Trojaner-Board - Ständig im TaskManager Audio.exe EMCO Malware Destroyer

Trojaner-Board (https://www.trojaner-board.de/)

- Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)

- - Ständig im TaskManager Audio.exe EMCO Malware Destroyer (https://www.trojaner-board.de/186613-staendig-taskmanager-audio-exe-emco-malware-destroyer.html)

Ständig im TaskManager Audio.exe EMCO Malware Destroyer

Hi Leute,

ständig habe ich folgende exe dateien im taskmgr:

Audio.exe EMCO Malware Destroyer
Defender.exe EMCO Malware Destroyer
Sound.exe EMCO Malware Destroyer
Java.exe EMCO Malware Destroyer

das mach mich ein wenig stutzig.

Mein G Data zeigt nichts an!
habe auch windows 10 schon neu installiert aber erfolglos!

Logs sind zu lang daher als links auf pastebin

FRST: https://pastebin.com/Dc8Bnxnd
Addition: https://pastebin.com/FgwEiQqu

hoffe ihr könnt mir helfen

Danke schonmal

//edit: Frau Fragerin verarztet dich jetzt :D

cosinus war schneller

meinetwegen kannsst du übernehmen :D

OK.

:hallo:

Ich habe dein Thema in Arbeit und melde mich so schnell als möglich mit weiteren Anweisungen.

Bitte beachte, dass alle meine Antworten zuerst von einem Ausbilder freigegeben werden müssen, bevor ich diese hier posten darf. Dies garantiert, dass Du Hilfe von einem ausgebildeten Helfer bekommst.

Ich bedanke mich für deine Geduld :)

Wenn ich den process mit Virustotal scanne kommt folgendes

https://www.virustotal.com/de/file/0c7aec34d9d882e0973434ddd94d1242b95d93f0319c517b1ab1403aa6a203c7/analysis/1503868704/
und unter anderem namen (gleicher process Audio.exe)
https://www.virustotal.com/de/file/0c7aec34d9d882e0973434ddd94d1242b95d93f0319c517b1ab1403aa6a203c7/analysis/

gdata erkennt die datei nun auch

Virus: Trojan.GenericKD.5905149 (Engine A)
Datei: Audio.exe
Verzeichnis: C:\Users\ktown\AppData\Roaming\Microsoft\Windows\Templates
Prozess: Audio.exe

aber die Datei Audio.exe gibt es in dem Verzeichnis nicht!

:hallo:

Mein Name ist Ruth und ich werde dir bei der Bereinigung deines Systems helfen. :daumenhoc

Bitte beachte, dass jede meiner Antworten erst durch einen Ausbilder freigegeben werden muss. Ich bitte um Verständnis für mögliche Verzögerungen. Ich bemühe mich jedoch, spätestens nach 24 Stunden zu antworten.
Bitte befolge meine Anweisungen, bis ich dich als *clean* entlasse.
Nicht unaufgefordert Programme installieren und deinstallieren.
Keine Online-Geschäfte machen und überhaupt deine Online-Aktivitäten möglichst begrenzen.

Nach einer Neuinstallation des Betriebssystems bleibt nichts an Malware übrig. Alles, was du an Programmen auf deinem System hast, hast du dir nach dem Aufsetzen installiert, evtl. aber nicht bewusst.

Emco-Software ist eigentlich ein legitimer Hersteller. Kann es sich um Reste von einem Programm handeln, das du wieder deinstalliert hast? Unbekanntere Antimalwareprogramme können auch gut versteckte Dateien haben und Fehlalarme bei anderen Schutzprogrammen auslösen.
Auf jeden Fall können wir diese Reste löschen.

Zuerst möchte ich aber noch etwas gucken und ein paar Routine-Scans auf Adware und dergleichen machen.

Schritt 1: FRST-Fix
Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:

closeprocesses:

Folder: C:\Users\ktown\AppData\Roaming\tor

Folder: C:\Users\ktown\AppData\Roaming\Audio

Folder: C:\Users\ktown\AppData\Roaming\sound

emptytemp:

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).

Starte nun FRST erneut und klicke den Entfernen Button.
Das Tool erstellt eine Fixlog.txt.
Poste mir deren Inhalt.

Schritt 2: AdwareCleaner
Downloade Dir bitte AdwCleaner auf deinen Desktop.

Schließe alle offenen Programme und Browser.
Starte die adwcleaner.exe mit einem Doppelklick.
Stimme den Nutzungsbedingungen zu.
Klicke auf Werkzeuge > Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
- Image File Execution Options Schlüssel
- "Tracing" Schlüssel
- "Prefetch" Dateien
- Proxy
- Winsock
- TCP/IP Einstellungen
- Firewall
- Internet Explorer Richtlinien
- Chrome Richtlinien
- Hosts-Datei
Bestätige die Auswahl mit Ok.
Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
Klicke nun auf Löschen (auch dann wenn AdwCleaner sagt, dass nichts gefunden wurde) und bestätige auftretende Hinweise mit Ok.
Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Schritt 3: MBAM
Downloade Dir bitte Malwarebytes Anti-Malware

Installiere das Programm in den vorgegebenen Pfad.
Starte Malwarebytes' Anti-Malware (MBAM).
Klicke im Anschluss auf Scan, wähle den Bedrohungs-Scan aus und klicke auf Scan starten.
Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Ausgewählte Elemente in die Quarantäne verschieben.
Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
Starte MBAM nach dem Neustart, klicke auf Berichte.
Wähle den neuesten Scan-Bericht aus, klicke auf Bericht anzeigen und dann auf Export.
Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab.
Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.

Kannst du mit diesem Eintrag etwas anfangen bzw. sagt dir der Firmenname "Axon Cable SIA" etwas?

Code:

C:\Users\ktown\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Program32.exe [2017-08-27] (Axon Cable SIA)

Hi danke für deine Antwort also die Firma Axon Cable SIA sagt mir nichts!?
In Autoruns steht: Program32.exe Calendar Planner Example Axon Cable SIA c:\users\ktown\appdata\roaming\microsoft\windows\start menu\programs\startup\program32.exe 25.08.2017 23:45
Wenn ich die Datei öffne schmeißt mbam eine Datei C:\users\ktown\appdata\local\temp\System64.exe in die quarantäne aber die Datei Program32.exe bleibt bestehen!
Die Datei steht auch im Autostart bei Autoruns

Die Datei C:\Users\ktown\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Program32.exe [2017-08-27] (Axon Cable SIA) gibt im Virustotalscan das aus:
https://www.virustotal.com/de/file/ea6e6c13353e5f95070ca9305af3ea5ea4cf09d6a1d092447b28281d71a4b278/analysis/1503744147/

Fixlog.txt:

Code:

Entferungsergebnis von Farbar Recovery Scan Tool (x64) Version: 20-08-2017

durchgeführt von ktown (28-08-2017 18:07:02) Run:1

Gestartet von C:\Users\ktown\Downloads\Mods

Geladene Profile: ktown (Verfügbare Profile: ktown)

Start-Modus: Normal

==============================================
 

fixlist Inhalt:

*****************

closeprocesses:

Folder: C:\Users\ktown\AppData\Roaming\tor

Folder: C:\Users\ktown\AppData\Roaming\Audio

Folder: C:\Users\ktown\AppData\Roaming\sound

emptytemp:

*****************
 

Prozesse erfolgreich geschlossen.
 

========================= Folder: C:\Users\ktown\AppData\Roaming\tor ========================
 

2017-08-27 22:23 - 2017-08-27 22:25 - 000020852 _____ () C:\Users\ktown\AppData\Roaming\tor\cached-certs

2017-08-27 22:23 - 2017-08-28 16:24 - 002119544 _____ () C:\Users\ktown\AppData\Roaming\tor\cached-microdesc-consensus

2017-08-27 22:29 - 2017-08-27 22:29 - 003723063 _____ () C:\Users\ktown\AppData\Roaming\tor\cached-microdescs

2017-08-27 22:23 - 2017-08-28 16:24 - 000388510 _____ () C:\Users\ktown\AppData\Roaming\tor\cached-microdescs.new

2017-08-27 22:22 - 2017-08-28 16:24 - 000000000 _____ () C:\Users\ktown\AppData\Roaming\tor\lock

2017-08-27 22:22 - 2017-08-28 16:25 - 000002087 _____ () C:\Users\ktown\AppData\Roaming\tor\state
 

====== Ende von Folder: ======
 
 

========================= Folder: C:\Users\ktown\AppData\Roaming\Audio ========================
 

2017-08-27 22:22 - 2017-08-27 22:22 - 000000068 ___SH () C:\Users\ktown\AppData\Roaming\Audio\.Identifier

2017-08-27 22:21 - 2017-08-27 22:21 - 000629760 ___SH () C:\Users\ktown\AppData\Roaming\Audio\Audio.exe
 

====== Ende von Folder: ======
 
 

========================= Folder: C:\Users\ktown\AppData\Roaming\sound ========================
 

2017-08-27 22:21 - 2017-08-27 22:21 - 002289152 ___SH () C:\Users\ktown\AppData\Roaming\sound\sound.exe
 

====== Ende von Folder: ======
 
 

=========== EmptyTemp: ==========
 

BITS transfer queue => 6578176 B

DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 40327451 B

Java, Flash, Steam htmlcache => 0 B

Windows/system/drivers => 47903778295 B

Edge => 8103454 B

Chrome => 426646644 B

Firefox => 0 B

Opera => 0 B
 

Temp, IE cache, history, cookies, recent:

Default => 0 B

Users => 0 B

ProgramData => 0 B

Public => 0 B

systemprofile => 128 B

systemprofile32 => 1132 B

LocalService => 8138 B

NetworkService => 40410 B

ktown => 3398360546 B
 

RecycleBin => 0 B

EmptyTemp: => 48.2 GB temporäre Dateien entfernt.
 

================================
 
 

Das System musste neu gestartet werden.
 

==== Ende von Fixlog 18:09:30 ====

Adwcleaner.txt:

Code:

# AdwCleaner 7.0.1.0 - Logfile created on Mon Aug 28 16:16:05 2017

# Updated on 2017/05/08 by Malwarebytes 

# Running on Windows 10 Pro (X64)

# Mode: clean

# Support: https://www.malwarebytes.com/support
 

***** [ Services ] *****
 

No malicious services deleted.
 

***** [ Folders ] *****
 

No malicious folders deleted.
 

***** [ Files ] *****
 

No malicious files deleted.
 

***** [ DLL ] *****
 

No malicious DLLs cleaned.
 

***** [ WMI ] *****
 

No malicious WMI cleaned.
 

***** [ Shortcuts ] *****
 

No malicious shortcuts cleaned.
 

***** [ Tasks ] *****
 

No malicious tasks deleted.
 

***** [ Registry ] *****
 

No malicious registry entries deleted.
 

***** [ Firefox (and derivatives) ] *****
 

No malicious Firefox entries deleted.
 

***** [ Chromium (and derivatives) ] *****
 

Plugin deleted: MyJDownloader Browser Extension - 
 
 

*************************
 

::Tracing keys deleted

::Winsock settings cleared

::Image File Execution Options%s keys deleted

::Prefetch files deleted

::Proxy settings cleared

::TCP/IP settings cleared

::Firewall rules cleared

::IE policies deleted

::Chrome policies deleted

::Hosts file cleared

::Additional Actions: 0
 
 
 

*************************
 

C:/AdwCleaner/AdwCleaner[C0].txt - [1217 B] - [2017/8/28 15:3:58]

C:/AdwCleaner/AdwCleaner[S0].txt - [1101 B] - [2017/8/28 15:2:36]

C:/AdwCleaner/AdwCleaner[S1].txt - [1235 B] - [2017/8/28 16:15:30]
 
 

########## EOF - C:\AdwCleaner\AdwCleaner[C1].txt ##########

mbam.txt:

Code:

Malwarebytes

www.malwarebytes.com
 

-Protokolldetails-

Scan-Datum: 28.08.17

Scan-Zeit: 18:21

Protokolldatei: 04866f1a-8c0d-11e7-a0a0-f832e4a07181.json

Administrator: Ja
 

-Softwaredaten-

Version: 3.2.2.2018

Komponentenversion: 1.0.188

Version des Aktualisierungspakets: 1.0.2674

Lizenz: Testversion
 

-Systemdaten-

Betriebssystem: Windows 10 (Build 15063.540)

CPU: x64

Dateisystem: NTFS

Benutzer: DESKTOP-S8K03BB\ktown
 

-Scan-Übersicht-

Scan-Typ: Bedrohungs-Scan

Ergebnis: Abgeschlossen

Gescannte Objekte: 395479

Erkannte Bedrohungen: 82

In die Quarantäne verschobene Bedrohungen: 82

Abgelaufene Zeit: 3 Min., 43 Sek.
 

-Scan-Optionen-

Speicher: Aktiviert

Start: Aktiviert

Dateisystem: Aktiviert

Archive: Aktiviert

Rootkits: Deaktiviert

Heuristik: Aktiviert

PUP: Erkennung

PUM: Erkennung
 

-Scan-Details-

Prozess: 1

Trojan.Pseudo, C:\USERS\KTOWN\APPDATA\LOCAL\TEMP\SYSTEM64.EXE, In Quarantäne, [2627], [232650],1.0.2674
 

Modul: 1

Trojan.Pseudo, C:\USERS\KTOWN\APPDATA\LOCAL\TEMP\SYSTEM64.EXE, In Quarantäne, [2627], [232650],1.0.2674
 

Registrierungsschlüssel: 12

Spyware.Pony, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\WSCRIPT.EXE, In Quarantäne, [69], [429253],1.0.2674

Spyware.Pony, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\WSCRIPT.EXE, In Quarantäne, [69], [429253],1.0.2674

Spyware.Pony, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\SVCHOST.EXE, In Quarantäne, [69], [429253],1.0.2674

Spyware.Pony, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\SVCHOST.EXE, In Quarantäne, [69], [429253],1.0.2674

Spyware.Pony, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\DLLHOST.EXE, In Quarantäne, [69], [429253],1.0.2674

Spyware.Pony, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\DLLHOST.EXE, In Quarantäne, [69], [429253],1.0.2674

Spyware.Pony, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\CHROME.EXE, In Quarantäne, [69], [429253],1.0.2674

Spyware.Pony, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\CHROME.EXE, In Quarantäne, [69], [429253],1.0.2674

Spyware.Pony, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\IEXPLORE.EXE, In Quarantäne, [69], [429103],1.0.2674

Spyware.Pony, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\IEXPLORE.EXE, In Quarantäne, [69], [429103],1.0.2674

Spyware.Pony, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\EXPLORER.EXE, In Quarantäne, [69], [429253],1.0.2674

Spyware.Pony, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\EXPLORER.EXE, In Quarantäne, [69], [429253],1.0.2674
 

Registrierungswert: 0

(keine bösartigen Elemente erkannt)
 

Registrierungsdaten: 0

(keine bösartigen Elemente erkannt)
 

Daten-Stream: 0

(keine bösartigen Elemente erkannt)
 

Ordner: 0

(keine bösartigen Elemente erkannt)
 

Datei: 68

Trojan.Pseudo, C:\USERS\KTOWN\APPDATA\LOCAL\TEMP\SYSTEM64.EXE, In Quarantäne, [2627], [232650],1.0.2674

Trojan.Agent.E.Generic, C:\USERS\KTOWN\APPDATA\ROAMING\SOUND.EXE, In Quarantäne, [1062], [354435],1.0.2674

Backdoor.Agent.E, C:\USERS\KTOWN\APPDATA\LOCAL\MICROSOFT\WINDOWS\{23A1C90E-6B28-45F0-834B-28ACA2D2D339}\taskmgr.exe, In Quarantäne, [132], [362815],1.0.2674

Backdoor.Agent.E, C:\USERS\KTOWN\APPDATA\LOCAL\MICROSOFT\WINDOWS\{8E73B611-6D21-4BA3-B993-163F23FD62A0}\taskmgr.exe, In Quarantäne, [132], [362815],1.0.2674

Backdoor.Agent.E, C:\USERS\KTOWN\APPDATA\LOCAL\MICROSOFT\WINDOWS\{DC41174F-1316-4C73-AF54-50FAC2A2B0E6}\taskmgr.exe, In Quarantäne, [132], [362815],1.0.2674

Generic.Malware/Suspicious, C:\USERS\KTOWN\APPDATA\ROAMING\AUDIO\AUDIO.EXE, In Quarantäne, [0], [392686],1.0.2674

Generic.Malware/Suspicious, C:\USERS\KTOWN\APPDATA\ROAMING\SOUND\SOUND.EXE, In Quarantäne, [0], [392686],1.0.2674

Spyware.Pony, C:\USERS\KTOWN\APPDATA\LOCAL\MICROSOFT\WINDOWS\{024A0432-A804-47A4-8817-A9BEE06E8910}\DEFENDER.EXE, In Quarantäne, [69], [429253],1.0.2674

Spyware.Pony, C:\USERS\KTOWN\APPDATA\LOCAL\MICROSOFT\WINDOWS\{1B6A2BD5-9186-40B7-AE0D-B50D1FF28920}\MICROSOFT.EXE, In Quarantäne, [69], [429253],1.0.2674

Spyware.Pony, C:\USERS\KTOWN\APPDATA\LOCAL\MICROSOFT\WINDOWS\{139558E7-CDC1-429B-9102-1262B97B7B85}\TASKHOST.EXE, In Quarantäne, [69], [429253],1.0.2674

Spyware.Pony, C:\USERS\KTOWN\APPDATA\LOCAL\MICROSOFT\WINDOWS\{2D494E5D-CB30-410A-8210-2A567D9ED826}\SERVICES.EXE, In Quarantäne, [69], [429253],1.0.2674

Spyware.Pony, C:\USERS\KTOWN\APPDATA\LOCAL\MICROSOFT\WINDOWS\{2FD7733B-8CF8-4F2B-8602-ED71387F0CE6}\ADOBE.EXE, In Quarantäne, [69], [429253],1.0.2674

Spyware.Pony, C:\USERS\KTOWN\APPDATA\LOCAL\MICROSOFT\WINDOWS\{43D1CE4D-90A7-47A6-8548-0F746D5FD623}\WUAUCLT.EXE, In Quarantäne, [69], [429253],1.0.2674

Spyware.Pony, C:\USERS\KTOWN\APPDATA\LOCAL\MICROSOFT\WINDOWS\{46F48AEB-DB7C-47A0-B006-719CBDEF549D}\MICROSOFT.EXE, In Quarantäne, [69], [429253],1.0.2674

Spyware.Pony, C:\USERS\KTOWN\APPDATA\LOCAL\MICROSOFT\WINDOWS\{58155E36-DBC6-417A-BDFF-B16C171553CB}\SYSTEM.EXE, In Quarantäne, [69], [429253],1.0.2674

Spyware.Pony, C:\USERS\KTOWN\APPDATA\LOCAL\MICROSOFT\WINDOWS\{6750A088-8B0E-4BD8-BD0E-86CC73025E01}\WSCRIPT.EXE, In Quarantäne, [69], [429253],1.0.2674

Spyware.Pony, C:\USERS\KTOWN\APPDATA\LOCAL\MICROSOFT\WINDOWS\{5B63FCA5-5390-4F9D-A526-003B8B356D4F}\WERFAULT.EXE, In Quarantäne, [69], [429253],1.0.2674

Spyware.Pony, C:\USERS\KTOWN\APPDATA\LOCAL\MICROSOFT\WINDOWS\{73DC0E34-2888-41FC-B2AC-A86201DA0FAD}\WINLOGON.EXE, In Quarantäne, [69], [429253],1.0.2674

Spyware.Pony, C:\USERS\KTOWN\APPDATA\LOCAL\MICROSOFT\WINDOWS\{69CE8F0F-5B53-42AD-8F26-02722D10B41B}\SVCHOST.EXE, In Quarantäne, [69], [429253],1.0.2674

Spyware.Pony, C:\USERS\KTOWN\APPDATA\LOCAL\MICROSOFT\WINDOWS\{A8645507-B84A-4FD1-AC84-D7BEADA0C558}\SYSTEM.EXE, In Quarantäne, [69], [429253],1.0.2674

Spyware.Pony, C:\USERS\KTOWN\APPDATA\LOCAL\MICROSOFT\WINDOWS\{C83EFF28-A57A-4BBC-B695-426178168753}\DEFENDER.EXE, In Quarantäne, [69], [429253],1.0.2674

Spyware.Pony, C:\USERS\KTOWN\APPDATA\LOCAL\MICROSOFT\WINDOWS\{80A045C6-8219-45AE-B9D1-F57E829472C5}\SYSTEM.EXE, In Quarantäne, [69], [429253],1.0.2674

Spyware.Pony, C:\USERS\KTOWN\APPDATA\LOCAL\MICROSOFT\WINDOWS\{D8A391E8-547D-4F60-A4C9-7ADB37D4BF81}\SVCHOST.EXE, In Quarantäne, [69], [429103],1.0.2674

Spyware.Pony, C:\USERS\KTOWN\APPDATA\LOCAL\MICROSOFT\WINDOWS\{94EE25A4-3009-46F4-82A2-80EDFCF8540A}\CSRSS.EXE, In Quarantäne, [69], [429103],1.0.2674

Spyware.Pony, C:\USERS\KTOWN\APPDATA\LOCAL\MICROSOFT\WINDOWS\{EEF4FFCC-6844-428D-B69F-2AB0BAE9A03E}\WSCRIPT.EXE, In Quarantäne, [69], [429253],1.0.2674

Spyware.Pony, C:\USERS\KTOWN\APPDATA\LOCAL\MICROSOFT\WINDOWS\{ADD3B04C-A1CD-403F-A495-4695B75F30FD}\SVCHOST.EXE, In Quarantäne, [69], [429253],1.0.2674

Spyware.Pony, C:\USERS\KTOWN\APPDATA\LOCAL\MICROSOFT\WINDOWS\{CD3229B0-A69D-42D9-8C04-C73C7F9A8120}\WERFAULT.EXE, In Quarantäne, [69], [429253],1.0.2674

Spyware.Pony, C:\USERS\KTOWN\APPDATA\LOCAL\MICROSOFT\WINDOWS\{17A3D445-3FD8-4749-B713-40D195E83059}\SVCHOST.EXE, In Quarantäne, [69], [429253],1.0.2674

Spyware.Pony, C:\USERS\KTOWN\APPDATA\LOCAL\MICROSOFT\WINDOWS\{2FD1294D-BEB5-4F29-9955-FD7329AE71D8}\DLLHOST.EXE, In Quarantäne, [69], [429253],1.0.2674

Spyware.Pony, C:\USERS\KTOWN\APPDATA\LOCAL\MICROSOFT\WINDOWS\{460E70F7-144D-4875-866B-C864BEC1AB98}\CSRSS.EXE, In Quarantäne, [69], [429253],1.0.2674

Spyware.Pony, C:\USERS\KTOWN\APPDATA\LOCAL\MICROSOFT\WINDOWS\{5A37934C-FFA9-4F56-80DF-9D31F8950B06}\SERVICES.EXE, In Quarantäne, [69], [429253],1.0.2674

Spyware.Pony, C:\USERS\KTOWN\APPDATA\LOCAL\MICROSOFT\WINDOWS\{68317946-D327-4210-817B-C0E827221C43}\WSCRIPT.EXE, In Quarantäne, [69], [429253],1.0.2674

Spyware.Pony, C:\USERS\KTOWN\APPDATA\LOCAL\MICROSOFT\WINDOWS\{7BE4E157-B5F0-4B05-94E5-3862A9558DA8}\CHROME.EXE, In Quarantäne, [69], [429253],1.0.2674

Spyware.Pony, C:\USERS\KTOWN\APPDATA\LOCAL\MICROSOFT\WINDOWS\{93822BC0-2749-4A82-B29A-CBEDE201C0DA}\CONFIG.EXE, In Quarantäne, [69], [429253],1.0.2674

Spyware.Pony, C:\USERS\KTOWN\APPDATA\LOCAL\MICROSOFT\WINDOWS\{A91DDEBE-7B15-4F86-B500-257A1E332388}\JAVA.EXE, In Quarantäne, [69], [429253],1.0.2674

Spyware.Pony, C:\USERS\KTOWN\APPDATA\LOCAL\MICROSOFT\WINDOWS\{CBDFBAF8-299F-44AC-9DF3-F27FE98C7231}\CSRSS.EXE, In Quarantäne, [69], [429253],1.0.2674

Spyware.Pony, C:\USERS\KTOWN\APPDATA\LOCAL\MICROSOFT\WINDOWS\{D8FC2835-B597-4978-A0F5-F3C1E1D2FD2C}\WUAUCLT.EXE, In Quarantäne, [69], [429253],1.0.2674

Spyware.Pony, C:\USERS\KTOWN\APPDATA\LOCAL\MICROSOFT\WINDOWS\{1E9F4759-67BE-4C02-ACE4-74F62187D259}\JAVA.EXE, In Quarantäne, [69], [429253],1.0.2674

Spyware.Pony, C:\USERS\KTOWN\APPDATA\LOCAL\MICROSOFT\WINDOWS\{3152A6D8-F373-4EC6-8003-AFB5B6FFE3FE}\ADOBE.EXE, In Quarantäne, [69], [429253],1.0.2674

Spyware.Pony, C:\USERS\KTOWN\APPDATA\LOCAL\MICROSOFT\WINDOWS\{482F908D-75BC-4E0F-AC08-29665CAA16CE}\INTERNET.EXE, In Quarantäne, [69], [429253],1.0.2674

Spyware.Pony, C:\USERS\KTOWN\APPDATA\LOCAL\MICROSOFT\WINDOWS\{5D0BE935-AAA1-4756-B798-9E2F41396BAB}\DLLHOST.EXE, In Quarantäne, [69], [429253],1.0.2674

Spyware.Pony, C:\USERS\KTOWN\APPDATA\LOCAL\MICROSOFT\WINDOWS\{6B13E4C4-6BA4-429D-A987-432769D8414B}\CHROME.EXE, In Quarantäne, [69], [429253],1.0.2674

Spyware.Pony, C:\USERS\KTOWN\APPDATA\LOCAL\MICROSOFT\WINDOWS\{832C6928-C980-4B4C-853C-1FC87E0E9032}\DEFENDER.EXE, In Quarantäne, [69], [429253],1.0.2674

Spyware.Pony, C:\USERS\KTOWN\APPDATA\LOCAL\MICROSOFT\WINDOWS\{9B385A54-7A40-47F4-AEA3-1DA3D3F03849}\JAVA.EXE, In Quarantäne, [69], [429253],1.0.2674

Spyware.Pony, C:\USERS\KTOWN\APPDATA\LOCAL\MICROSOFT\WINDOWS\{B5EBD04C-8CDA-40BC-9B77-9EBA379BF202}\ADOBE.EXE, In Quarantäne, [69], [429253],1.0.2674

Spyware.Pony, C:\USERS\KTOWN\APPDATA\LOCAL\MICROSOFT\WINDOWS\{CD5FC2EA-1F10-46B3-AB08-A3444A6F3E86}\JAVA.EXE, In Quarantäne, [69], [429253],1.0.2674

Spyware.Pony, C:\USERS\KTOWN\APPDATA\LOCAL\MICROSOFT\WINDOWS\{DD3F0BEA-6038-4E6A-92C6-012D40B65DEC}\WSCRIPT.EXE, In Quarantäne, [69], [429253],1.0.2674

Spyware.Pony, C:\USERS\KTOWN\APPDATA\LOCAL\MICROSOFT\WINDOWS\{07447B11-BD36-48EB-B4E9-E7F9BF5363B0}\DEFENDER.EXE, In Quarantäne, [69], [429253],1.0.2674

Spyware.Pony, C:\USERS\KTOWN\APPDATA\LOCAL\MICROSOFT\WINDOWS\{209CD171-D1F0-4F55-B654-41B51081028E}\DWM.EXE, In Quarantäne, [69], [429253],1.0.2674

Spyware.Pony, C:\USERS\KTOWN\APPDATA\LOCAL\MICROSOFT\WINDOWS\{40AB6665-68D5-496B-AFC0-BA8AF50C6919}\IEXPLORE.EXE, In Quarantäne, [69], [429103],1.0.2674

Spyware.Pony, C:\USERS\KTOWN\APPDATA\LOCAL\MICROSOFT\WINDOWS\{4B29994D-7D11-48AA-BBD7-3D6F5972EB8C}\EXPLORER.EXE, In Quarantäne, [69], [429253],1.0.2674

Spyware.Pony, C:\USERS\KTOWN\APPDATA\LOCAL\MICROSOFT\WINDOWS\{6176FFB1-D968-4280-A148-EA629546F193}\WINLOGON.EXE, In Quarantäne, [69], [429253],1.0.2674

Spyware.Pony, C:\USERS\KTOWN\APPDATA\LOCAL\MICROSOFT\WINDOWS\{6B4EA066-4854-492E-840A-8C7C5736B832}\JAVA.EXE, In Quarantäne, [69], [429253],1.0.2674

Spyware.Pony, C:\USERS\KTOWN\APPDATA\LOCAL\MICROSOFT\WINDOWS\{8C851D31-2EDE-4F07-939D-5C8A5C69CDFF}\WUAUCLT.EXE, In Quarantäne, [69], [429253],1.0.2674

Spyware.Pony, C:\USERS\KTOWN\APPDATA\LOCAL\MICROSOFT\WINDOWS\{A39D38FC-FBC7-48ED-882A-248539E8860C}\ADOBE.EXE, In Quarantäne, [69], [429253],1.0.2674

Spyware.Pony, C:\USERS\KTOWN\APPDATA\LOCAL\MICROSOFT\WINDOWS\{BA86BCA4-4096-428E-948B-1A43E316FCAD}\WINLOGON.EXE, In Quarantäne, [69], [429253],1.0.2674

Spyware.Pony, C:\USERS\KTOWN\APPDATA\LOCAL\MICROSOFT\WINDOWS\{CEE6B822-FD7E-4EFB-A7C8-019D405FC2C4}\MICROSOFT.EXE, In Quarantäne, [69], [429253],1.0.2674

Spyware.Pony, C:\USERS\KTOWN\APPDATA\LOCAL\MICROSOFT\WINDOWS\{E49E6D4F-E95C-4D0C-8E10-1FA6E9F8BB5F}\EXPLORER.EXE, In Quarantäne, [69], [429253],1.0.2674

Spyware.Pony, C:\USERS\KTOWN\APPDATA\LOCAL\MICROSOFT\WINDOWS\{1070BD43-530B-4357-A9B8-3C56887B61F1}\WUAUCLT.EXE, In Quarantäne, [69], [429253],1.0.2674

Spyware.Pony, C:\USERS\KTOWN\APPDATA\LOCAL\MICROSOFT\WINDOWS\{4320DDD4-600C-4A45-8177-E4F360433D85}\SYSTEM.EXE, In Quarantäne, [69], [429253],1.0.2674

Spyware.Pony, C:\USERS\KTOWN\APPDATA\LOCAL\MICROSOFT\WINDOWS\{566E0DA9-203E-496C-A5B0-8C825F39E577}\CSRSS.EXE, In Quarantäne, [69], [429253],1.0.2674

Spyware.Pony, C:\USERS\KTOWN\APPDATA\LOCAL\MICROSOFT\WINDOWS\{64CC78B0-D949-40FD-BA90-B2899E561F15}\CSRSS.EXE, In Quarantäne, [69], [429103],1.0.2674

Spyware.Pony, C:\USERS\KTOWN\APPDATA\LOCAL\MICROSOFT\WINDOWS\{714C6B6F-2043-4925-A281-ABF548FD5CE4}\HKCMD.EXE, In Quarantäne, [69], [429253],1.0.2674

Spyware.Pony, C:\USERS\KTOWN\APPDATA\LOCAL\MICROSOFT\WINDOWS\{8D3989AA-3322-4AB5-A14A-057BE8DF64FC}\WINLOGON.EXE, In Quarantäne, [69], [429253],1.0.2674

Spyware.Pony, C:\USERS\KTOWN\APPDATA\LOCAL\MICROSOFT\WINDOWS\{A800E9B1-0658-4F46-9D76-93F432E60DEE}\JAVA.EXE, In Quarantäne, [69], [429253],1.0.2674

Spyware.Pony, C:\USERS\KTOWN\APPDATA\LOCAL\MICROSOFT\WINDOWS\{BF496574-6A87-4920-8310-A54F8096DF51}\WUAUCLT.EXE, In Quarantäne, [69], [429253],1.0.2674

Spyware.Pony, C:\USERS\KTOWN\APPDATA\LOCAL\MICROSOFT\WINDOWS\{D000F72B-49B8-4B73-A5C7-CD55D0A8DA8A}\TASKHOST.EXE, In Quarantäne, [69], [429253],1.0.2674

Spyware.Pony, C:\USERS\KTOWN\APPDATA\LOCAL\MICROSOFT\WINDOWS\{ECF6E036-3732-40A8-9AC2-4FDCA292811E}\CHROME.EXE, In Quarantäne, [69], [429253],1.0.2674
 

Physischer Sektor: 0

(keine bösartigen Elemente erkannt)
 
 

(end)

Na, da hat MBAM ja gute Arbeit geleistet und alle deine verdächtigen Dateien gelöscht! Wir sind aber noch nicht fertig!

Jetzt will ich aber erst mal neue FRST-Logs sehen:

Schritt 1: neue FRST-Logs
Starte Windows neu, falls du das nach der letzten Bereinigung mit MBAM noch nicht gemacht hast, und:

Starte noch einmal FRST.
Setze alle Haken und klicke auf Untersuchen.
Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
Poste mir die FRST.txt und die Addition.txt in deinem Thread.

Schritt 2: TDSS-Killer
Downloade dir bitte

TDSSKiller.exe und speichere diese Datei auf dem Desktop

Starte die TDSSKiller.exe - Einstellen wie in der Anleitung zu TDSSKiller beschrieben.
Drücke Start Scan
Sollten infizierte Objekte gefunden werden, wähle keinesfalls Cure. Wähle Skip und klicke auf Continue.
TDSSKiller wird eine Logfile auf deinem Systemlaufwerk speichern (Meistens C:\)
Als Beispiel: C:\TDSSKiller.<Version_Datum_Uhrzeit>log.txt

Poste den Inhalt bitte in jedem Fall hier in deinen Thread.

FRST:

zu groß deswegen pastebin

https://pastebin.com/wTFvRq9G

Addition:

Code:

Zusätzliches Untersuchungsergebnis von Farbar Recovery Scan Tool (x64) Version: 20-08-2017

durchgeführt von ktown (29-08-2017 15:26:08)

Gestartet von C:\Users\ktown\Downloads\Mods

Windows 10 Pro Version 1703 (X64) (2017-08-25 19:02:02)

Start-Modus: Normal

==========================================================
 
 

==================== Konten: =============================
 

Administrator (S-1-5-21-1757837757-2786829171-2820918412-500 - Administrator - Disabled)

DefaultAccount (S-1-5-21-1757837757-2786829171-2820918412-503 - Limited - Disabled)

Gast (S-1-5-21-1757837757-2786829171-2820918412-501 - Limited - Disabled)

ktown (S-1-5-21-1757837757-2786829171-2820918412-1001 - Administrator - Enabled) => C:\Users\ktown
 

==================== Sicherheits-Center ========================
 

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er entfernt.)
 

AV: G DATA INTERNET SECURITY (Enabled - Up to date) {A9C56A9B-ECCD-57EA-78F6-92511DA1C885}

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

AV: Malwarebytes (Enabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B}

AS: Malwarebytes (Enabled - Up to date) {98619B37-4FC4-67F2-1C99-EEF6D47DBD96}

AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

FW: G*DATA Personal Firewall (Enabled) {91FEEBBE-A6A2-56B2-53A9-3B64E3728FFE}
 

==================== Installierte Programme ======================
 

(Nur Adware-Programme mit dem Zusatz "Hidden" können in die Fixlist aufgenommen werden, um sie sichtbar zu machen. Die Adware-Programme sollten manuell deinstalliert werden.)
 

.NET Core SDK 1.0.0 (x64) Installer (x64) (HKLM\...\{3A36F010-62C4-4173-9F25-257F1B0899DD}) (Version: 4.0.4911 - Microsoft Corporation) Hidden

.NET Core SDK 1.0.0 (x64) Installer (x64) (HKLM-x32\...\{c7c7d963-f622-455d-879a-7ffa111d1322}) (Version: 1.0.0 - Microsoft Corporation)

.NET Core SDK 1.1.0 (x64) (HKLM\...\{DF68596E-0F41-41CC-BAD9-9F30A9662D90}) (Version: 4.16.5124 - Microsoft Corporation) Hidden

.NET Core SDK 1.1.0 (x64) (HKLM-x32\...\{67d148ca-6fe2-47ec-bf5c-fbd64345d511}) (Version: 1.1.0 - Microsoft Corporation)

Active Directory Authentication Library für SQL Server (HKLM\...\{5AE8DFF5-F9A2-4B59-9875-45BFF82DC1DA}) (Version: 13.1.4001.0 - Microsoft Corporation) Hidden

Android SDK Tools (HKLM-x32\...\Android SDK Tools) (Version: 1.16 - Google Inc.)

Ansel (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Ansel) (Version: 385.41 - NVIDIA Corporation) Hidden

Application Verifier x64 External Package (HKLM\...\{2D7C1671-6F3D-2AA7-DAA3-91C96B60B919}) (Version: 10.1.15063.468 - Microsoft) Hidden

Blend for Visual Studio SDK for .NET 4.5 (HKLM-x32\...\{37E53780-3944-4A6A-842F-727128E8616E}) (Version: 3.0.40218.0 - Microsoft Corporation) Hidden

ClickOnce Bootstrapper Package for Microsoft .NET Framework (HKLM-x32\...\{E598B692-764A-413C-8530-59163D6B4AE3}) (Version: 4.6.01590 - Microsoft Corporation) Hidden

Cocos Creator (HKLM-x32\...\{ADCC55E5-5AB6-447C-8DBC-38B11BEC6E24}) (Version: 1.2.2.0 - Chukong Technologies) Hidden

Cocos Creator (HKLM-x32\...\Cocos Creator 1.2.2.0) (Version: 1.2.2.0 - Chukong Technologies)

ControlConsole API version 2.60 (HKLM-x32\...\{E6C0F5ED-B5EA-451D-8CB1-57902AA188DE}_is1) (Version: 2.60 - Enstone)

DevExpress Components 17.1 (HKLM-x32\...\DevExpress Components 17.1) (Version: 17.1.5 - Developer Express Inc.)

DevExpress DevExtreme 17.1 (HKLM-x32\...\DevExpress DevExtreme 17.1) (Version: 17.1.5 - Developer Express Inc.)

DiagnosticsHub_CollectionService (HKLM\...\{37385261-BB10-4DE0-8822-84E1C4997ED2}) (Version: 15.0.26730 - Microsoft Corporation) Hidden

Entity Framework 6.1.3 Tools  for Visual Studio 15 (HKLM-x32\...\{F8C0447E-D45C-4E52-94E8-C6340AAC9DB8}) (Version: 6.1.60104.0 - Microsoft Corporation) Hidden

Epic Games Launcher (HKLM-x32\...\{F190B233-EFDB-4E5B-93B4-71048DF906DC}) (Version: 1.1.91.0 - Epic Games, Inc.)

G DATA INTERNET SECURITY (HKLM-x32\...\G DATA INTERNET SECURITY) (Version: 25.4.0.1 - G DATA Software AG)

Git version 2.10.2 (HKLM\...\Git_is1) (Version: 2.10.2 - The Git Development Community)

GitHub Desktop (HKU\S-1-5-21-1757837757-2786829171-2820918412-1001\...\GitHubDesktop) (Version: 0.8.0 - GitHub, Inc.)

Google Chrome (HKLM-x32\...\Google Chrome) (Version: 60.0.3112.113 - Google Inc.)

Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.5 - Google Inc.) Hidden

Gtk# for .Net 2.12.26 (HKLM-x32\...\{BC25B808-A11C-4C9F-9C0A-6682E47AAB83}) (Version: 2.12.26 - Xamarin, Inc.)

icecap_collection_neutral (HKLM-x32\...\{743913D7-41D9-48C0-977D-FC87743A9BEC}) (Version: 15.0.26621 - Microsoft Corporation) Hidden

icecap_collection_x64 (HKLM\...\{6BC73140-3CB6-486A-8350-BF35F54EFA19}) (Version: 15.0.26621 - Microsoft Corporation) Hidden

icecap_collectionresources (HKLM-x32\...\{459CF809-89FA-424C-87E7-9269EBE1135B}) (Version: 15.0.26621 - Microsoft Corporation) Hidden

icecap_collectionresources (HKLM-x32\...\{67941F0C-2930-4C3F-983C-1089D2759B42}) (Version: 15.0.26621 - Microsoft Corporation) Hidden

icecap_collectionresourcesx64 (HKLM-x32\...\{304B71E2-BA3A-419C-B632-3DFBB4AFE42B}) (Version: 15.0.26621 - Microsoft Corporation) Hidden

icecap_collectionresourcesx64 (HKLM-x32\...\{D76CFB83-E33A-47DD-A420-A6ACF82484CE}) (Version: 15.0.26621 - Microsoft Corporation) Hidden

IIS 10.0 Express (HKLM\...\{A54DCC30-E1EA-4912-A7F9-6C5A3AF1FB3A}) (Version: 10.0.1738 - Microsoft Corporation)

IIS Express Application Compatibility Database for x64 (HKLM\...\{08274920-8908-45c2-9258-8ad67ff77b09}.sdb) (Version:  - ) Hidden

IIS Express Application Compatibility Database for x86 (HKLM\...\{ad846bae-d44b-4722-abad-f7420e08bcd9}.sdb) (Version:  - ) Hidden

Intellisense Lang Pack Mobile Extension SDK 10.0.15063.0 (HKLM-x32\...\{955DB066-D013-43F3-908C-CBC851E3D4FF}) (Version: 10.1.15063.468 - Microsoft Corporation) Hidden

IntelliTraceProfilerProxy (HKLM-x32\...\{0A2EDF2C-9A71-43D7-964A-696BB7CEAC65}) (Version: 15.0.25.0 - Microsoft Corporation) Hidden

Java SE Development Kit 8 Update 112 (HKLM-x32\...\{32A3A4F4-B792-11D6-A78A-00B0D0180112}) (Version: 8.0.1120.15 - Oracle Corporation)

Java SE Development Kit 8 Update 131 (64-bit) (HKLM\...\{64A3A4F4-B792-11D6-A78A-00B0D0180131}) (Version: 8.0.1310.11 - Oracle Corporation)

Java SE Development Kit 8 Update 131 (HKLM-x32\...\{32A3A4F4-B792-11D6-A78A-00B0D0180131}) (Version: 8.0.1310.11 - Oracle Corporation)

JDownloader 2 (HKLM\...\jdownloader2) (Version: 2.0 - AppWork GmbH)

Kits Configuration Installer (HKLM-x32\...\{1704C439-1501-3446-7932-33DA822E8597}) (Version: 10.1.15063.468 - Microsoft) Hidden

Kumulatives Microsoft .NET Framework Intellisense Pack für Visual Studio (Deutsch) (HKLM-x32\...\{91BF6CA6-F6AA-4639-944A-627B7D02567E}) (Version: 4.6.01604 - Microsoft Corporation) Hidden

Lightshot-5.4.0.10 (HKLM-x32\...\{30A5B3C9-2084-4063-A32A-628A98DE512B}_is1) (Version: 5.4.0.10 - Skillbrains)

Malwarebytes Version 3.2.2.2018 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.2.2.2018 - Malwarebytes)

MEGAsync (HKLM-x32\...\MEGAsync) (Version:  - Mega Limited)

Microsoft Azure Authoring Tools - v2.9.5.3 (HKLM\...\{086C537B-DE1A-4A11-8441-6AAF076174B8}) (Version: 2.9.8699.20 - Microsoft Corporation)

Microsoft Azure Compute Emulator - v2.9.5.3 (HKLM\...\Microsoft Azure Compute Emulator - v2.9.5.3) (Version: 2.9.8699.20 - Microsoft Corporation)

Microsoft Azure Libraries for .NET – v2.9 (HKLM\...\{C5C91AA6-3E83-430E-8B7A-6B790083F28D}) (Version: 3.0.0127.060 - Microsoft Corporation)

Microsoft Azure Mobile App SDK V3.0 (HKLM-x32\...\{A1D5A2EC-1BB0-4ED6-97E6-F044400FAFFD}) (Version: 3.0.50407.0 - Microsoft Corporation)

Microsoft Azure PowerShell - September 2016 (HKLM-x32\...\{CB3F8A12-1570-4964-8206-17274AB9EF4D}) (Version: 2.1.0 - Microsoft Corporation)

Microsoft Azure Storage Emulator - v5.1 (HKLM-x32\...\Microsoft Azure Storage Emulator - v5.1) (Version: 5.1.1760.1722 - Microsoft Corporation)

Microsoft Azure Storage Tools - v5.2.0 (HKLM-x32\...\{89B7B8B5-CC31-4C78-8E83-1E5B9506C322}) (Version: 5.2.0.0 - Microsoft Corporation)

Microsoft Emulator - Windows 10.0.14393.0 (HKLM-x32\...\{a2e12a9b-231c-46d5-b7bb-334b22e63f67}) (Version: 10.1.14393.0 - Microsoft Corporation)

Microsoft Help Viewer 2.3 (HKLM-x32\...\Microsoft Help Viewer 2.3) (Version: 2.3.26730 - Microsoft Corporation)

Microsoft Help Viewer 2.3 Sprachpaket – DEU (HKLM-x32\...\Microsoft Help Viewer 2.3 Sprachpaket – DEU) (Version: 2.3.26730 - Microsoft Corporation)

Microsoft Identity Extensions (HKLM\...\{F99F24BF-0B90-463E-9658-3FD2EFC3C992}) (Version: 2.0.1459.0 - Microsoft Corporation)

Microsoft OneDrive (HKU\S-1-5-21-1757837757-2786829171-2820918412-1001\...\OneDriveSetup.exe) (Version: 17.3.6943.0625 - Microsoft Corporation)

Microsoft SQL Server 2012 Native Client  (HKLM\...\{E9AD0F97-5DF2-4F5B-BC5B-F524D21BF165}) (Version: 11.3.6518.0 - Microsoft Corporation)

Microsoft SQL Server 2016 LocalDB  (HKLM\...\{33B8D051-4DF5-4103-8FDB-8663E468A204}) (Version: 13.1.4001.0 - Microsoft Corporation)

Microsoft System CLR Types for SQL Server 2017 CTP2.1 (HKLM\...\{9BAD8F82-A221-42CE-AFF0-7CAB825790C9}) (Version: 14.0.600.250 - Microsoft Corporation)

Microsoft System CLR Types for SQL Server 2017 CTP2.1 (HKLM-x32\...\{F0DD1AA8-44D7-4ACE-AF65-7378EA5D884C}) (Version: 14.0.600.250 - Microsoft Corporation)

Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)

Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)

Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)

Microsoft Visual C++ 2017 Redistributable (x64) - 14.10.25008 (HKLM-x32\...\{f1e7e313-06df-4c56-96a9-99fdfd149c51}) (Version: 14.10.25008.0 - Microsoft Corporation)

Microsoft Visual C++ 2017 Redistributable (x86) - 14.10.25008 (HKLM-x32\...\{c239cea1-d49e-4e16-8e87-8c055765f7ec}) (Version: 14.10.25008.0 - Microsoft Corporation)

Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)

Microsoft Visual Studio 2010-Tools für Office-Laufzeit (x64) Language Pack - DEU (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - DEU) (Version: 10.0.50903 - Microsoft Corporation)

Microsoft Visual Studio 2017 (HKLM\...\{6F320B93-EE3C-4826-85E0-ADF79F8D4C61}) (Version: 1.11.33287.817 - Microsoft Corporation)

Microsoft Visual Studio 2017 (HKLM-x32\...\{6F320B93-EE3C-4826-85E0-ADF79F8D4C61}) (Version: 1.5.30227.2 - Microsoft Corporation)

Microsoft Visual Studio Emulator for Android (HKLM-x32\...\{09a99ef7-bf11-413a-99a3-a77fd49c0d52}) (Version: 1.1.1207.2 - Microsoft Corporation)

Microsoft Web Deploy 3.6 (HKLM\...\{65C71B09-C33D-4F60-93EA-DF3AD1D40600}) (Version: 10.0.1981 - Microsoft Corporation)

MSI Development Tools (HKLM-x32\...\{E45B775D-8842-EC86-ED84-B740D52E6462}) (Version: 10.1.15063.468 - Microsoft Corporation) Hidden

Notepad++ (32-bit x86) (HKLM-x32\...\Notepad++) (Version: 7.5 - Notepad++ Team)

Nox APP Player (HKLM-x32\...\Nox) (Version: 5.0.0.1 - Duodian Technology Co. Ltd.)

NVIDIA 3D Vision Controller-Treiber 369.04 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 369.04 - NVIDIA Corporation)

NVIDIA 3D Vision Treiber 385.41 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 385.41 - NVIDIA Corporation)

NVIDIA GeForce Experience 3.9.0.61 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 3.9.0.61 - NVIDIA Corporation)

NVIDIA Grafiktreiber 385.41 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 385.41 - NVIDIA Corporation)

NVIDIA HD-Audiotreiber 1.3.34.27 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.34.27 - NVIDIA Corporation)

NVIDIA PhysX-Systemsoftware 9.17.0524 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.17.0524 - NVIDIA Corporation)

Open XML SDK 2.5 for Microsoft Office (HKLM-x32\...\{3EA16E23-14D2-466A-8268-D7CD40DC46B6}) (Version: 2.5.5631 - Microsoft Corporation) Hidden

Paket zur Festlegung von Zielversionen für Microsoft .NET Framework 4.6.2 (Deutsch) (HKLM-x32\...\{7D6C6611-CDE8-4057-96DE-70BF41A7AB6C}) (Version: 4.6.01590 - Microsoft Corporation) Hidden

Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7841 - Realtek Semiconductor Corp.)

SCE ProDG Debugger Documentation for PlayStation®3 v420.1.0 (HKLM-x32\...\{D7BF9F65-76E8-44BA-948A-875863CF3144}) (Version: 4.20.1 - Sony Computer Entertainment Ltd. / SN Systems Ltd.)

SCE ProDG Debugger for PlayStation®3 v420.1.0 (HKLM-x32\...\{6C8B2A8A-50E7-4D9F-80E7-94CBD6148FBB}) (Version: 4.20.1 - Sony Computer Entertainment Ltd. / SN Systems Ltd.)

SCE ProDG Target Manager Documentation for PlayStation®3 v420.1.0 (HKLM-x32\...\{6DDB0863-803D-4814-A39F-E395A5D4EE34}) (Version: 4.20.1 - Sony Computer Entertainment Ltd. / SN Systems Ltd.)

SCE ProDG Target Manager for PlayStation®3 v420.1.0 (HKLM-x32\...\{149E5890-9C43-4E68-92A3-5516705D1CAD}) (Version: 4.20.1 - Sony Computer Entertainment Ltd. / SN Systems Ltd.)

SN Systems SN Launcher v1.0.7.1 (HKLM-x32\...\{C72CA33A-AA67-4CB8-BD94-E2ABDED81173}) (Version: 1.0.7.1 - Sony Computer Entertainment Ltd. / SN Systems Ltd.)

sptools_Microsoft.VisualStudio.OfficeDeveloperTools.Msi (HKLM-x32\...\{72BA31CD-9667-422B-A8A4-65C248E06222}) (Version: 15.0.26501 - Microsoft Corporation) Hidden

sptools_Microsoft.VisualStudio.Vsto.Msi (HKLM-x32\...\{CD08D2FC-15E2-4B11-A824-091CD344612E}) (Version: 15.0.26417 - Microsoft Corporation) Hidden

sptools_Microsoft.VisualStudio.Vsto.Msi.Resources (HKLM-x32\...\{6F410B16-8B46-43AF-BC73-C43EE190BFA4}) (Version: 15.0.26417 - Microsoft Corporation) Hidden

sptools_Microsoft.VisualStudio.Vsto.Msi.Resources (HKLM-x32\...\{B837FCF6-9A51-44D6-95F9-F5C753019D53}) (Version: 15.0.26417 - Microsoft Corporation) Hidden

sptools_Microsoft.VisualStudio.Vsto.Msi.x64 (HKLM-x32\...\{F210BD01-6020-4406-AAE1-15B4D4C096C8}) (Version: 15.0.26417 - Microsoft Corporation) Hidden

TeamViewer 12 (HKLM-x32\...\TeamViewer) (Version: 12.0.82216 - TeamViewer)

TypeScript Power Tool (HKLM-x32\...\{5207E91E-2B03-42C0-89D0-F7B2082993C6}) (Version: 2.1.7.0 - Microsoft Corporation) Hidden

TypeScript Power Tool (HKLM-x32\...\{928F176B-50AF-404D-AD69-6FA3A7F45277}) (Version: 2.0.6.0 - Microsoft Corporation) Hidden

TypeScript SDK (HKLM-x32\...\{CFA1F87E-EF2B-4785-812C-4BEEA22CFD06}) (Version: 2.3.5.0 - Microsoft Corporation) Hidden

Unity (HKLM-x32\...\Unity) (Version: 5.4.0f3 - Unity Technologies ApS)

Universal CRT Extension SDK (HKLM-x32\...\{1FBCBC17-4527-2340-0832-B1D49C41FF67}) (Version: 10.0.26624 - Microsoft Corporation) Hidden

Universal CRT Extension SDK (HKLM-x32\...\{315BBDA9-CE84-D465-59F8-B9C765D953AC}) (Version: 10.1.10586.212 - Microsoft Corporation) Hidden

Universal CRT Extension SDK (HKLM-x32\...\{4E8F20FD-6BC7-B65C-D4F2-5D7CEDE3352E}) (Version: 10.1.14393.795 - Microsoft Corporation) Hidden

Universal CRT Extension SDK (HKLM-x32\...\{D23DC9CD-5870-9D26-5DE9-6273CAC7DD5B}) (Version: 10.1.15063.468 - Microsoft Corporation) Hidden

Universal CRT Headers Libraries and Sources (HKLM-x32\...\{233B73D9-650E-9CEC-1002-767C916C1B61}) (Version: 10.1.14393.795 - Microsoft Corporation) Hidden

Universal CRT Headers Libraries and Sources (HKLM-x32\...\{51523D5B-FC32-CAB4-E54E-E41C0E4C1726}) (Version: 10.1.15063.468 - Microsoft Corporation) Hidden

Universal CRT Headers Libraries and Sources (HKLM-x32\...\{8BFBEC30-33CC-13B4-849F-3B036F27466A}) (Version: 10.0.26624 - Microsoft Corporation) Hidden

Universal CRT Headers Libraries and Sources (HKLM-x32\...\{F4E7226B-6A1C-F4D6-1109-6E1CD5B3E633}) (Version: 10.1.10586.212 - Microsoft Corporation) Hidden

Universal CRT Redistributable (HKLM-x32\...\{573C4B4F-B9B9-28DA-0243-D118DD3EE574}) (Version: 10.1.15063.468 - Microsoft Corporation) Hidden

Universal CRT Tools x64 (HKLM\...\{3C75FFD3-00CF-1974-2935-7BED20381899}) (Version: 10.1.15063.468 - Microsoft Corporation) Hidden

Universal CRT Tools x86 (HKLM-x32\...\{812954B8-9658-EFE2-FB5F-B422048AA053}) (Version: 10.1.15063.468 - Microsoft Corporation) Hidden

Universal General MIDI DLS Extension SDK (HKLM-x32\...\{05086CEC-62C1-B12C-2FEC-C58E166FA7E8}) (Version: 10.1.15063.468 - Microsoft Corporation) Hidden

Universal General MIDI DLS Extension SDK (HKLM-x32\...\{6AFD985C-21B7-8F2D-86B2-19A0563A1195}) (Version: 10.0.26624 - Microsoft Corporation) Hidden

Universal General MIDI DLS Extension SDK (HKLM-x32\...\{AF5B9C51-F99A-59CC-70F5-214E9B535EE3}) (Version: 10.1.10586.212 - Microsoft Corporation) Hidden

Universal General MIDI DLS Extension SDK (HKLM-x32\...\{F2EB74A7-148A-8DC9-82A5-B5A88093EEC4}) (Version: 10.1.14393.795 - Microsoft Corporation) Hidden

Update for  (KB2504637) (HKLM-x32\...\{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}.KB2504637) (Version: 1 - Microsoft Corporation)

vcpp_crt.redist.clickonce (HKLM-x32\...\{177ED059-D367-4B1E-8511-295E5B62DBEF}) (Version: 14.11.25325 - Microsoft Corporation) Hidden

vcpp_crt.redist.clickonce (HKLM-x32\...\{C36E80D0-EED5-481F-9852-1EBB0DD122B6}) (Version: 14.11.25325 - Microsoft Corporation) Hidden

VirusTotal Uploader 2.2 (HKLM-x32\...\VTUploader) (Version:  - )

VLC media player (HKLM\...\VLC media player) (Version: 2.2.6 - VideoLAN)

VS Immersive Activate Helper (HKLM-x32\...\{FD1039C3-228B-43BB-820A-ACAED580A9D5}) (Version: 16.0.71.0 - Microsoft Corporation) Hidden

VS JIT Debugger (HKLM\...\{75068E51-7C37-4003-84C2-C67461C8D60A}) (Version: 16.0.71.0 - Microsoft Corporation) Hidden

VS Script Debugging Common (HKLM\...\{A9ED1B56-3819-4B14-A929-89DD3E16E216}) (Version: 16.0.71.0 - Microsoft Corporation) Hidden

VS WCF Debugging (HKLM\...\{EF9A8134-DF80-46A8-85AF-7FBD1E848C12}) (Version: 16.0.71.0 - Microsoft Corporation) Hidden

vs_BlendMsi (HKLM-x32\...\{028492D7-855B-4018-B0A8-B5411EED541A}) (Version: 15.0.26621 - Microsoft Corporation) Hidden

vs_clickoncebootstrappermsi (HKLM-x32\...\{DCAD4F0C-21F2-4955-9C0A-2B7CEA610A74}) (Version: 15.0.26621 - Microsoft Corporation) Hidden

vs_clickoncebootstrappermsires (HKLM-x32\...\{C32010D8-3E5A-4E2F-874E-9AAEB2384006}) (Version: 15.0.26621 - Microsoft Corporation) Hidden

vs_clickoncesigntoolmsi (HKLM-x32\...\{440B670C-9862-487A-A381-57173D344039}) (Version: 15.0.26621 - Microsoft Corporation) Hidden

vs_codecoveragemsi (HKLM-x32\...\{4047FD10-8010-453A-A110-EA2CF71591B9}) (Version: 15.0.26621 - Microsoft Corporation) Hidden

vs_codeduitestframeworkmsi (HKLM-x32\...\{768725FE-C24E-4D48-BB07-6046761C2A00}) (Version: 15.0.26621 - Microsoft Corporation) Hidden

vs_communitymsi (HKLM-x32\...\{52100697-9C66-44F3-BA20-68F8148CDF9B}) (Version: 15.0.26711 - Microsoft Corporation) Hidden

vs_communitymsires (HKLM-x32\...\{40040E64-50EB-4FCF-B209-DA0B20821759}) (Version: 15.0.26621 - Microsoft Corporation) Hidden

vs_communitymsires (HKLM-x32\...\{5297D80E-CD92-48D8-9DB0-301AB3205772}) (Version: 15.0.26621 - Microsoft Corporation) Hidden

vs_cuitcommoncoremsi (HKLM-x32\...\{35804EBF-56A5-4847-848B-1A067AC6DE56}) (Version: 15.0.26621 - Microsoft Corporation) Hidden

vs_cuitextensionmsi (HKLM-x32\...\{C356AA66-C6D7-43C5-9D31-9D58DFB0FE2F}) (Version: 15.0.26621 - Microsoft Corporation) Hidden

vs_cuitextensionmsi_x64 (HKLM-x32\...\{EA12406A-8EED-49AB-A47B-FFA47D4F9ADE}) (Version: 15.0.26621 - Microsoft Corporation) Hidden

vs_devenvmsi (HKLM-x32\...\{BFFA2FFB-1095-4ADD-A352-368806D2412B}) (Version: 15.0.26621 - Microsoft Corporation) Hidden

vs_enterprisemsi (HKLM-x32\...\{6E0FB913-0E76-44B5-B0D4-2B71A7984BD2}) (Version: 15.0.26621 - Microsoft Corporation) Hidden

vs_feedbackclientmsi (HKLM-x32\...\{959DC3F5-5B3C-4194-81E4-F009F7C2605E}) (Version: 15.0.26621 - Microsoft Corporation) Hidden

vs_filehandler_amd64 (HKLM-x32\...\{DDEF2BD0-F728-4D04-A085-B5ACC9ADC311}) (Version: 15.0.26711 - Microsoft Corporation) Hidden

vs_filehandler_x86 (HKLM-x32\...\{2512A3CE-E1E4-46D5-8B40-28DA3AE2261E}) (Version: 15.0.26711 - Microsoft Corporation) Hidden

vs_FileTracker_Singleton (HKLM-x32\...\{384F31FB-B99D-48A7-9D72-E1FEBEC2201A}) (Version: 15.0.26621 - Microsoft Corporation) Hidden

vs_Graphics_Singletonx64 (HKLM\...\{134E1F55-10CB-4837-9F43-C8145933AA3E}) (Version: 15.0.26621 - Microsoft Corporation) Hidden

vs_Graphics_Singletonx86 (HKLM-x32\...\{5A528FAB-6AD3-4F9A-9A1C-566A5C02C3D6}) (Version: 15.0.26621 - Microsoft Corporation) Hidden

vs_helpconfigmsi (HKLM-x32\...\{62B7E0A7-6623-4C90-84DA-A321493EFE98}) (Version: 15.0.26621 - Microsoft Corporation) Hidden

vs_helpconfigmsi (HKLM-x32\...\{9C975D07-01C8-4EFF-95E3-0768063E4F27}) (Version: 15.0.26621 - Microsoft Corporation) Hidden

vs_labtestagentdeployermsi (HKLM-x32\...\{3AF048AA-9E41-4FA7-9BCA-D3B15EC5B2D4}) (Version: 15.0.26621 - Microsoft Corporation) Hidden

vs_loadtestexceladdinmsi (HKLM-x32\...\{0F880133-E9D3-4494-8B23-12D0A4B02EE1}) (Version: 15.0.26621 - Microsoft Corporation) Hidden

vs_loadtestexceladdinmsires (HKLM-x32\...\{F1D4ADA9-E24C-4942-A076-C5E7124FA2F7}) (Version: 15.0.26621 - Microsoft Corporation) Hidden

vs_microsofttestmanagermsi (HKLM-x32\...\{4F61F270-3E5D-4B62-AB5F-AA1B034A86C6}) (Version: 15.0.26730 - Microsoft Corporation) Hidden

vs_minshellinteropmsi (HKLM-x32\...\{D0772A03-7FC2-4B20-AC1F-B278299AA9C7}) (Version: 15.0.26621 - Microsoft Corporation) Hidden

vs_minshellmsi (HKLM-x32\...\{0F2742A7-6A64-46A2-94AE-22F19808BE2F}) (Version: 15.0.26711 - Microsoft Corporation) Hidden

vs_minshellmsires (HKLM-x32\...\{0D3A6730-43CE-4AF6-BDF7-4D0660296C60}) (Version: 15.0.26621 - Microsoft Corporation) Hidden

vs_minshellmsires (HKLM-x32\...\{6DFE6F8D-B61D-4348-AB70-4ABF1210DFD5}) (Version: 15.0.26621 - Microsoft Corporation) Hidden

vs_networkemulationmsi_x64 (HKLM-x32\...\{DC5A810D-6264-4280-8475-4CB6B36D84AE}) (Version: 15.0.26621 - Microsoft Corporation) Hidden

vs_professionalmsi (HKLM-x32\...\{C135A30B-7258-4E11-8660-87C5642A4AAE}) (Version: 15.0.26621 - Microsoft Corporation) Hidden

vs_SQLClickOnceBootstrappermsi (HKLM-x32\...\{5C682D5E-7168-47C6-87CD-53E2103B08AC}) (Version: 15.0.26621 - Microsoft Corporation) Hidden

vs_tipsmsi (HKLM-x32\...\{032E21D1-556F-49D6-9518-CF53202AF63B}) (Version: 15.0.26621 - Microsoft Corporation) Hidden

vs_webtestrecordermsi (HKLM-x32\...\{76181917-D381-4DA6-9ADE-9639C042F7F4}) (Version: 15.0.26711 - Microsoft Corporation) Hidden

vs_webtestrecordermsi_x64 (HKLM-x32\...\{9B5CDB0B-D416-44BE-A5C5-CAC36FF54C23}) (Version: 15.0.26621 - Microsoft Corporation) Hidden

vs_webtestrecordermsires (HKLM-x32\...\{57C5E365-8E3B-47AB-A6D9-803C1AD76920}) (Version: 15.0.26621 - Microsoft Corporation) Hidden

Vulkan Run Time Libraries 1.0.51.0 (HKLM\...\VulkanRT1.0.51.0) (Version: 1.0.51.0 - LunarG, Inc.)

WhatsApp (HKU\S-1-5-21-1757837757-2786829171-2820918412-1001\...\WhatsApp) (Version: 0.2.5863 - WhatsApp)

WinAppDeploy (HKLM-x32\...\{1AD35036-0E71-1C38-E4F8-14F6ED75EA98}) (Version: 10.1.15063.468 - Microsoft Corporation) Hidden

WinAppDeploy (HKLM-x32\...\{C9966D24-DB2F-8514-EAA3-BEED85F3E166}) (Version: 10.1.14393.795 - Microsoft Corporation) Hidden

Windows 10 for Mobile Image - 10.0.14393.0 (HKLM-x32\...\{E6B9680D-DCAD-4211-939D-CA6701F2C5A0}) (Version: 10.1.14393.0 - Microsoft Corporation)

Windows SDK AddOn (HKLM-x32\...\{3BE62AA1-60B9-42EA-99BC-1A46B31C7E0C}) (Version: 10.1.0.0 - Microsoft Corporation)

Windows Software Development Kit - Windows 10.0.10586.212 (HKLM-x32\...\{43d9f43d-c90b-4fdf-9dfe-ecf9990bfa2a}) (Version: 10.1.10586.212 - Microsoft Corporation)

Windows Software Development Kit - Windows 10.0.14393.795 (HKLM-x32\...\{5eb6fbea-73ee-4a8e-9042-110704768d7f}) (Version: 10.1.14393.795 - Microsoft Corporation)

Windows Software Development Kit - Windows 10.0.15063.468 (HKLM-x32\...\{0a829ae9-ca13-4f58-a168-648e80cf6739}) (Version: 10.1.15063.468 - Microsoft Corporation)

Windows Software Development Kit - Windows 10.0.26624 (HKLM-x32\...\{e7a0c8b6-b0e9-41e2-8a0a-a6784f88d1d4}) (Version: 10.0.26624 - Microsoft Corporation)

WinRAR 5.50 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 5.50.0 - win.rar GmbH)

WinRT Intellisense Desktop - en-us (HKLM-x32\...\{3E1718A0-E5A4-04EB-E85C-DF94790FCCF4}) (Version: 10.1.15063.468 - Microsoft Corporation) Hidden

WinRT Intellisense Desktop - en-us (HKLM-x32\...\{A249F631-CEBC-EDCB-4C49-700E551E66CA}) (Version: 10.1.14393.795 - Microsoft Corporation) Hidden

WinRT Intellisense Desktop - Other Languages (HKLM-x32\...\{26FD6F7E-30DF-16AB-9F3B-2EC665C36498}) (Version: 10.1.15063.468 - Microsoft Corporation) Hidden

WinRT Intellisense Desktop - Other Languages (HKLM-x32\...\{E71CB7F1-3E88-4450-1764-B3CC1E205C4A}) (Version: 10.1.14393.795 - Microsoft Corporation) Hidden

WinRT Intellisense IoT - en-us (HKLM-x32\...\{B3E6FE24-A4E4-0454-5004-D8A3CCC9B0F6}) (Version: 10.1.15063.468 - Microsoft Corporation) Hidden

WinRT Intellisense IoT - en-us (HKLM-x32\...\{C49E6FDA-8196-0CAF-2CDD-CF1B0F4EA5AD}) (Version: 10.1.14393.795 - Microsoft Corporation) Hidden

WinRT Intellisense IoT - Other Languages (HKLM-x32\...\{33D11371-82A5-852B-CDE2-5528CE406151}) (Version: 10.1.14393.795 - Microsoft Corporation) Hidden

WinRT Intellisense IoT - Other Languages (HKLM-x32\...\{CC57D696-D6B5-DB4D-7ABC-C373CF7E6D73}) (Version: 10.1.15063.468 - Microsoft Corporation) Hidden

WinRT Intellisense PPI - en-us (HKLM-x32\...\{891DDA6A-C9D4-9C57-BC4E-B77CE28BAFC3}) (Version: 10.1.15063.468 - Microsoft Corporation) Hidden

WinRT Intellisense PPI - en-us (HKLM-x32\...\{FB431EE2-C835-6DE9-8DC3-C8FCDE028FE0}) (Version: 10.1.14393.795 - Microsoft Corporation) Hidden

WinRT Intellisense PPI - Other Languages (HKLM-x32\...\{C22B0226-A0C4-B973-C0BF-24A3D66B8C3E}) (Version: 10.1.15063.468 - Microsoft Corporation) Hidden

WinRT Intellisense PPI - Other Languages (HKLM-x32\...\{FB82399D-9C48-9AF5-DCA1-CFE61BCA70A6}) (Version: 10.1.14393.795 - Microsoft Corporation) Hidden

WinRT Intellisense UAP - en-us (HKLM-x32\...\{23909757-D6F0-7F7C-BD34-7E72BA9BD59C}) (Version: 10.1.14393.795 - Microsoft Corporation) Hidden

WinRT Intellisense UAP - en-us (HKLM-x32\...\{F3F1C906-9349-1B25-3680-65015218BD99}) (Version: 10.1.15063.468 - Microsoft Corporation) Hidden

WinRT Intellisense UAP - Other Languages (HKLM-x32\...\{CB8253BF-62B4-A504-7E06-BA102F48C02B}) (Version: 10.1.15063.468 - Microsoft Corporation) Hidden

WinRT Intellisense UAP - Other Languages (HKLM-x32\...\{D3A337CD-EA32-F4BA-03FA-825903190C92}) (Version: 10.1.14393.795 - Microsoft Corporation) Hidden

WinRT Intellisense Xbox Live Extension SDK - en-us (HKLM-x32\...\{74B9E6F9-1793-4E90-22A1-A42254D04453}) (Version: 10.1.10586.212 - Microsoft Corporation) Hidden

WinRT Intellisense Xbox Live Extension SDK - Other Languages (HKLM-x32\...\{1EE3550B-B5FB-B866-C153-1C609FBC1E89}) (Version: 10.1.10586.212 - Microsoft Corporation) Hidden

Workflow Manager Client 1.0 (HKLM\...\{69CD1F2D-DF68-4E23-9108-1B70783F2855}) (Version: 2.1.10525.2 - Microsoft Corporation) Hidden

Workflow Manager Client 1.0 (HKLM\...\{831D3854-30D1-4A11-927C-8E94B8091949}) (Version: 2.1.10525.2 - Microsoft Corporation) Hidden

Workflow Manager Tools 1.0 for Visual Studio (HKLM\...\{6B8CA6C8-47AE-450F-AD26-0B2133BFAAF7}) (Version: 2.1.10713.0 - Microsoft Corporation) Hidden

Workflow Manager Tools 1.0 for Visual Studio (HKLM\...\{7E351EBA-A063-4DE6-9F95-094883AAF7DA}) (Version: 2.1.10713.0 - Microsoft Corporation) Hidden

Xamarin PCL Profiles v1.0.9 (HKLM-x32\...\{5E6844AB-A867-419C-A376-B12B574AA5F7}) (Version: 1.0.9.0 - Xamarin) Hidden

Xamarin Profiler (HKLM-x32\...\{2CA1A69E-9A53-46D4-86EA-2EC6EC372B09}) (Version: 1.5.5.10 - Xamarin, Inc.) Hidden

Xamarin Remoted iOS Simulator (HKLM-x32\...\{15B5F198-5222-4397-975F-2F7D1F871D8C}) (Version: 1.1.0.77 - Xamarin) Hidden

Xamarin Workbooks and Inspector (HKLM-x32\...\{4C9771FB-6EB6-4E89-A2BE-BDE8B61C1BEC}) (Version: 1.2.2.9000 - Xamarin) Hidden

Xamarin.Bonjour v1.0.13 (HKLM-x32\...\{32B2DF61-DE93-4AF9-A7A6-79B03299A0AA}) (Version: 1.0.13.0 - Xamarin) Hidden

Xoreax IncrediBuild 8 (build 1854) (HKLM-x32\...\XoreaxIncrediBuild) (Version:  - )
 

==================== Benutzerdefinierte CLSID (Nicht auf der Ausnahmeliste): ==========================
 

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
 

CustomCLSID: HKU\S-1-5-21-1757837757-2786829171-2820918412-1001_Classes\CLSID\{00020420-0000-0000-C000-000000000046}\InprocServer32 -> C:\Windows\system32\oleaut32.dll (Microsoft Corporation)

CustomCLSID: HKU\S-1-5-21-1757837757-2786829171-2820918412-1001_Classes\CLSID\{00020421-0000-0000-C000-000000000046}\InprocServer32 -> C:\Windows\system32\oleaut32.dll (Microsoft Corporation)

CustomCLSID: HKU\S-1-5-21-1757837757-2786829171-2820918412-1001_Classes\CLSID\{00020422-0000-0000-C000-000000000046}\InprocServer32 -> C:\Windows\system32\oleaut32.dll (Microsoft Corporation)

CustomCLSID: HKU\S-1-5-21-1757837757-2786829171-2820918412-1001_Classes\CLSID\{00020423-0000-0000-C000-000000000046}\InprocServer32 -> C:\Windows\system32\oleaut32.dll (Microsoft Corporation)

CustomCLSID: HKU\S-1-5-21-1757837757-2786829171-2820918412-1001_Classes\CLSID\{00020424-0000-0000-C000-000000000046}\InprocServer32 -> C:\Windows\system32\oleaut32.dll (Microsoft Corporation)

CustomCLSID: HKU\S-1-5-21-1757837757-2786829171-2820918412-1001_Classes\CLSID\{00020425-0000-0000-C000-000000000046}\InprocServer32 -> C:\Windows\system32\oleaut32.dll (Microsoft Corporation)

ContextMenuHandlers1: [ANotepad++64] -> {B298D29A-A6ED-11DE-BA8C-A68E55D89593} => C:\Program Files (x86)\Notepad++\NppShell_06.dll [2017-08-15] ()

ContextMenuHandlers1: [AVK9CM] -> {CAF4C320-32F5-11D3-A222-004095200FF2} => C:\Program Files (x86)\G DATA\InternetSecurity\AVK\ShellExt64.dll [2017-06-08] (G DATA Software AG)

ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2017-08-11] (Alexander Roshal)

ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2017-08-11] (Alexander Roshal)

ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-08-21] (Malwarebytes)

ContextMenuHandlers3: [Reisswolf] -> {1F0F1EE7-36B9-11D2-8985-0080ADA96E9B} => C:\Program Files (x86)\G DATA\InternetSecurity\Shredder\Reisswlf64.dll [2017-06-08] (G DATA Software AG)

ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\Windows\system32\nvshext.dll [2017-08-22] (NVIDIA Corporation)

ContextMenuHandlers6: [AVK9CM] -> {CAF4C320-32F5-11D3-A222-004095200FF2} => C:\Program Files (x86)\G DATA\InternetSecurity\AVK\ShellExt64.dll [2017-06-08] (G DATA Software AG)

ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-08-21] (Malwarebytes)

ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2017-08-11] (Alexander Roshal)

ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2017-08-11] (Alexander Roshal)
 

==================== Geplante Aufgaben (Nicht auf der Ausnahmeliste) =============
 

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
 

Task: {056CD82D-89B6-4D4C-B91B-38D661E2686C} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-08-26] (Google Inc.)

Task: {10DEB935-2553-4CD5-BE78-F3C734EDDFD4} - System32\Tasks\update-S-1-5-21-1757837757-2786829171-2820918412-1001 => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe [2017-04-12] (TODO: <Company name>)

Task: {36E0628E-619C-4FE8-9069-7750EE4B15BD} - System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [2017-08-22] (NVIDIA Corporation)

Task: {3B489219-0C1E-40B1-9948-495CB6510001} - System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [2017-08-22] (NVIDIA Corporation)

Task: {7E40D45F-B453-40D4-89E5-35ED42EF755F} - System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [2017-08-22] (NVIDIA Corporation)

Task: {813D3130-0B01-48BE-B5DE-D295B81ABECD} - System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NvNode\nvnodejslauncher.exe [2017-08-22] (NVIDIA Corporation)

Task: {8555401C-A76C-408D-825C-25F21AF8A1AE} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-08-26] (Google Inc.)

Task: {8B277C45-0054-4FED-9C55-920B6CF37316} - System32\Tasks\NvTmRepOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2017-08-22] (NVIDIA Corporation)

Task: {9BE2E280-4D48-4665-9B82-7FF7D60DA8C0} - System32\Tasks\update-sys => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe [2017-04-12] (TODO: <Company name>)

Task: {A0D10346-0A5B-4E4B-91BB-7DE293230A36} - System32\Tasks\Microsoft\VisualStudio\VSIX Auto Update 15.0.396 => C:\Program Files (x86)\Microsoft Visual Studio\2017\Enterprise\Common7\IDE\VSIXAutoUpdate.exe [2017-08-27] ()

Task: {C5D17547-ADFD-4D96-8BA1-AC9823B072BF} - System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2017-08-22] (NVIDIA Corporation)

Task: {E8596A42-A281-4E34-8489-C611F29AF541} - System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmMon.exe [2017-08-22] (NVIDIA Corporation)

Task: {FB9DE70E-6056-4C77-8409-434AD5549F1B} - System32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA GeForce Experience.exe [2017-08-22] (NVIDIA Corporation)
 

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Aufgabe verschoben. Die Datei, die durch die Aufgabe gestartet wird, wird nicht verschoben.)
 

Task: C:\Windows\Tasks\update-S-1-5-21-1757837757-2786829171-2820918412-1001.job => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe

Task: C:\Windows\Tasks\update-sys.job => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe
 

==================== Verknüpfungen & WMI ========================
 

(Die Einträge können gelistet werden, um sie zurückzusetzen oder zu entfernen.)
 
 

ShortcutWithArgument: C:\Users\ktown\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome-Apps\TwitchAlerts Stream Labels.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) ->  --profile-directory=Default --app-id=kgmggmdngboajiakmbpdknfpdelbjbcg
 

==================== Geladene Module (Nicht auf der Ausnahmeliste) ==============
 

2017-08-25 21:13 - 2013-07-03 20:32 - 000936728 _____ () C:\Program Files (x86)\ASUS\AXSP\1.01.02\atkexComSvc.exe

2017-08-27 21:03 - 2017-08-22 03:01 - 001267320 _____ () C:\Program Files\NVIDIA Corporation\NvContainer\libprotobuf.dll

2017-08-28 18:20 - 2017-08-24 11:27 - 002264528 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\MwacLib.dll

2017-06-08 05:54 - 2017-06-08 05:54 - 000554984 _____ () C:\Program Files (x86)\Common Files\G Data\AVKProxy\PktIcpt2x64.dll

2017-03-18 22:58 - 2017-03-18 22:58 - 000138000 _____ () C:\Windows\SYSTEM32\inputhost.dll

2017-08-26 12:13 - 2017-08-26 12:14 - 000074752 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.19.856.0_x64__kzf8qxf38zg5c\SkypeHost.exe

2017-08-26 12:13 - 2017-08-26 12:14 - 000203264 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.19.856.0_x64__kzf8qxf38zg5c\SkypeBackgroundTasks.dll

2017-08-26 12:13 - 2017-08-26 12:14 - 036162048 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.19.856.0_x64__kzf8qxf38zg5c\SkyWrap.dll

2017-08-26 12:13 - 2017-08-26 12:14 - 002237952 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.19.856.0_x64__kzf8qxf38zg5c\skypert.dll

2017-08-26 11:51 - 2017-08-23 10:48 - 003824472 _____ () C:\Program Files (x86)\Google\Chrome\Application\60.0.3112.113\libglesv2.dll

2017-08-26 11:51 - 2017-08-23 10:48 - 000100184 _____ () C:\Program Files (x86)\Google\Chrome\Application\60.0.3112.113\libegl.dll

2017-03-18 22:59 - 2017-03-20 06:43 - 001731072 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll

2017-08-26 12:11 - 2017-08-26 12:12 - 003139496 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsStore_11707.1001.23.0_x64__8wekyb3d8bbwe\Microsoft.UI.Xaml.dll

2017-08-26 12:15 - 2017-08-26 12:15 - 010600960 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsStore_11707.1001.23.0_x64__8wekyb3d8bbwe\WinStore.Entertainment.Mobile.dll

2017-08-26 12:15 - 2017-08-26 12:15 - 002640896 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsStore_11707.1001.23.0_x64__8wekyb3d8bbwe\MS.Entertainment.Common.Mobile.dll

2017-08-26 13:16 - 2017-08-23 18:49 - 002259968 _____ () C:\Users\ktown\AppData\Local\WhatsApp\app-0.2.5863\ffmpeg.dll

2017-08-29 14:17 - 2017-08-29 14:17 - 000486400 _____ () \\?\C:\Users\ktown\AppData\Local\Temp\D58D.tmp.node

2017-08-29 14:17 - 2017-08-29 14:17 - 000221184 _____ () \\?\C:\Users\ktown\AppData\Local\Temp\DDAC.tmp.node

2017-08-26 13:16 - 2017-08-23 18:49 - 002917376 _____ () C:\Users\ktown\AppData\Local\WhatsApp\app-0.2.5863\libglesv2.dll

2017-08-26 13:16 - 2017-08-23 18:49 - 000095232 _____ () C:\Users\ktown\AppData\Local\WhatsApp\app-0.2.5863\libegl.dll

2017-08-29 14:17 - 2017-08-29 14:17 - 000486400 _____ () \\?\C:\Users\ktown\AppData\Local\Temp\DD5D.tmp.node

2017-08-26 12:11 - 2017-08-26 12:11 - 004323328 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1706.1862.0_x64__8wekyb3d8bbwe\Calculator.exe

2017-08-26 12:11 - 2017-08-26 12:11 - 003500456 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1706.1862.0_x64__8wekyb3d8bbwe\Microsoft.UI.Xaml.dll

2017-08-25 21:13 - 2017-08-29 11:42 - 000026112 _____ () C:\Program Files (x86)\ASUS\AXSP\1.01.02\PEbiosinterface32.dll

2017-08-25 21:13 - 2013-07-03 20:32 - 000104448 _____ () C:\Program Files (x86)\ASUS\AXSP\1.01.02\ATKEX.dll

2016-04-13 10:38 - 2016-04-13 10:38 - 000482304 _____ () C:\Users\ktown\AppData\Local\MEGAsync\libsodium.dll

2017-08-27 21:03 - 2017-08-22 03:01 - 069807736 _____ () C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\libcef.dll

2017-08-27 21:03 - 2017-08-22 03:01 - 001040504 _____ () C:\Program Files (x86)\NVIDIA Corporation\NvContainer\libprotobuf.dll

2017-08-15 23:20 - 2017-08-15 23:20 - 000021680 _____ () C:\Program Files (x86)\Notepad++\plugins\NppExport.dll
 

==================== Alternate Data Streams (Nicht auf der Ausnahmeliste) =========
 

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird nur der ADS entfernt.)
 
 

==================== Abgesicherter Modus (Nicht auf der Ausnahmeliste) ===================
 

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Der Wert "AlternateShell" wird wiederhergestellt.)
 

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
 

==================== Verknüpfungen (Nicht auf der Ausnahmeliste) ===============
 

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt.)
 
 

==================== Internet Explorer Vertrauenswürdig/Eingeschränkt ===============
 

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt.)
 
 

==================== Hosts Inhalt: ===============================
 

(Wenn benötigt kann der Hosts: Schalter in die Fixlist aufgenommen werden um die Hosts Datei zurückzusetzen.)
 

2017-03-18 23:03 - 2017-08-28 18:16 - 000000830 _____ C:\Windows\system32\Drivers\etc\hosts
 
 

==================== Andere Bereiche ============================
 

(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)
 

HKU\S-1-5-21-1757837757-2786829171-2820918412-1001\Control Panel\Desktop\\Wallpaper -> C:\Windows\web\wallpaper\Windows\img0.jpg

DNS Servers: 192.168.0.1

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: )

Windows Firewall ist aktiviert.
 

==================== MSCONFIG/TASK MANAGER Deaktivierte Einträge ==
 

HKLM\...\StartupApproved\Run: => "SecurityHealth"

HKLM\...\StartupApproved\Run32: => "IncrediBuild Agent Monitor"

HKU\S-1-5-21-1757837757-2786829171-2820918412-1001\...\StartupApproved\Run: => "OneDrive"
 

==================== Firewall Regeln (Nicht auf der Ausnahmeliste) ===============
 

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
 

FirewallRules: [VIRT-REMOTEDESKTOP-In-TCP-NoScope] => (Allow) %systemroot%\system32\vmms.exe

FirewallRules: [VIRT-MIGL-In-TCP-NoScope] => (Allow) %systemroot%\system32\vmms.exe
 

==================== Wiederherstellungspunkte =========================
 

29-08-2017 14:03:48 Geplanter Prüfpunkt
 

==================== Fehlerhafte Geräte im Gerätemanager =============
 
 

==================== Fehlereinträge in der Ereignisanzeige: =========================
 

Applikationsfehler:

==================

Error: (08/29/2017 11:55:37 AM) (Source: SideBySide) (EventID: 33) (User: )

Description: Fehler beim Generieren des Aktivierungskontextes für "c:\program files (x86)\xoreax\incredibuild\TestCRT80.exe".

Die abhängige Assemblierung "Microsoft.VC80.ATL,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.4053"" konnte nicht gefunden werden.

Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".
 

Error: (08/29/2017 11:55:37 AM) (Source: SideBySide) (EventID: 33) (User: )

Description: Fehler beim Generieren des Aktivierungskontextes für "c:\program files (x86)\xoreax\incredibuild\TestCRT90.exe".

Die abhängige Assemblierung "Microsoft.VC90.ATL,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.30729.1"" konnte nicht gefunden werden.

Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".
 

Error: (08/29/2017 11:55:01 AM) (Source: SideBySide) (EventID: 33) (User: )

Description: Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files (x86)\Windows Kits\10\bin\10.0.15063.0\arm64\signtool.exe.Manifest".

Die abhängige Assemblierung "Microsoft.Windows.Build.Appx.AppxSip.dll,version="0.0.0.0"" konnte nicht gefunden werden.

Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".
 

Error: (08/29/2017 11:55:01 AM) (Source: SideBySide) (EventID: 33) (User: )

Description: Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files (x86)\Windows Kits\10\bin\10.0.15063.0\arm\signtool.exe.Manifest".

Die abhängige Assemblierung "Microsoft.Windows.Build.Signing.wintrust.dll,version="0.0.0.0"" konnte nicht gefunden werden.

Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".
 

Error: (08/29/2017 11:53:47 AM) (Source: SideBySide) (EventID: 33) (User: )

Description: Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files (x86)\Microsoft Visual Studio 14.0\VC\redist\1033\vcredist_arm.exe".

Die abhängige Assemblierung "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="arm",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"" konnte nicht gefunden werden.

Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".
 

Error: (08/29/2017 11:49:48 AM) (Source: SideBySide) (EventID: 33) (User: )

Description: Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files (x86)\Windows Kits\10\bin\arm64\oleview.exe".

Die abhängige Assemblierung "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="arm64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"" konnte nicht gefunden werden.

Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".
 

Error: (08/29/2017 11:49:48 AM) (Source: SideBySide) (EventID: 33) (User: )

Description: Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files (x86)\Windows Kits\10\bin\arm64\filetypeverifier.exe".

Die abhängige Assemblierung "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="arm64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"" konnte nicht gefunden werden.

Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".
 

Error: (08/29/2017 11:47:27 AM) (Source: SideBySide) (EventID: 33) (User: )

Description: Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files (x86)\Windows Kits\10\bin\arm\signtool.exe.Manifest".

Die abhängige Assemblierung "Microsoft.Windows.Build.Appx.AppxSip.dll,version="0.0.0.0"" konnte nicht gefunden werden.

Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".
 

Error: (08/29/2017 11:47:24 AM) (Source: SideBySide) (EventID: 33) (User: )

Description: Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files (x86)\Windows Kits\10\bin\arm64\signtool.exe.Manifest".

Die abhängige Assemblierung "Microsoft.Windows.Build.Appx.AppxSip.dll,version="0.0.0.0"" konnte nicht gefunden werden.

Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".
 

Error: (08/28/2017 08:26:26 PM) (Source: SideBySide) (EventID: 33) (User: )

Description: Fehler beim Generieren des Aktivierungskontextes für "c:\program files (x86)\xoreax\incredibuild\TestCRT80.exe".

Die abhängige Assemblierung "Microsoft.VC80.ATL,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.4053"" konnte nicht gefunden werden.

Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".
 
 

Systemfehler:

=============

Error: (08/29/2017 11:42:19 AM) (Source: Service Control Manager) (EventID: 7000) (User: )

Description: Der Dienst "CldFlt" wurde aufgrund folgenden Fehlers nicht gestartet: 

Die Anforderung wird nicht unterstützt.
 

Error: (08/29/2017 11:41:56 AM) (Source: Microsoft-Windows-Kernel-Boot) (EventID: 29) (User: NT-AUTORITÄT)

Description: 32212256841198048
 

Error: (08/29/2017 11:42:20 AM) (Source: EventLog) (EventID: 6008) (User: )

Description: Das System wurde zuvor am ‎28.‎08.‎2017 um 20:10:59 unerwartet heruntergefahren.
 

Error: (08/28/2017 06:35:11 PM) (Source: Service Control Manager) (EventID: 7000) (User: )

Description: Der Dienst "CldFlt" wurde aufgrund folgenden Fehlers nicht gestartet: 

Die Anforderung wird nicht unterstützt.
 

Error: (08/28/2017 06:16:46 PM) (Source: Service Control Manager) (EventID: 7000) (User: )

Description: Der Dienst "CldFlt" wurde aufgrund folgenden Fehlers nicht gestartet: 

Die Anforderung wird nicht unterstützt.
 

Error: (08/28/2017 06:15:51 PM) (Source: Service Control Manager) (EventID: 7034) (User: )

Description: Dienst "Hyper-V-Hostserverdienst" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.
 

Error: (08/28/2017 06:15:51 PM) (Source: Service Control Manager) (EventID: 7031) (User: )

Description: Der Dienst "NVIDIA Telemetry Container" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 1000 Millisekunden durchgeführt: Neustart des Diensts.
 

Error: (08/28/2017 06:15:51 PM) (Source: Service Control Manager) (EventID: 7031) (User: )

Description: Der Dienst "NVIDIA LocalSystem Container" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 6000 Millisekunden durchgeführt: Neustart des Diensts.
 

Error: (08/28/2017 06:15:51 PM) (Source: Service Control Manager) (EventID: 7031) (User: )

Description: Der Dienst "Hyper-V-Verwaltung für virtuelle Computer" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 120000 Millisekunden durchgeführt: Neustart des Diensts.
 

Error: (08/28/2017 06:15:51 PM) (Source: Service Control Manager) (EventID: 7034) (User: )

Description: Dienst "SQL Server VSS Writer" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.
 
 

==================== Speicherinformationen =========================== 
 

Prozessor: Intel(R) Core(TM) i7-4790 CPU @ 3.60GHz

Prozentuale Nutzung des RAM: 32%

Installierter physikalischer RAM: 16318.38 MB

Verfügbarer physikalischer RAM: 11036.18 MB

Summe virtueller Speicher: 19262.38 MB

Verfügbarer virtueller Speicher: 13488.92 MB
 

==================== Laufwerke ================================
 

Drive c: () (Fixed) (Total:930.96 GB) (Free:797.47 GB) NTFS

Drive e: (D) (Fixed) (Total:931.51 GB) (Free:457.95 GB) NTFS
 

==================== MBR & Partitionstabelle ==================
 

========================================================

Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 1870D584)

Partition 1: (Not Active) - (Size=931.5 GB) - (Type=42)
 

========================================================

Disk: 1 (Size: 931.5 GB) (Disk ID: 00000000)
 

Partition: GPT.
 

==================== Ende von Addition.txt ============================

TDSS:

auch zu groß

https://pastebin.com/PPFH642N

Bitte auch noch die shortcut.txt, die hatte ich vergessen anzufordern.

Bitte schön und schönen abend noch

Shortcut:

Code:

Untersuchungsergebnis der Verknüpfungen des Benutzers (x64) Version: 20-08-2017

durchgeführt von ktown (29-08-2017 15:28:43)

Gestartet von C:\Users\ktown\Downloads\Mods

Start-Modus: Normal
 

==================== Verknüpfungen =============================
 

(Die Einträge können gelistet werden, um sie zurückzusetzen oder zu entfernen.)
 
 

Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu Places\01 - File Explorer.lnk -> C:\Windows\explorer.exe (Microsoft Corporation)

Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu Places\03 - Documents.lnk -> C:\Users\ktown\Documents ()

Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu Places\04 - Downloads.lnk -> C:\Users\ktown\Downloads ()

Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu Places\05 - Music.lnk -> C:\Users\ktown\Music ()

Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu Places\06 - Pictures.lnk -> C:\Users\ktown\Pictures ()

Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu Places\07 - Videos.lnk -> C:\Users\ktown\Videos ()

Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu Places\08 - Homegroup.lnk -> Microsoft.Windows.Homegroup

Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu Places\09 - Network.lnk -> Microsoft.Windows.Network

Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu Places\10 - UserProfile.lnk -> C:\Users\ktown ()

Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Blend for Visual Studio 2017.lnk -> C:\Program Files (x86)\Microsoft Visual Studio\2017\Enterprise\Common7\IDE\Blend.exe (Microsoft Corporation)

Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Blend für Visual Studio 2017.lnk -> C:\Program Files (x86)\Microsoft Visual Studio\2017\Enterprise\Common7\IDE\Blend.exe (Microsoft Corporation)

Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Epic Games Launcher.lnk -> C:\Program Files (x86)\Epic Games\Launcher\Portal\Binaries\Win32\EpicGamesLauncher.exe (Epic Games, Inc.)

Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)

Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Immersive Control Panel.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation)

Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MiracastView.lnk -> C:\Windows\MiracastView\MiracastView.exe (Microsoft Corporation)

Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PrintDialog.lnk -> C:\Windows\PrintDialog\PrintDialog.exe (Microsoft Corporation)

Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 12.lnk -> C:\Program Files (x86)\TeamViewer\TeamViewer.exe (TeamViewer GmbH)

Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Visual Studio 2017.lnk -> C:\Program Files (x86)\Microsoft Visual Studio\2017\Enterprise\Common7\IDE\devenv.exe (Microsoft Corporation)

Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Visual Studio Installer.lnk -> C:\Program Files (x86)\Microsoft Visual Studio\Installer\vs_installer.exe (Microsoft Corporation)

Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Xoreax IncrediBuild\Build History.lnk -> C:\Program Files (x86)\Xoreax\IncrediBuild\BuildHistory.exe (Xoreax Software Ltd.)

Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Xoreax IncrediBuild\Build Monitor.lnk -> C:\Program Files (x86)\Xoreax\IncrediBuild\BuildMonitor.exe (Xoreax Software Ltd.)

Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Xoreax IncrediBuild\IncrediBuild Agent Settings.lnk -> C:\Program Files (x86)\Xoreax\IncrediBuild\BuildSettings.exe (Xoreax Software Ltd.)

Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Xoreax IncrediBuild\IncrediBuild Agent Tray-Icon.lnk -> C:\Program Files (x86)\Xoreax\IncrediBuild\BuildTrayIcon.exe (Xoreax Software Ltd.)

Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Xoreax IncrediBuild\IncrediBuild Coordinator.lnk -> C:\Program Files (x86)\Xoreax\IncrediBuild\CoordMonitor.exe (Xoreax Software Ltd.)

Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Xoreax IncrediBuild\Release Notes.lnk -> C:\Program Files (x86)\Xoreax\IncrediBuild\Readme.htm ()

Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Xoreax IncrediBuild\Test Network Connectivity.lnk -> C:\Program Files (x86)\Xoreax\IncrediBuild\NetworkTest.exe (Xoreax Software Ltd.)

Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Xoreax IncrediBuild\User Manual.lnk -> C:\Program Files (x86)\Xoreax\IncrediBuild\IncrediBuild.chm ()

Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Xamarin Workbooks\Xamarin Workbooks.lnk -> C:\Windows\Installer\{4C9771FB-6EB6-4E89-A2BE-BDE8B61C1BEC}\xamarininspector.ico ()

Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Xamarin Profiler\Xamarin Profiler.lnk -> C:\Program Files (x86)\Xamarin\Profiler\XamarinProfiler.exe (Xamarin)

Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR\Benutzerhandbuch für die Konsolenversion von RAR.lnk -> C:\Program Files\WinRAR\Rar.txt ()

Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR\Hilfe zu WinRAR.lnk -> C:\Program Files\WinRAR\WinRAR.chm ()

Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR\Was ist neu in dieser Version.lnk -> C:\Program Files\WinRAR\WhatsNew.txt ()

Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR\WinRAR.lnk -> C:\Program Files\WinRAR\WinRAR.exe (Alexander Roshal)

Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Kits\Windows Software Development Kit\Documentation for Desktop Apps.lnk -> C:\Program Files (x86)\Windows Kits\10\Shortcuts\DesktopDevCenterLearn.url ()

Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Kits\Windows Software Development Kit\Documentation for Windows Store Apps.lnk -> C:\Program Files (x86)\Windows Kits\10\Shortcuts\WindowsStoreAppDevCenterLearn.url ()

Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Kits\Windows Software Development Kit\Samples for Desktop Apps.lnk -> C:\Program Files (x86)\Windows Kits\10\Shortcuts\DesktopDevCenterSamples.url ()

Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Kits\Windows Software Development Kit\Samples for Windows Store Apps.lnk -> C:\Program Files (x86)\Windows Kits\10\Shortcuts\WindowsStoreAppDevCenterSamples.url ()

Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Kits\Windows Software Development Kit\Tools for Desktop Apps.lnk -> C:\Program Files (x86)\Windows Kits\10\Shortcuts\DesktopDevCenterToolsDocumentation.url ()

Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Kits\Windows Software Development Kit\Tools for Windows Store Apps.lnk -> C:\Program Files (x86)\Windows Kits\10\Shortcuts\WindowsStoreAppDevCenterToolsDocumentation.url ()

Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Kits\Windows App Certification Kit\Windows App Cert Kit.lnk -> C:\Program Files (x86)\Windows Kits\10\App Certification Kit\appcertui.exe (Microsoft Corporation)

Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Kits\Application Verifier (X86)\Application Verifier (WOW).lnk -> C:\Windows\SysWOW64\appverif.exe (Microsoft Corporation)

Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Kits\Application Verifier (X64)\Application Verifier (X64).lnk -> C:\Windows\System32\appverif.exe (Microsoft Corporation)

Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Kits\Application Verifier (X64)\Application Verifier Help.lnk -> C:\Windows\System32\appverif.chm ()

Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Visual Studio 2017\Microsoft Feedback Client 2017.lnk -> C:\Program Files (x86)\Microsoft Visual Studio\2017\Enterprise\Common7\IDE\mfbclient.exe (Microsoft Corporation)

Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Visual Studio 2017\Microsoft Test Manager 2017.lnk -> C:\Program Files (x86)\Microsoft Visual Studio\2017\Enterprise\Common7\IDE\mtm.exe (Microsoft Corporation)

Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Visual Studio 2017\Microsoft Visual Studio SDK\Dokumentation für das Microsoft Visual Studio 2017-SDK.lnk -> hxxps:\go.microsoft.com\fwlink\

Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Visual Studio 2017\Microsoft Visual Studio SDK\Download Visual Studio Modeling SDK.lnk -> hxxps:\go.microsoft.com\fwlink\

Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Visual Studio 2017\Microsoft Visual Studio SDK\Erste Schritte mit dem Microsoft Visual Studio 2017-SDK.lnk -> hxxps:\go.microsoft.com\fwlink\

Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Visual Studio 2017\Microsoft Visual Studio SDK\Getting Started with the Microsoft Visual Studio 2017 SDK.lnk -> hxxps:\go.microsoft.com\fwlink\

Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Visual Studio 2017\Microsoft Visual Studio SDK\Microsoft Visual Studio 2017 SDK Documentation.lnk -> hxxps:\go.microsoft.com\fwlink\

Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Visual Studio 2017\Microsoft Visual Studio SDK\Visual Studio Gallery.lnk -> hxxps:\go.microsoft.com\fwlink\

Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Visual Studio 2017\Microsoft Visual Studio SDK\Visual Studio-Modellierungs-SDK herunterladen.lnk -> hxxps:\go.microsoft.com\fwlink\

Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Visual Studio 2017\Microsoft Visual Studio SDK\VSX Developer Center.lnk -> hxxps:\go.microsoft.com\fwlink\

Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Visual Studio 2017\Microsoft Visual Studio SDK\VSX Samples on Code Gallery.lnk -> hxxps:\go.microsoft.com\fwlink\

Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Visual Studio 2017\Microsoft Visual Studio SDK\VSX-Beispiele in der Codegalerie.lnk -> hxxps:\go.microsoft.com\fwlink\

Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN\Documentation.lnk -> C:\Program Files\VideoLAN\VLC\Documentation.url ()

Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN\Release Notes.lnk -> C:\Program Files\VideoLAN\VLC\NEWS.txt ()

Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN\VideoLAN Website.lnk -> C:\Program Files\VideoLAN\VLC\VideoLAN Website.url ()

Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN\VLC media player.lnk -> C:\Program Files\VideoLAN\VLC\vlc.exe (VideoLAN)

Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Unity 5.4.0f3 (64-bit)\Report a Problem with Unity.lnk -> C:\Program Files\Unity\Editor\BugReporter\unity.bugreporter.exe (Unity Technologies ApS)

Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Unity 5.4.0f3 (64-bit)\Unity Documentation.lnk -> C:\Program Files\Unity\Editor\Data\Documentation\en\Manual\index.html (Keine Datei)

Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Unity 5.4.0f3 (64-bit)\Unity.lnk -> C:\Program Files\Unity\Editor\Unity.exe (Unity Technologies ApS)

Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SCE\PlayStation(R)3\Developer Tools\Debugger.lnk -> C:\Program Files (x86)\SN Systems\PS3\bin\ps3debugger.exe (SN Systems Ltd.)

Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SCE\PlayStation(R)3\Developer Tools\Target Manager.lnk -> C:\Program Files (x86)\SN Systems\PS3\bin\ps3tm.exe (SN Systems Ltd.)

Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SCE\PlayStation(R)3\Developer Tools\Examples\Debugger\Visual Studio 2010\OML.lnk -> C:\Program Files (x86)\SN Systems\PS3\examples\Tutorial\OML\OMLTutorial_vs2010.sln ()

Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SCE\PlayStation(R)3\Developer Tools\Examples\Debugger\Visual Studio 2010\RawSpuModules.lnk -> C:\Program Files (x86)\SN Systems\PS3\examples\RawSpuModules\RawSpuModules_vs2010.sln ()

Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SCE\PlayStation(R)3\Developer Tools\Examples\Debugger\Visual Studio 2010\ThreadedSpuModules.lnk -> C:\Program Files (x86)\SN Systems\PS3\examples\ThreadedSPUModules\ThreadedSpuModules_vs2010.sln ()

Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SCE\PlayStation(R)3\Developer Tools\Examples\Debugger\Visual Studio 2010\TTYEcho.lnk -> C:\Program Files (x86)\SN Systems\PS3\examples\TTY\TTYEcho\Echo_vs2010.sln ()

Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SCE\PlayStation(R)3\Developer Tools\Examples\Debugger\Visual Studio 2010\SPURS\Job2Hello.lnk -> C:\Program Files (x86)\SN Systems\PS3\examples\SPURS\job2_hello\job2_hello_vs2010.sln ()

Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SCE\PlayStation(R)3\Developer Tools\Examples\Debugger\Visual Studio 2010\SPURS\PolicyModule.lnk -> C:\Program Files (x86)\SN Systems\PS3\examples\SPURS\policy_module\policy_module_vs2010.sln ()

Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SCE\PlayStation(R)3\Developer Tools\Examples\Debugger\Visual Studio 2010\SPURS\TaskHello.lnk -> C:\Program Files (x86)\SN Systems\PS3\examples\SPURS\task_hello\task_hello_vs2010.sln ()

Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SCE\PlayStation(R)3\Developer Tools\Examples\Debugger\Visual Studio 2008\OML.lnk -> C:\Program Files (x86)\SN Systems\PS3\examples\Tutorial\OML\OMLTutorial_vs2008.sln ()

Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SCE\PlayStation(R)3\Developer Tools\Examples\Debugger\Visual Studio 2008\RawSpuModules.lnk -> C:\Program Files (x86)\SN Systems\PS3\examples\RawSpuModules\RawSpuModules_vs2008.sln ()

Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SCE\PlayStation(R)3\Developer Tools\Examples\Debugger\Visual Studio 2008\ThreadedSpuModules.lnk -> C:\Program Files (x86)\SN Systems\PS3\examples\ThreadedSPUModules\ThreadedSpuModules_vs2008.sln ()

Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SCE\PlayStation(R)3\Developer Tools\Examples\Debugger\Visual Studio 2008\TTYEcho.lnk -> C:\Program Files (x86)\SN Systems\PS3\examples\TTY\TTYEcho\Echo_vs2008.sln ()

Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SCE\PlayStation(R)3\Developer Tools\Examples\Debugger\Visual Studio 2008\SPURS\Job2Hello.lnk -> C:\Program Files (x86)\SN Systems\PS3\examples\SPURS\job2_hello\job2_hello_vs2008.sln ()

Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SCE\PlayStation(R)3\Developer Tools\Examples\Debugger\Visual Studio 2008\SPURS\PolicyModule.lnk -> C:\Program Files (x86)\SN Systems\PS3\examples\SPURS\policy_module\policy_module_vs2008.sln ()

Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SCE\PlayStation(R)3\Developer Tools\Examples\Debugger\Visual Studio 2008\SPURS\TaskHello.lnk -> C:\Program Files (x86)\SN Systems\PS3\examples\SPURS\task_hello\task_hello_vs2008.sln ()

Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SCE\PlayStation(R)3\Developer Tools\Documentation\Japanese\HTML Help.lnk -> C:\Program Files (x86)\SN Systems\PS3\help\Table of Contents-J.chm ()

Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SCE\PlayStation(R)3\Developer Tools\Documentation\Japanese\Release Note - Debugger.lnk -> C:\Program Files (x86)\SN Systems\PS3\help\Debugger_PS3_ReleaseNotes-J.htm ()

Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SCE\PlayStation(R)3\Developer Tools\Documentation\Japanese\Release Note - Target Manager.lnk -> C:\Program Files (x86)\SN Systems\PS3\help\TM_PS3_ReleaseNotes-J.htm ()

Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SCE\PlayStation(R)3\Developer Tools\Documentation\Japanese\User Guide - Debugger.lnk -> C:\Program Files (x86)\SN Systems\PS3\help\ProDG_PS3_Debugger-J.pdf ()

Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SCE\PlayStation(R)3\Developer Tools\Documentation\Japanese\User Guide - Target Manager.lnk -> C:\Program Files (x86)\SN Systems\PS3\help\TM_PS3-J.pdf ()

Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SCE\PlayStation(R)3\Developer Tools\Documentation\Japanese\What's New - Debugger.lnk -> C:\Program Files (x86)\SN Systems\PS3\help\ProDG_PS3_Debugger_WhatsNew-J.pdf ()

Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SCE\PlayStation(R)3\Developer Tools\Documentation\Japanese\What's New - Target Manager.lnk -> C:\Program Files (x86)\SN Systems\PS3\help\TM_PS3_WhatsNew-J.pdf ()

Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SCE\PlayStation(R)3\Developer Tools\Documentation\English\HTML Help.lnk -> C:\Program Files (x86)\SN Systems\PS3\help\Table of Contents-E.chm ()

Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SCE\PlayStation(R)3\Developer Tools\Documentation\English\Release Note - Debugger.lnk -> C:\Program Files (x86)\SN Systems\PS3\help\Debugger_PS3_ReleaseNotes-E.htm ()

Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SCE\PlayStation(R)3\Developer Tools\Documentation\English\Release Note - Target Manager.lnk -> C:\Program Files (x86)\SN Systems\PS3\help\TM_PS3_ReleaseNotes-E.htm ()

Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SCE\PlayStation(R)3\Developer Tools\Documentation\English\TMAPI - Reference.lnk -> C:\Program Files (x86)\SN Systems\PS3\help\TMAPI-E.pdf ()

Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SCE\PlayStation(R)3\Developer Tools\Documentation\English\User Guide - Debugger.lnk -> C:\Program Files (x86)\SN Systems\PS3\help\ProDG_PS3_Debugger-E.pdf ()

Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SCE\PlayStation(R)3\Developer Tools\Documentation\English\User Guide - Target Manager.lnk -> C:\Program Files (x86)\SN Systems\PS3\help\TM_PS3-E.pdf ()

Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SCE\PlayStation(R)3\Developer Tools\Documentation\English\What's New - Debugger.lnk -> C:\Program Files (x86)\SN Systems\PS3\help\ProDG_PS3_Debugger_WhatsNew-E.pdf ()

Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SCE\PlayStation(R)3\Developer Tools\Documentation\English\What's New - Target Manager.lnk -> C:\Program Files (x86)\SN Systems\PS3\help\TM_PS3_WhatsNew-E.pdf ()

Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation\GeForce Experience.lnk -> C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA GeForce Experience.exe (NVIDIA Corporation)

Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation\3D Vision\3D Vision Photo Viewer.lnk -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvstview.exe (NVIDIA Corporation)

Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Notepad++\Notepad++.lnk -> C:\Program Files (x86)\Notepad++\notepad++.exe (Don HO don.h@free.fr)

Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Expression\Microsoft Expression Blend SDK\Expression Blend SDK Documentation.lnk -> C:\Program Files (x86)\Microsoft SDKs\Expression\Blend\.NETFramework\v4.0\Help\de\.NETFramework40BlendSDK.chm ()

Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Azure\Storage Emulator\Microsoft Azure Storage Emulator - v5.1.lnk -> C:\Windows\Installer\{B3C44E2A-BC4A-48D9-9AEF-6223C8775B7C}\AzureStorageEmulator.exe (Microsoft Azure)

Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Azure\Microsoft Azure SDK for .NET\v2.9\Documentation.lnk -> C:\Windows\Installer\{086C537B-DE1A-4A11-8441-6AAF076174B8}\HLPIcon.exe ()

Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Azure\Microsoft Azure SDK for .NET\v2.9\Microsoft Azure HPC Scheduler SDK Content.lnk -> C:\Windows\Installer\{086C537B-DE1A-4A11-8441-6AAF076174B8}\WAIcon.exe ()

Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Azure\Microsoft Azure SDK for .NET\v2.9\Release Notes.lnk -> C:\Windows\Installer\{086C537B-DE1A-4A11-8441-6AAF076174B8}\RELNIcon.exe ()

Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Azure\Microsoft Azure SDK for .NET\v2.9\Samples.lnk -> C:\Windows\Installer\{086C537B-DE1A-4A11-8441-6AAF076174B8}\WAIcon.exe ()

Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes\Malwarebytes.lnk -> C:\Program Files\Malwarebytes\Anti-Malware\mbam.exe (Malwarebytes)

Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lightshot\Lightshot entfernen.lnk -> C:\Program Files (x86)\Skillbrains\lightshot\unins000.exe ()

Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lightshot\Lightshot.lnk -> C:\Program Files (x86)\Skillbrains\lightshot\Lightshot.exe ()

Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java Development Kit\Java Mission Control.lnk -> C:\Program Files\Java\jdk1.8.0_131\bin\jmc.exe ()

Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Git\Git GUI.lnk -> C:\Program Files\Git\cmd\git-gui.exe (The Git Development Community)

Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\G DATA INTERNET SECURITY\G DATA Bootmedium.lnk -> C:\Program Files (x86)\G DATA\InternetSecurity\AVK\BootCDWizard.exe (G DATA Software AG)

Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\G DATA INTERNET SECURITY\G DATA INTERNET SECURITY.lnk -> C:\Program Files (x86)\G DATA\InternetSecurity\GUI\GDSC.exe (G DATA Software AG)

Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DevExpress 17.1\Demo Center 17.1.lnk -> C:\Users\Public\Documents\DevExpress Demos 17.1\Components\Components\Bin\DevExpress.DemoCenter.v17.1.exe (Developer Express Inc.)

Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DevExpress 17.1\Demo Source Code.lnk -> C:\Users\Public\Documents\DevExpress Demos 17.1\DevExtreme ()

Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DevExpress 17.1\DevExtreme Demos 17.1.lnk -> C:\Users\Public\Documents\DevExpress Demos 17.1\DevExtreme\DevExtreme\Bin\DemoLauncher.v17.1.exe (Developer Express Inc.)

Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DevExpress 17.1\Project Converter 17.1.lnk -> C:\Program Files (x86)\DevExpress 17.1\Components\Tools\Components\ProjectConverter.exe ()

Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ControlConsole API\ControlConsole API.lnk -> C:\Program Files (x86)\ControlConsoleAPI\CCAPIConsoleManager.exe (Enstone)

Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CocosCreator\CocosCreator.exe.lnk -> C:\CocosCreator\CocosCreator.exe (Chukong Technologies, Inc.)

Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Android SDK Tools\AVD Manager.lnk -> C:\Program Files (x86)\Android\android-sdk\AVD Manager.exe ()

Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Android SDK Tools\SDK Manager.lnk -> C:\Program Files (x86)\Android\android-sdk\SDK Manager.exe ()

Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Android SDK Tools\Uninstall Android SDK Tools.lnk -> C:\Program Files (x86)\Android\android-sdk\uninstall.exe (Google Inc.)

Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Component Services.lnk -> C:\Windows\System32\comexp.msc ()

Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\dfrgui.lnk -> C:\Windows\System32\dfrgui.exe (Microsoft Corporation)

Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Disk Cleanup.lnk -> C:\Windows\System32\cleanmgr.exe (Microsoft Corporation)

Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\iSCSI Initiator.lnk -> C:\Windows\System32\iscsicpl.exe (Microsoft Corporation)

Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Memory Diagnostics Tool.lnk -> C:\Windows\System32\MdSched.exe (Microsoft Corporation)

Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\ODBC Data Sources (32-bit).lnk -> C:\Windows\SysWOW64\odbcad32.exe (Microsoft Corporation)

Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\ODBC Data Sources (64-bit).lnk -> C:\Windows\System32\odbcad32.exe (Microsoft Corporation)

Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Print Management.lnk -> C:\Windows\System32\printmanagement.msc ()

Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk -> C:\Windows\System32\services.msc ()

Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\System Configuration.lnk -> C:\Windows\System32\msconfig.exe (Microsoft Corporation)

Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\System Information.lnk -> C:\Windows\System32\msinfo32.exe (Microsoft Corporation)

Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Windows Firewall with Advanced Security.lnk -> C:\Windows\System32\WF.msc ()

Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Math Input Panel.lnk -> C:\Program Files\Common Files\Microsoft Shared\ink\mip.exe (Microsoft Corporation)

Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Paint.lnk -> C:\Windows\System32\mspaint.exe (Microsoft Corporation)

Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Quick Assist.lnk -> C:\Windows\System32\quickassist.exe (Microsoft Corporation)

Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Remote Desktop Connection.lnk -> C:\Windows\System32\mstsc.exe (Microsoft Corporation)

Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Snipping Tool.lnk -> C:\Windows\System32\SnippingTool.exe (Microsoft Corporation)

Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Steps Recorder.lnk -> C:\Windows\System32\psr.exe (Microsoft Corporation)

Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows Fax and Scan.lnk -> C:\Windows\System32\WFS.exe (Microsoft Corporation)

Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Wordpad.lnk -> C:\Program Files\Windows NT\Accessories\wordpad.exe (Microsoft Corporation)

Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\XPS Viewer.lnk -> C:\Windows\System32\xpsrchvw.exe (Microsoft Corporation)

Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Character Map.lnk -> C:\Windows\System32\charmap.exe (Microsoft Corporation)

Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell (x86).lnk -> C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe (Microsoft Corporation)

Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell ISE (x86).lnk -> C:\Windows\SysWOW64\WindowsPowerShell\v1.0\PowerShell_ISE.exe (Microsoft Corporation)

Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell ISE.lnk -> C:\Windows\System32\WindowsPowerShell\v1.0\PowerShell_ISE.exe (Microsoft Corporation)

Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell.lnk -> C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe (Microsoft Corporation)

Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Command Prompt.lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation)

Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\computer.lnk -> C:\Windows\explorer.exe,-30

Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Control Panel.lnk -> C:\Windows\System32\imageres.dll (Microsoft Corporation)

Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\File Explorer.lnk -> C:\Windows\explorer.exe (Microsoft Corporation)

Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Run.lnk -> C:\Windows\System32\shell32.dll (Microsoft Corporation)

Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Notepad.lnk -> C:\Windows\System32\notepad.exe (Microsoft Corporation)

Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\Magnify.lnk -> C:\Windows\System32\Magnify.exe (Microsoft Corporation)

Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\Narrator.lnk -> C:\Windows\System32\Narrator.exe (Microsoft Corporation)

Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\On-Screen Keyboard.lnk -> C:\Windows\System32\osk.exe (Microsoft Corporation)

Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -> C:\Windows\System32\imageres.dll (Microsoft Corporation)

Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -> C:\Windows\explorer.exe (Microsoft Corporation)

Shortcut: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\01 - Command Prompt.lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation)

Shortcut: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\01a - Windows PowerShell.lnk -> C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe (Microsoft Corporation)

Shortcut: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\02 - Command Prompt.lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation)

Shortcut: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\02a - Windows PowerShell.lnk -> C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe (Microsoft Corporation)

Shortcut: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\03 - Computer Management.lnk -> C:\Windows\System32\compmgmt.msc ()

Shortcut: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\04 - Disk Management.lnk -> C:\Windows\System32\diskmgmt.msc ()

Shortcut: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\07 - Event Viewer.lnk -> C:\Windows\System32\eventvwr.exe (Microsoft Corporation)

Shortcut: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\09 - Mobility Center.lnk -> C:\Windows\System32\mblctr.exe (Microsoft Corporation)

Shortcut: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group2\4 - Control Panel.lnk -> C:\Windows\ImmersiveControlPanel\systemsettings.exe (Microsoft Corporation)

Shortcut: C:\Users\ktown\Links\Desktop.lnk -> C:\Users\ktown\Desktop ()

Shortcut: C:\Users\ktown\Links\Downloads.lnk -> C:\Users\ktown\Downloads ()

Shortcut: C:\Users\ktown\Links\OneDrive.lnk -> C:\Users\ktown\OneDrive ()

Shortcut: C:\Users\ktown\Desktop\Autoruns64.lnk -> C:\Program Files\Auto1371runs\Autoruns64.exe (Sysinternals - www.sysinternals.com)

Shortcut: C:\Users\ktown\Desktop\GitHub Desktop.lnk -> C:\Users\ktown\AppData\Local\GitHubDesktop\GitHubDesktop.exe (GitHub, Inc.)

Shortcut: C:\Users\ktown\Desktop\MEGAsync.lnk -> C:\Users\ktown\AppData\Local\MEGAsync\MEGAsync.exe (Mega Limited)

Shortcut: C:\Users\ktown\Desktop\Nox.lnk -> C:\Program Files (x86)\Nox\bin\Nox.exe (Duodian Technology Co. Ltd.)

Shortcut: C:\Users\ktown\Desktop\ps3tm.lnk -> C:\Program Files (x86)\SN Systems\PS3\bin\ps3tm.exe (SN Systems Ltd.)

Shortcut: C:\Users\ktown\Desktop\VirusTotal Uploader 2.2.lnk -> C:\Program Files (x86)\VirusTotalUploader2\VirusTotalUploader2.2.exe ()

Shortcut: C:\Users\ktown\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk -> C:\Users\ktown\AppData\Local\Microsoft\OneDrive\OneDrive.exe (Microsoft Corporation)

Shortcut: C:\Users\ktown\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR\Benutzerhandbuch für die Konsolenversion von RAR.lnk -> C:\Program Files\WinRAR\Rar.txt ()

Shortcut: C:\Users\ktown\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR\Hilfe zu WinRAR.lnk -> C:\Program Files\WinRAR\WinRAR.chm ()

Shortcut: C:\Users\ktown\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR\Was ist neu in dieser Version.lnk -> C:\Program Files\WinRAR\WhatsNew.txt ()

Shortcut: C:\Users\ktown\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR\WinRAR.lnk -> C:\Program Files\WinRAR\WinRAR.exe (Alexander Roshal)

Shortcut: C:\Users\ktown\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell (x86).lnk -> C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe (Microsoft Corporation)

Shortcut: C:\Users\ktown\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell ISE (x86).lnk -> C:\Windows\SysWOW64\WindowsPowerShell\v1.0\PowerShell_ISE.exe (Microsoft Corporation)

Shortcut: C:\Users\ktown\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell ISE.lnk -> C:\Windows\System32\WindowsPowerShell\v1.0\PowerShell_ISE.exe (Microsoft Corporation)

Shortcut: C:\Users\ktown\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell.lnk -> C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe (Microsoft Corporation)

Shortcut: C:\Users\ktown\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VirusTotal Uploader 2.2\Uninstall.lnk -> C:\Program Files (x86)\VirusTotalUploader2\uninstall.exe ()

Shortcut: C:\Users\ktown\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VirusTotal Uploader 2.2\VirusTotal Uploader 2.2.lnk -> C:\Program Files (x86)\VirusTotalUploader2\VirusTotalUploader2.2.exe ()

Shortcut: C:\Users\ktown\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Command Prompt.lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation)

Shortcut: C:\Users\ktown\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\computer.lnk -> C:\Windows\explorer.exe,-30

Shortcut: C:\Users\ktown\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Control Panel.lnk -> C:\Windows\System32\imageres.dll (Microsoft Corporation)

Shortcut: C:\Users\ktown\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\File Explorer.lnk -> C:\Windows\explorer.exe (Microsoft Corporation)

Shortcut: C:\Users\ktown\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Run.lnk -> C:\Windows\System32\shell32.dll (Microsoft Corporation)

Shortcut: C:\Users\ktown\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MEGAsync.lnk -> C:\Users\ktown\AppData\Local\MEGAsync\MEGAsync.exe (Mega Limited)

Shortcut: C:\Users\ktown\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\AutorunsDisabled\MEGAsync.lnk -> C:\Users\ktown\AppData\Local\MEGAsync\MEGAsync.exe (Mega Limited)

Shortcut: C:\Users\ktown\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft Visual Studio 2017 Tools for Unity\EULA.lnk -> C:\Program Files (x86)\Microsoft Visual Studio Tools for Unity\15.0\EULA.rtf ()

Shortcut: C:\Users\ktown\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft Visual Studio 2017 Tools for Unity\Visual Studio 2017 Tools for Unity Package.lnk -> C:\Program Files (x86)\Microsoft Visual Studio Tools for Unity\15.0\Visual Studio 2017 Tools.unitypackage ()

Shortcut: C:\Users\ktown\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MEGAsync\MEGA Website.lnk -> C:\Users\ktown\AppData\Local\MEGAsync\MEGA Website.url ()

Shortcut: C:\Users\ktown\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MEGAsync\MEGAsync.lnk -> C:\Users\ktown\AppData\Local\MEGAsync\MEGAsync.exe (Mega Limited)

Shortcut: C:\Users\ktown\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MEGAsync\Uninstall.lnk -> C:\Users\ktown\AppData\Local\MEGAsync\uninst.exe (MEGA Limited)

Shortcut: C:\Users\ktown\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\JDownloader\JDownloader 2 Deinstallationsprogramm.lnk -> C:\Users\ktown\AppData\Local\JDownloader 2.0\Uninstall JDownloader.exe (AppWork GmbH)

Shortcut: C:\Users\ktown\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\JDownloader\JDownloader 2 Update & Rescue.lnk -> C:\Users\ktown\AppData\Local\JDownloader 2.0\JDownloader2Update.exe (AppWork GmbH)

Shortcut: C:\Users\ktown\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\JDownloader\JDownloader 2.lnk -> C:\Users\ktown\AppData\Local\JDownloader 2.0\JDownloader2.exe (AppWork GmbH)

Shortcut: C:\Users\ktown\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\GitHub, Inc\GitHub Desktop.lnk -> C:\Users\ktown\AppData\Local\GitHubDesktop\GitHubDesktop.exe (GitHub, Inc.)

Shortcut: C:\Users\ktown\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Internet Explorer.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)

Shortcut: C:\Users\ktown\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Notepad.lnk -> C:\Windows\System32\notepad.exe (Microsoft Corporation)

Shortcut: C:\Users\ktown\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\Magnify.lnk -> C:\Windows\System32\Magnify.exe (Microsoft Corporation)

Shortcut: C:\Users\ktown\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\Narrator.lnk -> C:\Windows\System32\Narrator.exe (Microsoft Corporation)

Shortcut: C:\Users\ktown\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\On-Screen Keyboard.lnk -> C:\Windows\System32\osk.exe (Microsoft Corporation)

Shortcut: C:\Users\ktown\AppData\Roaming\Microsoft\Windows\Start Menu\Nox\Nox.lnk -> C:\Program Files (x86)\Nox\bin\Nox.exe (Duodian Technology Co. Ltd.)

Shortcut: C:\Users\ktown\AppData\Roaming\Microsoft\Windows\Start Menu\Nox\Nox_unload.lnk -> C:\Program Files (x86)\Nox\bin\Nox_unload.exe (Duodian Technology Co. Ltd.)

Shortcut: C:\Users\ktown\AppData\Roaming\Microsoft\Windows\SendTo\Bluetooth-Dateiübertragung.LNK -> C:\Windows\System32\fsquirt.exe (Microsoft Corporation)

Shortcut: C:\Users\ktown\AppData\Roaming\Microsoft\Windows\SendTo\VirusTotal.lnk -> C:\Program Files (x86)\VirusTotalUploader2\VirusTotalUploader2.2.exe ()

Shortcut: C:\Users\ktown\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)

Shortcut: C:\Users\ktown\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\JDownloader 2.lnk -> C:\Users\ktown\AppData\Local\JDownloader 2.0\JDownloader2.exe (AppWork GmbH)

Shortcut: C:\Users\ktown\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -> C:\Windows\System32\imageres.dll (Microsoft Corporation)

Shortcut: C:\Users\ktown\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -> C:\Windows\explorer.exe (Microsoft Corporation)

Shortcut: C:\Users\ktown\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\File Explorer.lnk -> C:\Windows\explorer.exe (Microsoft Corporation)

Shortcut: C:\Users\ktown\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)

Shortcut: C:\Users\ktown\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Visual Studio 2017.lnk -> C:\Program Files (x86)\Microsoft Visual Studio\2017\Enterprise\Common7\IDE\devenv.exe (Microsoft Corporation)

Shortcut: C:\Users\ktown\AppData\Local\Microsoft\Windows\WinX\Group3\01 - Command Prompt.lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation)

Shortcut: C:\Users\ktown\AppData\Local\Microsoft\Windows\WinX\Group3\01a - Windows PowerShell.lnk -> C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe (Microsoft Corporation)

Shortcut: C:\Users\ktown\AppData\Local\Microsoft\Windows\WinX\Group3\02 - Command Prompt.lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation)

Shortcut: C:\Users\ktown\AppData\Local\Microsoft\Windows\WinX\Group3\02a - Windows PowerShell.lnk -> C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe (Microsoft Corporation)

Shortcut: C:\Users\ktown\AppData\Local\Microsoft\Windows\WinX\Group3\03 - Computer Management.lnk -> C:\Windows\System32\compmgmt.msc ()

Shortcut: C:\Users\ktown\AppData\Local\Microsoft\Windows\WinX\Group3\04 - Disk Management.lnk -> C:\Windows\System32\diskmgmt.msc ()

Shortcut: C:\Users\ktown\AppData\Local\Microsoft\Windows\WinX\Group3\07 - Event Viewer.lnk -> C:\Windows\System32\eventvwr.exe (Microsoft Corporation)

Shortcut: C:\Users\ktown\AppData\Local\Microsoft\Windows\WinX\Group3\09 - Mobility Center.lnk -> C:\Windows\System32\mblctr.exe (Microsoft Corporation)

Shortcut: C:\Users\ktown\AppData\Local\Microsoft\Windows\WinX\Group2\4 - Control Panel.lnk -> C:\Windows\ImmersiveControlPanel\systemsettings.exe (Microsoft Corporation)

Shortcut: C:\Users\Public\Desktop\CocosCreator.exe.lnk -> C:\CocosCreator\CocosCreator.exe (Chukong Technologies, Inc.)

Shortcut: C:\Users\Public\Desktop\ControlConsole API.lnk -> C:\Program Files (x86)\ControlConsoleAPI\CCAPIConsoleManager.exe (Enstone)

Shortcut: C:\Users\Public\Desktop\Epic Games Launcher.lnk -> C:\Program Files (x86)\Epic Games\Launcher\Portal\Binaries\Win32\EpicGamesLauncher.exe (Epic Games, Inc.)

Shortcut: C:\Users\Public\Desktop\G DATA INTERNET SECURITY.lnk -> C:\Program Files (x86)\G DATA\InternetSecurity\GUI\GDSC.exe (G DATA Software AG)

Shortcut: C:\Users\Public\Desktop\GeForce Experience.lnk -> C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA GeForce Experience.exe (NVIDIA Corporation)

Shortcut: C:\Users\Public\Desktop\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)

Shortcut: C:\Users\Public\Desktop\Malwarebytes.lnk -> C:\Program Files\Malwarebytes\Anti-Malware\mbam.exe (Malwarebytes)

Shortcut: C:\Users\Public\Desktop\TeamViewer 12.lnk -> C:\Program Files (x86)\TeamViewer\TeamViewer.exe (TeamViewer GmbH)

Shortcut: C:\Users\Public\Desktop\Unity 5.4.0f3 (64-bit).lnk -> C:\Program Files\Unity\Editor\Unity.exe (Unity Technologies ApS)

Shortcut: C:\Users\Public\Desktop\VLC media player.lnk -> C:\Program Files\VideoLAN\VLC\vlc.exe (VideoLAN)
 
 

ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Visual Studio 2017\Visual Studio Tools\Developer Command Prompt for VS 2017.lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation) -> /k "C:\Program Files (x86)\Microsoft Visual Studio\2017\Enterprise\Common7\Tools\VsDevCmd.bat"

ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Visual Studio 2017\Visual Studio Tools\Developer-Eingabeaufforderung für VS 2017.lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation) -> /k "C:\Program Files (x86)\Microsoft Visual Studio\2017\Enterprise\Common7\Tools\VsDevCmd.bat"

ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Visual Studio 2017\Visual Studio Tools\VC\x64 Native Tools Command Prompt for VS 2017.lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation) -> /k "C:\Program Files (x86)\Microsoft Visual Studio\2017\Enterprise\VC\Auxiliary\Build\vcvars64.bat"

ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Visual Studio 2017\Visual Studio Tools\VC\x64 Native Tools-Eingabeaufforderung für VS 2017.lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation) -> /k "C:\Program Files (x86)\Microsoft Visual Studio\2017\Enterprise\VC\Auxiliary\Build\vcvars64.bat"

ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Visual Studio 2017\Visual Studio Tools\VC\x64_x86 Cross Tools Command Prompt for VS 2017.lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation) -> /k "C:\Program Files (x86)\Microsoft Visual Studio\2017\Enterprise\VC\Auxiliary\Build\vcvarsamd64_x86.bat"

ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Visual Studio 2017\Visual Studio Tools\VC\x64_x86 Cross Tools-Eingabeaufforderung für VS 2017.lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation) -> /k "C:\Program Files (x86)\Microsoft Visual Studio\2017\Enterprise\VC\Auxiliary\Build\vcvarsamd64_x86.bat"

ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Visual Studio 2017\Visual Studio Tools\VC\x86 Native Tools Command Prompt for VS 2017.lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation) -> /k "C:\Program Files (x86)\Microsoft Visual Studio\2017\Enterprise\VC\Auxiliary\Build\vcvars32.bat"

ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Visual Studio 2017\Visual Studio Tools\VC\x86 Native Tools-Eingabeaufforderung für VS 2017.lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation) -> /k "C:\Program Files (x86)\Microsoft Visual Studio\2017\Enterprise\VC\Auxiliary\Build\vcvars32.bat"

ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Visual Studio 2017\Visual Studio Tools\VC\x86_x64 Cross Tools Command Prompt for VS 2017.lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation) -> /k "C:\Program Files (x86)\Microsoft Visual Studio\2017\Enterprise\VC\Auxiliary\Build\vcvarsx86_amd64.bat"

ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Visual Studio 2017\Visual Studio Tools\VC\x86_x64-übergreifende Tools Eingabeaufforderung für VS 2017.lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation) -> /k "C:\Program Files (x86)\Microsoft Visual Studio\2017\Enterprise\VC\Auxiliary\Build\vcvarsx86_amd64.bat"

ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Visual Studio 2015\Visual Studio Tools\Windows Desktop Command Prompts\VS2015 x64 ARM Cross Tools Command Prompt.lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation) -> /k ""C:\Program Files (x86)\Microsoft Visual Studio 14.0\VC\vcvarsall.bat"" amd64_arm

ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Visual Studio 2015\Visual Studio Tools\Windows Desktop Command Prompts\VS2015 x64 ARM Cross Tools-Eingabeaufforderung.lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation) -> /k ""C:\Program Files (x86)\Microsoft Visual Studio 14.0\VC\vcvarsall.bat"" amd64_arm

ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Visual Studio 2015\Visual Studio Tools\Windows Desktop Command Prompts\VS2015 x64 Native Tools Command Prompt.lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation) -> /k ""C:\Program Files (x86)\Microsoft Visual Studio 14.0\VC\vcvarsall.bat"" amd64

ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Visual Studio 2015\Visual Studio Tools\Windows Desktop Command Prompts\VS2015 x64 Native Tools-Eingabeaufforderung.lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation) -> /k ""C:\Program Files (x86)\Microsoft Visual Studio 14.0\VC\vcvarsall.bat"" amd64

ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Visual Studio 2015\Visual Studio Tools\Windows Desktop Command Prompts\VS2015 x64 x86 Cross Tools Command Prompt.lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation) -> /k ""C:\Program Files (x86)\Microsoft Visual Studio 14.0\VC\vcvarsall.bat"" amd64_x86

ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Visual Studio 2015\Visual Studio Tools\Windows Desktop Command Prompts\VS2015 x64 x86 Cross Tools-Eingabeaufforderung.lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation) -> /k ""C:\Program Files (x86)\Microsoft Visual Studio 14.0\VC\vcvarsall.bat"" amd64_x86

ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Visual Studio 2015\Visual Studio Tools\Windows Desktop Command Prompts\VS2015 x86 ARM Cross Tools Command Prompt.lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation) -> /k ""C:\Program Files (x86)\Microsoft Visual Studio 14.0\VC\vcvarsall.bat"" x86_arm

ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Visual Studio 2015\Visual Studio Tools\Windows Desktop Command Prompts\VS2015 x86 ARM Cross Tools-Eingabeaufforderung.lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation) -> /k ""C:\Program Files (x86)\Microsoft Visual Studio 14.0\VC\vcvarsall.bat"" x86_arm

ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Visual Studio 2015\Visual Studio Tools\Windows Desktop Command Prompts\VS2015 x86 Native Tools Command Prompt.lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation) -> /k ""C:\Program Files (x86)\Microsoft Visual Studio 14.0\VC\vcvarsall.bat"" x86

ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Visual Studio 2015\Visual Studio Tools\Windows Desktop Command Prompts\VS2015 x86 Native Tools-Eingabeaufforderung.lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation) -> /k ""C:\Program Files (x86)\Microsoft Visual Studio 14.0\VC\vcvarsall.bat"" x86

ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Visual Studio 2015\Visual Studio Tools\Windows Desktop Command Prompts\VS2015 x86 x64 Cross Tools Command Prompt.lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation) -> /k ""C:\Program Files (x86)\Microsoft Visual Studio 14.0\VC\vcvarsall.bat"" x86_amd64

ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Visual Studio 2015\Visual Studio Tools\Windows Desktop Command Prompts\VS2015 x86 x64 Cross Tools-Eingabeaufforderung.lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation) -> /k ""C:\Program Files (x86)\Microsoft Visual Studio 14.0\VC\vcvarsall.bat"" x86_amd64
 
 

ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Visual Studio Emulator for Android.lnk -> C:\Program Files (x86)\Microsoft Emulator Manager\1.0\emulatormgr.exe (Microsoft Corporation) -> /sku:android

ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Xoreax IncrediBuild\Add Components.lnk -> C:\Program Files (x86)\Xoreax\IncrediBuild\install.exe (Xoreax Software Ltd.) -> /install

ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Xoreax IncrediBuild\Repair Installation.lnk -> C:\Program Files (x86)\Xoreax\IncrediBuild\install.exe (Xoreax Software Ltd.) -> /repair

ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Xoreax IncrediBuild\Uninstall.lnk -> C:\Program Files (x86)\Xoreax\IncrediBuild\install.exe (Xoreax Software Ltd.) -> /uninstall

ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Kits\Windows Software Development Kit\Windows Software Development Kit.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) -> "C:\Program Files (x86)\Windows Kits\10\"

ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Visual Studio 2017\Visual Studio Tools\Debuggable Package Manager.lnk -> C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe (Microsoft Corporation) -> -NoExit -Command "& { Import-Module Appx; Import-Module .\AppxDebug.dll; Show-AppxDebug}"

ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Visual Studio 2017\Visual Studio Tools\Manager für debugfähige Pakete.lnk -> C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe (Microsoft Corporation) -> -NoExit -Command "& { Import-Module Appx; Import-Module .\AppxDebug.dll; Show-AppxDebug}"

ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Visual Studio 2017\Microsoft Visual Studio SDK\Tools\Experimentelle Instanz von Visual Studio 2017 starten.lnk -> C:\Program Files (x86)\Microsoft Visual Studio\2017\Enterprise\Common7\IDE\devenv.exe (Microsoft Corporation) -> /rootSuffix Exp

ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Visual Studio 2017\Microsoft Visual Studio SDK\Tools\Experimentelle Visual Studio 2017-Instanz zurücksetzen.lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation) -> /C "C:\Program Files (x86)\Microsoft Visual Studio\2017\Enterprise\VSSDK\VisualStudioIntegration\Tools\Bin\CreateExpInstance.exe" /Reset /VSInstance=15.0_5dd36a87 /RootSuffix=Exp && PAUSE

ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Visual Studio 2017\Microsoft Visual Studio SDK\Tools\Reset the Visual Studio 2017 Experimental Instance.lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation) -> /C "C:\Program Files (x86)\Microsoft Visual Studio\2017\Enterprise\VSSDK\VisualStudioIntegration\Tools\Bin\CreateExpInstance.exe" /Reset /VSInstance=15.0_5dd36a87 /RootSuffix=Exp && PAUSE

ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Visual Studio 2017\Microsoft Visual Studio SDK\Tools\Start Experimental Instance of Visual Studio 2017.lnk -> C:\Program Files (x86)\Microsoft Visual Studio\2017\Enterprise\Common7\IDE\devenv.exe (Microsoft Corporation) -> /rootSuffix Exp

ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN\VLC media player - reset preferences and cache files.lnk -> C:\Program Files\VideoLAN\VLC\vlc.exe (VideoLAN) -> --reset-config --reset-plugins-cache vlc://quit

ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN\VLC media player skinned.lnk -> C:\Program Files\VideoLAN\VLC\vlc.exe (VideoLAN) -> -Iskins

ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\System Tools\Task Manager.lnk -> C:\Windows\System32\Taskmgr.exe (Microsoft Corporation) -> /7

ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation\3D Vision\3D Vision preview pack 1.lnk -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvstlink.exe (NVIDIA Corporation) -> /show

ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Azure\Microsoft Azure Storage command line.lnk -> C:\Windows\SysWOW64\cmd.exe (Microsoft Corporation) -> /T:1F /K cd /D "C:\Program Files (x86)\Microsoft SDKs\Azure\" & launchcmd.cmd

ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Azure\Microsoft Azure SDK for .NET\v2.9\Microsoft Azure Command Prompt - v2.9.lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation) -> /E:ON /V:ON /K "C:\Program Files\Microsoft SDKs\Azure\.NET SDK\v2.9\\bin\setenv.cmd"

ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Azure\Emulator\Microsoft Azure Compute Emulator - v2.9.lnk -> C:\Windows\Installer\{BB44C8F9-C555-45CF-B6DA-80131B139165}\DFIcon.exe () -> /devfabric:start

ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes\Uninstall Malwarebytes.lnk -> C:\Program Files\Malwarebytes\Anti-Malware\unins000.exe () ->  /LOG

ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Git\Git Bash.lnk -> C:\Program Files\Git\git-bash.exe (The Git Development Community) -> --cd-to-home

ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Git\Git CMD.lnk -> C:\Program Files\Git\git-cmd.exe (The Git Development Community) -> --cd-to-home

ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CocosCreator\Check For Updates.lnk -> C:\CocosCreator\updater.exe (Chukong Technologies) -> /checknow

ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Computer Management.lnk -> C:\Windows\System32\compmgmt.msc () -> /s

ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Event Viewer.lnk -> C:\Windows\System32\eventvwr.msc () -> /s

ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Hyper-V Manager.lnk -> C:\Windows\System32\mmc.exe (Microsoft Corporation) -> "%windir%\System32\virtmgmt.msc"

ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Performance Monitor.lnk -> C:\Windows\System32\perfmon.msc () -> /s

ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Resource Monitor.lnk -> C:\Windows\System32\perfmon.exe (Microsoft Corporation) -> /res

ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Security Configuration Management.lnk -> C:\Windows\System32\secpol.msc () -> /s

ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Task Scheduler.lnk -> C:\Windows\System32\taskschd.msc () -> /s

ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows Media Player.lnk -> C:\Program Files (x86)\Windows Media Player\wmplayer.exe (Microsoft Corporation) -> /prefetch:1

ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessibility\Speech Recognition.lnk -> C:\Windows\Speech\Common\sapisvr.exe (Microsoft Corporation) -> -SpeechUX

ShortcutWithArgument: C:\Users\Default\AppData\Roaming\Microsoft\Windows\SendTo\Fax Recipient.lnk -> C:\Windows\System32\WFS.exe (Microsoft Corporation) -> /SendTo

ShortcutWithArgument: C:\Users\Default\AppData\Roaming\Microsoft\Windows\SendTo\TeamViewer.lnk -> C:\Program Files (x86)\TeamViewer\TeamViewer.exe (TeamViewer GmbH) -> --sendto

ShortcutWithArgument: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\04-1 - NetworkStatus.lnk -> C:\Windows\ImmersiveControlPanel\systemsettings.exe (Microsoft Corporation) -> page=SettingsPageNetworkStatus

ShortcutWithArgument: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\05 - Device Manager.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.DeviceManager

ShortcutWithArgument: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\06 - SystemAbout.lnk -> C:\Windows\ImmersiveControlPanel\systemsettings.exe (Microsoft Corporation) -> page=SettingsPagePCSystemInfo

ShortcutWithArgument: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\08 - PowerAndSleep.lnk -> C:\Windows\ImmersiveControlPanel\systemsettings.exe (Microsoft Corporation) -> page=SettingsPageScreenPowerAndSleep

ShortcutWithArgument: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\10 - AppsAndFeatures.lnk -> C:\Windows\ImmersiveControlPanel\systemsettings.exe (Microsoft Corporation) -> page=SettingsPageAppsSizes

ShortcutWithArgument: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group2\1 - Run.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) -> shell:::{2559a1f3-21d7-11d4-bdaf-00c04f60b9f0}

ShortcutWithArgument: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group2\2 - Search.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) -> shell:::{2559a1f8-21d7-11d4-bdaf-00c04f60b9f0}

ShortcutWithArgument: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group2\3 - Windows Explorer.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) -> shell:::{52205fd8-5dfb-447d-801a-d0b52f2e83e1}

ShortcutWithArgument: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group2\5 - Task Manager.lnk -> C:\Windows\System32\Taskmgr.exe (Microsoft Corporation) -> /0

ShortcutWithArgument: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group1\1 - Desktop.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) -> shell:::{3080F90D-D7AD-11D9-BD98-0000947B0257}

ShortcutWithArgument: C:\Users\ktown\Desktop\WhatsApp.lnk -> C:\Users\ktown\AppData\Local\WhatsApp\Update.exe () -> --processStart WhatsApp.exe

ShortcutWithArgument: C:\Users\ktown\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WhatsApp\WhatsApp.lnk -> C:\Users\ktown\AppData\Local\WhatsApp\Update.exe () -> --processStart WhatsApp.exe

ShortcutWithArgument: C:\Users\ktown\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome-Apps\TwitchAlerts Stream Labels.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) ->  --profile-directory=Default --app-id=kgmggmdngboajiakmbpdknfpdelbjbcg

ShortcutWithArgument: C:\Users\ktown\AppData\Roaming\Microsoft\Windows\SendTo\Fax Recipient.lnk -> C:\Windows\System32\WFS.exe (Microsoft Corporation) -> /SendTo

ShortcutWithArgument: C:\Users\ktown\AppData\Roaming\Microsoft\Windows\SendTo\TeamViewer.lnk -> C:\Program Files (x86)\TeamViewer\TeamViewer.exe (TeamViewer GmbH) -> --sendto

ShortcutWithArgument: C:\Users\ktown\AppData\Local\Microsoft\Windows\WinX\Group3\04-1 - NetworkStatus.lnk -> C:\Windows\ImmersiveControlPanel\systemsettings.exe (Microsoft Corporation) -> page=SettingsPageNetworkStatus

ShortcutWithArgument: C:\Users\ktown\AppData\Local\Microsoft\Windows\WinX\Group3\05 - Device Manager.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.DeviceManager

ShortcutWithArgument: C:\Users\ktown\AppData\Local\Microsoft\Windows\WinX\Group3\06 - SystemAbout.lnk -> C:\Windows\ImmersiveControlPanel\systemsettings.exe (Microsoft Corporation) -> page=SettingsPagePCSystemInfo

ShortcutWithArgument: C:\Users\ktown\AppData\Local\Microsoft\Windows\WinX\Group3\08 - PowerAndSleep.lnk -> C:\Windows\ImmersiveControlPanel\systemsettings.exe (Microsoft Corporation) -> page=SettingsPageScreenPowerAndSleep

ShortcutWithArgument: C:\Users\ktown\AppData\Local\Microsoft\Windows\WinX\Group3\10 - AppsAndFeatures.lnk -> C:\Windows\ImmersiveControlPanel\systemsettings.exe (Microsoft Corporation) -> page=SettingsPageAppsSizes

ShortcutWithArgument: C:\Users\ktown\AppData\Local\Microsoft\Windows\WinX\Group2\1 - Run.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) -> shell:::{2559a1f3-21d7-11d4-bdaf-00c04f60b9f0}

ShortcutWithArgument: C:\Users\ktown\AppData\Local\Microsoft\Windows\WinX\Group2\2 - Search.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) -> shell:::{2559a1f8-21d7-11d4-bdaf-00c04f60b9f0}

ShortcutWithArgument: C:\Users\ktown\AppData\Local\Microsoft\Windows\WinX\Group2\3 - Windows Explorer.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) -> shell:::{52205fd8-5dfb-447d-801a-d0b52f2e83e1}

ShortcutWithArgument: C:\Users\ktown\AppData\Local\Microsoft\Windows\WinX\Group2\5 - Task Manager.lnk -> C:\Windows\System32\Taskmgr.exe (Microsoft Corporation) -> /0

ShortcutWithArgument: C:\Users\ktown\AppData\Local\Microsoft\Windows\WinX\Group1\1 - Desktop.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) -> shell:::{3080F90D-D7AD-11D9-BD98-0000947B0257}
 
 

InternetURL: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Xoreax IncrediBuild\Check for Updates.url -> URL: hxxp://www.incredibuild.com/ibversionupdates.php?ver=1002854

InternetURL: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Xoreax IncrediBuild\Purchase Information.url -> URL: hxxp://www.incredibuild.com/purchase_main.htm

InternetURL: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Xoreax IncrediBuild\Recommend to a Friend.url -> URL: hxxp://www.incredibuild.com/customer-referral.html

InternetURL: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Xoreax IncrediBuild\Send Feedback.url -> URL: hxxp://www.incredibuild.com/support_feedback.htm

InternetURL: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Xoreax IncrediBuild\Xoreax Home Page.url -> URL: hxxp://www.incredibuild.com

InternetURL: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Xoreax IncrediBuild\Xoreax Support Center.url -> URL: hxxp://www.incredibuild.com/support_center.htm

InternetURL: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Unity 5.4.0f3 (64-bit)\Unity Release Notes.url -> URL: hxxp://unity3d.com/whatsnew.html

InternetURL: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lightshot\Learn More.url -> URL: hxxp://app.prntscr.com/learnmore.html

InternetURL: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lightshot\Screenshot history.url -> URL: hxxp://app.prntscr.com/about-gallery.html

InternetURL: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java Development Kit\Referenzdokumentation.url -> URL: hxxp://docs.oracle.com/javase/8/docs

InternetURL: C:\Users\ktown\Favorites\Bing.url -> URL: hxxp://go.microsoft.com/fwlink/p/?LinkId=255142

InternetURL: C:\Users\ktown\AppData\Local\MEGAsync\MEGA Website.url -> URL: hxxp://www.mega.nz

InternetURL: C:\Users\Public\Documents\DevExpress Demos 17.1\Components\Dashboard\FinancialDemo\Bin\FinancialDemo.Tablet.url -> URL: hxxp://localhost/DashboardDemos_v17_1/FinancialDemo.Tablet/Default.aspx

InternetURL: C:\Users\Public\Documents\DevExpress Demos 17.1\Components\Dashboard\FinancialDemo\Bin\FinancialDemo.Web.url -> URL: hxxp://localhost/DashboardDemos_v17_1/FinancialDemo.Web/Default.aspx
 

==================== Ende vom Shortcut.txt =============================

Sieht gut aus, wir machen noch Kontrollscans.

Schritt 1: Hitman Pro
Downloade dir die passende Version von HitmanPro auf deinen Desktop: HitmanPro - 32 Bit | HitmanPro - 64 Bit.

Starte die HitmanPro.exe
Klicke auf
Entferne den Haken bei
Klicke auf
und
Akzeptiere die Lizenzbedingungen und klicke auf
Klicke auf

und auf
Wenn der Scan beendet wurde, nichts löschen lassen etc. sondern wähle unten links auf der Button-Leiste
und speichere die Logdatei auf Deinem Desktop.
Schließe HitmanPro und poste mir das Log.

Schritt 1: ESET Online Scanner

ESET Online Scanner

Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
Lade und starte Eset Online Scanner
Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
Klicke auf Starten.
Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
Klicke am Ende des Suchlaufs auf Fertig stellen.
Schließe das Fenster von ESET.
Explorer öffnen.
C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
Logfile hier posten.
Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

Hitman:

Code:

HitmanPro 3.7.20.286

www.hitmanpro.com
 

   Computer name . . . . : DESKTOP-S8K03BB

   Windows . . . . . . . : 10.0.0.15063.X64/8

   User name . . . . . . : DESKTOP-S8K03BB\ktown

   UAC . . . . . . . . . : Enabled

   License . . . . . . . : Free
 

   Scan date . . . . . . : 2017-08-30 22:46:26

   Scan mode . . . . . . : Normal

   Scan duration . . . . : 17m 21s

   Disk access mode  . . : Direct disk access (SRB)

   Cloud . . . . . . . . : Internet

   Reboot  . . . . . . . : No
 

   Threats . . . . . . . : 1

   Traces  . . . . . . . : 4
 

   Objects scanned . . . : 3.793.478

   Files scanned . . . . : 442.229

   Remnants scanned  . . : 1.975.792 files / 1.375.457 keys
 

Malware _____________________________________________________________________
 

   C:\Users\ktown\AppData\Local\Microsoft\Windows\{032644B3-4DBF-404C-9DDB-ADE8247BA58D}\svchost.exe

      Size . . . . . . . : 355.840 bytes

      Age  . . . . . . . : 2.3 days (2017-08-28 16:24:12)

      Entropy  . . . . . : 7.0

      SHA-256  . . . . . : B09E9C967A1E7824C97B2BF65F0A1693083BF2E9A56C66AABAB748D947F27E73

      Product  . . . . . : sent Sun

      Publisher  . . . . : cheeseVertical

      Description  . . . : Press Fundraising Gi amend

      Version  . . . . . : 80.92.76.14

      LanguageID . . . . : 0

    > Bitdefender  . . . : Trojan.GenericKD.5908979

    > HitmanPro  . . . . : Mal/Generic-S

      Fuzzy  . . . . . . : 114.0

      Forensic Cluster

         -0.3s C:\Users\ktown\AppData\Local\Microsoft\Windows\{032644B3-4DBF-404C-9DDB-ADE8247BA58D}\

          0.0s C:\Users\ktown\AppData\Local\Microsoft\Windows\{032644B3-4DBF-404C-9DDB-ADE8247BA58D}\svchost.exe

          0.0s C:\Users\ktown\AppData\Local\Microsoft\Windows\{C83EFF28-A57A-4BBC-B695-426178168753}\

          0.3s C:\Users\ktown\AppData\Local\VirtualStore\Windows\assembly\Desktop.ini

          1.7s C:\Users\ktown\AppData\Local\Microsoft\Windows\{8E73B611-6D21-4BA3-B993-163F23FD62A0}\

          2.0s C:\Users\ktown\AppData\Local\Microsoft\Windows\{2FD7733B-8CF8-4F2B-8602-ED71387F0CE6}\

          4.3s C:\ProgramData\picnic Wise\Especially.exe
 
 

Suspicious files ____________________________________________________________
 

   C:\Program Files (x86)\ASUS\AXSP\1.01.02\PEbiosinterface32.dll

      Size . . . . . . . : 26.112 bytes

      Age  . . . . . . . : 5.1 days (2017-08-25 21:13:39)

      Entropy  . . . . . : 7.7

      SHA-256  . . . . . : D94C2B7A0D667100F4E2C42828F8436A4905A47A68968CC811BD50A42202F2EF

      Fuzzy  . . . . . . : 22.0

         Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.

         Program is running but currently exposes no human-computer interface (GUI).

         Authors name is missing in version info. This is not common to most programs.

         Version control is missing. This file is probably created by an individual. This is not typical for most programs.

         Time indicates that the file appeared recently on this computer.

         The file is in use by one or more active processes.
 

   C:\Users\ktown\Downloads\Mods\FRST64.exe

      Size . . . . . . . : 2.395.648 bytes

      Age  . . . . . . . : 2.9 days (2017-08-28 00:03:24)

      Entropy  . . . . . : 7.6

      SHA-256  . . . . . : 3A0DD3CC5A3AF8F77E2DFE27765BFC712CEF4536CCC3C6B27A9C5A790A3CAE0B

      Needs elevation  . : Yes

      Fuzzy  . . . . . . : 24.0

         Program has no publisher information but prompts the user for permission elevation.

         Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.

         Authors name is missing in version info. This is not common to most programs.

         Version control is missing. This file is probably created by an individual. This is not typical for most programs.

         Time indicates that the file appeared recently on this computer.

ESET:

Code:

ESETSmartInstaller@High as downloader log:

all ok

# product=EOS

# version=8

# OnlineScannerApp.exe=1.0.0.1

# EOSSerial=db05d5d98c498c4a8535dbc4e7eeebd3

# end=init

# utc_time=2017-08-30 08:48:13

# local_time=2017-08-30 10:48:13 (+0100, Mitteleuropäische Sommerzeit)

# country="Germany"

# osver=6.2.9200 NT 

Update Init

Update Download

Update Finalize

Updated modules version: 34582

# product=EOS

# version=8

# OnlineScannerApp.exe=1.0.0.1

# EOSSerial=db05d5d98c498c4a8535dbc4e7eeebd3

# end=updated

# utc_time=2017-08-30 09:08:46

# local_time=2017-08-30 11:08:46 (+0100, Mitteleuropäische Sommerzeit)

# country="Germany"

# osver=6.2.9200 NT 

# product=EOS

# version=8

# OnlineScannerApp.exe=1.0.0.1

# OnlineScanner.ocx=1.0.0.7777

# api_version=3.1.1

# EOSSerial=db05d5d98c498c4a8535dbc4e7eeebd3

# engine=34582

# end=stopped

# remove_checked=false

# archives_checked=true

# unwanted_checked=true

# unsafe_checked=false

# antistealth_checked=true

# utc_time=2017-08-30 10:24:13

# local_time=2017-08-31 12:24:13 (+0100, Mitteleuropäische Sommerzeit)

# country="Germany"

# lang=1031

# osver=6.2.9200 NT 

# compatibility_mode_1=''

# compatibility_mode=5893 16776574 100 94 384377 14264849 0 0

# scanned=375990

# found=0

# cleaned=0

# scan_time=4526

ESETSmartInstaller@High as downloader log:

all ok

# product=EOS

# version=8

# OnlineScannerApp.exe=1.0.0.1

# EOSSerial=db05d5d98c498c4a8535dbc4e7eeebd3

# end=init

# utc_time=2017-08-31 12:30:57

# local_time=2017-08-31 02:30:57 (+0100, Mitteleuropäische Sommerzeit)

# country="Germany"

# osver=6.2.9200 NT 

Update Init

Update Download

Update Finalize

Updated modules version: 34590

# product=EOS

# version=8

# OnlineScannerApp.exe=1.0.0.1

# EOSSerial=db05d5d98c498c4a8535dbc4e7eeebd3

# end=updated

# utc_time=2017-08-31 12:31:39

# local_time=2017-08-31 02:31:39 (+0100, Mitteleuropäische Sommerzeit)

# country="Germany"

# osver=6.2.9200 NT 

# product=EOS

# version=8

# OnlineScannerApp.exe=1.0.0.1

# OnlineScanner.ocx=1.0.0.7777

# api_version=3.1.1

# EOSSerial=db05d5d98c498c4a8535dbc4e7eeebd3

# engine=34590

# end=finished

# remove_checked=false

# archives_checked=true

# unwanted_checked=true

# unsafe_checked=false

# antistealth_checked=true

# utc_time=2017-08-31 05:37:46

# local_time=2017-08-31 07:37:46 (+0100, Mitteleuropäische Sommerzeit)

# country="Germany"

# lang=1031

# osver=6.2.9200 NT 

# compatibility_mode_1=''

# compatibility_mode=5893 16776574 100 94 453590 14334062 0 0

# scanned=1192758

# found=4

# cleaned=0

# scan_time=18366

sh=C2B640CB1C2B464BD965755DF7FD88AAA0233372 ft=0 fh=0000000000000000 vn="BAT/CoinMiner.QR Trojaner" ac=I fn="C:\Users\ktown\AppData\Local\Temp\guid.bat"

sh=E3CDD1539F952B3701D0E48FD7EEBEB9FEA5C274 ft=1 fh=7ac104629a3ea3ce vn="Variante von Generik.HHXKFOZ Trojaner" ac=I fn="C:\Users\ktown\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\AutorunsDisabled\program32.exe"

sh=32FAE8C4223B66D9981C2F8E6DA4BE7DF8BD29F1 ft=1 fh=71e22f8618b76d04 vn="Variante von Win32/FusionCore.L eventuell unerwÃ¼nschte Anwendung" ac=I fn="C:\Users\ktown\Downloads\Mods\cdbxp_setup_4.5.7.6623.exe"

sh=0000000000000000000000000000000000000000 ft=- fh=0000000000000000 vn="Mehrere Bedrohungen" ac=I fn="E:\Pc Daten 25.08.2017\Downloads.rar"

Da sind noch Reste.
Und da es sich teilweise auch um Spyware handelte, empfehle ich dir, alle Passwörter zu ändern, auf die du mit diesem Computer zugegriffen hast.

Schritt 1: FRST-Fix
Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:

closeprocesses:

folder: C:\Users\ktown\AppData\Local\Microsoft\Windows

cmd: type C:\Users\ktown\AppData\Local\VirtualStore\Windows\assembly\Desktop.ini

cmd: type C:\Users\ktown\AppData\Local\Temp\guid.bat

HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Beschränkung <==== ACHTUNG

folder: C:\Users\ktown\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup

Startup: C:\Users\ktown\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\AutorunsDisabled [2017-08-28] ()

C:\Users\ktown\Downloads\Mods\cdbxp_setup_4.5.7.6623.exe

2017-08-27 22:22 - 2017-08-28 16:25 - 000000000 ____D C:\Users\ktown\AppData\Roaming\tor

2017-08-27 22:21 - 2017-08-28 18:33 - 000000000 ____D C:\Users\ktown\AppData\Roaming\sound

2017-08-27 22:21 - 2017-08-28 18:33 - 000000000 ____D C:\Users\ktown\AppData\Roaming\Audio

emptytemp:

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).

Starte nun FRST erneut und klicke den Entfernen Button.
Das Tool erstellt eine Fixlog.txt.
Poste mir deren Inhalt.

Schritt 2: MBAM wiederholen

Starte Malwarebytes' Anti-Malware (MBAM).
Klicke im Anschluss auf Scan, wähle den Bedrohungs-Scan aus und klicke auf Scan starten.
Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Ausgewählte Elemente in die Quarantäne verschieben.
Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
Starte MBAM nach dem Neustart, klicke auf Berichte.
Wähle den neuesten Scan-Bericht aus, klicke auf Bericht anzeigen und dann auf Export.
Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab.
Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.

Schritt 3: neue FRST-Logs

Starte noch einmal FRST und klicke auf Untersuchen.
Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
Poste mir die FRST.txt und die Addition.txt in deinem Thread.