Code:
Zusätzliches Untersuchungsergebnis von Farbar Recovery Scan Tool (x64) Version: 31-05-2017
durchgeführt von carlo_000 (01-06-2017 15:20:28)
Gestartet von C:\Users\carlo_000\Downloads
Windows 10 Pro Version 1703 (X64) (2017-04-14 19:13:50)
Start-Modus: Normal
==========================================================
==================== Konten: =============================
Administrator (S-1-5-21-3180956992-2345008597-2405067262-500 - Administrator - Disabled)
carlo_000 (S-1-5-21-3180956992-2345008597-2405067262-1001 - Administrator - Enabled) => C:\Users\carlo_000
DefaultAccount (S-1-5-21-3180956992-2345008597-2405067262-503 - Limited - Disabled)
Gast (S-1-5-21-3180956992-2345008597-2405067262-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-3180956992-2345008597-2405067262-1003 - Limited - Enabled)
==================== Sicherheits-Center ========================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er entfernt.)
AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installierte Programme ======================
(Nur Adware-Programme mit dem Zusatz "Hidden" können in die Fixlist aufgenommen werden, um sie sichtbar zu machen. Die Adware-Programme sollten manuell deinstalliert werden.)
64 Bit HP CIO Components Installer (Version: 16.2.1 - Hewlett-Packard) Hidden
Adobe Acrobat Reader DC - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AC0F074E4100}) (Version: 15.007.20033 - Adobe Systems Incorporated)
Adobe Acrobat X Pro - English, Français, Deutsch (HKLM-x32\...\{AC76BA86-1033-F400-7760-000000000005}) (Version: 10.1.1 - Adobe Systems)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.1.0.4880 - Adobe Systems Incorporated)
Adobe Creative Suite 6 Master Collection (HKLM-x32\...\{E8AD3069-9EB7-4BA8-8BFE-83F4E69355C0}) (Version: 6 - Adobe Systems Incorporated)
Adobe Flash Player 25 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 25.0.0.171 - Adobe Systems Incorporated)
Adobe Help Manager (HKLM-x32\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 4.0.244 - Adobe Systems Incorporated)
Akamai NetSession Interface (HKU\S-1-5-21-3180956992-2345008597-2405067262-1001\...\Akamai) (Version: - Akamai Technologies, Inc)
Andy OS (HKLM\...\Andy OS) (Version: 46.16 - Andy OS, Inc)
Auto Dust Brush Plug-in (HKLM-x32\...\{C4D2A420-1AA5-4DF5-99F7-E49DBC801D7E}) (Version: - )
AutoIt v3.3.14.2 (HKLM-x32\...\AutoItv3) (Version: 3.3.14.2 - AutoIt Team)
BitTorrent (HKU\S-1-5-21-3180956992-2345008597-2405067262-1001\...\BitTorrent) (Version: 7.9.9.43086 - BitTorrent Inc.)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Call of Duty: Modern Warfare 2 (HKLM\...\Steam App 10180) (Version: - Infinity Ward)
CCleaner (HKLM\...\CCleaner) (Version: 5.30 - Piriform)
Cybereason RansomFree 2.2.7.0 (HKLM-x32\...\{4270E670-6048-45D1-8735-BF55FD0CC07C}) (Version: 2.2.7.0 - Cybereason Inc.)
DiMAGE Scan Dual4 ver.1.0 (HKLM-x32\...\{6F00F343-7562-4F03-B3C3-F9360E2DA333}) (Version: - )
Dropbox (HKU\S-1-5-21-3180956992-2345008597-2405067262-1001\...\Dropbox) (Version: 27.4.22 - Dropbox, Inc.)
Google Earth (HKLM-x32\...\{F6430171-B86B-4639-839E-374913E7911D}) (Version: 7.1.8.3036 - Google)
Google Update Helper (x32 Version: 1.3.33.5 - Google Inc.) Hidden
ifolor Designer (HKLM-x32\...\ifolor-Designer) (Version: - Ifolor AG)
Intel(R) C++ Redistributables on Intel(R) 64 (HKLM-x32\...\{AA67D612-0BE5-44D6-9A91-592958F754A1}) (Version: 13.0.198 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 20.19.15.4568 - Intel Corporation)
MAGIX Speed burnR (MSI) (HKLM-x32\...\MX.{B7802BC1-5F76-48D2-A622-98195BD50B87}) (Version: 7.0.2.6 - MAGIX Software GmbH)
MAGIX Speed burnR (MSI) (Version: 7.0.2.6 - MAGIX Software GmbH) Hidden
MAGIX Video deluxe 2016 Premium (HKLM\...\MX.{B9D9D873-ADDA-4D0C-B691-0F323C6DD62A}) (Version: 15.0.0.62 - MAGIX Software GmbH)
MAGIX Video deluxe 2016 Premium (Version: 15.0.0.62 - MAGIX Software GmbH) Hidden
Microsoft Games for Windows - LIVE (HKLM-x32\...\{2C9EE786-1DDB-4C98-8FA4-B1B9B5A66B77}) (Version: 3.1.186.0 - Microsoft Corporation)
Microsoft Games for Windows - LIVE Redistributable (HKLM-x32\...\{00C5F4F4-62F9-40D7-8000-AD8A9CD0C669}) (Version: 3.1.99.0 - Microsoft Corporation)
Microsoft Office 365 - de-de (HKLM\...\O365HomePremRetail - de-de) (Version: 16.0.8067.2115 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-3180956992-2345008597-2405067262-1001\...\OneDriveSetup.exe) (Version: 17.3.6816.0313 - Microsoft Corporation)
Microsoft Project Professional 2013 (HKLM-x32\...\Office15.PRJPROR) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50906.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.23506 (HKLM-x32\...\{23daf363-3020-4059-b3ae-dc4ad39fed19}) (Version: 14.0.23506.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Visual Studio 2010-Tools für Office-Laufzeit (x64) Language Pack - DEU (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - DEU) (Version: 10.0.50903 - Microsoft Corporation)
Mozilla Firefox 53.0.3 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 53.0.3 (x86 en-US)) (Version: 53.0.3 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 53.0.3.6347 - Mozilla)
MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2721691) (HKLM-x32\...\{355B5AC0-CEEE-42C5-AD4D-7F3CFD806C36}) (Version: 4.30.2114.0 - Microsoft Corporation)
Office 16 Click-to-Run Extensibility Component (x32 Version: 16.0.8067.2115 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Extensibility Component 64-bit Registration (Version: 16.0.8067.2115 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (Version: 16.0.8067.2115 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (x32 Version: 16.0.7967.2073 - Microsoft Corporation) Hidden
Outils de vérification linguistique 2013 de Microsoft Office*- Français (x32 Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
PCSX2 - Playstation 2 Emulator (HKLM-x32\...\pcsx2) (Version: - )
PDF Settings CS6 (x32 Version: 11.0 - Adobe Systems Incorporated) Hidden
Project64 version 2.3.0.210 (HKLM-x32\...\{BEB5FB69-4080-466F-96C4-F15DF271718B}_is1) (Version: 2.3.0.210 - )
PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.987 - Even Balance, Inc.)
QuickTime 7 (HKLM-x32\...\{FF59BD75-466A-4D5A-AD23-AAD87C5FD44C}) (Version: 7.79.80.95 - Apple Inc.)
realMyst (HKLM\...\Steam App 63600) (Version: - Cyan Worlds)
Samsung Printer Live Update (HKLM-x32\...\Samsung Printer Live Update) (Version: 1.01.00:04(2013-04-22) - Samsung Electronics Co., Ltd.)
Service Pack 1 for Microsoft Office 2013 (KB2850036) 32-Bit Edition (HKLM-x32\...\{91150000-003B-0000-0000-0000000FF1CE}_Office15.PRJPROR_{115B7592-B71D-4C27-AB34-34268FB199CA}) (Version: - Microsoft)
SHARP MX/MX-M/DX Series PCL/PS Printer Driver (HKLM-x32\...\SHARP MX-2310U PCL PS Printer Driver) (Version: 1.00.000 - SHARP)
Skype™ 7.3 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.3.101 - Skype Technologies S.A.)
Solibri IFC Optimizer 2.1.4 (HKLM\...\8363-3598-0906-2377) (Version: 2.1.4 - Solibri, Inc.)
Solibri Model Checker v9.5 (HKLM\...\1633-7128-7763-8622) (Version: 9.5.28 - Solibri, Inc.)
South Park™: The Stick of Truth™ (HKLM-x32\...\Steam App 213670) (Version: - Obsidian Entertainment)
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.4.40 - Safer-Networking Ltd.)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
TeamViewer 12 (HKLM-x32\...\TeamViewer) (Version: 12.0.78313 - TeamViewer)
UE Speaker Update-Assistent (HKLM-x32\...\{91290A9B-9767-405B-B187-0906D0300EA7}) (Version: 1.4.21 - Logitech, Inc.)
Update for Skype for Business 2015 (KB3191876) 32-Bit Edition (HKLM-x32\...\{90150000-002A-0000-1000-0000000FF1CE}_Office15.PRJPROR_{0C5B0FE3-809E-4D71-B5F6-3EFDAA93C2E6}) (Version: - Microsoft)
Vectorworks 2017 (HKLM\...\Vectorworks 2017 SP2 22.0.2) (Version: 22.0.2 - Vectorworks, Inc.)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.4 - VideoLAN)
WhatsApp (HKU\S-1-5-21-3180956992-2345008597-2405067262-1001\...\WhatsApp) (Version: 0.2.4240 - WhatsApp)
WinRAR 5.40 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 5.40.0 - win.rar GmbH)
==================== Benutzerdefinierte CLSID (Nicht auf der Ausnahmeliste): ==========================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
CustomCLSID: HKU\S-1-5-21-3180956992-2345008597-2405067262-1001_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\carlo_000\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3180956992-2345008597-2405067262-1001_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Users\carlo_000\AppData\Roaming\Dropbox\bin\DropboxExt64.16.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3180956992-2345008597-2405067262-1001_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\carlo_000\AppData\Roaming\Dropbox\bin\DropboxExt64.16.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3180956992-2345008597-2405067262-1001_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\carlo_000\AppData\Roaming\Dropbox\bin\DropboxExt64.16.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3180956992-2345008597-2405067262-1001_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\carlo_000\AppData\Roaming\Dropbox\bin\DropboxExt64.16.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3180956992-2345008597-2405067262-1001_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\carlo_000\AppData\Roaming\Dropbox\bin\DropboxExt64.16.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3180956992-2345008597-2405067262-1001_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\carlo_000\AppData\Roaming\Dropbox\bin\DropboxExt64.16.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3180956992-2345008597-2405067262-1001_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\carlo_000\AppData\Roaming\Dropbox\bin\DropboxExt64.16.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3180956992-2345008597-2405067262-1001_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\carlo_000\AppData\Roaming\Dropbox\bin\DropboxExt64.16.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3180956992-2345008597-2405067262-1001_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\carlo_000\AppData\Roaming\Dropbox\bin\DropboxExt64.16.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3180956992-2345008597-2405067262-1001_Classes\CLSID\{FB314EE1-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\carlo_000\AppData\Roaming\Dropbox\bin\DropboxExt64.16.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3180956992-2345008597-2405067262-1001_Classes\CLSID\{FB314EE2-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\carlo_000\AppData\Roaming\Dropbox\bin\DropboxExt64.16.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3180956992-2345008597-2405067262-1001_Classes\CLSID\{FBC9D74C-AF55-4309-9FB2-C426E071637F}\InprocServer32 -> C:\Users\carlo_000\AppData\Roaming\Dropbox\bin\DropboxExt64.16.0.dll (Dropbox, Inc.)
==================== Geplante Aufgaben (Nicht auf der Ausnahmeliste) =============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
Task: {068F9CD0-5E10-427D-90BA-498EC4FBDBAF} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => %ProgramFiles%\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe
Task: {0AFA054F-1269-495A-AD73-253BB665A4A9} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> Keine Datei <==== ACHTUNG
Task: {0D3E751A-A173-44BA-9080-D602EF85B069} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2017-05-19] (Piriform Ltd)
Task: {1EC32252-9432-40C9-8E8F-B945B22E644F} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2017-05-14] (Microsoft Corporation)
Task: {2200F6EB-401D-465E-979C-B10443349F09} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> Keine Datei <==== ACHTUNG
Task: {2CBCA7E3-4756-4132-9A6A-6FFA5247329C} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-01] (Google Inc.)
Task: {3252D921-4759-4513-9675-BF104E6043DD} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-22] (Microsoft Corporation)
Task: {352E6CA0-7314-4DF4-89C4-682368D80D57} - System32\Tasks\Microsoft\Windows\Workplace Join\Automatic-Workplace-Join => %SystemRoot%\System32\AutoWorkplace.exe
Task: {355B2441-3EB8-478B-ACFD-BC73C9CDFBBB} - System32\Tasks\Cybereason RansomFree Autostart => C:\Program Files (x86)\Cybereason\RansomFree\CybereasonRansomFree.exe [2017-05-07] (Cybereason)
Task: {47B2C3E1-9ED0-4AA1-97A7-6F79E6AA4F78} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> Keine Datei <==== ACHTUNG
Task: {551E344F-1F99-4391-96DC-5586CD3AE2CB} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe [2016-03-21] (Safer-Networking Ltd.)
Task: {5A9F8A73-4A3E-4797-A7DB-1DF934058493} - System32\Tasks\{488894C1-5E5E-4388-8023-EAEB5E1F593A} => pcalua.exe -a "C:\Program Files (x86)\Rockstar Games\GTA San Andreas\gta_sa.exe" -d "C:\Program Files (x86)\Rockstar Games\GTA San Andreas"
Task: {6427F474-ED91-47D8-8304-20AEC0960B09} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe [2014-06-27] (Safer-Networking Ltd.)
Task: {658BFCFC-FF85-4058-A391-081DD4DB6881} - System32\Tasks\{3A14965C-B8F4-42A1-AFEC-F9D1AC94C8DA} => pcalua.exe -a C:\Users\carlo_000\Downloads\mame64.exe -d C:\Users\carlo_000\Downloads
Task: {7D11138B-BF90-4471-B317-7C6DE530043B} - \WPD\SqmUpload_S-1-5-21-3180956992-2345008597-2405067262-1001 -> Keine Datei <==== ACHTUNG
Task: {800D03B4-DD46-4F1D-8998-74943B96C352} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> Keine Datei <==== ACHTUNG
Task: {81E0454C-5C0E-454E-99F8-BA34F340A99A} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2017-05-14] (Microsoft Corporation)
Task: {8988B65F-A96C-4522-AF44-3E1AB0AC40A6} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-01] (Google Inc.)
Task: {89BA7413-F33C-48A6-8C3F-DFE974ED7AAD} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> Keine Datei <==== ACHTUNG
Task: {9058200C-9226-455C-A9BC-0987868B3BC4} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2017-05-24] (Microsoft Corporation)
Task: {9C85EE38-A858-4C21-9584-625449AA41F5} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> Keine Datei <==== ACHTUNG
Task: {9D529B76-D5D4-4B04-A9EF-7D6EF958DF6F} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> Keine Datei <==== ACHTUNG
Task: {A8EB4FD0-67DF-47C5-AF99-309D95428C51} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDImmunize.exe [2016-03-21] (Safer-Networking Ltd.)
Task: {A9226A8D-D98F-4A7A-B284-B4423FEFD1E7} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-3180956992-2345008597-2405067262-1001Core1d2375195a4ab69 => C:\Users\carlo_000\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2016-11-05] (Dropbox, Inc.)
Task: {AFF3A952-C784-43DB-A2A8-32824964F45C} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> Keine Datei <==== ACHTUNG
Task: {B09D708A-CF1A-464F-AB91-F463C4E69D48} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerRegistration => C:\Program Files (x86)\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [2017-05-28] ()
Task: {B5B29881-35EE-487B-B1FE-FD1FA94C2497} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-22] (Microsoft Corporation)
Task: {C535E107-B16F-4BB2-A248-E64C6CD1F364} - System32\Tasks\Cybereason RansomFree Keepalive => C:\Program Files (x86)\Cybereason\RansomFree\CybereasonRansomFree.exe [2017-05-07] (Cybereason)
Task: {C8C4FFC0-6488-44F3-A122-5AD815C2D45B} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonx86\Microsoft Shared\Office16\OLicenseHeartbeat.exe [2017-05-28] (Microsoft Corporation)
Task: {CB3327C2-241D-4937-A323-A41C02583D7D} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWoW64\Macromed\Flash\FlashPlayerUpdateService.exe [2017-05-11] (Adobe Systems Incorporated)
Task: {CDE96FDE-C6E4-4A3D-83B1-514712804681} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> Keine Datei <==== ACHTUNG
Task: {D5A19358-A4A9-41E6-86E2-F1619754525A} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerLogon => C:\Program Files (x86)\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [2017-05-28] ()
Task: {DA1BE289-7400-4A80-9885-B08F3978B4A4} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-3180956992-2345008597-2405067262-1001UA1d2375195b3e94b => C:\Users\carlo_000\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2016-11-05] (Dropbox, Inc.)
Task: {E2793B08-7DBF-4948-A788-94EC5CA6FCE8} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> Keine Datei <==== ACHTUNG
Task: {E432D26B-6F67-4606-8FF7-22DAC512F01B} - System32\Tasks\{58895F78-55C1-49E0-9BC5-0200C51B98AD} => pcalua.exe -a C:\Users\carlo_000\Downloads\M.A.M.E\mame64.exe -d C:\Users\carlo_000\Downloads\M.A.M.E
Task: {F07A570D-68D3-41B2-A075-9F6E7D5410A2} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> Keine Datei <==== ACHTUNG
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Aufgabe verschoben. Die Datei, die durch die Aufgabe gestartet wird, wird nicht verschoben.)
Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskUserS-1-5-21-3180956992-2345008597-2405067262-1001Core1d2375195a4ab69.job => C:\Users\carlo_000\AppData\Local\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskUserS-1-5-21-3180956992-2345008597-2405067262-1001UA1d2375195b3e94b.job => C:\Users\carlo_000\AppData\Local\Dropbox\Update\DropboxUpdate.exe
==================== Verknüpfungen =============================
(Die Einträge können gelistet werden, um sie zurückzusetzen oder zu entfernen.)
==================== Geladene Module (Nicht auf der Ausnahmeliste) ==============
2015-06-11 09:48 - 2015-06-11 09:48 - 00022528 _____ () C:\WINDOWS\System32\sst9clm.dll
2017-03-18 22:58 - 2017-03-18 22:58 - 00138000 _____ () C:\WINDOWS\SYSTEM32\inputhost.dll
2017-03-18 22:59 - 2017-03-20 06:43 - 01731072 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2017-05-09 07:12 - 2017-05-09 07:12 - 00765440 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsStore_11703.1001.45.0_x64__8wekyb3d8bbwe\WinStore.Vui.dll
2017-05-09 07:12 - 2017-05-09 07:12 - 10601984 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsStore_11703.1001.45.0_x64__8wekyb3d8bbwe\WinStore.Entertainment.Mobile.dll
2017-05-09 07:12 - 2017-05-09 07:12 - 02640384 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsStore_11703.1001.45.0_x64__8wekyb3d8bbwe\MS.Entertainment.Common.Mobile.dll
2017-05-07 20:01 - 2017-05-07 20:02 - 00020480 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_17.425.10010.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
2017-05-07 20:01 - 2017-05-07 20:02 - 26322944 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_17.425.10010.0_x64__8wekyb3d8bbwe\Microsoft.Photos.dll
2017-05-07 20:01 - 2017-05-07 20:02 - 00441856 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_17.425.10010.0_x64__8wekyb3d8bbwe\Microsoft.Photos.AGM.Native.Windows.dll
2017-05-07 20:01 - 2017-05-07 20:02 - 02139648 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_17.425.10010.0_x64__8wekyb3d8bbwe\MediaEngine.dll
2017-05-07 20:01 - 2017-05-07 20:02 - 02901928 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_17.425.10010.0_x64__8wekyb3d8bbwe\Microsoft.UI.Xaml.dll
2017-05-07 20:01 - 2017-05-07 20:02 - 00046080 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_17.425.10010.0_x64__8wekyb3d8bbwe\Microsoft.Photos.Edit.Services.dll
2016-06-15 07:37 - 2016-06-15 07:37 - 00680448 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_17.425.10010.0_x64__8wekyb3d8bbwe\Microsoft.DesignCore.dll
2017-05-07 20:01 - 2017-05-07 20:02 - 00641024 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_17.425.10010.0_x64__8wekyb3d8bbwe\Microsoft.RichMedia.Ink.Controls.dll
2017-05-07 20:01 - 2017-05-07 20:02 - 01062400 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_17.425.10010.0_x64__8wekyb3d8bbwe\Microsoft.Sharing.dll
2017-05-25 07:02 - 2017-05-25 07:02 - 01726976 _____ () C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.8218.40507.0_x64__8wekyb3d8bbwe\HxMail.exe
2017-05-25 07:02 - 2017-05-25 07:02 - 13096136 _____ () C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.8218.40507.0_x64__8wekyb3d8bbwe\Office.UI.Xaml.Core.dll
2017-05-23 08:16 - 2017-05-23 08:32 - 03982336 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1705.1302.0_x64__8wekyb3d8bbwe\Calculator.exe
2017-05-23 08:16 - 2017-05-23 08:32 - 03139496 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1705.1302.0_x64__8wekyb3d8bbwe\Microsoft.UI.Xaml.dll
2017-04-09 18:58 - 2017-04-09 18:59 - 01695440 _____ () C:\Program Files\WindowsApps\Microsoft.Office.OneNote_17.8241.57621.0_x64__8wekyb3d8bbwe\Microsoft.Applications.Telemetry.Windows.dll
2017-05-26 14:39 - 2017-05-26 14:39 - 13207240 _____ () C:\Program Files\WindowsApps\Microsoft.Office.OneNote_17.8241.57621.0_x64__8wekyb3d8bbwe\Office.UI.Xaml.Core.dll
2017-05-26 14:39 - 2017-05-26 14:39 - 00147144 _____ () C:\Program Files\WindowsApps\Microsoft.Office.OneNote_17.8241.57621.0_x64__8wekyb3d8bbwe\textinputdriver.dll
2017-05-31 20:05 - 2012-08-23 10:38 - 00574840 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\sqlite3.dll
2017-05-31 20:05 - 2014-05-13 12:04 - 00109400 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl
2017-05-31 20:05 - 2014-05-13 12:04 - 00167768 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl
2017-05-31 20:05 - 2014-05-13 12:04 - 00416600 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl
2017-05-31 20:05 - 2012-04-03 17:06 - 00565640 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\av\BDSmartDB.dll
2017-05-31 22:18 - 2017-05-30 12:19 - 00775488 _____ () C:\Users\carlo_000\AppData\Roaming\Dropbox\bin\dropbox_watchdog.dll
2017-05-31 22:18 - 2017-05-30 12:19 - 01787200 _____ () C:\Users\carlo_000\AppData\Roaming\Dropbox\bin\dropbox_crashpad.dll
2017-04-20 20:13 - 2017-05-12 04:25 - 00035792 _____ () C:\Users\carlo_000\AppData\Roaming\Dropbox\bin\_multiprocessing.pyd
2017-04-20 20:13 - 2017-05-12 04:25 - 00100296 _____ () C:\Users\carlo_000\AppData\Roaming\Dropbox\bin\_ctypes.pyd
2017-04-20 20:13 - 2017-05-12 04:25 - 00018888 _____ () C:\Users\carlo_000\AppData\Roaming\Dropbox\bin\select.pyd
2017-04-20 20:13 - 2017-05-30 12:21 - 00019776 _____ () C:\Users\carlo_000\AppData\Roaming\Dropbox\bin\tornado.speedups.pyd
2017-05-31 22:18 - 2017-05-30 12:21 - 00020824 _____ () C:\Users\carlo_000\AppData\Roaming\Dropbox\bin\cryptography.hazmat.bindings._constant_time.pyd
2017-04-20 20:13 - 2017-05-12 04:25 - 00123856 _____ () C:\Users\carlo_000\AppData\Roaming\Dropbox\bin\_cffi_backend.pyd
2017-04-20 20:13 - 2017-05-12 04:25 - 00694224 _____ () C:\Users\carlo_000\AppData\Roaming\Dropbox\bin\unicodedata.pyd
2017-05-31 22:18 - 2017-05-30 12:21 - 01729360 _____ () C:\Users\carlo_000\AppData\Roaming\Dropbox\bin\cryptography.hazmat.bindings._openssl.pyd
2017-05-31 22:18 - 2017-05-30 12:21 - 00020816 _____ () C:\Users\carlo_000\AppData\Roaming\Dropbox\bin\cryptography.hazmat.bindings._padding.pyd
2017-05-31 22:18 - 2017-05-12 04:25 - 00145864 _____ () C:\Users\carlo_000\AppData\Roaming\Dropbox\bin\pyexpat.pyd
2017-05-31 22:18 - 2017-05-12 04:25 - 00019408 _____ () C:\Users\carlo_000\AppData\Roaming\Dropbox\bin\faulthandler.pyd
2017-05-31 22:18 - 2017-05-12 04:25 - 00116688 _____ () C:\Users\carlo_000\AppData\Roaming\Dropbox\bin\pywintypes27.dll
2017-04-20 20:13 - 2017-05-12 04:27 - 00105928 _____ () C:\Users\carlo_000\AppData\Roaming\Dropbox\bin\win32api.pyd
2017-04-20 20:13 - 2017-05-30 12:22 - 00022864 _____ () C:\Users\carlo_000\AppData\Roaming\Dropbox\bin\winffi.crt.compiled._winffi_crt.pyd
2017-05-31 22:18 - 2017-05-30 12:21 - 00060736 _____ () C:\Users\carlo_000\AppData\Roaming\Dropbox\bin\psutil._psutil_windows.pyd
2017-05-31 22:18 - 2017-05-30 12:21 - 00038712 _____ () C:\Users\carlo_000\AppData\Roaming\Dropbox\bin\fastpath.pyd
2017-04-20 20:13 - 2017-05-12 04:27 - 00024528 _____ () C:\Users\carlo_000\AppData\Roaming\Dropbox\bin\win32event.pyd
2017-05-31 22:18 - 2017-05-12 04:25 - 00392656 _____ () C:\Users\carlo_000\AppData\Roaming\Dropbox\bin\pythoncom27.dll
2017-05-31 22:18 - 2017-05-12 04:27 - 00020936 _____ () C:\Users\carlo_000\AppData\Roaming\Dropbox\bin\mmapfile.pyd
2017-04-20 20:13 - 2017-05-12 04:27 - 00116176 _____ () C:\Users\carlo_000\AppData\Roaming\Dropbox\bin\win32security.pyd
2017-04-20 20:13 - 2017-05-30 12:21 - 00392512 _____ () C:\Users\carlo_000\AppData\Roaming\Dropbox\bin\win32com.shell.shell.pyd
2017-04-20 20:13 - 2017-05-12 04:27 - 00124880 _____ () C:\Users\carlo_000\AppData\Roaming\Dropbox\bin\win32file.pyd
2017-04-20 20:13 - 2017-05-30 12:22 - 00026456 _____ () C:\Users\carlo_000\AppData\Roaming\Dropbox\bin\winffi.kernel32.compiled._winffi_kernel32.pyd
2017-04-20 20:13 - 2017-05-12 04:27 - 00024016 _____ () C:\Users\carlo_000\AppData\Roaming\Dropbox\bin\win32clipboard.pyd
2017-04-20 20:13 - 2017-05-12 04:27 - 00175560 _____ () C:\Users\carlo_000\AppData\Roaming\Dropbox\bin\win32gui.pyd
2017-04-20 20:13 - 2017-05-12 04:27 - 00030160 _____ () C:\Users\carlo_000\AppData\Roaming\Dropbox\bin\win32pipe.pyd
2017-04-20 20:13 - 2017-05-12 04:27 - 00043472 _____ () C:\Users\carlo_000\AppData\Roaming\Dropbox\bin\win32process.pyd
2017-04-20 20:13 - 2017-05-12 04:27 - 00048592 _____ () C:\Users\carlo_000\AppData\Roaming\Dropbox\bin\win32service.pyd
2017-04-20 20:13 - 2017-05-12 04:27 - 00057808 _____ () C:\Users\carlo_000\AppData\Roaming\Dropbox\bin\win32evtlog.pyd
2017-04-20 20:13 - 2017-05-12 04:27 - 00024016 _____ () C:\Users\carlo_000\AppData\Roaming\Dropbox\bin\win32profile.pyd
2017-05-31 22:18 - 2017-05-30 12:21 - 00022336 _____ () C:\Users\carlo_000\AppData\Roaming\Dropbox\bin\cpuid.compiled._cpuid.pyd
2017-05-18 07:31 - 2017-05-30 12:22 - 00082264 _____ () C:\Users\carlo_000\AppData\Roaming\Dropbox\bin\winenumhandles.compiled._WinEnumHandles.pyd
2017-04-20 20:13 - 2017-05-30 12:22 - 00025432 _____ () C:\Users\carlo_000\AppData\Roaming\Dropbox\bin\winscreenshot.compiled._CaptureScreenshot.pyd
2017-05-31 22:18 - 2017-05-30 12:21 - 00246608 _____ () C:\Users\carlo_000\AppData\Roaming\Dropbox\bin\breakpad.client.windows.handler.pyd
2017-05-31 22:18 - 2017-05-30 12:21 - 00027488 _____ () C:\Users\carlo_000\AppData\Roaming\Dropbox\bin\dropbox.infinite.win.compiled._driverinstallation.pyd
2017-05-31 22:18 - 2017-05-30 12:21 - 03928896 _____ () C:\Users\carlo_000\AppData\Roaming\Dropbox\bin\PyQt5.QtWidgets.pyd
2017-04-20 20:13 - 2017-05-12 04:25 - 00083912 _____ () C:\Users\carlo_000\AppData\Roaming\Dropbox\bin\sip.pyd
2017-05-31 22:18 - 2017-05-30 12:21 - 01826104 _____ () C:\Users\carlo_000\AppData\Roaming\Dropbox\bin\PyQt5.QtCore.pyd
2017-05-31 22:18 - 2017-05-30 12:21 - 01972024 _____ () C:\Users\carlo_000\AppData\Roaming\Dropbox\bin\PyQt5.QtGui.pyd
2017-04-20 20:13 - 2017-05-12 04:27 - 00028616 _____ () C:\Users\carlo_000\AppData\Roaming\Dropbox\bin\win32ts.pyd
2017-05-31 22:18 - 2017-05-30 12:21 - 00171336 _____ () C:\Users\carlo_000\AppData\Roaming\Dropbox\bin\PyQt5.QtWebEngineWidgets.pyd
2017-05-31 22:18 - 2017-05-30 12:21 - 00042816 _____ () C:\Users\carlo_000\AppData\Roaming\Dropbox\bin\PyQt5.QtWebChannel.pyd
2017-05-31 22:18 - 2017-05-30 12:21 - 00531264 _____ () C:\Users\carlo_000\AppData\Roaming\Dropbox\bin\PyQt5.QtNetwork.pyd
2017-05-31 22:18 - 2017-05-30 12:21 - 00133432 _____ () C:\Users\carlo_000\AppData\Roaming\Dropbox\bin\PyQt5.QtWebKit.pyd
2017-05-31 22:18 - 2017-05-30 12:21 - 00224064 _____ () C:\Users\carlo_000\AppData\Roaming\Dropbox\bin\PyQt5.QtWebKitWidgets.pyd
2017-05-31 22:18 - 2017-05-30 12:21 - 00207680 _____ () C:\Users\carlo_000\AppData\Roaming\Dropbox\bin\PyQt5.QtPrintSupport.pyd
2017-04-20 20:13 - 2017-05-12 04:27 - 00060880 _____ () C:\Users\carlo_000\AppData\Roaming\Dropbox\bin\win32print.pyd
2017-04-20 20:13 - 2017-05-30 12:22 - 00054608 _____ () C:\Users\carlo_000\AppData\Roaming\Dropbox\bin\winrpcserver.compiled._RPCServer.pyd
2017-04-20 20:13 - 2017-05-30 12:22 - 00022864 _____ () C:\Users\carlo_000\AppData\Roaming\Dropbox\bin\winffi.user32.compiled._winffi_user32.pyd
2017-04-20 20:13 - 2017-05-30 12:22 - 00069968 _____ () C:\Users\carlo_000\AppData\Roaming\Dropbox\bin\windisplaytoast.compiled._DisplayToast.pyd
2017-04-20 20:13 - 2017-05-30 12:22 - 00022872 _____ () C:\Users\carlo_000\AppData\Roaming\Dropbox\bin\winffi.iphlpapi.compiled._winffi_iphlpapi.pyd
2017-04-20 20:13 - 2017-05-30 12:22 - 00021848 _____ () C:\Users\carlo_000\AppData\Roaming\Dropbox\bin\winffi.winerror.compiled._winffi_winerror.pyd
2017-04-20 20:13 - 2017-05-30 12:22 - 00022872 _____ () C:\Users\carlo_000\AppData\Roaming\Dropbox\bin\winffi.wininet.compiled._winffi_wininet.pyd
2017-04-20 20:13 - 2017-05-12 04:27 - 00349128 _____ () C:\Users\carlo_000\AppData\Roaming\Dropbox\bin\winxpgui.pyd
2017-05-31 22:18 - 2017-05-30 12:21 - 00103232 _____ () C:\Users\carlo_000\AppData\Roaming\Dropbox\bin\PyQt5.QtWinExtras.pyd
2017-04-20 20:13 - 2017-05-30 12:22 - 00023896 _____ () C:\Users\carlo_000\AppData\Roaming\Dropbox\bin\winverifysignature.compiled._VerifySignature.pyd
2017-05-31 22:18 - 2017-05-30 12:21 - 00025936 _____ () C:\Users\carlo_000\AppData\Roaming\Dropbox\bin\librsyncffi.compiled._librsyncffi.pyd
2017-05-31 22:18 - 2017-05-12 04:20 - 00036296 _____ () C:\Users\carlo_000\AppData\Roaming\Dropbox\bin\librsync.dll
2017-05-31 22:18 - 2017-05-30 12:21 - 00033112 _____ () C:\Users\carlo_000\AppData\Roaming\Dropbox\bin\enterprise_data.compiled._enterprise_data.pyd
2017-05-31 22:18 - 2017-03-27 23:21 - 00293392 _____ () C:\Users\carlo_000\AppData\Roaming\Dropbox\bin\EnterpriseDataAdapter.dll
2017-05-31 22:18 - 2017-05-30 12:21 - 00084288 _____ () C:\Users\carlo_000\AppData\Roaming\Dropbox\bin\dropbox_sqlite_ext.DLL
2017-04-20 20:13 - 2017-05-30 12:21 - 00030536 _____ () C:\Users\carlo_000\AppData\Roaming\Dropbox\bin\wind3d11.compiled._wind3d11.pyd
2017-05-31 22:18 - 2017-05-12 04:30 - 00017864 _____ () C:\Users\carlo_000\AppData\Roaming\Dropbox\bin\libEGL.dll
2017-05-31 22:18 - 2017-05-12 04:30 - 01631184 _____ () C:\Users\carlo_000\AppData\Roaming\Dropbox\bin\libGLESv2.dll
2017-04-20 20:13 - 2017-05-30 12:22 - 00026456 _____ () C:\Users\carlo_000\AppData\Roaming\Dropbox\bin\winffi.winhttp.compiled._winffi_winhttp.pyd
2017-04-20 20:13 - 2017-05-30 12:21 - 00023368 _____ () C:\Users\carlo_000\AppData\Roaming\Dropbox\bin\wincrashpad.compiled._Crashpad.pyd
2017-05-31 22:18 - 2017-05-30 12:21 - 00546104 _____ () C:\Users\carlo_000\AppData\Roaming\Dropbox\bin\PyQt5.QtQuick.pyd
2017-05-31 22:18 - 2017-05-30 12:21 - 00357688 _____ () C:\Users\carlo_000\AppData\Roaming\Dropbox\bin\PyQt5.QtQml.pyd
==================== Alternate Data Streams (Nicht auf der Ausnahmeliste) =========
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird nur der ADS entfernt.)
==================== Abgesicherter Modus (Nicht auf der Ausnahmeliste) ===================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Der Wert "AlternateShell" wird wiederhergestellt.)
==================== Verknüpfungen (Nicht auf der Ausnahmeliste) ===============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt.)
==================== Internet Explorer Vertrauenswürdig/Eingeschränkt ===============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt.)
IE restricted site: HKU\.DEFAULT\...\007guard.com -> install.007guard.com
IE restricted site: HKU\.DEFAULT\...\008i.com -> 008i.com
IE restricted site: HKU\.DEFAULT\...\008k.com -> www.008k.com
IE restricted site: HKU\.DEFAULT\...\00hq.com -> www.00hq.com
IE restricted site: HKU\.DEFAULT\...\010402.com -> 010402.com
IE restricted site: HKU\.DEFAULT\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\.DEFAULT\...\0scan.com -> www.0scan.com
IE restricted site: HKU\.DEFAULT\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\.DEFAULT\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\.DEFAULT\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\.DEFAULT\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\.DEFAULT\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\.DEFAULT\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\.DEFAULT\...\10sek.com -> www.10sek.com
IE restricted site: HKU\.DEFAULT\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\.DEFAULT\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\.DEFAULT\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\.DEFAULT\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\.DEFAULT\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\.DEFAULT\...\123simsen.com -> www.123simsen.com
Da befinden sich 7936 mehr Seiten.
IE restricted site: HKU\S-1-5-21-3180956992-2345008597-2405067262-1001\...\007guard.com -> install.007guard.com
IE restricted site: HKU\S-1-5-21-3180956992-2345008597-2405067262-1001\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-3180956992-2345008597-2405067262-1001\...\008k.com -> www.008k.com
IE restricted site: HKU\S-1-5-21-3180956992-2345008597-2405067262-1001\...\00hq.com -> www.00hq.com
IE restricted site: HKU\S-1-5-21-3180956992-2345008597-2405067262-1001\...\010402.com -> 010402.com
IE restricted site: HKU\S-1-5-21-3180956992-2345008597-2405067262-1001\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\S-1-5-21-3180956992-2345008597-2405067262-1001\...\0scan.com -> www.0scan.com
IE restricted site: HKU\S-1-5-21-3180956992-2345008597-2405067262-1001\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\S-1-5-21-3180956992-2345008597-2405067262-1001\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-3180956992-2345008597-2405067262-1001\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\S-1-5-21-3180956992-2345008597-2405067262-1001\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\S-1-5-21-3180956992-2345008597-2405067262-1001\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\S-1-5-21-3180956992-2345008597-2405067262-1001\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\S-1-5-21-3180956992-2345008597-2405067262-1001\...\10sek.com -> www.10sek.com
IE restricted site: HKU\S-1-5-21-3180956992-2345008597-2405067262-1001\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\S-1-5-21-3180956992-2345008597-2405067262-1001\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\S-1-5-21-3180956992-2345008597-2405067262-1001\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\S-1-5-21-3180956992-2345008597-2405067262-1001\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\S-1-5-21-3180956992-2345008597-2405067262-1001\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\S-1-5-21-3180956992-2345008597-2405067262-1001\...\123simsen.com -> www.123simsen.com
Da befinden sich 7936 mehr Seiten.
==================== Hosts Inhalt: ==========================
(Wenn benötigt kann der Hosts: Schalter in die Fixlist aufgenommen werden um die Hosts Datei zurückzusetzen.)
2013-08-22 15:25 - 2017-06-01 09:29 - 00454512 ____R C:\WINDOWS\system32\Drivers\etc\hosts
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.0scan.com
127.0.0.1 0scan.com
127.0.0.1 1000gratisproben.com
127.0.0.1 www.1000gratisproben.com
127.0.0.1 1001namen.com
127.0.0.1 www.1001namen.com
127.0.0.1 100888290cs.com
127.0.0.1 www.100888290cs.com
127.0.0.1 www.100sexlinks.com
127.0.0.1 100sexlinks.com
127.0.0.1 10sek.com
127.0.0.1 www.10sek.com
127.0.0.1 www.1-2005-search.com
127.0.0.1 1-2005-search.com
127.0.0.1 123fporn.info
127.0.0.1 www.123fporn.info
127.0.0.1 www.123haustiereundmehr.com
127.0.0.1 123haustiereundmehr.com
127.0.0.1 123moviedownload.com
127.0.0.1 www.123moviedownload.com
Da befinden sich 15598 zusätzliche Einträge.
==================== Andere Bereiche ============================
(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)
HKU\S-1-5-21-3180956992-2345008597-2405067262-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\carlo_000\AppData\Local\Packages\Microsoft.Windows.Photos_8wekyb3d8bbwe\LocalState\PhotosAppBackground\{0ca759fe-f2fd-473d-be6f-ac5f8a169556}.jpg
DNS Servers: 10.191.192.10
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall ist aktiviert.
==================== MSCONFIG/TASK MANAGER Deaktivierte Einträge ==
MSCONFIG\Services: AdobeARMservice => 2
MSCONFIG\Services: McNeelUpdate => 2
MSCONFIG\Services: SkypeUpdate => 2
MSCONFIG\Services: Steam Client Service => 3
MSCONFIG\Services: SwitchBoard => 3
MSCONFIG\Services: TeamViewer => 2
HKLM\...\StartupApproved\Run: => "AdobeAAMUpdater-1.0"
HKLM\...\StartupApproved\Run32: => "SwitchBoard"
HKLM\...\StartupApproved\Run32: => "Acrobat Assistant 8.0"
HKLM\...\StartupApproved\Run32: => "AdobeCS6ServiceManager"
HKLM\...\StartupApproved\Run32: => "Adobe ARM"
HKLM\...\StartupApproved\Run32: => "AdobeAAMUpdater-1.0"
HKLM\...\StartupApproved\Run32: => "Adobe Acrobat Speed Launcher"
HKLM\...\StartupApproved\Run32: => "EaseUS EPM tray"
HKU\S-1-5-21-3180956992-2345008597-2405067262-1001\...\StartupApproved\StartupFolder: => "An OneNote senden.lnk"
HKU\S-1-5-21-3180956992-2345008597-2405067262-1001\...\StartupApproved\Run: => "CCleaner Monitoring"
HKU\S-1-5-21-3180956992-2345008597-2405067262-1001\...\StartupApproved\Run: => "Steam"
HKU\S-1-5-21-3180956992-2345008597-2405067262-1001\...\StartupApproved\Run: => "AdobeBridge"
HKU\S-1-5-21-3180956992-2345008597-2405067262-1001\...\StartupApproved\Run: => "Akamai NetSession Interface"
HKU\S-1-5-21-3180956992-2345008597-2405067262-1001\...\StartupApproved\Run: => "Skype"
HKU\S-1-5-21-3180956992-2345008597-2405067262-1001\...\StartupApproved\Run: => "FlashPlayerUpdate"
HKU\S-1-5-21-3180956992-2345008597-2405067262-1001\...\StartupApproved\Run: => "OneDrive"
HKU\S-1-5-21-3180956992-2345008597-2405067262-1001\...\StartupApproved\Run: => "Uninstall C:\Users\carlo_000\AppData\Local\Microsoft\OneDrive\17.3.5892.0626\amd64"
HKU\S-1-5-21-3180956992-2345008597-2405067262-1001\...\StartupApproved\Run: => "Uninstall C:\Users\carlo_000\AppData\Local\Microsoft\OneDrive\17.3.5907.0716\amd64"
HKU\S-1-5-21-3180956992-2345008597-2405067262-1001\...\StartupApproved\Run: => "Uninstall C:\Users\carlo_000\AppData\Local\Microsoft\OneDrive\17.3.5930.0814\amd64"
HKU\S-1-5-21-3180956992-2345008597-2405067262-1001\...\StartupApproved\Run: => "Uninstall 17.3.6390.0509\amd64"
HKU\S-1-5-21-3180956992-2345008597-2405067262-1001\...\StartupApproved\Run: => "Uninstall 17.3.6390.0509"
==================== Firewall Regeln (Nicht auf der Ausnahmeliste) ===============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
FirewallRules: [UDP Query User{1E0837A1-8C37-49BD-86B3-9C7E19B2A22D}C:\program files\vectorworks 2017\vectorworks2017e.exe] => (Allow) C:\program files\vectorworks 2017\vectorworks2017e.exe
FirewallRules: [TCP Query User{F1CE8972-FFD9-4504-B7CC-292B50EB0D0D}C:\program files\vectorworks 2017\vectorworks2017e.exe] => (Allow) C:\program files\vectorworks 2017\vectorworks2017e.exe
FirewallRules: [{BFE1DB22-2A3F-4320-9F1B-A9C674F09E50}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Real Myst\realMYSTSetup.exe
FirewallRules: [{FE4EE6DC-2C81-4463-8ACC-77FF6E10A375}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Real Myst\realMYSTSetup.exe
FirewallRules: [{47516537-C3D7-4898-940D-FFB053E9BFC3}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Real Myst\RealMYST.exe
FirewallRules: [{7AB7F84B-EAD9-4450-A3BF-D466F78ABC4A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Real Myst\RealMYST.exe
FirewallRules: [{530C3FF4-58B6-4B62-8B14-F5A572A32356}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{4E3641EA-620F-43D4-A5C6-BB0B898711B6}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{DD836DDF-905A-40CD-980F-9D29CA88EBCB}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{9202A57D-4C63-4E8E-A20E-8C29BAA79234}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{C738F723-6E40-4896-B360-EC1399EEA9AA}] => (Allow) C:\Program Files\Andy\SetupFiles\AndyDoctor.exe
FirewallRules: [{4C384406-F342-4F60-9C50-551128F2D8A8}] => (Allow) C:\Program Files\Andy\SetupFiles\AndyDoctor.exe
FirewallRules: [{1CFCBDBC-D84F-412E-B3E3-A838ECD5C291}] => (Allow) C:\Program Files\Andy\SetupFiles\VMwareCheck.exe
FirewallRules: [{3ABE9A69-8A64-4F3E-8AA8-DF6B4A110A60}] => (Allow) C:\Program Files\Andy\SetupFiles\VMwareCheck.exe
FirewallRules: [{41B3E2A0-FCCB-4E69-AA98-39054DCBF03B}] => (Allow) C:\Program Files\Andy\SetupFiles\Uninstall.exe
FirewallRules: [{8F5DC34D-4F2A-4688-9304-A6E37A1FF259}] => (Allow) C:\Program Files\Andy\SetupFiles\Uninstall.exe
FirewallRules: [{07B522EF-8104-4187-AEFA-14A8A2CCB7CB}] => (Allow) C:\Program Files\Andy\HandyAndy.exe
FirewallRules: [{27B9E459-FDA6-4CE9-9659-72558C963A9E}] => (Allow) C:\Program Files\Andy\HandyAndy.exe
FirewallRules: [{8A70C97B-C06E-452B-B5A7-862A61973064}] => (Allow) C:\Program Files\Andy\AndyConsole.exe
FirewallRules: [{B93D9AB8-C5B8-4989-A166-22BBF6D5CD7C}] => (Allow) C:\Program Files\Andy\AndyConsole.exe
FirewallRules: [{29A89FB8-D487-44A1-BA78-E14DF218E84B}] => (Allow) C:\Program Files\Andy\andy.exe
FirewallRules: [{EF65903B-3A39-4AF3-B00C-781A0C8C462A}] => (Allow) C:\Program Files\Andy\andy.exe
FirewallRules: [UDP Query User{D809647B-08A8-4715-88B7-CA295E7A0468}C:\program files\vectorworks 2017\vectorworks2017e.exe] => (Allow) C:\program files\vectorworks 2017\vectorworks2017e.exe
FirewallRules: [TCP Query User{18D27766-CF49-43C8-B941-367FCEC1A7DC}C:\program files\vectorworks 2017\vectorworks2017e.exe] => (Allow) C:\program files\vectorworks 2017\vectorworks2017e.exe
FirewallRules: [{1668C256-681C-42EF-A902-5D679BA6DA79}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{767421DE-6F01-4665-9187-A0C14611AA0D}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{271AA9E8-2E6B-4A01-8DA5-1A977DE11D4C}] => (Allow) C:\Users\carlo_000\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [{86ED1924-AF82-494F-979F-F0FAC1274C07}] => (Allow) C:\Users\carlo_000\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [{B8082FA9-3BA4-4FF1-A62A-1603EEE8C2DD}] => (Allow) C:\Users\carlo_000\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [{A21A7588-F2D8-4924-A5E2-7EF5926AA9F9}] => (Allow) C:\Users\carlo_000\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [{192DBD8E-84F4-4513-9C33-783B0EE30F04}] => (Allow) C:\Users\carlo_000\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [{FE9B2D06-6DE4-4DAD-9F59-C4E35F8DCFB3}] => (Allow) C:\Users\carlo_000\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [UDP Query User{2CD1DB4A-1FB1-4B26-924F-1A310D9DA310}C:\windows\system32\dllhost.exe] => (Block) C:\windows\system32\dllhost.exe
FirewallRules: [TCP Query User{73052CFB-7182-4C6F-AEAD-2BE03249FF5C}C:\windows\system32\dllhost.exe] => (Block) C:\windows\system32\dllhost.exe
FirewallRules: [{DD2310CB-8442-472A-B765-A1F31DB1CED9}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\South Park - The Stick of Truth\South Park - The Stick of Truth.exe
FirewallRules: [{92E6E18E-32A8-4DE5-8D19-2E5C56CF5001}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\South Park - The Stick of Truth\South Park - The Stick of Truth.exe
FirewallRules: [{10901828-33F9-4844-AD96-BCEA3AD294C6}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{CCA4A0DF-1A63-430D-B4D7-13E60FC51A49}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{83891BD2-948D-4F76-8FC7-0EA88687DAA3}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{73BCC620-3CC9-4576-BFFB-9090C2104665}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{9F5D3261-C929-4ACD-A715-DC8E90E6C40F}] => (Allow) C:\Users\carlo_000\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{4B15B9B2-AE64-4BD2-8841-833DB6872424}] => (Allow) C:\Users\carlo_000\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{A93FA74D-77CE-44C3-8F52-D2BDC2752653}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{B57E9FB3-B675-4625-AD63-C65A99605ED6}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [TCP Query User{78B2CDF5-B070-46F7-9B89-35C09337DDCD}C:\users\carlo_000\appdata\local\akamai\netsession_win.exe] => (Allow) C:\users\carlo_000\appdata\local\akamai\netsession_win.exe
FirewallRules: [UDP Query User{3E134E41-12C4-455D-B726-58F40BC8CC76}C:\users\carlo_000\appdata\local\akamai\netsession_win.exe] => (Allow) C:\users\carlo_000\appdata\local\akamai\netsession_win.exe
FirewallRules: [TCP Query User{254FB0CC-D9EC-4A2E-B0B2-DEC087766EC4}C:\users\carlo_000\appdata\roaming\dropbox\bin\dropbox.exe] => (Allow) C:\users\carlo_000\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [UDP Query User{2A450B09-514C-4CCE-812C-685A6FE24A03}C:\users\carlo_000\appdata\roaming\dropbox\bin\dropbox.exe] => (Allow) C:\users\carlo_000\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [{336CBAC4-ACDF-4E01-93D9-4DACF18C4F30}] => (Allow) C:\Program Files\MAGIX\Video deluxe 2016 Premium\Videodeluxe.exe
FirewallRules: [{20B8CF06-6FF8-4673-9D21-D5AB7A65C5FE}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{7CDE7646-3C25-48D9-9CE5-A6696580A459}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{290DB86F-715B-4442-AB0A-3DD05D602A66}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [{D04675C1-4A2B-4913-AC9F-2AFB2C05DBF7}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [{79028490-933B-4B41-B7C3-0FC7BCE4F4E4}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\outlook.exe
FirewallRules: [{67D83CD3-3396-4E78-B8B4-06AACED6F0A9}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{8D0F6292-E5FF-478B-9EE6-A37651CACE29}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{32A3A657-2A14-42AC-8626-39D1AFF5C4BE}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{F0E2F773-B3F3-4538-9856-B3DC99AB32F6}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe] => Enabled:Spybot - Search & Destroy tray access
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe] => Enabled:Spybot-S&D 2 Scanner Service
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe] => Enabled:Spybot-S&D 2 Updater
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe] => Enabled:Spybot-S&D 2 Background update service
==================== Wiederherstellungspunkte =========================
ACHTUNG: Systemwiederherstellung ist deaktiviert
==================== Fehlerhafte Geräte im Gerätemanager =============
Name: Surface Cover Telemetry
Description: Surface Cover Telemetry
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: WUDFRd
Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
Resolution: Update the driver
==================== Fehlereinträge in der Ereignisanzeige: =========================
Applikationsfehler:
==================
Error: (06/01/2017 02:54:04 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: qtguiagent.exe, Version: 0.0.0.0, Zeitstempel: 0x5530b410
Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00000000
ID des fehlerhaften Prozesses: 0x9cc
Startzeit der fehlerhaften Anwendung: 0x01d2dad625fcc328
Pfad der fehlerhaften Anwendung: C:\Program Files\Vectorworks 2017\Renderworks\resource\libs\win32\qtguiagent.exe
Pfad des fehlerhaften Moduls: unknown
Berichtskennung: d5b05726-0b8b-4863-beac-8958c56a7190
Vollständiger Name des fehlerhaften Pakets:
Anwendungs-ID, die relativ zum fehlerhaften Paket ist:
Error: (06/01/2017 02:54:04 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: qtguiagent.exe, Version: 0.0.0.0, Zeitstempel: 0x5530b410
Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00000000
ID des fehlerhaften Prozesses: 0x9cc
Startzeit der fehlerhaften Anwendung: 0x01d2dad625fcc328
Pfad der fehlerhaften Anwendung: C:\Program Files\Vectorworks 2017\Renderworks\resource\libs\win32\qtguiagent.exe
Pfad des fehlerhaften Moduls: unknown
Berichtskennung: c8adde1a-9744-4393-a784-5aeb311681b8
Vollständiger Name des fehlerhaften Pakets:
Anwendungs-ID, die relativ zum fehlerhaften Paket ist:
Error: (06/01/2017 01:58:34 PM) (Source: CertEnroll) (EventID: 86) (User: NT-AUTORITÄT)
Description: Fehler bei der Initialisierung der SCEP-Zertifikatregistrierung für WORKGROUP\SURFACE-SUPERUS$ über https://IFX-KeyId-c2ef641c329cb0a9f2eae04bfb10c99b89c34614.microsoftaik.azure.net/templates/Aik/scep:
GetCACaps
Methode: GET(16ms)
Phase: GetCACaps
Der Servername oder die Serveradresse konnte nicht verarbeitet werden. 0x80072ee7 (WinHttp: 12007 ERROR_WINHTTP_NAME_NOT_RESOLVED)
Error: (06/01/2017 11:58:34 AM) (Source: CertEnroll) (EventID: 86) (User: NT-AUTORITÄT)
Description: Fehler bei der Initialisierung der SCEP-Zertifikatregistrierung für WORKGROUP\SURFACE-SUPERUS$ über https://IFX-KeyId-c2ef641c329cb0a9f2eae04bfb10c99b89c34614.microsoftaik.azure.net/templates/Aik/scep:
GetCACaps
Methode: GET(16ms)
Phase: GetCACaps
Der Servername oder die Serveradresse konnte nicht verarbeitet werden. 0x80072ee7 (WinHttp: 12007 ERROR_WINHTTP_NAME_NOT_RESOLVED)
Error: (06/01/2017 11:34:14 AM) (Source: CertEnroll) (EventID: 86) (User: NT-AUTORITÄT)
Description: Fehler bei der Initialisierung der SCEP-Zertifikatregistrierung für WORKGROUP\SURFACE-SUPERUS$ über https://IFX-KeyId-c2ef641c329cb0a9f2eae04bfb10c99b89c34614.microsoftaik.azure.net/templates/Aik/scep:
GetCACaps
Methode: GET(15ms)
Phase: GetCACaps
Der Servername oder die Serveradresse konnte nicht verarbeitet werden. 0x80072ee7 (WinHttp: 12007 ERROR_WINHTTP_NAME_NOT_RESOLVED)
Error: (06/01/2017 11:34:12 AM) (Source: CertEnroll) (EventID: 86) (User: NT-AUTORITÄT)
Description: Fehler bei der Initialisierung der SCEP-Zertifikatregistrierung für WORKGROUP\SURFACE-SUPERUS$ über https://IFX-KeyId-c2ef641c329cb0a9f2eae04bfb10c99b89c34614.microsoftaik.azure.net/templates/Aik/scep:
GetCACaps
Methode: GET(16ms)
Phase: GetCACaps
Der Servername oder die Serveradresse konnte nicht verarbeitet werden. 0x80072ee7 (WinHttp: 12007 ERROR_WINHTTP_NAME_NOT_RESOLVED)
Error: (06/01/2017 10:22:08 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: SURFACE-SUPERUS)
Description: Bei der Aktivierung der App „Microsoft.Windows.SecHealthUI_cw5n1h2txyewy!SecHealthUI“ ist folgender Fehler aufgetreten: -2144927149. Weitere Informationen finden Sie im Protokoll „Microsoft-Windows-TWinUI/Betriebsbereit“.
Error: (06/01/2017 10:19:20 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: SURFACE-SUPERUS)
Description: Bei der Aktivierung der App „Microsoft.Getstarted_8wekyb3d8bbwe!App“ ist folgender Fehler aufgetreten: -2144927149. Weitere Informationen finden Sie im Protokoll „Microsoft-Windows-TWinUI/Betriebsbereit“.
Error: (06/01/2017 10:16:09 AM) (Source: CertEnroll) (EventID: 86) (User: NT-AUTORITÄT)
Description: Fehler bei der Initialisierung der SCEP-Zertifikatregistrierung für WORKGROUP\SURFACE-SUPERUS$ über https://IFX-KeyId-c2ef641c329cb0a9f2eae04bfb10c99b89c34614.microsoftaik.azure.net/templates/Aik/scep:
GetCACaps
Methode: GET(0ms)
Phase: GetCACaps
Der Servername oder die Serveradresse konnte nicht verarbeitet werden. 0x80072ee7 (WinHttp: 12007 ERROR_WINHTTP_NAME_NOT_RESOLVED)
Error: (06/01/2017 10:16:06 AM) (Source: CertEnroll) (EventID: 86) (User: NT-AUTORITÄT)
Description: Fehler bei der Initialisierung der SCEP-Zertifikatregistrierung für WORKGROUP\SURFACE-SUPERUS$ über https://IFX-KeyId-c2ef641c329cb0a9f2eae04bfb10c99b89c34614.microsoftaik.azure.net/templates/Aik/scep:
GetCACaps
Methode: GET(15ms)
Phase: GetCACaps
Der Servername oder die Serveradresse konnte nicht verarbeitet werden. 0x80072ee7 (WinHttp: 12007 ERROR_WINHTTP_NAME_NOT_RESOLVED)
Systemfehler:
=============
Error: (06/01/2017 11:59:06 AM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT)
Description: Durch die Berechtigungseinstellungen für "Anwendungsspezifisch" wird dem Benutzer "NT-AUTORITÄT\Lokaler Dienst" (SID: S-1-5-19) unter der Adresse "LocalHost (unter Verwendung von LRPC)" keine Berechtigung vom Typ "Lokal Aktivierung" für die COM-Serveranwendung mit der CLSID
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
und der APPID
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
im Anwendungscontainer "Nicht verfügbar" (SID: Nicht verfügbar) gewährt. Die Sicherheitsberechtigung kann mit dem Verwaltungstool für Komponentendienste geändert werden.
Error: (06/01/2017 11:59:06 AM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT)
Description: Durch die Berechtigungseinstellungen für "Anwendungsspezifisch" wird dem Benutzer "NT-AUTORITÄT\Lokaler Dienst" (SID: S-1-5-19) unter der Adresse "LocalHost (unter Verwendung von LRPC)" keine Berechtigung vom Typ "Lokal Aktivierung" für die COM-Serveranwendung mit der CLSID
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
und der APPID
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
im Anwendungscontainer "Nicht verfügbar" (SID: Nicht verfügbar) gewährt. Die Sicherheitsberechtigung kann mit dem Verwaltungstool für Komponentendienste geändert werden.
Error: (06/01/2017 11:58:28 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "SDWSCService" wurde aufgrund folgenden Fehlers nicht gestartet:
Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
Error: (06/01/2017 11:58:26 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "CldFlt" wurde aufgrund folgenden Fehlers nicht gestartet:
Die Anforderung wird nicht unterstützt.
Error: (06/01/2017 11:34:35 AM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT)
Description: Durch die Berechtigungseinstellungen für "Anwendungsspezifisch" wird dem Benutzer "NT-AUTORITÄT\Lokaler Dienst" (SID: S-1-5-19) unter der Adresse "LocalHost (unter Verwendung von LRPC)" keine Berechtigung vom Typ "Lokal Aktivierung" für die COM-Serveranwendung mit der CLSID
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
und der APPID
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
im Anwendungscontainer "Nicht verfügbar" (SID: Nicht verfügbar) gewährt. Die Sicherheitsberechtigung kann mit dem Verwaltungstool für Komponentendienste geändert werden.
Error: (06/01/2017 11:34:35 AM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT)
Description: Durch die Berechtigungseinstellungen für "Anwendungsspezifisch" wird dem Benutzer "NT-AUTORITÄT\Lokaler Dienst" (SID: S-1-5-19) unter der Adresse "LocalHost (unter Verwendung von LRPC)" keine Berechtigung vom Typ "Lokal Aktivierung" für die COM-Serveranwendung mit der CLSID
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
und der APPID
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
im Anwendungscontainer "Nicht verfügbar" (SID: Nicht verfügbar) gewährt. Die Sicherheitsberechtigung kann mit dem Verwaltungstool für Komponentendienste geändert werden.
Error: (06/01/2017 11:34:06 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "SDWSCService" wurde aufgrund folgenden Fehlers nicht gestartet:
Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
Error: (06/01/2017 11:34:04 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "CldFlt" wurde aufgrund folgenden Fehlers nicht gestartet:
Die Anforderung wird nicht unterstützt.
Error: (06/01/2017 11:33:47 AM) (Source: DCOM) (EventID: 10005) (User: NT-AUTORITÄT)
Description: Fehler "1084" in DCOM, als der Dienst "dps" mit den Argumenten "Nicht verfügbar" gestartet wurde, um den folgenden Server zu verwenden:
{DDCFD26B-FEED-44CD-B71D-79487D2E5E5A}
Error: (06/01/2017 11:33:47 AM) (Source: DCOM) (EventID: 10005) (User: NT-AUTORITÄT)
Description: Fehler "1084" in DCOM, als der Dienst "dps" mit den Argumenten "Nicht verfügbar" gestartet wurde, um den folgenden Server zu verwenden:
{DDCFD26B-FEED-44CD-B71D-79487D2E5E5A}
CodeIntegrity:
===================================
Date: 2017-06-01 15:20:02.277
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2017-06-01 15:20:02.275
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2017-06-01 15:20:02.258
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2017-06-01 15:20:02.256
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2017-06-01 15:19:25.638
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2017-06-01 15:19:25.635
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2017-06-01 15:19:25.575
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2017-06-01 15:19:25.569
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2017-06-01 14:36:56.805
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2017-06-01 14:36:56.802
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
==================== Speicherinformationen ===========================
Prozessor: Intel(R) Core(TM) i5-4300U CPU @ 1.90GHz
Prozentuale Nutzung des RAM: 41%
Installierter physikalischer RAM: 8097.07 MB
Verfügbarer physikalischer RAM: 4723.13 MB
Summe virtueller Speicher: 9377.07 MB
Verfügbarer virtueller Speicher: 5548.96 MB
==================== Laufwerke ================================
Drive c: (Windows) (Fixed) (Total:232 GB) (Free:33.54 GB) NTFS
==================== MBR & Partitionstabelle ==================
========================================================
Disk: 0 (Size: 238.5 GB) (Disk ID: D6D1CA06)
Partition: GPT.
==================== Ende von Addition.txt ============================
Weiss jemand was? |
FRST 32-Bit | FRST 64-Bit
Lesestoff: