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
im Anwendungscontainer "Nicht verfügbar" (SID: Nicht verfügbar) gewährt. Die Sicherheitsberechtigung kann mit dem Verwaltungstool für Komponentendienste geändert werden.
Error: (10/16/2018 06:03:34 PM) (Source: DCOM) (EventID: 10016) (User: DESKTOP-K7CJ56O)
Description: Durch die Berechtigungseinstellungen für "Anwendungsspezifisch" wird dem Benutzer "DESKTOP-K7CJ56O\Daniel" (SID: S-1-5-21-3005747062-139439454-937356164-1001) unter der Adresse "LocalHost (unter Verwendung von LRPC)" keine Berechtigung vom Typ "Lokal Aktivierung" für die COM-Serveranwendung mit der CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
und der APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
im Anwendungscontainer "Nicht verfügbar" (SID: Nicht verfügbar) gewährt. Die Sicherheitsberechtigung kann mit dem Verwaltungstool für Komponentendienste geändert werden.
Error: (10/16/2018 06:03:33 PM) (Source: DCOM) (EventID: 10016) (User: DESKTOP-K7CJ56O)
Description: Durch die Berechtigungseinstellungen für "Anwendungsspezifisch" wird dem Benutzer "DESKTOP-K7CJ56O\Daniel" (SID: S-1-5-21-3005747062-139439454-937356164-1001) unter der Adresse "LocalHost (unter Verwendung von LRPC)" keine Berechtigung vom Typ "Lokal Aktivierung" für die COM-Serveranwendung mit der CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
und der APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
im Anwendungscontainer "Nicht verfügbar" (SID: Nicht verfügbar) gewährt. Die Sicherheitsberechtigung kann mit dem Verwaltungstool für Komponentendienste geändert werden.
Error: (10/16/2018 05:21:51 PM) (Source: DCOM) (EventID: 10016) (User: DESKTOP-K7CJ56O)
Description: Durch die Berechtigungseinstellungen für "Anwendungsspezifisch" wird dem Benutzer "DESKTOP-K7CJ56O\Daniel" (SID: S-1-5-21-3005747062-139439454-937356164-1001) unter der Adresse "LocalHost (unter Verwendung von LRPC)" keine Berechtigung vom Typ "Lokal Aktivierung" für die COM-Serveranwendung mit der CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
und der APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
im Anwendungscontainer "Nicht verfügbar" (SID: Nicht verfügbar) gewährt. Die Sicherheitsberechtigung kann mit dem Verwaltungstool für Komponentendienste geändert werden.
Error: (10/16/2018 05:21:51 PM) (Source: DCOM) (EventID: 10016) (User: DESKTOP-K7CJ56O)
Description: Durch die Berechtigungseinstellungen für "Anwendungsspezifisch" wird dem Benutzer "DESKTOP-K7CJ56O\Daniel" (SID: S-1-5-21-3005747062-139439454-937356164-1001) unter der Adresse "LocalHost (unter Verwendung von LRPC)" keine Berechtigung vom Typ "Lokal Aktivierung" für die COM-Serveranwendung mit der CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
und der APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
im Anwendungscontainer "Nicht verfügbar" (SID: Nicht verfügbar) gewährt. Die Sicherheitsberechtigung kann mit dem Verwaltungstool für Komponentendienste geändert werden.
Error: (10/16/2018 05:21:50 PM) (Source: DCOM) (EventID: 10016) (User: DESKTOP-K7CJ56O)
Description: Durch die Berechtigungseinstellungen für "Anwendungsspezifisch" wird dem Benutzer "DESKTOP-K7CJ56O\Daniel" (SID: S-1-5-21-3005747062-139439454-937356164-1001) unter der Adresse "LocalHost (unter Verwendung von LRPC)" keine Berechtigung vom Typ "Lokal Aktivierung" für die COM-Serveranwendung mit der CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
und der APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
im Anwendungscontainer "Nicht verfügbar" (SID: Nicht verfügbar) gewährt. Die Sicherheitsberechtigung kann mit dem Verwaltungstool für Komponentendienste geändert werden.
CodeIntegrity:
===================================
Date: 2018-10-16 18:16:12.623
Description:
Code Integrity determined that a process (\Device\HarddiskVolume4\WINDOWS\System32\svchost.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.
Date: 2018-10-16 18:16:12.617
Description:
Code Integrity determined that a process (\Device\HarddiskVolume4\WINDOWS\System32\svchost.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.
Date: 2018-10-16 18:16:12.598
Description:
Code Integrity determined that a process (\Device\HarddiskVolume4\WINDOWS\System32\svchost.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.
Date: 2018-10-16 18:16:12.591
Description:
Code Integrity determined that a process (\Device\HarddiskVolume4\WINDOWS\System32\svchost.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.
Date: 2018-10-16 17:17:40.786
Description:
Code Integrity determined that a process (\Device\HarddiskVolume4\WINDOWS\System32\svchost.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.
Date: 2018-10-16 17:17:40.783
Description:
Code Integrity determined that a process (\Device\HarddiskVolume4\WINDOWS\System32\svchost.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.
Date: 2018-10-16 17:17:39.247
Description:
Code Integrity determined that a process (\Device\HarddiskVolume4\WINDOWS\System32\svchost.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.
Date: 2018-10-16 17:17:39.241
Description:
Code Integrity determined that a process (\Device\HarddiskVolume4\WINDOWS\System32\svchost.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.
==================== Speicherinformationen ===========================
Prozessor: Intel(R) Core(TM) i5-7200U CPU @ 2.50GHz
Prozentuale Nutzung des RAM: 56%
Installierter physikalischer RAM: 7639 MB
Verfügbarer physikalischer RAM: 3332.25 MB
Summe virtueller Speicher: 8855 MB
Verfügbarer virtueller Speicher: 4256.83 MB
==================== Laufwerke ================================
Drive c: (System) (Fixed) (Total:71.46 GB) (Free:14.33 GB) NTFS
Drive d: (Programme) (Fixed) (Total:97.66 GB) (Free:57.52 GB) NTFS
Drive e: (Spiele) (Fixed) (Total:68.36 GB) (Free:59 GB) NTFS
\\?\Volume{7cd8f29d-0000-0000-0000-100000000000}\ (FREE_DOS) (Fixed) (Total:1 GB) (Free:0.98 GB) FAT32
==================== MBR & Partitionstabelle ==================
========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 238.5 GB) (Disk ID: 7CD8F29D)
Partition 1: (Active) - (Size=1 GB) - (Type=0B)
Partition 2: (Not Active) - (Size=97.7 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=68.4 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=71.5 GB) - (Type=07 NTFS)
==================== Ende von Addition.txt ============================
|
|
17.10.2018, 12:17
| #3 | |
| /// Winkelfunktion /// TB-Süch-Tiger™   | Trojaner "Trojan.Nymaim", Win 10 EducationZitat:
  Avira bitte komplett deinstallieren Von Avira wird schon schon lange abgeraten Außerdem will ich für eine Analyse und Bereinigung so wenig Störquellen wie nur möglich. Zum Abschluss gibt es Hinweise zur Absicherung deines Windows-Systems. Wir deinstallieren dann am besten auch gleich weiteren unnötigen oder veralteten Krempel. Lade Dir bitte von hier  Revo Uninstaller (alternativ portable Revo Uninstaller) herunter.
Gib Bescheid wenn das weg ist; wenn wir hier durch sind, kannst du auf einen anderen Virenscanner umsteigen, Infos folgen dann im Abschlussposting. Bitte JETZT nix mehr ohne Absprache installieren!
__________________ |
|
17.10.2018, 12:30
| #4 |
| | Trojaner "Trojan.Nymaim", Win 10 Education Vielen Dank für die schnelle Antwort! Der Link zu filepony funktioniert leider nicht. Was soll ich tun? Fehlermeldung: 504 Gateway Time-out nginx P.S.: Ja, das mit dem neuen Beitrag kam mir auch seltsam vor. Ich hatte aber noch diesen Satz im Hinterkopf: "Wenn du statt zu editieren eine Antwort schreibst, dann sieht es für uns aus als wäre dein Thema schon in Arbeit und niemand kümmert sich um dich." Quelle: https://www.trojaner-board.de/69886-alle-hilfesuchenden-eroeffnung-themas-beachten.html |
|
17.10.2018, 12:35
| #5 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Trojaner "Trojan.Nymaim", Win 10 Education Ja deswegen erstellt man aber nicht für ein und dasselbe Anliegen zwei Threads! filepony ist offline, Download von revo da --> https://www.revouninstaller.com/down...e-portable.php Grundsätzlich lädst du unsere Tools nur von Filepony, bleepingcomputer oder beim Anbieter direkt!!
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
17.10.2018, 12:58
| #6 | |
| | Trojaner "Trojan.Nymaim", Win 10 Education Soweit ist nun alles gelöscht. Wäre bereit für weitere Schritte Zitat:
|
|
17.10.2018, 13:15
| #7 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Trojaner "Trojan.Nymaim", Win 10 Education Dann antwortet man in seinen eigenen Thread und postet nach drei Tagen wenn kein Helfer sich gemeldet hat eine Meldung im Erinnerungsstrang.
__________________ Logfiles bitte immer in CODE-Tags posten |
|
17.10.2018, 13:23
| #8 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Trojaner "Trojan.Nymaim", Win 10 Education Schädlinge suchen mit Kaspersky TDSS-Killer Downloade dir bitte  TDSSKiller.exe und speichere diese Datei auf dem Desktop
 Lesestoff:Posten in CODE-Tags Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR oder 7Z-Archiv zu packen erschwert mir massiv die Arbeit. Auch wenn die Logs für einen Beitrag zu groß sein sollten, bitte ich dich die Logs direkt und notfalls über mehrere Beiträge verteilt zu posten. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
__________________ Logfiles bitte immer in CODE-Tags posten |
|
17.10.2018, 13:31
| #9 |
| | Trojaner "Trojan.Nymaim", Win 10 Education Hier der Report Code:
ATTFilter 14:26:57.0824 0x1544 TDSS rootkit removing tool 3.1.0.17 Apr 20 2018 12:12:17
14:27:15.0953 0x1544 ============================================================
14:27:15.0953 0x1544 Current date / time: 2018/10/17 14:27:15.0952
14:27:15.0953 0x1544 SystemInfo:
14:27:15.0954 0x1544
14:27:15.0954 0x1544 OS Version: 10.0.16299 ServicePack: 0.0
14:27:15.0954 0x1544 Product type: Workstation
14:27:15.0954 0x1544 ComputerName: DESKTOP-K7CJ56O
14:27:15.0954 0x1544 UserName: Daniel
14:27:15.0960 0x1544 Windows directory: C:\WINDOWS
14:27:15.0960 0x1544 System windows directory: C:\WINDOWS
14:27:15.0960 0x1544 Running under WOW64
14:27:15.0960 0x1544 Processor architecture: Intel x64
14:27:15.0960 0x1544 Number of processors: 4
14:27:15.0960 0x1544 Page size: 0x1000
14:27:15.0960 0x1544 Boot type: Normal boot
14:27:15.0960 0x1544 CodeIntegrityOptions = 0x00000001
14:27:15.0960 0x1544 ============================================================
14:27:16.0025 0x1544 KLMD registered as C:\WINDOWS\system32\drivers\33415706.sys
14:27:16.0025 0x1544 KLMD ARK init status: drvProperties = 0xFFF00, osBuild = 16299.637, osProperties = 0x19
14:27:16.0141 0x1544 System UUID: {09F9F329-BBD1-A85C-4863-FCA877AD883D}
14:27:16.0680 0x1544 Drive \Device\Harddisk0\DR0 - Size: 0x3B9E656000 ( 238.47 Gb ), SectorSize: 0x200, Cylinders: 0x799A, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
14:27:16.0690 0x1544 ============================================================
14:27:16.0690 0x1544 \Device\Harddisk0\DR0:
14:27:16.0690 0x1544 MBR partitions:
14:27:16.0690 0x1544 \Device\Harddisk0\DR0\Partition1: MBR, Type 0xB, StartLBA 0x800, BlocksNum 0x200000
14:27:16.0690 0x1544 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x200800, BlocksNum 0xC350000
14:27:16.0690 0x1544 \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0xC550800, BlocksNum 0x88B8000
14:27:16.0690 0x1544 \Device\Harddisk0\DR0\Partition4: MBR, Type 0x7, StartLBA 0x14E08800, BlocksNum 0x8EEA000
14:27:16.0690 0x1544 ============================================================
14:27:16.0691 0x1544 C: <-> \Device\Harddisk0\DR0\Partition4
14:27:16.0692 0x1544 D: <-> \Device\Harddisk0\DR0\Partition2
14:27:16.0692 0x1544 E: <-> \Device\Harddisk0\DR0\Partition3
14:27:16.0692 0x1544 ============================================================
14:27:16.0692 0x1544 Initialize success
14:27:16.0692 0x1544 ============================================================
14:27:52.0139 0x1518 ============================================================
14:27:52.0139 0x1518 Scan started
14:27:52.0139 0x1518 Mode: Manual; SigCheck; TDLFS;
14:27:52.0139 0x1518 ============================================================
14:27:52.0139 0x1518 KSN ping started
14:27:52.0471 0x1518 KSN ping finished: true
14:27:53.0141 0x1518 ================ Scan system memory ========================
14:27:53.0141 0x1518 System memory - ok
14:27:53.0142 0x1518 ================ Scan services =============================
14:27:53.0195 0x1518 1394ohci - ok
14:27:53.0202 0x1518 3ware - ok
14:27:53.0210 0x1518 ACPI - ok
14:27:53.0215 0x1518 AcpiDev - ok
14:27:53.0226 0x1518 acpiex - ok
14:27:53.0234 0x1518 acpipagr - ok
14:27:53.0242 0x1518 AcpiPmi - ok
14:27:53.0250 0x1518 acpitime - ok
14:27:53.0264 0x1518 [ F28ADE410436B42A3FCB53C38CEFEFC8, 15FAF5CFC498FA08FF086C2AE50CBD0414D325F92FB1DA44F521CA0F1078B2C3 ] acsock C:\WINDOWS\system32\DRIVERS\acsock64.sys
14:27:53.0423 0x1518 acsock - ok
14:27:53.0443 0x1518 [ 696A8431DD22EDE385D7AB84E0EAF4C9, E5892B346904C7A392A0B1C8F4C9066BC535A2C70307123C8E1F2157353333F0 ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
14:27:53.0477 0x1518 AdobeARMservice - ok
14:27:53.0489 0x1518 ADP80XX - ok
14:27:53.0500 0x1518 AFD - ok
14:27:53.0507 0x1518 ahcache - ok
14:27:53.0521 0x1518 AJRouter - ok
14:27:53.0531 0x1518 ALG - ok
14:27:53.0538 0x1518 AmdK8 - ok
14:27:53.0541 0x1518 AmdPPM - ok
14:27:53.0546 0x1518 amdsata - ok
14:27:53.0556 0x1518 amdsbs - ok
14:27:53.0562 0x1518 amdxata - ok
14:27:53.0568 0x1518 AppID - ok
14:27:53.0573 0x1518 AppIDSvc - ok
14:27:53.0581 0x1518 Appinfo - ok
14:27:53.0592 0x1518 [ 7D811EA7A2AAA49B0446D42CBC1CD338, AFECE5E44E48F756C7EB81D95C9237552AF8A9C02CBE756E0F3D3C6524DE49AD ] Apple Mobile Device Service C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
14:27:53.0612 0x1518 Apple Mobile Device Service - ok
14:27:53.0621 0x1518 applockerfltr - ok
14:27:53.0626 0x1518 AppMgmt - ok
14:27:53.0632 0x1518 AppReadiness - ok
14:27:53.0638 0x1518 AppVClient - ok
14:27:53.0644 0x1518 AppvStrm - ok
14:27:53.0650 0x1518 AppvVemgr - ok
14:27:53.0655 0x1518 AppvVfs - ok
14:27:53.0662 0x1518 AppXSvc - ok
14:27:53.0667 0x1518 arcsas - ok
14:27:53.0674 0x1518 AssignedAccessManagerSvc - ok
14:27:53.0680 0x1518 AsyncMac - ok
14:27:53.0687 0x1518 atapi - ok
14:27:53.0702 0x1518 [ 1008B9030D4AF6160979FADE94521C62, 81F37EFBC91ED1928B22270B6E001CD6721293055F1881585F582766C73B724E ] AtherosSvc C:\WINDOWS\system32\DRIVERS\AdminService.exe
14:27:53.0743 0x1518 AtherosSvc - ok
14:27:53.0749 0x1518 AudioEndpointBuilder - ok
14:27:53.0754 0x1518 Audiosrv - ok
14:27:53.0756 0x1518 AxInstSV - ok
14:27:53.0764 0x1518 b06bdrv - ok
14:27:53.0767 0x1518 bam - ok
14:27:53.0776 0x1518 BasicDisplay - ok
14:27:53.0783 0x1518 BasicRender - ok
14:27:53.0790 0x1518 bcmfn2 - ok
14:27:53.0794 0x1518 BDESVC - ok
14:27:53.0802 0x1518 Beep - ok
14:27:53.0809 0x1518 BFE - ok
14:27:53.0820 0x1518 [ 04CF08191930CFDA75C957473642D19E, 5E699D76E10A6E98A8389A7995DB15F9176A544741C756820B4DEB34314F820A ] BHTPCRDR C:\WINDOWS\System32\drivers\bhtpcrdr.sys
14:27:53.0886 0x1518 BHTPCRDR - ok
14:27:53.0890 0x1518 BITS - ok
14:27:53.0898 0x1518 [ B5C2F92EE1106DFE7BB1CCE4D35B6037, E399C390687589194D8AAD385055F0CFA7D52AD9E837D8FF95008B8EB2B34E50 ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
14:27:53.0914 0x1518 Bonjour Service - ok
14:27:53.0924 0x1518 bowser - ok
14:27:53.0927 0x1518 BrokerInfrastructure - ok
14:27:53.0931 0x1518 Browser - ok
14:27:53.0936 0x1518 [ 36B117CB04920B421A7F6DF1ED7B884B, 94D96ACE4C11BDC4332B60B0B7ED346BBDE0C3D8562EC61FD04429C6CA082A1B ] BtFilter C:\WINDOWS\system32\DRIVERS\btfilter.sys
14:27:53.0979 0x1518 BtFilter - ok
14:27:53.0984 0x1518 BthA2DP - ok
14:27:53.0989 0x1518 BthAvrcpTg - ok
14:27:53.0993 0x1518 BthEnum - ok
14:27:53.0997 0x1518 BthHFEnum - ok
14:27:53.0999 0x1518 bthhfhid - ok
14:27:54.0004 0x1518 BthHFSrv - ok
14:27:54.0007 0x1518 bthl2cap - ok
14:27:54.0011 0x1518 BthLEEnum - ok
14:27:54.0015 0x1518 BTHMODEM - ok
14:27:54.0019 0x1518 BthPan - ok
14:27:54.0022 0x1518 BTHPORT - ok
14:27:54.0025 0x1518 bthserv - ok
14:27:54.0031 0x1518 BTHUSB - ok
14:27:54.0035 0x1518 bttflt - ok
14:27:54.0038 0x1518 buttonconverter - ok
14:27:54.0041 0x1518 CAD - ok
14:27:54.0048 0x1518 camsvc - ok
14:27:54.0051 0x1518 CapImg - ok
14:27:54.0055 0x1518 cdfs - ok
14:27:54.0058 0x1518 CDPSvc - ok
14:27:54.0062 0x1518 CDPUserSvc - ok
14:27:54.0068 0x1518 cdrom - ok
14:27:54.0072 0x1518 CertPropSvc - ok
14:27:54.0076 0x1518 cht4iscsi - ok
14:27:54.0080 0x1518 cht4vbd - ok
14:27:54.0083 0x1518 circlass - ok
14:27:54.0087 0x1518 CldFlt - ok
14:27:54.0090 0x1518 CLFS - ok
14:27:54.0326 0x1518 [ 50257A80367A2AA95E62B0F64580705E, 51A7BFB1B9AF02480609A7FA88AA514E50FD44A1F736433B7EB079A585548320 ] ClickToRunSvc C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe
14:27:54.0499 0x1518 ClickToRunSvc - ok
14:27:54.0514 0x1518 ClipSVC - ok
14:27:54.0523 0x1518 CmBatt - ok
14:27:54.0527 0x1518 CNG - ok
14:27:54.0530 0x1518 cnghwassist - ok
14:27:54.0573 0x1518 [ 6565077F26B10FAB4DB7E2368F0F444A, ABFF4195CB55ED5CF48D3E7BD372044A903FD502ADE855C83CD1DBB45403DD34 ] CnxtHdAudService C:\WINDOWS\system32\drivers\CHDRT64.sys
14:27:54.0731 0x1518 CnxtHdAudService - ok
14:27:54.0775 0x1518 CompositeBus - ok
14:27:54.0779 0x1518 COMSysApp - ok
14:27:54.0784 0x1518 condrv - ok
14:27:54.0787 0x1518 CoreMessagingRegistrar - ok
14:27:54.0805 0x1518 [ 623C38C3E09041037E0DD983288CA8A2, 4897EAAF4058231F7409FD4A1FB15390643A2868154FC93694C530DD304BA90F ] cphs C:\WINDOWS\System32\DriverStore\FileRepository\igdlh64.inf_amd64_ce1af3c67f44ff6b\IntelCpHeciSvc.exe
14:27:54.0825 0x1518 cphs - ok
14:27:54.0839 0x1518 [ D041BB46DFD3E665CCA11B3252038968, 169D3C4921559F88BAC42A6937CA0F702C00B925B039BEB8D72691F17890E878 ] cplspcon C:\WINDOWS\System32\DriverStore\FileRepository\igdlh64.inf_amd64_ce1af3c67f44ff6b\IntelCpHDCPSvc.exe
14:27:54.0862 0x1518 cplspcon - ok
14:27:54.0868 0x1518 CryptSvc - ok
14:27:54.0873 0x1518 CSC - ok
14:27:54.0877 0x1518 CscService - ok
14:27:54.0884 0x1518 [ FF44271C20386D6D782D058EF632BD40, D89849954A91565A7816503DB0BFFAF90E8931F8FDC1AE6A785E8645988E348A ] CxAudMsg C:\WINDOWS\system32\CxAudMsg64.exe
14:27:54.0903 0x1518 CxAudMsg - ok
14:27:54.0911 0x1518 [ 85C05B3B6A3627FBB32EA3EC17BC9517, B1413893A3AF9165DD90D95BA0F93ACE56EF56F3D7F8B9432F2C3F1EB46A5EE9 ] CxUtilSvc C:\Program Files\Conexant\SAII\CxUtilSvc.exe
14:27:55.0003 0x1518 CxUtilSvc - detected UnsignedFile.Multi.Generic ( 1 )
14:27:55.0381 0x1518 Detect skipped due to KSN trusted
14:27:55.0381 0x1518 CxUtilSvc - ok
14:27:55.0389 0x1518 dam - ok
14:27:55.0400 0x1518 [ D519FF1E2DF36CD53BE76A16506D4CD4, DFA46EC0C25F964CC308369BFA907FAE4B8985ADF6DBB4E0DD84A6DA6D52852B ] DAX2API C:\Program Files\Dolby\Dolby DAX2\DAX2_API\DolbyDAX2API.exe
14:27:55.0439 0x1518 DAX2API - ok
14:27:55.0452 0x1518 [ A1F58FFF448E4099297D6EE0641D4D0E, 47839789332AAF8861F7731BF2D3FBB5E0991EA0D0B457BB4C8C1784F76C73DC ] dbupdate C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
14:27:55.0479 0x1518 dbupdate - ok
14:27:55.0486 0x1518 [ A1F58FFF448E4099297D6EE0641D4D0E, 47839789332AAF8861F7731BF2D3FBB5E0991EA0D0B457BB4C8C1784F76C73DC ] dbupdatem C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
14:27:55.0515 0x1518 dbupdatem - ok
14:27:55.0524 0x1518 [ F3F02BEBC4E1FDD1B368D829C2ABEA8C, 0D063CD3EA01D087AC7A891F6994A91BC897275C65F6270A461E7864A28266AA ] DbxSvc C:\WINDOWS\system32\DbxSvc.exe
14:27:55.0551 0x1518 DbxSvc - ok
14:27:55.0566 0x1518 DcomLaunch - ok
14:27:55.0568 0x1518 defragsvc - ok
14:27:55.0577 0x1518 DeviceAssociationService - ok
14:27:55.0589 0x1518 DeviceInstall - ok
14:27:55.0600 0x1518 DevicesFlowUserSvc - ok
14:27:55.0615 0x1518 DevQueryBroker - ok
14:27:55.0629 0x1518 Dfsc - ok
14:27:55.0645 0x1518 [ 9593475FBC857A05D93BFF4FA7323C2B, D2A958AF5EFDC6136A6ABB7F8D5FE1F84C967E79BEA96C5BE3661A0145DEB907 ] dg_ssudbus C:\WINDOWS\system32\DRIVERS\ssudbus.sys
14:27:55.0804 0x1518 dg_ssudbus - ok
14:27:55.0818 0x1518 Dhcp - ok
14:27:55.0825 0x1518 diagnosticshub.standardcollector.service - ok
14:27:55.0837 0x1518 diagsvc - ok
14:27:55.0843 0x1518 DiagTrack - ok
14:27:55.0892 0x1518 [ 7B00468816A1D485E38D22704EED5F5C, 5E0D554875DE906015AAD94B02C15D947F33FE6C7C7503D8CEEE06BAB6820064 ] Disc Soft Lite Bus Service D:\Daemon Tools\DAEMON Tools Lite\DiscSoftBusServiceLite.exe
14:27:56.0230 0x1518 Disc Soft Lite Bus Service - ok
14:27:56.0236 0x1518 Disk - ok
14:27:56.0245 0x1518 DmEnrollmentSvc - ok
14:27:56.0252 0x1518 dmvsc - ok
14:27:56.0259 0x1518 dmwappushservice - ok
14:27:56.0265 0x1518 Dnscache - ok
14:27:56.0277 0x1518 dot3svc - ok
14:27:56.0282 0x1518 DPS - ok
14:27:56.0293 0x1518 drmkaud - ok
14:27:56.0298 0x1518 DsmSvc - ok
14:27:56.0302 0x1518 DsSvc - ok
14:27:56.0309 0x1518 [ 679FF716052109392D870F6A6C4A3535, BEF1784448CCA4AF1D67ED68BD0C7CFE01A7719E98CACF92C2DCBFAA916DC57E ] dtlitescsibus C:\WINDOWS\System32\drivers\dtlitescsibus.sys
14:27:56.0370 0x1518 dtlitescsibus - ok
14:27:56.0379 0x1518 [ E23FDD696839A4790682CA66C48D3F2F, F5F0721BDA751968224E52E75D0C309A3E084C430CD98E85A55AF622D16B9A44 ] dtliteusbbus C:\WINDOWS\System32\drivers\dtliteusbbus.sys
14:27:56.0440 0x1518 dtliteusbbus - ok
14:27:56.0442 0x1518 DusmSvc - ok
14:27:56.0448 0x1518 DXGKrnl - ok
14:27:56.0459 0x1518 Eaphost - ok
14:27:56.0463 0x1518 ebdrv - ok
14:27:56.0470 0x1518 EFS - ok
14:27:56.0480 0x1518 EhStorClass - ok
14:27:56.0484 0x1518 EhStorTcgDrv - ok
14:27:56.0487 0x1518 embeddedmode - ok
14:27:56.0491 0x1518 EntAppSvc - ok
14:27:56.0501 0x1518 ErrDev - ok
14:27:56.0508 0x1518 [ 082F9D1ADB6DF9E5DB30EB52A34FCF0A, DC62F2E7D81B4D3C266855A64A575563A31D894B19F23E841B6C8A552FAF81CC ] ESProtectionDriver C:\WINDOWS\system32\drivers\mbae64.sys
14:27:56.0524 0x1518 ESProtectionDriver - ok
14:27:56.0529 0x1518 EventSystem - ok
14:27:56.0532 0x1518 exfat - ok
14:27:56.0540 0x1518 fastfat - ok
14:27:56.0545 0x1518 Fax - ok
14:27:56.0548 0x1518 fdc - ok
14:27:56.0552 0x1518 fdPHost - ok
14:27:56.0560 0x1518 FDResPub - ok
14:27:56.0565 0x1518 fhsvc - ok
14:27:56.0568 0x1518 FileCrypt - ok
14:27:56.0572 0x1518 FileInfo - ok
14:27:56.0577 0x1518 Filetrace - ok
14:27:56.0581 0x1518 flpydisk - ok
14:27:56.0584 0x1518 FltMgr - ok
14:27:56.0588 0x1518 FontCache - ok
14:27:56.0593 0x1518 FontCache3.0.0.0 - ok
14:27:56.0599 0x1518 FrameServer - ok
14:27:56.0602 0x1518 FsDepends - ok
14:27:56.0605 0x1518 Fs_Rec - ok
14:27:56.0609 0x1518 fvevol - ok
14:27:56.0612 0x1518 gencounter - ok
14:27:56.0616 0x1518 genericusbfn - ok
14:27:56.0622 0x1518 GPIOClx0101 - ok
14:27:56.0626 0x1518 gpsvc - ok
14:27:56.0629 0x1518 GpuEnergyDrv - ok
14:27:56.0633 0x1518 GraphicsPerfSvc - ok
14:27:56.0639 0x1518 [ A8FD9222E4D72596BB37DA8BE95C0BA4, 52FC3AA9F704300041E486E57FE863218E4CDF4C8EEE05CA6B99A296EFEE5737 ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
14:27:56.0651 0x1518 gupdate - ok
14:27:56.0656 0x1518 [ A8FD9222E4D72596BB37DA8BE95C0BA4, 52FC3AA9F704300041E486E57FE863218E4CDF4C8EEE05CA6B99A296EFEE5737 ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
14:27:56.0668 0x1518 gupdatem - ok
14:27:56.0672 0x1518 HDAudBus - ok
14:27:56.0675 0x1518 HidBatt - ok
14:27:56.0680 0x1518 HidBth - ok
14:27:56.0683 0x1518 hidi2c - ok
14:27:56.0686 0x1518 hidinterrupt - ok
14:27:56.0690 0x1518 HidIr - ok
14:27:56.0693 0x1518 hidserv - ok
14:27:56.0697 0x1518 HidUsb - ok
14:27:56.0704 0x1518 [ E1C43C08A9650F2DB2E1048AC68BE7AE, B8DF9B2464B5A374C5CE7F05AEF506AB1568A707EB4A5850F41FA9D338B4C2A1 ] hmevpnsvc C:\Program Files (x86)\hide.me VPN\hidemesvc.exe
14:27:56.0717 0x1518 hmevpnsvc - ok
14:27:56.0720 0x1518 HomeGroupListener - ok
14:27:56.0724 0x1518 HomeGroupProvider - ok
14:27:56.0728 0x1518 HpSAMD - ok
14:27:56.0730 0x1518 HTTP - ok
14:27:56.0735 0x1518 HvHost - ok
14:27:56.0738 0x1518 hvservice - ok
14:27:56.0742 0x1518 HwNClx0101 - ok
14:27:56.0746 0x1518 hwpolicy - ok
14:27:56.0749 0x1518 hyperkbd - ok
14:27:56.0752 0x1518 HyperVideo - ok
14:27:56.0756 0x1518 i8042prt - ok
14:27:56.0759 0x1518 iagpio - ok
14:27:56.0764 0x1518 iai2c - ok
14:27:56.0768 0x1518 iaLPSS2i_GPIO2 - ok
14:27:56.0771 0x1518 iaLPSS2i_GPIO2_BXT_P - ok
14:27:56.0774 0x1518 iaLPSS2i_I2C - ok
14:27:56.0778 0x1518 iaLPSS2i_I2C_BXT_P - ok
14:27:56.0781 0x1518 iaLPSSi_GPIO - ok
14:27:56.0786 0x1518 iaLPSSi_I2C - ok
14:27:56.0805 0x1518 [ 1646823DC94A810AE0F0B570C19E571F, 6E55FDB9681BDF1D3A21E2F1FA09C2CB7087BFF25043F487E396ABD272E8E10D ] iaStorA C:\WINDOWS\system32\drivers\iaStorA.sys
14:27:56.0919 0x1518 iaStorA - ok
14:27:56.0951 0x1518 [ BD26815BA1C7B5C93029D0474EBF79D4, 5BFF3B66F125BC95CFDEDB72621B466B27441DA369D9905CFFF04EF79AE236FF ] iaStorAC C:\WINDOWS\system32\drivers\iaStorAC.sys
14:27:56.0991 0x1518 iaStorAC - ok
14:27:56.0995 0x1518 iaStorAV - ok
14:27:56.0997 0x1518 iaStorV - ok
14:27:57.0001 0x1518 ibbus - ok
14:27:57.0007 0x1518 [ CDC107C70CE4FB1D87E01F3D1485DC57, 3C6DF632E85D4E1F6594796A2ACE99C8690B4265F230B5873D7216842A951AD4 ] IBMPMDRV C:\WINDOWS\system32\DRIVERS\ibmpmdrv.sys
14:27:57.0051 0x1518 IBMPMDRV - ok
14:27:57.0059 0x1518 [ 9B1B9E4213DABEA3F865278867999E46, 8F319F7072306A4D9335D010AD8EFA59B8AC504C7B98CBFA952F3A34E9D9D4C6 ] IBMPMSVC C:\WINDOWS\system32\ibmpmsvc.exe
14:27:57.0074 0x1518 IBMPMSVC - ok
14:27:57.0077 0x1518 icssvc - ok
14:27:57.0323 0x1518 [ 793D254C6ED40F74114D33D8B89ACFF8, 3310EDBB90F1E54C4579B2A76B70F283BE1D4299B6AA3F138089143505D9134C ] igfx C:\WINDOWS\System32\DriverStore\FileRepository\igdlh64.inf_amd64_ce1af3c67f44ff6b\igdkmd64.sys
14:27:57.0588 0x1518 igfx - ok
14:27:57.0617 0x1518 [ 08F523F153D49A97C84B91D6D18B17B7, 881B09B01A71109C5C9219A6721844BDA0DE1B88FFA542A0799CB9A979378BEA ] igfxCUIService2.0.0.0 C:\WINDOWS\System32\DriverStore\FileRepository\igdlh64.inf_amd64_ce1af3c67f44ff6b\igfxCUIService.exe
14:27:57.0626 0x1518 igfxCUIService2.0.0.0 - ok
14:27:57.0635 0x1518 IKEEXT - ok
14:27:57.0642 0x1518 IndirectKmd - ok
14:27:57.0651 0x1518 InstallService - ok
14:27:57.0670 0x1518 [ C80399265EAB2289BE2747C905B4ACE7, 9AA5CC5CA75782A5709587791C522C9573E500F3915611F0D498FDAA0826A3A4 ] IntcDAud C:\WINDOWS\system32\DRIVERS\IntcDAud.sys
14:27:57.0724 0x1518 IntcDAud - ok
14:27:57.0733 0x1518 intelide - ok
14:27:57.0737 0x1518 intelpep - ok
14:27:57.0739 0x1518 intelppm - ok
14:27:57.0746 0x1518 invdimm - ok
14:27:57.0749 0x1518 iorate - ok
14:27:57.0753 0x1518 IpFilterDriver - ok
14:27:57.0760 0x1518 iphlpsvc - ok
14:27:57.0765 0x1518 IPMIDRV - ok
14:27:57.0769 0x1518 IPNAT - ok
14:27:57.0785 0x1518 [ 97C9EBB84A761D48DC17E0E6B913C164, D195A8410E1FEED1A0EE9C5F5AF6F5FC861284765A38D460D496CE1048501905 ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
14:27:57.0955 0x1518 iPod Service - ok
14:27:57.0960 0x1518 IPT - ok
14:27:57.0964 0x1518 IpxlatCfgSvc - ok
14:27:57.0968 0x1518 irda - ok
14:27:57.0971 0x1518 IRENUM - ok
14:27:57.0981 0x1518 irmon - ok
14:27:57.0984 0x1518 isapnp - ok
14:27:57.0987 0x1518 iScsiPrt - ok
14:27:57.0990 0x1518 kbdclass - ok
14:27:58.0007 0x1518 kbdhid - ok
14:27:58.0010 0x1518 kdnic - ok
14:27:58.0016 0x1518 KeyIso - ok
14:27:58.0022 0x1518 KSecDD - ok
14:27:58.0027 0x1518 KSecPkg - ok
14:27:58.0030 0x1518 ksthunk - ok
14:27:58.0034 0x1518 KtmRm - ok
14:27:58.0043 0x1518 LanmanServer - ok
14:27:58.0047 0x1518 LanmanWorkstation - ok
14:27:58.0053 0x1518 lfsvc - ok
14:27:58.0058 0x1518 LicenseManager - ok
14:27:58.0061 0x1518 lltdio - ok
14:27:58.0064 0x1518 lltdsvc - ok
14:27:58.0068 0x1518 lmhosts - ok
14:27:58.0079 0x1518 [ FE864FB61389DA71F52286E25343FBE6, 15B0C9CC91C42A36B74B86B82DD7421DFC52684D595AF24AF4C0DA9AA4BFC9B8 ] LPlatSvc C:\WINDOWS\system32\LPlatSvc.exe
14:27:58.0112 0x1518 LPlatSvc - ok
14:27:58.0118 0x1518 LSI_SAS - ok
14:27:58.0122 0x1518 LSI_SAS2i - ok
14:27:58.0126 0x1518 LSI_SAS3i - ok
14:27:58.0130 0x1518 LSI_SSS - ok
14:27:58.0134 0x1518 LSM - ok
14:27:58.0138 0x1518 luafv - ok
14:27:58.0149 0x1518 [ F54F07267103846D491413287910BCD4, 1B72D2546F88660D279B56E9FDA8DD2BFD6A44C2CC669C8EC1A81DB91D3B7189 ] MagentaCLOUDMaintenanceService C:\Program Files (x86)\Telekom\MagentaCloud\Updater\MaintenanceService.exe
14:27:58.0299 0x1518 MagentaCLOUDMaintenanceService - ok
14:27:58.0307 0x1518 MapsBroker - ok
14:27:58.0311 0x1518 mausbhost - ok
14:27:58.0315 0x1518 mausbip - ok
14:27:58.0324 0x1518 [ AD4D827A76EFC23FD0967D45597EA1C6, 5322BAEE2261AE6B9CF80DB4E735944E30ECA790E7B5788D65E984C6F8B03794 ] MBAMChameleon C:\WINDOWS\System32\Drivers\MbamChameleon.sys
14:27:58.0454 0x1518 MBAMChameleon - ok
14:27:58.0462 0x1518 [ 369D0CAFA432F291DB747B047CD423B4, 7665EB71659D153610ADF1C30F6958EDEBC8034DF0560A35F79A9123F800A603 ] MBAMFarflt C:\WINDOWS\system32\DRIVERS\farflt.sys
14:27:58.0483 0x1518 MBAMFarflt - ok
14:27:58.0490 0x1518 [ 3EB8C2CDA87FF8F8AB94B0E7845115F2, 44A0BDF13CBE1F9EB3855BBD9B6C10C7D6997468F3ECFE0AFA6A0DDD67528AF9 ] MBAMProtection C:\WINDOWS\system32\DRIVERS\mbam.sys
14:27:58.0509 0x1518 MBAMProtection - ok
14:27:58.0649 0x1518 [ ECB760B2391608BA4E0A7987ADA70CCF, 03B39EA56CD46666CFA8467AA246A63924C0F4AACD27E51FD5E1192000B4A577 ] MBAMService D:\Anti-Malware\mbamservice.exe
14:27:58.0820 0x1518 MBAMService - ok
14:27:58.0833 0x1518 [ 7CE9DEB496E666174498F7DF681E977E, 665D146303C39985E136C38F5F04C5FAE3BCCCB914F9AE75E541E09B28EC639E ] MBAMSwissArmy C:\WINDOWS\System32\Drivers\mbamswissarmy.sys
14:27:58.0850 0x1518 MBAMSwissArmy - ok
14:27:58.0855 0x1518 [ EE952B5245F97B7DA18FF2CB7E4B337C, 9767EDC7205C821841885787F7293BECD886ADB5A6F3E1CCB9BE5FD76BFA2B13 ] MBAMWebProtection C:\WINDOWS\system32\DRIVERS\mwac.sys
14:27:58.0868 0x1518 MBAMWebProtection - ok
14:27:58.0872 0x1518 megasas - ok
14:27:58.0876 0x1518 megasas2i - ok
14:27:58.0877 0x1518 megasr - ok
14:27:58.0886 0x1518 [ 552BCE17DF7FC306196F2325489CFFBE, C50720BFFAF5B78C9D0219023B7D18A2D94E70EA38526DE364FF5FBC5C98E208 ] MEIx64 C:\WINDOWS\System32\drivers\TeeDriverW8x64.sys
14:27:58.0904 0x1518 MEIx64 - ok
14:27:58.0907 0x1518 MessagingService - ok
14:27:58.0912 0x1518 mlx4_bus - ok
14:27:58.0916 0x1518 MMCSS - ok
14:27:58.0919 0x1518 Modem - ok
14:27:58.0923 0x1518 monitor - ok
14:27:58.0926 0x1518 mouclass - ok
14:27:58.0930 0x1518 mouhid - ok
14:27:58.0933 0x1518 mountmgr - ok
14:27:58.0938 0x1518 mpsdrv - ok
14:27:58.0941 0x1518 MpsSvc - ok
14:27:58.0945 0x1518 MRxDAV - ok
14:27:58.0948 0x1518 mrxsmb - ok
14:27:58.0952 0x1518 mrxsmb10 - ok
14:27:58.0956 0x1518 mrxsmb20 - ok
14:27:58.0960 0x1518 MsBridge - ok
14:27:58.0963 0x1518 MSDTC - ok
14:27:58.0969 0x1518 Msfs - ok
14:27:58.0973 0x1518 msgpiowin32 - ok
14:27:58.0977 0x1518 mshidkmdf - ok
14:27:58.0981 0x1518 mshidumdf - ok
14:27:58.0983 0x1518 msisadrv - ok
14:27:58.0989 0x1518 MSiSCSI - ok
14:27:58.0993 0x1518 msiserver - ok
14:27:58.0996 0x1518 MSKSSRV - ok
14:27:59.0000 0x1518 MsLldp - ok
14:27:59.0004 0x1518 MSPCLOCK - ok
14:27:59.0007 0x1518 MSPQM - ok
14:27:59.0011 0x1518 MsRPC - ok
14:27:59.0016 0x1518 MsSecFlt - ok
14:27:59.0019 0x1518 mssmbios - ok
14:27:59.0022 0x1518 MSTEE - ok
14:27:59.0026 0x1518 MTConfig - ok
14:27:59.0029 0x1518 Mup - ok
14:27:59.0034 0x1518 mvumis - ok
14:27:59.0039 0x1518 NativeWifiP - ok
14:27:59.0042 0x1518 NaturalAuthentication - ok
14:27:59.0047 0x1518 NcaSvc - ok
14:27:59.0050 0x1518 NcbService - ok
14:27:59.0054 0x1518 NcdAutoSetup - ok
14:27:59.0057 0x1518 ndfltr - ok
14:27:59.0061 0x1518 NDIS - ok
14:27:59.0064 0x1518 NdisCap - ok
14:27:59.0069 0x1518 NdisImPlatform - ok
14:27:59.0073 0x1518 NdisTapi - ok
14:27:59.0076 0x1518 Ndisuio - ok
14:27:59.0080 0x1518 NdisVirtualBus - ok
14:27:59.0083 0x1518 NdisWan - ok
14:27:59.0087 0x1518 ndiswanlegacy - ok
14:27:59.0091 0x1518 ndproxy - ok
14:27:59.0096 0x1518 Ndu - ok
14:27:59.0101 0x1518 NetAdapterCx - ok
14:27:59.0104 0x1518 NetBIOS - ok
14:27:59.0112 0x1518 NetBT - ok
14:27:59.0115 0x1518 Netlogon - ok
14:27:59.0120 0x1518 Netman - ok
14:27:59.0123 0x1518 netprofm - ok
14:27:59.0127 0x1518 NetSetupSvc - ok
14:27:59.0137 0x1518 NetTcpPortSharing - ok
14:27:59.0141 0x1518 netvsc - ok
14:27:59.0146 0x1518 NgcCtnrSvc - ok
14:27:59.0150 0x1518 NgcSvc - ok
14:27:59.0154 0x1518 NlaSvc - ok
14:27:59.0157 0x1518 Npfs - ok
14:27:59.0162 0x1518 npsvctrig - ok
14:27:59.0165 0x1518 nsi - ok
14:27:59.0169 0x1518 nsiproxy - ok
14:27:59.0174 0x1518 NTFS - ok
14:27:59.0178 0x1518 Null - ok
14:27:59.0182 0x1518 nvdimmn - ok
14:27:59.0493 0x1518 [ 15AB4B7EEA154532EFB673069B8B3819, 858B76A29DE54CB2D08FC18B3BCD2C4B61993066F1AED49367DB9C3F666B256C ] nvlddmkm C:\WINDOWS\System32\DriverStore\FileRepository\nvlt.inf_amd64_6608c7a6e4ffbd7d\nvlddmkm.sys
14:28:00.0213 0x1518 nvlddmkm - ok
14:28:00.0238 0x1518 nvraid - ok
14:28:00.0242 0x1518 nvstor - ok
14:28:00.0251 0x1518 OneSyncSvc - ok
14:28:00.0263 0x1518 [ 1B67ED4BCD7647E3EAC526DA43A7B69B, 0FCEC4222294BCE569ABA1D2AC3BE19D1656357ADB33B41F204C699D829ED4E0 ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
14:28:00.0353 0x1518 ose - ok
14:28:00.0355 0x1518 p2pimsvc - ok
14:28:00.0361 0x1518 p2psvc - ok
14:28:00.0368 0x1518 Parport - ok
14:28:00.0372 0x1518 partmgr - ok
14:28:00.0377 0x1518 PcaSvc - ok
14:28:00.0380 0x1518 pci - ok
14:28:00.0384 0x1518 pciide - ok
14:28:00.0388 0x1518 pcmcia - ok
14:28:00.0393 0x1518 pcw - ok
14:28:00.0397 0x1518 pdc - ok
14:28:00.0431 0x1518 [ 87B3DE5B911F767C388D5A56A73D9E93, 7C845A6E9D706BC7CDFD32F9BDEA52BF2FD3D90D45BCF2D48CE704D58F00D23D ] PDF Architect 4 C:\Program Files\PDF Architect 4\ws.exe
14:28:00.0537 0x1518 PDF Architect 4 - ok
14:28:00.0556 0x1518 [ 9049B0504C1CB438C0154F72FD7ABC28, 882141B00074CB2EDD3CB7DA745DF4347DA62A90A7E104719DBC13A8BA56B253 ] PDF Architect 4 CrashHandler C:\Program Files\PDF Architect 4\crash-handler-ws.exe
14:28:00.0613 0x1518 PDF Architect 4 CrashHandler - ok
14:28:00.0622 0x1518 [ 5F83EDC4A22BC7CC9507E43335C3524E, E349816313DA261C1787159085D920CE975B122DB9FEEBAA132D6593B6DD03EC ] PDF Architect 4 Creator C:\Program Files\PDF Architect 4\creator-ws.exe
14:28:00.0681 0x1518 PDF Architect 4 Creator - ok
14:28:00.0702 0x1518 [ 06B2368D9B342AE8E02C929B72E07804, 4EBCFCE5FFE934369ADD035A804BC24160BF94A796A42592B328A35A26DAB79E ] PDF Architect 4 Manager C:\ProgramData\pdfforge\PDF Architect 4 Manager\PDF Architect 4\Architect Manager.exe
14:28:00.0901 0x1518 PDF Architect 4 Manager - ok
14:28:00.0909 0x1518 PEAUTH - ok
14:28:00.0914 0x1518 PeerDistSvc - ok
14:28:00.0920 0x1518 percsas2i - ok
14:28:00.0923 0x1518 percsas3i - ok
14:28:00.0986 0x1518 PerfHost - ok
14:28:01.0004 0x1518 PhoneSvc - ok
14:28:01.0010 0x1518 PimIndexMaintenanceSvc - ok
14:28:01.0021 0x1518 pla - ok
14:28:01.0026 0x1518 PlugPlay - ok
14:28:01.0038 0x1518 pmem - ok
14:28:01.0038 0x1518 PNPMEM - ok
14:28:01.0051 0x1518 PNRPAutoReg - ok
14:28:01.0057 0x1518 PNRPsvc - ok
14:28:01.0064 0x1518 PolicyAgent - ok
14:28:01.0066 0x1518 Power - ok
14:28:01.0077 0x1518 PptpMiniport - ok
14:28:01.0176 0x1518 [ FAA5FBD37C00DE72573F9BF6B6E64BAD, AEF599C9D47ED197FAC54326E99114AD7EAA107A0248C77997D353A7B5C06FBB ] PrintNotify C:\WINDOWS\system32\spool\drivers\x64\3\PrintConfig.dll
14:28:01.0294 0x1518 PrintNotify - ok
14:28:01.0298 0x1518 PrintWorkflowUserSvc - ok
14:28:01.0307 0x1518 Processor - ok
14:28:01.0310 0x1518 ProfSvc - ok
14:28:01.0314 0x1518 Psched - ok
14:28:01.0318 0x1518 PushToInstall - ok
14:28:01.0347 0x1518 [ 7D4418C0C8506A420EDB33DC9DD3259A, 75C898F124DDD92149009A76D8F7EC3626DF321AA8335C7D46CD00B9795C280B ] Qcamain10x64 C:\WINDOWS\System32\drivers\Qcamain10x64.sys
14:28:01.0430 0x1518 Qcamain10x64 - ok
14:28:01.0440 0x1518 [ 86B203D70D3B87B5E5C2AB47D502259B, 6AE2BF2A5C23D8C61A83AAEB8DFF59645B1C4CD136118642A9FADD7FEC68A230 ] QcomWlanSrv C:\WINDOWS\System32\drivers\QcomWlanSrvx64.exe
14:28:01.0479 0x1518 QcomWlanSrv - ok
14:28:01.0483 0x1518 QWAVE - ok
14:28:01.0486 0x1518 QWAVEdrv - ok
14:28:01.0490 0x1518 Ramdisk - ok
14:28:01.0494 0x1518 RasAcd - ok
14:28:01.0498 0x1518 RasAgileVpn - ok
14:28:01.0502 0x1518 RasAuto - ok
14:28:01.0506 0x1518 Rasl2tp - ok
14:28:01.0510 0x1518 RasMan - ok
14:28:01.0514 0x1518 RasPppoe - ok
14:28:01.0518 0x1518 RasSstp - ok
14:28:01.0520 0x1518 rdbss - ok
14:28:01.0527 0x1518 rdpbus - ok
14:28:01.0531 0x1518 RDPDR - ok
14:28:01.0539 0x1518 RdpVideoMiniport - ok
14:28:01.0543 0x1518 rdyboost - ok
14:28:01.0547 0x1518 ReFS - ok
14:28:01.0550 0x1518 ReFSv1 - ok
14:28:01.0556 0x1518 RemoteAccess - ok
14:28:01.0560 0x1518 RemoteRegistry - ok
14:28:01.0563 0x1518 RetailDemo - ok
14:28:01.0567 0x1518 RFCOMM - ok
14:28:01.0571 0x1518 rhproxy - ok
14:28:01.0575 0x1518 RmSvc - ok
14:28:01.0579 0x1518 RpcEptMapper - ok
14:28:01.0583 0x1518 RpcLocator - ok
14:28:01.0587 0x1518 RpcSs - ok
14:28:01.0591 0x1518 rspndr - ok
14:28:01.0598 0x1518 rt640x64 - ok
14:28:01.0654 0x1518 [ 42BE49D04EEEA4B0576070109B8EBD01, B09002F627F68116FFDB866F00D073A6017264ED1BC60F0134E48A084836B7FF ] rtsuvc C:\WINDOWS\system32\DRIVERS\rtsuvc.sys
14:28:01.0853 0x1518 rtsuvc - ok
14:28:01.0861 0x1518 s3cap - ok
14:28:01.0864 0x1518 SamSs - ok
14:28:01.0873 0x1518 [ 87044F5F607FF52DA93F4A1AF9A18937, 34939518E75E11B18150CAE24C488C10D6D1D5056986B2692050A543EEC16C9D ] SAService C:\WINDOWS\system32\SAsrv.exe
14:28:01.0963 0x1518 SAService - detected UnsignedFile.Multi.Generic ( 1 )
14:28:02.0404 0x1518 Detect skipped due to KSN trusted
14:28:02.0404 0x1518 SAService - ok
14:28:02.0409 0x1518 sbp2port - ok
14:28:02.0430 0x1518 SCardSvr - ok
14:28:02.0439 0x1518 ScDeviceEnum - ok
14:28:02.0451 0x1518 scfilter - ok
14:28:02.0460 0x1518 Schedule - ok
14:28:02.0463 0x1518 scmbus - ok
14:28:02.0480 0x1518 SCPolicySvc - ok
14:28:02.0483 0x1518 sdbus - ok
14:28:02.0493 0x1518 SDFRd - ok
14:28:02.0508 0x1518 SDRSVC - ok
14:28:02.0514 0x1518 sdstor - ok
14:28:02.0526 0x1518 seclogon - ok
14:28:02.0538 0x1518 SecurityHealthService - ok
14:28:02.0549 0x1518 SEMgrSvc - ok
14:28:02.0556 0x1518 SENS - ok
14:28:02.0568 0x1518 Sense - ok
14:28:02.0577 0x1518 SensorDataService - ok
14:28:02.0588 0x1518 SensorService - ok
14:28:02.0595 0x1518 SensrSvc - ok
14:28:02.0597 0x1518 SerCx - ok
14:28:02.0603 0x1518 SerCx2 - ok
14:28:02.0608 0x1518 Serenum - ok
14:28:02.0618 0x1518 Serial - ok
14:28:02.0624 0x1518 sermouse - ok
14:28:02.0635 0x1518 SessionEnv - ok
14:28:02.0639 0x1518 sfloppy - ok
14:28:02.0644 0x1518 SharedAccess - ok
14:28:02.0649 0x1518 SharedRealitySvc - ok
14:28:02.0653 0x1518 ShellHWDetection - ok
14:28:02.0659 0x1518 shpamsvc - ok
14:28:02.0663 0x1518 SiSRaid2 - ok
14:28:02.0667 0x1518 SiSRaid4 - ok
14:28:02.0674 0x1518 [ 51C799BBF3FAEF365E36C7F50F85819A, 54E70CEF762F563649AD7BE74A8B5E2A8C356EF347350DE397C40535FCE64FEA ] SmbDrvI C:\WINDOWS\system32\DRIVERS\Smb_driver_Intel.sys
14:28:02.0722 0x1518 SmbDrvI - ok
14:28:02.0727 0x1518 smphost - ok
14:28:02.0732 0x1518 SmsRouter - ok
14:28:02.0740 0x1518 SNMPTRAP - ok
14:28:02.0744 0x1518 spaceport - ok
14:28:02.0748 0x1518 SpatialGraphFilter - ok
14:28:02.0751 0x1518 SpbCx - ok
14:28:02.0756 0x1518 spectrum - ok
14:28:02.0760 0x1518 Spooler - ok
14:28:02.0765 0x1518 sppsvc - ok
14:28:02.0769 0x1518 srv - ok
14:28:02.0773 0x1518 srv2 - ok
14:28:02.0777 0x1518 srvnet - ok
14:28:02.0781 0x1518 SSDPSRV - ok
14:28:02.0785 0x1518 SstpSvc - ok
14:28:02.0792 0x1518 [ 592FF34A2FD6C6351B8A3AA76B2C0A9E, 152B7472DE531AC45492F562DD470B2CE33F1EEF13BC78F26046AE5ABF54E32F ] ssudmdm C:\WINDOWS\system32\DRIVERS\ssudmdm.sys
14:28:02.0841 0x1518 ssudmdm - ok
14:28:02.0848 0x1518 StateRepository - ok
14:28:02.0871 0x1518 [ 596DC69BB40A96FCA4B19D9D1E221E34, 3469D3B2E9A88E39C14AE2E3DD5EC3D91FBB88CA568D794555B397B50E64AB15 ] Steam Client Service C:\Program Files (x86)\Common Files\Steam\SteamService.exe
14:28:03.0138 0x1518 Steam Client Service - ok
14:28:03.0144 0x1518 stexstor - ok
14:28:03.0148 0x1518 stisvc - ok
14:28:03.0152 0x1518 storahci - ok
14:28:03.0157 0x1518 storflt - ok
14:28:03.0161 0x1518 stornvme - ok
14:28:03.0165 0x1518 storqosflt - ok
14:28:03.0168 0x1518 StorSvc - ok
14:28:03.0173 0x1518 storufs - ok
14:28:03.0177 0x1518 storvsc - ok
14:28:03.0182 0x1518 svsvc - ok
14:28:03.0186 0x1518 swenum - ok
14:28:03.0189 0x1518 swprv - ok
14:28:03.0194 0x1518 Synth3dVsc - ok
14:28:03.0203 0x1518 [ 329E1EF3897150458F33D4DCCA4884E4, EF5FFFBA3AEE9B04B779C31063D79B93B0E99C93398E55F94CBA5D18F80E9CA8 ] SynTP C:\WINDOWS\system32\DRIVERS\SynTP.sys
14:28:03.0309 0x1518 SynTP - ok
14:28:03.0327 0x1518 [ 6987930E76BC1601BD8B6D28C230038C, 4D2C322956AB5895FD1B6DF1DE5EB6186B76B1553D2B56F586067D20926D1CF8 ] SynTPEnhService C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
14:28:03.0485 0x1518 SynTPEnhService - ok
14:28:03.0490 0x1518 SysMain - ok
14:28:03.0494 0x1518 SystemEventsBroker - ok
14:28:03.0498 0x1518 TabletInputService - ok
14:28:03.0502 0x1518 TapiSrv - ok
14:28:03.0506 0x1518 Tcpip - ok
14:28:03.0510 0x1518 Tcpip6 - ok
14:28:03.0517 0x1518 tcpipreg - ok
14:28:03.0523 0x1518 tdx - ok
14:28:03.0758 0x1518 [ F5A7D2558C98E31AF03885822CD60789, 577CDDC3211008DE5D5E740BB326E85807CDFA33769CEF1278DA8F689A94852F ] TeamViewer D:\Teamviewer\TeamViewer_Service.exe
14:28:06.0314 0x1518 TeamViewer - ok
14:28:06.0331 0x1518 terminpt - ok
14:28:06.0335 0x1518 TermService - ok
14:28:06.0339 0x1518 Themes - ok
14:28:06.0343 0x1518 TieringEngineService - ok
14:28:06.0347 0x1518 tiledatamodelsvc - ok
14:28:06.0352 0x1518 TimeBrokerSvc - ok
14:28:06.0356 0x1518 TokenBroker - ok
14:28:06.0360 0x1518 TPM - ok
14:28:06.0364 0x1518 TrkWks - ok
14:28:06.0368 0x1518 TrustedInstaller - ok
14:28:06.0374 0x1518 tsusbflt - ok
14:28:06.0378 0x1518 TsUsbGD - ok
14:28:06.0382 0x1518 tsusbhub - ok
14:28:06.0386 0x1518 tunnel - ok
14:28:06.0389 0x1518 tzautoupdate - ok
14:28:06.0394 0x1518 UASPStor - ok
14:28:06.0394 0x1518 UcmCx0101 - ok
14:28:06.0406 0x1518 UcmTcpciCx0101 - ok
14:28:06.0411 0x1518 UcmUcsi - ok
14:28:06.0417 0x1518 Ucx01000 - ok
14:28:06.0421 0x1518 UdeCx - ok
14:28:06.0425 0x1518 udfs - ok
14:28:06.0429 0x1518 UEFI - ok
14:28:06.0433 0x1518 UevAgentDriver - ok
14:28:06.0437 0x1518 UevAgentService - ok
14:28:06.0443 0x1518 Ufx01000 - ok
14:28:06.0448 0x1518 UfxChipidea - ok
14:28:06.0453 0x1518 ufxsynopsys - ok
14:28:06.0462 0x1518 UI0Detect - ok
14:28:06.0465 0x1518 umbus - ok
14:28:06.0469 0x1518 UmPass - ok
14:28:06.0474 0x1518 UmRdpService - ok
14:28:06.0478 0x1518 UnistoreSvc - ok
14:28:06.0484 0x1518 upnphost - ok
14:28:06.0489 0x1518 UrsChipidea - ok
14:28:06.0493 0x1518 UrsCx01000 - ok
14:28:06.0497 0x1518 UrsSynopsys - ok
14:28:06.0503 0x1518 [ F957092C63CD71D85903CA0D8370F473, 4DEC2FC20329F248135DA24CB6694FD972DCCE8B1BBEA8D872FDE41939E96AAF ] USBAAPL64 C:\WINDOWS\System32\Drivers\usbaapl64.sys
14:28:06.0550 0x1518 USBAAPL64 - ok
14:28:06.0555 0x1518 usbccgp - ok
14:28:06.0560 0x1518 usbcir - ok
14:28:06.0565 0x1518 usbehci - ok
14:28:06.0571 0x1518 usbhub - ok
14:28:06.0576 0x1518 USBHUB3 - ok
14:28:06.0580 0x1518 usbohci - ok
14:28:06.0584 0x1518 usbprint - ok
14:28:06.0589 0x1518 [ E55C9AF5EE8905879048118824B06816, F431ABF555E09BE64AF7EA0B2573C7F5E5634408E03DC3FAC4A5CC7D48CAF0EC ] usbscan C:\WINDOWS\system32\DRIVERS\usbscan.sys
14:28:06.0634 0x1518 usbscan - ok
14:28:06.0640 0x1518 usbser - ok
14:28:06.0640 0x1518 USBSTOR - ok
14:28:06.0655 0x1518 usbuhci - ok
14:28:06.0660 0x1518 USBXHCI - ok
14:28:06.0670 0x1518 UserDataSvc - ok
14:28:06.0680 0x1518 UserManager - ok
14:28:06.0683 0x1518 UsoSvc - ok
14:28:06.0693 0x1518 VaultSvc - ok
14:28:06.0703 0x1518 vdrvroot - ok
14:28:06.0708 0x1518 vds - ok
14:28:06.0712 0x1518 VerifierExt - ok
14:28:06.0723 0x1518 vhdmp - ok
14:28:06.0727 0x1518 vhf - ok
14:28:06.0737 0x1518 vmbus - ok
14:28:06.0742 0x1518 VMBusHID - ok
14:28:06.0747 0x1518 vmgid - ok
14:28:06.0751 0x1518 vmicguestinterface - ok
14:28:06.0757 0x1518 vmicheartbeat - ok
14:28:06.0761 0x1518 vmickvpexchange - ok
14:28:06.0767 0x1518 vmicrdv - ok
14:28:06.0770 0x1518 vmicshutdown - ok
14:28:06.0774 0x1518 vmictimesync - ok
14:28:06.0775 0x1518 vmicvmsession - ok
14:28:06.0782 0x1518 vmicvss - ok
14:28:06.0787 0x1518 vnvdimm - ok
14:28:06.0791 0x1518 volmgr - ok
14:28:06.0791 0x1518 volmgrx - ok
14:28:06.0799 0x1518 volsnap - ok
14:28:06.0806 0x1518 volume - ok
14:28:06.0810 0x1518 vpci - ok
14:28:06.0823 0x1518 [ CED5750ECF0D60F76727BE53CE05ED68, 192E7767BED6C1EA925F5A790EC75A1C2BC4FF20F6C832A1C910D515AA565B69 ] vpnagent C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe
14:28:06.0843 0x1518 vpnagent - ok
14:28:06.0849 0x1518 [ 0F42C39016F82F345C0F2DB2D5B90EB4, 2E957E72BB8D0293F61FA7385BA9400DF7759E1E3D35FE24F3877A6460988F4D ] vpnva C:\WINDOWS\System32\drivers\vpnva64-6.sys
14:28:06.0902 0x1518 vpnva - ok
14:28:06.0911 0x1518 vsmraid - ok
14:28:06.0919 0x1518 VSS - ok
14:28:06.0924 0x1518 VSTXRAID - ok
14:28:06.0934 0x1518 vwifibus - ok
14:28:06.0941 0x1518 vwififlt - ok
14:28:06.0947 0x1518 vwifimp - ok
14:28:06.0952 0x1518 W32Time - ok
14:28:06.0961 0x1518 WacomPen - ok
14:28:06.0973 0x1518 WalletService - ok
14:28:06.0974 0x1518 wanarp - ok
14:28:06.0981 0x1518 wanarpv6 - ok
14:28:06.0994 0x1518 WarpJITSvc - ok
14:28:06.0996 0x1518 wbengine - ok
14:28:07.0010 0x1518 WbioSrvc - ok
14:28:07.0016 0x1518 wcifs - ok
14:28:07.0017 0x1518 Wcmsvc - ok
14:28:07.0022 0x1518 wcncsvc - ok
14:28:07.0031 0x1518 wcnfs - ok
14:28:07.0038 0x1518 [ EF2B6F9152F6F79D00BF7DCBE2081951, 1DEDD6C3FCDE9A5DBEE6594940037633C1BB09286690B8D29528EC119C835D3B ] WdBoot C:\WINDOWS\system32\drivers\wd\WdBoot.sys
14:28:07.0053 0x1518 WdBoot - ok
14:28:07.0058 0x1518 Wdf01000 - ok
14:28:07.0071 0x1518 [ 273B2EE5A3CA626D4A1D299CB27A7FC8, 7056A0223E67E280EDED8E60B7F45BECCD49752CA8F179A4BAEE37A75014BAC1 ] WdFilter C:\WINDOWS\system32\drivers\wd\WdFilter.sys
14:28:07.0090 0x1518 WdFilter - ok
14:28:07.0096 0x1518 WdiServiceHost - ok
14:28:07.0097 0x1518 WdiSystemHost - ok
14:28:07.0102 0x1518 wdiwifi - ok
14:28:07.0112 0x1518 [ 85641F5E6761F9A9B8E4ABC319BE68B5, 8AA96547EA4BAC6EA26FEE29AC2C70EAB987D3391091C5564243B905AB80C8E4 ] WdNisDrv C:\WINDOWS\system32\drivers\wd\WdNisDrv.sys
14:28:07.0125 0x1518 WdNisDrv - ok
14:28:07.0201 0x1518 [ 9A92286431EC4AAD197D7F2F648969CB, 0CD2301E27F4304C0EEBDEA61CCAB03738425FBF174801A5BAAF9DBD6B73C0D3 ] WdNisSvc C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1809.2-0\NisSrv.exe
14:28:07.0290 0x1518 WdNisSvc - ok
14:28:07.0302 0x1518 wdnsfltr - ok
14:28:07.0308 0x1518 WebClient - ok
14:28:07.0313 0x1518 Wecsvc - ok
14:28:07.0318 0x1518 WEPHOSTSVC - ok
14:28:07.0322 0x1518 wercplsupport - ok
14:28:07.0328 0x1518 WerSvc - ok
14:28:07.0335 0x1518 WFDSConMgrSvc - ok
14:28:07.0341 0x1518 WFPLWFS - ok
14:28:07.0349 0x1518 WiaRpc - ok
14:28:07.0356 0x1518 WIMMount - ok
14:28:07.0364 0x1518 [ 115CFC73B2DA6A30424EB5229CA8D398, 03E286F9E054756D81C7EB5BB6D280602147F2E6465B817315FAF8AD11286343 ] WinDefend C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1809.2-0\MsMpEng.exe
14:28:07.0399 0x1518 WinDefend - ok
14:28:07.0413 0x1518 WindowsTrustedRT - ok
14:28:07.0418 0x1518 WindowsTrustedRTProxy - ok
14:28:07.0423 0x1518 WinHttpAutoProxySvc - ok
14:28:07.0429 0x1518 WinMad - ok
14:28:07.0439 0x1518 Winmgmt - ok
14:28:07.0443 0x1518 WinNat - ok
14:28:07.0448 0x1518 WinRM - ok
14:28:07.0457 0x1518 WINUSB - ok
14:28:07.0461 0x1518 WinVerbs - ok
14:28:07.0465 0x1518 wisvc - ok
14:28:07.0470 0x1518 WlanSvc - ok
14:28:07.0476 0x1518 wlidsvc - ok
14:28:07.0480 0x1518 wlpasvc - ok
14:28:07.0484 0x1518 WmiAcpi - ok
14:28:07.0491 0x1518 wmiApSrv - ok
14:28:07.0494 0x1518 WMPNetworkSvc - ok
14:28:07.0502 0x1518 [ 8D6E6F6C233AF450C50FA615530B44D2, 1BF6CD93B97920500F5FD0E9D8395ACCAAA2D126FD9C256148797B292D5F9A6C ] Wof C:\WINDOWS\system32\drivers\Wof.sys
14:28:07.0521 0x1518 Wof - ok
14:28:07.0527 0x1518 workfolderssvc - ok
14:28:07.0531 0x1518 WPDBusEnum - ok
14:28:07.0537 0x1518 WpdUpFltr - ok
14:28:07.0542 0x1518 WpnService - ok
14:28:07.0546 0x1518 WpnUserService - ok
14:28:07.0553 0x1518 ws2ifsl - ok
14:28:07.0558 0x1518 wscsvc - ok
14:28:07.0562 0x1518 WSearch - ok
14:28:07.0569 0x1518 wuauserv - ok
14:28:07.0573 0x1518 WudfPf - ok
14:28:07.0578 0x1518 WUDFRd - ok
14:28:07.0578 0x1518 WUDFWpdFs - ok
14:28:07.0583 0x1518 WUDFWpdMtp - ok
14:28:07.0583 0x1518 WwanSvc - ok
14:28:07.0592 0x1518 xbgm - ok
14:28:07.0600 0x1518 XblAuthManager - ok
14:28:07.0605 0x1518 XblGameSave - ok
14:28:07.0607 0x1518 xboxgip - ok
14:28:07.0614 0x1518 XboxGipSvc - ok
14:28:07.0618 0x1518 XboxNetApiSvc - ok
14:28:07.0623 0x1518 xinputhid - ok
14:28:07.0626 0x1518 ================ Scan global ===============================
14:28:07.0641 0x1518 [ Global ] - ok
14:28:07.0641 0x1518 ================ Scan MBR ==================================
14:28:07.0643 0x1518 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
14:28:10.0920 0x1518 \Device\Harddisk0\DR0 - ok
14:28:10.0921 0x1518 ================ Scan VBR ==================================
14:28:10.0924 0x1518 [ 33A53CA3277717E77D5BD7FC2E9829F6 ] \Device\Harddisk0\DR0\Partition1
14:28:10.0925 0x1518 \Device\Harddisk0\DR0\Partition1 - ok
14:28:10.0929 0x1518 [ 30166C321EB396E2396EAA050B0F01F0 ] \Device\Harddisk0\DR0\Partition2
14:28:10.0931 0x1518 \Device\Harddisk0\DR0\Partition2 - ok
14:28:10.0935 0x1518 [ FF49EF7567DA04D3FFCB3F1DDBE3F52C ] \Device\Harddisk0\DR0\Partition3
14:28:10.0937 0x1518 \Device\Harddisk0\DR0\Partition3 - ok
14:28:10.0941 0x1518 [ 6EFCDFF12971082F2F650002D6DD3FC7 ] \Device\Harddisk0\DR0\Partition4
14:28:10.0943 0x1518 \Device\Harddisk0\DR0\Partition4 - ok
14:28:10.0944 0x1518 ================ Scan generic autorun ======================
14:28:10.0946 0x1518 SecurityHealth - ok
14:28:10.0952 0x1518 [ 64D89BDA981ECD2BC9B547E4210CA6E0, 403F685FBC8A71896F550476C3E3CAAC0D593F7CF25D4A2F61ED62D576E62F12 ] D:\Itunes\iTunesHelper.exe
14:28:11.0026 0x1518 iTunesHelper - ok
14:28:11.0160 0x1518 [ 8F1242761AD5C749001494B96AA1B874, AE23F82DEC8F3AB38369C55A8A0ECCCA4873581959CB040B075B8F1E55A3C4FF ] C:\WINDOWS\RTFTrack.EXE
14:28:11.0290 0x1518 RtsFT - ok
14:28:11.0383 0x1518 [ 8CFB97A15870E5BB2D25B719E8AFA45E, 88C2947A9C1994B248ABECC4951757C7E1DCC63FA5E20009A77119752A3D0E5C ] C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
14:28:11.0476 0x1518 Dropbox - ok
14:28:11.0484 0x1518 [ 46E91D8F23069D12CB990FE8A9B05CAA, 54C3677D42463DBE33C2390D72AB35C1FB76B0DB919F0237ED5DB03D08FA004E ] C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe
14:28:11.0501 0x1518 IJNetworkScanUtility - ok
14:28:11.0520 0x1518 [ C4FFD238884D74241C9DD3CD9BD1B5F7, AB6C54313A75BB7FF7FAEEC0CC6C4D67805AF89B0692DE2A112928C5F62763EA ] C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe
14:28:11.0545 0x1518 Cisco AnyConnect Secure Mobility Agent for Windows - ok
14:28:11.0556 0x1518 [ DF5A2FF9B46C998C9697A17BBCA32EDD, 34FFFA1AE38A08FCFBA7597D9BDEEA1D0D30D748508D467386116AF5BB7288FD ] C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
14:28:11.0711 0x1518 SunJavaUpdateSched - ok
14:28:11.0753 0x1518 OneDriveSetup - ok
14:28:11.0755 0x1518 OneDriveSetup - ok
14:28:11.0757 0x1518 OneDriveSetup - ok
14:28:11.0758 0x1518 WAB Migrate - ok
14:28:11.0761 0x1518 OneDriveSetup - ok
14:28:11.0838 0x1518 [ 5710E80EAB62305C4FD4D968567448D2, BDC26F7A2313AB637FDBEEFCA705C5DF5C6F73F28F4BBB4C5FF2BB6B3F551CE6 ] E:\Steam\steam.exe
14:28:12.0320 0x1518 Steam - ok
14:28:12.0435 0x1518 [ 6A86DD196C0CFB9B0DB8C2F1681492EE, 1E63714F2EE9EFFDC605B0F537EBC96A1D7CF5C1AE388FF255E1C0DEF914A76F ] D:\Daemon Tools\DAEMON Tools Lite\DTAgent.exe
14:28:12.0651 0x1518 DAEMON Tools Lite Automount - ok
14:28:12.0665 0x1518 Lync - ok
14:28:12.0668 0x1518 analogue-8 - ok
14:28:12.0668 0x1518 Waiting for KSN requests completion. In queue: 75
14:28:13.0736 0x1518 AV detected via SS2: Windows Defender, windowsdefender:// ( ), 0x61100 ( enabled : updated )
14:28:13.0770 0x1518 Win FW state via NFP2: enabled ( trusted )
14:28:14.0364 0x1518 ============================================================
14:28:14.0364 0x1518 Scan finished
14:28:14.0364 0x1518 ============================================================
14:28:14.0382 0x28c0 Detected object count: 0
14:28:14.0382 0x28c0 Actual detected object count: 0
|
|
17.10.2018, 13:41
| #10 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Trojaner "Trojan.Nymaim", Win 10 Education Adware/Junkware/Toolbars entfernen Alte Versionen von adwCleaner vorher löschen, danach neu runterladen auf den Desktop! Virenscanner jetzt vor dem Einsatz dieser Tools bitte komplett deaktivieren! adwCleaner v7.x Downloade Dir bitte AdwCleaner auf deinen Desktop (Bebilderte Anleitung).
__________________ Logfiles bitte immer in CODE-Tags posten |
|
17.10.2018, 13:53
| #11 |
| | Trojaner "Trojan.Nymaim", Win 10 Education Log nach Bereinigung: Code:
ATTFilter # -------------------------------
# Malwarebytes AdwCleaner 7.2.4.0
# -------------------------------
# Build: 09-25-2018
# Database: 2018-10-12.1 (Cloud)
# Support: https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Clean
# -------------------------------
# Start: 10-17-2018
# Duration: 00:00:01
# OS: Windows 10 Education
# Cleaned: 20
# Failed: 0
***** [ Services ] *****
No malicious services cleaned.
***** [ Folders ] *****
No malicious folders cleaned.
***** [ Files ] *****
Deleted C:\Users\Daniel\AppData\Roaming\Mozilla\Firefox\Profiles\uvy3n8pd.default\searchplugins\bing-lavasoft.xml
Deleted C:\Windows\System32\LavasoftTcpService64.dll
Deleted C:\Windows\System32\LavasoftTcpServiceOff.ini
Deleted C:\Windows\SysWOW64\LavasoftTcpServiceOff.ini
Deleted C:\Windows\SysWOW64\lavasofttcpservice.dll
***** [ DLL ] *****
No malicious DLLs cleaned.
***** [ WMI ] *****
No malicious WMI cleaned.
***** [ Shortcuts ] *****
No malicious shortcuts cleaned.
***** [ Tasks ] *****
No malicious tasks cleaned.
***** [ Registry ] *****
Deleted HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run|iDevice Manager Launcher
Deleted HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run|Web Companion
Deleted HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\FE5AE7DC-7B01-4263-A94C-B4526C276550_is1
Deleted HKLM\Software\Wow6432Node\Classes\TypeLib\{ED62BC6E-64F1-46BE-866F-4C8DC0DF7057}
Deleted HKLM\Software\Classes\TypeLib\{ED62BC6E-64F1-46BE-866F-4C8DC0DF7057}
Deleted HKLM\Software\Wow6432Node\Classes\CLSID\{FCAA532B-E807-4027-940C-BA16B9D50105}
Deleted HKLM\Software\Wow6432Node\Classes\CLSID\{CB31FF8F-BF80-4D2B-ADBE-12C6F5347890}
Deleted HKLM\Software\Wow6432Node\Classes\CLSID\{9A754403-27B1-4ED7-96D7-588F07888EBF}
Deleted HKLM\Software\Wow6432Node\Classes\CLSID\{8F010D54-C023-457F-AF03-497EACB6D519}
Deleted HKLM\Software\Wow6432Node\Classes\CLSID\{472EF1D2-4AAE-470D-AE85-6AF8177916FD}
Deleted HKLM\Software\Wow6432Node\Classes\CLSID\{3A5A5381-DAAF-4C0D-B032-2C66B3EE4A8D}
Deleted HKLM\Software\Wow6432Node\Classes\CLSID\{26C7AFDB-3690-449E-B979-B0AF5CC56DD4}
Deleted HKLM\Software\Wow6432Node\Classes\CLSID\{0015CAC9-FC30-4CD0-BFAA-7412CC2C4DD9}
Deleted HKLM\Software\Wow6432Node\Lavasoft\Web Companion
Deleted HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\webcompanion.com
***** [ Chromium (and derivatives) ] *****
No malicious Chromium entries cleaned.
***** [ Chromium URLs ] *****
No malicious Chromium URLs cleaned.
***** [ Firefox (and derivatives) ] *****
No malicious Firefox entries cleaned.
***** [ Firefox URLs ] *****
No malicious Firefox URLs cleaned.
*************************
[+] Delete Prefetch
[+] Delete Tracing Keys
[+] Reset Chromium Policies
[+] Reset IE Policies
[+] Reset Proxy Settings
[+] Reset Winsock
*************************
AdwCleaner[S00].txt - [3367 octets] - [17/10/2018 14:50:26]
########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C00].txt ##########
|
|
17.10.2018, 17:34
| #12 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Trojaner "Trojan.Nymaim", Win 10 Education adwcleaner bitte zwecks Kontrolle wiederholen
__________________ Logfiles bitte immer in CODE-Tags posten |
|
17.10.2018, 17:56
| #13 |
| | Trojaner "Trojan.Nymaim", Win 10 EducationCode:
ATTFilter # -------------------------------
# Malwarebytes AdwCleaner 7.2.4.0
# -------------------------------
# Build: 09-25-2018
# Database: 2018-10-12.1 (Cloud)
# Support: https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Scan
# -------------------------------
# Start: 10-17-2018
# Duration: 00:00:12
# OS: Windows 10 Education
# Scanned: 31969
# Detected: 0
***** [ Services ] *****
No malicious services found.
***** [ Folders ] *****
No malicious folders found.
***** [ Files ] *****
No malicious files found.
***** [ DLL ] *****
No malicious DLLs found.
***** [ WMI ] *****
No malicious WMI found.
***** [ Shortcuts ] *****
No malicious shortcuts found.
***** [ Tasks ] *****
No malicious tasks found.
***** [ Registry ] *****
No malicious registry entries found.
***** [ Chromium (and derivatives) ] *****
No malicious Chromium entries found.
***** [ Chromium URLs ] *****
No malicious Chromium URLs found.
***** [ Firefox (and derivatives) ] *****
No malicious Firefox entries found.
***** [ Firefox URLs ] *****
No malicious Firefox URLs found.
AdwCleaner[S00].txt - [3367 octets] - [17/10/2018 14:50:26]
AdwCleaner[C00].txt - [3288 octets] - [17/10/2018 14:50:50]
########## EOF - C:\AdwCleaner\Logs\AdwCleaner[S01].txt ##########
|
|
17.10.2018, 18:00
| #14 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Trojaner "Trojan.Nymaim", Win 10 Education Ich brauche neue FRST-Logs . Haken setzen bei addition.txt dann auf Untersuchen klicken.
__________________ Logfiles bitte immer in CODE-Tags posten |
|
17.10.2018, 18:08
| #15 |
| | Trojaner "Trojan.Nymaim", Win 10 Education FRST: Code:
ATTFilter # -------------------------------
# Malwarebytes AdwCleaner 7.2.4.0
# -------------------------------
# Build: 09-25-2018
# Database: 2018-10-12.1 (Cloud)
# Support: https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Scan
# -------------------------------
# Start: 10-17-2018
# Duration: 00:00:12
# OS: Windows 10 Education
# Scanned: 31969
# Detected: 0
***** [ Services ] *****
No malicious services found.
***** [ Folders ] *****
No malicious folders found.
***** [ Files ] *****
No malicious files found.
***** [ DLL ] *****
No malicious DLLs found.
***** [ WMI ] *****
No malicious WMI found.
***** [ Shortcuts ] *****
No malicious shortcuts found.
***** [ Tasks ] *****
No malicious tasks found.
***** [ Registry ] *****
No malicious registry entries found.
***** [ Chromium (and derivatives) ] *****
No malicious Chromium entries found.
***** [ Chromium URLs ] *****
No malicious Chromium URLs found.
***** [ Firefox (and derivatives) ] *****
No malicious Firefox entries found.
***** [ Firefox URLs ] *****
No malicious Firefox URLs found.
AdwCleaner[S00].txt - [3367 octets] - [17/10/2018 14:50:26]
AdwCleaner[C00].txt - [3288 octets] - [17/10/2018 14:50:50]
########## EOF - C:\AdwCleaner\Logs\AdwCleaner[S01].txt ##########
Code:
ATTFilter Zusätzliches Untersuchungsergebnis von Farbar Recovery Scan Tool (x64) Version: 10.10.2018
durchgeführt von Daniel (17-10-2018 19:06:06)
Gestartet von C:\Users\Daniel\Downloads
Windows 10 Education Version 1709 16299.726 (X64) (2017-11-29 09:31:17)
Start-Modus: Normal
==========================================================
==================== Konten: =============================
Administrator (S-1-5-21-3005747062-139439454-937356164-500 - Administrator - Disabled)
Daniel (S-1-5-21-3005747062-139439454-937356164-1001 - Administrator - Enabled) => C:\Users\Daniel
DefaultAccount (S-1-5-21-3005747062-139439454-937356164-503 - Limited - Disabled)
defaultuser0 (S-1-5-21-3005747062-139439454-937356164-1000 - Limited - Disabled) => C:\Users\defaultuser0
Gast (S-1-5-21-3005747062-139439454-937356164-501 - Limited - Disabled)
WDAGUtilityAccount (S-1-5-21-3005747062-139439454-937356164-504 - Limited - Disabled)
==================== Sicherheits-Center ========================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er entfernt.)
AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installierte Programme ======================
(Nur Adware-Programme mit dem Zusatz "Hidden" können in die Fixlist aufgenommen werden, um sie sichtbar zu machen. Die Adware-Programme sollten manuell deinstalliert werden.)
Apple Application Support (32-Bit) (HKLM-x32\...\{9BA1A894-B42F-4805-BC8C-349C905A3930}) (Version: 5.3.1 - Apple Inc.)
Apple Application Support (64-Bit) (HKLM\...\{7EAC8A42-9FAC-4F6B-AABF-C08C9F2E0F13}) (Version: 5.3.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{55BB2110-FB43-49B3-93F4-945A0CFB0A6C}) (Version: 10.0.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{56EC47AA-5813-4FF6-8E75-544026FBEA83}) (Version: 2.2.0.150 - Apple Inc.)
AVS Document Converter 2.2.5 (HKLM-x32\...\AVS Document Converter_is1) (Version: 2.2.5.218 - Online Media Technologies Ltd.)
Backup and Sync from Google (HKLM\...\{AEFBDB5B-899F-4AE6-B789-BA56A652A476}) (Version: 3.42.9858.3671 - Google, Inc.)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
Canon IJ Network Scan Utility (HKLM-x32\...\Canon_IJ_Network_Scan_UTILITY) (Version: - )
Canon IJ Network Tool (HKLM-x32\...\Canon_IJ_Network_UTILITY) (Version: 3.1.1 - Canon Inc.)
Canon MG5200 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG5200_series) (Version: - Canon Inc.)
Canon MP Navigator EX 4.0 (HKLM-x32\...\MP Navigator EX 4.0) (Version: - )
CDBurnerXP (HKLM-x32\...\{7E265513-8CDA-4631-B696-F40D983F3B07}_is1) (Version: 4.5.7.6521 - CDBurnerXP)
Cisco AnyConnect Secure Mobility Client (HKLM-x32\...\Cisco AnyConnect Secure Mobility Client) (Version: 3.1.14018 - Cisco Systems, Inc.)
Cisco AnyConnect Secure Mobility Client (HKLM-x32\...\{C706092D-491F-4D29-BB49-FF7B47CD12F2}) (Version: 3.1.14018 - Cisco Systems, Inc.) Hidden
Citavi 5 (HKLM-x32\...\{7EB278FB-0C3C-445E-8665-4A6CDD9B794E}) (Version: 5.4.0.2 - Swiss Academic Software)
DAEMON Tools Lite (HKLM\...\DAEMON Tools Lite) (Version: 10.5.1.0230 - Disc Soft Ltd)
Dolby Audio X2 Windows API SDK (HKLM\...\{2A027A37-B09B-44FB-B1C9-2DD6BA0014E8}) (Version: 0.7.2.61 - Dolby Laboratories, Inc.)
Dolby Audio X2 Windows APP (HKLM\...\{D765CF7F-14F9-4C80-B06C-10E68F10EBCC}) (Version: 0.7.2.62 - Dolby Laboratories, Inc.)
Dropbox (HKLM-x32\...\Dropbox) (Version: 59.4.93 - Dropbox, Inc.)
Dropbox Update Helper (HKLM-x32\...\{099218A5-A723-43DC-8DB5-6173656A1E94}) (Version: 1.3.141.1 - Dropbox, Inc.) Hidden
Event Study Metrics (HKLM-x32\...\{C002AFAF-27A7-44E9-BE6B-8C659CA2121E}) (Version: 1.21 - Event Study Metrics UG (haftungsbeschränkt))
Event Study Metrics (HKLM-x32\...\{F0392FF4-8A93-4031-9801-3DFEC1B7D806}) (Version: 1.2 - Event Study Metrics UG (haftungsbeschränkt))
EViews 10 (HKLM-x32\...\{BB4E3FEC-00C9-41E2-9E3F-69A1B3B1E7FE}) (Version: 10.00.0000 - IHS Markit) Hidden
EViews 10 (HKLM-x32\...\InstallShield_{BB4E3FEC-00C9-41E2-9E3F-69A1B3B1E7FE}) (Version: 10.00.0000 - IHS Markit)
EViews 9 Student Version (HKLM-x32\...\{FCCFC807-3AE8-4E9B-BA91-671D4D48BAF9}) (Version: 9.00.0000 - IHS Global Inc.) Hidden
EViews 9 Student Version (HKLM-x32\...\InstallShield_{FCCFC807-3AE8-4E9B-BA91-671D4D48BAF9}) (Version: 9.00.0000 - IHS Global Inc.)
FlashFXP 5 (HKLM-x32\...\FlashFXP 5) (Version: 5.4.0.3970 - OpenSight Software LLC)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.17 - Google Inc.) Hidden
hide.me VPN 1.2.12 (HKLM-x32\...\{0E00BDA5-7998-4889-BE4B-39A4BBD2EDFB}_is1) (Version: 1.2.12 - eVenture Limited)
IBM SPSS Statistics 23 (HKLM\...\{C3BA73A4-2A45-4036-8541-4F5F8146078B}) (Version: 23.0.0.0 - IBM Corp)
iExplorer (HKU\S-1-5-21-3005747062-139439454-937356164-1001\...\262f11f6ff148a12) (Version: 4.0.4.0 - Macroplant LLC)
iExplorer 3.9.11.0 (HKLM-x32\...\{7FD8B0C1-CDDA-4B4D-A577-B2E3570EA3A3}_is1) (Version: - Macroplant LLC)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 21.20.16.4727 - Intel Corporation)
iTunes (HKLM\...\{9D0D2A8B-7E7B-4D88-8D50-24286ED6A5EB}) (Version: 12.5.5.5 - Apple Inc.)
Java 8 Update 181 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F64180181F0}) (Version: 8.0.1810.13 - Oracle Corporation)
Lenovo Power Management Driver (HKLM\...\Power Management Driver) (Version: 1.67.12.19 - Lenovo) Hidden
MagentaCLOUD Software (HKLM-x32\...\{C1E2C460-C926-4CF2-94D3-5B6D03B065B2}) (Version: 5.5.1.0 - Deutsche Telekom AG)
Manager (HKLM-x32\...\{38251B9A-C44B-42D9-9A6A-0697986E334A}) (Version: 4.1.4.27792 - 2015 pdfforge GmbH. All rights reserved) Hidden
MATLAB R2016b (HKLM\...\Matlab R2016b) (Version: 9.1 - MathWorks)
Microsoft Office 365 ProPlus - de-de (HKLM\...\O365ProPlusRetail - de-de) (Version: 16.0.10827.20150 - Microsoft Corporation)
Microsoft OneDrive (HKU\.DEFAULT\...\OneDriveSetup.exe) (Version: 17.3.6743.1212 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24210 (HKLM-x32\...\{23658c02-145e-483d-ba6b-1eb82c580529}) (Version: 14.0.24210.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.40303 - Microsoft Corporation)
Microsoft Visual Studio 2010-Tools für Office-Laufzeit (x64) Language Pack - DEU (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - DEU) (Version: 10.0.40303 - Microsoft Corporation)
Mozilla Firefox 50.1.0 (x86 de) (HKLM-x32\...\Mozilla Firefox 50.1.0 (x86 de)) (Version: 50.1.0 - Mozilla)
Mozilla Firefox 62.0.3 (x64 de) (HKU\S-1-5-21-3005747062-139439454-937356164-1001\...\Mozilla Firefox 62.0.3 (x64 de)) (Version: 62.0.3 - Mozilla)
NVIDIA Update 10.4.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 10.4.0 - NVIDIA Corporation)
Office 16 Click-to-Run Extensibility Component (HKLM-x32\...\{90160000-008C-0000-0000-0000000FF1CE}) (Version: 16.0.10827.20150 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Extensibility Component 64-bit Registration (HKLM\...\{90160000-00DD-0000-1000-0000000FF1CE}) (Version: 16.0.10827.20150 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-008F-0000-1000-0000000FF1CE}) (Version: 16.0.10827.20150 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM-x32\...\{90160000-008C-0407-0000-0000000FF1CE}) (Version: 16.0.10827.20150 - Microsoft Corporation) Hidden
Opera Stable 56.0.3051.43 (HKLM-x32\...\Opera 56.0.3051.43) (Version: 56.0.3051.43 - Opera Software)
PDF Architect 4 (HKLM-x32\...\PDF Architect 4) (Version: 4.0.34.26215 - pdfforge GmbH)
PDF Architect 4 Create Module (HKLM\...\{72B9DF2C-76FA-40B5-A469-16EAB159CE72}) (Version: 4.1.5.29097 - pdfforge GmbH) Hidden
PDF Architect 4 Edit Module (HKLM\...\{BDF7326B-7ED4-4034-B867-F4E88D4E628B}) (Version: 4.1.5.29097 - pdfforge GmbH) Hidden
PDF Architect 4 View Module (HKLM\...\{03E04B47-9270-4613-8D7E-DA4AD2B259A0}) (Version: 4.1.5.29097 - pdfforge GmbH) Hidden
PDFCreator (HKLM\...\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}) (Version: 2.4.1 - pdfforge GmbH)
R for Windows 3.3.2 (HKLM\...\R for Windows 3.3.2_is1) (Version: 3.3.2 - R Core Team)
R for Windows 3.4.4 (HKLM\...\R for Windows 3.4.4_is1) (Version: 3.4.4 - R Core Team)
RStudio (HKLM-x32\...\RStudio) (Version: 1.1.442 - RStudio)
Sigil 0.9.7 (HKLM-x32\...\Sigil_is1) (Version: - Sigil-Ebook)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
TeamViewer 13 (HKLM-x32\...\TeamViewer) (Version: 13.2.14327 - TeamViewer)
VdhCoApp 1.1.3 (HKLM\...\weh-iss-net.downloadhelper.coapp_is1) (Version: - DownloadHelper)
Vulkan Run Time Libraries 1.0.33.0 (HKLM\...\VulkanRT1.0.33.0) (Version: 1.0.33.0 - LunarG, Inc.) Hidden
Vulkan Run Time Libraries 1.0.33.0 (HKLM\...\VulkanRT1.0.33.0-2) (Version: 1.0.33.0 - LunarG, Inc.) Hidden
Vulkan Run Time Libraries 1.0.33.0 (HKLM\...\VulkanRT1.0.33.0-3) (Version: 1.0.33.0 - LunarG, Inc.)
Vulkan Run Time Libraries 1.0.42.1 (HKLM\...\VulkanRT1.0.42.1) (Version: 1.0.42.1 - LunarG, Inc.)
Winamp (HKLM-x32\...\Winamp) (Version: 5.666 - Nullsoft, Inc)
Windows 7 USB/DVD Download Tool (HKLM-x32\...\{CCF298AF-9CE1-4B26-B251-486E98A34789}) (Version: 1.0.30 - Microsoft Corporation)
Winmail Opener 1.6 (HKLM-x32\...\Winmail Opener) (Version: 1.6 - Eolsoft)
XY Chart Labeler 7.1 (HKLM-x32\...\XY Chart Labeler 7.1) (Version: - )
==================== Benutzerdefinierte CLSID (Nicht auf der Ausnahmeliste): ==========================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
CustomCLSID: HKU\S-1-5-21-3005747062-139439454-937356164-1001_Classes\CLSID\{1BF42E4C-4AF4-4CFD-A1A0-CF2960B8F63E}\InprocServer32 -> C:\Users\Daniel\AppData\Local\Microsoft\OneDrive\17.3.6816.0313\amd64\FileSyncShell64.dll => Keine Datei
CustomCLSID: HKU\S-1-5-21-3005747062-139439454-937356164-1001_Classes\CLSID\{7AFDFDDB-F914-11E4-8377-6C3BE50D980C}\InprocServer32 -> C:\Users\Daniel\AppData\Local\Microsoft\OneDrive\17.3.6816.0313\amd64\FileSyncShell64.dll => Keine Datei
CustomCLSID: HKU\S-1-5-21-3005747062-139439454-937356164-1001_Classes\CLSID\{82CA8DE3-01AD-4CEA-9D75-BE4C51810A9E}\InprocServer32 -> C:\Users\Daniel\AppData\Local\Microsoft\OneDrive\17.3.6816.0313\amd64\FileSyncShell64.dll => Keine Datei
ShellIconOverlayIdentifiers: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => -> Keine Datei
ShellIconOverlayIdentifiers: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => -> Keine Datei
ShellIconOverlayIdentifiers: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => -> Keine Datei
ShellIconOverlayIdentifiers: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => -> Keine Datei
ShellIconOverlayIdentifiers: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => -> Keine Datei
ShellIconOverlayIdentifiers: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} => -> Keine Datei
ShellIconOverlayIdentifiers: [ MagentaOverlayIconCheck] -> {1304aef5-c945-357c-99e4-d66e65db66cf} => C:\WINDOWS\system32\mscoree.dll [2017-09-29] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ MagentaOverlayIconError] -> {1d6f582c-f7a7-32d5-8c27-71ff7bb1f64c} => C:\WINDOWS\system32\mscoree.dll [2017-09-29] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ MagentaOverlayIconSync] -> {87b816a5-bd92-3f6b-bce0-c3a42490672d} => C:\WINDOWS\system32\mscoree.dll [2017-09-29] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.25.0.dll [2018-10-09] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.25.0.dll [2018-10-09] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.25.0.dll [2018-10-09] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.25.0.dll [2018-10-09] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.25.0.dll [2018-10-09] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.25.0.dll [2018-10-09] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.25.0.dll [2018-10-09] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.25.0.dll [2018-10-09] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.25.0.dll [2018-10-09] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.25.0.dll [2018-10-09] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files\Google\Drive\googledrivesync64.dll [2018-05-30] (Google)
ShellIconOverlayIdentifiers: [ GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files\Google\Drive\googledrivesync64.dll [2018-05-30] (Google)
ShellIconOverlayIdentifiers: [ GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files\Google\Drive\googledrivesync64.dll [2018-05-30] (Google)
ShellIconOverlayIdentifiers-x32: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => -> Keine Datei
ShellIconOverlayIdentifiers-x32: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => -> Keine Datei
ShellIconOverlayIdentifiers-x32: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => -> Keine Datei
ShellIconOverlayIdentifiers-x32: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => -> Keine Datei
ShellIconOverlayIdentifiers-x32: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => -> Keine Datei
ShellIconOverlayIdentifiers-x32: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} => -> Keine Datei
ShellIconOverlayIdentifiers-x32: [ DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.25.0.dll [2018-10-09] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.25.0.dll [2018-10-09] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.25.0.dll [2018-10-09] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.25.0.dll [2018-10-09] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.25.0.dll [2018-10-09] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.25.0.dll [2018-10-09] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.25.0.dll [2018-10-09] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.25.0.dll [2018-10-09] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.25.0.dll [2018-10-09] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.25.0.dll [2018-10-09] (Dropbox, Inc.)
ContextMenuHandlers1: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.25.0.dll [2018-10-09] (Dropbox, Inc.)
ContextMenuHandlers1: [GDContextMenu] -> {BB02B294-8425-42E5-983F-41A1FA970CD6} => C:\Program Files\Google\Drive\contextmenu64.dll [2018-05-30] (Google)
ContextMenuHandlers1: [MagentaCopyExtension] -> {58b099b1-34e1-32dc-9845-ac9e9ccb6879} => C:\WINDOWS\system32\mscoree.dll [2017-09-29] (Microsoft Corporation)
ContextMenuHandlers1: [MagentaShareExtension] -> {f516de71-db37-311e-85e4-c899417e6948} => C:\WINDOWS\system32\mscoree.dll [2017-09-29] (Microsoft Corporation)
ContextMenuHandlers1: [PDFArchitect4_ManagerExt] -> {3AECFCB3-8472-48E9-BC7B-5A3CD945C886} => C:\Program Files\PDF Architect 4\creator-context-menu.dll [2016-08-05] (pdfforge GmbH)
ContextMenuHandlers4: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.25.0.dll [2018-10-09] (Dropbox, Inc.)
ContextMenuHandlers4: [GDContextMenu] -> {BB02B294-8425-42E5-983F-41A1FA970CD6} => C:\Program Files\Google\Drive\contextmenu64.dll [2018-05-30] (Google)
ContextMenuHandlers4: [MagentaCopyExtension] -> {58b099b1-34e1-32dc-9845-ac9e9ccb6879} => C:\WINDOWS\system32\mscoree.dll [2017-09-29] (Microsoft Corporation)
ContextMenuHandlers4: [MagentaShareExtension] -> {f516de71-db37-311e-85e4-c899417e6948} => C:\WINDOWS\system32\mscoree.dll [2017-09-29] (Microsoft Corporation)
ContextMenuHandlers5: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.25.0.dll [2018-10-09] (Dropbox, Inc.)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> Keine Datei
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\WINDOWS\System32\DriverStore\FileRepository\igdlh64.inf_amd64_ce1af3c67f44ff6b\igfxDTCM.dll [2017-08-08] (Intel Corporation)
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\WINDOWS\system32\nvshext.dll [2017-05-01] (NVIDIA Corporation)
ContextMenuHandlers1_.DEFAULT: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => -> Keine Datei
ContextMenuHandlers4_.DEFAULT: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => -> Keine Datei
ContextMenuHandlers5_.DEFAULT: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => -> Keine Datei
==================== Geplante Aufgaben (Nicht auf der Ausnahmeliste) =============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
Task: {1BAE9221-F63B-4167-93D0-71BFD9AE16ED} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-01-15] (Google Inc.)
Task: {1DB99F9D-E144-4F67-96AD-4287D9ACC579} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-01-15] (Google Inc.)
Task: {2CD830EF-9529-4ABD-ACC9-BD701073010A} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2018-09-29] (Microsoft Corporation)
Task: {3475CEA1-315F-49E1-9FA4-65A00C299D8E} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1809.2-0\MpCmdRun.exe [2018-10-17] (Microsoft Corporation)
Task: {3C3FD212-4F3F-48B0-BC95-10C4BB9EDB4C} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1809.2-0\MpCmdRun.exe [2018-10-17] (Microsoft Corporation)
Task: {4E7E0997-94B2-4E32-9BA2-24CADB6C413C} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1809.2-0\MpCmdRun.exe [2018-10-17] (Microsoft Corporation)
Task: {4FCE4565-D15F-4C72-AC3F-7AFB0C3C0485} - System32\Tasks\Avira\System Speedup\Delayed Startup\Daniel\1 => C:\Program Files (x86)\Google\Drive\googledrivesync.exe <==== ACHTUNG
Task: {5DA9C625-4CE0-479B-A582-44A38637C77D} - System32\Tasks\Avira\System Speedup\SpeedupSysTray => C:\Program Files (x86)\Avira\System Speedup\Avira.SystemSpeedup.UI.Systray.exe
Task: {70F37774-A4D0-4054-A6DE-39539DB0A860} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerRegistration => C:\Program Files (x86)\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [2018-10-13] (Microsoft Corporation)
Task: {715F590A-77AE-4A0D-A974-D51CBEE0CD98} - System32\Tasks\Avira\System Speedup\Delayed Startup\All users\1 => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2016-12-28] (NVIDIA Corporation)
Task: {7747DACE-87DA-4959-8FAF-CB8CFBBBD8C7} - System32\Tasks\RtsCM => C:\WINDOWS\RtsCM64.exe [2016-11-14] (Realtek Semiconductor Corp.)
Task: {82CF23AC-28E0-40D3-A277-8DAF386DA4F1} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1809.2-0\MpCmdRun.exe [2018-10-17] (Microsoft Corporation)
Task: {8317585A-515C-405E-85D9-1EEC05BBFA7C} - System32\Tasks\Opera scheduled Autoupdate 1485943771 => D:\Opera\launcher.exe [2018-10-10] (Opera Software)
Task: {83D5FB3B-9896-4AEF-8F31-F3B8FD10F767} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe [2018-10-13] (Microsoft Corporation)
Task: {8CEDBA67-649B-4474-970F-8C0C6CE22E20} - System32\Tasks\Microsoft\Windows\Conexant\SA2 => C:\Program Files\CONEXANT\SAII\SACpl.exe [2016-08-30] (Conexant Systems, Inc.)
Task: {8E01999D-D6BB-4647-BE13-848E9D92856A} - \Microsoft\Windows\UNP\RunCampaignManager -> Keine Datei <==== ACHTUNG
Task: {A2AE4A5C-ED56-43BF-989B-DC05FCFFC210} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe [2018-10-13] (Microsoft Corporation)
Task: {A6D566EE-B492-4F88-A3BF-9A5BE7EB1F13} - System32\Tasks\Avira\System Speedup\Delayed Startup\All users\2 => C:\WINDOWS\RTFTrack.EXE [2016-11-14] (Realtek semiconductor)
Task: {A842A135-6988-4546-A8EE-510C3BDCDFC6} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2018-09-29] (Microsoft Corporation)
Task: {B1833CBB-6B7C-4540-AE62-2A86768D51B5} - System32\Tasks\Avira\System Speedup\TestScheduler => C:\Program Files (x86)\Avira\System Speedup\Avira.SystemSpeedup.Core.Common.Starter.exe
Task: {B510C5C9-98B2-4BA1-9621-17EA8CF4D557} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonx86\Microsoft Shared\Office16\OLicenseHeartbeat.exe [2018-10-13] (Microsoft Corporation)
Task: {BFF4D862-F071-483F-87D2-AB59212B13F8} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerLogon => C:\Program Files (x86)\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [2018-10-13] (Microsoft Corporation)
Task: {CA84A48F-E2E6-4A08-AEE8-E39EA3F4BC9D} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2018-08-14] (Adobe Systems Incorporated)
Task: {CBEEFA77-1690-4B8A-B7EA-88667CE19B36} - System32\Tasks\DropboxUpdateTaskMachineCore => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2017-01-14] (Dropbox, Inc.)
Task: {DDF2E756-B2F4-428D-A586-1A7EC980992A} - System32\Tasks\Microsoft\Windows\Display\Brightness\BrightnessReset
Task: {EB6E25C7-D173-4DEF-B599-9CA9F1D42531} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\sdxhelper.exe [2018-10-13] (Microsoft Corporation)
Task: {EBE570C1-78B3-4D78-9092-671CC2625C54} - System32\Tasks\DropboxUpdateTaskMachineUA => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2017-01-14] (Dropbox, Inc.)
Task: {F557E6A4-96E2-4A0E-976B-0CBA0BE985EF} - System32\Tasks\Microsoft\Windows\Conexant\AFA => C:\Program Files\CONEXANT\cAudioFilterAgent\SACpl.exe [2016-07-05] (Conexant Systems, Inc.)
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Aufgabe verschoben. Die Datei, die durch die Aufgabe gestartet wird, wird nicht verschoben.)
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineCore.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineUA.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
==================== Verknüpfungen & WMI ========================
(Die Einträge können gelistet werden, um sie zurückzusetzen oder zu entfernen.)
==================== Geladene Module (Nicht auf der Ausnahmeliste) ==============
2017-09-29 15:41 - 2017-09-29 15:41 - 000184432 _____ () C:\WINDOWS\SYSTEM32\inputhost.dll
2017-05-22 09:43 - 2017-05-01 22:51 - 000133752 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2017-01-13 14:56 - 2017-01-13 14:56 - 000092472 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2017-01-13 14:56 - 2017-01-13 14:56 - 001353528 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2018-05-15 09:23 - 2018-05-15 09:23 - 000945352 _____ () C:\Program Files (x86)\Telekom\MagentaCloud\Updater\MaintenanceService.exe
2018-10-11 14:48 - 2018-08-31 01:38 - 011044864 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2018-10-11 14:48 - 2018-08-31 01:35 - 001804288 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2018-05-15 09:23 - 2018-05-15 09:23 - 002939592 _____ () C:\Program Files (x86)\Telekom\MagentaCloud\MagentaCloud.App.exe
2016-07-18 10:39 - 2016-07-18 10:39 - 000154816 _____ () C:\Program Files\Dolby\Dolby DAX2\DAX2_API\DolbyDAX2API.exe
2016-02-29 12:16 - 2016-02-29 12:16 - 000070144 _____ () C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\zlib1.dll
2018-10-11 14:42 - 2018-10-09 13:53 - 001140552 _____ () C:\Program Files (x86)\Dropbox\Client\dropbox_watchdog.dll
2018-10-11 14:42 - 2018-10-09 13:53 - 002247496 _____ () C:\Program Files (x86)\Dropbox\Client\dropbox_crashpad.dll
2018-05-15 13:00 - 2018-10-09 13:58 - 000023376 _____ () C:\Program Files (x86)\Dropbox\Client\tornado.speedups.cp35-win32.pyd
2018-10-11 14:42 - 2018-10-09 13:55 - 000025456 _____ () C:\Program Files (x86)\Dropbox\Client\cryptography.hazmat.bindings._constant_time.cp35-win32.pyd
2018-05-15 13:00 - 2018-10-09 13:53 - 000142312 _____ () C:\Program Files (x86)\Dropbox\Client\_cffi_backend.cp35-win32.pyd
2018-10-11 14:42 - 2018-10-09 13:56 - 001953640 _____ () C:\Program Files (x86)\Dropbox\Client\cryptography.hazmat.bindings._openssl.cp35-win32.pyd
2018-10-11 14:42 - 2018-10-09 13:56 - 000025960 _____ () C:\Program Files (x86)\Dropbox\Client\cryptography.hazmat.bindings._padding.cp35-win32.pyd
2018-10-11 14:42 - 2018-10-09 13:53 - 000117720 _____ () C:\Program Files (x86)\Dropbox\Client\pywintypes35.dll
2018-05-15 13:00 - 2018-10-09 13:53 - 000109024 _____ () C:\Program Files (x86)\Dropbox\Client\win32api.cp35-win32.pyd
2018-10-11 14:42 - 2018-10-09 13:56 - 000083784 _____ () C:\Program Files (x86)\Dropbox\Client\fastpath.cp35-win32.pyd
2018-10-11 14:42 - 2018-10-09 13:53 - 000418264 _____ () C:\Program Files (x86)\Dropbox\Client\pythoncom35.dll
2018-05-15 13:00 - 2018-10-09 13:53 - 000027616 _____ () C:\Program Files (x86)\Dropbox\Client\win32event.cp35-win32.pyd
2018-05-15 13:00 - 2018-10-09 13:53 - 000049128 _____ () C:\Program Files (x86)\Dropbox\Client\win32process.cp35-win32.pyd
2018-10-11 14:42 - 2018-10-09 13:56 - 000074072 _____ () C:\Program Files (x86)\Dropbox\Client\psutil._psutil_windows.cp35-win32.pyd
2018-05-15 13:00 - 2018-10-09 13:53 - 000131552 _____ () C:\Program Files (x86)\Dropbox\Client\win32file.cp35-win32.pyd
2018-10-11 14:42 - 2018-10-09 13:55 - 000025944 _____ () C:\Program Files (x86)\Dropbox\Client\cpuid.compiled._cpuid.cp35-win32.pyd
2018-05-15 13:00 - 2018-10-09 13:53 - 000026600 _____ () C:\Program Files (x86)\Dropbox\Client\win32clipboard.cp35-win32.pyd
2018-05-15 13:00 - 2018-10-09 13:53 - 000182752 _____ () C:\Program Files (x86)\Dropbox\Client\win32gui.cp35-win32.pyd
2018-05-15 13:00 - 2018-10-09 13:53 - 000027616 _____ () C:\Program Files (x86)\Dropbox\Client\win32pipe.cp35-win32.pyd
2018-05-15 13:00 - 2018-10-09 13:53 - 000118760 _____ () C:\Program Files (x86)\Dropbox\Client\win32security.cp35-win32.pyd
2018-05-15 13:00 - 2018-10-09 13:58 - 000401752 _____ () C:\Program Files (x86)\Dropbox\Client\win32com.shell.shell.cp35-win32.pyd
2018-05-15 13:00 - 2018-10-09 13:53 - 000028640 _____ () C:\Program Files (x86)\Dropbox\Client\win32job.cp35-win32.pyd
2018-05-15 13:00 - 2018-10-09 13:58 - 000034664 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.kernel32.compiled._winffi_kernel32.cp35-win32.pyd
2018-10-11 14:42 - 2018-10-09 13:53 - 000023704 _____ () C:\Program Files (x86)\Dropbox\Client\mmapfile.cp35-win32.pyd
2018-05-15 13:00 - 2018-10-09 13:53 - 000053736 _____ () C:\Program Files (x86)\Dropbox\Client\win32service.cp35-win32.pyd
2018-05-15 13:00 - 2018-10-09 13:53 - 000064992 _____ () C:\Program Files (x86)\Dropbox\Client\win32evtlog.cp35-win32.pyd
2018-05-15 13:00 - 2018-10-09 13:58 - 000059744 _____ () C:\Program Files (x86)\Dropbox\Client\winshell.compiled._winshell.cp35-win32.pyd
2018-05-15 13:00 - 2018-10-09 13:58 - 000068968 _____ () C:\Program Files (x86)\Dropbox\Client\winenumhandles.compiled._WinEnumHandles.cp35-win32.pyd
2018-05-15 13:00 - 2018-10-09 13:58 - 000028520 _____ () C:\Program Files (x86)\Dropbox\Client\winscreenshot.compiled._CaptureScreenshot.cp35-win32.pyd
2018-10-11 14:42 - 2018-10-09 13:55 - 000027488 _____ () C:\Program Files (x86)\Dropbox\Client\crashpad.compiled._Crashpad.cp35-win32.pyd
2018-05-15 13:00 - 2018-10-09 13:53 - 000032408 _____ () C:\Program Files (x86)\Dropbox\Client\win32ts.cp35-win32.pyd
2018-10-11 14:42 - 2018-10-09 13:56 - 000156504 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebEngineWidgets.cp35-win32.pyd
2018-05-15 13:00 - 2018-10-09 13:58 - 000092488 _____ () C:\Program Files (x86)\Dropbox\Client\sip.cp35-win32.pyd
2018-10-11 14:42 - 2018-10-09 13:56 - 001778000 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtCore.cp35-win32.pyd
2018-10-11 14:42 - 2018-10-09 13:56 - 000518992 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtNetwork.cp35-win32.pyd
2018-10-11 14:42 - 2018-10-09 13:56 - 000052056 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebEngineCore.cp35-win32.pyd
2018-10-11 14:42 - 2018-10-09 13:56 - 001929552 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtGui.cp35-win32.pyd
2018-10-11 14:42 - 2018-10-09 13:57 - 003821392 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWidgets.cp35-win32.pyd
2018-10-11 14:42 - 2018-10-09 13:56 - 000044888 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebChannel.cp35-win32.pyd
2018-10-11 14:42 - 2018-10-09 13:56 - 000132944 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebKit.cp35-win32.pyd
2018-10-11 14:42 - 2018-10-09 13:56 - 000218456 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebKitWidgets.cp35-win32.pyd
2018-10-11 14:42 - 2018-10-09 13:56 - 000205656 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtPrintSupport.cp35-win32.pyd
2018-05-15 13:00 - 2018-10-09 13:53 - 000061408 _____ () C:\Program Files (x86)\Dropbox\Client\win32print.cp35-win32.pyd
2018-05-15 13:00 - 2018-10-09 13:58 - 000051552 _____ () C:\Program Files (x86)\Dropbox\Client\winrpcserver.compiled._RPCServer.cp35-win32.pyd
2018-05-15 13:00 - 2018-10-09 13:53 - 000027624 _____ () C:\Program Files (x86)\Dropbox\Client\win32profile.cp35-win32.pyd
2018-08-03 18:17 - 2018-10-09 13:58 - 000033632 _____ () C:\Program Files (x86)\Dropbox\Client\winreindex.compiled._winreindex.cp35-win32.pyd
2018-05-15 13:00 - 2018-10-09 13:58 - 000028008 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.user32.compiled._winffi_user32.cp35-win32.pyd
2018-05-15 13:00 - 2018-10-09 13:58 - 000025960 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.iphlpapi.compiled._winffi_iphlpapi.cp35-win32.pyd
2018-05-15 13:00 - 2018-10-09 13:58 - 000025448 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.winerror.compiled._winffi_winerror.cp35-win32.pyd
2018-05-15 13:00 - 2018-10-09 13:58 - 000025960 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.wininet.compiled._winffi_wininet.cp35-win32.pyd
2018-10-11 14:42 - 2018-10-09 13:56 - 000031600 _____ () C:\Program Files (x86)\Dropbox\Client\dropbox.infinite.win.compiled._driverinstallation.cp35-win32.pyd
2018-05-15 13:00 - 2018-10-09 13:53 - 000486880 _____ () C:\Program Files (x86)\Dropbox\Client\winxpgui.cp35-win32.pyd
2018-10-11 14:42 - 2018-10-09 13:57 - 000102736 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWinExtras.cp35-win32.pyd
2018-05-15 13:00 - 2018-10-09 13:58 - 000029040 _____ () C:\Program Files (x86)\Dropbox\Client\winverifysignature.compiled._VerifySignature.cp35-win32.pyd
2018-10-11 14:42 - 2018-10-09 13:56 - 000029024 _____ () C:\Program Files (x86)\Dropbox\Client\librsyncffi.compiled._librsyncffi.cp35-win32.pyd
2018-10-11 14:42 - 2018-10-09 13:53 - 000036312 _____ () C:\Program Files (x86)\Dropbox\Client\librsync.dll
2018-10-11 14:42 - 2018-10-09 13:56 - 000036712 _____ () C:\Program Files (x86)\Dropbox\Client\enterprise_data.compiled._enterprise_data.cp35-win32.pyd
2018-10-11 14:42 - 2018-10-09 13:53 - 000293392 _____ () C:\Program Files (x86)\Dropbox\Client\EnterpriseDataAdapter.dll
2018-05-15 13:00 - 2018-10-09 13:58 - 000025960 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.advapi32.compiled._winffi_advapi32.cp35-win32.pyd
2018-10-11 14:42 - 2018-10-09 13:56 - 000433992 _____ () C:\Program Files (x86)\Dropbox\Client\dropbox_sqlite_ext.DLL
2018-05-15 13:00 - 2018-10-09 13:58 - 000035680 _____ () C:\Program Files (x86)\Dropbox\Client\wind3d11.compiled._wind3d11.cp35-win32.pyd
2018-10-11 14:42 - 2018-10-09 13:56 - 000025920 _____ () C:\Program Files (x86)\Dropbox\Client\libEGL.DLL
2018-10-11 14:42 - 2018-10-09 13:56 - 001592128 _____ () C:\Program Files (x86)\Dropbox\Client\libGLESv2.dll
2018-05-15 13:00 - 2018-10-09 13:58 - 000025960 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.shcore.compiled._winffi_shcore.cp35-win32.pyd
2018-05-15 13:00 - 2018-10-09 13:58 - 000095592 _____ () C:\Program Files (x86)\Dropbox\Client\windisplaytoast.compiled._DisplayToast.cp35-win32.pyd
2018-09-13 20:44 - 2018-10-09 13:58 - 000028520 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.shell32.compiled._winffi_shell32.cp35-win32.pyd
2018-05-15 13:00 - 2018-10-09 13:58 - 000029544 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.winhttp.compiled._winffi_winhttp.cp35-win32.pyd
2018-10-11 14:42 - 2018-10-09 13:56 - 000530768 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtQuick.cp35-win32.pyd
2018-10-11 14:42 - 2018-10-09 13:56 - 000348496 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtQml.cp35-win32.pyd
2018-10-11 14:42 - 2018-10-09 13:56 - 000037200 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebEngine.cp35-win32.pyd
2018-05-15 09:23 - 2018-05-15 09:23 - 001035968 _____ () C:\Program Files (x86)\Telekom\MagentaCloud\CefSharp.Core.dll
2018-05-15 09:23 - 2018-05-15 09:23 - 048943792 _____ () C:\Program Files (x86)\Telekom\MagentaCloud\libcef.dll
==================== Alternate Data Streams (Nicht auf der Ausnahmeliste) =========
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird nur der ADS entfernt.)
AlternateDataStreams: C:\Users\Daniel\Desktop\Dieser PC.lnk:com.dropbox.attributes [168]
AlternateDataStreams: C:\Users\Daniel\Desktop\Excel 2016.lnk:com.dropbox.attributes [168]
==================== Abgesicherter Modus (Nicht auf der Ausnahmeliste) ===================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Der Wert "AlternateShell" wird wiederhergestellt.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
==================== Verknüpfungen (Nicht auf der Ausnahmeliste) ===============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt.)
==================== Internet Explorer Vertrauenswürdig/Eingeschränkt ===============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt.)
IE trusted site: HKU\S-1-5-21-3005747062-139439454-937356164-1001\...\localhost -> localhost
==================== Hosts Inhalt: ===============================
(Wenn benötigt kann der Hosts: Schalter in die Fixlist aufgenommen werden um die Hosts Datei zurückzusetzen.)
2016-07-16 13:47 - 2017-05-04 19:56 - 000000822 _____ C:\WINDOWS\system32\Drivers\etc\hosts
==================== Andere Bereiche ============================
(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)
HKU\S-1-5-21-3005747062-139439454-937356164-1001\Control Panel\Desktop\\Wallpaper -> C:\Windows\web\wallpaper\Windows\img0.jpg
DNS Servers: 208.67.222.222 - 208.67.220.220
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin)
Windows Firewall ist aktiviert.
==================== MSCONFIG/TASK MANAGER Deaktivierte Einträge ==
Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er entfernt.
MSCONFIG\Services: hmevpnsvc => 2
MSCONFIG\Services: PDF Architect 4 Creator => 2
MSCONFIG\Services: PDF Architect 4 Manager => 2
MSCONFIG\Services: SkypeUpdate => 2
MSCONFIG\Services: TeamViewer => 2
HKLM\...\StartupApproved\Run: => "iTunesHelper"
HKLM\...\StartupApproved\Run: => "Malwarebytes TrayApp"
HKLM\...\StartupApproved\Run32: => "Avira Safe Shopping"
HKLM\...\StartupApproved\Run32: => "IJNetworkScanUtility"
HKLM\...\StartupApproved\Run32: => "avgnt"
HKLM\...\StartupApproved\Run32: => "Avira System Speedup User Starter"
HKLM\...\StartupApproved\Run32: => "Cisco AnyConnect Secure Mobility Agent for Windows"
HKLM\...\StartupApproved\Run32: => "Avira System Speedup Tray"
HKU\S-1-5-21-3005747062-139439454-937356164-1001\...\StartupApproved\StartupFolder: => "hide.me VPN.lnk"
HKU\S-1-5-21-3005747062-139439454-937356164-1001\...\StartupApproved\Run: => "Steam"
HKU\S-1-5-21-3005747062-139439454-937356164-1001\...\StartupApproved\Run: => "DAEMON Tools Lite Automount"
HKU\S-1-5-21-3005747062-139439454-937356164-1001\...\StartupApproved\Run: => "Lync"
HKU\S-1-5-21-3005747062-139439454-937356164-1001\...\StartupApproved\Run: => "Skype"
HKU\S-1-5-21-3005747062-139439454-937356164-1001\...\StartupApproved\Run: => "OneDriveSetup"
==================== Firewall Regeln (Nicht auf der Ausnahmeliste) ===============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
FirewallRules: [{4C7B732E-0FD7-422C-9AC4-BB682E44A967}] => (Allow) D:\iDevice Manager\Software4u.IDeviceManager.exe
FirewallRules: [{2B20FCD4-630C-4471-B98B-2E32A952E407}] => (Allow) D:\iDevice Manager\Software4u.IDeviceManager.exe
FirewallRules: [UDP Query User{EAC87636-C841-4830-A55C-3006E6ABC97C}D:\firefox\firefox.exe] => (Allow) D:\firefox\firefox.exe
FirewallRules: [TCP Query User{51E3D2E5-D134-49E6-AA62-77A19BE7A466}D:\firefox\firefox.exe] => (Allow) D:\firefox\firefox.exe
FirewallRules: [{FB609537-CEE0-43FF-9901-ADFC71D01DFA}] => (Allow) D:\Firefox\firefox.exe
FirewallRules: [{2403435D-2FA7-4BCA-9431-0AAFC53995A4}] => (Allow) D:\Firefox\firefox.exe
FirewallRules: [{4358B7D6-4FAD-4134-A899-0ACBB3CA2C9A}] => (Allow) D:\Winamp\winamp.exe
FirewallRules: [{B8C1A868-A8F7-4524-B022-8C7B1FFF9AB3}] => (Allow) D:\Winamp\winamp.exe
FirewallRules: [{4F717FD6-C5FE-417E-9716-FF8F5BBCC5AC}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe
FirewallRules: [{BAF5465B-0B8C-48EB-8C0E-42E2383E290C}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe
FirewallRules: [{88597239-47B2-44B3-9029-E23C9B747FD5}] => (Allow) E:\Steam\Steam.exe
FirewallRules: [{C376E856-F63C-4A8B-ACAE-A12A986352E1}] => (Allow) E:\Steam\Steam.exe
FirewallRules: [{5B83FF76-B086-42DB-8EDC-13404D4A2D58}] => (Allow) E:\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{4178755B-C789-4F0E-BF1A-D32BE637A59A}] => (Allow) E:\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{8A37997D-7EBA-4BF3-84E4-C6221AD96067}] => (Allow) E:\Steam\steamapps\common\Counter-Strike Source\hl2.exe
FirewallRules: [{AA643F16-1860-4227-8DC1-ED1E6C20C202}] => (Allow) E:\Steam\steamapps\common\Counter-Strike Source\hl2.exe
FirewallRules: [{B07DC62A-1A2C-421B-87D9-AF914D66A633}] => (Allow) E:\Steam\steamapps\common\Day of Defeat Source\hl2.exe
FirewallRules: [{96A83318-73B9-4DF3-9A69-3E983E821751}] => (Allow) E:\Steam\steamapps\common\Day of Defeat Source\hl2.exe
FirewallRules: [TCP Query User{12ECF736-F198-49B7-B79D-CB74FEAE49C4}F:\daniel\aoe\aoe2\empires2.exe] => (Allow) F:\daniel\aoe\aoe2\empires2.exe
FirewallRules: [UDP Query User{BB74B76C-88E4-4C23-A3E8-5A4031742C2B}F:\daniel\aoe\aoe2\empires2.exe] => (Allow) F:\daniel\aoe\aoe2\empires2.exe
FirewallRules: [TCP Query User{61FEAAEB-235D-454C-8D87-3B1350A1366A}E:\aoe\aoe2\empires2 crack.exe] => (Allow) E:\aoe\aoe2\empires2 crack.exe
FirewallRules: [UDP Query User{0B7C7E56-6039-4F86-A534-2813178DC6AB}E:\aoe\aoe2\empires2 crack.exe] => (Allow) E:\aoe\aoe2\empires2 crack.exe
FirewallRules: [{1E4624E5-DF0E-48BD-B1AB-1A027BAC0E6C}] => (Allow) D:\SPSS\stats.exe
FirewallRules: [{BD833538-A88D-4B70-9578-E4DF094CE426}] => (Allow) D:\SPSS\stats.exe
FirewallRules: [{B7AEF517-39C0-4F3D-9B0E-0218C05FB5C8}] => (Allow) D:\SPSS\WinWrapIDE.exe
FirewallRules: [{10F5AF86-383D-41E1-A876-CBFF837002F0}] => (Allow) D:\SPSS\WinWrapIDE.exe
FirewallRules: [{71C5BBC3-D8C6-418A-88EA-35A35E856698}] => (Allow) D:\SPSS\stats.com
FirewallRules: [{9CB5B4F7-59B6-4DC7-9855-0E101E6B6326}] => (Allow) D:\SPSS\stats.com
FirewallRules: [{C11BF9F0-742D-4EB7-A311-7D0A15F95957}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{9BE5C2D2-7D93-4701-9A21-EC7E4CB9A2FF}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{7CDF2EFD-2747-4703-9C77-57D20A4FDB69}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{55BFB488-F81C-40C6-8AA0-B9C976C4BF8D}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{DCDAC99F-C5CE-4A0C-BFEB-17F283025894}] => (Allow) D:\Itunes\iTunes.exe
FirewallRules: [TCP Query User{7D4F1500-B52C-4CD3-B06A-B2998926DEDA}D:\matlab 2016\bin\win64\matlab.exe] => (Allow) D:\matlab 2016\bin\win64\matlab.exe
FirewallRules: [UDP Query User{F978D644-6B0B-46E4-9A0C-C5766783175C}D:\matlab 2016\bin\win64\matlab.exe] => (Allow) D:\matlab 2016\bin\win64\matlab.exe
FirewallRules: [TCP Query User{EB421851-6CAD-46FB-8163-5177E2CF4B0D}D:\matlab 2016\bin\win64\matlab.exe] => (Block) D:\matlab 2016\bin\win64\matlab.exe
FirewallRules: [UDP Query User{C19EC5B5-837F-47AF-8F42-D830F0608F44}D:\matlab 2016\bin\win64\matlab.exe] => (Block) D:\matlab 2016\bin\win64\matlab.exe
FirewallRules: [{06CBFB82-76CA-4474-BC1B-250EE30B471A}] => (Allow) D:\Teamviewer\TeamViewer.exe
FirewallRules: [{E163E641-8ACC-4EAA-AD5E-420CF311CB6F}] => (Allow) D:\Teamviewer\TeamViewer.exe
FirewallRules: [{AEBA278D-A196-4AD1-A1EC-4B0E3CE8201E}] => (Allow) D:\Teamviewer\TeamViewer_Service.exe
FirewallRules: [{45BED32D-97CD-4CCD-89E7-0B4EB909905E}] => (Allow) D:\Teamviewer\TeamViewer_Service.exe
FirewallRules: [{7C4437F6-DBE5-4096-9D85-B7FA254AF9B3}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\outlook.exe
FirewallRules: [{8196BBAA-D6D4-4A44-9E56-3CEE0B8A3031}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe
FirewallRules: [{DE563F96-981A-413E-8A2F-AF79AC5D7762}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe
FirewallRules: [{BD0BFB02-80EA-458D-BFD9-5942D14B335E}] => (Allow) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
FirewallRules: [{A19D9854-E6BE-4ABB-85D2-D17B28294BC6}] => (Allow) D:\Opera\56.0.3051.36\opera.exe
FirewallRules: [{5192BB62-D6BE-48E0-BF55-254204915EAE}] => (Allow) D:\Opera\56.0.3051.43\opera.exe
FirewallRules: [TCP Query User{470960AF-B997-45B9-A72C-774604DCE267}E:\aoe\aoe2\empires2 c.exe] => (Block) E:\aoe\aoe2\empires2 c.exe
FirewallRules: [UDP Query User{138C7DF9-0D9A-4934-B909-B2DF567DC57A}E:\aoe\aoe2\empires2 c.exe] => (Block) E:\aoe\aoe2\empires2 c.exe
==================== Wiederherstellungspunkte =========================
ACHTUNG: Systemwiederherstellung ist deaktiviert
==================== Fehlerhafte Geräte im Gerätemanager =============
Name: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows x64
Description: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows x64
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Cisco Systems
Service: vpnva
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
==================== Fehlereinträge in der Ereignisanzeige: =========================
Applikationsfehler:
==================
Error: (10/17/2018 01:52:50 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: iexplore.exe, Version: 11.0.16299.371, Zeitstempel: 0x54396d87
Name des fehlerhaften Moduls: urlmon.dll, Version: 11.0.16299.726, Zeitstempel: 0xd8220fd4
Ausnahmecode: 0xc0000005
Fehleroffset: 0x000000000002dd0f
ID des fehlerhaften Prozesses: 0x2248
Startzeit der fehlerhaften Anwendung: 0x01d4660febbcbdef
Pfad der fehlerhaften Anwendung: C:\Program Files\Internet Explorer\iexplore.exe
Pfad des fehlerhaften Moduls: C:\WINDOWS\SYSTEM32\urlmon.dll
Berichtskennung: fa4d2401-8f9d-41c8-ac81-429f76044848
Vollständiger Name des fehlerhaften Pakets:
Anwendungs-ID, die relativ zum fehlerhaften Paket ist:
Error: (10/17/2018 01:47:59 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: mbamservice.exe, Version: 3.2.0.704, Zeitstempel: 0x5b9acf90
Name des fehlerhaften Moduls: SelfProtectionSdk.dll, Version: 3.0.0.360, Zeitstempel: 0x5b995ba2
Ausnahmecode: 0xc0000409
Fehleroffset: 0x000000000014e2a9
ID des fehlerhaften Prozesses: 0xec8
Startzeit der fehlerhaften Anwendung: 0x01d46535ad4e5480
Pfad der fehlerhaften Anwendung: D:\Anti-Malware\mbamservice.exe
Pfad des fehlerhaften Moduls: D:\ANTI-MALWARE\SelfProtectionSdk.dll
Berichtskennung: eb35b919-3471-4483-8ebf-3e02af835fb5
Vollständiger Name des fehlerhaften Pakets:
Anwendungs-ID, die relativ zum fehlerhaften Paket ist:
Error: (10/17/2018 01:47:58 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: mbamservice.exe, Version: 3.2.0.704, Zeitstempel: 0x5b9acf90
Name des fehlerhaften Moduls: ntdll.dll, Version: 10.0.16299.665, Zeitstempel: 0x2e74e364
Ausnahmecode: 0xc0000005
Fehleroffset: 0x000000000004a6ab
ID des fehlerhaften Prozesses: 0xec8
Startzeit der fehlerhaften Anwendung: 0x01d46535ad4e5480
Pfad der fehlerhaften Anwendung: D:\Anti-Malware\mbamservice.exe
Pfad des fehlerhaften Moduls: C:\WINDOWS\SYSTEM32\ntdll.dll
Berichtskennung: ec374b07-34b9-4d97-99c3-6c518174500f
Vollständiger Name des fehlerhaften Pakets:
Anwendungs-ID, die relativ zum fehlerhaften Paket ist:
Error: (10/17/2018 12:38:06 PM) (Source: Office 2016 Licensing Service) (EventID: 0) (User: )
Description: Event-ID 0
Error: (10/16/2018 11:57:38 AM) (Source: Office 2016 Licensing Service) (EventID: 0) (User: )
Description: Event-ID 0
Error: (10/15/2018 10:12:19 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm audiodg.exe, Version 10.0.16299.248 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Systemsteuerung "Sicherheit und Wartung", um nach weiteren Informationen zum Problem zu suchen.
Prozess-ID: 8
Startzeit: 01d464596b21415a
Beendigungszeit: 4294967295
Anwendungspfad: C:\WINDOWS\System32\audiodg.exe
Berichts-ID: ae173526-4b38-47f2-b3e2-b2d65a48e2e5
Vollständiger Name des fehlerhaften Pakets:
Auf das fehlerhafte Paket bezogene Anwendungs-ID:
Error: (10/15/2018 10:00:18 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm svchost.exe, Version 10.0.16299.15 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Systemsteuerung "Sicherheit und Wartung", um nach weiteren Informationen zum Problem zu suchen.
Prozess-ID: 92c
Startzeit: 01d464596adc09eb
Beendigungszeit: 4294967295
Anwendungspfad: C:\WINDOWS\System32\svchost.exe
Berichts-ID: 539401e3-c710-481e-a8d9-fa7be0970eba
Vollständiger Name des fehlerhaften Pakets:
Auf das fehlerhafte Paket bezogene Anwendungs-ID:
Error: (10/15/2018 09:53:24 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: wab.exe, Version: 10.0.16299.15, Zeitstempel: 0x8a2c87c5
Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 10.0.16299.611, Zeitstempel: 0x966d0f68
Ausnahmecode: 0xe06d7363
Fehleroffset: 0x00104172
ID des fehlerhaften Prozesses: 0x2650
Startzeit der fehlerhaften Anwendung: 0x01d4645c1a852070
Pfad der fehlerhaften Anwendung: C:\Program Files (x86)\Windows Mail\wab.exe
Pfad des fehlerhaften Moduls: C:\WINDOWS\System32\KERNELBASE.dll
Berichtskennung: 1dc6186d-3b20-4f7d-bb7d-c326a927ea95
Vollständiger Name des fehlerhaften Pakets:
Anwendungs-ID, die relativ zum fehlerhaften Paket ist:
Systemfehler:
=============
Error: (10/17/2018 06:54:22 PM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-K7CJ56O)
Description: Der Server "{417976B7-917D-4F1E-8F14-C18FCCB0B3A8}" konnte innerhalb des angegebenen Zeitabschnitts mit DCOM nicht registriert werden.
Error: (10/17/2018 05:10:27 PM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-K7CJ56O)
Description: Der Server "{417976B7-917D-4F1E-8F14-C18FCCB0B3A8}" konnte innerhalb des angegebenen Zeitabschnitts mit DCOM nicht registriert werden.
Error: (10/17/2018 04:29:17 PM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-K7CJ56O)
Description: Der Server "{417976B7-917D-4F1E-8F14-C18FCCB0B3A8}" konnte innerhalb des angegebenen Zeitabschnitts mit DCOM nicht registriert werden.
Error: (10/17/2018 03:08:16 PM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-K7CJ56O)
Description: Der Server "{417976B7-917D-4F1E-8F14-C18FCCB0B3A8}" konnte innerhalb des angegebenen Zeitabschnitts mit DCOM nicht registriert werden.
Error: (10/17/2018 03:06:26 PM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT)
Description: Durch die Berechtigungseinstellungen für "Anwendungsspezifisch" wird dem Benutzer "NT-AUTORITÄT\Lokaler Dienst" (SID: S-1-5-19) unter der Adresse "LocalHost (unter Verwendung von LRPC)" keine Berechtigung vom Typ "Lokal Aktivierung" für die COM-Serveranwendung mit der CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
und der APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
im Anwendungscontainer "Nicht verfügbar" (SID: Nicht verfügbar) gewährt. Die Sicherheitsberechtigung kann mit dem Verwaltungstool für Komponentendienste geändert werden.
Error: (10/17/2018 02:53:31 PM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-K7CJ56O)
Description: Der Server "{417976B7-917D-4F1E-8F14-C18FCCB0B3A8}" konnte innerhalb des angegebenen Zeitabschnitts mit DCOM nicht registriert werden.
Error: (10/17/2018 02:51:15 PM) (Source: BTHUSB) (EventID: 5) (User: )
Description: Der Bluetooth-Treiber hat ein HCI-Ereignis mit einer bestimmten Größe erwartet, das aber nicht empfangen wurde.
Error: (10/17/2018 02:50:49 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Intel(R) Content Protection HECI Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.
Windows Defender:
===================================
Date: 2018-10-17 13:48:03.100
Description:
Fehler des Windows Defender Antivirus-Echtzeitschutz-Features.
Feature: Netzwerkinspektionssystem
Fehlercode: 0x8007045b
Fehlerbeschreibung: Der Computer wird heruntergefahren.
Ursache: Dem System fehlen erforderliche Updates zum Ausführen des Netzwerkinspektionssystems. Installieren Sie die erforderlichen Updates, und starten Sie das Gerät neu.
CodeIntegrity:
===================================
Date: 2018-10-17 19:02:47.131
Description:
Code Integrity determined that a process (\Device\HarddiskVolume4\WINDOWS\System32\svchost.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.
Date: 2018-10-17 19:02:47.129
Description:
Code Integrity determined that a process (\Device\HarddiskVolume4\WINDOWS\System32\svchost.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.
Date: 2018-10-17 18:56:21.791
Description:
Code Integrity determined that a process (\Device\HarddiskVolume4\WINDOWS\System32\svchost.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.
Date: 2018-10-17 18:56:21.788
Description:
Code Integrity determined that a process (\Device\HarddiskVolume4\WINDOWS\System32\svchost.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.
Date: 2018-10-17 15:01:26.379
Description:
Code Integrity determined that a process (\Device\HarddiskVolume4\WINDOWS\System32\svchost.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.
Date: 2018-10-17 15:01:26.376
Description:
Code Integrity determined that a process (\Device\HarddiskVolume4\WINDOWS\System32\svchost.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.
Date: 2018-10-17 15:01:24.678
Description:
Code Integrity determined that a process (\Device\HarddiskVolume4\WINDOWS\System32\svchost.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.
Date: 2018-10-17 15:01:24.674
Description:
Code Integrity determined that a process (\Device\HarddiskVolume4\WINDOWS\System32\svchost.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.
==================== Speicherinformationen ===========================
Prozessor: Intel(R) Core(TM) i5-7200U CPU @ 2.50GHz
Prozentuale Nutzung des RAM: 41%
Installierter physikalischer RAM: 7639 MB
Verfügbarer physikalischer RAM: 4479.21 MB
Summe virtueller Speicher: 8855 MB
Verfügbarer virtueller Speicher: 5739.43 MB
==================== Laufwerke ================================
Drive c: (System) (Fixed) (Total:71.46 GB) (Free:16.38 GB) NTFS
Drive d: (Programme) (Fixed) (Total:97.66 GB) (Free:57.89 GB) NTFS
Drive e: (Spiele) (Fixed) (Total:68.36 GB) (Free:59 GB) NTFS
\\?\Volume{7cd8f29d-0000-0000-0000-100000000000}\ (FREE_DOS) (Fixed) (Total:1 GB) (Free:0.98 GB) FAT32
==================== MBR & Partitionstabelle ==================
========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 238.5 GB) (Disk ID: 7CD8F29D)
Partition 1: (Active) - (Size=1 GB) - (Type=0B)
Partition 2: (Not Active) - (Size=97.7 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=68.4 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=71.5 GB) - (Type=07 NTFS)
==================== Ende von Addition.txt ============================
|
|
| Themen zu Trojaner "Trojan.Nymaim", Win 10 Education |
| .dll, administrator, antivirus, avdevprot, avg, avira, bonjour, canon, converter, defender, entfernen, error, excel, explorer, firefox, flash player, google, helper, homepage, internet, internet explorer, log, malwarebytes, microsoft, monitor, mozilla, nvidia, opera, pdf, prozesse, realtek, registry, scan, secure, software, stick, svchost.exe, tcp, trojaner, udp, updates, windows, wmi |
dann auf 
und dann auf 
. 
Linear-Darstellung
