| |
| |||||||
Log-Analyse und Auswertung: Word-Anhang Büromarkt Boettcher in Vorschau geöffnet, ESET meldet JS/Astromenda.A u.a.Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML |
 |
04.02.2016, 15:54
| #1 |
 |  Word-Anhang Büromarkt Boettcher in Vorschau geöffnet, ESET meldet JS/Astromenda.A u.a. Hallo, jetzt hat es mich wohl auch erwischt: vorgestern bekam ich eine Email mit Word-Anhang mit einer angeblichen Rechnung von Büromarkt Böttcher. Ich habe sie nach Rechtsklickscan, der kein Ergebnis brachte in der Email-Vorschau von Outlook geöffnet. Die Email habe ich mittlerweile auf iPhone und Computer gelöscht, die Datei habe ich noch auf dem Desktop. Ein Scan mit virustotal brachte auch kein Ergebnis. Scan des Computers mit ESET brachte leider einige Ergebnisse: JS/Astromenda.A und andere, Scan läuft gerade noch. Malwarebytes: kein Ergebnis Ich hoffe, das krieg ich wieder hin ... Danke im Voraus Stephanie Code:
ATTFilter Untersuchungsergebnis von Farbar Recovery Scan Tool (FRST) (x64) Version:27-01-2016 durchgeführt von Stephanie (Administrator) auf STEPHANIE-PC (04-02-2016 15:03:39) Gestartet von C:\Users\Stephanie\Downloads Geladene Profile: Stephanie (Verfügbare Profile: Stephanie & Gast) Platform: Windows 7 Professional Service Pack 1 (X64) Sprache: Deutsch (Deutschland) Internet Explorer Version 11 (Standard-Browser: FF) Start-Modus: Normal Anleitung für Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Prozesse (Nicht auf der Ausnahmeliste) ================= (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Prozess geschlossen. Die Datei wird nicht verschoben.) (AMD) C:\Windows\System32\atiesrxx.exe (Sophos Limited) C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SavService.exe (AMD) C:\Windows\System32\atieclxx.exe (Cisco Systems, Inc.) C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe (Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe (Box, Inc.) C:\Program Files (x86)\Box\Box for Office\UpgradeService.exe (Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe () C:\Program Files (x86)\Synology\CloudStation\bin\vss-service-x64.exe (Cisco Systems, Inc.) C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe (Malwarebytes) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Microsoft Online Services\MSOIDSVC.EXE (Microsoft Corporation) C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe (Microsoft Corporation) C:\Program Files (x86)\Microsoft SQL Server\MSSQL10.SERVEREXP2008\MSSQL\Binn\sqlservr.exe (Sophos Limited) C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SAVAdminService.exe (Sophos Limited) C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Control\swc_service.exe (Microsoft Corporation) C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe (Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe (Sophos Limited) C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe () C:\Program Files (x86)\Synology Data Replicator 3\SynoDrServicex64.exe () C:\Program Files (x86)\Synology\Assistant\UsbClientService.exe (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Microsoft Online Services\MSOIDSVCM.EXE (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE (Apple Inc.) C:\Program Files\Boot Camp\Bootcamp.exe (Microsoft Corporation) C:\Program Files\Microsoft IntelliPoint\ipoint.exe (Microsoft Corporation) C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe (Box, Inc.) C:\Program Files\Box\Box Sync\BoxSync.exe (Logitech, Inc.) C:\Program Files\Logitech\SetPointP\SetPoint.exe (Spotify Ltd) C:\Users\Stephanie\AppData\Roaming\Spotify\SpotifyWebHelper.exe (Flux Software LLC) C:\Users\Stephanie\AppData\Local\FluxSoftware\Flux\flux.exe (Logitech, Inc.) C:\Program Files\Common Files\Logishrd\KHAL3\KHALMNPR.exe (Fieldston Software) C:\Program Files (x86)\Fieldston Software\gSyncit\gsyncit.exe (Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Marketsplash by HP\HPLocalWebPrintAgent.exe (Secunia) C:\Program Files (x86)\Secunia\PSI\psi_tray.exe (Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTEM.EXE (Adobe Systems Inc.) C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\acrotray.exe (Cisco Systems, Inc.) C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe (Sophos Limited) C:\Program Files (x86)\Sophos\AutoUpdate\ALMon.exe (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (Sophos Limited) C:\Program Files (x86)\Sophos\AutoUpdate\ALsvc.exe (Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe (Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTStackServer.exe (Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesCommonX86\Microsoft Shared\OFFICE16\CSISYNCCLIENT.EXE (Synology Inc.) C:\Users\Stephanie\AppData\Local\CloudStation\CloudStation.app\bin\cloud-drive-ui.exe (Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSYNC.EXE (Synology Inc.) C:\Users\Stephanie\AppData\Local\CloudStation\CloudStation.app\bin\cloud-drive-connect.exe () C:\Program Files\Box\Box Sync\BoxSyncMonitor.exe (Synology Inc.) C:\Users\Stephanie\AppData\Local\CloudStation\CloudStation.app\bin\cloud-drive-daemon.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Microsoft Corporation) C:\Windows\System32\prevhost.exe (Malwarebytes) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe ==================== Registry (Nicht auf der Ausnahmeliste) =========================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt. Die Datei wird nicht verschoben.) HKLM\...\Run: [Apple_KbdMgr] => C:\Program Files\Boot Camp\Bootcamp.exe [741760 2011-06-29] (Apple Inc.) HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch HKLM\...\Run: [Fences] => C:\Program Files (x86)\Stardock\Fences\Fences.exe [4031152 2013-11-26] (Stardock Corporation) HKLM\...\Run: [IntelliPoint] => c:\Program Files\Microsoft IntelliPoint\ipoint.exe [2417032 2011-08-01] (Microsoft Corporation) HKLM\...\Run: [BoxSync] => C:\Program Files\Box\Box Sync\BoxSync.exe [6010024 2016-01-11] (Box, Inc.) HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [558496 2014-02-27] (Adobe Systems Incorporated) HKLM\...\Run: [EvtMgr6] => C:\Program Files\Logitech\SetPointP\SetPoint.exe [3113592 2015-08-26] (Logitech, Inc.) HKLM-x32\...\Run: [] => [X] HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Acrotray.exe [3498720 2015-12-17] (Adobe Systems Inc.) HKLM-x32\...\Run: [Cisco AnyConnect Secure Mobility Agent for Windows] => C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe [708496 2015-09-23] (Cisco Systems, Inc.) HKLM-x32\...\Run: [Sophos AutoUpdate Monitor] => C:\Program Files (x86)\Sophos\AutoUpdate\almon.exe [1592104 2015-08-12] (Sophos Limited) HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1085656 2015-12-13] (Adobe Systems Incorporated) HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [596528 2015-12-22] (Oracle Corporation) Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation) Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.) HKU\S-1-5-21-1165394420-3520031323-336608003-1000\...\Run: [Spotify Web Helper] => C:\Users\Stephanie\AppData\Roaming\Spotify\SpotifyWebHelper.exe [2030912 2015-10-29] (Spotify Ltd) HKU\S-1-5-21-1165394420-3520031323-336608003-1000\...\Run: [f.lux] => C:\Users\Stephanie\AppData\Local\FluxSoftware\Flux\flux.exe [1017224 2013-10-23] (Flux Software LLC) HKU\S-1-5-21-1165394420-3520031323-336608003-1000\...\Run: [MsgCenterExe] => "c:\program files (x86)\real\realplayer\update\RealOneMessageCenter.exe" -osboot HKU\S-1-5-21-1165394420-3520031323-336608003-1000\...\Run: [Dropbox Update] => C:\Users\Stephanie\AppData\Local\Dropbox\Update\DropboxUpdate.exe [134512 2015-06-14] (Dropbox, Inc.) HKU\S-1-5-21-1165394420-3520031323-336608003-1000\...\Run: [gSyncit] => C:\Program Files (x86)\Fieldston Software\gSyncit\gsyncit.exe [228352 2015-12-18] (Fieldston Software) HKU\S-1-5-21-1165394420-3520031323-336608003-1000\...\RunOnce: [Uninstall C:\Users\Stephanie\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64] => C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Stephanie\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64" HKU\S-1-5-21-1165394420-3520031323-336608003-1000\...\RunOnce: [Uninstall C:\Users\Stephanie\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112\amd64] => C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Stephanie\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112\amd64" HKU\S-1-5-21-1165394420-3520031323-336608003-1000\...\RunOnce: [Uninstall C:\Users\Stephanie\AppData\Local\Microsoft\SkyDrive\17.0.2006.0314\amd64] => C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Stephanie\AppData\Local\Microsoft\SkyDrive\17.0.2006.0314\amd64" HKU\S-1-5-21-1165394420-3520031323-336608003-1000\...\RunOnce: [Uninstall C:\Users\Stephanie\AppData\Local\Microsoft\SkyDrive\17.0.2010.0530\amd64] => C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Stephanie\AppData\Local\Microsoft\SkyDrive\17.0.2010.0530\amd64" HKU\S-1-5-21-1165394420-3520031323-336608003-1000\...\RunOnce: [Uninstall C:\Users\Stephanie\AppData\Local\Microsoft\SkyDrive\17.0.2011.0627\amd64] => C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Stephanie\AppData\Local\Microsoft\SkyDrive\17.0.2011.0627\amd64" HKU\S-1-5-21-1165394420-3520031323-336608003-1000\...\RunOnce: [Uninstall C:\Users\Stephanie\AppData\Local\Microsoft\SkyDrive\17.0.2015.0811\amd64] => C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Stephanie\AppData\Local\Microsoft\SkyDrive\17.0.2015.0811\amd64" HKU\S-1-5-21-1165394420-3520031323-336608003-1000\...\RunOnce: [Uninstall C:\Users\Stephanie\AppData\Local\Microsoft\SkyDrive\17.0.4029.0217\amd64] => C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Stephanie\AppData\Local\Microsoft\SkyDrive\17.0.4029.0217\amd64" HKU\S-1-5-21-1165394420-3520031323-336608003-1000\...\RunOnce: [Uninstall C:\Users\Stephanie\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\amd64] => C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Stephanie\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\amd64" HKU\S-1-5-21-1165394420-3520031323-336608003-1000\...\RunOnce: [Uninstall C:\Users\Stephanie\AppData\Local\Microsoft\SkyDrive\17.0.4041.0512_2\amd64] => C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Stephanie\AppData\Local\Microsoft\SkyDrive\17.0.4041.0512_2\amd64" HKU\S-1-5-21-1165394420-3520031323-336608003-1000\...\RunOnce: [Uninstall C:\Users\Stephanie\AppData\Local\Microsoft\SkyDrive\17.3.1165.0612\amd64] => C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Stephanie\AppData\Local\Microsoft\SkyDrive\17.3.1165.0612\amd64" HKU\S-1-5-21-1165394420-3520031323-336608003-1000\...\RunOnce: [Uninstall C:\Users\Stephanie\AppData\Local\Microsoft\SkyDrive\17.3.1166.0618\amd64] => C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Stephanie\AppData\Local\Microsoft\SkyDrive\17.3.1166.0618\amd64" HKU\S-1-5-21-1165394420-3520031323-336608003-1000\...\RunOnce: [Uninstall C:\Users\Stephanie\AppData\Local\Microsoft\SkyDrive\17.3.1171.0714\amd64] => C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Stephanie\AppData\Local\Microsoft\SkyDrive\17.3.1171.0714\amd64" HKU\S-1-5-21-1165394420-3520031323-336608003-1000\...\RunOnce: [Uninstall C:\Users\Stephanie\AppData\Local\Microsoft\OneDrive\17.3.4713.0209\amd64] => C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Stephanie\AppData\Local\Microsoft\OneDrive\17.3.4713.0209\amd64" HKU\S-1-5-21-1165394420-3520031323-336608003-1000\...\RunOnce: [Uninstall C:\Users\Stephanie\AppData\Local\Microsoft\OneDrive\17.3.4724.0224\amd64] => C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Stephanie\AppData\Local\Microsoft\OneDrive\17.3.4724.0224\amd64" HKU\S-1-5-21-1165394420-3520031323-336608003-1000\...\RunOnce: [Uninstall C:\Users\Stephanie\AppData\Local\Microsoft\OneDrive\17.3.4726.0226\amd64] => C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Stephanie\AppData\Local\Microsoft\OneDrive\17.3.4726.0226\amd64" HKU\S-1-5-21-1165394420-3520031323-336608003-1000\...\RunOnce: [Uninstall C:\Users\Stephanie\AppData\Local\Microsoft\OneDrive\17.3.5849.0427\amd64] => C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Stephanie\AppData\Local\Microsoft\OneDrive\17.3.5849.0427\amd64" HKU\S-1-5-21-1165394420-3520031323-336608003-1000\...\RunOnce: [Uninstall C:\Users\Stephanie\AppData\Local\Microsoft\OneDrive\17.3.5860.0512\amd64] => C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Stephanie\AppData\Local\Microsoft\OneDrive\17.3.5860.0512\amd64" HKU\S-1-5-21-1165394420-3520031323-336608003-1000\...\RunOnce: [Uninstall C:\Users\Stephanie\AppData\Local\Microsoft\OneDrive\17.3.5907.0716\amd64] => C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Stephanie\AppData\Local\Microsoft\OneDrive\17.3.5907.0716\amd64" HKU\S-1-5-21-1165394420-3520031323-336608003-1000\...\RunOnce: [Uninstall C:\Users\Stephanie\AppData\Local\Microsoft\OneDrive\17.3.5930.0814\amd64] => C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Stephanie\AppData\Local\Microsoft\OneDrive\17.3.5930.0814\amd64" HKU\S-1-5-21-1165394420-3520031323-336608003-1000\...\RunOnce: [Uninstall C:\Users\Stephanie\AppData\Local\Microsoft\OneDrive\17.3.5951.0827\amd64] => C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Stephanie\AppData\Local\Microsoft\OneDrive\17.3.5951.0827\amd64" HKU\S-1-5-21-1165394420-3520031323-336608003-1000\...\RunOnce: [Uninstall C:\Users\Stephanie\AppData\Local\Microsoft\OneDrive\17.3.6201.1019\amd64] => C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Stephanie\AppData\Local\Microsoft\OneDrive\17.3.6201.1019\amd64" HKU\S-1-5-21-1165394420-3520031323-336608003-1000\...\MountPoints2: H - H:\LaunchU3.exe -a HKU\S-1-5-21-1165394420-3520031323-336608003-1000\...\MountPoints2: {14d99ca1-e99a-11e0-97eb-806e6f6e6963} - F:\SETUP.EXE HKU\S-1-5-21-1165394420-3520031323-336608003-1000\...\MountPoints2: {a64a5b49-255a-11e1-8a52-040cce23d297} - H:\LaunchU3.exe -a HKU\S-1-5-18\...\Run: [Copy] => C:\Users\Stephanie\AppData\Roaming\Copy\CopyAgent.exe [15410832 2015-04-14] (Barracuda Networks, Inc.) AppInit_DLLs: C:\PROGRA~2\Sophos\SOPHOS~1\SOPHOS~2.DLL => C:\Program Files (x86)\Sophos\Sophos Anti-Virus\sophos_detoured_x64.dll [217672 2015-01-14] (Sophos Limited) AppInit_DLLs-x32: C:\PROGRA~2\Sophos\SOPHOS~1\SOPHOS~1.DLL => C:\Program Files (x86)\Sophos\Sophos Anti-Virus\sophos_detoured.dll [275352 2015-01-14] (Sophos Limited) Lsa: [Notification Packages] scecli C:\Program Files\WIDCOMM\Bluetooth Software\BtwProximityCP.dll ShellIconOverlayIdentifiers: [ BoxSyncFileLocked] -> {2a607da5-abe8-358e-a881-c0f5faf2d3a5} => C:\Windows\system32\mscoree.dll [2010-11-05] (Microsoft Corporation) ShellIconOverlayIdentifiers: [ BoxSyncFileLockedByOther] -> {f7d2951f-0b6b-346c-99ec-69cffc30a364} => C:\Windows\system32\mscoree.dll [2010-11-05] (Microsoft Corporation) ShellIconOverlayIdentifiers: [ BoxSyncNotSynced] -> {5ea95e3d-3e46-3812-b03c-49785fa67d41} => C:\Windows\system32\mscoree.dll [2010-11-05] (Microsoft Corporation) ShellIconOverlayIdentifiers: [ BoxSyncProblem] -> {a88b7184-bfa1-3d14-8efb-2225df9699bc} => C:\Windows\system32\mscoree.dll [2010-11-05] (Microsoft Corporation) ShellIconOverlayIdentifiers: [ BoxSyncSynced] -> {c89f9943-8f58-3eca-bd55-a658f53b2f48} => C:\Windows\system32\mscoree.dll [2010-11-05] (Microsoft Corporation) ShellIconOverlayIdentifiers: [ 01UnsuppModule] -> {AEB16659-2125-4ADA-A4AB-45EE21E86469} => C:\Users\Stephanie\AppData\Local\CloudStation\CloudStation.app\icon-overlay\14\x64\iconOverlay.dll [2015-11-17] (TODO: <Company name>) ShellIconOverlayIdentifiers: [ 02SyncingModule] -> {48AB5ADA-36B1-4137-99C9-2BD97F8788AB} => C:\Users\Stephanie\AppData\Local\CloudStation\CloudStation.app\icon-overlay\14\x64\iconOverlay.dll [2015-11-17] (TODO: <Company name>) ShellIconOverlayIdentifiers: [ 03SyncedModule] -> {472CE1AD-5D53-4BCF-A1FB-3982A5F55138} => C:\Users\Stephanie\AppData\Local\CloudStation\CloudStation.app\icon-overlay\14\x64\iconOverlay.dll [2015-11-17] (TODO: <Company name>) ShellIconOverlayIdentifiers: [ 04ReadOnlyModule] -> {A433C3E0-8B24-40EB-93C3-4B10D9959F58} => C:\Users\Stephanie\AppData\Local\CloudStation\CloudStation.app\icon-overlay\14\x64\iconOverlay.dll [2015-11-17] (TODO: <Company name>) ShellIconOverlayIdentifiers: [ 05NoPermModule] -> {C701AD67-3DF0-47C9-89CB-DFA6207BE229} => C:\Users\Stephanie\AppData\Local\CloudStation\CloudStation.app\icon-overlay\14\x64\iconOverlay.dll [2015-11-17] (TODO: <Company name>) ShellIconOverlayIdentifiers: [ GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-01-15] (Google) ShellIconOverlayIdentifiers: [ GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-01-15] (Google) ShellIconOverlayIdentifiers: [ GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-01-15] (Google) ShellIconOverlayIdentifiers: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Stephanie\AppData\Roaming\Dropbox\bin\DropboxExt64.31.dll [2016-01-20] (Dropbox, Inc.) ShellIconOverlayIdentifiers: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Stephanie\AppData\Roaming\Dropbox\bin\DropboxExt64.31.dll [2016-01-20] (Dropbox, Inc.) ShellIconOverlayIdentifiers: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Stephanie\AppData\Roaming\Dropbox\bin\DropboxExt64.31.dll [2016-01-20] (Dropbox, Inc.) ShellIconOverlayIdentifiers: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Stephanie\AppData\Roaming\Dropbox\bin\DropboxExt64.31.dll [2016-01-20] (Dropbox, Inc.) ShellIconOverlayIdentifiers: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Stephanie\AppData\Roaming\Dropbox\bin\DropboxExt64.31.dll [2016-01-20] (Dropbox, Inc.) ShellIconOverlayIdentifiers: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Stephanie\AppData\Roaming\Dropbox\bin\DropboxExt64.31.dll [2016-01-20] (Dropbox, Inc.) ShellIconOverlayIdentifiers: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Stephanie\AppData\Roaming\Dropbox\bin\DropboxExt64.31.dll [2016-01-20] (Dropbox, Inc.) ShellIconOverlayIdentifiers: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Stephanie\AppData\Roaming\Dropbox\bin\DropboxExt64.31.dll [2016-01-20] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [1aCopyShExtError] -> {83BEA36E-7680-4598-A4DF-994426F6E78D} => C:\Users\Stephanie\AppData\Roaming\Copy\overlay\CopyShExt.dll [2015-01-20] (Barracuda Networks, Inc.) ShellIconOverlayIdentifiers: [2aCopyShExtSynced] -> {845B7388-6F85-4F32-9FD5-F02DC7882B89} => C:\Users\Stephanie\AppData\Roaming\Copy\overlay\CopyShExt.dll [2015-01-20] (Barracuda Networks, Inc.) ShellIconOverlayIdentifiers: [3aCopyShExtSyncing] -> {F6378A7A-F753-449B-AE1B-997A96132E61} => C:\Users\Stephanie\AppData\Roaming\Copy\overlay\CopyShExt.dll [2015-01-20] (Barracuda Networks, Inc.) ShellIconOverlayIdentifiers: [4aCopyShExtSyncingProg1] -> {3A511828-777D-46F8-82F4-5B530C1B3D9E} => C:\Users\Stephanie\AppData\Roaming\Copy\overlay\CopyShExt.dll [2015-01-20] (Barracuda Networks, Inc.) ShellIconOverlayIdentifiers: [5aCopyShExtSyncingProg2] -> {C8C88204-5B14-40EC-BA72-8AEBC762047E} => C:\Users\Stephanie\AppData\Roaming\Copy\overlay\CopyShExt.dll [2015-01-20] (Barracuda Networks, Inc.) ShellIconOverlayIdentifiers: [6aCopyShExtSyncingProg3] -> {ACFF45C3-3EEB-4351-86C2-6696BA264239} => C:\Users\Stephanie\AppData\Roaming\Copy\overlay\CopyShExt.dll [2015-01-20] (Barracuda Networks, Inc.) ShellIconOverlayIdentifiers: [7aCopyShExtSyncingProg4] -> {29AF997F-488B-46F0-AE78-7146F1B89CC3} => C:\Users\Stephanie\AppData\Roaming\Copy\overlay\CopyShExt.dll [2015-01-20] (Barracuda Networks, Inc.) ShellIconOverlayIdentifiers: [8aCopyShExtSyncingProg5] -> {03F9AD29-1C78-4B66-8890-B177B5430C53} => C:\Users\Stephanie\AppData\Roaming\Copy\overlay\CopyShExt.dll [2015-01-20] (Barracuda Networks, Inc.) ShellIconOverlayIdentifiers: [GDriveSharedOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43} => Keine Datei ShellIconOverlayIdentifiers-x32: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Stephanie\AppData\Roaming\Dropbox\bin\DropboxExt.31.dll [2016-01-20] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Stephanie\AppData\Roaming\Dropbox\bin\DropboxExt.31.dll [2016-01-20] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Stephanie\AppData\Roaming\Dropbox\bin\DropboxExt.31.dll [2016-01-20] (Dropbox, Inc.) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk [2014-10-06] ShortcutTarget: Bluetooth.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Marketsplash Drucksoftware.lnk [2015-03-29] ShortcutTarget: Marketsplash Drucksoftware.lnk -> C:\Program Files (x86)\Hewlett-Packard\Marketsplash by HP\HPLocalWebPrintAgent.exe (Hewlett-Packard Company) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Secunia PSI Tray.lnk [2015-11-17] ShortcutTarget: Secunia PSI Tray.lnk -> C:\Program Files (x86)\Secunia\PSI\psi_tray.exe (Secunia) Startup: C:\Users\Stephanie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\An OneNote senden.lnk [2016-02-04] ShortcutTarget: An OneNote senden.lnk -> C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTEM.EXE (Microsoft Corporation) Startup: C:\Users\Stephanie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Synology Cloud Station Drive.lnk [2016-02-04] ShortcutTarget: Synology Cloud Station Drive.lnk -> C:\Program Files (x86)\Synology\CloudStation\bin\launcher.exe (Synology Inc.) BootExecute: autocheck autochk /p \??\I:autocheck autochk * GroupPolicyScripts: Beschränkung <======= ACHTUNG ==================== Internet (Nicht auf der Ausnahmeliste) ==================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Eintrag entfernt oder auf den Standardwert zurückgesetzt, wenn es sich um einen Registryeintrag handelt.) Winsock: Catalog9 01 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [126760 2015-05-13] (Sophos Limited) Winsock: Catalog9 02 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [126760 2015-05-13] (Sophos Limited) Winsock: Catalog9 03 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [126760 2015-05-13] (Sophos Limited) Winsock: Catalog9 04 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [126760 2015-05-13] (Sophos Limited) Winsock: Catalog9 05 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [126760 2015-05-13] (Sophos Limited) Winsock: Catalog9 06 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [126760 2015-05-13] (Sophos Limited) Winsock: Catalog9 07 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [126760 2015-05-13] (Sophos Limited) Winsock: Catalog9 08 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [126760 2015-05-13] (Sophos Limited) Winsock: Catalog9 19 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [126760 2015-05-13] (Sophos Limited) Winsock: Catalog9-x64 01 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll [173864 2015-05-13] (Sophos Limited) Winsock: Catalog9-x64 02 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll [173864 2015-05-13] (Sophos Limited) Winsock: Catalog9-x64 03 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll [173864 2015-05-13] (Sophos Limited) Winsock: Catalog9-x64 04 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll [173864 2015-05-13] (Sophos Limited) Winsock: Catalog9-x64 05 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll [173864 2015-05-13] (Sophos Limited) Winsock: Catalog9-x64 06 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll [173864 2015-05-13] (Sophos Limited) Winsock: Catalog9-x64 07 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll [173864 2015-05-13] (Sophos Limited) Winsock: Catalog9-x64 08 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll [173864 2015-05-13] (Sophos Limited) Winsock: Catalog9-x64 19 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll [173864 2015-05-13] (Sophos Limited) Tcpip\Parameters: [DhcpNameServer] 192.168.178.1 Tcpip\..\Interfaces\{3F2B7EB5-8E99-430E-8694-0DB3092C75E6}: [DhcpNameServer] 192.168.178.1 Tcpip\..\Interfaces\{E1E502E5-BEBB-4C72-B240-AAAF659DFE1B}: [DhcpNameServer] 172.20.10.1 Tcpip\..\Interfaces\{EBF970A9-7A14-4FCD-86D9-7378779F0C77}: [DhcpNameServer] 192.168.178.1 Internet Explorer: ================== HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:newtab HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com HKU\S-1-5-21-1165394420-3520031323-336608003-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/ HKU\S-1-5-21-1165394420-3520031323-336608003-1000\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com/ie HKU\S-1-5-21-1165394420-3520031323-336608003-1000\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com/ie SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKLM-x32 -> DefaultScope Wert fehlt SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-21-1165394420-3520031323-336608003-1000 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.google.com/search?q={sear BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2016-01-19] (Microsoft Corporation) BHO: Citavi Picker -> {609D670F-B735-4da7-AC6D-F3BD358E325E} -> C:\Windows\system32\mscoree.dll [2010-11-05] (Microsoft Corporation) BHO: RoboForm Toolbar Helper -> {724d43a9-0d85-11d4-9908-00400523e39a} -> C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dll [2013-10-04] (Siber Systems Inc.) BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.) BHO: Password Depot 7 -> {9F79B165-70F7-4C46-B1A5-8828E2FF21F9} -> C:\Program Files (x86)\AceBIT\Password Depot 7\pdIEAddOn64.dll [2014-06-27] (AceBIT) BHO: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll [2015-12-17] (Adobe Systems Incorporated) BHO: Logitech SetPoint -> {AF949550-9094-4807-95EC-D1C317803333} -> C:\Program Files\Logitech\SetPointP\SetPointSmooth.dll [2015-08-26] (Logitech, Inc.) BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\URLREDIR.DLL [2016-01-17] (Microsoft Corporation) BHO: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\GROOVEEX.DLL [2016-01-18] (Microsoft Corporation) BHO: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll [2015-12-17] (Adobe Systems Incorporated) BHO-x32: RealPlayer Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll [2012-10-02] (RealPlayer) BHO-x32: Dashlane BHO -> {42D79B50-CC4A-4A8E-860F-BE674AF053A2} -> C:\Users\Stephanie\AppData\Roaming\Dashlane\ie\Dashlanei.dll [2014-12-15] (Dashlane) BHO-x32: Citavi Picker -> {609D670F-B735-4da7-AC6D-F3BD358E325E} -> C:\Windows\SysWOW64\mscoree.dll [2010-11-05] (Microsoft Corporation) BHO-x32: CmjBrowserHelperObject Object -> {6FE6A929-59D1-4763-91AD-29B61CFFB35B} -> Keine Datei BHO-x32: RoboForm Toolbar Helper -> {724d43a9-0d85-11d4-9908-00400523e39a} -> C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll [2013-10-04] (Siber Systems Inc.) BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_71\bin\ssv.dll [2016-01-22] (Oracle Corporation) BHO-x32: Microsoft-Konto-Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.) BHO-x32: Evernote extension -> {92EF2EAD-A7CE-4424-B0DB-499CF856608E} -> C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll [2014-04-14] (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063) BHO-x32: Password Depot 7 -> {9F79B165-70F7-4C46-B1A5-8828E2FF21F9} -> C:\Program Files (x86)\AceBIT\Password Depot 7\pdIEAddOn32.dll [2014-06-27] (AceBIT) BHO-x32: Samsung BHO Class -> {AA609D72-8482-4076-8991-8CDAE5B93BCB} -> C:\Program Files (x86)\Samsung AnyWeb Print\W2PBrowser.dll [2011-04-22] () BHO-x32: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2015-06-29] (Adobe Systems Incorporated) BHO-x32: Logitech SetPoint -> {AF949550-9094-4807-95EC-D1C317803333} -> C:\Program Files\Logitech\SetPointP\32-bit\SetPointSmooth.dll [2015-08-26] (Logitech, Inc.) BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\root\Office16\URLREDIR.DLL [2016-01-17] (Microsoft Corporation) BHO-x32: 1Password -> {CB1A24DA-7416-4921-A0CF-5AA1160AAE2A} -> C:\Program Files (x86)\1Password\Agile1pIE.dll [2013-08-07] (AgileBits) BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_71\bin\jp2ssv.dll [2016-01-22] (Oracle Corporation) BHO-x32: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2015-06-29] (Adobe Systems Incorporated) Toolbar: HKLM - &RoboForm Toolbar - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dll [2013-10-04] (Siber Systems Inc.) Toolbar: HKLM - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll [2015-12-17] (Adobe Systems Incorporated) Toolbar: HKLM-x32 - &RoboForm Toolbar - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll [2013-10-04] (Siber Systems Inc.) Toolbar: HKLM-x32 - Dashlane Toolbar - {669695BC-A811-4A9D-8CDF-BA8C795F261C} - C:\Users\Stephanie\AppData\Roaming\Dashlane\ie\KWIEBar.dll [2014-12-15] (Dashlane) Toolbar: HKLM-x32 - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2015-06-29] (Adobe Systems Incorporated) Toolbar: HKU\S-1-5-21-1165394420-3520031323-336608003-1000 -> Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll [2015-12-17] (Adobe Systems Incorporated) Toolbar: HKU\S-1-5-21-1165394420-3520031323-336608003-1000 -> &RoboForm Toolbar - {724D43A0-0D85-11D4-9908-00400523E39A} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dll [2013-10-04] (Siber Systems Inc.) Handler: ms-help - {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files (x86)\Common Files\Microsoft Shared\Help\hxds.dll Keine Datei Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-01-17] (Microsoft Corporation) Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-01-17] (Microsoft Corporation) Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-01-17] (Microsoft Corporation) Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-01-17] (Microsoft Corporation) FireFox: ======== FF ProfilePath: C:\Users\Stephanie\AppData\Roaming\Mozilla\Firefox\Profiles\g24g73re.default-1428761828540 FF Session Restore: -> ist aktiviert. FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_20_0_0_286.dll [2016-01-20] () FF Plugin: @microsoft.com/GENUINE -> disabled [Keine Datei] FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-11] ( Microsoft Corporation) FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation) FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [2014-04-28] (Adobe Systems) FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_20_0_0_286.dll [2016-01-20] () FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1221171.dll [2015-10-19] (Adobe Systems, Inc.) FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2015-10-14] () FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2013-10-07] (Google) FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll [2015-10-13] (Google, Inc.) FF Plugin-x32: @java.com/DTPlugin,version=11.71.2 -> C:\Program Files (x86)\Java\jre1.8.0_71\bin\dtplugin\npDeployJava1.dll [2016-01-22] (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=11.71.2 -> C:\Program Files (x86)\Java\jre1.8.0_71\bin\plugin2\npjp2.dll [2016-01-22] (Oracle Corporation) FF Plugin-x32: @microsoft.com/GENUINE -> disabled [Keine Datei] FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-11] ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2016-01-17] (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation) FF Plugin-x32: @real.com/nprpchromebrowserrecordext;version=15.0.6.14 -> C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll [2012-10-02] (RealNetworks, Inc.) FF Plugin-x32: @real.com/nprphtml5videoshim;version=15.0.6.14 -> C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll [2012-10-02] (RealNetworks, Inc.) FF Plugin-x32: @Sibelius.com/Scorch Plugin,version=6.2.0.88 -> C:\Program Files (x86)\Sibelius Software\Scorch\npsibelius.dll [2013-03-11] () FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-04] (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-04] (Google Inc.) FF Plugin-x32: @videolan.org/vlc,version=2.0.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN) FF Plugin-x32: @videolan.org/vlc,version=2.0.2 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN) FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN) FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Air\nppdf32.dll [2015-12-17] (Adobe Systems Inc.) FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll [2014-04-28] (Adobe Systems) FF Plugin HKU\S-1-5-21-1165394420-3520031323-336608003-1000: @octoshape.com/Octoshape Streaming Services,version=1.0 -> C:\Users\Stephanie\AppData\Roaming\Octoshape\Octoshape Streaming Services\sua-1312180-0-npoctoshape.dll [2013-12-18] (Octoshape ApS) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\np-mswmp.dll [2007-04-10] (Microsoft Corporation) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2015-12-17] (Adobe Systems Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin6.dll [2012-11-13] (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin7.dll [2012-11-13] (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\ScorchAxPlugin.dll [2010-04-08] () FF Plugin ProgramFiles/Appdata: C:\Users\Stephanie\AppData\Roaming\mozilla\plugins\npoctoshape.dll [2014-05-22] (Octoshape ApS) FF Extension: Clip to OneNote (Legacy Edition) - C:\Users\Stephanie\AppData\Roaming\Mozilla\Firefox\Profiles\g24g73re.default-1428761828540\Extensions\jid0-e0l1gzjOmbUL1N6n3j8dBSBMcGE@jetpack.xpi [2015-05-31] FF Extension: FireShot - C:\Users\Stephanie\AppData\Roaming\Mozilla\Firefox\Profiles\g24g73re.default-1428761828540\Extensions\{0b457cAA-602d-484a-8fe7-c1d894a011ba} [2016-01-07] FF Extension: Adblock Plus - C:\Users\Stephanie\AppData\Roaming\Mozilla\Firefox\Profiles\g24g73re.default-1428761828540\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2016-01-19] FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} [2016-01-07] [ist nicht signiert] FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} [2016-01-07] [ist nicht signiert] FF HKLM-x32\...\Firefox\Extensions: [passworddepot@acebit.com] - C:\Program Files (x86)\AceBIT\Password Depot 7\Firefox FF Extension: Password Depot Extension - C:\Program Files (x86)\AceBIT\Password Depot 7\Firefox [2015-07-13] [ist nicht signiert] FF HKLM-x32\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext FF Extension: RealPlayer Browser Record Plugin - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2015-04-28] [ist nicht signiert] FF HKLM-x32\...\Firefox\Extensions: [{C3949AC2-4B17-43ee-B4F1-D26B9D42404D}] - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext FF HKLM-x32\...\Firefox\Extensions: [{22119944-ED35-4ab1-910B-E619EA06A115}] - C:\Program Files (x86)\Siber Systems\AI RoboForm\Firefox FF Extension: RoboForm Toolbar for Firefox - C:\Program Files (x86)\Siber Systems\AI RoboForm\Firefox [2014-06-22] [ist nicht signiert] FF HKLM-x32\...\Firefox\Extensions: [{0153E448-190B-4987-BDE1-F256CADA672F}] - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext FF HKLM-x32\...\Firefox\Extensions: [{F003DA68-8256-4b37-A6C4-350FA04494DF}] - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt FF Extension: Logitech SetPoint - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt [2015-12-26] [ist nicht signiert] FF HKLM-x32\...\Firefox\Extensions: [{8AA36F4F-6DC7-4c06-77AF-5035170634FE}] - C:\ProgramData\Swiss Academic Software\Citavi Picker\Firefox FF Extension: Citavi Picker - C:\ProgramData\Swiss Academic Software\Citavi Picker\Firefox [2015-07-20] [ist nicht signiert] FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension@web2pdf.adobedotcom] - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn FF Extension: Adobe Acrobat - Create PDF - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn [2016-01-18] Chrome: ======= CHR StartupUrls: Default -> "","chrome://newtab/?source=home" CHR NewTab: Default -> "chrome-extension://jpfpebmajhhopeonhlcgidhclcccjcik/newtab.html" CHR Plugin: (Native Client) - C:\Users\Stephanie\AppData\Local\Google\Chrome\Application\46.0.2490.86\ppGoogleNaClPluginChrome.dll => Keine Datei CHR Plugin: (Chrome PDF Viewer) - C:\Users\Stephanie\AppData\Local\Google\Chrome\Application\46.0.2490.86\pdf.dll => Keine Datei CHR Plugin: (Shockwave Flash) - C:\Users\Stephanie\AppData\Local\Google\Chrome\Application\46.0.2490.86\gcswf32.dll => Keine Datei CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll => Keine Datei CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll => Keine Datei CHR Plugin: (Microsoft® Windows Media Player Firefox Plugin) - C:\Program Files (x86)\Mozilla Firefox\plugins\np-mswmp.dll (Microsoft Corporation) CHR Plugin: (Java Deployment Toolkit 6.0.310.5) - C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll => Keine Datei CHR Plugin: (Java(TM) Platform SE 6 U31) - C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll => Keine Datei CHR Plugin: (RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit) ) - C:\Program Files (x86)\Mozilla Firefox\plugins\nppl3260.dll => Keine Datei CHR Plugin: (RealPlayer Version Plugin) - C:\Program Files (x86)\Mozilla Firefox\plugins\nprpjplug.dll => Keine Datei CHR Plugin: (RealPlayer(tm) HTML5VideoShim Plug-In (32-bit) ) - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.) CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll => Keine Datei CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll => Keine Datei CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll => Keine Datei CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll => Keine Datei CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll => Keine Datei CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll (Apple Inc.) CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll (Apple Inc.) CHR Plugin: (RealJukebox NS Plugin) - C:\Program Files (x86)\Mozilla Firefox\plugins\nprjplug.dll => Keine Datei CHR Plugin: (ScorchPlugin) - C:\Program Files (x86)\Mozilla Firefox\plugins\NPSibelius.dll => Keine Datei CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL => Keine Datei CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL => Keine Datei CHR Plugin: (Google Earth Plugin) - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google) CHR Plugin: (Picasa) - C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.) CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll => Keine Datei CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () CHR Plugin: (RealNetworks(tm) Chrome Background Extension Plug-In (32-bit) ) - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.) CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll => Keine Datei CHR Profile: C:\Users\Stephanie\AppData\Local\Google\Chrome\User Data\Default CHR Extension: (Google Drive) - C:\Users\Stephanie\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-11-30] CHR Extension: (YouTube) - C:\Users\Stephanie\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-11-30] CHR Extension: (Adblock Plus) - C:\Users\Stephanie\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2015-11-30] CHR Extension: (AddThis - Share & Bookmark (new)) - C:\Users\Stephanie\AppData\Local\Google\Chrome\User Data\Default\Extensions\cgbogdmdefihhljhfeiklfiedefalcde [2015-01-02] CHR Extension: (Google-Suche) - C:\Users\Stephanie\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-11-30] CHR Extension: (Post To Tumblr) - C:\Users\Stephanie\AppData\Local\Google\Chrome\User Data\Default\Extensions\dbpicbbcpanckagpdjflgojlknomoiah [2015-11-30] CHR Extension: (Syncpad for Simplenote) - C:\Users\Stephanie\AppData\Local\Google\Chrome\User Data\Default\Extensions\djiafihgcdhojlgmgfolclfgmllnhhbj [2012-05-20] CHR Extension: (Adobe Acrobat) - C:\Users\Stephanie\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2015-11-30] CHR Extension: (Google Kalender) - C:\Users\Stephanie\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejjicmeblgpmajnghnpcppodonldlgfn [2015-11-30] CHR Extension: (Springpad) - C:\Users\Stephanie\AppData\Local\Google\Chrome\User Data\Default\Extensions\fkmopoamfjnmppabeaphohombnjcjgla [2012-04-16] CHR Extension: (Deaktivierungs-Add-on von Google Analytics) - C:\Users\Stephanie\AppData\Local\Google\Chrome\User Data\Default\Extensions\fllaojicojecljbmefodhfapmkghcbnh [2014-10-21] CHR Extension: (Google Docs Offline) - C:\Users\Stephanie\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-11-30] CHR Extension: (Google Kalender (von Google)) - C:\Users\Stephanie\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmbgaklkmjakoegficnlkhebmhkjfich [2015-11-30] CHR Extension: (TomaTimer) - C:\Users\Stephanie\AppData\Local\Google\Chrome\User Data\Default\Extensions\hgbdhbgmmfhepghcdhepkbhabkaffihk [2014-02-19] CHR Extension: (MusicDock) - C:\Users\Stephanie\AppData\Local\Google\Chrome\User Data\Default\Extensions\hokmdnpfhbbjkaaofecofamghdjadhpa [2012-04-09] CHR Extension: (Speed Dial 2) - C:\Users\Stephanie\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpfpebmajhhopeonhlcgidhclcccjcik [2015-11-30] CHR Extension: (TrackingTime Online Zeiterfassung) - C:\Users\Stephanie\AppData\Local\Google\Chrome\User Data\Default\Extensions\knailkjkjcfegledhjhcfacdngnicimb [2015-11-30] CHR Extension: (SPIEGEL ONLINE Extension) - C:\Users\Stephanie\AppData\Local\Google\Chrome\User Data\Default\Extensions\lcmhmkhlpcieakngfbhgjkdpgibbmboc [2012-04-09] CHR Extension: (Karim Rashid) - C:\Users\Stephanie\AppData\Local\Google\Chrome\User Data\Default\Extensions\ldjcbfljkplgifccngillicohclloidg [2014-02-21] CHR Extension: (Password Depot Add-On) - C:\Users\Stephanie\AppData\Local\Google\Chrome\User Data\Default\Extensions\mcgmdbhgeplifgopfnmafmhfmoekiekn [2015-08-05] CHR Extension: (Save to Pocket) - C:\Users\Stephanie\AppData\Local\Google\Chrome\User Data\Default\Extensions\niloccemoadcdkdjlinkgdfekeahmflj [2015-11-30] CHR Extension: (Springpad Extension) - C:\Users\Stephanie\AppData\Local\Google\Chrome\User Data\Default\Extensions\njhgeimnepehieioinbhmfpphfoocmng [2012-04-16] CHR Extension: (Chrome Web Store-Zahlungen) - C:\Users\Stephanie\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-08-14] CHR Extension: (Any.do) - C:\Users\Stephanie\AppData\Local\Google\Chrome\User Data\Default\Extensions\ocgddccilgpeepgglnlpchkpgamkgmld [2015-08-14] CHR Extension: (Citavi Picker) - C:\Users\Stephanie\AppData\Local\Google\Chrome\User Data\Default\Extensions\ohgndokldibnndfnjnagojmheejlengn [2015-11-30] CHR Extension: (Google Calendar Checker) - C:\Users\Stephanie\AppData\Local\Google\Chrome\User Data\Default\Extensions\ookhcbgokankfmjafalglpofmolfopek [2015-02-24] CHR Extension: (Cacoo - Diagramming & Real-Time Collaboration) - C:\Users\Stephanie\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcflmbddgcmomcfngehfhlajjapabojh [2015-05-21] CHR Extension: (Google Mail) - C:\Users\Stephanie\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-05-21] CHR Extension: (RoboForm) - C:\Program Files (x86)\Siber Systems\AI RoboForm\Chrome [2014-06-22] CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCChromeExtn\WCChromeExtn.crx [2015-12-17] CHR HKLM-x32\...\Chrome\Extension: [jbolfgndggfhhpbnkgnpjkfhinclbigj] - <kein Path/update_url> CHR HKLM-x32\...\Chrome\Extension: [jfmjfhklogoienhpfnppmbcbjfjnkonk] - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Chrome\Ext\rphtml5video.crx [2011-10-24] CHR HKLM-x32\...\Chrome\Extension: [mcgmdbhgeplifgopfnmafmhfmoekiekn] - C:\Program Files (x86)\AceBIT\Password Depot 7\crx.crx [2013-08-27] CHR HKLM-x32\...\Chrome\Extension: [ohgndokldibnndfnjnagojmheejlengn] - hxxps://clients2.google.com/service/update2/crx ==================== Dienste (Nicht auf der Ausnahmeliste) ======================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.) S4 Agile1Password; C:\Program Files (x86)\1Password\Agile1pService.exe [768784 2013-08-07] (AgileBits) R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77104 2015-10-07] (Apple Inc.) S4 AppleOSSMgr; C:\Windows\system32\AppleOSSMgr.exe [224640 2011-06-29] () R2 Box for Office Upgrade Service; C:\Program Files (x86)\Box\Box for Office\UpgradeService.exe [26368 2015-10-15] (Box, Inc.) S3 BoxSyncUpdateService; C:\Program Files\Box\Box Sync\SyncUpdaterService.exe [32144 2015-12-01] (Box, Inc.) R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [2772720 2016-01-17] (Microsoft Corporation) R2 Cloud Station Drive VSS Service x64; C:\Program Files (x86)\Synology\CloudStation\bin\vss-service-x64.exe [287712 2015-10-06] () R2 MBAMScheduler; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe [1513784 2015-10-05] (Malwarebytes) S2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [1135416 2015-10-05] (Malwarebytes) R2 msoidsvc; C:\Program Files\Common Files\Microsoft Shared\Microsoft Online Services\MSOIDSVC.EXE [2079520 2012-05-17] (Microsoft Corp.) R2 MSSQL$MYMOVIES; c:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [29293408 2010-12-10] (Microsoft Corporation) R2 MSSQL$SERVEREXP2008; c:\Program Files (x86)\Microsoft SQL Server\MSSQL10.SERVEREXP2008\MSSQL\Binn\sqlservr.exe [43044512 2015-04-03] (Microsoft Corporation) R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [60416 2009-06-22] (Hewlett-Packard) [Datei ist nicht signiert] R2 SAVAdminService; C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SAVAdminService.exe [288552 2014-06-06] (Sophos Limited) R2 SAVService; C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SavService.exe [208168 2014-11-06] (Sophos Limited) S4 Secunia PSI Agent; C:\Program Files (x86)\Secunia\PSI\PSIA.exe [1228504 2013-07-03] (Secunia) S4 Secunia Update Agent; C:\Program Files (x86)\Secunia\PSI\sua.exe [660184 2013-07-03] (Secunia) R2 Sophos AutoUpdate Service; C:\Program Files (x86)\Sophos\AutoUpdate\ALsvc.exe [340264 2015-08-12] (Sophos Limited) R2 Sophos Web Control Service; C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Control\swc_service.exe [341800 2014-11-06] (Sophos Limited) S4 SQLAgent$SERVEREXP2008; c:\Program Files (x86)\Microsoft SQL Server\MSSQL10.SERVEREXP2008\MSSQL\Binn\SQLAGENT.EXE [380064 2015-04-03] (Microsoft Corporation) R2 swi_service; C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe [3274536 2015-01-14] (Sophos Limited) S2 swi_update_64; C:\ProgramData\Sophos\Web Intelligence\swi_update_64.exe [2065704 2015-01-14] (Sophos Limited) R2 SynoDrService; C:\Program Files (x86)\Synology Data Replicator 3\SynoDrServicex64.exe [384072 2013-10-09] () R2 UsbClientService; C:\Program Files (x86)\Synology\Assistant\UsbClientService.exe [248736 2015-05-11] () R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation) S3 WsDrvInst; C:\Program Files (x86)\Wondershare\TunesGoRetro\DriverInstall.exe [103576 2015-11-04] (Wondershare) S2 HPHNDUSVC; C:\Users\STEPHA~1\AppData\Local\Temp\7zS19CF\HPHNDUSVC.dll [X] S2 HPSLPSVC; C:\Users\STEPHA~1\AppData\Local\Temp\7zS1050\hpslpsvc64.dll [X] S4 Nero BackItUp Scheduler 4.0; C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe [X] ===================== Treiber (Nicht auf der Ausnahmeliste) ========================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.) S3 applebmt; C:\Windows\System32\DRIVERS\applebmt.sys [52736 2011-06-03] (Apple Inc.) S3 AppleODD; C:\Windows\System32\DRIVERS\AppleODD.sys [8704 2011-03-25] (Apple Inc.) R3 azvusb; C:\Windows\System32\DRIVERS\azvusb.sys [54784 2009-08-24] (AzureWave Technologies, Inc.) R3 CVPNDRVA; C:\Windows\system32\Drivers\CVPNDRVA.sys [304784 2010-03-23] () S3 ebdrv; C:\Windows\system32\DRIVERS\evbda.sys [3286016 2009-06-10] (Broadcom Corporation) R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-10-05] (Malwarebytes) R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [192216 2016-02-04] (Malwarebytes) S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-10-05] (Malwarebytes Corporation) S3 mod7700; C:\Windows\System32\DRIVERS\mod7700.sys [1077840 2010-11-19] (DiBcom SA) S3 MODRC; C:\Windows\System32\DRIVERS\modrc.sys [24272 2010-11-19] (DiBcom S.A.) S3 PSI; C:\Windows\System32\DRIVERS\psi_mf_amd64.sys [18456 2013-07-03] (Secunia) R1 SAVOnAccess; C:\Windows\System32\DRIVERS\savonaccess.sys [158976 2014-06-06] (Sophos Limited) S3 sdcfilter; C:\Windows\System32\DRIVERS\sdcfilter.sys [38144 2014-06-06] (Sophos Limited) S4 SophosBootDriver; C:\Windows\System32\DRIVERS\SophosBootDriver.sys [27904 2014-06-06] (Sophos Limited) R0 sptd; C:\Windows\System32\Drivers\sptd.sys [564792 2012-04-10] (Duplex Secure Ltd.) S3 vpnva; C:\Windows\System32\DRIVERS\vpnva64-6.sys [52592 2014-11-19] (Cisco Systems, Inc.) ==================== NetSvcs (Nicht auf der Ausnahmeliste) =================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.) ==================== Ein Monat: Erstellte Dateien und Ordner ======== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.) 2016-02-04 15:03 - 2016-02-04 15:04 - 00055920 _____ C:\Users\Stephanie\Downloads\FRST.txt 2016-02-04 15:01 - 2016-02-04 15:03 - 00000000 ____D C:\FRST 2016-02-04 14:52 - 2016-02-04 14:52 - 02370560 _____ (Farbar) C:\Users\Stephanie\Downloads\FRST64.exe 2016-02-04 14:23 - 2016-02-04 14:23 - 00000000 ___HD C:\OneDriveTemp 2016-02-04 14:15 - 2016-02-04 14:15 - 00002302 _____ C:\Users\Stephanie\Desktop\TROJANER.txt 2016-02-04 13:59 - 2016-02-04 14:15 - 00000000 ____D C:\Users\Stephanie\Desktop\TROJANERBOARD 2016-02-04 10:15 - 2016-02-04 10:15 - 00000000 ____D C:\Program Files (x86)\ESET 2016-02-04 10:11 - 2016-02-04 10:11 - 02870984 _____ (ESET) C:\Users\Stephanie\Downloads\esetsmartinstaller_deu.exe 2016-02-04 08:26 - 2016-02-04 08:26 - 22908888 _____ (Malwarebytes ) C:\Users\Stephanie\Downloads\mbam-setup-2.2.0.1024(1).exe 2016-02-04 08:06 - 2016-02-04 14:24 - 00003356 _____ C:\Windows\System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-1165394420-3520031323-336608003-1000 2016-02-02 11:37 - 2016-02-02 11:37 - 00231592 _____ C:\Users\Stephanie\0014.pdf 2016-02-02 07:54 - 2016-02-04 14:24 - 00003230 _____ C:\Windows\System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-1165394420-3520031323-336608003-1000 2016-01-31 11:40 - 2016-01-31 11:40 - 00339224 _____ C:\Users\Stephanie\0013.pdf 2016-01-29 10:11 - 2016-01-29 10:11 - 00000000 ____D C:\Users\Stephanie\AppData\Local\Microsoft_Corporation 2016-01-29 10:03 - 2016-01-29 10:11 - 00000000 ____D C:\Users\Stephanie\AppData\Local\yasoon 2016-01-29 10:00 - 2016-01-29 10:00 - 00000000 ____D C:\Users\Stephanie\AppData\Roaming\yasoon GmbH 2016-01-29 09:59 - 2016-01-29 09:59 - 35984032 _____ (yasoon GmbH) C:\Users\Stephanie\Downloads\wunderlist_for_outlook.exe 2016-01-28 20:44 - 2016-01-28 20:44 - 04123704 _____ (ClearContext Corporation) C:\Users\Stephanie\Downloads\ccims-myn(1).exe 2016-01-28 20:43 - 2016-01-28 20:44 - 04123704 _____ (ClearContext Corporation) C:\Users\Stephanie\Downloads\ccims-myn.exe 2016-01-28 15:06 - 2016-01-28 15:06 - 00015978 _____ C:\Users\Stephanie\Downloads\toodledo_completed.csv 2016-01-28 14:58 - 2016-01-28 14:58 - 00083718 _____ C:\Users\Stephanie\Downloads\toodledo_current.csv 2016-01-28 10:05 - 2016-01-28 10:05 - 00011439 _____ C:\Users\Stephanie\AppData\Roaming\Durch Trennzeichen getrennte Werte.TSK 2016-01-23 21:52 - 2016-01-23 21:52 - 00552409 _____ C:\Users\Stephanie\0012.pdf 2016-01-23 18:32 - 2016-01-23 18:32 - 00171597 _____ C:\Users\Stephanie\0011.pdf 2016-01-23 18:26 - 2016-01-23 18:26 - 00346300 _____ C:\Users\Stephanie\0010.pdf 2016-01-23 18:15 - 2016-01-23 18:15 - 00154642 _____ C:\Users\Stephanie\0009.pdf 2016-01-23 18:04 - 2016-01-23 18:04 - 00215794 _____ C:\Users\Stephanie\0008.pdf 2016-01-23 17:57 - 2016-01-23 17:57 - 00215794 _____ C:\Users\Stephanie\0007.pdf 2016-01-23 17:55 - 2016-01-23 17:55 - 00248524 _____ C:\Users\Stephanie\0006.pdf 2016-01-23 17:31 - 2016-01-23 17:31 - 00867745 _____ C:\Users\Stephanie\0005.pdf 2016-01-22 11:38 - 2016-01-22 11:38 - 00000000 ____D C:\Users\Stephanie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox 2016-01-20 23:21 - 2016-01-20 23:21 - 00010835 _____ C:\Users\Stephanie\Downloads\Ihre Retourenmarke.pdf 2016-01-17 11:16 - 2016-01-17 11:16 - 00551291 _____ C:\Users\Stephanie\0004.pdf 2016-01-17 11:07 - 2016-01-17 11:08 - 07534080 _____ C:\Users\Stephanie\Downloads\gSyncit_4_1_65.msi 2016-01-17 09:56 - 2016-01-17 09:56 - 03205312 _____ (Microsoft Corporation) C:\Users\Stephanie\Downloads\Setup.X86.de-DE_O365HomePremRetail_caeec875-3843-48d7-83a2-3adae5cd1054_TX_DB_.exe 2016-01-15 15:53 - 2016-01-15 15:53 - 00105770 _____ C:\Users\Stephanie\0003.pdf 2016-01-15 15:53 - 2016-01-15 15:53 - 00105770 _____ C:\Users\Stephanie\0002.pdf 2016-01-15 15:53 - 2016-01-15 15:53 - 00105770 _____ C:\Users\Stephanie\0001.pdf 2016-01-14 19:22 - 2016-01-14 19:22 - 00196218 _____ C:\Users\Stephanie\Documents\Scan0006.pdf 2016-01-14 19:21 - 2016-01-14 19:21 - 00196218 _____ C:\Users\Stephanie\Documents\Scan0005.pdf 2016-01-14 09:30 - 2015-12-11 19:57 - 01164800 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll 2016-01-14 09:30 - 2015-12-08 22:54 - 02285056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msmpeg2vdec.dll 2016-01-14 09:30 - 2015-12-08 22:54 - 01620992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVDECOD.DLL 2016-01-14 09:30 - 2015-12-08 22:54 - 01568768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVENCOD.DLL 2016-01-14 09:30 - 2015-12-08 22:54 - 01325056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMSPDMOE.DLL 2016-01-14 09:30 - 2015-12-08 22:54 - 00902144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMADMOD.DLL 2016-01-14 09:30 - 2015-12-08 22:54 - 00815616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMADMOE.DLL 2016-01-14 09:30 - 2015-12-08 22:54 - 00740352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmpmde.dll 2016-01-14 09:30 - 2015-12-08 22:54 - 00739328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMSPDMOD.DLL 2016-01-14 09:30 - 2015-12-08 22:54 - 00665088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVXENCD.DLL 2016-01-14 09:30 - 2015-12-08 22:54 - 00541184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVSDECD.DLL 2016-01-14 09:30 - 2015-12-08 22:54 - 00358400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVSENCD.DLL 2016-01-14 09:30 - 2015-12-08 22:54 - 00154112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\VIDRESZR.DLL 2016-01-14 09:30 - 2015-12-08 22:53 - 03209728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mf.dll 2016-01-14 09:30 - 2015-12-08 22:53 - 01329664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\quartz.dll 2016-01-14 09:30 - 2015-12-08 22:53 - 00970240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msmpeg2adec.dll 2016-01-14 09:30 - 2015-12-08 22:53 - 00829952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSMPEG2ENC.DLL 2016-01-14 09:30 - 2015-12-08 22:53 - 00609280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MFWMAAEC.DLL 2016-01-14 09:30 - 2015-12-08 22:53 - 00519680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll 2016-01-14 09:30 - 2015-12-08 22:53 - 00509952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll 2016-01-14 09:30 - 2015-12-08 22:53 - 00489984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\evr.dll 2016-01-14 09:30 - 2015-12-08 22:53 - 00415744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MP4SDECD.DLL 2016-01-14 09:30 - 2015-12-08 22:53 - 00354816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfplat.dll 2016-01-14 09:30 - 2015-12-08 22:53 - 00241152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MPG4DECD.DLL 2016-01-14 09:30 - 2015-12-08 22:53 - 00241152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MP43DECD.DLL 2016-01-14 09:30 - 2015-12-08 22:53 - 00206848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RESAMPLEDMO.DLL 2016-01-14 09:30 - 2015-12-08 22:53 - 00206848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qasf.dll 2016-01-14 09:30 - 2015-12-08 22:53 - 00193536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ksproxy.ax 2016-01-14 09:30 - 2015-12-08 22:53 - 00153600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\COLORCNV.DLL 2016-01-14 09:30 - 2015-12-08 22:53 - 00103424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfps.dll 2016-01-14 09:30 - 2015-12-08 22:53 - 00079872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MP3DMOD.DLL 2016-01-14 09:30 - 2015-12-08 22:53 - 00067584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\devenum.dll 2016-01-14 09:30 - 2015-12-08 22:53 - 00053248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfvdsp.dll 2016-01-14 09:30 - 2015-12-08 22:53 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rrinstaller.exe 2016-01-14 09:30 - 2015-12-08 22:53 - 00023040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfpmp.exe 2016-01-14 09:30 - 2015-12-08 22:53 - 00004608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ksuser.dll 2016-01-14 09:30 - 2015-12-08 22:50 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mferror.dll 2016-01-14 09:30 - 2015-12-08 20:07 - 04121600 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll 2016-01-14 09:30 - 2015-12-08 20:07 - 02777088 _____ (Microsoft Corporation) C:\Windows\system32\msmpeg2vdec.dll 2016-01-14 09:30 - 2015-12-08 20:07 - 01955328 _____ (Microsoft Corporation) C:\Windows\system32\WMVENCOD.DLL 2016-01-14 09:30 - 2015-12-08 20:07 - 01888768 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL 2016-01-14 09:30 - 2015-12-08 20:07 - 01575424 _____ (Microsoft Corporation) C:\Windows\system32\WMSPDMOE.DLL 2016-01-14 09:30 - 2015-12-08 20:07 - 01573888 _____ (Microsoft Corporation) C:\Windows\system32\quartz.dll 2016-01-14 09:30 - 2015-12-08 20:07 - 01307136 _____ (Microsoft Corporation) C:\Windows\system32\msmpeg2adec.dll 2016-01-14 09:30 - 2015-12-08 20:07 - 01232896 _____ (Microsoft Corporation) C:\Windows\system32\WMADMOD.DLL 2016-01-14 09:30 - 2015-12-08 20:07 - 01160192 _____ (Microsoft Corporation) C:\Windows\system32\MSMPEG2ENC.DLL 2016-01-14 09:30 - 2015-12-08 20:07 - 01153024 _____ (Microsoft Corporation) C:\Windows\system32\WMADMOE.DLL 2016-01-14 09:30 - 2015-12-08 20:07 - 01026048 _____ (Microsoft Corporation) C:\Windows\system32\wmpmde.dll 2016-01-14 09:30 - 2015-12-08 20:07 - 01010688 _____ (Microsoft Corporation) C:\Windows\system32\mcmde.dll 2016-01-14 09:30 - 2015-12-08 20:07 - 00978944 _____ (Microsoft Corporation) C:\Windows\system32\WMSPDMOD.DLL 2016-01-14 09:30 - 2015-12-08 20:07 - 00666112 _____ (Microsoft Corporation) C:\Windows\system32\WMVSDECD.DLL 2016-01-14 09:30 - 2015-12-08 20:07 - 00653824 _____ (Microsoft Corporation) C:\Windows\system32\MP4SDECD.DLL 2016-01-14 09:30 - 2015-12-08 20:07 - 00642048 _____ (Microsoft Corporation) C:\Windows\system32\WMVXENCD.DLL 2016-01-14 09:30 - 2015-12-08 20:07 - 00632320 _____ (Microsoft Corporation) C:\Windows\system32\evr.dll 2016-01-14 09:30 - 2015-12-08 20:07 - 00624640 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll 2016-01-14 09:30 - 2015-12-08 20:07 - 00484864 _____ (Microsoft Corporation) C:\Windows\system32\MFWMAAEC.DLL 2016-01-14 09:30 - 2015-12-08 20:07 - 00447488 _____ (Microsoft Corporation) C:\Windows\system32\WMVSENCD.DLL 2016-01-14 09:30 - 2015-12-08 20:07 - 00432128 _____ (Microsoft Corporation) C:\Windows\system32\mfplat.dll 2016-01-14 09:30 - 2015-12-08 20:07 - 00378880 _____ (Microsoft Corporation) C:\Windows\system32\SysFxUI.dll 2016-01-14 09:30 - 2015-12-08 20:07 - 00371712 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll 2016-01-14 09:30 - 2015-12-08 20:07 - 00292352 _____ (Microsoft Corporation) C:\Windows\system32\VIDRESZR.DLL 2016-01-14 09:30 - 2015-12-08 20:07 - 00254464 _____ (Microsoft Corporation) C:\Windows\system32\qasf.dll 2016-01-14 09:30 - 2015-12-08 20:07 - 00225792 _____ (Microsoft Corporation) C:\Windows\system32\RESAMPLEDMO.DLL 2016-01-14 09:30 - 2015-12-08 20:07 - 00224768 _____ (Microsoft Corporation) C:\Windows\system32\MPG4DECD.DLL 2016-01-14 09:30 - 2015-12-08 20:07 - 00223744 _____ (Microsoft Corporation) C:\Windows\system32\MP43DECD.DLL 2016-01-14 09:30 - 2015-12-08 20:07 - 00206848 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll 2016-01-14 09:30 - 2015-12-08 20:07 - 00189952 _____ (Microsoft Corporation) C:\Windows\system32\COLORCNV.DLL 2016-01-14 09:30 - 2015-12-08 20:07 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\MP3DMOD.DLL 2016-01-14 09:30 - 2015-12-08 20:07 - 00076288 _____ (Microsoft Corporation) C:\Windows\system32\devenum.dll 2016-01-14 09:30 - 2015-12-08 20:07 - 00070144 _____ (Microsoft Corporation) C:\Windows\system32\mfvdsp.dll 2016-01-14 09:30 - 2015-12-08 20:07 - 00055808 _____ (Microsoft Corporation) C:\Windows\system32\rrinstaller.exe 2016-01-14 09:30 - 2015-12-08 20:07 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\ksuser.dll 2016-01-14 09:30 - 2015-12-08 20:06 - 00250880 _____ (Microsoft Corporation) C:\Windows\system32\ksproxy.ax 2016-01-14 09:30 - 2015-12-08 20:06 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\mfpmp.exe 2016-01-14 09:30 - 2015-12-08 20:04 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\mferror.dll 2016-01-14 09:30 - 2015-12-08 19:54 - 00116736 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\drmk.sys 2016-01-14 09:30 - 2015-12-08 19:12 - 00230400 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\portcls.sys 2016-01-14 09:30 - 2015-12-08 19:11 - 00005632 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\drmkaud.sys 2016-01-14 09:30 - 2015-12-08 18:58 - 03211264 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys 2016-01-14 09:30 - 2015-11-14 00:09 - 00091648 _____ (Microsoft Corporation) C:\Windows\system32\mapistub.dll 2016-01-14 09:30 - 2015-11-14 00:09 - 00091648 _____ (Microsoft Corporation) C:\Windows\system32\mapi32.dll 2016-01-14 09:30 - 2015-11-14 00:08 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\fixmapi.exe 2016-01-14 09:30 - 2015-11-13 23:50 - 00076800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mapistub.dll 2016-01-14 09:30 - 2015-11-13 23:50 - 00076800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mapi32.dll 2016-01-14 09:30 - 2015-11-13 23:49 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fixmapi.exe 2016-01-14 09:29 - 2015-12-24 00:13 - 00387784 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll 2016-01-14 09:29 - 2015-12-23 23:52 - 00341192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll 2016-01-14 09:29 - 2015-12-12 19:54 - 25837568 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2016-01-14 09:29 - 2015-12-12 19:31 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2016-01-14 09:29 - 2015-12-12 19:30 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll 2016-01-14 09:29 - 2015-12-12 19:16 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll 2016-01-14 09:29 - 2015-12-12 19:15 - 02887168 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2016-01-14 09:29 - 2015-12-12 19:15 - 00571904 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll 2016-01-14 09:29 - 2015-12-12 19:15 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec 2016-01-14 09:29 - 2015-12-12 19:15 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll 2016-01-14 09:29 - 2015-12-12 19:14 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll 2016-01-14 09:29 - 2015-12-12 19:07 - 06051328 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2016-01-14 09:29 - 2015-12-12 19:07 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2016-01-14 09:29 - 2015-12-12 19:07 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll 2016-01-14 09:29 - 2015-12-12 19:03 - 00615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2016-01-14 09:29 - 2015-12-12 19:02 - 20367360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2016-01-14 09:29 - 2015-12-12 19:02 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll 2016-01-14 09:29 - 2015-12-12 19:02 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll 2016-01-14 09:29 - 2015-12-12 19:02 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe 2016-01-14 09:29 - 2015-12-12 19:02 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe 2016-01-14 09:29 - 2015-12-12 18:55 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe 2016-01-14 09:29 - 2015-12-12 18:51 - 00489984 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll 2016-01-14 09:29 - 2015-12-12 18:49 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2016-01-14 09:29 - 2015-12-12 18:44 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll 2016-01-14 09:29 - 2015-12-12 18:40 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll 2016-01-14 09:29 - 2015-12-12 18:39 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2016-01-14 09:29 - 2015-12-12 18:37 - 00496640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll 2016-01-14 09:29 - 2015-12-12 18:37 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll 2016-01-14 09:29 - 2015-12-12 18:37 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll 2016-01-14 09:29 - 2015-12-12 18:37 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll 2016-01-14 09:29 - 2015-12-12 18:36 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec 2016-01-14 09:29 - 2015-12-12 18:36 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll 2016-01-14 09:29 - 2015-12-12 18:35 - 00152064 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll 2016-01-14 09:29 - 2015-12-12 18:33 - 02280448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2016-01-14 09:29 - 2015-12-12 18:31 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2016-01-14 09:29 - 2015-12-12 18:30 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll 2016-01-14 09:29 - 2015-12-12 18:28 - 00476160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2016-01-14 09:29 - 2015-12-12 18:27 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll 2016-01-14 09:29 - 2015-12-12 18:27 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll 2016-01-14 09:29 - 2015-12-12 18:27 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe 2016-01-14 09:29 - 2015-12-12 18:25 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll 2016-01-14 09:29 - 2015-12-12 18:23 - 00798208 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2016-01-14 09:29 - 2015-12-12 18:22 - 00718336 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2016-01-14 09:29 - 2015-12-12 18:21 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll 2016-01-14 09:29 - 2015-12-12 18:20 - 02123264 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2016-01-14 09:29 - 2015-12-12 18:19 - 00416256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll 2016-01-14 09:29 - 2015-12-12 18:18 - 14457856 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2016-01-14 09:29 - 2015-12-12 18:14 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll 2016-01-14 09:29 - 2015-12-12 18:12 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll 2016-01-14 09:29 - 2015-12-12 18:10 - 00279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll 2016-01-14 09:29 - 2015-12-12 18:10 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll 2016-01-14 09:29 - 2015-12-12 18:09 - 04610560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2016-01-14 09:29 - 2015-12-12 18:08 - 00130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll 2016-01-14 09:29 - 2015-12-12 18:06 - 02487808 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2016-01-14 09:29 - 2015-12-12 18:02 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll 2016-01-14 09:29 - 2015-12-12 18:00 - 12856320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2016-01-14 09:29 - 2015-12-12 18:00 - 02050560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl 2016-01-14 09:29 - 2015-12-12 18:00 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll 2016-01-14 09:29 - 2015-12-12 18:00 - 00687104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2016-01-14 09:29 - 2015-12-12 17:54 - 01546752 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2016-01-14 09:29 - 2015-12-12 17:42 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll 2016-01-14 09:29 - 2015-12-12 17:41 - 02011136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2016-01-14 09:29 - 2015-12-12 17:38 - 01311744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2016-01-14 09:29 - 2015-12-12 17:36 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll 2016-01-14 09:27 - 2015-12-30 20:08 - 05572544 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe 2016-01-14 09:27 - 2015-12-30 20:08 - 00154560 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys 2016-01-14 09:27 - 2015-12-30 20:08 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys 2016-01-14 09:27 - 2015-12-30 20:05 - 01730496 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll 2016-01-14 09:27 - 2015-12-30 20:02 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll 2016-01-14 09:27 - 2015-12-30 20:02 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll 2016-01-14 09:27 - 2015-12-30 20:02 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll 2016-01-14 09:27 - 2015-12-30 20:02 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll 2016-01-14 09:27 - 2015-12-30 20:02 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll 2016-01-14 09:27 - 2015-12-30 20:02 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll 2016-01-14 09:27 - 2015-12-30 20:01 - 01214464 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll 2016-01-14 09:27 - 2015-12-30 20:01 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll 2016-01-14 09:27 - 2015-12-30 20:01 - 00344064 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll 2016-01-14 09:27 - 2015-12-30 20:01 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll 2016-01-14 09:27 - 2015-12-30 20:01 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll 2016-01-14 09:27 - 2015-12-30 20:01 - 00028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll 2016-01-14 09:27 - 2015-12-30 20:01 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll 2016-01-14 09:27 - 2015-12-30 20:00 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll 2016-01-14 09:27 - 2015-12-30 19:59 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll 2016-01-14 09:27 - 2015-12-30 19:59 - 00312320 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll 2016-01-14 09:27 - 2015-12-30 19:59 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll 2016-01-14 09:27 - 2015-12-30 19:58 - 01461248 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll 2016-01-14 09:27 - 2015-12-30 19:58 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll 2016-01-14 09:27 - 2015-12-30 19:57 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll 2016-01-14 09:27 - 2015-12-30 19:57 - 00729600 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll 2016-01-14 09:27 - 2015-12-30 19:57 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll 2016-01-14 09:27 - 2015-12-30 19:55 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll 2016-01-14 09:27 - 2015-12-30 19:55 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll 2016-01-14 09:27 - 2015-12-30 19:55 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll 2016-01-14 09:27 - 2015-12-30 19:54 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll 2016-01-14 09:27 - 2015-12-30 19:54 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll 2016-01-14 09:27 - 2015-12-30 19:54 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll 2016-01-14 09:27 - 2015-12-30 19:54 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll 2016-01-14 09:27 - 2015-12-30 19:54 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll 2016-01-14 09:27 - 2015-12-30 19:54 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll 2016-01-14 09:27 - 2015-12-30 19:54 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll 2016-01-14 09:27 - 2015-12-30 19:54 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll 2016-01-14 09:27 - 2015-12-30 19:54 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll 2016-01-14 09:27 - 2015-12-30 19:54 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll 2016-01-14 09:27 - 2015-12-30 19:54 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll 2016-01-14 09:27 - 2015-12-30 19:54 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll 2016-01-14 09:27 - 2015-12-30 19:54 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll 2016-01-14 09:27 - 2015-12-30 19:54 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll 2016-01-14 09:27 - 2015-12-30 19:54 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll 2016-01-14 09:27 - 2015-12-30 19:54 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll 2016-01-14 09:27 - 2015-12-30 19:54 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll 2016-01-14 09:27 - 2015-12-30 19:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll 2016-01-14 09:27 - 2015-12-30 19:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll 2016-01-14 09:27 - 2015-12-30 19:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll 2016-01-14 09:27 - 2015-12-30 19:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll 2016-01-14 09:27 - 2015-12-30 19:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll 2016-01-14 09:27 - 2015-12-30 19:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll 2016-01-14 09:27 - 2015-12-30 19:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll 2016-01-14 09:27 - 2015-12-30 19:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll 2016-01-14 09:27 - 2015-12-30 19:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll 2016-01-14 09:27 - 2015-12-30 19:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll 2016-01-14 09:27 - 2015-12-30 19:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll 2016-01-14 09:27 - 2015-12-30 19:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll 2016-01-14 09:27 - 2015-12-30 19:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll 2016-01-14 09:27 - 2015-12-30 19:47 - 03993536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe 2016-01-14 09:27 - 2015-12-30 19:47 - 03938240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe 2016-01-14 09:27 - 2015-12-30 19:44 - 01311768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll 2016-01-14 09:27 - 2015-12-30 19:41 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll 2016-01-14 09:27 - 2015-12-30 19:41 - 00665088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll 2016-01-14 09:27 - 2015-12-30 19:41 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll 2016-01-14 09:27 - 2015-12-30 19:41 - 00171520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll 2016-01-14 09:27 - 2015-12-30 19:41 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll 2016-01-14 09:27 - 2015-12-30 19:41 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll 2016-01-14 09:27 - 2015-12-30 19:41 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll 2016-01-14 09:27 - 2015-12-30 19:41 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll 2016-01-14 09:27 - 2015-12-30 19:40 - 00251392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll 2016-01-14 09:27 - 2015-12-30 19:40 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll 2016-01-14 09:27 - 2015-12-30 19:39 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll 2016-01-14 09:27 - 2015-12-30 19:39 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll 2016-01-14 09:27 - 2015-12-30 19:39 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll 2016-01-14 09:27 - 2015-12-30 19:39 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll 2016-01-14 09:27 - 2015-12-30 19:38 - 00552960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll 2016-01-14 09:27 - 2015-12-30 19:38 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll 2016-01-14 09:27 - 2015-12-30 19:37 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll 2016-01-14 09:27 - 2015-12-30 19:37 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll 2016-01-14 09:27 - 2015-12-30 19:37 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll 2016-01-14 09:27 - 2015-12-30 19:37 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll 2016-01-14 09:27 - 2015-12-30 19:37 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll 2016-01-14 09:27 - 2015-12-30 19:37 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll 2016-01-14 09:27 - 2015-12-30 19:37 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll 2016-01-14 09:27 - 2015-12-30 19:37 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll 2016-01-14 09:27 - 2015-12-30 19:37 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll 2016-01-14 09:27 - 2015-12-30 19:37 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll 2016-01-14 09:27 - 2015-12-30 19:37 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll 2016-01-14 09:27 - 2015-12-30 19:37 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll 2016-01-14 09:27 - 2015-12-30 19:37 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll 2016-01-14 09:27 - 2015-12-30 19:37 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll 2016-01-14 09:27 - 2015-12-30 19:37 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll 2016-01-14 09:27 - 2015-12-30 19:37 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll 2016-01-14 09:27 - 2015-12-30 19:37 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll 2016-01-14 09:27 - 2015-12-30 19:37 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll 2016-01-14 09:27 - 2015-12-30 19:37 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll 2016-01-14 09:27 - 2015-12-30 19:37 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll 2016-01-14 09:27 - 2015-12-30 19:37 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll 2016-01-14 09:27 - 2015-12-30 19:37 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll 2016-01-14 09:27 - 2015-12-30 19:37 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll 2016-01-14 09:27 - 2015-12-30 19:37 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll 2016-01-14 09:27 - 2015-12-30 19:37 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll 2016-01-14 09:27 - 2015-12-30 19:37 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll 2016-01-14 09:27 - 2015-12-30 18:57 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe 2016-01-14 09:27 - 2015-12-30 18:50 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe 2016-01-14 09:27 - 2015-12-30 18:49 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe 2016-01-14 09:27 - 2015-12-30 18:44 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe 2016-01-14 09:27 - 2015-12-30 18:43 - 00159232 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys 2016-01-14 09:27 - 2015-12-30 18:42 - 00290816 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys 2016-01-14 09:27 - 2015-12-30 18:42 - 00129024 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys 2016-01-14 09:27 - 2015-12-30 18:41 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe 2016-01-14 09:27 - 2015-12-30 18:41 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe 2016-01-14 09:27 - 2015-12-30 18:32 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe 2016-01-14 09:27 - 2015-12-30 18:32 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll 2016-01-14 09:27 - 2015-12-30 18:32 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe 2016-01-14 09:27 - 2015-12-30 18:32 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe 2016-01-14 09:27 - 2015-12-30 18:30 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll 2016-01-14 09:27 - 2015-12-30 18:30 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll 2016-01-14 09:27 - 2015-12-30 18:30 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll 2016-01-14 09:27 - 2015-12-30 18:30 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll 2016-01-14 09:27 - 2015-12-30 18:30 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll 2016-01-14 09:27 - 2015-12-08 22:53 - 00641536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll 2016-01-14 09:27 - 2015-12-08 22:52 - 00312320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll 2016-01-14 09:27 - 2015-12-08 20:07 - 00879104 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll 2016-01-14 09:27 - 2015-12-08 20:07 - 00405504 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll 2016-01-14 09:27 - 2015-11-17 02:11 - 00025024 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe 2016-01-14 09:27 - 2015-11-17 02:08 - 01381376 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll 2016-01-14 09:27 - 2015-11-17 02:08 - 00792064 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll 2016-01-14 09:27 - 2015-11-17 02:08 - 00705536 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll 2016-01-14 09:27 - 2015-11-17 02:08 - 00505856 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll 2016-01-14 09:27 - 2015-11-17 02:08 - 00076800 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll 2016-01-14 09:27 - 2015-11-16 21:17 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll 2016-01-10 15:33 - 2016-01-11 00:01 - 00000000 ____D C:\Users\Stephanie\AppData\Roaming\Outlook Google Calendar Sync 2016-01-10 15:28 - 2016-01-10 15:28 - 00005719 _____ C:\Users\Stephanie\Downloads\OutlookGoogleCalendarSync.application 2016-01-09 12:46 - 2016-01-09 12:46 - 00002759 _____ C:\Users\Public\Desktop\Sophos Virus Removal Tool.lnk 2016-01-09 11:39 - 2016-01-09 11:43 - 142614416 _____ (Sophos Limited) C:\Users\Stephanie\Downloads\Sophos Virus Removal Tool.exe 2016-01-08 18:47 - 2016-01-08 18:47 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime 2016-01-07 12:52 - 2016-01-09 09:43 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox ==================== Ein Monat: Geänderte Dateien und Ordner ======== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.) 2016-02-04 14:53 - 2009-07-14 05:45 - 00024384 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2016-02-04 14:53 - 2009-07-14 05:45 - 00024384 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2016-02-04 14:50 - 2015-03-01 09:37 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2016-02-04 14:47 - 2013-09-12 22:26 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job 2016-02-04 14:43 - 2014-02-11 14:14 - 00001110 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2016-02-04 14:40 - 2014-11-09 15:24 - 00000000 ____D C:\Users\Stephanie\AppData\Roaming\Copy 2016-02-04 14:25 - 2015-07-10 08:59 - 00000000 ____D C:\Users\Stephanie\AppData\Local\Box Sync 2016-02-04 14:25 - 2015-06-14 22:14 - 00001240 _____ C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-1165394420-3520031323-336608003-1000UA.job 2016-02-04 14:23 - 2015-10-29 10:36 - 00000000 ___RD C:\Users\Stephanie\OneDrive 2016-02-04 14:23 - 2014-02-11 14:14 - 00001106 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2016-02-04 14:21 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT 2016-02-04 14:11 - 2015-08-12 10:47 - 00000000 ___RD C:\Users\Stephanie\CloudStation 2016-02-04 14:00 - 2011-08-26 09:23 - 00000000 ____D C:\Users\Stephanie\Documents\WISO Mein Geld 2016-02-04 13:25 - 2011-08-28 12:11 - 00001167 _____ C:\Windows\wiso.ini 2016-02-04 13:03 - 2014-10-06 18:55 - 00000000 ____D C:\Users\Stephanie\AppData\Local\CrashDumps 2016-02-04 12:21 - 2011-08-29 11:56 - 00000000 ____D C:\Users\Stephanie\AppData\Local\Deployment 2016-02-04 08:38 - 2014-02-11 14:14 - 00004106 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA 2016-02-04 08:38 - 2014-02-11 14:14 - 00003854 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore 2016-02-04 08:30 - 2015-11-17 09:04 - 00001110 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2016-02-04 08:30 - 2015-03-01 09:36 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 2016-02-04 08:30 - 2015-03-01 09:36 - 00000000 ____D C:\Program Files (x86)\ Malwarebytes Anti-Malware 2016-02-02 11:37 - 2011-08-24 22:45 - 00000000 ____D C:\Users\Stephanie 2016-02-02 11:29 - 2013-06-12 07:16 - 00000000 ____D C:\Users\Stephanie\Desktop\Temporär 2016-02-02 07:57 - 2015-06-14 22:14 - 00001188 _____ C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-1165394420-3520031323-336608003-1000Core.job 2016-02-02 07:51 - 2011-09-09 16:15 - 00000578 _____ C:\Windows\Tasks\Neuer Scan (1).job 2016-01-31 12:02 - 2011-08-27 23:07 - 00000000 ____D C:\Users\Stephanie\Documents\Telekommunikation 2016-01-31 11:35 - 2015-08-04 10:56 - 00000000 ____D C:\ProgramData\firebird 2016-01-31 00:01 - 2012-11-11 14:12 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive 2016-01-30 11:08 - 2011-08-25 23:50 - 00000000 ____D C:\Users\Stephanie\Documents\Outlook-Dateien 2016-01-29 09:53 - 2015-08-12 10:31 - 00000000 ____D C:\Users\Stephanie\AppData\Local\CloudStation 2016-01-28 20:18 - 2015-07-09 22:11 - 00333312 ___SH C:\Users\Stephanie\Downloads\Thumbs.db 2016-01-27 19:04 - 2009-07-14 11:57 - 00815860 _____ C:\Windows\system32\perfh007.dat 2016-01-27 19:04 - 2009-07-14 11:57 - 00193644 _____ C:\Windows\system32\perfc007.dat 2016-01-27 19:04 - 2009-07-14 06:13 - 01947900 _____ C:\Windows\system32\PerfStringBackup.INI 2016-01-27 19:04 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\inf 2016-01-24 17:40 - 2015-08-17 12:45 - 00000000 ____D C:\ProgramData\BtCrashDumps 2016-01-24 17:25 - 2015-07-26 14:54 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft 2016-01-24 17:22 - 2011-08-25 09:17 - 00000000 ____D C:\Program Files (x86)\Microsoft Office 2016-01-23 21:36 - 2014-02-11 14:16 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Apps Migration 2016-01-23 16:45 - 2013-09-13 08:02 - 00000000 ____D C:\ProgramData\Oracle 2016-01-22 12:34 - 2011-09-28 10:40 - 00000000 ____D C:\Program Files (x86)\Java 2016-01-22 12:33 - 2014-08-26 14:11 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java 2016-01-22 12:32 - 2015-09-02 09:55 - 00000000 ____D C:\Users\Stephanie\.oracle_jre_usage 2016-01-22 12:31 - 2014-10-31 08:34 - 00097888 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll 2016-01-22 11:38 - 2011-08-25 10:44 - 00000000 ____D C:\Users\Stephanie\AppData\Roaming\Dropbox 2016-01-20 23:50 - 2012-09-01 19:35 - 00000000 ____D C:\Users\Stephanie\AppData\Local\Spotify 2016-01-20 22:32 - 2012-09-01 19:35 - 00000000 ____D C:\Users\Stephanie\AppData\Roaming\Spotify 2016-01-20 15:40 - 2013-09-12 22:26 - 00796864 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2016-01-20 15:40 - 2013-09-12 22:26 - 00142528 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2016-01-20 15:40 - 2013-09-12 22:26 - 00003822 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater 2016-01-18 18:40 - 2015-08-18 23:04 - 00002453 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat XI Pro.lnk 2016-01-18 18:40 - 2015-08-18 23:04 - 00002218 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe FormsCentral.lnk 2016-01-18 18:40 - 2015-08-18 23:04 - 00002057 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat Distiller XI.lnk 2016-01-18 18:12 - 2009-07-14 05:45 - 00495920 _____ C:\Windows\system32\FNTCACHE.DAT 2016-01-17 15:08 - 2012-05-20 14:54 - 00000000 ____D C:\Users\Stephanie\AppData\Roaming\gSyncit 2016-01-17 11:27 - 2013-10-25 14:42 - 00139328 _____ C:\Users\Stephanie\AppData\Local\GDIPFONTCACHEV1.DAT 2016-01-17 11:12 - 2013-02-02 19:02 - 00000000 ____D C:\Users\Stephanie\AppData\Roaming\MOBackup 2016-01-17 09:48 - 2015-07-10 08:57 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Box Sync 2016-01-17 08:35 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\rescache 2016-01-16 19:44 - 2011-08-29 18:10 - 00000000 ____D C:\Program Files (x86)\Google 2016-01-15 16:34 - 2013-03-13 10:17 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight 2016-01-15 16:33 - 2013-03-13 10:17 - 00000000 ____D C:\Program Files\Microsoft Silverlight 2016-01-15 16:33 - 2013-03-13 10:17 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight 2016-01-15 16:32 - 2013-08-14 09:25 - 00000000 ____D C:\Windows\system32\MRT 2016-01-15 16:17 - 2011-08-25 09:39 - 143671360 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe 2016-01-15 09:16 - 2014-12-11 07:32 - 00000000 ____D C:\Windows\system32\appraiser 2016-01-15 09:16 - 2014-05-06 23:04 - 00000000 ___SD C:\Windows\system32\CompatTel 2016-01-15 00:56 - 2014-11-19 23:40 - 00000000 ____D C:\ProgramData\Package Cache 2016-01-15 00:32 - 2015-08-21 08:35 - 00003886 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task 2016-01-14 18:52 - 2011-08-25 09:38 - 00000000 ___RD C:\Users\Stephanie\Documents\Scanned Documents 2016-01-14 13:08 - 2015-01-20 21:24 - 00003060 _____ C:\Windows\System32\Tasks\HpWebReg.exe 2016-01-14 12:09 - 2011-08-25 08:47 - 00000000 ____D C:\Users\Stephanie\AppData\Roaming\Adobe 2016-01-10 12:42 - 2011-08-25 21:22 - 00000000 ____D C:\ProgramData\Sophos 2016-01-09 12:46 - 2014-06-06 08:08 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sophos 2016-01-09 12:46 - 2011-08-25 21:22 - 00000000 ____D C:\Program Files (x86)\Sophos 2016-01-09 11:09 - 2016-01-04 16:01 - 00000000 ____D C:\TEMP 2016-01-09 10:32 - 2009-07-14 11:57 - 00000000 ____D C:\Windows\system32\de 2016-01-09 09:43 - 2012-05-01 23:00 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service 2016-01-08 18:47 - 2011-11-01 19:45 - 00000000 ____D C:\Program Files (x86)\QuickTime 2016-01-08 10:43 - 2011-08-24 23:43 - 00000000 ____D C:\Users\Stephanie\AppData\Local\ElevatedDiagnostics 2016-01-07 11:30 - 2013-04-13 23:01 - 00625152 ___SH C:\Users\Stephanie\Desktop\Thumbs.db ==================== Dateien im Wurzelverzeichnis einiger Verzeichnisse ======= 2011-09-08 22:19 - 2011-09-08 22:20 - 0539136 _____ () C:\Program Files\Passbild-Generator.exe 2011-08-29 18:02 - 2012-06-03 16:08 - 0000157 _____ () C:\Users\Stephanie\AppData\Roaming\default.rss 2012-02-23 11:04 - 2012-02-23 11:04 - 0000000 _____ () C:\Users\Stephanie\AppData\Roaming\downloads.m3u 2014-03-02 18:39 - 2015-11-06 15:19 - 0038448 _____ () C:\Users\Stephanie\AppData\Roaming\Durch Trennzeichen getrennte Werte.ADR 2014-02-11 13:10 - 2015-05-27 16:49 - 0012988 _____ () C:\Users\Stephanie\AppData\Roaming\Durch Trennzeichen getrennte Werte.CAL 2016-01-28 10:05 - 2016-01-28 10:05 - 0011439 _____ () C:\Users\Stephanie\AppData\Roaming\Durch Trennzeichen getrennte Werte.TSK 2012-08-15 22:02 - 2012-11-11 20:37 - 0038454 _____ () C:\Users\Stephanie\AppData\Roaming\Kommagetrennte Werte (Windows).ADR 2012-11-11 20:32 - 2012-11-11 20:32 - 0038458 _____ () C:\Users\Stephanie\AppData\Roaming\Microsoft Excel 97-2003.ADR 2013-09-28 15:16 - 2014-10-21 14:51 - 0016572 _____ () C:\Users\Stephanie\AppData\Roaming\OneCal.emf 2013-09-28 15:16 - 2014-11-18 18:02 - 0000622 _____ () C:\Users\Stephanie\AppData\Roaming\onecal.xml 2014-05-24 11:14 - 2014-05-24 11:17 - 0599704 _____ () C:\Users\Stephanie\AppData\Roaming\Scorch_Install.log 2014-12-16 09:22 - 2014-12-16 09:22 - 0031794 _____ () C:\Users\Stephanie\AppData\Local\13E5D428_stp.CIS 2014-12-16 09:22 - 2014-12-16 09:22 - 0000289 _____ () C:\Users\Stephanie\AppData\Local\13E5D428_stp.CIS.part 2014-12-16 09:21 - 2014-12-16 09:22 - 0382062 _____ () C:\Users\Stephanie\AppData\Local\6AC3B58C_stp.CIS 2014-12-16 09:21 - 2014-12-16 09:22 - 0000220 _____ () C:\Users\Stephanie\AppData\Local\6AC3B58C_stp.CIS.part 2011-08-28 12:11 - 2012-12-07 12:45 - 0001188 _____ () C:\Users\Stephanie\AppData\Local\crc32list11.txt 2011-08-30 11:08 - 2015-04-21 07:20 - 0014336 _____ () C:\Users\Stephanie\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini 2015-06-19 15:23 - 2015-06-19 15:23 - 2218685 _____ () C:\Users\Stephanie\AppData\Local\Innenwelten.pdf 2013-03-10 14:50 - 2013-03-10 14:50 - 0000739 _____ () C:\Users\Stephanie\AppData\Local\recently-used.xbel 2014-01-25 10:37 - 2015-07-15 22:35 - 0007624 _____ () C:\Users\Stephanie\AppData\Local\resmon.resmoncfg 2012-02-21 23:18 - 2012-02-21 23:22 - 0000072 _____ () C:\Users\Stephanie\AppData\Local\xobni_installer_updater.log 2014-05-08 00:09 - 2015-09-09 18:15 - 0000333 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc Einige Dateien in TEMP: ==================== C:\Users\Stephanie\AppData\Local\Temp\blgikniv.dll C:\Users\Stephanie\AppData\Local\Temp\BSI.exe C:\Users\Stephanie\AppData\Local\Temp\CopyTransContactsMDHelper(1).exe C:\Users\Stephanie\AppData\Local\Temp\CopyTransContactsMDHelper(2).exe C:\Users\Stephanie\AppData\Local\Temp\CopyTransContactsMDHelper(3).exe C:\Users\Stephanie\AppData\Local\Temp\CopyTransContactsMDHelper.exe C:\Users\Stephanie\AppData\Local\Temp\dotnetfx.exe C:\Users\Stephanie\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpgah_67.dll C:\Users\Stephanie\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpvw0pbr.dll C:\Users\Stephanie\AppData\Local\Temp\Foxit Updater.exe C:\Users\Stephanie\AppData\Local\Temp\install_flashplayer15x32_mssd_aaa_aih.exe C:\Users\Stephanie\AppData\Local\Temp\jre-7u71-windows-i586-iftw.exe C:\Users\Stephanie\AppData\Local\Temp\jre-8u60-windows-au.exe C:\Users\Stephanie\AppData\Local\Temp\jre-8u65-windows-au.exe C:\Users\Stephanie\AppData\Local\Temp\jre-8u66-windows-au.exe C:\Users\Stephanie\AppData\Local\Temp\jre-8u71-windows-au.exe C:\Users\Stephanie\AppData\Local\Temp\lowproc.exe C:\Users\Stephanie\AppData\Local\Temp\ofb_1_00.exe C:\Users\Stephanie\AppData\Local\Temp\On4UD.dll C:\Users\Stephanie\AppData\Local\Temp\onecal1.exe C:\Users\Stephanie\AppData\Local\Temp\outlooksoclconnector_2010_32.exe C:\Users\Stephanie\AppData\Local\Temp\outlook_2010_32.exe C:\Users\Stephanie\AppData\Local\Temp\qoxbxde_.dll C:\Users\Stephanie\AppData\Local\Temp\Setup.exe C:\Users\Stephanie\AppData\Local\Temp\SetupHook.Dll C:\Users\Stephanie\AppData\Local\Temp\shelper.dll C:\Users\Stephanie\AppData\Local\Temp\stubhelper.dll C:\Users\Stephanie\AppData\Local\Temp\sync2_2_64_2674_x86.exe C:\Users\Stephanie\AppData\Local\Temp\Synology Cloud Station Drive-4.0-4055.exe C:\Users\Stephanie\AppData\Local\Temp\Synology-Cloud-Station-Drive-Upgrader.exe C:\Users\Stephanie\AppData\Local\Temp\Synology-Cloud-Station-Upgrader.exe C:\Users\Stephanie\AppData\Local\Temp\tmp655C.exe C:\Users\Stephanie\AppData\Local\Temp\unrar.dll C:\Users\Stephanie\AppData\Local\Temp\vlc-2.1.3-win32.exe C:\Users\Stephanie\AppData\Local\Temp\vlc-2.1.5-win32.exe C:\Users\Stephanie\AppData\Local\Temp\wusetup.exE ==================== Bamital & volsnap ================= (Es ist kein automatischer Fix für Dateien vorhanden, die an der Verifikation gescheitert sind.) C:\Windows\system32\winlogon.exe => Datei ist digital signiert C:\Windows\system32\wininit.exe => Datei ist digital signiert C:\Windows\SysWOW64\wininit.exe => Datei ist digital signiert C:\Windows\explorer.exe => Datei ist digital signiert C:\Windows\SysWOW64\explorer.exe => Datei ist digital signiert C:\Windows\system32\svchost.exe => Datei ist digital signiert C:\Windows\SysWOW64\svchost.exe => Datei ist digital signiert C:\Windows\system32\services.exe => Datei ist digital signiert C:\Windows\system32\User32.dll => Datei ist digital signiert C:\Windows\SysWOW64\User32.dll => Datei ist digital signiert C:\Windows\system32\userinit.exe => Datei ist digital signiert C:\Windows\SysWOW64\userinit.exe => Datei ist digital signiert C:\Windows\system32\rpcss.dll => Datei ist digital signiert C:\Windows\system32\dnsapi.dll => Datei ist digital signiert C:\Windows\SysWOW64\dnsapi.dll => Datei ist digital signiert C:\Windows\system32\Drivers\volsnap.sys => Datei ist digital signiert LastRegBack: 2016-01-29 11:14 ==================== Ende von FRST.txt ============================ |
|
04.02.2016, 17:33
| #2 |
| | Word-Anhang Büromarkt Boettcher in Vorschau geöffnet, ESET meldet JS/Astromenda.A u.a. FRST Additions Logfile:
__________________Code:
ATTFilter Zusätzliches Untersuchungsergebnis von Farbar Recovery Scan Tool (x64) Version:27-01-2016
durchgeführt von Stephanie (2016-02-04 15:07:17)
Gestartet von C:\Users\Stephanie\Downloads
Windows 7 Professional Service Pack 1 (X64) (2011-08-24 21:45:23)
Start-Modus: Normal
==========================================================
==================== Konten: =============================
Administrator (S-1-5-21-1165394420-3520031323-336608003-500 - Administrator - Disabled)
Gast (S-1-5-21-1165394420-3520031323-336608003-501 - Limited - Enabled) => C:\Users\Gast
HomeGroupUser$ (S-1-5-21-1165394420-3520031323-336608003-1013 - Limited - Enabled)
SophosSAUSTEPHANIE-0 (S-1-5-21-1165394420-3520031323-336608003-1005 - Limited - Enabled)
Stephanie (S-1-5-21-1165394420-3520031323-336608003-1000 - Administrator - Enabled) => C:\Users\Stephanie
==================== Sicherheits-Center ========================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er entfernt.)
AV: Sophos Anti-Virus (Enabled - Up to date) {6BABF8F7-3EB6-BD1D-9167-8C5ECA060A29}
AS: Sophos Anti-Virus (Enabled - Up to date) {D0CA1913-188C-B293-ABD7-B72CB1814094}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installierte Programme ======================
(Nur Adware-Programme mit dem Zusatz "Hidden" können in die Fixlist aufgenommen werden, um sie sichtbar zu machen. Die Adware-Programme sollten manuell deinstalliert werden.)
1Password 1.0.9.333 (HKLM-x32\...\1Password_is1) (Version: 1.0 - AgileBits)
Adobe Acrobat XI Pro (HKLM-x32\...\{AC76BA86-1033-FFFF-7760-000000000006}) (Version: 11.0.14 - Adobe Systems)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 20.0.0.204 - Adobe Systems Incorporated)
Adobe Digital Editions 3.0 (HKLM-x32\...\Adobe Digital Editions 3.0) (Version: 3.0.1 - Adobe Systems Incorporated)
Adobe Download Assistant (HKLM-x32\...\com.adobe.downloadassistant.AdobeDownloadAssistant) (Version: 1.2.6 - Adobe Systems Incorporated)
Adobe Flash Player 20 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 20.0.0.286 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.2 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.2.1.171 - Adobe Systems, Inc.)
Amazing Slow Downer (remove only) (HKLM-x32\...\Amazing Slow Downer) (Version: - )
Amazon Kindle (HKU\S-1-5-21-1165394420-3520031323-336608003-1000\...\Amazon Kindle) (Version: - Amazon)
Anki (HKLM-x32\...\Anki) (Version: - )
Apple Application Support (32-Bit) (HKLM-x32\...\{C5815ACF-FD34-4553-8A22-C7411B7E662B}) (Version: 4.1.1 - Apple Inc.)
Apple Application Support (64-Bit) (HKLM\...\{CBF12D2F-CF64-4CB7-858B-2C1F21068E5F}) (Version: 4.1.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{3540181E-340A-4E7A-B409-31663472B2F7}) (Version: 9.1.0.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{FFD1F7F1-1AC9-4BC4-A908-0686D635ABAF}) (Version: 2.1.4.131 - Apple Inc.)
Audacity 2.0.6 (HKLM-x32\...\Audacity_is1) (Version: 2.0.6 - Audacity Team)
BitTorrent Sync (HKU\S-1-5-21-1165394420-3520031323-336608003-1000\...\BitTorrent Sync) (Version: 2.2.7 - BitTorrent Inc.)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
Boot Camp-Dienste (HKLM\...\{ADA3F9C8-A6D3-4FCF-BFBB-EAD69AC0884E}) (Version: 4.0.4033 - Apple Inc.)
Box for Office (HKLM-x32\...\{df6db185-7fb4-4cc4-a144-2f6c0fb80716}) (Version: 4.1.1102.0 - Box, Inc.)
Box for Office (x32 Version: 4.1.1102.0 - Box) Hidden
Box Sync (HKLM\...\{DAA2B88B-D1D9-412F-A55D-924F3736D365}) (Version: 4.0.7100.0 - Box, Inc.)
Box Sync (x32 Version: 4.0.6447.0 - Box Inc.) Hidden
Category Manager Version 3.1.530.1 (HKLM-x32\...\VBOffice_2006063_is1) (Version: 3.1.530.1 - Michael Bauer Software)
Cisco AnyConnect Secure Mobility Client (HKLM-x32\...\Cisco AnyConnect Secure Mobility Client) (Version: 3.1.11004 - Cisco Systems, Inc.)
Cisco AnyConnect Secure Mobility Client (x32 Version: 3.1.11004 - Cisco Systems, Inc.) Hidden
Cisco Systems VPN Client 5.0.07.0290 (HKLM\...\{467D5E81-8349-4892-9E81-C3674ED8E451}) (Version: 5.0.7 - Cisco Systems, Inc.)
Citavi (HKLM-x32\...\{E12C6653-1FF0-4686-ADB8-589C13AE761F}) (Version: 3.4.0.2 - Swiss Academic Software)
Citavi 5 (HKLM-x32\...\{7EB278FB-0C3C-445E-8665-4A6CDD9B794E}) (Version: 5.0.0.11 - Swiss Academic Software)
ClearContext (HKLM-x32\...\{A2424C63-2537-4D29-AD7D-1BB1C583B627}) (Version: 7.1.0.2750 - ClearContext Corporation)
Common Desktop Agent (Version: 1.53.0 - OEM) Hidden
Copy (HKLM\...\{EE4CEBB9-C0FC-4503-9BC0-1E32B566DE71}) (Version: 1.47.410.0 - Barracuda Networks, Inc.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Dashlane (HKU\S-1-5-21-1165394420-3520031323-336608003-1000\...\Dashlane) (Version: 3.2.0.75803 - Dashlane SAS)
DDBAC (HKLM-x32\...\{88A0F52F-A024-4268-977E-E75B1F9C67ED}) (Version: 5.3.28 - DataDesign)
DivX Codec (HKLM-x32\...\{7B63B2922B174135AFC0E1377DD81EC2}) (Version: 6.6.1 - DivX, Inc.)
Dropbox (HKU\S-1-5-21-1165394420-3520031323-336608003-1000\...\Dropbox) (Version: 3.14.2 - Dropbox, Inc.)
EasyCash&Tax 1.55 (HKLM-x32\...\EasyCash&Tax_is1) (Version: - tm)
ElsterFormular (HKLM-x32\...\ElsterFormular) (Version: 15.2.20140326 - Landesfinanzdirektion Thüringen)
eReg (x32 Version: 1.20.138.34 - Logitech, Inc.) Hidden
ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version: - )
Ever2One Converter (HKLM-x32\...\{43D52C43-1BD2-48DF-AEE1-9CBD8F16B5BD}) (Version: 1.0.1 - BusinessWare Technologies Inc)
Evernote v. 5.3.1 (HKLM-x32\...\{28AAF752-C41B-11E3-8CB0-00163E98E7D6}) (Version: 5.3.1.3363 - Evernote Corp.)
f.lux (HKU\S-1-5-21-1165394420-3520031323-336608003-1000\...\Flux) (Version: - )
Fences (Version: 1.0 - Stardock Corporation) Hidden
Fences 2 (HKLM-x32\...\Fences 22.01) (Version: 2.01 - Stardock Corporation)
Finale 2008 (HKLM-x32\...\Finale 2008) (Version: 13.1.6 - MakeMusic)
Finale PrintMusic 2014 (HKLM-x32\...\Finale PrintMusic 2014) (Version: 2014.1.1258.2 - MakeMusic)
FormatFactory 2.90 (HKLM-x32\...\FormatFactory) (Version: 2.90 - Free Time)
Fotogalerie (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
FreeFileSync 6.12 (HKLM-x32\...\FreeFileSync_is1) (Version: 6.12 - FreeFileSync | Free Backup and File Synchronization Software)
GDR 5520 für SQL Server 2008 (KB 2977321) (HKLM-x32\...\KB2977321) (Version: 10.3.5520.0 - Microsoft Corporation)
GDR 5538 für SQL Server 2008 (KB 3045305) (HKLM-x32\...\KB3045305) (Version: 10.3.5538.0 - Microsoft Corporation)
Google Apps Migration For Microsoft Outlook® 4.0.27.0 (HKLM-x32\...\{8806AF1D-5161-489E-9E17-086CCC518931}) (Version: 4.0.27.0 - Google, Inc.)
Google Apps Sync™ for Microsoft Outlook® 3.8.440.1250 (HKLM-x32\...\{091C294E-F243-432C-93E1-DEC4C2B9635B}) (Version: 3.8.440.1250 - Google, Inc.)
Google Drive (HKLM-x32\...\{EF61675D-9BBC-4EC7-B906-F13BE8D3BD20}) (Version: 1.27.1227.2094 - Google, Inc.)
Google Earth Plug-in (HKLM-x32\...\{4AB54F11-2F8C-11E3-B09F-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.29.5 - Google Inc.) Hidden
gSyncit (HKLM-x32\...\{2C0CCDAD-ADB2-42B4-A5D1-9193881B7250}) (Version: 4.1.65 - Fieldston Software)
gSyncit (HKLM-x32\...\{B6FAB2D1-4849-43F2-B7B1-4A65C5D6715E}) (Version: 3.8.109 - Fieldston Software)
HandBrake 0.10.1 (HKLM-x32\...\HandBrake) (Version: 0.10.1 - )
HP Officejet 6500 E710n-z - Grundlegende Software für das Gerät (HKLM\...\{AF43C18E-693D-4126-B190-8F55E3623D5D}) (Version: 22.50.231.0 - Hewlett-Packard Co.)
HP Officejet 6500 E710n-z Hilfe (HKLM-x32\...\{130E5108-547F-4482-91EE-F45C784E08C7}) (Version: 140.0.2.2 - Hewlett Packard)
HP Update (HKLM-x32\...\{B0069CFA-5BB9-4C03-B1C6-89CE290E5AFE}) (Version: 5.002.006.003 - Hewlett-Packard)
HPDiagnosticAlert (x32 Version: 1.00.0000 - Microsoft) Hidden
HS Mehrwertsteuer 3.28 (HKLM-x32\...\HS Mehrwertsteuer 3.28) (Version: - )
I.R.I.S. OCR (HKLM-x32\...\{CA6BCA2F-EDEB-408F-850B-31404BE16A61}) (Version: 12.3.4.0 - HP)
iCloud (HKLM\...\{4B48E22A-2FB0-4EFA-B99E-954B1E50CD69}) (Version: 5.1.0.34 - Apple Inc.)
ImagXpress (x32 Version: 7.0.74.0 - Nero AG) Hidden
ImgBurn (HKLM-x32\...\ImgBurn) (Version: 2.5.8.0 - LIGHTNING UK!)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1118 - Intel Corporation)
Interaktive Sprachreise - Komplettkurs English (HKLM-x32\...\ISREKK_17_689504) (Version: - digital publishing AG)
iPhone-Konfigurationsprogramm (HKLM-x32\...\{B90FCEB7-2B0C-4D27-95B5-54238DF059ED}) (Version: 3.6.2.300 - Apple Inc.)
iTunes (HKLM\...\{0D44E3A4-6C3D-45D7-B443-079509E5BE5D}) (Version: 12.3.2.35 - Apple Inc.)
Java 8 Update 71 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218071F0}) (Version: 8.0.710.15 - Oracle Corporation)
Junk Mail filter update (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Kalenderdruck-Assistent für Microsoft Office Outlook 2007 (HKLM-x32\...\{90120000-00A7-0407-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
KeePass Password Safe 2.23 (HKLM-x32\...\KeePassPasswordSafe2_is1) (Version: - Dominik Reichl)
lexiCan 3 (HKLM-x32\...\{80E7CB77-E445-4BB4-A836-67A447ABEAE6}) (Version: 3.2.0 - vetafab Software GmbH)
lexiCan 4.0 (HKLM-x32\...\lexiCan 4.0 4.0.0) (Version: 4.0.0 - vetafab Software GmbH)
lexiCan 4.0 (x32 Version: 4.0.0 - vetafab Software GmbH) Hidden
Lexware Info Service (HKLM-x32\...\{6FC05D2F-BB1F-435F-AD40-90DABD55FDDA}) (Version: 5.00.00.0044 - Haufe-Lexware GmbH & Co.KG)
Logitech SetPoint 6.67 (HKLM\...\sp6) (Version: 6.67.83 - Logitech)
MailBell (HKLM-x32\...\MailBell) (Version: 2.27 - EmTec Innovative Software)
Malwarebytes Anti-Malware Version 2.2.0.1024 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.0.1024 - Malwarebytes)
Marketsplash Drucksoftware (HKLM-x32\...\{F8DD059A-FDA6-403A-81FC-51E522158683}) (Version: 1.0.1.31 - Hewlett-Packard)
Marketsplash Schnellzugriffe (HKLM-x32\...\{7A108EBC-C9DF-4E14-93A8-42CF316F1ECF}) (Version: 1.0.1.7 - Hewlett-Packard)
Mein CEWE FOTOBUCH (HKLM-x32\...\Mein CEWE FOTOBUCH) (Version: 6.1.2 - CEWE Stiftung u Co. KGaA)
Mein Verein (HKLM-x32\...\{9ACE3A18-EE13-4012-989C-2BCDC95BA6B9}_is1) (Version: 15.0 - Buhl Data Service GmbH)
MeineBeihilfe2009 (HKLM-x32\...\{AE926A81-E487-4D5D-9031-1EDB3242F943}) (Version: 10.51.0.0 - ComputerService)
MeineBeihilfe2013 (HKLM-x32\...\{B59DC648-301A-49B8-8937-2BB7C2AA90A7}) (Version: 13.38.0.0 - ComputerService)
MemoMaster + AnyKey Bundle 4 (HKLM-x32\...\{5CF1F472-846B-44E8-9750-A2112DA32CB6}) (Version: 4 - JBSoftware)
Microsoft – Speichern als PDF oder XPS – Add-In für 2007 Microsoft Office-Programme (HKLM-x32\...\{90120000-00B2-0407-0000-0000000FF1CE}) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Camera Codec Pack (HKLM\...\{A2E24035-9B11-4E1D-9FBC-FA7F20C16832}) (Version: 16.4.1970.0624 - Microsoft Corporation)
Microsoft IntelliPoint 8.2 (HKLM\...\Microsoft IntelliPoint 8.2) (Version: 8.20.468.0 - Microsoft Corporation)
Microsoft Mathematics-Add-In (32 Bit) (HKLM-x32\...\{E2C98732-F973-4985-A9C5-DC06178E16EE}) (Version: 2.0.041222.01 - Microsoft Corporation)
Microsoft Office 2007 Primary Interop Assemblies (HKLM-x32\...\{50120000-1105-0000-0000-0000000FF1CE}) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft Office 365 - de-de (HKLM\...\O365HomePremRetail - de-de) (Version: 16.0.6366.2062 - Microsoft Corporation)
Microsoft Office Access Runtime (German) 2007 (HKLM-x32\...\{90120000-001C-0407-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Outlook Connector (HKLM-x32\...\{95140000-0081-0407-0000-0000000FF1CE}) (Version: 14.0.6123.5001 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-1165394420-3520031323-336608003-1000\...\OneDriveSetup.exe) (Version: 17.3.6281.1202 - Microsoft Corporation)
Microsoft Online Services-Anmeldeassistent (HKLM\...\{46E637E2-AC34-4B45-B5DF-D20903A3DB61}) (Version: 7.250.4303.0 - Microsoft Corporation)
Microsoft Outlook Social Connector Provider for Facebook 32-bit (HKLM-x32\...\{95140000-007C-0409-0000-0000000FF1CE}) (Version: 14.0.6114.5003 - Microsoft Corporation)
Microsoft Outlook Social Connector Provider for Windows Live Messenger 32-bit (HKLM-x32\...\{95140000-007D-0409-0000-0000000FF1CE}) (Version: 14.0.5120.5000 - Microsoft Corporation)
Microsoft Outlook-Sicherung für Persönliche Ordner (HKLM-x32\...\{C63E7C60-25EB-11D3-8EDA-00A0C911E8E5}) (Version: 1.10.0.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.41212.0 - Microsoft Corporation)
Microsoft SQL Server 2005 (HKLM-x32\...\Microsoft SQL Server 2005) (Version: - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft SQL Server 2008 (HKLM-x32\...\Microsoft SQL Server 10 Release) (Version: - Microsoft Corporation)
Microsoft SQL Server 2008 Browser (HKLM-x32\...\{4AF2248C-B3DF-46FB-9596-87F5DB193689}) (Version: 10.3.5500.0 - Microsoft Corporation)
Microsoft SQL Server 2008 Native Client (HKLM\...\{12FE6AA6-65D2-40EE-B925-62193128A0E6}) (Version: 10.3.5500.0 - Microsoft Corporation)
Microsoft SQL Server 2008 Setup Support Files (HKLM-x32\...\{59C245FC-343C-4FEC-B3CB-B6F12B561C20}) (Version: 10.3.5538.0 - Microsoft Corporation)
Microsoft SQL Server Native Client (HKLM\...\{9ACF3FDB-C8E6-444C-8C64-13A221F7BFFD}) (Version: 9.00.5000.00 - Microsoft Corporation)
Microsoft SQL Server Setup Support Files (English) (HKLM-x32\...\{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}) (Version: 9.00.5000.00 - Microsoft Corporation)
Microsoft SQL Server VSS Writer (HKLM\...\{28D06854-572C-4A65-83E5-F8CAF26B9FDC}) (Version: 10.3.5500.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{6AFCA4E1-9B78-3640-8F72-A7BF33448200}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{820B6609-4C97-3A2B-B644-573B06A0F0CC}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{4fcf070a-daac-45e9-a8b0-6850941f7ed8}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Visual Studio 2010-Tools für Office-Laufzeit (x64) Language Pack - DEU (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - DEU) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft_VC90_CRT_x86 (HKLM-x32\...\{DF2035BE-5820-4965-BD97-7FAF8D4A7879}) (Version: 1.0.0 - Microsoft Corporation)
Mindjet MindManager 2012 (HKLM-x32\...\{2DD3FE18-F257-484C-8543-3793F14D999F}) (Version: 10.2.404 - Mindjet)
MOBackup - Datensicherung für Outlook (Vollversion) (HKLM-x32\...\MOBackup-DatensicherungfürOutlook) (Version: 8.0 - Heiko Schröder)
Movie Maker (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Mozilla Firefox 43.0.4 (x86 de) (HKLM-x32\...\Mozilla Firefox 43.0.4 (x86 de)) (Version: 43.0.4 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 43.0.4.5848 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
My Movies for Windows Media Center (HKLM-x32\...\{086981D4-0600-452D-8E4D-51E920DC3E0E}) (Version: 4.0.1.102 - Binnerup Consult)
Notepad++ (HKLM-x32\...\Notepad++) (Version: 5.9.4 - )
Octoshape Streaming Services (HKU\S-1-5-21-1165394420-3520031323-336608003-1000\...\Octoshape Streaming Services) (Version: - Octoshape ApS)
Office 16 Click-to-Run Extensibility Component (x32 Version: 16.0.6326.1022 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (Version: 16.0.6326.1022 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (x32 Version: 16.0.6326.1022 - Microsoft Corporation) Hidden
Password Depot 6 (HKLM-x32\...\{AAE587E4-E661-4DB5-96DF-6E31C548F186}_is1) (Version: 6.0.5 - AceBIT GmbH)
Password Depot 7 (HKLM-x32\...\{500F4898-C705-4B91-9C98-3D125330A022}_is1) (Version: 7.6.6 - AceBIT GmbH)
PDF-XChange 3 (HKLM\...\PDF-XChange 3_is1) (Version: - Tracker Software)
phase-6 2.3.4-beta-1 (HKLM-x32\...\phase-6) (Version: 2.3.4-beta-1 - phase-6)
Photo Station Uploader (remove only) (HKLM-x32\...\Photo Station Uploader) (Version: - Synology)
Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9.141.259 - Google, Inc.)
PlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation)
plist Editor for Windows 1.0.2 (HKLM-x32\...\plist Editor for Windows) (Version: 1.0.2 - VOWSoft,Ltd.)
PrismaCards (HKLM-x32\...\{DC980F52-E853-4BE5-8D75-93CE4A073C51}) (Version: 3.32 - You 2 Software)
ProjectLibre (HKLM-x32\...\{E29A4ED9-3192-4D72-A2E2-9C32B512714D}) (Version: 1.5.19.0 - ProjectLibre)
QuickTime 7 (HKLM-x32\...\{FF59BD75-466A-4D5A-AD23-AAD87C5FD44C}) (Version: 7.79.80.95 - Apple Inc.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5936 - Realtek Semiconductor Corp.)
RealUpgrade 1.1 (x32 Version: 1.1.0 - RealNetworks, Inc.) Hidden
RezkonvSuite (nur entfernen) (HKLM-x32\...\RkSuite) (Version: - )
RoboForm 7-9-2-5 (All Users) (HKLM-x32\...\AI RoboForm) (Version: 7-9-2-5 - Siber Systems)
Safari (HKLM-x32\...\{C779648B-410E-4BBA-B75B-5815BCEFE71D}) (Version: 5.34.57.2 - Apple Inc.)
Samsung AnyWeb Print (HKLM-x32\...\{318DBE01-1E6B-4243-84B0-210391FE789A}) (Version: 2.0.75.0 - Samsung Electronics Co., Ltd.)
Samsung Easy Printer Manager (HKLM-x32\...\Samsung Easy Printer Manager) (Version: 1.01.16.02 - Samsung Electronics Co., Ltd.)
Samsung Easy Wireless Setup (HKLM-x32\...\Easy Wireless Setup) (Version: 3.70.5.0 - Samsung Electronics Co., Ltd.)
Samsung ML-2950 Series (HKLM-x32\...\Samsung ML-2950 Series) (Version: - Samsung Electronics Co., Ltd.)
Samsung Printer Live Update (HKLM-x32\...\Samsung Printer Live Update) (Version: 1.01.00:04(2013-04-22) - Samsung Electronics Co., Ltd.)
Secunia PSI (3.0.0.7011) (HKLM-x32\...\Secunia PSI) (Version: 3.0.0.7011 - Secunia)
Service Pack 3 für SQL Server 2008 (KB2546951) (HKLM-x32\...\KB2546951) (Version: 10.3.5500.0 - Microsoft Corporation)
Sibelius Scorch (Firefox, Opera, Netscape, Chrome only) (HKLM-x32\...\{41626CC0-A854-4402-AD06-D7939515C282}) (Version: 6.2.0 - Sibelius Software, a division of Avid Technology, Inc.)
Skype™ 7.0 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.0.102 - Skype Technologies S.A.)
SMS77 1.0 (HKLM-x32\...\SMS77) (Version: 1.0 - SMS77)
Sophos Anti-Virus (HKLM-x32\...\{D929B3B5-56C6-46CC-B3A3-A1A784CBB8E4}) (Version: 10.3.15 - Sophos Limited)
Sophos AutoUpdate (HKLM-x32\...\{7CD26A0C-9B59-4E84-B5EE-B386B2F7AA16}) (Version: 4.3.10.27 - Sophos Limited)
Sophos Virus Removal Tool (HKLM-x32\...\{B829E117-D072-41EA-9606-9826A38D34C1}) (Version: 2.5.5 - Sophos Limited)
Spotify (HKU\S-1-5-21-1165394420-3520031323-336608003-1000\...\Spotify) (Version: 1.0.16.104.g3b776c9e - Spotify AB)
Sql Server Customer Experience Improvement Program (x32 Version: 10.3.5500.0 - Microsoft Corporation) Hidden
Stardock Fences 2 (HKLM-x32\...\Stardock Fences 2) (Version: 2.12 - Stardock Software, Inc.)
StarMoney (x32 Version: 3.0.6.40 - StarFinanz) Hidden
StarMoney (x32 Version: 4.0.2.34 - StarFinanz) Hidden
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Synology Assistant (remove only) (HKLM-x32\...\Synology Assistant) (Version: - )
Synology Cloud Station (remove only) (HKLM\...\Synology Cloud Station) (Version: 3.2.3482 - Synology, Inc.)
Synology Cloud Station Drive (remove only) (HKLM\...\Synology Cloud Station Drive) (Version: 4.0.4055 - Synology, Inc.)
Synology Data Replicator 3 (HKLM-x32\...\{8E310838-457C-4269-B177-3EFB300CBDDC}) (Version: 1.0.0.0 - Synology Inc.)
TeamViewer 7 (HKLM-x32\...\TeamViewer 7) (Version: 7.0.14563 - TeamViewer)
ThinkingRock 3.4.2 (HKLM-x32\...\nbi-trgtd-1.0.0.0.0) (Version: - )
TopSync Windows Client 10.1.15 (HKLM-x32\...\TopSync Windows Client) (Version: 10.1.15 - ASBYTE)
TuneUp Utilities Language Pack (de-DE) (x32 Version: 13.0.4000.122 - TuneUp Software) Hidden
TV DIGITAL OnGuide (HKLM-x32\...\{3C8D3E94-9DFB-4A2F-9A74-35CB06697576}) (Version: 1.5.0.8 - TV DIGITAL)
TVCenter (HKLM\...\{18F703C3-32EC-4E5C-BC3C-C1BD72D35F5B}) (Version: 6.4.1.858 - PCTV Systems)
Vilango Desktop (HKLM-x32\...\com.vilango.VilangoDesktop) (Version: 2.44.9 - Vegetarian Wave GmbH)
Vilango Desktop (x32 Version: 2.44.9 - Vegetarian Wave GmbH) Hidden
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.1 - VideoLAN)
WebIS Desktop Sync 1.12 (HKLM-x32\...\WebIS Desktop Sync) (Version: 1.12 - WebIS, Inc.)
WIDCOMM Bluetooth Software (HKLM\...\{A1439D4F-FD46-47F2-A1D3-FEE097C29A09}) (Version: 6.5.1.5800 - Broadcom Corporation)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
Windows Media Player Firefox Plugin (HKLM-x32\...\{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}) (Version: 1.0.0.8 - Microsoft Corp)
Windows Mobile-Gerätecenter (HKLM\...\{626672CD-BFCF-49A9-AEFE-AB0FED3BFC5B}) (Version: 6.1.6965.0 - Microsoft Corporation)
Windows-Treiberpaket - Apple Inc. (AppleUSBEthernet) Net (02/01/2008 3.10.3.10) (HKLM\...\D53CBF2C12DF51DA5E9C1A9DA97FF0DCA0C524C5) (Version: 02/01/2008 3.10.3.10 - Apple Inc.)
Windows-Treiberpaket - Apple Inc. Apple Bluetooth (03/01/2010 3.0.0.5) (HKLM\...\EA3C044F6FD39CEC8F4F596836BF4197E97E1D39) (Version: 03/01/2010 3.0.0.5 - Apple Inc.)
Windows-Treiberpaket - Apple Inc. Apple Bluetooth Enabler (06/27/2007 2.0.0.1) (HKLM\...\2CD6536AAFFF9B465A871060CF483EC9F3341D29) (Version: 06/27/2007 2.0.0.1 - Apple Inc.)
Windows-Treiberpaket - Apple Inc. Apple Broadcom Bluetooth (07/31/2015 6.0.6100.0) (HKLM\...\8F0EDB7FDBC8E1501FC134846F23B8B02EDBC2A0) (Version: 07/31/2015 6.0.6100.0 - Apple Inc.)
Windows-Treiberpaket - Apple Inc. Apple Broadcom Bluetooth (10/05/2010 3.2.0.1) (HKLM\...\0B6B49213CF56838AFC233905FA14AC47EAA9B28) (Version: 10/05/2010 3.2.0.1 - Apple Inc.)
Windows-Treiberpaket - Apple Inc. Apple Built-in iSight (10/25/2007 2.0.1.0) (HKLM\...\70C7CBB0824BF74552A2F28F5FFBF62A15053DA8) (Version: 10/25/2007 2.0.1.0 - Apple Inc.)
Windows-Treiberpaket - Apple Inc. Apple Display (01/23/2009 3.0.0.0) (HKLM\...\E0EAD0CEA9119B77350ED4DE28D9A82E57014D94) (Version: 01/23/2009 3.0.0.0 - Apple Inc.)
Windows-Treiberpaket - Apple Inc. Apple IR Receiver (02/21/2008 2.0.4.0) (HKLM\...\D5BB697E7D0C75712F3AD00AB1B85412CB5C0FD3) (Version: 02/21/2008 2.0.4.0 - Apple Inc.)
Windows-Treiberpaket - Apple Inc. Apple Keyboard (05/05/2011 4.0.0.1) (HKLM\...\703003CF14C8E79F68CA5A750AF4E02B9BD4B4D8) (Version: 05/05/2011 4.0.0.1 - Apple Inc.)
Windows-Treiberpaket - Apple Inc. Apple Multitouch (05/05/2011 4.0.0.1) (HKLM\...\455287ECCB4BABCDE9C6713B82B1BDA990D55398) (Version: 05/05/2011 4.0.0.1 - Apple Inc.)
Windows-Treiberpaket - Apple Inc. Apple Multitouch Mouse (05/05/2011 4.0.0.1) (HKLM\...\F08FFCF5C857951E0CC5F736988F3D01BF425252) (Version: 05/05/2011 4.0.0.1 - Apple Inc.)
Windows-Treiberpaket - Apple Inc. Apple ODD (05/17/2010 3.1.0.0) (HKLM\...\D6B4CB6AD2F81752C2EF8DCF6AD5EBC567ADD45C) (Version: 05/17/2010 3.1.0.0 - Apple Inc.)
Windows-Treiberpaket - Apple Inc. Apple System Device (04/05/2011 3.2.0.8) (HKLM\...\D76172B51B1ECB34E38F97F42F51B7A46FA15F52) (Version: 04/05/2011 3.2.0.8 - Apple Inc.)
Windows-Treiberpaket - Apple Inc. Apple Trackpad (07/13/2009 3.0.0.1) (HKLM\...\A0A897639A1D288A8B472FE790EBF9DB71E52ACF) (Version: 07/13/2009 3.0.0.1 - Apple Inc.)
Windows-Treiberpaket - Apple Inc. Apple Trackpad Enabler (07/13/2009 3.0.0.1) (HKLM\...\76830D11874044260C923425E7F5A72F25EDA758) (Version: 07/13/2009 3.0.0.1 - Apple Inc.)
Windows-Treiberpaket - Apple Inc. Apple Wireless Mouse (06/01/2011 4.0.0.1) (HKLM\...\D088EE4BD2819FBA2B349EF9D55176F223419BE6) (Version: 06/01/2011 4.0.0.1 - Apple Inc.)
Windows-Treiberpaket - Apple Inc. Apple Wireless Trackpad (01/17/2011 3.2.0.0) (HKLM\...\C7DD621795A42EAE550280D4D7601459F35C4EC2) (Version: 01/17/2011 3.2.0.0 - Apple Inc.)
Windows-Treiberpaket - Atheros Communications Inc. (athr) Net (11/13/2010 9.2.0.113) (HKLM\...\F0A3F8394866FA91E82C8D5AB92C918FE40FE1DF) (Version: 11/13/2010 9.2.0.113 - Atheros Communications Inc.)
Windows-Treiberpaket - Broadcom (b57nd60a) Net (12/02/2010 14.4.2.2) (HKLM\...\7C9678A21221D0575C74AF7CE68E28C2771F9E41) (Version: 12/02/2010 14.4.2.2 - Broadcom)
Windows-Treiberpaket - Broadcom (BCM43XX) Net (04/06/2011 5.100.198.22) (HKLM\...\110E24F054DE5F4F72985BC1F3A53F61985BD4CC) (Version: 04/06/2011 5.100.198.22 - Broadcom)
Windows-Treiberpaket - Broadcom Corporation (bScsiSDa) SDHost (01/18/2011 1.0.0.220) (HKLM\...\26D089A9557429904D9851293EA25C911B64CCF8) (Version: 01/18/2011 1.0.0.220 - Broadcom Corporation)
Windows-Treiberpaket - Cirrus Logic, Inc. (CirrusFilter) MEDIA (12/03/2010 6.6001.1.30) (HKLM\...\43B83D262B11C05DBFE8BEB0E2CBD5A9EA1E7F9C) (Version: 12/03/2010 6.6001.1.30 - Cirrus Logic, Inc.)
Windows-Treiberpaket - Intel (e1express) Net (03/26/2010 9.13.41.0) (HKLM\...\159439476E3A00F9FAE49DD6C1A78F2F6288A5B9) (Version: 03/26/2010 9.13.41.0 - Intel)
Windows-Treiberpaket - Intel (e1kexpress) Net (04/12/2010 11.6.92.0) (HKLM\...\5BEF08C10896D86DC13394FFA75874564B700368) (Version: 04/12/2010 11.6.92.0 - Intel)
Windows-Treiberpaket - Intel (e1qexpress) Net (12/04/2009 11.4.7.0) (HKLM\...\57AFA39B22ADEC4E383572E9331167546EB3C9C7) (Version: 12/04/2009 11.4.7.0 - Intel)
Windows-Treiberpaket - Intel (e1rexpress) Net (01/07/2010 11.4.16.0) (HKLM\...\F71DB41300D30088C8D3716343D1429488E605C1) (Version: 01/07/2010 11.4.16.0 - Intel)
Windows-Treiberpaket - Intel (e1yexpress) Net (04/07/2010 10.1.9.0) (HKLM\...\CB599752301BCA080D135697FDD05900F5A5CF4C) (Version: 04/07/2010 10.1.9.0 - Intel)
Windows-Treiberpaket - Intel System (07/20/2007 1.2.76.0) (HKLM\...\E2708073906571A0B56F17FD825EF19281ECE29B) (Version: 07/20/2007 1.2.76.0 - Intel)
Windows-Treiberpaket - Marvell (yukonx64) Net (12/06/2007 10.51.1.3) (HKLM\...\CDD703ED0B390A5643DB748EBFA5BD55FEEC0D8A) (Version: 12/06/2007 10.51.1.3 - Marvell)
WinRAR 5.10 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 5.10.0 - win.rar GmbH)
WISO Mein Geld 365 Professional (HKLM-x32\...\WISO Mein Geld 365 Professional) (Version: - Buhl Data Service GmbH)
WISO Mein Geld 365 Professional (x32 Version: 21.0.0.0 - Buhl Data Service GmbH) Hidden
WISO steuer:Sparbuch 2016 (HKLM-x32\...\{479951E9-BD2E-42D0-B06E-69CCB651EC0B}) (Version: 23.00.1146 - Buhl Data Service GmbH)
WISO Steuer-Sparbuch 2013 (HKLM-x32\...\{D6CC2FAF-F827-4091-96A1-D32CC9B69C79}) (Version: 20.00.8137 - Buhl Data Service GmbH)
WISO Steuer-Sparbuch 2014 (HKLM-x32\...\{EA6F43BA-2CF0-4547-8568-1BF7F2797827}) (Version: 21.00.8480 - Buhl Data Service GmbH)
WISO Steuer-Sparbuch 2015 (HKLM-x32\...\{B5B8A824-66C5-441B-B712-EE6CDA8853C5}) (Version: 22.00.8811 - Buhl Data Service GmbH)
Wondershare TunesGo Retro ( Version 4.8.3 ) (HKLM-x32\...\{0B31C808-8274-460D-8846-C711D40544A0}_is1) (Version: 4.8.3 - Wondershare)
Wunderlist (HKLM-x32\...\{3031A053-DC97-4D03-9179-BF6F98F63FA2}) (Version: 1.2.4 - None provided)
Wunderlist for Outlook (HKLM-x32\...\{0064A23A-C0AB-47FE-BC29-09CE8B8142FA}) (Version: 1.8.5760.22314 - yasoon GmbH)
ZenWriter (HKLM-x32\...\{52B1B817-B6FF-410D-878E-0119372986FA}_is1) (Version: 1.34 - Beenokle)
ZOOM HandyShare for Windows (HKLM-x32\...\{D025A394-FED7-44E8-8E16-E0CB4E534AD1}) (Version: 4.00.0002 - ZOOM Corporation)
==================== Benutzerdefinierte CLSID (Nicht auf der Ausnahmeliste): ==========================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
CustomCLSID: HKU\S-1-5-21-1165394420-3520031323-336608003-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Stephanie\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1165394420-3520031323-336608003-1000_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}\InprocServer32 -> C:\Users\Stephanie\AppData\Local\Google\Update\1.3.25.5\psuser_64.dll => Keine Datei
CustomCLSID: HKU\S-1-5-21-1165394420-3520031323-336608003-1000_Classes\CLSID\{1423F872-3F7F-4E57-B621-8B1A9D49B448}\InprocServer32 -> C:\Users\Stephanie\AppData\Local\Google\Update\1.3.27.5\psuser_64.dll => Keine Datei
CustomCLSID: HKU\S-1-5-21-1165394420-3520031323-336608003-1000_Classes\CLSID\{162C6FB5-44D3-435B-903D-E613FA093FB5}\InprocServer32 -> C:\Users\Stephanie\AppData\Local\Microsoft\OneDrive\17.3.6281.1202\amd64\FileCoAuthLib64.dll ()
CustomCLSID: HKU\S-1-5-21-1165394420-3520031323-336608003-1000_Classes\CLSID\{2C4A5D61-009C-4561-9A33-6AFD542FD237}\InprocServer32 -> C:\Users\Stephanie\AppData\Local\CloudStation\CloudStation.app\icon-overlay\14\x64\ContextMenu.dll ()
CustomCLSID: HKU\S-1-5-21-1165394420-3520031323-336608003-1000_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\Stephanie\AppData\Local\Google\Update\1.3.23.9\psuser_64.dll => Keine Datei
CustomCLSID: HKU\S-1-5-21-1165394420-3520031323-336608003-1000_Classes\CLSID\{472CE1AD-5D53-4BCF-A1FB-3982A5F55138}\InprocServer32 -> C:\Users\Stephanie\AppData\Local\CloudStation\CloudStation.app\icon-overlay\14\x64\iconOverlay.dll (TODO: <Company name>)
CustomCLSID: HKU\S-1-5-21-1165394420-3520031323-336608003-1000_Classes\CLSID\{48AB5ADA-36B1-4137-99C9-2BD97F8788AB}\InprocServer32 -> C:\Users\Stephanie\AppData\Local\CloudStation\CloudStation.app\icon-overlay\14\x64\iconOverlay.dll (TODO: <Company name>)
CustomCLSID: HKU\S-1-5-21-1165394420-3520031323-336608003-1000_Classes\CLSID\{581FFA00-FC33-0007-0202-95003A5CDE89}\InprocServer32 -> C:\Users\Stephanie\AppData\Roaming\BitTorrent Sync\SyncShellExtension64_A0.dll ()
CustomCLSID: HKU\S-1-5-21-1165394420-3520031323-336608003-1000_Classes\CLSID\{581FFA01-FC33-0007-0202-95003A5CDE89}\InprocServer32 -> C:\Users\Stephanie\AppData\Roaming\BitTorrent Sync\SyncShellExtension64_A0.dll ()
CustomCLSID: HKU\S-1-5-21-1165394420-3520031323-336608003-1000_Classes\CLSID\{581FFA02-FC33-0007-0202-95003A5CDE89}\InprocServer32 -> C:\Users\Stephanie\AppData\Roaming\BitTorrent Sync\SyncShellExtension64_A0.dll ()
CustomCLSID: HKU\S-1-5-21-1165394420-3520031323-336608003-1000_Classes\CLSID\{581FFA03-FC33-0007-0202-95003A5CDE89}\InprocServer32 -> C:\Users\Stephanie\AppData\Roaming\BitTorrent Sync\SyncShellExtension64_A0.dll ()
CustomCLSID: HKU\S-1-5-21-1165394420-3520031323-336608003-1000_Classes\CLSID\{581FFA04-FC33-0007-0202-95003A5CDE89}\InprocServer32 -> C:\Users\Stephanie\AppData\Roaming\BitTorrent Sync\SyncShellExtension64_A0.dll ()
CustomCLSID: HKU\S-1-5-21-1165394420-3520031323-336608003-1000_Classes\CLSID\{5C8C2A98-6133-4EBA-BBCC-34D9EA01FC2E}\InprocServer32 -> C:\Users\Stephanie\AppData\Local\Google\Update\1.3.28.1\psuser_64.dll => Keine Datei
CustomCLSID: HKU\S-1-5-21-1165394420-3520031323-336608003-1000_Classes\CLSID\{71DCE5D6-4B57-496B-AC21-CD5B54EB93FD}\localserver32 -> C:\Users\Stephanie\AppData\Local\Microsoft\OneDrive\17.3.6281.1202\FileCoAuth.exe (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1165394420-3520031323-336608003-1000_Classes\CLSID\{78550997-5DEF-4A8A-BAF9-D5774E87AC98}\InprocServer32 -> C:\Users\Stephanie\AppData\Local\Google\Update\1.3.28.13\psuser_64.dll => Keine Datei
CustomCLSID: HKU\S-1-5-21-1165394420-3520031323-336608003-1000_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\Stephanie\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll => Keine Datei
CustomCLSID: HKU\S-1-5-21-1165394420-3520031323-336608003-1000_Classes\CLSID\{A433C3E0-8B24-40EB-93C3-4B10D9959F58}\InprocServer32 -> C:\Users\Stephanie\AppData\Local\CloudStation\CloudStation.app\icon-overlay\14\x64\iconOverlay.dll (TODO: <Company name>)
CustomCLSID: HKU\S-1-5-21-1165394420-3520031323-336608003-1000_Classes\CLSID\{AEB16659-2125-4ADA-A4AB-45EE21E86469}\InprocServer32 -> C:\Users\Stephanie\AppData\Local\CloudStation\CloudStation.app\icon-overlay\14\x64\iconOverlay.dll (TODO: <Company name>)
CustomCLSID: HKU\S-1-5-21-1165394420-3520031323-336608003-1000_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A}\InprocServer32 -> C:\Users\Stephanie\AppData\Local\Google\Update\1.3.26.9\psuser_64.dll => Keine Datei
CustomCLSID: HKU\S-1-5-21-1165394420-3520031323-336608003-1000_Classes\CLSID\{C701AD67-3DF0-47C9-89CB-DFA6207BE229}\InprocServer32 -> C:\Users\Stephanie\AppData\Local\CloudStation\CloudStation.app\icon-overlay\14\x64\iconOverlay.dll (TODO: <Company name>)
CustomCLSID: HKU\S-1-5-21-1165394420-3520031323-336608003-1000_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}\InprocServer32 -> C:\Users\Stephanie\AppData\Local\Google\Update\1.3.25.11\psuser_64.dll => Keine Datei
CustomCLSID: HKU\S-1-5-21-1165394420-3520031323-336608003-1000_Classes\CLSID\{D1EDC4F5-7F4D-4B12-906A-614ECF66DDAF}\InprocServer32 -> C:\Users\Stephanie\AppData\Local\Google\Update\1.3.28.15\psuser_64.dll => Keine Datei
CustomCLSID: HKU\S-1-5-21-1165394420-3520031323-336608003-1000_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Users\Stephanie\AppData\Roaming\Dropbox\bin\DropboxExt64.31.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1165394420-3520031323-336608003-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Stephanie\AppData\Roaming\Dropbox\bin\DropboxExt64.31.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1165394420-3520031323-336608003-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Stephanie\AppData\Roaming\Dropbox\bin\DropboxExt64.31.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1165394420-3520031323-336608003-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Stephanie\AppData\Roaming\Dropbox\bin\DropboxExt64.31.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1165394420-3520031323-336608003-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Stephanie\AppData\Roaming\Dropbox\bin\DropboxExt64.31.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1165394420-3520031323-336608003-1000_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Stephanie\AppData\Roaming\Dropbox\bin\DropboxExt64.31.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1165394420-3520031323-336608003-1000_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Stephanie\AppData\Roaming\Dropbox\bin\DropboxExt64.31.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1165394420-3520031323-336608003-1000_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Stephanie\AppData\Roaming\Dropbox\bin\DropboxExt64.31.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1165394420-3520031323-336608003-1000_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Stephanie\AppData\Roaming\Dropbox\bin\DropboxExt64.31.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1165394420-3520031323-336608003-1000_Classes\CLSID\{FBC9D74C-AF55-4309-9FB2-C426E071637F}\InprocServer32 -> C:\Users\Stephanie\AppData\Roaming\Dropbox\bin\DropboxExt64.31.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1165394420-3520031323-336608003-1000_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\Stephanie\AppData\Local\Google\Update\1.3.24.7\psuser_64.dll => Keine Datei
==================== Geplante Aufgaben (Nicht auf der Ausnahmeliste) =============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
Task: {02AE1B1E-CD66-4FC9-A6EC-0FA47E8111B0} - System32\Tasks\{AFD321F5-8D36-4280-A8DD-B5ED280656DD} => pcalua.exe -a C:\Windows\system32\pcwrun.exe -c "C:\Program Files (x86)\Buhl\WISO Mein Geld 2012\MG.exe"
Task: {032D62A9-499D-4B0B-B38B-E9A0AD49B0C3} - System32\Tasks\Adobe-Online-Aktualisierungsprogramm => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-12-13] (Adobe Systems Incorporated)
Task: {095A8A9B-8C30-49F3-900E-9E384570AAB3} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-1165394420-3520031323-336608003-1000UA => C:\Users\Stephanie\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2015-06-14] (Dropbox, Inc.)
Task: {0A1193AC-414E-41DA-A69F-3ECD758F2429} - System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-1165394420-3520031323-336608003-1000 => C:\Program Files (x86)\RealNetworks\RealDownloader\realupgrade.exe
Task: {0AAEC53F-1D4C-448E-A24F-3E31F3066C69} - System32\Tasks\{E7FD94BE-FC4B-45CB-A0E0-D170676EEE63} => pcalua.exe -a "C:\Users\Stephanie\Documents\Behörden+Versicherungen\Krankenkassen, Beihilfe\Beihilfehexe 2000neu\Beihilfe-Hexe.exe" -d "C:\Users\Stephanie\Documents\Behörden+Versicherungen\Krankenkassen, Beihilfe\Beihilfehexe 2000neu"
Task: {0FC7F43C-D875-486C-BE6D-26ACC92886A9} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2016-01-17] (Microsoft Corporation)
Task: {1329B9D9-94BB-4CC1-93AE-226C88A1520D} - System32\Tasks\{D14A578E-A430-4F22-A156-AD235DB7EEC9} => pcalua.exe -a C:\Windows\system32\pcwrun.exe -c "C:\Program Files (x86)\WISO\Steuersoftware 2013\WISO2013.EXE"
Task: {16E58EAA-AF05-46A9-A654-05B11896FF42} - System32\Tasks\{1633FAAE-8567-4660-A8B4-8FB4CC378B71} => pcalua.exe -a C:\Users\Stephanie\Downloads\MeineBeihilfe2013(1)\MeineBeihilfe2013.exe -d C:\Users\Stephanie\Downloads\MeineBeihilfe2013(1)
Task: {20849E30-B393-46B5-9B42-677A06B100A4} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2016-01-17] (Microsoft Corporation)
Task: {2C7F59A9-3CB7-417C-877B-12DCBC5546D1} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonx86\Microsoft Shared\Office16\OLicenseHeartbeat.exe [2016-01-19] (Microsoft Corporation)
Task: {32C127A1-9C94-4179-8C4A-994FA19BA30B} - System32\Tasks\RealUpgradeLogonTaskS-1-5-21-1165394420-3520031323-336608003-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2014-07-24] (RealNetworks, Inc.)
Task: {34000ED4-9E56-4242-8895-E871225C3712} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-09-01] (Google Inc.)
Task: {3BA56AAB-4C1F-4808-9720-1F90252416F5} - System32\Tasks\{1B6A98F2-0E15-416B-8308-8D651E9F56A8} => pcalua.exe -a C:\Users\Stephanie\Downloads\WISOFinanz2015.exe -d C:\Users\Stephanie\Downloads
Task: {3CC2F07C-169E-4DCB-B206-631C76CCF1C1} - System32\Tasks\Real Player-Online-Aktualisierungsprogramm => C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
Task: {4DCC8E59-0988-4A13-A344-CBBFB4F85CBF} - System32\Tasks\{43E1A4A0-97F5-461D-AF2D-F1B62472564C} => G:\daemon410-x86.exe
Task: {52B456B8-18B0-4E75-95EA-F76134A8BC19} - System32\Tasks\{5A4C9FF5-94EE-4422-9BB6-9D70ACDDA8B3} => pcalua.exe -a C:\Windows\system32\pcwrun.exe -c "C:\Program Files (x86)\WISO\Steuersoftware 2013\WISO2013.EXE"
Task: {57292D98-70E1-4E20-AB89-6E67DE473649} - System32\Tasks\Java Update Scheduler => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2015-12-22] (Oracle Corporation)
Task: {58F086C9-9762-47DF-A405-C9F88FFF6A45} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-1165394420-3520031323-336608003-1000Core => C:\Users\Stephanie\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2015-06-14] (Dropbox, Inc.)
Task: {5A40E926-9E86-4B89-9CFD-B12311724371} - System32\Tasks\Microsoft\Windows\UPnP\UPnPHostConfig => config upnphost start= auto
Task: {5B1DAF26-5948-4E19-97E2-2FDE8029BFCB} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime => C:\Windows\system32\GWX\GWXUXWorker.exe [2015-12-05] (Microsoft Corporation)
Task: {65D17FB1-1FC3-4654-A5B6-7F03E5AD97F8} - System32\Tasks\HpWebReg.exe => -model "HP Officejet 6500 E710n-z" -serialno CN08B1127305JW -modelid CN557A -serviceID 22192 -invitation yes
Task: {660207D9-8273-418E-A42D-58AA3163D99D} - System32\Tasks\{5461B379-269A-49A7-893B-414C78228C00} => pcalua.exe -a C:\Users\Stephanie\Downloads\T1.exe -d C:\Users\Stephanie\Downloads
Task: {6CC9EBF2-C73B-4EF5-8D1E-0D98507F8FCF} - System32\Tasks\Google Updater and Installer => C:\Users\Stephanie\AppData\Local\Google\Update\GoogleUpdate.exe
Task: {6D147E69-57DC-4DD4-B1BA-89E6DA652BB9} - System32\Tasks\{5340A9B8-DF73-4188-9147-8112496C8CA2} => C:\Program Files (x86)\Buhl\WISO Mein Geld 2012\MG.exe
Task: {73891F1A-2C38-4E13-919A-AEE28362E6F6} - System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-1165394420-3520031323-336608003-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2014-07-24] (RealNetworks, Inc.)
Task: {79499F12-9A21-47C0-AEE4-220C6FCC0BF6} - System32\Tasks\{690A888E-C19A-4512-94C3-9DBA514C08CC} => C:\Users\Stephanie\Downloads\SetupVirtualCloneDrive5450.exe
Task: {8A8C60D9-C061-4287-A654-94353ADCDF0A} - System32\Tasks\{18838D2D-91DE-4661-959B-34D9212AB4CB} => pcalua.exe -a G:\daemon410-x86.exe -d G:\
Task: {92ECE39A-BCB3-4779-AA67-3A540071D9F5} - System32\Tasks\4Team updater => C:\Program Files (x86)\4Team Corporation\4Team-Updater\4Team-Updater.exe
Task: {9412BC6B-B8F3-45BC-80C7-3383EF549DE7} - System32\Tasks\Open URL by RoboForm => Rundll32.exe url.dll,FileProtocolHandler "hxxp://www.roboform.com/test-pass.html?aaa=KICMKJLJNMMJJMIMMMNJCNGMLMOMNMCNLMJMMMKMCNNJJJOMOJCNOJOJJMPMHMOJIMGMLJJMJMNMJNJICMIMCNGMCNNMFMGMCNOMPMCNGMNMPMPMFMJMCNOMCNIMJMPMOMCNNMJNPICMPMFMMJBJKJLIMJFMNMOMJNHICMMJBJKJLIMJJNBJCMMKLIKJPIHJOJBJGJKJJNKJCMJNNICMJNDJCMLJKJ"
Task: {9509FBD5-992E-4FB7-9AF8-B7BBA13B8702} - System32\Tasks\{58ADB112-4733-4633-971E-B6E2F34C5ED4} => pcalua.exe -a C:\Users\Stephanie\Downloads\GTDInstall.exe -d C:\Users\Stephanie\Downloads
Task: {9C49DB7D-1A63-42B7-B4AC-3FC9188860D3} - System32\Tasks\{CA54D24B-9E1A-4DD5-8747-FB089B00B4FF} => pcalua.exe -a C:\Users\Stephanie\Downloads\wlsetup-web(2).exe -d C:\Users\Stephanie\Downloads
Task: {9FB14942-9B29-4ED3-82FA-794D13A17586} - System32\Tasks\{BD6396AB-58E9-4859-90E6-0ABC979391EE} => pcalua.exe -a C:\Users\Stephanie\Downloads\WISOSteuersoftware2013.exe -d C:\Users\Stephanie\Downloads
Task: {A1D076C9-1ACB-446B-8B2B-83CB9139E16A} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-09-01] (Google Inc.)
Task: {A26AB860-220D-479C-A583-AA54D19CE2DF} - System32\Tasks\Run RoboForm TaskBar Icon => C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe [2013-10-04] (Siber Systems)
Task: {A420273A-950C-4F10-A104-31B695D0BD27} - System32\Tasks\{5A9C75DA-3100-4F5D-A2F0-3D0C464569B2} => pcalua.exe -a "C:\Program Files (x86)\Buhl\WISO Mein Geld 2015\setup.exe" -c /ProductCode={69A8D9C1-E630-4AD8-B20F-F1BAE4064B2A}
Task: {A63611AC-4692-4CE4-8680-5377CEAEE277} - System32\Tasks\{1CB68AC2-93E9-4871-8274-F0B1B73BDE17} => C:\Users\Stephanie\Documents\PrismaCards\PrismaCards.exe [2010-12-07] (You 2 Software (You 2 Software))
Task: {A8CC2206-A26B-4ED0-A2E0-077A9054FCB8} - System32\Tasks\{5BABA52D-C073-40CF-BCC9-1879265FA67E} => pcalua.exe -a "C:\Program Files (x86)\Buhl\WISO Mein Geld 2014\Setup.exe" -c /ProductCode={ECA992F9-0CF9-4A47-8B07-3FFB316C6637}
Task: {AC661407-285F-4C96-A757-37C52A76F48F} - System32\Tasks\{C189928E-8FAB-4EF3-AA43-926B93C5750C} => pcalua.exe -a D:\Start.exe -d D:\
Task: {B1082300-A76C-4A7D-8F41-C2C0DD4C2FD1} - System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-1165394420-3520031323-336608003-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2014-07-24] (RealNetworks, Inc.)
Task: {B2AC7D37-D24D-4E90-83D8-FDDC4CA0AA45} - System32\Tasks\RealDownloaderDownloaderScheduledTaskS-1-5-21-1165394420-3520031323-336608003-1000 => C:\Program Files (x86)\RealNetworks\RealDownloader\recordingmanager.exe
Task: {B7BB27D4-513A-4F86-8E0D-3BF74E3695E2} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2015-08-26] (Apple Inc.)
Task: {C10D603B-182B-428D-88AA-8BF11444FBB9} - System32\Tasks\{1410237C-08BE-4443-B427-F32B582CE6C2} => pcalua.exe -a C:\Users\Stephanie\Downloads\WISOFinanz2012.exe -d C:\Windows\system32
Task: {C22CC128-267C-4205-AD04-AE42AD5C3C98} - System32\Tasks\{075E73A8-3589-43BF-A4BB-4DBE2DC76C1D} => G:\daemon410-x86.exe
Task: {C71F4C20-6589-4446-9FB3-20C6DC312D70} - System32\Tasks\{1D1631B8-E3CC-45F7-A552-B27FC189CF71} => pcalua.exe -a D:\Start.exe -d D:\
Task: {D41E38B9-1188-4B6B-8FDF-0060D4808B8D} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-12-13] (Adobe Systems Incorporated)
Task: {D7916C24-3BB1-460F-B0F5-CDED52B0B0E3} - System32\Tasks\{7A86187A-31C6-4EFA-844D-361B364368A9} => pcalua.exe -a "C:\Program Files (x86)\Common Files\microsoft shared\VSTO\10.0\VSTOInstaller.exe" -d C:\Windows\system32 -c /uninstall "C:\Program Files (x86)\outlook_dav\outlook_dav.vsto"
Task: {DB40A99F-349E-4C65-9D7D-0D7B9A3967A7} - System32\Tasks\{E6844382-B984-438B-B8C3-DBF8EE3AF04D} => G:\daemon410-x86.exe
Task: {DD9F510C-95F4-499A-90C8-BAC5BC372FF4} - System32\Tasks\Microsoft\Windows\SoftwareProtectionPlatform\SvcRestartTask => start sppsvc
Task: {DE88AAF8-2DEA-45BD-B545-D626939C566C} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-01-20] (Adobe Systems Incorporated)
Task: {DEAAB650-E57C-4526-9A47-AC22302B7ACE} - System32\Tasks\{4DE0AA33-497C-4FC7-8BD8-7AA218322FC3} => G:\daemon410-x86.exe
Task: {DEBF0953-C3CB-48F8-8777-91722270BC99} - System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-1165394420-3520031323-336608003-1000 => C:\Program Files (x86)\RealNetworks\RealDownloader\realupgrade.exe
Task: {E9AD4689-043D-4974-96B3-4980ACC775A0} - System32\Tasks\Microsoft_Hardware_Launch_IPoint_exe => c:\Program Files\Microsoft IntelliPoint\IPoint.exe [2011-08-01] (Microsoft Corporation)
Task: {EA1C6C74-EB72-4C1D-967F-BDA829DAF6D1} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime => C:\Windows\system32\GWX\GWXUXWorker.exe [2015-12-05] (Microsoft Corporation)
Task: {EEB96AE1-20DB-46F1-BE0D-AD555CEF8CD5} - System32\Tasks\{A22042F0-C811-4A8F-A790-6CDC0111ECE9} => pcalua.exe -a C:\Users\Stephanie\Downloads\jxpiinstall.exe -d "C:\Program Files (x86)\Mozilla Firefox"
Task: {F391402C-F53D-4079-9488-0432CED5B89A} - System32\Tasks\Neuer Scan (1) => C:\Program Files (x86)\Sophos\Sophos Anti-Virus\BackgroundScanClient.exe [2014-06-06] (Sophos Limited)
Task: {FEBED14A-5B40-4E3F-8B27-F37CD5EE1F6E} - System32\Tasks\RealUpgradeScheduledTaskS-1-5-21-1165394420-3520031323-336608003-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2014-07-24] (RealNetworks, Inc.)
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Aufgabe verschoben. Die Datei, die durch die Aufgabe gestartet wird, wird nicht verschoben.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-1165394420-3520031323-336608003-1000Core.job => C:\Users\Stephanie\AppData\Local\Dropbox\Update\DropboxUpdate.exe
Task: C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-1165394420-3520031323-336608003-1000UA.job => C:\Users\Stephanie\AppData\Local\Dropbox\Update\DropboxUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\Neuer Scan (1).job => C:\Program Files (x86)\Sophos\Sophos Anti-Virus\BackgroundScanClient.exe
==================== Verknüpfungen =============================
(Die Einträge können gelistet werden, um sie zurückzusetzen oder zu entfernen.)
==================== Geladene Module (Nicht auf der Ausnahmeliste) ==============
2011-04-01 06:00 - 2011-04-01 06:00 - 00034304 _____ () C:\Windows\System32\ssk3mlm.dll
2015-01-20 22:35 - 2015-01-20 22:35 - 00085832 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2015-10-13 05:45 - 2015-10-13 05:45 - 01328912 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2015-11-11 16:15 - 2016-01-17 14:46 - 00171712 _____ () C:\Program Files\Common Files\Microsoft Shared\ClickToRun\ApiClient.dll
2015-10-06 12:05 - 2015-10-06 12:05 - 00287712 _____ () C:\Program Files (x86)\Synology\CloudStation\bin\vss-service-x64.exe
2013-10-09 09:52 - 2013-10-09 09:52 - 00384072 _____ () C:\Program Files (x86)\Synology Data Replicator 3\SynoDrServicex64.exe
2015-05-11 08:12 - 2015-05-11 08:12 - 00248736 _____ () C:\Program Files (x86)\Synology\Assistant\UsbClientService.exe
2014-04-30 09:01 - 2014-04-30 09:01 - 00035328 _____ () C:\Program Files (x86)\Synology\Photo Station Uploader\ShellExtHandler.dll
2011-07-18 22:04 - 2011-07-18 22:04 - 00301568 _____ () C:\Program Files (x86)\Notepad++\NppShell_04.dll
2015-11-17 09:45 - 2015-11-17 09:45 - 01047552 _____ () C:\Users\Stephanie\AppData\Local\CloudStation\CloudStation.app\icon-overlay\14\x64\ContextMenu.dll
2015-12-07 17:04 - 2015-12-07 17:04 - 00820224 _____ () C:\Users\Stephanie\AppData\Roaming\BitTorrent Sync\SyncShellExtension64_A0.dll
2014-12-10 11:28 - 2014-12-10 11:28 - 01152000 _____ () C:\Program Files\Box\Box Sync\_hashlib.pyd
2015-02-06 14:38 - 2015-02-06 14:38 - 00128512 _____ () C:\Program Files\Box\Box Sync\win32api.pyd
2015-02-06 14:38 - 2015-02-06 14:38 - 00137728 _____ () C:\Program Files\Box\Box Sync\pywintypes27.dll
2015-02-06 14:38 - 2015-02-06 14:38 - 00503808 _____ () C:\Program Files\Box\Box Sync\pythoncom27.dll
2014-12-10 11:28 - 2014-12-10 11:28 - 00112128 _____ () C:\Program Files\Box\Box Sync\_ctypes.pyd
2015-05-28 15:39 - 2015-05-28 15:39 - 00003584 _____ () C:\Program Files\Box\Box Sync\clr.pyd
2015-05-28 15:39 - 2015-05-28 15:39 - 00103424 _____ () C:\Program Files\Box\Box Sync\Python.Runtime.dll
2014-12-10 11:28 - 2014-12-10 11:28 - 00047616 _____ () C:\Program Files\Box\Box Sync\_socket.pyd
2014-12-10 11:28 - 2014-12-10 11:28 - 01745920 _____ () C:\Program Files\Box\Box Sync\_ssl.pyd
2015-05-28 15:42 - 2015-05-28 15:42 - 00027136 _____ () C:\Program Files\Box\Box Sync\ujson.pyd
2015-05-28 15:42 - 2015-05-28 15:42 - 00044544 _____ () C:\Program Files\Box\Box Sync\_psutil_windows.pyd
2014-12-10 11:28 - 2014-12-10 11:28 - 00010752 _____ () C:\Program Files\Box\Box Sync\select.pyd
2014-12-10 11:28 - 2014-12-10 11:28 - 00166912 _____ () C:\Program Files\Box\Box Sync\_elementtree.pyd
2014-12-10 11:28 - 2014-12-10 11:28 - 00164352 _____ () C:\Program Files\Box\Box Sync\pyexpat.pyd
2014-12-10 11:28 - 2014-12-10 11:28 - 00689664 _____ () C:\Program Files\Box\Box Sync\unicodedata.pyd
2015-02-06 14:38 - 2015-02-06 14:38 - 00438784 _____ () C:\Program Files\Box\Box Sync\win32com.shell.shell.pyd
2015-02-06 14:38 - 2015-02-06 14:38 - 00023040 _____ () C:\Program Files\Box\Box Sync\win32event.pyd
2015-06-25 10:55 - 2015-06-25 10:55 - 00059392 _____ () C:\Program Files\Box\Box Sync\_sqlite3.pyd
2015-02-06 14:38 - 2015-02-06 14:38 - 00149504 _____ () C:\Program Files\Box\Box Sync\win32file.pyd
2015-02-06 14:38 - 2015-02-06 14:38 - 00136192 _____ () C:\Program Files\Box\Box Sync\win32security.pyd
2015-02-06 14:38 - 2015-02-06 14:38 - 00044032 _____ () C:\Program Files\Box\Box Sync\win32process.pyd
2015-02-06 14:38 - 2015-02-06 14:38 - 00030720 _____ () C:\Program Files\Box\Box Sync\win32cred.pyd
2015-05-28 15:42 - 2015-05-28 15:42 - 00030208 _____ () C:\Program Files\Box\Box Sync\Crypto.Cipher._AES.pyd
2015-05-28 15:42 - 2015-05-28 15:42 - 00008192 _____ () C:\Program Files\Box\Box Sync\Crypto.Util.strxor.pyd
2015-05-28 15:42 - 2015-05-28 15:42 - 00010752 _____ () C:\Program Files\Box\Box Sync\Crypto.Random.OSRNG.winrandom.pyd
2015-05-28 15:42 - 2015-05-28 15:42 - 00011264 _____ () C:\Program Files\Box\Box Sync\Crypto.Util._counter.pyd
2015-02-06 14:38 - 2015-02-06 14:38 - 00053760 _____ () C:\Program Files\Box\Box Sync\win32service.pyd
2015-05-28 15:42 - 2015-05-28 15:42 - 00026112 _____ () C:\Program Files\Box\Box Sync\_yappi.pyd
2014-12-10 11:28 - 2014-12-10 11:28 - 00031744 _____ () C:\Program Files\Box\Box Sync\_multiprocessing.pyd
2015-02-06 14:38 - 2015-02-06 14:38 - 00021504 _____ () C:\Program Files\Box\Box Sync\win32clipboard.pyd
2015-02-06 14:38 - 2015-02-06 14:38 - 00223232 _____ () C:\Program Files\Box\Box Sync\win32gui.pyd
2015-06-08 14:22 - 2015-06-08 14:22 - 00068096 _____ () C:\Program Files\Box\Box Sync\SystemWrapper.dll
2016-01-11 20:58 - 2016-01-11 20:58 - 00030608 _____ () C:\Program Files\Box\Box Sync\BoxSyncMonitor.exe
2010-03-23 12:26 - 2010-03-23 12:26 - 00201512 _____ () C:\Program Files (x86)\Cisco Systems\VPN Client\vpnapi.dll
2016-01-24 17:15 - 2016-01-24 17:15 - 00158400 _____ () C:\Program Files (x86)\Microsoft Office\root\Office16\JitV.dll
2012-09-23 19:43 - 2012-09-23 19:43 - 00010240 _____ () C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\locale\de_de\acrotray.deu
2015-11-17 09:45 - 2015-11-17 09:45 - 00123918 _____ () C:\Users\Stephanie\AppData\Local\CloudStation\CloudStation.app\bin\libgcc_s_dw2-1.dll
2015-11-17 09:45 - 2015-11-17 09:45 - 01026062 _____ () C:\Users\Stephanie\AppData\Local\CloudStation\CloudStation.app\bin\libstdc++-6.dll
2015-11-17 09:45 - 2015-11-17 09:45 - 00524460 _____ () C:\Users\Stephanie\AppData\Local\CloudStation\CloudStation.app\bin\libcurl-4.dll
2015-11-17 09:45 - 2015-11-17 09:45 - 00115214 _____ () C:\Users\Stephanie\AppData\Local\CloudStation\CloudStation.app\bin\zlib1.dll
2015-11-17 09:45 - 2015-11-17 09:45 - 03095505 _____ () C:\Users\Stephanie\AppData\Local\CloudStation\CloudStation.app\bin\icuin53.dll
2015-11-17 09:45 - 2015-11-17 09:45 - 01798570 _____ () C:\Users\Stephanie\AppData\Local\CloudStation\CloudStation.app\bin\icuuc53.dll
2015-11-17 09:45 - 2015-11-17 09:45 - 21565192 _____ () C:\Users\Stephanie\AppData\Local\CloudStation\CloudStation.app\bin\icudt53.dll
2015-11-17 09:45 - 2015-11-17 09:45 - 02949660 _____ () C:\Users\Stephanie\AppData\Local\CloudStation\CloudStation.app\bin\libsqlite3-0.dll
2015-11-17 09:45 - 2015-11-17 09:45 - 00712704 _____ () C:\Users\Stephanie\AppData\Local\CloudStation\CloudStation.app\bin\platforms\qwindows.dll
2015-11-17 09:45 - 2015-11-17 09:45 - 00031744 _____ () C:\Users\Stephanie\AppData\Local\CloudStation\CloudStation.app\bin\imageformats\qgif.dll
2015-11-17 09:45 - 2015-11-17 09:45 - 00046080 _____ () C:\Users\Stephanie\AppData\Local\CloudStation\CloudStation.app\bin\imageformats\qicns.dll
2015-11-17 09:45 - 2015-11-17 09:45 - 00032768 _____ () C:\Users\Stephanie\AppData\Local\CloudStation\CloudStation.app\bin\imageformats\qico.dll
2015-11-17 09:45 - 2015-11-17 09:45 - 00516608 _____ () C:\Users\Stephanie\AppData\Local\CloudStation\CloudStation.app\bin\imageformats\qjp2.dll
2015-11-17 09:45 - 2015-11-17 09:45 - 00243200 _____ () C:\Users\Stephanie\AppData\Local\CloudStation\CloudStation.app\bin\imageformats\qjpeg.dll
2015-11-17 09:45 - 2015-11-17 09:45 - 00431616 _____ () C:\Users\Stephanie\AppData\Local\CloudStation\CloudStation.app\bin\imageformats\qtiff.dll
==================== Alternate Data Streams (Nicht auf der Ausnahmeliste) =========
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird nur der ADS entfernt.)
AlternateDataStreams: C:\ProgramData:BDSDRMHK
AlternateDataStreams: C:\Users\All Users:BDSDRMHK
AlternateDataStreams: C:\ProgramData\Anwendungsdaten:BDSDRMHK
AlternateDataStreams: C:\ProgramData\Application Data:BDSDRMHK
AlternateDataStreams: C:\Users\Stephanie\Documents\Eigene Datenquellen:Roxio EMC Stream
AlternateDataStreams: C:\Users\Stephanie\Documents\Famlienbilder Hamburger.jpg:Roxio EMC Stream
AlternateDataStreams: C:\Users\Stephanie\Documents\Ray Ban.JPG:Roxio EMC Stream
==================== Abgesicherter Modus (Nicht auf der Ausnahmeliste) ===================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Der Wert "AlternateShell" wird wiederhergestellt.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SAVService => ""="service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SAVService => ""="service"
==================== EXE Verknüpfungen (Nicht auf der Ausnahmeliste) ===============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt.)
==================== Internet Explorer Vertrauenswürdig/Eingeschränkt ===============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt.)
IE trusted site: HKU\S-1-5-21-1165394420-3520031323-336608003-1000\...\samsungsetup.com -> hxxp://www.samsungsetup.com
==================== Hosts Inhalt: ===============================
(Wenn benötigt kann der Hosts: Schalter in die Fixlist aufgenommen werden um die Hosts Datei zurückzusetzen.)
2009-07-14 03:34 - 2009-06-10 22:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
==================== Andere Bereiche ============================
(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)
HKU\S-1-5-21-1165394420-3520031323-336608003-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Stephanie\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.178.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 2) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall ist aktiviert.
==================== MSCONFIG/TASK MANAGER Deaktivierte Einträge ==
(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)
MSCONFIG\Services: Agile1Password => 3
MSCONFIG\Services: Apple Mobile Device Service => 2
MSCONFIG\Services: AppleOSSMgr => 2
MSCONFIG\Services: AppleTimeSrv => 2
MSCONFIG\Services: iPod Service => 3
MSCONFIG\Services: Secunia PSI Agent => 2
MSCONFIG\Services: Secunia Update Agent => 2
MSCONFIG\Services: Sophos AutoUpdate Service => 2
MSCONFIG\Services: StarMoney 9.0 OnlineUpdate => 3
MSCONFIG\Services: TeamViewer7 => 2
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^AkrutoSync.lnk => C:\Windows\pss\AkrutoSync.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^MozyHome Status.lnk => C:\Windows\pss\MozyHome Status.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Nach Updates suchen.lnk => C:\Windows\pss\Nach Updates suchen.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^vpngui.exe.lnk => C:\Windows\pss\vpngui.exe.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^WISO Mein Steuer-Sparbuch heute.lnk => C:\Windows\pss\WISO Mein Steuer-Sparbuch heute.lnk.CommonStartup
MSCONFIG\startupfolder: C:^Users^Stephanie^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dropbox.lnk => C:\Windows\pss\Dropbox.lnk.Startup
MSCONFIG\startupfolder: C:^Users^Stephanie^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^EvernoteClipper.lnk => C:\Windows\pss\EvernoteClipper.lnk.Startup
MSCONFIG\startupfolder: C:^Users^Stephanie^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Fences.lnk => C:\Windows\pss\Fences.lnk.Startup
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: ApplePhotoStreams => C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
MSCONFIG\startupreg: APSDaemon => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: Bing Bar => "C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2348.0\mswinext.exe"
MSCONFIG\startupreg: BitTorrent Sync => "C:\Users\Stephanie\AppData\Roaming\BitTorrent Sync\BTSync.exe" /MINIMIZED
MSCONFIG\startupreg: Cisco AnyConnect Secure Mobility Agent for Windows => "C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe" -minimized
MSCONFIG\startupreg: DAEMON Tools Lite => "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
MSCONFIG\startupreg: Dashlane => "C:\Users\Stephanie\AppData\Roaming\Dashlane\Dashlane.exe" autoLaunchAtStartup
MSCONFIG\startupreg: eM Client => "C:\Program Files (x86)\eM Client\MailClient.exe" /startup
MSCONFIG\startupreg: Google Update => "C:\Users\Stephanie\AppData\Local\Google\Update\GoogleUpdate.exe" /c
MSCONFIG\startupreg: gSyncit => C:\Program Files (x86)\Fieldston Software\gSyncit\gsyncit.exe
MSCONFIG\startupreg: GyroQ => C:\Program Files (x86)\Gyronix\GyroQ\GyroQ.exe
MSCONFIG\startupreg: HandyShareStartup => "C:\Program Files (x86)\ZOOM\HandyShare\HandyShare_startup.exe"
MSCONFIG\startupreg: HP Software Update => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
MSCONFIG\startupreg: iCloudDrive => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe
MSCONFIG\startupreg: iCloudPhotos => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudPhotos.exe
MSCONFIG\startupreg: iCloudServices => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: KeePass 2 PreLoad => "C:\Program Files (x86)\KeePass Password Safe 2\KeePass.exe" --preload
MSCONFIG\startupreg: LexwareInfoService => C:\Program Files (x86)\Lexware\Update Manager\LxUpdateManager.exe /autostart
MSCONFIG\startupreg: Mailbell => "C:\Program Files (x86)\MailBell\mailbell.exe"
MSCONFIG\startupreg: MMReminderService => C:\Program Files (x86)\Mindjet\MindManager 10\MMReminderService.exe
MSCONFIG\startupreg: My Movies Tray => "C:\Program Files (x86)\Binnerup Consult\My Movies for Windows Media Center\My Movies Tray.exe"
MSCONFIG\startupreg: Password Depot => "C:\Program Files (x86)\AceBIT\Password Depot 6\PasswordDepot.exe"
MSCONFIG\startupreg: QuickTime Task => "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
MSCONFIG\startupreg: Reader Application Helper => C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\ReaderAppHelper.exe
MSCONFIG\startupreg: RemoTerm.exe => C:\Program Files (x86)\Common Files\PCTV Systems\RemoTerm\RemoTerm.exe
MSCONFIG\startupreg: RoboForm => "C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"
MSCONFIG\startupreg: SimpleSYN.NET => "C:\Program Files (x86)\creativbox.net\SimpleSYN\CBN.SimpleSYN.NET.exe"
MSCONFIG\startupreg: Sophos AutoUpdate Monitor => C:\Program Files (x86)\Sophos\AutoUpdate\almon.exe
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
MSCONFIG\startupreg: TkBellExe => "c:\program files (x86)\real\realplayer\Update\realsched.exe" -osboot
MSCONFIG\startupreg: TVCenter.exe => C:\Program Files (x86)\PCTV Systems\TVCenter\TVCenter.exe -server
MSCONFIG\startupreg: Wondershare Helper Compact.exe => C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
MSCONFIG\startupreg: Zahlungserinnerung => "C:\Program Files (x86)\Buhl\WISO Mein Geld 2012\Erinnerung.exe"
==================== Firewall Regeln (Nicht auf der Ausnahmeliste) ===============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [{B80BA29F-6900-4709-A4AC-62CCFFA7703A}] => (Allow) C:\Program Files\HP\HP Officejet 6500 E710n-z\Bin\DeviceSetup.exe
FirewallRules: [{88A058DF-743B-4F79-8A9C-BD75B86F640F}] => (Allow) C:\Program Files\HP\HP Officejet 6500 E710n-z\Bin\DeviceSetup.exe
FirewallRules: [{8C45A303-7371-407A-BAC2-86F92B06F299}] => (Allow) C:\Program Files\HP\HP Officejet 6500 E710n-z\Bin\HPNetworkCommunicator.exe
FirewallRules: [{92D5677E-B36D-4AD3-A0CC-9E27B82CEB3D}] => (Allow) C:\Program Files\HP\HP Officejet 6500 E710n-z\Bin\HPNetworkCommunicator.exe
FirewallRules: [TCP Query User{22F24A0B-58A4-4C42-A3E2-1D45BCC9F247}C:\users\stephanie\appdata\roaming\dropbox\bin\dropbox.exe] => (Block) C:\users\stephanie\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [UDP Query User{E62CED53-EF7A-4B48-B02C-42034F8CB5D6}C:\users\stephanie\appdata\roaming\dropbox\bin\dropbox.exe] => (Block) C:\users\stephanie\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [{59F7A630-4F6F-4623-A085-D237CF2033B2}] => (Allow) LPort=51408
FirewallRules: [{D17477B8-D516-4605-A35E-4C5AF6D868FC}] => (Allow) LPort=51409
FirewallRules: [{9D365A26-99E9-4E3D-A381-9846757CE31F}] => (Allow) LPort=51410
FirewallRules: [{9A3462AC-EC4C-42A5-BCAE-3C2063EE9F98}] => (Allow) LPort=51411
FirewallRules: [{2E8B83D0-C3D1-43B9-857B-03128BE5D717}] => (Allow) LPort=51412
FirewallRules: [{496E3B6C-074D-452B-B2AB-B1A92CE73FC6}] => (Allow) LPort=51413
FirewallRules: [TCP Query User{C7A68A8D-96E5-4437-9B7C-DC8913C902E0}C:\windows\ehome\ehexthost.exe] => (Allow) C:\windows\ehome\ehexthost.exe
FirewallRules: [UDP Query User{19D140B5-05F3-4495-B191-15F7679C2264}C:\windows\ehome\ehexthost.exe] => (Allow) C:\windows\ehome\ehexthost.exe
FirewallRules: [{EF7DC07A-9619-4B76-93F6-2A40F86E1B67}] => (Allow) C:\Program Files (x86)\PCTV Systems\TVCenter\TVCenter.exe
FirewallRules: [{98E22DEA-4C7A-4C78-8E14-3EC66898D29B}] => (Allow) C:\Program Files (x86)\Common Files\PCTV Systems\PVR\VideoControl.exe
FirewallRules: [{CA7A939A-6DCA-4290-9790-E077C1D08586}] => (Allow) C:\Program Files (x86)\Common Files\PCTV Systems\StreamingServer\StrmServer.exe
FirewallRules: [{BCC468C1-BF2B-40C2-A7D1-655DDA3A1DF2}] => (Allow) LPort=1900
FirewallRules: [{2FBEBCB2-5E56-416A-8FD1-2FBFC160B575}] => (Allow) LPort=2869
FirewallRules: [{BEB70025-D4E1-4E82-84DA-6F0F158532D4}] => (Allow) C:\Windows\ehome\ehrecvr.exe
FirewallRules: [{4D7EFA9C-6F30-4FAD-B191-02EA2E4CE2EF}] => (Allow) LPort=41982
FirewallRules: [{CBC9708C-210F-4C07-8F40-59A08D874B46}] => (Allow) LPort=41982
FirewallRules: [{3CE3C6C0-5449-4EB2-971D-B9CCF2C7A719}] => (Allow) C:\Program Files (x86)\Moony\moony.exe
FirewallRules: [{4EB34DF0-907B-4825-8FB2-1620C14CC3C6}] => (Allow) C:\Program Files (x86)\Moony\moony.exe
FirewallRules: [{9E5FFA96-B44C-44C7-8EE9-4D23B046C014}] => (Allow) C:\Program Files (x86)\Software4u\iPhone Explorer\Software4u.IPhoneExplorer.exe
FirewallRules: [{B11B144C-294D-4EBC-8B98-338327C2F2C0}] => (Allow) C:\Program Files (x86)\Software4u\iPhone Explorer\Software4u.IPhoneExplorer.exe
FirewallRules: [{EE0A79EE-7F7E-4B72-B91E-14DA20B2FE58}] => (Allow) C:\Program Files (x86)\WebISSync\iPISync.exe
FirewallRules: [{5D91E233-E087-4EDB-838C-451192E4B708}] => (Allow) C:\Program Files (x86)\WebISSync\iPISync.exe
FirewallRules: [TCP Query User{851898FF-ED61-49C8-A0A0-FE9C33871ADC}C:\program files (x86)\google\google earth\plugin\geplugin.exe] => (Allow) C:\program files (x86)\google\google earth\plugin\geplugin.exe
FirewallRules: [UDP Query User{7777F644-612B-404F-AD3D-9A1DAA954E6B}C:\program files (x86)\google\google earth\plugin\geplugin.exe] => (Allow) C:\program files (x86)\google\google earth\plugin\geplugin.exe
FirewallRules: [TCP Query User{246F2956-AFFC-48BD-95F4-9C73F1CF7F9D}C:\program files (x86)\mozilla firefox\plugin-container.exe] => (Block) C:\program files (x86)\mozilla firefox\plugin-container.exe
FirewallRules: [UDP Query User{9ECF9855-6DEE-4D70-AF98-DF36B50B1F66}C:\program files (x86)\mozilla firefox\plugin-container.exe] => (Block) C:\program files (x86)\mozilla firefox\plugin-container.exe
FirewallRules: [{AB6B894E-C8CC-4D31-B8A0-04BF5F68AA9B}] => (Allow) LPort=41982
FirewallRules: [{0B77D295-ED54-4A4F-A2BF-1E4020393BA6}] => (Allow) C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe
FirewallRules: [{9C3DD0E9-F997-4C92-8034-68DB195E6B48}] => (Allow) C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe
FirewallRules: [{B218F47E-7AA1-4E94-ABD2-DF1B16F25167}] => (Allow) C:\Program Files (x86)\Samsung\Easy Printer Manager\IDS.Application.exe
FirewallRules: [{2746A965-0A23-46D6-8B87-F728E628EA64}] => (Allow) C:\Program Files (x86)\Samsung\Easy Printer Manager\IDS.Application.exe
FirewallRules: [{17675FEC-1D8C-4C01-94AC-07A864003175}] => (Allow) C:\Program Files (x86)\Samsung\Easy Printer Manager\OrderSupplies.exe
FirewallRules: [{591FBD70-411B-47FF-9382-2DF2C1306C5F}] => (Allow) C:\Program Files (x86)\Samsung\Easy Printer Manager\OrderSupplies.exe
FirewallRules: [{FD8B61C7-76BD-41CA-8796-6E3DF9B69261}] => (Allow) C:\Program Files (x86)\Samsung\Easy Printer Manager\IDSAlert.exe
FirewallRules: [{699F4DFF-C55E-41FD-B92D-7CC3FD8ACD8F}] => (Allow) C:\Program Files (x86)\Samsung\Easy Printer Manager\IDSAlert.exe
FirewallRules: [{97DEE068-87A0-4395-B1F8-64170F52196E}] => (Allow) C:\Program Files (x86)\Samsung\Easy Printer Manager\CDAS2PC\CDAS2PC.exe
FirewallRules: [{9851F4AA-668E-45F4-ABDD-F99F30DADA9E}] => (Allow) C:\Program Files (x86)\Samsung\Easy Printer Manager\CDAS2PC\CDAS2PC.exe
FirewallRules: [{085B6AFC-D1BD-434C-9293-573BB3E372D3}] => (Allow) C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe
FirewallRules: [{7DAFB828-8EAF-4E1C-84A7-587C2E38FFCF}] => (Allow) C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe
FirewallRules: [{DB9837F9-84C8-4817-9E1E-EFE11974832E}] => (Allow) C:\Program Files (x86)\Samsung\Easy Printer Manager\IDS.Application.exe
FirewallRules: [{D0B2CDFB-454B-4A68-85C3-69A923921250}] => (Allow) C:\Program Files (x86)\Samsung\Easy Printer Manager\IDS.Application.exe
FirewallRules: [{88625C8F-7CF0-4AF2-AA32-BF6DECBAED9D}] => (Allow) C:\Program Files (x86)\Samsung\Easy Printer Manager\OrderSupplies.exe
FirewallRules: [{B0F2B42C-238A-441A-9D49-DEFC750ED672}] => (Allow) C:\Program Files (x86)\Samsung\Easy Printer Manager\OrderSupplies.exe
FirewallRules: [{BF6F09EA-C42B-4FAA-AC50-CFCCDFF68A3B}] => (Allow) C:\Program Files (x86)\Samsung\Easy Printer Manager\IDSAlert.exe
FirewallRules: [{08CA54C5-AE85-4F7F-8CF8-1ACA72DEDF9C}] => (Allow) C:\Program Files (x86)\Samsung\Easy Printer Manager\IDSAlert.exe
FirewallRules: [{266C5D37-C67A-4CA4-A762-6011D2807771}] => (Allow) C:\Program Files (x86)\Samsung\Easy Printer Manager\CDAS2PC\CDAS2PC.exe
FirewallRules: [{2ECCA724-1B43-4EF6-B4BC-99F1B0C49B73}] => (Allow) C:\Program Files (x86)\Samsung\Easy Printer Manager\CDAS2PC\CDAS2PC.exe
FirewallRules: [{D0C08A0E-3A3D-400F-9072-4DFC7C997310}] => (Allow) %systemroot%\WindowsMobile\wmdHost.exe
FirewallRules: [{2C978648-977A-41BC-A909-CAD3FB3FCFBD}] => (Allow) %systemroot%\WindowsMobile\wmdHost.exe
FirewallRules: [{62D6752B-19FC-4F6E-A4E3-6C8971FD0226}] => (Allow) LPort=26675
FirewallRules: [TCP Query User{DF5ABE9D-58C3-419E-B087-C69D47CEF543}C:\users\stephanie\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\stephanie\appdata\roaming\spotify\spotify.exe
FirewallRules: [UDP Query User{D4145EA8-4B77-46FE-B01A-F45543FED449}C:\users\stephanie\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\stephanie\appdata\roaming\spotify\spotify.exe
FirewallRules: [{5E063430-F187-4DA6-AEAC-2BB54A33D4CE}] => (Allow) C:\Program Files (x86)\TeamViewer\Version7\TeamViewer.exe
FirewallRules: [{291B5E3A-4DE9-40CE-A78A-BB0227B38C22}] => (Allow) C:\Program Files (x86)\TeamViewer\Version7\TeamViewer.exe
FirewallRules: [{57BBE7B5-EA48-4735-8B6F-A2CCF420ED57}] => (Allow) C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
FirewallRules: [{82E80180-D3C8-430D-8F63-799E250DA3C1}] => (Allow) C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
FirewallRules: [{C27741E7-7B0E-41E2-8751-A19E0A70C925}] => (Allow) C:\Users\Stephanie\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe
FirewallRules: [{11DBD341-3616-4834-9D00-DF0AB13E2D5E}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [TCP Query User{EA32A741-5C63-449B-94D4-00CD11B83857}C:\users\stephanie\appdata\roaming\octoshape\octoshape streaming services\octoshapeclient.exe] => (Allow) C:\users\stephanie\appdata\roaming\octoshape\octoshape streaming services\octoshapeclient.exe
FirewallRules: [UDP Query User{AAF78398-4EF5-4B1E-BEDA-C7DD6CDE0293}C:\users\stephanie\appdata\roaming\octoshape\octoshape streaming services\octoshapeclient.exe] => (Allow) C:\users\stephanie\appdata\roaming\octoshape\octoshape streaming services\octoshapeclient.exe
FirewallRules: [TCP Query User{0F9DC540-B501-4F8D-BD0A-FF7CD4DF1052}C:\users\stephanie\downloads\btsync.exe] => (Block) C:\users\stephanie\downloads\btsync.exe
FirewallRules: [UDP Query User{D537A008-56BD-4FD4-8A96-B9DC0941CA38}C:\users\stephanie\downloads\btsync.exe] => (Block) C:\users\stephanie\downloads\btsync.exe
FirewallRules: [TCP Query User{7934C0BB-9E6D-4C6A-AFFF-878F127381CD}C:\program files (x86)\synology\photo station uploader\mediauploader.exe] => (Allow) C:\program files (x86)\synology\photo station uploader\mediauploader.exe
FirewallRules: [UDP Query User{5B052305-F55B-4419-888C-22A74FA65279}C:\program files (x86)\synology\photo station uploader\mediauploader.exe] => (Allow) C:\program files (x86)\synology\photo station uploader\mediauploader.exe
FirewallRules: [{8DFCA4F5-1FA1-44E7-9FDB-E6C3D244638D}] => (Allow) C2OutlookSync.exe
FirewallRules: [{12CB2940-784B-4840-84CE-C92FC990E32E}] => (Allow) C:\Users\Stephanie\AppData\Roaming\Copy\CopyAgent.exe
FirewallRules: [{7D1DA02F-02A9-4FDB-9013-18A8964BE829}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{72D7EE44-6082-4059-AF9C-4DC058B7C002}] => (Allow) LPort=2869
FirewallRules: [{98A41977-F01C-4CB6-B2F1-0CD2DBD2E1BF}] => (Allow) LPort=1900
FirewallRules: [{A35D3EA7-8E4D-482A-BBC2-C9010C408B73}] => (Allow) C:\Program Files (x86)\Nero\Nero BackItUp\NBService.exe
FirewallRules: [{D2C47B12-7AC3-4EC0-89B3-F0E5BFECC277}] => (Allow) C:\Program Files (x86)\Nero\Nero BackItUp\NBService.exe
FirewallRules: [{755632CE-160F-42D9-BF01-58390168ED97}] => (Allow) C:\Program Files (x86)\Nero\Nero BackItUp\NBService.exe
FirewallRules: [{DFDFD8D4-7C6B-474B-AAB7-2244F3D83D9E}] => (Allow) C:\Program Files (x86)\Nero\Nero BackItUp\NBService.exe
FirewallRules: [{76FEA023-ADAF-4A51-AFDA-324A693AFC8C}] => (Allow) C:\Program Files (x86)\Nero\Nero BackItUp\NBService.exe
FirewallRules: [{398E275B-B079-4EA2-8C63-7B544BF9B589}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{D5EF2BF3-0A1E-43CC-A228-E7E0F8A51862}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{00069568-8038-444F-974F-A6DBB1639224}] => (Allow) C:\Program Files (x86)\lexware\Update Service\Hmg.InstallationService.Service.exe
FirewallRules: [{513725E7-D39D-4A8A-AEF0-FCADFE8F79EF}] => (Allow) C:\Program Files (x86)\lexware\Update Service\Hmg.InstallationService.Service.exe
FirewallRules: [TCP Query User{C4E43FFA-E019-4702-B823-BBDFFDA28DC3}C:\program files (x86)\common files\xpressupdate\xpressupdate.exe] => (Allow) C:\program files (x86)\common files\xpressupdate\xpressupdate.exe
FirewallRules: [UDP Query User{944CBC1B-A483-41C9-B570-3A774781F042}C:\program files (x86)\common files\xpressupdate\xpressupdate.exe] => (Allow) C:\program files (x86)\common files\xpressupdate\xpressupdate.exe
FirewallRules: [{1B89ED56-F50C-47A0-B683-280133AE1A2B}] => (Allow) C:\Users\Stephanie\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{BC1F6906-F5BB-4588-A776-88F188B477F9}] => (Allow) C:\Users\Stephanie\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [TCP Query User{871DD067-7C76-4F6A-8A31-5BB5DC8D1CA7}C:\users\stephanie\downloads\data_replicator_0153(1)\backup.exe] => (Allow) C:\users\stephanie\downloads\data_replicator_0153(1)\backup.exe
FirewallRules: [UDP Query User{32FBF598-124B-4D2C-8F11-B1502DFE97EF}C:\users\stephanie\downloads\data_replicator_0153(1)\backup.exe] => (Allow) C:\users\stephanie\downloads\data_replicator_0153(1)\backup.exe
FirewallRules: [TCP Query User{A198B808-915C-4C59-AF03-5BE4B7D846F0}C:\program files (x86)\synology data replicator 3\backup.exe] => (Allow) C:\program files (x86)\synology data replicator 3\backup.exe
FirewallRules: [UDP Query User{F2190A97-C0B7-4877-9DF3-D9D7EC5CA83E}C:\program files (x86)\synology data replicator 3\backup.exe] => (Allow) C:\program files (x86)\synology data replicator 3\backup.exe
FirewallRules: [{FAD179EC-4BDA-4495-ADC1-4BAABE3426D6}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{244B4577-8464-4B73-A81B-6DA1E3ADD858}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{F3CAA5C2-834D-41A1-81C5-02B5175219BD}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{7E85E458-8CD2-4C0A-9535-A726A4D3447F}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{0ABB4D94-5012-4FBE-9523-8F16309D2066}] => (Allow) C:\Users\Stephanie\AppData\Roaming\BitTorrent Sync\BTSync.exe
FirewallRules: [{7A770511-5ED4-4D88-A3D5-946C743187B9}] => (Allow) C:\Users\Stephanie\AppData\Roaming\BitTorrent Sync\BTSync.exe
FirewallRules: [{7F5A3DDF-EC18-4797-943C-4DC6FF8E7D40}] => (Allow) C:\Program Files\Akruto\AkrutoSync.exe
FirewallRules: [{5D2A3A8D-253E-4079-824B-78345320A2B3}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{A65D0C7B-9DBA-479F-896A-CE0CB4E02F9C}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [TCP Query User{DBBC775B-7AC3-48D3-9B72-91175662C16A}C:\users\stephanie\appdata\local\cloudstation\cloudstation.app\bin\cloud-drive-connect.exe] => (Allow) C:\users\stephanie\appdata\local\cloudstation\cloudstation.app\bin\cloud-drive-connect.exe
FirewallRules: [UDP Query User{8361B0D5-AEE6-4BC2-B6A1-3CA9DAA3EB8C}C:\users\stephanie\appdata\local\cloudstation\cloudstation.app\bin\cloud-drive-connect.exe] => (Allow) C:\users\stephanie\appdata\local\cloudstation\cloudstation.app\bin\cloud-drive-connect.exe
FirewallRules: [{492D55D4-E6A1-496F-9D9D-FE5C5A94B9B8}] => (Allow) C:\Program Files\Akruto\AkrutoSync.exe
FirewallRules: [{30846332-8EB5-4A84-AEC6-5DB5792B39AB}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\outlook.exe
FirewallRules: [{EF56D178-A63E-44ED-97A6-944AA80D47D9}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [TCP Query User{7986E42A-6858-4F03-AC6F-C9FCFF1414E6}C:\program files (x86)\synology\assistant\dsassistant.exe] => (Allow) C:\program files (x86)\synology\assistant\dsassistant.exe
FirewallRules: [UDP Query User{E900E5A9-C118-43A1-B9F1-67406DC470A8}C:\program files (x86)\synology\assistant\dsassistant.exe] => (Allow) C:\program files (x86)\synology\assistant\dsassistant.exe
FirewallRules: [{34EACFB1-1CE5-4161-B04A-4216B7F56616}] => (Allow) C:\Program Files (x86)\Synology\CloudStation\bin\launcher.exe
FirewallRules: [{A77E3407-BFE9-4EDA-88B7-43639F1C45B7}] => (Allow) C:\Program Files (x86)\Synology\CloudStation\bin\launcher.exe
FirewallRules: [{590689C2-52A6-435F-AB24-ADC7640CAFD9}] => (Allow) C:\Program Files (x86)\Synology\CloudStation\bin\launcher.exe
FirewallRules: [{02823D00-37DA-48A1-8FC0-B601C3134902}] => (Allow) C:\Program Files (x86)\Synology\CloudStation\bin\launcher.exe
FirewallRules: [{4CF25F58-3E82-4E94-8BCB-A9680C839F87}] => (Allow) C:\Program Files\Akruto\AkrutoSync.exe
FirewallRules: [{550DF8AF-D911-49CD-A9A9-0FD6CD1E3DA0}] => (Allow) C:\Program Files\Akruto\AkrutoSync.exe
FirewallRules: [{DF927B47-31F8-4A52-BE66-A113CAA67C7E}] => (Allow) C2OutlookSync.exe
FirewallRules: [{A04DFCCB-46E4-4641-8759-849DD47BB1A1}] => (Allow) C:\Program Files (x86)\Nero\Nero BackItUp\NBService.exe
FirewallRules: [{44FC69F1-1959-45A6-8AAD-9C9793DB6748}] => (Allow) C:\Program Files (x86)\Nero\Nero BackItUp\NBService.exe
FirewallRules: [{964FCD19-9901-4C90-AE28-84A83AB21ED7}] => (Allow) C:\Program Files (x86)\Nero\Nero BackItUp\NBService.exe
FirewallRules: [{8F3B9F4E-2B88-497A-88F9-54746C459864}] => (Allow) C:\Program Files (x86)\Nero\Nero BackItUp\NBService.exe
FirewallRules: [{CA016662-76B0-40B5-98E6-5C7107FD9537}] => (Allow) C:\Program Files (x86)\Nero\Nero BackItUp\NBService.exe
FirewallRules: [ScanManagement-RCWS-Out-TCP] => (Allow) %SystemRoot%\System32\mmc.exe
FirewallRules: [ScanManagement-WSD-Out-TCP] => (Allow) %SystemRoot%\System32\mmc.exe
==================== Wiederherstellungspunkte =========================
26-01-2016 09:36:59 Windows Update
28-01-2016 20:55:22 Installed ClearContext
29-01-2016 10:01:57 Installed Wunderlist for Outlook
29-01-2016 11:15:39 Windows Update
02-02-2016 08:27:53 Windows Update
==================== Fehlerhafte Geräte im Gerätemanager =============
Name: Officejet 6500 E710n-z
Description: Officejet 6500 E710n-z
Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318}
Manufacturer: HP
Service:
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
Name: Photosmart B110 series
Description: Photosmart B110 series
Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318}
Manufacturer: HP
Service:
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
Name: Officejet 6500 E710n-z
Description: Officejet 6500 E710n-z
Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318}
Manufacturer: HP
Service:
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
Name: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows x64
Description: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows x64
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Cisco Systems
Service: vpnva
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
Name: Cisco Systems VPN Adapter for 64-bit Windows
Description: Cisco Systems VPN Adapter for 64-bit Windows
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Cisco Systems
Service: CVirtA
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
==================== Fehlereinträge in der Ereignisanzeige: =========================
Applikationsfehler:
==================
Error: (02/04/2016 01:20:12 PM) (Source: Office 2016 Licensing Service) (EventID: 0) (User: )
Description: Subscription licensing service failed: -1073418220
Error: (02/04/2016 01:02:58 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: BoxSync.exe, Version: 4.0.7100.0, Zeitstempel: 0x5121fefe
Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.19110, Zeitstempel: 0x568429e5
Ausnahmecode: 0xc0150010
Fehleroffset: 0x000000000006af52
ID des fehlerhaften Prozesses: 0xc40
Startzeit der fehlerhaften Anwendung: 0xBoxSync.exe0
Pfad der fehlerhaften Anwendung: BoxSync.exe1
Pfad des fehlerhaften Moduls: BoxSync.exe2
Berichtskennung: BoxSync.exe3
Error: (02/04/2016 12:54:14 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 18939
Error: (02/04/2016 12:54:14 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 18939
Error: (02/04/2016 12:54:14 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
Error: (02/04/2016 12:54:13 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 17941
Error: (02/04/2016 12:54:13 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 17941
Error: (02/04/2016 12:54:13 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
Error: (02/04/2016 12:54:12 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 16443
Error: (02/04/2016 12:54:12 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 16443
Systemfehler:
=============
Error: (02/04/2016 02:23:34 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Der Dienst "HP Network Devices Support" wurde mit folgendem Fehler beendet:
%%126
Error: (02/04/2016 02:23:34 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Der Dienst "HP Home Network Diagnostic Support Service" wurde mit folgendem Fehler beendet:
%%126
Error: (02/04/2016 10:20:02 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "eapihdrv" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1275
Error: (02/04/2016 10:20:02 AM) (Source: Application Popup) (EventID: 1060) (User: )
Description: Aufgrund der Inkompatibilität mit diesem System wurde \??\C:\Users\STEPHA~1\AppData\Local\Temp\ehdrv.sys nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version des Treibers zu erhalten.
Error: (02/04/2016 10:20:01 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "eapihdrv" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1275
Error: (02/04/2016 10:20:01 AM) (Source: Application Popup) (EventID: 1060) (User: )
Description: Aufgrund der Inkompatibilität mit diesem System wurde \??\C:\Users\STEPHA~1\AppData\Local\Temp\ehdrv.sys nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version des Treibers zu erhalten.
Error: (02/04/2016 10:20:01 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "eapihdrv" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1275
Error: (02/04/2016 10:20:01 AM) (Source: Application Popup) (EventID: 1060) (User: )
Description: Aufgrund der Inkompatibilität mit diesem System wurde \??\C:\Users\STEPHA~1\AppData\Local\Temp\ehdrv.sys nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version des Treibers zu erhalten.
Error: (02/04/2016 10:17:41 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "eapihdrv" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1275
Error: (02/04/2016 10:17:41 AM) (Source: Application Popup) (EventID: 1060) (User: )
Description: Aufgrund der Inkompatibilität mit diesem System wurde \??\C:\Users\STEPHA~1\AppData\Local\Temp\ehdrv.sys nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version des Treibers zu erhalten.
CodeIntegrity:
===================================
Date: 2015-12-26 22:42:35.630
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume4\Windows\System32\drivers\LHidFilt.Sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
Date: 2015-12-26 22:42:35.448
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume4\Windows\System32\drivers\LHidFilt.Sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
Date: 2015-12-26 22:42:33.799
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume4\Windows\System32\drivers\LHidFilt.Sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
Date: 2015-12-26 22:42:33.744
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume4\Windows\System32\drivers\LHidFilt.Sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
Date: 2015-12-26 22:42:30.528
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume4\Windows\System32\drivers\LHidEqd.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
Date: 2015-12-26 22:42:30.477
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume4\Windows\System32\drivers\LHidEqd.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
Date: 2015-12-26 22:42:30.414
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume4\Windows\System32\drivers\LHidEqd.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
Date: 2015-12-26 22:42:30.366
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume4\Windows\System32\drivers\LHidEqd.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
==================== Speicherinformationen ===========================
Prozessor: Intel(R) Core(TM) i5-2500S CPU @ 2.70GHz
Prozentuale Nutzung des RAM: 73%
Installierter physikalischer RAM: 4072.37 MB
Verfügbarer physikalischer RAM: 1093.64 MB
Summe virtueller Speicher: 8142.95 MB
Verfügbarer virtueller Speicher: 4766.09 MB
==================== Laufwerke ================================
Drive c: (BOOTCAMP) (Fixed) (Total:1379.79 GB) (Free:631.51 GB) NTFS ==>[Laufwerk mit Startkomponenten (eingeholt von BCD)]
Drive e: (Macintosh HD) (Fixed) (Total:482.43 GB) (Free:473.3 GB) HFS
Drive g: () (Removable) (Total:1.87 GB) (Free:1.83 GB) FAT
==================== MBR & Partitionstabelle ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 1863 GB) (Disk ID: 00005D69)
Partition: GPT.
Partition 2: (Not Active) - (Size=482.4 GB) - (Type=AF)
Partition 3: (Not Active) - (Size=620 MB) - (Type=AB)
Partition 4: (Active) - (Size=1379.8 GB) - (Type=07 NTFS)
========================================================
Disk: 1 (Size: 1.9 GB) (Disk ID: 00000000)
Partition: GPT.
==================== Ende von Addition.txt ============================
Code:
ATTFilter Malwarebytes Anti-Malware www.malwarebytes.org Suchlaufdatum: 04.02.2016 Suchlaufzeit: 16:04 Protokolldatei: Malwarebytes Scan.txt Administrator: Ja Version: 2.2.0.1024 Malware-Datenbank: v2016.02.04.03 Rootkit-Datenbank: v2016.01.20.01 Lizenz: Kostenlose Version Malware-Schutz: Deaktiviert Schutz vor bösartigen Websites: Deaktiviert Selbstschutz: Deaktiviert Betriebssystem: Windows 7 Service Pack 1 CPU: x64 Dateisystem: NTFS Benutzer: Stephanie Suchlauftyp: Bedrohungssuchlauf Ergebnis: Abgeschlossen Durchsuchte Objekte: 610477 Abgelaufene Zeit: 1 Std., 22 Min., 7 Sek. Speicher: Aktiviert Start: Aktiviert Dateisystem: Aktiviert Archive: Aktiviert Rootkits: Deaktiviert Heuristik: Aktiviert PUP: Warnen PUM: Aktiviert Prozesse: 0 (keine bösartigen Elemente erkannt) Module: 0 (keine bösartigen Elemente erkannt) Registrierungsschlüssel: 0 (keine bösartigen Elemente erkannt) Registrierungswerte: 0 (keine bösartigen Elemente erkannt) Registrierungsdaten: 0 (keine bösartigen Elemente erkannt) Ordner: 0 (keine bösartigen Elemente erkannt) Dateien: 0 (keine bösartigen Elemente erkannt) Physische Sektoren: 0 (keine bösartigen Elemente erkannt) (end) |
|
12.02.2016, 10:29
| #3 |
| /// Winkelfunktion /// TB-Süch-Tiger™   | Word-Anhang Büromarkt Boettcher in Vorschau geöffnet, ESET meldet JS/Astromenda.A u.a. Moin
__________________ Ist das ein gewerblich genutztes System? Büro-PC? Falls ja, ist deine IT dafür zuständig.
__________________ |
|
12.02.2016, 10:59
| #4 |
| | Word-Anhang Büromarkt Boettcher in Vorschau geöffnet, ESET meldet JS/Astromenda.A u.a. Guten Morgen, nö, nicht gewerblich, nur privat/selbstständig genutzt. |
|
12.02.2016, 11:17
| #5 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Word-Anhang Büromarkt Boettcher in Vorschau geöffnet, ESET meldet JS/Astromenda.A u.a. Malwarebytes Anti-Rootkit (MBAR) Downloade dir bitte  Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.
Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
12.02.2016, 12:43
| #6 |
| | Word-Anhang Büromarkt Boettcher in Vorschau geöffnet, ESET meldet JS/Astromenda.A u.a. Vielen Dank, beim Starten von mbar.exe erscheint ein Popup-Fenster mit dieser Meldung: Probable rootkit activity detected. Registry value "AppInit_Dlls" has been found, which maybe caused by rootkit activity. Note: Press "No" button if you're not sure. If the tool crashes or terminates unexpectedly during a system scan, restart the tool and press "yes" should this message appear again. Do you want to remove this value and restart the tool? - Soll ich "no" drücken? |
|
12.02.2016, 12:57
| #7 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Word-Anhang Büromarkt Boettcher in Vorschau geöffnet, ESET meldet JS/Astromenda.A u.a. Da bitte auf nein klicken und weitermachen
__________________ Logfiles bitte immer in CODE-Tags posten |
|
12.02.2016, 15:27
| #8 |
| | Word-Anhang Büromarkt Boettcher in Vorschau geöffnet, ESET meldet JS/Astromenda.A u.a.Code:
ATTFilter Malwarebytes Anti-Rootkit BETA 1.9.3.1001
www.malwarebytes.org
Database version:
main: v2016.02.12.02
rootkit: v2016.02.08.01
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 11.0.9600.18204
Stephanie :: STEPHANIE-PC [administrator]
12.02.2016 13:11:52
mbar-log-2016-02-12 (13-11-52).txt
Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled:
Kernel memory modifications detected. Deep Anti-Rootkit Scan engaged.
Objects scanned: 554681
Time elapsed: 1 hour(s), 52 minute(s),
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
Physical Sectors Detected: 0
(No malicious items detected)
(end)
|
|
12.02.2016, 17:09
| #9 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Word-Anhang Büromarkt Boettcher in Vorschau geöffnet, ESET meldet JS/Astromenda.A u.a. Adware/Junkware/Toolbars entfernen Alte Versionen von adwCleaner und falls vorhanden JRT vorher löschen, danach neu runterladen auf den Desktop! Virenscanner jetzt vor dem Einsatz dieser Tools bitte komplett deaktivieren! 1. Schritt: adwCleaner Downloade Dir bitte  AdwCleaner auf deinen Desktop.
2. Schritt: JRT - Junkware Removal Tool Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
3. Schritt: Frisches Log mit FRST Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop:  FRST 32-Bit | FRST 64-Bit(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
__________________ Logfiles bitte immer in CODE-Tags posten |
|
12.02.2016, 18:58
| #10 |
| | Word-Anhang Büromarkt Boettcher in Vorschau geöffnet, ESET meldet JS/Astromenda.A u.a.Code:
ATTFilter ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.0.2 (01.06.2016)
Operating System: Windows 7 Professional x64
Ran by Stephanie (Administrator) on 12.02.2016 at 18:15:22,79
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
File System: 24
Successfully deleted: C:\Users\Stephanie\AppData\Local\{0AC40948-B49C-48CA-8B97-99A76B143335} (Empty Folder)
Successfully deleted: C:\Users\Stephanie\AppData\Local\{0C48572E-E6F7-4E84-B57C-08011FCDFC93} (Empty Folder)
Successfully deleted: C:\Users\Stephanie\AppData\Local\{0D36FC06-7DF5-44BC-B2DA-EBD84104E1C6} (Empty Folder)
Successfully deleted: C:\Users\Stephanie\AppData\Local\{13AC569F-EA0B-4516-AD28-DCAA041BACA8} (Empty Folder)
Successfully deleted: C:\Users\Stephanie\AppData\Local\{1800910F-F9CA-4926-90AC-A351334390B7} (Empty Folder)
Successfully deleted: C:\Users\Stephanie\AppData\Local\{32D60F12-7858-4C6F-8D25-D4ABD60045FC} (Empty Folder)
Successfully deleted: C:\Users\Stephanie\AppData\Local\{3502E3E9-7305-4FCE-A8C9-0AEBB13B8578} (Empty Folder)
Successfully deleted: C:\Users\Stephanie\AppData\Local\{56D82D96-B4A0-4CA9-AD18-00E77AC63F3C} (Empty Folder)
Successfully deleted: C:\Users\Stephanie\AppData\Local\{7003C6AD-DB4A-4B02-9FC7-BECA58905917} (Empty Folder)
Successfully deleted: C:\Users\Stephanie\AppData\Local\{84CF75F6-307C-4E34-96ED-7BEA54EB25F5} (Empty Folder)
Successfully deleted: C:\Users\Stephanie\AppData\Local\{84F31579-C69E-4572-A78D-1C55303C96E9} (Empty Folder)
Successfully deleted: C:\Users\Stephanie\AppData\Local\{8B1E6D8F-1229-4BD1-958F-64DE4E37D55C} (Empty Folder)
Successfully deleted: C:\Users\Stephanie\AppData\Local\{8D6B3B74-278F-4CA9-B602-E918867027F7} (Empty Folder)
Successfully deleted: C:\Users\Stephanie\AppData\Local\{A2F88137-D1AA-4F4B-85CC-1D5C20B3A6BF} (Empty Folder)
Successfully deleted: C:\Users\Stephanie\AppData\Local\{A510792F-5647-43C4-922E-23E19A761573} (Empty Folder)
Successfully deleted: C:\Users\Stephanie\AppData\Local\{AB1CBD01-4766-4D8D-A4B7-9A652757EA83} (Empty Folder)
Successfully deleted: C:\Users\Stephanie\AppData\Local\{B246FA52-2CB5-498A-9256-6BDDB6622BA8} (Empty Folder)
Successfully deleted: C:\Users\Stephanie\AppData\Local\{EF934BFE-6167-40A2-86A1-B12D5E4997A3} (Empty Folder)
Successfully deleted: C:\Users\Stephanie\AppData\Local\{F8567C50-27C7-4296-AA70-A9F824405449} (Empty Folder)
Successfully deleted: C:\Users\Stephanie\AppData\Local\{FF01B907-08B6-4AF7-ABFA-B335BCCCDE03} (Empty Folder)
Successfully deleted: C:\Users\Stephanie\AppData\Roaming\Mozilla\Firefox\Profiles\g24g73re.default-1428761828540\extensions\staged (Folder)
Successfully deleted: C:\Users\Stephanie\AppData\Roaming\Mozilla\Firefox\Profiles\Solo_752392\extensions\isreaditlater@ideashower.com (Folder)
Successfully deleted: C:\Users\Stephanie\AppData\Roaming\Mozilla\Firefox\Profiles\Solo_752392\extensions\staged (Folder)
Successfully deleted: C:\Users\Stephanie\Documents\add-in express (Folder)
Registry: 2
Successfully deleted: HKCU\Software\Microsoft\Internet Explorer\Search\\SearchAssistant (Registry Value)
Successfully deleted: HKLM\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} (Registry Key)
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 12.02.2016 at 18:19:43,24
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Code:
ATTFilter # AdwCleaner v5.033 - Bericht erstellt am 12/02/2016 um 18:13:13
# Aktualisiert am 07/02/2016 von Xplode
# Datenbank : 2016-02-07.2 [Server]
# Betriebssystem : Windows 7 Professional Service Pack 1 (x64)
# Benutzername : Stephanie - STEPHANIE-PC
# Gestartet von : C:\Users\Stephanie\Desktop\AdwCleaner_5.033.exe
# Option : Suchlauf
# Unterstützung : hxxp://toolslib.net/forum
***** [ Dienste ] *****
***** [ Ordner ] *****
***** [ Dateien ] *****
***** [ DLL ] *****
***** [ Verknüpfungen ] *****
***** [ Aufgabenplanung ] *****
***** [ Registrierungsdatenbank ] *****
***** [ Internetbrowser ] *****
########## EOF - C:\AdwCleaner\AdwCleaner[S3].txt - [651 Bytes] ##########
Code:
ATTFilter Untersuchungsergebnis von Farbar Recovery Scan Tool (FRST) (x64) Version:27-01-2016 durchgeführt von Stephanie (Administrator) auf STEPHANIE-PC (12-02-2016 18:30:11) Gestartet von C:\Users\Stephanie\Desktop\TROJANERBOARD Geladene Profile: Stephanie (Verfügbare Profile: Stephanie & Gast) Platform: Windows 7 Professional Service Pack 1 (X64) Sprache: Deutsch (Deutschland) Internet Explorer Version 11 (Standard-Browser: FF) Start-Modus: Normal Anleitung für Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Prozesse (Nicht auf der Ausnahmeliste) ================= (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Prozess geschlossen. Die Datei wird nicht verschoben.) (AMD) C:\Windows\System32\atiesrxx.exe (Sophos Limited) C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SavService.exe (Cisco Systems, Inc.) C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe (Acronis) C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe (Acronis) C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe (Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe (Box, Inc.) C:\Program Files (x86)\Box\Box for Office\UpgradeService.exe (Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe () C:\Program Files (x86)\Synology\CloudStation\bin\vss-service-x64.exe (Cisco Systems, Inc.) C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe (Malwarebytes) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe (Acronis) C:\Program Files (x86)\Common Files\Acronis\Infrastructure\mms_mini.exe (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Microsoft Online Services\MSOIDSVC.EXE (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Microsoft Online Services\MSOIDSVCM.EXE (Microsoft Corporation) C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe (Microsoft Corporation) C:\Program Files (x86)\Microsoft SQL Server\MSSQL10.SERVEREXP2008\MSSQL\Binn\sqlservr.exe (Sophos Limited) C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SAVAdminService.exe (Sophos Limited) C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Control\swc_service.exe (Microsoft Corporation) C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe (Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe (Sophos Limited) C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe () C:\Program Files (x86)\Synology Data Replicator 3\SynoDrServicex64.exe () C:\Program Files (x86)\Synology\Assistant\UsbClientService.exe (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Sophos Limited) C:\Program Files (x86)\Sophos\AutoUpdate\ALsvc.exe (Acronis) C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe ==================== Registry (Nicht auf der Ausnahmeliste) =========================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt. Die Datei wird nicht verschoben.) HKLM\...\Run: [Apple_KbdMgr] => C:\Program Files\Boot Camp\Bootcamp.exe [741760 2011-06-29] (Apple Inc.) HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch HKLM\...\Run: [Fences] => C:\Program Files (x86)\Stardock\Fences\Fences.exe [4031152 2013-11-26] (Stardock Corporation) HKLM\...\Run: [IntelliPoint] => c:\Program Files\Microsoft IntelliPoint\ipoint.exe [2417032 2011-08-01] (Microsoft Corporation) HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [558496 2014-02-27] (Adobe Systems Incorporated) HKLM\...\Run: [EvtMgr6] => C:\Program Files\Logitech\SetPointP\SetPoint.exe [3113592 2015-08-26] (Logitech, Inc.) HKLM\...\Run: [Acronis Scheduler2 Service] => C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe [531808 2015-11-26] (Acronis) HKLM-x32\...\Run: [] => [X] HKLM-x32\...\Run: [Cisco AnyConnect Secure Mobility Agent for Windows] => C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe [708496 2015-09-23] (Cisco Systems, Inc.) HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [594992 2016-01-29] (Oracle Corporation) HKLM-x32\...\Run: [AcronisTibMounterMonitor] => C:\Program Files (x86)\Common Files\Acronis\TibMounter\TibMounterMonitor.exe [651560 2015-11-10] (Acronis International GmbH) HKLM-x32\...\Run: [TrueImageMonitor.exe] => C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe [7211112 2015-11-26] () Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation) Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.) HKU\S-1-5-21-1165394420-3520031323-336608003-1000\...\Run: [Spotify Web Helper] => C:\Users\Stephanie\AppData\Roaming\Spotify\SpotifyWebHelper.exe [2030912 2015-10-29] (Spotify Ltd) HKU\S-1-5-21-1165394420-3520031323-336608003-1000\...\Run: [f.lux] => C:\Users\Stephanie\AppData\Local\FluxSoftware\Flux\flux.exe [1017224 2013-10-23] (Flux Software LLC) HKU\S-1-5-21-1165394420-3520031323-336608003-1000\...\Run: [Dropbox Update] => C:\Users\Stephanie\AppData\Local\Dropbox\Update\DropboxUpdate.exe [134512 2015-06-14] (Dropbox, Inc.) HKU\S-1-5-21-1165394420-3520031323-336608003-1000\...\Run: [gSyncit] => C:\Program Files (x86)\Fieldston Software\gSyncit\gsyncit.exe HKU\S-1-5-21-1165394420-3520031323-336608003-1000\...\RunOnce: [Uninstall C:\Users\Stephanie\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64] => C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Stephanie\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64" HKU\S-1-5-21-1165394420-3520031323-336608003-1000\...\RunOnce: [Uninstall C:\Users\Stephanie\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112\amd64] => C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Stephanie\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112\amd64" HKU\S-1-5-21-1165394420-3520031323-336608003-1000\...\RunOnce: [Uninstall C:\Users\Stephanie\AppData\Local\Microsoft\SkyDrive\17.0.2006.0314\amd64] => C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Stephanie\AppData\Local\Microsoft\SkyDrive\17.0.2006.0314\amd64" HKU\S-1-5-21-1165394420-3520031323-336608003-1000\...\RunOnce: [Uninstall C:\Users\Stephanie\AppData\Local\Microsoft\SkyDrive\17.0.2010.0530\amd64] => C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Stephanie\AppData\Local\Microsoft\SkyDrive\17.0.2010.0530\amd64" HKU\S-1-5-21-1165394420-3520031323-336608003-1000\...\RunOnce: [Uninstall C:\Users\Stephanie\AppData\Local\Microsoft\SkyDrive\17.0.2011.0627\amd64] => C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Stephanie\AppData\Local\Microsoft\SkyDrive\17.0.2011.0627\amd64" HKU\S-1-5-21-1165394420-3520031323-336608003-1000\...\RunOnce: [Uninstall C:\Users\Stephanie\AppData\Local\Microsoft\SkyDrive\17.0.2015.0811\amd64] => C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Stephanie\AppData\Local\Microsoft\SkyDrive\17.0.2015.0811\amd64" HKU\S-1-5-21-1165394420-3520031323-336608003-1000\...\RunOnce: [Uninstall C:\Users\Stephanie\AppData\Local\Microsoft\SkyDrive\17.0.4029.0217\amd64] => C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Stephanie\AppData\Local\Microsoft\SkyDrive\17.0.4029.0217\amd64" HKU\S-1-5-21-1165394420-3520031323-336608003-1000\...\RunOnce: [Uninstall C:\Users\Stephanie\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\amd64] => C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Stephanie\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\amd64" HKU\S-1-5-21-1165394420-3520031323-336608003-1000\...\RunOnce: [Uninstall C:\Users\Stephanie\AppData\Local\Microsoft\SkyDrive\17.0.4041.0512_2\amd64] => C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Stephanie\AppData\Local\Microsoft\SkyDrive\17.0.4041.0512_2\amd64" HKU\S-1-5-21-1165394420-3520031323-336608003-1000\...\RunOnce: [Uninstall C:\Users\Stephanie\AppData\Local\Microsoft\SkyDrive\17.3.1165.0612\amd64] => C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Stephanie\AppData\Local\Microsoft\SkyDrive\17.3.1165.0612\amd64" HKU\S-1-5-21-1165394420-3520031323-336608003-1000\...\RunOnce: [Uninstall C:\Users\Stephanie\AppData\Local\Microsoft\SkyDrive\17.3.1166.0618\amd64] => C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Stephanie\AppData\Local\Microsoft\SkyDrive\17.3.1166.0618\amd64" HKU\S-1-5-21-1165394420-3520031323-336608003-1000\...\RunOnce: [Uninstall C:\Users\Stephanie\AppData\Local\Microsoft\SkyDrive\17.3.1171.0714\amd64] => C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Stephanie\AppData\Local\Microsoft\SkyDrive\17.3.1171.0714\amd64" HKU\S-1-5-21-1165394420-3520031323-336608003-1000\...\RunOnce: [Uninstall C:\Users\Stephanie\AppData\Local\Microsoft\OneDrive\17.3.4713.0209\amd64] => C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Stephanie\AppData\Local\Microsoft\OneDrive\17.3.4713.0209\amd64" HKU\S-1-5-21-1165394420-3520031323-336608003-1000\...\RunOnce: [Uninstall C:\Users\Stephanie\AppData\Local\Microsoft\OneDrive\17.3.4724.0224\amd64] => C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Stephanie\AppData\Local\Microsoft\OneDrive\17.3.4724.0224\amd64" HKU\S-1-5-21-1165394420-3520031323-336608003-1000\...\RunOnce: [Uninstall C:\Users\Stephanie\AppData\Local\Microsoft\OneDrive\17.3.4726.0226\amd64] => C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Stephanie\AppData\Local\Microsoft\OneDrive\17.3.4726.0226\amd64" HKU\S-1-5-21-1165394420-3520031323-336608003-1000\...\RunOnce: [Uninstall C:\Users\Stephanie\AppData\Local\Microsoft\OneDrive\17.3.5849.0427\amd64] => C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Stephanie\AppData\Local\Microsoft\OneDrive\17.3.5849.0427\amd64" HKU\S-1-5-21-1165394420-3520031323-336608003-1000\...\RunOnce: [Uninstall C:\Users\Stephanie\AppData\Local\Microsoft\OneDrive\17.3.5860.0512\amd64] => C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Stephanie\AppData\Local\Microsoft\OneDrive\17.3.5860.0512\amd64" HKU\S-1-5-21-1165394420-3520031323-336608003-1000\...\RunOnce: [Uninstall C:\Users\Stephanie\AppData\Local\Microsoft\OneDrive\17.3.5907.0716\amd64] => C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Stephanie\AppData\Local\Microsoft\OneDrive\17.3.5907.0716\amd64" HKU\S-1-5-21-1165394420-3520031323-336608003-1000\...\RunOnce: [Uninstall C:\Users\Stephanie\AppData\Local\Microsoft\OneDrive\17.3.5930.0814\amd64] => C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Stephanie\AppData\Local\Microsoft\OneDrive\17.3.5930.0814\amd64" HKU\S-1-5-21-1165394420-3520031323-336608003-1000\...\RunOnce: [Uninstall C:\Users\Stephanie\AppData\Local\Microsoft\OneDrive\17.3.5951.0827\amd64] => C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Stephanie\AppData\Local\Microsoft\OneDrive\17.3.5951.0827\amd64" HKU\S-1-5-21-1165394420-3520031323-336608003-1000\...\RunOnce: [Uninstall C:\Users\Stephanie\AppData\Local\Microsoft\OneDrive\17.3.6201.1019\amd64] => C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Stephanie\AppData\Local\Microsoft\OneDrive\17.3.6201.1019\amd64" HKU\S-1-5-21-1165394420-3520031323-336608003-1000\...\RunOnce: [Uninstall C:\Users\Stephanie\AppData\Local\Microsoft\OneDrive\17.3.6281.1202\amd64] => C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Stephanie\AppData\Local\Microsoft\OneDrive\17.3.6281.1202\amd64" HKU\S-1-5-21-1165394420-3520031323-336608003-1000\...\MountPoints2: H - H:\LaunchU3.exe -a HKU\S-1-5-21-1165394420-3520031323-336608003-1000\...\MountPoints2: {14d99ca1-e99a-11e0-97eb-806e6f6e6963} - F:\SETUP.EXE HKU\S-1-5-21-1165394420-3520031323-336608003-1000\...\MountPoints2: {a64a5b49-255a-11e1-8a52-040cce23d297} - H:\LaunchU3.exe -a HKU\S-1-5-18\...\Run: [Copy] => C:\Users\Stephanie\AppData\Roaming\Copy\CopyAgent.exe [15410832 2015-04-14] (Barracuda Networks, Inc.) AppInit_DLLs: C:\PROGRA~2\Sophos\SOPHOS~1\SOPHOS~2.DLL => C:\Program Files (x86)\Sophos\Sophos Anti-Virus\sophos_detoured_x64.dll [217672 2015-01-14] (Sophos Limited) AppInit_DLLs-x32: C:\PROGRA~2\Sophos\SOPHOS~1\SOPHOS~1.DLL => C:\Program Files (x86)\Sophos\Sophos Anti-Virus\sophos_detoured.dll [275352 2015-01-14] (Sophos Limited) Lsa: [Notification Packages] scecli C:\Program Files\WIDCOMM\Bluetooth Software\BtwProximityCP.dll ShellIconOverlayIdentifiers: [ BoxSyncFileLocked] -> {2a607da5-abe8-358e-a881-c0f5faf2d3a5} => C:\Windows\system32\mscoree.dll [2010-11-05] (Microsoft Corporation) ShellIconOverlayIdentifiers: [ BoxSyncFileLockedByOther] -> {f7d2951f-0b6b-346c-99ec-69cffc30a364} => C:\Windows\system32\mscoree.dll [2010-11-05] (Microsoft Corporation) ShellIconOverlayIdentifiers: [ BoxSyncNotSynced] -> {5ea95e3d-3e46-3812-b03c-49785fa67d41} => C:\Windows\system32\mscoree.dll [2010-11-05] (Microsoft Corporation) ShellIconOverlayIdentifiers: [ BoxSyncProblem] -> {a88b7184-bfa1-3d14-8efb-2225df9699bc} => C:\Windows\system32\mscoree.dll [2010-11-05] (Microsoft Corporation) ShellIconOverlayIdentifiers: [ BoxSyncSynced] -> {c89f9943-8f58-3eca-bd55-a658f53b2f48} => C:\Windows\system32\mscoree.dll [2010-11-05] (Microsoft Corporation) ShellIconOverlayIdentifiers: [ 01UnsuppModule] -> {AEB16659-2125-4ADA-A4AB-45EE21E86469} => C:\Users\Stephanie\AppData\Local\CloudStation\CloudStation.app\icon-overlay\14\x64\iconOverlay.dll [2015-11-17] (TODO: <Company name>) ShellIconOverlayIdentifiers: [ 02SyncingModule] -> {48AB5ADA-36B1-4137-99C9-2BD97F8788AB} => C:\Users\Stephanie\AppData\Local\CloudStation\CloudStation.app\icon-overlay\14\x64\iconOverlay.dll [2015-11-17] (TODO: <Company name>) ShellIconOverlayIdentifiers: [ 03SyncedModule] -> {472CE1AD-5D53-4BCF-A1FB-3982A5F55138} => C:\Users\Stephanie\AppData\Local\CloudStation\CloudStation.app\icon-overlay\14\x64\iconOverlay.dll [2015-11-17] (TODO: <Company name>) ShellIconOverlayIdentifiers: [ 04ReadOnlyModule] -> {A433C3E0-8B24-40EB-93C3-4B10D9959F58} => C:\Users\Stephanie\AppData\Local\CloudStation\CloudStation.app\icon-overlay\14\x64\iconOverlay.dll [2015-11-17] (TODO: <Company name>) ShellIconOverlayIdentifiers: [ 05NoPermModule] -> {C701AD67-3DF0-47C9-89CB-DFA6207BE229} => C:\Users\Stephanie\AppData\Local\CloudStation\CloudStation.app\icon-overlay\14\x64\iconOverlay.dll [2015-11-17] (TODO: <Company name>) ShellIconOverlayIdentifiers: [ GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-01-15] (Google) ShellIconOverlayIdentifiers: [ GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-01-15] (Google) ShellIconOverlayIdentifiers: [ GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-01-15] (Google) ShellIconOverlayIdentifiers: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Stephanie\AppData\Roaming\Dropbox\bin\DropboxExt64.31.dll [2016-02-09] (Dropbox, Inc.) ShellIconOverlayIdentifiers: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Stephanie\AppData\Roaming\Dropbox\bin\DropboxExt64.31.dll [2016-02-09] (Dropbox, Inc.) ShellIconOverlayIdentifiers: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Stephanie\AppData\Roaming\Dropbox\bin\DropboxExt64.31.dll [2016-02-09] (Dropbox, Inc.) ShellIconOverlayIdentifiers: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Stephanie\AppData\Roaming\Dropbox\bin\DropboxExt64.31.dll [2016-02-09] (Dropbox, Inc.) ShellIconOverlayIdentifiers: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Stephanie\AppData\Roaming\Dropbox\bin\DropboxExt64.31.dll [2016-02-09] (Dropbox, Inc.) ShellIconOverlayIdentifiers: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Stephanie\AppData\Roaming\Dropbox\bin\DropboxExt64.31.dll [2016-02-09] (Dropbox, Inc.) ShellIconOverlayIdentifiers: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Stephanie\AppData\Roaming\Dropbox\bin\DropboxExt64.31.dll [2016-02-09] (Dropbox, Inc.) ShellIconOverlayIdentifiers: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Stephanie\AppData\Roaming\Dropbox\bin\DropboxExt64.31.dll [2016-02-09] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [1aCopyShExtError] -> {83BEA36E-7680-4598-A4DF-994426F6E78D} => C:\Users\Stephanie\AppData\Roaming\Copy\overlay\CopyShExt.dll [2015-01-20] (Barracuda Networks, Inc.) ShellIconOverlayIdentifiers: [2aCopyShExtSynced] -> {845B7388-6F85-4F32-9FD5-F02DC7882B89} => C:\Users\Stephanie\AppData\Roaming\Copy\overlay\CopyShExt.dll [2015-01-20] (Barracuda Networks, Inc.) ShellIconOverlayIdentifiers: [3aCopyShExtSyncing] -> {F6378A7A-F753-449B-AE1B-997A96132E61} => C:\Users\Stephanie\AppData\Roaming\Copy\overlay\CopyShExt.dll [2015-01-20] (Barracuda Networks, Inc.) ShellIconOverlayIdentifiers: [4aCopyShExtSyncingProg1] -> {3A511828-777D-46F8-82F4-5B530C1B3D9E} => C:\Users\Stephanie\AppData\Roaming\Copy\overlay\CopyShExt.dll [2015-01-20] (Barracuda Networks, Inc.) ShellIconOverlayIdentifiers: [5aCopyShExtSyncingProg2] -> {C8C88204-5B14-40EC-BA72-8AEBC762047E} => C:\Users\Stephanie\AppData\Roaming\Copy\overlay\CopyShExt.dll [2015-01-20] (Barracuda Networks, Inc.) ShellIconOverlayIdentifiers: [6aCopyShExtSyncingProg3] -> {ACFF45C3-3EEB-4351-86C2-6696BA264239} => C:\Users\Stephanie\AppData\Roaming\Copy\overlay\CopyShExt.dll [2015-01-20] (Barracuda Networks, Inc.) ShellIconOverlayIdentifiers: [7aCopyShExtSyncingProg4] -> {29AF997F-488B-46F0-AE78-7146F1B89CC3} => C:\Users\Stephanie\AppData\Roaming\Copy\overlay\CopyShExt.dll [2015-01-20] (Barracuda Networks, Inc.) ShellIconOverlayIdentifiers: [8aCopyShExtSyncingProg5] -> {03F9AD29-1C78-4B66-8890-B177B5430C53} => C:\Users\Stephanie\AppData\Roaming\Copy\overlay\CopyShExt.dll [2015-01-20] (Barracuda Networks, Inc.) ShellIconOverlayIdentifiers: [AcronisSyncError] -> {934BC6C0-FEC2-4df5-A100-961DE2C8A0ED} => C:\Program Files (x86)\Acronis\TrueImageHome\tishell64.dll [2015-11-11] (Acronis) ShellIconOverlayIdentifiers: [AcronisSyncInProgress] -> {00F848DC-B1D4-4892-9C25-CAADC86A215D} => C:\Program Files (x86)\Acronis\TrueImageHome\tishell64.dll [2015-11-11] (Acronis) ShellIconOverlayIdentifiers: [AcronisSyncOk] -> {71573297-552E-46fc-BE3D-3DFAF88D47B7} => C:\Program Files (x86)\Acronis\TrueImageHome\tishell64.dll [2015-11-11] (Acronis) ShellIconOverlayIdentifiers: [GDriveSharedOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43} => Keine Datei ShellIconOverlayIdentifiers-x32: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Stephanie\AppData\Roaming\Dropbox\bin\DropboxExt.31.dll [2016-02-09] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Stephanie\AppData\Roaming\Dropbox\bin\DropboxExt.31.dll [2016-02-09] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Stephanie\AppData\Roaming\Dropbox\bin\DropboxExt.31.dll [2016-02-09] (Dropbox, Inc.) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk [2014-10-06] ShortcutTarget: Bluetooth.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Secunia PSI Tray.lnk [2015-11-17] ShortcutTarget: Secunia PSI Tray.lnk -> C:\Program Files (x86)\Secunia\PSI\psi_tray.exe (Secunia) Startup: C:\Users\Stephanie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\An OneNote senden.lnk [2016-02-12] ShortcutTarget: An OneNote senden.lnk -> C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTEM.EXE (Microsoft Corporation) Startup: C:\Users\Stephanie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Synology Cloud Station Drive.lnk [2016-02-12] ShortcutTarget: Synology Cloud Station Drive.lnk -> C:\Program Files (x86)\Synology\CloudStation\bin\launcher.exe (Synology Inc.) BootExecute: autocheck autochk /p \??\I:autocheck autochk * GroupPolicyScripts: Beschränkung <======= ACHTUNG ==================== Internet (Nicht auf der Ausnahmeliste) ==================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Eintrag entfernt oder auf den Standardwert zurückgesetzt, wenn es sich um einen Registryeintrag handelt.) Winsock: Catalog9 01 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [126760 2015-05-13] (Sophos Limited) Winsock: Catalog9 02 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [126760 2015-05-13] (Sophos Limited) Winsock: Catalog9 03 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [126760 2015-05-13] (Sophos Limited) Winsock: Catalog9 04 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [126760 2015-05-13] (Sophos Limited) Winsock: Catalog9 05 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [126760 2015-05-13] (Sophos Limited) Winsock: Catalog9 06 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [126760 2015-05-13] (Sophos Limited) Winsock: Catalog9 07 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [126760 2015-05-13] (Sophos Limited) Winsock: Catalog9 08 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [126760 2015-05-13] (Sophos Limited) Winsock: Catalog9 20 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [126760 2015-05-13] (Sophos Limited) Winsock: Catalog9-x64 01 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll [173864 2015-05-13] (Sophos Limited) Winsock: Catalog9-x64 02 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll [173864 2015-05-13] (Sophos Limited) Winsock: Catalog9-x64 03 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll [173864 2015-05-13] (Sophos Limited) Winsock: Catalog9-x64 04 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll [173864 2015-05-13] (Sophos Limited) Winsock: Catalog9-x64 05 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll [173864 2015-05-13] (Sophos Limited) Winsock: Catalog9-x64 06 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll [173864 2015-05-13] (Sophos Limited) Winsock: Catalog9-x64 07 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll [173864 2015-05-13] (Sophos Limited) Winsock: Catalog9-x64 08 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll [173864 2015-05-13] (Sophos Limited) Winsock: Catalog9-x64 20 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll [173864 2015-05-13] (Sophos Limited) Tcpip\Parameters: [DhcpNameServer] 192.168.178.1 Tcpip\..\Interfaces\{3F2B7EB5-8E99-430E-8694-0DB3092C75E6}: [DhcpNameServer] 192.168.178.1 Tcpip\..\Interfaces\{E1E502E5-BEBB-4C72-B240-AAAF659DFE1B}: [DhcpNameServer] 172.20.10.1 Tcpip\..\Interfaces\{EBF970A9-7A14-4FCD-86D9-7378779F0C77}: [DhcpNameServer] 192.168.178.1 Internet Explorer: ================== HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:newtab HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com HKU\S-1-5-21-1165394420-3520031323-336608003-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/ HKU\S-1-5-21-1165394420-3520031323-336608003-1000\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com/ie HKU\S-1-5-21-1165394420-3520031323-336608003-1000\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com/ie SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKLM-x32 -> DefaultScope Wert fehlt SearchScopes: HKU\S-1-5-21-1165394420-3520031323-336608003-1000 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.google.com/search?q={sear BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2016-01-22] (Microsoft Corporation) BHO: Citavi Picker -> {609D670F-B735-4da7-AC6D-F3BD358E325E} -> C:\Windows\system32\mscoree.dll [2010-11-05] (Microsoft Corporation) BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.) BHO: Password Depot 7 -> {9F79B165-70F7-4C46-B1A5-8828E2FF21F9} -> C:\Program Files (x86)\AceBIT\Password Depot 7\pdIEAddOn64.dll [2014-06-27] (AceBIT) BHO: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll [2015-12-17] (Adobe Systems Incorporated) BHO: Logitech SetPoint -> {AF949550-9094-4807-95EC-D1C317803333} -> C:\Program Files\Logitech\SetPointP\SetPointSmooth.dll [2015-08-26] (Logitech, Inc.) BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\URLREDIR.DLL [2016-01-21] (Microsoft Corporation) BHO: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\GROOVEEX.DLL [2016-01-21] (Microsoft Corporation) BHO: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll [2015-12-17] (Adobe Systems Incorporated) BHO-x32: RealPlayer Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll [2012-10-02] (RealPlayer) BHO-x32: Dashlane BHO -> {42D79B50-CC4A-4A8E-860F-BE674AF053A2} -> C:\Users\Stephanie\AppData\Roaming\Dashlane\ie\Dashlanei.dll [2014-12-15] (Dashlane) BHO-x32: Citavi Picker -> {609D670F-B735-4da7-AC6D-F3BD358E325E} -> C:\Windows\SysWOW64\mscoree.dll [2010-11-05] (Microsoft Corporation) BHO-x32: CmjBrowserHelperObject Object -> {6FE6A929-59D1-4763-91AD-29B61CFFB35B} -> Keine Datei BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_73\bin\ssv.dll [2016-02-06] (Oracle Corporation) BHO-x32: Microsoft-Konto-Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.) BHO-x32: Evernote extension -> {92EF2EAD-A7CE-4424-B0DB-499CF856608E} -> C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll [2014-04-14] (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063) BHO-x32: Password Depot 7 -> {9F79B165-70F7-4C46-B1A5-8828E2FF21F9} -> C:\Program Files (x86)\AceBIT\Password Depot 7\pdIEAddOn32.dll [2014-06-27] (AceBIT) BHO-x32: Samsung BHO Class -> {AA609D72-8482-4076-8991-8CDAE5B93BCB} -> C:\Program Files (x86)\Samsung AnyWeb Print\W2PBrowser.dll [2011-04-22] () BHO-x32: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2015-06-29] (Adobe Systems Incorporated) BHO-x32: Logitech SetPoint -> {AF949550-9094-4807-95EC-D1C317803333} -> C:\Program Files\Logitech\SetPointP\32-bit\SetPointSmooth.dll [2015-08-26] (Logitech, Inc.) BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\root\Office16\URLREDIR.DLL [2016-01-21] (Microsoft Corporation) BHO-x32: 1Password -> {CB1A24DA-7416-4921-A0CF-5AA1160AAE2A} -> C:\Program Files (x86)\1Password\Agile1pIE.dll [2013-08-07] (AgileBits) BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_73\bin\jp2ssv.dll [2016-02-06] (Oracle Corporation) BHO-x32: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2015-06-29] (Adobe Systems Incorporated) Toolbar: HKLM - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll [2015-12-17] (Adobe Systems Incorporated) Toolbar: HKLM-x32 - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2015-06-29] (Adobe Systems Incorporated) Toolbar: HKU\S-1-5-21-1165394420-3520031323-336608003-1000 -> Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll [2015-12-17] (Adobe Systems Incorporated) Toolbar: HKU\S-1-5-21-1165394420-3520031323-336608003-1000 -> &RoboForm Toolbar - {724D43A0-0D85-11D4-9908-00400523E39A} - Keine Datei Handler: ms-help - {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files (x86)\Common Files\Microsoft Shared\Help\hxds.dll Keine Datei Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-01-21] (Microsoft Corporation) Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-01-21] (Microsoft Corporation) Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-01-21] (Microsoft Corporation) Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-01-21] (Microsoft Corporation) FireFox: ======== FF ProfilePath: C:\Users\Stephanie\AppData\Roaming\Mozilla\Firefox\Profiles\g24g73re.default-1428761828540 FF Session Restore: -> ist aktiviert. FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_20_0_0_306.dll [2016-02-10] () FF Plugin: @microsoft.com/GENUINE -> disabled [Keine Datei] FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-11] ( Microsoft Corporation) FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation) FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [2014-04-28] (Adobe Systems) FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_20_0_0_306.dll [2016-02-10] () FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1221171.dll [2015-10-19] (Adobe Systems, Inc.) FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2015-10-14] () FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2013-10-07] (Google) FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll [2015-10-13] (Google, Inc.) FF Plugin-x32: @java.com/DTPlugin,version=11.73.2 -> C:\Program Files (x86)\Java\jre1.8.0_73\bin\dtplugin\npDeployJava1.dll [2016-02-06] (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=11.73.2 -> C:\Program Files (x86)\Java\jre1.8.0_73\bin\plugin2\npjp2.dll [2016-02-06] (Oracle Corporation) FF Plugin-x32: @microsoft.com/GENUINE -> disabled [Keine Datei] FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-11] ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2016-01-21] (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation) FF Plugin-x32: @real.com/nprpchromebrowserrecordext;version=15.0.6.14 -> C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll [2012-10-02] (RealNetworks, Inc.) FF Plugin-x32: @real.com/nprphtml5videoshim;version=15.0.6.14 -> C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll [2012-10-02] (RealNetworks, Inc.) FF Plugin-x32: @Sibelius.com/Scorch Plugin,version=6.2.0.88 -> C:\Program Files (x86)\Sibelius Software\Scorch\npsibelius.dll [2013-03-11] () FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-04] (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-04] (Google Inc.) FF Plugin-x32: @videolan.org/vlc,version=2.0.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN) FF Plugin-x32: @videolan.org/vlc,version=2.0.2 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN) FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN) FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Air\nppdf32.dll [2015-12-17] (Adobe Systems Inc.) FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll [2014-04-28] (Adobe Systems) FF Plugin HKU\S-1-5-21-1165394420-3520031323-336608003-1000: @octoshape.com/Octoshape Streaming Services,version=1.0 -> C:\Users\Stephanie\AppData\Roaming\Octoshape\Octoshape Streaming Services\sua-1312180-0-npoctoshape.dll [2013-12-18] (Octoshape ApS) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\np-mswmp.dll [2007-04-10] (Microsoft Corporation) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2015-12-17] (Adobe Systems Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin6.dll [2012-11-13] (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin7.dll [2012-11-13] (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\ScorchAxPlugin.dll [2010-04-08] () FF Plugin ProgramFiles/Appdata: C:\Users\Stephanie\AppData\Roaming\mozilla\plugins\npoctoshape.dll [2014-05-22] (Octoshape ApS) FF Extension: NoScript - C:\Users\Stephanie\AppData\Roaming\Mozilla\Firefox\Profiles\g24g73re.default-1428761828540\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2016-02-07] FF Extension: Clip to OneNote (Legacy Edition) - C:\Users\Stephanie\AppData\Roaming\Mozilla\Firefox\Profiles\g24g73re.default-1428761828540\Extensions\jid0-e0l1gzjOmbUL1N6n3j8dBSBMcGE@jetpack.xpi [2015-05-31] FF Extension: FireShot - C:\Users\Stephanie\AppData\Roaming\Mozilla\Firefox\Profiles\g24g73re.default-1428761828540\Extensions\{0b457cAA-602d-484a-8fe7-c1d894a011ba} [2016-01-07] FF Extension: Adblock Plus - C:\Users\Stephanie\AppData\Roaming\Mozilla\Firefox\Profiles\g24g73re.default-1428761828540\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2016-01-19] FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} [2016-02-12] [ist nicht signiert] FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} [2016-02-12] [ist nicht signiert] FF HKLM-x32\...\Firefox\Extensions: [passworddepot@acebit.com] - C:\Program Files (x86)\AceBIT\Password Depot 7\Firefox FF Extension: Password Depot Extension - C:\Program Files (x86)\AceBIT\Password Depot 7\Firefox [2015-07-13] [ist nicht signiert] FF HKLM-x32\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext FF Extension: RealPlayer Browser Record Plugin - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2015-04-28] [ist nicht signiert] FF HKLM-x32\...\Firefox\Extensions: [{C3949AC2-4B17-43ee-B4F1-D26B9D42404D}] - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext FF HKLM-x32\...\Firefox\Extensions: [{0153E448-190B-4987-BDE1-F256CADA672F}] - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext FF HKLM-x32\...\Firefox\Extensions: [{F003DA68-8256-4b37-A6C4-350FA04494DF}] - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt FF Extension: Logitech SetPoint - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt [2015-12-26] [ist nicht signiert] FF HKLM-x32\...\Firefox\Extensions: [{8AA36F4F-6DC7-4c06-77AF-5035170634FE}] - C:\ProgramData\Swiss Academic Software\Citavi Picker\Firefox FF Extension: Citavi Picker - C:\ProgramData\Swiss Academic Software\Citavi Picker\Firefox [2015-07-20] [ist nicht signiert] FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension@web2pdf.adobedotcom] - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn FF Extension: Adobe Acrobat - Create PDF - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn [2016-01-18] Chrome: ======= CHR StartupUrls: Default -> "","chrome://newtab/?source=home" CHR NewTab: Default -> "chrome-extension:\/\/jpfpebmajhhopeonhlcgidhclcccjcik\/newtab.html" CHR Plugin: (Native Client) - C:\Users\Stephanie\AppData\Local\Google\Chrome\Application\46.0.2490.86\ppGoogleNaClPluginChrome.dll => Keine Datei CHR Plugin: (Chrome PDF Viewer) - C:\Users\Stephanie\AppData\Local\Google\Chrome\Application\46.0.2490.86\pdf.dll => Keine Datei CHR Plugin: (Shockwave Flash) - C:\Users\Stephanie\AppData\Local\Google\Chrome\Application\46.0.2490.86\gcswf32.dll => Keine Datei CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll => Keine Datei CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll => Keine Datei CHR Plugin: (Microsoft® Windows Media Player Firefox Plugin) - C:\Program Files (x86)\Mozilla Firefox\plugins\np-mswmp.dll (Microsoft Corporation) CHR Plugin: (Java Deployment Toolkit 6.0.310.5) - C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll => Keine Datei CHR Plugin: (Java(TM) Platform SE 6 U31) - C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll => Keine Datei CHR Plugin: (RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit) ) - C:\Program Files (x86)\Mozilla Firefox\plugins\nppl3260.dll => Keine Datei CHR Plugin: (RealPlayer Version Plugin) - C:\Program Files (x86)\Mozilla Firefox\plugins\nprpjplug.dll => Keine Datei CHR Plugin: (RealPlayer(tm) HTML5VideoShim Plug-In (32-bit) ) - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.) CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll => Keine Datei CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll => Keine Datei CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll => Keine Datei CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll => Keine Datei CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll => Keine Datei CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll (Apple Inc.) CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll (Apple Inc.) CHR Plugin: (RealJukebox NS Plugin) - C:\Program Files (x86)\Mozilla Firefox\plugins\nprjplug.dll => Keine Datei CHR Plugin: (ScorchPlugin) - C:\Program Files (x86)\Mozilla Firefox\plugins\NPSibelius.dll => Keine Datei CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL => Keine Datei CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL => Keine Datei CHR Plugin: (Google Earth Plugin) - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google) CHR Plugin: (Picasa) - C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.) CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll => Keine Datei CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () CHR Plugin: (RealNetworks(tm) Chrome Background Extension Plug-In (32-bit) ) - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.) CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll => Keine Datei CHR Profile: C:\Users\Stephanie\AppData\Local\Google\Chrome\User Data\Default CHR Extension: (Google Drive) - C:\Users\Stephanie\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-11-30] CHR Extension: (YouTube) - C:\Users\Stephanie\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-11-30] CHR Extension: (Adblock Plus) - C:\Users\Stephanie\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2015-11-30] CHR Extension: (AddThis - Share & Bookmark (new)) - C:\Users\Stephanie\AppData\Local\Google\Chrome\User Data\Default\Extensions\cgbogdmdefihhljhfeiklfiedefalcde [2015-01-02] CHR Extension: (Google-Suche) - C:\Users\Stephanie\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-11-30] CHR Extension: (Post To Tumblr) - C:\Users\Stephanie\AppData\Local\Google\Chrome\User Data\Default\Extensions\dbpicbbcpanckagpdjflgojlknomoiah [2015-11-30] CHR Extension: (Syncpad for Simplenote) - C:\Users\Stephanie\AppData\Local\Google\Chrome\User Data\Default\Extensions\djiafihgcdhojlgmgfolclfgmllnhhbj [2012-05-20] CHR Extension: (Adobe Acrobat) - C:\Users\Stephanie\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2015-11-30] CHR Extension: (Google Kalender) - C:\Users\Stephanie\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejjicmeblgpmajnghnpcppodonldlgfn [2015-11-30] CHR Extension: (Springpad) - C:\Users\Stephanie\AppData\Local\Google\Chrome\User Data\Default\Extensions\fkmopoamfjnmppabeaphohombnjcjgla [2012-04-16] CHR Extension: (Deaktivierungs-Add-on von Google Analytics) - C:\Users\Stephanie\AppData\Local\Google\Chrome\User Data\Default\Extensions\fllaojicojecljbmefodhfapmkghcbnh [2014-10-21] CHR Extension: (Google Docs Offline) - C:\Users\Stephanie\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-11-30] CHR Extension: (Google Kalender (von Google)) - C:\Users\Stephanie\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmbgaklkmjakoegficnlkhebmhkjfich [2015-11-30] CHR Extension: (TomaTimer) - C:\Users\Stephanie\AppData\Local\Google\Chrome\User Data\Default\Extensions\hgbdhbgmmfhepghcdhepkbhabkaffihk [2014-02-19] CHR Extension: (MusicDock) - C:\Users\Stephanie\AppData\Local\Google\Chrome\User Data\Default\Extensions\hokmdnpfhbbjkaaofecofamghdjadhpa [2012-04-09] CHR Extension: (Speed Dial 2) - C:\Users\Stephanie\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpfpebmajhhopeonhlcgidhclcccjcik [2015-11-30] CHR Extension: (TrackingTime Online Zeiterfassung) - C:\Users\Stephanie\AppData\Local\Google\Chrome\User Data\Default\Extensions\knailkjkjcfegledhjhcfacdngnicimb [2015-11-30] CHR Extension: (SPIEGEL ONLINE Extension) - C:\Users\Stephanie\AppData\Local\Google\Chrome\User Data\Default\Extensions\lcmhmkhlpcieakngfbhgjkdpgibbmboc [2012-04-09] CHR Extension: (Karim Rashid) - C:\Users\Stephanie\AppData\Local\Google\Chrome\User Data\Default\Extensions\ldjcbfljkplgifccngillicohclloidg [2014-02-21] CHR Extension: (Password Depot Add-On) - C:\Users\Stephanie\AppData\Local\Google\Chrome\User Data\Default\Extensions\mcgmdbhgeplifgopfnmafmhfmoekiekn [2015-08-05] CHR Extension: (Save to Pocket) - C:\Users\Stephanie\AppData\Local\Google\Chrome\User Data\Default\Extensions\niloccemoadcdkdjlinkgdfekeahmflj [2015-11-30] CHR Extension: (Springpad Extension) - C:\Users\Stephanie\AppData\Local\Google\Chrome\User Data\Default\Extensions\njhgeimnepehieioinbhmfpphfoocmng [2012-04-16] CHR Extension: (Chrome Web Store-Zahlungen) - C:\Users\Stephanie\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-08-14] CHR Extension: (Any.do) - C:\Users\Stephanie\AppData\Local\Google\Chrome\User Data\Default\Extensions\ocgddccilgpeepgglnlpchkpgamkgmld [2015-08-14] CHR Extension: (Citavi Picker) - C:\Users\Stephanie\AppData\Local\Google\Chrome\User Data\Default\Extensions\ohgndokldibnndfnjnagojmheejlengn [2015-11-30] CHR Extension: (Google Calendar Checker) - C:\Users\Stephanie\AppData\Local\Google\Chrome\User Data\Default\Extensions\ookhcbgokankfmjafalglpofmolfopek [2015-02-24] CHR Extension: (Cacoo - Diagramming & Real-Time Collaboration) - C:\Users\Stephanie\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcflmbddgcmomcfngehfhlajjapabojh [2015-05-21] CHR Extension: (Google Mail) - C:\Users\Stephanie\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-05-21] CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCChromeExtn\WCChromeExtn.crx [2015-12-17] CHR HKLM-x32\...\Chrome\Extension: [jfmjfhklogoienhpfnppmbcbjfjnkonk] - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Chrome\Ext\rphtml5video.crx [2011-10-24] CHR HKLM-x32\...\Chrome\Extension: [mcgmdbhgeplifgopfnmafmhfmoekiekn] - C:\Program Files (x86)\AceBIT\Password Depot 7\crx.crx [2013-08-27] CHR HKLM-x32\...\Chrome\Extension: [ohgndokldibnndfnjnagojmheejlengn] - hxxps://clients2.google.com/service/update2/crx ==================== Dienste (Nicht auf der Ausnahmeliste) ======================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.) S4 Agile1Password; C:\Program Files (x86)\1Password\Agile1pService.exe [768784 2013-08-07] (AgileBits) R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77104 2015-10-07] (Apple Inc.) S4 AppleOSSMgr; C:\Windows\system32\AppleOSSMgr.exe [224640 2011-06-29] () R2 Box for Office Upgrade Service; C:\Program Files (x86)\Box\Box for Office\UpgradeService.exe [26368 2015-10-15] (Box, Inc.) S3 BoxSyncUpdateService; C:\Program Files\Box\Box Sync\SyncUpdaterService.exe [32144 2015-12-01] (Box, Inc.) R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [2802928 2016-01-21] (Microsoft Corporation) R2 Cloud Station Drive VSS Service x64; C:\Program Files (x86)\Synology\CloudStation\bin\vss-service-x64.exe [287712 2015-10-06] () R2 MBAMScheduler; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe [1513784 2015-10-05] (Malwarebytes) S2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [1135416 2015-10-05] (Malwarebytes) R2 mmsminisrv; C:\Program Files (x86)\Common Files\Acronis\Infrastructure\mms_mini.exe [4884064 2015-08-11] (Acronis) R2 msoidsvc; C:\Program Files\Common Files\Microsoft Shared\Microsoft Online Services\MSOIDSVC.EXE [2079520 2012-05-17] (Microsoft Corp.) R2 MSSQL$MYMOVIES; c:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [29293408 2010-12-10] (Microsoft Corporation) R2 MSSQL$SERVEREXP2008; c:\Program Files (x86)\Microsoft SQL Server\MSSQL10.SERVEREXP2008\MSSQL\Binn\sqlservr.exe [43044512 2015-04-03] (Microsoft Corporation) R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [60416 2009-06-22] (Hewlett-Packard) [Datei ist nicht signiert] R2 SAVAdminService; C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SAVAdminService.exe [288552 2014-06-06] (Sophos Limited) R2 SAVService; C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SavService.exe [208168 2014-11-06] (Sophos Limited) S4 Secunia PSI Agent; C:\Program Files (x86)\Secunia\PSI\PSIA.exe [1228504 2013-07-03] (Secunia) S4 Secunia Update Agent; C:\Program Files (x86)\Secunia\PSI\sua.exe [660184 2013-07-03] (Secunia) R2 Sophos AutoUpdate Service; C:\Program Files (x86)\Sophos\AutoUpdate\ALsvc.exe [340264 2015-08-12] (Sophos Limited) R2 Sophos Web Control Service; C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Control\swc_service.exe [341800 2014-11-06] (Sophos Limited) S4 SQLAgent$SERVEREXP2008; c:\Program Files (x86)\Microsoft SQL Server\MSSQL10.SERVEREXP2008\MSSQL\Binn\SQLAGENT.EXE [380064 2015-04-03] (Microsoft Corporation) R2 swi_service; C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe [3274536 2015-01-14] (Sophos Limited) S2 swi_update_64; C:\ProgramData\Sophos\Web Intelligence\swi_update_64.exe [2065704 2015-01-14] (Sophos Limited) R2 SynoDrService; C:\Program Files (x86)\Synology Data Replicator 3\SynoDrServicex64.exe [384072 2013-10-09] () R2 UsbClientService; C:\Program Files (x86)\Synology\Assistant\UsbClientService.exe [248736 2015-05-11] () R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation) S3 WsDrvInst; C:\Program Files (x86)\Wondershare\TunesGoRetro\DriverInstall.exe [103576 2015-11-04] (Wondershare) S2 HPHNDUSVC; C:\Users\STEPHA~1\AppData\Local\Temp\7zS19CF\HPHNDUSVC.dll [X] S2 HPSLPSVC; C:\Users\STEPHA~1\AppData\Local\Temp\7zS1050\hpslpsvc64.dll [X] S4 Nero BackItUp Scheduler 4.0; C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe [X] ===================== Treiber (Nicht auf der Ausnahmeliste) ========================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.) S3 applebmt; C:\Windows\System32\DRIVERS\applebmt.sys [52736 2011-06-03] (Apple Inc.) S3 AppleODD; C:\Windows\System32\DRIVERS\AppleODD.sys [8704 2011-03-25] (Apple Inc.) R3 azvusb; C:\Windows\System32\DRIVERS\azvusb.sys [54784 2009-08-24] (AzureWave Technologies, Inc.) R3 CVPNDRVA; C:\Windows\system32\Drivers\CVPNDRVA.sys [304784 2010-03-23] () S3 ebdrv; C:\Windows\system32\DRIVERS\evbda.sys [3286016 2009-06-10] (Broadcom Corporation) R0 file_tracker; C:\Windows\System32\DRIVERS\file_tracker.sys [339808 2016-02-07] (Acronis International GmbH) R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-10-05] (Malwarebytes) R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [192216 2016-02-12] (Malwarebytes) S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-10-05] (Malwarebytes Corporation) S3 mod7700; C:\Windows\System32\DRIVERS\mod7700.sys [1077840 2010-11-19] (DiBcom SA) S3 MODRC; C:\Windows\System32\DRIVERS\modrc.sys [24272 2010-11-19] (DiBcom S.A.) S3 PSI; C:\Windows\System32\DRIVERS\psi_mf_amd64.sys [18456 2013-07-03] (Secunia) R1 SAVOnAccess; C:\Windows\System32\DRIVERS\savonaccess.sys [158976 2014-06-06] (Sophos Limited) S3 sdcfilter; C:\Windows\System32\DRIVERS\sdcfilter.sys [38144 2014-06-06] (Sophos Limited) S4 SophosBootDriver; C:\Windows\System32\DRIVERS\SophosBootDriver.sys [27904 2014-06-06] (Sophos Limited) R0 sptd; C:\Windows\System32\Drivers\sptd.sys [564792 2012-04-10] (Duplex Secure Ltd.) R0 tib; C:\Windows\System32\DRIVERS\tib.sys [1049432 2016-02-07] (Acronis International GmbH) R2 tib_mounter; C:\Windows\System32\DRIVERS\tib_mounter.sys [202592 2016-02-07] (Acronis International GmbH) S3 tnd; C:\Windows\System32\DRIVERS\tnd.sys [581464 2016-02-07] (Acronis International GmbH) R2 virtual_file; C:\Windows\System32\DRIVERS\virtual_file.sys [301408 2016-02-07] (Acronis International GmbH) S3 vpnva; C:\Windows\System32\DRIVERS\vpnva64-6.sys [52592 2014-11-19] (Cisco Systems, Inc.) ==================== NetSvcs (Nicht auf der Ausnahmeliste) =================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.) ==================== Ein Monat: Erstellte Dateien und Ordner ======== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.) 2016-02-12 18:19 - 2016-02-12 18:19 - 00003485 _____ C:\Users\Stephanie\Desktop\JRT.txt 2016-02-12 18:06 - 2016-02-12 18:06 - 01609032 _____ (Malwarebytes) C:\Users\Stephanie\Desktop\JRT.exe 2016-02-12 18:06 - 2016-02-12 18:06 - 01508352 _____ C:\Users\Stephanie\Desktop\AdwCleaner_5.033.exe 2016-02-12 13:11 - 2016-02-12 15:27 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable) 2016-02-12 12:37 - 2016-02-12 12:37 - 00000000 ____D C:\Users\Stephanie\Desktop\mbar-1.09.3.1001 2016-02-12 12:34 - 2016-02-12 12:34 - 16563352 _____ (Malwarebytes Corp.) C:\Users\Stephanie\Desktop\mbar-1.09.3.1001.exe 2016-02-12 12:17 - 2016-02-12 12:17 - 00132975 _____ C:\Users\Stephanie\0032.pdf 2016-02-12 11:24 - 2016-02-12 18:25 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox 2016-02-12 10:15 - 2016-02-12 10:15 - 00000000 ___HD C:\OneDriveTemp 2016-02-11 18:49 - 2016-02-11 18:49 - 00166024 _____ C:\Users\Stephanie\0031.pdf 2016-02-11 18:31 - 2016-02-11 18:31 - 00174613 _____ C:\Users\Stephanie\0030.pdf 2016-02-11 18:15 - 2016-02-11 18:15 - 01025139 _____ C:\Users\Stephanie\0029.pdf 2016-02-11 18:04 - 2016-02-11 18:04 - 00216131 _____ C:\Users\Stephanie\0028.pdf 2016-02-11 18:01 - 2016-02-11 18:01 - 00921666 _____ C:\Users\Stephanie\0027.pdf 2016-02-10 13:36 - 2016-02-10 13:36 - 00730020 _____ C:\Users\Stephanie\0026.pdf 2016-02-10 13:35 - 2016-02-10 13:35 - 00730020 _____ C:\Users\Stephanie\0025.pdf 2016-02-10 13:04 - 2016-02-06 11:48 - 25839104 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2016-02-10 13:04 - 2016-02-06 11:32 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2016-02-10 13:04 - 2016-02-06 11:24 - 02887680 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2016-02-10 13:04 - 2016-02-06 11:11 - 00615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2016-02-10 13:04 - 2016-02-06 11:10 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe 2016-02-10 13:04 - 2016-02-06 11:01 - 20366848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2016-02-10 13:04 - 2016-02-06 10:54 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2016-02-10 13:04 - 2016-02-06 10:43 - 02280448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2016-02-10 13:04 - 2016-02-06 10:38 - 00476160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2016-02-10 13:04 - 2016-02-06 10:37 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe 2016-02-10 13:04 - 2016-02-06 10:32 - 14458368 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2016-02-10 13:04 - 2016-02-06 10:16 - 12857856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2016-02-10 13:04 - 2016-02-06 10:09 - 01547264 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2016-02-10 13:04 - 2016-02-06 09:54 - 01312256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2016-02-10 13:04 - 2016-01-22 21:31 - 00387784 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll 2016-02-10 13:04 - 2016-01-22 21:10 - 00341200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll 2016-02-10 13:04 - 2016-01-22 07:56 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll 2016-02-10 13:04 - 2016-01-22 07:40 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll 2016-02-10 13:04 - 2016-01-22 07:32 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll 2016-02-10 13:04 - 2016-01-22 07:27 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe 2016-02-10 13:04 - 2016-01-22 07:09 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll 2016-02-10 13:04 - 2016-01-22 07:08 - 00107520 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll 2016-02-10 13:04 - 2016-01-22 07:02 - 00496640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll 2016-02-10 13:04 - 2016-01-22 07:02 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll 2016-02-10 13:04 - 2016-01-22 07:01 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll 2016-02-10 13:04 - 2016-01-22 07:00 - 00152064 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll 2016-02-10 13:04 - 2016-01-22 06:55 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2016-02-10 13:04 - 2016-01-22 06:55 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll 2016-02-10 13:04 - 2016-01-22 06:51 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll 2016-02-10 13:04 - 2016-01-22 06:51 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll 2016-02-10 13:04 - 2016-01-22 06:48 - 00718336 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2016-02-10 13:04 - 2016-01-22 06:39 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll 2016-02-10 13:04 - 2016-01-22 06:38 - 00091136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll 2016-02-10 13:04 - 2016-01-22 06:35 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll 2016-02-10 13:04 - 2016-01-22 06:34 - 00279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll 2016-02-10 13:04 - 2016-01-22 06:33 - 00130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll 2016-02-10 13:04 - 2016-01-22 06:25 - 00687104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2016-02-10 13:04 - 2016-01-22 06:24 - 02050560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl 2016-02-10 13:04 - 2016-01-22 06:02 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll 2016-02-10 13:04 - 2016-01-16 20:06 - 00025024 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe 2016-02-10 13:04 - 2016-01-16 19:54 - 01162240 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll 2016-02-10 13:04 - 2016-01-11 15:08 - 01362944 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll 2016-02-10 13:04 - 2016-01-11 15:08 - 00696320 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll 2016-02-10 13:04 - 2016-01-11 15:08 - 00677376 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll 2016-02-10 13:04 - 2016-01-11 15:08 - 00499200 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll 2016-02-10 13:04 - 2016-01-11 15:08 - 00076800 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll 2016-02-10 13:04 - 2016-01-06 20:02 - 00275456 _____ (Microsoft Corporation) C:\Windows\system32\InkEd.dll 2016-02-10 13:04 - 2016-01-06 20:02 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\jnwmon.dll 2016-02-10 13:04 - 2016-01-06 19:41 - 00216064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\InkEd.dll 2016-02-10 13:03 - 2016-01-22 07:41 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll 2016-02-10 13:03 - 2016-01-22 07:40 - 00571904 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll 2016-02-10 13:03 - 2016-01-22 07:40 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec 2016-02-10 13:03 - 2016-01-22 07:40 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll 2016-02-10 13:03 - 2016-01-22 07:33 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2016-02-10 13:03 - 2016-01-22 07:29 - 06052352 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2016-02-10 13:03 - 2016-01-22 07:27 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll 2016-02-10 13:03 - 2016-01-22 07:27 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll 2016-02-10 13:03 - 2016-01-22 07:20 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe 2016-02-10 13:03 - 2016-01-22 07:17 - 00489984 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll 2016-02-10 13:03 - 2016-01-22 07:05 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll 2016-02-10 13:03 - 2016-01-22 07:04 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2016-02-10 13:03 - 2016-01-22 07:02 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll 2016-02-10 13:03 - 2016-01-22 07:01 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec 2016-02-10 13:03 - 2016-01-22 07:00 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll 2016-02-10 13:03 - 2016-01-22 06:50 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll 2016-02-10 13:03 - 2016-01-22 06:47 - 00798208 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2016-02-10 13:03 - 2016-01-22 06:46 - 02123264 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2016-02-10 13:03 - 2016-01-22 06:46 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll 2016-02-10 13:03 - 2016-01-22 06:43 - 00416256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll 2016-02-10 13:03 - 2016-01-22 06:37 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll 2016-02-10 13:03 - 2016-01-22 06:35 - 04611072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2016-02-10 13:03 - 2016-01-22 06:31 - 02597376 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2016-02-10 13:03 - 2016-01-22 06:27 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll 2016-02-10 13:03 - 2016-01-22 06:24 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll 2016-02-10 13:03 - 2016-01-22 06:08 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll 2016-02-10 13:03 - 2016-01-22 06:07 - 02120704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2016-02-10 13:02 - 2016-01-11 20:05 - 03169792 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll 2016-02-10 13:02 - 2016-01-11 20:05 - 00192512 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll 2016-02-10 13:02 - 2016-01-11 20:05 - 00098816 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll 2016-02-10 13:02 - 2016-01-11 19:52 - 00091136 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll 2016-02-10 13:02 - 2016-01-11 19:47 - 00174080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll 2016-02-10 13:02 - 2016-01-11 19:26 - 02610176 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll 2016-02-10 13:02 - 2016-01-11 19:24 - 00709120 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll 2016-02-10 13:02 - 2016-01-11 19:23 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe 2016-02-10 13:02 - 2016-01-11 19:23 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll 2016-02-10 13:02 - 2016-01-11 19:23 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe 2016-02-10 13:02 - 2016-01-11 19:23 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll 2016-02-10 13:02 - 2016-01-11 19:23 - 00012288 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll 2016-02-10 13:02 - 2016-01-11 19:14 - 00573440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll 2016-02-10 13:02 - 2016-01-11 19:14 - 00093696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll 2016-02-10 13:02 - 2016-01-11 19:14 - 00035328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe 2016-02-10 13:02 - 2016-01-11 19:14 - 00030208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll 2016-02-10 13:02 - 2016-01-07 18:53 - 03211776 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys 2016-02-10 13:02 - 2016-01-07 18:42 - 00141312 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys 2016-02-10 13:02 - 2015-12-20 19:50 - 03180544 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll 2016-02-10 13:02 - 2015-12-20 19:50 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\RdpGroupPolicyExtension.dll 2016-02-10 13:02 - 2015-12-20 15:08 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\rdpudd.dll 2016-02-10 13:01 - 2016-01-22 07:27 - 05573056 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe 2016-02-10 13:01 - 2016-01-22 07:24 - 01733592 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll 2016-02-10 13:01 - 2016-01-22 07:18 - 00961024 _____ (Microsoft Corporation) C:\Windows\system32\CPFilters.dll 2016-02-10 13:01 - 2016-01-22 07:18 - 00723968 _____ (Microsoft Corporation) C:\Windows\system32\EncDec.dll 2016-02-10 13:01 - 2016-01-22 07:17 - 00159744 _____ (Microsoft Corporation) C:\Windows\system32\mtxoci.dll 2016-02-10 13:01 - 2016-01-22 07:15 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll 2016-02-10 13:01 - 2016-01-22 07:15 - 00730112 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll 2016-02-10 13:01 - 2016-01-22 07:15 - 00422400 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll 2016-02-10 13:01 - 2016-01-22 07:13 - 03993536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe 2016-02-10 13:01 - 2016-01-22 07:13 - 03938752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe 2016-02-10 13:01 - 2016-01-22 07:12 - 00880128 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll 2016-02-10 13:01 - 2016-01-22 07:09 - 01314328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll 2016-02-10 13:01 - 2016-01-22 07:04 - 00642048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\CPFilters.dll 2016-02-10 13:01 - 2016-01-22 07:04 - 00535040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\EncDec.dll 2016-02-10 13:01 - 2016-01-22 07:02 - 00114176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mtxoci.dll 2016-02-10 13:01 - 2016-01-22 06:59 - 00642560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll 2016-02-10 13:01 - 2016-01-16 20:01 - 02085888 _____ (Microsoft Corporation) C:\Windows\system32\ole32.dll 2016-02-10 13:01 - 2016-01-16 19:36 - 01413632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ole32.dll 2016-02-10 13:00 - 2016-01-22 07:27 - 00154560 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys 2016-02-10 13:00 - 2016-01-22 07:27 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys 2016-02-10 13:00 - 2016-01-22 07:20 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll 2016-02-10 13:00 - 2016-01-22 07:20 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll 2016-02-10 13:00 - 2016-01-22 07:20 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll 2016-02-10 13:00 - 2016-01-22 07:20 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll 2016-02-10 13:00 - 2016-01-22 07:20 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll 2016-02-10 13:00 - 2016-01-22 07:20 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll 2016-02-10 13:00 - 2016-01-22 07:20 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll 2016-02-10 13:00 - 2016-01-22 07:20 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll 2016-02-10 13:00 - 2016-01-22 07:20 - 00028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll 2016-02-10 13:00 - 2016-01-22 07:20 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll 2016-02-10 13:00 - 2016-01-22 07:19 - 01214464 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll 2016-02-10 13:00 - 2016-01-22 07:19 - 00344064 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll 2016-02-10 13:00 - 2016-01-22 07:19 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll 2016-02-10 13:00 - 2016-01-22 07:18 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll 2016-02-10 13:00 - 2016-01-22 07:17 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll 2016-02-10 13:00 - 2016-01-22 07:17 - 00312320 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll 2016-02-10 13:00 - 2016-01-22 07:16 - 01461248 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll 2016-02-10 13:00 - 2016-01-22 07:16 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll 2016-02-10 13:00 - 2016-01-22 07:16 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll 2016-02-10 13:00 - 2016-01-22 07:13 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll 2016-02-10 13:00 - 2016-01-22 07:13 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll 2016-02-10 13:00 - 2016-01-22 07:13 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll 2016-02-10 13:00 - 2016-01-22 07:12 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll 2016-02-10 13:00 - 2016-01-22 07:12 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll 2016-02-10 13:00 - 2016-01-22 07:12 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll 2016-02-10 13:00 - 2016-01-22 07:12 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll 2016-02-10 13:00 - 2016-01-22 07:12 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll 2016-02-10 13:00 - 2016-01-22 07:12 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll 2016-02-10 13:00 - 2016-01-22 07:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll 2016-02-10 13:00 - 2016-01-22 07:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll 2016-02-10 13:00 - 2016-01-22 07:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll 2016-02-10 13:00 - 2016-01-22 07:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll 2016-02-10 13:00 - 2016-01-22 07:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll 2016-02-10 13:00 - 2016-01-22 07:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll 2016-02-10 13:00 - 2016-01-22 07:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll 2016-02-10 13:00 - 2016-01-22 07:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll 2016-02-10 13:00 - 2016-01-22 07:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll 2016-02-10 13:00 - 2016-01-22 07:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll 2016-02-10 13:00 - 2016-01-22 07:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll 2016-02-10 13:00 - 2016-01-22 07:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll 2016-02-10 13:00 - 2016-01-22 07:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll 2016-02-10 13:00 - 2016-01-22 07:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll 2016-02-10 13:00 - 2016-01-22 07:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll 2016-02-10 13:00 - 2016-01-22 07:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll 2016-02-10 13:00 - 2016-01-22 07:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll 2016-02-10 13:00 - 2016-01-22 07:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll 2016-02-10 13:00 - 2016-01-22 07:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll 2016-02-10 13:00 - 2016-01-22 07:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll 2016-02-10 13:00 - 2016-01-22 07:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll 2016-02-10 13:00 - 2016-01-22 07:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll 2016-02-10 13:00 - 2016-01-22 07:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll 2016-02-10 13:00 - 2016-01-22 07:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll 2016-02-10 13:00 - 2016-01-22 07:06 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll 2016-02-10 13:00 - 2016-01-22 07:06 - 00665088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll 2016-02-10 13:00 - 2016-01-22 07:06 - 00275456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll 2016-02-10 13:00 - 2016-01-22 07:06 - 00171520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll 2016-02-10 13:00 - 2016-01-22 07:06 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll 2016-02-10 13:00 - 2016-01-22 07:06 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll 2016-02-10 13:00 - 2016-01-22 07:06 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll 2016-02-10 13:00 - 2016-01-22 07:06 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll 2016-02-10 13:00 - 2016-01-22 07:05 - 00251392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll 2016-02-10 13:00 - 2016-01-22 07:05 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll 2016-02-10 13:00 - 2016-01-22 07:02 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll 2016-02-10 13:00 - 2016-01-22 07:02 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll 2016-02-10 13:00 - 2016-01-22 07:02 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll 2016-02-10 13:00 - 2016-01-22 07:02 - 00176128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msorcl32.dll 2016-02-10 13:00 - 2016-01-22 07:02 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll 2016-02-10 13:00 - 2016-01-22 07:02 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll 2016-02-10 13:00 - 2016-01-22 06:59 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll 2016-02-10 13:00 - 2016-01-22 06:59 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll 2016-02-10 13:00 - 2016-01-22 06:59 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll 2016-02-10 13:00 - 2016-01-22 06:59 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll 2016-02-10 13:00 - 2016-01-22 06:59 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll 2016-02-10 13:00 - 2016-01-22 06:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll 2016-02-10 13:00 - 2016-01-22 06:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll 2016-02-10 13:00 - 2016-01-22 06:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll 2016-02-10 13:00 - 2016-01-22 06:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll 2016-02-10 13:00 - 2016-01-22 06:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll 2016-02-10 13:00 - 2016-01-22 06:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll 2016-02-10 13:00 - 2016-01-22 06:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll 2016-02-10 13:00 - 2016-01-22 06:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll 2016-02-10 13:00 - 2016-01-22 06:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll 2016-02-10 13:00 - 2016-01-22 06:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll 2016-02-10 13:00 - 2016-01-22 06:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll 2016-02-10 13:00 - 2016-01-22 06:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll 2016-02-10 13:00 - 2016-01-22 06:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll 2016-02-10 13:00 - 2016-01-22 06:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll 2016-02-10 13:00 - 2016-01-22 06:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll 2016-02-10 13:00 - 2016-01-22 06:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll 2016-02-10 13:00 - 2016-01-22 06:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll 2016-02-10 13:00 - 2016-01-22 06:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll 2016-02-10 13:00 - 2016-01-22 06:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll 2016-02-10 13:00 - 2016-01-22 06:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll 2016-02-10 13:00 - 2016-01-22 06:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll 2016-02-10 13:00 - 2016-01-22 06:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll 2016-02-10 13:00 - 2016-01-22 06:13 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe 2016-02-10 13:00 - 2016-01-22 06:07 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe 2016-02-10 13:00 - 2016-01-22 06:07 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe 2016-02-10 13:00 - 2016-01-22 06:05 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe 2016-02-10 13:00 - 2016-01-22 05:59 - 00159232 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys 2016-02-10 13:00 - 2016-01-22 05:58 - 00290816 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys 2016-02-10 13:00 - 2016-01-22 05:58 - 00129024 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys 2016-02-10 13:00 - 2016-01-22 05:57 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe 2016-02-10 13:00 - 2016-01-22 05:57 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe 2016-02-10 13:00 - 2016-01-22 05:53 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe 2016-02-10 13:00 - 2016-01-22 05:53 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll 2016-02-10 13:00 - 2016-01-22 05:53 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe 2016-02-10 13:00 - 2016-01-22 05:53 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe 2016-02-10 13:00 - 2016-01-22 05:51 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll 2016-02-10 13:00 - 2016-01-22 05:51 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll 2016-02-10 13:00 - 2016-01-22 05:51 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll 2016-02-10 13:00 - 2016-01-22 05:51 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll 2016-02-10 13:00 - 2016-01-22 05:51 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll 2016-02-10 12:59 - 2016-01-22 07:19 - 14179840 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll 2016-02-10 12:59 - 2016-01-22 07:15 - 01866752 _____ (Microsoft Corporation) C:\Windows\system32\ExplorerFrame.dll 2016-02-10 12:59 - 2016-01-22 07:12 - 01940992 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll 2016-02-10 12:59 - 2016-01-22 07:05 - 12877824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll 2016-02-10 12:59 - 2016-01-22 07:00 - 01498624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ExplorerFrame.dll 2016-02-10 12:59 - 2016-01-22 06:59 - 01805824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll 2016-02-10 12:59 - 2016-01-22 06:19 - 03231232 _____ (Microsoft Corporation) C:\Windows\explorer.exe 2016-02-10 12:59 - 2016-01-22 06:12 - 02973184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\explorer.exe 2016-02-10 12:47 - 2016-02-10 12:47 - 08817344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe 2016-02-10 10:51 - 2016-02-10 10:51 - 00673345 _____ C:\Users\Stephanie\0024.pdf 2016-02-10 10:37 - 2016-02-10 10:37 - 00816993 _____ C:\Users\Stephanie\0023.pdf 2016-02-09 22:49 - 2016-02-09 22:49 - 00000000 ____D C:\Users\Stephanie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox 2016-02-09 12:39 - 2016-02-09 12:51 - 02021280 _____ C:\Users\Stephanie\Documents\Isovar 2015 Anwenderdokumentation.pdf 2016-02-09 12:26 - 2016-02-09 12:58 - 00000000 ____D C:\Program Files (x86)\Isovar 2015 2016-02-09 12:26 - 2016-02-09 12:26 - 00000000 ____D C:\Users\Stephanie\AppData\Local\ascendere_IT_Systeme 2016-02-09 12:26 - 2016-02-09 12:26 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Isovar 2015 2016-02-09 12:24 - 2016-02-09 12:25 - 07640235 _____ (ascendere IT-Systeme ) C:\Users\Stephanie\Downloads\Isovar2015_Setup.exe 2016-02-08 23:30 - 2016-02-08 23:30 - 00000000 ____D C:\Users\Stephanie\Documents\Benutzerdefinierte Office-Vorlagen 2016-02-08 21:05 - 2016-02-12 10:16 - 00003356 _____ C:\Windows\System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-1165394420-3520031323-336608003-1000 2016-02-08 21:05 - 2016-02-12 10:16 - 00003230 _____ C:\Windows\System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-1165394420-3520031323-336608003-1000 2016-02-08 19:55 - 2016-02-08 19:55 - 00414435 _____ C:\Users\Stephanie\0022.pdf 2016-02-08 19:23 - 2016-02-08 19:23 - 00207375 _____ C:\Users\Stephanie\0021.pdf 2016-02-08 19:09 - 2016-02-08 19:09 - 00180223 _____ C:\Users\Stephanie\0020.pdf 2016-02-08 18:52 - 2016-02-08 18:52 - 00406148 _____ C:\Users\Stephanie\0019.pdf 2016-02-08 18:29 - 2016-02-08 18:29 - 00233892 _____ C:\Users\Stephanie\0018.pdf 2016-02-08 12:30 - 2016-02-08 12:30 - 00293240 _____ C:\Users\Stephanie\0017.pdf 2016-02-08 10:46 - 2016-02-08 10:47 - 00062987 _____ C:\Users\Stephanie\Downloads\umsatz_liste.pdf 2016-02-08 10:42 - 2016-02-08 10:42 - 00043265 _____ C:\Users\Stephanie\Downloads\Ertraegnisaufstellung_20150216.pdf 2016-02-08 10:42 - 2016-02-08 10:42 - 00020459 _____ C:\Users\Stephanie\Downloads\Extra_Konto_5541675355_Kontoauszug_20150105.pdf 2016-02-08 10:42 - 2016-02-08 10:42 - 00016843 _____ C:\Users\Stephanie\Downloads\Jahressteuerbescheinigung_20150216.pdf 2016-02-08 10:40 - 2016-02-08 10:40 - 00020096 _____ C:\Users\Stephanie\Downloads\Extra_Konto_5541675355_Kontoauszug_20160105.pdf 2016-02-08 10:19 - 2016-02-08 10:19 - 00000000 ____D C:\Users\Stephanie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Handbrake 2016-02-07 21:59 - 2016-02-07 21:59 - 00451058 _____ C:\Users\Stephanie\0016.pdf 2016-02-07 21:20 - 2016-02-07 21:21 - 00000000 ____D C:\Users\Stephanie\Documents\Fax 2016-02-07 15:07 - 2016-02-07 18:14 - 00000000 ____D C:\Users\Stephanie\AppData\Roaming\Acronis 2016-02-07 15:05 - 2016-02-07 15:05 - 01049432 _____ (Acronis International GmbH) C:\Windows\system32\Drivers\tib.sys 2016-02-07 15:05 - 2016-02-07 15:05 - 00581464 _____ (Acronis International GmbH) C:\Windows\system32\Drivers\tnd.sys 2016-02-07 15:05 - 2016-02-07 15:05 - 00339808 _____ (Acronis International GmbH) C:\Windows\system32\Drivers\file_tracker.sys 2016-02-07 15:05 - 2016-02-07 15:05 - 00301408 _____ (Acronis International GmbH) C:\Windows\system32\Drivers\virtual_file.sys 2016-02-07 15:05 - 2016-02-07 15:05 - 00202592 _____ (Acronis International GmbH) C:\Windows\system32\Drivers\tib_mounter.sys 2016-02-07 15:04 - 2016-02-07 15:04 - 00339288 _____ (Acronis International GmbH) C:\Windows\system32\Drivers\snapman.sys 2016-02-07 15:04 - 2016-02-07 15:04 - 00160600 _____ (Acronis International GmbH) C:\Windows\system32\Drivers\fltsrv.sys 2016-02-07 15:03 - 2016-02-07 15:03 - 00001225 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acronis True Image 2016.lnk 2016-02-07 15:03 - 2016-02-07 15:03 - 00001213 _____ C:\Users\Public\Desktop\Acronis True Image 2016.lnk 2016-02-07 15:03 - 2016-02-07 15:03 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acronis 2016-02-07 15:03 - 2016-02-07 15:03 - 00000000 ____D C:\Program Files (x86)\Acronis 2016-02-07 15:01 - 2016-02-07 18:31 - 00000000 ____D C:\ProgramData\Acronis 2016-02-07 14:41 - 2016-02-07 14:41 - 05320328 _____ C:\Users\Stephanie\Downloads\AcronisTrueImage2016_web.exe 2016-02-07 14:04 - 2016-02-07 14:04 - 00000000 ____D C:\ProgramData\explauncher 2016-02-07 13:58 - 2016-02-07 13:59 - 00000000 ____D C:\Users\Stephanie\Downloads\Paragon_Backup_Recovery_14_Free 2016-02-07 13:00 - 2016-02-07 13:32 - 416363903 _____ C:\Users\Stephanie\Downloads\Paragon_Backup_Recovery_14_Free.zip 2016-02-07 12:12 - 2016-02-07 12:12 - 01242650 _____ C:\Users\Stephanie\0015.pdf 2016-02-07 00:43 - 2016-02-07 00:43 - 00004012 _____ C:\Windows\System32\Tasks\Open URL by RoboForm 2016-02-06 23:06 - 2016-02-06 23:06 - 00735328 _____ (Oracle Corporation) C:\Users\Stephanie\Downloads\jxpiinstall.exe 2016-02-06 15:21 - 2016-02-07 11:41 - 00000000 ____D C:\EEK 2016-02-06 15:12 - 2016-02-06 15:20 - 212824440 _____ C:\Users\Stephanie\Downloads\EmsisoftEmergencyKit.exe 2016-02-06 15:09 - 2016-02-06 15:17 - 212824440 _____ C:\Users\Stephanie\Desktop\EmsisoftEmergencyKit.exe 2016-02-06 14:34 - 2016-02-06 14:34 - 00852720 _____ C:\Users\Stephanie\Desktop\SecurityCheck.exe 2016-02-05 17:28 - 2016-02-05 17:28 - 00242320 _____ C:\Users\Stephanie\Downloads\Firefox Setup Stub 44.0.exe 2016-02-05 17:06 - 2016-02-05 17:06 - 00000000 ____D C:\Users\Stephanie\Documents\Bluetooth-Exchange-Ordner 2016-02-04 15:01 - 2016-02-12 18:30 - 00000000 ____D C:\FRST 2016-02-04 14:15 - 2016-02-04 14:15 - 00002302 _____ C:\Users\Stephanie\Desktop\TROJANER.txt 2016-02-04 13:59 - 2016-02-12 18:04 - 00000000 ____D C:\Users\Stephanie\Desktop\TROJANERBOARD 2016-02-04 10:15 - 2016-02-04 10:15 - 00000000 ____D C:\Program Files (x86)\ESET 2016-02-04 10:11 - 2016-02-04 10:11 - 02870984 _____ (ESET) C:\Users\Stephanie\Downloads\esetsmartinstaller_deu.exe 2016-02-04 08:26 - 2016-02-04 08:26 - 22908888 _____ (Malwarebytes ) C:\Users\Stephanie\Downloads\mbam-setup-2.2.0.1024(1).exe 2016-02-02 11:37 - 2016-02-02 11:37 - 00231592 _____ C:\Users\Stephanie\0014.pdf 2016-01-31 11:40 - 2016-01-31 11:40 - 00339224 _____ C:\Users\Stephanie\0013.pdf 2016-01-29 10:11 - 2016-01-29 10:11 - 00000000 ____D C:\Users\Stephanie\AppData\Local\Microsoft_Corporation 2016-01-29 10:03 - 2016-01-29 10:11 - 00000000 ____D C:\Users\Stephanie\AppData\Local\yasoon 2016-01-29 10:00 - 2016-01-29 10:00 - 00000000 ____D C:\Users\Stephanie\AppData\Roaming\yasoon GmbH 2016-01-28 10:05 - 2016-01-28 10:05 - 00011439 _____ C:\Users\Stephanie\AppData\Roaming\Durch Trennzeichen getrennte Werte.TSK 2016-01-23 21:52 - 2016-01-23 21:52 - 00552409 _____ C:\Users\Stephanie\0012.pdf 2016-01-23 18:32 - 2016-01-23 18:32 - 00171597 _____ C:\Users\Stephanie\0011.pdf 2016-01-23 18:26 - 2016-01-23 18:26 - 00346300 _____ C:\Users\Stephanie\0010.pdf 2016-01-23 18:15 - 2016-01-23 18:15 - 00154642 _____ C:\Users\Stephanie\0009.pdf 2016-01-23 18:04 - 2016-01-23 18:04 - 00215794 _____ C:\Users\Stephanie\0008.pdf 2016-01-23 17:57 - 2016-01-23 17:57 - 00215794 _____ C:\Users\Stephanie\0007.pdf 2016-01-23 17:55 - 2016-01-23 17:55 - 00248524 _____ C:\Users\Stephanie\0006.pdf 2016-01-23 17:31 - 2016-01-23 17:31 - 00867745 _____ C:\Users\Stephanie\0005.pdf 2016-01-20 23:21 - 2016-01-20 23:21 - 00010835 _____ C:\Users\Stephanie\Downloads\Ihre Retourenmarke.pdf 2016-01-17 11:16 - 2016-01-17 11:16 - 00551291 _____ C:\Users\Stephanie\0004.pdf 2016-01-17 09:56 - 2016-01-17 09:56 - 03205312 _____ (Microsoft Corporation) C:\Users\Stephanie\Downloads\Setup.X86.de-DE_O365HomePremRetail_caeec875-3843-48d7-83a2-3adae5cd1054_TX_DB_.exe 2016-01-15 15:53 - 2016-01-15 15:53 - 00105770 _____ C:\Users\Stephanie\0003.pdf 2016-01-15 15:53 - 2016-01-15 15:53 - 00105770 _____ C:\Users\Stephanie\0002.pdf 2016-01-15 15:53 - 2016-01-15 15:53 - 00105770 _____ C:\Users\Stephanie\0001.pdf 2016-01-14 19:22 - 2016-01-14 19:22 - 00196218 _____ C:\Users\Stephanie\Documents\Scan0006.pdf 2016-01-14 19:21 - 2016-01-14 19:21 - 00196218 _____ C:\Users\Stephanie\Documents\Scan0005.pdf 2016-01-14 09:30 - 2015-12-08 22:54 - 02285056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msmpeg2vdec.dll 2016-01-14 09:30 - 2015-12-08 22:54 - 01620992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVDECOD.DLL 2016-01-14 09:30 - 2015-12-08 22:54 - 01568768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVENCOD.DLL 2016-01-14 09:30 - 2015-12-08 22:54 - 01325056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMSPDMOE.DLL 2016-01-14 09:30 - 2015-12-08 22:54 - 00902144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMADMOD.DLL 2016-01-14 09:30 - 2015-12-08 22:54 - 00815616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMADMOE.DLL 2016-01-14 09:30 - 2015-12-08 22:54 - 00740352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmpmde.dll 2016-01-14 09:30 - 2015-12-08 22:54 - 00739328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMSPDMOD.DLL 2016-01-14 09:30 - 2015-12-08 22:54 - 00665088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVXENCD.DLL 2016-01-14 09:30 - 2015-12-08 22:54 - 00541184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVSDECD.DLL 2016-01-14 09:30 - 2015-12-08 22:54 - 00358400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVSENCD.DLL 2016-01-14 09:30 - 2015-12-08 22:54 - 00154112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\VIDRESZR.DLL 2016-01-14 09:30 - 2015-12-08 22:53 - 03209728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mf.dll 2016-01-14 09:30 - 2015-12-08 22:53 - 01329664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\quartz.dll 2016-01-14 09:30 - 2015-12-08 22:53 - 00970240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msmpeg2adec.dll 2016-01-14 09:30 - 2015-12-08 22:53 - 00829952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSMPEG2ENC.DLL 2016-01-14 09:30 - 2015-12-08 22:53 - 00609280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MFWMAAEC.DLL 2016-01-14 09:30 - 2015-12-08 22:53 - 00519680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll 2016-01-14 09:30 - 2015-12-08 22:53 - 00509952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll 2016-01-14 09:30 - 2015-12-08 22:53 - 00489984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\evr.dll 2016-01-14 09:30 - 2015-12-08 22:53 - 00415744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MP4SDECD.DLL 2016-01-14 09:30 - 2015-12-08 22:53 - 00354816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfplat.dll 2016-01-14 09:30 - 2015-12-08 22:53 - 00241152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MPG4DECD.DLL 2016-01-14 09:30 - 2015-12-08 22:53 - 00241152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MP43DECD.DLL 2016-01-14 09:30 - 2015-12-08 22:53 - 00206848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RESAMPLEDMO.DLL 2016-01-14 09:30 - 2015-12-08 22:53 - 00206848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qasf.dll 2016-01-14 09:30 - 2015-12-08 22:53 - 00193536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ksproxy.ax 2016-01-14 09:30 - 2015-12-08 22:53 - 00153600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\COLORCNV.DLL 2016-01-14 09:30 - 2015-12-08 22:53 - 00103424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfps.dll 2016-01-14 09:30 - 2015-12-08 22:53 - 00079872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MP3DMOD.DLL 2016-01-14 09:30 - 2015-12-08 22:53 - 00067584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\devenum.dll 2016-01-14 09:30 - 2015-12-08 22:53 - 00053248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfvdsp.dll 2016-01-14 09:30 - 2015-12-08 22:53 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rrinstaller.exe 2016-01-14 09:30 - 2015-12-08 22:53 - 00023040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfpmp.exe 2016-01-14 09:30 - 2015-12-08 22:53 - 00004608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ksuser.dll 2016-01-14 09:30 - 2015-12-08 22:50 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mferror.dll 2016-01-14 09:30 - 2015-12-08 20:07 - 04121600 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll 2016-01-14 09:30 - 2015-12-08 20:07 - 02777088 _____ (Microsoft Corporation) C:\Windows\system32\msmpeg2vdec.dll 2016-01-14 09:30 - 2015-12-08 20:07 - 01955328 _____ (Microsoft Corporation) C:\Windows\system32\WMVENCOD.DLL 2016-01-14 09:30 - 2015-12-08 20:07 - 01888768 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL 2016-01-14 09:30 - 2015-12-08 20:07 - 01575424 _____ (Microsoft Corporation) C:\Windows\system32\WMSPDMOE.DLL 2016-01-14 09:30 - 2015-12-08 20:07 - 01573888 _____ (Microsoft Corporation) C:\Windows\system32\quartz.dll 2016-01-14 09:30 - 2015-12-08 20:07 - 01307136 _____ (Microsoft Corporation) C:\Windows\system32\msmpeg2adec.dll 2016-01-14 09:30 - 2015-12-08 20:07 - 01232896 _____ (Microsoft Corporation) C:\Windows\system32\WMADMOD.DLL 2016-01-14 09:30 - 2015-12-08 20:07 - 01160192 _____ (Microsoft Corporation) C:\Windows\system32\MSMPEG2ENC.DLL 2016-01-14 09:30 - 2015-12-08 20:07 - 01153024 _____ (Microsoft Corporation) C:\Windows\system32\WMADMOE.DLL 2016-01-14 09:30 - 2015-12-08 20:07 - 01026048 _____ (Microsoft Corporation) C:\Windows\system32\wmpmde.dll 2016-01-14 09:30 - 2015-12-08 20:07 - 01010688 _____ (Microsoft Corporation) C:\Windows\system32\mcmde.dll 2016-01-14 09:30 - 2015-12-08 20:07 - 00978944 _____ (Microsoft Corporation) C:\Windows\system32\WMSPDMOD.DLL 2016-01-14 09:30 - 2015-12-08 20:07 - 00666112 _____ (Microsoft Corporation) C:\Windows\system32\WMVSDECD.DLL 2016-01-14 09:30 - 2015-12-08 20:07 - 00653824 _____ (Microsoft Corporation) C:\Windows\system32\MP4SDECD.DLL 2016-01-14 09:30 - 2015-12-08 20:07 - 00642048 _____ (Microsoft Corporation) C:\Windows\system32\WMVXENCD.DLL 2016-01-14 09:30 - 2015-12-08 20:07 - 00632320 _____ (Microsoft Corporation) C:\Windows\system32\evr.dll 2016-01-14 09:30 - 2015-12-08 20:07 - 00624640 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll 2016-01-14 09:30 - 2015-12-08 20:07 - 00484864 _____ (Microsoft Corporation) C:\Windows\system32\MFWMAAEC.DLL 2016-01-14 09:30 - 2015-12-08 20:07 - 00447488 _____ (Microsoft Corporation) C:\Windows\system32\WMVSENCD.DLL 2016-01-14 09:30 - 2015-12-08 20:07 - 00432128 _____ (Microsoft Corporation) C:\Windows\system32\mfplat.dll 2016-01-14 09:30 - 2015-12-08 20:07 - 00378880 _____ (Microsoft Corporation) C:\Windows\system32\SysFxUI.dll 2016-01-14 09:30 - 2015-12-08 20:07 - 00371712 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll 2016-01-14 09:30 - 2015-12-08 20:07 - 00292352 _____ (Microsoft Corporation) C:\Windows\system32\VIDRESZR.DLL 2016-01-14 09:30 - 2015-12-08 20:07 - 00254464 _____ (Microsoft Corporation) C:\Windows\system32\qasf.dll 2016-01-14 09:30 - 2015-12-08 20:07 - 00225792 _____ (Microsoft Corporation) C:\Windows\system32\RESAMPLEDMO.DLL 2016-01-14 09:30 - 2015-12-08 20:07 - 00224768 _____ (Microsoft Corporation) C:\Windows\system32\MPG4DECD.DLL 2016-01-14 09:30 - 2015-12-08 20:07 - 00223744 _____ (Microsoft Corporation) C:\Windows\system32\MP43DECD.DLL 2016-01-14 09:30 - 2015-12-08 20:07 - 00206848 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll 2016-01-14 09:30 - 2015-12-08 20:07 - 00189952 _____ (Microsoft Corporation) C:\Windows\system32\COLORCNV.DLL 2016-01-14 09:30 - 2015-12-08 20:07 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\MP3DMOD.DLL 2016-01-14 09:30 - 2015-12-08 20:07 - 00076288 _____ (Microsoft Corporation) C:\Windows\system32\devenum.dll 2016-01-14 09:30 - 2015-12-08 20:07 - 00070144 _____ (Microsoft Corporation) C:\Windows\system32\mfvdsp.dll 2016-01-14 09:30 - 2015-12-08 20:07 - 00055808 _____ (Microsoft Corporation) C:\Windows\system32\rrinstaller.exe 2016-01-14 09:30 - 2015-12-08 20:07 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\ksuser.dll 2016-01-14 09:30 - 2015-12-08 20:06 - 00250880 _____ (Microsoft Corporation) C:\Windows\system32\ksproxy.ax 2016-01-14 09:30 - 2015-12-08 20:06 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\mfpmp.exe 2016-01-14 09:30 - 2015-12-08 20:04 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\mferror.dll 2016-01-14 09:30 - 2015-12-08 19:54 - 00116736 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\drmk.sys 2016-01-14 09:30 - 2015-12-08 19:12 - 00230400 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\portcls.sys 2016-01-14 09:30 - 2015-12-08 19:11 - 00005632 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\drmkaud.sys 2016-01-14 09:30 - 2015-11-14 00:09 - 00091648 _____ (Microsoft Corporation) C:\Windows\system32\mapistub.dll 2016-01-14 09:30 - 2015-11-14 00:09 - 00091648 _____ (Microsoft Corporation) C:\Windows\system32\mapi32.dll 2016-01-14 09:30 - 2015-11-14 00:08 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\fixmapi.exe 2016-01-14 09:30 - 2015-11-13 23:50 - 00076800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mapistub.dll 2016-01-14 09:30 - 2015-11-13 23:50 - 00076800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mapi32.dll 2016-01-14 09:30 - 2015-11-13 23:49 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fixmapi.exe 2016-01-14 09:27 - 2015-12-08 22:52 - 00312320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll 2016-01-14 09:27 - 2015-12-08 20:07 - 00405504 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll 2016-01-14 09:27 - 2015-11-16 21:17 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll ==================== Ein Monat: Geänderte Dateien und Ordner ======== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.) 2016-02-12 18:25 - 2015-06-14 22:14 - 00001240 _____ C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-1165394420-3520031323-336608003-1000UA.job 2016-02-12 18:25 - 2012-05-01 23:00 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service 2016-02-12 18:16 - 2015-10-29 10:36 - 00000000 ___RD C:\Users\Stephanie\OneDrive 2016-02-12 18:13 - 2014-01-02 18:11 - 00000000 ____D C:\AdwCleaner 2016-02-12 18:11 - 2015-08-12 10:47 - 00000000 ___RD C:\Users\Stephanie\CloudStation 2016-02-12 18:03 - 2014-11-09 15:24 - 00000000 ____D C:\Users\Stephanie\AppData\Roaming\Copy 2016-02-12 18:01 - 2011-08-29 11:56 - 00000000 ____D C:\Users\Stephanie\AppData\Local\Deployment 2016-02-12 17:49 - 2015-03-01 09:37 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2016-02-12 17:47 - 2013-09-12 22:26 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job 2016-02-12 17:43 - 2014-02-11 14:14 - 00001110 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2016-02-12 16:38 - 2015-06-14 22:14 - 00001188 _____ C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-1165394420-3520031323-336608003-1000Core.job 2016-02-12 16:23 - 2009-07-14 05:45 - 00024384 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2016-02-12 16:23 - 2009-07-14 05:45 - 00024384 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2016-02-12 13:10 - 2015-03-01 09:36 - 00109272 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys 2016-02-12 12:46 - 2011-08-26 09:23 - 00000000 ____D C:\Users\Stephanie\Documents\WISO Mein Geld 2016-02-12 12:34 - 2015-08-04 10:56 - 00000000 ____D C:\ProgramData\firebird 2016-02-12 12:17 - 2011-08-24 22:45 - 00000000 ____D C:\Users\Stephanie 2016-02-12 10:14 - 2014-02-11 14:14 - 00001106 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2016-02-12 08:18 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT 2016-02-11 19:57 - 2011-08-24 23:43 - 00000000 ____D C:\Users\Stephanie\AppData\Local\ElevatedDiagnostics 2016-02-11 14:37 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\rescache 2016-02-11 08:29 - 2009-07-14 11:57 - 00815860 _____ C:\Windows\system32\perfh007.dat 2016-02-11 08:29 - 2009-07-14 11:57 - 00193644 _____ C:\Windows\system32\perfc007.dat 2016-02-11 08:29 - 2009-07-14 06:13 - 01947900 _____ C:\Windows\system32\PerfStringBackup.INI 2016-02-11 08:29 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\inf 2016-02-11 08:17 - 2009-07-14 05:45 - 00495920 _____ C:\Windows\system32\FNTCACHE.DAT 2016-02-11 08:14 - 2014-12-11 07:32 - 00000000 ____D C:\Windows\system32\appraiser 2016-02-11 08:14 - 2014-05-06 23:04 - 00000000 ___SD C:\Windows\system32\CompatTel 2016-02-11 08:14 - 2009-07-14 12:21 - 00000000 ____D C:\Program Files\Windows Journal 2016-02-10 14:13 - 2013-08-14 09:25 - 00000000 ____D C:\Windows\system32\MRT 2016-02-10 14:00 - 2011-08-25 09:39 - 146614896 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe 2016-02-10 12:49 - 2013-09-12 22:26 - 00003822 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater 2016-02-10 12:48 - 2013-09-12 22:26 - 00796864 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2016-02-10 12:48 - 2013-09-12 22:26 - 00142528 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2016-02-10 10:30 - 2014-10-06 18:55 - 00000000 ____D C:\Users\Stephanie\AppData\Local\CrashDumps 2016-02-09 22:50 - 2011-08-25 10:44 - 00000000 ____D C:\Users\Stephanie\AppData\Roaming\Dropbox 2016-02-09 11:44 - 2013-10-25 14:42 - 00139328 _____ C:\Users\Stephanie\AppData\Local\GDIPFONTCACHEV1.DAT 2016-02-08 19:00 - 2011-09-09 16:15 - 00000578 _____ C:\Windows\Tasks\Neuer Scan (1).job 2016-02-08 10:19 - 2015-04-21 14:48 - 00000832 _____ C:\Users\Stephanie\Desktop\Handbrake.lnk 2016-02-08 10:19 - 2015-04-21 14:48 - 00000832 _____ C:\Users\Gast\Desktop\Handbrake.lnk 2016-02-08 10:19 - 2015-04-21 14:48 - 00000000 ____D C:\Program Files\Handbrake 2016-02-08 09:57 - 2015-04-21 14:49 - 00000000 ____D C:\Users\Stephanie\AppData\Roaming\HandBrake 2016-02-07 21:26 - 2011-08-25 09:38 - 00000000 ___RD C:\Users\Stephanie\Documents\Scanned Documents 2016-02-07 18:40 - 2011-08-26 09:22 - 00000000 ____D C:\Users\Stephanie\AppData\Roaming\Buhl Data Service GmbH 2016-02-07 14:15 - 2011-09-27 21:46 - 00000000 ____D C:\Users\Stephanie\AppData\Local\Downloaded Installations 2016-02-07 13:56 - 2015-07-09 22:11 - 00387072 ___SH C:\Users\Stephanie\Downloads\Thumbs.db 2016-02-07 11:51 - 2014-11-09 15:26 - 00000000 ___RD C:\Users\Stephanie\Copy 2016-02-07 00:38 - 2013-09-13 08:02 - 00000000 ____D C:\ProgramData\Oracle 2016-02-06 23:30 - 2015-09-02 09:55 - 00000000 ____D C:\Users\Stephanie\.oracle_jre_usage 2016-02-06 23:28 - 2014-08-26 14:11 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java 2016-02-06 23:27 - 2014-10-31 08:34 - 00097888 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll 2016-02-06 23:27 - 2011-11-07 09:00 - 00000000 ____D C:\Windows\pss 2016-02-06 23:26 - 2011-09-28 10:40 - 00000000 ____D C:\Program Files (x86)\Java 2016-02-06 18:15 - 2011-08-26 10:15 - 00000000 ____D C:\Users\Stephanie\Downloads\behalten 2016-02-06 10:18 - 2015-07-10 08:59 - 00000000 ____D C:\Users\Stephanie\AppData\Local\Box Sync 2016-02-05 17:07 - 2015-08-12 10:31 - 00000000 ____D C:\Users\Stephanie\AppData\Local\CloudStation 2016-02-05 08:09 - 2014-02-20 09:09 - 00002200 _____ C:\Users\Stephanie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft OneDrive.lnk 2016-02-05 07:59 - 2015-07-26 14:54 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft 2016-02-05 07:51 - 2011-08-25 09:17 - 00000000 ____D C:\Program Files (x86)\Microsoft Office 2016-02-04 17:07 - 2013-06-12 07:16 - 00000000 ____D C:\Users\Stephanie\Desktop\Temporär 2016-02-04 17:00 - 2011-08-25 23:50 - 00000000 ____D C:\Users\Stephanie\Documents\Outlook-Dateien 2016-02-04 16:58 - 2011-08-27 22:54 - 00000000 ____D C:\Users\Stephanie\Documents\lexiCan 2016-02-04 13:25 - 2011-08-28 12:11 - 00001167 _____ C:\Windows\wiso.ini 2016-02-04 08:38 - 2014-02-11 14:14 - 00004106 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA 2016-02-04 08:38 - 2014-02-11 14:14 - 00003854 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore 2016-02-04 08:30 - 2015-11-17 09:04 - 00001110 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2016-02-04 08:30 - 2015-03-01 09:36 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 2016-02-04 08:30 - 2015-03-01 09:36 - 00000000 ____D C:\Program Files (x86)\ Malwarebytes Anti-Malware 2016-01-31 12:02 - 2011-08-27 23:07 - 00000000 ____D C:\Users\Stephanie\Documents\Telekommunikation 2016-01-31 00:01 - 2012-11-11 14:12 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive 2016-01-24 17:40 - 2015-08-17 12:45 - 00000000 ____D C:\ProgramData\BtCrashDumps 2016-01-23 21:36 - 2014-02-11 14:16 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Apps Migration 2016-01-20 23:50 - 2012-09-01 19:35 - 00000000 ____D C:\Users\Stephanie\AppData\Local\Spotify 2016-01-20 22:32 - 2012-09-01 19:35 - 00000000 ____D C:\Users\Stephanie\AppData\Roaming\Spotify 2016-01-18 18:40 - 2015-08-18 23:04 - 00002453 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat XI Pro.lnk 2016-01-18 18:40 - 2015-08-18 23:04 - 00002218 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe FormsCentral.lnk 2016-01-18 18:40 - 2015-08-18 23:04 - 00002057 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat Distiller XI.lnk 2016-01-17 15:08 - 2012-05-20 14:54 - 00000000 ____D C:\Users\Stephanie\AppData\Roaming\gSyncit 2016-01-17 11:12 - 2013-02-02 19:02 - 00000000 ____D C:\Users\Stephanie\AppData\Roaming\MOBackup 2016-01-17 09:48 - 2015-07-10 08:57 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Box Sync 2016-01-16 19:44 - 2011-08-29 18:10 - 00000000 ____D C:\Program Files (x86)\Google 2016-01-15 16:34 - 2013-03-13 10:17 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight 2016-01-15 16:33 - 2013-03-13 10:17 - 00000000 ____D C:\Program Files\Microsoft Silverlight 2016-01-15 16:33 - 2013-03-13 10:17 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight 2016-01-15 00:56 - 2014-11-19 23:40 - 00000000 ____D C:\ProgramData\Package Cache 2016-01-15 00:32 - 2015-08-21 08:35 - 00003886 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task 2016-01-14 13:08 - 2015-01-20 21:24 - 00003060 _____ C:\Windows\System32\Tasks\HpWebReg.exe 2016-01-14 12:09 - 2011-08-25 08:47 - 00000000 ____D C:\Users\Stephanie\AppData\Roaming\Adobe ==================== Dateien im Wurzelverzeichnis einiger Verzeichnisse ======= 2011-09-08 22:19 - 2011-09-08 22:20 - 0539136 _____ () C:\Program Files\Passbild-Generator.exe 2011-08-29 18:02 - 2012-06-03 16:08 - 0000157 _____ () C:\Users\Stephanie\AppData\Roaming\default.rss 2012-02-23 11:04 - 2012-02-23 11:04 - 0000000 _____ () C:\Users\Stephanie\AppData\Roaming\downloads.m3u 2014-03-02 18:39 - 2015-11-06 15:19 - 0038448 _____ () C:\Users\Stephanie\AppData\Roaming\Durch Trennzeichen getrennte Werte.ADR 2014-02-11 13:10 - 2015-05-27 16:49 - 0012988 _____ () C:\Users\Stephanie\AppData\Roaming\Durch Trennzeichen getrennte Werte.CAL 2016-01-28 10:05 - 2016-01-28 10:05 - 0011439 _____ () C:\Users\Stephanie\AppData\Roaming\Durch Trennzeichen getrennte Werte.TSK 2012-08-15 22:02 - 2012-11-11 20:37 - 0038454 _____ () C:\Users\Stephanie\AppData\Roaming\Kommagetrennte Werte (Windows).ADR 2012-11-11 20:32 - 2012-11-11 20:32 - 0038458 _____ () C:\Users\Stephanie\AppData\Roaming\Microsoft Excel 97-2003.ADR 2013-09-28 15:16 - 2014-10-21 14:51 - 0016572 _____ () C:\Users\Stephanie\AppData\Roaming\OneCal.emf 2013-09-28 15:16 - 2014-11-18 18:02 - 0000622 _____ () C:\Users\Stephanie\AppData\Roaming\onecal.xml 2014-05-24 11:14 - 2014-05-24 11:17 - 0599704 _____ () C:\Users\Stephanie\AppData\Roaming\Scorch_Install.log 2014-12-16 09:22 - 2014-12-16 09:22 - 0031794 _____ () C:\Users\Stephanie\AppData\Local\13E5D428_stp.CIS 2014-12-16 09:22 - 2014-12-16 09:22 - 0000289 _____ () C:\Users\Stephanie\AppData\Local\13E5D428_stp.CIS.part 2014-12-16 09:21 - 2014-12-16 09:22 - 0382062 _____ () C:\Users\Stephanie\AppData\Local\6AC3B58C_stp.CIS 2014-12-16 09:21 - 2014-12-16 09:22 - 0000220 _____ () C:\Users\Stephanie\AppData\Local\6AC3B58C_stp.CIS.part 2011-08-28 12:11 - 2012-12-07 12:45 - 0001188 _____ () C:\Users\Stephanie\AppData\Local\crc32list11.txt 2011-08-30 11:08 - 2015-04-21 07:20 - 0014336 _____ () C:\Users\Stephanie\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini 2015-06-19 15:23 - 2015-06-19 15:23 - 2218685 _____ () C:\Users\Stephanie\AppData\Local\Innenwelten.pdf 2013-03-10 14:50 - 2013-03-10 14:50 - 0000739 _____ () C:\Users\Stephanie\AppData\Local\recently-used.xbel 2014-01-25 10:37 - 2015-07-15 22:35 - 0007624 _____ () C:\Users\Stephanie\AppData\Local\resmon.resmoncfg 2012-02-21 23:18 - 2012-02-21 23:22 - 0000072 _____ () C:\Users\Stephanie\AppData\Local\xobni_installer_updater.log 2014-05-08 00:09 - 2015-09-09 18:15 - 0000333 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc Einige Dateien in TEMP: ==================== C:\Users\Stephanie\AppData\Local\Temp\handbrake-setup.exe C:\Users\Stephanie\AppData\Local\Temp\unrar.dll ==================== Bamital & volsnap ================= (Es ist kein automatischer Fix für Dateien vorhanden, die an der Verifikation gescheitert sind.) C:\Windows\system32\winlogon.exe => Datei ist digital signiert C:\Windows\system32\wininit.exe => Datei ist digital signiert C:\Windows\SysWOW64\wininit.exe => Datei ist digital signiert C:\Windows\explorer.exe => Datei ist digital signiert C:\Windows\SysWOW64\explorer.exe => Datei ist digital signiert C:\Windows\system32\svchost.exe => Datei ist digital signiert C:\Windows\SysWOW64\svchost.exe => Datei ist digital signiert C:\Windows\system32\services.exe => Datei ist digital signiert C:\Windows\system32\User32.dll => Datei ist digital signiert C:\Windows\SysWOW64\User32.dll => Datei ist digital signiert C:\Windows\system32\userinit.exe => Datei ist digital signiert C:\Windows\SysWOW64\userinit.exe => Datei ist digital signiert C:\Windows\system32\rpcss.dll => Datei ist digital signiert C:\Windows\system32\dnsapi.dll => Datei ist digital signiert C:\Windows\SysWOW64\dnsapi.dll => Datei ist digital signiert C:\Windows\system32\Drivers\volsnap.sys => Datei ist digital signiert LastRegBack: 2016-02-08 12:50 ==================== Ende von FRST.txt ============================ |
|
12.02.2016, 19:21
| #11 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Word-Anhang Büromarkt Boettcher in Vorschau geöffnet, ESET meldet JS/Astromenda.A u.a. Bitte auch ne neue Addition.txt erstellen, dazu FRST starten und einen Haken setzen bei Addition.txt, dann auf Untersuchen klicken.
__________________ Logfiles bitte immer in CODE-Tags posten |
|
12.02.2016, 19:45
| #12 |
| | Word-Anhang Büromarkt Boettcher in Vorschau geöffnet, ESET meldet JS/Astromenda.A u.a. Oh, Entschuldigung, das hab ich übersehen. Code:
ATTFilter Zusätzliches Untersuchungsergebnis von Farbar Recovery Scan Tool (x64) Version:27-01-2016
durchgeführt von Stephanie (2016-02-12 19:43:06)
Gestartet von C:\Users\Stephanie\Desktop\TROJANERBOARD
Windows 7 Professional Service Pack 1 (X64) (2011-08-24 21:45:23)
Start-Modus: Normal
==========================================================
==================== Konten: =============================
Administrator (S-1-5-21-1165394420-3520031323-336608003-500 - Administrator - Disabled)
Gast (S-1-5-21-1165394420-3520031323-336608003-501 - Limited - Enabled) => C:\Users\Gast
HomeGroupUser$ (S-1-5-21-1165394420-3520031323-336608003-1013 - Limited - Enabled)
SophosSAUSTEPHANIE-0 (S-1-5-21-1165394420-3520031323-336608003-1005 - Limited - Enabled)
Stephanie (S-1-5-21-1165394420-3520031323-336608003-1000 - Administrator - Enabled) => C:\Users\Stephanie
==================== Sicherheits-Center ========================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er entfernt.)
AV: Sophos Anti-Virus (Enabled - Up to date) {6BABF8F7-3EB6-BD1D-9167-8C5ECA060A29}
AS: Sophos Anti-Virus (Enabled - Up to date) {D0CA1913-188C-B293-ABD7-B72CB1814094}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installierte Programme ======================
(Nur Adware-Programme mit dem Zusatz "Hidden" können in die Fixlist aufgenommen werden, um sie sichtbar zu machen. Die Adware-Programme sollten manuell deinstalliert werden.)
1Password 1.0.9.333 (HKLM-x32\...\1Password_is1) (Version: 1.0 - AgileBits)
Acronis True Image 2016 (HKLM-x32\...\{64AB919C-28AA-4260-A147-1A88E53EE978}Visible) (Version: 19.0.6027 - Acronis)
Acronis True Image 2016 (x32 Version: 19.0.6027 - Acronis) Hidden
Adobe Acrobat XI Pro (HKLM-x32\...\{AC76BA86-1033-FFFF-7760-000000000006}) (Version: 11.0.14 - Adobe Systems)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 20.0.0.204 - Adobe Systems Incorporated)
Adobe Digital Editions 3.0 (HKLM-x32\...\Adobe Digital Editions 3.0) (Version: 3.0.1 - Adobe Systems Incorporated)
Adobe Download Assistant (HKLM-x32\...\com.adobe.downloadassistant.AdobeDownloadAssistant) (Version: 1.2.6 - Adobe Systems Incorporated)
Adobe Flash Player 20 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 20.0.0.306 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.2 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.2.1.171 - Adobe Systems, Inc.)
Amazing Slow Downer (remove only) (HKLM-x32\...\Amazing Slow Downer) (Version: - )
Amazon Kindle (HKU\S-1-5-21-1165394420-3520031323-336608003-1000\...\Amazon Kindle) (Version: - Amazon)
Anki (HKLM-x32\...\Anki) (Version: - )
Apple Application Support (32-Bit) (HKLM-x32\...\{C5815ACF-FD34-4553-8A22-C7411B7E662B}) (Version: 4.1.1 - Apple Inc.)
Apple Application Support (64-Bit) (HKLM\...\{CBF12D2F-CF64-4CB7-858B-2C1F21068E5F}) (Version: 4.1.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{3540181E-340A-4E7A-B409-31663472B2F7}) (Version: 9.1.0.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{FFD1F7F1-1AC9-4BC4-A908-0686D635ABAF}) (Version: 2.1.4.131 - Apple Inc.)
Audacity 2.0.6 (HKLM-x32\...\Audacity_is1) (Version: 2.0.6 - Audacity Team)
BitTorrent Sync (HKU\S-1-5-21-1165394420-3520031323-336608003-1000\...\BitTorrent Sync) (Version: 2.2.7 - BitTorrent Inc.)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
Boot Camp-Dienste (HKLM\...\{ADA3F9C8-A6D3-4FCF-BFBB-EAD69AC0884E}) (Version: 4.0.4033 - Apple Inc.)
Box for Office (HKLM-x32\...\{df6db185-7fb4-4cc4-a144-2f6c0fb80716}) (Version: 4.1.1102.0 - Box, Inc.)
Box for Office (x32 Version: 4.1.1102.0 - Box) Hidden
Box Sync (HKLM\...\{DAA2B88B-D1D9-412F-A55D-924F3736D365}) (Version: 4.0.7100.0 - Box, Inc.)
Box Sync (x32 Version: 4.0.6447.0 - Box Inc.) Hidden
Category Manager Version 3.1.530.1 (HKLM-x32\...\VBOffice_2006063_is1) (Version: 3.1.530.1 - Michael Bauer Software)
Cisco AnyConnect Secure Mobility Client (HKLM-x32\...\Cisco AnyConnect Secure Mobility Client) (Version: 3.1.11004 - Cisco Systems, Inc.)
Cisco AnyConnect Secure Mobility Client (x32 Version: 3.1.11004 - Cisco Systems, Inc.) Hidden
Cisco Systems VPN Client 5.0.07.0290 (HKLM\...\{467D5E81-8349-4892-9E81-C3674ED8E451}) (Version: 5.0.7 - Cisco Systems, Inc.)
Citavi (HKLM-x32\...\{E12C6653-1FF0-4686-ADB8-589C13AE761F}) (Version: 3.4.0.2 - Swiss Academic Software)
Citavi 5 (HKLM-x32\...\{7EB278FB-0C3C-445E-8665-4A6CDD9B794E}) (Version: 5.0.0.11 - Swiss Academic Software)
Common Desktop Agent (Version: 1.53.0 - OEM) Hidden
Copy (HKLM\...\{EE4CEBB9-C0FC-4503-9BC0-1E32B566DE71}) (Version: 1.47.410.0 - Barracuda Networks, Inc.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Dashlane (HKU\S-1-5-21-1165394420-3520031323-336608003-1000\...\Dashlane) (Version: 3.2.0.75803 - Dashlane SAS)
DDBAC (HKLM-x32\...\{88A0F52F-A024-4268-977E-E75B1F9C67ED}) (Version: 5.3.28 - DataDesign)
DivX Codec (HKLM-x32\...\{7B63B2922B174135AFC0E1377DD81EC2}) (Version: 6.6.1 - DivX, Inc.)
Dropbox (HKU\S-1-5-21-1165394420-3520031323-336608003-1000\...\Dropbox) (Version: 3.14.5 - Dropbox, Inc.)
EasyCash&Tax 1.55 (HKLM-x32\...\EasyCash&Tax_is1) (Version: - tm)
ElsterFormular (HKLM-x32\...\ElsterFormular) (Version: 15.2.20140326 - Landesfinanzdirektion Thüringen)
eReg (x32 Version: 1.20.138.34 - Logitech, Inc.) Hidden
ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version: - )
Ever2One Converter (HKLM-x32\...\{43D52C43-1BD2-48DF-AEE1-9CBD8F16B5BD}) (Version: 1.0.1 - BusinessWare Technologies Inc)
Evernote v. 5.3.1 (HKLM-x32\...\{28AAF752-C41B-11E3-8CB0-00163E98E7D6}) (Version: 5.3.1.3363 - Evernote Corp.)
f.lux (HKU\S-1-5-21-1165394420-3520031323-336608003-1000\...\Flux) (Version: - )
Fences (Version: 1.0 - Stardock Corporation) Hidden
Fences 2 (HKLM-x32\...\Fences 22.01) (Version: 2.01 - Stardock Corporation)
Finale 2008 (HKLM-x32\...\Finale 2008) (Version: 13.1.6 - MakeMusic)
Finale PrintMusic 2014 (HKLM-x32\...\Finale PrintMusic 2014) (Version: 2014.1.1258.2 - MakeMusic)
FormatFactory 2.90 (HKLM-x32\...\FormatFactory) (Version: 2.90 - Free Time)
Fotogalerie (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
FreeFileSync 6.12 (HKLM-x32\...\FreeFileSync_is1) (Version: 6.12 - www.FreeFileSync.org)
GDR 5520 für SQL Server 2008 (KB 2977321) (HKLM-x32\...\KB2977321) (Version: 10.3.5520.0 - Microsoft Corporation)
GDR 5538 für SQL Server 2008 (KB 3045305) (HKLM-x32\...\KB3045305) (Version: 10.3.5538.0 - Microsoft Corporation)
Google Apps Migration For Microsoft Outlook® 4.0.27.0 (HKLM-x32\...\{8806AF1D-5161-489E-9E17-086CCC518931}) (Version: 4.0.27.0 - Google, Inc.)
Google Apps Sync™ for Microsoft Outlook® 3.8.440.1250 (HKLM-x32\...\{091C294E-F243-432C-93E1-DEC4C2B9635B}) (Version: 3.8.440.1250 - Google, Inc.)
Google Drive (HKLM-x32\...\{EF61675D-9BBC-4EC7-B906-F13BE8D3BD20}) (Version: 1.27.1227.2094 - Google, Inc.)
Google Earth Plug-in (HKLM-x32\...\{4AB54F11-2F8C-11E3-B09F-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.29.5 - Google Inc.) Hidden
gSyncit (HKLM-x32\...\{2C0CCDAD-ADB2-42B4-A5D1-9193881B7250}) (Version: 4.1.65 - Fieldston Software)
HandBrake 0.10.3 (HKLM-x32\...\HandBrake) (Version: 0.10.3 - )
HP Officejet 6500 E710n-z - Grundlegende Software für das Gerät (HKLM\...\{AF43C18E-693D-4126-B190-8F55E3623D5D}) (Version: 22.50.231.0 - Hewlett-Packard Co.)
HP Officejet 6500 E710n-z Hilfe (HKLM-x32\...\{130E5108-547F-4482-91EE-F45C784E08C7}) (Version: 140.0.2.2 - Hewlett Packard)
HP Update (HKLM-x32\...\{B0069CFA-5BB9-4C03-B1C6-89CE290E5AFE}) (Version: 5.002.006.003 - Hewlett-Packard)
HPDiagnosticAlert (x32 Version: 1.00.0000 - Microsoft) Hidden
HS Mehrwertsteuer 3.28 (HKLM-x32\...\HS Mehrwertsteuer 3.28) (Version: - )
I.R.I.S. OCR (HKLM-x32\...\{CA6BCA2F-EDEB-408F-850B-31404BE16A61}) (Version: 12.3.4.0 - HP)
iCloud (HKLM\...\{4B48E22A-2FB0-4EFA-B99E-954B1E50CD69}) (Version: 5.1.0.34 - Apple Inc.)
ImagXpress (x32 Version: 7.0.74.0 - Nero AG) Hidden
ImgBurn (HKLM-x32\...\ImgBurn) (Version: 2.5.8.0 - LIGHTNING UK!)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1118 - Intel Corporation)
Interaktive Sprachreise - Komplettkurs English (HKLM-x32\...\ISREKK_17_689504) (Version: - digital publishing AG)
iPhone-Konfigurationsprogramm (HKLM-x32\...\{B90FCEB7-2B0C-4D27-95B5-54238DF059ED}) (Version: 3.6.2.300 - Apple Inc.)
Isovar 2015 Version 1.7.5 (HKLM-x32\...\{79E7FC4B-F866-48A0-85AA-0A44DFB3E208}_is1) (Version: 1.7.5 - ascendere IT-Systeme)
iTunes (HKLM\...\{0D44E3A4-6C3D-45D7-B443-079509E5BE5D}) (Version: 12.3.2.35 - Apple Inc.)
Java 8 Update 71 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218071F0}) (Version: 8.0.710.15 - Oracle Corporation)
Java 8 Update 73 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218073F0}) (Version: 8.0.730.2 - Oracle Corporation)
Junk Mail filter update (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Kalenderdruck-Assistent für Microsoft Office Outlook 2007 (HKLM-x32\...\{90120000-00A7-0407-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
KeePass Password Safe 2.23 (HKLM-x32\...\KeePassPasswordSafe2_is1) (Version: - Dominik Reichl)
lexiCan 4.0 (HKLM-x32\...\lexiCan 4.0 4.0.0) (Version: 4.0.0 - vetafab Software GmbH)
lexiCan 4.0 (x32 Version: 4.0.0 - vetafab Software GmbH) Hidden
Lexware Info Service (HKLM-x32\...\{6FC05D2F-BB1F-435F-AD40-90DABD55FDDA}) (Version: 5.00.00.0044 - Haufe-Lexware GmbH & Co.KG)
Logitech SetPoint 6.67 (HKLM\...\sp6) (Version: 6.67.83 - Logitech)
MailBell (HKLM-x32\...\MailBell) (Version: 2.27 - EmTec Innovative Software)
Malwarebytes Anti-Malware Version 2.2.0.1024 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.0.1024 - Malwarebytes)
Marketsplash Drucksoftware (HKLM-x32\...\{F8DD059A-FDA6-403A-81FC-51E522158683}) (Version: 1.0.1.31 - Hewlett-Packard)
Marketsplash Schnellzugriffe (HKLM-x32\...\{7A108EBC-C9DF-4E14-93A8-42CF316F1ECF}) (Version: 1.0.1.7 - Hewlett-Packard)
Mein CEWE FOTOBUCH (HKLM-x32\...\Mein CEWE FOTOBUCH) (Version: 6.1.2 - CEWE Stiftung u Co. KGaA)
Mein Verein (HKLM-x32\...\{9ACE3A18-EE13-4012-989C-2BCDC95BA6B9}_is1) (Version: 15.0 - Buhl Data Service GmbH)
MeineBeihilfe2009 (HKLM-x32\...\{AE926A81-E487-4D5D-9031-1EDB3242F943}) (Version: 10.51.0.0 - ComputerService)
MeineBeihilfe2013 (HKLM-x32\...\{B59DC648-301A-49B8-8937-2BB7C2AA90A7}) (Version: 13.38.0.0 - ComputerService)
MemoMaster + AnyKey Bundle 4 (HKLM-x32\...\{5CF1F472-846B-44E8-9750-A2112DA32CB6}) (Version: 4 - JBSoftware)
Microsoft .NET Framework 4.5.2 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Camera Codec Pack (HKLM\...\{A2E24035-9B11-4E1D-9FBC-FA7F20C16832}) (Version: 16.4.1970.0624 - Microsoft Corporation)
Microsoft IntelliPoint 8.2 (HKLM\...\Microsoft IntelliPoint 8.2) (Version: 8.20.468.0 - Microsoft Corporation)
Microsoft Mathematics-Add-In (32 Bit) (HKLM-x32\...\{E2C98732-F973-4985-A9C5-DC06178E16EE}) (Version: 2.0.041222.01 - Microsoft Corporation)
Microsoft Office 2007 Primary Interop Assemblies (HKLM-x32\...\{50120000-1105-0000-0000-0000000FF1CE}) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft Office 365 - de-de (HKLM\...\O365HomePremRetail - de-de) (Version: 16.0.6568.2016 - Microsoft Corporation)
Microsoft Office Access Runtime (German) 2007 (HKLM-x32\...\{90120000-001C-0407-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Outlook Connector (HKLM-x32\...\{95140000-0081-0407-0000-0000000FF1CE}) (Version: 14.0.6123.5001 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-1165394420-3520031323-336608003-1000\...\OneDriveSetup.exe) (Version: 17.3.6301.0127 - Microsoft Corporation)
Microsoft Online Services-Anmeldeassistent (HKLM\...\{46E637E2-AC34-4B45-B5DF-D20903A3DB61}) (Version: 7.250.4303.0 - Microsoft Corporation)
Microsoft Outlook Social Connector Provider for Facebook 32-bit (HKLM-x32\...\{95140000-007C-0409-0000-0000000FF1CE}) (Version: 14.0.6114.5003 - Microsoft Corporation)
Microsoft Outlook Social Connector Provider for Windows Live Messenger 32-bit (HKLM-x32\...\{95140000-007D-0409-0000-0000000FF1CE}) (Version: 14.0.5120.5000 - Microsoft Corporation)
Microsoft Outlook-Sicherung für Persönliche Ordner (HKLM-x32\...\{C63E7C60-25EB-11D3-8EDA-00A0C911E8E5}) (Version: 1.10.0.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.41212.0 - Microsoft Corporation)
Microsoft SQL Server 2005 (HKLM-x32\...\Microsoft SQL Server 2005) (Version: - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft SQL Server 2008 (HKLM-x32\...\Microsoft SQL Server 10 Release) (Version: - Microsoft Corporation)
Microsoft SQL Server 2008 Browser (HKLM-x32\...\{4AF2248C-B3DF-46FB-9596-87F5DB193689}) (Version: 10.3.5500.0 - Microsoft Corporation)
Microsoft SQL Server 2008 Native Client (HKLM\...\{12FE6AA6-65D2-40EE-B925-62193128A0E6}) (Version: 10.3.5500.0 - Microsoft Corporation)
Microsoft SQL Server 2008 Setup Support Files (HKLM-x32\...\{59C245FC-343C-4FEC-B3CB-B6F12B561C20}) (Version: 10.3.5538.0 - Microsoft Corporation)
Microsoft SQL Server Native Client (HKLM\...\{9ACF3FDB-C8E6-444C-8C64-13A221F7BFFD}) (Version: 9.00.5000.00 - Microsoft Corporation)
Microsoft SQL Server Setup Support Files (English) (HKLM-x32\...\{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}) (Version: 9.00.5000.00 - Microsoft Corporation)
Microsoft SQL Server VSS Writer (HKLM\...\{28D06854-572C-4A65-83E5-F8CAF26B9FDC}) (Version: 10.3.5500.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{6AFCA4E1-9B78-3640-8F72-A7BF33448200}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{820B6609-4C97-3A2B-B644-573B06A0F0CC}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{4fcf070a-daac-45e9-a8b0-6850941f7ed8}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Visual Studio 2010-Tools für Office-Laufzeit (x64) Language Pack - DEU (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - DEU) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft_VC90_CRT_x86 (HKLM-x32\...\{DF2035BE-5820-4965-BD97-7FAF8D4A7879}) (Version: 1.0.0 - Microsoft Corporation)
Mindjet MindManager 2012 (HKLM-x32\...\{2DD3FE18-F257-484C-8543-3793F14D999F}) (Version: 10.2.404 - Mindjet)
MOBackup - Datensicherung für Outlook (Vollversion) (HKLM-x32\...\MOBackup-DatensicherungfürOutlook) (Version: 8.21 - Heiko Schröder)
Movie Maker (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Mozilla Firefox 44.0.2 (x86 de) (HKLM-x32\...\Mozilla Firefox 44.0.2 (x86 de)) (Version: 44.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 44.0.2.5884 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
My Movies for Windows Media Center (HKLM-x32\...\{086981D4-0600-452D-8E4D-51E920DC3E0E}) (Version: 4.0.1.102 - Binnerup Consult)
Notepad++ (HKLM-x32\...\Notepad++) (Version: 5.9.4 - )
Octoshape Streaming Services (HKU\S-1-5-21-1165394420-3520031323-336608003-1000\...\Octoshape Streaming Services) (Version: - Octoshape ApS)
Office 16 Click-to-Run Extensibility Component (x32 Version: 16.0.6528.1007 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (Version: 16.0.6528.1007 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (x32 Version: 16.0.6528.1007 - Microsoft Corporation) Hidden
Password Depot 6 (HKLM-x32\...\{AAE587E4-E661-4DB5-96DF-6E31C548F186}_is1) (Version: 6.0.5 - AceBIT GmbH)
Password Depot 7 (HKLM-x32\...\{500F4898-C705-4B91-9C98-3D125330A022}_is1) (Version: 7.6.6 - AceBIT GmbH)
PDF-XChange 3 (HKLM\...\PDF-XChange 3_is1) (Version: - Tracker Software)
phase-6 2.3.4-beta-1 (HKLM-x32\...\phase-6) (Version: 2.3.4-beta-1 - phase-6)
Photo Station Uploader (remove only) (HKLM-x32\...\Photo Station Uploader) (Version: - Synology)
Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9.141.259 - Google, Inc.)
PlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation)
plist Editor for Windows 1.0.2 (HKLM-x32\...\plist Editor for Windows) (Version: 1.0.2 - VOWSoft,Ltd.)
PrismaCards (HKLM-x32\...\{DC980F52-E853-4BE5-8D75-93CE4A073C51}) (Version: 3.32 - You 2 Software)
ProjectLibre (HKLM-x32\...\{E29A4ED9-3192-4D72-A2E2-9C32B512714D}) (Version: 1.5.19.0 - ProjectLibre)
QuickTime 7 (HKLM-x32\...\{FF59BD75-466A-4D5A-AD23-AAD87C5FD44C}) (Version: 7.79.80.95 - Apple Inc.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5936 - Realtek Semiconductor Corp.)
RealUpgrade 1.1 (x32 Version: 1.1.0 - RealNetworks, Inc.) Hidden
RezkonvSuite (nur entfernen) (HKLM-x32\...\RkSuite) (Version: - )
Safari (HKLM-x32\...\{C779648B-410E-4BBA-B75B-5815BCEFE71D}) (Version: 5.34.57.2 - Apple Inc.)
Samsung AnyWeb Print (HKLM-x32\...\{318DBE01-1E6B-4243-84B0-210391FE789A}) (Version: 2.0.75.0 - Samsung Electronics Co., Ltd.)
Samsung Easy Printer Manager (HKLM-x32\...\Samsung Easy Printer Manager) (Version: 1.01.16.02 - Samsung Electronics Co., Ltd.)
Samsung Easy Wireless Setup (HKLM-x32\...\Easy Wireless Setup) (Version: 3.70.5.0 - Samsung Electronics Co., Ltd.)
Samsung ML-2950 Series (HKLM-x32\...\Samsung ML-2950 Series) (Version: - Samsung Electronics Co., Ltd.)
Samsung Printer Live Update (HKLM-x32\...\Samsung Printer Live Update) (Version: 1.01.00:04(2013-04-22) - Samsung Electronics Co., Ltd.)
Secunia PSI (3.0.0.7011) (HKLM-x32\...\Secunia PSI) (Version: 3.0.0.7011 - Secunia)
Service Pack 3 für SQL Server 2008 (KB2546951) (HKLM-x32\...\KB2546951) (Version: 10.3.5500.0 - Microsoft Corporation)
Sibelius Scorch (Firefox, Opera, Netscape, Chrome only) (HKLM-x32\...\{41626CC0-A854-4402-AD06-D7939515C282}) (Version: 6.2.0 - Sibelius Software, a division of Avid Technology, Inc.)
Skype™ 7.0 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.0.102 - Skype Technologies S.A.)
SMS77 1.0 (HKLM-x32\...\SMS77) (Version: 1.0 - SMS77)
Sophos Anti-Virus (HKLM-x32\...\{D929B3B5-56C6-46CC-B3A3-A1A784CBB8E4}) (Version: 10.3.15 - Sophos Limited)
Sophos AutoUpdate (HKLM-x32\...\{7CD26A0C-9B59-4E84-B5EE-B386B2F7AA16}) (Version: 4.3.10.27 - Sophos Limited)
Sophos Virus Removal Tool (HKLM-x32\...\{B829E117-D072-41EA-9606-9826A38D34C1}) (Version: 2.5.5 - Sophos Limited)
Spotify (HKU\S-1-5-21-1165394420-3520031323-336608003-1000\...\Spotify) (Version: 1.0.16.104.g3b776c9e - Spotify AB)
Sql Server Customer Experience Improvement Program (x32 Version: 10.3.5500.0 - Microsoft Corporation) Hidden
Stardock Fences 2 (HKLM-x32\...\Stardock Fences 2) (Version: 2.12 - Stardock Software, Inc.)
StarMoney (x32 Version: 3.0.6.40 - StarFinanz) Hidden
StarMoney (x32 Version: 4.0.2.34 - StarFinanz) Hidden
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Synology Assistant (remove only) (HKLM-x32\...\Synology Assistant) (Version: - )
Synology Cloud Station (remove only) (HKLM\...\Synology Cloud Station) (Version: 3.2.3482 - Synology, Inc.)
Synology Cloud Station Drive (remove only) (HKLM\...\Synology Cloud Station Drive) (Version: 4.0.4055 - Synology, Inc.)
Synology Data Replicator 3 (HKLM-x32\...\{8E310838-457C-4269-B177-3EFB300CBDDC}) (Version: 1.0.0.0 - Synology Inc.)
TeamViewer 7 (HKLM-x32\...\TeamViewer 7) (Version: 7.0.14563 - TeamViewer)
ThinkingRock 3.4.2 (HKLM-x32\...\nbi-trgtd-1.0.0.0.0) (Version: - )
TopSync Windows Client 10.1.15 (HKLM-x32\...\TopSync Windows Client) (Version: 10.1.15 - ASBYTE)
TuneUp Utilities Language Pack (de-DE) (x32 Version: 13.0.4000.122 - TuneUp Software) Hidden
TV DIGITAL OnGuide (HKLM-x32\...\{3C8D3E94-9DFB-4A2F-9A74-35CB06697576}) (Version: 1.5.0.8 - TV DIGITAL)
TVCenter (HKLM\...\{18F703C3-32EC-4E5C-BC3C-C1BD72D35F5B}) (Version: 6.4.1.858 - PCTV Systems)
Vilango Desktop (HKLM-x32\...\com.vilango.VilangoDesktop) (Version: 2.44.9 - Vegetarian Wave GmbH)
Vilango Desktop (x32 Version: 2.44.9 - Vegetarian Wave GmbH) Hidden
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.1 - VideoLAN)
WebIS Desktop Sync 1.12 (HKLM-x32\...\WebIS Desktop Sync) (Version: 1.12 - WebIS, Inc.)
WIDCOMM Bluetooth Software (HKLM\...\{A1439D4F-FD46-47F2-A1D3-FEE097C29A09}) (Version: 6.5.1.5800 - Broadcom Corporation)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
Windows Media Player Firefox Plugin (HKLM-x32\...\{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}) (Version: 1.0.0.8 - Microsoft Corp)
Windows Mobile-Gerätecenter (HKLM\...\{626672CD-BFCF-49A9-AEFE-AB0FED3BFC5B}) (Version: 6.1.6965.0 - Microsoft Corporation)
Windows-Treiberpaket - Apple Inc. (AppleUSBEthernet) Net (02/01/2008 3.10.3.10) (HKLM\...\D53CBF2C12DF51DA5E9C1A9DA97FF0DCA0C524C5) (Version: 02/01/2008 3.10.3.10 - Apple Inc.)
Windows-Treiberpaket - Apple Inc. Apple Bluetooth (03/01/2010 3.0.0.5) (HKLM\...\EA3C044F6FD39CEC8F4F596836BF4197E97E1D39) (Version: 03/01/2010 3.0.0.5 - Apple Inc.)
Windows-Treiberpaket - Apple Inc. Apple Bluetooth Enabler (06/27/2007 2.0.0.1) (HKLM\...\2CD6536AAFFF9B465A871060CF483EC9F3341D29) (Version: 06/27/2007 2.0.0.1 - Apple Inc.)
Windows-Treiberpaket - Apple Inc. Apple Broadcom Bluetooth (07/31/2015 6.0.6100.0) (HKLM\...\8F0EDB7FDBC8E1501FC134846F23B8B02EDBC2A0) (Version: 07/31/2015 6.0.6100.0 - Apple Inc.)
Windows-Treiberpaket - Apple Inc. Apple Broadcom Bluetooth (10/05/2010 3.2.0.1) (HKLM\...\0B6B49213CF56838AFC233905FA14AC47EAA9B28) (Version: 10/05/2010 3.2.0.1 - Apple Inc.)
Windows-Treiberpaket - Apple Inc. Apple Built-in iSight (10/25/2007 2.0.1.0) (HKLM\...\70C7CBB0824BF74552A2F28F5FFBF62A15053DA8) (Version: 10/25/2007 2.0.1.0 - Apple Inc.)
Windows-Treiberpaket - Apple Inc. Apple Display (01/23/2009 3.0.0.0) (HKLM\...\E0EAD0CEA9119B77350ED4DE28D9A82E57014D94) (Version: 01/23/2009 3.0.0.0 - Apple Inc.)
Windows-Treiberpaket - Apple Inc. Apple IR Receiver (02/21/2008 2.0.4.0) (HKLM\...\D5BB697E7D0C75712F3AD00AB1B85412CB5C0FD3) (Version: 02/21/2008 2.0.4.0 - Apple Inc.)
Windows-Treiberpaket - Apple Inc. Apple Keyboard (05/05/2011 4.0.0.1) (HKLM\...\703003CF14C8E79F68CA5A750AF4E02B9BD4B4D8) (Version: 05/05/2011 4.0.0.1 - Apple Inc.)
Windows-Treiberpaket - Apple Inc. Apple Multitouch (05/05/2011 4.0.0.1) (HKLM\...\455287ECCB4BABCDE9C6713B82B1BDA990D55398) (Version: 05/05/2011 4.0.0.1 - Apple Inc.)
Windows-Treiberpaket - Apple Inc. Apple Multitouch Mouse (05/05/2011 4.0.0.1) (HKLM\...\F08FFCF5C857951E0CC5F736988F3D01BF425252) (Version: 05/05/2011 4.0.0.1 - Apple Inc.)
Windows-Treiberpaket - Apple Inc. Apple ODD (05/17/2010 3.1.0.0) (HKLM\...\D6B4CB6AD2F81752C2EF8DCF6AD5EBC567ADD45C) (Version: 05/17/2010 3.1.0.0 - Apple Inc.)
Windows-Treiberpaket - Apple Inc. Apple System Device (04/05/2011 3.2.0.8) (HKLM\...\D76172B51B1ECB34E38F97F42F51B7A46FA15F52) (Version: 04/05/2011 3.2.0.8 - Apple Inc.)
Windows-Treiberpaket - Apple Inc. Apple Trackpad (07/13/2009 3.0.0.1) (HKLM\...\A0A897639A1D288A8B472FE790EBF9DB71E52ACF) (Version: 07/13/2009 3.0.0.1 - Apple Inc.)
Windows-Treiberpaket - Apple Inc. Apple Trackpad Enabler (07/13/2009 3.0.0.1) (HKLM\...\76830D11874044260C923425E7F5A72F25EDA758) (Version: 07/13/2009 3.0.0.1 - Apple Inc.)
Windows-Treiberpaket - Apple Inc. Apple Wireless Mouse (06/01/2011 4.0.0.1) (HKLM\...\D088EE4BD2819FBA2B349EF9D55176F223419BE6) (Version: 06/01/2011 4.0.0.1 - Apple Inc.)
Windows-Treiberpaket - Apple Inc. Apple Wireless Trackpad (01/17/2011 3.2.0.0) (HKLM\...\C7DD621795A42EAE550280D4D7601459F35C4EC2) (Version: 01/17/2011 3.2.0.0 - Apple Inc.)
Windows-Treiberpaket - Atheros Communications Inc. (athr) Net (11/13/2010 9.2.0.113) (HKLM\...\F0A3F8394866FA91E82C8D5AB92C918FE40FE1DF) (Version: 11/13/2010 9.2.0.113 - Atheros Communications Inc.)
Windows-Treiberpaket - Broadcom (b57nd60a) Net (12/02/2010 14.4.2.2) (HKLM\...\7C9678A21221D0575C74AF7CE68E28C2771F9E41) (Version: 12/02/2010 14.4.2.2 - Broadcom)
Windows-Treiberpaket - Broadcom (BCM43XX) Net (04/06/2011 5.100.198.22) (HKLM\...\110E24F054DE5F4F72985BC1F3A53F61985BD4CC) (Version: 04/06/2011 5.100.198.22 - Broadcom)
Windows-Treiberpaket - Broadcom Corporation (bScsiSDa) SDHost (01/18/2011 1.0.0.220) (HKLM\...\26D089A9557429904D9851293EA25C911B64CCF8) (Version: 01/18/2011 1.0.0.220 - Broadcom Corporation)
Windows-Treiberpaket - Cirrus Logic, Inc. (CirrusFilter) MEDIA (12/03/2010 6.6001.1.30) (HKLM\...\43B83D262B11C05DBFE8BEB0E2CBD5A9EA1E7F9C) (Version: 12/03/2010 6.6001.1.30 - Cirrus Logic, Inc.)
Windows-Treiberpaket - Intel (e1express) Net (03/26/2010 9.13.41.0) (HKLM\...\159439476E3A00F9FAE49DD6C1A78F2F6288A5B9) (Version: 03/26/2010 9.13.41.0 - Intel)
Windows-Treiberpaket - Intel (e1kexpress) Net (04/12/2010 11.6.92.0) (HKLM\...\5BEF08C10896D86DC13394FFA75874564B700368) (Version: 04/12/2010 11.6.92.0 - Intel)
Windows-Treiberpaket - Intel (e1qexpress) Net (12/04/2009 11.4.7.0) (HKLM\...\57AFA39B22ADEC4E383572E9331167546EB3C9C7) (Version: 12/04/2009 11.4.7.0 - Intel)
Windows-Treiberpaket - Intel (e1rexpress) Net (01/07/2010 11.4.16.0) (HKLM\...\F71DB41300D30088C8D3716343D1429488E605C1) (Version: 01/07/2010 11.4.16.0 - Intel)
Windows-Treiberpaket - Intel (e1yexpress) Net (04/07/2010 10.1.9.0) (HKLM\...\CB599752301BCA080D135697FDD05900F5A5CF4C) (Version: 04/07/2010 10.1.9.0 - Intel)
Windows-Treiberpaket - Intel System (07/20/2007 1.2.76.0) (HKLM\...\E2708073906571A0B56F17FD825EF19281ECE29B) (Version: 07/20/2007 1.2.76.0 - Intel)
Windows-Treiberpaket - Marvell (yukonx64) Net (12/06/2007 10.51.1.3) (HKLM\...\CDD703ED0B390A5643DB748EBFA5BD55FEEC0D8A) (Version: 12/06/2007 10.51.1.3 - Marvell)
WinRAR 5.10 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 5.10.0 - win.rar GmbH)
WISO Mein Geld 365 Professional (HKLM-x32\...\WISO Mein Geld 365 Professional) (Version: - Buhl Data Service GmbH)
WISO Mein Geld 365 Professional (x32 Version: 21.0.0.0 - Buhl Data Service GmbH) Hidden
WISO steuer:Sparbuch 2016 (HKLM-x32\...\{479951E9-BD2E-42D0-B06E-69CCB651EC0B}) (Version: 23.00.1146 - Buhl Data Service GmbH)
WISO Steuer-Sparbuch 2013 (HKLM-x32\...\{D6CC2FAF-F827-4091-96A1-D32CC9B69C79}) (Version: 20.00.8137 - Buhl Data Service GmbH)
WISO Steuer-Sparbuch 2014 (HKLM-x32\...\{EA6F43BA-2CF0-4547-8568-1BF7F2797827}) (Version: 21.00.8480 - Buhl Data Service GmbH)
WISO Steuer-Sparbuch 2015 (HKLM-x32\...\{B5B8A824-66C5-441B-B712-EE6CDA8853C5}) (Version: 22.00.8811 - Buhl Data Service GmbH)
Wondershare TunesGo Retro ( Version 4.8.3 ) (HKLM-x32\...\{0B31C808-8274-460D-8846-C711D40544A0}_is1) (Version: 4.8.3 - Wondershare)
Wunderlist (HKLM-x32\...\{3031A053-DC97-4D03-9179-BF6F98F63FA2}) (Version: 1.2.4 - None provided)
Wunderlist for Outlook (HKLM-x32\...\{0064A23A-C0AB-47FE-BC29-09CE8B8142FA}) (Version: 1.8.5760.22314 - yasoon GmbH)
ZenWriter (HKLM-x32\...\{52B1B817-B6FF-410D-878E-0119372986FA}_is1) (Version: 1.34 - Beenokle)
ZOOM HandyShare for Windows (HKLM-x32\...\{D025A394-FED7-44E8-8E16-E0CB4E534AD1}) (Version: 4.00.0002 - ZOOM Corporation)
==================== Benutzerdefinierte CLSID (Nicht auf der Ausnahmeliste): ==========================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
CustomCLSID: HKU\S-1-5-21-1165394420-3520031323-336608003-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Stephanie\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1165394420-3520031323-336608003-1000_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}\InprocServer32 -> C:\Users\Stephanie\AppData\Local\Google\Update\1.3.25.5\psuser_64.dll => Keine Datei
CustomCLSID: HKU\S-1-5-21-1165394420-3520031323-336608003-1000_Classes\CLSID\{1423F872-3F7F-4E57-B621-8B1A9D49B448}\InprocServer32 -> C:\Users\Stephanie\AppData\Local\Google\Update\1.3.27.5\psuser_64.dll => Keine Datei
CustomCLSID: HKU\S-1-5-21-1165394420-3520031323-336608003-1000_Classes\CLSID\{162C6FB5-44D3-435B-903D-E613FA093FB5}\InprocServer32 -> C:\Users\Stephanie\AppData\Local\Microsoft\OneDrive\17.3.6301.0127\amd64\FileCoAuthLib64.dll ()
CustomCLSID: HKU\S-1-5-21-1165394420-3520031323-336608003-1000_Classes\CLSID\{2C4A5D61-009C-4561-9A33-6AFD542FD237}\InprocServer32 -> C:\Users\Stephanie\AppData\Local\CloudStation\CloudStation.app\icon-overlay\14\x64\ContextMenu.dll ()
CustomCLSID: HKU\S-1-5-21-1165394420-3520031323-336608003-1000_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\Stephanie\AppData\Local\Google\Update\1.3.23.9\psuser_64.dll => Keine Datei
CustomCLSID: HKU\S-1-5-21-1165394420-3520031323-336608003-1000_Classes\CLSID\{472CE1AD-5D53-4BCF-A1FB-3982A5F55138}\InprocServer32 -> C:\Users\Stephanie\AppData\Local\CloudStation\CloudStation.app\icon-overlay\14\x64\iconOverlay.dll (TODO: <Company name>)
CustomCLSID: HKU\S-1-5-21-1165394420-3520031323-336608003-1000_Classes\CLSID\{48AB5ADA-36B1-4137-99C9-2BD97F8788AB}\InprocServer32 -> C:\Users\Stephanie\AppData\Local\CloudStation\CloudStation.app\icon-overlay\14\x64\iconOverlay.dll (TODO: <Company name>)
CustomCLSID: HKU\S-1-5-21-1165394420-3520031323-336608003-1000_Classes\CLSID\{581FFA00-FC33-0007-0202-95003A5CDE89}\InprocServer32 -> C:\Users\Stephanie\AppData\Roaming\BitTorrent Sync\SyncShellExtension64_A0.dll ()
CustomCLSID: HKU\S-1-5-21-1165394420-3520031323-336608003-1000_Classes\CLSID\{581FFA01-FC33-0007-0202-95003A5CDE89}\InprocServer32 -> C:\Users\Stephanie\AppData\Roaming\BitTorrent Sync\SyncShellExtension64_A0.dll ()
CustomCLSID: HKU\S-1-5-21-1165394420-3520031323-336608003-1000_Classes\CLSID\{581FFA02-FC33-0007-0202-95003A5CDE89}\InprocServer32 -> C:\Users\Stephanie\AppData\Roaming\BitTorrent Sync\SyncShellExtension64_A0.dll ()
CustomCLSID: HKU\S-1-5-21-1165394420-3520031323-336608003-1000_Classes\CLSID\{581FFA03-FC33-0007-0202-95003A5CDE89}\InprocServer32 -> C:\Users\Stephanie\AppData\Roaming\BitTorrent Sync\SyncShellExtension64_A0.dll ()
CustomCLSID: HKU\S-1-5-21-1165394420-3520031323-336608003-1000_Classes\CLSID\{581FFA04-FC33-0007-0202-95003A5CDE89}\InprocServer32 -> C:\Users\Stephanie\AppData\Roaming\BitTorrent Sync\SyncShellExtension64_A0.dll ()
CustomCLSID: HKU\S-1-5-21-1165394420-3520031323-336608003-1000_Classes\CLSID\{5C8C2A98-6133-4EBA-BBCC-34D9EA01FC2E}\InprocServer32 -> C:\Users\Stephanie\AppData\Local\Google\Update\1.3.28.1\psuser_64.dll => Keine Datei
CustomCLSID: HKU\S-1-5-21-1165394420-3520031323-336608003-1000_Classes\CLSID\{71DCE5D6-4B57-496B-AC21-CD5B54EB93FD}\localserver32 -> C:\Users\Stephanie\AppData\Local\Microsoft\OneDrive\17.3.6301.0127\FileCoAuth.exe (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1165394420-3520031323-336608003-1000_Classes\CLSID\{78550997-5DEF-4A8A-BAF9-D5774E87AC98}\InprocServer32 -> C:\Users\Stephanie\AppData\Local\Google\Update\1.3.28.13\psuser_64.dll => Keine Datei
CustomCLSID: HKU\S-1-5-21-1165394420-3520031323-336608003-1000_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\Stephanie\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll => Keine Datei
CustomCLSID: HKU\S-1-5-21-1165394420-3520031323-336608003-1000_Classes\CLSID\{A433C3E0-8B24-40EB-93C3-4B10D9959F58}\InprocServer32 -> C:\Users\Stephanie\AppData\Local\CloudStation\CloudStation.app\icon-overlay\14\x64\iconOverlay.dll (TODO: <Company name>)
CustomCLSID: HKU\S-1-5-21-1165394420-3520031323-336608003-1000_Classes\CLSID\{AEB16659-2125-4ADA-A4AB-45EE21E86469}\InprocServer32 -> C:\Users\Stephanie\AppData\Local\CloudStation\CloudStation.app\icon-overlay\14\x64\iconOverlay.dll (TODO: <Company name>)
CustomCLSID: HKU\S-1-5-21-1165394420-3520031323-336608003-1000_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A}\InprocServer32 -> C:\Users\Stephanie\AppData\Local\Google\Update\1.3.26.9\psuser_64.dll => Keine Datei
CustomCLSID: HKU\S-1-5-21-1165394420-3520031323-336608003-1000_Classes\CLSID\{C701AD67-3DF0-47C9-89CB-DFA6207BE229}\InprocServer32 -> C:\Users\Stephanie\AppData\Local\CloudStation\CloudStation.app\icon-overlay\14\x64\iconOverlay.dll (TODO: <Company name>)
CustomCLSID: HKU\S-1-5-21-1165394420-3520031323-336608003-1000_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}\InprocServer32 -> C:\Users\Stephanie\AppData\Local\Google\Update\1.3.25.11\psuser_64.dll => Keine Datei
CustomCLSID: HKU\S-1-5-21-1165394420-3520031323-336608003-1000_Classes\CLSID\{D1EDC4F5-7F4D-4B12-906A-614ECF66DDAF}\InprocServer32 -> C:\Users\Stephanie\AppData\Local\Google\Update\1.3.28.15\psuser_64.dll => Keine Datei
CustomCLSID: HKU\S-1-5-21-1165394420-3520031323-336608003-1000_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Users\Stephanie\AppData\Roaming\Dropbox\bin\DropboxExt64.31.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1165394420-3520031323-336608003-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Stephanie\AppData\Roaming\Dropbox\bin\DropboxExt64.31.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1165394420-3520031323-336608003-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Stephanie\AppData\Roaming\Dropbox\bin\DropboxExt64.31.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1165394420-3520031323-336608003-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Stephanie\AppData\Roaming\Dropbox\bin\DropboxExt64.31.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1165394420-3520031323-336608003-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Stephanie\AppData\Roaming\Dropbox\bin\DropboxExt64.31.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1165394420-3520031323-336608003-1000_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Stephanie\AppData\Roaming\Dropbox\bin\DropboxExt64.31.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1165394420-3520031323-336608003-1000_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Stephanie\AppData\Roaming\Dropbox\bin\DropboxExt64.31.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1165394420-3520031323-336608003-1000_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Stephanie\AppData\Roaming\Dropbox\bin\DropboxExt64.31.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1165394420-3520031323-336608003-1000_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Stephanie\AppData\Roaming\Dropbox\bin\DropboxExt64.31.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1165394420-3520031323-336608003-1000_Classes\CLSID\{FBC9D74C-AF55-4309-9FB2-C426E071637F}\InprocServer32 -> C:\Users\Stephanie\AppData\Roaming\Dropbox\bin\DropboxExt64.31.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1165394420-3520031323-336608003-1000_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\Stephanie\AppData\Local\Google\Update\1.3.24.7\psuser_64.dll => Keine Datei
==================== Geplante Aufgaben (Nicht auf der Ausnahmeliste) =============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
Task: {02AE1B1E-CD66-4FC9-A6EC-0FA47E8111B0} - System32\Tasks\{AFD321F5-8D36-4280-A8DD-B5ED280656DD} => pcalua.exe -a C:\Windows\system32\pcwrun.exe -c "C:\Program Files (x86)\Buhl\WISO Mein Geld 2012\MG.exe"
Task: {032D62A9-499D-4B0B-B38B-E9A0AD49B0C3} - System32\Tasks\Adobe-Online-Aktualisierungsprogramm => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-12-13] (Adobe Systems Incorporated)
Task: {095A8A9B-8C30-49F3-900E-9E384570AAB3} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-1165394420-3520031323-336608003-1000UA => C:\Users\Stephanie\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2015-06-14] (Dropbox, Inc.)
Task: {0A1193AC-414E-41DA-A69F-3ECD758F2429} - System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-1165394420-3520031323-336608003-1000 => C:\Program Files (x86)\RealNetworks\RealDownloader\realupgrade.exe
Task: {0AAEC53F-1D4C-448E-A24F-3E31F3066C69} - System32\Tasks\{E7FD94BE-FC4B-45CB-A0E0-D170676EEE63} => pcalua.exe -a "C:\Users\Stephanie\Documents\Behörden+Versicherungen\Krankenkassen, Beihilfe\Beihilfehexe 2000neu\Beihilfe-Hexe.exe" -d "C:\Users\Stephanie\Documents\Behörden+Versicherungen\Krankenkassen, Beihilfe\Beihilfehexe 2000neu"
Task: {1329B9D9-94BB-4CC1-93AE-226C88A1520D} - System32\Tasks\{D14A578E-A430-4F22-A156-AD235DB7EEC9} => pcalua.exe -a C:\Windows\system32\pcwrun.exe -c "C:\Program Files (x86)\WISO\Steuersoftware 2013\WISO2013.EXE"
Task: {16E58EAA-AF05-46A9-A654-05B11896FF42} - System32\Tasks\{1633FAAE-8567-4660-A8B4-8FB4CC378B71} => pcalua.exe -a C:\Users\Stephanie\Downloads\MeineBeihilfe2013(1)\MeineBeihilfe2013.exe -d C:\Users\Stephanie\Downloads\MeineBeihilfe2013(1)
Task: {263C4C99-6FB5-4EA8-B08A-35FA05AC67C3} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime => C:\Windows\system32\GWX\GWXUXWorker.exe [2015-12-05] (Microsoft Corporation)
Task: {2C7F59A9-3CB7-417C-877B-12DCBC5546D1} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonx86\Microsoft Shared\Office16\OLicenseHeartbeat.exe [2016-01-22] (Microsoft Corporation)
Task: {32C127A1-9C94-4179-8C4A-994FA19BA30B} - System32\Tasks\RealUpgradeLogonTaskS-1-5-21-1165394420-3520031323-336608003-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2014-07-24] (RealNetworks, Inc.)
Task: {34000ED4-9E56-4242-8895-E871225C3712} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-09-01] (Google Inc.)
Task: {3BA56AAB-4C1F-4808-9720-1F90252416F5} - System32\Tasks\{1B6A98F2-0E15-416B-8308-8D651E9F56A8} => pcalua.exe -a C:\Users\Stephanie\Downloads\WISOFinanz2015.exe -d C:\Users\Stephanie\Downloads
Task: {3CC2F07C-169E-4DCB-B206-631C76CCF1C1} - System32\Tasks\Real Player-Online-Aktualisierungsprogramm => C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
Task: {4DCC8E59-0988-4A13-A344-CBBFB4F85CBF} - System32\Tasks\{43E1A4A0-97F5-461D-AF2D-F1B62472564C} => G:\daemon410-x86.exe
Task: {4EA2707F-6023-4308-9FF5-B8923E656A02} - System32\Tasks\Open URL by RoboForm => Rundll32.exe url.dll,FileProtocolHandler "hxxp://www.roboform.com/uninstall.html?aaa=KICMKJLJNMMJJMIMMMNJCNGMLMOMNMCNLMJMMMKMCNNJJJOMOJCNOJOJJMPMHMOJIMGMLJJMJMNMJNJICMIMCNGMCNNMFMGMCNOMOMCNGMJMPMPMFMJMCNOMCNIMJMPMOMCNNMJNPICMPMFMFMHMIMIMJNHICMMJBJKJLIMJJNBJCMMKLIKJPIHJOJBJGJKJJNKJCMJNNICMJNDJCMLJKJ"
Task: {52B456B8-18B0-4E75-95EA-F76134A8BC19} - System32\Tasks\{5A4C9FF5-94EE-4422-9BB6-9D70ACDDA8B3} => pcalua.exe -a C:\Windows\system32\pcwrun.exe -c "C:\Program Files (x86)\WISO\Steuersoftware 2013\WISO2013.EXE"
Task: {57292D98-70E1-4E20-AB89-6E67DE473649} - System32\Tasks\Java Update Scheduler => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2016-01-29] (Oracle Corporation)
Task: {58F086C9-9762-47DF-A405-C9F88FFF6A45} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-1165394420-3520031323-336608003-1000Core => C:\Users\Stephanie\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2015-06-14] (Dropbox, Inc.)
Task: {5A40E926-9E86-4B89-9CFD-B12311724371} - System32\Tasks\Microsoft\Windows\UPnP\UPnPHostConfig => config upnphost start= auto
Task: {614C87F5-92E8-4D04-85D4-321835711BE0} - System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-1165394420-3520031323-336608003-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2014-07-24] (RealNetworks, Inc.)
Task: {62ABE018-2A92-4138-89DD-734E8631B28A} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2016-01-21] (Microsoft Corporation)
Task: {64210777-BA4A-4E66-93BE-0C7C6049F88F} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime => C:\Windows\system32\GWX\GWXUXWorker.exe [2015-12-05] (Microsoft Corporation)
Task: {65D17FB1-1FC3-4654-A5B6-7F03E5AD97F8} - System32\Tasks\HpWebReg.exe => -model "HP Officejet 6500 E710n-z" -serialno CN08B1127305JW -modelid CN557A -serviceID 22192 -invitation yes
Task: {660207D9-8273-418E-A42D-58AA3163D99D} - System32\Tasks\{5461B379-269A-49A7-893B-414C78228C00} => pcalua.exe -a C:\Users\Stephanie\Downloads\T1.exe -d C:\Users\Stephanie\Downloads
Task: {6A054173-A029-440C-B24C-8BAD92841678} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2016-01-21] (Microsoft Corporation)
Task: {6CC9EBF2-C73B-4EF5-8D1E-0D98507F8FCF} - System32\Tasks\Google Updater and Installer => C:\Users\Stephanie\AppData\Local\Google\Update\GoogleUpdate.exe
Task: {6D147E69-57DC-4DD4-B1BA-89E6DA652BB9} - System32\Tasks\{5340A9B8-DF73-4188-9147-8112496C8CA2} => C:\Program Files (x86)\Buhl\WISO Mein Geld 2012\MG.exe
Task: {79499F12-9A21-47C0-AEE4-220C6FCC0BF6} - System32\Tasks\{690A888E-C19A-4512-94C3-9DBA514C08CC} => C:\Users\Stephanie\Downloads\SetupVirtualCloneDrive5450.exe
Task: {8A8C60D9-C061-4287-A654-94353ADCDF0A} - System32\Tasks\{18838D2D-91DE-4661-959B-34D9212AB4CB} => pcalua.exe -a G:\daemon410-x86.exe -d G:\
Task: {92ECE39A-BCB3-4779-AA67-3A540071D9F5} - System32\Tasks\4Team updater => C:\Program Files (x86)\4Team Corporation\4Team-Updater\4Team-Updater.exe
Task: {9509FBD5-992E-4FB7-9AF8-B7BBA13B8702} - System32\Tasks\{58ADB112-4733-4633-971E-B6E2F34C5ED4} => pcalua.exe -a C:\Users\Stephanie\Downloads\GTDInstall.exe -d C:\Users\Stephanie\Downloads
Task: {9C49DB7D-1A63-42B7-B4AC-3FC9188860D3} - System32\Tasks\{CA54D24B-9E1A-4DD5-8747-FB089B00B4FF} => pcalua.exe -a C:\Users\Stephanie\Downloads\wlsetup-web(2).exe -d C:\Users\Stephanie\Downloads
Task: {9FB14942-9B29-4ED3-82FA-794D13A17586} - System32\Tasks\{BD6396AB-58E9-4859-90E6-0ABC979391EE} => pcalua.exe -a C:\Users\Stephanie\Downloads\WISOSteuersoftware2013.exe -d C:\Users\Stephanie\Downloads
Task: {9FB979F0-A8D2-45B3-B343-3C303B096100} - System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-1165394420-3520031323-336608003-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2014-07-24] (RealNetworks, Inc.)
Task: {A1D076C9-1ACB-446B-8B2B-83CB9139E16A} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-09-01] (Google Inc.)
Task: {A26AB860-220D-479C-A583-AA54D19CE2DF} - System32\Tasks\Run RoboForm TaskBar Icon => C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe
Task: {A420273A-950C-4F10-A104-31B695D0BD27} - System32\Tasks\{5A9C75DA-3100-4F5D-A2F0-3D0C464569B2} => pcalua.exe -a "C:\Program Files (x86)\Buhl\WISO Mein Geld 2015\setup.exe" -c /ProductCode={69A8D9C1-E630-4AD8-B20F-F1BAE4064B2A}
Task: {A63611AC-4692-4CE4-8680-5377CEAEE277} - System32\Tasks\{1CB68AC2-93E9-4871-8274-F0B1B73BDE17} => C:\Users\Stephanie\Documents\PrismaCards\PrismaCards.exe [2010-12-07] (You 2 Software (www.You2.de))
Task: {A8CC2206-A26B-4ED0-A2E0-077A9054FCB8} - System32\Tasks\{5BABA52D-C073-40CF-BCC9-1879265FA67E} => pcalua.exe -a "C:\Program Files (x86)\Buhl\WISO Mein Geld 2014\Setup.exe" -c /ProductCode={ECA992F9-0CF9-4A47-8B07-3FFB316C6637}
Task: {AC661407-285F-4C96-A757-37C52A76F48F} - System32\Tasks\{C189928E-8FAB-4EF3-AA43-926B93C5750C} => pcalua.exe -a D:\Start.exe -d D:\
Task: {B2AC7D37-D24D-4E90-83D8-FDDC4CA0AA45} - System32\Tasks\RealDownloaderDownloaderScheduledTaskS-1-5-21-1165394420-3520031323-336608003-1000 => C:\Program Files (x86)\RealNetworks\RealDownloader\recordingmanager.exe
Task: {B7BB27D4-513A-4F86-8E0D-3BF74E3695E2} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2015-08-26] (Apple Inc.)
Task: {C10D603B-182B-428D-88AA-8BF11444FBB9} - System32\Tasks\{1410237C-08BE-4443-B427-F32B582CE6C2} => pcalua.exe -a C:\Users\Stephanie\Downloads\WISOFinanz2012.exe -d C:\Windows\system32
Task: {C22CC128-267C-4205-AD04-AE42AD5C3C98} - System32\Tasks\{075E73A8-3589-43BF-A4BB-4DBE2DC76C1D} => G:\daemon410-x86.exe
Task: {C71F4C20-6589-4446-9FB3-20C6DC312D70} - System32\Tasks\{1D1631B8-E3CC-45F7-A552-B27FC189CF71} => pcalua.exe -a D:\Start.exe -d D:\
Task: {D41E38B9-1188-4B6B-8FDF-0060D4808B8D} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-12-13] (Adobe Systems Incorporated)
Task: {D7916C24-3BB1-460F-B0F5-CDED52B0B0E3} - System32\Tasks\{7A86187A-31C6-4EFA-844D-361B364368A9} => pcalua.exe -a "C:\Program Files (x86)\Common Files\microsoft shared\VSTO\10.0\VSTOInstaller.exe" -d C:\Windows\system32 -c /uninstall "C:\Program Files (x86)\outlook_dav\outlook_dav.vsto"
Task: {DB40A99F-349E-4C65-9D7D-0D7B9A3967A7} - System32\Tasks\{E6844382-B984-438B-B8C3-DBF8EE3AF04D} => G:\daemon410-x86.exe
Task: {DD9F510C-95F4-499A-90C8-BAC5BC372FF4} - System32\Tasks\Microsoft\Windows\SoftwareProtectionPlatform\SvcRestartTask => start sppsvc
Task: {DE88AAF8-2DEA-45BD-B545-D626939C566C} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-02-10] (Adobe Systems Incorporated)
Task: {DEAAB650-E57C-4526-9A47-AC22302B7ACE} - System32\Tasks\{4DE0AA33-497C-4FC7-8BD8-7AA218322FC3} => G:\daemon410-x86.exe
Task: {DEBF0953-C3CB-48F8-8777-91722270BC99} - System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-1165394420-3520031323-336608003-1000 => C:\Program Files (x86)\RealNetworks\RealDownloader\realupgrade.exe
Task: {E9AD4689-043D-4974-96B3-4980ACC775A0} - System32\Tasks\Microsoft_Hardware_Launch_IPoint_exe => c:\Program Files\Microsoft IntelliPoint\IPoint.exe [2011-08-01] (Microsoft Corporation)
Task: {EEB96AE1-20DB-46F1-BE0D-AD555CEF8CD5} - System32\Tasks\{A22042F0-C811-4A8F-A790-6CDC0111ECE9} => pcalua.exe -a C:\Users\Stephanie\Downloads\jxpiinstall.exe -d "C:\Program Files (x86)\Mozilla Firefox"
Task: {F391402C-F53D-4079-9488-0432CED5B89A} - System32\Tasks\Neuer Scan (1) => C:\Program Files (x86)\Sophos\Sophos Anti-Virus\BackgroundScanClient.exe [2014-06-06] (Sophos Limited)
Task: {FEBED14A-5B40-4E3F-8B27-F37CD5EE1F6E} - System32\Tasks\RealUpgradeScheduledTaskS-1-5-21-1165394420-3520031323-336608003-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2014-07-24] (RealNetworks, Inc.)
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Aufgabe verschoben. Die Datei, die durch die Aufgabe gestartet wird, wird nicht verschoben.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-1165394420-3520031323-336608003-1000Core.job => C:\Users\Stephanie\AppData\Local\Dropbox\Update\DropboxUpdate.exe
Task: C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-1165394420-3520031323-336608003-1000UA.job => C:\Users\Stephanie\AppData\Local\Dropbox\Update\DropboxUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\Neuer Scan (1).job => C:\Program Files (x86)\Sophos\Sophos Anti-Virus\BackgroundScanClient.exe
==================== Verknüpfungen =============================
(Die Einträge können gelistet werden, um sie zurückzusetzen oder zu entfernen.)
==================== Geladene Module (Nicht auf der Ausnahmeliste) ==============
2011-04-01 06:00 - 2011-04-01 06:00 - 00034304 _____ () C:\Windows\System32\ssk3mlm.dll
2015-01-20 22:35 - 2015-01-20 22:35 - 00085832 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2015-10-13 05:45 - 2015-10-13 05:45 - 01328912 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2015-11-11 16:15 - 2016-01-21 07:34 - 00173256 _____ () C:\Program Files\Common Files\Microsoft Shared\ClickToRun\ApiClient.dll
2015-10-06 12:05 - 2015-10-06 12:05 - 00287712 _____ () C:\Program Files (x86)\Synology\CloudStation\bin\vss-service-x64.exe
2013-10-09 09:52 - 2013-10-09 09:52 - 00384072 _____ () C:\Program Files (x86)\Synology Data Replicator 3\SynoDrServicex64.exe
2015-05-11 08:12 - 2015-05-11 08:12 - 00248736 _____ () C:\Program Files (x86)\Synology\Assistant\UsbClientService.exe
2014-04-30 09:01 - 2014-04-30 09:01 - 00035328 _____ () C:\Program Files (x86)\Synology\Photo Station Uploader\ShellExtHandler.dll
2011-07-18 22:04 - 2011-07-18 22:04 - 00301568 _____ () C:\Program Files (x86)\Notepad++\NppShell_04.dll
2015-11-17 09:45 - 2015-11-17 09:45 - 01047552 _____ () C:\Users\Stephanie\AppData\Local\CloudStation\CloudStation.app\icon-overlay\14\x64\ContextMenu.dll
2015-12-07 17:04 - 2015-12-07 17:04 - 00820224 _____ () C:\Users\Stephanie\AppData\Roaming\BitTorrent Sync\SyncShellExtension64_A0.dll
2014-06-06 08:08 - 2015-05-13 07:24 - 00111400 _____ () C:\Program Files (x86)\Sophos\Sophos Anti-Virus\rkdisk.dll
2010-03-23 12:26 - 2010-03-23 12:26 - 00201512 _____ () C:\Program Files (x86)\Cisco Systems\VPN Client\vpnapi.dll
2015-08-11 14:36 - 2015-08-11 14:36 - 00024896 _____ () C:\Program Files (x86)\Common Files\Acronis\Infrastructure\core_workers_shared_context.dll
2015-11-26 10:40 - 2015-11-26 10:40 - 00035760 _____ () C:\Program Files (x86)\Common Files\Acronis\Home\thread_pool.dll
2015-11-26 11:13 - 2015-11-26 11:13 - 04093976 _____ () C:\Program Files (x86)\Common Files\Acronis\Infrastructure\atih_mms_addon.dll
2015-08-23 14:59 - 2015-08-23 14:59 - 00606672 _____ () C:\Program Files (x86)\Common Files\Acronis\Infrastructure\sqlite3.dll
2015-11-26 11:07 - 2015-11-26 11:07 - 19884832 _____ () C:\Program Files (x86)\Acronis\TrueImageHome\ti_managers.dll
2015-11-26 10:42 - 2015-11-26 10:42 - 00445872 _____ () C:\Program Files (x86)\Common Files\Acronis\Home\ulxmlrpcpp.dll
2015-11-26 10:36 - 2015-11-26 10:36 - 00115632 _____ () C:\Program Files (x86)\Common Files\Acronis\Home\EXPAT.dll
==================== Alternate Data Streams (Nicht auf der Ausnahmeliste) =========
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird nur der ADS entfernt.)
AlternateDataStreams: C:\ProgramData:BDSDRMHK
AlternateDataStreams: C:\Users\All Users:BDSDRMHK
AlternateDataStreams: C:\ProgramData\Anwendungsdaten:BDSDRMHK
AlternateDataStreams: C:\ProgramData\Application Data:BDSDRMHK
AlternateDataStreams: C:\Users\Stephanie\Documents\Eigene Datenquellen:Roxio EMC Stream
AlternateDataStreams: C:\Users\Stephanie\Documents\Famlienbilder Hamburger.jpg:Roxio EMC Stream
AlternateDataStreams: C:\Users\Stephanie\Documents\Ray Ban.JPG:Roxio EMC Stream
==================== Abgesicherter Modus (Nicht auf der Ausnahmeliste) ===================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Der Wert "AlternateShell" wird wiederhergestellt.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SAVService => ""="service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SAVService => ""="service"
==================== EXE Verknüpfungen (Nicht auf der Ausnahmeliste) ===============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt.)
==================== Internet Explorer Vertrauenswürdig/Eingeschränkt ===============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt.)
IE trusted site: HKU\S-1-5-21-1165394420-3520031323-336608003-1000\...\samsungsetup.com -> hxxp://www.samsungsetup.com
==================== Hosts Inhalt: ===============================
(Wenn benötigt kann der Hosts: Schalter in die Fixlist aufgenommen werden um die Hosts Datei zurückzusetzen.)
2009-07-14 03:34 - 2009-06-10 22:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
==================== Andere Bereiche ============================
(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)
HKU\S-1-5-21-1165394420-3520031323-336608003-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Stephanie\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.178.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 2) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall ist deaktiviert.
==================== MSCONFIG/TASK MANAGER Deaktivierte Einträge ==
(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)
MSCONFIG\Services: Agile1Password => 3
MSCONFIG\Services: Apple Mobile Device Service => 2
MSCONFIG\Services: AppleOSSMgr => 2
MSCONFIG\Services: AppleTimeSrv => 2
MSCONFIG\Services: iPod Service => 3
MSCONFIG\Services: Secunia PSI Agent => 2
MSCONFIG\Services: Secunia Update Agent => 2
MSCONFIG\Services: Sophos AutoUpdate Service => 2
MSCONFIG\Services: StarMoney 9.0 OnlineUpdate => 3
MSCONFIG\Services: TeamViewer7 => 2
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^AkrutoSync.lnk => C:\Windows\pss\AkrutoSync.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Marketsplash Drucksoftware.lnk => C:\Windows\pss\Marketsplash Drucksoftware.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^MozyHome Status.lnk => C:\Windows\pss\MozyHome Status.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Nach Updates suchen.lnk => C:\Windows\pss\Nach Updates suchen.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^vpngui.exe.lnk => C:\Windows\pss\vpngui.exe.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^WISO Mein Steuer-Sparbuch heute.lnk => C:\Windows\pss\WISO Mein Steuer-Sparbuch heute.lnk.CommonStartup
MSCONFIG\startupfolder: C:^Users^Stephanie^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dropbox.lnk => C:\Windows\pss\Dropbox.lnk.Startup
MSCONFIG\startupfolder: C:^Users^Stephanie^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^EvernoteClipper.lnk => C:\Windows\pss\EvernoteClipper.lnk.Startup
MSCONFIG\startupfolder: C:^Users^Stephanie^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Fences.lnk => C:\Windows\pss\Fences.lnk.Startup
MSCONFIG\startupreg: (default) =>
MSCONFIG\startupreg: Acrobat Assistant 8.0 => "C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Acrotray.exe"
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: ApplePhotoStreams => C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
MSCONFIG\startupreg: APSDaemon => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: Bing Bar => "C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2348.0\mswinext.exe"
MSCONFIG\startupreg: BitTorrent Sync => "C:\Users\Stephanie\AppData\Roaming\BitTorrent Sync\BTSync.exe" /MINIMIZED
MSCONFIG\startupreg: BoxSync => "C:\Program Files\Box\Box Sync\BoxSync.exe" -m
MSCONFIG\startupreg: Cisco AnyConnect Secure Mobility Agent for Windows => "C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe" -minimized
MSCONFIG\startupreg: DAEMON Tools Lite => "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
MSCONFIG\startupreg: Dashlane => "C:\Users\Stephanie\AppData\Roaming\Dashlane\Dashlane.exe" autoLaunchAtStartup
MSCONFIG\startupreg: eM Client => "C:\Program Files (x86)\eM Client\MailClient.exe" /startup
MSCONFIG\startupreg: Google Update => "C:\Users\Stephanie\AppData\Local\Google\Update\GoogleUpdate.exe" /c
MSCONFIG\startupreg: gSyncit => C:\Program Files (x86)\Fieldston Software\gSyncit\gsyncit.exe
MSCONFIG\startupreg: GyroQ => C:\Program Files (x86)\Gyronix\GyroQ\GyroQ.exe
MSCONFIG\startupreg: HandyShareStartup => "C:\Program Files (x86)\ZOOM\HandyShare\HandyShare_startup.exe"
MSCONFIG\startupreg: HP Software Update => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
MSCONFIG\startupreg: iCloudDrive => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe
MSCONFIG\startupreg: iCloudPhotos => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudPhotos.exe
MSCONFIG\startupreg: iCloudServices => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: KeePass 2 PreLoad => "C:\Program Files (x86)\KeePass Password Safe 2\KeePass.exe" --preload
MSCONFIG\startupreg: LexwareInfoService => C:\Program Files (x86)\Lexware\Update Manager\LxUpdateManager.exe /autostart
MSCONFIG\startupreg: Mailbell => "C:\Program Files (x86)\MailBell\mailbell.exe"
MSCONFIG\startupreg: MMReminderService => C:\Program Files (x86)\Mindjet\MindManager 10\MMReminderService.exe
MSCONFIG\startupreg: My Movies Tray => "C:\Program Files (x86)\Binnerup Consult\My Movies for Windows Media Center\My Movies Tray.exe"
MSCONFIG\startupreg: Password Depot => "C:\Program Files (x86)\AceBIT\Password Depot 6\PasswordDepot.exe"
MSCONFIG\startupreg: QuickTime Task => "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
MSCONFIG\startupreg: Reader Application Helper => C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\ReaderAppHelper.exe
MSCONFIG\startupreg: RemoTerm.exe => C:\Program Files (x86)\Common Files\PCTV Systems\RemoTerm\RemoTerm.exe
MSCONFIG\startupreg: RoboForm => "C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"
MSCONFIG\startupreg: SimpleSYN.NET => "C:\Program Files (x86)\creativbox.net\SimpleSYN\CBN.SimpleSYN.NET.exe"
MSCONFIG\startupreg: Sophos AutoUpdate Monitor => C:\Program Files (x86)\Sophos\AutoUpdate\almon.exe
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
MSCONFIG\startupreg: TkBellExe => "c:\program files (x86)\real\realplayer\Update\realsched.exe" -osboot
MSCONFIG\startupreg: TVCenter.exe => C:\Program Files (x86)\PCTV Systems\TVCenter\TVCenter.exe -server
MSCONFIG\startupreg: Wondershare Helper Compact.exe => C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
MSCONFIG\startupreg: Zahlungserinnerung => "C:\Program Files (x86)\Buhl\WISO Mein Geld 2012\Erinnerung.exe"
==================== Firewall Regeln (Nicht auf der Ausnahmeliste) ===============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [{B80BA29F-6900-4709-A4AC-62CCFFA7703A}] => (Allow) C:\Program Files\HP\HP Officejet 6500 E710n-z\Bin\DeviceSetup.exe
FirewallRules: [{88A058DF-743B-4F79-8A9C-BD75B86F640F}] => (Allow) C:\Program Files\HP\HP Officejet 6500 E710n-z\Bin\DeviceSetup.exe
FirewallRules: [{8C45A303-7371-407A-BAC2-86F92B06F299}] => (Allow) C:\Program Files\HP\HP Officejet 6500 E710n-z\Bin\HPNetworkCommunicator.exe
FirewallRules: [{92D5677E-B36D-4AD3-A0CC-9E27B82CEB3D}] => (Allow) C:\Program Files\HP\HP Officejet 6500 E710n-z\Bin\HPNetworkCommunicator.exe
FirewallRules: [TCP Query User{22F24A0B-58A4-4C42-A3E2-1D45BCC9F247}C:\users\stephanie\appdata\roaming\dropbox\bin\dropbox.exe] => (Block) C:\users\stephanie\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [UDP Query User{E62CED53-EF7A-4B48-B02C-42034F8CB5D6}C:\users\stephanie\appdata\roaming\dropbox\bin\dropbox.exe] => (Block) C:\users\stephanie\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [{59F7A630-4F6F-4623-A085-D237CF2033B2}] => (Allow) LPort=51408
FirewallRules: [{D17477B8-D516-4605-A35E-4C5AF6D868FC}] => (Allow) LPort=51409
FirewallRules: [{9D365A26-99E9-4E3D-A381-9846757CE31F}] => (Allow) LPort=51410
FirewallRules: [{9A3462AC-EC4C-42A5-BCAE-3C2063EE9F98}] => (Allow) LPort=51411
FirewallRules: [{2E8B83D0-C3D1-43B9-857B-03128BE5D717}] => (Allow) LPort=51412
FirewallRules: [{496E3B6C-074D-452B-B2AB-B1A92CE73FC6}] => (Allow) LPort=51413
FirewallRules: [TCP Query User{C7A68A8D-96E5-4437-9B7C-DC8913C902E0}C:\windows\ehome\ehexthost.exe] => (Allow) C:\windows\ehome\ehexthost.exe
FirewallRules: [UDP Query User{19D140B5-05F3-4495-B191-15F7679C2264}C:\windows\ehome\ehexthost.exe] => (Allow) C:\windows\ehome\ehexthost.exe
FirewallRules: [{EF7DC07A-9619-4B76-93F6-2A40F86E1B67}] => (Allow) C:\Program Files (x86)\PCTV Systems\TVCenter\TVCenter.exe
FirewallRules: [{98E22DEA-4C7A-4C78-8E14-3EC66898D29B}] => (Allow) C:\Program Files (x86)\Common Files\PCTV Systems\PVR\VideoControl.exe
FirewallRules: [{CA7A939A-6DCA-4290-9790-E077C1D08586}] => (Allow) C:\Program Files (x86)\Common Files\PCTV Systems\StreamingServer\StrmServer.exe
FirewallRules: [{BCC468C1-BF2B-40C2-A7D1-655DDA3A1DF2}] => (Allow) LPort=1900
FirewallRules: [{2FBEBCB2-5E56-416A-8FD1-2FBFC160B575}] => (Allow) LPort=2869
FirewallRules: [{BEB70025-D4E1-4E82-84DA-6F0F158532D4}] => (Allow) C:\Windows\ehome\ehrecvr.exe
FirewallRules: [{4D7EFA9C-6F30-4FAD-B191-02EA2E4CE2EF}] => (Allow) LPort=41982
FirewallRules: [{CBC9708C-210F-4C07-8F40-59A08D874B46}] => (Allow) LPort=41982
FirewallRules: [{3CE3C6C0-5449-4EB2-971D-B9CCF2C7A719}] => (Allow) C:\Program Files (x86)\Moony\moony.exe
FirewallRules: [{4EB34DF0-907B-4825-8FB2-1620C14CC3C6}] => (Allow) C:\Program Files (x86)\Moony\moony.exe
FirewallRules: [{9E5FFA96-B44C-44C7-8EE9-4D23B046C014}] => (Allow) C:\Program Files (x86)\Software4u\iPhone Explorer\Software4u.IPhoneExplorer.exe
FirewallRules: [{B11B144C-294D-4EBC-8B98-338327C2F2C0}] => (Allow) C:\Program Files (x86)\Software4u\iPhone Explorer\Software4u.IPhoneExplorer.exe
FirewallRules: [{EE0A79EE-7F7E-4B72-B91E-14DA20B2FE58}] => (Allow) C:\Program Files (x86)\WebISSync\iPISync.exe
FirewallRules: [{5D91E233-E087-4EDB-838C-451192E4B708}] => (Allow) C:\Program Files (x86)\WebISSync\iPISync.exe
FirewallRules: [TCP Query User{851898FF-ED61-49C8-A0A0-FE9C33871ADC}C:\program files (x86)\google\google earth\plugin\geplugin.exe] => (Allow) C:\program files (x86)\google\google earth\plugin\geplugin.exe
FirewallRules: [UDP Query User{7777F644-612B-404F-AD3D-9A1DAA954E6B}C:\program files (x86)\google\google earth\plugin\geplugin.exe] => (Allow) C:\program files (x86)\google\google earth\plugin\geplugin.exe
FirewallRules: [TCP Query User{246F2956-AFFC-48BD-95F4-9C73F1CF7F9D}C:\program files (x86)\mozilla firefox\plugin-container.exe] => (Block) C:\program files (x86)\mozilla firefox\plugin-container.exe
FirewallRules: [UDP Query User{9ECF9855-6DEE-4D70-AF98-DF36B50B1F66}C:\program files (x86)\mozilla firefox\plugin-container.exe] => (Block) C:\program files (x86)\mozilla firefox\plugin-container.exe
FirewallRules: [{AB6B894E-C8CC-4D31-B8A0-04BF5F68AA9B}] => (Allow) LPort=41982
FirewallRules: [{0B77D295-ED54-4A4F-A2BF-1E4020393BA6}] => (Allow) C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe
FirewallRules: [{9C3DD0E9-F997-4C92-8034-68DB195E6B48}] => (Allow) C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe
FirewallRules: [{B218F47E-7AA1-4E94-ABD2-DF1B16F25167}] => (Allow) C:\Program Files (x86)\Samsung\Easy Printer Manager\IDS.Application.exe
FirewallRules: [{2746A965-0A23-46D6-8B87-F728E628EA64}] => (Allow) C:\Program Files (x86)\Samsung\Easy Printer Manager\IDS.Application.exe
FirewallRules: [{17675FEC-1D8C-4C01-94AC-07A864003175}] => (Allow) C:\Program Files (x86)\Samsung\Easy Printer Manager\OrderSupplies.exe
FirewallRules: [{591FBD70-411B-47FF-9382-2DF2C1306C5F}] => (Allow) C:\Program Files (x86)\Samsung\Easy Printer Manager\OrderSupplies.exe
FirewallRules: [{FD8B61C7-76BD-41CA-8796-6E3DF9B69261}] => (Allow) C:\Program Files (x86)\Samsung\Easy Printer Manager\IDSAlert.exe
FirewallRules: [{699F4DFF-C55E-41FD-B92D-7CC3FD8ACD8F}] => (Allow) C:\Program Files (x86)\Samsung\Easy Printer Manager\IDSAlert.exe
FirewallRules: [{97DEE068-87A0-4395-B1F8-64170F52196E}] => (Allow) C:\Program Files (x86)\Samsung\Easy Printer Manager\CDAS2PC\CDAS2PC.exe
FirewallRules: [{9851F4AA-668E-45F4-ABDD-F99F30DADA9E}] => (Allow) C:\Program Files (x86)\Samsung\Easy Printer Manager\CDAS2PC\CDAS2PC.exe
FirewallRules: [{085B6AFC-D1BD-434C-9293-573BB3E372D3}] => (Allow) C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe
FirewallRules: [{7DAFB828-8EAF-4E1C-84A7-587C2E38FFCF}] => (Allow) C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe
FirewallRules: [{DB9837F9-84C8-4817-9E1E-EFE11974832E}] => (Allow) C:\Program Files (x86)\Samsung\Easy Printer Manager\IDS.Application.exe
FirewallRules: [{D0B2CDFB-454B-4A68-85C3-69A923921250}] => (Allow) C:\Program Files (x86)\Samsung\Easy Printer Manager\IDS.Application.exe
FirewallRules: [{88625C8F-7CF0-4AF2-AA32-BF6DECBAED9D}] => (Allow) C:\Program Files (x86)\Samsung\Easy Printer Manager\OrderSupplies.exe
FirewallRules: [{B0F2B42C-238A-441A-9D49-DEFC750ED672}] => (Allow) C:\Program Files (x86)\Samsung\Easy Printer Manager\OrderSupplies.exe
FirewallRules: [{BF6F09EA-C42B-4FAA-AC50-CFCCDFF68A3B}] => (Allow) C:\Program Files (x86)\Samsung\Easy Printer Manager\IDSAlert.exe
FirewallRules: [{08CA54C5-AE85-4F7F-8CF8-1ACA72DEDF9C}] => (Allow) C:\Program Files (x86)\Samsung\Easy Printer Manager\IDSAlert.exe
FirewallRules: [{266C5D37-C67A-4CA4-A762-6011D2807771}] => (Allow) C:\Program Files (x86)\Samsung\Easy Printer Manager\CDAS2PC\CDAS2PC.exe
FirewallRules: [{2ECCA724-1B43-4EF6-B4BC-99F1B0C49B73}] => (Allow) C:\Program Files (x86)\Samsung\Easy Printer Manager\CDAS2PC\CDAS2PC.exe
FirewallRules: [{D0C08A0E-3A3D-400F-9072-4DFC7C997310}] => (Allow) %systemroot%\WindowsMobile\wmdHost.exe
FirewallRules: [{2C978648-977A-41BC-A909-CAD3FB3FCFBD}] => (Allow) %systemroot%\WindowsMobile\wmdHost.exe
FirewallRules: [{62D6752B-19FC-4F6E-A4E3-6C8971FD0226}] => (Allow) LPort=26675
FirewallRules: [TCP Query User{DF5ABE9D-58C3-419E-B087-C69D47CEF543}C:\users\stephanie\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\stephanie\appdata\roaming\spotify\spotify.exe
FirewallRules: [UDP Query User{D4145EA8-4B77-46FE-B01A-F45543FED449}C:\users\stephanie\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\stephanie\appdata\roaming\spotify\spotify.exe
FirewallRules: [{5E063430-F187-4DA6-AEAC-2BB54A33D4CE}] => (Allow) C:\Program Files (x86)\TeamViewer\Version7\TeamViewer.exe
FirewallRules: [{291B5E3A-4DE9-40CE-A78A-BB0227B38C22}] => (Allow) C:\Program Files (x86)\TeamViewer\Version7\TeamViewer.exe
FirewallRules: [{57BBE7B5-EA48-4735-8B6F-A2CCF420ED57}] => (Allow) C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
FirewallRules: [{82E80180-D3C8-430D-8F63-799E250DA3C1}] => (Allow) C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
FirewallRules: [{C27741E7-7B0E-41E2-8751-A19E0A70C925}] => (Allow) C:\Users\Stephanie\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe
FirewallRules: [{11DBD341-3616-4834-9D00-DF0AB13E2D5E}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [TCP Query User{EA32A741-5C63-449B-94D4-00CD11B83857}C:\users\stephanie\appdata\roaming\octoshape\octoshape streaming services\octoshapeclient.exe] => (Allow) C:\users\stephanie\appdata\roaming\octoshape\octoshape streaming services\octoshapeclient.exe
FirewallRules: [UDP Query User{AAF78398-4EF5-4B1E-BEDA-C7DD6CDE0293}C:\users\stephanie\appdata\roaming\octoshape\octoshape streaming services\octoshapeclient.exe] => (Allow) C:\users\stephanie\appdata\roaming\octoshape\octoshape streaming services\octoshapeclient.exe
FirewallRules: [TCP Query User{0F9DC540-B501-4F8D-BD0A-FF7CD4DF1052}C:\users\stephanie\downloads\btsync.exe] => (Block) C:\users\stephanie\downloads\btsync.exe
FirewallRules: [UDP Query User{D537A008-56BD-4FD4-8A96-B9DC0941CA38}C:\users\stephanie\downloads\btsync.exe] => (Block) C:\users\stephanie\downloads\btsync.exe
FirewallRules: [TCP Query User{7934C0BB-9E6D-4C6A-AFFF-878F127381CD}C:\program files (x86)\synology\photo station uploader\mediauploader.exe] => (Allow) C:\program files (x86)\synology\photo station uploader\mediauploader.exe
FirewallRules: [UDP Query User{5B052305-F55B-4419-888C-22A74FA65279}C:\program files (x86)\synology\photo station uploader\mediauploader.exe] => (Allow) C:\program files (x86)\synology\photo station uploader\mediauploader.exe
FirewallRules: [{8DFCA4F5-1FA1-44E7-9FDB-E6C3D244638D}] => (Allow) C2OutlookSync.exe
FirewallRules: [{12CB2940-784B-4840-84CE-C92FC990E32E}] => (Allow) C:\Users\Stephanie\AppData\Roaming\Copy\CopyAgent.exe
FirewallRules: [{7D1DA02F-02A9-4FDB-9013-18A8964BE829}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{72D7EE44-6082-4059-AF9C-4DC058B7C002}] => (Allow) LPort=2869
FirewallRules: [{98A41977-F01C-4CB6-B2F1-0CD2DBD2E1BF}] => (Allow) LPort=1900
FirewallRules: [{A35D3EA7-8E4D-482A-BBC2-C9010C408B73}] => (Allow) C:\Program Files (x86)\Nero\Nero BackItUp\NBService.exe
FirewallRules: [{D2C47B12-7AC3-4EC0-89B3-F0E5BFECC277}] => (Allow) C:\Program Files (x86)\Nero\Nero BackItUp\NBService.exe
FirewallRules: [{755632CE-160F-42D9-BF01-58390168ED97}] => (Allow) C:\Program Files (x86)\Nero\Nero BackItUp\NBService.exe
FirewallRules: [{DFDFD8D4-7C6B-474B-AAB7-2244F3D83D9E}] => (Allow) C:\Program Files (x86)\Nero\Nero BackItUp\NBService.exe
FirewallRules: [{76FEA023-ADAF-4A51-AFDA-324A693AFC8C}] => (Allow) C:\Program Files (x86)\Nero\Nero BackItUp\NBService.exe
FirewallRules: [{398E275B-B079-4EA2-8C63-7B544BF9B589}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{D5EF2BF3-0A1E-43CC-A228-E7E0F8A51862}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{00069568-8038-444F-974F-A6DBB1639224}] => (Allow) C:\Program Files (x86)\lexware\Update Service\Hmg.InstallationService.Service.exe
FirewallRules: [{513725E7-D39D-4A8A-AEF0-FCADFE8F79EF}] => (Allow) C:\Program Files (x86)\lexware\Update Service\Hmg.InstallationService.Service.exe
FirewallRules: [TCP Query User{C4E43FFA-E019-4702-B823-BBDFFDA28DC3}C:\program files (x86)\common files\xpressupdate\xpressupdate.exe] => (Allow) C:\program files (x86)\common files\xpressupdate\xpressupdate.exe
FirewallRules: [UDP Query User{944CBC1B-A483-41C9-B570-3A774781F042}C:\program files (x86)\common files\xpressupdate\xpressupdate.exe] => (Allow) C:\program files (x86)\common files\xpressupdate\xpressupdate.exe
FirewallRules: [{1B89ED56-F50C-47A0-B683-280133AE1A2B}] => (Allow) C:\Users\Stephanie\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{BC1F6906-F5BB-4588-A776-88F188B477F9}] => (Allow) C:\Users\Stephanie\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [TCP Query User{871DD067-7C76-4F6A-8A31-5BB5DC8D1CA7}C:\users\stephanie\downloads\data_replicator_0153(1)\backup.exe] => (Allow) C:\users\stephanie\downloads\data_replicator_0153(1)\backup.exe
FirewallRules: [UDP Query User{32FBF598-124B-4D2C-8F11-B1502DFE97EF}C:\users\stephanie\downloads\data_replicator_0153(1)\backup.exe] => (Allow) C:\users\stephanie\downloads\data_replicator_0153(1)\backup.exe
FirewallRules: [TCP Query User{A198B808-915C-4C59-AF03-5BE4B7D846F0}C:\program files (x86)\synology data replicator 3\backup.exe] => (Allow) C:\program files (x86)\synology data replicator 3\backup.exe
FirewallRules: [UDP Query User{F2190A97-C0B7-4877-9DF3-D9D7EC5CA83E}C:\program files (x86)\synology data replicator 3\backup.exe] => (Allow) C:\program files (x86)\synology data replicator 3\backup.exe
FirewallRules: [{FAD179EC-4BDA-4495-ADC1-4BAABE3426D6}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{244B4577-8464-4B73-A81B-6DA1E3ADD858}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{F3CAA5C2-834D-41A1-81C5-02B5175219BD}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{7E85E458-8CD2-4C0A-9535-A726A4D3447F}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{0ABB4D94-5012-4FBE-9523-8F16309D2066}] => (Allow) C:\Users\Stephanie\AppData\Roaming\BitTorrent Sync\BTSync.exe
FirewallRules: [{7A770511-5ED4-4D88-A3D5-946C743187B9}] => (Allow) C:\Users\Stephanie\AppData\Roaming\BitTorrent Sync\BTSync.exe
FirewallRules: [{7F5A3DDF-EC18-4797-943C-4DC6FF8E7D40}] => (Allow) C:\Program Files\Akruto\AkrutoSync.exe
FirewallRules: [{5D2A3A8D-253E-4079-824B-78345320A2B3}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{A65D0C7B-9DBA-479F-896A-CE0CB4E02F9C}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [TCP Query User{DBBC775B-7AC3-48D3-9B72-91175662C16A}C:\users\stephanie\appdata\local\cloudstation\cloudstation.app\bin\cloud-drive-connect.exe] => (Allow) C:\users\stephanie\appdata\local\cloudstation\cloudstation.app\bin\cloud-drive-connect.exe
FirewallRules: [UDP Query User{8361B0D5-AEE6-4BC2-B6A1-3CA9DAA3EB8C}C:\users\stephanie\appdata\local\cloudstation\cloudstation.app\bin\cloud-drive-connect.exe] => (Allow) C:\users\stephanie\appdata\local\cloudstation\cloudstation.app\bin\cloud-drive-connect.exe
FirewallRules: [{492D55D4-E6A1-496F-9D9D-FE5C5A94B9B8}] => (Allow) C:\Program Files\Akruto\AkrutoSync.exe
FirewallRules: [{30846332-8EB5-4A84-AEC6-5DB5792B39AB}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\outlook.exe
FirewallRules: [{EF56D178-A63E-44ED-97A6-944AA80D47D9}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [TCP Query User{7986E42A-6858-4F03-AC6F-C9FCFF1414E6}C:\program files (x86)\synology\assistant\dsassistant.exe] => (Allow) C:\program files (x86)\synology\assistant\dsassistant.exe
FirewallRules: [UDP Query User{E900E5A9-C118-43A1-B9F1-67406DC470A8}C:\program files (x86)\synology\assistant\dsassistant.exe] => (Allow) C:\program files (x86)\synology\assistant\dsassistant.exe
FirewallRules: [{34EACFB1-1CE5-4161-B04A-4216B7F56616}] => (Allow) C:\Program Files (x86)\Synology\CloudStation\bin\launcher.exe
FirewallRules: [{A77E3407-BFE9-4EDA-88B7-43639F1C45B7}] => (Allow) C:\Program Files (x86)\Synology\CloudStation\bin\launcher.exe
FirewallRules: [{590689C2-52A6-435F-AB24-ADC7640CAFD9}] => (Allow) C:\Program Files (x86)\Synology\CloudStation\bin\launcher.exe
FirewallRules: [{02823D00-37DA-48A1-8FC0-B601C3134902}] => (Allow) C:\Program Files (x86)\Synology\CloudStation\bin\launcher.exe
FirewallRules: [{4CF25F58-3E82-4E94-8BCB-A9680C839F87}] => (Allow) C:\Program Files\Akruto\AkrutoSync.exe
FirewallRules: [{550DF8AF-D911-49CD-A9A9-0FD6CD1E3DA0}] => (Allow) C:\Program Files\Akruto\AkrutoSync.exe
FirewallRules: [{DF927B47-31F8-4A52-BE66-A113CAA67C7E}] => (Allow) C2OutlookSync.exe
FirewallRules: [{A04DFCCB-46E4-4641-8759-849DD47BB1A1}] => (Allow) C:\Program Files (x86)\Nero\Nero BackItUp\NBService.exe
FirewallRules: [{44FC69F1-1959-45A6-8AAD-9C9793DB6748}] => (Allow) C:\Program Files (x86)\Nero\Nero BackItUp\NBService.exe
FirewallRules: [{964FCD19-9901-4C90-AE28-84A83AB21ED7}] => (Allow) C:\Program Files (x86)\Nero\Nero BackItUp\NBService.exe
FirewallRules: [{8F3B9F4E-2B88-497A-88F9-54746C459864}] => (Allow) C:\Program Files (x86)\Nero\Nero BackItUp\NBService.exe
FirewallRules: [{CA016662-76B0-40B5-98E6-5C7107FD9537}] => (Allow) C:\Program Files (x86)\Nero\Nero BackItUp\NBService.exe
FirewallRules: [ScanManagement-RCWS-Out-TCP] => (Allow) %SystemRoot%\System32\mmc.exe
FirewallRules: [ScanManagement-WSD-Out-TCP] => (Allow) %SystemRoot%\System32\mmc.exe
FirewallRules: [{819F43CF-B530-444F-A72A-44EDB7DA8F80}] => (Allow) C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe
FirewallRules: [{3A7B72F4-7B65-4E4C-A43C-C4CF56DE5F72}] => (Allow) C:\Program Files (x86)\Common Files\Acronis\Infrastructure\mms_mini.exe
==================== Wiederherstellungspunkte =========================
10-02-2016 13:39:41 Windows Update
12-02-2016 18:15:26 JRT Pre-Junkware Removal
==================== Fehlerhafte Geräte im Gerätemanager =============
Name: Officejet 6500 E710n-z
Description: Officejet 6500 E710n-z
Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318}
Manufacturer: HP
Service:
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
Name: Photosmart B110 series
Description: Photosmart B110 series
Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318}
Manufacturer: HP
Service:
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
Name: Officejet 6500 E710n-z
Description: Officejet 6500 E710n-z
Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318}
Manufacturer: HP
Service:
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
Name: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows x64
Description: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows x64
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Cisco Systems
Service: vpnva
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
Name: Cisco Systems VPN Adapter for 64-bit Windows
Description: Cisco Systems VPN Adapter for 64-bit Windows
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Cisco Systems
Service: CVirtA
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
==================== Fehlereinträge in der Ereignisanzeige: =========================
Applikationsfehler:
==================
Error: (02/12/2016 06:03:53 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest.
Error: (02/12/2016 12:35:25 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest.
Error: (02/12/2016 08:28:26 AM) (Source: Office 2016 Licensing Service) (EventID: 0) (User: )
Description: Subscription licensing service failed: -1073418220
Error: (02/12/2016 08:19:13 AM) (Source: Sophos Anti-Virus) (EventID: 9) (User: NT-AUTORITÄT)
Description: Der Scan von 'Boot Record, Laufwerk G:' führte zu SAV Interface-Fehler 0xa0040210: Kein Zugriff auf Datei.
Error: (02/11/2016 12:21:45 PM) (Source: Sophos Anti-Virus) (EventID: 9) (User: NT-AUTORITÄT)
Description: Der Scan von 'C:\Users\Stephanie\Documents\STEUER\Abrechnung.xls' führte zu SAV Interface-Fehler 0xa0040212: Datei ist verschlüsselt.
Error: (02/11/2016 12:21:13 PM) (Source: Sophos Anti-Virus) (EventID: 9) (User: NT-AUTORITÄT)
Description: Der Scan von 'C:\Users\Stephanie\Documents\STEUER\2007\Abrechnung6.xls' führte zu SAV Interface-Fehler 0xa0040212: Datei ist verschlüsselt.
Error: (02/11/2016 10:19:06 AM) (Source: Sophos Anti-Virus) (EventID: 9) (User: NT-AUTORITÄT)
Description: Der Scan von 'C:\Users\Stephanie\Documents\STEUER\Haushalt.xlsx' führte zu SAV Interface-Fehler 0xa0040212: Datei ist verschlüsselt.
Error: (02/11/2016 08:23:21 AM) (Source: Sophos Anti-Virus) (EventID: 9) (User: NT-AUTORITÄT)
Description: Der Scan von 'Boot Record, Laufwerk G:' führte zu SAV Interface-Fehler 0xa0040210: Kein Zugriff auf Datei.
Error: (02/11/2016 08:19:07 AM) (Source: Sophos Anti-Virus) (EventID: 9) (User: NT-AUTORITÄT)
Description: Der Scan von 'Boot Record, Laufwerk G:' führte zu SAV Interface-Fehler 0xa0040210: Kein Zugriff auf Datei.
Error: (02/10/2016 12:25:03 PM) (Source: SharpShell) (EventID: 0) (User: )
Description: System.NullReferenceException: Der Objektverweis wurde nicht auf eine Objektinstanz festgelegt.
bei IconOverlayClient.BoxIconOverlay.CanShowOverlay(String path, FILE_ATTRIBUTE attributes)
bei SharpShell.SharpIconOverlayHandler.SharpIconOverlayHandler.SharpShell.Interop.IShellIconOverlayIdentifier.IsMemberOf(String pwszPath, FILE_ATTRIBUTE dwAttrib)
Systemfehler:
=============
Error: (02/12/2016 08:21:07 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Der Dienst "HP Network Devices Support" wurde mit folgendem Fehler beendet:
%%126
Error: (02/12/2016 08:21:07 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Der Dienst "HP Home Network Diagnostic Support Service" wurde mit folgendem Fehler beendet:
%%126
Error: (02/11/2016 06:54:47 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Windows-Fehlerberichterstattungsdienst erreicht.
Error: (02/11/2016 08:25:16 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Der Dienst "HP Network Devices Support" wurde mit folgendem Fehler beendet:
%%126
Error: (02/11/2016 08:25:16 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Der Dienst "HP Home Network Diagnostic Support Service" wurde mit folgendem Fehler beendet:
%%126
Error: (02/09/2016 08:47:33 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Der Dienst "HP Network Devices Support" wurde mit folgendem Fehler beendet:
%%126
Error: (02/09/2016 08:47:33 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Der Dienst "HP Home Network Diagnostic Support Service" wurde mit folgendem Fehler beendet:
%%126
Error: (02/08/2016 09:57:46 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Der Dienst "HP Network Devices Support" wurde mit folgendem Fehler beendet:
%%126
Error: (02/08/2016 09:57:46 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Der Dienst "HP Home Network Diagnostic Support Service" wurde mit folgendem Fehler beendet:
%%126
Error: (02/07/2016 03:07:04 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Acronis Nonstop Backup Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.
CodeIntegrity:
===================================
Date: 2015-12-26 22:42:35.630
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume4\Windows\System32\drivers\LHidFilt.Sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
Date: 2015-12-26 22:42:35.448
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume4\Windows\System32\drivers\LHidFilt.Sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
Date: 2015-12-26 22:42:33.799
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume4\Windows\System32\drivers\LHidFilt.Sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
Date: 2015-12-26 22:42:33.744
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume4\Windows\System32\drivers\LHidFilt.Sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
Date: 2015-12-26 22:42:30.528
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume4\Windows\System32\drivers\LHidEqd.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
Date: 2015-12-26 22:42:30.477
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume4\Windows\System32\drivers\LHidEqd.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
Date: 2015-12-26 22:42:30.414
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume4\Windows\System32\drivers\LHidEqd.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
Date: 2015-12-26 22:42:30.366
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume4\Windows\System32\drivers\LHidEqd.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
==================== Speicherinformationen ===========================
Prozessor: Intel(R) Core(TM) i5-2500S CPU @ 2.70GHz
Prozentuale Nutzung des RAM: 70%
Installierter physikalischer RAM: 4072.37 MB
Verfügbarer physikalischer RAM: 1188.97 MB
Summe virtueller Speicher: 8142.95 MB
Verfügbarer virtueller Speicher: 5091.64 MB
==================== Laufwerke ================================
Drive c: (BOOTCAMP) (Fixed) (Total:1379.79 GB) (Free:664.69 GB) NTFS ==>[Laufwerk mit Startkomponenten (eingeholt von BCD)]
Drive e: (Macintosh HD) (Fixed) (Total:482.43 GB) (Free:473.3 GB) HFS
Drive g: () (Removable) (Total:1.87 GB) (Free:1.83 GB) FAT
==================== MBR & Partitionstabelle ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 1863 GB) (Disk ID: 00005D69)
Partition: GPT.
Partition 2: (Not Active) - (Size=482.4 GB) - (Type=AF)
Partition 3: (Not Active) - (Size=620 MB) - (Type=AB)
Partition 4: (Active) - (Size=1379.8 GB) - (Type=07 NTFS)
========================================================
Disk: 1 (Size: 1.9 GB) (Disk ID: 48248140)
Partition 1: (Not Active) - (Size=1.9 GB) - (Type=06)
==================== Ende von Addition.txt ============================
|
|
12.02.2016, 19:51
| #13 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Word-Anhang Büromarkt Boettcher in Vorschau geöffnet, ESET meldet JS/Astromenda.A u.a. FRST-Fix Virenscanner jetzt bitte komplett deaktivieren, damit sichergestellt ist, dass der Fix sauber durchläuft! Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster. Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument Code:
ATTFilter GroupPolicyScripts: Beschränkung <======= ACHTUNG
HKLM-x32\...\Run: [] => [X]
AlternateDataStreams: C:\ProgramData:BDSDRMHK
AlternateDataStreams: C:\Users\All Users:BDSDRMHK
AlternateDataStreams: C:\ProgramData\Anwendungsdaten:BDSDRMHK
AlternateDataStreams: C:\ProgramData\Application Data:BDSDRMHK
emptytemp:
Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
__________________ Logfiles bitte immer in CODE-Tags posten |
|
12.02.2016, 21:25
| #14 |
| | Word-Anhang Büromarkt Boettcher in Vorschau geöffnet, ESET meldet JS/Astromenda.A u.a.Code:
ATTFilter Entferungsergebnis von Farbar Recovery Scan Tool (x64) Version:27-01-2016
durchgeführt von Stephanie (2016-02-12 19:56:47) Run:1
Gestartet von C:\Users\Stephanie\Desktop\TROJANERBOARD
Geladene Profile: Stephanie (Verfügbare Profile: Stephanie & Gast)
Start-Modus: Normal
==============================================
fixlist Inhalt:
*****************
GroupPolicyScripts: Beschränkung <======= ACHTUNG
HKLM-x32\...\Run: [] => [X]
AlternateDataStreams: C:\ProgramData:BDSDRMHK
AlternateDataStreams: C:\Users\All Users:BDSDRMHK
AlternateDataStreams: C:\ProgramData\Anwendungsdaten:BDSDRMHK
AlternateDataStreams: C:\ProgramData\Application Data:BDSDRMHK
emptytemp:
*****************
C:\Windows\system32\GroupPolicy\Machine => erfolgreich verschoben
C:\Windows\system32\GroupPolicy\GPT.ini => erfolgreich verschoben
C:\Windows\SysWOW64\GroupPolicy\GPT.ini => erfolgreich verschoben
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => Wert erfolgreich entfernt
C:\ProgramData => ":BDSDRMHK" ADS erfolgreich entfernt.
"C:\Users\All Users" => ":BDSDRMHK" ADS nicht gefunden.
"C:\ProgramData\Anwendungsdaten" => ":BDSDRMHK" ADS nicht gefunden.
"C:\ProgramData\Application Data" => ":BDSDRMHK" ADS nicht gefunden.
EmptyTemp: => 10.4 GB temporäre Dateien entfernt.
Das System musste neu gestartet werden.
==== Ende von Fixlog 20:01:29 ====
|
|
12.02.2016, 22:59
| #15 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Word-Anhang Büromarkt Boettcher in Vorschau geöffnet, ESET meldet JS/Astromenda.A u.a. Okay, dann Kontrollscans mit (1) MBAM, (2) ESET und (3) SecurityCheck bitte: 1. Schritt: MBAM Downloade Dir bitte  Malwarebytes Anti-Malware
2. Schritt: ESET ESET Online Scanner
3. Schritt: SecurityCheck Downloade Dir bitte  SecurityCheck und:
__________________ Logfiles bitte immer in CODE-Tags posten |
|
| Themen zu Word-Anhang Büromarkt Boettcher in Vorschau geöffnet, ESET meldet JS/Astromenda.A u.a. |
| adobe, bonjour, computer, defender, dnsapi.dll, email, error, excel, explorer, firefox, flash player, google analytics, home, mozilla, onedrive, prozesse, registry, rundll, server, services.exe, software, svchost.exe, synology, system, temp, virus, windows, winlogon.exe, wiso |
Linear-Darstellung
