|
Log-Analyse und Auswertung: Auf Microsoft Mitarbeiter hereingefallenWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
26.02.2020, 18:13 | #1 |
| Auf Microsoft Mitarbeiter hereingefallen Hallo Gemeinde, leider bin ich auf einen vermeintlichen Micosoft Mitarbeiter hereingefallen, mir war die Problematik nicht bekannt (jetzt schon). Als ersten habe ich das Tool AnyDesk installiert und dem Typen nach anfänglichem Zögern dann doch Zugriff auf meinen PC gegeben. Dann habe ich mich in einen Mail-Account ein- und wieder ausgeloggt. Den Account hatte ich kurz zuvor für eine Win 10 Installation angelegt, das PW habe ich dann später wieder geändert. Die Fragen nach einloggen in Paypal oder Ebay habe ich verneint, worauf mein Gegenüber laut wurde und ziemlich frustriert klang. Nachdem ich das Gespäch beendet hatte, habe ich mich über meine Suchmaschine zu dem Thema eingelesen, halt ein bischen zu spät. Dann habe ich die Programme TotalAV und Malwarebytes installiert und mein System gescannt. Die Log-Datei von Malwarebytes habe ich noch, die von TotalAV ist nach dem Deinstallieren nicht mehr zu finden. Zusätzlich habe ich FRST64 laufen lassen, bin allerdings mit der Analyse der Logs überfordert. Wäre schön, wenn jemand sich die Dateien anschauen kann und mir mitteilen, ob mein PC gefährdet ist. Zusätzlich habe ich noch einige weitere Log-/Trace Dateien, z.B. ad_svc.trace, aber da weiß ich nicht, ob die von Nutzen sind. FRST.txt: Code:
ATTFilter Untersuchungsergebnis von Farbar Recovery Scan Tool (FRST) (x64) Version: 16-02-2020 durchgeführt von Administrator (Administrator) auf USER-PC (21-02-2020 21:13:41) Gestartet von D:\Analyse_FRST Geladene Profile: Administrator (Verfügbare Profile: User & Administrator) Platform: Windows 10 Home Version 1909 18363.657 (X64) Sprache: Deutsch (Deutschland) Standard-Browser: Edge Start-Modus: Normal Anleitung für Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Prozesse (Nicht auf der Ausnahmeliste) ================= (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Prozess geschlossen. Die Datei wird nicht verschoben.) () [Datei ist nicht signiert] C:\Windows\SysWOW64\ASGT.exe () [Datei ist nicht signiert] D:\Programme\Creative Suite CS2\Adobe Version Cue CS2\data\database\bin\mysqld-nt.exe (Adobe Inc. -> Adobe Systems) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Inc. -> Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe (Adobe Inc. -> Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe (Adobe Systems Incorporated) [Datei ist nicht signiert] D:\Programme\Creative Suite CS2\Adobe Version Cue CS2\bin\VersionCueCS2.exe (Adobe Sytems Incorporated) [Datei ist nicht signiert] D:\Programme\Creative Suite CS2\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe (AVAST Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe (AVAST Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe (AVAST Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\wsc_proxy.exe (CyberLink Corp. -> CyberLink Corp.) C:\Program Files (x86)\CyberLink\Shared files\PDStyleAgent\PDStyleAgent.exe (Hewlett-Packard Company -> HP) C:\Windows\System32\HPSIsvc.exe (Intel Corporation -> Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe (Intel Corporation -> Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe (Intel Corporation -> Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation -> Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel® Upgrade Service -> Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe (LAVASOFT SOFTWARE CANADA INC -> ) C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.WCAssistant.WinService.exe (Malwarebytes Inc -> Malwarebytes) D:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe (Malwarebytes Inc -> Malwarebytes) D:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe (McAfee, LLC -> McAfee, Inc.) C:\Program Files\McAfee\WebAdvisor\servicehost.exe (McAfee, LLC -> McAfee, Inc.) C:\Program Files\McAfee\WebAdvisor\uihost.exe (Microsoft Corporation -> Microsoft Corporation) C:\Users\Administrator\AppData\Local\Microsoft\OneDrive\OneDrive.exe (Microsoft Corporation -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe (Microsoft Corporation -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe (Microsoft Corporation -> Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe (Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.WindowsStore_12002.1001.1.0_x64__8wekyb3d8bbwe\WinStore.App.exe (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\browser_broker.exe (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\MicrosoftEdgeCP.exe (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\MicrosoftEdgeSH.exe (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\mqsvc.exe (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\usocoreworker.exe (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\wbem\WMIADAP.exe (Mozilla Corporation -> Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (National Instruments Corporation -> National Instruments Corporation) C:\Windows\SysWOW64\lkads.exe (National Instruments Corporation -> National Instruments Corporation) C:\Windows\SysWOW64\lktsrv.exe (National Instruments Corporation -> National Instruments Corporation) D:\Programme\MultiSIM BLUE\MAX\nimxs.exe (National Instruments Corporation -> National Instruments Corporation) D:\Programme\MultiSIM BLUE\Shared\mDNS Responder\nimdnsResponder.exe (National Instruments Corporation -> National Instruments Corporation) D:\Programme\MultiSIM BLUE\Shared\NI Network Discovery\niDiscSvc.exe (National Instruments Corporation -> National Instruments Corporation) D:\Programme\MultiSIM BLUE\Shared\NI WebServer\ApplicationWebServer.exe (National Instruments Corporation -> National Instruments Corporation) D:\Programme\MultiSIM BLUE\Shared\NI WebServer\NIWebServiceContainer.exe (National Instruments Corporation -> National Instruments Corporation) D:\Programme\MultiSIM BLUE\Shared\NI WebServer\NIWebServiceContainer.exe (National Instruments Corporation -> National Instruments Corporation) D:\Programme\MultiSIM BLUE\Shared\NI WebServer\SystemWebServer.exe (National Instruments Corporation -> National Instruments Corporation) D:\Programme\MultiSIM BLUE\Shared\niauth\niauth_daemon.exe (National Instruments Corporation -> National Instruments Corporation) D:\Programme\MultiSIM BLUE\Shared\nisvcloc\nisvcloc.exe (National Instruments Corporation -> National Instruments Corporation) D:\Programme\MultiSIM BLUE\Shared\Security\nidmsrv.exe (National Instruments Corporation -> National Instruments Corporation) D:\Programme\MultiSIM BLUE\Shared\Tagger\tagsrv.exe (National Instruments Corporation -> National Instruments, Inc.) C:\Windows\SysWOW64\lkcitdl.exe (NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe (NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe (NVIDIA Corporation -> NVIDIA Corporation) C:\Windows\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_90685a092bcf58c7\Display.NvContainer\NVDisplay.Container.exe (NVIDIA Corporation -> NVIDIA Corporation) C:\Windows\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_90685a092bcf58c7\Display.NvContainer\NVDisplay.Container.exe (Paramount Software UK Ltd -> Paramount Software UK Ltd) C:\Program Files\Macrium\Common\MacriumService.exe (Paramount Software UK Ltd -> Paramount Software UK Ltd) C:\Program Files\Macrium\Common\ReflectMonitor.exe (Paramount Software UK Ltd -> Paramount Software UK Ltd) C:\Program Files\Macrium\Common\ReflectUI.exe (Protected Antivirus Limited -> TotalAV) C:\Program Files (x86)\TotalAV\SecurityService.exe (Protected Antivirus Limited -> TotalAV) C:\Program Files (x86)\TotalAV\TotalAV.exe (Symantec Corporation -> Symantec Corporation) C:\Program Files\Norton Security\Engine\22.20.1.69\NortonSecurity.exe (Symantec Corporation -> Symantec Corporation) C:\Program Files\Norton Security\Engine\22.20.1.69\NortonSecurity.exe (Symantec Corporation -> Symantec Corporation) C:\Program Files\Norton Security\Engine\22.20.1.69\nsWscSvc.exe (TomTom International BV -> TomTom) D:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe ==================== Registry (Nicht auf der Ausnahmeliste) =================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt. Die Datei wird nicht verschoben.) HKLM\...\Run: [VX3000] => C:\Windows\vVX3000.exe HKLM\...\Run: [Reflect UI] => C:\Program Files\Macrium\Common\ReflectUI.exe [6544000 2020-02-18] (Paramount Software UK Ltd -> Paramount Software UK Ltd) HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvLaunch.exe [268680 2020-02-21] (AVAST Software s.r.o. -> AVAST Software) HKLM-x32\...\Run: [Adobe Version Cue CS2] => d:\Programme\Creative Suite CS2\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe [856064 2005-04-06] (Adobe Sytems Incorporated) [Datei ist nicht signiert] HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Beschränkung <==== ACHTUNG HKU\S-1-5-21-3117796367-4178473136-720949512-500\...\Run: [Sidebar] => %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun HKLM\Software\...\Authentication\Credential Providers: [{503739d0-4c5e-4cfd-b3ba-d881334f0df2}] -> Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk [2013-01-03] ShortcutTarget: Adobe Gamma Loader.lnk -> C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.) [Datei ist nicht signiert] Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma.lnk [2015-12-07] ShortcutTarget: Adobe Gamma.lnk -> C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.) [Datei ist nicht signiert] GroupPolicy: Beschränkung ? <==== ACHTUNG FF HKLM\SOFTWARE\Policies\Mozilla\Firefox: Beschränkung <==== ACHTUNG ==================== Geplante Aufgaben (Nicht auf der Ausnahmeliste) ============ (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.) Task: {00373401-86E2-4C6F-8AD1-147C10BAC95E} - System32\Tasks\{F94C0187-191F-4F82-9E4F-10DC337AEE7D} => C:\Program Files\REFLEX\REFLEX.exe [1957888 2006-08-11] (Dipl.-Ing. Stefan Kunde) [Datei ist nicht signiert] Task: {0144ADC1-3349-4556-B8C3-4BB652AE15E2} - System32\Tasks\GarminUpdaterTask => C:\Program Files (x86)\Garmin\Express SelfUpdater\ExpressSelfUpdater.exe [40432 2019-06-18] (Garmin International, Inc. -> ) Task: {06FD8BB6-0EE4-4FE9-BE22-37E97A732CCB} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscovery => C:\WINDOWS\ehome\ehPrivJob.exe Task: {0745258E-92BB-4097-97FF-AC9A121FFFBA} - System32\Tasks\Microsoft\Windows\MobilePC\HotStart => {06DA0625-9701-43da-BFD7-FBEEA2180A1E} Task: {0D8F68DF-4972-47A8-9B5F-5CAA4009FBCD} - System32\Tasks\{21E33836-65A7-43B5-A525-4DB75F723006} => C:\Windows\system32\pcalua.exe -a "D:\Programme\Adobe\Photoshop Elements 2\PhotoshopElements.exe" -d "d:\programme\adobe\photoshop elements 2" Task: {15EDD3FD-D0B1-4BEA-81E3-446B137E40A4} - System32\Tasks\Norton Security\Norton Security Error Analyzer => C:\Program Files\Norton Security\Engine\22.20.1.69\SymErr.exe [116392 2020-01-21] (Symantec Corporation -> Symantec Corporation) Task: {19034955-4E02-4A3C-B0CE-34C9108A8B01} - System32\Tasks\Microsoft\Windows\Media Center\ObjectStoreRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe Task: {1B4FF543-B4CA-4348-8D4D-0DEE5F8E091F} - System32\Tasks\Norton WSC Integration => C:\Program Files\Norton Security\Engine\22.20.1.69\WSCStub.exe [570824 2020-01-21] (Symantec Corporation -> Symantec Corporation) Task: {24C7A747-EBD8-477A-9777-D045C522AA53} - System32\Tasks\Microsoft\Windows\Media Center\InstallPlayReady => C:\WINDOWS\ehome\ehPrivJob.exe Task: {24D62DAC-336B-48F1-A695-34996C3EB190} - System32\Tasks\Microsoft\Windows\Media Center\PvrRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe Task: {26CCA1D9-B3E8-48E1-BA9C-DF76496F1A97} - System32\Tasks\{ACEFF45C-B41E-49BC-A2F2-8FC9CB3CB6D4} => C:\Windows\system32\pcalua.exe -a I:\avm_fritz!wlan_usb_stick_n_v2_x64_build_141114.exe -d I:\ Task: {29CCC389-6FB3-455E-8830-B29701008B58} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473 => C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe [177376 2016-08-12] (Intel(R) Update Manager -> Intel Corporation) Task: {2B2B89EF-0B37-4274-9999-A32CA402586A} - System32\Tasks\Norton Identity Safe\Norton Error Processor => C:\Program Files (x86)\Norton Identity Safe\Engine\2014.7.11.42\SymErr.exe Task: {304CA12D-5F97-403E-9AEB-B370DADC664C} - System32\Tasks\{7B6B4885-C76F-4D1B-89B1-1B7273E30179} => E:\Programme\REFLEX_Disk_orginal\Setup.exe Task: {35435D98-9C20-4578-91D9-E3D562CCAD46} - System32\Tasks\Microsoft\Windows\Media Center\RecordingRestart => C:\WINDOWS\ehome\ehrec.exe Task: {465F778B-704A-4F63-AEC4-03726E9DF2E6} - System32\Tasks\Microsoft\Windows\SideShow\AutoWake => {E51DFD48-AA36-4B45-BB52-E831F02E8316} Task: {46849855-3E56-4060-999E-95153F69523A} - System32\Tasks\NIUpdateServiceCheckTask => D:\Programme\MultiSIM BLUE\Shared\Update Service\NIUpdateService.exe [864032 2015-06-04] (National Instruments Corporation -> National Instruments) Task: {486D715E-6AA2-44CF-BC48-B6990CBB53C6} - System32\Tasks\Microsoft\Windows\Shell\WindowsParentalControlsMigration => {343D770D-7788-47c2-B62A-B7C4CED925CB} Task: {49EF230F-F50C-4C06-AE0A-F9DD39725794} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate => C:\WINDOWS\ehome\mcupdate.exe Task: {4A5B93B1-B142-44C5-B1AD-B9C5F372CDB3} - System32\Tasks\{03C5725C-AF47-42F7-93BC-D6F3FF5F35DD} => C:\Windows\system32\pcalua.exe -a "C:\Program Files (x86)\InstallShield Installation Information\{CCAAB887-B452-4D7C-9D5A-C02B7C48F664}\setup.exe" -c -runfromtemp -l0x0009 -removeonly Task: {4AC76B47-6A9E-4227-AF0A-E320679167AF} - System32\Tasks\Remediation\AntimalwareMigrationTask => C:\Program Files\Common Files\AV\Norton Security\Upgrade.exe [1926304 2020-01-21] (Symantec Corporation -> Symantec Corporation) Task: {4DF5088A-E9C0-449B-8367-2DA82BA79D38} - System32\Tasks\Adobe Flash Player NPAPI Notifier => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_32_0_0_330_Plugin.exe [1458232 2020-02-11] (Adobe Inc. -> Adobe) Task: {50EEDC52-A882-40FC-8FF8-9AA6A7F1D779} - System32\Tasks\Microsoft\Windows\Media Center\ConfigureInternetTimeService => C:\WINDOWS\ehome\ehPrivJob.exe Task: {51537553-7A16-48FD-A2B7-FF5CF5B133F4} - System32\Tasks\CreateChoiceProcessTask => C:\Windows\System32\browserchoice.exe Task: {51A0645C-4879-4D94-909C-039E9DC771A4} - System32\Tasks\AdobeGCInvoker-1.0 => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [2872400 2019-10-08] (Adobe Inc. -> Adobe Systems, Incorporated) Task: {554C8F9B-62BE-40B0-902F-67B1E820E841} - System32\Tasks\Microsoft\Windows\Media Center\MediaCenterRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe Task: {5B42DD9C-5A26-4F27-BB95-34603F0997E5} - System32\Tasks\Microsoft\Windows\Shell\WindowsParentalControls => {DFA14C43-F385-4170-99CC-1B7765FA0E4A} Task: {5E1A7D90-E982-4D7D-B418-F2B776A5132A} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files\Microsoft Office\Office16\msoia.exe [416432 2015-07-31] (Microsoft Corporation -> Microsoft Corporation) Task: {627C577E-27EB-46E4-947A-469B0BBC9E75} - System32\Tasks\Microsoft\Windows\Media Center\OCURDiscovery => C:\WINDOWS\ehome\ehPrivJob.exe Task: {662D5214-3957-46A7-925A-D36D8A8CF296} - System32\Tasks\Microsoft\Windows\Media Center\ActivateWindowsSearch => C:\WINDOWS\ehome\ehPrivJob.exe Task: {69E8631E-2B56-479D-906A-C225578392BE} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW2 => C:\WINDOWS\ehome\ehPrivJob.exe Task: {6B956E8E-C874-4AAA-85D4-2F8CB4E4A930} - System32\Tasks\Microsoft\Windows\Media Center\OCURActivate => C:\WINDOWS\ehome\ehPrivJob.exe Task: {6C5BBA14-0EC2-4276-87EB-E8A13DD8C58D} - System32\Tasks\Norton Identity Safe\Norton Error Analyzer => C:\Program Files (x86)\Norton Identity Safe\Engine\2014.7.11.42\SymErr.exe Task: {6C6638D6-1178-4A7D-9BD9-2B22AAAE6CAE} - System32\Tasks\{51AF0A1C-EB1D-48A6-A12A-8BD6CB5E7C7A} => C:\Program Files\REFLEX\REFLEX.exe [1957888 2006-08-11] (Dipl.-Ing. Stefan Kunde) [Datei ist nicht signiert] Task: {6CBAAB21-07BE-497B-8426-296F40DBA83B} - System32\Tasks\Microsoft\Windows\SideShow\SessionAgent => {45F26E9E-6199-477F-85DA-AF1EDfE067B1} Task: {6E5F10EA-6984-4702-9823-D96027FBC968} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files\Microsoft Office\Office16\msoia.exe [416432 2015-07-31] (Microsoft Corporation -> Microsoft Corporation) Task: {703BC16C-AC61-4956-98A6-3AC4E7FCC509} - System32\Tasks\Avast Software\Overseer => C:\Program Files\Common Files\AVAST Software\Overseer\overseer.exe [1835112 2020-02-21] (Avast Software s.r.o. -> AVAST Software) Task: {706FB1F5-918C-4872-945F-ABE6370DB2AF} - System32\Tasks\{D9CC3429-0EC6-422D-9355-9C47A00E0106} => H:\Setup.exe Task: {75B24E4B-928D-4C63-B838-63611005114D} - System32\Tasks\PowerDirectorStyleAgent => C:\Program Files (x86)\CyberLink\Shared files\PDStyleAgent\PDStyleAgent.exe [100536 2018-11-20] (CyberLink Corp. -> CyberLink Corp.) Task: {77801784-39BB-444E-A04E-07B7D842F8E4} - System32\Tasks\Microsoft\Windows\Media Center\RegisterSearch => C:\WINDOWS\ehome\ehPrivJob.exe Task: {79C9D9C9-39AF-4BCA-852B-140ABA1CA00F} - System32\Tasks\Microsoft\Windows\SideShow\GadgetManager => {FF87090D-4A9A-4f47-879B-29A80C355D61} Task: {7DCFC2D2-58EC-44AF-B529-52182733232B} - System32\Tasks\Microsoft\Windows\Media Center\PeriodicScanRetry => C:\WINDOWS\ehome\MCUpdate.exe Task: {80EF865F-2611-4896-82F5-E8F550AF9910} - System32\Tasks\Microsoft\Windows\Media Center\UpdateRecordPath => C:\WINDOWS\ehome\ehPrivJob.exe Task: {81335E64-3327-49E7-91F9-D216F6271889} - System32\Tasks\Microsoft\Windows\Media Center\ReindexSearchRoot => C:\WINDOWS\ehome\ehPrivJob.exe Task: {8EB889E0-9F45-4B30-9637-BD223F3F0B5A} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW1 => C:\WINDOWS\ehome\ehPrivJob.exe Task: {94DFE080-0656-4F85-9F97-A19EFF8905A2} - System32\Tasks\Avast Emergency Update => C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe [3933576 2020-02-21] (AVAST Software s.r.o. -> AVAST Software) Task: {9841D725-7645-4307-8F6C-32ECD9A574D8} - System32\Tasks\NIUpdateServiceStartupTask => D:\Programme\MultiSIM BLUE\Shared\Update Service\NIUpdateService.exe [864032 2015-06-04] (National Instruments Corporation -> National Instruments) Task: {9D70F8C0-E88F-44E7-9F4C-4F9934476222} - System32\Tasks\Microsoft\Windows\Media Center\SqlLiteRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe Task: {9E046479-6D66-46D4-A445-398C6103BC79} - System32\Tasks\ASUS\ASUS Product Register Service => C:\Program Files (x86)\ASUS\APRP\aprp.exe [1134752 2014-03-25] (ASUSTeK Computer Inc. -> ASUSTek Computer Inc.) [Datei ist nicht signiert] Task: {A719FC46-0F7A-4A97-9A73-BFCF4E4AC033} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1240656 2019-09-10] (Adobe Inc. -> Adobe Systems) Task: {A8FCF7C3-48FB-44BC-B4C5-2D9D5B5C7540} - System32\Tasks\Microsoft\Windows Live\SOXE\Extractor Definitions Update Task => {3519154C-227E-47F3-9CC9-12C3F05817F1} Task: {AD40D70A-8823-47F6-BB1B-09A7B743B740} - System32\Tasks\Microsoft\Windows\Media Center\DispatchRecoveryTasks => C:\WINDOWS\ehome\ehPrivJob.exe Task: {AFAC467F-9038-4903-81B6-345E74D0C159} - System32\Tasks\Microsoft\Windows\SideShow\SystemDataProviders => {7CCA6768-8373-4D28-8876-83E8B4E3A969} Task: {B0CBAB43-44FC-469B-A4CE-87426761FDCE} - System32\Tasks\Microsoft\Windows\PerfTrack\BackgroundConfigSurveyor => {EA9155A3-8A39-40b4-8963-D3C761B18371} Task: {BD15F63A-CDA4-4DF6-95A9-F347A95AED91} - System32\Tasks\Norton Security\Norton Security Error Processor => C:\Program Files\Norton Security\Engine\22.20.1.69\SymErr.exe [116392 2020-01-21] (Symantec Corporation -> Symantec Corporation) Task: {BDE5F286-8D10-4F72-9817-5DE73DC937BA} - System32\Tasks\klcp_update => C:\Program Files (x86)\K-Lite Codec Pack\Tools\CodecTweakTool.exe [1179648 2018-05-31] () [Datei ist nicht signiert] Task: {BF45E867-449F-4586-9C14-CAD1E627899A} - System32\Tasks\Microsoft\Microsoft Antimalware\Microsoft Antimalware Scheduled Scan => C:\Program Files\Microsoft Security Client\MpCmdRun.exe Task: {C11DC53B-359E-4C37-BA49-849464ABF883} - System32\Tasks\Microsoft\Windows\Media Center\ehDRMInit => C:\WINDOWS\ehome\ehPrivJob.exe Task: {C41E6508-28AA-4544-8021-6BB72B5AE9EE} - System32\Tasks\{F9234997-D0F3-49E9-BC0B-D25FC0999621} => E:\Programme\REFLEX_Disk_orginal\Setup.exe Task: {CBB2AD9F-EB26-4F35-AFFB-CCCD154CF3E6} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [335416 2020-02-11] (Adobe Inc. -> Adobe) Task: {D433A0B2-9645-4EBC-A23C-FE2D90611AA9} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office16\OLicenseHeartbeat.exe [316632 2015-07-31] (Microsoft Corporation -> Microsoft Corporation) Task: {DFDDB22F-6D80-468E-9C84-408F108D60D5} - System32\Tasks\Microsoft\Windows\Media Center\PvrScheduleTask => C:\WINDOWS\ehome\mcupdate.exe Task: {F521D26B-29CF-42B2-9816-0C6E5012C87A} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473-Logon => C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe [177376 2016-08-12] (Intel(R) Update Manager -> Intel Corporation) Task: {F5D5362C-7C23-44C4-A1E4-7506EE833548} - System32\Tasks\Norton Security\Norton Security Autofix => C:\Program Files\Norton Security\Engine\22.20.1.69\SymErr.exe [116392 2020-01-21] (Symantec Corporation -> Symantec Corporation) Task: {F84B275C-96CA-4CCB-967E-188535D88A50} - System32\Tasks\Norton Security Scan for User => C:\Program Files (x86)\Norton Security Scan\Engine\4.6.1.179\Nss.exe [848912 2019-02-15] (Symantec Corporation -> Symantec Corporation) (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Aufgabe verschoben. Die Datei, die durch die Aufgabe gestartet wird, wird nicht verschoben.) Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe ==================== Internet (Nicht auf der Ausnahmeliste) ==================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Eintrag entfernt oder auf den Standardwert zurückgesetzt, wenn es sich um einen Registryeintrag handelt.) Tcpip\Parameters: [DhcpNameServer] 192.168.2.1 192.168.2.1 Tcpip\..\Interfaces\{617352C6-2DDE-43AD-AD04-8CDBB084892E}: [DhcpNameServer] 192.168.0.2 Tcpip\..\Interfaces\{aecb796b-42ab-4d0f-9adc-1307d037fa0f}: [DhcpNameServer] 192.168.2.1 192.168.2.1 Tcpip\..\Interfaces\{DABF6221-436A-4F16-8D52-5F00DD24CE30}: [NameServer] 192.168.2.1 Tcpip\..\Interfaces\{e985985c-d5cc-4738-8537-7dcde7f42dfb}: [DhcpNameServer] 192.168.42.129 Internet Explorer: ================== HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www1.euro.dell.com/content/default.aspx?c=de&l=de&s=gen HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www1.euro.dell.com/content/default.aspx?c=de&l=de&s=gen HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com/ie HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.symantec.com/redirects/security_response/fix_homepage/index.jsp?lg=de&pid=NIS&pvid=21.7.0.11 SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office16\OCHelper.dll [2019-12-19] (Microsoft Corporation -> Microsoft Corporation) BHO: Norton Password Manager -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files\Norton Security\Engine\22.20.1.69\coIEPlg.dll [2020-01-21] (Symantec Corporation -> Symantec Corporation) BHO: McAfee WebAdvisor -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> C:\Program Files\McAfee\WebAdvisor\x64\IEPlugin.dll [2020-02-21] (McAfee, LLC -> McAfee, Inc.) BHO: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office16\GROOVEEX.DLL [2018-07-20] (Microsoft Corporation -> Microsoft Corporation) BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office16\OCHelper.dll [2019-12-17] (Microsoft Corporation -> Microsoft Corporation) BHO-x32: PDF Architect 4 Helper -> {38279E1A-7019-40C1-B579-E99DFB3312E8} -> C:\Program Files (x86)\PDF Architect 4\creator-ie-helper.dll [2016-08-05] (pdfforge GmbH -> pdfforge GmbH) BHO-x32: Norton Password Manager -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files\Norton Security\Engine32\22.20.1.69\coIEPlg.dll [2020-01-21] (Symantec Corporation -> Symantec Corporation) BHO-x32: Norton Vulnerability Protection -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> C:\Program Files (x86)\Norton Internet Security\Engine\21.7.0.11\IPS\IPSBHO.DLL => Keine Datei BHO-x32: McAfee WebAdvisor -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> C:\Program Files\McAfee\WebAdvisor\win32\IEPlugin.dll [2020-02-21] (McAfee, LLC -> McAfee, Inc.) BHO-x32: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office16\GROOVEEX.DLL [2018-07-22] (Microsoft Corporation -> Microsoft Corporation) Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Security\Engine\22.20.1.69\coIEPlg.dll [2020-01-21] (Symantec Corporation -> Symantec Corporation) Toolbar: HKLM-x32 - PDF Architect 4 Toolbar - {23FD9C33-A9E1-48A1-8404-E5925CF1C8E1} - C:\Program Files (x86)\PDF Architect 4\creator-ie-plugin.dll [2016-08-05] (pdfforge GmbH -> pdfforge GmbH) Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Security\Engine32\22.20.1.69\coIEPlg.dll [2020-01-21] (Symantec Corporation -> Symantec Corporation) Handler-x32: http - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll [2001-02-12] (Microsoft Corporation) [Datei ist nicht signiert] Handler-x32: http - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll [2001-02-12] (Microsoft Corporation) [Datei ist nicht signiert] Handler-x32: https - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll [2001-02-12] (Microsoft Corporation) [Datei ist nicht signiert] Handler-x32: https - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll [2001-02-12] (Microsoft Corporation) [Datei ist nicht signiert] Handler-x32: ipp - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll [2001-02-12] (Microsoft Corporation) [Datei ist nicht signiert] Handler-x32: msdaipp - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll [2001-02-12] (Microsoft Corporation) [Datei ist nicht signiert] Handler-x32: msdaipp - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll [2001-02-12] (Microsoft Corporation) [Datei ist nicht signiert] Handler: mso-minsb.16 - {3459B272-CC19-4448-86C9-DDC3B4B2FAD3} - C:\Program Files\Microsoft Office\Office16\MSOSB.DLL [2019-06-12] (Microsoft Corporation -> Microsoft Corporation) Handler-x32: mso-minsb.16 - {3459B272-CC19-4448-86C9-DDC3B4B2FAD3} - C:\Program Files (x86)\Microsoft Office\Office16\MSOSB.DLL [2019-06-12] (Microsoft Corporation -> Microsoft Corporation) Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\Office16\MSOSB.DLL [2019-06-12] (Microsoft Corporation -> Microsoft Corporation) Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\Office16\MSOSB.DLL [2019-06-12] (Microsoft Corporation -> Microsoft Corporation) FireFox: ======== FF DefaultProfile: eg6msmvl.default FF ProfilePath: C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\eg6msmvl.default [2020-02-21] FF ProfilePath: C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\hek75h9u.default-release [2020-02-21] FF Extension: (Avast Online Security) - C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\hek75h9u.default-release\Extensions\wrc@avast.com.xpi [2020-02-21] FF HKLM\...\Firefox\Extensions: [pdf_architect_4_conv@pdfarchitect.org] - C:\Program Files\PDF Architect 4\resources\pdfarchitect4firefoxextension FF Extension: (PDF Architect 4 Creator) - C:\Program Files\PDF Architect 4\resources\pdfarchitect4firefoxextension [2017-01-11] [] [ist nicht signiert] FF HKLM\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files\McAfee\WebAdvisor\e10ssaffplg.xpi FF Extension: (McAfee® WebAdvisor) - C:\Program Files\McAfee\WebAdvisor\e10ssaffplg.xpi [2020-02-21] FF HKLM-x32\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files\McAfee\WebAdvisor\e10ssaffplg.xpi FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_32_0_0_330.dll [2020-02-11] (Adobe Inc. -> ) FF Plugin: @java.com/DTPlugin,version=10.4.0 -> C:\Windows\system32\npDeployJava1.dll [2013-01-03] (Oracle America, Inc. -> Oracle Corporation) FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~2\Office16\NPSPWRAP.DLL [2015-07-31] (Microsoft Corporation -> Microsoft Corporation) FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [Keine Datei] FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_32_0_0_330.dll [2020-02-11] (Adobe Inc. -> ) FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1168638.dll [2012-10-04] (Adobe Systems, Inc.) [Datei ist nicht signiert] FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-06-07] (Intel® Identity Protection Technology Software -> Intel Corporation) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-06-07] (Intel® Identity Protection Technology Software -> Intel Corporation) FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2019-12-17] (Microsoft Corporation -> Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MIF5BA~1\Office16\NPSPWRAP.DLL [2015-07-31] (Microsoft Corporation -> Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation -> Microsoft Corporation) FF Plugin-x32: @videolan.org/vlc,version=2.0.8 -> D:\Programme\VLC\npvlc.dll [2019-08-14] (VideoLAN -> VideoLAN) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2020-02-04] (Adobe Inc. -> Adobe Systems Inc.) FF Plugin-x32: PDF Architect 4 -> C:\Program Files (x86)\PDF Architect 4\np-previewer.dll [2016-08-05] (pdfforge GmbH -> pdfforge GmbH) Chrome: ======= CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] ==================== Dienste (Nicht auf der Ausnahmeliste) =================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.) S3 Adobe LM Service; C:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [72704 2015-12-07] (Adobe Systems) [Datei ist nicht signiert] R2 Adobe Version Cue CS2; d:\Programme\Creative Suite CS2\Adobe Version Cue CS2\bin\VersionCueCS2.exe [163840 2005-04-06] (Adobe Systems Incorporated) [Datei ist nicht signiert] R2 AGMService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe [3147344 2019-10-08] (Adobe Inc. -> Adobe Systems, Incorporated) R2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2914896 2019-10-08] (Adobe Inc. -> Adobe Systems, Incorporated) R2 ASGT; C:\Windows\SysWOW64\ASGT.exe [48640 2015-05-29] () [Datei ist nicht signiert] S3 aswbIDSAgent; C:\Program Files\AVAST Software\Avast\aswidsagent.exe [6259592 2020-02-21] (AVAST Software s.r.o. -> AVAST Software) R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [996880 2020-02-21] (AVAST Software s.r.o. -> AVAST Software) R2 AvastWscReporter; C:\Program Files\AVAST Software\Avast\wsc_proxy.exe [57504 2020-02-21] (AVAST Software s.r.o. -> AVAST Software) S3 becldr3Service; C:\Program Files (x86)\BCL Technologies\easyConverter SDK 3\Common\becldr.exe [225280 2012-08-01] () [Datei ist nicht signiert] S3 ElfoService; C:\Program Files (x86)\ElsterFormular Update Service\bin\elfoService.exe [1284360 2019-02-20] (Bayerisches Landesamt fuer Steuern -> ) R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1155216 2015-07-24] (NVIDIA Corporation -> NVIDIA Corporation) R2 HPSIService; C:\Windows\system32\HPSIsvc.exe [127800 2010-04-07] (Hewlett-Packard Company -> HP) R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [129856 2012-07-19] (Intel Corporation -> Intel Corporation) S3 iumsvc; C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe [177376 2016-08-12] (Intel(R) Update Manager -> Intel Corporation) R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [166720 2012-07-19] (Intel Corporation -> Intel Corporation) R2 LkCitadelServer; C:\Windows\SysWOW64\lkcitdl.exe [695136 2014-12-02] (National Instruments Corporation -> National Instruments, Inc.) R2 lkClassAds; C:\Windows\SysWOW64\lkads.exe [53032 2014-06-09] (National Instruments Corporation -> National Instruments Corporation) R2 lkTimeSync; C:\Windows\SysWOW64\lktsrv.exe [63280 2014-06-09] (National Instruments Corporation -> National Instruments Corporation) R2 MacriumService; C:\Program Files\Macrium\Common\MacriumService.exe [6447328 2020-02-18] (Paramount Software UK Ltd -> Paramount Software UK Ltd) R2 MBAMService; d:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe [6960640 2020-02-14] (Malwarebytes Inc -> Malwarebytes) R2 McAfee WebAdvisor; C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe [915832 2020-02-21] (McAfee, LLC -> McAfee, Inc.) R2 mxssvr; D:\Programme\MultiSIM BLUE\MAX\nimxs.exe [84280 2014-06-07] (National Instruments Corporation -> National Instruments Corporation) R2 NIApplicationWebServer; D:\Programme\MultiSIM BLUE\Shared\NI WebServer\ApplicationWebServer.exe [57184 2014-11-21] (National Instruments Corporation -> National Instruments Corporation) S4 NIApplicationWebServer64; C:\Program Files\National Instruments\Shared\NI WebServer\ApplicationWebServer.exe [80736 2014-11-21] (National Instruments Corporation -> National Instruments Corporation) R2 niauth; D:\Programme\MultiSIM BLUE\Shared\niauth\niauth_daemon.exe [569152 2014-10-23] (National Instruments Corporation -> National Instruments Corporation) R2 NIDomainService; D:\Programme\MultiSIM BLUE\Shared\Security\nidmsrv.exe [394544 2014-06-09] (National Instruments Corporation -> National Instruments Corporation) S3 NILM License Manager; D:\Programme\MultiSIM BLUE\Shared\License Manager\Bin\lmgrd.exe [1427688 2010-08-02] (National Instruments Corporation -> Macrovision Corporation) R2 nimDNSResponder; D:\Programme\MultiSIM BLUE\Shared\mDNS Responder\nimdnsResponder.exe [320368 2014-06-06] (National Instruments Corporation -> National Instruments Corporation) R2 NINetworkDiscovery; D:\Programme\MultiSIM BLUE\Shared\NI Network Discovery\niDiscSvc.exe [177536 2014-06-19] (National Instruments Corporation -> National Instruments Corporation) R2 NiSvcLoc; D:\Programme\MultiSIM BLUE\Shared\niSvcLoc\nisvcloc.exe [89928 2014-06-06] (National Instruments Corporation -> National Instruments Corporation) R2 NISystemWebServer; D:\Programme\MultiSIM BLUE\Shared\NI WebServer\SystemWebServer.exe [57168 2014-11-21] (National Instruments Corporation -> National Instruments Corporation) R2 NITaggerService; D:\Programme\MultiSIM BLUE\Shared\Tagger\tagsrv.exe [692040 2014-06-10] (National Instruments Corporation -> National Instruments Corporation) R2 NortonSecurity; C:\Program Files\Norton Security\Engine\22.20.1.69\NortonSecurity.exe [227352 2020-01-21] (Symantec Corporation -> Symantec Corporation) R2 nsWscSvc; C:\Program Files\Norton Security\Engine\22.20.1.69\nsWscSvc.exe [937528 2020-01-21] (Symantec Corporation -> Symantec Corporation) R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1881144 2016-06-15] (NVIDIA Corporation -> NVIDIA Corporation) S2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [2522680 2016-06-15] (NVIDIA Corporation -> NVIDIA Corporation) S3 PDF Architect 4; C:\Program Files\PDF Architect 4\ws.exe [2438880 2016-08-05] (pdfforge GmbH -> pdfforge GmbH) S3 PDF Architect 4 CrashHandler; C:\Program Files\PDF Architect 4\crash-handler-ws.exe [1038048 2016-08-05] (pdfforge GmbH -> pdfforge GmbH) S3 PDF Architect 4 Creator; C:\Program Files\PDF Architect 4\creator-ws.exe [851168 2016-08-05] (pdfforge GmbH -> pdfforge GmbH) S3 PDF Architect 4 Manager; C:\ProgramData\pdfforge\PDF Architect 4 Manager\PDF Architect 4\Architect Manager.exe [972056 2016-05-18] (pdfforge GmbH -> © pdfforge GmbH.) S3 PDF24; D:\Programme\PDF24\pdf24.exe [217736 2016-12-20] (Geek Software GmbH -> Geek Software GmbH) R2 SecurityService; C:\Program Files (x86)\TotalAV\SecurityService.exe [5268776 2019-12-16] (Protected Antivirus Limited -> TotalAV) R2 TomTomHOMEService; D:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe [99704 2019-02-11] (TomTom International BV -> TomTom) R2 WCAssistantService; C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.WCAssistant.WinService.exe [29272 2020-02-08] (LAVASOFT SOFTWARE CANADA INC -> ) S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [4098056 2019-03-19] (Microsoft Corporation -> Microsoft Corporation) S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [113992 2019-03-19] (Microsoft Corporation -> Microsoft Corporation) R2 NVDisplay.ContainerLocalSystem; C:\WINDOWS\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_90685a092bcf58c7\Display.NvContainer\NVDisplay.Container.exe -s NVDisplay.ContainerLocalSystem -f %ProgramData%\NVDisplay.ContainerLocalSystem.log -l 3 -d C:\WINDOWS\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_90685a092bcf58c7\Display.NvContainer\plugins\LocalSystem -r -p 30000 -cfg NVDisplay.ContainerLocalSystem\LocalSystem ===================== Treiber (Nicht auf der Ausnahmeliste) =================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.) R0 asahci64; C:\WINDOWS\System32\drivers\asahci64.sys [49760 2011-09-21] (ASMedia Technology Inc. -> Asmedia Technology) S3 aswArPot; C:\WINDOWS\System32\drivers\aswArPot.sys [204824 2020-02-21] (AVAST Software s.r.o. -> AVAST Software) S3 aswbidsdriver; C:\WINDOWS\System32\drivers\aswbidsdriver.sys [274456 2020-02-21] (AVAST Software s.r.o. -> AVAST Software) S3 aswbidsh; C:\WINDOWS\System32\drivers\aswbidsh.sys [209552 2020-02-21] (AVAST Software s.r.o. -> AVAST Software) S3 aswbuniv; C:\WINDOWS\System32\drivers\aswbuniv.sys [65120 2020-02-21] (AVAST Software s.r.o. -> AVAST Software) R0 aswElam; C:\WINDOWS\System32\drivers\aswElam.sys [16304 2020-02-21] (Microsoft Windows Early Launch Anti-Malware Publisher -> AVAST Software) R1 aswHdsKe; C:\WINDOWS\System32\drivers\aswHdsKe.sys [276952 2020-02-21] (AVAST Software s.r.o. -> AVAST Software) S3 aswKbd; C:\WINDOWS\System32\drivers\aswKbd.sys [42736 2020-02-21] (AVAST Software s.r.o. -> AVAST Software) R2 aswMonFlt; C:\WINDOWS\System32\drivers\aswMonFlt.sys [161544 2020-02-21] (AVAST Software s.r.o. -> AVAST Software) S3 aswRdr; C:\WINDOWS\System32\drivers\aswRdr2.sys [110320 2020-02-21] (AVAST Software s.r.o. -> AVAST Software) R0 aswRvrt; C:\WINDOWS\System32\drivers\aswRvrt.sys [83792 2020-02-21] (AVAST Software s.r.o. -> AVAST Software) S3 aswSnx; C:\WINDOWS\System32\drivers\aswSnx.sys [848432 2020-02-21] (AVAST Software s.r.o. -> AVAST Software) R1 aswSP; C:\WINDOWS\System32\drivers\aswSP.sys [460448 2020-02-21] (AVAST Software s.r.o. -> AVAST Software) S3 aswStm; C:\WINDOWS\System32\drivers\aswStm.sys [236024 2020-02-21] (AVAST Software s.r.o. -> AVAST Software) S3 aswVmm; C:\WINDOWS\System32\drivers\aswVmm.sys [316528 2020-02-21] (AVAST Software s.r.o. -> AVAST Software) R3 atmelwindrvr; C:\WINDOWS\system32\drivers\atmelwindrvr.sys [300488 2015-08-12] (Jungo Connectivity Ltd. -> Jungo Connectivity) R2 avgntflt; C:\WINDOWS\System32\DRIVERS\avgntflt.sys [195504 2019-07-01] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG) R1 avipbb; C:\WINDOWS\system32\DRIVERS\avipbb.sys [195816 2019-07-01] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG) R1 avkmgr; C:\WINDOWS\system32\DRIVERS\avkmgr.sys [46704 2019-07-01] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG) S3 avmeject; C:\WINDOWS\System32\drivers\avmeject.sys [14120 2010-10-22] (AVM Computersysteme Vertriebs GmbH -> AVM Berlin) R1 BHDrvx64; C:\Program Files\Norton Security\NortonData\22.19.9.63\Definitions\BASHDefs\20200214.001\BHDrvx64.sys [1952136 2020-01-14] (Symantec Corporation -> Symantec Corporation) R2 BrPar; C:\WINDOWS\System32\drivers\BrPar64a.sys [30528 2006-11-06] (Brother Industries, ltd. -> Brother Industries Ltd.) R1 ccSet_NGC; C:\WINDOWS\System32\drivers\NGCx64\1614010.045\ccSetx64.sys [192376 2020-01-21] (Symantec Corporation -> Symantec Corporation) R1 CLMirrorDriver; C:\WINDOWS\System32\drivers\CLMirrorDriver.sys [21264 2018-11-20] (CyberLink Corp. -> CyberLink) R3 dot4; C:\WINDOWS\system32\DRIVERS\Dot4.sys [151968 2012-10-18] (Hewlett-Packard Company -> Windows (R) Win 7 DDK provider) R3 Dot4Print; C:\WINDOWS\System32\drivers\Dot4Prt.sys [27040 2012-10-18] (Hewlett-Packard Company -> Windows (R) Win 7 DDK provider) R3 dot4usb; C:\WINDOWS\system32\DRIVERS\dot4usb.sys [49056 2012-10-18] (Hewlett-Packard Company -> Microsoft Corporation) R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [516784 2019-10-08] (Symantec Corporation -> Symantec Corporation) R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [154288 2020-01-20] (Symantec Corporation -> Symantec Corporation) S3 FTDIBUS; C:\WINDOWS\System32\drivers\ftdibus.sys [110912 2016-02-01] (Future Technology Devices International Ltd -> FTDI Ltd.) R1 IDSVia64; C:\Program Files\Norton Security\NortonData\22.19.9.63\Definitions\IPSDefs\20200221.061\IDSvia64.sys [1451016 2020-01-17] (Symantec Corporation -> Symantec Corporation) R4 IOMap; C:\WINDOWS\system32\drivers\IOMap64.sys [24824 2014-10-23] (ASUSTeK Computer Inc. -> ASUSTeK Computer Inc.) R3 MarvinBus; C:\WINDOWS\System32\drivers\MarvinBus64.sys [261120 2005-09-23] (Microsoft Windows Hardware Compatibility Publisher -> Pinnacle Systems GmbH) R2 MBAMChameleon; C:\WINDOWS\System32\Drivers\MbamChameleon.sys [214496 2020-02-21] (Malwarebytes Inc -> Malwarebytes) S0 MbamElam; C:\WINDOWS\System32\DRIVERS\MbamElam.sys [20936 2020-02-14] (Microsoft Windows Early Launch Anti-Malware Publisher -> Malwarebytes) R3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [248968 2020-02-21] (Malwarebytes Inc -> Malwarebytes) S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [28216 2016-06-15] (NVIDIA Corporation -> NVIDIA Corporation) R3 nvvad_WaveExtensible; C:\WINDOWS\system32\drivers\nvvad64v.sys [56384 2016-04-14] (NVIDIA Corporation -> NVIDIA Corporation) R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [711968 2019-06-04] (Realtek Semiconductor Corp. -> Realtek ) S3 silabenm; C:\WINDOWS\System32\DRIVERS\silabenm.sys [23552 2014-04-11] (Silicon Laboratories) [Datei ist nicht signiert] S3 silabser; C:\WINDOWS\System32\DRIVERS\silabser.sys [79360 2014-04-11] (Silicon Laboratories) [Datei ist nicht signiert] R3 SRTSP; C:\WINDOWS\System32\drivers\NGCx64\1614010.045\SRTSP64.SYS [889520 2020-01-21] (Symantec Corporation -> Symantec Corporation) R1 SRTSPX; C:\WINDOWS\System32\drivers\NGCx64\1614010.045\SRTSPX64.SYS [50864 2020-01-21] (Symantec Corporation -> Symantec Corporation) R0 SymEFASI; C:\WINDOWS\System32\drivers\NGCx64\1614010.045\SYMEFASI64.SYS [1964200 2020-01-21] (Symantec Corporation -> Symantec Corporation) S0 SymELAM; C:\WINDOWS\System32\drivers\NGCx64\1614010.045\SymELAM.sys [25744 2020-01-21] (Microsoft Windows Early Launch Anti-Malware Publisher -> Symantec Corporation) R3 SymEvent; C:\WINDOWS\system32\Drivers\SYMEVENT64x86.SYS [99848 2020-01-20] (Symantec Corporation -> Symantec Corporation) R3 SymEvnt; C:\Program Files\Norton Security\NortonData\22.19.9.63\SymPlatform\SymEvnt.sys [712368 2020-01-20] (Symantec Corporation -> Symantec Corporation) R1 SymIRON; C:\WINDOWS\System32\drivers\NGCx64\1614010.045\Ironx64.SYS [316656 2020-01-21] (Symantec Corporation -> Symantec Corporation) R1 SymNetS; C:\WINDOWS\System32\drivers\NGCx64\1614010.045\symnets.sys [573448 2020-01-21] (Symantec Corporation -> Symantec Corporation) S3 usbrndis6; C:\WINDOWS\System32\drivers\usb80236.sys [24576 2019-10-07] (Microsoft Windows -> Microsoft Corporation) S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [46472 2019-03-19] (Microsoft Windows Early Launch Anti-Malware Publisher -> Microsoft Corporation) S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [333784 2019-03-19] (Microsoft Windows -> Microsoft Corporation) S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [62432 2019-03-19] (Microsoft Windows -> Microsoft Corporation) R1 webshieldfilter; C:\WINDOWS\System32\drivers\webshieldfilter.sys [79048 2019-10-15] (Microsoft Windows Hardware Compatibility Publisher -> Windows (R) Win 7 DDK provider) R3 WinDriver6; C:\WINDOWS\system32\drivers\windrvr6.sys [268800 2014-01-28] (Jungo LTD -> Jungo Connectivity) R3 WNDA3100v3; C:\WINDOWS\system32\DRIVERS\WNDA3100v3.sys [2222736 2014-12-08] (MEDIATEK INC. -> MediaTek Inc.) S3 wpCtrlDrv_NGC; C:\WINDOWS\System32\drivers\NGCx64\1614010.045\wpCtrlDrv.sys [1012120 2020-01-21] (Symantec Corporation -> Symantec Corporation) U3 aswbdisk; kein ImagePath U3 idsvc; kein ImagePath ==================== NetSvcs (Nicht auf der Ausnahmeliste) =================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.) |
26.02.2020, 18:14 | #2 |
| Auf Microsoft Mitarbeiter hereingefallen FRST.txt Fortsetzung
__________________Code:
ATTFilter ==================== Ein Monat (erstellte) =================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.) 2020-02-21 21:13 - 2020-02-21 21:14 - 000000000 ____D C:\FRST 2020-02-21 21:07 - 2020-02-21 21:07 - 000001091 _____ C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\TotalAV.lnk 2020-02-21 21:07 - 2020-02-21 21:07 - 000000000 ____D C:\Users\Administrator\Documents\TotalAV 2020-02-21 21:06 - 2020-02-21 21:06 - 000248968 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys 2020-02-21 21:06 - 2020-02-21 21:06 - 000214496 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamChameleon.sys 2020-02-21 21:04 - 2020-02-21 21:04 - 000000000 ____D C:\Users\Administrator\AppData\Local\ElevatedDiagnostics 2020-02-21 20:49 - 2020-02-21 21:10 - 000000000 ____D C:\Users\Administrator\AppData\LocalLow\Mozilla 2020-02-21 20:49 - 2020-02-21 20:49 - 000000000 ____D C:\Users\Administrator\AppData\Roaming\Mozilla 2020-02-21 20:49 - 2020-02-21 20:49 - 000000000 ____D C:\Users\Administrator\AppData\Local\Mozilla 2020-02-21 20:40 - 2020-02-21 20:40 - 002008064 _____ (Farbar) C:\Users\User\Desktop\FRST.exe 2020-02-21 19:38 - 2020-02-21 20:38 - 000000000 ____D C:\ESD 2020-02-21 19:35 - 2020-02-21 19:35 - 000000000 ___HD C:\$Windows.~WS 2020-02-21 19:35 - 2020-02-21 19:35 - 000000000 ____D C:\$WINDOWS.~BT 2020-02-21 18:41 - 2020-02-21 18:41 - 000000000 ____D C:\WINDOWS\system32\Tasks\Remediation 2020-02-21 17:15 - 2020-02-21 17:15 - 000002054 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast Free Antivirus.lnk 2020-02-21 17:15 - 2020-02-21 17:15 - 000002042 _____ C:\Users\Public\Desktop\Avast Free Antivirus.lnk 2020-02-21 17:15 - 2020-02-21 17:15 - 000002042 _____ C:\ProgramData\Desktop\Avast Free Antivirus.lnk 2020-02-21 17:15 - 2020-02-21 17:15 - 000000000 ____D C:\Users\User\AppData\Roaming\AVAST Software 2020-02-21 17:15 - 2020-02-21 17:15 - 000000000 ____D C:\Users\Administrator\AppData\Roaming\AVAST Software 2020-02-21 17:15 - 2020-02-21 17:15 - 000000000 ____D C:\Users\Administrator\AppData\Local\CEF 2020-02-21 17:13 - 2020-02-21 17:13 - 000848432 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSnx.sys 2020-02-21 17:13 - 2020-02-21 17:13 - 000460448 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSP.sys 2020-02-21 17:13 - 2020-02-21 17:13 - 000316528 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswVmm.sys 2020-02-21 17:13 - 2020-02-21 17:13 - 000276952 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswHdsKe.sys 2020-02-21 17:13 - 2020-02-21 17:13 - 000236024 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswStm.sys 2020-02-21 17:13 - 2020-02-21 17:13 - 000161544 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswMonFlt.sys 2020-02-21 17:13 - 2020-02-21 17:13 - 000110320 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRdr2.sys 2020-02-21 17:13 - 2020-02-21 17:13 - 000083792 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRvrt.sys 2020-02-21 17:13 - 2020-02-21 17:13 - 000042736 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswKbd.sys 2020-02-21 17:13 - 2020-02-21 17:13 - 000016304 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswElam.sys 2020-02-21 17:13 - 2020-02-21 17:13 - 000003990 _____ C:\WINDOWS\system32\Tasks\Avast Emergency Update 2020-02-21 17:13 - 2020-02-21 17:13 - 000000000 ____D C:\WINDOWS\system32\Tasks\Avast Software 2020-02-21 17:13 - 2020-02-21 17:13 - 000000000 ____D C:\Program Files\Common Files\AVAST Software 2020-02-21 17:13 - 2020-02-21 17:12 - 000355720 _____ (AVAST Software) C:\WINDOWS\system32\aswBoot.exe 2020-02-21 17:13 - 2020-02-21 17:12 - 000274456 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswbidsdriver.sys 2020-02-21 17:13 - 2020-02-21 17:12 - 000209552 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswbidsh.sys 2020-02-21 17:13 - 2020-02-21 17:12 - 000204824 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswArPot.sys 2020-02-21 17:13 - 2020-02-21 17:12 - 000065120 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswbuniv.sys 2020-02-21 17:13 - 2020-02-21 17:12 - 000037616 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswArDisk.sys 2020-02-21 17:12 - 2020-02-21 17:12 - 000000000 ____D C:\Program Files\McAfee 2020-02-21 17:12 - 2020-02-21 17:12 - 000000000 ____D C:\Program Files\AVAST Software 2020-02-20 17:50 - 2020-02-20 17:50 - 000000000 ____D C:\Users\Administrator\AppData\Local\Comms 2020-02-20 17:45 - 2020-02-20 17:45 - 000000000 ____D C:\Users\Administrator\AppData\LocalLow\Adobe 2020-02-20 17:45 - 2020-02-20 17:45 - 000000000 ____D C:\Users\Administrator\AppData\Local\Adobe 2020-02-20 17:36 - 2020-02-21 19:33 - 000000000 ____D C:\Users\Administrator\AppData\Local\PlaceholderTileLogoFolder 2020-02-20 17:36 - 2020-02-21 17:37 - 000003376 _____ C:\WINDOWS\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-3117796367-4178473136-720949512-500 2020-02-20 17:36 - 2020-02-21 17:37 - 000000000 ___RD C:\Users\Administrator\OneDrive 2020-02-20 17:35 - 2020-02-20 17:35 - 000001450 _____ C:\Users\Administrator\Desktop\Microsoft Edge.lnk 2020-02-20 17:35 - 2020-02-20 17:35 - 000000000 ___HD C:\Users\Administrator\MicrosoftEdgeBackups 2020-02-20 17:35 - 2020-02-20 17:35 - 000000000 ____D C:\Users\Administrator\AppData\Roaming\FileZilla 2020-02-20 17:35 - 2020-02-20 17:35 - 000000000 ____D C:\Users\Administrator\AppData\Local\FileZilla 2020-02-20 17:34 - 2020-02-20 17:34 - 000000000 ____D C:\Users\Administrator\AppData\Local\MicrosoftEdge 2020-02-20 17:33 - 2020-02-21 19:33 - 000000000 ____D C:\Users\Administrator\AppData\Local\Packages 2020-02-20 17:33 - 2020-02-21 17:37 - 000002448 _____ C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk 2020-02-20 17:33 - 2020-02-20 17:45 - 000000000 ____D C:\Users\Administrator\AppData\Roaming\Adobe 2020-02-20 17:33 - 2020-02-20 17:36 - 000000000 ____D C:\Users\Administrator 2020-02-20 17:33 - 2020-02-20 17:33 - 000000020 ___SH C:\Users\Administrator\ntuser.ini 2020-02-20 17:33 - 2020-02-20 17:33 - 000000000 ___RD C:\Users\Administrator\3D Objects 2020-02-20 17:33 - 2020-02-20 17:33 - 000000000 ____D C:\Users\Administrator\AppData\Local\Publishers 2020-02-20 17:33 - 2020-02-20 17:33 - 000000000 ____D C:\Users\Administrator\AppData\Local\mbamtray 2020-02-20 17:33 - 2020-02-20 17:33 - 000000000 ____D C:\Users\Administrator\AppData\Local\ConnectedDevicesPlatform 2020-02-20 17:33 - 2014-07-24 19:30 - 000000000 ____D C:\Users\Administrator\AppData\Roaming\Garmin 2020-02-20 17:33 - 2013-01-05 20:00 - 000000000 ____D C:\Users\Administrator\AppData\Local\Microsoft Help 2020-02-20 17:33 - 2011-04-12 08:54 - 000000000 ____D C:\Users\Administrator\AppData\Roaming\Media Center Programs 2020-02-20 16:43 - 2020-02-20 16:42 - 002279424 _____ (Farbar) C:\Users\User\Desktop\FRST64.exe 2020-02-19 10:17 - 2020-02-19 10:51 - 000000634 _____ C:\Users\User\Desktop\Win10 ProductID.txt 2020-02-19 09:09 - 2020-02-19 09:09 - 000001657 _____ C:\Users\Public\Desktop\Macrium Reflect Backup&Cloning.lnk 2020-02-19 09:09 - 2020-02-19 09:09 - 000001657 _____ C:\ProgramData\Desktop\Macrium Reflect Backup&Cloning.lnk 2020-02-19 09:09 - 2020-02-19 09:09 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Macrium 2020-02-19 09:09 - 2020-02-19 09:09 - 000000000 ____D C:\Program Files\Macrium 2020-02-19 09:05 - 2020-02-19 09:10 - 000000000 ____D C:\ProgramData\Macrium 2020-02-15 16:50 - 2019-07-01 15:04 - 000195816 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avipbb.sys 2020-02-15 16:50 - 2019-07-01 15:04 - 000195504 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avgntflt.sys 2020-02-15 16:50 - 2019-07-01 15:04 - 000046704 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avkmgr.sys 2020-02-14 16:45 - 2020-02-14 16:45 - 000000000 ____D C:\Users\User\Documents\TotalAV 2020-02-14 16:45 - 2019-10-15 17:51 - 000079048 _____ (Windows (R) Win 7 DDK provider) C:\WINDOWS\system32\Drivers\webshieldfilter.sys 2020-02-14 16:43 - 2020-02-21 21:06 - 000000000 ____D C:\Program Files (x86)\TotalAV 2020-02-14 16:43 - 2020-02-14 16:43 - 000001091 _____ C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\TotalAV.lnk 2020-02-14 16:43 - 2020-02-14 16:43 - 000001066 _____ C:\Users\Public\Desktop\TotalAV.lnk 2020-02-14 16:43 - 2020-02-14 16:43 - 000001066 _____ C:\ProgramData\Desktop\TotalAV.lnk 2020-02-14 16:43 - 2020-02-14 16:43 - 000000000 ____D C:\ProgramData\TotalAV 2020-02-14 16:43 - 2020-02-14 16:43 - 000000000 ____D C:\ProgramData\SecuritySuite 2020-02-14 16:27 - 2020-02-14 16:27 - 000153312 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbae64.sys 2020-02-14 16:27 - 2020-02-14 16:27 - 000020936 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamElam.sys 2020-02-14 16:27 - 2020-02-14 16:27 - 000000989 _____ C:\Users\Public\Desktop\Malwarebytes.lnk 2020-02-14 16:27 - 2020-02-14 16:27 - 000000989 _____ C:\ProgramData\Desktop\Malwarebytes.lnk 2020-02-14 16:27 - 2020-02-14 16:27 - 000000000 ____D C:\Users\User\AppData\Local\mbamtray 2020-02-14 16:27 - 2020-02-14 16:27 - 000000000 ____D C:\Users\User\AppData\Local\mbam 2020-02-14 16:27 - 2020-02-14 16:27 - 000000000 ____D C:\Users\User\AppData\Local\cache 2020-02-14 16:27 - 2020-02-14 16:27 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes 2020-02-14 16:27 - 2020-02-14 16:27 - 000000000 ____D C:\ProgramData\Malwarebytes 2020-02-14 15:58 - 2020-02-14 15:58 - 000291606 _____ C:\Users\User\Downloads\TCPView.zip 2020-02-14 13:34 - 2020-02-14 13:34 - 000000000 ____D C:\Users\User\AppData\Roaming\AnyDesk 2020-02-14 09:26 - 2020-02-14 09:26 - 000002656 _____ C:\Users\User\Desktop\Word 2016.lnk 2020-02-14 09:25 - 2020-02-14 09:25 - 000002648 _____ C:\Users\User\Desktop\OneNote 2016.lnk 2020-02-14 09:25 - 2020-02-14 09:25 - 000002642 _____ C:\Users\User\Desktop\PowerPoint 2016.lnk 2020-02-14 09:25 - 2020-02-14 09:25 - 000002628 _____ C:\Users\User\Desktop\Publisher 2016.lnk 2020-02-14 09:24 - 2020-02-14 09:24 - 000002648 _____ C:\Users\User\Desktop\Excel 2016.lnk 2020-02-14 09:18 - 2020-02-14 09:18 - 000002729 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Outlook 2016.lnk 2020-02-14 09:18 - 2020-02-14 09:18 - 000002662 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OneDrive for Business.lnk 2020-02-14 09:18 - 2020-02-14 09:18 - 000002656 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Word 2016.lnk 2020-02-14 09:18 - 2020-02-14 09:18 - 000002656 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype for Business 2016.lnk 2020-02-14 09:18 - 2020-02-14 09:18 - 000002656 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Access 2016.lnk 2020-02-14 09:18 - 2020-02-14 09:18 - 000002648 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OneNote 2016.lnk 2020-02-14 09:18 - 2020-02-14 09:18 - 000002648 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Excel 2016.lnk 2020-02-14 09:18 - 2020-02-14 09:18 - 000002642 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PowerPoint 2016.lnk 2020-02-14 09:18 - 2020-02-14 09:18 - 000002628 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Publisher 2016.lnk 2020-02-14 09:18 - 2020-02-14 09:18 - 000000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2016-Tools 2020-02-14 09:18 - 2020-02-14 09:18 - 000000000 ____D C:\WINDOWS\PCHEALTH 2020-02-14 09:18 - 2020-02-14 09:18 - 000000000 ____D C:\Program Files\Microsoft SQL Server 2020-02-14 09:18 - 2020-02-14 09:18 - 000000000 ____D C:\Program Files\Common Files\DESIGNER 2020-02-14 09:15 - 2020-02-14 09:18 - 000000000 ____D C:\Program Files\Microsoft Office 2020-02-14 09:15 - 2020-02-14 09:15 - 000000000 __RHD C:\MSOCache 2020-02-14 09:15 - 2020-02-14 09:15 - 000000000 ____D C:\Program Files\Microsoft Analysis Services 2020-02-14 09:15 - 2020-02-14 09:15 - 000000000 ____D C:\Program Files (x86)\Microsoft Office 2020-02-14 09:15 - 2020-02-14 09:15 - 000000000 ____D C:\Program Files (x86)\Microsoft Analysis Services 2020-02-14 09:11 - 2020-02-14 09:11 - 000000000 ____D C:\ProgramData\ssh 2020-02-14 09:07 - 2020-02-14 09:07 - 025900032 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll 2020-02-14 09:07 - 2020-02-14 09:07 - 025444352 _____ (Microsoft Corporation) C:\WINDOWS\system32\Hydrogen.dll 2020-02-14 09:07 - 2020-02-14 09:07 - 022635008 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll 2020-02-14 09:07 - 2020-02-14 09:07 - 019850240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll 2020-02-14 09:07 - 2020-02-14 09:07 - 019813376 _____ (Microsoft Corporation) C:\WINDOWS\system32\HologramWorld.dll 2020-02-14 09:07 - 2020-02-14 09:07 - 018026496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll 2020-02-14 09:07 - 2020-02-14 09:07 - 009929016 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe 2020-02-14 09:07 - 2020-02-14 09:07 - 008013824 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstscax.dll 2020-02-14 09:07 - 2020-02-14 09:07 - 007905208 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll 2020-02-14 09:07 - 2020-02-14 09:07 - 007754752 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll 2020-02-14 09:07 - 2020-02-14 09:07 - 007600448 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll 2020-02-14 09:07 - 2020-02-14 09:07 - 007263992 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll 2020-02-14 09:07 - 2020-02-14 09:07 - 007259648 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll 2020-02-14 09:07 - 2020-02-14 09:07 - 007017472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstscax.dll 2020-02-14 09:07 - 2020-02-14 09:07 - 006519752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll 2020-02-14 09:07 - 2020-02-14 09:07 - 006435840 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll 2020-02-14 09:07 - 2020-02-14 09:07 - 006284800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll 2020-02-14 09:07 - 2020-02-14 09:07 - 006167552 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.pcshell.dll 2020-02-14 09:07 - 2020-02-14 09:07 - 006083832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll 2020-02-14 09:07 - 2020-02-14 09:07 - 005912064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll 2020-02-14 09:07 - 2020-02-14 09:07 - 005764664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll 2020-02-14 09:07 - 2020-02-14 09:07 - 005502464 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdp.dll 2020-02-14 09:07 - 2020-02-14 09:07 - 005112320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll 2020-02-14 09:07 - 2020-02-14 09:07 - 005041664 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll 2020-02-14 09:07 - 2020-02-14 09:07 - 004856832 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll 2020-02-14 09:07 - 2020-02-14 09:07 - 004575232 _____ (Microsoft Corporation) C:\WINDOWS\system32\msi.dll 2020-02-14 09:07 - 2020-02-14 09:07 - 004562896 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppsvc.exe 2020-02-14 09:07 - 2020-02-14 09:07 - 004538880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll 2020-02-14 09:07 - 2020-02-14 09:07 - 004470784 _____ (Microsoft Corporation) C:\WINDOWS\system32\InputService.dll 2020-02-14 09:07 - 2020-02-14 09:07 - 004470272 _____ (Microsoft Corporation) C:\WINDOWS\system32\xpsrchvw.exe 2020-02-14 09:07 - 2020-02-14 09:07 - 004348616 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Mirage.dll 2020-02-14 09:07 - 2020-02-14 09:07 - 004308480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cdp.dll 2020-02-14 09:07 - 2020-02-14 09:07 - 004129416 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll 2020-02-14 09:07 - 2020-02-14 09:07 - 004005888 _____ (Microsoft Corporation) C:\WINDOWS\system32\EdgeContent.dll 2020-02-14 09:07 - 2020-02-14 09:07 - 003967888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\explorer.exe 2020-02-14 09:07 - 2020-02-14 09:07 - 003820032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll 2020-02-14 09:07 - 2020-02-14 09:07 - 003792384 _____ (Microsoft Corporation) C:\WINDOWS\system32\diagtrack.dll 2020-02-14 09:07 - 2020-02-14 09:07 - 003728896 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys 2020-02-14 09:07 - 2020-02-14 09:07 - 003703296 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll 2020-02-14 09:07 - 2020-02-14 09:07 - 003590968 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys 2020-02-14 09:07 - 2020-02-14 09:07 - 003550208 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll 2020-02-14 09:07 - 2020-02-14 09:07 - 003525592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll 2020-02-14 09:07 - 2020-02-14 09:07 - 003484672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msi.dll 2020-02-14 09:07 - 2020-02-14 09:07 - 003372440 _____ (Microsoft Corporation) C:\WINDOWS\system32\combase.dll 2020-02-14 09:07 - 2020-02-14 09:07 - 003365376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xpsrchvw.exe 2020-02-14 09:07 - 2020-02-14 09:07 - 003263488 _____ (Microsoft Corporation) C:\WINDOWS\system32\tquery.dll 2020-02-14 09:07 - 2020-02-14 09:07 - 003243080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Mirage.dll 2020-02-14 09:07 - 2020-02-14 09:07 - 003110400 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll 2020-02-14 09:07 - 2020-02-14 09:07 - 002988552 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys 2020-02-14 09:07 - 2020-02-14 09:07 - 002870272 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssrch.dll 2020-02-14 09:07 - 2020-02-14 09:07 - 002861568 _____ (Microsoft Corporation) C:\WINDOWS\system32\xpsservices.dll 2020-02-14 09:07 - 2020-02-14 09:07 - 002800128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys 2020-02-14 09:07 - 2020-02-14 09:07 - 002773776 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll 2020-02-14 09:07 - 2020-02-14 09:07 - 002766088 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll 2020-02-14 09:07 - 2020-02-14 09:07 - 002755584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.tlb 2020-02-14 09:07 - 2020-02-14 09:07 - 002755584 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.tlb 2020-02-14 09:07 - 2020-02-14 09:07 - 002714624 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys 2020-02-14 09:07 - 2020-02-14 09:07 - 002703872 _____ (Microsoft Corporation) C:\WINDOWS\system32\WebRuntimeManager.dll 2020-02-14 09:07 - 2020-02-14 09:07 - 002584008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\combase.dll 2020-02-14 09:07 - 2020-02-14 09:07 - 002561536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tquery.dll 2020-02-14 09:07 - 2020-02-14 09:07 - 002493720 _____ (Microsoft Corporation) C:\WINDOWS\system32\msmpeg2vdec.dll 2020-02-14 09:07 - 2020-02-14 09:07 - 002314952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msmpeg2vdec.dll 2020-02-14 09:07 - 2020-02-14 09:07 - 002305536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssrch.dll 2020-02-14 09:07 - 2020-02-14 09:07 - 002284544 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll 2020-02-14 09:07 - 2020-02-14 09:07 - 002260176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll 2020-02-14 09:07 - 2020-02-14 09:07 - 002230232 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfasfsrcsnk.dll 2020-02-14 09:07 - 2020-02-14 09:07 - 002225160 _____ (Microsoft Corporation) C:\WINDOWS\system32\ResetEngine.dll 2020-02-14 09:07 - 2020-02-14 09:07 - 002084576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll 2020-02-14 09:07 - 2020-02-14 09:07 - 002071552 _____ (Microsoft Corporation) C:\WINDOWS\system32\ISM.dll 2020-02-14 09:07 - 2020-02-14 09:07 - 002032128 _____ C:\WINDOWS\system32\rdpnano.dll 2020-02-14 09:07 - 2020-02-14 09:07 - 001999960 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll 2020-02-14 09:07 - 2020-02-14 09:07 - 001916744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioEng.dll 2020-02-14 09:07 - 2020-02-14 09:07 - 001858560 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll 2020-02-14 09:07 - 2020-02-14 09:07 - 001841152 _____ C:\WINDOWS\system32\TextInputMethodFormatter.dll 2020-02-14 09:07 - 2020-02-14 09:07 - 001835128 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsrcsnk.dll 2020-02-14 09:07 - 2020-02-14 09:07 - 001830200 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpserverbase.dll 2020-02-14 09:07 - 2020-02-14 09:07 - 001757096 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi 2020-02-14 09:07 - 2020-02-14 09:07 - 001748480 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.desktop.dll 2020-02-14 09:07 - 2020-02-14 09:07 - 001743680 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppobjs.dll 2020-02-14 09:07 - 2020-02-14 09:07 - 001726480 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll 2020-02-14 09:07 - 2020-02-14 09:07 - 001693184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll 2020-02-14 09:07 - 2020-02-14 09:07 - 001687040 _____ (Microsoft Corporation) C:\WINDOWS\system32\XpsPrint.dll 2020-02-14 09:07 - 2020-02-14 09:07 - 001664696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\user32.dll 2020-02-14 09:07 - 2020-02-14 09:07 - 001664680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll 2020-02-14 09:07 - 2020-02-14 09:07 - 001657856 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll 2020-02-14 09:07 - 2020-02-14 09:07 - 001655880 _____ (Microsoft Corporation) C:\WINDOWS\system32\user32.dll 2020-02-14 09:07 - 2020-02-14 09:07 - 001610240 _____ (Microsoft Corporation) C:\WINDOWS\system32\HologramCompositor.dll 2020-02-14 09:07 - 2020-02-14 09:07 - 001602560 _____ (Microsoft Corporation) C:\WINDOWS\system32\dosvc.dll 2020-02-14 09:07 - 2020-02-14 09:07 - 001562424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rdpserverbase.dll 2020-02-14 09:07 - 2020-02-14 09:07 - 001541632 _____ (Microsoft Corporation) C:\WINDOWS\system32\wbengine.exe 2020-02-14 09:07 - 2020-02-14 09:07 - 001540096 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcorets.dll 2020-02-14 09:07 - 2020-02-14 09:07 - 001512320 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe 2020-02-14 09:07 - 2020-02-14 09:07 - 001505592 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpbase.dll 2020-02-14 09:07 - 2020-02-14 09:07 - 001489064 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsvr.dll 2020-02-14 09:07 - 2020-02-14 09:07 - 001482040 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ndis.sys 2020-02-14 09:07 - 2020-02-14 09:07 - 001481216 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpsharercom.dll 2020-02-14 09:07 - 2020-02-14 09:07 - 001480192 _____ (Microsoft Corporation) C:\WINDOWS\system32\usocoreworker.exe 2020-02-14 09:07 - 2020-02-14 09:07 - 001417760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfsrcsnk.dll 2020-02-14 09:07 - 2020-02-14 09:07 - 001412096 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettings.Handlers.dll 2020-02-14 09:07 - 2020-02-14 09:07 - 001398584 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvix64.exe 2020-02-14 09:07 - 2020-02-14 09:07 - 001394168 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinTypes.dll 2020-02-14 09:07 - 2020-02-14 09:07 - 001372160 _____ (Microsoft Corporation) C:\WINDOWS\system32\NotificationController.dll 2020-02-14 09:07 - 2020-02-14 09:07 - 001366128 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi 2020-02-14 09:07 - 2020-02-14 09:07 - 001319936 _____ (Microsoft Corporation) C:\WINDOWS\system32\webplatstorageserver.dll 2020-02-14 09:07 - 2020-02-14 09:07 - 001300280 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\http.sys 2020-02-14 09:07 - 2020-02-14 09:07 - 001284096 _____ (Microsoft Corporation) C:\WINDOWS\system32\werconcpl.dll 2020-02-14 09:07 - 2020-02-14 09:07 - 001283592 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecConfig.efi 2020-02-14 09:07 - 2020-02-14 09:07 - 001273856 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcore.dll 2020-02-14 09:07 - 2020-02-14 09:07 - 001272360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfasfsrcsnk.dll 2020-02-14 09:07 - 2020-02-14 09:07 - 001260544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rdpsharercom.dll 2020-02-14 09:07 - 2020-02-14 09:07 - 001218120 _____ (Microsoft Corporation) C:\WINDOWS\system32\ClipUp.exe 2020-02-14 09:07 - 2020-02-14 09:07 - 001216000 _____ (Microsoft Corporation) C:\WINDOWS\system32\sdclt.exe 2020-02-14 09:07 - 2020-02-14 09:07 - 001214976 _____ (Microsoft Corporation) C:\WINDOWS\system32\reseteng.dll 2020-02-14 09:07 - 2020-02-14 09:07 - 001213752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rdpbase.dll 2020-02-14 09:07 - 2020-02-14 09:07 - 001195008 _____ (Microsoft Corporation) C:\WINDOWS\system32\sdengin2.dll 2020-02-14 09:07 - 2020-02-14 09:07 - 001182232 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe 2020-02-14 09:07 - 2020-02-14 09:07 - 001170960 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpcrt4.dll 2020-02-14 09:07 - 2020-02-14 09:07 - 001154448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioSes.dll 2020-02-14 09:07 - 2020-02-14 09:07 - 001151816 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmpeg2srcsnk.dll 2020-02-14 09:07 - 2020-02-14 09:07 - 001149928 _____ (Microsoft Corporation) C:\WINDOWS\system32\ApplyTrustOffline.exe 2020-02-14 09:07 - 2020-02-14 09:07 - 001105776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfsvr.dll 2020-02-14 09:07 - 2020-02-14 09:07 - 001098720 _____ (Microsoft Corporation) C:\WINDOWS\system32\DolbyDecMFT.dll 2020-02-14 09:07 - 2020-02-14 09:07 - 001097216 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Immersive.dll 2020-02-14 09:07 - 2020-02-14 09:07 - 001083904 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusUpdateHandlers.dll 2020-02-14 09:07 - 2020-02-14 09:07 - 001083392 _____ (Microsoft Corporation) C:\WINDOWS\system32\clusapi.dll 2020-02-14 09:07 - 2020-02-14 09:07 - 001080832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rdpcore.dll 2020-02-14 09:07 - 2020-02-14 09:07 - 001077264 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvax64.exe 2020-02-14 09:07 - 2020-02-14 09:07 - 001060352 _____ (Microsoft Corporation) C:\WINDOWS\system32\termsrv.dll 2020-02-14 09:07 - 2020-02-14 09:07 - 001051448 _____ (Microsoft Corporation) C:\WINDOWS\system32\pidgenx.dll 2020-02-14 09:07 - 2020-02-14 09:07 - 001026792 _____ (Microsoft Corporation) C:\WINDOWS\system32\ClipSVC.dll 2020-02-14 09:07 - 2020-02-14 09:07 - 001009664 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll 2020-02-14 09:07 - 2020-02-14 09:07 - 001000960 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Mirage.Internal.dll 2020-02-14 09:07 - 2020-02-14 09:07 - 000996352 _____ (Microsoft Corporation) C:\WINDOWS\system32\sysmain.dll 2020-02-14 09:07 - 2020-02-14 09:07 - 000974336 _____ (Microsoft Corporation) C:\WINDOWS\system32\uDWM.dll 2020-02-14 09:07 - 2020-02-14 09:07 - 000952416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DolbyDecMFT.dll 2020-02-14 09:07 - 2020-02-14 09:07 - 000949248 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecurityHealthSSO.dll 2020-02-14 09:07 - 2020-02-14 09:07 - 000928120 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecurityHealthService.exe 2020-02-14 09:07 - 2020-02-14 09:07 - 000923136 _____ (Microsoft Corporation) C:\WINDOWS\system32\EdgeManager.dll 2020-02-14 09:07 - 2020-02-14 09:07 - 000916480 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Core.TextInput.dll 2020-02-14 09:07 - 2020-02-14 09:07 - 000913408 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasmans.dll 2020-02-14 09:07 - 2020-02-14 09:07 - 000904504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ReAgent.dll 2020-02-14 09:07 - 2020-02-14 09:07 - 000895488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Immersive.dll 2020-02-14 09:07 - 2020-02-14 09:07 - 000892488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WinTypes.dll 2020-02-14 09:07 - 2020-02-14 09:07 - 000891736 _____ (Microsoft Corporation) C:\WINDOWS\system32\ci.dll 2020-02-14 09:07 - 2020-02-14 09:07 - 000890368 _____ (Microsoft Corporation) C:\WINDOWS\system32\HolographicExtensions.dll 2020-02-14 09:07 - 2020-02-14 09:07 - 000882688 _____ (Microsoft Corporation) C:\WINDOWS\system32\CPFilters.dll 2020-02-14 09:07 - 2020-02-14 09:07 - 000875448 _____ (Microsoft Corporation) C:\WINDOWS\system32\wer.dll 2020-02-14 09:07 - 2020-02-14 09:07 - 000874296 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys 2020-02-14 09:07 - 2020-02-14 09:07 - 000864256 _____ (Microsoft Corporation) C:\WINDOWS\system32\netlogon.dll 2020-02-14 09:07 - 2020-02-14 09:07 - 000857088 _____ C:\WINDOWS\system32\MBR2GPT.EXE 2020-02-14 09:07 - 2020-02-14 09:07 - 000852480 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieproxy.dll 2020-02-14 09:07 - 2020-02-14 09:07 - 000851968 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchIndexer.exe 2020-02-14 09:07 - 2020-02-14 09:07 - 000843776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webplatstorageserver.dll 2020-02-14 09:07 - 2020-02-14 09:07 - 000839680 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll 2020-02-14 09:07 - 2020-02-14 09:07 - 000824848 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupEngine.dll 2020-02-14 09:07 - 2020-02-14 09:07 - 000805376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\clusapi.dll 2020-02-14 09:07 - 2020-02-14 09:07 - 000803840 _____ (Microsoft Corporation) C:\WINDOWS\system32\bisrv.dll 2020-02-14 09:07 - 2020-02-14 09:07 - 000788992 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll 2020-02-14 09:07 - 2020-02-14 09:07 - 000784384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll 2020-02-14 09:07 - 2020-02-14 09:07 - 000783480 _____ (Microsoft Corporation) C:\WINDOWS\system32\tcblaunch.exe 2020-02-14 09:07 - 2020-02-14 09:07 - 000774664 _____ (Microsoft Corporation) C:\WINDOWS\system32\securekernel.exe 2020-02-14 09:07 - 2020-02-14 09:07 - 000768488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rpcrt4.dll 2020-02-14 09:07 - 2020-02-14 09:07 - 000758800 _____ (Microsoft Corporation) C:\WINDOWS\system32\wimgapi.dll 2020-02-14 09:07 - 2020-02-14 09:07 - 000750080 _____ (Microsoft Corporation) C:\WINDOWS\system32\ActivationManager.dll 2020-02-14 09:07 - 2020-02-14 09:07 - 000749568 _____ (Microsoft Corporation) C:\WINDOWS\system32\FrameServer.dll 2020-02-14 09:07 - 2020-02-14 09:07 - 000747320 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll 2020-02-14 09:07 - 2020-02-14 09:07 - 000737280 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.System.Launcher.dll 2020-02-14 09:07 - 2020-02-14 09:07 - 000705536 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9diag.dll 2020-02-14 09:07 - 2020-02-14 09:07 - 000704512 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.FileExplorer.dll 2020-02-14 09:07 - 2020-02-14 09:07 - 000701440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Mirage.Internal.dll 2020-02-14 09:07 - 2020-02-14 09:07 - 000689152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CPFilters.dll 2020-02-14 09:07 - 2020-02-14 09:07 - 000685056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll 2020-02-14 09:07 - 2020-02-14 09:07 - 000679368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wer.dll 2020-02-14 09:07 - 2020-02-14 09:07 - 000678928 _____ (Microsoft Corporation) C:\WINDOWS\system32\StructuredQuery.dll 2020-02-14 09:07 - 2020-02-14 09:07 - 000673080 _____ (Microsoft Corporation) C:\WINDOWS\system32\comctl32.dll 2020-02-14 09:07 - 2020-02-14 09:07 - 000670720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchIndexer.exe 2020-02-14 09:07 - 2020-02-14 09:07 - 000667136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll 2020-02-14 09:07 - 2020-02-14 09:07 - 000667136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\EdgeManager.dll 2020-02-14 09:07 - 2020-02-14 09:07 - 000663552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\netlogon.dll 2020-02-14 09:07 - 2020-02-14 09:07 - 000661816 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\afd.sys 2020-02-14 09:07 - 2020-02-14 09:07 - 000646656 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdpsvc.dll 2020-02-14 09:07 - 2020-02-14 09:07 - 000642008 _____ (Microsoft Corporation) C:\WINDOWS\system32\TextInputFramework.dll 2020-02-14 09:07 - 2020-02-14 09:07 - 000637440 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinapi.dll 2020-02-14 09:07 - 2020-02-14 09:07 - 000629760 _____ (Microsoft Corporation) C:\WINDOWS\system32\ipnathlp.dll 2020-02-14 09:07 - 2020-02-14 09:07 - 000623104 _____ (Microsoft Corporation) C:\WINDOWS\system32\resutils.dll 2020-02-14 09:07 - 2020-02-14 09:07 - 000617784 _____ (Microsoft Corporation) C:\WINDOWS\system32\hal.dll 2020-02-14 09:07 - 2020-02-14 09:07 - 000610816 _____ (Microsoft Corporation) C:\WINDOWS\system32\netprofmsvc.dll 2020-02-14 09:07 - 2020-02-14 09:07 - 000605184 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotification.exe 2020-02-14 09:07 - 2020-02-14 09:07 - 000599552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ActivationManager.dll 2020-02-14 09:07 - 2020-02-14 09:07 - 000598528 _____ (Microsoft Corporation) C:\WINDOWS\system32\webio.dll 2020-02-14 09:07 - 2020-02-14 09:07 - 000597816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wimgapi.dll 2020-02-14 09:07 - 2020-02-14 09:07 - 000587064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupEngine.dll 2020-02-14 09:07 - 2020-02-14 09:07 - 000578560 _____ (Microsoft Corporation) C:\WINDOWS\system32\SppExtComObj.Exe 2020-02-14 09:07 - 2020-02-14 09:07 - 000568120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\comctl32.dll 2020-02-14 09:07 - 2020-02-14 09:07 - 000562176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9diag.dll 2020-02-14 09:07 - 2020-02-14 09:07 - 000558592 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_Notifications.dll 2020-02-14 09:07 - 2020-02-14 09:07 - 000550400 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys 2020-02-14 09:07 - 2020-02-14 09:07 - 000545432 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.MediaControl.dll 2020-02-14 09:07 - 2020-02-14 09:07 - 000542288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\StructuredQuery.dll 2020-02-14 09:07 - 2020-02-14 09:07 - 000537608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mf.dll 2020-02-14 09:07 - 2020-02-14 09:07 - 000535552 _____ (Microsoft Corporation) C:\WINDOWS\system32\usosvc.dll 2020-02-14 09:07 - 2020-02-14 09:07 - 000530432 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppcext.dll 2020-02-14 09:07 - 2020-02-14 09:07 - 000521728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.System.Launcher.dll 2020-02-14 09:07 - 2020-02-14 09:07 - 000518456 _____ (Microsoft Corporation) C:\WINDOWS\system32\WerFault.exe 2020-02-14 09:07 - 2020-02-14 09:07 - 000516648 _____ (Microsoft Corporation) C:\WINDOWS\system32\wimserv.exe 2020-02-14 09:07 - 2020-02-14 09:07 - 000516544 _____ (Microsoft Corporation) C:\WINDOWS\system32\mf.dll 2020-02-14 09:07 - 2020-02-14 09:07 - 000516096 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotificationUx.exe 2020-02-14 09:07 - 2020-02-14 09:07 - 000512000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinapi.dll 2020-02-14 09:07 - 2020-02-14 09:07 - 000510768 _____ (Microsoft Corporation) C:\WINDOWS\system32\systemreset.exe 2020-02-14 09:07 - 2020-02-14 09:07 - 000500736 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl 2020-02-14 09:07 - 2020-02-14 09:07 - 000497152 _____ (Microsoft Corporation) C:\WINDOWS\system32\werui.dll 2020-02-14 09:07 - 2020-02-14 09:07 - 000494080 _____ (Microsoft Corporation) C:\WINDOWS\system32\defragsvc.dll 2020-02-14 09:07 - 2020-02-14 09:07 - 000490496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.FileExplorer.dll 2020-02-14 09:07 - 2020-02-14 09:07 - 000490496 _____ (Microsoft Corporation) C:\WINDOWS\system32\profsvc.dll 2020-02-14 09:07 - 2020-02-14 09:07 - 000486912 _____ (Microsoft Corporation) C:\WINDOWS\system32\puiobj.dll 2020-02-14 09:07 - 2020-02-14 09:07 - 000486400 _____ (Microsoft Corporation) C:\WINDOWS\system32\srcore.dll 2020-02-14 09:07 - 2020-02-14 09:07 - 000477496 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\FWPKCLNT.SYS 2020-02-14 09:07 - 2020-02-14 09:07 - 000476672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\resutils.dll 2020-02-14 09:07 - 2020-02-14 09:07 - 000475648 _____ (Microsoft Corporation) C:\WINDOWS\system32\DscCore.dll 2020-02-14 09:07 - 2020-02-14 09:07 - 000469504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webio.dll 2020-02-14 09:07 - 2020-02-14 09:07 - 000467952 _____ (Microsoft Corporation) C:\WINDOWS\system32\Faultrep.dll 2020-02-14 09:07 - 2020-02-14 09:07 - 000465208 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll 2020-02-14 09:07 - 2020-02-14 09:07 - 000464384 _____ (Microsoft Corporation) C:\WINDOWS\system32\cloudAP.dll 2020-02-14 09:07 - 2020-02-14 09:07 - 000459896 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotifyIcon.exe 2020-02-14 09:07 - 2020-02-14 09:07 - 000453432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WerFault.exe 2020-02-14 09:07 - 2020-02-14 09:07 - 000450560 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpclip.exe 2020-02-14 09:07 - 2020-02-14 09:07 - 000444928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srv.sys 2020-02-14 09:07 - 2020-02-14 09:07 - 000443904 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgeIso.dll 2020-02-14 09:07 - 2020-02-14 09:07 - 000441144 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys 2020-02-14 09:07 - 2020-02-14 09:07 - 000441072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.MediaControl.dll 2020-02-14 09:07 - 2020-02-14 09:07 - 000435200 _____ (Microsoft Corporation) C:\WINDOWS\system32\wincorlib.dll 2020-02-14 09:07 - 2020-02-14 09:07 - 000430080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\werui.dll 2020-02-14 09:07 - 2020-02-14 09:07 - 000422912 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpencom.dll 2020-02-14 09:07 - 2020-02-14 09:07 - 000422008 _____ (Microsoft Corporation) C:\WINDOWS\system32\SgrmEnclave_secure.dll 2020-02-14 09:07 - 2020-02-14 09:07 - 000421376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl 2020-02-14 09:07 - 2020-02-14 09:07 - 000416056 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\Classpnp.sys 2020-02-14 09:07 - 2020-02-14 09:07 - 000407040 _____ (Microsoft Corporation) C:\WINDOWS\system32\DispBroker.Desktop.dll 2020-02-14 09:07 - 2020-02-14 09:07 - 000405632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Faultrep.dll 2020-02-14 09:07 - 2020-02-14 09:07 - 000401408 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchProtocolHost.exe 2020-02-14 09:07 - 2020-02-14 09:07 - 000400696 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\clfs.sys 2020-02-14 09:07 - 2020-02-14 09:07 - 000399360 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll 2020-02-14 09:07 - 2020-02-14 09:07 - 000392192 _____ (Microsoft Corporation) C:\WINDOWS\system32\Search.ProtocolHandler.MAPI2.dll 2020-02-14 09:07 - 2020-02-14 09:07 - 000384000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\puiobj.dll 2020-02-14 09:07 - 2020-02-14 09:07 - 000375504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AUDIOKSE.dll 2020-02-14 09:07 - 2020-02-14 09:07 - 000370688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieproxy.dll 2020-02-14 09:07 - 2020-02-14 09:07 - 000369504 _____ (Microsoft Corporation) C:\WINDOWS\system32\BCP47Langs.dll 2020-02-14 09:07 - 2020-02-14 09:07 - 000368128 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssvp.dll 2020-02-14 09:07 - 2020-02-14 09:07 - 000366416 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsensorgroup.dll 2020-02-14 09:07 - 2020-02-14 09:07 - 000355840 _____ (Microsoft Corporation) C:\WINDOWS\system32\WaaSMedicSvc.dll 2020-02-14 09:07 - 2020-02-14 09:07 - 000353280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rdpencom.dll 2020-02-14 09:07 - 2020-02-14 09:07 - 000350720 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_SpeechPrivacy.dll 2020-02-14 09:07 - 2020-02-14 09:07 - 000345088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll 2020-02-14 09:07 - 2020-02-14 09:07 - 000336384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchProtocolHost.exe 2020-02-14 09:07 - 2020-02-14 09:07 - 000335448 _____ (Microsoft Corporation) C:\WINDOWS\system32\wow64.dll 2020-02-14 09:07 - 2020-02-14 09:07 - 000327680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgeIso.dll 2020-02-14 09:07 - 2020-02-14 09:07 - 000324616 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll 2020-02-14 09:07 - 2020-02-14 09:07 - 000324608 _____ (Microsoft Corporation) C:\WINDOWS\system32\FSClient.dll 2020-02-14 09:07 - 2020-02-14 09:07 - 000324096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32k.sys 2020-02-14 09:07 - 2020-02-14 09:07 - 000324096 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpviewerax.dll 2020-02-14 09:07 - 2020-02-14 09:07 - 000311096 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecurityHealthAgent.dll 2020-02-14 09:07 - 2020-02-14 09:07 - 000309248 _____ (Microsoft Corporation) C:\WINDOWS\system32\tapisrv.dll 2020-02-14 09:07 - 2020-02-14 09:07 - 000308736 _____ (Microsoft Corporation) C:\WINDOWS\system32\msIso.dll 2020-02-14 09:07 - 2020-02-14 09:07 - 000307712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wincorlib.dll 2020-02-14 09:07 - 2020-02-14 09:07 - 000300392 _____ (Microsoft Corporation) C:\WINDOWS\system32\skci.dll 2020-02-14 09:07 - 2020-02-14 09:07 - 000299520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssvp.dll 2020-02-14 09:07 - 2020-02-14 09:07 - 000285184 _____ (Microsoft Corporation) C:\WINDOWS\system32\WaaSMedicCapsule.dll 2020-02-14 09:07 - 2020-02-14 09:07 - 000283136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Search.ProtocolHandler.MAPI2.dll 2020-02-14 09:07 - 2020-02-14 09:07 - 000281088 _____ (Microsoft Corporation) C:\WINDOWS\system32\msutb.dll 2020-02-14 09:07 - 2020-02-14 09:07 - 000277504 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_CapabilityAccess.dll 2020-02-14 09:07 - 2020-02-14 09:07 - 000274464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BCP47Langs.dll 2020-02-14 09:07 - 2020-02-14 09:07 - 000270848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rdpviewerax.dll 2020-02-14 09:07 - 2020-02-14 09:07 - 000268800 _____ (Microsoft Corporation) C:\WINDOWS\system32\rstrui.exe 2020-02-14 09:07 - 2020-02-14 09:07 - 000266752 _____ (Microsoft Corporation) C:\WINDOWS\system32\DAFMCP.dll 2020-02-14 09:07 - 2020-02-14 09:07 - 000265216 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdd.dll 2020-02-14 09:07 - 2020-02-14 09:07 - 000259984 _____ (Microsoft Corporation) C:\WINDOWS\system32\logoncli.dll 2020-02-14 09:07 - 2020-02-14 09:07 - 000256000 _____ (Microsoft Corporation) C:\WINDOWS\system32\UpdateDeploymentProvider.dll 2020-02-14 09:07 - 2020-02-14 09:07 - 000252928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tapisrv.dll 2020-02-14 09:07 - 2020-02-14 09:07 - 000251904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msIso.dll 2020-02-14 09:07 - 2020-02-14 09:07 - 000249344 _____ (Microsoft Corporation) C:\WINDOWS\system32\srrstr.dll 2020-02-14 09:07 - 2020-02-14 09:07 - 000247856 _____ (Microsoft Corporation) C:\WINDOWS\system32\weretw.dll 2020-02-14 09:07 - 2020-02-14 09:07 - 000240640 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchFilterHost.exe 2020-02-14 09:07 - 2020-02-14 09:07 - 000228864 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe 2020-02-14 09:07 - 2020-02-14 09:07 - 000227840 _____ (Microsoft Corporation) C:\WINDOWS\system32\IndexedDbLegacy.dll 2020-02-14 09:07 - 2020-02-14 09:07 - 000226816 _____ (Microsoft Corporation) C:\WINDOWS\system32\netprofm.dll 2020-02-14 09:07 - 2020-02-14 09:07 - 000225792 _____ (Microsoft Corporation) C:\WINDOWS\system32\wersvc.dll 2020-02-14 09:07 - 2020-02-14 09:07 - 000224768 _____ (Microsoft Corporation) C:\WINDOWS\system32\DWWIN.EXE 2020-02-14 09:07 - 2020-02-14 09:07 - 000222208 _____ (Microsoft Corporation) C:\WINDOWS\system32\Winlangdb.dll 2020-02-14 09:07 - 2020-02-14 09:07 - 000220984 _____ (Microsoft Corporation) C:\WINDOWS\system32\wermgr.exe 2020-02-14 09:07 - 2020-02-14 09:07 - 000217600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msutb.dll 2020-02-14 09:07 - 2020-02-14 09:07 - 000214528 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdsdwmdr.dll 2020-02-14 09:07 - 2020-02-14 09:07 - 000211968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchFilterHost.exe 2020-02-14 09:07 - 2020-02-14 09:07 - 000210744 _____ (Microsoft Corporation) C:\WINDOWS\system32\tcbloader.dll 2020-02-14 09:07 - 2020-02-14 09:07 - 000209920 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhosdeployment.dll 2020-02-14 09:07 - 2020-02-14 09:07 - 000204800 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssph.dll 2020-02-14 09:07 - 2020-02-14 09:07 - 000203776 _____ (Microsoft Corporation) C:\WINDOWS\system32\regapi.dll 2020-02-14 09:07 - 2020-02-14 09:07 - 000201728 _____ (Microsoft Corporation) C:\WINDOWS\system32\puiapi.dll 2020-02-14 09:07 - 2020-02-14 09:07 - 000201728 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXApplicabilityBlob.dll 2020-02-14 09:07 - 2020-02-14 09:07 - 000199480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wermgr.exe 2020-02-14 09:07 - 2020-02-14 09:07 - 000197632 _____ (Microsoft Corporation) C:\WINDOWS\system32\Win32CompatibilityAppraiserCSP.dll 2020-02-14 09:07 - 2020-02-14 09:07 - 000194560 _____ (Microsoft Corporation) C:\WINDOWS\system32\recdisc.exe 2020-02-14 09:07 - 2020-02-14 09:07 - 000193800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\weretw.dll 2020-02-14 09:07 - 2020-02-14 09:07 - 000190464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\regapi.dll 2020-02-14 09:07 - 2020-02-14 09:07 - 000190256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\logoncli.dll 2020-02-14 09:07 - 2020-02-14 09:07 - 000186880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DWWIN.EXE 2020-02-14 09:07 - 2020-02-14 09:07 - 000186880 _____ (Microsoft Corp.) C:\WINDOWS\system32\Defrag.exe 2020-02-14 09:07 - 2020-02-14 09:07 - 000186672 _____ (Microsoft Corporation) C:\WINDOWS\system32\BCP47mrm.dll 2020-02-14 09:07 - 2020-02-14 09:07 - 000183808 _____ (Microsoft Corporation) C:\WINDOWS\system32\ResetEngOnline.dll 2020-02-14 09:07 - 2020-02-14 09:07 - 000179720 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecpkg.sys 2020-02-14 09:07 - 2020-02-14 09:07 - 000175616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\IndexedDbLegacy.dll 2020-02-14 09:07 - 2020-02-14 09:07 - 000172032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\puiapi.dll 2020-02-14 09:07 - 2020-02-14 09:07 - 000165832 _____ (Microsoft Corporation) C:\WINDOWS\system32\WerFaultSecure.exe 2020-02-14 09:07 - 2020-02-14 09:07 - 000160768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssph.dll 2020-02-14 09:07 - 2020-02-14 09:07 - 000158208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Winlangdb.dll 2020-02-14 09:07 - 2020-02-14 09:07 - 000157696 _____ (Microsoft Corporation) C:\WINDOWS\system32\dssvc.dll 2020-02-14 09:07 - 2020-02-14 09:07 - 000155648 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_AppExecutionAlias.dll 2020-02-14 09:07 - 2020-02-14 09:07 - 000155136 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll 2020-02-14 09:07 - 2020-02-14 09:07 - 000152064 _____ (Microsoft Corporation) C:\WINDOWS\system32\fdWSD.dll 2020-02-14 09:07 - 2020-02-14 09:07 - 000151552 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_BackgroundApps.dll 2020-02-14 09:07 - 2020-02-14 09:07 - 000150536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WerFaultSecure.exe 2020-02-14 09:07 - 2020-02-14 09:07 - 000149504 _____ (Microsoft Corporation) C:\WINDOWS\system32\sdrsvc.dll 2020-02-14 09:07 - 2020-02-14 09:07 - 000147456 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssprxy.dll 2020-02-14 09:07 - 2020-02-14 09:07 - 000143872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SpatialAudioLicenseSrv.exe 2020-02-14 09:07 - 2020-02-14 09:07 - 000143160 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupApi.dll 2020-02-14 09:07 - 2020-02-14 09:07 - 000139776 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakrathunk.dll 2020-02-14 09:07 - 2020-02-14 09:07 - 000138752 _____ (Microsoft Corporation) C:\WINDOWS\system32\InputLocaleManager.dll 2020-02-14 09:07 - 2020-02-14 09:07 - 000135168 _____ (Microsoft Corporation) C:\WINDOWS\system32\musdialoghandlers.dll 2020-02-14 09:07 - 2020-02-14 09:07 - 000133464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BCP47mrm.dll 2020-02-14 09:07 - 2020-02-14 09:07 - 000132624 _____ (Microsoft Corporation) C:\WINDOWS\system32\offlinelsa.dll 2020-02-14 09:07 - 2020-02-14 09:07 - 000130560 _____ (Microsoft Corporation) C:\WINDOWS\system32\globinputhost.dll 2020-02-14 09:07 - 2020-02-14 09:07 - 000128512 _____ (Microsoft Corporation) C:\WINDOWS\system32\usoapi.dll 2020-02-14 09:07 - 2020-02-14 09:07 - 000128512 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssitlb.dll 2020-02-14 09:07 - 2020-02-14 09:07 - 000127280 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32u.dll 2020-02-14 09:07 - 2020-02-14 09:07 - 000126976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fdWSD.dll 2020-02-14 09:07 - 2020-02-14 09:07 - 000125440 _____ (Microsoft Corporation) C:\WINDOWS\system32\sdshext.dll 2020-02-14 09:07 - 2020-02-14 09:07 - 000123392 _____ (Microsoft Corporation) C:\WINDOWS\system32\wercplsupport.dll 2020-02-14 09:07 - 2020-02-14 09:07 - 000119808 _____ (Microsoft Corporation) C:\WINDOWS\system32\DafPrintProvider.dll 2020-02-14 09:07 - 2020-02-14 09:07 - 000119296 _____ (Microsoft Corporation) C:\WINDOWS\system32\compstui.dll 2020-02-14 09:07 - 2020-02-14 09:07 - 000117264 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bindflt.sys 2020-02-14 09:07 - 2020-02-14 09:07 - 000117248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakradiag.dll 2020-02-14 09:07 - 2020-02-14 09:07 - 000113152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssitlb.dll 2020-02-14 09:07 - 2020-02-14 09:07 - 000112128 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetDriverInstall.dll 2020-02-14 09:07 - 2020-02-14 09:07 - 000108544 _____ (Microsoft Corporation) C:\WINDOWS\system32\fdSSDP.dll 2020-02-14 09:07 - 2020-02-14 09:07 - 000107832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupApi.dll 2020-02-14 09:07 - 2020-02-14 09:07 - 000107008 _____ (Microsoft Corporation) C:\WINDOWS\system32\DevicePairingExperienceMEM.dll 2020-02-14 09:07 - 2020-02-14 09:07 - 000106808 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecurityHealthProxyStub.dll 2020-02-14 09:07 - 2020-02-14 09:07 - 000105984 _____ (Microsoft Corporation) C:\WINDOWS\system32\utcutil.dll 2020-02-14 09:07 - 2020-02-14 09:07 - 000105472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakrathunk.dll 2020-02-14 09:07 - 2020-02-14 09:07 - 000105472 _____ (Microsoft Corporation) C:\WINDOWS\system32\dfrgui.exe 2020-02-14 09:07 - 2020-02-14 09:07 - 000099712 _____ (Microsoft Corporation) C:\WINDOWS\system32\FsIso.exe 2020-02-14 09:07 - 2020-02-14 09:07 - 000097280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\compstui.dll 2020-02-14 09:07 - 2020-02-14 09:07 - 000097080 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpudd.dll 2020-02-14 09:07 - 2020-02-14 09:07 - 000096768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\globinputhost.dll 2020-02-14 09:07 - 2020-02-14 09:07 - 000095232 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeedsbs.dll 2020-02-14 09:07 - 2020-02-14 09:07 - 000093496 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvloader.dll 2020-02-14 09:07 - 2020-02-14 09:07 - 000092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\wsqmcons.exe 2020-02-14 09:07 - 2020-02-14 09:07 - 000090624 _____ (Microsoft Corporation) C:\WINDOWS\system32\tsgqec.dll 2020-02-14 09:07 - 2020-02-14 09:07 - 000090624 _____ (Microsoft Corporation) C:\WINDOWS\system32\keyiso.dll 2020-02-14 09:07 - 2020-02-14 09:07 - 000089600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dfrgui.exe 2020-02-14 09:07 - 2020-02-14 09:07 - 000089328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32u.dll 2020-02-14 09:07 - 2020-02-14 09:07 - 000089088 _____ (Microsoft Corporation) C:\WINDOWS\system32\WaaSMedicAgent.exe 2020-02-14 09:07 - 2020-02-14 09:07 - 000088576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fdSSDP.dll 2020-02-14 09:07 - 2020-02-14 09:07 - 000088576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DafPrintProvider.dll 2020-02-14 09:07 - 2020-02-14 09:07 - 000087040 _____ (Microsoft Corporation) C:\WINDOWS\system32\EditBufferTestHook.dll 2020-02-14 09:07 - 2020-02-14 09:07 - 000084992 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecurityHealthSystray.exe 2020-02-14 09:07 - 2020-02-14 09:07 - 000084496 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hvservice.sys 2020-02-14 09:07 - 2020-02-14 09:07 - 000080896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetDriverInstall.dll 2020-02-14 09:07 - 2020-02-14 09:07 - 000079872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeedsbs.dll 2020-02-14 09:07 - 2020-02-14 09:07 - 000077824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\usoapi.dll 2020-02-14 09:07 - 2020-02-14 09:07 - 000077824 _____ (Microsoft Corporation) C:\WINDOWS\system32\CustomInstallExec.exe 2020-02-14 09:07 - 2020-02-14 09:07 - 000072816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\remoteaudioendpoint.dll 2020-02-14 09:07 - 2020-02-14 09:07 - 000071480 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32appinventorycsp.dll 2020-02-14 09:07 - 2020-02-14 09:07 - 000070144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tsgqec.dll 2020-02-14 09:07 - 2020-02-14 09:07 - 000069120 _____ (Microsoft Corporation) C:\WINDOWS\system32\UsoClient.exe 2020-02-14 09:07 - 2020-02-14 09:07 - 000066560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\keyiso.dll 2020-02-14 09:07 - 2020-02-14 09:07 - 000066560 _____ (Microsoft Corporation) C:\WINDOWS\system32\findnetprinters.dll 2020-02-14 09:07 - 2020-02-14 09:07 - 000065536 _____ (Microsoft Corporation) C:\WINDOWS\system32\iemigplugin.dll 2020-02-14 09:07 - 2020-02-14 09:07 - 000064000 _____ (Microsoft Corporation) C:\WINDOWS\system32\printui.exe 2020-02-14 09:07 - 2020-02-14 09:07 - 000063488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iemigplugin.dll 2020-02-14 09:07 - 2020-02-14 09:07 - 000063488 _____ (Microsoft Corporation) C:\WINDOWS\system32\rtutils.dll 2020-02-14 09:07 - 2020-02-14 09:07 - 000063288 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecurityHealthHost.exe 2020-02-14 09:07 - 2020-02-14 09:07 - 000062464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\printui.exe 2020-02-14 09:07 - 2020-02-14 09:07 - 000060416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssprxy.dll 2020-02-14 09:07 - 2020-02-14 09:07 - 000060416 _____ (Microsoft Corporation) C:\WINDOWS\system32\msscntrs.dll 2020-02-14 09:07 - 2020-02-14 09:07 - 000059392 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserLanguageProfileCallback.dll 2020-02-14 09:07 - 2020-02-14 09:07 - 000059221 _____ C:\WINDOWS\system32\srms.dat 2020-02-14 09:07 - 2020-02-14 09:07 - 000058880 _____ C:\WINDOWS\system32\runexehelper.exe 2020-02-14 09:07 - 2020-02-14 09:07 - 000057856 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups2.dll 2020-02-14 09:07 - 2020-02-14 09:07 - 000057856 _____ (Microsoft Corporation) C:\WINDOWS\system32\SrTasks.exe 2020-02-14 09:07 - 2020-02-14 09:07 - 000053248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\findnetprinters.dll 2020-02-14 09:07 - 2020-02-14 09:07 - 000052736 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rtutils.dll 2020-02-14 09:07 - 2020-02-14 09:07 - 000047208 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe 2020-02-14 09:07 - 2020-02-14 09:07 - 000046592 _____ (Microsoft Corporation) C:\WINDOWS\system32\Websocket.dll 2020-02-14 09:07 - 2020-02-14 09:07 - 000046080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msscntrs.dll 2020-02-14 09:07 - 2020-02-14 09:07 - 000045056 _____ (Microsoft Corporation) C:\WINDOWS\system32\npmproxy.dll 2020-02-14 09:07 - 2020-02-14 09:07 - 000044544 _____ (Microsoft Corporation) C:\WINDOWS\system32\werdiagcontroller.dll 2020-02-14 09:07 - 2020-02-14 09:07 - 000044032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserLanguageProfileCallback.dll 2020-02-14 09:07 - 2020-02-14 09:07 - 000042512 _____ (Microsoft Corporation) C:\WINDOWS\system32\SysResetErr.exe 2020-02-14 09:07 - 2020-02-14 09:07 - 000041472 _____ (Microsoft Corporation) C:\WINDOWS\system32\WordBreakers.dll 2020-02-14 09:07 - 2020-02-14 09:07 - 000038912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\werdiagcontroller.dll 2020-02-14 09:07 - 2020-02-14 09:07 - 000038400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mcicda.dll 2020-02-14 09:07 - 2020-02-14 09:07 - 000037392 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wimmount.sys 2020-02-14 09:07 - 2020-02-14 09:07 - 000036864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Websocket.dll 2020-02-14 09:07 - 2020-02-14 09:07 - 000032056 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rdpvideominiport.sys 2020-02-14 09:07 - 2020-02-14 09:07 - 000029696 _____ (Microsoft Corporation) C:\WINDOWS\system32\nlmproxy.dll 2020-02-14 09:07 - 2020-02-14 09:07 - 000028672 _____ (Microsoft Corporation) C:\WINDOWS\system32\WaaSMedicPS.dll 2020-02-14 09:07 - 2020-02-14 09:07 - 000027648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mciwave.dll 2020-02-14 09:07 - 2020-02-14 09:07 - 000026112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msimsg.dll 2020-02-14 09:07 - 2020-02-14 09:07 - 000026112 _____ (Microsoft Corporation) C:\WINDOWS\system32\msimsg.dll 2020-02-14 09:07 - 2020-02-14 09:07 - 000024064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mciseq.dll 2020-02-14 09:07 - 2020-02-14 09:07 - 000021520 _____ (Microsoft Corporation) C:\WINDOWS\system32\kdhvcom.dll 2020-02-14 09:07 - 2020-02-14 09:07 - 000020944 _____ (Microsoft Corporation) C:\WINDOWS\system32\wow64cpu.dll 2020-02-14 09:07 - 2020-02-14 09:07 - 000019768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ResetEngine.exe 2020-02-14 09:07 - 2020-02-14 09:07 - 000017920 _____ (Microsoft Corporation) C:\WINDOWS\system32\icsunattend.exe 2020-02-14 09:07 - 2020-02-14 09:07 - 000017920 _____ (Microsoft Corporation) C:\WINDOWS\system32\bindflt.dll 2020-02-14 09:07 - 2020-02-14 09:07 - 000017408 _____ (Microsoft Corporation) C:\WINDOWS\system32\nlmsprep.dll 2020-02-14 09:07 - 2020-02-14 09:07 - 000015360 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeedssync.exe 2020-02-14 09:07 - 2020-02-14 09:07 - 000013824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeedssync.exe 2020-02-14 09:07 - 2020-02-14 09:07 - 000013312 _____ (Microsoft Corporation) C:\WINDOWS\system32\dstokenclean.exe 2020-02-14 09:07 - 2020-02-14 09:07 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth9.bin 2020-02-14 09:07 - 2020-02-14 09:07 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth8.bin 2020-02-14 09:07 - 2020-02-14 09:07 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth7.bin 2020-02-14 09:07 - 2020-02-14 09:07 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth6.bin 2020-02-14 09:07 - 2020-02-14 09:07 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth5.bin 2020-02-14 09:07 - 2020-02-14 09:07 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth4.bin 2020-02-14 09:07 - 2020-02-14 09:07 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth3.bin 2020-02-14 09:07 - 2020-02-14 09:07 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth2.bin 2020-02-14 09:07 - 2020-02-14 09:07 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth12.bin 2020-02-14 09:07 - 2020-02-14 09:07 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth11.bin 2020-02-14 09:07 - 2020-02-14 09:07 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth10.bin 2020-02-14 09:07 - 2020-02-14 09:07 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth1.bin 2020-02-14 09:06 - 2020-02-14 09:07 - 017787904 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll 2020-02-14 09:06 - 2020-02-14 09:06 - 006231200 _____ (Microsoft Corporation) C:\WINDOWS\system32\StartTileData.dll 2020-02-14 09:06 - 2020-02-14 09:06 - 004615376 _____ (Microsoft Corporation) C:\WINDOWS\explorer.exe 2020-02-14 09:06 - 2020-02-14 09:06 - 002125904 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEng.dll 2020-02-14 09:06 - 2020-02-14 09:06 - 001942016 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll 2020-02-14 09:06 - 2020-02-14 09:06 - 001413912 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSes.dll 2020-02-14 09:06 - 2020-02-14 09:06 - 001084216 _____ (Microsoft Corporation) C:\WINDOWS\system32\ReAgent.dll 2020-02-14 09:06 - 2020-02-14 09:06 - 000804872 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vhdmp.sys 2020-02-14 09:06 - 2020-02-14 09:06 - 000782848 _____ (Microsoft Corporation) C:\WINDOWS\system32\wifinetworkmanager.dll 2020-02-14 09:06 - 2020-02-14 09:06 - 000735744 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll 2020-02-14 09:06 - 2020-02-14 09:06 - 000732200 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_StorageSense.dll 2020-02-14 09:06 - 2020-02-14 09:06 - 000727040 _____ (Microsoft Corporation) C:\WINDOWS\system32\agentactivationruntime.dll 2020-02-14 09:06 - 2020-02-14 09:06 - 000716288 _____ (Microsoft Corporation) C:\WINDOWS\system32\agentactivationruntimewindows.dll 2020-02-14 09:06 - 2020-02-14 09:06 - 000637968 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\storport.sys 2020-02-14 09:06 - 2020-02-14 09:06 - 000589592 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiodg.exe 2020-02-14 09:06 - 2020-02-14 09:06 - 000456192 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.ConversationalAgent.dll 2020-02-14 09:06 - 2020-02-14 09:06 - 000437776 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pci.sys 2020-02-14 09:06 - 2020-02-14 09:06 - 000415808 _____ (Microsoft Corporation) C:\WINDOWS\system32\AUDIOKSE.dll 2020-02-14 09:06 - 2020-02-14 09:06 - 000296760 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sdbus.sys 2020-02-14 09:06 - 2020-02-14 09:06 - 000291328 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceDirectoryClient.dll 2020-02-14 09:06 - 2020-02-14 09:06 - 000282112 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.AppDefaults.dll 2020-02-14 09:06 - 2020-02-14 09:06 - 000250880 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\winnat.sys 2020-02-14 09:06 - 2020-02-14 09:06 - 000194064 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dumpsd.sys 2020-02-14 09:06 - 2020-02-14 09:06 - 000184832 _____ (Microsoft Corporation) C:\WINDOWS\system32\AarSvc.dll 2020-02-14 09:06 - 2020-02-14 09:06 - 000169472 _____ (Microsoft Corporation) C:\WINDOWS\system32\SpatialAudioLicenseSrv.exe 2020-02-14 09:06 - 2020-02-14 09:06 - 000128528 _____ (Microsoft Corporation) C:\WINDOWS\system32\wifitask.exe 2020-02-14 09:06 - 2020-02-14 09:06 - 000123904 _____ (Microsoft Corporation) C:\WINDOWS\system32\ApplicationControlCSP.dll 2020-02-14 09:06 - 2020-02-14 09:06 - 000089912 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\volmgr.sys 2020-02-14 09:06 - 2020-02-14 09:06 - 000088352 _____ (Microsoft Corporation) C:\WINDOWS\system32\remoteaudioendpoint.dll 2020-02-14 09:06 - 2020-02-14 09:06 - 000057344 _____ (Microsoft Corporation) C:\WINDOWS\system32\audioresourceregistrar.dll 2020-02-14 09:06 - 2020-02-14 09:06 - 000048640 _____ (Microsoft Corporation) C:\WINDOWS\system32\mcicda.dll 2020-02-14 09:06 - 2020-02-14 09:06 - 000034304 _____ (Microsoft Corporation) C:\WINDOWS\system32\mciwave.dll 2020-02-14 09:06 - 2020-02-14 09:06 - 000030208 _____ (Microsoft Corporation) C:\WINDOWS\system32\mciseq.dll 2020-02-14 09:00 - 2020-02-14 09:01 - 000492544 _____ (Microsoft Corporation) C:\WINDOWS\system32\poqexec.exe 2020-02-14 09:00 - 2020-02-14 09:01 - 000390656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\poqexec.exe 2020-02-13 21:51 - 2020-02-21 21:11 - 000000000 ____D C:\WINDOWS\system32\Tasks\Norton Security 2020-02-13 21:46 - 2020-02-14 09:12 - 000000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Security 2020-02-13 21:46 - 2020-02-13 21:46 - 000003376 _____ C:\WINDOWS\system32\Tasks\Norton WSC Integration 2020-02-13 21:44 - 2020-02-14 09:02 - 000000000 ____D C:\Users\User\AppData\Local\SaraResults 2020-02-13 21:34 - 2020-02-13 21:34 - 000000000 ____D C:\Users\User\AppData\Local\SaRALogs 2020-02-13 21:33 - 2020-02-13 21:34 - 000000000 ____D C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft Corporation 2020-02-13 21:33 - 2020-02-13 21:33 - 000000520 _____ C:\Users\User\Desktop\Support- und Wiederherstellungs-Assistent von Microsoft.appref-ms 2020-02-13 21:32 - 2020-02-14 09:02 - 000000000 ____D C:\Users\User\AppData\Local\Deployment 2020-02-12 11:34 - 2020-02-12 12:39 - 000000128 _____ C:\Users\User\AppData\Local\PUTTY.RND 2020-02-12 11:26 - 2020-02-17 21:02 - 000000000 ____D C:\Users\User\AppData\Roaming\FileZilla 2020-02-12 11:26 - 2020-02-12 12:38 - 000000000 ____D C:\Users\User\AppData\Local\FileZilla 2020-02-12 11:25 - 2020-02-12 11:25 - 000001004 _____ C:\Users\Public\Desktop\FileZilla Client.lnk 2020-02-12 11:25 - 2020-02-12 11:25 - 000001004 _____ C:\ProgramData\Desktop\FileZilla Client.lnk 2020-02-12 11:25 - 2020-02-12 11:25 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FileZilla FTP Client 2020-02-05 16:10 - 2020-02-05 16:10 - 000001347 _____ C:\Users\User\Desktop\Windows Media Player.lnk 2020-02-05 12:50 - 2020-02-05 12:50 - 000000681 _____ C:\Users\User\Desktop\Ableton Live 10 Lite.lnk 2020-02-03 12:31 - 2020-02-04 13:51 - 000000000 ____D C:\Users\User\Documents\Ableton 2020-02-03 12:31 - 2020-02-03 12:31 - 000000000 ____D C:\Users\User\AppData\Roaming\Ableton 2020-02-03 12:31 - 2020-02-03 12:31 - 000000000 ____D C:\Users\User\AppData\Local\Ableton 2020-02-03 12:26 - 2020-02-03 12:27 - 000000306 __RSH C:\ProgramData\ntuser.pol 2020-02-03 12:26 - 2020-02-03 12:26 - 000000000 ____D C:\Program Files\Common Files\Propellerhead Software 2020-02-03 12:19 - 2020-02-03 12:19 - 000000681 _____ C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Ableton Live 10 Lite.lnk 2020-02-02 20:08 - 2020-02-04 20:04 - 000009874 _____ C:\ProgramData\DisplaySessionContainer8.log_backup1 2020-01-31 18:06 - 2020-02-12 22:12 - 000011034 _____ C:\ProgramData\DisplaySessionContainer7.log_backup1 2020-01-30 22:27 - 2020-02-11 23:32 - 000009861 _____ C:\ProgramData\DisplaySessionContainer6.log_backup1 2020-01-30 18:05 - 2020-02-10 20:59 - 000009555 _____ C:\ProgramData\DisplaySessionContainer5.log_backup1 2020-01-29 22:09 - 2020-02-09 21:22 - 000004541 _____ C:\ProgramData\DisplaySessionContainer4.log_backup1 2020-01-29 15:50 - 2020-02-20 17:36 - 000005709 _____ C:\ProgramData\DisplaySessionContainer3.log_backup1 2020-01-24 16:09 - 2020-01-24 16:09 - 000000000 ____D C:\Users\User\Documents\CyberLink 2020-01-24 15:50 - 2020-01-24 15:50 - 000000686 _____ C:\Users\Public\Desktop\WAV To MP3.lnk 2020-01-24 15:50 - 2020-01-24 15:50 - 000000686 _____ C:\ProgramData\Desktop\WAV To MP3.lnk 2020-01-24 15:50 - 2020-01-24 15:50 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WAV To MP3 2020-01-24 14:40 - 2020-01-24 14:40 - 000000000 ____H C:\WINDOWS\system32\Drivers\Msft_User_WpdMtpDr_01_11_00.Wdf 2020-01-24 09:40 - 2020-01-24 09:40 - 000000000 ____D C:\Users\User\Desktop\Alle Aufgaben.{ED7BA470-8E54-465E-825C-99712043E01C} 2020-01-24 09:32 - 2020-01-24 09:32 - 000908566 _____ C:\Users\User\Desktop\2016-04_leitfaden_win10.pdf 2020-01-22 20:53 - 2020-02-20 17:23 - 000021879 _____ C:\ProgramData\DisplaySessionContainer2.log_backup1 2020-01-22 12:54 - 2020-02-14 09:10 - 120407888 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe 2020-01-22 12:54 - 2020-02-14 09:10 - 000000000 ____D C:\WINDOWS\system32\MRT 2020-01-22 08:50 - 2019-03-18 15:20 - 005739008 _____ (Microsoft Corporation) C:\WINDOWS\system32\prm0009.dll 2020-01-22 08:50 - 2019-03-18 15:19 - 002629120 _____ (Microsoft Corporation) C:\WINDOWS\system32\NlsLexicons0009.dll 2020-01-22 08:50 - 2019-03-18 15:07 - 006359552 _____ (Microsoft Corporation) C:\WINDOWS\system32\NlsData0009.dll 2020-01-22 08:50 - 2019-03-18 15:01 - 005496832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NlsData0009.dll ==================== Ein Monat (geänderte) ================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.) 2020-02-21 21:14 - 2020-01-20 12:46 - 001930008 _____ C:\WINDOWS\system32\PerfStringBackup.INI 2020-02-21 21:14 - 2019-03-19 13:16 - 000821532 _____ C:\WINDOWS\system32\perfh007.dat 2020-02-21 21:14 - 2019-03-19 13:16 - 000183268 _____ C:\WINDOWS\system32\perfc007.dat 2020-02-21 21:14 - 2019-03-19 05:50 - 000000000 ____D C:\WINDOWS\INF 2020-02-21 21:08 - 2019-03-19 05:52 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft 2020-02-21 21:06 - 2020-01-20 12:50 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT 2020-02-21 21:06 - 2019-03-19 05:37 - 000032768 _____ C:\WINDOWS\system32\config\ELAM 2020-02-21 21:05 - 2019-03-19 05:37 - 000786432 _____ C:\WINDOWS\system32\config\BBI 2020-02-21 20:58 - 2020-01-20 17:41 - 000114588 _____ C:\ProgramData\NVDisplayContainerWatchdog.log_backup1 2020-02-21 20:58 - 2020-01-20 17:41 - 000017479 _____ C:\ProgramData\NVDisplay.ContainerLocalSystem.log_backup1 2020-02-21 20:57 - 2019-03-19 05:52 - 000000000 ____D C:\WINDOWS\AppReadiness 2020-02-21 20:46 - 2020-01-20 17:41 - 000009910 _____ C:\ProgramData\DisplaySessionContainer1.log_backup1 2020-02-21 20:46 - 2016-11-23 11:29 - 000000000 ____D C:\Users\User\AppData\LocalLow\Mozilla 2020-02-21 20:45 - 2016-03-12 14:43 - 000000000 ____D C:\WINDOWS\pss 2020-02-21 20:38 - 2020-01-20 11:28 - 000000000 ___DC C:\WINDOWS\Panther 2020-02-21 20:14 - 2020-01-20 12:35 - 000000000 ____D C:\WINDOWS\system32\SleepStudy 2020-02-21 17:13 - 2019-03-19 05:52 - 000000000 ___HD C:\WINDOWS\ELAMBKUP 2020-02-21 17:12 - 2020-01-20 10:46 - 000000000 ____D C:\ProgramData\AVAST Software 2020-02-21 17:11 - 2013-04-10 20:18 - 000000000 ____D C:\ProgramData\McAfee 2020-02-21 11:47 - 2013-01-03 20:44 - 000000000 ____D C:\Users\User\AppData\Roaming\vlc 2020-02-21 08:46 - 2013-01-05 13:22 - 000000000 ____D C:\Users\User\AppData\Local\CrashDumps 2020-02-20 23:11 - 2019-03-19 05:52 - 000000000 ___HD C:\Program Files\WindowsApps 2020-02-20 17:33 - 2020-01-20 13:20 - 000000000 __RHD C:\Users\Public\AccountPictures 2020-02-20 17:24 - 2013-01-05 13:38 - 000000000 ____D C:\Program Files (x86)\Mozilla Firefox 2020-02-20 17:24 - 2013-01-03 10:46 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service 2020-02-20 16:45 - 2013-01-03 10:46 - 000001165 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk 2020-02-15 19:13 - 2020-01-20 12:35 - 000977184 _____ C:\WINDOWS\system32\FNTCACHE.DAT 2020-02-15 16:39 - 2019-03-19 05:52 - 000000000 ____D C:\Program Files\Common Files\microsoft shared 2020-02-15 16:27 - 2009-07-14 03:34 - 000000499 _____ C:\WINDOWS\win.ini 2020-02-15 16:25 - 2019-03-19 05:37 - 000000000 ____D C:\WINDOWS\CbsTemp 2020-02-14 16:33 - 2015-11-12 20:11 - 000001679 _____ C:\Users\Public\Desktop\Pinnacle MyDVD.lnk 2020-02-14 16:33 - 2015-11-12 20:11 - 000001679 _____ C:\ProgramData\Desktop\Pinnacle MyDVD.lnk 2020-02-14 16:33 - 2015-01-31 15:13 - 000000000 ____D C:\ProgramData\APN 2020-02-14 16:33 - 2013-09-14 10:12 - 000000000 ____D C:\ProgramData\Uniblue 2020-02-14 16:13 - 2013-01-03 20:27 - 000000000 ____D C:\ProgramData\Norton 2020-02-14 16:12 - 2017-02-10 15:50 - 000001425 _____ C:\Users\User\Desktop\Norton Installation Files.lnk 2020-02-14 16:12 - 2013-03-24 16:12 - 000000000 ____D C:\Users\Public\Downloads\Norton 2020-02-14 13:53 - 2020-01-20 15:20 - 000000000 ____D C:\Users\User\AppData\Local\D3DSCache 2020-02-14 13:49 - 2019-03-19 05:52 - 000000000 ____D C:\WINDOWS\LiveKernelReports 2020-02-14 09:50 - 2015-07-18 11:24 - 000000000 ____D C:\Program Files\Common Files\AV 2020-02-14 09:18 - 2016-03-04 15:43 - 000000000 ____D C:\Program Files (x86)\Microsoft SQL Server 2020-02-14 09:18 - 2011-04-12 08:54 - 000000000 ____D C:\WINDOWS\ShellNew 2020-02-14 09:16 - 2019-03-19 05:52 - 000000000 ____D C:\Program Files\Common Files\System 2020-02-14 09:12 - 2020-01-20 19:10 - 000002374 _____ C:\Users\Public\Desktop\Norton Security.lnk 2020-02-14 09:12 - 2020-01-20 19:10 - 000002374 _____ C:\ProgramData\Desktop\Norton Security.lnk 2020-02-14 09:12 - 2020-01-20 13:43 - 000000000 ___RD C:\Users\User\3D Objects 2020-02-14 09:11 - 2019-03-19 05:52 - 000000000 ___RD C:\WINDOWS\PrintDialog 2020-02-14 09:11 - 2019-03-19 05:52 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel 2020-02-14 09:11 - 2019-03-19 05:52 - 000000000 ____D C:\WINDOWS\SysWOW64\oobe 2020-02-14 09:11 - 2019-03-19 05:52 - 000000000 ____D C:\WINDOWS\SysWOW64\Dism 2020-02-14 09:11 - 2019-03-19 05:52 - 000000000 ____D C:\WINDOWS\SystemResources 2020-02-14 09:11 - 2019-03-19 05:52 - 000000000 ____D C:\WINDOWS\system32\WinBioPlugIns 2020-02-14 09:11 - 2019-03-19 05:52 - 000000000 ____D C:\WINDOWS\system32\SystemResetPlatform 2020-02-14 09:11 - 2019-03-19 05:52 - 000000000 ____D C:\WINDOWS\system32\PerceptionSimulation 2020-02-14 09:11 - 2019-03-19 05:52 - 000000000 ____D C:\WINDOWS\system32\oobe 2020-02-14 09:11 - 2019-03-19 05:52 - 000000000 ____D C:\WINDOWS\system32\Dism 2020-02-14 09:11 - 2019-03-19 05:52 - 000000000 ____D C:\WINDOWS\ShellExperiences 2020-02-14 09:11 - 2019-03-19 05:52 - 000000000 ____D C:\WINDOWS\bcastdvr 2020-02-14 09:11 - 2019-03-19 05:37 - 000000000 ____D C:\WINDOWS\servicing 2020-02-14 09:07 - 2013-02-06 22:24 - 000000000 ____D C:\Users\User\AppData\Local\ElevatedDiagnostics 2020-02-13 21:54 - 2013-01-05 15:41 - 000000000 ____D C:\Program Files (x86)\Microsoft Works 2020-02-13 21:46 - 2020-01-20 19:06 - 000000000 ____D C:\WINDOWS\system32\Drivers\NGCx64 2020-02-12 21:59 - 2015-05-01 12:22 - 000002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk 2020-02-12 15:52 - 2015-02-01 16:08 - 000000000 ____D C:\Users\User\Documents\OneNote-Notizbücher 2020-02-11 18:11 - 2013-02-06 22:22 - 000000432 _____ C:\WINDOWS\BRWMARK.INI 2020-02-11 17:57 - 2020-01-20 12:50 - 000004624 _____ C:\WINDOWS\system32\Tasks\Adobe Flash Player NPAPI Notifier 2020-02-11 17:57 - 2019-03-19 05:52 - 000000000 ____D C:\WINDOWS\SysWOW64\Macromed 2020-02-11 17:57 - 2019-03-19 05:52 - 000000000 ____D C:\WINDOWS\system32\Macromed 2020-02-08 18:33 - 2020-01-20 13:43 - 000000000 ____D C:\Users\User\AppData\Local\Packages 2020-02-06 21:33 - 2020-01-20 18:14 - 000000000 ____D C:\Users\User\AppData\Local\PlaceholderTileLogoFolder 2020-02-06 18:34 - 2014-11-16 23:01 - 000000000 ___RD C:\Users\User\Documents\Scanned Documents 2020-02-03 21:56 - 2019-03-19 05:56 - 000835688 _____ (Adobe) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe 2020-02-03 21:56 - 2019-03-19 05:56 - 000179608 _____ (Adobe) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl 2020-02-01 18:55 - 2020-01-20 13:22 - 000003360 _____ C:\WINDOWS\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-3117796367-4178473136-720949512-1000 2020-02-01 18:55 - 2020-01-20 12:46 - 000002421 _____ C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk 2020-02-01 18:55 - 2017-01-11 11:20 - 000000000 ___RD C:\Users\User\OneDrive 2020-01-31 12:28 - 2020-01-20 13:19 - 000000000 ____D C:\WINDOWS\Minidump 2020-01-28 17:05 - 2013-01-05 13:23 - 000000000 ____D C:\Program Files\REFLEX 2020-01-26 11:41 - 2013-01-02 15:15 - 000259320 _____ C:\Users\User\AppData\Local\GDIPFONTCACHEV1.DAT 2020-01-26 11:06 - 2020-01-20 13:48 - 000000000 ____D C:\Users\User\AppData\Local\MicrosoftEdge 2020-01-24 16:09 - 2018-12-13 21:07 - 000000000 ____D C:\Users\User\AppData\Roaming\CyberLink 2020-01-24 16:09 - 2018-12-13 20:37 - 000000000 ___HD C:\ProgramData\CyberLink 2020-01-24 15:41 - 2015-12-07 19:45 - 000000000 ____D C:\Users\User\AppData\Roaming\Audacity 2020-01-23 21:08 - 2020-01-20 13:59 - 000000000 ____D C:\ProgramData\Packages 2020-01-23 18:37 - 2020-01-20 12:50 - 000004428 _____ C:\WINDOWS\system32\Tasks\Adobe Flash Player Updater 2020-01-22 20:12 - 2013-01-03 20:25 - 000000000 ____D C:\ProgramData\NortonInstaller 2020-01-22 13:21 - 2019-11-21 17:40 - 000000000 ____D C:\Users\User\AppData\Local\Arduino15 2020-01-22 08:50 - 2019-03-19 13:17 - 000000000 ____D C:\WINDOWS\OCR 2020-01-22 08:41 - 2019-03-19 05:52 - 000000000 ____D C:\WINDOWS\appcompat 2020-01-22 08:41 - 2019-03-19 05:52 - 000000000 ____D C:\ProgramData\USOPrivate ==================== Dateien im Wurzelverzeichnis einiger Verzeichnisse ======== 2013-08-22 18:36 - 2013-08-22 18:36 - 000129536 _____ () C:\Users\Public\AlexaNSISPlugin.4068.dll ==================== SigCheck ============================ (Es ist kein automatischer Fix für Dateien vorhanden, die an der Verifikation gescheitert sind.) ==================== Ende von FRST.txt ======================== |
26.02.2020, 18:16 | #3 |
| Auf Microsoft Mitarbeiter hereingefallen Addition.txt:
__________________FRST Additions Logfile: Code:
ATTFilter Zusätzliches Untersuchungsergebnis von Farbar Recovery Scan Tool (x64) Version: 16-02-2020 durchgeführt von Administrator (21-02-2020 21:15:51) Gestartet von D:\Analyse_FRST Windows 10 Home Version 1909 18363.657 (X64) (2020-01-20 11:51:23) Start-Modus: Normal ========================================================== ==================== Konten: ============================= Administrator (S-1-5-21-3117796367-4178473136-720949512-500 - Administrator - Enabled) => C:\Users\Administrator DefaultAccount (S-1-5-21-3117796367-4178473136-720949512-503 - Limited - Disabled) Gast (S-1-5-21-3117796367-4178473136-720949512-501 - Limited - Disabled) HomeGroupUser$ (S-1-5-21-3117796367-4178473136-720949512-1003 - Limited - Enabled) User (S-1-5-21-3117796367-4178473136-720949512-1000 - Administrator - Enabled) => C:\Users\User WDAGUtilityAccount (S-1-5-21-3117796367-4178473136-720949512-504 - Limited - Disabled) ==================== Sicherheits-Center ======================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er entfernt.) AV: Norton Security (Enabled - Up to date) {1122B19A-E671-38EC-8EAC-87048FD4528D} AV: Norton Security (Enabled - Up to date) {A2708B76-6835-6565-CB96-694212954A75} AV: Avast Antivirus (Disabled - Up to date) {8EA8924E-BC81-DC44-8BB0-8BAE75D86EBF} AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AV: Total AV (Enabled - Up to date) {AC3490DF-B2AE-610F-9290-A5E6E0CD5323} AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: Avast Antivirus (Enabled - Up to date) {35C973AA-9ABB-D3CA-B100-B0DC0E5F2402} FW: Norton Security (Enabled) {9A4B0A53-225A-643D-E0C9-C077EC460D0E} FW: Norton Security (Enabled) {291930BF-AC1E-39B4-A5F3-2E31710715F6} ==================== Installierte Programme ====================== (Nur Adware-Programme mit dem Zusatz "Hidden" können in die Fixlist aufgenommen werden, um sie sichtbar zu machen. Die Adware-Programme sollten manuell deinstalliert werden.) Ableton Live 10 Lite (HKLM\...\{89ACE513-3A6E-4052-822E-9B90BAADF6A7}) (Version: 10.0.0.0 - Ableton) Adobe Acrobat Reader DC - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AC0F074E4100}) (Version: 20.006.20034 - Adobe Systems Incorporated) Adobe Creative Suite 2 (HKLM-x32\...\{0134A1A1-C283-4A47-91A1-92F19F960372}) (Version: - ) Adobe Flash Player 32 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 32.0.0.330 - Adobe) Adobe Photoshop Elements 2.0 (HKLM-x32\...\Adobe Photoshop Elements 2.0) (Version: 2.0 - Adobe Systems, Inc.) Adobe Photoshop Lightroom 3.2 64-bit (HKLM\...\{A94AABAE-52F0-48C4-9F94-A4CA4B423576}) (Version: 3.2.1 - Adobe) Adobe Shockwave Player 11.6 (HKLM-x32\...\Adobe Shockwave Player) (Version: 11.6.8.638 - Adobe Systems, Inc.) Adobe SVG Viewer 3.0 (HKLM-x32\...\Adobe SVG Viewer) (Version: 3.0 - Adobe Systems, Inc.) Altis Flight manager (HKLM-x32\...\Altis Flight manager) (Version: 4.3.0 - AerobTec) ANT Drivers Installer x64 (HKLM\...\{C14C3A1D-B5B3-41BB-9358-6FEA3FC642AF}) (Version: 2.3.4 - Garmin Ltd or its subsidiaries) Hidden Arduino (HKLM-x32\...\Arduino) (Version: 1.8.10 - Arduino LLC) ARM Toolchain 7.0 (HKLM-x32\...\{8249DFF7-E478-4FA0-BCB8-7ADE5A413A17}) (Version: 7.0.575 - Atmel) Hidden Asmedia ASM106x SATA Host Controller Driver (HKLM-x32\...\{61942EF5-2CD8-47D4-869C-2E9A8BB085F1}) (Version: 1.3.1.000 - Asmedia Technology) ASUS GPU TweakII (HKLM-x32\...\{0075AAC2-EA9F-490E-83F7-5D5F81EB2A43}) (Version: 1.0.6.9 - ASUSTek COMPUTER INC.) Hidden ASUS GPU TweakII (HKLM-x32\...\InstallShield_{0075AAC2-EA9F-490E-83F7-5D5F81EB2A43}) (Version: 1.0.6.9 - ASUSTek COMPUTER INC.) ASUS Product Register Program (HKLM-x32\...\{C87D79F6-F813-4812-B7A9-CCCAAB8B1188}) (Version: 1.0.026 - ASUSTek Computer Inc.) Atmel Driver Files (HKLM-x32\...\{EC56D7CE-0A98-4282-B8E5-2DA69C562AA9}) (Version: 7.0.14 - Atmel Corporation) Atmel LibUSB0 Driver (x64) (HKLM\...\{C1F86585-CDAC-4ABE-B163-161DDBCC4332}) (Version: 7.0.125 - Atmel) Atmel Segger USB Drivers (501e) (HKLM-x32\...\{156C0C95-4DDE-4F88-97A0-5EEE22269CE3}) (Version: 7.0.417 - Atmel) Atmel Software Framework (HKLM-x32\...\{FC97DA69-966C-49F7-86DE-481714C0045F}) (Version: 7.0.779 - Atmel) Hidden Atmel Studio 7.0 (HKLM-x32\...\{153423aa-30bc-4483-b303-ff316422963c}) (Version: 7.0.790 - Atmel) Atmel Studio IDE 7.0 (HKLM-x32\...\{531AEE6E-2C3F-449B-B831-84D42854C5E6}) (Version: 7.0.790 - Atmel) Hidden Atmel WinDriver (HKLM-x32\...\{FAF2A9D1-33C8-48FF-8FD5-20075A53AB9C}) (Version: 7.0.23 - Atmel) Atmel WinUSB (HKLM-x32\...\{22D3C72E-42F9-4B0F-B331-E0AA134ADF76}) (Version: 6.2.32 - Atmel) Audacity 2.1.0 (HKLM-x32\...\Audacity_is1) (Version: 2.1.0 - Audacity Team) Avast Free Antivirus (HKLM-x32\...\Avast Antivirus) (Version: 19.8.2393 - AVAST Software) AVR32 Packs 7.0 (HKLM-x32\...\{B61BDA1F-3FF3-4F7E-BE41-97D055B33451}) (Version: 7.0.783 - Atmel) Hidden AVR32 Toolchain 7.0 (HKLM-x32\...\{8AF6AD1C-A2DE-412D-9FEE-ECF60AD534BB}) (Version: 7.0.536 - Atmel) Hidden AVR8 Packs 7.0 (HKLM-x32\...\{FD7CD817-B7A7-40E6-9FE8-83AEF36E9A07}) (Version: 7.0.783 - Atmel) Hidden AVR8 Toolchain 7.0 (HKLM-x32\...\{D447DD69-53C4-4330-9396-23CF3BC3E470}) (Version: 7.0.773 - Atmel) Hidden BASCOM-AVR (HKLM-x32\...\{47F94730-ABD2-47F6-920E-EA8CDB6DD0C6}_is1) (Version: 2.0.7.9 - MCS Electronics) Brother HL-5270DN (HKLM-x32\...\{AD0EFEF2-7535-4B6F-8FBD-A18AAD4E7259}) (Version: 1.00 - Brother) CDBurnerXP (HKLM-x32\...\{7E265513-8CDA-4631-B696-F40D983F3B07}_is1) (Version: 4.5.5.5571 - CDBurnerXP) Creative Pack Volume 1 (HKLM\...\{997BE27F-A97F-4EF4-B841-D20ABF1CD6DC}) (Version: 4.0.0 - Corel Corporation) CyberLink PowerDirector 17 (HKLM-x32\...\{FEAC3AD0-1026-4F63-AAAF-E5CFF422BCCD}) (Version: 17.0.2314.1 - CyberLink Corp.) D3DX10 (HKLM-x32\...\{E09C4DB7-630C-4F06-A631-8EA7239923AF}) (Version: 15.4.2368.0902 - Microsoft) Hidden Dazzle Video Capture DVC100 X64 Driver 1.08 (HKLM-x32\...\{FB4B9EB9-68B2-4C42-8C38-B65F8FE5A5CA}) (Version: 1.08.0000 - Pinnacle) EAGLE 5.3.0 (HKLM-x32\...\EAGLE 5.3.0) (Version: 5.3.0 - CadSoft Computer GmbH) EAGLE 7.2.0 (HKLM-x32\...\EAGLE 7.2.0) (Version: 7.2.0 - CadSoft Computer GmbH) EAGLE 7.4.0 (HKLM\...\EAGLE 7.4.0) (Version: 7.4.0 - CadSoft Computer GmbH) EAGLE 7.6.0 (HKLM\...\EAGLE 7.6.0) (Version: 7.6.0 - CadSoft Computer GmbH) EAGLE 7.7.0 (HKLM\...\EAGLE 7.7.0) (Version: 7.7.0 - CadSoft Computer GmbH) Elevated Installer (HKLM-x32\...\{B11981DA-5AEA-459F-978A-F99541F77AD5}) (Version: 6.15.0.0 - Garmin Ltd or its subsidiaries) Hidden ElsterFormular (HKLM-x32\...\ElsterFormular) (Version: 20.1 - Thüringer Landesfinanzdirektion) FileZilla Client 3.46.3 (HKLM-x32\...\FileZilla Client) (Version: 3.46.3 - Tim Kosse) Fotogalerie (HKLM-x32\...\{41BF4A3B-D60A-4E92-883F-C88C8C157261}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden Garmin BaseCamp (HKLM-x32\...\{25931634-b363-4840-9e62-4c52abaeffc3}) (Version: 4.7.0.0 - Garmin Ltd or its subsidiaries) Garmin BaseCamp (HKLM-x32\...\{B6A0787C-1CD0-4999-B585-677C20139BA5}) (Version: 4.7.0.0 - Garmin Ltd or its subsidiaries) Hidden Garmin City Navigator Europe NTU 2020.10 (HKLM-x32\...\{305035A7-0767-40CF-B62B-25B12A515862}) (Version: 2.0.0.0 - Garmin Ltd or its subsidiaries) Garmin Express (HKLM-x32\...\{4cc2749e-1c2a-4f48-abdf-c17069bac4da}) (Version: 6.15.0.0 - Garmin Ltd or its subsidiaries) Garmin Express (HKLM-x32\...\{9BE7B09F-C8D2-4B1E-B83E-7387FDDA8BCD}) (Version: 6.15.0.0 - Garmin Ltd or its subsidiaries) Hidden Garmin USB Drivers (HKLM-x32\...\{3D5D6CFC-3097-425A-8D8F-7EAF5D57641D}) (Version: 2.3.1.0 - Garmin Ltd or its subsidiaries) Garmin WebUpdater (HKLM-x32\...\{AE1EC58E-B2AC-4959-A4C2-C38202A25239}) (Version: 2.5.6 - Garmin Ltd or its subsidiaries) GIMP 2.8.16 (HKLM\...\GIMP-2_is1) (Version: 2.8.16 - The GIMP Team) Hollywood FX Volumes 1-3 (HKLM\...\{48C2040D-B49F-4B4D-AE4A-0DCED3305692}) (Version: 3.0 - Corel Corporation) honestech VHS to DVD 3.0 SE (HKLM-x32\...\{2856F5EA-E98A-40E4-BAD6-8C644A4A3F3C}) (Version: 3.0 - honestech) HP LaserJet Professional P1100-P1560-P1600 Series (HKLM\...\HP LaserJet Professional P1100-P1560-P1600 Series) (Version: - ) Intel(R) Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation) Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1281 - Intel Corporation) Intel(R) Update Manager (HKLM-x32\...\{7224B7CE-196C-4E2A-A1AE-1D7BF259FD36}) (Version: 3.4.1942 - Intel Corporation) Intel(R) USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 1.0.4.220 - Intel Corporation) iZotope Music & Speech Cleaner (HKLM-x32\...\iZotope Music & Speech Cleaner_is1) (Version: 1.00 - iZotope, Inc.) Junk Mail filter update (HKLM-x32\...\{0BE9E708-5DC0-4963-9CFD-0AA519090E79}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden K-Lite Codec Pack 14.2.0 Full (HKLM-x32\...\KLiteCodecPack_is1) (Version: 14.2.0 - KLCP) L&H TTS3000 Deutsch (HKLM-x32\...\LHTTSGED) (Version: - ) Lernout & Hauspie TruVoice American English TTS Engine (HKLM-x32\...\tv_enua) (Version: - ) Macrium Reflect Free Edition (HKLM\...\{3F77BFA0-BC1B-4670-95E2-1D7F1B7A5F88}) (Version: 7.2.4744 - Paramount Software (UK) Ltd.) Hidden Macrium Reflect Free Edition (HKLM\...\MacriumReflect) (Version: 7.2 - Paramount Software (UK) Ltd.) Malwarebytes version 4.0.4.49 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 4.0.4.49 - Malwarebytes) Manager (HKLM-x32\...\{38251B9A-C44B-42D9-9A6A-0697986E334A}) (Version: 4.1.4.27792 - 2015 pdfforge GmbH. All rights reserved) Hidden Math-Kernel-Bibliotheken (64 Bit) (HKLM\...\{112D8201-03A2-43B2-861B-EB3FCB855547}) (Version: 13.0.13 - National Instruments) Hidden Math-Kernel-Bibliotheken (64 Bit) (HKLM\...\{95E4D734-E2AC-46BD-A0D7-B8E1AD1C0D2E}) (Version: 14.0.6 - National Instruments) Hidden Math-Kernel-Bibliotheken (HKLM-x32\...\{E71784F9-5B67-4052-A5FC-55C038396936}) (Version: 13.0.13 - National Instruments) Hidden Math-Kernel-Bibliotheken (HKLM-x32\...\{FDF32877-3B6C-4D67-81A3-7857CBAF4110}) (Version: 14.0.6 - National Instruments) Hidden McAfee WebAdvisor (HKLM-x32\...\{35ED3F83-4BDC-4c44-8EC6-6A8301C7413A}) (Version: 4.1.1.67 - McAfee, LLC.) Microsoft .NET Framework 4.5 Multi-Targeting Pack (HKLM-x32\...\{56E962F0-4FB0-3C67-88DB-9EAA6EEFC493}) (Version: 4.5.50710 - Microsoft Corporation) Microsoft .NET Framework 4.5.1 Multi-Targeting Pack (ENU) (HKLM-x32\...\{D3517C62-68A5-37CF-92F7-93C029A89681}) (Version: 4.5.50932 - Microsoft Corporation) Microsoft .NET Framework 4.5.1 Multi-Targeting Pack (HKLM-x32\...\{6A0C6700-EA93-372C-8871-DCCF13D160A4}) (Version: 4.5.50932 - Microsoft Corporation) Microsoft .NET Framework 4.5.1 SDK (HKLM-x32\...\{19A5926D-66E1-46FC-854D-163AA10A52D3}) (Version: 4.5.51641 - Microsoft Corporation) Microsoft .NET Framework 4.5.2 Multi-Targeting Pack (ENU) (HKLM-x32\...\{290FC320-2F5A-329E-8840-C4193BD7A9EE}) (Version: 4.5.51209 - Microsoft Corporation) Microsoft .NET Framework 4.5.2 Multi-Targeting Pack (HKLM-x32\...\{B941AFB4-8851-33A1-9E72-0C33D463C41C}) (Version: 4.5.51209 - Microsoft Corporation) Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation) Microsoft Help Viewer 2.2 (HKLM-x32\...\Microsoft Help Viewer 2.2) (Version: 2.2.23107 - Microsoft Corporation) Microsoft Office Professional Plus 2016 (HKLM\...\Office16.PROPLUS) (Version: 16.0.4266.1001 - Microsoft Corporation) Microsoft OneDrive (HKU\S-1-5-21-3117796367-4178473136-720949512-500\...\OneDriveSetup.exe) (Version: 19.232.1124.0008 - Microsoft Corporation) Microsoft Picture It! Foto 7.0 (HKLM-x32\...\{369B36BE-3D64-4641-9AEA-808D436FE132}) (Version: 7.0.0.0000 - Microsoft Corporation) Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation) Microsoft SQL Server 2014 Management Objects (HKLM-x32\...\{2774595F-BC2A-4B12-A25B-0C37A37049B0}) (Version: 12.0.2000.8 - Microsoft Corporation) Microsoft System CLR Types for SQL Server 2014 (HKLM-x32\...\{718FFB65-F6E4-4D62-861F-ED10ED32C936}) (Version: 12.0.2402.11 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{4fcf070a-daac-45e9-a8b0-6850941f7ed8}) (Version: 12.0.21005.1 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation) Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.23026 (HKLM-x32\...\{e46eca4f-393b-40df-9f49-076faf788d83}) (Version: 14.0.23026.0 - Microsoft Corporation) Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.23026 (HKLM-x32\...\{74d0e5db-b326-4dae-a6b2-445b9de1836e}) (Version: 14.0.23026.0 - Microsoft Corporation) Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation) Microsoft Visual Studio 2010-Tools für Office-Laufzeit (x64) Language Pack - DEU (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - DEU) (Version: 10.0.50903 - Microsoft Corporation) Microsoft Visual Studio 2015 Shell (Isolated) (HKLM-x32\...\{d2981c27-a434-4c9a-96c7-0209e97c4eac}) (Version: 14.0.23107.10 - Microsoft Corporation) Microsoft Works 2003-Setup-Start (HKLM-x32\...\Works2003Setup) (Version: - ) Microsoft_VC100_CRT_x86 (HKLM-x32\...\{6FDDB201-2CA0-42BD-973F-7B2C4A61EA3F}) (Version: 1.0.0 - Microsoft) MotoCalc 8.09 (HKLM-x32\...\MotoCalc 8_is1) (Version: - Capable Computing, Inc.) Movavi Video Editor 6 SE (HKLM-x32\...\{C3F26EAD-0B20-445F-9D64-CD470928EB2B}) (Version: 6.01.003 - MOVAVI) Movie Maker (HKLM-x32\...\{70C91B91-61E8-4D06-86D6-A9DCC291983A}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden Movie Maker (HKLM-x32\...\{DD67BE4B-7E62-4215-AFA3-F123A800A389}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden Mozilla Firefox 73.0.1 (x64 de) (HKLM\...\Mozilla Firefox 73.0.1 (x64 de)) (Version: 73.0.1 - Mozilla) Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 57.0 - Mozilla) MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation) MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation) MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation) MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation) MULTIPLEX Launcher (HKLM-x32\...\{100B4F61-0789-42C7-845C-2543C574E73F}_is1) (Version: - MULTIPLEX GmbH & Co. KG) MultiSIM BLUE Launcher (HKLM-x32\...\{593CDE68-760C-4D25-B327-B0D6BD139417}) (Version: 14.0.668 - National Instruments) Hidden National Instruments - Software (HKLM-x32\...\NI Uninstaller) (Version: - National Instruments) NETGEAR WNDA3100v3 (HKLM-x32\...\{60C50FCC-545B-4D5D-B0D1-4A773143BCE7}) (Version: 1.0.0.10 - NETGEAR) Hidden NETGEAR WNDA3100v3 Genie (HKLM-x32\...\InstallShield_{60C50FCC-545B-4D5D-B0D1-4A773143BCE7}) (Version: 1.0.0.10 - NETGEAR) NewBlue Effects (HKLM\...\{C68BAB1A-C7DF-4D81-83FC-981B31921924}) (Version: 2.1.0 - Corel Corporation) NI .NET Framework 4.0 (HKLM-x32\...\{0C43BB65-C604-4D94-A83A-54DCB42780B8}) (Version: 4.01.49154 - National Instruments) Hidden NI Authentication 2014SP1 (64-bit) (HKLM\...\{89EFD0FB-130F-4D38-AB16-28BE8482458B}) (Version: 14.5.5 - National Instruments) Hidden NI Authentication 2014SP1 (HKLM-x32\...\{1AFBF932-61A5-44B4-A255-182BA105D2EF}) (Version: 14.5.5 - National Instruments) Hidden NI Curl 14.0.0 (64-bit) (HKLM\...\{9EE72A1B-CA05-4ACF-92EE-21D3BA2A704C}) (Version: 14.0.294 - National Instruments) Hidden NI Curl 2014 (HKLM-x32\...\{C930794D-7E74-4395-B6A3-CEEC020C7D7E}) (Version: 14.0.295 - National Instruments) Hidden NI DataSocket 5.2 (64 Bit) (HKLM\...\{DF4FE9F7-9350-4B6F-9A3E-DDD53D12F155}) (Version: 5.2.218 - National Instruments) Hidden NI DataSocket 5.2 (HKLM-x32\...\{6949BEA5-8C05-4A48-90F3-888739D8BCAF}) (Version: 5.2.218 - National Instruments) Hidden NI Error Reporting Interface 14.0 (HKLM-x32\...\{1F426FD9-602A-4B37-9CEF-921C025AFEE0}) (Version: 14.0.241 - National Instruments) Hidden NI Error Reporting Interface 14.0 for Windows (64-bit) (HKLM\...\{8C78715A-10D1-400F-A64A-55D85CE559CD}) (Version: 14.0.241 - National Instruments) Hidden NI EulaDepot (HKLM-x32\...\{8824A94C-E7A5-4EC3-BFD5-3A2A2B5F8802}) (Version: 15.0.216 - National Instruments) Hidden NI Help Assistant 2.0 (64bit) (HKLM\...\{DDAAADDD-C57E-4731-A29C-133191587488}) (Version: 2.0.3 - National Instruments) Hidden NI Help Assistant 2.0 (HKLM-x32\...\{C9A0D47F-9A68-4917-868C-79E384E4DEE6}) (Version: 2.0.3 - National Instruments) Hidden NI LabVIEW 2012 Real-Time NBFifo (HKLM-x32\...\{A072C4EB-6173-474C-B3AA-9C97896FC153}) (Version: 14.0.386 - National Instruments) Hidden NI LabVIEW 2012 Real-Time NBFifo (HKLM-x32\...\{EEDB0927-3BD8-4349-856E-425A146CC680}) (Version: 13.0.336 - National Instruments) Hidden NI LabVIEW 2014 Deployment Framework (HKLM-x32\...\{A1248570-7C3B-467B-B6A7-3CA1F720EE09}) (Version: 14.0.390 - National Instruments) Hidden NI LabVIEW 2014 SP1 - Runtime-Engine-Webserver (HKLM-x32\...\{94F51393-59D2-48F4-830F-DFF41B1D64B6}) (Version: 14.5.5 - National Instruments) Hidden NI LabVIEW 2014 SP1 Deployable License (HKLM-x32\...\{147FC3A9-2562-4F49-9040-8B5A08B916A7}) (Version: 14.1.96 - National Instruments) Hidden NI LabVIEW 2014 SP1 f3 - Runtime (HKLM-x32\...\{331B6132-FA2A-458D-828D-B0DA0237739A}) (Version: 14.1.105 - National Instruments) Hidden NI LabVIEW Run-Time Engine Interop 2013 (HKLM-x32\...\{31E72A59-F544-439C-9D28-17C060B8A6C7}) (Version: 13.1.125 - National Instruments) Hidden NI LabVIEW Run-Time Engine Webserver 2013 (HKLM-x32\...\{A0EE8096-E55F-47E2-A6E2-C7CC0AAD2022}) (Version: 13.5.27 - National Instruments) Hidden NI LabVIEW Runtime Interop 2014 (HKLM-x32\...\{DB1CA89F-0F99-4E1E-9C9D-CF582181B123}) (Version: 14.1.105 - National Instruments) Hidden NI LabVIEW Runtime-Engine 2013 SP1 f6 (HKLM-x32\...\{E7F44619-A12B-407C-A4AE-9E85280EF3AB}) (Version: 13.1.125 - National Instruments) Hidden NI LabWindows/CVI 2013 SP2 .NET Library (64-bit) (HKLM\...\{1015A47B-04AC-40BC-9002-78EB2B86B0EB}) (Version: 13.0.2278 - National Instruments) Hidden NI LabWindows/CVI 2013 SP2 .NET Library (HKLM-x32\...\{EDDAF514-4A52-449B-B382-0B7D92A39F42}) (Version: 13.0.2278 - National Instruments) Hidden NI LabWindows/CVI 2013 SP2 Analysis Library (64-bit) (HKLM\...\{E61BE539-EAA0-446D-9B32-8370F99A31A3}) (Version: 13.0.2278 - National Instruments) Hidden NI LabWindows/CVI 2013 SP2 Analysis Library (HKLM-x32\...\{D5A43D6C-BA44-46AE-95BF-05ED13CD43D8}) (Version: 13.0.2278 - National Instruments) Hidden NI LabWindows/CVI 2013 SP2 Low-Level Driver (Original) (HKLM-x32\...\{581A2852-67B2-4B83-B781-473A561DCC63}) (Version: 13.0.2278 - National Instruments) Hidden NI LabWindows/CVI 2013 SP2 Low-Level Driver (Updated) (HKLM-x32\...\{5C33A68B-0E6B-4839-97B9-7A7896DB2404}) (Version: 13.0.2278 - National Instruments) Hidden NI LabWindows/CVI 2013 SP2 Network Streams Library (64-bit) (HKLM\...\{C9533EB7-AE6E-4374-9BA9-DC9877624DF5}) (Version: 13.0.2278 - National Instruments) Hidden NI LabWindows/CVI 2013 SP2 Network Streams Library (HKLM-x32\...\{E3CB6529-FC39-46E5-AC6D-A97DD2E1286F}) (Version: 13.0.2278 - National Instruments) Hidden NI LabWindows/CVI 2013 SP2 Network Variable Library (64-bit) (HKLM\...\{CFB0239F-E3D1-4F56-A8F0-6532C84EA171}) (Version: 13.0.2278 - National Instruments) Hidden NI LabWindows/CVI 2013 SP2 Network Variable Library (HKLM-x32\...\{72CB1B11-685B-405A-A8A0-5987CCD593A0}) (Version: 13.0.2278 - National Instruments) Hidden NI LabWindows/CVI 2013 SP2 TDMS Library (64-bit) (HKLM\...\{729F2480-96E3-4260-B4F1-A3054A98645D}) (Version: 13.0.2278 - National Instruments) Hidden NI LabWindows/CVI 2013 SP2 TDMS Library (HKLM-x32\...\{00BD6260-2A45-423C-9150-2D1516BD96B3}) (Version: 13.0.2278 - National Instruments) Hidden NI LabWindows/CVI Run-Time Engine 2013 SP2 (Updated) (HKLM-x32\...\{23F01A4F-6BDA-4FFA-89A1-50D4EED0B3AE}) (Version: 13.0.2278 - National Instruments) Hidden NI LabWindows/CVI Shared Run-Time Engine 2013 SP2 (64-bit) (HKLM\...\{0DA67E53-EE91-450C-8159-FA1F9B87D300}) (Version: 13.0.2278 - National Instruments) Hidden NI LabWindows/CVI Shared Run-Time Engine 2013 SP2 (HKLM-x32\...\{D3C549FD-7DA5-440B-A1BC-DD92C898949A}) (Version: 13.0.2278 - National Instruments) Hidden NI Launcher (HKLM-x32\...\{A4DF3435-3612-4AE8-BC76-D89E690FDEA3}) (Version: 15.0.172 - National Instruments) Hidden NI License Manager (HKLM-x32\...\{2B2BC0C2-C36B-4DC9-9DAE-E003180470BD}) (Version: 3.7.73 - National Instruments) Hidden NI Logos 5.6 (64 Bit) (HKLM\...\{54581EE6-1A40-4C81-BC26-27B5D95E245D}) (Version: 5.6.257 - National Instruments) Hidden NI Logos 5.6 (HKLM-x32\...\{766A86C6-990A-4D10-B4BD-733306D754F0}) (Version: 5.6.257 - National Instruments) Hidden NI Logos XT Support (HKLM-x32\...\{B80BCD71-7DBF-4ED2-9A56-B23EC1A35136}) (Version: 5.6.253 - National Instruments) Hidden NI Logos64 XT Support (HKLM\...\{31142B5E-1F50-424E-A27C-4396E9D4CAF8}) (Version: 5.6.253 - National Instruments) Hidden NI Math Kernel Libraries (HKLM-x32\...\{DB2C5648-700D-4AEF-83E1-70C72F0C34FA}) (Version: 1.0.861.0 - National Instruments) Hidden NI MAX Remote Configuration 64-bit Installer 14.0.1 (HKLM\...\{B99740E5-7998-4B6C-95E0-22F89D121176}) (Version: 14.01.49153 - National Instruments) Hidden NI MAX Remote Configuration Installer 14.0.1 (HKLM-x32\...\{86EEFAE1-276E-467E-8B1A-9640F9599C27}) (Version: 14.01.49153 - National Instruments) Hidden NI MDF Support (HKLM-x32\...\{86CD6B5E-7870-4DC9-AB41-BEACEFD542D3}) (Version: 15.0.172 - National Instruments) Hidden NI mDNS Responder 14.0 for Windows 64-bit (HKLM\...\{6E8CCE41-38E3-4815-8D9F-A8B502DACD41}) (Version: 14.00.49152 - National Instruments) Hidden NI mDNS Responder 14.0.0 (HKLM-x32\...\{6CED5B26-5F59-4586-9EC0-3E92B5ECF76E}) (Version: 14.00.49152 - National Instruments) Hidden NI Measurement Studio ComponentWorks 3D Graph (HKLM-x32\...\{F278392D-547E-4E67-AD1C-2576C2852B50}) (Version: 8.6.10603 - National Instruments) Hidden NI Measurement Studio ComponentWorks UI (HKLM-x32\...\{2C77FBC4-79E2-4D25-86FB-CF7AAE02425E}) (Version: 8.6.10603 - National Instruments) Hidden NI MetaSuite Installer (HKLM-x32\...\{CEDE8B90-A0DE-45F1-B2DB-8580DE174BA8}) (Version: 15.0.172 - National Instruments) Hidden NI Multisim Component Evaluator 14.0 Core (HKLM-x32\...\{904FAF74-89FA-49A5-AFF7-862FA079E44A}) (Version: 14.0.668 - National Instruments) Hidden NI Multisim Component Evaluator 14.0 Ultiboard Core (HKLM-x32\...\{413A80D2-6224-4D70-9D1B-4DCDE7515445}) (Version: 14.0.668 - National Instruments) Hidden NI Multisim Component Evaluator Mouser Electronics Edition 14.0 (HKLM-x32\...\{326C37AC-C245-416F-A886-15BA9DAE89CB}) (Version: 14.0.668 - National Instruments) Hidden NI Multisim Component Evaluator Mouser Electronics Edition Licenses (HKLM-x32\...\{C93887E9-6075-4E1C-9793-C98300A4B3B0}) (Version: 14.0.668 - National Instruments) Hidden NI MXS 14.0.0 (HKLM-x32\...\{8C19A05E-70B2-4E19-B294-9BC89A71C8DC}) (Version: 14.00.49152 - National Instruments) Hidden NI MXS 14.0.0 for 64 Bit Windows (HKLM\...\{89B2A02D-C174-47C9-B9B2-BCF95CA351B8}) (Version: 14.00.49152 - National Instruments) Hidden NI Network Discovery 14.0 (HKLM-x32\...\{64CDFD47-4981-4D52-AEDA-2B593797264F}) (Version: 14.00.49152 - National Instruments) Hidden NI Network Discovery 14.0 for Windows 64-bit (HKLM\...\{780167E4-DF3F-45E3-82E9-251DF653D769}) (Version: 14.00.49152 - National Instruments) Hidden NI OPC Support (HKLM-x32\...\{0BE97083-CA94-45E5-AA4E-BBBB563C4F2A}) (Version: 14.0.281 - National Instruments) Hidden NI OPCEnum Shared (HKLM-x32\...\{1179FFB4-726B-4200-BF02-0387C86C429B}) (Version: 5.5.2018 - National Instruments) Hidden NI Portable Configuration 14.0.0 (HKLM-x32\...\{2F1A4258-A35E-40FD-89A6-BF6633AE9152}) (Version: 14.00.49152 - National Instruments) Hidden NI Portable Configuration for 64 Bit Windows 14.0.0 (HKLM\...\{D5674132-8C0F-45BC-84D5-75260DB74AD9}) (Version: 14.00.49152 - National Instruments) Hidden NI Security Update (KB 67L8LCQW) (64-bit) (HKLM\...\{4A78D9E6-D349-4CCA-9295-45B12BE5BC6C}) (Version: 1.0.29.0 - National Instruments) Hidden NI Security Update (KB 67L8LCQW) (HKLM-x32\...\{20124E21-206B-485F-838F-14BB88161045}) (Version: 1.0.29.0 - National Instruments) Hidden NI Service Locator 2014 (HKLM-x32\...\{181EA712-2062-4A97-814C-1C42D3429DA4}) (Version: 14.0.217 - National Instruments) Hidden NI SSL LabVIEW RTE 2013 SP1 Support (HKLM-x32\...\{D370E8AD-D3C1-44C7-96EA-3DD9918F2F6B}) (Version: 13.5.27 - National Instruments) Hidden NI SSL LabVIEW RTE 2014 Support (HKLM-x32\...\{18CEFB7A-37B7-4030-88F6-98247801832F}) (Version: 14.0.376 - National Instruments) Hidden NI System API Windows 32-bit 14.0.1 (HKLM-x32\...\{8E9241E2-5DE1-490C-ADEC-7F6E04F74CB9}) (Version: 14.1.24 - National Instruments) Hidden NI System API Windows 64-bit 14.0.1 (HKLM\...\{40F02681-C873-4F8A-8DCD-F6256854BDF3}) (Version: 14.1.24 - National Instruments) Hidden NI System Configuration .NET Runtime Support 14.0.0 (HKLM-x32\...\{7F0114F3-823B-4FC0-A13B-13A962CBAEA0}) (Version: 14.00.49152 - National Instruments) Hidden NI System Configuration Runtime 14.0.0 for Windows 64-bit (HKLM\...\{E2B8FE97-9E17-4377-B53E-C00073DA7441}) (Version: 14.0.142 - National Instruments) Hidden NI System State Publisher (64-bit) (HKLM\...\{105332F6-D8BF-4543-B134-554ED0BC9DA0}) (Version: 14.1.7 - National Instruments) Hidden NI System State Publisher (HKLM-x32\...\{26448952-DAC0-444F-A9E7-1D55B1FB1DC0}) (Version: 14.1.7 - National Instruments) Hidden NI System Web Server Base 2014 SP1 (64-bit) (HKLM\...\{716AB2AE-22C4-47D5-953E-40ABA53FC861}) (Version: 14.5.6 - National Instruments) Hidden NI System Web Server Base 2014 SP1 (HKLM-x32\...\{B63D4C11-03BE-48AE-BFFF-7BEC8F7D6B10}) (Version: 14.5.6 - National Instruments) Hidden NI TDM Streaming 14.0 (64 Bit) (HKLM\...\{06B913C1-1C32-4FE6-8FE2-0DE2CEC9BFDA}) (Version: 14.0.43 - National Instruments) Hidden NI TDM Streaming 14.0 (HKLM-x32\...\{AC4F5DFA-A84D-4A86-9F42-4DAFDB32F279}) (Version: 14.0.43 - National Instruments) Hidden NI Trace Engine (64-bit) (HKLM\...\{47FFD335-847E-4640-9AA3-245A5BE13839}) (Version: 14.0.177 - National Instruments) Hidden NI Trace Engine (HKLM-x32\...\{369C78CD-B38C-40B7-B116-A8EF413CEDC6}) (Version: 14.0.177 - National Instruments) Hidden NI Uninstaller (HKLM-x32\...\{8FDB9EDF-B578-4EB5-B78D-361AA35FAFE0}) (Version: 15.0.172 - National Instruments) Hidden NI Update Service 15.0 (64-bit) (HKLM\...\{DD0FD089-95C9-40CA-8E5F-C4110673BEC8}) (Version: 15.0.47 - National Instruments) Hidden NI USI 14.0.0 (HKLM-x32\...\{F12CCD29-F039-40C9-9C2A-79F398BD857B}) (Version: 14.0.05640 - National Instruments) Hidden NI USI 14.0.0 64-bit (HKLM\...\{C3A1057A-26A5-4896-A39D-700D6EC3BC94}) (Version: 14.0.05640 - National Instruments) Hidden NI Variable Engine (64-bit) (HKLM\...\{077A43AC-486D-4E53-A229-EEB25D32B0BA}) (Version: 2.8.282 - National Instruments) Hidden NI VC2008MSMs x64 (HKLM\...\{07E00E94-7A78-40FA-9BEF-71C190E98041}) (Version: 9.0.401 - National Instruments) Hidden NI VC2008MSMs x86 (HKLM-x32\...\{E84997A1-4D6F-4C0B-B60D-F85B360D2666}) (Version: 9.0.401 - National Instruments) Hidden NI VC2010SP1MSMs x64 (HKLM\...\{AFC5A844-CA3A-4566-89E7-3E24E6AFF9A3}) (Version: 10.0.100 - National Instruments) Hidden NI VC2010SP1MSMs x86 (HKLM-x32\...\{F2273FA7-117C-43D7-BD59-00B025535442}) (Version: 10.0.100 - National Instruments) Hidden NI Visual C++ 2008 Redistributable Package (HKLM-x32\...\{08505CC2-EA7F-4818-9C45-B74EDA7227F8}) (Version: 9.00.49152 - National Instruments) Hidden NI Visual C++ 2010 Redistributable Package (HKLM-x32\...\{87E698D6-02AC-485E-A6BA-9194C94CC547}) (Version: 10.10.16385 - National Instruments) Hidden NI WS Repl Library 2014 (64-bit) (HKLM\...\{A6E58BE1-4148-4B2E-9573-5FB71D66FFEE}) (Version: 14.0.22 - National Instruments) Hidden NI WS Repl Library 2014 (HKLM-x32\...\{BA8E7954-880D-4E89-A3AF-24A7C580213E}) (Version: 14.0.22 - National Instruments) Hidden NI Xerces Delay Load 2.7.6 (HKLM-x32\...\{F3E66B88-C518-412C-BCA3-577951F3E991}) (Version: 2.7.218 - National Instruments) Hidden NI Xerces Delay Load 2.7.6 64-bit (HKLM\...\{C0A68BD4-6A7C-492D-84E1-7160AC970A23}) (Version: 2.7.228 - National Instruments) Hidden NI-ActiveX-Container (64-bit) (HKLM\...\{14BAF455-4623-4703-906D-7FBE49E7ED23}) (Version: 14.0.5 - National Instruments) Hidden NI-ActiveX-Container (HKLM-x32\...\{B3B56C15-80A8-4972-90CB-D80E64B3F39C}) (Version: 14.0.5 - National Instruments) Hidden NI-Engine für Umgebungsvariablen 2.8.0 (HKLM-x32\...\{540F9CB5-C0B5-4908-AECB-0B13F628A808}) (Version: 2.8.282 - National Instruments) Hidden NI-Fehlerprotokolle 2014 (HKLM-x32\...\{956DC995-1997-43DC-ACFA-EA31652D6131}) (Version: 14.0.379 - National Instruments) Hidden NI-Mesa (HKLM\...\{D43C46AB-57CC-48E4-83B1-514CDBF148A5}) (Version: 13.0.3 - National Instruments) Hidden NI-Mesa (HKLM-x32\...\{7F93F26A-E5F7-4AE1-840F-F88DFE2DE3A5}) (Version: 13.0.3 - National Instruments) Hidden NI-RPC 14.0.0f0 (HKLM-x32\...\{F2FD6CC8-82E5-4DD3-933A-DC7E0F636E55}) (Version: 14.00.49152 - National Instruments) Hidden NI-RPC 14.0.0f0 for 64 Bit Windows (HKLM\...\{642EF411-1FD1-4AD3-8F9A-BA31E75C37AB}) (Version: 14.00.49152 - National Instruments) Hidden NI-RPC 14.0.0f0 for Phar Lap ETS (HKLM-x32\...\{9B0E3671-ED4B-4D77-BE57-C1E4EFCD5912}) (Version: 14.00.49152 - National Instruments) Hidden NirSoft ShellExView (HKLM-x32\...\NirSoft ShellExView) (Version: - ) NI-System-Webserver 2014 SP1 (HKLM-x32\...\{1E006384-174A-4597-930A-9C848B7E2A5A}) (Version: 14.5.9 - National Instruments) Hidden NI-Update-Dienst 15.0 (HKLM-x32\...\{CD65B71B-FD71-43E8-A700-6D5A54116B1D}) (Version: 15.0.47 - National Instruments) Hidden NI-Webserver von Anwendungen 2014 SP1 (64 Bit) (HKLM\...\{9871A7B2-C7AC-4AA6-8AED-4DD11FEB8D5D}) (Version: 14.5.8 - National Instruments) Hidden NI-Webserver von Anwendungen 2014 SP1 (HKLM-x32\...\{37AE86E4-71D4-4E37-9424-F25D298C7AD9}) (Version: 14.5.8 - National Instruments) Hidden Node.js (HKLM-x32\...\{83E0D960-27D3-41AA-8192-37BF3E9EA837}) (Version: 4.4.0 - Node.js Foundation) Norton Security (HKLM-x32\...\NGC) (Version: 22.20.1.69 - Symantec Corporation) Norton Security Scan (HKLM-x32\...\NSS) (Version: 4.6.1.179 - Symantec Corporation) NVIDIA GeForce Experience 2.5.12.11 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.5.12.11 - NVIDIA Corporation) NVIDIA PhysX-Systemsoftware 9.15.0428 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.15.0428 - NVIDIA Corporation) OpenOffice 4.0.1 (HKLM-x32\...\{0AEC308E-7EB3-47F7-BB59-F2C9C6166B27}) (Version: 4.01.9714 - Apache Software Foundation) Outils de vérification linguistique 2016 de Microsoft Office*- Français (HKLM\...\{90160000-001F-040C-1000-0000000FF1CE}) (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden Paint.NET v3.5.7 (HKLM\...\{45212F71-750F-4B98-8931-2F35DBE6B662}) (Version: 3.57.0 - dotPDN LLC) PDF Architect 4 Create Module (HKLM\...\{72B9DF2C-76FA-40B5-A469-16EAB159CE72}) (Version: 4.1.5.29097 - pdfforge GmbH) Hidden PDF Architect 4 Edit Module (HKLM\...\{BDF7326B-7ED4-4034-B867-F4E88D4E628B}) (Version: 4.1.5.29097 - pdfforge GmbH) Hidden PDF Architect 4 View Module (HKLM\...\{03E04B47-9270-4613-8D7E-DA4AD2B259A0}) (Version: 4.1.5.29097 - pdfforge GmbH) Hidden PDF24 Creator 8.0.4 (HKLM-x32\...\{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1) (Version: - PDF24.org) PDFCreator (HKLM\...\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}) (Version: 2.4.1 - pdfforge GmbH) PeakTech 4025,4030 (HKLM-x32\...\PeakTech 4025,40301.0) (Version: 1.0 - PeakTech) Pinnacle MyDVD (HKLM-x32\...\{9E90B657-D5B4-40C0-AE05-B29DED063494}) (Version: 1.0.112 - Ihr Firmenname) Hidden Pinnacle MyDVD (HKLM-x32\...\{E6D07A42-38B7-4AAF-A857-2DF7177244D7}) (Version: 1.0 - Pinnacle) Pinnacle Studio 15 (HKLM-x32\...\{1362E602-9625-42D3-B57F-CDA9D26F9DA8}) (Version: 15.0.0.7593 - Pinnacle Systems) Pinnacle Studio 19 - Install Manager (HKLM\...\{891ED714-E54D-4BE1-8DE8-4EE54D9BB402}) (Version: 19.0.224 - Corel Corporation) Pinnacle Studio 19 - Standard Content Pack (HKLM\...\{91D1B712-604F-49C8-943F-FD257D647161}) (Version: 19.1 - Corel Corporation) Pinnacle Studio 19 (HKLM\...\{CF91A83C-B84F-43CE-BCCE-7247E6137173}) (Version: 19.5.1.401 - Corel Corporation) Pinnacle Video Treiber (HKLM\...\{6DE721A5-5E89-4D74-994C-652BB3C0672E}) (Version: 12.1.0.030 - Pinnacle Systems) Premium Pack Volumes 1-2 (HKLM-x32\...\{4E62FCE5-6A72-4E13-9F7F-7104748AF838}) (Version: 3.1 - Corel Corporation) PROMT Expert 12 EGGE (HKLM-x32\...\{76776E00-F448-443B-9668-9FFBF696F8F2}) (Version: 12.0.00001 - PROMT Ltd.) Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.48.823.2011 - Realtek) Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6662 - Realtek Semiconductor Corp.) Recuva (HKLM\...\Recuva) (Version: 1.51 - Piriform) REFLEX Modellflugsimulator (HKLM-x32\...\{DBD9D100-91B9-4B46-80D9-AD075CD1B9EF}) (Version: 5.01.0 - Dipl.-Ing. Stefan Kunde) Runtime für den NI-Systemkonfigurator 14.0.0 (HKLM-x32\...\{AF9C6F07-345F-46B9-8B1A-4AF388A8C028}) (Version: 14.0.142 - National Instruments) Hidden SAM Packs 7.0 (HKLM-x32\...\{9CE38B1E-3DED-4C80-947E-11AC5ACF6420}) (Version: 7.0.783 - Atmel) Hidden ScoreFitter Volumes 1-2 (HKLM\...\{5CA29919-6361-4A17-91C5-6819E43794B1}) (Version: 3.0 - Corel Corporation) Serial Port Monitor 6.0.235 (HKLM\...\Serial Port Monitor_is1) (Version: 6.0 - ELTIMA Software) SHIELD Streaming (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_GFExperience.NvStreamSrv) (Version: 4.1.3000 - NVIDIA Corporation) Hidden SHIELD Wireless Controller Driver (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_ShieldWirelessController) (Version: 2.5.12.11 - NVIDIA Corporation) Hidden STK02H 2.0 (HKLM-x32\...\{DA48EC21-CC7C-4808-A6B9-2BE06044D2FA}) (Version: 2.0 - Syntek) Strumenti di correzione di Microsoft Office 2016 - Italiano (HKLM\...\{90160000-001F-0410-1000-0000000FF1CE}) (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden Suite Specific (HKLM-x32\...\{C49DAA9C-5BA8-459A-8244-E57B69DF0F04}) (Version: 2.0.0 - Adobe Systems, Incorporated) Hidden swMSM (HKLM-x32\...\{612C34C7-5E90-47D8-9B5C-0F717DD82726}) (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden Title Extreme (HKLM\...\{3B519225-B4B2-40B7-A431-3C6AAE2831B4}) (Version: 3.0 - Corel Corporation) TomTom HOME (HKLM-x32\...\{C51F55EC-477D-4385-B951-BDEFA5DFC90B}) (Version: 2.11.6 - Ihr Firmenname) TomTom MyDrive Connect 4.2.5.3734 (HKLM-x32\...\MyDriveConnect) (Version: 4.2.5.3734 - TomTom) TotalAV (HKLM-x32\...\TotalAV) (Version: 5.4.19 - TotalAV) Unterstützung für NI SSL (64 Bit) (HKLM\...\{A4C182E0-D701-40E4-BCBB-6236ABFA013E}) (Version: 14.5.10 - National Instruments) Hidden Unterstützung für NI SSL (HKLM-x32\...\{E91ED1A5-1981-48AB-BDD1-D146A874FF97}) (Version: 14.5.10 - National Instruments) Hidden Unterstützung für nicht englische Versionen der Runtime von LabVIEW 2014 SP1. (HKLM-x32\...\{1B3ABFBF-D1D5-4B73-A1FE-7FDA9FB6582B}) (Version: 14.1.96 - National Instruments) Hidden Unterstützung für nicht englische Versionen der Runtime-Engine von LabVIEW 2013 SP1 (HKLM-x32\...\{2C1641D5-437E-4EE7-BC5E-89FCDCDF09BD}) (Version: 13.1.99 - National Instruments) Hidden Update for (KB2504637) (HKLM-x32\...\{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}.KB2504637) (Version: 1 - Microsoft Corporation) Update for Skype for Business 2016 (KB4484213) 64-Bit Edition (HKLM\...\{90160000-0011-0000-1000-0000000FF1CE}_Office16.PROPLUS_{697E3A3C-324C-4BE3-BDF5-EF2DFA57AA9A}) (Version: - Microsoft) Update for Skype for Business 2016 (KB4484213) 64-Bit Edition (HKLM\...\{90160000-00C1-0000-1000-0000000FF1CE}_Office16.PROPLUS_{697E3A3C-324C-4BE3-BDF5-EF2DFA57AA9A}) (Version: - Microsoft) Update for Skype for Business 2016 (KB4484213) 64-Bit Edition (HKLM\...\{90160000-012B-0407-1000-0000000FF1CE}_Office16.PROPLUS_{697E3A3C-324C-4BE3-BDF5-EF2DFA57AA9A}) (Version: - Microsoft) Visual Studio Tools for the Office system 3.0 Runtime (HKLM-x32\...\Visual Studio Tools for the Office system 3.0 Runtime) (Version: - Microsoft Corporation) VLC media player (HKLM-x32\...\VLC media player) (Version: 3.0.8 - VideoLAN) WAV To MP3 V2 (HKLM-x32\...\WAV To MP3_is1) (Version: - hxxp://www.WAVMP3.net) Web Companion (HKLM-x32\...\{97330988-a659-4521-bc4b-cd2124834004}) (Version: 4.9.2182.4042 - Lavasoft) Windows 10-Update-Assistent (HKLM-x32\...\{D5C69738-B486-402E-85AC-2456D98A64E4}) (Version: 1.4.9200.22925 - Microsoft Corporation) Windows Driver Package - Garmin (grmnusb) GARMIN Devices (04/19/2012 2.3.1.0) (HKLM\...\98157A226B40B173301B0F53C8E98C47805D5152) (Version: 04/19/2012 2.3.1.0 - Garmin) Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation) Windows-Treiberpaket - Dynastream Innovations, Inc. ANT LibUSB Drivers (04/11/2012 1.2.40.201) (HKLM\...\F9D2A789F9CFF8CEC36B544F53877C80F1F73C46) (Version: 04/11/2012 1.2.40.201 - Dynastream Innovations, Inc.) Windows-Treiberpaket - Multiplex Modellsport GmbH & Co. KG (silabser) Ports (10/18/2013 6.6.1.0) (HKLM\...\9D8272041DC974ADE61EBB396C92C3B9CCEC3763) (Version: 10/18/2013 6.6.1.0 - Multiplex Modellsport GmbH & Co. KG) Windows-Treiberpaket - Silicon Laboratories (silabenm) Ports (03/19/2014 6.7.0.0) (HKLM\...\B97004A400E30DCF940971EFA7A0C13C6B0A4B66) (Version: 03/19/2014 6.7.0.0 - Silicon Laboratories) Windows-Treiberpaket - Silicon Labs Software (DSI_SiUSBXp_3_1) USB (02/06/2007 3.1) (HKLM\...\D1506E0025B5A3F9EB8270FE81C1EEDD9388B8A2) (Version: 02/06/2007 3.1 - Silicon Labs Software) WinRAR 4.20 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 4.20.0 - win.rar GmbH) WinZip (HKLM-x32\...\WinZip) (Version: 9.0 SR-1 (6224g) - WinZip Computing, Inc. und H.C. Top Systems B.V.) Works Suite-Betriebssystem-Pack (HKLM-x32\...\{C4BEEB8C-B9D2-4CD9-A2AA-1F3A1F57DF21}) (Version: 3.0.0.0000 - Microsoft Corporation) Hidden Works Suite-Betriebssystem-Pack (HKLM-x32\...\{C7B8E06E-EBBC-4210-93AB-DFC8760E3FC9}) (Version: 1.0.0.0000 - Microsoft Corporation) Hidden Works-Synchronisierung (HKLM-x32\...\{F2260E94-80F2-4CB1-B6B1-6043D9BFFA47}) (Version: 1.0.0.0000 - Firmenname) Hidden YouTube Song Downloader 2018 (HKLM-x32\...\AbAppId-55_is1) (Version: 18.16 - Abelssoft) Packages: ========= Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2020-01-22] (Microsoft Corporation) [MS Ad] Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2020-01-22] (Microsoft Corporation) [MS Ad] Microsoft Solitaire Collection -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.5.12061.0_x64__8wekyb3d8bbwe [2020-01-23] (Microsoft Studios) [MS Ad] MSN Wetter -> C:\Program Files\WindowsApps\Microsoft.BingWeather_4.34.13393.0_x64__8wekyb3d8bbwe [2020-01-22] (Microsoft Corporation) [MS Ad] NVIDIA Control Panel -> C:\Program Files\WindowsApps\NVIDIACorp.NVIDIAControlPanel_8.1.956.0_x64__56jybvy8sckqj [2020-01-20] (NVIDIA Corp.) ==================== Benutzerdefinierte CLSID (Nicht auf der Ausnahmeliste): ============== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.) ShellIconOverlayIdentifiers: [ OverlayExcluded] -> {4433A54A-1AC8-432F-90FC-85F045CF383C} => C:\Program Files\Norton Security\Engine\22.20.1.69\buShell.dll [2020-01-21] (Symantec Corporation -> Symantec Corporation) ShellIconOverlayIdentifiers: [ OverlayPending] -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} => C:\Program Files\Norton Security\Engine\22.20.1.69\buShell.dll [2020-01-21] (Symantec Corporation -> Symantec Corporation) ShellIconOverlayIdentifiers: [ OverlayProtected] -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} => C:\Program Files\Norton Security\Engine\22.20.1.69\buShell.dll [2020-01-21] (Symantec Corporation -> Symantec Corporation) ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2020-02-21] (AVAST Software s.r.o. -> AVAST Software) ShellIconOverlayIdentifiers-x32: [ OverlayExcluded] -> {4433A54A-1AC8-432F-90FC-85F045CF383C} => C:\Program Files\Norton Security\Engine\22.20.1.69\buShell.dll [2020-01-21] (Symantec Corporation -> Symantec Corporation) ShellIconOverlayIdentifiers-x32: [ OverlayPending] -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} => C:\Program Files\Norton Security\Engine\22.20.1.69\buShell.dll [2020-01-21] (Symantec Corporation -> Symantec Corporation) ShellIconOverlayIdentifiers-x32: [ OverlayProtected] -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} => C:\Program Files\Norton Security\Engine\22.20.1.69\buShell.dll [2020-01-21] (Symantec Corporation -> Symantec Corporation) ContextMenuHandlers1: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2020-02-21] (AVAST Software s.r.o. -> AVAST Software) ContextMenuHandlers1: [BUContextMenu] -> {F7CAA2A1-67A2-44BB-B20F-202FD8EB1DAB} => C:\Program Files\Norton Security\Engine\22.20.1.69\buShell.dll [2020-01-21] (Symantec Corporation -> Symantec Corporation) ContextMenuHandlers1: [PDFArchitect4_ManagerExt] -> {3AECFCB3-8472-48E9-BC7B-5A3CD945C886} => C:\Program Files\PDF Architect 4\creator-context-menu.dll [2016-08-05] (pdfforge GmbH -> pdfforge GmbH) ContextMenuHandlers1: [PDFCreator.ShellContextMenu] -> {d9cea52e-100d-4159-89ea-76e845bc13e1} => D:\Program Files\PDFCreator\PDFCreatorShell.DLL [2016-11-18] (pdfforge GmbH -> pdfforge GmbH) ContextMenuHandlers1-x32: [PromtMenu] -> {90F18B18-A0BA-4140-AF97-3625C0C8A2E6} => D:\Programme\PROMT12\PRMT\prmshell.dll [2009-12-11] (PROMT -> PROMT Ltd.) ContextMenuHandlers1: [ReflectShellExt] -> {DEBB9B79-B3DD-47F4-9E5C-EA6975BAB611} => D:\Programme\Reflect\RContextMenu.dll [2019-09-20] (Paramount Software UK Ltd -> Paramount Software UK Ltd) ContextMenuHandlers1: [Symantec.Norton.Antivirus.IEContextMenu] -> {FAD61B3D-699D-49B2-BE16-7F82CB4C59CA} => C:\Program Files\Norton Security\Engine\22.20.1.69\NavShExt.dll [2020-01-21] (Symantec Corporation -> Symantec Corporation) ContextMenuHandlers1-x32: [VersionsMenu] -> {03170921-4754-11cf-AB9A-00C0F00683EB} => D:\COREL\Versions\CVersion.dll -> Keine Datei ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2012-06-09] (Alexander Roshal) [Datei ist nicht signiert] ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2012-06-09] (Alexander Roshal) [Datei ist nicht signiert] ContextMenuHandlers1-x32: [WinZip] -> {E0D79304-84BE-11CE-9641-444553540000} => D:\Programme\WinZip\WZSHLSTB.DLL [2001-12-29] (WinZip Computing, Inc.) [Datei ist nicht signiert] ContextMenuHandlers2: [ReflectShellExt] -> {DEBB9B79-B3DD-47F4-9E5C-EA6975BAB611} => D:\Programme\Reflect\RContextMenu.dll [2019-09-20] (Paramount Software UK Ltd -> Paramount Software UK Ltd) ContextMenuHandlers2: [Symantec.Norton.Antivirus.IEContextMenu] -> {FAD61B3D-699D-49B2-BE16-7F82CB4C59CA} => C:\Program Files\Norton Security\Engine\22.20.1.69\NavShExt.dll [2020-01-21] (Symantec Corporation -> Symantec Corporation) ContextMenuHandlers3: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2020-02-21] (AVAST Software s.r.o. -> AVAST Software) ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => d:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2020-02-14] (Malwarebytes Corporation -> Malwarebytes) ContextMenuHandlers4-x32: [FolderToCorelMediaFolder] -> {0FBF99C1-4127-11D1-B1E6-C17E96D9180A} => D:\Programme\CorelDraw8.0\programs\CMFFld80.dll -> Keine Datei ContextMenuHandlers4: [RecuvaShellExt] -> {435E5DF5-2510-463C-B223-BDA47006D002} => C:\Program Files\Recuva\RecuvaShell64.dll [2014-03-14] (Piriform Ltd -> Piriform Ltd) ContextMenuHandlers4-x32: [WinZip] -> {E0D79304-84BE-11CE-9641-444553540000} => D:\Programme\WinZip\WZSHLSTB.DLL [2001-12-29] (WinZip Computing, Inc.) [Datei ist nicht signiert] ContextMenuHandlers5: [Gadgets] -> {6B9228DA-9C15-419e-856C-19E768A13BDC} => -> Keine Datei ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\WINDOWS\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_90685a092bcf58c7\nvshext.dll [2019-10-04] (NVIDIA Corporation -> NVIDIA Corporation) ContextMenuHandlers6: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2020-02-21] (AVAST Software s.r.o. -> AVAST Software) ContextMenuHandlers6: [BUContextMenu] -> {F7CAA2A1-67A2-44BB-B20F-202FD8EB1DAB} => C:\Program Files\Norton Security\Engine\22.20.1.69\buShell.dll [2020-01-21] (Symantec Corporation -> Symantec Corporation) ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => d:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2020-02-14] (Malwarebytes Corporation -> Malwarebytes) ContextMenuHandlers6: [RecuvaShellExt] -> {435E5DF5-2510-463C-B223-BDA47006D002} => C:\Program Files\Recuva\RecuvaShell64.dll [2014-03-14] (Piriform Ltd -> Piriform Ltd) ContextMenuHandlers6: [Symantec.Norton.Antivirus.IEContextMenu] -> {FAD61B3D-699D-49B2-BE16-7F82CB4C59CA} => C:\Program Files\Norton Security\Engine\22.20.1.69\NavShExt.dll [2020-01-21] (Symantec Corporation -> Symantec Corporation) ContextMenuHandlers6-x32: [VersionsMenu] -> {03170921-4754-11cf-AB9A-00C0F00683EB} => D:\COREL\Versions\CVersion.dll -> Keine Datei ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2012-06-09] (Alexander Roshal) [Datei ist nicht signiert] ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2012-06-09] (Alexander Roshal) [Datei ist nicht signiert] ContextMenuHandlers6-x32: [WinZip] -> {E0D79304-84BE-11CE-9641-444553540000} => D:\Programme\WinZip\WZSHLSTB.DLL [2001-12-29] (WinZip Computing, Inc.) [Datei ist nicht signiert] ==================== Codecs (Nicht auf der Ausnahmeliste) ==================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt. Die Datei wird nicht verschoben.) HKLM\...\Drivers32: [vidc.pDAD] => C:\Windows\SysWOW64\prodad-codec.dll [506312 2014-01-08] (proDAD GmbH -> proDAD GmbH) ==================== Verknüpfungen & WMI ======================== (Die Einträge können gelistet werden, um sie zurückzusetzen oder zu entfernen.) WMI:subscription\__FilterToConsumerBinding->CommandLineEventConsumer.Name=\"BVTConsumer\"",Filter="__EventFilter.Name=\"BVTFilter\":: WMI:subscription\__EventFilter->BVTFilter::[Query => SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99] WMI:subscription\CommandLineEventConsumer->BVTConsumer::[CommandLineTemplate => cscript KernCap.vbs][WorkingDirectory => C:\\tools\\kernrate] ==================== Geladene Module (Nicht auf der Ausnahmeliste) ============= 2005-04-06 16:53 - 2005-04-06 16:53 - 000434255 _____ () [Datei ist nicht signiert] d:\Programme\Creative Suite CS2\Adobe Version Cue CS2\bin\ps-rw-vc-v8_58.dll 2005-04-06 16:53 - 2005-04-06 16:53 - 001019904 _____ () [Datei ist nicht signiert] d:\Programme\Creative Suite CS2\Adobe Version Cue CS2\bin\ps-vc-v8_58.dll 2005-04-06 16:52 - 2005-04-06 16:52 - 000028791 _____ () [Datei ist nicht signiert] d:\Programme\Creative Suite CS2\Adobe Version Cue CS2\jre\bin\hpi.dll 2005-04-06 16:53 - 2005-04-06 16:53 - 000102515 _____ () [Datei ist nicht signiert] d:\Programme\Creative Suite CS2\Adobe Version Cue CS2\jre\bin\java.dll 2005-04-06 16:53 - 2005-04-06 16:53 - 000057455 _____ () [Datei ist nicht signiert] D:\Programme\Creative Suite CS2\Adobe Version Cue CS2\jre\bin\net.dll 2005-04-06 16:53 - 2005-04-06 16:53 - 000032880 _____ () [Datei ist nicht signiert] D:\Programme\Creative Suite CS2\Adobe Version Cue CS2\jre\bin\nio.dll 2005-04-06 16:53 - 2005-04-06 16:53 - 000057453 _____ () [Datei ist nicht signiert] d:\Programme\Creative Suite CS2\Adobe Version Cue CS2\jre\bin\verify.dll 2005-04-06 16:53 - 2005-04-06 16:53 - 000053364 _____ () [Datei ist nicht signiert] d:\Programme\Creative Suite CS2\Adobe Version Cue CS2\jre\bin\zip.dll 2005-04-06 16:53 - 2005-04-06 16:53 - 000425984 _____ (Adobe Systems Incorporated) [Datei ist nicht signiert] d:\Programme\Creative Suite CS2\Adobe Version Cue CS2\bin\AdobeUpdater.dll 2005-04-06 16:53 - 2005-04-06 16:53 - 000147456 _____ (Adobe Systems Incorporated) [Datei ist nicht signiert] D:\Programme\Creative Suite CS2\Adobe Version Cue CS2\plugins\com.adobe.versioncue.systemintegration_2.0.0\os\win32\x86\SystemIntegration.dll 2005-04-06 16:53 - 2005-04-06 16:53 - 000114688 _____ (Adobe Systems) [Datei ist nicht signiert] D:\Programme\Creative Suite CS2\Adobe Version Cue CS2\plugins\com.adobe.versioncue.rendezvous_2.0.0\os\win32\x86\VCRendezvous.dll 2005-04-06 16:53 - 2005-04-06 16:53 - 000123536 _____ (MicroQuill Software Publishing, Inc.) [Datei ist nicht signiert] d:\Programme\Creative Suite CS2\Adobe Version Cue CS2\bin\SHSMP.DLL 2005-04-06 16:53 - 2005-04-06 16:53 - 000401462 _____ (Microsoft Corporation) [Datei ist nicht signiert] d:\Programme\Creative Suite CS2\Adobe Version Cue CS2\bin\MSVCP60.dll 2014-10-27 13:21 - 2014-10-27 13:21 - 000132608 _____ (National Instruments Corporation) [Datei ist nicht signiert] C:\ProgramData\National Instruments\WebServices\NI\LVWSAuthSvc\niauthsvc.dll 2014-10-27 13:34 - 2014-10-27 13:34 - 000030208 _____ (National Instruments Corporation) [Datei ist nicht signiert] C:\ProgramData\National Instruments\WebServices\NI\LVWSDeploySvc\deploysvc.dll 2014-11-21 11:36 - 2014-11-21 11:36 - 000221184 _____ (National Instruments Corporation) [Datei ist nicht signiert] C:\ProgramData\National Instruments\WebServices\NI\LVWSSysAdmin\sysadminsvc.dll 2014-06-10 14:28 - 2014-06-10 14:28 - 000064512 _____ (National Instruments Corporation) [Datei ist nicht signiert] D:\Programme\MultiSIM BLUE\MAX\Data Dictionaries\TgrDD.dll 2014-06-09 02:20 - 2014-06-09 02:20 - 000566784 _____ (National Instruments Corporation) [Datei ist nicht signiert] D:\Programme\MultiSIM BLUE\Shared\LogosXT\nilxtcor.dll 2014-06-09 02:29 - 2014-06-09 02:29 - 000226816 _____ (National Instruments Corporation) [Datei ist nicht signiert] D:\Programme\MultiSIM BLUE\Shared\LogosXT\nipspxts.dll 2014-06-19 23:16 - 2014-06-19 23:16 - 000180736 _____ (National Instruments Corporation) [Datei ist nicht signiert] D:\Programme\MultiSIM BLUE\Shared\NI Network Discovery\niDiscExp.dll 2014-08-21 12:54 - 2014-08-21 12:54 - 000218624 _____ (National Instruments Corporation) [Datei ist nicht signiert] D:\Programme\MultiSIM BLUE\Shared\NI System Configuration\nisyscfgExpert.dll 2014-11-21 11:35 - 2014-11-21 11:35 - 000033792 _____ (National Instruments Corporation) [Datei ist nicht signiert] D:\Programme\MultiSIM BLUE\Shared\NI WebServer\libappweb.dll 2014-10-24 11:48 - 2014-10-24 11:48 - 000057856 _____ (National Instruments Corporation) [Datei ist nicht signiert] D:\Programme\MultiSIM BLUE\Shared\NI WebServer\libappwebcore.dll 2014-10-24 11:48 - 2014-10-24 11:48 - 000153088 _____ (National Instruments Corporation) [Datei ist nicht signiert] D:\Programme\MultiSIM BLUE\Shared\NI WebServer\libhttp.dll 2014-10-24 11:48 - 2014-10-24 11:48 - 000175616 _____ (National Instruments Corporation) [Datei ist nicht signiert] D:\Programme\MultiSIM BLUE\Shared\NI WebServer\libmpr.dll 2014-10-24 11:48 - 2014-10-24 11:48 - 000091136 _____ (National Instruments Corporation) [Datei ist nicht signiert] D:\Programme\MultiSIM BLUE\Shared\NI WebServer\libpcre.dll 2014-10-23 14:56 - 2014-10-23 14:56 - 000270336 _____ (National Instruments Corporation) [Datei ist nicht signiert] D:\Programme\MultiSIM BLUE\Shared\NI WebServer\mod_niauth.dll 2014-10-27 13:34 - 2014-10-27 13:34 - 000033792 _____ (National Instruments Corporation) [Datei ist nicht signiert] D:\Programme\MultiSIM BLUE\Shared\NI WebServer\mod_niconf.dll 2014-10-23 11:42 - 2014-10-23 11:42 - 000056832 _____ (National Instruments Corporation) [Datei ist nicht signiert] D:\Programme\MultiSIM BLUE\Shared\NI WebServer\mod_niesp.dll 2014-10-23 11:42 - 2014-10-23 11:42 - 000208896 _____ (National Instruments Corporation) [Datei ist nicht signiert] D:\Programme\MultiSIM BLUE\Shared\NI WebServer\mod_nisessmgr.dll 2014-11-21 11:36 - 2014-11-21 11:36 - 000571904 _____ (National Instruments Corporation) [Datei ist nicht signiert] D:\Programme\MultiSIM BLUE\Shared\NI WebServer\mod_niws.dll 2014-11-21 11:36 - 2014-11-21 11:36 - 000413184 _____ (National Instruments Corporation) [Datei ist nicht signiert] D:\Programme\MultiSIM BLUE\Shared\NI WebServer\ws_runtime.dll 2014-10-23 14:56 - 2014-10-23 14:56 - 000455680 _____ (National Instruments Corporation) [Datei ist nicht signiert] D:\Programme\MultiSIM BLUE\Shared\NIAuth\niauth.dll 2014-10-27 13:20 - 2014-10-27 13:20 - 000264704 _____ (National Instruments Corporation) [Datei ist nicht signiert] D:\Programme\MultiSIM BLUE\Shared\NIAuth\niPortableRegistry.dll 2014-06-09 01:09 - 2014-06-09 01:09 - 000253952 _____ (National Instruments Corporation) [Datei ist nicht signiert] D:\Programme\MultiSIM BLUE\Shared\Security\nidm_client_thinauth.dll 2014-06-10 13:49 - 2014-06-10 13:49 - 000102912 _____ (National Instruments Corporation) [Datei ist nicht signiert] D:\Programme\MultiSIM BLUE\Shared\Tagger\ni_tagger_plugin_LogosRTClient.dll 2014-06-10 14:23 - 2014-06-10 14:23 - 000200192 _____ (National Instruments Corporation) [Datei ist nicht signiert] D:\Programme\MultiSIM BLUE\Shared\Tagger\ni_tagger_plugin_LogosRTServer.dll 2014-06-10 14:32 - 2014-06-10 14:32 - 000256512 _____ (National Instruments Corporation) [Datei ist nicht signiert] D:\Programme\MultiSIM BLUE\Shared\Tagger\ni_tagger_plugin_mxs.dll 2014-06-10 13:36 - 2014-06-10 13:36 - 000346112 _____ (National Instruments Corporation) [Datei ist nicht signiert] D:\Programme\MultiSIM BLUE\Shared\Tagger\ni_tagger_plugin_OPCServer.dll 2014-06-10 14:06 - 2014-06-10 14:06 - 000415744 _____ (National Instruments Corporation) [Datei ist nicht signiert] D:\Programme\MultiSIM BLUE\Shared\Tagger\tag.mnd 2014-06-05 17:30 - 2014-06-05 17:30 - 000095232 _____ (National Instruments Corporation) [Datei ist nicht signiert] D:\Programme\MultiSIM BLUE\Shared\TraceEngine\ni_traceengine.dll 2015-11-26 13:47 - 2016-06-15 02:12 - 001298640 _____ (NVIDIA Corporation PE Sign v2014 -> NVIDIA Corporation) [Datei ist nicht signiert] C:\Program Files\NVIDIA Corporation\NvStreamSrv\rxinput.dll 2015-11-26 13:47 - 2015-07-24 05:21 - 001710568 ____R (NVIDIA Corporation PE Sign v2014 -> NVIDIA Corporation) [Datei ist nicht signiert] C:\WINDOWS\system32\nvspcap64.dll 2017-01-11 11:32 - 2017-01-11 11:32 - 000115200 _____ (pdfforge GmbH) [Datei ist nicht signiert] C:\WINDOWS\System32\pdfcmon.dll 2005-04-06 16:53 - 2005-04-06 16:53 - 000241664 _____ (Persistence Software, Inc.) [Datei ist nicht signiert] D:\Programme\Creative Suite CS2\Adobe Version Cue CS2\bin\ps-jni-vc-v8_58.dll 2005-04-06 16:53 - 2005-04-06 16:53 - 000356352 _____ (Persistence Software, Inc.) [Datei ist nicht signiert] d:\Programme\Creative Suite CS2\Adobe Version Cue CS2\bin\ps-mysql-vc-v8_58.dll 2005-04-06 16:53 - 2005-04-06 16:53 - 000249856 _____ (Persistence Software, Inc.) [Datei ist nicht signiert] D:\Programme\Creative Suite CS2\Adobe Version Cue CS2\bin\ps-util-vc-v8_58.dll 2005-04-06 16:52 - 2005-04-06 16:52 - 001216642 _____ (Sun Microsystems, Inc.) [Datei ist nicht signiert] d:\Programme\Creative Suite CS2\Adobe Version Cue CS2\jre\bin\client\jvm.dll 2020-02-14 16:43 - 2019-10-15 17:51 - 002648576 _____ (The OpenSSL Project, hxxps://www.openssl.org/) [Datei ist nicht signiert] C:\Program Files (x86)\TotalAV\libcrypto-1_1.dll 2020-02-14 16:43 - 2019-10-15 17:51 - 000640512 _____ (The OpenSSL Project, hxxps://www.openssl.org/) [Datei ist nicht signiert] C:\Program Files (x86)\TotalAV\libssl-1_1.dll ==================== Alternate Data Streams (Nicht auf der Ausnahmeliste) ======== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird nur der ADS entfernt.) AlternateDataStreams: C:\ProgramData\TEMP:40C12C39 [262] ==================== Abgesicherter Modus (Nicht auf der Ausnahmeliste) ================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Der Wert "AlternateShell" wird wiederhergestellt.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service" ==================== Verknüpfungen (Nicht auf der Ausnahmeliste) ================= ==================== Internet Explorer Vertrauenswürdig/Eingeschränkt ========== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt.) IE trusted site: HKU\.DEFAULT\...\localhost -> localhost IE trusted site: HKU\.DEFAULT\...\webcompanion.com -> hxxp://webcompanion.com ==================== Hosts Inhalt: ========================= (Wenn benötigt kann der Hosts: Schalter in die Fixlist aufgenommen werden um die Hosts Datei zurückzusetzen.) 2009-07-14 03:34 - 2009-06-10 22:00 - 000000824 _____ C:\WINDOWS\system32\drivers\etc\hosts ==================== Andere Bereiche =========================== (Aktuell gibt es keinen automatisierten Fix für diesen Bereich.) HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> C:\Program Files\Common Files\Microsoft Shared\Windows Live;C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live;C:\ProgramData\Oracle\Java\javapath;C:\Program Files (x86)\Intel\iCLS Client\;C:\Program Files\Intel\iCLS Client\;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\Pinnacle\Shared Files\;C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common;C:\Program Files (x86)\Common Files\Adobe\AGL;C:\Program Files (x86)\Windows Live\Shared;D:\Programme\ALTIS\;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;%SYSTEMROOT%\System32\OpenSSH\ HKU\S-1-5-21-3117796367-4178473136-720949512-500\Control Panel\Desktop\\Wallpaper -> C:\WINDOWS\web\wallpaper\Windows\img0.jpg DNS Servers: 192.168.2.1 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1) HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: ) HKLM\software\microsoft\Windows\CurrentVersion\Telephony\Providers => ProviderFileName2 -> ndptsp.tsp (Keine Datei) ist aktiviert. ==================== MSCONFIG/TASK MANAGER Deaktivierte Einträge == (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er entfernt.) MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Corel MEDIA FOLDERS INDEXER 8.LNK => C:\Windows\pss\Corel MEDIA FOLDERS INDEXER 8.LNK.CommonStartup MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^NI Error Reporting.lnk => C:\Windows\pss\NI Error Reporting.lnk.CommonStartup MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^STK02H 2.0 PNP Monitor.lnk => C:\Windows\pss\STK02H 2.0 PNP Monitor.lnk.CommonStartup MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^WinZip Quick Pick.lnk => C:\Windows\pss\WinZip Quick Pick.lnk.CommonStartup MSCONFIG\startupfolder: C:^Users^User^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^An OneNote senden.lnk => C:\Windows\pss\An OneNote senden.lnk.Startup MSCONFIG\startupreg: GarminExpressTrayApp => "C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe" MSCONFIG\startupreg: PDFPrint => D:\Programme\PDF24\pdf24.exe ==================== Firewall Regeln (Nicht auf der Ausnahmeliste) ================ (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.) FirewallRules: [{E56AED14-D8EC-44F3-B829-46F86F6B3575}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\UcMapi.exe Keine Datei FirewallRules: [{FA478675-18C3-4970-B714-9E9CE53EFD6A}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\Lync.exe Keine Datei FirewallRules: [{135DB0D3-4FFA-4B4F-8AAC-D5C4D128AAFF}] => (Allow) D:\Program Files (x86)\MyDrive Connect\MyDrive Connect\TomTom MyDrive Connect.exe (TomTom International BV -> TomTom) FirewallRules: [{52613626-690F-428F-8DF3-E027990387F7}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation -> Microsoft Corporation) FirewallRules: [{96A0377D-EBEC-43BE-BF6A-6506A49A2B84}] => (Allow) LPort=1900 FirewallRules: [{AEFF50BD-438B-442D-B00C-88711D75C0F1}] => (Allow) LPort=2869 FirewallRules: [{0DF46C70-13EB-4AF5-B84E-3F6619C4712F}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe (Microsoft Corporation -> Microsoft Corporation) FirewallRules: [{3567323C-2C37-401D-A2F5-48C885095DFC}] => (Allow) D:\Programme\AVRStudio7\7.0\AtmelStudio.exe (Atmel Norway -> Atmel) FirewallRules: [{188CA2DA-979C-4269-B173-E575AA15BD14}] => (Allow) D:\Programme\AVRStudio7\7.0\atbackend\atbackend.exe (Atmel Norway -> Atmel Corporation) FirewallRules: [{32E93534-A71F-4A3F-977F-0DCBFD8462DE}] => (Allow) D:\Programme\Creative Suite CS2\Adobe Version Cue CS2\bin\VersionCueCS2.exe (Adobe Systems Incorporated) [Datei ist nicht signiert] FirewallRules: [{65C1D6C7-4907-43F1-9002-3F6EEB8D2A3E}] => (Allow) D:\Programme\Creative Suite CS2\Adobe Version Cue CS2\bin\VersionCueCS2.exe (Adobe Systems Incorporated) [Datei ist nicht signiert] FirewallRules: [{2AC77D94-3AA3-4826-BD94-5C18BB6CB9AB}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe (NVIDIA Corporation -> NVIDIA Corporation) FirewallRules: [{EB41B82D-826B-4871-9D61-D859D2EAE38E}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe (NVIDIA Corporation -> NVIDIA Corporation) FirewallRules: [{4F237ED7-2308-467C-B2F5-33EA4B31BEC9}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe (NVIDIA Corporation -> NVIDIA Corporation) FirewallRules: [{6327EAD8-1BCE-4B9D-8612-19A598650047}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe (NVIDIA Corporation -> NVIDIA Corporation) FirewallRules: [{4E914A83-6073-4650-A08B-E43545EFD1BE}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe (NVIDIA Corporation -> NVIDIA Corporation) FirewallRules: [{B8E7A743-CE0E-4E8E-B418-A2D657BD2D8D}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe (NVIDIA Corporation -> NVIDIA Corporation) FirewallRules: [{AC8B9A05-0608-4777-BFB7-6E16173DDF76}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe (NVIDIA Corporation -> NVIDIA Corporation) FirewallRules: [{8F8DA3C3-AF72-4F50-B01F-C0CC3D0E05B9}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\UcMapi.exe Keine Datei FirewallRules: [{44139FF1-1862-499B-BF8D-56DCE3CE1A36}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\Lync.exe Keine Datei FirewallRules: [{2E533926-07B7-4E4A-81F2-36099E5EFEE4}] => (Allow) C:\Program Files\Pinnacle\Studio 19\programs\UMI.exe (Corel Corporation -> Pinnacle) FirewallRules: [{3D0E5610-1009-4D15-A2EF-E2FBC4B3293A}] => (Allow) C:\Program Files\Pinnacle\Studio 19\programs\UMI.exe (Corel Corporation -> Pinnacle) FirewallRules: [{29CC992C-EDE4-48E8-AB8D-49F8D59EFC87}] => (Allow) C:\Program Files\Pinnacle\Studio 19\programs\NGStudio.exe (Corel Corporation -> Pinnacle) FirewallRules: [{092CB067-7777-41C2-9C01-88456D625B11}] => (Allow) C:\Program Files\Pinnacle\Studio 19\programs\NGStudio.exe (Corel Corporation -> Pinnacle) FirewallRules: [{91830A68-A2C1-4608-B19B-1DEDA63881E8}] => (Allow) C:\Program Files\Pinnacle\Studio 19\programs\RM.exe (Corel Corporation -> Pinnacle) FirewallRules: [{D55CAC58-84DE-4B26-88AE-575CAFEACDF7}] => (Allow) C:\Program Files\Pinnacle\Studio 19\programs\RM.exe (Corel Corporation -> Pinnacle) FirewallRules: [{51D1D8BE-1949-4D00-BBAE-8757CA3C5818}] => (Allow) C:\Program Files (x86)\Studio15\Programs\umi.exe (Avid Technology, Inc. -> Pinnacle Systems) FirewallRules: [{91D632C0-8092-4507-910B-63E4125B8652}] => (Allow) C:\Program Files (x86)\Studio15\Programs\umi.exe (Avid Technology, Inc. -> Pinnacle Systems) FirewallRules: [{739B010C-BB4B-4600-8316-200210F0B071}] => (Allow) C:\Program Files (x86)\Studio15\Programs\Studio.exe (Avid Technology, Inc. -> Pinnacle Systems) FirewallRules: [{36A5F419-D95A-4E7E-BC34-3DC70458E29D}] => (Allow) C:\Program Files (x86)\Studio15\Programs\Studio.exe (Avid Technology, Inc. -> Pinnacle Systems) FirewallRules: [{396441E3-1F65-4DBA-8396-6367322C9F39}] => (Allow) C:\Program Files (x86)\Studio15\Programs\RM.exe (Avid Technology, Inc. -> Pinnacle Systems) FirewallRules: [{07F1BDA2-AD9F-44C1-A86B-71279394E7FF}] => (Allow) C:\Program Files (x86)\Studio15\Programs\RM.exe (Avid Technology, Inc. -> Pinnacle Systems) FirewallRules: [{6FD0439F-AF3D-4E4A-A51B-9DA43446FBA0}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation) FirewallRules: [{64A63F2A-4980-488E-A491-AB1D542088D7}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation) FirewallRules: [{DF58609B-7294-4D7B-8E9A-A4EABA727F0B}] => (Allow) D:\Programme\MultiSIM BLUE\Shared\nisvcloc\nisvcloc.exe (National Instruments Corporation -> National Instruments Corporation) FirewallRules: [{8A3BB187-468E-4D84-9792-02A814D0A23C}] => (Allow) D:\Programme\MultiSIM BLUE\Shared\nisvcloc\nisvcloc.exe (National Instruments Corporation -> National Instruments Corporation) FirewallRules: [{E9F3CA92-CAD3-46F6-BDA4-C9D733553497}] => (Allow) D:\Programme\MultiSIM BLUE\Shared\NI WebServer\SystemWebServer.exe (National Instruments Corporation -> National Instruments Corporation) FirewallRules: [{CD4A55A3-AC69-4910-B11D-11764353D2A1}] => (Allow) D:\Programme\MultiSIM BLUE\Shared\NI WebServer\SystemWebServer.exe (National Instruments Corporation -> National Instruments Corporation) FirewallRules: [{4F08CF52-B016-4A68-944C-1304C9C0BE35}] => (Allow) C:\Program Files\National Instruments\Shared\NI WebServer\ApplicationWebServer.exe (National Instruments Corporation -> National Instruments Corporation) FirewallRules: [{C229CA86-D1D2-4089-A45B-2E31E803BAF1}] => (Allow) C:\Program Files\National Instruments\Shared\NI WebServer\ApplicationWebServer.exe (National Instruments Corporation -> National Instruments Corporation) FirewallRules: [{22EC3136-CADE-4416-9D77-F40268D55AD2}] => (Allow) D:\Programme\MultiSIM BLUE\Shared\NI WebServer\ApplicationWebServer.exe (National Instruments Corporation -> National Instruments Corporation) FirewallRules: [{3B848BF1-A2CB-49D8-BEDD-6E15C4BDB929}] => (Allow) D:\Programme\MultiSIM BLUE\Shared\NI WebServer\ApplicationWebServer.exe (National Instruments Corporation -> National Instruments Corporation) FirewallRules: [{A9C2A7E2-75FE-4C61-8B15-6FCD44513AE3}] => (Allow) D:\Programme\MultiSIM BLUE\Shared\mDNS Responder\nimdnsResponder.exe (National Instruments Corporation -> National Instruments Corporation) FirewallRules: [UDP Query User{4422CCA5-5D9A-4B14-85E3-492EE36A12CB}C:\program files (x86)\mozilla firefox\firefox.exe] => (Allow) C:\program files (x86)\mozilla firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation) FirewallRules: [TCP Query User{792C1C5B-43EE-4614-B496-99DBBF34BC5D}C:\program files (x86)\mozilla firefox\firefox.exe] => (Allow) C:\program files (x86)\mozilla firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation) FirewallRules: [{0BDFB050-0C89-43BB-A78F-7483BFF0C079}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\outlook.exe Keine Datei FirewallRules: [{4D8A9F63-4EB6-4272-9525-CD9BF397192B}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation) FirewallRules: [{92FD3F33-EE03-405F-AB22-08181E72266C}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation) FirewallRules: [{D22AE1C9-14C2-410B-A76F-3CD85F6BB5E6}] => (Allow) C:\Program Files (x86)\iMesh Applications\iMesh\iMesh.exe Keine Datei FirewallRules: [{ED724D12-0D4C-41FE-8786-D50CDA2F5274}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe Keine Datei FirewallRules: [{4C2C995F-5960-4B74-8458-1BA0C0386788}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe Keine Datei FirewallRules: [{20B67A84-72AC-4749-9DF7-8E379B21F013}] => (Allow) C:\Programme\Benchmarks\SiSoftware Sandra Lite 2013.SP1\WNt500x64\RpcSandraSrv.exe Keine Datei FirewallRules: [{EDF33F24-2EE6-4F1B-9F70-A848CB16C57B}] => (Allow) D:\Programme\MS-Office\Office12\ONENOTE.EXE Keine Datei FirewallRules: [{2FD38DEF-D53B-4A17-831C-7D1D5EC612CE}] => (Allow) D:\Programme\MS-Office\Office12\ONENOTE.EXE Keine Datei FirewallRules: [{7ECA0A27-BC15-42DF-8973-1F1F194042AC}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe Keine Datei FirewallRules: [{4D5AFD56-46CA-4585-B55A-A71A435FCED7}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe Keine Datei FirewallRules: [{1A3F73D4-14DC-461C-9303-5656A011949C}] => (Allow) D:\Programme\Pinnacle Studio 15 HD\Programs\umi.exe (Avid Technology, Inc. -> Pinnacle Systems) FirewallRules: [{30BD4BD3-8CE2-494D-A1C4-04F8ABE02AD0}] => (Allow) D:\Programme\Pinnacle Studio 15 HD\Programs\umi.exe (Avid Technology, Inc. -> Pinnacle Systems) FirewallRules: [{6220AE49-E6AD-441C-9D59-2D529DD208A8}] => (Allow) D:\Programme\Pinnacle Studio 15 HD\Programs\Studio.exe (Avid Technology, Inc. -> Pinnacle Systems) FirewallRules: [{0E8C3CCD-BB24-4AD4-ACFE-5AEDABF37A6D}] => (Allow) D:\Programme\Pinnacle Studio 15 HD\Programs\Studio.exe (Avid Technology, Inc. -> Pinnacle Systems) FirewallRules: [{34D0FEAF-90DA-47DB-93F0-E73495880B3C}] => (Allow) D:\Programme\Pinnacle Studio 15 HD\Programs\RM.exe (Avid Technology, Inc. -> Pinnacle Systems) FirewallRules: [{91BDB2D4-C65D-43E0-8DCE-0A1E98600C23}] => (Allow) D:\Programme\Pinnacle Studio 15 HD\Programs\RM.exe (Avid Technology, Inc. -> Pinnacle Systems) FirewallRules: [{1EC25478-D5C0-46B2-A709-44D1464AD101}] => (Allow) C:\Program Files\Microsoft Office\Office16\lync.exe (Microsoft Corporation -> Microsoft Corporation) FirewallRules: [{C9EE657E-257B-45E5-9C0C-E7B096EE1228}] => (Allow) C:\Program Files\Microsoft Office\Office16\lync.exe (Microsoft Corporation -> Microsoft Corporation) FirewallRules: [{56A44D1D-08D1-49A7-9522-2BD7B983D06B}] => (Allow) C:\Program Files\Microsoft Office\Office16\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation) FirewallRules: [{C66C8B18-A231-4CD1-BF1D-162B955464CE}] => (Allow) C:\Program Files\Microsoft Office\Office16\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation) FirewallRules: [{48C3AF83-4A24-4058-94C9-03CF0555F806}] => (Allow) D:\Program Files (x86)\AnyDesk\AnyDesk.exe Keine Datei FirewallRules: [{F3F78D8E-944F-4EE0-BDEB-92B89B97EDEB}] => (Allow) D:\Program Files (x86)\AnyDesk\AnyDesk.exe Keine Datei FirewallRules: [{E0787613-7636-4EB8-BCD4-5E7BA8FB0501}] => (Allow) D:\Program Files (x86)\AnyDesk\AnyDesk.exe Keine Datei FirewallRules: [{A2CBE533-3917-430A-8FC1-6A03BEE34CF9}] => (Allow) D:\Program Files (x86)\AnyDesk\AnyDesk.exe Keine Datei FirewallRules: [{BE2F1234-7935-4548-852B-E3D13ADD46E4}] => (Allow) D:\Program Files (x86)\AnyDesk\AnyDesk.exe Keine Datei FirewallRules: [{5B32A012-23E0-4FFB-9624-9D1071506145}] => (Allow) D:\Program Files (x86)\AnyDesk\AnyDesk.exe Keine Datei ==================== Wiederherstellungspunkte ========================= 13-02-2020 21:50:19 Removed Microsoft Office Home and Student 2007 19-02-2020 09:09:36 Installed Macrium Reflect Free Edition ==================== Fehlerhafte Geräte im Gerätemanager ============ Name: WAN-Miniport (IP) Description: WAN-Miniport (IP) Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318} Manufacturer: Microsoft Service: NdisWan Problem: : This device is disabled. (Code 22) Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions. ==================== Fehlereinträge in der Ereignisanzeige: ======================== Applikationsfehler: ================== Error: (02/21/2020 09:15:25 PM) (Source: ESENT) (EventID: 455) (User: ) Description: svchost (8936,R,98) TILEREPOSITORYS-1-5-18: Fehler -1023 (0xfffffc01) beim Öffnen von Protokolldatei C:\WINDOWS\system32\config\systemprofile\AppData\Local\TileDataLayer\Database\EDB.log. Error: (02/21/2020 08:58:48 PM) (Source: SecurityCenter) (EventID: 16) (User: ) Description: Fehler beim Aktualisieren des Total AV-Status auf SECURITY_PRODUCT_STATE_OFF. Error: (02/21/2020 08:58:48 PM) (Source: WAS-LA) (EventID: 7005) (User: ) Description: Das Listeneradapterprotokoll "net.pipe" hat versucht, mit dem Windows-Prozessaktivierungsdienst zu kommunizieren und dabei einen Fehler verursacht. Der Listeneradapter befindet sich nun in einem ungültigen Zustand. Ursache: Dies kann auftreten, wenn zwischen dem Windows-Prozessaktivierungsdienst und dem Listeneradapter nicht ausreichend Speicherplatz vorhanden ist oder Fehler aufgetreten sind. Korrektur: Um diesen Fehler zu korrigieren, beenden Sie den Listeneradapter und anschließend den Windows-Prozessaktivierungsdienst, starten Sie den Windows-Prozessaktivierungsdienst neu, und starten Sie schließlich den Listeneradapter neu. Error: (02/21/2020 08:58:48 PM) (Source: VSS) (EventID: 8193) (User: ) Description: Volumeschattenkopie-Dienstfehler: Beim Aufrufen von Routine "CoCreateInstance" ist ein unerwarteter Fehler aufgetreten. hr = 0x8007045b, Der Computer wird heruntergefahren. . Error: (02/21/2020 08:58:48 PM) (Source: VSS) (EventID: 13) (User: ) Description: Volumenschattenkopie-Dienst-Informationen: Der COM-Server mit CLSID {4e14fba2-2e22-11d1-9964-00c04fbbb345} und dem Namen "CEventSystem" kann nicht gestartet werden. [0x8007045b, Der Computer wird heruntergefahren. ] Error: (02/21/2020 08:58:48 PM) (Source: SecurityCenter) (EventID: 17) (User: ) Description: Das Sicherheitscenter konnte den Aufrufer nicht überprüfen. Der Fehler %1 ist aufgetreten. Error: (02/21/2020 08:55:59 PM) (Source: ESENT) (EventID: 455) (User: ) Description: svchost (17828,R,98) TILEREPOSITORYS-1-5-18: Fehler -1023 (0xfffffc01) beim Öffnen von Protokolldatei C:\WINDOWS\system32\config\systemprofile\AppData\Local\TileDataLayer\Database\EDB.log. Error: (02/21/2020 08:38:51 PM) (Source: ESENT) (EventID: 455) (User: ) Description: svchost (19500,R,98) TILEREPOSITORYS-1-5-18: Fehler -1023 (0xfffffc01) beim Öffnen von Protokolldatei C:\WINDOWS\system32\config\systemprofile\AppData\Local\TileDataLayer\Database\EDB.log. Systemfehler: ============= Error: (02/21/2020 09:13:23 PM) (Source: Ntfs) (EventID: 55) (User: NT-AUTORITÄT) Description: In der Dateisystemstruktur auf Volume "Daten" wurde eine Beschädigung erkannt. Die genaue Art der Beschädigung ist unbekannt. Die Dateisystemstrukturen müssen online überprüft werden. Error: (02/21/2020 09:05:53 PM) (Source: DCOM) (EventID: 10005) (User: User-PC) Description: Fehler "1084" in DCOM, als der Dienst "ShellHWDetection" mit den Argumenten "Nicht verfügbar" gestartet wurde, um den folgenden Server zu verwenden: {DD522ACC-F821-461A-A407-50B198B896DC} Error: (02/21/2020 09:05:44 PM) (Source: DCOM) (EventID: 10005) (User: User-PC) Description: Fehler "1084" in DCOM, als der Dienst "ShellHWDetection" mit den Argumenten "Nicht verfügbar" gestartet wurde, um den folgenden Server zu verwenden: {DD522ACC-F821-461A-A407-50B198B896DC} Error: (02/21/2020 09:05:37 PM) (Source: DCOM) (EventID: 10005) (User: User-PC) Description: Fehler "1084" in DCOM, als der Dienst "WSearch" mit den Argumenten "Nicht verfügbar" gestartet wurde, um den folgenden Server zu verwenden: {B52D54BB-4818-4EB9-AA80-F9EACD371DF8} Error: (02/21/2020 09:05:37 PM) (Source: DCOM) (EventID: 10005) (User: User-PC) Description: Fehler "1084" in DCOM, als der Dienst "TokenBroker" mit den Argumenten "Nicht verfügbar" gestartet wurde, um den folgenden Server zu verwenden: Windows.Internal.Security.Authentication.Web.TokenBrokerInternal Error: (02/21/2020 09:05:37 PM) (Source: DCOM) (EventID: 10005) (User: User-PC) Description: Fehler "1084" in DCOM, als der Dienst "TokenBroker" mit den Argumenten "Nicht verfügbar" gestartet wurde, um den folgenden Server zu verwenden: Windows.Internal.Security.Authentication.Web.TokenBrokerInternal Error: (02/21/2020 09:05:37 PM) (Source: DCOM) (EventID: 10005) (User: User-PC) Description: Fehler "1084" in DCOM, als der Dienst "TokenBroker" mit den Argumenten "Nicht verfügbar" gestartet wurde, um den folgenden Server zu verwenden: Windows.Internal.Security.Authentication.Web.WamProviderRegistration Error: (02/21/2020 09:05:10 PM) (Source: DCOM) (EventID: 10005) (User: User-PC) Description: Fehler "1084" in DCOM, als der Dienst "WSearch" mit den Argumenten "Nicht verfügbar" gestartet wurde, um den folgenden Server zu verwenden: {E48EDA45-43C6-48E0-9323-A7B2067D9CD5} CodeIntegrity: =================================== Date: 2020-02-21 21:08:44.344 Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume2\Program Files\AVAST Software\Avast\aswAMSI.dll that did not meet the Windows signing level requirements. Date: 2020-02-21 21:08:44.329 Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume2\Program Files\Norton Security\Engine\22.20.1.69\symamsi.dll that did not meet the Windows signing level requirements. Date: 2020-02-21 21:08:44.321 Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume2\Program Files\AVAST Software\Avast\aswAMSI.dll that did not meet the Windows signing level requirements. Date: 2020-02-21 21:08:44.301 Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume2\Program Files\Norton Security\Engine\22.20.1.69\symamsi.dll that did not meet the Windows signing level requirements. Date: 2020-02-21 21:08:44.279 Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume2\Program Files\AVAST Software\Avast\aswAMSI.dll that did not meet the Windows signing level requirements. Date: 2020-02-21 21:08:44.265 Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume2\Program Files\Norton Security\Engine\22.20.1.69\symamsi.dll that did not meet the Windows signing level requirements. Date: 2020-02-21 21:07:41.926 Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MpCmdRun.exe) attempted to load \Device\HarddiskVolume2\Program Files\AVAST Software\Avast\aswAMSI.dll that did not meet the Microsoft signing level requirements. Date: 2020-02-21 21:07:41.911 Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MpCmdRun.exe) attempted to load \Device\HarddiskVolume2\Program Files\Norton Security\Engine\22.20.1.69\symamsi.dll that did not meet the Microsoft signing level requirements. ==================== Speicherinformationen =========================== BIOS: American Megatrends Inc. P1.20 12/12/2012 Hauptplatine: ASRock B75M R2.0 Prozessor: Intel(R) Core(TM) i5-3330 CPU @ 3.00GHz Prozentuale Nutzung des RAM: 46% Installierter physikalischer RAM: 8139.88 MB Verfügbarer physikalischer RAM: 4394.14 MB Summe virtueller Speicher: 16331.88 MB Verfügbarer virtueller Speicher: 12173.88 MB ==================== Laufwerke ================================ Drive c: (System) (Fixed) (Total:446.46 GB) (Free:325.2 GB) NTFS Drive d: (Programme und Treiber) (Fixed) (Total:931.51 GB) (Free:854.6 GB) NTFS Drive e: (Daten) (Fixed) (Total:931.51 GB) (Free:43.39 GB) NTFS Drive f: (Programme und Treiber Backup) (Fixed) (Total:720.97 GB) (Free:345.35 GB) NTFS Drive g: (Daten_Backup) (Fixed) (Total:676.3 GB) (Free:305.49 GB) NTFS \\?\Volume{280180c5-54e4-11e2-96ac-806e6f6e6963}\ (System-reserviert) (Fixed) (Total:0.1 GB) (Free:0.06 GB) NTFS \\?\Volume{1f4a5c7f-0000-0000-0000-e0a36f000000}\ () (Fixed) (Total:0.57 GB) (Free:0.08 GB) NTFS ==================== MBR & Partitionstabelle ==================== ========================================================== Disk: 0 (MBR Code: Windows 7/8/10) (Size: 447.1 GB) (Disk ID: 1F4A5C7F) Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=446.5 GB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=583 MB) - (Type=27) ========================================================== Disk: 1 (MBR Code: Windows 7/8/10) (Size: 931.5 GB) (Disk ID: 6072BB83) Partition 1: (Not Active) - (Size=931.5 GB) - (Type=07 NTFS) ========================================================== Disk: 2 (Size: 1397.3 GB) (Disk ID: 9687D2AB) Partition 1: (Active) - (Size=721 GB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=676.3 GB) - (Type=05) ========================================================== Disk: 3 (MBR Code: Windows XP) (Size: 931.5 GB) (Disk ID: 3DF363F5) Partition 1: (Active) - (Size=931.5 GB) - (Type=07 NTFS) ==================== Ende von Addition.txt ======================= Bericht MalwareBytes: Code:
ATTFilter Malwarebytes www.malwarebytes.com -Protokolldetails- Scan-Datum: 14.02.20 Scan-Zeit: 16:28 Protokolldatei: a3281c4e-4f3e-11ea-b74f-bc5ff46753dc.json -Softwaredaten- Version: 4.0.4.49 Komponentenversion: 1.0.823 Version des Aktualisierungspakets: 1.0.19220 Lizenz: Kostenlos -Systemdaten- Betriebssystem: Windows 10 (Build 18362.657) CPU: x64 Dateisystem: NTFS Benutzer: User-PC\User -Scan-Übersicht- Scan-Typ: Bedrohungs-Scan Scan gestartet von: Manuell Ergebnis: Abgeschlossen Gescannte Objekte: 427758 Erkannte Bedrohungen: 83 In die Quarantäne verschobene Bedrohungen: 83 Abgelaufene Zeit: 3 Min., 19 Sek. -Scan-Optionen- Speicher: Aktiviert Start: Aktiviert Dateisystem: Aktiviert Archive: Aktiviert Rootkits: Deaktiviert Heuristik: Aktiviert PUP: Erkennung PUM: Erkennung -Scan-Details- Prozess: 1 PUP.Optional.ChipDe, C:\Program Files (x86)\Chip Digital GmbH\chip1click\chip 1-click installer.exe, In Quarantäne, 572, 557990, , , , Modul: 1 PUP.Optional.ChipDe, C:\Program Files (x86)\Chip Digital GmbH\chip1click\chip 1-click installer.exe, In Quarantäne, 572, 557990, , , , Registrierungsschlüssel: 28 PUP.Optional.Conduit, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0633EE93-D776-472F-A0FF-E1416B8B2E3A}, In Quarantäne, 199, 236865, , , , PUP.Optional.Conduit, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0633EE93-D776-472F-A0FF-E1416B8B2E3A}, In Quarantäne, 199, 236865, , , , PUP.Optional.Conduit, HKU\S-1-5-21-3117796367-4178473136-720949512-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}, In Quarantäne, 199, 236865, 1.0.19220, , ame, PUP.Optional.ChipDe, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\chip1click, In Quarantäne, 572, 557990, , , , PUP.Optional.DataMngr.AppFlsh, HKU\S-1-5-21-3117796367-4178473136-720949512-1000\SOFTWARE\DataMngr, In Quarantäne, 53, 253612, 1.0.19220, , ame, PUP.Optional.DataMngr.AppFlsh, HKU\S-1-5-21-3117796367-4178473136-720949512-1000\SOFTWARE\DataMngr_Toolbar, In Quarantäne, 53, 253613, 1.0.19220, , ame, PUP.Optional.Delta.ShrtCln, HKU\S-1-5-21-3117796367-4178473136-720949512-1000\SOFTWARE\delta LTD, In Quarantäne, 63, 228647, 1.0.19220, , ame, PUP.Optional.Distromatic, HKU\S-1-5-21-3117796367-4178473136-720949512-1000\SOFTWARE\Distromatic, In Quarantäne, 6553, 359638, 1.0.19220, , ame, PUP.Optional.DigitalSites, HKU\S-1-5-21-3117796367-4178473136-720949512-1000\SOFTWARE\DSiteProducts, In Quarantäne, 1068, 237780, 1.0.19220, , ame, PUP.Optional.InstallCore, HKU\S-1-5-21-3117796367-4178473136-720949512-1000\SOFTWARE\InstallCore, In Quarantäne, 486, 239563, 1.0.19220, , ame, PUP.Optional.APNToolBar.Gen, HKU\S-1-5-18\SOFTWARE\AskPartnerNetwork, In Quarantäne, 915, 186876, 1.0.19220, , ame, PUP.Optional.ChipDe, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{503CA94E-0834-4CEE-AD92-BA17AF4E809A}, In Quarantäne, 572, 458401, 1.0.19220, , ame, PUP.Optional.Babylon, HKLM\SOFTWARE\WOW6432NODE\babylontoolbar, In Quarantäne, 385, 235651, 1.0.19220, , ame, PUP.Optional.DataMngr.AppFlsh, HKLM\SOFTWARE\WOW6432NODE\DataMngr, In Quarantäne, 53, 253614, 1.0.19220, , ame, PUP.Optional.Conduit.Generic, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{0523379E-0659-4AEE-9879-51348B3977DF}, In Quarantäne, 1332, 443512, 1.0.19220, , ame, PUP.Optional.Bandoo.AppFlsh, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{5B0700FD-A3E2-4DB0-9CA1-C541FF1A4348}, In Quarantäne, 2, 253595, 1.0.19220, , ame, PUP.Optional.Bandoo.AppFlsh, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{99079a25-328f-4bd4-be04-00955acaa0a7}, In Quarantäne, 2, 253595, 1.0.19220, , ame, PUP.Optional.Conduit.Generic, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{CD6354BF-18E7-4C71-9950-6D60474FAF63}, In Quarantäne, 1332, 443512, 1.0.19220, , ame, PUP.Optional.DealPly, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{496E9988-0668-47E8-838D-90D1CDC849F5}, In Quarantäne, 57, 259410, 1.0.19220, , ame, PUP.Optional.DigitalSites, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{75EED676-6DD5-4F1A-87D3-13A88619AD2D}, In Quarantäne, 1068, 358502, 1.0.19220, , ame, PUP.Optional.Uniblue, HKLM\SOFTWARE\WOW6432NODE\UNIBLUE\PowerSuite, In Quarantäne, 1471, 519941, 1.0.19220, , ame, PUP.Optional.ChipDe, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\APPLICATION\chip 1-click download service, In Quarantäne, 572, 463412, 1.0.19220, , ame, PUP.Optional.DigitalSites, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\PLAIN\{75EED676-6DD5-4F1A-87D3-13A88619AD2D}, In Quarantäne, 1068, 358511, , , , PUP.Optional.DigitalSites, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\DSite, In Quarantäne, 1068, 358511, 1.0.19220, , ame, PUP.Optional.ChipDe, HKLM\SYSTEM\SETUP\FIRSTBOOT\SERVICES\chip1click, In Quarantäne, 572, 567244, 1.0.19220, , ame, PUP.Optional.Delta.ShrtCln, HKLM\SOFTWARE\CLASSES\APPID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}, In Quarantäne, 63, 167317, , , , PUP.Optional.Delta.ShrtCln, HKLM\SOFTWARE\WOW6432NODE\CLASSES\APPID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}, In Quarantäne, 63, 167317, , , , PUP.Optional.Delta.ShrtCln, HKLM\SOFTWARE\CLASSES\WOW6432NODE\APPID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}, In Quarantäne, 63, 167317, 1.0.19220, , ame, Registrierungswert: 11 PUP.Optional.Conduit, HKU\S-1-5-21-3117796367-4178473136-720949512-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}|URL, In Quarantäne, 199, 236865, 1.0.19220, , ame, PUP.Optional.Conduit, HKU\S-1-5-21-3117796367-4178473136-720949512-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}|TOPRESULTURL, In Quarantäne, 199, 236865, 1.0.19220, , ame, PUP.Optional.BrowserProtect, HKU\S-1-5-21-3117796367-4178473136-720949512-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\TABBEDBROWSING|BPROTECTSHOWTABSWELCOME, In Quarantäne, 996, 538248, 1.0.19220, , ame, PUP.Optional.DataMngr.AppFlsh, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINDOWS|APPINIT_DLLS, In Quarantäne, 53, -1, 0.0.0, , action, PUP.Optional.DataMngr.AppFlsh, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINDOWS|APPINIT_DLLS, In Quarantäne, 53, -1, 0.0.0, , action, PUP.Optional.Conduit.Generic, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{0523379E-0659-4AEE-9879-51348B3977DF}|APPPATH, In Quarantäne, 1332, 443512, 1.0.19220, , ame, PUP.Optional.Bandoo.AppFlsh, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{5B0700FD-A3E2-4DB0-9CA1-C541FF1A4348}|APPPATH, In Quarantäne, 2, 253595, 1.0.19220, , ame, PUP.Optional.Bandoo.AppFlsh, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{99079a25-328f-4bd4-be04-00955acaa0a7}|APPPATH, In Quarantäne, 2, 253595, 1.0.19220, , ame, PUP.Optional.Conduit.Generic, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{CD6354BF-18E7-4C71-9950-6D60474FAF63}|APPPATH, In Quarantäne, 1332, 443512, 1.0.19220, , ame, PUP.Optional.DealPly, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{496E9988-0668-47E8-838D-90D1CDC849F5}|PATH, In Quarantäne, 57, 259410, 1.0.19220, , ame, PUP.Optional.DigitalSites, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{75EED676-6DD5-4F1A-87D3-13A88619AD2D}|PATH, In Quarantäne, 1068, 358502, 1.0.19220, , ame, Registrierungsdaten: 1 PUP.Optional.Conduit, HKU\S-1-5-21-3117796367-4178473136-720949512-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|START PAGE, Ersetzt, 199, 293058, 1.0.19220, , ame, Daten-Stream: 0 (keine bösartigen Elemente erkannt) Ordner: 12 PUP.Optional.APNToolBar.Gen, C:\PROGRAMDATA\APN\APN-STUB, In Quarantäne, 915, 175062, 1.0.19220, , ame, PUP.Optional.Babylon, C:\Program Files (x86)\Mozilla Firefox\extensions\ffxtlbr@babylon.com\defaults\preferences, In Quarantäne, 385, 175553, , , , PUP.Optional.Babylon, C:\Program Files (x86)\Mozilla Firefox\extensions\ffxtlbr@babylon.com\defaults, In Quarantäne, 385, 175553, , , , PUP.Optional.Babylon, C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\EXTENSIONS\FFXTLBR@BABYLON.COM, In Quarantäne, 385, 175553, 1.0.19220, , ame, PUP.Optional.ChipDe, C:\Program Files (x86)\Chip Digital GmbH\chip1click, In Quarantäne, 572, 557990, , , , PUP.Optional.ChipDe, C:\PROGRAM FILES (X86)\CHIP DIGITAL GMBH, In Quarantäne, 572, 557990, 1.0.19220, , ame, PUP.Optional.Uniblue, C:\PROGRAMDATA\UNIBLUE\DRIVERSCANNER, In Quarantäne, 1471, 334942, 1.0.19220, , ame, PUP.Optional.BrowserDefender.AppFlsh, C:\ProgramData\BrowserDefender\2.6.1562.220\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}\traking_settings, In Quarantäne, 974, 398705, , , , PUP.Optional.BrowserDefender.AppFlsh, C:\ProgramData\BrowserDefender\2.6.1562.220\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}, In Quarantäne, 974, 398705, , , , PUP.Optional.BrowserDefender.AppFlsh, C:\ProgramData\BrowserDefender\2.6.1562.220, In Quarantäne, 974, 398705, , , , PUP.Optional.BrowserDefender.AppFlsh, C:\PROGRAMDATA\BROWSERDEFENDER, In Quarantäne, 974, 398705, 1.0.19220, , ame, PUP.Optional.MindSpark.Generic, C:\USERS\USER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KRL6TOGY.BERND\BROWSER-EXTENSION-DATA\_4zMembers_@www.videodownloadconverter.com, In Quarantäne, 1793, 782572, 1.0.19220, , ame, Datei: 29 PUP.Optional.DealPly, C:\WINDOWS\TASKS\Dealply.job, In Quarantäne, 57, 237615, 1.0.19220, , ame, PUP.Optional.Babylon, C:\Program Files (x86)\Mozilla Firefox\extensions\ffxtlbr@babylon.com\defaults\preferences\dflt.js, In Quarantäne, 385, 175553, , , , PUP.Optional.DigitalSites, C:\WINDOWS\TASKS\DSITE.JOB, In Quarantäne, 1068, 358516, 1.0.19220, , ame, PUP.Optional.ChipDe, C:\PROGRAM FILES (X86)\CHIP DIGITAL GMBH\CHIP1CLICK\CHIP 1-CLICK INSTALLER.EXE.CONFIG, In Quarantäne, 572, 557990, 1.0.19220, , ame, PUP.Optional.ChipDe, C:\Program Files (x86)\Chip Digital GmbH\chip1click\chip 1-click installer.exe, In Quarantäne, 572, 557990, , , , PUP.Optional.ChipDe, C:\Program Files (x86)\Chip Digital GmbH\chip1click\CHIP Active Download.exe, In Quarantäne, 572, 557990, , , , PUP.Optional.ChipDe, C:\Program Files (x86)\Chip Digital GmbH\chip1click\CHIP Starter.exe, In Quarantäne, 572, 557990, , , , PUP.Optional.ChipDe, C:\Program Files (x86)\Chip Digital GmbH\chip1click\CHIP Updater.exe, In Quarantäne, 572, 557990, , , , PUP.Optional.ChipDe, C:\Program Files (x86)\Chip Digital GmbH\chip1click\SplashForm.exe, In Quarantäne, 572, 557990, , , , PUP.Optional.MindSpark.Generic, C:\USERS\USER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KRL6TOGY.BERND\EXTENSIONS\_4zMembers_@www.videodownloadconverter.com.xpi, In Quarantäne, 1793, 782571, 1.0.19220, , ame, PUP.Optional.BrowserDefender.AppFlsh, C:\ProgramData\BrowserDefender\2.6.1562.220\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}\traking_settings\00, In Quarantäne, 974, 398705, , , , PUP.Optional.BrowserDefender.AppFlsh, C:\ProgramData\BrowserDefender\2.6.1562.220\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}\traking_settings\01, In Quarantäne, 974, 398705, , , , PUP.Optional.BrowserDefender.AppFlsh, C:\ProgramData\BrowserDefender\2.6.1562.220\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}\traking_settings\02, In Quarantäne, 974, 398705, , , , PUP.Optional.BrowserDefender.AppFlsh, C:\ProgramData\BrowserDefender\2.6.1562.220\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}\traking_settings\03, In Quarantäne, 974, 398705, , , , PUP.Optional.BrowserDefender.AppFlsh, C:\ProgramData\BrowserDefender\2.6.1562.220\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}\traking_settings\10, In Quarantäne, 974, 398705, , , , PUP.Optional.BrowserDefender.AppFlsh, C:\ProgramData\BrowserDefender\2.6.1562.220\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}\traking_settings\11, In Quarantäne, 974, 398705, , , , PUP.Optional.BrowserDefender.AppFlsh, C:\ProgramData\BrowserDefender\2.6.1562.220\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}\traking_settings\12, In Quarantäne, 974, 398705, , , , PUP.Optional.BrowserDefender.AppFlsh, C:\ProgramData\BrowserDefender\2.6.1562.220\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}\traking_settings\13, In Quarantäne, 974, 398705, , , , PUP.Optional.BrowserDefender.AppFlsh, C:\ProgramData\BrowserDefender\2.6.1562.220\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}\traking_settings\20, In Quarantäne, 974, 398705, , , , PUP.Optional.BrowserDefender.AppFlsh, C:\ProgramData\BrowserDefender\2.6.1562.220\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}\traking_settings\21, In Quarantäne, 974, 398705, , , , PUP.Optional.BrowserDefender.AppFlsh, C:\ProgramData\BrowserDefender\2.6.1562.220\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}\traking_settings\22, In Quarantäne, 974, 398705, , , , PUP.Optional.BrowserDefender.AppFlsh, C:\ProgramData\BrowserDefender\2.6.1562.220\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}\traking_settings\23, In Quarantäne, 974, 398705, , , , PUP.Optional.BrowserDefender.AppFlsh, C:\ProgramData\BrowserDefender\2.6.1562.220\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}\bl, In Quarantäne, 974, 398705, , , , PUP.Optional.BrowserDefender.AppFlsh, C:\ProgramData\BrowserDefender\2.6.1562.220\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}\BrowserDefender.settings, In Quarantäne, 974, 398705, , , , PUP.Optional.BrowserDefender.AppFlsh, C:\ProgramData\BrowserDefender\2.6.1562.220\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}\dm, In Quarantäne, 974, 398705, , , , PUP.Optional.DigitalSites, C:\WINDOWS\SYSTEM32\TASKS\DSITE, In Quarantäne, 1068, 358511, , , , PUP.Optional.MindSpark.Generic, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\krl6togy.Bernd\browser-extension-data\_4zMembers_@www.videodownloadconverter.com\storage.js, In Quarantäne, 1793, 782572, , , , PUP.Optional.ChipDe, C:\USERS\USER\APPDATA\LOCAL\DOWNLOADED INSTALLATIONS\{31AD8258-894C-48D5-8149-C47506092754}\CHIP INSTALLER.MSI, In Quarantäne, 572, 594115, 1.0.19220, , ame, PUP.Optional.ChipDe, C:\WINDOWS\INSTALLER\9EE0D.MSI, In Quarantäne, 572, 557991, 1.0.19220, , ame, Physischer Sektor: 0 (keine bösartigen Elemente erkannt) WMI: 0 (keine bösartigen Elemente erkannt) (end) Code:
ATTFilter Malwarebytes www.malwarebytes.com -Protokolldetails- Scan-Datum: 14.02.20 Scan-Zeit: 16:28 Protokolldatei: a3281c4e-4f3e-11ea-b74f-bc5ff46753dc.json -Softwaredaten- Version: 4.0.4.49 Komponentenversion: 1.0.823 Version des Aktualisierungspakets: 1.0.19220 Lizenz: Kostenlos -Systemdaten- Betriebssystem: Windows 10 (Build 18362.657) CPU: x64 Dateisystem: NTFS Benutzer: User-PC\User -Scan-Übersicht- Scan-Typ: Bedrohungs-Scan Scan gestartet von: Manuell Ergebnis: Abgeschlossen Gescannte Objekte: 427758 Erkannte Bedrohungen: 83 In die Quarantäne verschobene Bedrohungen: 83 Abgelaufene Zeit: 3 Min., 19 Sek. -Scan-Optionen- Speicher: Aktiviert Start: Aktiviert Dateisystem: Aktiviert Archive: Aktiviert Rootkits: Deaktiviert Heuristik: Aktiviert PUP: Erkennung PUM: Erkennung -Scan-Details- Prozess: 1 PUP.Optional.ChipDe, C:\Program Files (x86)\Chip Digital GmbH\chip1click\chip 1-click installer.exe, In Quarantäne, 572, 557990, , , , Modul: 1 PUP.Optional.ChipDe, C:\Program Files (x86)\Chip Digital GmbH\chip1click\chip 1-click installer.exe, In Quarantäne, 572, 557990, , , , Registrierungsschlüssel: 28 PUP.Optional.Conduit, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0633EE93-D776-472F-A0FF-E1416B8B2E3A}, Löschen bei Neustart, 199, 236865, , , , PUP.Optional.Conduit, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0633EE93-D776-472F-A0FF-E1416B8B2E3A}, Löschen bei Neustart, 199, 236865, , , , PUP.Optional.Conduit, HKU\S-1-5-21-3117796367-4178473136-720949512-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}, Löschen bei Neustart, 199, 236865, 1.0.19220, , ame, PUP.Optional.ChipDe, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\chip1click, Löschen bei Neustart, 572, 557990, , , , PUP.Optional.DataMngr.AppFlsh, HKU\S-1-5-21-3117796367-4178473136-720949512-1000\SOFTWARE\DataMngr, Löschen bei Neustart, 53, 253612, 1.0.19220, , ame, PUP.Optional.DataMngr.AppFlsh, HKU\S-1-5-21-3117796367-4178473136-720949512-1000\SOFTWARE\DataMngr_Toolbar, Löschen bei Neustart, 53, 253613, 1.0.19220, , ame, PUP.Optional.Delta.ShrtCln, HKU\S-1-5-21-3117796367-4178473136-720949512-1000\SOFTWARE\delta LTD, Löschen bei Neustart, 63, 228647, 1.0.19220, , ame, PUP.Optional.Distromatic, HKU\S-1-5-21-3117796367-4178473136-720949512-1000\SOFTWARE\Distromatic, Löschen bei Neustart, 6553, 359638, 1.0.19220, , ame, PUP.Optional.DigitalSites, HKU\S-1-5-21-3117796367-4178473136-720949512-1000\SOFTWARE\DSiteProducts, Löschen bei Neustart, 1068, 237780, 1.0.19220, , ame, PUP.Optional.InstallCore, HKU\S-1-5-21-3117796367-4178473136-720949512-1000\SOFTWARE\InstallCore, Löschen bei Neustart, 486, 239563, 1.0.19220, , ame, PUP.Optional.APNToolBar.Gen, HKU\S-1-5-18\SOFTWARE\AskPartnerNetwork, Löschen bei Neustart, 915, 186876, 1.0.19220, , ame, PUP.Optional.ChipDe, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{503CA94E-0834-4CEE-AD92-BA17AF4E809A}, Löschen bei Neustart, 572, 458401, 1.0.19220, , ame, PUP.Optional.Babylon, HKLM\SOFTWARE\WOW6432NODE\babylontoolbar, Löschen bei Neustart, 385, 235651, 1.0.19220, , ame, PUP.Optional.DataMngr.AppFlsh, HKLM\SOFTWARE\WOW6432NODE\DataMngr, Löschen bei Neustart, 53, 253614, 1.0.19220, , ame, PUP.Optional.Conduit.Generic, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{0523379E-0659-4AEE-9879-51348B3977DF}, Löschen bei Neustart, 1332, 443512, 1.0.19220, , ame, PUP.Optional.Bandoo.AppFlsh, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{5B0700FD-A3E2-4DB0-9CA1-C541FF1A4348}, Löschen bei Neustart, 2, 253595, 1.0.19220, , ame, PUP.Optional.Bandoo.AppFlsh, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{99079a25-328f-4bd4-be04-00955acaa0a7}, Löschen bei Neustart, 2, 253595, 1.0.19220, , ame, PUP.Optional.Conduit.Generic, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{CD6354BF-18E7-4C71-9950-6D60474FAF63}, Löschen bei Neustart, 1332, 443512, 1.0.19220, , ame, PUP.Optional.DealPly, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{496E9988-0668-47E8-838D-90D1CDC849F5}, Löschen bei Neustart, 57, 259410, 1.0.19220, , ame, PUP.Optional.DigitalSites, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{75EED676-6DD5-4F1A-87D3-13A88619AD2D}, Löschen bei Neustart, 1068, 358502, 1.0.19220, , ame, PUP.Optional.Uniblue, HKLM\SOFTWARE\WOW6432NODE\UNIBLUE\PowerSuite, Löschen bei Neustart, 1471, 519941, 1.0.19220, , ame, PUP.Optional.ChipDe, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\APPLICATION\chip 1-click download service, Löschen bei Neustart, 572, 463412, 1.0.19220, , ame, PUP.Optional.DigitalSites, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\PLAIN\{75EED676-6DD5-4F1A-87D3-13A88619AD2D}, Löschen bei Neustart, 1068, 358511, , , , PUP.Optional.DigitalSites, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\DSite, Löschen bei Neustart, 1068, 358511, 1.0.19220, , ame, PUP.Optional.ChipDe, HKLM\SYSTEM\SETUP\FIRSTBOOT\SERVICES\chip1click, Löschen bei Neustart, 572, 567244, 1.0.19220, , ame, PUP.Optional.Delta.ShrtCln, HKLM\SOFTWARE\CLASSES\APPID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}, Löschen bei Neustart, 63, 167317, , , , PUP.Optional.Delta.ShrtCln, HKLM\SOFTWARE\WOW6432NODE\CLASSES\APPID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}, Löschen bei Neustart, 63, 167317, , , , PUP.Optional.Delta.ShrtCln, HKLM\SOFTWARE\CLASSES\WOW6432NODE\APPID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}, Löschen bei Neustart, 63, 167317, 1.0.19220, , ame, Registrierungswert: 11 PUP.Optional.Conduit, HKU\S-1-5-21-3117796367-4178473136-720949512-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}|URL, Löschen bei Neustart, 199, 236865, 1.0.19220, , ame, PUP.Optional.Conduit, HKU\S-1-5-21-3117796367-4178473136-720949512-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}|TOPRESULTURL, Löschen bei Neustart, 199, 236865, 1.0.19220, , ame, PUP.Optional.BrowserProtect, HKU\S-1-5-21-3117796367-4178473136-720949512-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\TABBEDBROWSING|BPROTECTSHOWTABSWELCOME, Löschen bei Neustart, 996, 538248, 1.0.19220, , ame, PUP.Optional.DataMngr.AppFlsh, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINDOWS|APPINIT_DLLS, Löschen bei Neustart, 53, -1, 0.0.0, , action, PUP.Optional.DataMngr.AppFlsh, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINDOWS|APPINIT_DLLS, Löschen bei Neustart, 53, -1, 0.0.0, , action, PUP.Optional.Conduit.Generic, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{0523379E-0659-4AEE-9879-51348B3977DF}|APPPATH, Löschen bei Neustart, 1332, 443512, 1.0.19220, , ame, PUP.Optional.Bandoo.AppFlsh, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{5B0700FD-A3E2-4DB0-9CA1-C541FF1A4348}|APPPATH, Löschen bei Neustart, 2, 253595, 1.0.19220, , ame, PUP.Optional.Bandoo.AppFlsh, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{99079a25-328f-4bd4-be04-00955acaa0a7}|APPPATH, Löschen bei Neustart, 2, 253595, 1.0.19220, , ame, PUP.Optional.Conduit.Generic, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{CD6354BF-18E7-4C71-9950-6D60474FAF63}|APPPATH, Löschen bei Neustart, 1332, 443512, 1.0.19220, , ame, PUP.Optional.DealPly, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{496E9988-0668-47E8-838D-90D1CDC849F5}|PATH, Löschen bei Neustart, 57, 259410, 1.0.19220, , ame, PUP.Optional.DigitalSites, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{75EED676-6DD5-4F1A-87D3-13A88619AD2D}|PATH, Löschen bei Neustart, 1068, 358502, 1.0.19220, , ame, Registrierungsdaten: 1 PUP.Optional.Conduit, HKU\S-1-5-21-3117796367-4178473136-720949512-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|START PAGE, Ersetzen bei Neustart, 199, 293058, 1.0.19220, , ame, Daten-Stream: 0 (keine bösartigen Elemente erkannt) Ordner: 12 PUP.Optional.APNToolBar.Gen, C:\PROGRAMDATA\APN\APN-STUB, Löschen bei Neustart, 915, 175062, 1.0.19220, , ame, PUP.Optional.Babylon, C:\Program Files (x86)\Mozilla Firefox\extensions\ffxtlbr@babylon.com\defaults\preferences, Löschen bei Neustart, 385, 175553, , , , PUP.Optional.Babylon, C:\Program Files (x86)\Mozilla Firefox\extensions\ffxtlbr@babylon.com\defaults, Löschen bei Neustart, 385, 175553, , , , PUP.Optional.Babylon, C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\EXTENSIONS\FFXTLBR@BABYLON.COM, Löschen bei Neustart, 385, 175553, 1.0.19220, , ame, PUP.Optional.ChipDe, C:\Program Files (x86)\Chip Digital GmbH\chip1click, Löschen bei Neustart, 572, 557990, , , , PUP.Optional.ChipDe, C:\PROGRAM FILES (X86)\CHIP DIGITAL GMBH, Löschen bei Neustart, 572, 557990, 1.0.19220, , ame, PUP.Optional.Uniblue, C:\PROGRAMDATA\UNIBLUE\DRIVERSCANNER, Löschen bei Neustart, 1471, 334942, 1.0.19220, , ame, PUP.Optional.BrowserDefender.AppFlsh, C:\ProgramData\BrowserDefender\2.6.1562.220\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}\traking_settings, Löschen bei Neustart, 974, 398705, , , , PUP.Optional.BrowserDefender.AppFlsh, C:\ProgramData\BrowserDefender\2.6.1562.220\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}, Löschen bei Neustart, 974, 398705, , , , PUP.Optional.BrowserDefender.AppFlsh, C:\ProgramData\BrowserDefender\2.6.1562.220, Löschen bei Neustart, 974, 398705, , , , PUP.Optional.BrowserDefender.AppFlsh, C:\PROGRAMDATA\BROWSERDEFENDER, Löschen bei Neustart, 974, 398705, 1.0.19220, , ame, PUP.Optional.MindSpark.Generic, C:\USERS\USER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KRL6TOGY.BERND\BROWSER-EXTENSION-DATA\_4zMembers_@www.videodownloadconverter.com, Löschen bei Neustart, 1793, 782572, 1.0.19220, , ame, Datei: 29 PUP.Optional.DealPly, C:\WINDOWS\TASKS\Dealply.job, Löschen bei Neustart, 57, 237615, 1.0.19220, , ame, PUP.Optional.Babylon, C:\Program Files (x86)\Mozilla Firefox\extensions\ffxtlbr@babylon.com\defaults\preferences\dflt.js, Löschen bei Neustart, 385, 175553, , , , PUP.Optional.DigitalSites, C:\WINDOWS\TASKS\DSITE.JOB, Löschen bei Neustart, 1068, 358516, 1.0.19220, , ame, PUP.Optional.ChipDe, C:\PROGRAM FILES (X86)\CHIP DIGITAL GMBH\CHIP1CLICK\CHIP 1-CLICK INSTALLER.EXE.CONFIG, Löschen bei Neustart, 572, 557990, 1.0.19220, , ame, PUP.Optional.ChipDe, C:\Program Files (x86)\Chip Digital GmbH\chip1click\chip 1-click installer.exe, Löschen bei Neustart, 572, 557990, , , , PUP.Optional.ChipDe, C:\Program Files (x86)\Chip Digital GmbH\chip1click\CHIP Active Download.exe, Löschen bei Neustart, 572, 557990, , , , PUP.Optional.ChipDe, C:\Program Files (x86)\Chip Digital GmbH\chip1click\CHIP Starter.exe, Löschen bei Neustart, 572, 557990, , , , PUP.Optional.ChipDe, C:\Program Files (x86)\Chip Digital GmbH\chip1click\CHIP Updater.exe, Löschen bei Neustart, 572, 557990, , , , PUP.Optional.ChipDe, C:\Program Files (x86)\Chip Digital GmbH\chip1click\SplashForm.exe, Löschen bei Neustart, 572, 557990, , , , PUP.Optional.MindSpark.Generic, C:\USERS\USER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KRL6TOGY.BERND\EXTENSIONS\_4zMembers_@www.videodownloadconverter.com.xpi, Löschen bei Neustart, 1793, 782571, 1.0.19220, , ame, PUP.Optional.BrowserDefender.AppFlsh, C:\ProgramData\BrowserDefender\2.6.1562.220\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}\traking_settings\00, Löschen bei Neustart, 974, 398705, , , , PUP.Optional.BrowserDefender.AppFlsh, C:\ProgramData\BrowserDefender\2.6.1562.220\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}\traking_settings\01, Löschen bei Neustart, 974, 398705, , , , PUP.Optional.BrowserDefender.AppFlsh, C:\ProgramData\BrowserDefender\2.6.1562.220\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}\traking_settings\02, Löschen bei Neustart, 974, 398705, , , , PUP.Optional.BrowserDefender.AppFlsh, C:\ProgramData\BrowserDefender\2.6.1562.220\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}\traking_settings\03, Löschen bei Neustart, 974, 398705, , , , PUP.Optional.BrowserDefender.AppFlsh, C:\ProgramData\BrowserDefender\2.6.1562.220\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}\traking_settings\10, Löschen bei Neustart, 974, 398705, , , , PUP.Optional.BrowserDefender.AppFlsh, C:\ProgramData\BrowserDefender\2.6.1562.220\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}\traking_settings\11, Löschen bei Neustart, 974, 398705, , , , PUP.Optional.BrowserDefender.AppFlsh, C:\ProgramData\BrowserDefender\2.6.1562.220\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}\traking_settings\12, Löschen bei Neustart, 974, 398705, , , , PUP.Optional.BrowserDefender.AppFlsh, C:\ProgramData\BrowserDefender\2.6.1562.220\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}\traking_settings\13, Löschen bei Neustart, 974, 398705, , , , PUP.Optional.BrowserDefender.AppFlsh, C:\ProgramData\BrowserDefender\2.6.1562.220\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}\traking_settings\20, Löschen bei Neustart, 974, 398705, , , , PUP.Optional.BrowserDefender.AppFlsh, C:\ProgramData\BrowserDefender\2.6.1562.220\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}\traking_settings\21, Löschen bei Neustart, 974, 398705, , , , PUP.Optional.BrowserDefender.AppFlsh, C:\ProgramData\BrowserDefender\2.6.1562.220\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}\traking_settings\22, Löschen bei Neustart, 974, 398705, , , , PUP.Optional.BrowserDefender.AppFlsh, C:\ProgramData\BrowserDefender\2.6.1562.220\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}\traking_settings\23, Löschen bei Neustart, 974, 398705, , , , PUP.Optional.BrowserDefender.AppFlsh, C:\ProgramData\BrowserDefender\2.6.1562.220\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}\bl, Löschen bei Neustart, 974, 398705, , , , PUP.Optional.BrowserDefender.AppFlsh, C:\ProgramData\BrowserDefender\2.6.1562.220\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}\BrowserDefender.settings, Löschen bei Neustart, 974, 398705, , , , PUP.Optional.BrowserDefender.AppFlsh, C:\ProgramData\BrowserDefender\2.6.1562.220\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}\dm, Löschen bei Neustart, 974, 398705, , , , PUP.Optional.DigitalSites, C:\WINDOWS\SYSTEM32\TASKS\DSITE, Löschen bei Neustart, 1068, 358511, , , , PUP.Optional.MindSpark.Generic, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\krl6togy.Bernd\browser-extension-data\_4zMembers_@www.videodownloadconverter.com\storage.js, Löschen bei Neustart, 1793, 782572, , , , PUP.Optional.ChipDe, C:\USERS\USER\APPDATA\LOCAL\DOWNLOADED INSTALLATIONS\{31AD8258-894C-48D5-8149-C47506092754}\CHIP INSTALLER.MSI, Löschen bei Neustart, 572, 594115, 1.0.19220, , ame, PUP.Optional.ChipDe, C:\WINDOWS\INSTALLER\9EE0D.MSI, Löschen bei Neustart, 572, 557991, 1.0.19220, , ame, Physischer Sektor: 0 (keine bösartigen Elemente erkannt) WMI: 0 (keine bösartigen Elemente erkannt) (end) Code:
ATTFilter Incoming 2020-02-14, 12:36 REJECTED 140464826 140464826 Incoming 2020-02-14, 12:36 REJECTED 140464826 140464826 Incoming 2020-02-14, 12:47 User 140464826 140464826 Incoming 2020-02-14, 12:50 Passwd 140464826 140464826 |
26.02.2020, 21:04 | #4 |
/// TB-Ausbilder | Auf Microsoft Mitarbeiter hereingefallenWir können es kurz machen, hier steht alles Wichtige: Warnung vor Telefonanrufen von angeblichen Microsoft-Mitarbeitern Dieses Thema scheint erledigt und wird aus meinen Abos gelöscht. Solltest Du das Thema erneut brauchen, schicke uns bitte eine Erinnerung inklusive Link zum Thema. Jeder andere bitte hier klicken und ein eigenes Thema erstellen. Geändert von M-K-D-B (26.02.2020 um 21:14 Uhr) |
Themen zu Auf Microsoft Mitarbeiter hereingefallen |
antivirus, avg, avira, computer, ebay, error, firefox, flash player, frage, helper, home, installation, microsoft mitarbeiter, mozilla, prozesse, realtek, registry, security, software, stick, suchmaschine, symantec, system, usb, webadvisor, windows, windowsapps, wlan |