|
Plagegeister aller Art und deren Bekämpfung: Beim unachtsamen Öffnen wohl Win32/Tiggre!rfn eingefangenWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
30.01.2020, 18:02 | #1 |
| Beim unachtsamen Öffnen wohl Win32/Tiggre!rfn eingefangen Windows defender sagt mir, dass ich mir einen schwerwiegenden Trojaner eingefangen habe. Wie bekomme ich ihn weg. Habe erst mal beide externen Festplatten mit meinen Nutzdaten (Echt und Backup) abgezogen, da es sich wohl um Ransomware handelt. Betroffene Elemente sagt mir Windows defender: file:L:\DHL_jan 21 2020 at 1.40_8ZP290_PDF.exe Was muss ich machen? Danke für eure Hilfe! Habe jetzt mal AVira drüberlaufen lassen: Folgendes Bild hier die frst.txt-Datei: Code:
ATTFilter Untersuchungsergebnis von Farbar Recovery Scan Tool (FRST) (x64) Version: 27-01-2020 durchgeführt von Michael (Administrator) auf PCxxxHOME (Intel Corporation NUC7i5BNH) (30-01-2020 18:35:24) Gestartet von C:\Users\Michael\Downloads Geladene Profile: Michael (Verfügbare Profile: Admin & Michael & Administrator) Platform: Windows 10 Pro Version 1903 18362.592 (X64) Sprache: Deutsch (Deutschland) Standard-Browser: FF Start-Modus: Normal Anleitung für Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Prozesse (Nicht auf der Ausnahmeliste) ================= (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Prozess geschlossen. Die Datei wird nicht verschoben.) () [Datei ist nicht signiert] C:\Program Files (x86)\DocFetcher\docfetcher-daemon-windows.exe (ABBYY Software House -> ABBYY (BIT Software)) C:\Program Files (x86)\Common Files\ABBYY\FineReader\9.00\Licensing\PE\NetworkLicenseServer.exe (ABBYY SOLUTIONS LIMITED -> ABBYY) C:\Program Files (x86)\Common Files\ABBYY\FineReader\11.00\Licensing\CE\NetworkLicenseServer.exe (ABBYY SOLUTIONS LIMITED -> ABBYY.) C:\Program Files (x86)\ABBYY FineReader 11\Bonus.ScreenshotReader.exe (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avgnt.exe (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avguard.exe (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avshadow.exe (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\protectedservice.exe (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\sched.exe (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.Systray.exe (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Optimizer Host\Avira.OptimizerHost.exe (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Security\Avira.Spotlight.Service.exe (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\SoftwareUpdater\Avira.SoftwareUpdater.ServiceHost.exe (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\VPN\Avira.VpnService.exe (CobianSoft, Luis Cobian) [Datei ist nicht signiert] C:\Program Files (x86)\Cobian Backup 11\cbVSCService11.exe (Dropbox, Inc -> Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe (Dropbox, Inc -> Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe (Dropbox, Inc -> Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe (Dropbox, Inc -> Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe (Dropbox, Inc -> Dropbox, Inc.) C:\Windows\System32\DbxSvc.exe (Dropbox, Inc -> The Qt Company Ltd.) C:\Program Files (x86)\Dropbox\Client\89.4.278\QtWebEngineProcess.exe (Dropbox, Inc -> The Qt Company Ltd.) C:\Program Files (x86)\Dropbox\Client\89.4.278\QtWebEngineProcess.exe (Dropbox, Inc -> The Qt Company Ltd.) C:\Program Files (x86)\Dropbox\Client\89.4.278\QtWebEngineProcess.exe (Dropbox, Inc -> The Qt Company Ltd.) C:\Program Files (x86)\Dropbox\Client\89.4.278\QtWebEngineProcess.exe (Dropbox, Inc -> The Qt Company Ltd.) C:\Program Files (x86)\Dropbox\Client\89.4.278\QtWebEngineProcess.exe (EnigmaSoft Limited -> EnigmaSoft Limited) C:\Program Files\EnigmaSoft\SpyHunter\ShKernel.exe (EnigmaSoft Limited -> EnigmaSoft Limited) C:\Program Files\EnigmaSoft\SpyHunter\ShMonitor.exe (EnigmaSoft Limited -> EnigmaSoft Limited) C:\Program Files\EnigmaSoft\SpyHunter\SpyHunter5.exe (FUJITSU LIMITED) [Datei ist nicht signiert] C:\Windows\twain_32\fjscan32\FjtwMkup.exe (Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.35.422\GoogleCrashHandler.exe (Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.35.422\GoogleCrashHandler64.exe (Intel Corporation-Wireless Connectivity Solutions -> Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe (Intel Corporation-Wireless Connectivity Solutions -> Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe (Intel Corporation-Wireless Connectivity Solutions -> Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe (Intel(R) INTELND1617S2 -> Intel Corporation) C:\Windows\System32\IPROSetMonitor.exe (Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_250db833a1cd577e\igfxCUIService.exe (Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_250db833a1cd577e\igfxEM.exe (Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_250db833a1cd577e\IntelCpHDCPSvc.exe (Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_250db833a1cd577e\IntelCpHeciSvc.exe (Intel(R) Wireless Connectivity Solutions -> Intel Corporation) C:\Windows\System32\ibtsiva.exe (Luis Cobian, CobianSoft) [Datei ist nicht signiert] C:\Program Files (x86)\Cobian Backup 11\cbInterface.exe (Luis Cobian, CobianSoft) [Datei ist nicht signiert] C:\Program Files (x86)\Cobian Backup 11\cbService.exe (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft Office\Office15\EXCEL.EXE (Microsoft Corporation -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe (Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.20011.10711.0_x64__8wekyb3d8bbwe\Video.UI.exe (Microsoft Windows -> Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe (Microsoft Windows -> Microsoft Corporation) C:\Windows\splwow64.exe (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\rundll32.exe (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\SecurityHealthHost.exe (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\SecurityHealthHost.exe (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe (Microsoft Windows -> Microsoft Corporation) C:\Windows\SystemApps\Microsoft.Windows.SecHealthUI_cw5n1h2txyewy\SecHealthUI.exe (Mozilla Corporation -> Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation) C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe (Opera Software AS -> Opera Software) C:\Users\Michael\AppData\Local\Programs\Opera\assistant\browser_assistant.exe (Opera Software AS -> Opera Software) C:\Users\Michael\AppData\Local\Programs\Opera\assistant\browser_assistant.exe (Oracle America, Inc. -> Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe (Oracle America, Inc. -> Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (PFU LIMITED) [Datei ist nicht signiert] C:\Windows\twain_32\fjscan32\ERG\FTErGuid.exe (PFU LIMITED) [Datei ist nicht signiert] C:\Windows\twain_32\fjscan32\FJTWMKSV.exe (PFU LIMITED) [Datei ist nicht signiert] C:\Windows\twain_32\fjscan32\FTPWREVT\FTPWREVT.exe (PFU LIMITED) [Datei ist nicht signiert] C:\Windows\twain_32\fjscan32\SOP\FtLnSOP.exe (Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Windows\System32\RtkAudUService64.exe (Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Windows\System32\RtkAudUService64.exe (Samsung Electronics CO., LTD. -> DEVGURU Co., LTD.) C:\Program Files (x86)\Samsung\USB Drivers\27_ssconn\conn\ss_conn_service.exe (shbox.de) [Datei ist nicht signiert] C:\Program Files (x86)\FreePDF_XP\fpassist.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH) C:\Program Files (x86)\TeamViewer\tv_w32.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH) C:\Program Files (x86)\TeamViewer\tv_x64.exe (TechSmith Corporation -> TechSmith Corporation) C:\Program Files (x86)\TechSmith\Snagit 10\Snagit32.exe (TechSmith Corporation -> TechSmith Corporation) C:\Program Files (x86)\TechSmith\Snagit 10\SnagitEditor.exe (TechSmith Corporation -> TechSmith Corporation) C:\Program Files (x86)\TechSmith\Snagit 10\SnagPriv.exe (TechSmith Corporation -> TechSmith Corporation) C:\Program Files (x86)\TechSmith\Snagit 10\TscHelp.exe (Telegram FZ-LLC -> Telegram FZ-LLC) C:\Users\Michael\AppData\Roaming\Telegram Desktop\Telegram.exe (Tesline-Service s.r.l. -> Tesline-Service SRL) C:\Program Files (x86)\Rohos\ntserv.exe (Tracker Software Products (Canada) Ltd -> Tracker Software Products (Canada) Ltd.) C:\Program Files\Tracker Software\PDF Editor\PDFXEdit.exe (WhatsApp Inc.) C:\Program Files\WindowsApps\5319275A.WhatsAppDesktop_0.4.315.0_x64__cv1g1gvanyjgm\app\WhatsApp.exe (WhatsApp Inc.) C:\Program Files\WindowsApps\5319275A.WhatsAppDesktop_0.4.315.0_x64__cv1g1gvanyjgm\app\WhatsApp.exe (WhatsApp Inc.) C:\Program Files\WindowsApps\5319275A.WhatsAppDesktop_0.4.315.0_x64__cv1g1gvanyjgm\app\WhatsApp.exe (WhatsApp Inc.) C:\Program Files\WindowsApps\5319275A.WhatsAppDesktop_0.4.315.0_x64__cv1g1gvanyjgm\app\WhatsApp.exe (Wolters Kluwer Deutschland GmbH -> ) C:\Program Files (x86)\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe konnte nicht auf den Prozess zugreifen -> explorer.exe ==================== Registry (Nicht auf der Ausnahmeliste) =================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt. Die Datei wird nicht verschoben.) HKLM\...\Run: [RtkAudUService] => C:\WINDOWS\System32\RtkAudUService64.exe [878368 2019-05-30] (Realtek Semiconductor Corp. -> Realtek Semiconductor) HKLM\...\Run: [] => [X] HKLM-x32\...\Run: [KeePass 2 PreLoad] => C:\Program Files (x86)\KeePass Password Safe 2\KeePass.exe [3331264 2020-01-20] (Open Source Developer, Dominik Reichl -> Dominik Reichl) HKLM-x32\...\Run: [ConnectionCenter] => C:\Program Files (x86)\Citrix\ICA Client\concentr.exe [395616 2014-09-03] (Citrix Systems, Inc. -> Citrix Systems, Inc.) HKLM-x32\...\Run: [Redirector] => C:\Program Files (x86)\Citrix\ICA Client\redirector.exe [153952 2014-09-03] (Citrix Systems, Inc. -> Citrix Systems, Inc.) HKLM-x32\...\Run: [FreePDF Assistant] => C:\Program Files (x86)\FreePDF_XP\fpassist.exe [373760 2014-03-18] (shbox.de) [Datei ist nicht signiert] HKLM-x32\...\Run: [FtLnSOP_setup] => C:\Windows\Twain_32\Fjscan32\SOP\FtLnSOP.exe [147456 2012-01-23] (PFU LIMITED) [Datei ist nicht signiert] HKLM-x32\...\Run: [FJTWAIN Setup] => C:\Windows\Twain_32\fjscan32\FjtwMkup.exe [139264 2012-01-23] (FUJITSU LIMITED) [Datei ist nicht signiert] HKLM-x32\...\Run: [FTPWRENV] => C:\Windows\Twain_32\Fjscan32\FTPWREVT\FTPWREVT.exe [45056 2007-10-16] (PFU LIMITED) [Datei ist nicht signiert] HKLM-x32\...\Run: [RohosLogon] => C:\Program Files (x86)\Rohos\welcome-user.exe [1380384 2015-09-04] (Tesline-Service s.r.l. -> Tesline-Service SRL) HKLM-x32\...\Run: [Dropbox] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [6261760 2020-01-23] (Dropbox, Inc -> Dropbox, Inc.) HKLM-x32\...\Run: [Cobian Backup 11 interface] => C:\Program Files (x86)\Cobian Backup 11\cbInterface.exe [4407808 2013-03-07] (Luis Cobian, CobianSoft) [Datei ist nicht signiert] HKLM-x32\...\Run: [DocFetcher-Daemon] => C:\Program Files (x86)\DocFetcher\docfetcher-daemon-windows.exe [563621 2018-07-30] () [Datei ist nicht signiert] HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [645648 2019-10-05] (Oracle America, Inc. -> Oracle Corporation) HKLM-x32\...\Run: [Avira SystrayStartTrigger] => C:\Program Files (x86)\Avira\Launcher\Avira.SystrayStartTrigger.exe [228136 2020-01-15] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG) HKLM-x32\...\Run: [Avira System Speedup User Starter] => C:\Program Files (x86)\Avira\System Speedup\Avira.SystemSpeedup.Core.Common.Starter.exe [331368 2020-01-30] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG) HKLM-x32\...\Run: [] => [X] HKU\S-1-5-21-2216129787-3453094354-8666996-1006\...\Run: [Opera Browser Assistant] => C:\Users\Michael\AppData\Local\Programs\Opera\assistant\browser_assistant.exe [2785304 2020-01-28] (Opera Software AS -> Opera Software) HKU\S-1-5-21-2216129787-3453094354-8666996-1006\...\Run: [] => [X] HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\79.0.3945.130\Installer\chrmstp.exe [2020-01-22] (Google LLC -> Google LLC) HKLM\Software\...\Authentication\Credential Providers: [{75A22DF1-B82D-56ed-B229-CD30517BD617}] -> C:\WINDOWS\system32\rohos_cp_x64.dll [2015-09-04] (Tesline-Service s.r.l. -> Tesline-Service SRL) HKLM\Software\...\Authentication\Credential Provider Filters: [{75A22DF1-B82D-56ed-B229-CD30517BD617}] -> C:\WINDOWS\system32\rohos_cp_x64.dll [2015-09-04] (Tesline-Service s.r.l. -> Tesline-Service SRL) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Error Recovery Guide.lnk [2014-12-19] ShortcutTarget: Error Recovery Guide.lnk -> C:\Windows\twain_32\fjscan32\ERG\FTErGuid.exe (PFU LIMITED) [Datei ist nicht signiert] Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Snagit 10.lnk [2015-09-10] ShortcutTarget: Snagit 10.lnk -> C:\Program Files (x86)\TechSmith\Snagit 10\Snagit32.exe (TechSmith Corporation -> TechSmith Corporation) Startup: C:\Users\xxx\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\An OneNote senden.lnk [2015-08-04] ShortcutTarget: An OneNote senden.lnk -> C:\Program Files\Microsoft Office\Office15\ONENOTEM.EXE (Microsoft Corporation -> Microsoft Corporation) Startup: C:\Users\xxx\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Citrix Receiver.lnk [2016-02-24] ShortcutTarget: Citrix Receiver.lnk -> C:\Program Files (x86)\Citrix\SelfServicePlugin\SelfServicePlugin.exe (Keine Datei) Startup: C:\Users\xxx\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Outlook 2013.lnk [2017-08-28] ShortcutTarget: Outlook 2013.lnk -> C:\Windows\Installer\{91150000-0011-0000-1000-0000000FF1CE}\outicon.exe (Microsoft Corporation -> ) Startup: C:\Users\xxx\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\StarLeaf Breeze.lnk [2016-11-11] ShortcutTarget: StarLeaf Breeze.lnk -> C:\Users\Michael\AppData\Local\StarLeaf\Breeze\Breeze.exe (Keine Datei) Startup: C:\Users\xxx\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SX Virtual Link.lnk [2014-12-19] ShortcutTarget: SX Virtual Link.lnk -> C:\Program Files\silex technology\SX Virtual Link\Connect.exe (silex technology, Inc. -> silex technology, Inc.) Startup: C:\Users\xxx\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Telegram.lnk [2014-12-22] ShortcutTarget: Telegram.lnk -> C:\Users\Michael\AppData\Roaming\Telegram Desktop\Telegram.exe (Telegram FZ-LLC -> Telegram FZ-LLC) GroupPolicy: Beschränkung ? <==== ACHTUNG ==================== Geplante Aufgaben (Nicht auf der Ausnahmeliste) ============ (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.) Task: {05EA894B-EB58-424B-B39B-116FA972E24E} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe [1626328 2014-01-23] (Microsoft Corporation -> Microsoft Corporation) Task: {07A021E7-A400-49D8-873B-AE62B61F4C70} - System32\Tasks\Avira_Antivirus_Systray => C:\Program Files (x86)\Avira\Antivirus\avgnt.exe [2757672 2019-11-15] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG) Task: {12436D86-9FE5-43B5-8EEF-8B36BAD9437F} - System32\Tasks\DropboxUpdateTaskMachineCore => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2018-03-03] (Dropbox, Inc -> Dropbox, Inc.) Task: {27E52497-1F70-494F-9DCC-D68E86DDB66C} - System32\Tasks\G2MUpdateTask-S-1-5-21-2216129787-3453094354-8666996-1006 => C:\Users\Michael\AppData\Local\GoToMeeting\16576\g2mupdate.exe [32256 2020-01-24] (LogMeIn, Inc. -> LogMeIn, Inc.) Task: {32AB90BD-1B19-4379-A7E2-EF71AC6D6EAC} - \Microsoft\Windows\UNP\RunCampaignManager -> Keine Datei <==== ACHTUNG Task: {352E6CA0-7314-4DF4-89C4-682368D80D57} - System32\Tasks\Microsoft\Windows\Workplace Join\Automatic-Workplace-Join => C:\WINDOWS\System32\AutoWorkplace.exe Task: {378B6735-940E-45A5-A099-EF9C0F748DAD} - System32\Tasks\Microsoft\Windows\rempl\shell-usoscan => C:\Program Files\rempl\remsh.exe Task: {38695BBA-0242-471D-9FE8-E978079CF2F3} - System32\Tasks\Opera scheduled Autoupdate 1570723055 => C:\Users\Michael\AppData\Local\Programs\Opera\launcher.exe [1350680 2020-01-22] (Opera Software AS -> Opera Software) Task: {3DF6D6BF-DB8D-4F47-8528-5A6F26F92A24} - \Open URL by RoboForm -> Keine Datei <==== ACHTUNG Task: {3FCFA83B-A405-4B82-B0B1-58AE7B8E326D} - System32\Tasks\Adobe Flash Player NPAPI Notifier => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_32_0_0_321_Plugin.exe [1458232 2020-01-21] (Adobe Inc. -> Adobe) Task: {40CE5594-D783-4DBE-863F-E954EF84B661} - System32\Tasks\Run RoboForm TaskBar Icon => C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe Task: {449CD507-AFCC-422B-99BA-19038F0707C2} - System32\Tasks\AviraSystemSpeedupUpdate => C:\ProgramData\Avira\SystemSpeedup\Update\avira_speedup_setup_update.exe [27848432 2020-01-30] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG ) Task: {47843C54-CCE1-4E96-A4F7-D595D5AE0AFD} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [376496 2014-01-23] (Microsoft Corporation -> Microsoft Corporation) Task: {4BB105C1-E1E5-49A8-9569-10B8D147692E} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [144200 2015-08-04] (Google Inc -> Google Inc.) Task: {4F07498B-0E99-42B0-93F2-B3BA2991397B} - System32\Tasks\G2MUploadTask-S-1-5-21-2216129787-3453094354-8666996-1006 => C:\Users\Michael\AppData\Local\GoToMeeting\16576\g2mupload.exe [32256 2020-01-24] (LogMeIn, Inc. -> LogMeIn, Inc.) Task: {5A3FB241-0B11-4EA5-BC66-0D9F1B406040} - System32\Tasks\Microsoft\Windows\Customer Experience Improvement Program\BthSQM => {C8367320-6F85-11E0-A1F0-0800200C9A66} C:\WINDOWS\System32\BthTelemetry.dll [32256 2019-03-19] (Microsoft Windows -> Microsoft Corporation) Task: {60102B88-BA20-40A2-972A-E0C6C546EFDA} - System32\Tasks\Opera scheduled assistant Autoupdate 1571414292 => C:\Users\Michael\AppData\Local\Programs\Opera\launcher.exe [1350680 2020-01-22] (Opera Software AS -> Opera Software) Task: {6993C842-31C0-403D-838A-477A93071DA8} - System32\Tasks\G2MUpdateTask-S-1-5-21-1013316503-1690231437-2228150199-1155 => C:\Users\xxx\AppData\Local\GoToMeeting\8404\g2mupdate.exe [31808 2018-02-23] (LogMeIn, Inc. -> LogMeIn, Inc.) Task: {6DFCB649-0769-4F83-BB10-F60F235F6D3D} - System32\Tasks\Microsoft\Windows\SkyDrive\Idle Sync Maintenance Task => {BF6C1E47-86EC-4194-9CE5-13C15DCB2001} Task: {727986C7-E956-46B6-8689-566B1343AE03} - System32\Tasks\CreateChoiceProcessTask => C:\Windows\BrowserChoice\browserchoice.exe Task: {74502E3C-5697-4D3C-90B7-854664CF3912} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [144200 2015-08-04] (Google Inc -> Google Inc.) Task: {767E57D2-0F24-415F-A737-106C8658282C} - System32\Tasks\HPCustParticipation HP LaserJet M101-M106 => C:\Program Files\HP\HP LaserJet M101-M106\Bin\HPCustPartic.exe [6658184 2017-04-27] (Hewlett Packard -> HP Inc.) Task: {872D0E53-FD2E-41E3-B431-698AF82882CE} - System32\Tasks\Microsoft\Windows\SkyDrive\Routine Maintenance Task => {1B1F472E-3221-4826-97DB-2C2324D389AE} Task: {9C0E4A9E-FEFF-4EC6-85BB-341B91C798F2} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [376496 2014-01-23] (Microsoft Corporation -> Microsoft Corporation) Task: {A29A4B16-728D-4E48-A8E1-7331D530114E} - System32\Tasks\Microsoft\Windows\GroupPolicy\{3E0A038B-D834-4930-9981-E89C9BFF83AA} => C:\WINDOWS\system32\gpupdate.exe [29696 2019-03-19] (Microsoft Windows -> Microsoft Corporation) Task: {A43FB1C8-F623-4579-BAE8-D8EBAA91EA1E} - System32\Tasks\G2MUploadTask-S-1-5-21-1013316503-1690231437-2228150199-1155 => C:\Users\xxx\AppData\Local\GoToMeeting\8404\g2mupload.exe [31808 2018-02-23] (LogMeIn, Inc. -> LogMeIn, Inc.) Task: {A4E42F6D-B6F2-4032-98A3-8550B484EFDF} - System32\Tasks\Microsoft\Windows\Shell\FamilySafetyUpload => {EBF00FCB-0769-4B81-9BEC-6C05514111AA} Task: {A52BA8E7-4C33-4310-865D-079A379983B6} - System32\Tasks\Microsoft\Windows\GroupPolicy\{A7719E0F-10DB-4640-AD8C-490CC6AD5202} => C:\WINDOWS\system32\gpupdate.exe [29696 2019-03-19] (Microsoft Windows -> Microsoft Corporation) Task: {AF6BA8A7-9675-4BE5-8F55-1A9E1063A6C6} - System32\Tasks\DropboxUpdateTaskMachineUA => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2018-03-03] (Dropbox, Inc -> Dropbox, Inc.) Task: {C6C3C854-50CB-459C-A56D-192379BAA19B} - System32\Tasks\CreateExplorerShellUnelevatedTask => C:\WINDOWS\Explorer.EXE /NOUACCHECK Task: {CE2DE968-E342-40D7-9566-427D45E4A886} - System32\Tasks\Microsoft\Windows\PerfTrack\BackgroundConfigSurveyor => {EA9155A3-8A39-40B4-8963-D3C761B18371} Task: {DCACECB0-BFE8-4C3E-AC08-CA8F904DA6E0} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [335416 2020-01-21] (Adobe Inc. -> Adobe) Task: {E881479F-0ADD-488A-98E5-E3BB1E56FABD} - System32\Tasks\TrackerAutoUpdate => C:\Program Files\Tracker Software\Update\TrackerUpdate.exe [4630208 2016-11-28] (Tracker Software Products (Canada) Ltd -> Tracker Software Products (Canada) Ltd.) Task: {F8391A59-C7FB-4672-A308-1EDD7A65CC55} - System32\Tasks\Avira_Security_Update => C:\Program Files (x86)\Avira\Security\Avira.Spotlight.Common.Updater.exe [226512 2020-01-22] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG) (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Aufgabe verschoben. Die Datei, die durch die Aufgabe gestartet wird, wird nicht verschoben.) Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineCore.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineUA.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe Task: C:\WINDOWS\Tasks\G2MUpdateTask-S-1-5-21-1013316503-1690231437-2228150199-1155.job => C:\Users\xxx\AppData\Local\GoToMeeting\8404\g2mupdate.exe Task: C:\WINDOWS\Tasks\G2MUpdateTask-S-1-5-21-2216129787-3453094354-8666996-1006.job => C:\Users\Michael\AppData\Local\GoToMeeting\16576\g2mupdate.exe Task: C:\WINDOWS\Tasks\G2MUploadTask-S-1-5-21-1013316503-1690231437-2228150199-1155.job => C:\Users\xxx\AppData\Local\GoToMeeting\8404\g2mupload.exe Task: C:\WINDOWS\Tasks\G2MUploadTask-S-1-5-21-2216129787-3453094354-8666996-1006.job => C:\Users\Michael\AppData\Local\GoToMeeting\16576\g2mupload.exe Task: C:\WINDOWS\Tasks\TrackerAutoUpdate.job => C:\Program Files\Tracker Software\Update\TrackerUpdate.exe-CheckUpdate(Tracker Software Products (Canada) Ltd.Kee ==================== Internet (Nicht auf der Ausnahmeliste) ==================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Eintrag entfernt oder auf den Standardwert zurückgesetzt, wenn es sich um einen Registryeintrag handelt.) Tcpip\Parameters: [DhcpNameServer] 192.168.178.1 Tcpip\..\Interfaces\{0870edde-a074-40a6-8ce3-e97f27791aa8}: [DhcpNameServer] 192.168.178.1 Tcpip\..\Interfaces\{5fc5dc9a-0860-4eba-91af-6b83c6085645}: [DhcpNameServer] 192.168.44.1 Tcpip\..\Interfaces\{720b8e4b-a57e-4978-a4f2-180187041341}: [DhcpNameServer] 10.0.0.5 10.0.0.1 Tcpip\..\Interfaces\{bf6de677-06e8-4870-aa04-c38dbce56565}: [DhcpNameServer] 192.168.178.1 Internet Explorer: ================== SearchScopes: HKLM -> DefaultScope {2BEB8D3A-B24F-4284-BBD8-B6B30EC1F64E} URL = SearchScopes: HKU\S-1-5-21-2216129787-3453094354-8666996-1006 -> DefaultScope {2BEB8D3A-B24F-4284-BBD8-B6B30EC1F64E} URL = BHO: SnagIt Toolbar Loader -> {00C6482D-C502-44C8-8409-FCE54AD9C208} -> C:\Program Files (x86)\TechSmith\Snagit 10\DLLx64\SnagitBHO64.dll [2011-11-08] (TechSmith Corporation -> TechSmith Corporation) BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll [2019-07-18] (Microsoft Corporation -> Microsoft Corporation) BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL [2018-05-15] (Microsoft Corporation -> Microsoft Corporation) BHO-x32: SnagIt Toolbar Loader -> {00C6482D-C502-44C8-8409-FCE54AD9C208} -> C:\Program Files (x86)\TechSmith\Snagit 10\SnagitBHO.dll [2011-11-08] (TechSmith Corporation -> TechSmith Corporation) BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll [2019-07-18] (Microsoft Corporation -> Microsoft Corporation) BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_231\bin\ssv.dll [2019-10-20] (Oracle America, Inc. -> Oracle Corporation) BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL [2018-05-15] (Microsoft Corporation -> Microsoft Corporation) BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_231\bin\jp2ssv.dll [2019-10-20] (Oracle America, Inc. -> Oracle Corporation) Toolbar: HKLM - Snagit - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files (x86)\TechSmith\Snagit 10\DLLx64\SnagitIEAddin64.dll [2011-11-08] (TechSmith Corporation -> TechSmith Corporation) Toolbar: HKLM-x32 - Snagit - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files (x86)\TechSmith\Snagit 10\SnagitIEAddin.dll [2011-11-08] (TechSmith Corporation -> TechSmith Corporation) DPF: HKLM-x32 {A4150320-98EC-4DB6-9BFB-EBF4B6FBEB16} hxxp://10.0.0.239/codebase/DVM_IPCam2.ocx Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL [2017-08-15] (Microsoft Corporation -> Microsoft Corporation) Filter-x32: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2014-09-03] (Citrix Systems, Inc. -> Citrix Systems, Inc.) Filter-x32: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2014-09-03] (Citrix Systems, Inc. -> Citrix Systems, Inc.) Filter-x32: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2014-09-03] (Citrix Systems, Inc. -> Citrix Systems, Inc.) Filter-x32: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2014-09-03] (Citrix Systems, Inc. -> Citrix Systems, Inc.) Filter-x32: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2014-09-03] (Citrix Systems, Inc. -> Citrix Systems, Inc.) Filter-x32: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2014-09-03] (Citrix Systems, Inc. -> Citrix Systems, Inc.) Filter-x32: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2014-09-03] (Citrix Systems, Inc. -> Citrix Systems, Inc.) Filter-x32: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2014-09-03] (Citrix Systems, Inc. -> Citrix Systems, Inc.) Filter-x32: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2014-09-03] (Citrix Systems, Inc. -> Citrix Systems, Inc.) Filter-x32: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2014-09-03] (Citrix Systems, Inc. -> Citrix Systems, Inc.) Filter-x32: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2014-09-03] (Citrix Systems, Inc. -> Citrix Systems, Inc.) Filter-x32: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2014-09-03] (Citrix Systems, Inc. -> Citrix Systems, Inc.) Filter-x32: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2014-09-03] (Citrix Systems, Inc. -> Citrix Systems, Inc.) Filter-x32: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2014-09-03] (Citrix Systems, Inc. -> Citrix Systems, Inc.) Filter-x32: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2014-09-03] (Citrix Systems, Inc. -> Citrix Systems, Inc.) Filter-x32: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2014-09-03] (Citrix Systems, Inc. -> Citrix Systems, Inc.) FireFox: ======== FF DefaultProfile: 7x1ny61f.default-1571561941413 FF ProfilePath: C:\Users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\7x1ny61f.default-1571561941413 [2020-01-30] FF user.js: detected! => C:\Users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\7x1ny61f.default-1571561941413\user.js [2019-12-01] FF Notifications: Mozilla\Firefox\Profiles\7x1ny61f.default-1571561941413 -> hxxps://www.youtube.com; hxxps://www.finanzen.net; hxxps://www.marktjagd.de; hxxps://www.aerzteblatt.de FF NewTabOverride: Mozilla\Firefox\Profiles\7x1ny61f.default-1571561941413 -> Disabled: mailcheck@gmx.net FF NewTabOverride: Mozilla\Firefox\Profiles\7x1ny61f.default-1571561941413 -> Enabled: keefox@chris.tomlinson FF Extension: (German Dictionary) - C:\Users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\7x1ny61f.default-1571561941413\Extensions\de-DE@dictionaries.addons.mozilla.org.xpi [2019-10-25] [ist nicht signiert] FF Extension: (Kee - Password Manager) - C:\Users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\7x1ny61f.default-1571561941413\Extensions\keefox@chris.tomlinson.xpi [2019-10-20] FF Extension: (GMX MailCheck) - C:\Users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\7x1ny61f.default-1571561941413\Extensions\mailcheck@gmx.net.xpi [2019-12-26] [UpdateUrl:hxxps://dl.gmx.net/mailcheck/firefox/updates.json] FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_32_0_0_321.dll [2020-01-21] (Adobe Inc. -> ) FF Plugin: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll [2014-10-28] (Tracker Software Products (Canada) Ltd -> Tracker Software Products (Canada) Ltd.) FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.50918.0\npctrl.dll [2018-10-23] (Microsoft Corporation -> Microsoft Corporation) FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~1\Office15\NPSPWRAP.DLL [2014-01-23] (Microsoft Corporation -> Microsoft Corporation) FF Plugin: @tracker-software.com/PDF-XChange Editor Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Editor\npPDFXEditPlugin.x64.dll [2016-11-28] (Tracker Software Products (Canada) Ltd -> Tracker Software Products (Canada) Ltd.) FF Plugin: @tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll [2014-10-28] (Tracker Software Products (Canada) Ltd -> Tracker Software Products (Canada) Ltd.) FF Plugin: @videolan.org/vlc,version=2.2.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [Keine Datei] FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_32_0_0_321.dll [2020-01-21] (Adobe Inc. -> ) FF Plugin-x32: @Citrix.com/npican -> C:\Program Files (x86)\Citrix\ICA Client\npicaN.dll [2014-09-03] (Citrix Systems, Inc. -> Citrix Systems, Inc.) FF Plugin-x32: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll [2014-10-28] (Tracker Software Products (Canada) Ltd -> Tracker Software Products (Canada) Ltd.) FF Plugin-x32: @google.com/sewebplugin -> C:\Windows\system32\npsewebplugin.dll [Keine Datei] FF Plugin-x32: @java.com/DTPlugin,version=11.231.2 -> C:\Program Files (x86)\Java\jre1.8.0_231\bin\dtplugin\npDeployJava1.dll [2019-10-20] (Oracle America, Inc. -> Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=11.231.2 -> C:\Program Files (x86)\Java\jre1.8.0_231\bin\plugin2\npjp2.dll [2019-10-20] (Oracle America, Inc. -> Oracle Corporation) FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2016-07-19] (Microsoft Corporation -> Microsoft Corporation) FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.50918.0\npctrl.dll [2018-10-23] (Microsoft Corporation -> Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL [2014-01-21] (Microsoft Corporation -> Microsoft Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.35.422\npGoogleUpdate3.dll [2019-12-15] (Google LLC -> Google LLC) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.35.422\npGoogleUpdate3.dll [2019-12-15] (Google LLC -> Google LLC) FF Plugin-x32: @tracker-software.com/PDF-XChange Editor Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Editor\npPDFXEditPlugin.x86.dll [2016-11-28] (Tracker Software Products (Canada) Ltd -> Tracker Software Products (Canada) Ltd.) FF Plugin-x32: @tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll [2014-10-28] (Tracker Software Products (Canada) Ltd -> Tracker Software Products (Canada) Ltd.) FF Plugin HKU\.DEFAULT: @tracker-software.com/PDF-XChange Editor Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Editor\npPDFXEditPlugin.x64.dll [2016-11-28] (Tracker Software Products (Canada) Ltd -> Tracker Software Products (Canada) Ltd.) Chrome: ======= CHR Profile: C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default [2020-01-30] CHR StartupUrls: Default -> "hxxp://www.google.de/" CHR Extension: (Präsentationen) - C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2018-03-02] CHR Extension: (Docs) - C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2018-03-02] CHR Extension: (Google Drive) - C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2018-03-02] CHR Extension: (YouTube) - C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2018-03-02] CHR Extension: (Avira Password Manager) - C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\caljgklbbfbcjjanaijlacgncafpegll [2020-01-21] CHR Extension: (Tabellen) - C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2018-03-02] CHR Extension: (Google Docs Offline) - C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2020-01-21] CHR Extension: (Chrome Web Store-Zahlungen) - C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2019-10-10] CHR Extension: (Google Mail) - C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2019-05-28] CHR Extension: (Chrome Media Router) - C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2020-01-21] CHR HKLM\...\Chrome\Extension: [caljgklbbfbcjjanaijlacgncafpegll] CHR HKLM\...\Chrome\Extension: [ccbpbkebodcjkknkfkpmfeciinhidaeh] CHR HKLM-x32\...\Chrome\Extension: [caljgklbbfbcjjanaijlacgncafpegll] CHR HKLM-x32\...\Chrome\Extension: [ccbpbkebodcjkknkfkpmfeciinhidaeh] ==================== Dienste (Nicht auf der Ausnahmeliste) =================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.) R2 AAV UpdateService; C:\Program Files (x86)\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe [128296 2008-10-24] (Wolters Kluwer Deutschland GmbH -> ) R2 ABBYY.Licensing.FineReader.Corporate.11.0; C:\Program Files (x86)\Common Files\ABBYY\FineReader\11.00\Licensing\CE\NetworkLicenseServer.exe [819976 2011-08-18] (ABBYY SOLUTIONS LIMITED -> ABBYY) R2 ABBYY.Licensing.FineReader.Professional.9.0; C:\Program Files (x86)\Common Files\ABBYY\FineReader\9.00\Licensing\PE\NetworkLicenseServer.exe [759072 2008-05-16] (ABBYY Software House -> ABBYY (BIT Software)) S2 AntiVirMailService; C:\Program Files (x86)\Avira\Antivirus\avmailc7.exe [1210168 2019-11-25] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG) R2 AntivirProtectedService; C:\Program Files (x86)\Avira\Antivirus\ProtectedService.exe [535352 2019-10-30] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG) R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\Antivirus\sched.exe [484768 2019-10-30] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG) R2 AntiVirService; C:\Program Files (x86)\Avira\Antivirus\avguard.exe [484768 2019-10-30] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG) S2 AntiVirWebService; C:\Program Files (x86)\Avira\Antivirus\avwebg7.exe [574848 2020-01-14] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG) R2 Avira.ServiceHost; C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe [617520 2020-01-15] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG) R2 AviraOptimizerHost; C:\Program Files (x86)\Avira\Optimizer Host\Avira.OptimizerHost.exe [2989888 2020-01-20] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG) R2 AviraPhantomVPN; C:\Program Files (x86)\Avira\VPN\Avira.VpnService.exe [379624 2020-01-08] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG) R2 AviraSecurity; C:\Program Files (x86)\Avira\Security\Avira.Spotlight.Service.exe [240408 2020-01-22] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG) R2 AviraUpdaterService; C:\Program Files (x86)\Avira\SoftwareUpdater\Avira.SoftwareUpdater.ServiceHost.exe [150648 2019-12-23] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG) R2 cbVSCService11; C:\Program Files (x86)\Cobian Backup 11\cbVSCService11.exe [67584 2013-03-07] (CobianSoft, Luis Cobian) [Datei ist nicht signiert] R2 CobianBackup11; C:\Program Files (x86)\Cobian Backup 11\cbService.exe [1131008 2013-03-07] (Luis Cobian, CobianSoft) [Datei ist nicht signiert] S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2018-03-03] (Dropbox, Inc -> Dropbox, Inc.) S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2018-03-03] (Dropbox, Inc -> Dropbox, Inc.) R2 DbxSvc; C:\WINDOWS\system32\DbxSvc.exe [44552 2020-01-23] (Dropbox, Inc -> Dropbox, Inc.) R2 EsgShKernel; C:\Program Files\EnigmaSoft\SpyHunter\ShKernel.exe [11780320 2020-01-30] (EnigmaSoft Limited -> EnigmaSoft Limited) R2 FJTWMKSV; C:\Windows\twain_32\fjscan32\FJTWMKSV.exe [36864 2011-07-20] (PFU LIMITED) [Datei ist nicht signiert] R2 ibtsiva; C:\WINDOWS\system32\ibtsiva.exe [515768 2017-04-13] (Intel(R) Wireless Connectivity Solutions -> Intel Corporation) S2 IntelAudioService; C:\WINDOWS\system32\cAVS\Intel(R) Audio Service\IntelAudioService.exe [356848 2019-09-04] (Smart Sound Technology -> Intel) S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [268704 2017-03-21] (Intel Corporation-Wireless Connectivity Solutions -> ) R2 RtkAudioUniversalService; C:\WINDOWS\System32\RtkAudUService64.exe [878368 2019-05-30] (Realtek Semiconductor Corp. -> Realtek Semiconductor) S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [5796168 2019-09-12] (Microsoft Windows Publisher -> Microsoft Corporation) R2 ShMonitor; C:\Program Files\EnigmaSoft\SpyHunter\ShMonitor.exe [519904 2020-01-30] (EnigmaSoft Limited -> EnigmaSoft Limited) R2 ss_conn_service; C:\Program Files (x86)\Samsung\USB Drivers\27_ssconn\conn\ss_conn_service.exe [752224 2017-01-16] (Samsung Electronics CO., LTD. -> DEVGURU Co., LTD.) R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [13172752 2020-01-22] (TeamViewer Germany GmbH -> TeamViewer Germany GmbH) S3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1911.3-0\NisSrv.exe [3206472 2019-12-07] (Microsoft Windows Publisher -> Microsoft Corporation) S3 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1911.3-0\MsMpEng.exe [103376 2019-12-07] (Microsoft Windows Publisher -> Microsoft Corporation) R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3750304 2017-03-21] (Intel Corporation-Wireless Connectivity Solutions -> Intel® Corporation) ===================== Treiber (Nicht auf der Ausnahmeliste) =================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.) R0 avdevprot; C:\WINDOWS\System32\DRIVERS\avdevprot.sys [78936 2019-06-07] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG) S0 avelam; C:\WINDOWS\System32\drivers\avelam.sys [22336 2019-03-20] (Microsoft Windows Early Launch Anti-Malware Publisher -> Avira Operations GmbH & Co. KG) R2 avgntflt; C:\WINDOWS\System32\DRIVERS\avgntflt.sys [207784 2019-12-02] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG) R1 avipbb; C:\WINDOWS\system32\DRIVERS\avipbb.sys [197176 2019-09-19] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG) R1 avkmgr; C:\WINDOWS\system32\DRIVERS\avkmgr.sys [46704 2019-03-20] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG) R2 avnetflt; C:\WINDOWS\system32\DRIVERS\avnetflt.sys [89736 2019-03-20] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG) R0 avusbflt; C:\WINDOWS\System32\Drivers\avusbflt.sys [45472 2019-03-20] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG) S3 dg_ssudbus; C:\WINDOWS\system32\DRIVERS\ssudbus.sys [131712 2017-01-16] (Samsung Electronics CO., LTD. -> Samsung Electronics Co., Ltd.) R3 EnigmaFileMonDriver; C:\WINDOWS\System32\drivers\EnigmaFileMonDriver.sys [68424 2020-01-30] (EnigmaSoft Limited -> EnigmaSoft Limited) R3 ibtusb; C:\WINDOWS\system32\DRIVERS\ibtusb.sys [129032 2017-04-13] (Intel(R) Wireless Connectivity Solutions -> Intel Corporation) R3 IntcAudioBus; C:\WINDOWS\System32\drivers\IntcAudioBus.sys [277192 2019-09-04] (Smart Sound Technology -> Intel(R) Corporation) R3 IntcOED; C:\WINDOWS\System32\drivers\IntcOED.sys [849792 2019-09-04] (Smart Sound Technology -> Intel(R) Corporation) S3 ITECIRfilter; C:\WINDOWS\system32\DRIVERS\ITECIRfilter.sys [36560 2015-11-24] (ITE Tech. Inc. -> ITE Tech. Inc. ) S3 Netwtw06; C:\WINDOWS\System32\drivers\Netwtw06.sys [8723968 2019-03-19] (Microsoft Windows -> Intel Corporation) R3 phantomtap; C:\WINDOWS\System32\drivers\phantomtap.sys [45056 2020-01-08] (Avira Operations GmbH & Co. KG -> The OpenVPN Project) R3 RSP2STOR; C:\WINDOWS\system32\DRIVERS\RtsP2Stor.sys [356344 2019-05-15] (Realtek Semiconductor Corp. -> Realtek Semiconductor Corp.) S3 ssudmdm; C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [165504 2017-01-16] (Samsung Electronics CO., LTD. -> Samsung Electronics Co., Ltd.) R2 sxuptp; C:\WINDOWS\System32\drivers\sxuptp.sys [310496 2014-12-19] (silex technology, Inc. -> silex technology, Inc.) S3 WdBoot; C:\WINDOWS\system32\drivers\wd\WdBoot.sys [45664 2019-12-07] (Microsoft Windows Early Launch Anti-Malware Publisher -> Microsoft Corporation) S3 WdFilter; C:\WINDOWS\system32\drivers\wd\WdFilter.sys [355760 2019-12-07] (Microsoft Windows -> Microsoft Corporation) S3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [54192 2019-12-07] (Microsoft Windows -> Microsoft Corporation) ==================== NetSvcs (Nicht auf der Ausnahmeliste) =================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.) ==================== Ein Monat (erstellte) =================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.) 2020-01-30 18:35 - 2020-01-30 18:35 - 000047180 _____ C:\Users\Michael\Downloads\FRST.txt 2020-01-30 18:33 - 2020-01-30 18:35 - 000000000 ____D C:\FRST 2020-01-30 18:33 - 2020-01-30 18:33 - 002581504 _____ (Farbar) C:\Users\Michael\Downloads\FRST64.exe 2020-01-30 18:14 - 2020-01-30 18:14 - 000021407 _____ C:\Users\Michael\Desktop\Aufwandsübersicht_2020_01_29.xlsm 2020-01-30 18:14 - 2020-01-30 18:14 - 000000165 ____H C:\Users\Michael\Desktop\~$Aufwandsübersicht_2020_01_29.xlsm 2020-01-30 17:47 - 2020-01-30 17:47 - 000003562 _____ C:\WINDOWS\system32\Tasks\Avira_Security_Update 2020-01-30 17:47 - 2020-01-30 17:47 - 000000000 ____D C:\Users\Public\Security Sessions 2020-01-30 17:46 - 2020-01-30 17:46 - 000003374 _____ C:\WINDOWS\system32\Tasks\Avira_Antivirus_Systray 2020-01-30 17:45 - 2019-12-02 10:26 - 000207784 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avgntflt.sys 2020-01-30 17:45 - 2019-09-19 09:07 - 000197176 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avipbb.sys 2020-01-30 17:45 - 2019-06-07 14:09 - 000078936 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avdevprot.sys 2020-01-30 17:45 - 2019-03-20 18:50 - 000089736 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avnetflt.sys 2020-01-30 17:45 - 2019-03-20 18:50 - 000046704 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avkmgr.sys 2020-01-30 17:45 - 2019-03-20 18:50 - 000045472 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avusbflt.sys 2020-01-30 17:45 - 2019-03-20 18:50 - 000022336 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avelam.sys 2020-01-30 17:43 - 2020-01-30 17:43 - 000003780 _____ C:\WINDOWS\system32\Tasks\AviraSystemSpeedupUpdate 2020-01-30 17:43 - 2020-01-30 17:43 - 000000000 ____D C:\Users\Public\Speedup Sessions 2020-01-30 17:42 - 2020-01-30 17:47 - 000000000 ____D C:\ProgramData\Avira 2020-01-30 17:42 - 2020-01-30 17:46 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira 2020-01-30 17:42 - 2020-01-30 17:42 - 000001261 _____ C:\Users\Public\Desktop\Avira.lnk 2020-01-30 17:42 - 2020-01-30 17:42 - 000001261 _____ C:\ProgramData\Desktop\Avira.lnk 2020-01-30 17:40 - 2020-01-30 17:41 - 003837048 _____ (Avira Operations GmbH & Co. KG) C:\Users\Michael\Downloads\avira_de_sptl1_1399270432-1580402456__pantivirws-spotlight-release.exe 2020-01-30 17:39 - 2020-01-30 17:39 - 000068424 _____ (EnigmaSoft Limited) C:\WINDOWS\system32\Drivers\EnigmaFileMonDriver.sys 2020-01-30 17:39 - 2020-01-30 17:39 - 000001055 _____ C:\Users\Public\Desktop\SpyHunter5.lnk 2020-01-30 17:39 - 2020-01-30 17:39 - 000001055 _____ C:\ProgramData\Desktop\SpyHunter5.lnk 2020-01-30 17:39 - 2020-01-30 17:39 - 000000000 ____D C:\sh5ldr 2020-01-30 17:39 - 2020-01-30 17:39 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EnigmaSoft 2020-01-30 17:39 - 2020-01-30 17:39 - 000000000 ____D C:\ProgramData\EnigmaSoft Limited 2020-01-30 17:39 - 2020-01-30 17:39 - 000000000 ____D C:\Program Files\EnigmaSoft 2020-01-30 17:38 - 2020-01-30 17:38 - 006946736 _____ (EnigmaSoft Limited) C:\Users\Michael\Downloads\sh-remover.exe 2020-01-29 18:23 - 2020-01-30 09:27 - 000000000 ____D C:\Program Files (x86)\Mozilla Thunderbird 2020-01-24 11:57 - 2020-01-24 11:57 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox 2020-01-23 16:20 - 2020-01-23 16:20 - 001106896 ____N C:\Users\Michael\Desktop\Wintergarten1.pdf 2020-01-23 16:19 - 2020-01-23 16:19 - 000131623 ____N C:\Users\Michael\Desktop\26.pdf 2020-01-23 16:18 - 2020-01-23 16:18 - 000079456 ____N C:\Users\Michael\Desktop\25.pdf 2020-01-23 10:15 - 2020-01-23 10:15 - 000900674 ____N C:\Users\Michael\Desktop\Wintergarten Copy.pdf 2020-01-23 10:14 - 2020-01-23 10:14 - 000280605 ____N C:\Users\Michael\Desktop\24.pdf 2020-01-23 09:52 - 2020-01-23 09:52 - 000341303 ____N C:\Users\Michael\Desktop\Wintergarten.pdf 2020-01-23 09:52 - 2020-01-23 09:52 - 000282023 ____N C:\Users\Michael\Desktop\23.pdf 2020-01-23 00:24 - 2020-01-23 00:24 - 000047600 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-stable.sys 2020-01-23 00:24 - 2020-01-23 00:24 - 000047600 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-dev.sys 2020-01-23 00:24 - 2020-01-23 00:24 - 000047600 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-canary.sys 2020-01-23 00:24 - 2020-01-23 00:24 - 000044552 _____ (Dropbox, Inc.) C:\WINDOWS\system32\DbxSvc.exe 2020-01-21 10:35 - 2020-01-21 10:36 - 003318440 ____N (Dominik Reichl ) C:\Users\Michael\Downloads\KeePass-2.44-Setup.exe 2020-01-21 09:08 - 2020-01-29 21:37 - 000000000 ____D C:\Program Files (x86)\Mozilla Firefox 2020-01-20 18:35 - 2020-01-20 18:35 - 000028583 ____N C:\Users\Michael\Desktop\1Rechnung2020 (4).pdf 2020-01-20 18:34 - 2020-01-20 18:34 - 000028591 ____N C:\Users\Michael\Desktop\1Rechnung2020 (3).pdf 2020-01-20 18:32 - 2020-01-20 18:32 - 000028550 ____N C:\Users\Michael\Desktop\1Rechnung2020 (2).pdf 2020-01-20 18:31 - 2020-01-20 18:31 - 000028553 ____N C:\Users\Michael\Desktop\1Rechnung2020 (1).pdf 2020-01-20 18:29 - 2020-01-20 18:29 - 000028553 ____N C:\Users\Michael\Desktop\1Rechnung2020.pdf 2020-01-20 15:57 - 2020-01-20 15:57 - 000001283 ____N C:\Users\Michael\Desktop\Google Chrome.lnk 2020-01-20 08:41 - 2020-01-20 08:41 - 000000000 ____D C:\Users\Michael\opera autoupdate 2020-01-17 09:35 - 2020-01-17 09:35 - 025900032 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll 2020-01-17 09:35 - 2020-01-17 09:35 - 025444352 _____ (Microsoft Corporation) C:\WINDOWS\system32\Hydrogen.dll 2020-01-17 09:35 - 2020-01-17 09:35 - 022627840 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll 2020-01-17 09:35 - 2020-01-17 09:35 - 019849216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll 2020-01-17 09:35 - 2020-01-17 09:35 - 018020352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll 2020-01-17 09:35 - 2020-01-17 09:35 - 009928208 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe 2020-01-17 09:35 - 2020-01-17 09:35 - 008012800 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstscax.dll 2020-01-17 09:35 - 2020-01-17 09:35 - 007754752 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll 2020-01-17 09:35 - 2020-01-17 09:35 - 007600448 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll 2020-01-17 09:35 - 2020-01-17 09:35 - 007016448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstscax.dll 2020-01-17 09:35 - 2020-01-17 09:35 - 006520480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll 2020-01-17 09:35 - 2020-01-17 09:35 - 005913600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll 2020-01-17 09:35 - 2020-01-17 09:35 - 003729408 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys 2020-01-17 09:35 - 2020-01-17 09:35 - 003703296 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll 2020-01-17 09:35 - 2020-01-17 09:35 - 003263488 _____ (Microsoft Corporation) C:\WINDOWS\system32\tquery.dll 2020-01-17 09:35 - 2020-01-17 09:35 - 002870784 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssrch.dll 2020-01-17 09:35 - 2020-01-17 09:35 - 002801152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys 2020-01-17 09:35 - 2020-01-17 09:35 - 002716672 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys 2020-01-17 09:35 - 2020-01-17 09:35 - 002561536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tquery.dll 2020-01-17 09:35 - 2020-01-17 09:35 - 002494464 _____ (Microsoft Corporation) C:\WINDOWS\system32\msmpeg2vdec.dll 2020-01-17 09:35 - 2020-01-17 09:35 - 002473976 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinapi.appcore.dll 2020-01-17 09:35 - 2020-01-17 09:35 - 002305536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssrch.dll 2020-01-17 09:35 - 2020-01-17 09:35 - 001985928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinapi.appcore.dll 2020-01-17 09:35 - 2020-01-17 09:35 - 001835008 _____ (Microsoft Corporation) C:\WINDOWS\system32\enterprisecsps.dll 2020-01-17 09:35 - 2020-01-17 09:35 - 001697280 _____ (Microsoft Corporation) C:\WINDOWS\system32\GdiPlus.dll 2020-01-17 09:35 - 2020-01-17 09:35 - 001664896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\user32.dll 2020-01-17 09:35 - 2020-01-17 09:35 - 001655880 _____ (Microsoft Corporation) C:\WINDOWS\system32\user32.dll 2020-01-17 09:35 - 2020-01-17 09:35 - 001610752 _____ (Microsoft Corporation) C:\WINDOWS\system32\HologramCompositor.dll 2020-01-17 09:35 - 2020-01-17 09:35 - 001458688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GdiPlus.dll 2020-01-17 09:35 - 2020-01-17 09:35 - 001399096 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvix64.exe 2020-01-17 09:35 - 2020-01-17 09:35 - 001330952 _____ (Microsoft Corporation) C:\WINDOWS\system32\crypt32.dll 2020-01-17 09:35 - 2020-01-17 09:35 - 001151816 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmpeg2srcsnk.dll 2020-01-17 09:35 - 2020-01-17 09:35 - 001106944 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Streaming.dll 2020-01-17 09:35 - 2020-01-17 09:35 - 001098720 _____ (Microsoft Corporation) C:\WINDOWS\system32\DolbyDecMFT.dll 2020-01-17 09:35 - 2020-01-17 09:35 - 001072952 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvax64.exe 2020-01-17 09:35 - 2020-01-17 09:35 - 001051664 _____ (Microsoft Corporation) C:\WINDOWS\system32\pidgenx.dll 2020-01-17 09:35 - 2020-01-17 09:35 - 001020032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\crypt32.dll 2020-01-17 09:35 - 2020-01-17 09:35 - 000921600 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Management.dll 2020-01-17 09:35 - 2020-01-17 09:35 - 000896512 _____ (Microsoft Corporation) C:\WINDOWS\system32\MdmDiagnostics.dll 2020-01-17 09:35 - 2020-01-17 09:35 - 000852480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Streaming.dll 2020-01-17 09:35 - 2020-01-17 09:35 - 000851456 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchIndexer.exe 2020-01-17 09:35 - 2020-01-17 09:35 - 000842752 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll 2020-01-17 09:35 - 2020-01-17 09:35 - 000701440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Mirage.Internal.dll 2020-01-17 09:35 - 2020-01-17 09:35 - 000689664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll 2020-01-17 09:35 - 2020-01-17 09:35 - 000678712 _____ (Microsoft Corporation) C:\WINDOWS\system32\StructuredQuery.dll 2020-01-17 09:35 - 2020-01-17 09:35 - 000673792 _____ (Microsoft Corporation) C:\WINDOWS\system32\wiaaut.dll 2020-01-17 09:35 - 2020-01-17 09:35 - 000671232 _____ (Microsoft Corporation) C:\WINDOWS\system32\wiaservc.dll 2020-01-17 09:35 - 2020-01-17 09:35 - 000670720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchIndexer.exe 2020-01-17 09:35 - 2020-01-17 09:35 - 000646144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Internal.Management.dll 2020-01-17 09:35 - 2020-01-17 09:35 - 000571392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wiaaut.dll 2020-01-17 09:35 - 2020-01-17 09:35 - 000550400 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys 2020-01-17 09:35 - 2020-01-17 09:35 - 000542496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\StructuredQuery.dll 2020-01-17 09:35 - 2020-01-17 09:35 - 000432256 _____ (Microsoft Corporation) C:\WINDOWS\system32\tsmf.dll 2020-01-17 09:35 - 2020-01-17 09:35 - 000401408 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchProtocolHost.exe 2020-01-17 09:35 - 2020-01-17 09:35 - 000400696 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\clfs.sys 2020-01-17 09:35 - 2020-01-17 09:35 - 000392192 _____ (Microsoft Corporation) C:\WINDOWS\system32\Search.ProtocolHandler.MAPI2.dll 2020-01-17 09:35 - 2020-01-17 09:35 - 000379392 _____ (Microsoft Corporation) C:\WINDOWS\system32\provengine.dll 2020-01-17 09:35 - 2020-01-17 09:35 - 000368128 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssvp.dll 2020-01-17 09:35 - 2020-01-17 09:35 - 000363840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tsmf.dll 2020-01-17 09:35 - 2020-01-17 09:35 - 000336384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchProtocolHost.exe 2020-01-17 09:35 - 2020-01-17 09:35 - 000329216 _____ (Microsoft Corporation) C:\WINDOWS\system32\DiagnosticLogCSP.dll 2020-01-17 09:35 - 2020-01-17 09:35 - 000324096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32k.sys 2020-01-17 09:35 - 2020-01-17 09:35 - 000321536 _____ (Microsoft Corporation) C:\WINDOWS\system32\sti.dll 2020-01-17 09:35 - 2020-01-17 09:35 - 000317440 _____ (Microsoft Corporation) C:\WINDOWS\system32\ConhostV1.dll 2020-01-17 09:35 - 2020-01-17 09:35 - 000299520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssvp.dll 2020-01-17 09:35 - 2020-01-17 09:35 - 000294400 _____ (Microsoft Corporation) C:\WINDOWS\system32\provops.dll 2020-01-17 09:35 - 2020-01-17 09:35 - 000283136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Search.ProtocolHandler.MAPI2.dll 2020-01-17 09:35 - 2020-01-17 09:35 - 000271872 _____ (Microsoft Corporation) C:\WINDOWS\system32\provhandlers.dll 2020-01-17 09:35 - 2020-01-17 09:35 - 000240640 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchFilterHost.exe 2020-01-17 09:35 - 2020-01-17 09:35 - 000233472 _____ (Microsoft Corporation) C:\WINDOWS\system32\KnobsCore.dll 2020-01-17 09:35 - 2020-01-17 09:35 - 000232448 _____ (Microsoft Corporation) C:\WINDOWS\system32\provisioningcsp.dll 2020-01-17 09:35 - 2020-01-17 09:35 - 000227840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sti.dll 2020-01-17 09:35 - 2020-01-17 09:35 - 000223232 _____ (Microsoft Corporation) C:\WINDOWS\system32\tssrvlic.dll 2020-01-17 09:35 - 2020-01-17 09:35 - 000211968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchFilterHost.exe 2020-01-17 09:35 - 2020-01-17 09:35 - 000206336 _____ (Microsoft Corporation) C:\WINDOWS\system32\sti_ci.dll 2020-01-17 09:35 - 2020-01-17 09:35 - 000204800 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssph.dll 2020-01-17 09:35 - 2020-01-17 09:35 - 000162696 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmcmnutils.dll 2020-01-17 09:35 - 2020-01-17 09:35 - 000160768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssph.dll 2020-01-17 09:35 - 2020-01-17 09:35 - 000148992 _____ (Microsoft Corporation) C:\WINDOWS\system32\MDMAppInstaller.exe 2020-01-17 09:35 - 2020-01-17 09:35 - 000147456 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssprxy.dll 2020-01-17 09:35 - 2020-01-17 09:35 - 000145920 _____ (Microsoft Corporation) C:\WINDOWS\system32\wiadss.dll 2020-01-17 09:35 - 2020-01-17 09:35 - 000132096 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tsusbhub.sys 2020-01-17 09:35 - 2020-01-17 09:35 - 000128512 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssitlb.dll 2020-01-17 09:35 - 2020-01-17 09:35 - 000127520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dmcmnutils.dll 2020-01-17 09:35 - 2020-01-17 09:35 - 000127064 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32u.dll 2020-01-17 09:35 - 2020-01-17 09:35 - 000123904 _____ (Microsoft Corporation) C:\WINDOWS\system32\cryptcatsvc.dll 2020-01-17 09:35 - 2020-01-17 09:35 - 000120320 _____ (Microsoft Corporation) C:\WINDOWS\system32\KnobsCsp.dll 2020-01-17 09:35 - 2020-01-17 09:35 - 000119808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wiadss.dll 2020-01-17 09:35 - 2020-01-17 09:35 - 000113152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssitlb.dll 2020-01-17 09:35 - 2020-01-17 09:35 - 000102400 _____ (Microsoft Corporation) C:\WINDOWS\system32\NFCProvisioningPlugin.dll 2020-01-17 09:35 - 2020-01-17 09:35 - 000097280 _____ (Microsoft Corporation) C:\WINDOWS\system32\provdatastore.dll 2020-01-17 09:35 - 2020-01-17 09:35 - 000091136 _____ (Microsoft Corporation) C:\WINDOWS\system32\ProvPluginEng.dll 2020-01-17 09:35 - 2020-01-17 09:35 - 000090624 _____ (Microsoft Corporation) C:\WINDOWS\system32\tsgqec.dll 2020-01-17 09:35 - 2020-01-17 09:35 - 000089536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32u.dll 2020-01-17 09:35 - 2020-01-17 09:35 - 000088576 _____ (Microsoft Corporation) C:\WINDOWS\system32\BarcodeProvisioningPlugin.dll 2020-01-17 09:35 - 2020-01-17 09:35 - 000084480 _____ (Microsoft Corporation) C:\WINDOWS\system32\enterpriseresourcemanager.dll 2020-01-17 09:35 - 2020-01-17 09:35 - 000083968 _____ (Microsoft Corporation) C:\WINDOWS\system32\wiarpc.dll 2020-01-17 09:35 - 2020-01-17 09:35 - 000083456 _____ (Microsoft Corporation) C:\WINDOWS\system32\provtool.exe 2020-01-17 09:35 - 2020-01-17 09:35 - 000083456 _____ (Microsoft Corporation) C:\WINDOWS\system32\clfsw32.dll 2020-01-17 09:35 - 2020-01-17 09:35 - 000070144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tsgqec.dll 2020-01-17 09:35 - 2020-01-17 09:35 - 000066560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\clfsw32.dll 2020-01-17 09:35 - 2020-01-17 09:35 - 000066048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\enterpriseresourcemanager.dll 2020-01-17 09:35 - 2020-01-17 09:35 - 000066048 _____ (Microsoft Corporation) C:\WINDOWS\system32\RemovableMediaProvisioningPlugin.dll 2020-01-17 09:35 - 2020-01-17 09:35 - 000062976 _____ (Microsoft Corporation) C:\WINDOWS\system32\LSCSHostPolicy.dll 2020-01-17 09:35 - 2020-01-17 09:35 - 000060416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssprxy.dll 2020-01-17 09:35 - 2020-01-17 09:35 - 000060416 _____ (Microsoft Corporation) C:\WINDOWS\system32\msscntrs.dll 2020-01-17 09:35 - 2020-01-17 09:35 - 000049152 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbscan.sys 2020-01-17 09:35 - 2020-01-17 09:35 - 000046080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msscntrs.dll 2020-01-17 09:35 - 2020-01-17 09:35 - 000033792 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Management.Provisioning.ProxyStub.dll 2020-01-17 09:35 - 2020-01-17 09:35 - 000027648 _____ (Microsoft Corporation) C:\WINDOWS\system32\lstelemetry.dll 2020-01-17 09:35 - 2020-01-17 09:35 - 000026112 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WSDScan.sys 2020-01-17 09:35 - 2020-01-17 09:35 - 000018432 _____ (Microsoft Corporation) C:\WINDOWS\system32\wiatrace.dll 2020-01-17 09:35 - 2020-01-17 09:35 - 000015360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wiatrace.dll 2020-01-17 09:35 - 2020-01-17 09:35 - 000010752 _____ (Microsoft Corporation) C:\WINDOWS\system32\DMAlertListener.ProxyStub.dll 2020-01-17 09:35 - 2020-01-17 09:35 - 000007680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DMAlertListener.ProxyStub.dll 2020-01-17 09:31 - 2019-12-10 06:15 - 000492544 _____ (Microsoft Corporation) C:\WINDOWS\system32\poqexec.exe 2020-01-17 09:31 - 2019-12-10 05:59 - 000390656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\poqexec.exe 2020-01-17 08:54 - 2020-01-17 08:54 - 000002292 ____N C:\Users\Michael\Downloads\000000001.xml 2020-01-10 11:01 - 2020-01-10 11:01 - 000000000 ____D C:\Users\Michael\Downloads\ttusb2bda_1.0.3.9 2020-01-10 11:00 - 2020-01-10 11:00 - 000511312 ____N C:\Users\Michael\Downloads\ttusb2bda_1.0.3.9.zip 2020-01-10 10:56 - 2020-01-10 10:56 - 000000000 ____D C:\Users\Michael\Downloads\usb-firmwareupdate 2020-01-10 10:55 - 2020-01-10 10:55 - 000194473 ____N C:\Users\Michael\Downloads\usb-firmwareupdate.zip 2020-01-08 11:21 - 2020-01-08 11:21 - 000045056 _____ (The OpenVPN Project) C:\WINDOWS\system32\Drivers\phantomtap.sys 2020-01-07 18:28 - 2020-01-07 18:28 - 000066399 ____N C:\Users\Michael\Downloads\20200104_5232xxxxxxxx1733_-_Ihre_Abrechnung_vom_03_01_2020(1).PDF 2020-01-07 18:27 - 2020-01-07 18:27 - 000066399 ____N C:\Users\Michael\Downloads\20200104_5232xxxxxxxx1733_-_Ihre_Abrechnung_vom_03_01_2020.PDF 2020-01-02 18:02 - 2020-01-02 18:02 - 000144841 ____N C:\Users\Michael\Desktop\Glasduschtüre.pdf 2020-01-02 18:01 - 2020-01-02 18:01 - 000147866 ____N C:\Users\Michael\Desktop\Duschtüre.pdf ==================== Ein Monat (geänderte) ================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.) 2020-01-30 18:33 - 2019-03-19 05:52 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft 2020-01-30 18:03 - 2015-06-29 13:57 - 000000000 ____D C:\Program Files (x86)\TeamViewer 2020-01-30 17:52 - 2018-03-03 14:24 - 000000000 ____D C:\Users\Michael\AppData\LocalLow\Mozilla 2020-01-30 17:47 - 2019-10-10 16:56 - 000000000 ____D C:\Users\Michael\AppData\Local\Avira 2020-01-30 17:47 - 2019-10-10 16:54 - 000000000 ____D C:\Program Files (x86)\Avira 2020-01-30 17:46 - 2019-03-19 05:52 - 000000000 ___HD C:\WINDOWS\ELAMBKUP 2020-01-30 17:45 - 2019-03-19 05:50 - 000000000 ____D C:\WINDOWS\INF 2020-01-30 17:42 - 2014-12-15 14:52 - 000000000 ____D C:\ProgramData\Package Cache 2020-01-30 17:28 - 2018-03-03 13:57 - 000000000 ____D C:\Users\Michael\AppData\Roaming\KeePass 2020-01-30 17:24 - 2018-03-03 15:31 - 000000000 ___RD C:\Users\Michael\Dropbox 2020-01-30 16:30 - 2019-07-29 21:21 - 000000000 ____D C:\WINDOWS\system32\SleepStudy 2020-01-30 09:27 - 2018-11-22 16:31 - 000001274 ____N C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Thunderbird.lnk 2020-01-30 09:27 - 2014-12-15 12:47 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service 2020-01-30 09:23 - 2019-07-29 21:33 - 001723292 _____ C:\WINDOWS\system32\PerfStringBackup.INI 2020-01-30 09:23 - 2019-03-19 13:16 - 000743888 _____ C:\WINDOWS\system32\perfh007.dat 2020-01-30 09:23 - 2019-03-19 13:16 - 000150212 _____ C:\WINDOWS\system32\perfc007.dat 2020-01-30 09:22 - 2019-10-18 17:25 - 000000000 ____D C:\Users\Michael\Downloads\opera autoupdate 2020-01-30 09:18 - 2018-03-03 16:39 - 000000000 ____D C:\Users\Michael\AppData\Local\FreePDF_XP 2020-01-30 09:18 - 2018-03-03 16:22 - 000000000 ____D C:\Users\Michael\AppData\Roaming\Telegram Desktop 2020-01-30 09:17 - 2019-07-29 21:30 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT 2020-01-30 09:17 - 2018-03-01 15:44 - 000000000 __SHD C:\Users\Michael\IntelGraphicsProfiles 2020-01-29 21:37 - 2019-02-06 09:09 - 000000674 _____ C:\WINDOWS\Tasks\G2MUploadTask-S-1-5-21-2216129787-3453094354-8666996-1006.job 2020-01-29 21:37 - 2019-02-06 09:09 - 000000578 _____ C:\WINDOWS\Tasks\G2MUpdateTask-S-1-5-21-2216129787-3453094354-8666996-1006.job 2020-01-29 21:37 - 2018-03-03 15:29 - 000001244 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskMachineUA.job 2020-01-29 21:37 - 2018-03-03 15:29 - 000001240 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskMachineCore.job 2020-01-29 18:34 - 2019-03-19 05:52 - 000000000 ___HD C:\Program Files\WindowsApps 2020-01-29 18:34 - 2019-03-19 05:52 - 000000000 ____D C:\WINDOWS\AppReadiness 2020-01-29 18:22 - 2018-03-01 15:44 - 000000000 ____D C:\Users\Michael\AppData\Local\Packages 2020-01-29 18:21 - 2019-07-29 21:30 - 000004304 _____ C:\WINDOWS\system32\Tasks\DropboxUpdateTaskMachineUA 2020-01-29 18:21 - 2019-07-29 21:30 - 000004072 _____ C:\WINDOWS\system32\Tasks\DropboxUpdateTaskMachineCore 2020-01-28 17:42 - 2019-10-18 16:58 - 000004468 _____ C:\WINDOWS\system32\Tasks\Opera scheduled assistant Autoupdate 1571414292 2020-01-27 11:10 - 2019-02-06 09:09 - 000000000 ____D C:\Users\Michael\AppData\Local\GoToMeeting 2020-01-24 18:30 - 2019-07-29 21:30 - 000003838 _____ C:\WINDOWS\system32\Tasks\G2MUploadTask-S-1-5-21-2216129787-3453094354-8666996-1006 2020-01-24 18:30 - 2019-07-29 21:30 - 000003742 _____ C:\WINDOWS\system32\Tasks\G2MUpdateTask-S-1-5-21-2216129787-3453094354-8666996-1006 2020-01-24 11:59 - 2019-10-10 16:57 - 000004232 _____ C:\WINDOWS\system32\Tasks\Opera scheduled Autoupdate 1570723055 2020-01-24 11:59 - 2019-10-10 16:57 - 000001428 ____N C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Opera-Browser.lnk 2020-01-24 11:57 - 2018-03-03 15:29 - 000000000 ____D C:\Program Files (x86)\Dropbox 2020-01-23 17:25 - 2019-10-11 14:12 - 000000000 ____D C:\Users\Michael\Downloads\Telegram Desktop 2020-01-22 17:00 - 2015-08-04 15:10 - 000002293 ____N C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk 2020-01-21 18:19 - 2019-11-29 10:14 - 000004600 _____ C:\WINDOWS\system32\Tasks\Adobe Flash Player NPAPI Notifier 2020-01-21 18:19 - 2019-03-19 05:52 - 000000000 ____D C:\WINDOWS\SysWOW64\Macromed 2020-01-21 18:19 - 2019-03-19 05:52 - 000000000 ____D C:\WINDOWS\system32\Macromed 2020-01-21 10:36 - 2019-10-20 11:06 - 000001170 ____N C:\Users\Michael\Desktop\KeePass 2.lnk 2020-01-21 10:36 - 2014-12-15 12:50 - 000001182 ____N C:\ProgramData\Microsoft\Windows\Start Menu\Programs\KeePass 2.lnk 2020-01-21 10:36 - 2014-12-15 12:50 - 000000000 ____D C:\Program Files (x86)\KeePass Password Safe 2 2020-01-21 09:15 - 2019-07-29 21:24 - 000000000 ____D C:\Users\Michael 2020-01-21 09:15 - 2014-12-15 12:47 - 000001167 ____N C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk 2020-01-20 08:36 - 2019-07-29 21:21 - 000609288 _____ C:\WINDOWS\system32\FNTCACHE.DAT 2020-01-19 21:52 - 2019-03-19 05:52 - 000000000 ___SD C:\WINDOWS\system32\UNP 2020-01-19 21:52 - 2019-03-19 05:52 - 000000000 ____D C:\WINDOWS\SystemResources 2020-01-19 21:52 - 2019-03-19 05:52 - 000000000 ____D C:\WINDOWS\ShellExperiences 2020-01-19 21:52 - 2019-03-19 05:52 - 000000000 ____D C:\WINDOWS\bcastdvr 2020-01-19 21:52 - 2019-03-19 05:37 - 000786432 _____ C:\WINDOWS\system32\config\BBI 2020-01-19 15:56 - 2019-07-29 21:30 - 000003374 _____ C:\WINDOWS\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-2216129787-3453094354-8666996-1006 2020-01-19 15:56 - 2019-07-29 21:24 - 000002424 ____N C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk 2020-01-19 15:56 - 2018-03-01 15:46 - 000000000 ___RD C:\Users\Michael\OneDrive 2020-01-17 09:41 - 2014-12-14 15:59 - 000000000 ____D C:\WINDOWS\system32\MRT 2020-01-17 09:37 - 2019-03-19 05:37 - 000000000 ____D C:\WINDOWS\CbsTemp 2020-01-17 09:37 - 2014-12-15 13:29 - 000000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013 2020-01-17 09:37 - 2014-12-14 15:59 - 120202352 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe 2020-01-12 12:05 - 2018-03-03 15:29 - 000000000 ____D C:\Users\Michael\AppData\Local\Dropbox ==================== Dateien im Wurzelverzeichnis einiger Verzeichnisse ======== 2005-12-09 09:37 - 2005-12-09 09:37 - 001093632 _____ (Microsoft Corporation) C:\Program Files (x86)\Common Files\mfc80.dll 2005-12-09 09:37 - 2005-12-09 09:37 - 001079808 _____ (Microsoft Corporation) C:\Program Files (x86)\Common Files\mfc80u.dll 2005-12-09 09:37 - 2005-12-09 09:37 - 000069632 _____ (Microsoft Corporation) C:\Program Files (x86)\Common Files\mfcm80.dll 2005-12-09 09:37 - 2005-12-09 09:37 - 000057344 _____ (Microsoft Corporation) C:\Program Files (x86)\Common Files\mfcm80u.dll 2005-12-09 09:38 - 2005-12-09 09:38 - 000000522 _____ () C:\Program Files (x86)\Common Files\Microsoft.VC80.CRT.manifest 2005-12-09 09:38 - 2005-12-09 09:38 - 000000550 _____ () C:\Program Files (x86)\Common Files\Microsoft.VC80.MFC.manifest 2005-12-09 09:37 - 2005-12-09 09:37 - 000479232 _____ (Microsoft Corporation) C:\Program Files (x86)\Common Files\msvcm80.dll 2005-12-09 09:37 - 2005-12-09 09:37 - 000548864 _____ (Microsoft Corporation) C:\Program Files (x86)\Common Files\msvcp80.dll 2005-12-09 09:37 - 2005-12-09 09:37 - 000626688 _____ (Microsoft Corporation) C:\Program Files (x86)\Common Files\msvcr80.dll 2019-11-17 16:26 - 2019-11-17 16:26 - 000003584 ____N () C:\Users\Michael\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini 2019-06-26 18:46 - 2019-06-26 18:46 - 000011651 ____N () C:\Users\Michael\AppData\Local\recently-used.xbel ==================== SigCheck ============================ (Es ist kein automatischer Fix für Dateien vorhanden, die an der Verifikation gescheitert sind.) ==================== Ende von FRST.txt ======================== Geändert von macmesser201 (30.01.2020 um 18:52 Uhr) |
30.01.2020, 18:41 | #2 |
| Beim unachtsamen Öffnen wohl Win32/Tiggre!rfn eingefangen hier die frst.txt-Datei:
__________________Code:
ATTFilter Untersuchungsergebnis von Farbar Recovery Scan Tool (FRST) (x64) Version: 27-01-2020 durchgeführt von Michael (Administrator) auf PCxxxHOME (Intel Corporation NUC7i5BNH) (30-01-2020 18:35:24) Gestartet von C:\Users\Michael\Downloads Geladene Profile: Michael (Verfügbare Profile: Admin & Michael & Administrator) Platform: Windows 10 Pro Version 1903 18362.592 (X64) Sprache: Deutsch (Deutschland) Standard-Browser: FF Start-Modus: Normal Anleitung für Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Prozesse (Nicht auf der Ausnahmeliste) ================= (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Prozess geschlossen. Die Datei wird nicht verschoben.) () [Datei ist nicht signiert] C:\Program Files (x86)\DocFetcher\docfetcher-daemon-windows.exe (ABBYY Software House -> ABBYY (BIT Software)) C:\Program Files (x86)\Common Files\ABBYY\FineReader\9.00\Licensing\PE\NetworkLicenseServer.exe (ABBYY SOLUTIONS LIMITED -> ABBYY) C:\Program Files (x86)\Common Files\ABBYY\FineReader\11.00\Licensing\CE\NetworkLicenseServer.exe (ABBYY SOLUTIONS LIMITED -> ABBYY.) C:\Program Files (x86)\ABBYY FineReader 11\Bonus.ScreenshotReader.exe (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avgnt.exe (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avguard.exe (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avshadow.exe (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\protectedservice.exe (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\sched.exe (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.Systray.exe (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Optimizer Host\Avira.OptimizerHost.exe (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Security\Avira.Spotlight.Service.exe (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\SoftwareUpdater\Avira.SoftwareUpdater.ServiceHost.exe (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\VPN\Avira.VpnService.exe (CobianSoft, Luis Cobian) [Datei ist nicht signiert] C:\Program Files (x86)\Cobian Backup 11\cbVSCService11.exe (Dropbox, Inc -> Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe (Dropbox, Inc -> Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe (Dropbox, Inc -> Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe (Dropbox, Inc -> Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe (Dropbox, Inc -> Dropbox, Inc.) C:\Windows\System32\DbxSvc.exe (Dropbox, Inc -> The Qt Company Ltd.) C:\Program Files (x86)\Dropbox\Client\89.4.278\QtWebEngineProcess.exe (Dropbox, Inc -> The Qt Company Ltd.) C:\Program Files (x86)\Dropbox\Client\89.4.278\QtWebEngineProcess.exe (Dropbox, Inc -> The Qt Company Ltd.) C:\Program Files (x86)\Dropbox\Client\89.4.278\QtWebEngineProcess.exe (Dropbox, Inc -> The Qt Company Ltd.) C:\Program Files (x86)\Dropbox\Client\89.4.278\QtWebEngineProcess.exe (Dropbox, Inc -> The Qt Company Ltd.) C:\Program Files (x86)\Dropbox\Client\89.4.278\QtWebEngineProcess.exe (EnigmaSoft Limited -> EnigmaSoft Limited) C:\Program Files\EnigmaSoft\SpyHunter\ShKernel.exe (EnigmaSoft Limited -> EnigmaSoft Limited) C:\Program Files\EnigmaSoft\SpyHunter\ShMonitor.exe (EnigmaSoft Limited -> EnigmaSoft Limited) C:\Program Files\EnigmaSoft\SpyHunter\SpyHunter5.exe (FUJITSU LIMITED) [Datei ist nicht signiert] C:\Windows\twain_32\fjscan32\FjtwMkup.exe (Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.35.422\GoogleCrashHandler.exe (Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.35.422\GoogleCrashHandler64.exe (Intel Corporation-Wireless Connectivity Solutions -> Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe (Intel Corporation-Wireless Connectivity Solutions -> Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe (Intel Corporation-Wireless Connectivity Solutions -> Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe (Intel(R) INTELND1617S2 -> Intel Corporation) C:\Windows\System32\IPROSetMonitor.exe (Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_250db833a1cd577e\igfxCUIService.exe (Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_250db833a1cd577e\igfxEM.exe (Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_250db833a1cd577e\IntelCpHDCPSvc.exe (Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_250db833a1cd577e\IntelCpHeciSvc.exe (Intel(R) Wireless Connectivity Solutions -> Intel Corporation) C:\Windows\System32\ibtsiva.exe (Luis Cobian, CobianSoft) [Datei ist nicht signiert] C:\Program Files (x86)\Cobian Backup 11\cbInterface.exe (Luis Cobian, CobianSoft) [Datei ist nicht signiert] C:\Program Files (x86)\Cobian Backup 11\cbService.exe (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft Office\Office15\EXCEL.EXE (Microsoft Corporation -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe (Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.20011.10711.0_x64__8wekyb3d8bbwe\Video.UI.exe (Microsoft Windows -> Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe (Microsoft Windows -> Microsoft Corporation) C:\Windows\splwow64.exe (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\rundll32.exe (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\SecurityHealthHost.exe (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\SecurityHealthHost.exe (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe (Microsoft Windows -> Microsoft Corporation) C:\Windows\SystemApps\Microsoft.Windows.SecHealthUI_cw5n1h2txyewy\SecHealthUI.exe (Mozilla Corporation -> Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation) C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe (Opera Software AS -> Opera Software) C:\Users\Michael\AppData\Local\Programs\Opera\assistant\browser_assistant.exe (Opera Software AS -> Opera Software) C:\Users\Michael\AppData\Local\Programs\Opera\assistant\browser_assistant.exe (Oracle America, Inc. -> Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe (Oracle America, Inc. -> Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (PFU LIMITED) [Datei ist nicht signiert] C:\Windows\twain_32\fjscan32\ERG\FTErGuid.exe (PFU LIMITED) [Datei ist nicht signiert] C:\Windows\twain_32\fjscan32\FJTWMKSV.exe (PFU LIMITED) [Datei ist nicht signiert] C:\Windows\twain_32\fjscan32\FTPWREVT\FTPWREVT.exe (PFU LIMITED) [Datei ist nicht signiert] C:\Windows\twain_32\fjscan32\SOP\FtLnSOP.exe (Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Windows\System32\RtkAudUService64.exe (Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Windows\System32\RtkAudUService64.exe (Samsung Electronics CO., LTD. -> DEVGURU Co., LTD.) C:\Program Files (x86)\Samsung\USB Drivers\27_ssconn\conn\ss_conn_service.exe (shbox.de) [Datei ist nicht signiert] C:\Program Files (x86)\FreePDF_XP\fpassist.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH) C:\Program Files (x86)\TeamViewer\tv_w32.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH) C:\Program Files (x86)\TeamViewer\tv_x64.exe (TechSmith Corporation -> TechSmith Corporation) C:\Program Files (x86)\TechSmith\Snagit 10\Snagit32.exe (TechSmith Corporation -> TechSmith Corporation) C:\Program Files (x86)\TechSmith\Snagit 10\SnagitEditor.exe (TechSmith Corporation -> TechSmith Corporation) C:\Program Files (x86)\TechSmith\Snagit 10\SnagPriv.exe (TechSmith Corporation -> TechSmith Corporation) C:\Program Files (x86)\TechSmith\Snagit 10\TscHelp.exe (Telegram FZ-LLC -> Telegram FZ-LLC) C:\Users\Michael\AppData\Roaming\Telegram Desktop\Telegram.exe (Tesline-Service s.r.l. -> Tesline-Service SRL) C:\Program Files (x86)\Rohos\ntserv.exe (Tracker Software Products (Canada) Ltd -> Tracker Software Products (Canada) Ltd.) C:\Program Files\Tracker Software\PDF Editor\PDFXEdit.exe (WhatsApp Inc.) C:\Program Files\WindowsApps\5319275A.WhatsAppDesktop_0.4.315.0_x64__cv1g1gvanyjgm\app\WhatsApp.exe (WhatsApp Inc.) C:\Program Files\WindowsApps\5319275A.WhatsAppDesktop_0.4.315.0_x64__cv1g1gvanyjgm\app\WhatsApp.exe (WhatsApp Inc.) C:\Program Files\WindowsApps\5319275A.WhatsAppDesktop_0.4.315.0_x64__cv1g1gvanyjgm\app\WhatsApp.exe (WhatsApp Inc.) C:\Program Files\WindowsApps\5319275A.WhatsAppDesktop_0.4.315.0_x64__cv1g1gvanyjgm\app\WhatsApp.exe (Wolters Kluwer Deutschland GmbH -> ) C:\Program Files (x86)\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe konnte nicht auf den Prozess zugreifen -> explorer.exe ==================== Registry (Nicht auf der Ausnahmeliste) =================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt. Die Datei wird nicht verschoben.) HKLM\...\Run: [RtkAudUService] => C:\WINDOWS\System32\RtkAudUService64.exe [878368 2019-05-30] (Realtek Semiconductor Corp. -> Realtek Semiconductor) HKLM\...\Run: [] => [X] HKLM-x32\...\Run: [KeePass 2 PreLoad] => C:\Program Files (x86)\KeePass Password Safe 2\KeePass.exe [3331264 2020-01-20] (Open Source Developer, Dominik Reichl -> Dominik Reichl) HKLM-x32\...\Run: [ConnectionCenter] => C:\Program Files (x86)\Citrix\ICA Client\concentr.exe [395616 2014-09-03] (Citrix Systems, Inc. -> Citrix Systems, Inc.) HKLM-x32\...\Run: [Redirector] => C:\Program Files (x86)\Citrix\ICA Client\redirector.exe [153952 2014-09-03] (Citrix Systems, Inc. -> Citrix Systems, Inc.) HKLM-x32\...\Run: [FreePDF Assistant] => C:\Program Files (x86)\FreePDF_XP\fpassist.exe [373760 2014-03-18] (shbox.de) [Datei ist nicht signiert] HKLM-x32\...\Run: [FtLnSOP_setup] => C:\Windows\Twain_32\Fjscan32\SOP\FtLnSOP.exe [147456 2012-01-23] (PFU LIMITED) [Datei ist nicht signiert] HKLM-x32\...\Run: [FJTWAIN Setup] => C:\Windows\Twain_32\fjscan32\FjtwMkup.exe [139264 2012-01-23] (FUJITSU LIMITED) [Datei ist nicht signiert] HKLM-x32\...\Run: [FTPWRENV] => C:\Windows\Twain_32\Fjscan32\FTPWREVT\FTPWREVT.exe [45056 2007-10-16] (PFU LIMITED) [Datei ist nicht signiert] HKLM-x32\...\Run: [RohosLogon] => C:\Program Files (x86)\Rohos\welcome-user.exe [1380384 2015-09-04] (Tesline-Service s.r.l. -> Tesline-Service SRL) HKLM-x32\...\Run: [Dropbox] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [6261760 2020-01-23] (Dropbox, Inc -> Dropbox, Inc.) HKLM-x32\...\Run: [Cobian Backup 11 interface] => C:\Program Files (x86)\Cobian Backup 11\cbInterface.exe [4407808 2013-03-07] (Luis Cobian, CobianSoft) [Datei ist nicht signiert] HKLM-x32\...\Run: [DocFetcher-Daemon] => C:\Program Files (x86)\DocFetcher\docfetcher-daemon-windows.exe [563621 2018-07-30] () [Datei ist nicht signiert] HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [645648 2019-10-05] (Oracle America, Inc. -> Oracle Corporation) HKLM-x32\...\Run: [Avira SystrayStartTrigger] => C:\Program Files (x86)\Avira\Launcher\Avira.SystrayStartTrigger.exe [228136 2020-01-15] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG) HKLM-x32\...\Run: [Avira System Speedup User Starter] => C:\Program Files (x86)\Avira\System Speedup\Avira.SystemSpeedup.Core.Common.Starter.exe [331368 2020-01-30] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG) HKLM-x32\...\Run: [] => [X] HKU\S-1-5-21-2216129787-3453094354-8666996-1006\...\Run: [Opera Browser Assistant] => C:\Users\Michael\AppData\Local\Programs\Opera\assistant\browser_assistant.exe [2785304 2020-01-28] (Opera Software AS -> Opera Software) HKU\S-1-5-21-2216129787-3453094354-8666996-1006\...\Run: [] => [X] HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\79.0.3945.130\Installer\chrmstp.exe [2020-01-22] (Google LLC -> Google LLC) HKLM\Software\...\Authentication\Credential Providers: [{75A22DF1-B82D-56ed-B229-CD30517BD617}] -> C:\WINDOWS\system32\rohos_cp_x64.dll [2015-09-04] (Tesline-Service s.r.l. -> Tesline-Service SRL) HKLM\Software\...\Authentication\Credential Provider Filters: [{75A22DF1-B82D-56ed-B229-CD30517BD617}] -> C:\WINDOWS\system32\rohos_cp_x64.dll [2015-09-04] (Tesline-Service s.r.l. -> Tesline-Service SRL) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Error Recovery Guide.lnk [2014-12-19] ShortcutTarget: Error Recovery Guide.lnk -> C:\Windows\twain_32\fjscan32\ERG\FTErGuid.exe (PFU LIMITED) [Datei ist nicht signiert] Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Snagit 10.lnk [2015-09-10] ShortcutTarget: Snagit 10.lnk -> C:\Program Files (x86)\TechSmith\Snagit 10\Snagit32.exe (TechSmith Corporation -> TechSmith Corporation) Startup: C:\Users\xxx\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\An OneNote senden.lnk [2015-08-04] ShortcutTarget: An OneNote senden.lnk -> C:\Program Files\Microsoft Office\Office15\ONENOTEM.EXE (Microsoft Corporation -> Microsoft Corporation) Startup: C:\Users\xxx\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Citrix Receiver.lnk [2016-02-24] ShortcutTarget: Citrix Receiver.lnk -> C:\Program Files (x86)\Citrix\SelfServicePlugin\SelfServicePlugin.exe (Keine Datei) Startup: C:\Users\xxx\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Outlook 2013.lnk [2017-08-28] ShortcutTarget: Outlook 2013.lnk -> C:\Windows\Installer\{91150000-0011-0000-1000-0000000FF1CE}\outicon.exe (Microsoft Corporation -> ) Startup: C:\Users\xxx\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\StarLeaf Breeze.lnk [2016-11-11] ShortcutTarget: StarLeaf Breeze.lnk -> C:\Users\Michael\AppData\Local\StarLeaf\Breeze\Breeze.exe (Keine Datei) Startup: C:\Users\xxx\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SX Virtual Link.lnk [2014-12-19] ShortcutTarget: SX Virtual Link.lnk -> C:\Program Files\silex technology\SX Virtual Link\Connect.exe (silex technology, Inc. -> silex technology, Inc.) Startup: C:\Users\xxx\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Telegram.lnk [2014-12-22] ShortcutTarget: Telegram.lnk -> C:\Users\Michael\AppData\Roaming\Telegram Desktop\Telegram.exe (Telegram FZ-LLC -> Telegram FZ-LLC) GroupPolicy: Beschränkung ? <==== ACHTUNG ==================== Geplante Aufgaben (Nicht auf der Ausnahmeliste) ============ (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.) Task: {05EA894B-EB58-424B-B39B-116FA972E24E} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe [1626328 2014-01-23] (Microsoft Corporation -> Microsoft Corporation) Task: {07A021E7-A400-49D8-873B-AE62B61F4C70} - System32\Tasks\Avira_Antivirus_Systray => C:\Program Files (x86)\Avira\Antivirus\avgnt.exe [2757672 2019-11-15] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG) Task: {12436D86-9FE5-43B5-8EEF-8B36BAD9437F} - System32\Tasks\DropboxUpdateTaskMachineCore => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2018-03-03] (Dropbox, Inc -> Dropbox, Inc.) Task: {27E52497-1F70-494F-9DCC-D68E86DDB66C} - System32\Tasks\G2MUpdateTask-S-1-5-21-2216129787-3453094354-8666996-1006 => C:\Users\Michael\AppData\Local\GoToMeeting\16576\g2mupdate.exe [32256 2020-01-24] (LogMeIn, Inc. -> LogMeIn, Inc.) Task: {32AB90BD-1B19-4379-A7E2-EF71AC6D6EAC} - \Microsoft\Windows\UNP\RunCampaignManager -> Keine Datei <==== ACHTUNG Task: {352E6CA0-7314-4DF4-89C4-682368D80D57} - System32\Tasks\Microsoft\Windows\Workplace Join\Automatic-Workplace-Join => C:\WINDOWS\System32\AutoWorkplace.exe Task: {378B6735-940E-45A5-A099-EF9C0F748DAD} - System32\Tasks\Microsoft\Windows\rempl\shell-usoscan => C:\Program Files\rempl\remsh.exe Task: {38695BBA-0242-471D-9FE8-E978079CF2F3} - System32\Tasks\Opera scheduled Autoupdate 1570723055 => C:\Users\Michael\AppData\Local\Programs\Opera\launcher.exe [1350680 2020-01-22] (Opera Software AS -> Opera Software) Task: {3DF6D6BF-DB8D-4F47-8528-5A6F26F92A24} - \Open URL by RoboForm -> Keine Datei <==== ACHTUNG Task: {3FCFA83B-A405-4B82-B0B1-58AE7B8E326D} - System32\Tasks\Adobe Flash Player NPAPI Notifier => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_32_0_0_321_Plugin.exe [1458232 2020-01-21] (Adobe Inc. -> Adobe) Task: {40CE5594-D783-4DBE-863F-E954EF84B661} - System32\Tasks\Run RoboForm TaskBar Icon => C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe Task: {449CD507-AFCC-422B-99BA-19038F0707C2} - System32\Tasks\AviraSystemSpeedupUpdate => C:\ProgramData\Avira\SystemSpeedup\Update\avira_speedup_setup_update.exe [27848432 2020-01-30] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG ) Task: {47843C54-CCE1-4E96-A4F7-D595D5AE0AFD} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [376496 2014-01-23] (Microsoft Corporation -> Microsoft Corporation) Task: {4BB105C1-E1E5-49A8-9569-10B8D147692E} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [144200 2015-08-04] (Google Inc -> Google Inc.) Task: {4F07498B-0E99-42B0-93F2-B3BA2991397B} - System32\Tasks\G2MUploadTask-S-1-5-21-2216129787-3453094354-8666996-1006 => C:\Users\Michael\AppData\Local\GoToMeeting\16576\g2mupload.exe [32256 2020-01-24] (LogMeIn, Inc. -> LogMeIn, Inc.) Task: {5A3FB241-0B11-4EA5-BC66-0D9F1B406040} - System32\Tasks\Microsoft\Windows\Customer Experience Improvement Program\BthSQM => {C8367320-6F85-11E0-A1F0-0800200C9A66} C:\WINDOWS\System32\BthTelemetry.dll [32256 2019-03-19] (Microsoft Windows -> Microsoft Corporation) Task: {60102B88-BA20-40A2-972A-E0C6C546EFDA} - System32\Tasks\Opera scheduled assistant Autoupdate 1571414292 => C:\Users\Michael\AppData\Local\Programs\Opera\launcher.exe [1350680 2020-01-22] (Opera Software AS -> Opera Software) Task: {6993C842-31C0-403D-838A-477A93071DA8} - System32\Tasks\G2MUpdateTask-S-1-5-21-1013316503-1690231437-2228150199-1155 => C:\Users\xxx\AppData\Local\GoToMeeting\8404\g2mupdate.exe [31808 2018-02-23] (LogMeIn, Inc. -> LogMeIn, Inc.) Task: {6DFCB649-0769-4F83-BB10-F60F235F6D3D} - System32\Tasks\Microsoft\Windows\SkyDrive\Idle Sync Maintenance Task => {BF6C1E47-86EC-4194-9CE5-13C15DCB2001} Task: {727986C7-E956-46B6-8689-566B1343AE03} - System32\Tasks\CreateChoiceProcessTask => C:\Windows\BrowserChoice\browserchoice.exe Task: {74502E3C-5697-4D3C-90B7-854664CF3912} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [144200 2015-08-04] (Google Inc -> Google Inc.) Task: {767E57D2-0F24-415F-A737-106C8658282C} - System32\Tasks\HPCustParticipation HP LaserJet M101-M106 => C:\Program Files\HP\HP LaserJet M101-M106\Bin\HPCustPartic.exe [6658184 2017-04-27] (Hewlett Packard -> HP Inc.) Task: {872D0E53-FD2E-41E3-B431-698AF82882CE} - System32\Tasks\Microsoft\Windows\SkyDrive\Routine Maintenance Task => {1B1F472E-3221-4826-97DB-2C2324D389AE} Task: {9C0E4A9E-FEFF-4EC6-85BB-341B91C798F2} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [376496 2014-01-23] (Microsoft Corporation -> Microsoft Corporation) Task: {A29A4B16-728D-4E48-A8E1-7331D530114E} - System32\Tasks\Microsoft\Windows\GroupPolicy\{3E0A038B-D834-4930-9981-E89C9BFF83AA} => C:\WINDOWS\system32\gpupdate.exe [29696 2019-03-19] (Microsoft Windows -> Microsoft Corporation) Task: {A43FB1C8-F623-4579-BAE8-D8EBAA91EA1E} - System32\Tasks\G2MUploadTask-S-1-5-21-1013316503-1690231437-2228150199-1155 => C:\Users\xxx\AppData\Local\GoToMeeting\8404\g2mupload.exe [31808 2018-02-23] (LogMeIn, Inc. -> LogMeIn, Inc.) Task: {A4E42F6D-B6F2-4032-98A3-8550B484EFDF} - System32\Tasks\Microsoft\Windows\Shell\FamilySafetyUpload => {EBF00FCB-0769-4B81-9BEC-6C05514111AA} Task: {A52BA8E7-4C33-4310-865D-079A379983B6} - System32\Tasks\Microsoft\Windows\GroupPolicy\{A7719E0F-10DB-4640-AD8C-490CC6AD5202} => C:\WINDOWS\system32\gpupdate.exe [29696 2019-03-19] (Microsoft Windows -> Microsoft Corporation) Task: {AF6BA8A7-9675-4BE5-8F55-1A9E1063A6C6} - System32\Tasks\DropboxUpdateTaskMachineUA => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2018-03-03] (Dropbox, Inc -> Dropbox, Inc.) Task: {C6C3C854-50CB-459C-A56D-192379BAA19B} - System32\Tasks\CreateExplorerShellUnelevatedTask => C:\WINDOWS\Explorer.EXE /NOUACCHECK Task: {CE2DE968-E342-40D7-9566-427D45E4A886} - System32\Tasks\Microsoft\Windows\PerfTrack\BackgroundConfigSurveyor => {EA9155A3-8A39-40B4-8963-D3C761B18371} Task: {DCACECB0-BFE8-4C3E-AC08-CA8F904DA6E0} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [335416 2020-01-21] (Adobe Inc. -> Adobe) Task: {E881479F-0ADD-488A-98E5-E3BB1E56FABD} - System32\Tasks\TrackerAutoUpdate => C:\Program Files\Tracker Software\Update\TrackerUpdate.exe [4630208 2016-11-28] (Tracker Software Products (Canada) Ltd -> Tracker Software Products (Canada) Ltd.) Task: {F8391A59-C7FB-4672-A308-1EDD7A65CC55} - System32\Tasks\Avira_Security_Update => C:\Program Files (x86)\Avira\Security\Avira.Spotlight.Common.Updater.exe [226512 2020-01-22] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG) (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Aufgabe verschoben. Die Datei, die durch die Aufgabe gestartet wird, wird nicht verschoben.) Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineCore.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineUA.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe Task: C:\WINDOWS\Tasks\G2MUpdateTask-S-1-5-21-1013316503-1690231437-2228150199-1155.job => C:\Users\xxx\AppData\Local\GoToMeeting\8404\g2mupdate.exe Task: C:\WINDOWS\Tasks\G2MUpdateTask-S-1-5-21-2216129787-3453094354-8666996-1006.job => C:\Users\Michael\AppData\Local\GoToMeeting\16576\g2mupdate.exe Task: C:\WINDOWS\Tasks\G2MUploadTask-S-1-5-21-1013316503-1690231437-2228150199-1155.job => C:\Users\xxx\AppData\Local\GoToMeeting\8404\g2mupload.exe Task: C:\WINDOWS\Tasks\G2MUploadTask-S-1-5-21-2216129787-3453094354-8666996-1006.job => C:\Users\Michael\AppData\Local\GoToMeeting\16576\g2mupload.exe Task: C:\WINDOWS\Tasks\TrackerAutoUpdate.job => C:\Program Files\Tracker Software\Update\TrackerUpdate.exe-CheckUpdate(Tracker Software Products (Canada) Ltd.Kee ==================== Internet (Nicht auf der Ausnahmeliste) ==================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Eintrag entfernt oder auf den Standardwert zurückgesetzt, wenn es sich um einen Registryeintrag handelt.) Tcpip\Parameters: [DhcpNameServer] 192.168.178.1 Tcpip\..\Interfaces\{0870edde-a074-40a6-8ce3-e97f27791aa8}: [DhcpNameServer] 192.168.178.1 Tcpip\..\Interfaces\{5fc5dc9a-0860-4eba-91af-6b83c6085645}: [DhcpNameServer] 192.168.44.1 Tcpip\..\Interfaces\{720b8e4b-a57e-4978-a4f2-180187041341}: [DhcpNameServer] 10.0.0.5 10.0.0.1 Tcpip\..\Interfaces\{bf6de677-06e8-4870-aa04-c38dbce56565}: [DhcpNameServer] 192.168.178.1 Internet Explorer: ================== SearchScopes: HKLM -> DefaultScope {2BEB8D3A-B24F-4284-BBD8-B6B30EC1F64E} URL = SearchScopes: HKU\S-1-5-21-2216129787-3453094354-8666996-1006 -> DefaultScope {2BEB8D3A-B24F-4284-BBD8-B6B30EC1F64E} URL = BHO: SnagIt Toolbar Loader -> {00C6482D-C502-44C8-8409-FCE54AD9C208} -> C:\Program Files (x86)\TechSmith\Snagit 10\DLLx64\SnagitBHO64.dll [2011-11-08] (TechSmith Corporation -> TechSmith Corporation) BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll [2019-07-18] (Microsoft Corporation -> Microsoft Corporation) BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL [2018-05-15] (Microsoft Corporation -> Microsoft Corporation) BHO-x32: SnagIt Toolbar Loader -> {00C6482D-C502-44C8-8409-FCE54AD9C208} -> C:\Program Files (x86)\TechSmith\Snagit 10\SnagitBHO.dll [2011-11-08] (TechSmith Corporation -> TechSmith Corporation) BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll [2019-07-18] (Microsoft Corporation -> Microsoft Corporation) BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_231\bin\ssv.dll [2019-10-20] (Oracle America, Inc. -> Oracle Corporation) BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL [2018-05-15] (Microsoft Corporation -> Microsoft Corporation) BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_231\bin\jp2ssv.dll [2019-10-20] (Oracle America, Inc. -> Oracle Corporation) Toolbar: HKLM - Snagit - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files (x86)\TechSmith\Snagit 10\DLLx64\SnagitIEAddin64.dll [2011-11-08] (TechSmith Corporation -> TechSmith Corporation) Toolbar: HKLM-x32 - Snagit - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files (x86)\TechSmith\Snagit 10\SnagitIEAddin.dll [2011-11-08] (TechSmith Corporation -> TechSmith Corporation) DPF: HKLM-x32 {A4150320-98EC-4DB6-9BFB-EBF4B6FBEB16} hxxp://10.0.0.239/codebase/DVM_IPCam2.ocx Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL [2017-08-15] (Microsoft Corporation -> Microsoft Corporation) Filter-x32: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2014-09-03] (Citrix Systems, Inc. -> Citrix Systems, Inc.) Filter-x32: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2014-09-03] (Citrix Systems, Inc. -> Citrix Systems, Inc.) Filter-x32: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2014-09-03] (Citrix Systems, Inc. -> Citrix Systems, Inc.) Filter-x32: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2014-09-03] (Citrix Systems, Inc. -> Citrix Systems, Inc.) Filter-x32: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2014-09-03] (Citrix Systems, Inc. -> Citrix Systems, Inc.) Filter-x32: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2014-09-03] (Citrix Systems, Inc. -> Citrix Systems, Inc.) Filter-x32: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2014-09-03] (Citrix Systems, Inc. -> Citrix Systems, Inc.) Filter-x32: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2014-09-03] (Citrix Systems, Inc. -> Citrix Systems, Inc.) Filter-x32: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2014-09-03] (Citrix Systems, Inc. -> Citrix Systems, Inc.) Filter-x32: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2014-09-03] (Citrix Systems, Inc. -> Citrix Systems, Inc.) Filter-x32: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2014-09-03] (Citrix Systems, Inc. -> Citrix Systems, Inc.) Filter-x32: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2014-09-03] (Citrix Systems, Inc. -> Citrix Systems, Inc.) Filter-x32: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2014-09-03] (Citrix Systems, Inc. -> Citrix Systems, Inc.) Filter-x32: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2014-09-03] (Citrix Systems, Inc. -> Citrix Systems, Inc.) Filter-x32: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2014-09-03] (Citrix Systems, Inc. -> Citrix Systems, Inc.) Filter-x32: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2014-09-03] (Citrix Systems, Inc. -> Citrix Systems, Inc.) FireFox: ======== FF DefaultProfile: 7x1ny61f.default-1571561941413 FF ProfilePath: C:\Users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\7x1ny61f.default-1571561941413 [2020-01-30] FF user.js: detected! => C:\Users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\7x1ny61f.default-1571561941413\user.js [2019-12-01] FF Notifications: Mozilla\Firefox\Profiles\7x1ny61f.default-1571561941413 -> hxxps://www.youtube.com; hxxps://www.finanzen.net; hxxps://www.marktjagd.de; hxxps://www.aerzteblatt.de FF NewTabOverride: Mozilla\Firefox\Profiles\7x1ny61f.default-1571561941413 -> Disabled: mailcheck@gmx.net FF NewTabOverride: Mozilla\Firefox\Profiles\7x1ny61f.default-1571561941413 -> Enabled: keefox@chris.tomlinson FF Extension: (German Dictionary) - C:\Users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\7x1ny61f.default-1571561941413\Extensions\de-DE@dictionaries.addons.mozilla.org.xpi [2019-10-25] [ist nicht signiert] FF Extension: (Kee - Password Manager) - C:\Users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\7x1ny61f.default-1571561941413\Extensions\keefox@chris.tomlinson.xpi [2019-10-20] FF Extension: (GMX MailCheck) - C:\Users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\7x1ny61f.default-1571561941413\Extensions\mailcheck@gmx.net.xpi [2019-12-26] [UpdateUrl:hxxps://dl.gmx.net/mailcheck/firefox/updates.json] FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_32_0_0_321.dll [2020-01-21] (Adobe Inc. -> ) FF Plugin: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll [2014-10-28] (Tracker Software Products (Canada) Ltd -> Tracker Software Products (Canada) Ltd.) FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.50918.0\npctrl.dll [2018-10-23] (Microsoft Corporation -> Microsoft Corporation) FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~1\Office15\NPSPWRAP.DLL [2014-01-23] (Microsoft Corporation -> Microsoft Corporation) FF Plugin: @tracker-software.com/PDF-XChange Editor Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Editor\npPDFXEditPlugin.x64.dll [2016-11-28] (Tracker Software Products (Canada) Ltd -> Tracker Software Products (Canada) Ltd.) FF Plugin: @tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll [2014-10-28] (Tracker Software Products (Canada) Ltd -> Tracker Software Products (Canada) Ltd.) FF Plugin: @videolan.org/vlc,version=2.2.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [Keine Datei] FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_32_0_0_321.dll [2020-01-21] (Adobe Inc. -> ) FF Plugin-x32: @Citrix.com/npican -> C:\Program Files (x86)\Citrix\ICA Client\npicaN.dll [2014-09-03] (Citrix Systems, Inc. -> Citrix Systems, Inc.) FF Plugin-x32: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll [2014-10-28] (Tracker Software Products (Canada) Ltd -> Tracker Software Products (Canada) Ltd.) FF Plugin-x32: @google.com/sewebplugin -> C:\Windows\system32\npsewebplugin.dll [Keine Datei] FF Plugin-x32: @java.com/DTPlugin,version=11.231.2 -> C:\Program Files (x86)\Java\jre1.8.0_231\bin\dtplugin\npDeployJava1.dll [2019-10-20] (Oracle America, Inc. -> Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=11.231.2 -> C:\Program Files (x86)\Java\jre1.8.0_231\bin\plugin2\npjp2.dll [2019-10-20] (Oracle America, Inc. -> Oracle Corporation) FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2016-07-19] (Microsoft Corporation -> Microsoft Corporation) FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.50918.0\npctrl.dll [2018-10-23] (Microsoft Corporation -> Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL [2014-01-21] (Microsoft Corporation -> Microsoft Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.35.422\npGoogleUpdate3.dll [2019-12-15] (Google LLC -> Google LLC) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.35.422\npGoogleUpdate3.dll [2019-12-15] (Google LLC -> Google LLC) FF Plugin-x32: @tracker-software.com/PDF-XChange Editor Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Editor\npPDFXEditPlugin.x86.dll [2016-11-28] (Tracker Software Products (Canada) Ltd -> Tracker Software Products (Canada) Ltd.) FF Plugin-x32: @tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll [2014-10-28] (Tracker Software Products (Canada) Ltd -> Tracker Software Products (Canada) Ltd.) FF Plugin HKU\.DEFAULT: @tracker-software.com/PDF-XChange Editor Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Editor\npPDFXEditPlugin.x64.dll [2016-11-28] (Tracker Software Products (Canada) Ltd -> Tracker Software Products (Canada) Ltd.) Chrome: ======= CHR Profile: C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default [2020-01-30] CHR StartupUrls: Default -> "hxxp://www.google.de/" CHR Extension: (Präsentationen) - C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2018-03-02] CHR Extension: (Docs) - C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2018-03-02] CHR Extension: (Google Drive) - C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2018-03-02] CHR Extension: (YouTube) - C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2018-03-02] CHR Extension: (Avira Password Manager) - C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\caljgklbbfbcjjanaijlacgncafpegll [2020-01-21] CHR Extension: (Tabellen) - C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2018-03-02] CHR Extension: (Google Docs Offline) - C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2020-01-21] CHR Extension: (Chrome Web Store-Zahlungen) - C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2019-10-10] CHR Extension: (Google Mail) - C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2019-05-28] CHR Extension: (Chrome Media Router) - C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2020-01-21] CHR HKLM\...\Chrome\Extension: [caljgklbbfbcjjanaijlacgncafpegll] CHR HKLM\...\Chrome\Extension: [ccbpbkebodcjkknkfkpmfeciinhidaeh] CHR HKLM-x32\...\Chrome\Extension: [caljgklbbfbcjjanaijlacgncafpegll] CHR HKLM-x32\...\Chrome\Extension: [ccbpbkebodcjkknkfkpmfeciinhidaeh] ==================== Dienste (Nicht auf der Ausnahmeliste) =================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.) R2 AAV UpdateService; C:\Program Files (x86)\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe [128296 2008-10-24] (Wolters Kluwer Deutschland GmbH -> ) R2 ABBYY.Licensing.FineReader.Corporate.11.0; C:\Program Files (x86)\Common Files\ABBYY\FineReader\11.00\Licensing\CE\NetworkLicenseServer.exe [819976 2011-08-18] (ABBYY SOLUTIONS LIMITED -> ABBYY) R2 ABBYY.Licensing.FineReader.Professional.9.0; C:\Program Files (x86)\Common Files\ABBYY\FineReader\9.00\Licensing\PE\NetworkLicenseServer.exe [759072 2008-05-16] (ABBYY Software House -> ABBYY (BIT Software)) S2 AntiVirMailService; C:\Program Files (x86)\Avira\Antivirus\avmailc7.exe [1210168 2019-11-25] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG) R2 AntivirProtectedService; C:\Program Files (x86)\Avira\Antivirus\ProtectedService.exe [535352 2019-10-30] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG) R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\Antivirus\sched.exe [484768 2019-10-30] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG) R2 AntiVirService; C:\Program Files (x86)\Avira\Antivirus\avguard.exe [484768 2019-10-30] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG) S2 AntiVirWebService; C:\Program Files (x86)\Avira\Antivirus\avwebg7.exe [574848 2020-01-14] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG) R2 Avira.ServiceHost; C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe [617520 2020-01-15] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG) R2 AviraOptimizerHost; C:\Program Files (x86)\Avira\Optimizer Host\Avira.OptimizerHost.exe [2989888 2020-01-20] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG) R2 AviraPhantomVPN; C:\Program Files (x86)\Avira\VPN\Avira.VpnService.exe [379624 2020-01-08] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG) R2 AviraSecurity; C:\Program Files (x86)\Avira\Security\Avira.Spotlight.Service.exe [240408 2020-01-22] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG) R2 AviraUpdaterService; C:\Program Files (x86)\Avira\SoftwareUpdater\Avira.SoftwareUpdater.ServiceHost.exe [150648 2019-12-23] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG) R2 cbVSCService11; C:\Program Files (x86)\Cobian Backup 11\cbVSCService11.exe [67584 2013-03-07] (CobianSoft, Luis Cobian) [Datei ist nicht signiert] R2 CobianBackup11; C:\Program Files (x86)\Cobian Backup 11\cbService.exe [1131008 2013-03-07] (Luis Cobian, CobianSoft) [Datei ist nicht signiert] S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2018-03-03] (Dropbox, Inc -> Dropbox, Inc.) S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2018-03-03] (Dropbox, Inc -> Dropbox, Inc.) R2 DbxSvc; C:\WINDOWS\system32\DbxSvc.exe [44552 2020-01-23] (Dropbox, Inc -> Dropbox, Inc.) R2 EsgShKernel; C:\Program Files\EnigmaSoft\SpyHunter\ShKernel.exe [11780320 2020-01-30] (EnigmaSoft Limited -> EnigmaSoft Limited) R2 FJTWMKSV; C:\Windows\twain_32\fjscan32\FJTWMKSV.exe [36864 2011-07-20] (PFU LIMITED) [Datei ist nicht signiert] R2 ibtsiva; C:\WINDOWS\system32\ibtsiva.exe [515768 2017-04-13] (Intel(R) Wireless Connectivity Solutions -> Intel Corporation) S2 IntelAudioService; C:\WINDOWS\system32\cAVS\Intel(R) Audio Service\IntelAudioService.exe [356848 2019-09-04] (Smart Sound Technology -> Intel) S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [268704 2017-03-21] (Intel Corporation-Wireless Connectivity Solutions -> ) R2 RtkAudioUniversalService; C:\WINDOWS\System32\RtkAudUService64.exe [878368 2019-05-30] (Realtek Semiconductor Corp. -> Realtek Semiconductor) S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [5796168 2019-09-12] (Microsoft Windows Publisher -> Microsoft Corporation) R2 ShMonitor; C:\Program Files\EnigmaSoft\SpyHunter\ShMonitor.exe [519904 2020-01-30] (EnigmaSoft Limited -> EnigmaSoft Limited) R2 ss_conn_service; C:\Program Files (x86)\Samsung\USB Drivers\27_ssconn\conn\ss_conn_service.exe [752224 2017-01-16] (Samsung Electronics CO., LTD. -> DEVGURU Co., LTD.) R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [13172752 2020-01-22] (TeamViewer Germany GmbH -> TeamViewer Germany GmbH) S3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1911.3-0\NisSrv.exe [3206472 2019-12-07] (Microsoft Windows Publisher -> Microsoft Corporation) S3 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1911.3-0\MsMpEng.exe [103376 2019-12-07] (Microsoft Windows Publisher -> Microsoft Corporation) R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3750304 2017-03-21] (Intel Corporation-Wireless Connectivity Solutions -> Intel® Corporation) ===================== Treiber (Nicht auf der Ausnahmeliste) =================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.) R0 avdevprot; C:\WINDOWS\System32\DRIVERS\avdevprot.sys [78936 2019-06-07] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG) S0 avelam; C:\WINDOWS\System32\drivers\avelam.sys [22336 2019-03-20] (Microsoft Windows Early Launch Anti-Malware Publisher -> Avira Operations GmbH & Co. KG) R2 avgntflt; C:\WINDOWS\System32\DRIVERS\avgntflt.sys [207784 2019-12-02] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG) R1 avipbb; C:\WINDOWS\system32\DRIVERS\avipbb.sys [197176 2019-09-19] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG) R1 avkmgr; C:\WINDOWS\system32\DRIVERS\avkmgr.sys [46704 2019-03-20] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG) R2 avnetflt; C:\WINDOWS\system32\DRIVERS\avnetflt.sys [89736 2019-03-20] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG) R0 avusbflt; C:\WINDOWS\System32\Drivers\avusbflt.sys [45472 2019-03-20] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG) S3 dg_ssudbus; C:\WINDOWS\system32\DRIVERS\ssudbus.sys [131712 2017-01-16] (Samsung Electronics CO., LTD. -> Samsung Electronics Co., Ltd.) R3 EnigmaFileMonDriver; C:\WINDOWS\System32\drivers\EnigmaFileMonDriver.sys [68424 2020-01-30] (EnigmaSoft Limited -> EnigmaSoft Limited) R3 ibtusb; C:\WINDOWS\system32\DRIVERS\ibtusb.sys [129032 2017-04-13] (Intel(R) Wireless Connectivity Solutions -> Intel Corporation) R3 IntcAudioBus; C:\WINDOWS\System32\drivers\IntcAudioBus.sys [277192 2019-09-04] (Smart Sound Technology -> Intel(R) Corporation) R3 IntcOED; C:\WINDOWS\System32\drivers\IntcOED.sys [849792 2019-09-04] (Smart Sound Technology -> Intel(R) Corporation) S3 ITECIRfilter; C:\WINDOWS\system32\DRIVERS\ITECIRfilter.sys [36560 2015-11-24] (ITE Tech. Inc. -> ITE Tech. Inc. ) S3 Netwtw06; C:\WINDOWS\System32\drivers\Netwtw06.sys [8723968 2019-03-19] (Microsoft Windows -> Intel Corporation) R3 phantomtap; C:\WINDOWS\System32\drivers\phantomtap.sys [45056 2020-01-08] (Avira Operations GmbH & Co. KG -> The OpenVPN Project) R3 RSP2STOR; C:\WINDOWS\system32\DRIVERS\RtsP2Stor.sys [356344 2019-05-15] (Realtek Semiconductor Corp. -> Realtek Semiconductor Corp.) S3 ssudmdm; C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [165504 2017-01-16] (Samsung Electronics CO., LTD. -> Samsung Electronics Co., Ltd.) R2 sxuptp; C:\WINDOWS\System32\drivers\sxuptp.sys [310496 2014-12-19] (silex technology, Inc. -> silex technology, Inc.) S3 WdBoot; C:\WINDOWS\system32\drivers\wd\WdBoot.sys [45664 2019-12-07] (Microsoft Windows Early Launch Anti-Malware Publisher -> Microsoft Corporation) S3 WdFilter; C:\WINDOWS\system32\drivers\wd\WdFilter.sys [355760 2019-12-07] (Microsoft Windows -> Microsoft Corporation) S3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [54192 2019-12-07] (Microsoft Windows -> Microsoft Corporation) ==================== NetSvcs (Nicht auf der Ausnahmeliste) =================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.) ==================== Ein Monat (erstellte) =================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.) 2020-01-30 18:35 - 2020-01-30 18:35 - 000047180 _____ C:\Users\Michael\Downloads\FRST.txt 2020-01-30 18:33 - 2020-01-30 18:35 - 000000000 ____D C:\FRST 2020-01-30 18:33 - 2020-01-30 18:33 - 002581504 _____ (Farbar) C:\Users\Michael\Downloads\FRST64.exe 2020-01-30 18:14 - 2020-01-30 18:14 - 000021407 _____ C:\Users\Michael\Desktop\Aufwandsübersicht_2020_01_29.xlsm 2020-01-30 18:14 - 2020-01-30 18:14 - 000000165 ____H C:\Users\Michael\Desktop\~$Aufwandsübersicht_2020_01_29.xlsm 2020-01-30 17:47 - 2020-01-30 17:47 - 000003562 _____ C:\WINDOWS\system32\Tasks\Avira_Security_Update 2020-01-30 17:47 - 2020-01-30 17:47 - 000000000 ____D C:\Users\Public\Security Sessions 2020-01-30 17:46 - 2020-01-30 17:46 - 000003374 _____ C:\WINDOWS\system32\Tasks\Avira_Antivirus_Systray 2020-01-30 17:45 - 2019-12-02 10:26 - 000207784 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avgntflt.sys 2020-01-30 17:45 - 2019-09-19 09:07 - 000197176 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avipbb.sys 2020-01-30 17:45 - 2019-06-07 14:09 - 000078936 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avdevprot.sys 2020-01-30 17:45 - 2019-03-20 18:50 - 000089736 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avnetflt.sys 2020-01-30 17:45 - 2019-03-20 18:50 - 000046704 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avkmgr.sys 2020-01-30 17:45 - 2019-03-20 18:50 - 000045472 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avusbflt.sys 2020-01-30 17:45 - 2019-03-20 18:50 - 000022336 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avelam.sys 2020-01-30 17:43 - 2020-01-30 17:43 - 000003780 _____ C:\WINDOWS\system32\Tasks\AviraSystemSpeedupUpdate 2020-01-30 17:43 - 2020-01-30 17:43 - 000000000 ____D C:\Users\Public\Speedup Sessions 2020-01-30 17:42 - 2020-01-30 17:47 - 000000000 ____D C:\ProgramData\Avira 2020-01-30 17:42 - 2020-01-30 17:46 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira 2020-01-30 17:42 - 2020-01-30 17:42 - 000001261 _____ C:\Users\Public\Desktop\Avira.lnk 2020-01-30 17:42 - 2020-01-30 17:42 - 000001261 _____ C:\ProgramData\Desktop\Avira.lnk 2020-01-30 17:40 - 2020-01-30 17:41 - 003837048 _____ (Avira Operations GmbH & Co. KG) C:\Users\Michael\Downloads\avira_de_sptl1_1399270432-1580402456__pantivirws-spotlight-release.exe 2020-01-30 17:39 - 2020-01-30 17:39 - 000068424 _____ (EnigmaSoft Limited) C:\WINDOWS\system32\Drivers\EnigmaFileMonDriver.sys 2020-01-30 17:39 - 2020-01-30 17:39 - 000001055 _____ C:\Users\Public\Desktop\SpyHunter5.lnk 2020-01-30 17:39 - 2020-01-30 17:39 - 000001055 _____ C:\ProgramData\Desktop\SpyHunter5.lnk 2020-01-30 17:39 - 2020-01-30 17:39 - 000000000 ____D C:\sh5ldr 2020-01-30 17:39 - 2020-01-30 17:39 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EnigmaSoft 2020-01-30 17:39 - 2020-01-30 17:39 - 000000000 ____D C:\ProgramData\EnigmaSoft Limited 2020-01-30 17:39 - 2020-01-30 17:39 - 000000000 ____D C:\Program Files\EnigmaSoft 2020-01-30 17:38 - 2020-01-30 17:38 - 006946736 _____ (EnigmaSoft Limited) C:\Users\Michael\Downloads\sh-remover.exe 2020-01-29 18:23 - 2020-01-30 09:27 - 000000000 ____D C:\Program Files (x86)\Mozilla Thunderbird 2020-01-24 11:57 - 2020-01-24 11:57 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox 2020-01-23 16:20 - 2020-01-23 16:20 - 001106896 ____N C:\Users\Michael\Desktop\Wintergarten1.pdf 2020-01-23 16:19 - 2020-01-23 16:19 - 000131623 ____N C:\Users\Michael\Desktop\26.pdf 2020-01-23 16:18 - 2020-01-23 16:18 - 000079456 ____N C:\Users\Michael\Desktop\25.pdf 2020-01-23 10:15 - 2020-01-23 10:15 - 000900674 ____N C:\Users\Michael\Desktop\Wintergarten Copy.pdf 2020-01-23 10:14 - 2020-01-23 10:14 - 000280605 ____N C:\Users\Michael\Desktop\24.pdf 2020-01-23 09:52 - 2020-01-23 09:52 - 000341303 ____N C:\Users\Michael\Desktop\Wintergarten.pdf 2020-01-23 09:52 - 2020-01-23 09:52 - 000282023 ____N C:\Users\Michael\Desktop\23.pdf 2020-01-23 00:24 - 2020-01-23 00:24 - 000047600 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-stable.sys 2020-01-23 00:24 - 2020-01-23 00:24 - 000047600 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-dev.sys 2020-01-23 00:24 - 2020-01-23 00:24 - 000047600 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-canary.sys 2020-01-23 00:24 - 2020-01-23 00:24 - 000044552 _____ (Dropbox, Inc.) C:\WINDOWS\system32\DbxSvc.exe 2020-01-21 10:35 - 2020-01-21 10:36 - 003318440 ____N (Dominik Reichl ) C:\Users\Michael\Downloads\KeePass-2.44-Setup.exe 2020-01-21 09:08 - 2020-01-29 21:37 - 000000000 ____D C:\Program Files (x86)\Mozilla Firefox 2020-01-20 18:35 - 2020-01-20 18:35 - 000028583 ____N C:\Users\Michael\Desktop\1Rechnung2020 (4).pdf 2020-01-20 18:34 - 2020-01-20 18:34 - 000028591 ____N C:\Users\Michael\Desktop\1Rechnung2020 (3).pdf 2020-01-20 18:32 - 2020-01-20 18:32 - 000028550 ____N C:\Users\Michael\Desktop\1Rechnung2020 (2).pdf 2020-01-20 18:31 - 2020-01-20 18:31 - 000028553 ____N C:\Users\Michael\Desktop\1Rechnung2020 (1).pdf 2020-01-20 18:29 - 2020-01-20 18:29 - 000028553 ____N C:\Users\Michael\Desktop\1Rechnung2020.pdf 2020-01-20 15:57 - 2020-01-20 15:57 - 000001283 ____N C:\Users\Michael\Desktop\Google Chrome.lnk 2020-01-20 08:41 - 2020-01-20 08:41 - 000000000 ____D C:\Users\Michael\opera autoupdate 2020-01-17 09:35 - 2020-01-17 09:35 - 025900032 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll 2020-01-17 09:35 - 2020-01-17 09:35 - 025444352 _____ (Microsoft Corporation) C:\WINDOWS\system32\Hydrogen.dll 2020-01-17 09:35 - 2020-01-17 09:35 - 022627840 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll 2020-01-17 09:35 - 2020-01-17 09:35 - 019849216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll 2020-01-17 09:35 - 2020-01-17 09:35 - 018020352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll 2020-01-17 09:35 - 2020-01-17 09:35 - 009928208 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe 2020-01-17 09:35 - 2020-01-17 09:35 - 008012800 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstscax.dll 2020-01-17 09:35 - 2020-01-17 09:35 - 007754752 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll 2020-01-17 09:35 - 2020-01-17 09:35 - 007600448 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll 2020-01-17 09:35 - 2020-01-17 09:35 - 007016448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstscax.dll 2020-01-17 09:35 - 2020-01-17 09:35 - 006520480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll 2020-01-17 09:35 - 2020-01-17 09:35 - 005913600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll 2020-01-17 09:35 - 2020-01-17 09:35 - 003729408 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys 2020-01-17 09:35 - 2020-01-17 09:35 - 003703296 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll 2020-01-17 09:35 - 2020-01-17 09:35 - 003263488 _____ (Microsoft Corporation) C:\WINDOWS\system32\tquery.dll 2020-01-17 09:35 - 2020-01-17 09:35 - 002870784 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssrch.dll 2020-01-17 09:35 - 2020-01-17 09:35 - 002801152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys 2020-01-17 09:35 - 2020-01-17 09:35 - 002716672 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys 2020-01-17 09:35 - 2020-01-17 09:35 - 002561536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tquery.dll 2020-01-17 09:35 - 2020-01-17 09:35 - 002494464 _____ (Microsoft Corporation) C:\WINDOWS\system32\msmpeg2vdec.dll 2020-01-17 09:35 - 2020-01-17 09:35 - 002473976 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinapi.appcore.dll 2020-01-17 09:35 - 2020-01-17 09:35 - 002305536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssrch.dll 2020-01-17 09:35 - 2020-01-17 09:35 - 001985928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinapi.appcore.dll 2020-01-17 09:35 - 2020-01-17 09:35 - 001835008 _____ (Microsoft Corporation) C:\WINDOWS\system32\enterprisecsps.dll 2020-01-17 09:35 - 2020-01-17 09:35 - 001697280 _____ (Microsoft Corporation) C:\WINDOWS\system32\GdiPlus.dll 2020-01-17 09:35 - 2020-01-17 09:35 - 001664896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\user32.dll 2020-01-17 09:35 - 2020-01-17 09:35 - 001655880 _____ (Microsoft Corporation) C:\WINDOWS\system32\user32.dll 2020-01-17 09:35 - 2020-01-17 09:35 - 001610752 _____ (Microsoft Corporation) C:\WINDOWS\system32\HologramCompositor.dll 2020-01-17 09:35 - 2020-01-17 09:35 - 001458688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GdiPlus.dll 2020-01-17 09:35 - 2020-01-17 09:35 - 001399096 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvix64.exe 2020-01-17 09:35 - 2020-01-17 09:35 - 001330952 _____ (Microsoft Corporation) C:\WINDOWS\system32\crypt32.dll 2020-01-17 09:35 - 2020-01-17 09:35 - 001151816 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmpeg2srcsnk.dll 2020-01-17 09:35 - 2020-01-17 09:35 - 001106944 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Streaming.dll 2020-01-17 09:35 - 2020-01-17 09:35 - 001098720 _____ (Microsoft Corporation) C:\WINDOWS\system32\DolbyDecMFT.dll 2020-01-17 09:35 - 2020-01-17 09:35 - 001072952 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvax64.exe 2020-01-17 09:35 - 2020-01-17 09:35 - 001051664 _____ (Microsoft Corporation) C:\WINDOWS\system32\pidgenx.dll 2020-01-17 09:35 - 2020-01-17 09:35 - 001020032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\crypt32.dll 2020-01-17 09:35 - 2020-01-17 09:35 - 000921600 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Management.dll 2020-01-17 09:35 - 2020-01-17 09:35 - 000896512 _____ (Microsoft Corporation) C:\WINDOWS\system32\MdmDiagnostics.dll 2020-01-17 09:35 - 2020-01-17 09:35 - 000852480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Streaming.dll 2020-01-17 09:35 - 2020-01-17 09:35 - 000851456 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchIndexer.exe 2020-01-17 09:35 - 2020-01-17 09:35 - 000842752 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll 2020-01-17 09:35 - 2020-01-17 09:35 - 000701440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Mirage.Internal.dll 2020-01-17 09:35 - 2020-01-17 09:35 - 000689664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll 2020-01-17 09:35 - 2020-01-17 09:35 - 000678712 _____ (Microsoft Corporation) C:\WINDOWS\system32\StructuredQuery.dll 2020-01-17 09:35 - 2020-01-17 09:35 - 000673792 _____ (Microsoft Corporation) C:\WINDOWS\system32\wiaaut.dll 2020-01-17 09:35 - 2020-01-17 09:35 - 000671232 _____ (Microsoft Corporation) C:\WINDOWS\system32\wiaservc.dll 2020-01-17 09:35 - 2020-01-17 09:35 - 000670720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchIndexer.exe 2020-01-17 09:35 - 2020-01-17 09:35 - 000646144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Internal.Management.dll 2020-01-17 09:35 - 2020-01-17 09:35 - 000571392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wiaaut.dll 2020-01-17 09:35 - 2020-01-17 09:35 - 000550400 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys 2020-01-17 09:35 - 2020-01-17 09:35 - 000542496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\StructuredQuery.dll 2020-01-17 09:35 - 2020-01-17 09:35 - 000432256 _____ (Microsoft Corporation) C:\WINDOWS\system32\tsmf.dll 2020-01-17 09:35 - 2020-01-17 09:35 - 000401408 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchProtocolHost.exe 2020-01-17 09:35 - 2020-01-17 09:35 - 000400696 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\clfs.sys 2020-01-17 09:35 - 2020-01-17 09:35 - 000392192 _____ (Microsoft Corporation) C:\WINDOWS\system32\Search.ProtocolHandler.MAPI2.dll 2020-01-17 09:35 - 2020-01-17 09:35 - 000379392 _____ (Microsoft Corporation) C:\WINDOWS\system32\provengine.dll 2020-01-17 09:35 - 2020-01-17 09:35 - 000368128 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssvp.dll 2020-01-17 09:35 - 2020-01-17 09:35 - 000363840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tsmf.dll 2020-01-17 09:35 - 2020-01-17 09:35 - 000336384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchProtocolHost.exe 2020-01-17 09:35 - 2020-01-17 09:35 - 000329216 _____ (Microsoft Corporation) C:\WINDOWS\system32\DiagnosticLogCSP.dll 2020-01-17 09:35 - 2020-01-17 09:35 - 000324096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32k.sys 2020-01-17 09:35 - 2020-01-17 09:35 - 000321536 _____ (Microsoft Corporation) C:\WINDOWS\system32\sti.dll 2020-01-17 09:35 - 2020-01-17 09:35 - 000317440 _____ (Microsoft Corporation) C:\WINDOWS\system32\ConhostV1.dll 2020-01-17 09:35 - 2020-01-17 09:35 - 000299520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssvp.dll 2020-01-17 09:35 - 2020-01-17 09:35 - 000294400 _____ (Microsoft Corporation) C:\WINDOWS\system32\provops.dll 2020-01-17 09:35 - 2020-01-17 09:35 - 000283136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Search.ProtocolHandler.MAPI2.dll 2020-01-17 09:35 - 2020-01-17 09:35 - 000271872 _____ (Microsoft Corporation) C:\WINDOWS\system32\provhandlers.dll 2020-01-17 09:35 - 2020-01-17 09:35 - 000240640 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchFilterHost.exe 2020-01-17 09:35 - 2020-01-17 09:35 - 000233472 _____ (Microsoft Corporation) C:\WINDOWS\system32\KnobsCore.dll 2020-01-17 09:35 - 2020-01-17 09:35 - 000232448 _____ (Microsoft Corporation) C:\WINDOWS\system32\provisioningcsp.dll 2020-01-17 09:35 - 2020-01-17 09:35 - 000227840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sti.dll 2020-01-17 09:35 - 2020-01-17 09:35 - 000223232 _____ (Microsoft Corporation) C:\WINDOWS\system32\tssrvlic.dll 2020-01-17 09:35 - 2020-01-17 09:35 - 000211968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchFilterHost.exe 2020-01-17 09:35 - 2020-01-17 09:35 - 000206336 _____ (Microsoft Corporation) C:\WINDOWS\system32\sti_ci.dll 2020-01-17 09:35 - 2020-01-17 09:35 - 000204800 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssph.dll 2020-01-17 09:35 - 2020-01-17 09:35 - 000162696 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmcmnutils.dll 2020-01-17 09:35 - 2020-01-17 09:35 - 000160768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssph.dll 2020-01-17 09:35 - 2020-01-17 09:35 - 000148992 _____ (Microsoft Corporation) C:\WINDOWS\system32\MDMAppInstaller.exe 2020-01-17 09:35 - 2020-01-17 09:35 - 000147456 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssprxy.dll 2020-01-17 09:35 - 2020-01-17 09:35 - 000145920 _____ (Microsoft Corporation) C:\WINDOWS\system32\wiadss.dll 2020-01-17 09:35 - 2020-01-17 09:35 - 000132096 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tsusbhub.sys 2020-01-17 09:35 - 2020-01-17 09:35 - 000128512 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssitlb.dll 2020-01-17 09:35 - 2020-01-17 09:35 - 000127520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dmcmnutils.dll 2020-01-17 09:35 - 2020-01-17 09:35 - 000127064 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32u.dll 2020-01-17 09:35 - 2020-01-17 09:35 - 000123904 _____ (Microsoft Corporation) C:\WINDOWS\system32\cryptcatsvc.dll 2020-01-17 09:35 - 2020-01-17 09:35 - 000120320 _____ (Microsoft Corporation) C:\WINDOWS\system32\KnobsCsp.dll 2020-01-17 09:35 - 2020-01-17 09:35 - 000119808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wiadss.dll 2020-01-17 09:35 - 2020-01-17 09:35 - 000113152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssitlb.dll 2020-01-17 09:35 - 2020-01-17 09:35 - 000102400 _____ (Microsoft Corporation) C:\WINDOWS\system32\NFCProvisioningPlugin.dll 2020-01-17 09:35 - 2020-01-17 09:35 - 000097280 _____ (Microsoft Corporation) C:\WINDOWS\system32\provdatastore.dll 2020-01-17 09:35 - 2020-01-17 09:35 - 000091136 _____ (Microsoft Corporation) C:\WINDOWS\system32\ProvPluginEng.dll 2020-01-17 09:35 - 2020-01-17 09:35 - 000090624 _____ (Microsoft Corporation) C:\WINDOWS\system32\tsgqec.dll 2020-01-17 09:35 - 2020-01-17 09:35 - 000089536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32u.dll 2020-01-17 09:35 - 2020-01-17 09:35 - 000088576 _____ (Microsoft Corporation) C:\WINDOWS\system32\BarcodeProvisioningPlugin.dll 2020-01-17 09:35 - 2020-01-17 09:35 - 000084480 _____ (Microsoft Corporation) C:\WINDOWS\system32\enterpriseresourcemanager.dll 2020-01-17 09:35 - 2020-01-17 09:35 - 000083968 _____ (Microsoft Corporation) C:\WINDOWS\system32\wiarpc.dll 2020-01-17 09:35 - 2020-01-17 09:35 - 000083456 _____ (Microsoft Corporation) C:\WINDOWS\system32\provtool.exe 2020-01-17 09:35 - 2020-01-17 09:35 - 000083456 _____ (Microsoft Corporation) C:\WINDOWS\system32\clfsw32.dll 2020-01-17 09:35 - 2020-01-17 09:35 - 000070144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tsgqec.dll 2020-01-17 09:35 - 2020-01-17 09:35 - 000066560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\clfsw32.dll 2020-01-17 09:35 - 2020-01-17 09:35 - 000066048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\enterpriseresourcemanager.dll 2020-01-17 09:35 - 2020-01-17 09:35 - 000066048 _____ (Microsoft Corporation) C:\WINDOWS\system32\RemovableMediaProvisioningPlugin.dll 2020-01-17 09:35 - 2020-01-17 09:35 - 000062976 _____ (Microsoft Corporation) C:\WINDOWS\system32\LSCSHostPolicy.dll 2020-01-17 09:35 - 2020-01-17 09:35 - 000060416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssprxy.dll 2020-01-17 09:35 - 2020-01-17 09:35 - 000060416 _____ (Microsoft Corporation) C:\WINDOWS\system32\msscntrs.dll 2020-01-17 09:35 - 2020-01-17 09:35 - 000049152 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbscan.sys 2020-01-17 09:35 - 2020-01-17 09:35 - 000046080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msscntrs.dll 2020-01-17 09:35 - 2020-01-17 09:35 - 000033792 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Management.Provisioning.ProxyStub.dll 2020-01-17 09:35 - 2020-01-17 09:35 - 000027648 _____ (Microsoft Corporation) C:\WINDOWS\system32\lstelemetry.dll 2020-01-17 09:35 - 2020-01-17 09:35 - 000026112 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WSDScan.sys 2020-01-17 09:35 - 2020-01-17 09:35 - 000018432 _____ (Microsoft Corporation) C:\WINDOWS\system32\wiatrace.dll 2020-01-17 09:35 - 2020-01-17 09:35 - 000015360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wiatrace.dll 2020-01-17 09:35 - 2020-01-17 09:35 - 000010752 _____ (Microsoft Corporation) C:\WINDOWS\system32\DMAlertListener.ProxyStub.dll 2020-01-17 09:35 - 2020-01-17 09:35 - 000007680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DMAlertListener.ProxyStub.dll 2020-01-17 09:31 - 2019-12-10 06:15 - 000492544 _____ (Microsoft Corporation) C:\WINDOWS\system32\poqexec.exe 2020-01-17 09:31 - 2019-12-10 05:59 - 000390656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\poqexec.exe 2020-01-17 08:54 - 2020-01-17 08:54 - 000002292 ____N C:\Users\Michael\Downloads\000000001.xml 2020-01-10 11:01 - 2020-01-10 11:01 - 000000000 ____D C:\Users\Michael\Downloads\ttusb2bda_1.0.3.9 2020-01-10 11:00 - 2020-01-10 11:00 - 000511312 ____N C:\Users\Michael\Downloads\ttusb2bda_1.0.3.9.zip 2020-01-10 10:56 - 2020-01-10 10:56 - 000000000 ____D C:\Users\Michael\Downloads\usb-firmwareupdate 2020-01-10 10:55 - 2020-01-10 10:55 - 000194473 ____N C:\Users\Michael\Downloads\usb-firmwareupdate.zip 2020-01-08 11:21 - 2020-01-08 11:21 - 000045056 _____ (The OpenVPN Project) C:\WINDOWS\system32\Drivers\phantomtap.sys 2020-01-07 18:28 - 2020-01-07 18:28 - 000066399 ____N C:\Users\Michael\Downloads\20200104_5232xxxxxxxx1733_-_Ihre_Abrechnung_vom_03_01_2020(1).PDF 2020-01-07 18:27 - 2020-01-07 18:27 - 000066399 ____N C:\Users\Michael\Downloads\20200104_5232xxxxxxxx1733_-_Ihre_Abrechnung_vom_03_01_2020.PDF 2020-01-02 18:02 - 2020-01-02 18:02 - 000144841 ____N C:\Users\Michael\Desktop\Glasduschtüre.pdf 2020-01-02 18:01 - 2020-01-02 18:01 - 000147866 ____N C:\Users\Michael\Desktop\Duschtüre.pdf ==================== Ein Monat (geänderte) ================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.) 2020-01-30 18:33 - 2019-03-19 05:52 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft 2020-01-30 18:03 - 2015-06-29 13:57 - 000000000 ____D C:\Program Files (x86)\TeamViewer 2020-01-30 17:52 - 2018-03-03 14:24 - 000000000 ____D C:\Users\Michael\AppData\LocalLow\Mozilla 2020-01-30 17:47 - 2019-10-10 16:56 - 000000000 ____D C:\Users\Michael\AppData\Local\Avira 2020-01-30 17:47 - 2019-10-10 16:54 - 000000000 ____D C:\Program Files (x86)\Avira 2020-01-30 17:46 - 2019-03-19 05:52 - 000000000 ___HD C:\WINDOWS\ELAMBKUP 2020-01-30 17:45 - 2019-03-19 05:50 - 000000000 ____D C:\WINDOWS\INF 2020-01-30 17:42 - 2014-12-15 14:52 - 000000000 ____D C:\ProgramData\Package Cache 2020-01-30 17:28 - 2018-03-03 13:57 - 000000000 ____D C:\Users\Michael\AppData\Roaming\KeePass 2020-01-30 17:24 - 2018-03-03 15:31 - 000000000 ___RD C:\Users\Michael\Dropbox 2020-01-30 16:30 - 2019-07-29 21:21 - 000000000 ____D C:\WINDOWS\system32\SleepStudy 2020-01-30 09:27 - 2018-11-22 16:31 - 000001274 ____N C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Thunderbird.lnk 2020-01-30 09:27 - 2014-12-15 12:47 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service 2020-01-30 09:23 - 2019-07-29 21:33 - 001723292 _____ C:\WINDOWS\system32\PerfStringBackup.INI 2020-01-30 09:23 - 2019-03-19 13:16 - 000743888 _____ C:\WINDOWS\system32\perfh007.dat 2020-01-30 09:23 - 2019-03-19 13:16 - 000150212 _____ C:\WINDOWS\system32\perfc007.dat 2020-01-30 09:22 - 2019-10-18 17:25 - 000000000 ____D C:\Users\Michael\Downloads\opera autoupdate 2020-01-30 09:18 - 2018-03-03 16:39 - 000000000 ____D C:\Users\Michael\AppData\Local\FreePDF_XP 2020-01-30 09:18 - 2018-03-03 16:22 - 000000000 ____D C:\Users\Michael\AppData\Roaming\Telegram Desktop 2020-01-30 09:17 - 2019-07-29 21:30 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT 2020-01-30 09:17 - 2018-03-01 15:44 - 000000000 __SHD C:\Users\Michael\IntelGraphicsProfiles 2020-01-29 21:37 - 2019-02-06 09:09 - 000000674 _____ C:\WINDOWS\Tasks\G2MUploadTask-S-1-5-21-2216129787-3453094354-8666996-1006.job 2020-01-29 21:37 - 2019-02-06 09:09 - 000000578 _____ C:\WINDOWS\Tasks\G2MUpdateTask-S-1-5-21-2216129787-3453094354-8666996-1006.job 2020-01-29 21:37 - 2018-03-03 15:29 - 000001244 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskMachineUA.job 2020-01-29 21:37 - 2018-03-03 15:29 - 000001240 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskMachineCore.job 2020-01-29 18:34 - 2019-03-19 05:52 - 000000000 ___HD C:\Program Files\WindowsApps 2020-01-29 18:34 - 2019-03-19 05:52 - 000000000 ____D C:\WINDOWS\AppReadiness 2020-01-29 18:22 - 2018-03-01 15:44 - 000000000 ____D C:\Users\Michael\AppData\Local\Packages 2020-01-29 18:21 - 2019-07-29 21:30 - 000004304 _____ C:\WINDOWS\system32\Tasks\DropboxUpdateTaskMachineUA 2020-01-29 18:21 - 2019-07-29 21:30 - 000004072 _____ C:\WINDOWS\system32\Tasks\DropboxUpdateTaskMachineCore 2020-01-28 17:42 - 2019-10-18 16:58 - 000004468 _____ C:\WINDOWS\system32\Tasks\Opera scheduled assistant Autoupdate 1571414292 2020-01-27 11:10 - 2019-02-06 09:09 - 000000000 ____D C:\Users\Michael\AppData\Local\GoToMeeting 2020-01-24 18:30 - 2019-07-29 21:30 - 000003838 _____ C:\WINDOWS\system32\Tasks\G2MUploadTask-S-1-5-21-2216129787-3453094354-8666996-1006 2020-01-24 18:30 - 2019-07-29 21:30 - 000003742 _____ C:\WINDOWS\system32\Tasks\G2MUpdateTask-S-1-5-21-2216129787-3453094354-8666996-1006 2020-01-24 11:59 - 2019-10-10 16:57 - 000004232 _____ C:\WINDOWS\system32\Tasks\Opera scheduled Autoupdate 1570723055 2020-01-24 11:59 - 2019-10-10 16:57 - 000001428 ____N C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Opera-Browser.lnk 2020-01-24 11:57 - 2018-03-03 15:29 - 000000000 ____D C:\Program Files (x86)\Dropbox 2020-01-23 17:25 - 2019-10-11 14:12 - 000000000 ____D C:\Users\Michael\Downloads\Telegram Desktop 2020-01-22 17:00 - 2015-08-04 15:10 - 000002293 ____N C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk 2020-01-21 18:19 - 2019-11-29 10:14 - 000004600 _____ C:\WINDOWS\system32\Tasks\Adobe Flash Player NPAPI Notifier 2020-01-21 18:19 - 2019-03-19 05:52 - 000000000 ____D C:\WINDOWS\SysWOW64\Macromed 2020-01-21 18:19 - 2019-03-19 05:52 - 000000000 ____D C:\WINDOWS\system32\Macromed 2020-01-21 10:36 - 2019-10-20 11:06 - 000001170 ____N C:\Users\Michael\Desktop\KeePass 2.lnk 2020-01-21 10:36 - 2014-12-15 12:50 - 000001182 ____N C:\ProgramData\Microsoft\Windows\Start Menu\Programs\KeePass 2.lnk 2020-01-21 10:36 - 2014-12-15 12:50 - 000000000 ____D C:\Program Files (x86)\KeePass Password Safe 2 2020-01-21 09:15 - 2019-07-29 21:24 - 000000000 ____D C:\Users\Michael 2020-01-21 09:15 - 2014-12-15 12:47 - 000001167 ____N C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk 2020-01-20 08:36 - 2019-07-29 21:21 - 000609288 _____ C:\WINDOWS\system32\FNTCACHE.DAT 2020-01-19 21:52 - 2019-03-19 05:52 - 000000000 ___SD C:\WINDOWS\system32\UNP 2020-01-19 21:52 - 2019-03-19 05:52 - 000000000 ____D C:\WINDOWS\SystemResources 2020-01-19 21:52 - 2019-03-19 05:52 - 000000000 ____D C:\WINDOWS\ShellExperiences 2020-01-19 21:52 - 2019-03-19 05:52 - 000000000 ____D C:\WINDOWS\bcastdvr 2020-01-19 21:52 - 2019-03-19 05:37 - 000786432 _____ C:\WINDOWS\system32\config\BBI 2020-01-19 15:56 - 2019-07-29 21:30 - 000003374 _____ C:\WINDOWS\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-2216129787-3453094354-8666996-1006 2020-01-19 15:56 - 2019-07-29 21:24 - 000002424 ____N C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk 2020-01-19 15:56 - 2018-03-01 15:46 - 000000000 ___RD C:\Users\Michael\OneDrive 2020-01-17 09:41 - 2014-12-14 15:59 - 000000000 ____D C:\WINDOWS\system32\MRT 2020-01-17 09:37 - 2019-03-19 05:37 - 000000000 ____D C:\WINDOWS\CbsTemp 2020-01-17 09:37 - 2014-12-15 13:29 - 000000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013 2020-01-17 09:37 - 2014-12-14 15:59 - 120202352 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe 2020-01-12 12:05 - 2018-03-03 15:29 - 000000000 ____D C:\Users\Michael\AppData\Local\Dropbox ==================== Dateien im Wurzelverzeichnis einiger Verzeichnisse ======== 2005-12-09 09:37 - 2005-12-09 09:37 - 001093632 _____ (Microsoft Corporation) C:\Program Files (x86)\Common Files\mfc80.dll 2005-12-09 09:37 - 2005-12-09 09:37 - 001079808 _____ (Microsoft Corporation) C:\Program Files (x86)\Common Files\mfc80u.dll 2005-12-09 09:37 - 2005-12-09 09:37 - 000069632 _____ (Microsoft Corporation) C:\Program Files (x86)\Common Files\mfcm80.dll 2005-12-09 09:37 - 2005-12-09 09:37 - 000057344 _____ (Microsoft Corporation) C:\Program Files (x86)\Common Files\mfcm80u.dll 2005-12-09 09:38 - 2005-12-09 09:38 - 000000522 _____ () C:\Program Files (x86)\Common Files\Microsoft.VC80.CRT.manifest 2005-12-09 09:38 - 2005-12-09 09:38 - 000000550 _____ () C:\Program Files (x86)\Common Files\Microsoft.VC80.MFC.manifest 2005-12-09 09:37 - 2005-12-09 09:37 - 000479232 _____ (Microsoft Corporation) C:\Program Files (x86)\Common Files\msvcm80.dll 2005-12-09 09:37 - 2005-12-09 09:37 - 000548864 _____ (Microsoft Corporation) C:\Program Files (x86)\Common Files\msvcp80.dll 2005-12-09 09:37 - 2005-12-09 09:37 - 000626688 _____ (Microsoft Corporation) C:\Program Files (x86)\Common Files\msvcr80.dll 2019-11-17 16:26 - 2019-11-17 16:26 - 000003584 ____N () C:\Users\Michael\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini 2019-06-26 18:46 - 2019-06-26 18:46 - 000011651 ____N () C:\Users\Michael\AppData\Local\recently-used.xbel ==================== SigCheck ============================ (Es ist kein automatischer Fix für Dateien vorhanden, die an der Verifikation gescheitert sind.) ==================== Ende von FRST.txt ======================== Geändert von macmesser201 (30.01.2020 um 18:55 Uhr) |
30.01.2020, 18:43 | #3 |
| Beim unachtsamen Öffnen wohl Win32/Tiggre!rfn eingefangen hier die addition.txt-Datei:
__________________Code:
ATTFilter Zusätzliches Untersuchungsergebnis von Farbar Recovery Scan Tool (x64) Version: 27-01-2020 durchgeführt von Michael (30-01-2020 18:36:26) Gestartet von C:\Users\Michael\Downloads Windows 10 Pro Version 1903 18362.592 (X64) (2019-07-29 20:30:58) Start-Modus: Normal ========================================================== ==================== Konten: ============================= Admin (S-1-5-21-2216129787-3453094354-8666996-1001 - Administrator - Enabled) => C:\Users\Admin Administrator (S-1-5-21-2216129787-3453094354-8666996-500 - Administrator - Enabled) => C:\Users\Administrator.PCxxxW81 DefaultAccount (S-1-5-21-2216129787-3453094354-8666996-503 - Limited - Disabled) Gast (S-1-5-21-2216129787-3453094354-8666996-501 - Limited - Disabled) Michael (S-1-5-21-2216129787-3453094354-8666996-1006 - Administrator - Enabled) => C:\Users\Michael WDAGUtilityAccount (S-1-5-21-2216129787-3453094354-8666996-504 - Limited - Disabled) ==================== Sicherheits-Center ======================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er entfernt.) AV: Avira Antivirus (Enabled - Up to date) {88AE6B46-DC3C-455A-A21B-085F285A3546} AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ==================== Installierte Programme ====================== (Nur Adware-Programme mit dem Zusatz "Hidden" können in die Fixlist aufgenommen werden, um sie sichtbar zu machen. Die Adware-Programme sollten manuell deinstalliert werden.) 1.1.3 (HKLM-x32\...\{A4046FE1-986B-4463-B4DD-CFA473A7056B}_is1) (Version: - PDFZilla) 7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov) AAVUpdateManager (HKLM-x32\...\{AFA42FE1-A5C3-485F-9180-BFCF5BF1F1C3}) (Version: 18.00.0000 - Wolters Kluwer Deutschland GmbH) ABBYY FineReader 11 Corporate Edition (HKLM-x32\...\{F1100000-0007-0000-0000-074957833700}) (Version: 11.0.289 - ABBYY) ABBYY FineReader 9.0 Professional Edition (HKLM-x32\...\{F9000000-0001-0000-0000-074957833700}) (Version: 9.00.882.55011 - ABBYY) Adobe Flash Player 32 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 32.0.0.321 - Adobe) Advanced Office Password Recovery (HKLM-x32\...\{B712239D-45D9-4C93-B2AF-288C7B42027F}) (Version: 6.20.927.2820 - Elcomsoft Co. Ltd.) Amazon Kindle (HKU\S-1-5-21-2216129787-3453094354-8666996-1006\...\Amazon Kindle) (Version: 1.24.3.51068 - Amazon) Avira (HKLM-x32\...\{59bab6b1-f615-42c3-9614-8dc338ac8ed4}) (Version: 1.2.143.109 - Avira Operations GmbH & Co. KG) Avira (HKLM-x32\...\{82B6E5B0-3F76-446B-9FDE-0200B5B36B37}) (Version: 1.2.143.109 - Avira Operations GmbH & Co. KG) Hidden Avira Antivirus (HKLM-x32\...\Avira Antivirus) (Version: 15.0.2001.1707 - Avira Operations GmbH & Co. KG) Avira Phantom VPN (HKLM-x32\...\Avira Phantom VPN) (Version: 2.31.1.20493 - Avira Operations GmbH & Co. KG) Avira Security (HKLM-x32\...\Avira Security_is1) (Version: 1.0.22.7684 - Avira Operations GmbH & Co. KG) Avira Software Updater (HKLM-x32\...\{3BEE2703-942D-401D-93E1-7950CCF54769}) (Version: 2.0.6.25416 - Avira Operations GmbH & Co. KG) Avira System Speedup (HKLM-x32\...\Avira System Speedup_is1) (Version: 6.4.1.10871 - Avira Operations GmbH & Co. KG) AVM FRITZ!fax für FRITZ!Box (HKLM-x32\...\FRITZ! 2.0) (Version: - AVM Berlin) calibre (HKLM-x32\...\{FB2536F7-6C1E-41D1-8619-423C526F572D}) (Version: 4.5.0 - Kovid Goyal) Citrix Online Launcher (HKLM-x32\...\{48947098-A67C-46D4-90C5-9F2F6F0F96FE}) (Version: 1.0.449 - Citrix) Citrix Receiver (HKLM-x32\...\CitrixOnlinePluginPackWeb) (Version: 14.1.200.13 - Citrix Systems, Inc.) CLIQZ (HKLM-x32\...\{5A0C0737-6AFE-4DC6-A8B4-6DFE509ACD75}_is1) (Version: 1.0.22 - CLIQZ.com) Cobian Backup 11 Gravity (HKLM-x32\...\CobBackup11) (Version: - ) Copernic Desktop Search 6 (HKLM-x32\...\{4D2FB1E6-4DE1-49D8-A126-4DB801756ADC}) (Version: 6.0.2.11079 - Copernic) Hidden Copernic Desktop Search 6 (HKLM-x32\...\CopernicDesktopSearch6) (Version: 6.0.2.11079 - Copernic) Crystal Reports Viewer XI Release 2 (HKLM-x32\...\{1765F8FA-249B-4E05-9740-AC6091646A26}) (Version: 11.5.9 - CAS Software AG) DocFetcher (HKLM-x32\...\DocFetcher) (Version: 1.1.22 - ) dradio-Recorder Version 3.02.6 (HKLM-x32\...\dradio-Recorder_is1) (Version: - ) Dropbox (HKLM-x32\...\Dropbox) (Version: 89.4.278 - Dropbox, Inc.) Dropbox Update Helper (HKLM-x32\...\{099218A5-A723-43DC-8DB5-6173656A1E94}) (Version: 1.3.295.1 - Dropbox, Inc.) Hidden EaseUS Data Recovery Wizard (HKLM\...\EaseUS Data Recovery Wizard_is1) (Version: - EaseUS) FreeCommander XE (HKLM-x32\...\FreeCommander XE_is1) (Version: - Marek Jasinski) FreePDF (Remove only) (HKLM-x32\...\FreePDF_XP) (Version: - ) FUJITSU Scanner USB HotFix (HKLM-x32\...\{F7FFF37F-DB74-408C-840F-BD8B8E955B5B}) (Version: 1.00.0000 - PFU) GIMP 2.10.12 (HKLM\...\GIMP-2_is1) (Version: 2.10.12 - The GIMP Team) Google Chrome (HKLM-x32\...\Google Chrome) (Version: 79.0.3945.130 - Google LLC) Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.35.421 - Google LLC) Hidden GoTo Opener (HKLM-x32\...\{D144D2C2-4F96-48B7-BB2A-E9185050B619}) (Version: 1.0.491 - LogMeIn, Inc.) GoToMeeting 10.7.0.16576 (HKU\S-1-5-21-2216129787-3453094354-8666996-1006\...\GoToMeeting) (Version: 10.7.0.16576 - LogMeIn, Inc.) GPL Ghostscript (HKLM\...\GPL Ghostscript 9.19) (Version: 9.19 - Artifex Software Inc.) GPL Ghostscript (HKLM-x32\...\GPL Ghostscript 9.07) (Version: 9.07 - Artifex Software Inc.) Harmony Remote Update (HKLM-x32\...\HarmonyRemoteUpdate) (Version: 7.7.1 - Logitech - HarmonyRemoteClient) HashCalc 2.02 (HKLM-x32\...\HashCalc_is1) (Version: - SlavaSoft Inc.) HP LaserJet M101-M106 - Grundlegende Software für das Gerät (HKLM\...\{F3E2696F-E581-4DE6-9063-072C86244E3C}) (Version: 44.1.2483.17117 - HP Inc.) INSTAR Camera Tool (HKLM-x32\...\{898D9706-ED7C-40B6-A0A8-BD8CE1161CFD}) (Version: 2.0.8.0 - INSTAR Deutschland GmbH) Intel(R) Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 11.7.0.1017 - Intel Corporation) Intel(R) Network Connections 22.4.16.0 (HKLM\...\PROSetDX) (Version: 22.4.16.0 - Intel) Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 22.20.16.4729 - Intel Corporation) Intel(R) Wireless Bluetooth(R) (HKLM-x32\...\{DDE28492-B260-4DF0-BA99-7F96FC2932C1}) (Version: 19.60.0 - Intel Corporation) Intel® Chipsatz-Gerätesoftware (HKLM-x32\...\{bb0592a7-5772-4736-9d55-2402740085db}) (Version: 10.1.1.38 - Intel(R) Corporation) Hidden Intel® PROSet/Wireless Software (HKLM-x32\...\{03929cf1-3ae4-4765-b8b3-32b8e2e26a8d}) (Version: 19.60.0 - Intel Corporation) IrfanView 4.51 (32-bit) (HKLM-x32\...\IrfanView) (Version: 4.51 - Irfan Skiljan) Java 8 Update 231 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180231F0}) (Version: 8.0.2310.11 - Oracle Corporation) JiveX DICOM Viewer Light 4.7.2 (HKLM-x32\...\JiveX DICOM Viewer Light 4.7.2) (Version: - VISUS Technology Transfer GmbH) Joe (HKLM-x32\...\{F8C986EA-13F8-4B39-91C3-A6B9A851CD34}) (Version: 4.01.0000 - Wirth IT Design) KeePass Password Safe 2.44 (HKLM-x32\...\KeePassPasswordSafe2_is1) (Version: 2.44 - Dominik Reichl) Kyocera Product Library (HKLM\...\Kyocera Product Library) (Version: 4.2.1909 - KYOCERA Document Solutions Inc.) LM101 (HKLM-x32\...\{C1D550A6-7C72-4286-970D-5CBF7C828A38}) (Version: 0.00.0005 - HP) Logitech Harmony Remote Software 7 (HKLM-x32\...\{5C6F884D-680C-448B-B4C9-22296EE1B206}) (Version: 7.7.0.0 - Logitech) Microsoft ASP.NET MVC 2 (HKLM-x32\...\{DD8FF2F3-0D97-4CF3-AF78-FA0E1B242244}) (Version: 2.0.60926.0 - Microsoft Corporation) Microsoft Office Professional Plus 2013 (HKLM\...\Office15.PROPLUSR) (Version: 15.0.4569.1506 - Microsoft Corporation) Microsoft OneDrive (HKU\S-1-5-21-2216129787-3453094354-8666996-1006\...\OneDriveSetup.exe) (Version: 19.222.1110.0006 - Microsoft Corporation) Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50918.0 - Microsoft Corporation) Microsoft Teams (HKU\S-1-5-21-2216129787-3453094354-8666996-1006\...\Teams) (Version: 1.2.00.13765 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}) (Version: 8.0.50727.42 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{6AFCA4E1-9B78-3640-8F72-A7BF33448200}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation) Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation) Microsoft Visual Studio 2010-Tools für Office-Laufzeit (x64) Language Pack - DEU (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - DEU) (Version: 10.0.50903 - Microsoft Corporation) Mozilla Firefox 72.0.2 (x64 de) (HKLM\...\Mozilla Firefox 72.0.2 (x64 de)) (Version: 72.0.2 - Mozilla) Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 60.9.1 - Mozilla) Mozilla Thunderbird 68.4.2 (x86 de) (HKLM-x32\...\Mozilla Thunderbird 68.4.2 (x86 de)) (Version: 68.4.2 - Mozilla) MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation) Nemetschek IFC Viewer (HKLM-x32\...\{6DF55692-696E-47BE-A59A-BECFECD2422F}) (Version: 1.0 - Nemetschek) Nuvoton SIO CIR Device Driver (HKLM-x32\...\{2FAECEAF-0EBE-48FF-B60A-B4577C0EFDAB}) (Version: 2.09.1007 - Nuvoton Technology Corp.) OneSafe Photo Recovery (HKLM-x32\...\OneSafe Photo Recovery_is1) (Version: 7.0.0.0 - Stellar Information Technology Pvt Ltd.) Online Plug-in (HKLM-x32\...\{70DCAD2C-31C1-43F9-AD4D-D45C7DC1F6F5}) (Version: 14.1.200.13 - Citrix Systems, Inc.) Hidden Opera Stable 66.0.3515.44 (HKU\S-1-5-21-2216129787-3453094354-8666996-1006\...\Opera 66.0.3515.44) (Version: 66.0.3515.44 - Opera Software) Outils de vérification linguistique 2013 de Microsoft Office*- Français (HKLM\...\{90150000-001F-040C-1000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden PDF-Viewer (HKLM\...\{A278382D-4F1B-4D47-9885-8523F7261E8D}_is1) (Version: 2.5.311.0 - Tracker Software Products Ltd) PDF-XChange Editor (HKLM\...\{B7E5844A-B8ED-4F27-A3C8-966114DCB007}) (Version: 6.0.319.0 - Tracker Software Products (Canada) Ltd.) Hidden PDF-XChange Editor (HKLM-x32\...\{e44f0a83-eeaa-471b-8e1e-5475e4183164}) (Version: 6.0.319.0 - Tracker Software Products (Canada) Ltd.) Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 10.0.15063.29094 - Realtek Semiconductor Corp.) Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7982 - Realtek Semiconductor Corp.) Recuva (HKLM\...\Recuva) (Version: 1.53 - Piriform) RedMon - Redirection Port Monitor (HKLM\...\Redirection Port Monitor) (Version: 1.90 - Ghostgum Software Pty Ltd) Remote Control USB Driver (HKLM-x32\...\{8471021C-F529-43DE-84DF-3612E10F58C4}) (Version: 2.3.2.317 - ) Rohos Logon Key 3.2 (HKLM-x32\...\Rohos_Welcome23_is1) (Version: 3.2 - Tesline-service s.r.l.) Samsung Kies3 (HKLM-x32\...\{88547073-C566-4895-9005-EBE98EA3F7C7}) (Version: 3.2.15041.2 - Samsung Electronics Co., Ltd.) Hidden Samsung Kies3 (HKLM-x32\...\InstallShield_{88547073-C566-4895-9005-EBE98EA3F7C7}) (Version: 3.2.15041.2 - Samsung Electronics Co., Ltd.) Samsung USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.63.0 - Samsung Electronics Co., Ltd.) ScandAll 21 (HKLM-x32\...\{AEFF1CC5-2774-4EAE-A19F-8A86F2E9EFDB}) (Version: - ) Scanner Utility for Microsoft Windows V09L21 (HKLM-x32\...\{580E9BBC-A51E-4AE9-A977-7B0939BEDAD3}) (Version: 9.11.2.0 - FUJITSU) Snagit 10.0.2 (HKLM-x32\...\{92D194E7-AEF9-4A9E-8620-8F3AE712E3F7}) (Version: 10.0.2 - TechSmith Corporation) Software Operation Panel (HKLM-x32\...\{E0632353-257C-49C2-83AD-CF2B056D9045}) (Version: 3.3.16.0 - PFU LIMITED) Software Operation Panel (HKLM-x32\...\Software Operation Panel) (Version: - ) SparTeam (HKLM-x32\...\{007BA21F-6EB4-4A3F-92F0-46DDF36FD091}) (Version: 1.0.0.0 - Vondos Media GmbH) SpyHunter 5 (HKLM-x32\...\SpyHunter5) (Version: 5.7.24.155 - EnigmaSoft Limited) SteuerBerater 2014-2015 (HKLM-x32\...\{415227BD-34D9-4DB3-B74C-554407208203}) (Version: 14.11.2 - Akademische Arbeitsgemeinschaft) SteuerBerater 2015-2016 (HKLM-x32\...\{342BD7F7-8BBD-403A-B09B-F3361A1365E3}) (Version: 15.11.0 - Akademische Arbeitsgemeinschaft) Steuer-Ratgeber 2016-2017 (HKLM-x32\...\{0B91CA67-AB51-4FCC-AD05-F4C8DF11D00B}) (Version: 17.01.1 - Wolters Kluwer Deutschland GmbH) Steuer-Ratgeber 2017-2018 (HKLM-x32\...\{09578E80-CE8C-47E6-A055-8C49C616541F}) (Version: 18.05.1 - Wolters Kluwer Deutschland GmbH) Steuer-Ratgeber 2018-2019 (HKLM-x32\...\{B96CAC3C-B7E7-4291-B422-0544096E217B}) (Version: 18.11.0 - Akademische Arbeitsgemeinschaft Verlagsgesellschaft mbH) SteuerRatgeber 2019-2020 (HKLM-x32\...\{9DBC64BE-3C7D-44E4-B672-C8204E1EC357}) (Version: 20.01.6 - Akademische Arbeitsgemeinschaft Verlagsgesellschaft mbH) SteuerSparErklärung 2016 (HKLM-x32\...\{D331D50C-C578-423B-8BC7-94D3133CE315}) (Version: 21.37.107 - Akademische Arbeitsgemeinschaft) SteuerSparErklärung 2017 (HKLM-x32\...\{45815686-22F8-4D24-872D-E481A654B230}) (Version: 22.33.82 - Wolters Kluwer Deutschland GmbH) SteuerSparErklärung 2018 (HKLM-x32\...\{A1D1FDBD-02F9-49B6-9EB2-2DC6B1D37E16}) (Version: 23.33.49 - Wolters Kluwer Deutschland GmbH) SteuerSparErklärung 2019 (HKLM-x32\...\{C1274A30-7822-4CAE-A4C8-395E9E687107}) (Version: 24.33.129 - Akademische Arbeitsgemeinschaft Verlagsgesellschaft mbH) SteuerSparErklärung 2020 (HKLM-x32\...\{E7E3F711-933D-4D9A-BA51-01F47179F23C}) (Version: 25.22.41 - Akademische Arbeitsgemeinschaft Verlagsgesellschaft mbH) SteuerSparErklärung Plus 2015 (HKLM-x32\...\{312C0E08-8F94-4536-AAF6-3413F784AC5F}) (Version: 20.38.173 - Akademische Arbeitsgemeinschaft) Studie zur Verbesserung von HP LaserJet M101-M106 (HKLM\...\{6C0B61B6-E03B-4D3B-8B2E-EE662C005EC4}) (Version: 44.1.2483.17117 - HP Inc.) Sweet Home 3D version 6.1 (HKLM\...\Sweet Home 3D_is1) (Version: 6.1 - eTeks) SX Virtual Link (HKLM\...\SX Virtual Link) (Version: 3.15.0 - silex technology, Inc.) TeamViewer (HKLM-x32\...\TeamViewer) (Version: 15.2.2756 - TeamViewer) Telegram Desktop version 1.9.6 (HKU\S-1-5-21-2216129787-3453094354-8666996-1006\...\{53F49750-6209-4FBF-9CA8-7A333C87D1ED}_is1) (Version: 1.9.6 - Telegram FZ-LLC) TrueCrypt (HKLM-x32\...\TrueCrypt) (Version: 7.2 - TrueCrypt Foundation) twengoo (HKLM-x32\...\{2ADA8DBD-2833-4235-A07E-0CD653A992FF}) (Version: 1.0.0.0 - Twengoo) Update for Skype for Business 2015 (KB4475564) 64-Bit Edition (HKLM\...\{90150000-00C1-0000-1000-0000000FF1CE}_Office15.PROPLUSR_{CD0EE05F-11E6-46FA-BB7B-D2A28C47A4F3}) (Version: - Microsoft) Update for Skype for Business 2015 (KB4475564) 64-Bit Edition (HKLM\...\{90150000-012B-0407-1000-0000000FF1CE}_Office15.PROPLUSR_{CD0EE05F-11E6-46FA-BB7B-D2A28C47A4F3}) (Version: - Microsoft) Update for Skype for Business 2015 (KB4475564) 64-Bit Edition (HKLM\...\{91150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUSR_{CD0EE05F-11E6-46FA-BB7B-D2A28C47A4F3}) (Version: - Microsoft) Update for Windows 10 for x64-based Systems (KB4023057) (HKLM\...\{F14FB68A-9188-4036-AD0D-D054BC9C9291}) (Version: 2.59.0.0 - Microsoft Corporation) UpdateAssistant (HKLM-x32\...\{7C070E60-8769-4763-BBD8-7537A28A60D4}) (Version: 1.10.0.0 - Microsoft Corporation) Hidden Vulkan Run Time Libraries 1.0.42.0 (HKLM\...\VulkanRT1.0.42.0) (Version: 1.0.42.0 - LunarG, Inc.) Vulkan Run Time Libraries 1.0.54.1 (HKLM\...\VulkanRT1.0.54.1) (Version: 1.0.54.1 - Intel Corporation Inc.) Vulkan Run Time Libraries 1.0.65.1 (HKLM\...\VulkanRT1.0.65.1) (Version: 1.0.65.1 - LunarG, Inc.) Hidden Vulkan Run Time Libraries 1.0.65.1 (HKLM\...\VulkanRT1.0.65.1-2) (Version: 1.0.65.1 - LunarG, Inc.) Hidden WAV To MP3 V2 (HKLM-x32\...\WAV To MP3_is1) (Version: - hxxp://www.WAVMP3.net) web control version 3.0.2.3 (HKLM-x32\...\{20779EFD-5A24-45F7-A133-132975478C4E}_is1) (Version: 3.0.2.3 - ) Windows 10 Update Assistant (HKLM-x32\...\{D5C69738-B486-402E-85AC-2456D98A64E4}) (Version: 1.4.9200.22350 - Microsoft Corporation) yEd Graph Editor 3.19 (HKLM\...\3309-7404-0599-8908) (Version: 3.19 - yWorks GmbH) ZV-Tools (HKLM-x32\...\{0980EBCE-5AAF-458A-AE31-32BA745DBA01}) (Version: 6.1 - windata GmbH & Co.KG) Packages: ========= Dell Document Hub -> C:\Program Files\WindowsApps\DellPrinter.DellDocumentHub_1.7.0.6_x64__nmdn7k89bxsn6 [2018-03-10] (DELL GLOBAL B.V. (SINGAPORE BRANCH)) Disney Magic Kingdoms -> C:\Program Files\WindowsApps\A278AB0D.DisneyMagicKingdoms_4.7.0.4_x86__h6adky7gbf63m [2020-01-23] (Gameloft.) HP Smart -> C:\Program Files\WindowsApps\AD2F1837.HPPrinterControl_105.1.623.0_x64__v10z8vjag6ke6 [2019-11-15] (HP Inc.) Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1808.3.0_x64__8wekyb3d8bbwe [2019-07-29] (Microsoft Corporation) [MS Ad] Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2019-02-13] (Microsoft Corporation) [MS Ad] Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2019-02-13] (Microsoft Corporation) [MS Ad] Microsoft News – Nachrichten -> C:\Program Files\WindowsApps\Microsoft.BingNews_4.34.20074.0_x64__8wekyb3d8bbwe [2020-01-14] (Microsoft Corporation) [MS Ad] MSN Finanzen -> C:\Program Files\WindowsApps\Microsoft.BingFinance_4.34.20074.0_x64__8wekyb3d8bbwe [2020-01-14] (Microsoft Corporation) [MS Ad] MSN Gesundheit & Fitness -> C:\Program Files\WindowsApps\Microsoft.BingHealthAndFitness_3.0.4.336_x64__8wekyb3d8bbwe [2015-07-27] (Microsoft Corporation) [MS Ad] MSN Kochen & Genuss -> C:\Program Files\WindowsApps\Microsoft.BingFoodAndDrink_3.0.4.336_x64__8wekyb3d8bbwe [2015-07-27] (Microsoft Corporation) [MS Ad] MSN Reisen -> C:\Program Files\WindowsApps\Microsoft.BingTravel_3.0.4.336_x64__8wekyb3d8bbwe [2015-07-27] (Microsoft Corporation) [MS Ad] MSN Sport -> C:\Program Files\WindowsApps\Microsoft.BingSports_4.34.20074.0_x64__8wekyb3d8bbwe [2020-01-14] (Microsoft Corporation) [MS Ad] MSN Wetter -> C:\Program Files\WindowsApps\Microsoft.BingWeather_4.34.13393.0_x64__8wekyb3d8bbwe [2019-12-19] (Microsoft Corporation) [MS Ad] Realtek Audio Control -> C:\Program Files\WindowsApps\RealtekSemiconductorCorp.RealtekAudioControl_1.3.181.0_x64__dt26b99r8h8gj [2019-09-17] (Realtek Semiconductor Corp) WhatsApp Desktop -> C:\Program Files\WindowsApps\5319275A.WhatsAppDesktop_0.4.315.0_x64__cv1g1gvanyjgm [2020-01-24] (WhatsApp Inc.) ==================== Benutzerdefinierte CLSID (Nicht auf der Ausnahmeliste): ============== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.) CustomCLSID: HKU\S-1-5-21-2216129787-3453094354-8666996-1006_Classes\CLSID\{19A6E644-14E6-4A60-B8D7-DD20610A871D}\InprocServer32 -> C:\Users\Michael\AppData\Local\Microsoft\TeamsMeetingAddin\1.0.19106.2\x64\Microsoft.Teams.AddinLoader.dll (Microsoft Corporation -> Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-2216129787-3453094354-8666996-1006_Classes\CLSID\{CB965DF1-B8EA-49C7-BDAD-5457FDC1BF92}\InprocServer32 -> C:\Users\Michael\AppData\Local\Microsoft\TeamsMeetingAddin\1.0.19106.2\x64\Microsoft.Teams.AddinLoader.dll (Microsoft Corporation -> Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-2216129787-3453094354-8666996-1006_Classes\CLSID\{E31EA727-12ED-4702-820C-4B6445F28E1A} -> [Dropbox] => C:\Users\Michael\Dropbox [2018-03-03 15:31] CustomCLSID: HKU\S-1-5-21-2216129787-3453094354-8666996-1006_Classes\CLSID\{FBD6D0C9-8321-B4A3-ABE5-BC96E3FFB74C}\InprocServer32 -> C:\WINDOWS\system32\ole32.dll (Microsoft Windows -> Microsoft Corporation) ShellIconOverlayIdentifiers: [ DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.) ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2010-11-18] (Igor Pavlov) [Datei ist nicht signiert] ContextMenuHandlers1: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.) ContextMenuHandlers1: [FineReader11ContextMenu] -> {79E48320-C6B5-49F1-992B-571D53586885} => C:\Program Files (x86)\ABBYY FineReader 11\FRIntegration.x64.dll [2011-08-18] (ABBYY SOLUTIONS LIMITED -> ABBYY.) ContextMenuHandlers1-x32: [FineReader9ContextMenu] -> {59A3380E-5305-4cea-BD99-4F2FF510C91F} => C:\Program Files (x86)\ABBYY FineReader 9.0\FRIntegration.dll [2008-06-07] (ABBYY Software House -> ABBYY Software Ltd) ContextMenuHandlers1: [PDFXChange Editor Context menu] -> {2ACD35AB-F74A-4C20-AA9B-2DE80081626D} => C:\Program Files\Tracker Software\Shell Extensions\XCShellMenu.x64.dll [2016-11-28] (Tracker Software Products (Canada) Ltd -> Tracker Software Products (Canada) Ltd.) ContextMenuHandlers1: [Shell Extension for Malware scanning] -> {45AC2688-0253-4ED8-97DE-B5370FA7D48A} => C:\Program Files (x86)\Avira\Antivirus\shlext64.dll [2019-10-30] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG) ContextMenuHandlers1: [SnagItMainShellExt] -> {CF74B903-3389-469c-B3B6-0204D204FCBD} => C:\Program Files (x86)\TechSmith\Snagit 10\DLLx64\SnagItShellExt64.dll [2011-11-08] (TechSmith Corporation -> TechSmith Corporation) ContextMenuHandlers1: [SystemSpeedupFilesMenu] -> {14cb2bd0-2375-3d10-9b5d-5e18865c8959} => C:\Program Files (x86)\Avira\System Speedup\Avira.SystemSpeedup.UI.ShellExtension.DLL [2020-01-30] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG) ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2010-11-18] (Igor Pavlov) [Datei ist nicht signiert] ContextMenuHandlers4: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.) ContextMenuHandlers4: [RecuvaShellExt] -> {435E5DF5-2510-463C-B223-BDA47006D002} => C:\Program Files\Recuva\RecuvaShell64.dll [2016-06-06] (Piriform Ltd -> Piriform Ltd) ContextMenuHandlers4: [SnagItMainShellExt] -> {CF74B903-3389-469c-B3B6-0204D204FCBD} => C:\Program Files (x86)\TechSmith\Snagit 10\DLLx64\SnagItShellExt64.dll [2011-11-08] (TechSmith Corporation -> TechSmith Corporation) ContextMenuHandlers4: [SystemSpeedupFoldersMenu] -> {700866bb-c8e9-3e71-b359-abb28baed0e8} => C:\Program Files (x86)\Avira\System Speedup\Avira.SystemSpeedup.UI.ShellExtension.DLL [2020-01-30] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG) ContextMenuHandlers5: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.) ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\WINDOWS\System32\DriverStore\FileRepository\igdlh64.inf_amd64_250db833a1cd577e\igfxDTCM.dll [2018-02-28] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation) ContextMenuHandlers5: [SystemSpeedupDesktopMenu] -> {0cab5786-30e8-3185-9b3b-ccefbf1b8afe} => C:\Program Files (x86)\Avira\System Speedup\Avira.SystemSpeedup.UI.ShellExtension.DLL [2020-01-30] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG) ContextMenuHandlers6: [FineReader11ContextMenu] -> {79E48320-C6B5-49F1-992B-571D53586885} => C:\Program Files (x86)\ABBYY FineReader 11\FRIntegration.x64.dll [2011-08-18] (ABBYY SOLUTIONS LIMITED -> ABBYY.) ContextMenuHandlers6: [RecuvaShellExt] -> {435E5DF5-2510-463C-B223-BDA47006D002} => C:\Program Files\Recuva\RecuvaShell64.dll [2016-06-06] (Piriform Ltd -> Piriform Ltd) ContextMenuHandlers6: [Shell Extension for Malware scanning] -> {45AC2688-0253-4ED8-97DE-B5370FA7D48A} => C:\Program Files (x86)\Avira\Antivirus\shlext64.dll [2019-10-30] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG) ==================== Codecs (Nicht auf der Ausnahmeliste) ==================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt. Die Datei wird nicht verschoben.) HKLM\...\Drivers32: [vidc.i420] => C:\WINDOWS\system32\lvcod64.dll [175392 2012-10-26] (Logitech, Inc. -> Logitech Inc.) HKLM\...\Drivers32: [vidc.i420] => C:\Windows\SysWOW64\lvcodec2.dll [305000 2012-10-26] (Logitech, Inc. -> Logitech Inc.) ==================== Verknüpfungen & WMI ======================== ==================== Geladene Module (Nicht auf der Ausnahmeliste) ============= 2020-01-24 18:37 - 2020-01-24 18:40 - 000553472 _____ () [Datei ist nicht signiert] \\?\C:\Program Files\WindowsApps\5319275A.WhatsAppDesktop_0.4.315.0_x64__cv1g1gvanyjgm\app\resources\app.asar.unpacked\node_modules\electron-panel-window\build\Release\NativeExtension.node 2020-01-24 18:37 - 2020-01-24 18:40 - 000598016 _____ () [Datei ist nicht signiert] \\?\C:\Program Files\WindowsApps\5319275A.WhatsAppDesktop_0.4.315.0_x64__cv1g1gvanyjgm\app\resources\app.asar.unpacked\node_modules\node-quarantine\build\Release\binding.node 2019-06-07 12:24 - 2019-06-07 12:24 - 002126848 _____ () [Datei ist nicht signiert] C:\Program Files\WindowsApps\5319275A.WhatsAppDesktop_0.4.315.0_x64__cv1g1gvanyjgm\app\ffmpeg.dll 2019-06-07 12:24 - 2019-06-07 12:24 - 000109056 _____ () [Datei ist nicht signiert] C:\Program Files\WindowsApps\5319275A.WhatsAppDesktop_0.4.315.0_x64__cv1g1gvanyjgm\app\libegl.dll 2019-06-07 12:24 - 2019-06-07 12:24 - 005103616 _____ () [Datei ist nicht signiert] C:\Program Files\WindowsApps\5319275A.WhatsAppDesktop_0.4.315.0_x64__cv1g1gvanyjgm\app\libglesv2.dll 2018-11-15 13:24 - 2006-02-23 11:35 - 000020480 _____ () [Datei ist nicht signiert] C:\WINDOWS\System32\FritzColorPort64.dll 2018-11-15 13:24 - 2006-02-22 10:39 - 000020480 _____ () [Datei ist nicht signiert] C:\WINDOWS\System32\FritzPort64.dll 2014-12-19 10:30 - 2012-06-21 07:25 - 000113152 _____ () [Datei ist nicht signiert] C:\WINDOWS\System32\redmon64.dll 2015-09-09 14:17 - 2015-06-03 12:32 - 000219136 _____ () [Datei ist nicht signiert] C:\WINDOWS\SYSTEM32\rohos_btkey.dll 2010-11-18 20:08 - 2010-11-18 20:08 - 000086016 _____ (Igor Pavlov) [Datei ist nicht signiert] C:\Program Files\7-Zip\7-zip.dll 2011-11-08 09:44 - 2011-11-08 09:44 - 000066192 ____R (LEAD Technologies, Inc -> LEAD Technologies, Inc.) [Datei ist nicht signiert] C:\Program Files (x86)\TechSmith\Snagit 10\LFJbg15U.DLL 2011-11-08 09:44 - 2011-11-08 09:44 - 000126096 ____R (LEAD Technologies, Inc -> LEAD Technologies, Inc.) [Datei ist nicht signiert] C:\Program Files (x86)\TechSmith\Snagit 10\LFPng15U.DLL 2011-11-08 09:44 - 2011-11-08 09:44 - 000212112 ____R (LEAD Technologies, Inc -> LEAD Technologies, Inc.) [Datei ist nicht signiert] C:\Program Files (x86)\TechSmith\Snagit 10\Ltimgclr15u.dll 2011-11-08 09:44 - 2011-11-08 09:44 - 000208016 ____R (LEAD Technologies, Inc -> LEAD Technologies, Inc.) [Datei ist nicht signiert] C:\Program Files (x86)\TechSmith\Snagit 10\Ltimgefx15u.dll 2011-11-08 09:44 - 2011-11-08 09:44 - 000134288 ____R (LEAD Technologies, Inc -> LEAD Technologies, Inc.) [Datei ist nicht signiert] C:\Program Files (x86)\TechSmith\Snagit 10\Ltimgutl15u.dll 2011-11-08 09:44 - 2011-11-08 09:44 - 000138384 ____N (LEAD Technologies, Inc -> LEAD Technologies, Inc.) [Datei ist nicht signiert] C:\Program Files (x86)\TechSmith\Snagit 10\Ltscr15u.dll 2011-11-08 09:44 - 2011-11-08 09:44 - 000122000 ____N (LEAD Technologies, Inc -> LEAD Technologies, Inc.) [Datei ist nicht signiert] C:\Program Files (x86)\TechSmith\Snagit 10\Lttwn15u.dll 2014-12-19 10:36 - 2013-03-07 22:07 - 000009728 _____ (Luis Cobian) [Datei ist nicht signiert] C:\Program Files (x86)\Cobian Backup 11\CobStringList.dll 2014-12-19 10:36 - 2013-03-07 22:27 - 002684928 _____ (Luis Cobian, CobianSoft) [Datei ist nicht signiert] C:\Program Files (x86)\Cobian Backup 11\cbEngine.dll 2008-04-11 12:54 - 2008-04-11 12:54 - 000348160 _____ (Microsoft Corporation) [Datei ist nicht signiert] C:\Program Files (x86)\Common Files\ABBYY\FineReader\9.00\Licensing\PE\MSVCR71.dll 2019-07-29 22:18 - 2019-07-29 22:18 - 001654784 _____ (Microsoft Corporation) [Datei ist nicht signiert] C:\WINDOWS\WinSxS\amd64_microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.6195_none_8448b2bd328df189\MFC80U.DLL 2019-07-29 22:15 - 2019-07-29 22:15 - 000054272 _____ (Microsoft Corporation) [Datei ist nicht signiert] C:\WINDOWS\WinSxS\amd64_microsoft.vc80.mfcloc_1fc8b3b9a1e18e3b_8.0.50727.6195_none_bc20f59b0bdd1acd\MFC80DEU.DLL 2014-12-19 14:54 - 2007-04-21 11:36 - 000049152 _____ (PFU LIMITED) [Datei ist nicht signiert] C:\WINDOWS\TWAIN_32\fjscan32\FJSTMKSV.dll 2018-11-15 13:24 - 2006-02-23 12:16 - 000047616 _____ (TODO: <Company name>) [Datei ist nicht signiert] C:\WINDOWS\System32\AvmColorFax.dll 2018-11-15 13:24 - 2006-02-22 10:53 - 000043520 _____ (TODO: <Company name>) [Datei ist nicht signiert] C:\WINDOWS\System32\AvmFax.dll ==================== Alternate Data Streams (Nicht auf der Ausnahmeliste) ======== ==================== Abgesicherter Modus (Nicht auf der Ausnahmeliste) ================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Der Wert "AlternateShell" wird wiederhergestellt.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service" ==================== Verknüpfungen (Nicht auf der Ausnahmeliste) ================= ==================== Internet Explorer Vertrauenswürdig/Eingeschränkt ========== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt.) IE trusted site: HKU\.DEFAULT\...\localhost -> localhost IE trusted site: HKU\S-1-5-21-2216129787-3453094354-8666996-1006\...\localhost -> localhost ==================== Hosts Inhalt: ========================= (Wenn benötigt kann der Hosts: Schalter in die Fixlist aufgenommen werden um die Hosts Datei zurückzusetzen.) 2013-08-22 14:25 - 2013-08-22 14:25 - 000000824 _____ C:\WINDOWS\system32\drivers\etc\hosts ==================== Andere Bereiche =========================== (Aktuell gibt es keinen automatisierten Fix für diesen Bereich.) HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> C:\Program Files (x86)\Common Files\Oracle\Java\javapath;C:\ProgramData\Oracle\Java\javapath;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\SQL Anywhere 12\Bin32\;C:\Program Files (x86)\SQL Anywhere 16\Bin32\;C:\Program Files\Intel\WiFi\bin\;C:\Program Files\Common Files\Intel\WirelessCommon\;%SYSTEMROOT%\System32\OpenSSH\;C:\Program Files (x86)\Calibre2\ HKU\S-1-5-21-2216129787-3453094354-8666996-1006\Control Panel\Desktop\\Wallpaper -> C:\WINDOWS\web\wallpaper\Windows\img0.jpg DNS Servers: 192.168.178.1 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1) HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin) ist aktiviert. ==================== MSCONFIG/TASK MANAGER Deaktivierte Einträge == (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er entfernt.) HKLM\...\StartupApproved\Run32: => "ConnectionCenter" HKLM\...\StartupApproved\Run32: => "Redirector" HKU\S-1-5-21-2216129787-3453094354-8666996-1006\...\StartupApproved\Run: => "Copernic Desktop Search" HKU\S-1-5-21-2216129787-3453094354-8666996-1006\...\StartupApproved\Run: => "com.squirrel.Teams.Teams" ==================== Firewall Regeln (Nicht auf der Ausnahmeliste) ================ (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.) FirewallRules: [UDP Query User{C7596447-4F5E-4C5D-9951-E0CEB72AED0A}C:\users\michael\appdata\local\microsoft\teams\current\teams.exe] => (Allow) C:\users\michael\appdata\local\microsoft\teams\current\teams.exe (Microsoft Corporation -> Microsoft Corporation) FirewallRules: [TCP Query User{8F9E29F4-AFCF-440C-A925-27D285DC2A42}C:\users\michael\appdata\local\microsoft\teams\current\teams.exe] => (Allow) C:\users\michael\appdata\local\microsoft\teams\current\teams.exe (Microsoft Corporation -> Microsoft Corporation) FirewallRules: [UDP Query User{3988CFE6-008E-461A-B949-62F366AA09B2}C:\program files (x86)\keepass password safe 2\keepass.exe] => (Allow) C:\program files (x86)\keepass password safe 2\keepass.exe (Open Source Developer, Dominik Reichl -> Dominik Reichl) FirewallRules: [TCP Query User{52F7589F-9F82-41A3-AC5C-31001FD36ACC}C:\program files (x86)\keepass password safe 2\keepass.exe] => (Allow) C:\program files (x86)\keepass password safe 2\keepass.exe (Open Source Developer, Dominik Reichl -> Dominik Reichl) FirewallRules: [UDP Query User{31337D38-A9F2-4A9C-B15E-54623701E616}C:\program files (x86)\jivexdvlight\jre\bin\javaw.exe] => (Allow) C:\program files (x86)\jivexdvlight\jre\bin\javaw.exe FirewallRules: [TCP Query User{50705C51-DB84-437A-80F6-6268AC7B1E81}C:\program files (x86)\jivexdvlight\jre\bin\javaw.exe] => (Allow) C:\program files (x86)\jivexdvlight\jre\bin\javaw.exe FirewallRules: [UDP Query User{92B0F230-57A8-45E9-AE7D-22834323996B}C:\users\michael\appdata\local\temp\jivexviewer\jre\bin\jivex[dv] light] => (Allow) C:\users\michael\appdata\local\temp\jivexviewer\jre\bin\jivex[dv] light Keine Datei FirewallRules: [TCP Query User{81C0B524-782F-4A6E-A82E-AC8157B9B9AC}C:\users\michael\appdata\local\temp\jivexviewer\jre\bin\jivex[dv] light] => (Allow) C:\users\michael\appdata\local\temp\jivexviewer\jre\bin\jivex[dv] light Keine Datei FirewallRules: [UDP Query User{7319F006-B6C0-4D8F-B2C8-273675C7A623}C:\program files (x86)\fritz!\frifax32.exe] => (Allow) C:\program files (x86)\fritz!\frifax32.exe (AVM Computersysteme Vertriebs GmbH -> AVM Berlin) FirewallRules: [TCP Query User{A40C663E-121D-4416-9F7D-F54AABD6112D}C:\program files (x86)\fritz!\frifax32.exe] => (Allow) C:\program files (x86)\fritz!\frifax32.exe (AVM Computersysteme Vertriebs GmbH -> AVM Berlin) FirewallRules: [UDP Query User{B07C0303-881F-4BDB-B3CA-9B9B6AC77B01}C:\users\michael\appdata\local\temp\_istmp1.dir\_ins5576._mp] => (Allow) C:\users\michael\appdata\local\temp\_istmp1.dir\_ins5576._mp Keine Datei FirewallRules: [TCP Query User{53F9205D-2170-44F6-ABD1-E61E3827B10B}C:\users\michael\appdata\local\temp\_istmp1.dir\_ins5576._mp] => (Allow) C:\users\michael\appdata\local\temp\_istmp1.dir\_ins5576._mp Keine Datei FirewallRules: [{42E50DCC-BFFF-4FE1-AA49-819D8736FD09}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH) FirewallRules: [{2B46DA6E-FBF4-4BB4-A317-BCA1E50BF108}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH) FirewallRules: [{56A315BD-BF9C-4CBD-9143-13FFD186F898}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH) FirewallRules: [{B8DF855B-7E94-4205-B485-1CFD1A1468C3}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH) FirewallRules: [{E962594A-1E1F-49B7-8657-75C92C2CE7F4}] => (Allow) C:\Program Files (x86)\Copernic\DesktopSearch\x64\Copernic.DesktopSearch.exe (Copernic, a division of N. Harris Computer Systems) [Datei ist nicht signiert] FirewallRules: [{409F15B3-252C-4673-9A32-1FEB6C937006}] => (Allow) C:\Program Files (x86)\Copernic\DesktopSearch\Copernic.DesktopSearch.exe (N. Harris Computer Corporation -> Copernic, a division of N. Harris Computer Systems) FirewallRules: [UDP Query User{B6259554-160E-40A8-8388-0AB4B7D4CE3E}C:\program files (x86)\keepass password safe 2\keepass.exe] => (Allow) C:\program files (x86)\keepass password safe 2\keepass.exe (Open Source Developer, Dominik Reichl -> Dominik Reichl) FirewallRules: [TCP Query User{4EAE3EB8-6F4C-4BB6-B8C9-D837BA3C09A8}C:\program files (x86)\keepass password safe 2\keepass.exe] => (Allow) C:\program files (x86)\keepass password safe 2\keepass.exe (Open Source Developer, Dominik Reichl -> Dominik Reichl) FirewallRules: [{63D4F583-191A-4F60-A716-28FE82B91B7C}] => (Allow) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe (Intel Corporation-Wireless Connectivity Solutions -> ) FirewallRules: [UDP Query User{10480967-7743-4F21-BB14-5E7CBECA38D3}C:\program files (x86)\copernic\desktopsearch\copernic.desktopsearch.exe] => (Block) C:\program files (x86)\copernic\desktopsearch\copernic.desktopsearch.exe (N. Harris Computer Corporation -> Copernic, a division of N. Harris Computer Systems) FirewallRules: [TCP Query User{D922381D-8AF6-4909-90FA-C554D345E5F7}C:\program files (x86)\copernic\desktopsearch\copernic.desktopsearch.exe] => (Block) C:\program files (x86)\copernic\desktopsearch\copernic.desktopsearch.exe (N. Harris Computer Corporation -> Copernic, a division of N. Harris Computer Systems) FirewallRules: [{D73281C7-BDB7-468D-8482-A4898529273E}] => (Allow) C:\Users\xxx\AppData\Local\StarLeaf\Breeze\2\Breeze.exe (Starleaf Ltd -> StarLeaf) FirewallRules: [{55410149-ED2D-4A50-B304-97AD7DCAF1C4}] => (Allow) C:\Users\xxx\AppData\Local\StarLeaf\Breeze\1\Breeze.exe (Starleaf Ltd -> StarLeaf) FirewallRules: [UDP Query User{4E5656D0-CE09-4C82-8A6A-605EC54C87EC}C:\program files (x86)\copernic\desktopsearch\copernic.desktopsearch.exe] => (Allow) C:\program files (x86)\copernic\desktopsearch\copernic.desktopsearch.exe (N. Harris Computer Corporation -> Copernic, a division of N. Harris Computer Systems) FirewallRules: [TCP Query User{DCCB0C0E-E0DC-44D1-B240-695A6F5C1A3C}C:\program files (x86)\copernic\desktopsearch\copernic.desktopsearch.exe] => (Allow) C:\program files (x86)\copernic\desktopsearch\copernic.desktopsearch.exe (N. Harris Computer Corporation -> Copernic, a division of N. Harris Computer Systems) FirewallRules: [UDP Query User{BBD1C7A7-4F10-41A6-A246-773B988B0122}C:\users\xxx\appdata\roaming\dropbox\bin\dropbox.exe] => (Block) C:\users\xxx\appdata\roaming\dropbox\bin\dropbox.exe Keine Datei FirewallRules: [TCP Query User{7BBE6C67-F2A4-495B-B8DD-9C9EAAC84452}C:\users\xxx\appdata\roaming\dropbox\bin\dropbox.exe] => (Block) C:\users\xxx\appdata\roaming\dropbox\bin\dropbox.exe Keine Datei FirewallRules: [UDP Query User{E2A4A359-7EF7-4E55-BEC0-0F3EE50DC358}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation) FirewallRules: [TCP Query User{3E3A7B8B-6E88-4DE8-9A8A-0F004006FB36}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation) FirewallRules: [UDP Query User{C7B3D987-E38F-4E3C-A9C5-FD35FFCCC0E1}C:\program files (x86)\mozilla firefox\firefox.exe] => (Allow) C:\program files (x86)\mozilla firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation) FirewallRules: [TCP Query User{E7DA08B6-B124-4B75-AF53-58BCDA3BE7CD}C:\program files (x86)\mozilla firefox\firefox.exe] => (Allow) C:\program files (x86)\mozilla firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation) FirewallRules: [UDP Query User{36874983-D06A-45ED-83B4-22586B817DC5}C:\program files (x86)\internet explorer\iexplore.exe] => (Allow) C:\program files (x86)\internet explorer\iexplore.exe (Microsoft Corporation -> Microsoft Corporation) FirewallRules: [TCP Query User{4B8C5DA1-643E-4D96-920E-2D5D62BEF918}C:\program files (x86)\internet explorer\iexplore.exe] => (Allow) C:\program files (x86)\internet explorer\iexplore.exe (Microsoft Corporation -> Microsoft Corporation) FirewallRules: [{594275C9-3149-4774-BAC3-A6190249D54B}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation) FirewallRules: [{141E5018-9DF5-4536-82CE-23A912864BE1}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation) FirewallRules: [{5DE52B69-B45B-4898-8A6E-6F730897587E}] => (Allow) LPort=19540 FirewallRules: [{B0BAF218-D1D9-4E31-9C61-CB3E57E32489}] => (Allow) C:\Program Files\silex technology\SX Virtual Link\Connect.exe (silex technology, Inc. -> silex technology, Inc.) FirewallRules: [{85D6C233-2F54-4762-A55B-C6A5F7BFA0E4}] => (Allow) C:\Program Files (x86)\Lexware\Update Service\Hmg.InstallationService.Service.exe Keine Datei FirewallRules: [{C21CD597-FAF0-4091-AC8D-6A3DE0467FEE}] => (Allow) C:\Program Files (x86)\Lexware\Update Service\Hmg.InstallationService.Service.exe Keine Datei FirewallRules: [{C76A8D87-E154-4055-888A-128F5284C455}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation) FirewallRules: [{40430C97-1136-41A4-8713-4089D7F5B690}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation) FirewallRules: [{AA3E919F-C581-4798-A1F0-16743886E751}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe (Microsoft Corporation -> Microsoft Corporation) FirewallRules: [{2D272AD8-53D1-4732-803C-0878A0C567D2}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe (Microsoft Corporation -> Microsoft Corporation) FirewallRules: [TCP Query User{CFD8701D-465A-4353-9F1D-45428A0A6825}C:\program files\transmission\transmission-qt.exe] => (Allow) C:\program files\transmission\transmission-qt.exe Keine Datei FirewallRules: [UDP Query User{B8FF3D23-E450-46CE-A019-376D0E2AA5A3}C:\program files\transmission\transmission-qt.exe] => (Allow) C:\program files\transmission\transmission-qt.exe Keine Datei FirewallRules: [{0DF9C0D1-8E08-4768-9DD4-4FBBF1C0E4C3}] => (Allow) C:\Windows\System32\LogonUI.exe (Microsoft Windows -> Microsoft Corporation) FirewallRules: [{F0828781-5332-4502-A28A-1A31C7594413}] => (Allow) C:\Windows\System32\LogonUI.exe (Microsoft Windows -> Microsoft Corporation) FirewallRules: [{8DE6F01C-BFD1-440E-9E75-7F89F16A3642}] => (Allow) C:\Windows\System32\LogonUI.exe (Microsoft Windows -> Microsoft Corporation) FirewallRules: [{8460DD34-2C3A-48A1-B290-DF647AEDAC08}] => (Allow) C:\Windows\System32\LogonUI.exe (Microsoft Windows -> Microsoft Corporation) FirewallRules: [TCP Query User{F24E0676-3937-41DC-9615-7D3D65344251}C:\program files (x86)\rohos\welcome.exe] => (Allow) C:\program files (x86)\rohos\welcome.exe (Tesline-Service s.r.l. -> Tesline-Service SRL) FirewallRules: [UDP Query User{AE63D004-5664-4220-BAC9-28D94EEBB2D0}C:\program files (x86)\rohos\welcome.exe] => (Allow) C:\program files (x86)\rohos\welcome.exe (Tesline-Service s.r.l. -> Tesline-Service SRL) FirewallRules: [{7FBD0916-C44D-4BE6-A316-62F62D728156}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation) FirewallRules: [{B77DB1C8-D16E-4C80-AE27-D939002B8485}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation) FirewallRules: [{11D6F1C5-97A3-42FE-A37E-4B8F419CA7B1}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe (Microsoft Corporation -> Microsoft Corporation) FirewallRules: [{01F64546-0599-43D8-A10E-AB94B5AB2D05}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe (Microsoft Corporation -> Microsoft Corporation) FirewallRules: [{36471B40-5969-4A0B-B724-37BB4A9584EA}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation) FirewallRules: [{628BF9B0-F4D7-45D8-A2C8-47655435AD8D}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation) FirewallRules: [{735D400E-78B8-40C7-88A7-4E77540437B4}] => (Allow) C:\Program Files\HP\HP LaserJet M101-M106\bin\EWSProxy.exe (Hewlett Packard -> HP Inc.) FirewallRules: [{2A21F2C1-0188-4AC4-8449-E0F228080B22}] => (Allow) C:\Program Files\HP\HP LaserJet M101-M106\Bin\DeviceSetup.exe (Hewlett Packard -> HP Inc.) FirewallRules: [{18FF3AD1-7357-4110-B884-24BCFE33BD59}] => (Allow) LPort=5357 FirewallRules: [{7B9D054E-6448-4001-BA19-8CEC739D991A}] => (Allow) C:\Program Files\HP\HP LaserJet M101-M106\Bin\HPNetworkCommunicatorCom.exe (Hewlett Packard -> HP Inc.) FirewallRules: [{10A208E5-5F75-4050-9B73-4B8A6EA15FA9}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe (Microsoft Corporation -> Microsoft Corporation) FirewallRules: [{A2251CC3-B721-49F5-A927-B557E7288D22}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe (Microsoft Corporation -> Microsoft Corporation) FirewallRules: [{F93758B1-4EE9-43EE-8500-6FFB604FCB15}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation) FirewallRules: [{BDB56D3C-3502-4A48-8646-A22C215FD424}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation) FirewallRules: [{737CCAD7-FDC5-4513-9C59-EF1117BAB9EE}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.117.543.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd) FirewallRules: [{742EC125-4FE9-4706-9E20-42B6F73B0270}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.117.543.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd) FirewallRules: [{1ECD6DCE-C7BD-41D1-AC6A-4BC21C7630ED}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.117.543.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd) FirewallRules: [{9EFF43C3-900E-4B53-8E86-D778B4317784}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.117.543.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd) FirewallRules: [{BDB1077F-9EB9-4BC1-852B-5110CE6085F1}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.117.543.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd) FirewallRules: [{5268F1F1-3651-4364-80F1-849A671DBE9C}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.117.543.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd) FirewallRules: [{7141DFD3-A3A7-45D4-B46F-1811A8662CD8}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.117.543.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd) FirewallRules: [{A987C8E7-F03B-4256-A4A0-6151E7A32352}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.117.543.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd) FirewallRules: [{735FB1D0-7BF9-4A6F-AFF9-11CE41371438}] => (Block) C:\Program Files (x86)\Avira\SoftwareUpdater\avirasoftwareupdatertoastnotificationsbridge.exe (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG) FirewallRules: [{CADB07C6-133B-4C08-8E2C-211ED60BC879}] => (Allow) C:\Program Files (x86)\Avira\SoftwareUpdater\avirasoftwareupdatertoastnotificationsbridge.exe (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG) FirewallRules: [{5410BB78-558E-4856-9E20-328F7ACF61BC}] => (Allow) C:\Program Files (x86)\Avira\SoftwareUpdater\avirasoftwareupdatertoastnotificationsbridge.exe (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG) FirewallRules: [TCP Query User{6E04982D-2D44-472D-BCF7-DA9E53552833}C:\program files (x86)\instar\instar camera tool\instar camera tool.exe] => (Allow) C:\program files (x86)\instar\instar camera tool\instar camera tool.exe (INSTAR Deutschland GmbH) [Datei ist nicht signiert] FirewallRules: [UDP Query User{137DD80B-B1D9-4F65-81E2-03068318FDC4}C:\program files (x86)\instar\instar camera tool\instar camera tool.exe] => (Allow) C:\program files (x86)\instar\instar camera tool\instar camera tool.exe (INSTAR Deutschland GmbH) [Datei ist nicht signiert] FirewallRules: [{EFD8E259-CC28-4460-8E72-54386BE19671}] => (Block) C:\program files (x86)\instar\instar camera tool\instar camera tool.exe (INSTAR Deutschland GmbH) [Datei ist nicht signiert] FirewallRules: [{56CA0644-3333-48A3-84FB-4E36BC7FD021}] => (Block) C:\program files (x86)\instar\instar camera tool\instar camera tool.exe (INSTAR Deutschland GmbH) [Datei ist nicht signiert] FirewallRules: [{BEC4AA32-0B42-4BF8-8BE5-8C634DA95572}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC) FirewallRules: [{184202DF-79AE-4E7B-B6EE-D39C4AA2557B}] => (Allow) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe (Dropbox, Inc -> Dropbox, Inc.) FirewallRules: [{6A97B6DB-82EE-42DC-984D-702B76403840}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH) FirewallRules: [{F98DC8C1-0147-4EB6-AE7F-0217426A5CED}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH) FirewallRules: [{6CF4B630-2EF2-4247-9C8A-87A8184C5ACA}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH) FirewallRules: [{F91E81B9-1FC9-4D2B-B086-024FB6C44B76}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH) DomainProfile\AuthorizedApplications: [C:\Program Files (x86)\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe] => Enabled:Logitech Harmony Remote Software 7 StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe] => Enabled:Logitech Harmony Remote Software 7 ==================== Wiederherstellungspunkte ========================= 10-01-2020 18:40:35 Windows Update 17-01-2020 09:31:33 Windows Update 19-01-2020 15:55:18 Windows-Sicherung 27-01-2020 11:13:39 Windows-Sicherung ==================== Fehlerhafte Geräte im Gerätemanager ============ Name: Intel(R) Dual Band Wireless-AC 8265 Description: Intel(R) Dual Band Wireless-AC 8265 Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318} Manufacturer: Intel Corporation Service: Netwtw06 Problem: : This device is disabled. (Code 22) Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions. ==================== Fehlereinträge in der Ereignisanzeige: ======================== Applikationsfehler: ================== Error: (01/30/2020 05:57:53 PM) (Source: ESENT) (EventID: 455) (User: ) Description: svchost (3928,R,98) TILEREPOSITORYS-1-5-18: Fehler -1023 (0xfffffc01) beim Öffnen von Protokolldatei C:\WINDOWS\system32\config\systemprofile\AppData\Local\TileDataLayer\Database\EDB.log. Error: (01/30/2020 05:55:26 PM) (Source: Application Hang) (EventID: 1002) (User: ) Description: Das Programm explorer.exe Version 10.0.18362.449 hat die Interaktion mit Windows beendet und wurde geschlossen. Überprüfen Sie den Problemverlauf in der Systemsteuerung "Sicherheit und Wartung", um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: 1b74 Startzeit: 01d5d745c831fee5 Beendigungszeit: 0 Anwendungspfad: C:\Windows\explorer.exe Bericht-ID: 5c3059ba-29c1-4be5-9d1e-2a07f25f7dcf Vollständiger Name des fehlerhaften Pakets: Relative Anwendungs-ID des fehlerhaften Pakets: Absturztyp: Cross-thread Error: (01/30/2020 05:47:31 PM) (Source: Microsoft-Windows-Perflib) (EventID: 1023) (User: NT-AUTORITÄT) Description: Windows kann die erweiterbare Leistungsindikator-DLL "C:\WINDOWS\system32\sysmain.dll" nicht laden (Win32-Fehlercode 126). Error: (01/30/2020 05:16:47 PM) (Source: ESENT) (EventID: 455) (User: ) Description: svchost (9728,R,98) TILEREPOSITORYS-1-5-18: Fehler -1023 (0xfffffc01) beim Öffnen von Protokolldatei C:\WINDOWS\system32\config\systemprofile\AppData\Local\TileDataLayer\Database\EDB.log. Error: (01/30/2020 04:57:31 PM) (Source: ESENT) (EventID: 455) (User: ) Description: svchost (6184,R,98) TILEREPOSITORYS-1-5-18: Fehler -1023 (0xfffffc01) beim Öffnen von Protokolldatei C:\WINDOWS\system32\config\systemprofile\AppData\Local\TileDataLayer\Database\EDB.log. Error: (01/30/2020 04:43:01 PM) (Source: ESENT) (EventID: 455) (User: ) Description: svchost (2748,R,98) TILEREPOSITORYS-1-5-18: Fehler -1023 (0xfffffc01) beim Öffnen von Protokolldatei C:\WINDOWS\system32\config\systemprofile\AppData\Local\TileDataLayer\Database\EDB.log. Error: (01/30/2020 03:41:51 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Name der fehlerhaften Anwendung: LogonUI.exe, Version: 10.0.18362.1, Zeitstempel: 0xb2f611fe Name des fehlerhaften Moduls: rohos_btkey.dll_unloaded, Version: 0.0.0.0, Zeitstempel: 0x556ed7be Ausnahmecode: 0xc0000005 Fehleroffset: 0x0000000000001505 ID des fehlerhaften Prozesses: 0x348c Startzeit der fehlerhaften Anwendung: 0x01d5d77b317c02e9 Pfad der fehlerhaften Anwendung: C:\WINDOWS\system32\LogonUI.exe Pfad des fehlerhaften Moduls: rohos_btkey.dll Berichtskennung: 79f49fec-196b-476f-8e3e-5becbb062534 Vollständiger Name des fehlerhaften Pakets: Anwendungs-ID, die relativ zum fehlerhaften Paket ist: Error: (01/30/2020 03:40:17 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Name der fehlerhaften Anwendung: LogonUI.exe, Version: 10.0.18362.1, Zeitstempel: 0xb2f611fe Name des fehlerhaften Moduls: rohos_btkey.dll_unloaded, Version: 0.0.0.0, Zeitstempel: 0x556ed7be Ausnahmecode: 0xc0000005 Fehleroffset: 0x0000000000001505 ID des fehlerhaften Prozesses: 0x8f8 Startzeit der fehlerhaften Anwendung: 0x01d5d77af94c8f08 Pfad der fehlerhaften Anwendung: C:\WINDOWS\system32\LogonUI.exe Pfad des fehlerhaften Moduls: rohos_btkey.dll Berichtskennung: dd409e19-8dbc-4340-87a3-72b321a44939 Vollständiger Name des fehlerhaften Pakets: Anwendungs-ID, die relativ zum fehlerhaften Paket ist: Systemfehler: ============= Error: (01/30/2020 04:33:19 PM) (Source: DCOM) (EventID: 10010) (User: NT-AUTORITÄT) Description: Der Server "{784E29F4-5EBE-4279-9948-1E8FE941646D}" konnte innerhalb des angegebenen Zeitabschnitts mit DCOM nicht registriert werden. Error: (01/30/2020 02:05:51 PM) (Source: DCOM) (EventID: 10010) (User: NT-AUTORITÄT) Description: Der Server "{784E29F4-5EBE-4279-9948-1E8FE941646D}" konnte innerhalb des angegebenen Zeitabschnitts mit DCOM nicht registriert werden. Error: (01/30/2020 12:40:20 PM) (Source: DCOM) (EventID: 10010) (User: NT-AUTORITÄT) Description: Der Server "{784E29F4-5EBE-4279-9948-1E8FE941646D}" konnte innerhalb des angegebenen Zeitabschnitts mit DCOM nicht registriert werden. Error: (01/30/2020 11:03:20 AM) (Source: DCOM) (EventID: 10010) (User: NT-AUTORITÄT) Description: Der Server "{784E29F4-5EBE-4279-9948-1E8FE941646D}" konnte innerhalb des angegebenen Zeitabschnitts mit DCOM nicht registriert werden. Error: (01/30/2020 09:55:40 AM) (Source: DCOM) (EventID: 10010) (User: NT-AUTORITÄT) Description: Der Server "{784E29F4-5EBE-4279-9948-1E8FE941646D}" konnte innerhalb des angegebenen Zeitabschnitts mit DCOM nicht registriert werden. Error: (01/30/2020 09:20:56 AM) (Source: DCOM) (EventID: 10010) (User: NT-AUTORITÄT) Description: Der Server "{784E29F4-5EBE-4279-9948-1E8FE941646D}" konnte innerhalb des angegebenen Zeitabschnitts mit DCOM nicht registriert werden. Error: (01/30/2020 09:17:54 AM) (Source: EventLog) (EventID: 6008) (User: ) Description: Das System wurde zuvor am 29.01.2020 um 21:37:34 unerwartet heruntergefahren. Error: (01/30/2020 09:17:39 AM) (Source: Microsoft-Windows-Kernel-Boot) (EventID: 29) (User: NT-AUTORITÄT) Description: 3221225684Bei der Verarbeitung der Wiederherstellungsdaten ist ein schwerwiegender Fehler aufgetreten. Windows Defender: =================================== Date: 2020-01-30 17:43:47.670 Description: Windows Defender Antivirus hat Schadsoftware oder andere potenziell unerwünschte Software erkannt. Weitere Informationen: https://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:Win32/Tiggre!rfn&threatid=2147723625&enterprise=0 Name: Trojan:Win32/Tiggre!rfn ID: 2147723625 Schweregrad: Schwerwiegend Kategorie: Trojaner Pfad: file:_L:\DHL_Jan 21 2020 at 1.40_8ZP290_PDF.exe Erkennungsursprung: Lokaler Computer Erkennungstype: FastPath Erkennungsquelle: Echtzeitschutz Benutzer: PCxxxHOME\Michael Prozessname: C:\Windows\explorer.exe Sicherheitsversion: AV: 1.307.3275.0, AS: 1.307.3275.0, NIS: 1.307.3275.0 Modulversion: AM: 1.1.16600.7, NIS: 1.1.16600.7 Date: 2020-01-30 17:32:25.398 Description: Windows Defender Antivirus hat Schadsoftware oder andere potenziell unerwünschte Software erkannt. Weitere Informationen: https://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:Win32/Tiggre!rfn&threatid=2147723625&enterprise=0 Name: Trojan:Win32/Tiggre!rfn ID: 2147723625 Schweregrad: Schwerwiegend Kategorie: Trojaner Pfad: file:_L:\DHL_Jan 21 2020 at 1.40_8ZP290_PDF.exe Erkennungsursprung: Lokaler Computer Erkennungstype: FastPath Erkennungsquelle: Echtzeitschutz Benutzer: PCxxxHOME\Michael Prozessname: C:\Windows\explorer.exe Sicherheitsversion: AV: 1.307.3275.0, AS: 1.307.3275.0, NIS: 1.307.3275.0 Modulversion: AM: 1.1.16600.7, NIS: 1.1.16600.7 Date: 2020-01-30 17:30:49.467 Description: Windows Defender Antivirus hat Schadsoftware oder andere potenziell unerwünschte Software erkannt. Weitere Informationen: https://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:Win32/Tiggre!rfn&threatid=2147723625&enterprise=0 Name: Trojan:Win32/Tiggre!rfn ID: 2147723625 Schweregrad: Schwerwiegend Kategorie: Trojaner Pfad: file:_L:\DHL_Jan 21 2020 at 1.40_8ZP290_PDF.exe Erkennungsursprung: Lokaler Computer Erkennungstype: FastPath Erkennungsquelle: Echtzeitschutz Benutzer: PCxxxHOME\Michael Prozessname: C:\Windows\explorer.exe Sicherheitsversion: AV: 1.307.3275.0, AS: 1.307.3275.0, NIS: 1.307.3275.0 Modulversion: AM: 1.1.16600.7, NIS: 1.1.16600.7 Date: 2020-01-30 17:30:19.655 Description: Windows Defender Antivirus hat Schadsoftware oder andere potenziell unerwünschte Software erkannt. Weitere Informationen: https://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:Win32/Tiggre!rfn&threatid=2147723625&enterprise=0 Name: Trojan:Win32/Tiggre!rfn ID: 2147723625 Schweregrad: Schwerwiegend Kategorie: Trojaner Pfad: file:_L:\DHL_Jan 21 2020 at 1.40_8ZP290_PDF.exe Erkennungsursprung: Lokaler Computer Erkennungstype: FastPath Erkennungsquelle: Echtzeitschutz Benutzer: PCxxxHOME\Michael Prozessname: C:\Windows\explorer.exe Sicherheitsversion: AV: 1.307.3275.0, AS: 1.307.3275.0, NIS: 1.307.3275.0 Modulversion: AM: 1.1.16600.7, NIS: 1.1.16600.7 Date: 2020-01-30 17:29:33.646 Description: Windows Defender Antivirus hat Schadsoftware oder andere potenziell unerwünschte Software erkannt. Weitere Informationen: https://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:Win32/Tiggre!rfn&threatid=2147723625&enterprise=0 Name: Trojan:Win32/Tiggre!rfn ID: 2147723625 Schweregrad: Schwerwiegend Kategorie: Trojaner Pfad: file:_L:\DHL_Jan 21 2020 at 1.40_8ZP290_PDF.exe Erkennungsursprung: Lokaler Computer Erkennungstype: FastPath Erkennungsquelle: Benutzer Benutzer: PCxxxHOME\Michael Prozessname: Unknown Sicherheitsversion: AV: 1.307.3275.0, AS: 1.307.3275.0, NIS: 1.307.3275.0 Modulversion: AM: 1.1.16600.7, NIS: 1.1.16600.7 Date: 2020-01-17 09:34:35.239 Description: Bei Windows Defender Antivirus ist ein Fehler beim Aktualisieren der Sicherheitsinformationen aufgetreten. Neue Version der Sicherheitsinformationen: %Vorherige Version der Sicherheitsinformationen: 1.307.2496.0 Update Source: Microsoft Update-Server Sicherheitstyp: AntiVirus Updatetyp: Voll Benutzer: NT-AUTORITÄT\SYSTEM Aktuelle Modulversion: %Vorherige Modulversion: 1.1.16600.7 Fehlercode: 0x80240016 Fehlerbeschreibung: Unerwartetes Problem bei der Überprüfung auf Updates. Informationen zum Installieren von Updates oder zur Problembehandlung finden Sie unter "Hilfe und Support". CodeIntegrity: =================================== Date: 2019-10-22 10:36:29.640 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2019-10-22 10:36:29.088 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2019-10-22 10:36:28.424 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2019-10-22 10:36:27.876 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2019-10-22 10:35:27.780 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2019-10-22 10:35:26.026 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2019-10-22 10:35:25.375 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2019-10-22 10:35:24.551 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements. ==================== Speicherinformationen =========================== BIOS: Intel Corp. BNKBL357.86A.0052.2017.0918.1346 09/18/2017 Hauptplatine: Intel Corporation NUC7i5BNB Prozessor: Intel(R) Core(TM) i5-7260U CPU @ 2.20GHz Prozentuale Nutzung des RAM: 80% Installierter physikalischer RAM: 8084.01 MB Verfügbarer physikalischer RAM: 1555.73 MB Summe virtueller Speicher: 10772.01 MB Verfügbarer virtueller Speicher: 1925.71 MB ==================== Laufwerke ================================ Drive c: () (Fixed) (Total:231.55 GB) (Free:89.62 GB) NTFS Drive d: (System-reserviert) (Fixed) (Total:0.34 GB) (Free:0.09 GB) NTFS ==>[System mit Startkomponenten (eingeholt von Laufwerk)] Drive g: () (Removable) (Total:3.76 GB) (Free:0.6 GB) FAT32 Drive l: (Desktop) (CDROM) (Total:0 GB) (Free:0 GB) UDF \\?\Volume{357f493a-ca5e-4de8-b84b-aff429db63bb}\ () (Fixed) (Total:0.77 GB) (Free:0.31 GB) NTFS \\?\Volume{ce61e2b2-b289-4008-9c82-7fa777634b5e}\ () (Fixed) (Total:0.1 GB) (Free:0.07 GB) FAT32 ==================== MBR & Partitionstabelle ==================== ========================================================== Disk: 0 (MBR Code: Windows 7/8/10) (Size: 232.9 GB) (Disk ID: 1790FC26) Partition: GPT. ========================================================== Disk: 7 (Size: 3.8 GB) (Disk ID: 6F20736B) No partition Table on disk 7. Disk 7 is a removable device. ==================== Ende von Addition.txt ======================= Geändert von macmesser201 (30.01.2020 um 18:49 Uhr) |
30.01.2020, 20:54 | #4 |
| Beim unachtsamen Öffnen wohl Win32/Tiggre!rfn eingefangen So scheinbar ist der Trojaner außer Kraft gesetzt worden. Nach dem Neustart des Rechners und Scan durch Avira (danach wieder deinstalliert) und anschließend Defender bekomme ich folgende Status (s. beigefügte Screenshots von Avira und Defender) Die letzte Frst.txt sieht folgendermaßen aus: Code:
ATTFilter Untersuchungsergebnis von Farbar Recovery Scan Tool (FRST) (x64) Version: 27-01-2020 durchgeführt von Michael (Administrator) auf PCxxxHOME (Intel Corporation NUC7i5BNH) (30-01-2020 20:42:44) Gestartet von C:\Users\Michael\Downloads Geladene Profile: Michael (Verfügbare Profile: Admin & Michael & Administrator) Platform: Windows 10 Pro Version 1903 18362.592 (X64) Sprache: Deutsch (Deutschland) Standard-Browser: FF Start-Modus: Normal Anleitung für Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Prozesse (Nicht auf der Ausnahmeliste) ================= (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Prozess geschlossen. Die Datei wird nicht verschoben.) () [Datei ist nicht signiert] C:\Program Files (x86)\DocFetcher\docfetcher-daemon-windows.exe (ABBYY Software House -> ABBYY (BIT Software)) C:\Program Files (x86)\Common Files\ABBYY\FineReader\9.00\Licensing\PE\NetworkLicenseServer.exe (ABBYY SOLUTIONS LIMITED -> ABBYY) C:\Program Files (x86)\Common Files\ABBYY\FineReader\11.00\Licensing\CE\NetworkLicenseServer.exe (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.Systray.exe (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Optimizer Host\Avira.OptimizerHost.exe (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Security\Avira.Spotlight.Service.exe (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\SoftwareUpdater\Avira.SoftwareUpdater.ServiceHost.exe (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\VPN\Avira.VpnService.exe (CobianSoft, Luis Cobian) [Datei ist nicht signiert] C:\Program Files (x86)\Cobian Backup 11\cbVSCService11.exe (Dropbox, Inc -> Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe (Dropbox, Inc -> Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe (Dropbox, Inc -> Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe (Dropbox, Inc -> Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe (Dropbox, Inc -> Dropbox, Inc.) C:\Windows\System32\DbxSvc.exe (Dropbox, Inc -> The Qt Company Ltd.) C:\Program Files (x86)\Dropbox\Client\89.4.278\QtWebEngineProcess.exe (Dropbox, Inc -> The Qt Company Ltd.) C:\Program Files (x86)\Dropbox\Client\89.4.278\QtWebEngineProcess.exe (Dropbox, Inc -> The Qt Company Ltd.) C:\Program Files (x86)\Dropbox\Client\89.4.278\QtWebEngineProcess.exe (Dropbox, Inc -> The Qt Company Ltd.) C:\Program Files (x86)\Dropbox\Client\89.4.278\QtWebEngineProcess.exe (EnigmaSoft Limited -> EnigmaSoft Limited) C:\Program Files\EnigmaSoft\SpyHunter\ShKernel.exe (EnigmaSoft Limited -> EnigmaSoft Limited) C:\Program Files\EnigmaSoft\SpyHunter\ShMonitor.exe (EnigmaSoft Limited -> EnigmaSoft Limited) C:\Program Files\EnigmaSoft\SpyHunter\SpyHunter5.exe (FUJITSU LIMITED) [Datei ist nicht signiert] C:\Windows\twain_32\fjscan32\FjtwMkup.exe (Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.35.422\GoogleCrashHandler.exe (Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.35.422\GoogleCrashHandler64.exe (Intel Corporation-Wireless Connectivity Solutions -> Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe (Intel Corporation-Wireless Connectivity Solutions -> Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe (Intel Corporation-Wireless Connectivity Solutions -> Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe (Intel(R) INTELND1617S2 -> Intel Corporation) C:\Windows\System32\IPROSetMonitor.exe (Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_250db833a1cd577e\igfxCUIService.exe (Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_250db833a1cd577e\igfxEM.exe (Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_250db833a1cd577e\IntelCpHDCPSvc.exe (Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_250db833a1cd577e\IntelCpHeciSvc.exe (Intel(R) Wireless Connectivity Solutions -> Intel Corporation) C:\Windows\System32\ibtsiva.exe (Luis Cobian, CobianSoft) [Datei ist nicht signiert] C:\Program Files (x86)\Cobian Backup 11\cbInterface.exe (Luis Cobian, CobianSoft) [Datei ist nicht signiert] C:\Program Files (x86)\Cobian Backup 11\cbService.exe (Microsoft Corporation -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe (Microsoft Windows -> Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe (Microsoft Windows -> Microsoft Corporation) C:\Windows\splwow64.exe (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\SecurityHealthHost.exe (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\SecurityHealthHost.exe (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\usocoreworker.exe (Microsoft Windows -> Microsoft Corporation) C:\Windows\SystemApps\Microsoft.Windows.SecHealthUI_cw5n1h2txyewy\SecHealthUI.exe (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.1911.3-0\MsMpEng.exe (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.1911.3-0\NisSrv.exe (Mozilla Corporation -> Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Opera Software AS -> Opera Software) C:\Users\Michael\AppData\Local\Programs\Opera\assistant\browser_assistant.exe (Opera Software AS -> Opera Software) C:\Users\Michael\AppData\Local\Programs\Opera\assistant\browser_assistant.exe (Oracle America, Inc. -> Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (PFU LIMITED) [Datei ist nicht signiert] C:\Windows\twain_32\fjscan32\ERG\FTErGuid.exe (PFU LIMITED) [Datei ist nicht signiert] C:\Windows\twain_32\fjscan32\FJTWMKSV.exe (PFU LIMITED) [Datei ist nicht signiert] C:\Windows\twain_32\fjscan32\FTPWREVT\FTPWREVT.exe (PFU LIMITED) [Datei ist nicht signiert] C:\Windows\twain_32\fjscan32\SOP\FtLnSOP.exe (Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Windows\System32\RtkAudUService64.exe (Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Windows\System32\RtkAudUService64.exe (Samsung Electronics CO., LTD. -> DEVGURU Co., LTD.) C:\Program Files (x86)\Samsung\USB Drivers\27_ssconn\conn\ss_conn_service.exe (shbox.de) [Datei ist nicht signiert] C:\Program Files (x86)\FreePDF_XP\fpassist.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH) C:\Program Files (x86)\TeamViewer\tv_w32.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH) C:\Program Files (x86)\TeamViewer\tv_x64.exe (TechSmith Corporation -> TechSmith Corporation) C:\Program Files (x86)\TechSmith\Snagit 10\Snagit32.exe (TechSmith Corporation -> TechSmith Corporation) C:\Program Files (x86)\TechSmith\Snagit 10\SnagitEditor.exe (TechSmith Corporation -> TechSmith Corporation) C:\Program Files (x86)\TechSmith\Snagit 10\SnagPriv.exe (TechSmith Corporation -> TechSmith Corporation) C:\Program Files (x86)\TechSmith\Snagit 10\TscHelp.exe (Tesline-Service s.r.l. -> Tesline-Service SRL) C:\Program Files (x86)\Rohos\ntserv.exe (Wolters Kluwer Deutschland GmbH -> ) C:\Program Files (x86)\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe ==================== Registry (Nicht auf der Ausnahmeliste) =================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt. Die Datei wird nicht verschoben.) HKLM\...\Run: [RtkAudUService] => C:\WINDOWS\System32\RtkAudUService64.exe [878368 2019-05-30] (Realtek Semiconductor Corp. -> Realtek Semiconductor) HKLM\...\Run: [] => [X] HKLM-x32\...\Run: [KeePass 2 PreLoad] => C:\Program Files (x86)\KeePass Password Safe 2\KeePass.exe [3331264 2020-01-20] (Open Source Developer, Dominik Reichl -> Dominik Reichl) HKLM-x32\...\Run: [ConnectionCenter] => C:\Program Files (x86)\Citrix\ICA Client\concentr.exe [395616 2014-09-03] (Citrix Systems, Inc. -> Citrix Systems, Inc.) HKLM-x32\...\Run: [Redirector] => C:\Program Files (x86)\Citrix\ICA Client\redirector.exe [153952 2014-09-03] (Citrix Systems, Inc. -> Citrix Systems, Inc.) HKLM-x32\...\Run: [FreePDF Assistant] => C:\Program Files (x86)\FreePDF_XP\fpassist.exe [373760 2014-03-18] (shbox.de) [Datei ist nicht signiert] HKLM-x32\...\Run: [FtLnSOP_setup] => C:\Windows\Twain_32\Fjscan32\SOP\FtLnSOP.exe [147456 2012-01-23] (PFU LIMITED) [Datei ist nicht signiert] HKLM-x32\...\Run: [FJTWAIN Setup] => C:\Windows\Twain_32\fjscan32\FjtwMkup.exe [139264 2012-01-23] (FUJITSU LIMITED) [Datei ist nicht signiert] HKLM-x32\...\Run: [FTPWRENV] => C:\Windows\Twain_32\Fjscan32\FTPWREVT\FTPWREVT.exe [45056 2007-10-16] (PFU LIMITED) [Datei ist nicht signiert] HKLM-x32\...\Run: [RohosLogon] => C:\Program Files (x86)\Rohos\welcome-user.exe [1380384 2015-09-04] (Tesline-Service s.r.l. -> Tesline-Service SRL) HKLM-x32\...\Run: [Dropbox] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [6261760 2020-01-23] (Dropbox, Inc -> Dropbox, Inc.) HKLM-x32\...\Run: [Cobian Backup 11 interface] => C:\Program Files (x86)\Cobian Backup 11\cbInterface.exe [4407808 2013-03-07] (Luis Cobian, CobianSoft) [Datei ist nicht signiert] HKLM-x32\...\Run: [DocFetcher-Daemon] => C:\Program Files (x86)\DocFetcher\docfetcher-daemon-windows.exe [563621 2018-07-30] () [Datei ist nicht signiert] HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [645648 2019-10-05] (Oracle America, Inc. -> Oracle Corporation) HKLM-x32\...\Run: [Avira SystrayStartTrigger] => C:\Program Files (x86)\Avira\Launcher\Avira.SystrayStartTrigger.exe [228136 2020-01-15] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG) HKLM-x32\...\Run: [Avira System Speedup User Starter] => C:\Program Files (x86)\Avira\System Speedup\Avira.SystemSpeedup.Core.Common.Starter.exe [331368 2020-01-30] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG) HKLM-x32\...\Run: [] => [X] HKU\S-1-5-21-2216129787-3453094354-8666996-1006\...\Run: [Opera Browser Assistant] => C:\Users\Michael\AppData\Local\Programs\Opera\assistant\browser_assistant.exe [2785304 2020-01-28] (Opera Software AS -> Opera Software) HKU\S-1-5-21-2216129787-3453094354-8666996-1006\...\Run: [] => [X] HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\79.0.3945.130\Installer\chrmstp.exe [2020-01-22] (Google LLC -> Google LLC) HKLM\Software\...\Authentication\Credential Providers: [{75A22DF1-B82D-56ed-B229-CD30517BD617}] -> C:\WINDOWS\system32\rohos_cp_x64.dll [2015-09-04] (Tesline-Service s.r.l. -> Tesline-Service SRL) HKLM\Software\...\Authentication\Credential Provider Filters: [{75A22DF1-B82D-56ed-B229-CD30517BD617}] -> C:\WINDOWS\system32\rohos_cp_x64.dll [2015-09-04] (Tesline-Service s.r.l. -> Tesline-Service SRL) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Error Recovery Guide.lnk [2014-12-19] ShortcutTarget: Error Recovery Guide.lnk -> C:\Windows\twain_32\fjscan32\ERG\FTErGuid.exe (PFU LIMITED) [Datei ist nicht signiert] Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Snagit 10.lnk [2015-09-10] ShortcutTarget: Snagit 10.lnk -> C:\Program Files (x86)\TechSmith\Snagit 10\Snagit32.exe (TechSmith Corporation -> TechSmith Corporation) Startup: C:\Users\xxx\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\An OneNote senden.lnk [2015-08-04] ShortcutTarget: An OneNote senden.lnk -> C:\Program Files\Microsoft Office\Office15\ONENOTEM.EXE (Microsoft Corporation -> Microsoft Corporation) Startup: C:\Users\xxx\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Citrix Receiver.lnk [2016-02-24] ShortcutTarget: Citrix Receiver.lnk -> C:\Program Files (x86)\Citrix\SelfServicePlugin\SelfServicePlugin.exe (Keine Datei) Startup: C:\Users\xxx\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Outlook 2013.lnk [2017-08-28] ShortcutTarget: Outlook 2013.lnk -> C:\Windows\Installer\{91150000-0011-0000-1000-0000000FF1CE}\outicon.exe (Microsoft Corporation -> ) Startup: C:\Users\xxx\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\StarLeaf Breeze.lnk [2016-11-11] ShortcutTarget: StarLeaf Breeze.lnk -> C:\Users\Michael\AppData\Local\StarLeaf\Breeze\Breeze.exe (Keine Datei) Startup: C:\Users\xxx\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SX Virtual Link.lnk [2014-12-19] ShortcutTarget: SX Virtual Link.lnk -> C:\Program Files\silex technology\SX Virtual Link\Connect.exe (silex technology, Inc. -> silex technology, Inc.) Startup: C:\Users\xxx\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Telegram.lnk [2014-12-22] ShortcutTarget: Telegram.lnk -> C:\Users\Michael\AppData\Roaming\Telegram Desktop\Telegram.exe (Telegram FZ-LLC -> Telegram FZ-LLC) GroupPolicy: Beschränkung ? <==== ACHTUNG ==================== Geplante Aufgaben (Nicht auf der Ausnahmeliste) ============ (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.) Task: {05EA894B-EB58-424B-B39B-116FA972E24E} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe [1626328 2014-01-23] (Microsoft Corporation -> Microsoft Corporation) Task: {12436D86-9FE5-43B5-8EEF-8B36BAD9437F} - System32\Tasks\DropboxUpdateTaskMachineCore => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2018-03-03] (Dropbox, Inc -> Dropbox, Inc.) Task: {27E52497-1F70-494F-9DCC-D68E86DDB66C} - System32\Tasks\G2MUpdateTask-S-1-5-21-2216129787-3453094354-8666996-1006 => C:\Users\Michael\AppData\Local\GoToMeeting\16576\g2mupdate.exe [32256 2020-01-24] (LogMeIn, Inc. -> LogMeIn, Inc.) Task: {32AB90BD-1B19-4379-A7E2-EF71AC6D6EAC} - \Microsoft\Windows\UNP\RunCampaignManager -> Keine Datei <==== ACHTUNG Task: {352E6CA0-7314-4DF4-89C4-682368D80D57} - System32\Tasks\Microsoft\Windows\Workplace Join\Automatic-Workplace-Join => C:\WINDOWS\System32\AutoWorkplace.exe Task: {378B6735-940E-45A5-A099-EF9C0F748DAD} - System32\Tasks\Microsoft\Windows\rempl\shell-usoscan => C:\Program Files\rempl\remsh.exe Task: {38695BBA-0242-471D-9FE8-E978079CF2F3} - System32\Tasks\Opera scheduled Autoupdate 1570723055 => C:\Users\Michael\AppData\Local\Programs\Opera\launcher.exe [1350680 2020-01-22] (Opera Software AS -> Opera Software) Task: {3DF6D6BF-DB8D-4F47-8528-5A6F26F92A24} - \Open URL by RoboForm -> Keine Datei <==== ACHTUNG Task: {3F7AC47F-7B75-468D-AE49-74588F9AF2D2} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\UpdateAssistant => C:\WINDOWS\UpdateAssistant\UpdateAssistant.exe [0 0000-00-00] (Microsoft Corporation) (Zugriff verweigert) Task: {3FCFA83B-A405-4B82-B0B1-58AE7B8E326D} - System32\Tasks\Adobe Flash Player NPAPI Notifier => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_32_0_0_321_Plugin.exe [1458232 2020-01-21] (Adobe Inc. -> Adobe) Task: {40CE5594-D783-4DBE-863F-E954EF84B661} - System32\Tasks\Run RoboForm TaskBar Icon => C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe Task: {449CD507-AFCC-422B-99BA-19038F0707C2} - System32\Tasks\AviraSystemSpeedupUpdate => C:\ProgramData\Avira\SystemSpeedup\Update\avira_speedup_setup_update.exe [27848432 2020-01-30] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG ) Task: {47843C54-CCE1-4E96-A4F7-D595D5AE0AFD} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [376496 2014-01-23] (Microsoft Corporation -> Microsoft Corporation) Task: {4BB105C1-E1E5-49A8-9569-10B8D147692E} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [144200 2015-08-04] (Google Inc -> Google Inc.) Task: {4F07498B-0E99-42B0-93F2-B3BA2991397B} - System32\Tasks\G2MUploadTask-S-1-5-21-2216129787-3453094354-8666996-1006 => C:\Users\Michael\AppData\Local\GoToMeeting\16576\g2mupload.exe [32256 2020-01-24] (LogMeIn, Inc. -> LogMeIn, Inc.) Task: {5A3FB241-0B11-4EA5-BC66-0D9F1B406040} - System32\Tasks\Microsoft\Windows\Customer Experience Improvement Program\BthSQM => {C8367320-6F85-11E0-A1F0-0800200C9A66} C:\WINDOWS\System32\BthTelemetry.dll [32256 2019-03-19] (Microsoft Windows -> Microsoft Corporation) Task: {60102B88-BA20-40A2-972A-E0C6C546EFDA} - System32\Tasks\Opera scheduled assistant Autoupdate 1571414292 => C:\Users\Michael\AppData\Local\Programs\Opera\launcher.exe [1350680 2020-01-22] (Opera Software AS -> Opera Software) Task: {6993C842-31C0-403D-838A-477A93071DA8} - System32\Tasks\G2MUpdateTask-S-1-5-21-1013316503-1690231437-2228150199-1155 => C:\Users\xxx\AppData\Local\GoToMeeting\8404\g2mupdate.exe [31808 2018-02-23] (LogMeIn, Inc. -> LogMeIn, Inc.) Task: {6C4B8525-2E8F-42BC-A95D-EB1364193D88} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1911.3-0\MpCmdRun.exe [469648 2019-12-07] (Microsoft Windows Publisher -> Microsoft Corporation) Task: {6DFCB649-0769-4F83-BB10-F60F235F6D3D} - System32\Tasks\Microsoft\Windows\SkyDrive\Idle Sync Maintenance Task => {BF6C1E47-86EC-4194-9CE5-13C15DCB2001} Task: {727986C7-E956-46B6-8689-566B1343AE03} - System32\Tasks\CreateChoiceProcessTask => C:\Windows\BrowserChoice\browserchoice.exe Task: {74502E3C-5697-4D3C-90B7-854664CF3912} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [144200 2015-08-04] (Google Inc -> Google Inc.) Task: {746BA52B-AED5-42D5-B354-F0DBF3A29971} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1911.3-0\MpCmdRun.exe [469648 2019-12-07] (Microsoft Windows Publisher -> Microsoft Corporation) Task: {767E57D2-0F24-415F-A737-106C8658282C} - System32\Tasks\HPCustParticipation HP LaserJet M101-M106 => C:\Program Files\HP\HP LaserJet M101-M106\Bin\HPCustPartic.exe [6658184 2017-04-27] (Hewlett Packard -> HP Inc.) Task: {83E6B72D-EF15-41AC-8332-1539C11A6743} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\UpdateAssistantWakeupRun => C:\WINDOWS\UpdateAssistant\UpdateAssistant.exe [0 0000-00-00] (Microsoft Corporation) (Zugriff verweigert) Task: {872D0E53-FD2E-41E3-B431-698AF82882CE} - System32\Tasks\Microsoft\Windows\SkyDrive\Routine Maintenance Task => {1B1F472E-3221-4826-97DB-2C2324D389AE} Task: {9C0E4A9E-FEFF-4EC6-85BB-341B91C798F2} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [376496 2014-01-23] (Microsoft Corporation -> Microsoft Corporation) Task: {A29A4B16-728D-4E48-A8E1-7331D530114E} - System32\Tasks\Microsoft\Windows\GroupPolicy\{3E0A038B-D834-4930-9981-E89C9BFF83AA} => C:\WINDOWS\system32\gpupdate.exe [29696 2019-03-19] (Microsoft Windows -> Microsoft Corporation) Task: {A43FB1C8-F623-4579-BAE8-D8EBAA91EA1E} - System32\Tasks\G2MUploadTask-S-1-5-21-1013316503-1690231437-2228150199-1155 => C:\Users\xxx\AppData\Local\GoToMeeting\8404\g2mupload.exe [31808 2018-02-23] (LogMeIn, Inc. -> LogMeIn, Inc.) Task: {A4E42F6D-B6F2-4032-98A3-8550B484EFDF} - System32\Tasks\Microsoft\Windows\Shell\FamilySafetyUpload => {EBF00FCB-0769-4B81-9BEC-6C05514111AA} Task: {A52BA8E7-4C33-4310-865D-079A379983B6} - System32\Tasks\Microsoft\Windows\GroupPolicy\{A7719E0F-10DB-4640-AD8C-490CC6AD5202} => C:\WINDOWS\system32\gpupdate.exe [29696 2019-03-19] (Microsoft Windows -> Microsoft Corporation) Task: {A74FA1CA-000D-473E-8819-F90580528360} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1911.3-0\MpCmdRun.exe [469648 2019-12-07] (Microsoft Windows Publisher -> Microsoft Corporation) Task: {AB001086-5853-4303-8E5A-71357834D0DD} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1911.3-0\MpCmdRun.exe [469648 2019-12-07] (Microsoft Windows Publisher -> Microsoft Corporation) Task: {AF6BA8A7-9675-4BE5-8F55-1A9E1063A6C6} - System32\Tasks\DropboxUpdateTaskMachineUA => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2018-03-03] (Dropbox, Inc -> Dropbox, Inc.) Task: {C6C3C854-50CB-459C-A56D-192379BAA19B} - System32\Tasks\CreateExplorerShellUnelevatedTask => C:\WINDOWS\Explorer.EXE /NOUACCHECK Task: {CE2DE968-E342-40D7-9566-427D45E4A886} - System32\Tasks\Microsoft\Windows\PerfTrack\BackgroundConfigSurveyor => {EA9155A3-8A39-40B4-8963-D3C761B18371} Task: {DCACECB0-BFE8-4C3E-AC08-CA8F904DA6E0} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [335416 2020-01-21] (Adobe Inc. -> Adobe) Task: {E881479F-0ADD-488A-98E5-E3BB1E56FABD} - System32\Tasks\TrackerAutoUpdate => C:\Program Files\Tracker Software\Update\TrackerUpdate.exe [4630208 2016-11-28] (Tracker Software Products (Canada) Ltd -> Tracker Software Products (Canada) Ltd.) Task: {F4C8C1AB-D6F2-415E-AB9B-4FC2F8329697} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\UpdateAssistantCalendarRun => C:\WINDOWS\UpdateAssistant\UpdateAssistant.exe [0 0000-00-00] (Microsoft Corporation) (Zugriff verweigert) Task: {F8391A59-C7FB-4672-A308-1EDD7A65CC55} - System32\Tasks\Avira_Security_Update => C:\Program Files (x86)\Avira\Security\Avira.Spotlight.Common.Updater.exe [226512 2020-01-22] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG) (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Aufgabe verschoben. Die Datei, die durch die Aufgabe gestartet wird, wird nicht verschoben.) Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineCore.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineUA.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe Task: C:\WINDOWS\Tasks\G2MUpdateTask-S-1-5-21-1013316503-1690231437-2228150199-1155.job => C:\Users\xxx\AppData\Local\GoToMeeting\8404\g2mupdate.exe Task: C:\WINDOWS\Tasks\G2MUpdateTask-S-1-5-21-2216129787-3453094354-8666996-1006.job => C:\Users\Michael\AppData\Local\GoToMeeting\16576\g2mupdate.exe Task: C:\WINDOWS\Tasks\G2MUploadTask-S-1-5-21-1013316503-1690231437-2228150199-1155.job => C:\Users\xxx\AppData\Local\GoToMeeting\8404\g2mupload.exe Task: C:\WINDOWS\Tasks\G2MUploadTask-S-1-5-21-2216129787-3453094354-8666996-1006.job => C:\Users\Michael\AppData\Local\GoToMeeting\16576\g2mupload.exe Task: C:\WINDOWS\Tasks\TrackerAutoUpdate.job => C:\Program Files\Tracker Software\Update\TrackerUpdate.exe-CheckUpdate(Tracker Software Products (Canada) Ltd.Kee ==================== Internet (Nicht auf der Ausnahmeliste) ==================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Eintrag entfernt oder auf den Standardwert zurückgesetzt, wenn es sich um einen Registryeintrag handelt.) Tcpip\Parameters: [DhcpNameServer] 192.168.178.1 Tcpip\..\Interfaces\{0870edde-a074-40a6-8ce3-e97f27791aa8}: [DhcpNameServer] 192.168.178.1 Tcpip\..\Interfaces\{5fc5dc9a-0860-4eba-91af-6b83c6085645}: [DhcpNameServer] 192.168.44.1 Tcpip\..\Interfaces\{720b8e4b-a57e-4978-a4f2-180187041341}: [DhcpNameServer] 10.0.0.5 10.0.0.1 Tcpip\..\Interfaces\{bf6de677-06e8-4870-aa04-c38dbce56565}: [DhcpNameServer] 192.168.178.1 Internet Explorer: ================== SearchScopes: HKLM -> DefaultScope {2BEB8D3A-B24F-4284-BBD8-B6B30EC1F64E} URL = SearchScopes: HKU\S-1-5-21-2216129787-3453094354-8666996-1006 -> DefaultScope {2BEB8D3A-B24F-4284-BBD8-B6B30EC1F64E} URL = BHO: SnagIt Toolbar Loader -> {00C6482D-C502-44C8-8409-FCE54AD9C208} -> C:\Program Files (x86)\TechSmith\Snagit 10\DLLx64\SnagitBHO64.dll [2011-11-08] (TechSmith Corporation -> TechSmith Corporation) BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll [2019-07-18] (Microsoft Corporation -> Microsoft Corporation) BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL [2018-05-15] (Microsoft Corporation -> Microsoft Corporation) BHO-x32: SnagIt Toolbar Loader -> {00C6482D-C502-44C8-8409-FCE54AD9C208} -> C:\Program Files (x86)\TechSmith\Snagit 10\SnagitBHO.dll [2011-11-08] (TechSmith Corporation -> TechSmith Corporation) BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll [2019-07-18] (Microsoft Corporation -> Microsoft Corporation) BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_231\bin\ssv.dll [2019-10-20] (Oracle America, Inc. -> Oracle Corporation) BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL [2018-05-15] (Microsoft Corporation -> Microsoft Corporation) BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_231\bin\jp2ssv.dll [2019-10-20] (Oracle America, Inc. -> Oracle Corporation) Toolbar: HKLM - Snagit - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files (x86)\TechSmith\Snagit 10\DLLx64\SnagitIEAddin64.dll [2011-11-08] (TechSmith Corporation -> TechSmith Corporation) Toolbar: HKLM-x32 - Snagit - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files (x86)\TechSmith\Snagit 10\SnagitIEAddin.dll [2011-11-08] (TechSmith Corporation -> TechSmith Corporation) DPF: HKLM-x32 {A4150320-98EC-4DB6-9BFB-EBF4B6FBEB16} hxxp://10.0.0.239/codebase/DVM_IPCam2.ocx Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL [2017-08-15] (Microsoft Corporation -> Microsoft Corporation) Filter-x32: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2014-09-03] (Citrix Systems, Inc. -> Citrix Systems, Inc.) Filter-x32: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2014-09-03] (Citrix Systems, Inc. -> Citrix Systems, Inc.) Filter-x32: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2014-09-03] (Citrix Systems, Inc. -> Citrix Systems, Inc.) Filter-x32: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2014-09-03] (Citrix Systems, Inc. -> Citrix Systems, Inc.) Filter-x32: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2014-09-03] (Citrix Systems, Inc. -> Citrix Systems, Inc.) Filter-x32: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2014-09-03] (Citrix Systems, Inc. -> Citrix Systems, Inc.) Filter-x32: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2014-09-03] (Citrix Systems, Inc. -> Citrix Systems, Inc.) Filter-x32: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2014-09-03] (Citrix Systems, Inc. -> Citrix Systems, Inc.) Filter-x32: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2014-09-03] (Citrix Systems, Inc. -> Citrix Systems, Inc.) Filter-x32: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2014-09-03] (Citrix Systems, Inc. -> Citrix Systems, Inc.) Filter-x32: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2014-09-03] (Citrix Systems, Inc. -> Citrix Systems, Inc.) Filter-x32: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2014-09-03] (Citrix Systems, Inc. -> Citrix Systems, Inc.) Filter-x32: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2014-09-03] (Citrix Systems, Inc. -> Citrix Systems, Inc.) Filter-x32: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2014-09-03] (Citrix Systems, Inc. -> Citrix Systems, Inc.) Filter-x32: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2014-09-03] (Citrix Systems, Inc. -> Citrix Systems, Inc.) Filter-x32: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2014-09-03] (Citrix Systems, Inc. -> Citrix Systems, Inc.) FireFox: ======== FF DefaultProfile: 7x1ny61f.default-1571561941413 FF ProfilePath: C:\Users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\7x1ny61f.default-1571561941413 [2020-01-30] FF user.js: detected! => C:\Users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\7x1ny61f.default-1571561941413\user.js [2019-12-01] FF Notifications: Mozilla\Firefox\Profiles\7x1ny61f.default-1571561941413 -> hxxps://www.youtube.com; hxxps://www.finanzen.net; hxxps://www.marktjagd.de; hxxps://www.aerzteblatt.de FF NewTabOverride: Mozilla\Firefox\Profiles\7x1ny61f.default-1571561941413 -> Disabled: mailcheck@gmx.net FF NewTabOverride: Mozilla\Firefox\Profiles\7x1ny61f.default-1571561941413 -> Enabled: keefox@chris.tomlinson FF Extension: (German Dictionary) - C:\Users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\7x1ny61f.default-1571561941413\Extensions\de-DE@dictionaries.addons.mozilla.org.xpi [2019-10-25] [ist nicht signiert] FF Extension: (Kee - Password Manager) - C:\Users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\7x1ny61f.default-1571561941413\Extensions\keefox@chris.tomlinson.xpi [2019-10-20] FF Extension: (GMX MailCheck) - C:\Users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\7x1ny61f.default-1571561941413\Extensions\mailcheck@gmx.net.xpi [2019-12-26] [UpdateUrl:hxxps://dl.gmx.net/mailcheck/firefox/updates.json] FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_32_0_0_321.dll [2020-01-21] (Adobe Inc. -> ) FF Plugin: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll [2014-10-28] (Tracker Software Products (Canada) Ltd -> Tracker Software Products (Canada) Ltd.) FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.50918.0\npctrl.dll [2018-10-23] (Microsoft Corporation -> Microsoft Corporation) FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~1\Office15\NPSPWRAP.DLL [2014-01-23] (Microsoft Corporation -> Microsoft Corporation) FF Plugin: @tracker-software.com/PDF-XChange Editor Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Editor\npPDFXEditPlugin.x64.dll [2016-11-28] (Tracker Software Products (Canada) Ltd -> Tracker Software Products (Canada) Ltd.) FF Plugin: @tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll [2014-10-28] (Tracker Software Products (Canada) Ltd -> Tracker Software Products (Canada) Ltd.) FF Plugin: @videolan.org/vlc,version=2.2.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [Keine Datei] FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_32_0_0_321.dll [2020-01-21] (Adobe Inc. -> ) FF Plugin-x32: @Citrix.com/npican -> C:\Program Files (x86)\Citrix\ICA Client\npicaN.dll [2014-09-03] (Citrix Systems, Inc. -> Citrix Systems, Inc.) FF Plugin-x32: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll [2014-10-28] (Tracker Software Products (Canada) Ltd -> Tracker Software Products (Canada) Ltd.) FF Plugin-x32: @google.com/sewebplugin -> C:\Windows\system32\npsewebplugin.dll [Keine Datei] FF Plugin-x32: @java.com/DTPlugin,version=11.231.2 -> C:\Program Files (x86)\Java\jre1.8.0_231\bin\dtplugin\npDeployJava1.dll [2019-10-20] (Oracle America, Inc. -> Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=11.231.2 -> C:\Program Files (x86)\Java\jre1.8.0_231\bin\plugin2\npjp2.dll [2019-10-20] (Oracle America, Inc. -> Oracle Corporation) FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2016-07-19] (Microsoft Corporation -> Microsoft Corporation) FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.50918.0\npctrl.dll [2018-10-23] (Microsoft Corporation -> Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL [2014-01-21] (Microsoft Corporation -> Microsoft Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.35.422\npGoogleUpdate3.dll [2019-12-15] (Google LLC -> Google LLC) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.35.422\npGoogleUpdate3.dll [2019-12-15] (Google LLC -> Google LLC) FF Plugin-x32: @tracker-software.com/PDF-XChange Editor Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Editor\npPDFXEditPlugin.x86.dll [2016-11-28] (Tracker Software Products (Canada) Ltd -> Tracker Software Products (Canada) Ltd.) FF Plugin-x32: @tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll [2014-10-28] (Tracker Software Products (Canada) Ltd -> Tracker Software Products (Canada) Ltd.) FF Plugin HKU\.DEFAULT: @tracker-software.com/PDF-XChange Editor Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Editor\npPDFXEditPlugin.x64.dll [2016-11-28] (Tracker Software Products (Canada) Ltd -> Tracker Software Products (Canada) Ltd.) Chrome: ======= CHR Profile: C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default [2020-01-30] CHR StartupUrls: Default -> "hxxp://www.google.de/" CHR Extension: (Präsentationen) - C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2018-03-02] CHR Extension: (Docs) - C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2018-03-02] CHR Extension: (Google Drive) - C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2018-03-02] CHR Extension: (YouTube) - C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2018-03-02] CHR Extension: (Avira Password Manager) - C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\caljgklbbfbcjjanaijlacgncafpegll [2020-01-21] CHR Extension: (Tabellen) - C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2018-03-02] CHR Extension: (Google Docs Offline) - C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2020-01-21] CHR Extension: (Chrome Web Store-Zahlungen) - C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2019-10-10] CHR Extension: (Google Mail) - C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2019-05-28] CHR Extension: (Chrome Media Router) - C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2020-01-21] CHR HKLM\...\Chrome\Extension: [caljgklbbfbcjjanaijlacgncafpegll] CHR HKLM\...\Chrome\Extension: [ccbpbkebodcjkknkfkpmfeciinhidaeh] CHR HKLM-x32\...\Chrome\Extension: [caljgklbbfbcjjanaijlacgncafpegll] CHR HKLM-x32\...\Chrome\Extension: [ccbpbkebodcjkknkfkpmfeciinhidaeh] ==================== Dienste (Nicht auf der Ausnahmeliste) =================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.) R2 AAV UpdateService; C:\Program Files (x86)\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe [128296 2008-10-24] (Wolters Kluwer Deutschland GmbH -> ) R2 ABBYY.Licensing.FineReader.Corporate.11.0; C:\Program Files (x86)\Common Files\ABBYY\FineReader\11.00\Licensing\CE\NetworkLicenseServer.exe [819976 2011-08-18] (ABBYY SOLUTIONS LIMITED -> ABBYY) R2 ABBYY.Licensing.FineReader.Professional.9.0; C:\Program Files (x86)\Common Files\ABBYY\FineReader\9.00\Licensing\PE\NetworkLicenseServer.exe [759072 2008-05-16] (ABBYY Software House -> ABBYY (BIT Software)) R2 Avira.ServiceHost; C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe [617520 2020-01-15] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG) R2 AviraOptimizerHost; C:\Program Files (x86)\Avira\Optimizer Host\Avira.OptimizerHost.exe [2989888 2020-01-20] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG) R2 AviraPhantomVPN; C:\Program Files (x86)\Avira\VPN\Avira.VpnService.exe [379624 2020-01-08] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG) R2 AviraSecurity; C:\Program Files (x86)\Avira\Security\Avira.Spotlight.Service.exe [240408 2020-01-22] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG) R2 AviraUpdaterService; C:\Program Files (x86)\Avira\SoftwareUpdater\Avira.SoftwareUpdater.ServiceHost.exe [150648 2019-12-23] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG) R2 cbVSCService11; C:\Program Files (x86)\Cobian Backup 11\cbVSCService11.exe [67584 2013-03-07] (CobianSoft, Luis Cobian) [Datei ist nicht signiert] R2 CobianBackup11; C:\Program Files (x86)\Cobian Backup 11\cbService.exe [1131008 2013-03-07] (Luis Cobian, CobianSoft) [Datei ist nicht signiert] S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2018-03-03] (Dropbox, Inc -> Dropbox, Inc.) S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2018-03-03] (Dropbox, Inc -> Dropbox, Inc.) R2 DbxSvc; C:\WINDOWS\system32\DbxSvc.exe [44552 2020-01-23] (Dropbox, Inc -> Dropbox, Inc.) R2 EsgShKernel; C:\Program Files\EnigmaSoft\SpyHunter\ShKernel.exe [11780320 2020-01-30] (EnigmaSoft Limited -> EnigmaSoft Limited) R2 FJTWMKSV; C:\Windows\twain_32\fjscan32\FJTWMKSV.exe [36864 2011-07-20] (PFU LIMITED) [Datei ist nicht signiert] R2 ibtsiva; C:\WINDOWS\system32\ibtsiva.exe [515768 2017-04-13] (Intel(R) Wireless Connectivity Solutions -> Intel Corporation) S2 IntelAudioService; C:\WINDOWS\system32\cAVS\Intel(R) Audio Service\IntelAudioService.exe [356848 2019-09-04] (Smart Sound Technology -> Intel) S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [268704 2017-03-21] (Intel Corporation-Wireless Connectivity Solutions -> ) R2 RtkAudioUniversalService; C:\WINDOWS\System32\RtkAudUService64.exe [878368 2019-05-30] (Realtek Semiconductor Corp. -> Realtek Semiconductor) S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [5796168 2019-09-12] (Microsoft Windows Publisher -> Microsoft Corporation) R2 ShMonitor; C:\Program Files\EnigmaSoft\SpyHunter\ShMonitor.exe [519904 2020-01-30] (EnigmaSoft Limited -> EnigmaSoft Limited) R2 ss_conn_service; C:\Program Files (x86)\Samsung\USB Drivers\27_ssconn\conn\ss_conn_service.exe [752224 2017-01-16] (Samsung Electronics CO., LTD. -> DEVGURU Co., LTD.) R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [13172752 2020-01-22] (TeamViewer Germany GmbH -> TeamViewer Germany GmbH) R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1911.3-0\NisSrv.exe [3206472 2019-12-07] (Microsoft Windows Publisher -> Microsoft Corporation) R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1911.3-0\MsMpEng.exe [103376 2019-12-07] (Microsoft Windows Publisher -> Microsoft Corporation) R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3750304 2017-03-21] (Intel Corporation-Wireless Connectivity Solutions -> Intel® Corporation) ===================== Treiber (Nicht auf der Ausnahmeliste) =================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.) S3 dg_ssudbus; C:\WINDOWS\system32\DRIVERS\ssudbus.sys [131712 2017-01-16] (Samsung Electronics CO., LTD. -> Samsung Electronics Co., Ltd.) R3 EnigmaFileMonDriver; C:\WINDOWS\System32\drivers\EnigmaFileMonDriver.sys [68424 2020-01-30] (EnigmaSoft Limited -> EnigmaSoft Limited) R3 ibtusb; C:\WINDOWS\system32\DRIVERS\ibtusb.sys [129032 2017-04-13] (Intel(R) Wireless Connectivity Solutions -> Intel Corporation) R3 IntcAudioBus; C:\WINDOWS\System32\drivers\IntcAudioBus.sys [277192 2019-09-04] (Smart Sound Technology -> Intel(R) Corporation) R3 IntcOED; C:\WINDOWS\System32\drivers\IntcOED.sys [849792 2019-09-04] (Smart Sound Technology -> Intel(R) Corporation) S3 ITECIRfilter; C:\WINDOWS\system32\DRIVERS\ITECIRfilter.sys [36560 2015-11-24] (ITE Tech. Inc. -> ITE Tech. Inc. ) S3 Netwtw06; C:\WINDOWS\System32\drivers\Netwtw06.sys [8723968 2019-03-19] (Microsoft Windows -> Intel Corporation) R3 phantomtap; C:\WINDOWS\System32\drivers\phantomtap.sys [45056 2020-01-08] (Avira Operations GmbH & Co. KG -> The OpenVPN Project) R3 RSP2STOR; C:\WINDOWS\system32\DRIVERS\RtsP2Stor.sys [356344 2019-05-15] (Realtek Semiconductor Corp. -> Realtek Semiconductor Corp.) S3 ssudmdm; C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [165504 2017-01-16] (Samsung Electronics CO., LTD. -> Samsung Electronics Co., Ltd.) R2 sxuptp; C:\WINDOWS\System32\drivers\sxuptp.sys [310496 2014-12-19] (silex technology, Inc. -> silex technology, Inc.) S0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [45664 2019-12-07] (Microsoft Windows Early Launch Anti-Malware Publisher -> Microsoft Corporation) R0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [355760 2019-12-07] (Microsoft Windows -> Microsoft Corporation) R3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [54192 2019-12-07] (Microsoft Windows -> Microsoft Corporation) ==================== NetSvcs (Nicht auf der Ausnahmeliste) =================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.) ==================== Ein Monat (erstellte) =================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.) 2020-01-30 20:07 - 2020-01-30 20:07 - 000074828 _____ C:\Users\Michael\Desktop\FRST2.txt 2020-01-30 20:07 - 2020-01-30 20:07 - 000068825 _____ C:\Users\Michael\Downloads\Addition2.txt 2020-01-30 18:39 - 2020-01-30 18:39 - 000075339 _____ C:\Users\Michael\Downloads\FRST1.txt 2020-01-30 18:36 - 2020-01-30 20:05 - 000068825 _____ C:\Users\Michael\Downloads\Addition.txt 2020-01-30 18:35 - 2020-01-30 20:43 - 000044643 _____ C:\Users\Michael\Downloads\FRST.txt 2020-01-30 18:33 - 2020-01-30 20:43 - 000000000 ____D C:\FRST 2020-01-30 18:33 - 2020-01-30 18:33 - 002581504 _____ (Farbar) C:\Users\Michael\Downloads\FRST64.exe 2020-01-30 18:14 - 2020-01-30 18:14 - 000021407 _____ C:\Users\Michael\Desktop\Aufwandsübersicht_2020_01_29.xlsm 2020-01-30 17:47 - 2020-01-30 17:47 - 000003562 _____ C:\WINDOWS\system32\Tasks\Avira_Security_Update 2020-01-30 17:47 - 2020-01-30 17:47 - 000000000 ____D C:\Users\Public\Security Sessions 2020-01-30 17:43 - 2020-01-30 17:43 - 000003780 _____ C:\WINDOWS\system32\Tasks\AviraSystemSpeedupUpdate 2020-01-30 17:43 - 2020-01-30 17:43 - 000000000 ____D C:\Users\Public\Speedup Sessions 2020-01-30 17:42 - 2020-01-30 20:38 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira 2020-01-30 17:42 - 2020-01-30 20:38 - 000000000 ____D C:\ProgramData\Avira 2020-01-30 17:42 - 2020-01-30 17:42 - 000001261 _____ C:\Users\Public\Desktop\Avira.lnk 2020-01-30 17:42 - 2020-01-30 17:42 - 000001261 _____ C:\ProgramData\Desktop\Avira.lnk 2020-01-30 17:40 - 2020-01-30 17:41 - 003837048 _____ (Avira Operations GmbH & Co. KG) C:\Users\Michael\Downloads\avira_de_sptl1_1399270432-1580402456__pantivirws-spotlight-release.exe 2020-01-30 17:39 - 2020-01-30 20:39 - 000068424 _____ (EnigmaSoft Limited) C:\WINDOWS\system32\Drivers\EnigmaFileMonDriver.sys 2020-01-30 17:39 - 2020-01-30 17:39 - 000001055 _____ C:\Users\Public\Desktop\SpyHunter5.lnk 2020-01-30 17:39 - 2020-01-30 17:39 - 000001055 _____ C:\ProgramData\Desktop\SpyHunter5.lnk 2020-01-30 17:39 - 2020-01-30 17:39 - 000000000 ____D C:\sh5ldr 2020-01-30 17:39 - 2020-01-30 17:39 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EnigmaSoft 2020-01-30 17:39 - 2020-01-30 17:39 - 000000000 ____D C:\ProgramData\EnigmaSoft Limited 2020-01-30 17:39 - 2020-01-30 17:39 - 000000000 ____D C:\Program Files\EnigmaSoft 2020-01-30 17:38 - 2020-01-30 17:38 - 006946736 _____ (EnigmaSoft Limited) C:\Users\Michael\Downloads\sh-remover.exe 2020-01-29 18:23 - 2020-01-30 09:27 - 000000000 ____D C:\Program Files (x86)\Mozilla Thunderbird 2020-01-24 11:57 - 2020-01-24 11:57 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox 2020-01-23 16:20 - 2020-01-23 16:20 - 001106896 ____N C:\Users\Michael\Desktop\Wintergarten1.pdf 2020-01-23 16:19 - 2020-01-23 16:19 - 000131623 ____N C:\Users\Michael\Desktop\26.pdf 2020-01-23 16:18 - 2020-01-23 16:18 - 000079456 ____N C:\Users\Michael\Desktop\25.pdf 2020-01-23 10:15 - 2020-01-23 10:15 - 000900674 ____N C:\Users\Michael\Desktop\Wintergarten Copy.pdf 2020-01-23 10:14 - 2020-01-23 10:14 - 000280605 ____N C:\Users\Michael\Desktop\24.pdf 2020-01-23 09:52 - 2020-01-23 09:52 - 000341303 ____N C:\Users\Michael\Desktop\Wintergarten.pdf 2020-01-23 09:52 - 2020-01-23 09:52 - 000282023 ____N C:\Users\Michael\Desktop\23.pdf 2020-01-23 00:24 - 2020-01-23 00:24 - 000047600 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-stable.sys 2020-01-23 00:24 - 2020-01-23 00:24 - 000047600 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-dev.sys 2020-01-23 00:24 - 2020-01-23 00:24 - 000047600 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-canary.sys 2020-01-23 00:24 - 2020-01-23 00:24 - 000044552 _____ (Dropbox, Inc.) C:\WINDOWS\system32\DbxSvc.exe 2020-01-21 10:35 - 2020-01-21 10:36 - 003318440 ____N (Dominik Reichl ) C:\Users\Michael\Downloads\KeePass-2.44-Setup.exe 2020-01-21 09:08 - 2020-01-29 21:37 - 000000000 ____D C:\Program Files (x86)\Mozilla Firefox 2020-01-20 18:35 - 2020-01-20 18:35 - 000028583 ____N C:\Users\Michael\Desktop\1Rechnung2020 (4).pdf 2020-01-20 18:34 - 2020-01-20 18:34 - 000028591 ____N C:\Users\Michael\Desktop\1Rechnung2020 (3).pdf 2020-01-20 18:32 - 2020-01-20 18:32 - 000028550 ____N C:\Users\Michael\Desktop\1Rechnung2020 (2).pdf 2020-01-20 18:31 - 2020-01-20 18:31 - 000028553 ____N C:\Users\Michael\Desktop\1Rechnung2020 (1).pdf 2020-01-20 18:29 - 2020-01-20 18:29 - 000028553 ____N C:\Users\Michael\Desktop\1Rechnung2020.pdf 2020-01-20 15:57 - 2020-01-20 15:57 - 000001283 ____N C:\Users\Michael\Desktop\Google Chrome.lnk 2020-01-20 08:41 - 2020-01-20 08:41 - 000000000 ____D C:\Users\Michael\opera autoupdate 2020-01-17 09:35 - 2020-01-17 09:35 - 025900032 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll 2020-01-17 09:35 - 2020-01-17 09:35 - 025444352 _____ (Microsoft Corporation) C:\WINDOWS\system32\Hydrogen.dll 2020-01-17 09:35 - 2020-01-17 09:35 - 022627840 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll 2020-01-17 09:35 - 2020-01-17 09:35 - 019849216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll 2020-01-17 09:35 - 2020-01-17 09:35 - 018020352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll 2020-01-17 09:35 - 2020-01-17 09:35 - 009928208 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe 2020-01-17 09:35 - 2020-01-17 09:35 - 008012800 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstscax.dll 2020-01-17 09:35 - 2020-01-17 09:35 - 007754752 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll 2020-01-17 09:35 - 2020-01-17 09:35 - 007600448 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll 2020-01-17 09:35 - 2020-01-17 09:35 - 007016448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstscax.dll 2020-01-17 09:35 - 2020-01-17 09:35 - 006520480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll 2020-01-17 09:35 - 2020-01-17 09:35 - 005913600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll 2020-01-17 09:35 - 2020-01-17 09:35 - 003729408 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys 2020-01-17 09:35 - 2020-01-17 09:35 - 003703296 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll 2020-01-17 09:35 - 2020-01-17 09:35 - 003263488 _____ (Microsoft Corporation) C:\WINDOWS\system32\tquery.dll 2020-01-17 09:35 - 2020-01-17 09:35 - 002870784 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssrch.dll 2020-01-17 09:35 - 2020-01-17 09:35 - 002801152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys 2020-01-17 09:35 - 2020-01-17 09:35 - 002716672 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys 2020-01-17 09:35 - 2020-01-17 09:35 - 002561536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tquery.dll 2020-01-17 09:35 - 2020-01-17 09:35 - 002494464 _____ (Microsoft Corporation) C:\WINDOWS\system32\msmpeg2vdec.dll 2020-01-17 09:35 - 2020-01-17 09:35 - 002473976 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinapi.appcore.dll 2020-01-17 09:35 - 2020-01-17 09:35 - 002305536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssrch.dll 2020-01-17 09:35 - 2020-01-17 09:35 - 001985928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinapi.appcore.dll 2020-01-17 09:35 - 2020-01-17 09:35 - 001835008 _____ (Microsoft Corporation) C:\WINDOWS\system32\enterprisecsps.dll 2020-01-17 09:35 - 2020-01-17 09:35 - 001697280 _____ (Microsoft Corporation) C:\WINDOWS\system32\GdiPlus.dll 2020-01-17 09:35 - 2020-01-17 09:35 - 001664896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\user32.dll 2020-01-17 09:35 - 2020-01-17 09:35 - 001655880 _____ (Microsoft Corporation) C:\WINDOWS\system32\user32.dll 2020-01-17 09:35 - 2020-01-17 09:35 - 001610752 _____ (Microsoft Corporation) C:\WINDOWS\system32\HologramCompositor.dll 2020-01-17 09:35 - 2020-01-17 09:35 - 001458688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GdiPlus.dll 2020-01-17 09:35 - 2020-01-17 09:35 - 001399096 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvix64.exe 2020-01-17 09:35 - 2020-01-17 09:35 - 001330952 _____ (Microsoft Corporation) C:\WINDOWS\system32\crypt32.dll 2020-01-17 09:35 - 2020-01-17 09:35 - 001151816 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmpeg2srcsnk.dll 2020-01-17 09:35 - 2020-01-17 09:35 - 001106944 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Streaming.dll 2020-01-17 09:35 - 2020-01-17 09:35 - 001098720 _____ (Microsoft Corporation) C:\WINDOWS\system32\DolbyDecMFT.dll 2020-01-17 09:35 - 2020-01-17 09:35 - 001072952 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvax64.exe 2020-01-17 09:35 - 2020-01-17 09:35 - 001051664 _____ (Microsoft Corporation) C:\WINDOWS\system32\pidgenx.dll 2020-01-17 09:35 - 2020-01-17 09:35 - 001020032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\crypt32.dll 2020-01-17 09:35 - 2020-01-17 09:35 - 000921600 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Management.dll 2020-01-17 09:35 - 2020-01-17 09:35 - 000896512 _____ (Microsoft Corporation) C:\WINDOWS\system32\MdmDiagnostics.dll 2020-01-17 09:35 - 2020-01-17 09:35 - 000852480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Streaming.dll 2020-01-17 09:35 - 2020-01-17 09:35 - 000851456 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchIndexer.exe 2020-01-17 09:35 - 2020-01-17 09:35 - 000842752 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll 2020-01-17 09:35 - 2020-01-17 09:35 - 000701440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Mirage.Internal.dll 2020-01-17 09:35 - 2020-01-17 09:35 - 000689664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll 2020-01-17 09:35 - 2020-01-17 09:35 - 000678712 _____ (Microsoft Corporation) C:\WINDOWS\system32\StructuredQuery.dll 2020-01-17 09:35 - 2020-01-17 09:35 - 000673792 _____ (Microsoft Corporation) C:\WINDOWS\system32\wiaaut.dll 2020-01-17 09:35 - 2020-01-17 09:35 - 000671232 _____ (Microsoft Corporation) C:\WINDOWS\system32\wiaservc.dll 2020-01-17 09:35 - 2020-01-17 09:35 - 000670720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchIndexer.exe 2020-01-17 09:35 - 2020-01-17 09:35 - 000646144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Internal.Management.dll 2020-01-17 09:35 - 2020-01-17 09:35 - 000571392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wiaaut.dll 2020-01-17 09:35 - 2020-01-17 09:35 - 000550400 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys 2020-01-17 09:35 - 2020-01-17 09:35 - 000542496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\StructuredQuery.dll 2020-01-17 09:35 - 2020-01-17 09:35 - 000432256 _____ (Microsoft Corporation) C:\WINDOWS\system32\tsmf.dll 2020-01-17 09:35 - 2020-01-17 09:35 - 000401408 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchProtocolHost.exe 2020-01-17 09:35 - 2020-01-17 09:35 - 000400696 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\clfs.sys 2020-01-17 09:35 - 2020-01-17 09:35 - 000392192 _____ (Microsoft Corporation) C:\WINDOWS\system32\Search.ProtocolHandler.MAPI2.dll 2020-01-17 09:35 - 2020-01-17 09:35 - 000379392 _____ (Microsoft Corporation) C:\WINDOWS\system32\provengine.dll 2020-01-17 09:35 - 2020-01-17 09:35 - 000368128 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssvp.dll 2020-01-17 09:35 - 2020-01-17 09:35 - 000363840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tsmf.dll 2020-01-17 09:35 - 2020-01-17 09:35 - 000336384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchProtocolHost.exe 2020-01-17 09:35 - 2020-01-17 09:35 - 000329216 _____ (Microsoft Corporation) C:\WINDOWS\system32\DiagnosticLogCSP.dll 2020-01-17 09:35 - 2020-01-17 09:35 - 000324096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32k.sys 2020-01-17 09:35 - 2020-01-17 09:35 - 000321536 _____ (Microsoft Corporation) C:\WINDOWS\system32\sti.dll 2020-01-17 09:35 - 2020-01-17 09:35 - 000317440 _____ (Microsoft Corporation) C:\WINDOWS\system32\ConhostV1.dll 2020-01-17 09:35 - 2020-01-17 09:35 - 000299520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssvp.dll 2020-01-17 09:35 - 2020-01-17 09:35 - 000294400 _____ (Microsoft Corporation) C:\WINDOWS\system32\provops.dll 2020-01-17 09:35 - 2020-01-17 09:35 - 000283136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Search.ProtocolHandler.MAPI2.dll 2020-01-17 09:35 - 2020-01-17 09:35 - 000271872 _____ (Microsoft Corporation) C:\WINDOWS\system32\provhandlers.dll 2020-01-17 09:35 - 2020-01-17 09:35 - 000240640 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchFilterHost.exe 2020-01-17 09:35 - 2020-01-17 09:35 - 000233472 _____ (Microsoft Corporation) C:\WINDOWS\system32\KnobsCore.dll 2020-01-17 09:35 - 2020-01-17 09:35 - 000232448 _____ (Microsoft Corporation) C:\WINDOWS\system32\provisioningcsp.dll 2020-01-17 09:35 - 2020-01-17 09:35 - 000227840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sti.dll 2020-01-17 09:35 - 2020-01-17 09:35 - 000223232 _____ (Microsoft Corporation) C:\WINDOWS\system32\tssrvlic.dll 2020-01-17 09:35 - 2020-01-17 09:35 - 000211968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchFilterHost.exe 2020-01-17 09:35 - 2020-01-17 09:35 - 000206336 _____ (Microsoft Corporation) C:\WINDOWS\system32\sti_ci.dll 2020-01-17 09:35 - 2020-01-17 09:35 - 000204800 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssph.dll 2020-01-17 09:35 - 2020-01-17 09:35 - 000162696 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmcmnutils.dll 2020-01-17 09:35 - 2020-01-17 09:35 - 000160768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssph.dll 2020-01-17 09:35 - 2020-01-17 09:35 - 000148992 _____ (Microsoft Corporation) C:\WINDOWS\system32\MDMAppInstaller.exe 2020-01-17 09:35 - 2020-01-17 09:35 - 000147456 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssprxy.dll 2020-01-17 09:35 - 2020-01-17 09:35 - 000145920 _____ (Microsoft Corporation) C:\WINDOWS\system32\wiadss.dll 2020-01-17 09:35 - 2020-01-17 09:35 - 000132096 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tsusbhub.sys 2020-01-17 09:35 - 2020-01-17 09:35 - 000128512 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssitlb.dll 2020-01-17 09:35 - 2020-01-17 09:35 - 000127520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dmcmnutils.dll 2020-01-17 09:35 - 2020-01-17 09:35 - 000127064 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32u.dll 2020-01-17 09:35 - 2020-01-17 09:35 - 000123904 _____ (Microsoft Corporation) C:\WINDOWS\system32\cryptcatsvc.dll 2020-01-17 09:35 - 2020-01-17 09:35 - 000120320 _____ (Microsoft Corporation) C:\WINDOWS\system32\KnobsCsp.dll 2020-01-17 09:35 - 2020-01-17 09:35 - 000119808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wiadss.dll 2020-01-17 09:35 - 2020-01-17 09:35 - 000113152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssitlb.dll 2020-01-17 09:35 - 2020-01-17 09:35 - 000102400 _____ (Microsoft Corporation) C:\WINDOWS\system32\NFCProvisioningPlugin.dll 2020-01-17 09:35 - 2020-01-17 09:35 - 000097280 _____ (Microsoft Corporation) C:\WINDOWS\system32\provdatastore.dll 2020-01-17 09:35 - 2020-01-17 09:35 - 000091136 _____ (Microsoft Corporation) C:\WINDOWS\system32\ProvPluginEng.dll 2020-01-17 09:35 - 2020-01-17 09:35 - 000090624 _____ (Microsoft Corporation) C:\WINDOWS\system32\tsgqec.dll 2020-01-17 09:35 - 2020-01-17 09:35 - 000089536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32u.dll 2020-01-17 09:35 - 2020-01-17 09:35 - 000088576 _____ (Microsoft Corporation) C:\WINDOWS\system32\BarcodeProvisioningPlugin.dll 2020-01-17 09:35 - 2020-01-17 09:35 - 000084480 _____ (Microsoft Corporation) C:\WINDOWS\system32\enterpriseresourcemanager.dll 2020-01-17 09:35 - 2020-01-17 09:35 - 000083968 _____ (Microsoft Corporation) C:\WINDOWS\system32\wiarpc.dll 2020-01-17 09:35 - 2020-01-17 09:35 - 000083456 _____ (Microsoft Corporation) C:\WINDOWS\system32\provtool.exe 2020-01-17 09:35 - 2020-01-17 09:35 - 000083456 _____ (Microsoft Corporation) C:\WINDOWS\system32\clfsw32.dll 2020-01-17 09:35 - 2020-01-17 09:35 - 000070144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tsgqec.dll 2020-01-17 09:35 - 2020-01-17 09:35 - 000066560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\clfsw32.dll 2020-01-17 09:35 - 2020-01-17 09:35 - 000066048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\enterpriseresourcemanager.dll 2020-01-17 09:35 - 2020-01-17 09:35 - 000066048 _____ (Microsoft Corporation) C:\WINDOWS\system32\RemovableMediaProvisioningPlugin.dll 2020-01-17 09:35 - 2020-01-17 09:35 - 000062976 _____ (Microsoft Corporation) C:\WINDOWS\system32\LSCSHostPolicy.dll 2020-01-17 09:35 - 2020-01-17 09:35 - 000060416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssprxy.dll 2020-01-17 09:35 - 2020-01-17 09:35 - 000060416 _____ (Microsoft Corporation) C:\WINDOWS\system32\msscntrs.dll 2020-01-17 09:35 - 2020-01-17 09:35 - 000049152 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbscan.sys 2020-01-17 09:35 - 2020-01-17 09:35 - 000046080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msscntrs.dll 2020-01-17 09:35 - 2020-01-17 09:35 - 000033792 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Management.Provisioning.ProxyStub.dll 2020-01-17 09:35 - 2020-01-17 09:35 - 000027648 _____ (Microsoft Corporation) C:\WINDOWS\system32\lstelemetry.dll 2020-01-17 09:35 - 2020-01-17 09:35 - 000026112 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WSDScan.sys 2020-01-17 09:35 - 2020-01-17 09:35 - 000018432 _____ (Microsoft Corporation) C:\WINDOWS\system32\wiatrace.dll 2020-01-17 09:35 - 2020-01-17 09:35 - 000015360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wiatrace.dll 2020-01-17 09:35 - 2020-01-17 09:35 - 000010752 _____ (Microsoft Corporation) C:\WINDOWS\system32\DMAlertListener.ProxyStub.dll 2020-01-17 09:35 - 2020-01-17 09:35 - 000007680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DMAlertListener.ProxyStub.dll 2020-01-17 09:31 - 2019-12-10 06:15 - 000492544 _____ (Microsoft Corporation) C:\WINDOWS\system32\poqexec.exe 2020-01-17 09:31 - 2019-12-10 05:59 - 000390656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\poqexec.exe 2020-01-17 08:54 - 2020-01-17 08:54 - 000002292 ____N C:\Users\Michael\Downloads\000000001.xml 2020-01-10 11:01 - 2020-01-10 11:01 - 000000000 ____D C:\Users\Michael\Downloads\ttusb2bda_1.0.3.9 2020-01-10 11:00 - 2020-01-10 11:00 - 000511312 ____N C:\Users\Michael\Downloads\ttusb2bda_1.0.3.9.zip 2020-01-10 10:56 - 2020-01-10 10:56 - 000000000 ____D C:\Users\Michael\Downloads\usb-firmwareupdate 2020-01-10 10:55 - 2020-01-10 10:55 - 000194473 ____N C:\Users\Michael\Downloads\usb-firmwareupdate.zip 2020-01-08 11:21 - 2020-01-08 11:21 - 000045056 _____ (The OpenVPN Project) C:\WINDOWS\system32\Drivers\phantomtap.sys 2020-01-07 18:28 - 2020-01-07 18:28 - 000066399 ____N C:\Users\Michael\Downloads\20200104_5232xxxxxxxx1733_-_Ihre_Abrechnung_vom_03_01_2020(1).PDF 2020-01-07 18:27 - 2020-01-07 18:27 - 000066399 ____N C:\Users\Michael\Downloads\20200104_5232xxxxxxxx1733_-_Ihre_Abrechnung_vom_03_01_2020.PDF 2020-01-02 18:02 - 2020-01-02 18:02 - 000144841 ____N C:\Users\Michael\Desktop\Glasduschtüre.pdf 2020-01-02 18:01 - 2020-01-02 18:01 - 000147866 ____N C:\Users\Michael\Desktop\Duschtüre.pdf ==================== Ein Monat (geänderte) ================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.) 2020-01-30 20:42 - 2018-03-03 14:24 - 000000000 ____D C:\Users\Michael\AppData\LocalLow\Mozilla 2020-01-30 20:39 - 2019-03-19 05:52 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft 2020-01-30 20:39 - 2018-03-03 16:39 - 000000000 ____D C:\Users\Michael\AppData\Local\FreePDF_XP 2020-01-30 20:39 - 2018-03-01 15:44 - 000000000 __SHD C:\Users\Michael\IntelGraphicsProfiles 2020-01-30 20:39 - 2015-06-29 13:57 - 000000000 ____D C:\Program Files (x86)\TeamViewer 2020-01-30 20:38 - 2019-10-10 16:54 - 000000000 ____D C:\Program Files (x86)\Avira 2020-01-30 20:38 - 2019-07-29 21:30 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT 2020-01-30 20:38 - 2019-03-19 05:52 - 000000000 ___HD C:\WINDOWS\ELAMBKUP 2020-01-30 20:38 - 2019-03-19 05:37 - 000786432 _____ C:\WINDOWS\system32\config\BBI 2020-01-30 20:37 - 2019-03-19 05:37 - 000032768 _____ C:\WINDOWS\system32\config\ELAM 2020-01-30 20:22 - 2019-03-19 05:52 - 000000000 ____D C:\WINDOWS\AppReadiness 2020-01-30 19:58 - 2019-07-29 21:33 - 001723292 _____ C:\WINDOWS\system32\PerfStringBackup.INI 2020-01-30 19:58 - 2019-03-19 13:16 - 000743888 _____ C:\WINDOWS\system32\perfh007.dat 2020-01-30 19:58 - 2019-03-19 13:16 - 000150212 _____ C:\WINDOWS\system32\perfc007.dat 2020-01-30 19:58 - 2019-03-19 05:50 - 000000000 ____D C:\WINDOWS\INF 2020-01-30 19:57 - 2019-10-18 17:25 - 000000000 ____D C:\Users\Michael\Downloads\opera autoupdate 2020-01-30 19:52 - 2014-12-15 12:47 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service 2020-01-30 19:50 - 2019-03-19 05:52 - 000000000 ___HD C:\Program Files\WindowsApps 2020-01-30 17:47 - 2019-10-10 16:56 - 000000000 ____D C:\Users\Michael\AppData\Local\Avira 2020-01-30 17:42 - 2014-12-15 14:52 - 000000000 ____D C:\ProgramData\Package Cache 2020-01-30 17:28 - 2018-03-03 13:57 - 000000000 ____D C:\Users\Michael\AppData\Roaming\KeePass 2020-01-30 17:24 - 2018-03-03 15:31 - 000000000 ___RD C:\Users\Michael\Dropbox 2020-01-30 16:30 - 2019-07-29 21:21 - 000000000 ____D C:\WINDOWS\system32\SleepStudy 2020-01-30 09:27 - 2018-11-22 16:31 - 000001274 ____N C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Thunderbird.lnk 2020-01-30 09:18 - 2018-03-03 16:22 - 000000000 ____D C:\Users\Michael\AppData\Roaming\Telegram Desktop 2020-01-29 21:37 - 2019-02-06 09:09 - 000000674 _____ C:\WINDOWS\Tasks\G2MUploadTask-S-1-5-21-2216129787-3453094354-8666996-1006.job 2020-01-29 21:37 - 2019-02-06 09:09 - 000000578 _____ C:\WINDOWS\Tasks\G2MUpdateTask-S-1-5-21-2216129787-3453094354-8666996-1006.job 2020-01-29 21:37 - 2018-03-03 15:29 - 000001244 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskMachineUA.job 2020-01-29 21:37 - 2018-03-03 15:29 - 000001240 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskMachineCore.job 2020-01-29 18:22 - 2018-03-01 15:44 - 000000000 ____D C:\Users\Michael\AppData\Local\Packages 2020-01-29 18:21 - 2019-07-29 21:30 - 000004304 _____ C:\WINDOWS\system32\Tasks\DropboxUpdateTaskMachineUA 2020-01-29 18:21 - 2019-07-29 21:30 - 000004072 _____ C:\WINDOWS\system32\Tasks\DropboxUpdateTaskMachineCore 2020-01-28 17:42 - 2019-10-18 16:58 - 000004468 _____ C:\WINDOWS\system32\Tasks\Opera scheduled assistant Autoupdate 1571414292 2020-01-27 11:10 - 2019-02-06 09:09 - 000000000 ____D C:\Users\Michael\AppData\Local\GoToMeeting 2020-01-24 18:30 - 2019-07-29 21:30 - 000003838 _____ C:\WINDOWS\system32\Tasks\G2MUploadTask-S-1-5-21-2216129787-3453094354-8666996-1006 2020-01-24 18:30 - 2019-07-29 21:30 - 000003742 _____ C:\WINDOWS\system32\Tasks\G2MUpdateTask-S-1-5-21-2216129787-3453094354-8666996-1006 2020-01-24 11:59 - 2019-10-10 16:57 - 000004232 _____ C:\WINDOWS\system32\Tasks\Opera scheduled Autoupdate 1570723055 2020-01-24 11:59 - 2019-10-10 16:57 - 000001428 ____N C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Opera-Browser.lnk 2020-01-24 11:57 - 2018-03-03 15:29 - 000000000 ____D C:\Program Files (x86)\Dropbox 2020-01-23 17:25 - 2019-10-11 14:12 - 000000000 ____D C:\Users\Michael\Downloads\Telegram Desktop 2020-01-22 17:00 - 2015-08-04 15:10 - 000002293 ____N C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk 2020-01-21 18:19 - 2019-11-29 10:14 - 000004600 _____ C:\WINDOWS\system32\Tasks\Adobe Flash Player NPAPI Notifier 2020-01-21 18:19 - 2019-03-19 05:52 - 000000000 ____D C:\WINDOWS\SysWOW64\Macromed 2020-01-21 18:19 - 2019-03-19 05:52 - 000000000 ____D C:\WINDOWS\system32\Macromed 2020-01-21 10:36 - 2019-10-20 11:06 - 000001170 ____N C:\Users\Michael\Desktop\KeePass 2.lnk 2020-01-21 10:36 - 2014-12-15 12:50 - 000001182 ____N C:\ProgramData\Microsoft\Windows\Start Menu\Programs\KeePass 2.lnk 2020-01-21 10:36 - 2014-12-15 12:50 - 000000000 ____D C:\Program Files (x86)\KeePass Password Safe 2 2020-01-21 09:15 - 2019-07-29 21:24 - 000000000 ____D C:\Users\Michael 2020-01-21 09:15 - 2014-12-15 12:47 - 000001167 ____N C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk 2020-01-20 08:36 - 2019-07-29 21:21 - 000609288 _____ C:\WINDOWS\system32\FNTCACHE.DAT 2020-01-19 21:52 - 2019-03-19 05:52 - 000000000 ___SD C:\WINDOWS\system32\UNP 2020-01-19 21:52 - 2019-03-19 05:52 - 000000000 ____D C:\WINDOWS\SystemResources 2020-01-19 21:52 - 2019-03-19 05:52 - 000000000 ____D C:\WINDOWS\ShellExperiences 2020-01-19 21:52 - 2019-03-19 05:52 - 000000000 ____D C:\WINDOWS\bcastdvr 2020-01-19 15:56 - 2019-07-29 21:30 - 000003374 _____ C:\WINDOWS\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-2216129787-3453094354-8666996-1006 2020-01-19 15:56 - 2019-07-29 21:24 - 000002424 ____N C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk 2020-01-19 15:56 - 2018-03-01 15:46 - 000000000 ___RD C:\Users\Michael\OneDrive 2020-01-17 09:41 - 2014-12-14 15:59 - 000000000 ____D C:\WINDOWS\system32\MRT 2020-01-17 09:37 - 2019-03-19 05:37 - 000000000 ____D C:\WINDOWS\CbsTemp 2020-01-17 09:37 - 2014-12-15 13:29 - 000000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013 2020-01-17 09:37 - 2014-12-14 15:59 - 120202352 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe 2020-01-12 12:05 - 2018-03-03 15:29 - 000000000 ____D C:\Users\Michael\AppData\Local\Dropbox ==================== Dateien im Wurzelverzeichnis einiger Verzeichnisse ======== 2005-12-09 09:37 - 2005-12-09 09:37 - 001093632 _____ (Microsoft Corporation) C:\Program Files (x86)\Common Files\mfc80.dll 2005-12-09 09:37 - 2005-12-09 09:37 - 001079808 _____ (Microsoft Corporation) C:\Program Files (x86)\Common Files\mfc80u.dll 2005-12-09 09:37 - 2005-12-09 09:37 - 000069632 _____ (Microsoft Corporation) C:\Program Files (x86)\Common Files\mfcm80.dll 2005-12-09 09:37 - 2005-12-09 09:37 - 000057344 _____ (Microsoft Corporation) C:\Program Files (x86)\Common Files\mfcm80u.dll 2005-12-09 09:38 - 2005-12-09 09:38 - 000000522 _____ () C:\Program Files (x86)\Common Files\Microsoft.VC80.CRT.manifest 2005-12-09 09:38 - 2005-12-09 09:38 - 000000550 _____ () C:\Program Files (x86)\Common Files\Microsoft.VC80.MFC.manifest 2005-12-09 09:37 - 2005-12-09 09:37 - 000479232 _____ (Microsoft Corporation) C:\Program Files (x86)\Common Files\msvcm80.dll 2005-12-09 09:37 - 2005-12-09 09:37 - 000548864 _____ (Microsoft Corporation) C:\Program Files (x86)\Common Files\msvcp80.dll 2005-12-09 09:37 - 2005-12-09 09:37 - 000626688 _____ (Microsoft Corporation) C:\Program Files (x86)\Common Files\msvcr80.dll 2019-11-17 16:26 - 2019-11-17 16:26 - 000003584 ____N () C:\Users\Michael\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini 2019-06-26 18:46 - 2019-06-26 18:46 - 000011651 ____N () C:\Users\Michael\AppData\Local\recently-used.xbel ==================== SigCheck ============================ (Es ist kein automatischer Fix für Dateien vorhanden, die an der Verifikation gescheitert sind.) ==================== Ende von FRST.txt ======================== |
30.01.2020, 20:56 | #5 |
| Beim unachtsamen Öffnen wohl Win32/Tiggre!rfn eingefangen die addition.txt dazu um 20.45: Code:
ATTFilter Zusätzliches Untersuchungsergebnis von Farbar Recovery Scan Tool (x64) Version: 27-01-2020 durchgeführt von Michael (30-01-2020 20:44:00) Gestartet von C:\Users\Michael\Downloads Windows 10 Pro Version 1903 18362.592 (X64) (2019-07-29 20:30:58) Start-Modus: Normal ========================================================== ==================== Konten: ============================= Admin (S-1-5-21-2216129787-3453094354-8666996-1001 - Administrator - Enabled) => C:\Users\Admin Administrator (S-1-5-21-2216129787-3453094354-8666996-500 - Administrator - Enabled) => C:\Users\Administrator.PCxxxW81 DefaultAccount (S-1-5-21-2216129787-3453094354-8666996-503 - Limited - Disabled) Gast (S-1-5-21-2216129787-3453094354-8666996-501 - Limited - Disabled) Michael (S-1-5-21-2216129787-3453094354-8666996-1006 - Administrator - Enabled) => C:\Users\Michael WDAGUtilityAccount (S-1-5-21-2216129787-3453094354-8666996-504 - Limited - Disabled) ==================== Sicherheits-Center ======================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er entfernt.) AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ==================== Installierte Programme ====================== (Nur Adware-Programme mit dem Zusatz "Hidden" können in die Fixlist aufgenommen werden, um sie sichtbar zu machen. Die Adware-Programme sollten manuell deinstalliert werden.) 1.1.3 (HKLM-x32\...\{A4046FE1-986B-4463-B4DD-CFA473A7056B}_is1) (Version: - PDFZilla) 7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov) AAVUpdateManager (HKLM-x32\...\{AFA42FE1-A5C3-485F-9180-BFCF5BF1F1C3}) (Version: 18.00.0000 - Wolters Kluwer Deutschland GmbH) ABBYY FineReader 11 Corporate Edition (HKLM-x32\...\{F1100000-0007-0000-0000-074957833700}) (Version: 11.0.289 - ABBYY) ABBYY FineReader 9.0 Professional Edition (HKLM-x32\...\{F9000000-0001-0000-0000-074957833700}) (Version: 9.00.882.55011 - ABBYY) Adobe Flash Player 32 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 32.0.0.321 - Adobe) Advanced Office Password Recovery (HKLM-x32\...\{B712239D-45D9-4C93-B2AF-288C7B42027F}) (Version: 6.20.927.2820 - Elcomsoft Co. Ltd.) Amazon Kindle (HKU\S-1-5-21-2216129787-3453094354-8666996-1006\...\Amazon Kindle) (Version: 1.24.3.51068 - Amazon) Avira (HKLM-x32\...\{59bab6b1-f615-42c3-9614-8dc338ac8ed4}) (Version: 1.2.143.109 - Avira Operations GmbH & Co. KG) Avira (HKLM-x32\...\{82B6E5B0-3F76-446B-9FDE-0200B5B36B37}) (Version: 1.2.143.109 - Avira Operations GmbH & Co. KG) Hidden Avira Phantom VPN (HKLM-x32\...\Avira Phantom VPN) (Version: 2.31.1.20493 - Avira Operations GmbH & Co. KG) Avira Security (HKLM-x32\...\Avira Security_is1) (Version: 1.0.22.7684 - Avira Operations GmbH & Co. KG) Avira Software Updater (HKLM-x32\...\{3BEE2703-942D-401D-93E1-7950CCF54769}) (Version: 2.0.6.25416 - Avira Operations GmbH & Co. KG) Avira System Speedup (HKLM-x32\...\Avira System Speedup_is1) (Version: 6.4.1.10871 - Avira Operations GmbH & Co. KG) AVM FRITZ!fax für FRITZ!Box (HKLM-x32\...\FRITZ! 2.0) (Version: - AVM Berlin) calibre (HKLM-x32\...\{FB2536F7-6C1E-41D1-8619-423C526F572D}) (Version: 4.5.0 - Kovid Goyal) Citrix Online Launcher (HKLM-x32\...\{48947098-A67C-46D4-90C5-9F2F6F0F96FE}) (Version: 1.0.449 - Citrix) Citrix Receiver (HKLM-x32\...\CitrixOnlinePluginPackWeb) (Version: 14.1.200.13 - Citrix Systems, Inc.) CLIQZ (HKLM-x32\...\{5A0C0737-6AFE-4DC6-A8B4-6DFE509ACD75}_is1) (Version: 1.0.22 - CLIQZ.com) Cobian Backup 11 Gravity (HKLM-x32\...\CobBackup11) (Version: - ) Copernic Desktop Search 6 (HKLM-x32\...\{4D2FB1E6-4DE1-49D8-A126-4DB801756ADC}) (Version: 6.0.2.11079 - Copernic) Hidden Copernic Desktop Search 6 (HKLM-x32\...\CopernicDesktopSearch6) (Version: 6.0.2.11079 - Copernic) Crystal Reports Viewer XI Release 2 (HKLM-x32\...\{1765F8FA-249B-4E05-9740-AC6091646A26}) (Version: 11.5.9 - CAS Software AG) DocFetcher (HKLM-x32\...\DocFetcher) (Version: 1.1.22 - ) dradio-Recorder Version 3.02.6 (HKLM-x32\...\dradio-Recorder_is1) (Version: - ) Dropbox (HKLM-x32\...\Dropbox) (Version: 89.4.278 - Dropbox, Inc.) Dropbox Update Helper (HKLM-x32\...\{099218A5-A723-43DC-8DB5-6173656A1E94}) (Version: 1.3.295.1 - Dropbox, Inc.) Hidden EaseUS Data Recovery Wizard (HKLM\...\EaseUS Data Recovery Wizard_is1) (Version: - EaseUS) FreeCommander XE (HKLM-x32\...\FreeCommander XE_is1) (Version: - Marek Jasinski) FreePDF (Remove only) (HKLM-x32\...\FreePDF_XP) (Version: - ) FUJITSU Scanner USB HotFix (HKLM-x32\...\{F7FFF37F-DB74-408C-840F-BD8B8E955B5B}) (Version: 1.00.0000 - PFU) GIMP 2.10.12 (HKLM\...\GIMP-2_is1) (Version: 2.10.12 - The GIMP Team) Google Chrome (HKLM-x32\...\Google Chrome) (Version: 79.0.3945.130 - Google LLC) Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.35.421 - Google LLC) Hidden GoTo Opener (HKLM-x32\...\{D144D2C2-4F96-48B7-BB2A-E9185050B619}) (Version: 1.0.491 - LogMeIn, Inc.) GoToMeeting 10.7.0.16576 (HKU\S-1-5-21-2216129787-3453094354-8666996-1006\...\GoToMeeting) (Version: 10.7.0.16576 - LogMeIn, Inc.) GPL Ghostscript (HKLM\...\GPL Ghostscript 9.19) (Version: 9.19 - Artifex Software Inc.) GPL Ghostscript (HKLM-x32\...\GPL Ghostscript 9.07) (Version: 9.07 - Artifex Software Inc.) Harmony Remote Update (HKLM-x32\...\HarmonyRemoteUpdate) (Version: 7.7.1 - Logitech - HarmonyRemoteClient) HashCalc 2.02 (HKLM-x32\...\HashCalc_is1) (Version: - SlavaSoft Inc.) HP LaserJet M101-M106 - Grundlegende Software für das Gerät (HKLM\...\{F3E2696F-E581-4DE6-9063-072C86244E3C}) (Version: 44.1.2483.17117 - HP Inc.) INSTAR Camera Tool (HKLM-x32\...\{898D9706-ED7C-40B6-A0A8-BD8CE1161CFD}) (Version: 2.0.8.0 - INSTAR Deutschland GmbH) Intel(R) Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 11.7.0.1017 - Intel Corporation) Intel(R) Network Connections 22.4.16.0 (HKLM\...\PROSetDX) (Version: 22.4.16.0 - Intel) Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 22.20.16.4729 - Intel Corporation) Intel(R) Wireless Bluetooth(R) (HKLM-x32\...\{DDE28492-B260-4DF0-BA99-7F96FC2932C1}) (Version: 19.60.0 - Intel Corporation) Intel® Chipsatz-Gerätesoftware (HKLM-x32\...\{bb0592a7-5772-4736-9d55-2402740085db}) (Version: 10.1.1.38 - Intel(R) Corporation) Hidden Intel® PROSet/Wireless Software (HKLM-x32\...\{03929cf1-3ae4-4765-b8b3-32b8e2e26a8d}) (Version: 19.60.0 - Intel Corporation) IrfanView 4.51 (32-bit) (HKLM-x32\...\IrfanView) (Version: 4.51 - Irfan Skiljan) Java 8 Update 231 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180231F0}) (Version: 8.0.2310.11 - Oracle Corporation) JiveX DICOM Viewer Light 4.7.2 (HKLM-x32\...\JiveX DICOM Viewer Light 4.7.2) (Version: - VISUS Technology Transfer GmbH) Joe (HKLM-x32\...\{F8C986EA-13F8-4B39-91C3-A6B9A851CD34}) (Version: 4.01.0000 - Wirth IT Design) KeePass Password Safe 2.44 (HKLM-x32\...\KeePassPasswordSafe2_is1) (Version: 2.44 - Dominik Reichl) Kyocera Product Library (HKLM\...\Kyocera Product Library) (Version: 4.2.1909 - KYOCERA Document Solutions Inc.) LM101 (HKLM-x32\...\{C1D550A6-7C72-4286-970D-5CBF7C828A38}) (Version: 0.00.0005 - HP) Logitech Harmony Remote Software 7 (HKLM-x32\...\{5C6F884D-680C-448B-B4C9-22296EE1B206}) (Version: 7.7.0.0 - Logitech) Microsoft ASP.NET MVC 2 (HKLM-x32\...\{DD8FF2F3-0D97-4CF3-AF78-FA0E1B242244}) (Version: 2.0.60926.0 - Microsoft Corporation) Microsoft Office Professional Plus 2013 (HKLM\...\Office15.PROPLUSR) (Version: 15.0.4569.1506 - Microsoft Corporation) Microsoft OneDrive (HKU\S-1-5-21-2216129787-3453094354-8666996-1006\...\OneDriveSetup.exe) (Version: 19.222.1110.0006 - Microsoft Corporation) Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50918.0 - Microsoft Corporation) Microsoft Teams (HKU\S-1-5-21-2216129787-3453094354-8666996-1006\...\Teams) (Version: 1.2.00.13765 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}) (Version: 8.0.50727.42 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{6AFCA4E1-9B78-3640-8F72-A7BF33448200}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation) Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation) Microsoft Visual Studio 2010-Tools für Office-Laufzeit (x64) Language Pack - DEU (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - DEU) (Version: 10.0.50903 - Microsoft Corporation) Mozilla Firefox 72.0.2 (x64 de) (HKLM\...\Mozilla Firefox 72.0.2 (x64 de)) (Version: 72.0.2 - Mozilla) Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 60.9.1 - Mozilla) Mozilla Thunderbird 68.4.2 (x86 de) (HKLM-x32\...\Mozilla Thunderbird 68.4.2 (x86 de)) (Version: 68.4.2 - Mozilla) MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation) Nemetschek IFC Viewer (HKLM-x32\...\{6DF55692-696E-47BE-A59A-BECFECD2422F}) (Version: 1.0 - Nemetschek) Nuvoton SIO CIR Device Driver (HKLM-x32\...\{2FAECEAF-0EBE-48FF-B60A-B4577C0EFDAB}) (Version: 2.09.1007 - Nuvoton Technology Corp.) OneSafe Photo Recovery (HKLM-x32\...\OneSafe Photo Recovery_is1) (Version: 7.0.0.0 - Stellar Information Technology Pvt Ltd.) Online Plug-in (HKLM-x32\...\{70DCAD2C-31C1-43F9-AD4D-D45C7DC1F6F5}) (Version: 14.1.200.13 - Citrix Systems, Inc.) Hidden Opera Stable 66.0.3515.44 (HKU\S-1-5-21-2216129787-3453094354-8666996-1006\...\Opera 66.0.3515.44) (Version: 66.0.3515.44 - Opera Software) Outils de vérification linguistique 2013 de Microsoft Office*- Français (HKLM\...\{90150000-001F-040C-1000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden PDF-Viewer (HKLM\...\{A278382D-4F1B-4D47-9885-8523F7261E8D}_is1) (Version: 2.5.311.0 - Tracker Software Products Ltd) PDF-XChange Editor (HKLM\...\{B7E5844A-B8ED-4F27-A3C8-966114DCB007}) (Version: 6.0.319.0 - Tracker Software Products (Canada) Ltd.) Hidden PDF-XChange Editor (HKLM-x32\...\{e44f0a83-eeaa-471b-8e1e-5475e4183164}) (Version: 6.0.319.0 - Tracker Software Products (Canada) Ltd.) Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 10.0.15063.29094 - Realtek Semiconductor Corp.) Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7982 - Realtek Semiconductor Corp.) Recuva (HKLM\...\Recuva) (Version: 1.53 - Piriform) RedMon - Redirection Port Monitor (HKLM\...\Redirection Port Monitor) (Version: 1.90 - Ghostgum Software Pty Ltd) Remote Control USB Driver (HKLM-x32\...\{8471021C-F529-43DE-84DF-3612E10F58C4}) (Version: 2.3.2.317 - ) Rohos Logon Key 3.2 (HKLM-x32\...\Rohos_Welcome23_is1) (Version: 3.2 - Tesline-service s.r.l.) Samsung Kies3 (HKLM-x32\...\{88547073-C566-4895-9005-EBE98EA3F7C7}) (Version: 3.2.15041.2 - Samsung Electronics Co., Ltd.) Hidden Samsung Kies3 (HKLM-x32\...\InstallShield_{88547073-C566-4895-9005-EBE98EA3F7C7}) (Version: 3.2.15041.2 - Samsung Electronics Co., Ltd.) Samsung USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.63.0 - Samsung Electronics Co., Ltd.) ScandAll 21 (HKLM-x32\...\{AEFF1CC5-2774-4EAE-A19F-8A86F2E9EFDB}) (Version: - ) Scanner Utility for Microsoft Windows V09L21 (HKLM-x32\...\{580E9BBC-A51E-4AE9-A977-7B0939BEDAD3}) (Version: 9.11.2.0 - FUJITSU) Snagit 10.0.2 (HKLM-x32\...\{92D194E7-AEF9-4A9E-8620-8F3AE712E3F7}) (Version: 10.0.2 - TechSmith Corporation) Software Operation Panel (HKLM-x32\...\{E0632353-257C-49C2-83AD-CF2B056D9045}) (Version: 3.3.16.0 - PFU LIMITED) Software Operation Panel (HKLM-x32\...\Software Operation Panel) (Version: - ) SparTeam (HKLM-x32\...\{007BA21F-6EB4-4A3F-92F0-46DDF36FD091}) (Version: 1.0.0.0 - Vondos Media GmbH) SpyHunter 5 (HKLM-x32\...\SpyHunter5) (Version: 5.7.24.155 - EnigmaSoft Limited) SteuerBerater 2014-2015 (HKLM-x32\...\{415227BD-34D9-4DB3-B74C-554407208203}) (Version: 14.11.2 - Akademische Arbeitsgemeinschaft) SteuerBerater 2015-2016 (HKLM-x32\...\{342BD7F7-8BBD-403A-B09B-F3361A1365E3}) (Version: 15.11.0 - Akademische Arbeitsgemeinschaft) Steuer-Ratgeber 2016-2017 (HKLM-x32\...\{0B91CA67-AB51-4FCC-AD05-F4C8DF11D00B}) (Version: 17.01.1 - Wolters Kluwer Deutschland GmbH) Steuer-Ratgeber 2017-2018 (HKLM-x32\...\{09578E80-CE8C-47E6-A055-8C49C616541F}) (Version: 18.05.1 - Wolters Kluwer Deutschland GmbH) Steuer-Ratgeber 2018-2019 (HKLM-x32\...\{B96CAC3C-B7E7-4291-B422-0544096E217B}) (Version: 18.11.0 - Akademische Arbeitsgemeinschaft Verlagsgesellschaft mbH) SteuerRatgeber 2019-2020 (HKLM-x32\...\{9DBC64BE-3C7D-44E4-B672-C8204E1EC357}) (Version: 20.01.6 - Akademische Arbeitsgemeinschaft Verlagsgesellschaft mbH) SteuerSparErklärung 2016 (HKLM-x32\...\{D331D50C-C578-423B-8BC7-94D3133CE315}) (Version: 21.37.107 - Akademische Arbeitsgemeinschaft) SteuerSparErklärung 2017 (HKLM-x32\...\{45815686-22F8-4D24-872D-E481A654B230}) (Version: 22.33.82 - Wolters Kluwer Deutschland GmbH) SteuerSparErklärung 2018 (HKLM-x32\...\{A1D1FDBD-02F9-49B6-9EB2-2DC6B1D37E16}) (Version: 23.33.49 - Wolters Kluwer Deutschland GmbH) SteuerSparErklärung 2019 (HKLM-x32\...\{C1274A30-7822-4CAE-A4C8-395E9E687107}) (Version: 24.33.129 - Akademische Arbeitsgemeinschaft Verlagsgesellschaft mbH) SteuerSparErklärung 2020 (HKLM-x32\...\{E7E3F711-933D-4D9A-BA51-01F47179F23C}) (Version: 25.22.41 - Akademische Arbeitsgemeinschaft Verlagsgesellschaft mbH) SteuerSparErklärung Plus 2015 (HKLM-x32\...\{312C0E08-8F94-4536-AAF6-3413F784AC5F}) (Version: 20.38.173 - Akademische Arbeitsgemeinschaft) Studie zur Verbesserung von HP LaserJet M101-M106 (HKLM\...\{6C0B61B6-E03B-4D3B-8B2E-EE662C005EC4}) (Version: 44.1.2483.17117 - HP Inc.) Sweet Home 3D version 6.1 (HKLM\...\Sweet Home 3D_is1) (Version: 6.1 - eTeks) SX Virtual Link (HKLM\...\SX Virtual Link) (Version: 3.15.0 - silex technology, Inc.) TeamViewer (HKLM-x32\...\TeamViewer) (Version: 15.2.2756 - TeamViewer) Telegram Desktop version 1.9.6 (HKU\S-1-5-21-2216129787-3453094354-8666996-1006\...\{53F49750-6209-4FBF-9CA8-7A333C87D1ED}_is1) (Version: 1.9.6 - Telegram FZ-LLC) TrueCrypt (HKLM-x32\...\TrueCrypt) (Version: 7.2 - TrueCrypt Foundation) twengoo (HKLM-x32\...\{2ADA8DBD-2833-4235-A07E-0CD653A992FF}) (Version: 1.0.0.0 - Twengoo) Update for Skype for Business 2015 (KB4475564) 64-Bit Edition (HKLM\...\{90150000-00C1-0000-1000-0000000FF1CE}_Office15.PROPLUSR_{CD0EE05F-11E6-46FA-BB7B-D2A28C47A4F3}) (Version: - Microsoft) Update for Skype for Business 2015 (KB4475564) 64-Bit Edition (HKLM\...\{90150000-012B-0407-1000-0000000FF1CE}_Office15.PROPLUSR_{CD0EE05F-11E6-46FA-BB7B-D2A28C47A4F3}) (Version: - Microsoft) Update for Skype for Business 2015 (KB4475564) 64-Bit Edition (HKLM\...\{91150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUSR_{CD0EE05F-11E6-46FA-BB7B-D2A28C47A4F3}) (Version: - Microsoft) Update for Windows 10 for x64-based Systems (KB4023057) (HKLM\...\{F14FB68A-9188-4036-AD0D-D054BC9C9291}) (Version: 2.59.0.0 - Microsoft Corporation) UpdateAssistant (HKLM-x32\...\{7C070E60-8769-4763-BBD8-7537A28A60D4}) (Version: 1.10.0.0 - Microsoft Corporation) Hidden Vulkan Run Time Libraries 1.0.42.0 (HKLM\...\VulkanRT1.0.42.0) (Version: 1.0.42.0 - LunarG, Inc.) Vulkan Run Time Libraries 1.0.54.1 (HKLM\...\VulkanRT1.0.54.1) (Version: 1.0.54.1 - Intel Corporation Inc.) Vulkan Run Time Libraries 1.0.65.1 (HKLM\...\VulkanRT1.0.65.1) (Version: 1.0.65.1 - LunarG, Inc.) Hidden Vulkan Run Time Libraries 1.0.65.1 (HKLM\...\VulkanRT1.0.65.1-2) (Version: 1.0.65.1 - LunarG, Inc.) Hidden WAV To MP3 V2 (HKLM-x32\...\WAV To MP3_is1) (Version: - hxxp://www.WAVMP3.net) web control version 3.0.2.3 (HKLM-x32\...\{20779EFD-5A24-45F7-A133-132975478C4E}_is1) (Version: 3.0.2.3 - ) Windows 10 Update Assistant (HKLM-x32\...\{D5C69738-B486-402E-85AC-2456D98A64E4}) (Version: 1.4.9200.22350 - Microsoft Corporation) yEd Graph Editor 3.19 (HKLM\...\3309-7404-0599-8908) (Version: 3.19 - yWorks GmbH) ZV-Tools (HKLM-x32\...\{0980EBCE-5AAF-458A-AE31-32BA745DBA01}) (Version: 6.1 - windata GmbH & Co.KG) Packages: ========= Dell Document Hub -> C:\Program Files\WindowsApps\DellPrinter.DellDocumentHub_1.7.0.6_x64__nmdn7k89bxsn6 [2018-03-10] (DELL GLOBAL B.V. (SINGAPORE BRANCH)) Disney Magic Kingdoms -> C:\Program Files\WindowsApps\A278AB0D.DisneyMagicKingdoms_4.7.0.4_x86__h6adky7gbf63m [2020-01-23] (Gameloft.) HP Smart -> C:\Program Files\WindowsApps\AD2F1837.HPPrinterControl_110.1.660.0_x64__v10z8vjag6ke6 [2020-01-30] (HP Inc.) Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1808.3.0_x64__8wekyb3d8bbwe [2019-07-29] (Microsoft Corporation) [MS Ad] Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2019-02-13] (Microsoft Corporation) [MS Ad] Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2019-02-13] (Microsoft Corporation) [MS Ad] Microsoft News – Nachrichten -> C:\Program Files\WindowsApps\Microsoft.BingNews_4.34.20074.0_x64__8wekyb3d8bbwe [2020-01-14] (Microsoft Corporation) [MS Ad] MSN Finanzen -> C:\Program Files\WindowsApps\Microsoft.BingFinance_4.34.20074.0_x64__8wekyb3d8bbwe [2020-01-14] (Microsoft Corporation) [MS Ad] MSN Gesundheit & Fitness -> C:\Program Files\WindowsApps\Microsoft.BingHealthAndFitness_3.0.4.336_x64__8wekyb3d8bbwe [2015-07-27] (Microsoft Corporation) [MS Ad] MSN Kochen & Genuss -> C:\Program Files\WindowsApps\Microsoft.BingFoodAndDrink_3.0.4.336_x64__8wekyb3d8bbwe [2015-07-27] (Microsoft Corporation) [MS Ad] MSN Reisen -> C:\Program Files\WindowsApps\Microsoft.BingTravel_3.0.4.336_x64__8wekyb3d8bbwe [2015-07-27] (Microsoft Corporation) [MS Ad] MSN Sport -> C:\Program Files\WindowsApps\Microsoft.BingSports_4.34.20074.0_x64__8wekyb3d8bbwe [2020-01-14] (Microsoft Corporation) [MS Ad] MSN Wetter -> C:\Program Files\WindowsApps\Microsoft.BingWeather_4.34.13393.0_x64__8wekyb3d8bbwe [2019-12-19] (Microsoft Corporation) [MS Ad] Realtek Audio Control -> C:\Program Files\WindowsApps\RealtekSemiconductorCorp.RealtekAudioControl_1.3.181.0_x64__dt26b99r8h8gj [2019-09-17] (Realtek Semiconductor Corp) WhatsApp Desktop -> C:\Program Files\WindowsApps\5319275A.WhatsAppDesktop_0.4.315.0_x64__cv1g1gvanyjgm [2020-01-24] (WhatsApp Inc.) ==================== Benutzerdefinierte CLSID (Nicht auf der Ausnahmeliste): ============== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.) CustomCLSID: HKU\S-1-5-21-2216129787-3453094354-8666996-1006_Classes\CLSID\{19A6E644-14E6-4A60-B8D7-DD20610A871D}\InprocServer32 -> C:\Users\Michael\AppData\Local\Microsoft\TeamsMeetingAddin\1.0.19106.2\x64\Microsoft.Teams.AddinLoader.dll (Microsoft Corporation -> Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-2216129787-3453094354-8666996-1006_Classes\CLSID\{CB965DF1-B8EA-49C7-BDAD-5457FDC1BF92}\InprocServer32 -> C:\Users\Michael\AppData\Local\Microsoft\TeamsMeetingAddin\1.0.19106.2\x64\Microsoft.Teams.AddinLoader.dll (Microsoft Corporation -> Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-2216129787-3453094354-8666996-1006_Classes\CLSID\{E31EA727-12ED-4702-820C-4B6445F28E1A} -> [Dropbox] => C:\Users\Michael\Dropbox [2018-03-03 15:31] CustomCLSID: HKU\S-1-5-21-2216129787-3453094354-8666996-1006_Classes\CLSID\{FBD6D0C9-8321-B4A3-ABE5-BC96E3FFB74C}\InprocServer32 -> C:\WINDOWS\system32\ole32.dll (Microsoft Windows -> Microsoft Corporation) ShellIconOverlayIdentifiers: [ DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.) ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2010-11-18] (Igor Pavlov) [Datei ist nicht signiert] ContextMenuHandlers1: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.) ContextMenuHandlers1: [FineReader11ContextMenu] -> {79E48320-C6B5-49F1-992B-571D53586885} => C:\Program Files (x86)\ABBYY FineReader 11\FRIntegration.x64.dll [2011-08-18] (ABBYY SOLUTIONS LIMITED -> ABBYY.) ContextMenuHandlers1-x32: [FineReader9ContextMenu] -> {59A3380E-5305-4cea-BD99-4F2FF510C91F} => C:\Program Files (x86)\ABBYY FineReader 9.0\FRIntegration.dll [2008-06-07] (ABBYY Software House -> ABBYY Software Ltd) ContextMenuHandlers1: [PDFXChange Editor Context menu] -> {2ACD35AB-F74A-4C20-AA9B-2DE80081626D} => C:\Program Files\Tracker Software\Shell Extensions\XCShellMenu.x64.dll [2016-11-28] (Tracker Software Products (Canada) Ltd -> Tracker Software Products (Canada) Ltd.) ContextMenuHandlers1: [SnagItMainShellExt] -> {CF74B903-3389-469c-B3B6-0204D204FCBD} => C:\Program Files (x86)\TechSmith\Snagit 10\DLLx64\SnagItShellExt64.dll [2011-11-08] (TechSmith Corporation -> TechSmith Corporation) ContextMenuHandlers1: [SystemSpeedupFilesMenu] -> {14cb2bd0-2375-3d10-9b5d-5e18865c8959} => C:\Program Files (x86)\Avira\System Speedup\Avira.SystemSpeedup.UI.ShellExtension.DLL [2020-01-30] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG) ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2010-11-18] (Igor Pavlov) [Datei ist nicht signiert] ContextMenuHandlers4: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.) ContextMenuHandlers4: [RecuvaShellExt] -> {435E5DF5-2510-463C-B223-BDA47006D002} => C:\Program Files\Recuva\RecuvaShell64.dll [2016-06-06] (Piriform Ltd -> Piriform Ltd) ContextMenuHandlers4: [SnagItMainShellExt] -> {CF74B903-3389-469c-B3B6-0204D204FCBD} => C:\Program Files (x86)\TechSmith\Snagit 10\DLLx64\SnagItShellExt64.dll [2011-11-08] (TechSmith Corporation -> TechSmith Corporation) ContextMenuHandlers4: [SystemSpeedupFoldersMenu] -> {700866bb-c8e9-3e71-b359-abb28baed0e8} => C:\Program Files (x86)\Avira\System Speedup\Avira.SystemSpeedup.UI.ShellExtension.DLL [2020-01-30] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG) ContextMenuHandlers5: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.) ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\WINDOWS\System32\DriverStore\FileRepository\igdlh64.inf_amd64_250db833a1cd577e\igfxDTCM.dll [2018-02-28] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation) ContextMenuHandlers5: [SystemSpeedupDesktopMenu] -> {0cab5786-30e8-3185-9b3b-ccefbf1b8afe} => C:\Program Files (x86)\Avira\System Speedup\Avira.SystemSpeedup.UI.ShellExtension.DLL [2020-01-30] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG) ContextMenuHandlers6: [FineReader11ContextMenu] -> {79E48320-C6B5-49F1-992B-571D53586885} => C:\Program Files (x86)\ABBYY FineReader 11\FRIntegration.x64.dll [2011-08-18] (ABBYY SOLUTIONS LIMITED -> ABBYY.) ContextMenuHandlers6: [RecuvaShellExt] -> {435E5DF5-2510-463C-B223-BDA47006D002} => C:\Program Files\Recuva\RecuvaShell64.dll [2016-06-06] (Piriform Ltd -> Piriform Ltd) ==================== Codecs (Nicht auf der Ausnahmeliste) ==================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt. Die Datei wird nicht verschoben.) HKLM\...\Drivers32: [vidc.i420] => C:\WINDOWS\system32\lvcod64.dll [175392 2012-10-26] (Logitech, Inc. -> Logitech Inc.) HKLM\...\Drivers32: [vidc.i420] => C:\Windows\SysWOW64\lvcodec2.dll [305000 2012-10-26] (Logitech, Inc. -> Logitech Inc.) ==================== Verknüpfungen & WMI ======================== ==================== Geladene Module (Nicht auf der Ausnahmeliste) ============= 2018-11-15 13:24 - 2006-02-23 11:35 - 000020480 _____ () [Datei ist nicht signiert] C:\WINDOWS\System32\FritzColorPort64.dll 2018-11-15 13:24 - 2006-02-22 10:39 - 000020480 _____ () [Datei ist nicht signiert] C:\WINDOWS\System32\FritzPort64.dll 2014-12-19 10:30 - 2012-06-21 07:25 - 000113152 _____ () [Datei ist nicht signiert] C:\WINDOWS\System32\redmon64.dll 2015-09-09 14:17 - 2015-06-03 12:32 - 000219136 _____ () [Datei ist nicht signiert] C:\WINDOWS\SYSTEM32\rohos_btkey.dll 2017-04-24 13:30 - 2017-04-24 13:30 - 000349696 _____ (Intel(R) Corporation) [Datei ist nicht signiert] C:\WINDOWS\system32\NCS2Setp.dll 2011-11-08 09:44 - 2011-11-08 09:44 - 000066192 ____R (LEAD Technologies, Inc -> LEAD Technologies, Inc.) [Datei ist nicht signiert] C:\Program Files (x86)\TechSmith\Snagit 10\LFJbg15U.DLL 2011-11-08 09:44 - 2011-11-08 09:44 - 000126096 ____R (LEAD Technologies, Inc -> LEAD Technologies, Inc.) [Datei ist nicht signiert] C:\Program Files (x86)\TechSmith\Snagit 10\LFPng15U.DLL 2011-11-08 09:44 - 2011-11-08 09:44 - 000212112 ____R (LEAD Technologies, Inc -> LEAD Technologies, Inc.) [Datei ist nicht signiert] C:\Program Files (x86)\TechSmith\Snagit 10\Ltimgclr15u.dll 2011-11-08 09:44 - 2011-11-08 09:44 - 000208016 ____R (LEAD Technologies, Inc -> LEAD Technologies, Inc.) [Datei ist nicht signiert] C:\Program Files (x86)\TechSmith\Snagit 10\Ltimgefx15u.dll 2011-11-08 09:44 - 2011-11-08 09:44 - 000134288 ____R (LEAD Technologies, Inc -> LEAD Technologies, Inc.) [Datei ist nicht signiert] C:\Program Files (x86)\TechSmith\Snagit 10\Ltimgutl15u.dll 2011-11-08 09:44 - 2011-11-08 09:44 - 000138384 ____N (LEAD Technologies, Inc -> LEAD Technologies, Inc.) [Datei ist nicht signiert] C:\Program Files (x86)\TechSmith\Snagit 10\Ltscr15u.dll 2011-11-08 09:44 - 2011-11-08 09:44 - 000122000 ____N (LEAD Technologies, Inc -> LEAD Technologies, Inc.) [Datei ist nicht signiert] C:\Program Files (x86)\TechSmith\Snagit 10\Lttwn15u.dll 2014-12-19 10:36 - 2013-03-07 22:07 - 000009728 _____ (Luis Cobian) [Datei ist nicht signiert] C:\Program Files (x86)\Cobian Backup 11\CobStringList.dll 2014-12-19 10:36 - 2013-03-07 22:27 - 002684928 _____ (Luis Cobian, CobianSoft) [Datei ist nicht signiert] C:\Program Files (x86)\Cobian Backup 11\cbEngine.dll 2008-04-11 12:54 - 2008-04-11 12:54 - 000348160 _____ (Microsoft Corporation) [Datei ist nicht signiert] C:\Program Files (x86)\Common Files\ABBYY\FineReader\9.00\Licensing\PE\MSVCR71.dll 2019-07-29 22:18 - 2019-07-29 22:18 - 001654784 _____ (Microsoft Corporation) [Datei ist nicht signiert] C:\WINDOWS\WinSxS\amd64_microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.6195_none_8448b2bd328df189\MFC80U.DLL 2019-07-29 22:15 - 2019-07-29 22:15 - 000054272 _____ (Microsoft Corporation) [Datei ist nicht signiert] C:\WINDOWS\WinSxS\amd64_microsoft.vc80.mfcloc_1fc8b3b9a1e18e3b_8.0.50727.6195_none_bc20f59b0bdd1acd\MFC80DEU.DLL 2014-12-19 14:54 - 2007-04-21 11:36 - 000049152 _____ (PFU LIMITED) [Datei ist nicht signiert] C:\WINDOWS\TWAIN_32\fjscan32\FJSTMKSV.dll 2018-11-15 13:24 - 2006-02-23 12:16 - 000047616 _____ (TODO: <Company name>) [Datei ist nicht signiert] C:\WINDOWS\System32\AvmColorFax.dll 2018-11-15 13:24 - 2006-02-22 10:53 - 000043520 _____ (TODO: <Company name>) [Datei ist nicht signiert] C:\WINDOWS\System32\AvmFax.dll ==================== Alternate Data Streams (Nicht auf der Ausnahmeliste) ======== ==================== Abgesicherter Modus (Nicht auf der Ausnahmeliste) ================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Der Wert "AlternateShell" wird wiederhergestellt.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service" ==================== Verknüpfungen (Nicht auf der Ausnahmeliste) ================= ==================== Internet Explorer Vertrauenswürdig/Eingeschränkt ========== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt.) IE trusted site: HKU\.DEFAULT\...\localhost -> localhost IE trusted site: HKU\S-1-5-21-2216129787-3453094354-8666996-1006\...\localhost -> localhost ==================== Hosts Inhalt: ========================= (Wenn benötigt kann der Hosts: Schalter in die Fixlist aufgenommen werden um die Hosts Datei zurückzusetzen.) 2013-08-22 14:25 - 2013-08-22 14:25 - 000000824 _____ C:\WINDOWS\system32\drivers\etc\hosts ==================== Andere Bereiche =========================== (Aktuell gibt es keinen automatisierten Fix für diesen Bereich.) HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> C:\Program Files (x86)\Common Files\Oracle\Java\javapath;C:\ProgramData\Oracle\Java\javapath;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\SQL Anywhere 12\Bin32\;C:\Program Files (x86)\SQL Anywhere 16\Bin32\;C:\Program Files\Intel\WiFi\bin\;C:\Program Files\Common Files\Intel\WirelessCommon\;%SYSTEMROOT%\System32\OpenSSH\;C:\Program Files (x86)\Calibre2\ HKU\S-1-5-21-2216129787-3453094354-8666996-1006\Control Panel\Desktop\\Wallpaper -> C:\WINDOWS\web\wallpaper\Windows\img0.jpg DNS Servers: 192.168.178.1 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1) HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin) ist aktiviert. ==================== MSCONFIG/TASK MANAGER Deaktivierte Einträge == (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er entfernt.) HKLM\...\StartupApproved\Run32: => "ConnectionCenter" HKLM\...\StartupApproved\Run32: => "Redirector" HKU\S-1-5-21-2216129787-3453094354-8666996-1006\...\StartupApproved\Run: => "Copernic Desktop Search" HKU\S-1-5-21-2216129787-3453094354-8666996-1006\...\StartupApproved\Run: => "com.squirrel.Teams.Teams" ==================== Firewall Regeln (Nicht auf der Ausnahmeliste) ================ (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.) FirewallRules: [UDP Query User{C7596447-4F5E-4C5D-9951-E0CEB72AED0A}C:\users\michael\appdata\local\microsoft\teams\current\teams.exe] => (Allow) C:\users\michael\appdata\local\microsoft\teams\current\teams.exe (Microsoft Corporation -> Microsoft Corporation) FirewallRules: [TCP Query User{8F9E29F4-AFCF-440C-A925-27D285DC2A42}C:\users\michael\appdata\local\microsoft\teams\current\teams.exe] => (Allow) C:\users\michael\appdata\local\microsoft\teams\current\teams.exe (Microsoft Corporation -> Microsoft Corporation) FirewallRules: [UDP Query User{3988CFE6-008E-461A-B949-62F366AA09B2}C:\program files (x86)\keepass password safe 2\keepass.exe] => (Allow) C:\program files (x86)\keepass password safe 2\keepass.exe (Open Source Developer, Dominik Reichl -> Dominik Reichl) FirewallRules: [TCP Query User{52F7589F-9F82-41A3-AC5C-31001FD36ACC}C:\program files (x86)\keepass password safe 2\keepass.exe] => (Allow) C:\program files (x86)\keepass password safe 2\keepass.exe (Open Source Developer, Dominik Reichl -> Dominik Reichl) FirewallRules: [UDP Query User{31337D38-A9F2-4A9C-B15E-54623701E616}C:\program files (x86)\jivexdvlight\jre\bin\javaw.exe] => (Allow) C:\program files (x86)\jivexdvlight\jre\bin\javaw.exe FirewallRules: [TCP Query User{50705C51-DB84-437A-80F6-6268AC7B1E81}C:\program files (x86)\jivexdvlight\jre\bin\javaw.exe] => (Allow) C:\program files (x86)\jivexdvlight\jre\bin\javaw.exe FirewallRules: [UDP Query User{92B0F230-57A8-45E9-AE7D-22834323996B}C:\users\michael\appdata\local\temp\jivexviewer\jre\bin\jivex[dv] light] => (Allow) C:\users\michael\appdata\local\temp\jivexviewer\jre\bin\jivex[dv] light Keine Datei FirewallRules: [TCP Query User{81C0B524-782F-4A6E-A82E-AC8157B9B9AC}C:\users\michael\appdata\local\temp\jivexviewer\jre\bin\jivex[dv] light] => (Allow) C:\users\michael\appdata\local\temp\jivexviewer\jre\bin\jivex[dv] light Keine Datei FirewallRules: [UDP Query User{7319F006-B6C0-4D8F-B2C8-273675C7A623}C:\program files (x86)\fritz!\frifax32.exe] => (Allow) C:\program files (x86)\fritz!\frifax32.exe (AVM Computersysteme Vertriebs GmbH -> AVM Berlin) FirewallRules: [TCP Query User{A40C663E-121D-4416-9F7D-F54AABD6112D}C:\program files (x86)\fritz!\frifax32.exe] => (Allow) C:\program files (x86)\fritz!\frifax32.exe (AVM Computersysteme Vertriebs GmbH -> AVM Berlin) FirewallRules: [UDP Query User{B07C0303-881F-4BDB-B3CA-9B9B6AC77B01}C:\users\michael\appdata\local\temp\_istmp1.dir\_ins5576._mp] => (Allow) C:\users\michael\appdata\local\temp\_istmp1.dir\_ins5576._mp Keine Datei FirewallRules: [TCP Query User{53F9205D-2170-44F6-ABD1-E61E3827B10B}C:\users\michael\appdata\local\temp\_istmp1.dir\_ins5576._mp] => (Allow) C:\users\michael\appdata\local\temp\_istmp1.dir\_ins5576._mp Keine Datei FirewallRules: [{42E50DCC-BFFF-4FE1-AA49-819D8736FD09}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH) FirewallRules: [{2B46DA6E-FBF4-4BB4-A317-BCA1E50BF108}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH) FirewallRules: [{56A315BD-BF9C-4CBD-9143-13FFD186F898}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH) FirewallRules: [{B8DF855B-7E94-4205-B485-1CFD1A1468C3}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH) FirewallRules: [{E962594A-1E1F-49B7-8657-75C92C2CE7F4}] => (Allow) C:\Program Files (x86)\Copernic\DesktopSearch\x64\Copernic.DesktopSearch.exe (Copernic, a division of N. Harris Computer Systems) [Datei ist nicht signiert] FirewallRules: [{409F15B3-252C-4673-9A32-1FEB6C937006}] => (Allow) C:\Program Files (x86)\Copernic\DesktopSearch\Copernic.DesktopSearch.exe (N. Harris Computer Corporation -> Copernic, a division of N. Harris Computer Systems) FirewallRules: [UDP Query User{B6259554-160E-40A8-8388-0AB4B7D4CE3E}C:\program files (x86)\keepass password safe 2\keepass.exe] => (Allow) C:\program files (x86)\keepass password safe 2\keepass.exe (Open Source Developer, Dominik Reichl -> Dominik Reichl) FirewallRules: [TCP Query User{4EAE3EB8-6F4C-4BB6-B8C9-D837BA3C09A8}C:\program files (x86)\keepass password safe 2\keepass.exe] => (Allow) C:\program files (x86)\keepass password safe 2\keepass.exe (Open Source Developer, Dominik Reichl -> Dominik Reichl) FirewallRules: [{63D4F583-191A-4F60-A716-28FE82B91B7C}] => (Allow) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe (Intel Corporation-Wireless Connectivity Solutions -> ) FirewallRules: [UDP Query User{10480967-7743-4F21-BB14-5E7CBECA38D3}C:\program files (x86)\copernic\desktopsearch\copernic.desktopsearch.exe] => (Block) C:\program files (x86)\copernic\desktopsearch\copernic.desktopsearch.exe (N. Harris Computer Corporation -> Copernic, a division of N. Harris Computer Systems) FirewallRules: [TCP Query User{D922381D-8AF6-4909-90FA-C554D345E5F7}C:\program files (x86)\copernic\desktopsearch\copernic.desktopsearch.exe] => (Block) C:\program files (x86)\copernic\desktopsearch\copernic.desktopsearch.exe (N. Harris Computer Corporation -> Copernic, a division of N. Harris Computer Systems) FirewallRules: [{D73281C7-BDB7-468D-8482-A4898529273E}] => (Allow) C:\Users\xxx\AppData\Local\StarLeaf\Breeze\2\Breeze.exe (Starleaf Ltd -> StarLeaf) FirewallRules: [{55410149-ED2D-4A50-B304-97AD7DCAF1C4}] => (Allow) C:\Users\xxx\AppData\Local\StarLeaf\Breeze\1\Breeze.exe (Starleaf Ltd -> StarLeaf) FirewallRules: [UDP Query User{4E5656D0-CE09-4C82-8A6A-605EC54C87EC}C:\program files (x86)\copernic\desktopsearch\copernic.desktopsearch.exe] => (Allow) C:\program files (x86)\copernic\desktopsearch\copernic.desktopsearch.exe (N. Harris Computer Corporation -> Copernic, a division of N. Harris Computer Systems) FirewallRules: [TCP Query User{DCCB0C0E-E0DC-44D1-B240-695A6F5C1A3C}C:\program files (x86)\copernic\desktopsearch\copernic.desktopsearch.exe] => (Allow) C:\program files (x86)\copernic\desktopsearch\copernic.desktopsearch.exe (N. Harris Computer Corporation -> Copernic, a division of N. Harris Computer Systems) FirewallRules: [UDP Query User{BBD1C7A7-4F10-41A6-A246-773B988B0122}C:\users\xxx\appdata\roaming\dropbox\bin\dropbox.exe] => (Block) C:\users\xxx\appdata\roaming\dropbox\bin\dropbox.exe Keine Datei FirewallRules: [TCP Query User{7BBE6C67-F2A4-495B-B8DD-9C9EAAC84452}C:\users\xxx\appdata\roaming\dropbox\bin\dropbox.exe] => (Block) C:\users\xxx\appdata\roaming\dropbox\bin\dropbox.exe Keine Datei FirewallRules: [UDP Query User{E2A4A359-7EF7-4E55-BEC0-0F3EE50DC358}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation) FirewallRules: [TCP Query User{3E3A7B8B-6E88-4DE8-9A8A-0F004006FB36}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation) FirewallRules: [UDP Query User{C7B3D987-E38F-4E3C-A9C5-FD35FFCCC0E1}C:\program files (x86)\mozilla firefox\firefox.exe] => (Allow) C:\program files (x86)\mozilla firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation) FirewallRules: [TCP Query User{E7DA08B6-B124-4B75-AF53-58BCDA3BE7CD}C:\program files (x86)\mozilla firefox\firefox.exe] => (Allow) C:\program files (x86)\mozilla firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation) FirewallRules: [UDP Query User{36874983-D06A-45ED-83B4-22586B817DC5}C:\program files (x86)\internet explorer\iexplore.exe] => (Allow) C:\program files (x86)\internet explorer\iexplore.exe (Microsoft Corporation -> Microsoft Corporation) FirewallRules: [TCP Query User{4B8C5DA1-643E-4D96-920E-2D5D62BEF918}C:\program files (x86)\internet explorer\iexplore.exe] => (Allow) C:\program files (x86)\internet explorer\iexplore.exe (Microsoft Corporation -> Microsoft Corporation) FirewallRules: [{594275C9-3149-4774-BAC3-A6190249D54B}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation) FirewallRules: [{141E5018-9DF5-4536-82CE-23A912864BE1}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation) FirewallRules: [{5DE52B69-B45B-4898-8A6E-6F730897587E}] => (Allow) LPort=19540 FirewallRules: [{B0BAF218-D1D9-4E31-9C61-CB3E57E32489}] => (Allow) C:\Program Files\silex technology\SX Virtual Link\Connect.exe (silex technology, Inc. -> silex technology, Inc.) FirewallRules: [{85D6C233-2F54-4762-A55B-C6A5F7BFA0E4}] => (Allow) C:\Program Files (x86)\Lexware\Update Service\Hmg.InstallationService.Service.exe Keine Datei FirewallRules: [{C21CD597-FAF0-4091-AC8D-6A3DE0467FEE}] => (Allow) C:\Program Files (x86)\Lexware\Update Service\Hmg.InstallationService.Service.exe Keine Datei FirewallRules: [{C76A8D87-E154-4055-888A-128F5284C455}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation) FirewallRules: [{40430C97-1136-41A4-8713-4089D7F5B690}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation) FirewallRules: [{AA3E919F-C581-4798-A1F0-16743886E751}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe (Microsoft Corporation -> Microsoft Corporation) FirewallRules: [{2D272AD8-53D1-4732-803C-0878A0C567D2}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe (Microsoft Corporation -> Microsoft Corporation) FirewallRules: [TCP Query User{CFD8701D-465A-4353-9F1D-45428A0A6825}C:\program files\transmission\transmission-qt.exe] => (Allow) C:\program files\transmission\transmission-qt.exe Keine Datei FirewallRules: [UDP Query User{B8FF3D23-E450-46CE-A019-376D0E2AA5A3}C:\program files\transmission\transmission-qt.exe] => (Allow) C:\program files\transmission\transmission-qt.exe Keine Datei FirewallRules: [{0DF9C0D1-8E08-4768-9DD4-4FBBF1C0E4C3}] => (Allow) C:\Windows\System32\LogonUI.exe (Microsoft Windows -> Microsoft Corporation) FirewallRules: [{F0828781-5332-4502-A28A-1A31C7594413}] => (Allow) C:\Windows\System32\LogonUI.exe (Microsoft Windows -> Microsoft Corporation) FirewallRules: [{8DE6F01C-BFD1-440E-9E75-7F89F16A3642}] => (Allow) C:\Windows\System32\LogonUI.exe (Microsoft Windows -> Microsoft Corporation) FirewallRules: [{8460DD34-2C3A-48A1-B290-DF647AEDAC08}] => (Allow) C:\Windows\System32\LogonUI.exe (Microsoft Windows -> Microsoft Corporation) FirewallRules: [TCP Query User{F24E0676-3937-41DC-9615-7D3D65344251}C:\program files (x86)\rohos\welcome.exe] => (Allow) C:\program files (x86)\rohos\welcome.exe (Tesline-Service s.r.l. -> Tesline-Service SRL) FirewallRules: [UDP Query User{AE63D004-5664-4220-BAC9-28D94EEBB2D0}C:\program files (x86)\rohos\welcome.exe] => (Allow) C:\program files (x86)\rohos\welcome.exe (Tesline-Service s.r.l. -> Tesline-Service SRL) FirewallRules: [{7FBD0916-C44D-4BE6-A316-62F62D728156}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation) FirewallRules: [{B77DB1C8-D16E-4C80-AE27-D939002B8485}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation) FirewallRules: [{11D6F1C5-97A3-42FE-A37E-4B8F419CA7B1}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe (Microsoft Corporation -> Microsoft Corporation) FirewallRules: [{01F64546-0599-43D8-A10E-AB94B5AB2D05}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe (Microsoft Corporation -> Microsoft Corporation) FirewallRules: [{36471B40-5969-4A0B-B724-37BB4A9584EA}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation) FirewallRules: [{628BF9B0-F4D7-45D8-A2C8-47655435AD8D}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation) FirewallRules: [{735D400E-78B8-40C7-88A7-4E77540437B4}] => (Allow) C:\Program Files\HP\HP LaserJet M101-M106\bin\EWSProxy.exe (Hewlett Packard -> HP Inc.) FirewallRules: [{2A21F2C1-0188-4AC4-8449-E0F228080B22}] => (Allow) C:\Program Files\HP\HP LaserJet M101-M106\Bin\DeviceSetup.exe (Hewlett Packard -> HP Inc.) FirewallRules: [{18FF3AD1-7357-4110-B884-24BCFE33BD59}] => (Allow) LPort=5357 FirewallRules: [{7B9D054E-6448-4001-BA19-8CEC739D991A}] => (Allow) C:\Program Files\HP\HP LaserJet M101-M106\Bin\HPNetworkCommunicatorCom.exe (Hewlett Packard -> HP Inc.) FirewallRules: [{10A208E5-5F75-4050-9B73-4B8A6EA15FA9}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe (Microsoft Corporation -> Microsoft Corporation) FirewallRules: [{A2251CC3-B721-49F5-A927-B557E7288D22}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe (Microsoft Corporation -> Microsoft Corporation) FirewallRules: [{F93758B1-4EE9-43EE-8500-6FFB604FCB15}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation) FirewallRules: [{BDB56D3C-3502-4A48-8646-A22C215FD424}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation) FirewallRules: [{737CCAD7-FDC5-4513-9C59-EF1117BAB9EE}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.117.543.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd) FirewallRules: [{742EC125-4FE9-4706-9E20-42B6F73B0270}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.117.543.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd) FirewallRules: [{1ECD6DCE-C7BD-41D1-AC6A-4BC21C7630ED}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.117.543.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd) FirewallRules: [{9EFF43C3-900E-4B53-8E86-D778B4317784}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.117.543.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd) FirewallRules: [{BDB1077F-9EB9-4BC1-852B-5110CE6085F1}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.117.543.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd) FirewallRules: [{5268F1F1-3651-4364-80F1-849A671DBE9C}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.117.543.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd) FirewallRules: [{7141DFD3-A3A7-45D4-B46F-1811A8662CD8}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.117.543.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd) FirewallRules: [{A987C8E7-F03B-4256-A4A0-6151E7A32352}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.117.543.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd) FirewallRules: [{735FB1D0-7BF9-4A6F-AFF9-11CE41371438}] => (Block) C:\Program Files (x86)\Avira\SoftwareUpdater\avirasoftwareupdatertoastnotificationsbridge.exe (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG) FirewallRules: [{CADB07C6-133B-4C08-8E2C-211ED60BC879}] => (Allow) C:\Program Files (x86)\Avira\SoftwareUpdater\avirasoftwareupdatertoastnotificationsbridge.exe (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG) FirewallRules: [{5410BB78-558E-4856-9E20-328F7ACF61BC}] => (Allow) C:\Program Files (x86)\Avira\SoftwareUpdater\avirasoftwareupdatertoastnotificationsbridge.exe (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG) FirewallRules: [TCP Query User{6E04982D-2D44-472D-BCF7-DA9E53552833}C:\program files (x86)\instar\instar camera tool\instar camera tool.exe] => (Allow) C:\program files (x86)\instar\instar camera tool\instar camera tool.exe (INSTAR Deutschland GmbH) [Datei ist nicht signiert] FirewallRules: [UDP Query User{137DD80B-B1D9-4F65-81E2-03068318FDC4}C:\program files (x86)\instar\instar camera tool\instar camera tool.exe] => (Allow) C:\program files (x86)\instar\instar camera tool\instar camera tool.exe (INSTAR Deutschland GmbH) [Datei ist nicht signiert] FirewallRules: [{EFD8E259-CC28-4460-8E72-54386BE19671}] => (Block) C:\program files (x86)\instar\instar camera tool\instar camera tool.exe (INSTAR Deutschland GmbH) [Datei ist nicht signiert] FirewallRules: [{56CA0644-3333-48A3-84FB-4E36BC7FD021}] => (Block) C:\program files (x86)\instar\instar camera tool\instar camera tool.exe (INSTAR Deutschland GmbH) [Datei ist nicht signiert] FirewallRules: [{BEC4AA32-0B42-4BF8-8BE5-8C634DA95572}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC) FirewallRules: [{184202DF-79AE-4E7B-B6EE-D39C4AA2557B}] => (Allow) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe (Dropbox, Inc -> Dropbox, Inc.) FirewallRules: [{6A97B6DB-82EE-42DC-984D-702B76403840}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH) FirewallRules: [{F98DC8C1-0147-4EB6-AE7F-0217426A5CED}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH) FirewallRules: [{6CF4B630-2EF2-4247-9C8A-87A8184C5ACA}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH) FirewallRules: [{F91E81B9-1FC9-4D2B-B086-024FB6C44B76}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH) DomainProfile\AuthorizedApplications: [C:\Program Files (x86)\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe] => Enabled:Logitech Harmony Remote Software 7 StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe] => Enabled:Logitech Harmony Remote Software 7 ==================== Wiederherstellungspunkte ========================= 10-01-2020 18:40:35 Windows Update 17-01-2020 09:31:33 Windows Update 19-01-2020 15:55:18 Windows-Sicherung 27-01-2020 11:13:39 Windows-Sicherung ==================== Fehlerhafte Geräte im Gerätemanager ============ Name: Intel(R) Dual Band Wireless-AC 8265 Description: Intel(R) Dual Band Wireless-AC 8265 Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318} Manufacturer: Intel Corporation Service: Netwtw06 Problem: : This device is disabled. (Code 22) Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions. ==================== Fehlereinträge in der Ereignisanzeige: ======================== Applikationsfehler: ================== Error: (01/30/2020 08:39:14 PM) (Source: CertEnroll) (EventID: 87) (User: NT-AUTORITÄT) Description: Fehler bei der SCEP-Zertifikatregistrierung für WORKGROUP\PCxxxHOME$ über https://INTC-KeyId-5e73c89aa3e902b272b9f0741f7d8730e3ec724a.microsoftaik.azure.net/templates/Aik/scep: SubmitDone Submit(Request): Bad Request {"Message":"Attestation statement cannot be verified, rejecting request: 0x80070057."} HTTP/1.1 400 Bad Request Cache-Control: no-cache Date: Thu, 30 Jan 2020 19:39:13 GMT Pragma: no-cache Content-Length: 86 Content-Type: application/json; charset=utf-8 Expires: -1 x-ms-request-id: 738c44df-2c27-41c8-b02d-8a02f8f1c4bc Strict-Transport-Security: max-age=31536000;includeSubDomains X-Content-Type-Options: nosniff Methode: POST(1688ms) Phase: SubmitDone Ungültige Anforderung (400). 0x80190190 (-2145844848 HTTP_E_STATUS_BAD_REQUEST) Error: (01/30/2020 08:38:21 PM) (Source: VSS) (EventID: 8193) (User: ) Description: Volumeschattenkopie-Dienstfehler: Beim Aufrufen von Routine "CoCreateInstance" ist ein unerwarteter Fehler aufgetreten. hr = 0x8007045b, Der Computer wird heruntergefahren. . Error: (01/30/2020 08:38:21 PM) (Source: VSS) (EventID: 13) (User: ) Description: Volumenschattenkopie-Dienst-Informationen: Der COM-Server mit CLSID {4e14fba2-2e22-11d1-9964-00c04fbbb345} und dem Namen "CEventSystem" kann nicht gestartet werden. [0x8007045b, Der Computer wird heruntergefahren. ] Error: (01/30/2020 08:38:21 PM) (Source: VSS) (EventID: 8193) (User: ) Description: Volumeschattenkopie-Dienstfehler: Beim Aufrufen von Routine "CoCreateInstance" ist ein unerwarteter Fehler aufgetreten. hr = 0x8007045b, Der Computer wird heruntergefahren. . Error: (01/30/2020 08:38:21 PM) (Source: VSS) (EventID: 13) (User: ) Description: Volumenschattenkopie-Dienst-Informationen: Der COM-Server mit CLSID {4e14fba2-2e22-11d1-9964-00c04fbbb345} und dem Namen "CEventSystem" kann nicht gestartet werden. [0x8007045b, Der Computer wird heruntergefahren. ] Error: (01/30/2020 08:38:19 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Name der fehlerhaften Anwendung: ZeroConfigService.exe, Version: 19.60.0.0, Zeitstempel: 0x58d16fa6 Name des fehlerhaften Moduls: ZeroConfigService.exe, Version: 19.60.0.0, Zeitstempel: 0x58d16fa6 Ausnahmecode: 0xc0000409 Fehleroffset: 0x000000000022af80 ID des fehlerhaften Prozesses: 0x15dc Startzeit der fehlerhaften Anwendung: 0x01d5d79e70aaaa2c Pfad der fehlerhaften Anwendung: C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe Pfad des fehlerhaften Moduls: C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe Berichtskennung: 9c0d9421-3e09-4483-96ee-ed82d08b1e91 Vollständiger Name des fehlerhaften Pakets: Anwendungs-ID, die relativ zum fehlerhaften Paket ist: Error: (01/30/2020 08:28:46 PM) (Source: ESENT) (EventID: 455) (User: ) Description: svchost (14548,R,98) TILEREPOSITORYS-1-5-18: Fehler -1023 (0xfffffc01) beim Öffnen von Protokolldatei C:\WINDOWS\system32\config\systemprofile\AppData\Local\TileDataLayer\Database\EDB.log. Error: (01/30/2020 08:13:22 PM) (Source: ESENT) (EventID: 455) (User: ) Description: svchost (11536,R,98) TILEREPOSITORYS-1-5-18: Fehler -1023 (0xfffffc01) beim Öffnen von Protokolldatei C:\WINDOWS\system32\config\systemprofile\AppData\Local\TileDataLayer\Database\EDB.log. Systemfehler: ============= Error: (01/30/2020 08:42:15 PM) (Source: DCOM) (EventID: 10010) (User: NT-AUTORITÄT) Description: Der Server "{784E29F4-5EBE-4279-9948-1E8FE941646D}" konnte innerhalb des angegebenen Zeitabschnitts mit DCOM nicht registriert werden. Error: (01/30/2020 08:38:21 PM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: Dienst "Intel(R) PROSet/Wireless Zero Configuration Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert. Error: (01/30/2020 07:55:38 PM) (Source: DCOM) (EventID: 10010) (User: NT-AUTORITÄT) Description: Der Server "{784E29F4-5EBE-4279-9948-1E8FE941646D}" konnte innerhalb des angegebenen Zeitabschnitts mit DCOM nicht registriert werden. Error: (01/30/2020 07:51:57 PM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: Dienst "Intel(R) PROSet/Wireless Zero Configuration Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert. Error: (01/30/2020 07:32:06 PM) (Source: DCOM) (EventID: 10010) (User: NT-AUTORITÄT) Description: Der Server "{F3B4E234-7A68-4E43-B813-E4BA55A065F6}" konnte innerhalb des angegebenen Zeitabschnitts mit DCOM nicht registriert werden. Error: (01/30/2020 04:33:19 PM) (Source: DCOM) (EventID: 10010) (User: NT-AUTORITÄT) Description: Der Server "{784E29F4-5EBE-4279-9948-1E8FE941646D}" konnte innerhalb des angegebenen Zeitabschnitts mit DCOM nicht registriert werden. Error: (01/30/2020 02:05:51 PM) (Source: DCOM) (EventID: 10010) (User: NT-AUTORITÄT) Description: Der Server "{784E29F4-5EBE-4279-9948-1E8FE941646D}" konnte innerhalb des angegebenen Zeitabschnitts mit DCOM nicht registriert werden. Error: (01/30/2020 12:40:20 PM) (Source: DCOM) (EventID: 10010) (User: NT-AUTORITÄT) Description: Der Server "{784E29F4-5EBE-4279-9948-1E8FE941646D}" konnte innerhalb des angegebenen Zeitabschnitts mit DCOM nicht registriert werden. Windows Defender: =================================== Date: 2020-01-30 19:43:38.403 Description: Windows Defender Antivirus hat Schadsoftware oder andere potenziell unerwünschte Software erkannt. Weitere Informationen: https://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:Win32/Tiggre!rfn&threatid=2147723625&enterprise=0 Name: Trojan:Win32/Tiggre!rfn ID: 2147723625 Schweregrad: Schwerwiegend Kategorie: Trojaner Pfad: file:_L:\DHL_Jan 21 2020 at 1.40_8ZP290_PDF.exe Erkennungsursprung: Lokaler Computer Erkennungstype: FastPath Erkennungsquelle: System Benutzer: NT-AUTORITÄT\SYSTEM Prozessname: Unknown Sicherheitsversion: AV: 1.307.3275.0, AS: 1.307.3275.0, NIS: 1.307.3275.0 Modulversion: AM: 1.1.16600.7, NIS: 1.1.16600.7 Date: 2020-01-30 17:43:47.670 Description: Windows Defender Antivirus hat Schadsoftware oder andere potenziell unerwünschte Software erkannt. Weitere Informationen: https://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:Win32/Tiggre!rfn&threatid=2147723625&enterprise=0 Name: Trojan:Win32/Tiggre!rfn ID: 2147723625 Schweregrad: Schwerwiegend Kategorie: Trojaner Pfad: file:_L:\DHL_Jan 21 2020 at 1.40_8ZP290_PDF.exe Erkennungsursprung: Lokaler Computer Erkennungstype: FastPath Erkennungsquelle: Echtzeitschutz Benutzer: PCxxxHOME\Michael Prozessname: C:\Windows\explorer.exe Sicherheitsversion: AV: 1.307.3275.0, AS: 1.307.3275.0, NIS: 1.307.3275.0 Modulversion: AM: 1.1.16600.7, NIS: 1.1.16600.7 Date: 2020-01-30 17:32:25.398 Description: Windows Defender Antivirus hat Schadsoftware oder andere potenziell unerwünschte Software erkannt. Weitere Informationen: https://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:Win32/Tiggre!rfn&threatid=2147723625&enterprise=0 Name: Trojan:Win32/Tiggre!rfn ID: 2147723625 Schweregrad: Schwerwiegend Kategorie: Trojaner Pfad: file:_L:\DHL_Jan 21 2020 at 1.40_8ZP290_PDF.exe Erkennungsursprung: Lokaler Computer Erkennungstype: FastPath Erkennungsquelle: Echtzeitschutz Benutzer: PCxxxHOME\Michael Prozessname: C:\Windows\explorer.exe Sicherheitsversion: AV: 1.307.3275.0, AS: 1.307.3275.0, NIS: 1.307.3275.0 Modulversion: AM: 1.1.16600.7, NIS: 1.1.16600.7 Date: 2020-01-30 17:30:49.467 Description: Windows Defender Antivirus hat Schadsoftware oder andere potenziell unerwünschte Software erkannt. Weitere Informationen: https://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:Win32/Tiggre!rfn&threatid=2147723625&enterprise=0 Name: Trojan:Win32/Tiggre!rfn ID: 2147723625 Schweregrad: Schwerwiegend Kategorie: Trojaner Pfad: file:_L:\DHL_Jan 21 2020 at 1.40_8ZP290_PDF.exe Erkennungsursprung: Lokaler Computer Erkennungstype: FastPath Erkennungsquelle: Echtzeitschutz Benutzer: PCxxxHOME\Michael Prozessname: C:\Windows\explorer.exe Sicherheitsversion: AV: 1.307.3275.0, AS: 1.307.3275.0, NIS: 1.307.3275.0 Modulversion: AM: 1.1.16600.7, NIS: 1.1.16600.7 Date: 2020-01-30 17:30:19.655 Description: Windows Defender Antivirus hat Schadsoftware oder andere potenziell unerwünschte Software erkannt. Weitere Informationen: https://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:Win32/Tiggre!rfn&threatid=2147723625&enterprise=0 Name: Trojan:Win32/Tiggre!rfn ID: 2147723625 Schweregrad: Schwerwiegend Kategorie: Trojaner Pfad: file:_L:\DHL_Jan 21 2020 at 1.40_8ZP290_PDF.exe Erkennungsursprung: Lokaler Computer Erkennungstype: FastPath Erkennungsquelle: Echtzeitschutz Benutzer: PCxxxHOME\Michael Prozessname: C:\Windows\explorer.exe Sicherheitsversion: AV: 1.307.3275.0, AS: 1.307.3275.0, NIS: 1.307.3275.0 Modulversion: AM: 1.1.16600.7, NIS: 1.1.16600.7 Date: 2020-01-30 20:37:55.765 Description: Fehler des Windows Defender Antivirus-Echtzeitschutz-Features. Feature: Verhaltensüberwachung Fehlercode: 0x80508023 Fehlerbeschreibung: Auf dem Gerät wurde keine Schadsoftware oder andere potenziell unerwünschte Software gefunden. Ursache: Die Antischadsoft-Sicherheitsfunktion wurde aus unbekanntem Grund beendet. Möglicherweise kann das Problem durch einen Neustart des Diensts behoben werden. Date: 2020-01-17 09:34:35.239 Description: Bei Windows Defender Antivirus ist ein Fehler beim Aktualisieren der Sicherheitsinformationen aufgetreten. Neue Version der Sicherheitsinformationen: %Vorherige Version der Sicherheitsinformationen: 1.307.2496.0 Update Source: Microsoft Update-Server Sicherheitstyp: AntiVirus Updatetyp: Voll Benutzer: NT-AUTORITÄT\SYSTEM Aktuelle Modulversion: %Vorherige Modulversion: 1.1.16600.7 Fehlercode: 0x80240016 Fehlerbeschreibung: Unerwartetes Problem bei der Überprüfung auf Updates. Informationen zum Installieren von Updates oder zur Problembehandlung finden Sie unter "Hilfe und Support". CodeIntegrity: =================================== Date: 2020-01-30 20:37:49.697 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files (x86)\Avira\Antivirus\avirasecuritycenteragent.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\Avira\Antivirus\libcurl.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2019-10-22 10:36:29.640 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2019-10-22 10:36:29.088 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2019-10-22 10:36:28.424 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2019-10-22 10:36:27.876 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2019-10-22 10:35:27.780 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2019-10-22 10:35:26.026 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2019-10-22 10:35:25.375 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements. ==================== Speicherinformationen =========================== BIOS: Intel Corp. BNKBL357.86A.0052.2017.0918.1346 09/18/2017 Hauptplatine: Intel Corporation NUC7i5BNB Prozessor: Intel(R) Core(TM) i5-7260U CPU @ 2.20GHz Prozentuale Nutzung des RAM: 60% Installierter physikalischer RAM: 8084.01 MB Verfügbarer physikalischer RAM: 3170.05 MB Summe virtueller Speicher: 10068.01 MB Verfügbarer virtueller Speicher: 5244.91 MB ==================== Laufwerke ================================ Drive c: () (Fixed) (Total:231.55 GB) (Free:89.87 GB) NTFS Drive d: (System-reserviert) (Fixed) (Total:0.34 GB) (Free:0.09 GB) NTFS ==>[System mit Startkomponenten (eingeholt von Laufwerk)] \\?\Volume{357f493a-ca5e-4de8-b84b-aff429db63bb}\ () (Fixed) (Total:0.77 GB) (Free:0.31 GB) NTFS \\?\Volume{ce61e2b2-b289-4008-9c82-7fa777634b5e}\ () (Fixed) (Total:0.1 GB) (Free:0.07 GB) FAT32 ==================== MBR & Partitionstabelle ==================== ========================================================== Disk: 0 (MBR Code: Windows 7/8/10) (Size: 232.9 GB) (Disk ID: 1790FC26) Partition: GPT. ==================== Ende von Addition.txt ======================= |
Themen zu Beim unachtsamen Öffnen wohl Win32/Tiggre!rfn eingefangen |
askbar, avdevprot, backup, defender, eingefangen, elemente, externe, externen, festplatte, festplatten, file, gefangen, gen, handel, hilfe, hilfe!, platte, platten, ransamware, ransomware, schwerwiegende, schwerwiegenden, sigcheck, troja, trojaner, trojaner eingefangen, win, windows, windows defender, windowsapps |