| |
| |||||||
Log-Analyse und Auswertung: WIN10 installiert, Rechner läuft sehr langsam und unter manchen Userkonten kein Mozilla möglichWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML |
 |
27.10.2015, 22:27
| #1 |
 |  WIN10 installiert, Rechner läuft sehr langsam und unter manchen Userkonten kein Mozilla möglich Hallo zusammen, FRST: Code:
ATTFilter Untersuchungsergebnis von Farbar Recovery Scan Tool (FRST) (x86) Version:25-10-2015 02 durchgeführt von Romer (Administrator) auf ROMER-PC (27-10-2015 22:22:48) Gestartet von C:\Users\Romer\Downloads Geladene Profile: Romer (Verfügbare Profile: Romer & Rainer-User & Marie-Sophie & Conny & Felix) Platform: Microsoft Windows 10 Home (X86) Sprache: Deutsch (Deutschland) Internet Explorer Version 11 (Standard-Browser: FF) Start-Modus: Normal Anleitung für Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Prozesse (Nicht auf der Ausnahmeliste) ================= (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Prozess geschlossen. Die Datei wird nicht verschoben.) (AMD) C:\Windows\System32\atiesrxx.exe (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX86\officeclicktorun.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe (Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe (Malwarebytes) C:\Program Files\ Malwarebytes Anti-Malware \mbamscheduler.exe (McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McS130C.tmp (McAfee, Inc.) C:\Program Files\McAfee\SiteAdvisor\McSACore.exe (McAfee, Inc.) C:\Program Files\Common Files\McAfee\CSP\1.6.1180.0\McCSPServiceHost.exe (McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfemms.exe (McAfee, Inc.) C:\Windows\System32\mfevtps.exe (McAfee, Inc.) C:\Windows\System32\mfevtps.exe (McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe (McAfee, Inc.) C:\Program Files\McAfee\MSC\McAPExe.exe (McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe (McAfee, Inc.) C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe (McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\McUICnt.exe (Hewlett-Packard) C:\Program Files\Hewlett-Packard\OrderReminder\OrderReminder.exe (Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe (McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.11.163\SSScheduler.exe (Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe (Malwarebytes) C:\Program Files\ Malwarebytes Anti-Malware \mbam.exe (Microsoft Corporation) C:\Windows\System32\InstallAgent.exe (Farbar) C:\Users\Romer\Downloads\FRST(5).exe ==================== Registry (Nicht auf der Ausnahmeliste) =========================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt. Die Datei wird nicht verschoben.) HKLM\...\Run: [OrderReminder] => C:\Program Files\Hewlett-Packard\OrderReminder\OrderReminder.exe [98304 2006-01-30] (Hewlett-Packard) HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\QTTask.exe [421888 2015-08-06] (Apple Inc.) HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [157456 2015-09-15] (Apple Inc.) HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [3527880 2015-06-12] (Synaptics Incorporated) HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [14476032 2015-10-01] (Realtek Semiconductor) ShellIconOverlayIdentifiers: [ SkyDrivePro1 (ErrorConflict)] -> {8BA85C75-763B-4103-94EB-9470F12FE0F7} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2015-09-12] (Microsoft Corporation) ShellIconOverlayIdentifiers: [ SkyDrivePro2 (SyncInProgress)] -> {CD55129A-B1A1-438E-A425-CEBC7DC684EE} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2015-09-12] (Microsoft Corporation) ShellIconOverlayIdentifiers: [ SkyDrivePro3 (InSync)] -> {E768CD3B-BDDC-436D-9C13-E1B39CA257B1} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2015-09-12] (Microsoft Corporation) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk [2015-09-06] ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.11.163\SSScheduler.exe (McAfee, Inc.) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Winsol_Autostart.lnk [2015-04-27] ShortcutTarget: Winsol_Autostart.lnk -> C:\Program Files\Technische Alternative\Winsol\Winsol.exe (Technische Alternative GmbH) ==================== Internet (Nicht auf der Ausnahmeliste) ==================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Eintrag entfernt oder auf den Standardwert zurückgesetzt, wenn es sich um einen Registryeintrag handelt.) Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [122128 2015-08-12] (Apple Inc.) Hosts: 0.0.0.1 mssplus.mcafee.com Tcpip\Parameters: [DhcpNameServer] 192.168.178.1 Tcpip\..\Interfaces\{6adde083-e5fc-41cb-801f-39a50de40cd0}: [DhcpNameServer] 172.20.10.1 Tcpip\..\Interfaces\{83254866-51b2-4ded-a0f7-c4535522175c}: [DhcpNameServer] 172.20.10.1 Tcpip\..\Interfaces\{a38c698b-149f-4dd2-923b-45ce6fc69f88}: [DhcpNameServer] 192.168.178.1 Tcpip\..\Interfaces\{f1445627-88bd-4c5d-9eac-1dddce526762}: [DhcpNameServer] 192.168.178.1 Internet Explorer: ================== HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com HKU\S-1-5-21-734981412-4070128847-1335923988-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/de-de/?ocid=iehp HKU\S-1-5-21-734981412-4070128847-1335923988-1000\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank SearchScopes: HKLM -> {38AEB7B3-42CC-4C33-9290-BEA08B6FE742} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSEG; SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-21-734981412-4070128847-1335923988-1000 -> {38AEB7B3-42CC-4C33-9290-BEA08B6FE742} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSEG; SearchScopes: HKU\S-1-5-21-734981412-4070128847-1335923988-1000 -> {3B68BF06-4CA1-4767-A738-3B271E28FA21} URL = hxxps://de.search.yahoo.com/search?fr=mcafee&type=B011DE642D20141004&p={SearchTerms} BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\Office15\OCHelper.dll [2015-08-04] (Microsoft Corporation) BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL [2015-09-12] (Microsoft Corporation) BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2015-09-12] (Microsoft Corporation) Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll [2015-09-22] (McAfee, Inc.) Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2015-02-03] (Microsoft Corporation) Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll [2015-09-22] (McAfee, Inc.) Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\McAfee\MSC\McSnIePl.dll [2015-09-28] (McAfee, Inc.) FireFox: ======== FF ProfilePath: C:\Users\Romer\AppData\Roaming\Mozilla\Firefox\Profiles\ouma2d78.default FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32_19_0_0_226.dll [2015-10-17] () FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll [2014-10-30] () FF Plugin: @mcafee.com/MSC,version=10 -> c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL [2015-09-28] () FF Plugin: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2015-02-17] (Microsoft Corporation) FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2014-12-26] (Microsoft Corporation) FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-09-27] (Adobe Systems Inc.) FF SearchPlugin: C:\Users\Romer\AppData\Roaming\Mozilla\Firefox\Profiles\ouma2d78.default\searchplugins\McSiteAdvisor.xml [2015-10-27] FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\McSiteAdvisor.xml [2015-08-09] FF Extension: Adblock Plus - C:\Users\Romer\AppData\Roaming\Mozilla\Firefox\Profiles\ouma2d78.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2015-10-12] FF HKLM\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files\McAfee\SiteAdvisor\saffplg.xpi FF Extension: Kein Name - C:\Program Files\McAfee\SiteAdvisor\saffplg.xpi [2015-09-07] [ist nicht signiert] FF HKLM\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK FF Extension: McAfee Anti-Spam Thunderbird Extension - C:\Program Files\McAfee\MSK [2015-10-27] [ist nicht signiert] FF HKU\S-1-5-21-734981412-4070128847-1335923988-1000\...\Firefox\Extensions: [{e4f94d1e-2f53-401e-8885-681602c0ddd8}] - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi => nicht gefunden FF ExtraCheck: C:\Program Files\mozilla firefox\defaults\pref\itms.js [2015-09-14] Chrome: ======= CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files\McAfee\SiteAdvisor\McChPlg.crx [2015-09-22] ==================== Dienste (Nicht auf der Ausnahmeliste) ======================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.) S2 0276181445949796mcinstcleanup; C:\WINDOWS\TEMP\027618~1.EXE [882000 2015-07-23] (McAfee, Inc.) R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX86\OfficeClickToRun.exe [1879640 2015-09-11] (Microsoft Corporation) R2 HomeNetSvc; C:\Program Files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe [315512 2015-09-01] (McAfee, Inc.) R2 MBAMScheduler; C:\Program Files\ Malwarebytes Anti-Malware \mbamscheduler.exe [1513784 2015-10-05] (Malwarebytes) S2 MBAMService; C:\Program Files\ Malwarebytes Anti-Malware \mbamservice.exe [1135416 2015-10-05] (Malwarebytes) R2 McAfee SiteAdvisor Service; C:\Program Files\McAfee\SiteAdvisor\McSACore.exe [134208 2015-09-22] (McAfee, Inc.) R2 McAPExe; C:\Program Files\McAfee\MSC\McAPExe.exe [711032 2015-09-28] (McAfee, Inc.) S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.11.163\McCHSvc.exe [235696 2015-07-31] (McAfee, Inc.) R2 mccspsvc; C:\Program Files\Common Files\McAfee\CSP\1.6.1180.0\McCSPServiceHost.exe [1251264 2015-09-01] (McAfee, Inc.) R2 McMPFSvc; C:\Program Files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe [315512 2015-09-01] (McAfee, Inc.) R2 McNaiAnn; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [315512 2015-09-01] (McAfee, Inc.) S3 McODS; C:\Program Files\McAfee\VirusScan\mcods.exe [502936 2015-08-11] (McAfee, Inc.) R2 mcpltsvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [315512 2015-09-01] (McAfee, Inc.) R2 McProxy; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [315512 2015-09-01] (McAfee, Inc.) R3 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [196600 2015-07-31] (McAfee, Inc.) R2 mfemms; C:\Program Files\Common Files\McAfee\SystemCore\\mfemms.exe [338696 2015-08-10] (McAfee, Inc.) R2 mfevtp; C:\Windows\system32\mfevtps.exe [242408 2015-07-31] (McAfee, Inc.) R2 MSK80Service; C:\Program Files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe [315512 2015-09-01] (McAfee, Inc.) R2 OneSyncSvc_Session48; C:\WINDOWS\system32\svchost.exe [35176 2015-07-10] (Microsoft Corporation) R3 PimIndexMaintenanceSvc_Session48; C:\WINDOWS\system32\svchost.exe [35176 2015-07-10] (Microsoft Corporation) R2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [216776 2015-06-12] (Synaptics Incorporated) R3 UnistoreSvc_Session48; C:\WINDOWS\System32\svchost.exe [35176 2015-07-10] (Microsoft Corporation) R3 UserDataSvc_Session48; C:\WINDOWS\system32\svchost.exe [35176 2015-07-10] (Microsoft Corporation) S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [277760 2015-07-10] (Microsoft Corporation) S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23264 2015-07-10] (Microsoft Corporation) ===================== Treiber (Nicht auf der Ausnahmeliste) ========================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.) R3 cfwids; C:\WINDOWS\System32\drivers\cfwids.sys [73080 2015-08-10] (McAfee, Inc.) S3 HipShieldK; C:\WINDOWS\System32\drivers\HipShieldK.sys [157288 2015-05-19] (McAfee, Inc.) S3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [23256 2015-10-05] (Malwarebytes) R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [170200 2015-10-27] (Malwarebytes) S3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [51928 2015-10-05] (Malwarebytes Corporation) R3 mfeaack; C:\WINDOWS\System32\drivers\mfeaack.sys [319168 2015-08-10] (McAfee, Inc.) R3 mfeavfk; C:\WINDOWS\System32\drivers\mfeavfk.sys [271304 2015-08-10] (McAfee, Inc.) S0 mfeelamk; C:\WINDOWS\System32\drivers\mfeelamk.sys [72840 2015-08-10] (McAfee, Inc.) R3 mfefirek; C:\WINDOWS\System32\drivers\mfefirek.sys [381520 2015-08-10] (McAfee, Inc.) R0 mfehidk; C:\WINDOWS\System32\drivers\mfehidk.sys [646800 2015-08-10] (McAfee, Inc.) R3 mfencbdc; C:\WINDOWS\System32\DRIVERS\mfencbdc.sys [425968 2015-08-12] (McAfee, Inc.) S3 mfencrk; C:\WINDOWS\System32\DRIVERS\mfencrk.sys [89552 2015-08-12] (McAfee, Inc.) R3 mfesapsn; C:\Program Files\McAfee\SiteAdvisor\mfesapsn.sys [32816 2015-09-22] (McAfee, Inc.) R0 mfewfpk; C:\WINDOWS\System32\drivers\mfewfpk.sys [201288 2015-08-10] (McAfee, Inc.) R3 rt640x86; C:\WINDOWS\System32\drivers\rt640x86.sys [492032 2015-07-10] (Realtek ) R3 SmbDrvI; C:\WINDOWS\system32\DRIVERS\Smb_driver_Intel.sys [35528 2015-06-12] (Synaptics Incorporated) R3 Thotkey; C:\WINDOWS\System32\drivers\Thotkey.sys [41584 2015-10-01] (Toshiba Corporation) S3 UdeCx; C:\WINDOWS\System32\drivers\udecx.sys [31744 2015-07-10] () S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [37400 2015-07-10] (Microsoft Corporation) S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [245600 2015-07-10] (Microsoft Corporation) S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [97632 2015-07-10] (Microsoft Corporation) S3 WUDFWpdMtp; C:\WINDOWS\system32\DRIVERS\WUDFRd.sys [161792 2015-07-10] (Microsoft Corporation) U3 idsvc; kein ImagePath U3 mfeaack01; kein ImagePath U3 mfeavfk01; kein ImagePath U3 mfehidk01; kein ImagePath S3 wfpcapture; \SystemRoot\System32\drivers\wfpcapture.sys [X] U3 wpcsvc; kein ImagePath ==================== NetSvcs (Nicht auf der Ausnahmeliste) =================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.) ==================== Ein Monat: Erstellte Dateien und Ordner ======== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.) 2015-10-27 22:22 - 2015-10-27 22:22 - 01701376 _____ (Farbar) C:\Users\Romer\Downloads\FRST(5).exe 2015-10-27 22:21 - 2015-10-27 22:21 - 00000000 ____D C:\Users\Romer\AppData\Local\Comms 2015-10-27 22:18 - 2015-10-27 22:19 - 00050477 _____ C:\Users\Romer\Downloads\Defogger(2).exe 2015-10-27 22:14 - 2015-10-27 22:14 - 00001052 _____ C:\Users\Romer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Optionale Features.lnk 2015-10-27 22:14 - 2015-07-09 20:39 - 04847104 _____ (Microsoft Corporation) C:\WINDOWS\system32\NlsData0009.dll 2015-10-27 22:14 - 2015-07-09 20:36 - 05739520 _____ (Microsoft Corporation) C:\WINDOWS\system32\prm0009.dll 2015-10-27 22:14 - 2015-07-09 20:36 - 02629632 _____ (Microsoft Corporation) C:\WINDOWS\system32\NlsLexicons0009.dll 2015-10-27 22:02 - 2015-10-27 22:02 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee 2015-10-27 21:58 - 2015-10-27 21:58 - 00016148 _____ C:\WINDOWS\system32\ROMER-PC_Romer_HistoryPrediction.bin 2015-10-27 21:57 - 2015-10-27 21:57 - 00016148 _____ C:\WINDOWS\system32\ROMER-PC_Conny_HistoryPrediction.bin 2015-10-26 00:01 - 2015-10-26 00:01 - 00016148 _____ C:\WINDOWS\system32\ROMER-PC_Rainer-User_HistoryPrediction.bin 2015-10-25 22:42 - 2015-10-25 22:42 - 00000000 ____H C:\WINDOWS\system32\Drivers\Msft_User_WpdMtpDr_01_11_00.Wdf 2015-10-22 21:56 - 2015-10-22 21:56 - 00010495 _____ C:\Users\Rainer-User\Downloads\Romanos1_elster_22.10.2015_22.52.pfx 2015-10-22 20:46 - 2015-10-22 20:46 - 00000000 ____D C:\WINDOWS\system32\SleepStudy 2015-10-22 20:28 - 2015-10-22 20:28 - 00016148 _____ C:\WINDOWS\system32\ROMER-PC_Marie-Sophie_HistoryPrediction.bin 2015-10-22 20:24 - 2015-10-22 20:25 - 00002417 _____ C:\Users\Marie-Sophie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk 2015-10-22 20:24 - 2015-10-22 20:25 - 00000000 ___RD C:\Users\Marie-Sophie\OneDrive 2015-10-22 20:22 - 2015-10-22 20:22 - 00000000 ____D C:\Users\Marie-Sophie\AppData\Local\Publishers 2015-10-22 20:19 - 2015-10-22 20:19 - 00000000 ____D C:\Users\Marie-Sophie\AppData\Local\TileDataLayer 2015-10-22 20:18 - 2015-10-22 20:18 - 00016148 _____ C:\WINDOWS\system32\ROMER-PC_Felix_HistoryPrediction.bin 2015-10-22 20:18 - 2015-10-22 20:18 - 00000020 ___SH C:\Users\Marie-Sophie\ntuser.ini 2015-10-22 15:58 - 2015-10-22 15:58 - 00002396 _____ C:\Users\Felix\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk 2015-10-22 15:58 - 2015-10-22 15:58 - 00000000 ___RD C:\Users\Felix\OneDrive 2015-10-22 15:55 - 2015-10-22 15:55 - 00000000 ____D C:\Users\Felix\AppData\Local\Publishers 2015-10-22 15:53 - 2015-10-22 15:53 - 00000000 ____D C:\Users\Felix\AppData\Local\NetworkTiles 2015-10-22 15:51 - 2015-10-22 15:51 - 00000020 ___SH C:\Users\Felix\ntuser.ini 2015-10-22 15:51 - 2015-10-22 15:51 - 00000000 ____D C:\Users\Felix\AppData\Local\TileDataLayer 2015-10-18 21:34 - 2015-10-18 22:45 - 00000000 ____D C:\Program Files\Mozilla Firefox 2015-10-12 23:08 - 2015-10-12 23:08 - 01699840 _____ (Farbar) C:\Users\Romer\Downloads\FRST(4).exe 2015-10-12 23:07 - 2015-10-12 23:07 - 00002396 _____ C:\Users\Romer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk 2015-10-12 23:07 - 2015-10-12 23:07 - 00000000 ___RD C:\Users\Romer\OneDrive 2015-10-12 23:03 - 2015-10-12 23:03 - 00000000 ____D C:\Users\Romer\AppData\Local\Publishers 2015-10-12 22:59 - 2015-10-12 22:59 - 00000000 ____D C:\Users\Romer\AppData\Local\TileDataLayer 2015-10-11 22:11 - 2015-10-11 22:11 - 00000000 ____H C:\WINDOWS\system32\Drivers\Msft_User_WpdFs_01_11_00.Wdf 2015-10-09 21:39 - 2015-10-09 21:39 - 00000000 ____D C:\Users\Conny\AppData\Local\Comms 2015-10-07 21:42 - 2015-10-07 21:42 - 00000000 ____D C:\Users\Romer\AppData\Roaming\Buhl Data Service 2015-10-07 21:42 - 2015-10-07 21:42 - 00000000 ____D C:\Users\Romer\AppData\Local\Buhl Data Service 2015-10-07 21:41 - 2015-10-07 21:53 - 00000000 ____D C:\Users\Rainer-User\AppData\Local\Buhl 2015-10-07 21:40 - 2015-10-22 22:04 - 00000655 _____ C:\WINDOWS\wiso.ini 2015-10-07 21:40 - 2015-10-07 21:53 - 00000000 ____D C:\Users\Romer\AppData\Local\Buhl 2015-10-07 21:40 - 2015-10-07 21:40 - 00002013 _____ C:\Users\Public\Desktop\Steuern sparen 2015.lnk 2015-10-07 21:39 - 2015-10-07 21:39 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steuern sparen 2015 2015-10-07 21:37 - 2015-10-22 22:04 - 00000000 ____D C:\Program Files\Steuern sparen 2015 2015-10-07 21:36 - 2015-10-07 21:41 - 00000000 ____D C:\ProgramData\Buhl Data Service GmbH 2015-10-07 21:35 - 2015-10-07 21:35 - 00000000 ____D C:\ProgramData\Package Cache 2015-10-07 21:27 - 2015-10-07 21:27 - 00000020 ___SH C:\Users\Romer\ntuser.ini 2015-10-02 22:28 - 2015-10-02 22:28 - 00000000 ____D C:\Users\Rainer-User\AppData\Local\MicrosoftEdge 2015-10-02 18:06 - 2015-10-02 18:06 - 00000000 ____D C:\Users\Rainer-User\AppData\Local\NetworkTiles 2015-10-01 21:53 - 2015-10-01 21:31 - 00000000 ___DC C:\WINDOWS\Panther 2015-10-01 21:52 - 2015-10-01 21:53 - 00002414 _____ C:\Users\Rainer-User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk 2015-10-01 21:52 - 2015-10-01 21:53 - 00000000 ___RD C:\Users\Rainer-User\OneDrive 2015-10-01 21:52 - 2015-10-01 21:00 - 00000000 __SHD C:\Recovery 2015-10-01 21:49 - 2015-10-01 21:49 - 00000000 ____D C:\Users\Rainer-User\AppData\Local\Publishers 2015-10-01 21:48 - 2015-10-01 21:48 - 00000000 ____D C:\Windows.old 2015-10-01 21:47 - 2015-10-01 21:47 - 19325440 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll 2015-10-01 21:47 - 2015-10-01 21:47 - 18806272 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll 2015-10-01 21:47 - 2015-10-01 21:47 - 13027840 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll 2015-10-01 21:47 - 2015-10-01 21:47 - 06529024 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwanmm.dll 2015-10-01 21:47 - 2015-10-01 21:47 - 06265168 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe 2015-10-01 21:47 - 2015-10-01 21:47 - 06101504 _____ (Microsoft Corporation) C:\WINDOWS\system32\mos.dll 2015-10-01 21:47 - 2015-10-01 21:47 - 05454848 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll 2015-10-01 21:47 - 2015-10-01 21:47 - 05120056 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll 2015-10-01 21:47 - 2015-10-01 21:47 - 05079552 _____ (Microsoft Corporation) C:\WINDOWS\system32\BingMaps.dll 2015-10-01 21:47 - 2015-10-01 21:47 - 03579904 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll 2015-10-01 21:47 - 2015-10-01 21:47 - 03026432 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_nt.dll 2015-10-01 21:47 - 2015-10-01 21:47 - 02985472 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys 2015-10-01 21:47 - 2015-10-01 21:47 - 02646528 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.dll 2015-10-01 21:47 - 2015-10-01 21:47 - 02639872 _____ (Microsoft Corporation) C:\WINDOWS\system32\esent.dll 2015-10-01 21:47 - 2015-10-01 21:47 - 02446648 _____ (Microsoft Corporation) C:\WINDOWS\system32\msmpeg2vdec.dll 2015-10-01 21:47 - 2015-10-01 21:47 - 02207232 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll 2015-10-01 21:47 - 2015-10-01 21:47 - 02154808 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll 2015-10-01 21:47 - 2015-10-01 21:47 - 01918464 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFMediaEngine.dll 2015-10-01 21:47 - 2015-10-01 21:47 - 01917440 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll 2015-10-01 21:47 - 2015-10-01 21:47 - 01895568 _____ (Microsoft Corporation) C:\WINDOWS\system32\hevcdecoder.dll 2015-10-01 21:47 - 2015-10-01 21:47 - 01877504 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlansvc.dll 2015-10-01 21:47 - 2015-10-01 21:47 - 01856848 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys 2015-10-01 21:47 - 2015-10-01 21:47 - 01829376 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll 2015-10-01 21:47 - 2015-10-01 21:47 - 01820160 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Logon.dll 2015-10-01 21:47 - 2015-10-01 21:47 - 01766952 _____ C:\WINDOWS\system32\CoreUIComponents.dll 2015-10-01 21:47 - 2015-10-01 21:47 - 01762304 _____ (Microsoft Corporation) C:\WINDOWS\system32\pnidui.dll 2015-10-01 21:47 - 2015-10-01 21:47 - 01708376 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys 2015-10-01 21:47 - 2015-10-01 21:47 - 01543680 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlidsvc.dll 2015-10-01 21:47 - 2015-10-01 21:47 - 01508864 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetworkMobileSettings.dll 2015-10-01 21:47 - 2015-10-01 21:47 - 01499136 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.dll 2015-10-01 21:47 - 2015-10-01 21:47 - 01380352 _____ (Microsoft Corporation) C:\WINDOWS\system32\workfolderssvc.dll 2015-10-01 21:47 - 2015-10-01 21:47 - 01357888 _____ (Microsoft Corporation) C:\WINDOWS\system32\winmde.dll 2015-10-01 21:47 - 2015-10-01 21:47 - 01343952 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmpmde.dll 2015-10-01 21:47 - 2015-10-01 21:47 - 01171456 _____ (Microsoft Corporation) C:\WINDOWS\system32\netcenter.dll 2015-10-01 21:47 - 2015-10-01 21:47 - 01162240 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Speech.dll 2015-10-01 21:47 - 2015-10-01 21:47 - 01133568 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys 2015-10-01 21:47 - 2015-10-01 21:47 - 01127936 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDataService.dll 2015-10-01 21:47 - 2015-10-01 21:47 - 01104384 _____ (Microsoft Corporation) C:\WINDOWS\system32\UIAutomationCore.dll 2015-10-01 21:47 - 2015-10-01 21:47 - 01054048 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpx.dll 2015-10-01 21:47 - 2015-10-01 21:47 - 00997376 _____ (Microsoft Corporation) C:\WINDOWS\system32\wifinetworkmanager.dll 2015-10-01 21:47 - 2015-10-01 21:47 - 00989696 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Shell.dll 2015-10-01 21:47 - 2015-10-01 21:47 - 00962400 _____ (Microsoft Corporation) C:\WINDOWS\system32\LicenseManager.dll 2015-10-01 21:47 - 2015-10-01 21:47 - 00928256 _____ (Microsoft Corporation) C:\WINDOWS\system32\Unistore.dll 2015-10-01 21:47 - 2015-10-01 21:47 - 00926720 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwansvc.dll 2015-10-01 21:47 - 2015-10-01 21:47 - 00918880 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ndis.sys 2015-10-01 21:47 - 2015-10-01 21:47 - 00899584 _____ (Microsoft Corporation) C:\WINDOWS\system32\RemoteNaturalLanguage.dll 2015-10-01 21:47 - 2015-10-01 21:47 - 00828928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Bluetooth.dll 2015-10-01 21:47 - 2015-10-01 21:47 - 00821248 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll 2015-10-01 21:47 - 2015-10-01 21:47 - 00764416 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinapi.appcore.dll 2015-10-01 21:47 - 2015-10-01 21:47 - 00733184 _____ (Microsoft Corporation) C:\WINDOWS\system32\RDXService.dll 2015-10-01 21:47 - 2015-10-01 21:47 - 00701952 _____ (Microsoft Corporation) C:\WINDOWS\system32\JpMapControl.dll 2015-10-01 21:47 - 2015-10-01 21:47 - 00680144 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\Wdf01000.sys 2015-10-01 21:47 - 2015-10-01 21:47 - 00677888 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapControlCore.dll 2015-10-01 21:47 - 2015-10-01 21:47 - 00675328 _____ (Microsoft Corporation) C:\WINDOWS\system32\modernexecserver.dll 2015-10-01 21:47 - 2015-10-01 21:47 - 00673280 _____ (Microsoft Corporation) C:\WINDOWS\system32\SharedStartModel.dll 2015-10-01 21:47 - 2015-10-01 21:47 - 00661504 _____ (Microsoft Corporation) C:\WINDOWS\system32\MPSSVC.dll 2015-10-01 21:47 - 2015-10-01 21:47 - 00658528 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfds.dll 2015-10-01 21:47 - 2015-10-01 21:47 - 00646672 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsvr.dll 2015-10-01 21:47 - 2015-10-01 21:47 - 00625152 _____ (Microsoft Corporation) C:\WINDOWS\system32\ContactApis.dll 2015-10-01 21:47 - 2015-10-01 21:47 - 00613376 _____ (Microsoft Corporation) C:\WINDOWS\system32\TokenBroker.dll 2015-10-01 21:47 - 2015-10-01 21:47 - 00587776 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreMessaging.dll 2015-10-01 21:47 - 2015-10-01 21:47 - 00587264 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.dll 2015-10-01 21:47 - 2015-10-01 21:47 - 00587264 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsStore.dll 2015-10-01 21:47 - 2015-10-01 21:47 - 00579584 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppointmentApis.dll 2015-10-01 21:47 - 2015-10-01 21:47 - 00574464 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll 2015-10-01 21:47 - 2015-10-01 21:47 - 00557568 _____ (Microsoft Corporation) C:\WINDOWS\system32\ChatApis.dll 2015-10-01 21:47 - 2015-10-01 21:47 - 00539136 _____ (Microsoft Corporation) C:\WINDOWS\system32\CellularAPI.dll 2015-10-01 21:47 - 2015-10-01 21:47 - 00525312 _____ (Microsoft Corporation) C:\WINDOWS\system32\EmailApis.dll 2015-10-01 21:47 - 2015-10-01 21:47 - 00508248 _____ (Microsoft Corporation) C:\WINDOWS\system32\mf.dll 2015-10-01 21:47 - 2015-10-01 21:47 - 00504832 _____ (Microsoft Corporation) C:\WINDOWS\system32\WUDFx02000.dll 2015-10-01 21:47 - 2015-10-01 21:47 - 00490496 _____ (Microsoft Corporation) C:\WINDOWS\system32\winlogon.exe 2015-10-01 21:47 - 2015-10-01 21:47 - 00483328 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcmsvc.dll 2015-10-01 21:47 - 2015-10-01 21:47 - 00480256 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Security.Authentication.Web.Core.dll 2015-10-01 21:47 - 2015-10-01 21:47 - 00473088 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpnapps.dll 2015-10-01 21:47 - 2015-10-01 21:47 - 00466432 _____ (Microsoft Corporation) C:\WINDOWS\system32\MessagingDataModel2.dll 2015-10-01 21:47 - 2015-10-01 21:47 - 00464896 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.dll 2015-10-01 21:47 - 2015-10-01 21:47 - 00454656 _____ (Microsoft Corporation) C:\WINDOWS\system32\MbaeApi.dll 2015-10-01 21:47 - 2015-10-01 21:47 - 00454512 _____ (Microsoft Corporation) C:\WINDOWS\system32\directmanipulation.dll 2015-10-01 21:47 - 2015-10-01 21:47 - 00449536 _____ (Microsoft Corporation) C:\WINDOWS\system32\enterprisecsps.dll 2015-10-01 21:47 - 2015-10-01 21:47 - 00441168 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncHost.exe 2015-10-01 21:47 - 2015-10-01 21:47 - 00436064 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys 2015-10-01 21:47 - 2015-10-01 21:47 - 00434376 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFCaptureEngine.dll 2015-10-01 21:47 - 2015-10-01 21:47 - 00428128 _____ (Microsoft Corporation) C:\WINDOWS\system32\WWanAPI.dll 2015-10-01 21:47 - 2015-10-01 21:47 - 00418304 _____ (Microsoft Corporation) C:\WINDOWS\system32\PsmServiceExtHost.dll 2015-10-01 21:47 - 2015-10-01 21:47 - 00414560 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBHUB3.SYS 2015-10-01 21:47 - 2015-10-01 21:47 - 00407608 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSes.dll 2015-10-01 21:47 - 2015-10-01 21:47 - 00402944 _____ (Microsoft Corporation) C:\WINDOWS\system32\bisrv.dll 2015-10-01 21:47 - 2015-10-01 21:47 - 00397824 _____ (Microsoft Corporation) C:\WINDOWS\system32\NotificationController.dll 2015-10-01 21:47 - 2015-10-01 21:47 - 00389632 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngcsvc.dll 2015-10-01 21:47 - 2015-10-01 21:47 - 00388096 _____ (Microsoft Corporation) C:\WINDOWS\system32\tileobjserver.dll 2015-10-01 21:47 - 2015-10-01 21:47 - 00387072 _____ (Microsoft Corporation) C:\WINDOWS\system32\DataSenseHandlers.dll 2015-10-01 21:47 - 2015-10-01 21:47 - 00385024 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwanconn.dll 2015-10-01 21:47 - 2015-10-01 21:47 - 00371712 _____ (Microsoft Corporation) C:\WINDOWS\system32\StoreAgent.dll 2015-10-01 21:47 - 2015-10-01 21:47 - 00371712 _____ (Microsoft Corporation) C:\WINDOWS\system32\OneDriveSettingSyncProvider.dll 2015-10-01 21:47 - 2015-10-01 21:47 - 00370176 _____ (Microsoft Corporation) C:\WINDOWS\system32\MBMediaManager.dll 2015-10-01 21:47 - 2015-10-01 21:47 - 00351744 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmenrollengine.dll 2015-10-01 21:47 - 2015-10-01 21:47 - 00350208 _____ (Microsoft Corporation) C:\WINDOWS\system32\LocationWebproxy.dll 2015-10-01 21:47 - 2015-10-01 21:47 - 00336384 _____ (Microsoft Corporation) C:\WINDOWS\system32\CredProvDataModel.dll 2015-10-01 21:47 - 2015-10-01 21:47 - 00335696 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys 2015-10-01 21:47 - 2015-10-01 21:47 - 00328704 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapConfiguration.dll 2015-10-01 21:47 - 2015-10-01 21:47 - 00313856 _____ (Microsoft Corporation) C:\WINDOWS\system32\LockAppBroker.dll 2015-10-01 21:47 - 2015-10-01 21:47 - 00311808 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentClient.dll 2015-10-01 21:47 - 2015-10-01 21:47 - 00296448 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhext.dll 2015-10-01 21:47 - 2015-10-01 21:47 - 00284672 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngccredprov.dll 2015-10-01 21:47 - 2015-10-01 21:47 - 00283136 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncsi.dll 2015-10-01 21:47 - 2015-10-01 21:47 - 00274272 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\fastfat.sys 2015-10-01 21:47 - 2015-10-01 21:47 - 00273408 _____ (Microsoft Corporation) C:\WINDOWS\system32\configmanager2.dll 2015-10-01 21:47 - 2015-10-01 21:47 - 00269312 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemEventsBrokerServer.dll 2015-10-01 21:47 - 2015-10-01 21:47 - 00268800 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncryptprov.dll 2015-10-01 21:47 - 2015-10-01 21:47 - 00261120 _____ (Microsoft Corporation) C:\WINDOWS\system32\LocationGeofences.dll 2015-10-01 21:47 - 2015-10-01 21:47 - 00253440 _____ (Microsoft Corporation) C:\WINDOWS\system32\SensorsApi.dll 2015-10-01 21:47 - 2015-10-01 21:47 - 00247808 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.TestingFramework.dll 2015-10-01 21:47 - 2015-10-01 21:47 - 00230400 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\portcls.sys 2015-10-01 21:47 - 2015-10-01 21:47 - 00228352 _____ (Microsoft Corporation) C:\WINDOWS\system32\syncutil.dll 2015-10-01 21:47 - 2015-10-01 21:47 - 00228352 _____ (Microsoft Corporation) C:\WINDOWS\system32\PimIndexMaintenance.dll 2015-10-01 21:47 - 2015-10-01 21:47 - 00228192 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sdbus.sys 2015-10-01 21:47 - 2015-10-01 21:47 - 00217088 _____ (Microsoft Corporation) C:\WINDOWS\system32\VEEventDispatcher.dll 2015-10-01 21:47 - 2015-10-01 21:47 - 00195584 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDataAccountApis.dll 2015-10-01 21:47 - 2015-10-01 21:47 - 00195072 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.LockScreen.dll 2015-10-01 21:47 - 2015-10-01 21:47 - 00193024 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Management.dll 2015-10-01 21:47 - 2015-10-01 21:47 - 00189952 _____ (Microsoft Corporation) C:\WINDOWS\system32\provengine.dll 2015-10-01 21:47 - 2015-10-01 21:47 - 00181760 _____ (Microsoft Corporation) C:\WINDOWS\system32\LocationCrowdsource.dll 2015-10-01 21:47 - 2015-10-01 21:47 - 00172032 _____ (Microsoft Corporation) C:\WINDOWS\system32\PhoneCallHistoryApis.dll 2015-10-01 21:47 - 2015-10-01 21:47 - 00162816 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcmcsp.dll 2015-10-01 21:47 - 2015-10-01 21:47 - 00160768 _____ (Microsoft Corporation) C:\WINDOWS\system32\accountaccessor.dll 2015-10-01 21:47 - 2015-10-01 21:47 - 00147456 _____ (Microsoft Corporation) C:\WINDOWS\system32\psmsrv.dll 2015-10-01 21:47 - 2015-10-01 21:47 - 00145920 _____ (Microsoft Corporation) C:\WINDOWS\system32\mdmregistration.dll 2015-10-01 21:47 - 2015-10-01 21:47 - 00145920 _____ (Microsoft Corporation) C:\WINDOWS\system32\KnobsCore.dll 2015-10-01 21:47 - 2015-10-01 21:47 - 00139264 _____ (Microsoft Corporation) C:\WINDOWS\system32\enrollmentapi.dll 2015-10-01 21:47 - 2015-10-01 21:47 - 00133632 _____ (Microsoft Corporation) C:\WINDOWS\system32\cloudAP.dll 2015-10-01 21:47 - 2015-10-01 21:47 - 00132096 _____ (Microsoft Corporation) C:\WINDOWS\system32\provisioningcsp.dll 2015-10-01 21:47 - 2015-10-01 21:47 - 00131072 _____ (Microsoft Corporation) C:\WINDOWS\system32\CallHistoryClient.dll 2015-10-01 21:47 - 2015-10-01 21:47 - 00130048 _____ (Microsoft Corporation) C:\WINDOWS\system32\SubscriptionMgr.dll 2015-10-01 21:47 - 2015-10-01 21:47 - 00128512 _____ (Microsoft Corporation) C:\WINDOWS\system32\mdmmigrator.dll 2015-10-01 21:47 - 2015-10-01 21:47 - 00121344 _____ (Microsoft Corporation) C:\WINDOWS\system32\tetheringservice.dll 2015-10-01 21:47 - 2015-10-01 21:47 - 00114176 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmcertinst.exe 2015-10-01 21:47 - 2015-10-01 21:47 - 00108032 _____ (Microsoft Corporation) C:\WINDOWS\system32\VEStoreEventHandlers.dll 2015-10-01 21:47 - 2015-10-01 21:47 - 00106496 _____ (Microsoft Corporation) C:\WINDOWS\system32\provops.dll 2015-10-01 21:47 - 2015-10-01 21:47 - 00103936 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmcsps.dll 2015-10-01 21:47 - 2015-10-01 21:47 - 00102912 _____ (Microsoft Corporation) C:\WINDOWS\system32\omadmclient.exe 2015-10-01 21:47 - 2015-10-01 21:47 - 00095232 _____ (Microsoft Corporation) C:\WINDOWS\system32\KeywordDetectorMsftSidAdapter.dll 2015-10-01 21:47 - 2015-10-01 21:47 - 00083792 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pdc.sys 2015-10-01 21:47 - 2015-10-01 21:47 - 00083456 _____ (Microsoft Corporation) C:\WINDOWS\system32\KnobsCsp.dll 2015-10-01 21:47 - 2015-10-01 21:47 - 00083160 _____ (Microsoft Corporation) C:\WINDOWS\system32\omadmapi.dll 2015-10-01 21:47 - 2015-10-01 21:47 - 00076288 _____ (Microsoft Corporation) C:\WINDOWS\system32\LocationWiFiAdapter.dll 2015-10-01 21:47 - 2015-10-01 21:47 - 00075776 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceEnroller.exe 2015-10-01 21:47 - 2015-10-01 21:47 - 00074880 _____ (Microsoft Corporation) C:\WINDOWS\system32\remoteaudioendpoint.dll 2015-10-01 21:47 - 2015-10-01 21:47 - 00072192 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngckeyenum.dll 2015-10-01 21:47 - 2015-10-01 21:47 - 00070744 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll 2015-10-01 21:47 - 2015-10-01 21:47 - 00067584 _____ (Microsoft Corporation) C:\WINDOWS\system32\MDMAppInstaller.exe 2015-10-01 21:47 - 2015-10-01 21:47 - 00064000 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwancfg.dll 2015-10-01 21:47 - 2015-10-01 21:47 - 00061952 _____ (Microsoft Corporation) C:\WINDOWS\system32\HttpsDataSource.dll 2015-10-01 21:47 - 2015-10-01 21:47 - 00055296 _____ (Microsoft Corporation) C:\WINDOWS\system32\EnterpriseDesktopAppMgmtCSP.dll 2015-10-01 21:47 - 2015-10-01 21:47 - 00041472 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Speech.Pal.dll 2015-10-01 21:47 - 2015-10-01 21:47 - 00026112 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\buttonconverter.sys 2015-10-01 21:47 - 2015-10-01 21:47 - 00025088 _____ (Microsoft Corporation) C:\WINDOWS\system32\syncmlhook.dll 2015-10-01 21:47 - 2015-10-01 21:47 - 00022016 _____ (Microsoft Corporation) C:\WINDOWS\system32\LicenseManagerShellext.exe 2015-10-01 21:47 - 2015-10-01 21:47 - 00000020 ___SH C:\Users\Rainer-User\ntuser.ini 2015-10-01 21:47 - 2015-10-01 21:47 - 00000000 ____D C:\Users\Rainer-User\AppData\Local\TileDataLayer 2015-10-01 21:42 - 2015-10-01 21:43 - 00002396 _____ C:\Users\Conny\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk 2015-10-01 21:42 - 2015-10-01 21:43 - 00000000 ___RD C:\Users\Conny\OneDrive 2015-10-01 21:42 - 2015-10-01 21:42 - 00008192 _____ C:\WINDOWS\system32\config\userdiff 2015-10-01 21:41 - 2015-10-01 21:41 - 00000000 ____D C:\Users\Conny\AppData\Local\Publishers 2015-10-01 21:40 - 2015-10-01 21:40 - 00000000 ____D C:\WINDOWS\system32\XPSViewer 2015-10-01 21:40 - 2015-10-01 21:40 - 00000000 ____D C:\WINDOWS\system32\msmq 2015-10-01 21:40 - 2015-10-01 21:40 - 00000000 ____D C:\WINDOWS\system32\BestPractices 2015-10-01 21:40 - 2015-10-01 21:40 - 00000000 ____D C:\Program Files\Reference Assemblies 2015-10-01 21:40 - 2015-10-01 21:40 - 00000000 ____D C:\Program Files\MSBuild 2015-10-01 21:40 - 2015-10-01 21:40 - 00000000 ____D C:\inetpub 2015-10-01 21:39 - 2015-10-01 21:39 - 00041584 _____ (Toshiba Corporation) C:\WINDOWS\system32\Drivers\Thotkey.sys 2015-10-01 21:39 - 2015-10-01 21:39 - 00000000 ____H C:\ProgramData\DP45977C.lfl 2015-10-01 21:39 - 2015-10-01 21:39 - 00000000 ____D C:\WINDOWS\system32\DAX2 2015-10-01 21:39 - 2015-05-29 21:07 - 00778936 _____ (Microsoft Corporation) C:\WINDOWS\system32\PresentationNative_v0300.dll 2015-10-01 21:39 - 2015-05-29 21:07 - 00102608 _____ (Microsoft Corporation) C:\WINDOWS\system32\PresentationCFFRasterizerNative_v0300.dll 2015-10-01 21:39 - 2015-05-29 21:07 - 00035480 _____ (Microsoft Corporation) C:\WINDOWS\system32\TsWpfWrp.exe 2015-10-01 21:38 - 2015-10-01 21:38 - 00000000 ____D C:\WINDOWS\system32\RTCOM 2015-10-01 21:38 - 2015-10-01 21:38 - 00000000 ____D C:\Program Files\Realtek 2015-10-01 21:37 - 2015-10-01 21:37 - 72130592 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RCoRes.dat 2015-10-01 21:37 - 2015-10-01 21:37 - 13806888 _____ (Waves Audio Ltd.) C:\WINDOWS\system32\MaxxAudioRealtek.dll 2015-10-01 21:37 - 2015-10-01 21:37 - 12127968 _____ (Waves Audio Ltd.) C:\WINDOWS\system32\MaxxVoiceAPO30.dll 2015-10-01 21:37 - 2015-10-01 21:37 - 12035256 _____ (Waves Audio Ltd.) C:\WINDOWS\system32\MaxxVoiceAPO40.dll 2015-10-01 21:37 - 2015-10-01 21:37 - 07179568 _____ (Dolby Laboratories) C:\WINDOWS\system32\R4EEP32A.dll 2015-10-01 21:37 - 2015-10-01 21:37 - 07062400 _____ (Dolby Laboratories) C:\WINDOWS\system32\DDPP32A.dll 2015-10-01 21:37 - 2015-10-01 21:37 - 05804772 _____ C:\WINDOWS\system32\Drivers\rtvienna.dat 2015-10-01 21:37 - 2015-10-01 21:37 - 05187584 _____ (Nahimic Inc) C:\WINDOWS\system32\NAHIMICV2apo.dll 2015-10-01 21:37 - 2015-10-01 21:37 - 04813888 _____ (Nahimic Inc) C:\WINDOWS\system32\NAHIMICAPOlfx.dll 2015-10-01 21:37 - 2015-10-01 21:37 - 03653631 _____ C:\WINDOWS\system32\Drivers\RTAIODAT.DAT 2015-10-01 21:37 - 2015-10-01 21:37 - 03596544 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\Drivers\RTKVHDA.sys 2015-10-01 21:37 - 2015-10-01 21:37 - 02887952 _____ (Fortemedia Corporation) C:\WINDOWS\system32\FMAPO.dll 2015-10-01 21:37 - 2015-10-01 21:37 - 02662648 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RtkPgExt.dll 2015-10-01 21:37 - 2015-10-01 21:37 - 02662632 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RltkAPO.dll 2015-10-01 21:37 - 2015-10-01 21:37 - 02654968 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RTSndMgr.cpl 2015-10-01 21:37 - 2015-10-01 21:37 - 02454160 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RtkApoApi.dll 2015-10-01 21:37 - 2015-10-01 21:37 - 02430104 _____ (Waves Audio Ltd.) C:\WINDOWS\system32\MaxxAudioAPO70.dll 2015-10-01 21:37 - 2015-10-01 21:37 - 01957504 _____ (Waves Audio Ltd.) C:\WINDOWS\system32\MaxxAudioEQ.dll 2015-10-01 21:37 - 2015-10-01 21:37 - 01913176 _____ (Dolby Laboratories) C:\WINDOWS\system32\DolbyDAX2APOv211.dll 2015-10-01 21:37 - 2015-10-01 21:37 - 01840768 _____ (Waves Audio Ltd.) C:\WINDOWS\system32\WavesGUILib.dll 2015-10-01 21:37 - 2015-10-01 21:37 - 01831864 _____ (Dolby Laboratories) C:\WINDOWS\system32\DolbyDAX2APOv201.dll 2015-10-01 21:37 - 2015-10-01 21:37 - 01800496 _____ (Waves Audio Ltd.) C:\WINDOWS\system32\WavesLib.dll 2015-10-01 21:37 - 2015-10-01 21:37 - 01727232 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RtkCoInstII.dll 2015-10-01 21:37 - 2015-10-01 21:37 - 01553824 _____ (DTS) C:\WINDOWS\system32\DTSS2SpeakerDLL.dll 2015-10-01 21:37 - 2015-10-01 21:37 - 01537216 _____ (Conexant Systems Inc.) C:\WINDOWS\system32\CX32APO.dll 2015-10-01 21:37 - 2015-10-01 21:37 - 01534328 _____ (Dolby Laboratories) C:\WINDOWS\system32\DDPD32A.dll 2015-10-01 21:37 - 2015-10-01 21:37 - 01421808 _____ (TOSHIBA Corporation) C:\WINDOWS\system32\tosade.dll 2015-10-01 21:37 - 2015-10-01 21:37 - 01333288 _____ (DTS) C:\WINDOWS\system32\DTSS2HeadphoneDLL.dll 2015-10-01 21:37 - 2015-10-01 21:37 - 01259368 _____ (DTS) C:\WINDOWS\system32\DTSBoostDLL.dll 2015-10-01 21:37 - 2015-10-01 21:37 - 01199512 _____ (Waves Audio Ltd.) C:\WINDOWS\system32\MaxxAudioAPO60.dll 2015-10-01 21:37 - 2015-10-01 21:37 - 01092176 _____ (Synopsys, Inc.) C:\WINDOWS\system32\SRRPTR.dll 2015-10-01 21:37 - 2015-10-01 21:37 - 01057840 _____ (SRS Labs, Inc.) C:\WINDOWS\system32\slcnt32.dll 2015-10-01 21:37 - 2015-10-01 21:37 - 01045880 _____ (Waves Audio Ltd.) C:\WINDOWS\system32\MaxxAudioAPO50.dll 2015-10-01 21:37 - 2015-10-01 21:37 - 01008296 _____ (Waves Audio Ltd.) C:\WINDOWS\system32\MaxxAudioAPO40.dll 2015-10-01 21:37 - 2015-10-01 21:37 - 00982968 _____ (Waves Audio Ltd.) C:\WINDOWS\system32\MaxxSpeechAPO.dll 2015-10-01 21:37 - 2015-10-01 21:37 - 00962896 _____ (Nahimic Inc) C:\WINDOWS\system32\NahimicAPONSControl.dll 2015-10-01 21:37 - 2015-10-01 21:37 - 00953592 _____ (Sony Corporation) C:\WINDOWS\system32\SFSS_APO.dll 2015-10-01 21:37 - 2015-10-01 21:37 - 00899080 _____ (DTS, Inc.) C:\WINDOWS\system32\sl3apo32.dll 2015-10-01 21:37 - 2015-10-01 21:37 - 00884848 _____ (Sony Corporation) C:\WINDOWS\system32\MISS_APO.dll 2015-10-01 21:37 - 2015-10-01 21:37 - 00879896 _____ (TOSHIBA Corporation) C:\WINDOWS\system32\tossaeapo32.dll 2015-10-01 21:37 - 2015-10-01 21:37 - 00876808 _____ (TOSHIBA Corporation) C:\WINDOWS\system32\tadefxapo2.dll 2015-10-01 21:37 - 2015-10-01 21:37 - 00867712 _____ (Dolby Laboratories) C:\WINDOWS\system32\DolbyDAX2APOProp.dll 2015-10-01 21:37 - 2015-10-01 21:37 - 00850504 _____ (Waves Audio Ltd.) C:\WINDOWS\system32\MaxxVoiceAPO20.dll 2015-10-01 21:37 - 2015-10-01 21:37 - 00807720 _____ (Waves Audio Ltd.) C:\WINDOWS\system32\MaxxAudioAPOShell.dll 2015-10-01 21:37 - 2015-10-01 21:37 - 00734752 _____ (Sound Research, Corp.) C:\WINDOWS\system32\SEHDRA32.dll 2015-10-01 21:37 - 2015-10-01 21:37 - 00684184 _____ (DTS) C:\WINDOWS\system32\DTSBassEnhancementDLL.dll 2015-10-01 21:37 - 2015-10-01 21:37 - 00660200 _____ (DTS) C:\WINDOWS\system32\DTSSymmetryDLL.dll 2015-10-01 21:37 - 2015-10-01 21:37 - 00640008 _____ (DTS, Inc.) C:\WINDOWS\system32\sltech32.dll 2015-10-01 21:37 - 2015-10-01 21:37 - 00630000 _____ (DTS) C:\WINDOWS\system32\DTSVoiceClarityDLL.dll 2015-10-01 21:37 - 2015-10-01 21:37 - 00589736 _____ (TOSHIBA Corporation) C:\WINDOWS\system32\tosasfapo32.dll 2015-10-01 21:37 - 2015-10-01 21:37 - 00583168 _____ (Sound Research, Corp.) C:\WINDOWS\system32\SECOMN32.dll 2015-10-01 21:37 - 2015-10-01 21:37 - 00546360 _____ (Andrea Electronics Corporation) C:\WINDOWS\system32\AERTACap.dll 2015-10-01 21:37 - 2015-10-01 21:37 - 00536176 _____ (Waves Audio Ltd.) C:\WINDOWS\system32\MaxxVolumeSDAPO.dll 2015-10-01 21:37 - 2015-10-01 21:37 - 00536176 _____ (Waves Audio Ltd.) C:\WINDOWS\system32\MaxxAudioAPO30.dll 2015-10-01 21:37 - 2015-10-01 21:37 - 00484184 _____ (DTS) C:\WINDOWS\system32\DTSNeoPCDLL.dll 2015-10-01 21:37 - 2015-10-01 21:37 - 00452216 _____ (DTS) C:\WINDOWS\system32\DTSU2PLFX32.dll 2015-10-01 21:37 - 2015-10-01 21:37 - 00428304 _____ (DTS) C:\WINDOWS\system32\DTSU2PGFX32.dll 2015-10-01 21:37 - 2015-10-01 21:37 - 00414360 _____ (DTS) C:\WINDOWS\system32\DTSGainCompensatorDLL.dll 2015-10-01 21:37 - 2015-10-01 21:37 - 00413304 _____ (Synopsys, Inc.) C:\WINDOWS\system32\SRAPO.dll 2015-10-01 21:37 - 2015-10-01 21:37 - 00399808 _____ (DTS) C:\WINDOWS\system32\DTSLimiterDLL.dll 2015-10-01 21:37 - 2015-10-01 21:37 - 00396632 _____ (Sound Research, Corp.) C:\WINDOWS\system32\SEAPO32.dll 2015-10-01 21:37 - 2015-10-01 21:37 - 00383816 _____ (Dolby Laboratories, Inc.) C:\WINDOWS\system32\RTEEP32A.dll 2015-10-01 21:37 - 2015-10-01 21:37 - 00381832 _____ (Knowles Acoustics ) C:\WINDOWS\system32\KAAPORT.dll 2015-10-01 21:37 - 2015-10-01 21:37 - 00375984 _____ (Dolby Laboratories) C:\WINDOWS\system32\R4EED32A.dll 2015-10-01 21:37 - 2015-10-01 21:37 - 00369880 _____ (DTS) C:\WINDOWS\system32\DTSU2PREC32.dll 2015-10-01 21:37 - 2015-10-01 21:37 - 00368944 _____ (SRS Labs, Inc.) C:\WINDOWS\system32\SRSTSXT.dll 2015-10-01 21:37 - 2015-10-01 21:37 - 00352904 _____ (Synopsys, Inc.) C:\WINDOWS\system32\SRCOM.dll 2015-10-01 21:37 - 2015-10-01 21:37 - 00319520 _____ (ICEpower a/s) C:\WINDOWS\system32\ICEsoundAPO.dll 2015-10-01 21:37 - 2015-10-01 21:37 - 00318664 _____ (Dolby Laboratories, Inc.) C:\WINDOWS\system32\RP3DHT32.dll 2015-10-01 21:37 - 2015-10-01 21:37 - 00318656 _____ (Dolby Laboratories, Inc.) C:\WINDOWS\system32\RP3DAA32.dll 2015-10-01 21:37 - 2015-10-01 21:37 - 00312184 _____ (Dolby Laboratories) C:\WINDOWS\system32\HiFiDAX2API.dll 2015-10-01 21:37 - 2015-10-01 21:37 - 00296944 _____ (Dolby Laboratories) C:\WINDOWS\system32\DDPO32A.dll 2015-10-01 21:37 - 2015-10-01 21:37 - 00254888 _____ (Waves Audio Ltd.) C:\WINDOWS\system32\MaxxAudioAPO20.dll 2015-10-01 21:37 - 2015-10-01 21:37 - 00243272 _____ (Dolby Laboratories) C:\WINDOWS\system32\DDPA32.dll 2015-10-01 21:37 - 2015-10-01 21:37 - 00241696 _____ (TOSHIBA Corporation) C:\WINDOWS\system32\tossaemaxapo32.dll 2015-10-01 21:37 - 2015-10-01 21:37 - 00241352 _____ (TODO: <Company name>) C:\WINDOWS\system32\slprp32.dll 2015-10-01 21:37 - 2015-10-01 21:37 - 00240400 _____ (DTS) C:\WINDOWS\system32\DTSGFXAPONS.dll 2015-10-01 21:37 - 2015-10-01 21:37 - 00240400 _____ (DTS) C:\WINDOWS\system32\DTSGFXAPO.dll 2015-10-01 21:37 - 2015-10-01 21:37 - 00239816 _____ (DTS) C:\WINDOWS\system32\DTSLFXAPO.dll 2015-10-01 21:37 - 2015-10-01 21:37 - 00235672 _____ (Synopsys, Inc.) C:\WINDOWS\system32\SFNHK.dll 2015-10-01 21:37 - 2015-10-01 21:37 - 00206384 _____ (SRS Labs, Inc.) C:\WINDOWS\system32\SRSTSHD.dll 2015-10-01 21:37 - 2015-10-01 21:37 - 00206144 _____ C:\WINDOWS\system32\AcpiServiceVnA.dll 2015-10-01 21:37 - 2015-10-01 21:37 - 00193888 _____ (SRS Labs, Inc.) C:\WINDOWS\system32\SRSHP360.dll 2015-10-01 21:37 - 2015-10-01 21:37 - 00191576 _____ (Dolby Laboratories, Inc.) C:\WINDOWS\system32\RTEED32A.dll 2015-10-01 21:37 - 2015-10-01 21:37 - 00162048 _____ (TOSHIBA Corporation) C:\WINDOWS\system32\toseaeapo32.dll 2015-10-01 21:37 - 2015-10-01 21:37 - 00160544 _____ (SRS Labs, Inc.) C:\WINDOWS\system32\SRSWOW.dll 2015-10-01 21:37 - 2015-10-01 21:37 - 00154744 _____ (TOSHIBA Corporation) C:\WINDOWS\system32\tadefxapo.dll 2015-10-01 21:37 - 2015-10-01 21:37 - 00152240 _____ (Waves Audio Ltd.) C:\WINDOWS\system32\MaxxAudioAPO.dll 2015-10-01 21:37 - 2015-10-01 21:37 - 00126488 _____ (Dolby Laboratories) C:\WINDOWS\system32\R4EEL32A.dll 2015-10-01 21:37 - 2015-10-01 21:37 - 00115424 _____ (Andrea Electronics Corporation) C:\WINDOWS\system32\AERTARen.dll 2015-10-01 21:37 - 2015-10-01 21:37 - 00111280 _____ (Dolby Laboratories) C:\WINDOWS\system32\R4EEA32A.dll 2015-10-01 21:37 - 2015-10-01 21:37 - 00110032 _____ (Real Sound Lab SIA) C:\WINDOWS\system32\CONEQMSAPOGUILibrary.dll 2015-10-01 21:37 - 2015-10-01 21:37 - 00105312 _____ C:\WINDOWS\system32\audioLibVc.dll 2015-10-01 21:37 - 2015-10-01 21:37 - 00097832 _____ (Dolby Laboratories, Inc.) C:\WINDOWS\system32\RTEEL32A.dll 2015-10-01 21:37 - 2015-10-01 21:37 - 00093160 _____ (Synopsys, Inc.) C:\WINDOWS\system32\SFCOM.dll 2015-10-01 21:37 - 2015-10-01 21:37 - 00087968 _____ (Synopsys, Inc.) C:\WINDOWS\system32\SFAPO.dll 2015-10-01 21:37 - 2015-10-01 21:37 - 00083864 _____ (Dolby Laboratories, Inc.) C:\WINDOWS\system32\RTEEG32A.dll 2015-10-01 21:37 - 2015-10-01 21:37 - 00081160 _____ (Dolby Laboratories) C:\WINDOWS\system32\R4EEG32A.dll 2015-10-01 21:37 - 2015-10-01 21:37 - 00077192 _____ (TOSHIBA CORPORATION.) C:\WINDOWS\system32\TepeqAPO.dll 2015-10-01 21:37 - 2015-10-01 21:37 - 00030864 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RtkCoLDR.dll 2015-10-01 21:34 - 2015-10-01 21:34 - 00000000 ____D C:\Users\Conny\AppData\Local\NetworkTiles 2015-10-01 21:32 - 2015-10-01 21:32 - 00000000 ____D C:\Users\Conny\AppData\Local\TileDataLayer 2015-10-01 21:31 - 2015-10-01 21:31 - 00000020 ___SH C:\Users\Conny\ntuser.ini 2015-10-01 21:30 - 2015-10-01 21:30 - 00000000 _SHDL C:\Users\Default\Startmenü 2015-10-01 21:30 - 2015-10-01 21:30 - 00000000 _SHDL C:\Users\Default\Netzwerkumgebung 2015-10-01 21:30 - 2015-10-01 21:30 - 00000000 _SHDL C:\Users\Default\Druckumgebung 2015-10-01 21:30 - 2015-10-01 21:30 - 00000000 _SHDL C:\Users\Default\Documents\Eigene Musik 2015-10-01 21:30 - 2015-10-01 21:30 - 00000000 _SHDL C:\Users\Default\Documents\Eigene Bilder 2015-10-01 21:30 - 2015-10-01 21:30 - 00000000 _SHDL C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programme 2015-10-01 21:30 - 2015-10-01 21:30 - 00000000 _SHDL C:\Users\Default\AppData\Local\Verlauf 2015-10-01 21:30 - 2015-10-01 21:30 - 00000000 _SHDL C:\Users\Default User\Documents\Eigene Musik 2015-10-01 21:30 - 2015-10-01 21:30 - 00000000 _SHDL C:\Users\Default User\Documents\Eigene Bilder 2015-10-01 21:30 - 2015-10-01 21:30 - 00000000 _SHDL C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programme 2015-10-01 21:30 - 2015-10-01 21:30 - 00000000 _SHDL C:\Users\Default User\AppData\Local\Verlauf 2015-10-01 21:12 - 2015-10-01 21:12 - 00001544 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk 2015-10-01 21:12 - 2015-10-01 21:12 - 00000000 ____D C:\Users\Default\AppData\Roaming\Apple Computer 2015-10-01 21:12 - 2015-10-01 21:12 - 00000000 ____D C:\Users\Default\AppData\Local\Apple Computer 2015-10-01 21:12 - 2015-10-01 21:12 - 00000000 ____D C:\Users\Default User\AppData\Roaming\Apple Computer 2015-10-01 21:12 - 2015-10-01 21:12 - 00000000 ____D C:\Users\Default User\AppData\Local\Apple Computer 2015-10-01 21:06 - 2015-10-01 21:06 - 00000000 ____D C:\Program Files\Common Files\SpeechEngines 2015-10-01 21:01 - 2015-10-22 20:24 - 00000000 ____D C:\Users\Marie-Sophie 2015-10-01 21:01 - 2015-10-22 20:19 - 00000000 ___RD C:\Users\Marie-Sophie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories 2015-10-01 21:01 - 2015-10-22 15:58 - 00000000 ____D C:\Users\Felix 2015-10-01 21:01 - 2015-10-22 15:51 - 00000000 ___RD C:\Users\Felix\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories 2015-10-01 21:01 - 2015-10-12 23:07 - 00000000 ____D C:\Users\Romer 2015-10-01 21:01 - 2015-10-12 22:59 - 00000000 ___RD C:\Users\Romer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories 2015-10-01 21:01 - 2015-10-01 21:47 - 00000000 ___RD C:\Users\Rainer-User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories 2015-10-01 21:01 - 2015-10-01 21:42 - 00000000 ____D C:\Users\Conny 2015-10-01 21:01 - 2015-10-01 21:32 - 00000000 ___RD C:\Users\Conny\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories 2015-10-01 21:01 - 2015-10-01 21:01 - 00000000 _SHDL C:\Users\Romer\Startmenü 2015-10-01 21:01 - 2015-10-01 21:01 - 00000000 _SHDL C:\Users\Romer\Netzwerkumgebung 2015-10-01 21:01 - 2015-10-01 21:01 - 00000000 _SHDL C:\Users\Romer\Druckumgebung 2015-10-01 21:01 - 2015-10-01 21:01 - 00000000 _SHDL C:\Users\Romer\Documents\Eigene Musik 2015-10-01 21:01 - 2015-10-01 21:01 - 00000000 _SHDL C:\Users\Romer\Documents\Eigene Bilder 2015-10-01 21:01 - 2015-10-01 21:01 - 00000000 _SHDL C:\Users\Romer\AppData\Roaming\Microsoft\Windows\Start Menu\Programme 2015-10-01 21:01 - 2015-10-01 21:01 - 00000000 _SHDL C:\Users\Romer\AppData\Local\Verlauf 2015-10-01 21:01 - 2015-10-01 21:01 - 00000000 _SHDL C:\Users\Rainer-User\Startmenü 2015-10-01 21:01 - 2015-10-01 21:01 - 00000000 _SHDL C:\Users\Rainer-User\Netzwerkumgebung 2015-10-01 21:01 - 2015-10-01 21:01 - 00000000 _SHDL C:\Users\Rainer-User\Druckumgebung 2015-10-01 21:01 - 2015-10-01 21:01 - 00000000 _SHDL C:\Users\Rainer-User\Documents\Eigene Musik 2015-10-01 21:01 - 2015-10-01 21:01 - 00000000 _SHDL C:\Users\Rainer-User\Documents\Eigene Bilder 2015-10-01 21:01 - 2015-10-01 21:01 - 00000000 _SHDL C:\Users\Rainer-User\AppData\Roaming\Microsoft\Windows\Start Menu\Programme 2015-10-01 21:01 - 2015-10-01 21:01 - 00000000 _SHDL C:\Users\Rainer-User\AppData\Local\Verlauf 2015-10-01 21:01 - 2015-10-01 21:01 - 00000000 _SHDL C:\Users\Marie-Sophie\Startmenü 2015-10-01 21:01 - 2015-10-01 21:01 - 00000000 _SHDL C:\Users\Marie-Sophie\Netzwerkumgebung 2015-10-01 21:01 - 2015-10-01 21:01 - 00000000 _SHDL C:\Users\Marie-Sophie\Druckumgebung 2015-10-01 21:01 - 2015-10-01 21:01 - 00000000 _SHDL C:\Users\Marie-Sophie\Documents\Eigene Musik 2015-10-01 21:01 - 2015-10-01 21:01 - 00000000 _SHDL C:\Users\Marie-Sophie\Documents\Eigene Bilder 2015-10-01 21:01 - 2015-10-01 21:01 - 00000000 _SHDL C:\Users\Marie-Sophie\AppData\Roaming\Microsoft\Windows\Start Menu\Programme 2015-10-01 21:01 - 2015-10-01 21:01 - 00000000 _SHDL C:\Users\Marie-Sophie\AppData\Local\Verlauf 2015-10-01 21:01 - 2015-10-01 21:01 - 00000000 _SHDL C:\Users\Felix\Startmenü 2015-10-01 21:01 - 2015-10-01 21:01 - 00000000 _SHDL C:\Users\Felix\Netzwerkumgebung 2015-10-01 21:01 - 2015-10-01 21:01 - 00000000 _SHDL C:\Users\Felix\Druckumgebung 2015-10-01 21:01 - 2015-10-01 21:01 - 00000000 _SHDL C:\Users\Felix\Documents\Eigene Musik 2015-10-01 21:01 - 2015-10-01 21:01 - 00000000 _SHDL C:\Users\Felix\Documents\Eigene Bilder 2015-10-01 21:01 - 2015-10-01 21:01 - 00000000 _SHDL C:\Users\Felix\AppData\Roaming\Microsoft\Windows\Start Menu\Programme 2015-10-01 21:01 - 2015-10-01 21:01 - 00000000 _SHDL C:\Users\Felix\AppData\Local\Verlauf 2015-10-01 21:01 - 2015-10-01 21:01 - 00000000 _SHDL C:\Users\Conny\Startmenü 2015-10-01 21:01 - 2015-10-01 21:01 - 00000000 _SHDL C:\Users\Conny\Netzwerkumgebung 2015-10-01 21:01 - 2015-10-01 21:01 - 00000000 _SHDL C:\Users\Conny\Druckumgebung 2015-10-01 21:01 - 2015-10-01 21:01 - 00000000 _SHDL C:\Users\Conny\Documents\Eigene Musik 2015-10-01 21:01 - 2015-10-01 21:01 - 00000000 _SHDL C:\Users\Conny\Documents\Eigene Bilder 2015-10-01 21:01 - 2015-10-01 21:01 - 00000000 _SHDL C:\Users\Conny\AppData\Roaming\Microsoft\Windows\Start Menu\Programme 2015-10-01 21:01 - 2015-10-01 21:01 - 00000000 _SHDL C:\Users\Conny\AppData\Local\Verlauf 2015-10-01 21:01 - 2015-07-10 09:28 - 00000000 __RSD C:\Users\Romer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell 2015-10-01 21:01 - 2015-07-10 09:28 - 00000000 __RSD C:\Users\Rainer-User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell 2015-10-01 21:01 - 2015-07-10 09:28 - 00000000 __RSD C:\Users\Marie-Sophie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell 2015-10-01 21:01 - 2015-07-10 09:28 - 00000000 __RSD C:\Users\Felix\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell 2015-10-01 21:01 - 2015-07-10 09:28 - 00000000 __RSD C:\Users\Conny\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell 2015-10-01 21:01 - 2015-07-10 09:28 - 00000000 ___RD C:\Users\Romer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools 2015-10-01 21:01 - 2015-07-10 09:28 - 00000000 ___RD C:\Users\Romer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility 2015-10-01 21:01 - 2015-07-10 09:28 - 00000000 ___RD C:\Users\Rainer-User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools 2015-10-01 21:01 - 2015-07-10 09:28 - 00000000 ___RD C:\Users\Rainer-User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility 2015-10-01 21:01 - 2015-07-10 09:28 - 00000000 ___RD C:\Users\Marie-Sophie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools 2015-10-01 21:01 - 2015-07-10 09:28 - 00000000 ___RD C:\Users\Marie-Sophie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility 2015-10-01 21:01 - 2015-07-10 09:28 - 00000000 ___RD C:\Users\Felix\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools 2015-10-01 21:01 - 2015-07-10 09:28 - 00000000 ___RD C:\Users\Felix\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility 2015-10-01 21:01 - 2015-07-10 09:28 - 00000000 ___RD C:\Users\Conny\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools 2015-10-01 21:01 - 2015-07-10 09:28 - 00000000 ___RD C:\Users\Conny\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility 2015-10-01 21:01 - 2015-07-10 09:28 - 00000000 ____D C:\Users\Romer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance 2015-10-01 21:01 - 2015-07-10 09:28 - 00000000 ____D C:\Users\Rainer-User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance 2015-10-01 21:01 - 2015-07-10 09:28 - 00000000 ____D C:\Users\Marie-Sophie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance 2015-10-01 21:01 - 2015-07-10 09:28 - 00000000 ____D C:\Users\Felix\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance 2015-10-01 21:01 - 2015-07-10 09:28 - 00000000 ____D C:\Users\Conny\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance 2015-10-01 21:00 - 2015-10-22 15:59 - 02030034 _____ C:\WINDOWS\system32\PerfStringBackup.INI 2015-10-01 20:59 - 2015-10-01 21:00 - 00020921 _____ C:\WINDOWS\iis.log 2015-10-01 20:57 - 2015-10-01 20:57 - 00000000 ____H C:\WINDOWS\system32\Drivers\Msft_Kernel_SynTP_01011.Wdf 2015-10-01 20:57 - 2015-10-01 20:57 - 00000000 _____ C:\WINDOWS\ativpsrm.bin 2015-10-01 20:56 - 2015-10-01 20:56 - 00000000 ____H C:\WINDOWS\system32\Drivers\Msft_Kernel_Smb_driver_Intel_01011.Wdf 2015-10-01 20:56 - 2015-10-01 20:56 - 00000000 ____D C:\Program Files\Synaptics 2015-10-01 20:54 - 2015-10-01 20:55 - 00028418 _____ C:\WINDOWS\system32\NetSetupMig.log 2015-10-01 20:28 - 2015-07-10 09:25 - 00000001 ___SH C:\BOOTNXT 2015-10-01 20:18 - 2015-10-01 21:29 - 00025689 _____ C:\WINDOWS\diagerr.xml 2015-10-01 20:18 - 2015-10-01 21:29 - 00024768 _____ C:\WINDOWS\diagwrn.xml ==================== Ein Monat: Geänderte Dateien und Ordner ======== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.) 2015-10-27 22:22 - 2014-08-10 21:03 - 00015980 _____ C:\Users\Romer\Downloads\FRST.txt 2015-10-27 22:22 - 2013-11-10 23:10 - 00000000 ____D C:\FRST 2015-10-27 22:20 - 2015-07-10 09:28 - 00000000 ____D C:\WINDOWS\AppReadiness 2015-10-27 22:20 - 2014-12-27 01:49 - 00000884 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job 2015-10-27 22:19 - 2014-08-10 21:01 - 00000472 _____ C:\Users\Romer\Downloads\defogger_disable.log 2015-10-27 22:14 - 2015-09-10 05:04 - 00000000 ____D C:\WINDOWS\OCR 2015-10-27 22:14 - 2015-07-10 09:20 - 00000000 ____D C:\WINDOWS\CbsTemp 2015-10-27 22:13 - 2015-09-10 05:19 - 00000275 _____ C:\WINDOWS\WindowsUpdate.log 2015-10-27 22:12 - 2015-01-20 22:10 - 00170200 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys 2015-10-27 21:56 - 2015-07-10 09:28 - 00000000 ____D C:\WINDOWS\system32\sru 2015-10-27 16:29 - 2015-07-10 09:28 - 00000000 ____D C:\WINDOWS\Microsoft.NET 2015-10-27 13:43 - 2014-12-21 22:16 - 00000000 ____D C:\Program Files\Common Files\McAfee 2015-10-27 13:42 - 2015-07-10 09:28 - 00000000 ___HD C:\WINDOWS\ELAMBKUP 2015-10-27 13:41 - 2014-12-21 22:16 - 00000000 ____D C:\ProgramData\McAfee 2015-10-25 23:47 - 2015-03-12 19:17 - 593757184 _____ C:\Users\Rainer-User\Rainer-User Outlook-Datendatei(1).pst 2015-10-25 22:42 - 2015-07-21 00:17 - 00027603 _____ C:\WINDOWS\setupact.log 2015-10-22 20:54 - 2014-12-27 01:45 - 00002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk 2015-10-22 15:56 - 2015-01-22 21:55 - 00000000 ____D C:\Users\Felix\AppData\Roaming\Apple Computer 2015-10-21 17:00 - 2015-07-10 07:59 - 00032768 ___SH C:\WINDOWS\system32\config\ELAM 2015-10-21 17:00 - 2014-12-21 22:23 - 00000000 ____D C:\Program Files\McAfee 2015-10-18 22:45 - 2014-12-21 22:08 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service 2015-10-16 04:10 - 2015-07-10 09:29 - 00810488 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe 2015-10-16 04:10 - 2015-07-10 09:29 - 00176632 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl 2015-10-14 22:16 - 2015-01-20 22:08 - 00001134 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2015-10-14 22:16 - 2015-01-20 22:08 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 2015-10-14 22:16 - 2015-01-20 22:08 - 00000000 ____D C:\Program Files\ Malwarebytes Anti-Malware 2015-10-14 15:52 - 2014-12-21 22:06 - 00000000 ____D C:\WINDOWS\system32\MRT 2015-10-14 15:48 - 2014-12-21 22:06 - 141105520 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe 2015-10-14 15:34 - 2015-07-21 00:18 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT 2015-10-14 15:34 - 2015-07-21 00:17 - 00335800 _____ C:\WINDOWS\system32\FNTCACHE.DAT 2015-10-14 15:33 - 2015-09-09 20:17 - 00002556 _____ C:\WINDOWS\PFRO.log 2015-10-09 18:37 - 2015-05-27 09:16 - 00000000 __SHD C:\Users\Conny\AppData\Local\EmieUserList 2015-10-09 18:37 - 2015-05-27 09:16 - 00000000 __SHD C:\Users\Conny\AppData\Local\EmieSiteList 2015-10-07 21:36 - 2014-12-27 11:49 - 00000000 ___HD C:\Program Files\InstallShield Installation Information 2015-10-07 21:11 - 2015-07-10 09:28 - 00000000 ____D C:\WINDOWS\system32\WinBioDatabase 2015-10-05 08:50 - 2015-01-20 22:08 - 00094936 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamchameleon.sys 2015-10-05 08:50 - 2015-01-20 22:08 - 00051928 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys 2015-10-05 08:50 - 2015-01-20 22:08 - 00023256 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys 2015-10-03 10:20 - 2015-07-10 09:28 - 00000000 ____D C:\WINDOWS\system32\LogFiles 2015-10-02 23:45 - 2015-01-04 20:14 - 00000000 ____D C:\Users\Rainer-User\AppData\Roaming\Skype 2015-10-02 14:57 - 2015-07-10 09:28 - 00000000 ____D C:\WINDOWS\AppCompat 2015-10-01 21:53 - 2015-07-10 09:28 - 00028672 _____ C:\WINDOWS\system32\config\BCD-Template 2015-10-01 21:48 - 2015-07-10 09:28 - 00000000 ___SD C:\WINDOWS\system32\F12 2015-10-01 21:48 - 2015-07-10 09:28 - 00000000 ___RD C:\WINDOWS\PurchaseDialog 2015-10-01 21:48 - 2015-07-10 09:28 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessibility 2015-10-01 21:48 - 2015-07-10 09:28 - 00000000 ____D C:\WINDOWS\system32\SystemResetPlatform 2015-10-01 21:48 - 2015-07-10 09:28 - 00000000 ____D C:\WINDOWS\system32\appraiser 2015-10-01 21:48 - 2015-07-10 09:28 - 00000000 ____D C:\WINDOWS\Provisioning 2015-10-01 21:48 - 2015-07-10 09:28 - 00000000 ____D C:\WINDOWS\L2Schemas 2015-10-01 21:40 - 2015-07-10 09:28 - 00000000 ____D C:\WINDOWS\system32\MUI 2015-10-01 21:40 - 2015-07-10 09:28 - 00000000 ____D C:\WINDOWS\system32\inetsrv 2015-10-01 21:40 - 2015-07-10 09:25 - 00635904 _____ (Microsoft Corporation) C:\WINDOWS\system32\mqsnap.dll 2015-10-01 21:40 - 2015-07-10 09:25 - 00096768 _____ (Microsoft Corporation) C:\WINDOWS\system32\mqoa.tlb 2015-10-01 21:40 - 2015-07-10 09:25 - 00091136 _____ (Microsoft Corporation) C:\WINDOWS\system32\mqoa30.tlb 2015-10-01 21:40 - 2015-07-10 09:25 - 00055808 _____ (Microsoft Corporation) C:\WINDOWS\system32\mqoa20.tlb 2015-10-01 21:40 - 2015-07-10 09:25 - 00037376 _____ (Microsoft Corporation) C:\WINDOWS\system32\mqoa10.tlb 2015-10-01 21:40 - 2015-07-10 09:25 - 00014848 _____ (Microsoft Corporation) C:\WINDOWS\system32\mqcertui.dll 2015-10-01 21:39 - 2015-07-10 09:25 - 01014272 _____ (Microsoft Corporation) C:\WINDOWS\system32\mqqm.dll 2015-10-01 21:39 - 2015-07-10 09:25 - 00562176 _____ (Microsoft Corporation) C:\WINDOWS\system32\mqutil.dll 2015-10-01 21:39 - 2015-07-10 09:25 - 00265728 _____ (Microsoft Corporation) C:\WINDOWS\system32\mqoa.dll 2015-10-01 21:39 - 2015-07-10 09:25 - 00168960 _____ (Microsoft Corporation) C:\WINDOWS\system32\iisRtl.dll 2015-10-01 21:39 - 2015-07-10 09:25 - 00161792 _____ (Microsoft Corporation) C:\WINDOWS\system32\mqrt.dll 2015-10-01 21:39 - 2015-07-10 09:25 - 00130048 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mqac.sys 2015-10-01 21:39 - 2015-07-10 09:25 - 00104960 _____ (Microsoft Corporation) C:\WINDOWS\system32\mqlogmgr.dll 2015-10-01 21:39 - 2015-07-10 09:25 - 00050688 _____ (Microsoft Corporation) C:\WINDOWS\system32\admwprox.dll 2015-10-01 21:39 - 2015-07-10 09:25 - 00044544 _____ (Microsoft Corporation) C:\WINDOWS\system32\mqbkup.exe 2015-10-01 21:39 - 2015-07-10 09:25 - 00026112 _____ (Microsoft Corporation) C:\WINDOWS\system32\ahadmin.dll 2015-10-01 21:39 - 2015-07-10 09:25 - 00024576 _____ (Microsoft Corporation) C:\WINDOWS\system32\mqsvc.exe 2015-10-01 21:39 - 2015-07-10 09:25 - 00016896 _____ (Microsoft Corporation) C:\WINDOWS\system32\iisreset.exe 2015-10-01 21:39 - 2015-07-10 09:25 - 00011264 _____ (Microsoft Corporation) C:\WINDOWS\system32\wamregps.dll 2015-10-01 21:39 - 2015-07-10 09:25 - 00010240 _____ (Microsoft Corporation) C:\WINDOWS\system32\iisrstap.dll 2015-10-01 21:39 - 2015-07-10 09:25 - 00009096 _____ C:\WINDOWS\system32\msmqtrc.mof 2015-10-01 21:37 - 2015-07-10 09:28 - 00000000 ____D C:\WINDOWS\rescache 2015-10-01 21:30 - 2015-07-10 09:28 - 00000000 ____D C:\Program Files\Windows NT 2015-10-01 21:30 - 2015-07-10 07:59 - 00000000 __RHD C:\Users\Default 2015-10-01 21:28 - 2015-07-10 09:28 - 00000000 ____D C:\WINDOWS\Registration 2015-10-01 21:28 - 2014-12-22 23:45 - 00015217 _____ C:\WINDOWS\comsetup.log 2015-10-01 21:27 - 2015-07-10 09:28 - 00000000 __RSD C:\WINDOWS\Media 2015-10-01 21:27 - 2015-07-10 09:28 - 00000000 __RHD C:\Users\Public\Libraries 2015-10-01 21:27 - 2015-07-10 09:28 - 00000000 ___RD C:\Users\Public 2015-10-01 21:27 - 2015-07-10 09:28 - 00000000 ____D C:\WINDOWS\Globalization 2015-10-01 21:27 - 2014-12-23 03:55 - 00021628 _____ C:\WINDOWS\system32\emptyregdb.dat 2015-10-01 21:13 - 2015-09-21 20:55 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes 2015-10-01 21:13 - 2015-09-06 08:21 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus 2015-10-01 21:13 - 2015-08-29 23:24 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime 2015-10-01 21:13 - 2015-07-10 09:28 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories 2015-10-01 21:13 - 2015-07-10 07:59 - 00524288 ___SH C:\WINDOWS\system32\config\BBI 2015-10-01 21:13 - 2015-02-01 16:51 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FOTOParadies 2015-10-01 21:13 - 2015-01-14 17:58 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Presto! PageManager 6 2015-10-01 21:13 - 2014-12-27 18:18 - 00000000 ____D C:\Users\Romer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR 2015-10-01 21:13 - 2014-12-27 18:18 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR 2015-10-01 21:13 - 2014-12-27 11:50 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ArcSoft PhotoBase 2015-10-01 21:13 - 2014-12-27 11:49 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ArcSoft PhotoStudio 2015-10-01 21:13 - 2014-12-26 13:47 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Technische Alternative 2015-10-01 21:13 - 2014-12-26 12:43 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013 2015-10-01 21:13 - 2009-07-14 09:56 - 00000000 ___RD C:\Users\Public\Recorded TV 2015-10-01 21:12 - 2015-07-10 09:29 - 00005306 _____ C:\WINDOWS\DtcInstall.log 2015-10-01 21:12 - 2015-07-10 09:28 - 00000000 ___RD C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories 2015-10-01 21:12 - 2015-07-10 09:28 - 00000000 ___RD C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories 2015-10-01 21:12 - 2009-07-14 03:37 - 00000000 ____D C:\Users\Default.migrated 2015-10-01 21:08 - 2015-09-10 05:01 - 00000000 ____D C:\WINDOWS\system32\Drivers\de-DE 2015-10-01 21:08 - 2015-07-10 09:28 - 00000000 ____D C:\WINDOWS\twain_32 2015-10-01 21:08 - 2015-07-10 09:28 - 00000000 ____D C:\WINDOWS\system32\zh-TW 2015-10-01 21:08 - 2015-07-10 09:28 - 00000000 ____D C:\WINDOWS\system32\zh-HK 2015-10-01 21:08 - 2015-07-10 09:28 - 00000000 ____D C:\WINDOWS\system32\zh-CN 2015-10-01 21:08 - 2015-07-10 09:28 - 00000000 ____D C:\WINDOWS\system32\WinBioPlugIns 2015-10-01 21:08 - 2015-07-10 09:28 - 00000000 ____D C:\WINDOWS\system32\tr-TR 2015-10-01 21:08 - 2015-07-10 09:28 - 00000000 ____D C:\WINDOWS\system32\sv-SE 2015-10-01 21:08 - 2015-07-10 09:28 - 00000000 ____D C:\WINDOWS\system32\ru-RU 2015-10-01 21:08 - 2015-07-10 09:28 - 00000000 ____D C:\WINDOWS\system32\pt-PT 2015-10-01 21:08 - 2015-07-10 09:28 - 00000000 ____D C:\WINDOWS\system32\pt-BR 2015-10-01 21:08 - 2015-07-10 09:28 - 00000000 ____D C:\WINDOWS\system32\pl-PL 2015-10-01 21:08 - 2015-07-10 09:28 - 00000000 ____D C:\WINDOWS\system32\nl-NL 2015-10-01 21:08 - 2015-07-10 09:28 - 00000000 ____D C:\WINDOWS\system32\NDF 2015-10-01 21:08 - 2015-07-10 09:28 - 00000000 ____D C:\WINDOWS\system32\nb-NO 2015-10-01 21:08 - 2015-07-10 09:28 - 00000000 ____D C:\WINDOWS\system32\ko-KR 2015-10-01 21:08 - 2015-07-10 09:28 - 00000000 ____D C:\WINDOWS\system32\ja-JP 2015-10-01 21:08 - 2015-07-10 09:28 - 00000000 ____D C:\WINDOWS\system32\it-IT 2015-10-01 21:08 - 2015-07-10 09:28 - 00000000 ____D C:\WINDOWS\system32\IME 2015-10-01 21:08 - 2015-07-10 09:28 - 00000000 ____D C:\WINDOWS\system32\hu-HU 2015-10-01 21:08 - 2015-07-10 09:28 - 00000000 ____D C:\WINDOWS\system32\fr-FR 2015-10-01 21:08 - 2015-07-10 09:28 - 00000000 ____D C:\WINDOWS\system32\fi-FI 2015-10-01 21:08 - 2015-07-10 09:28 - 00000000 ____D C:\WINDOWS\system32\el-GR 2015-10-01 21:08 - 2015-07-10 09:28 - 00000000 ____D C:\WINDOWS\system32\de-DE 2015-10-01 21:08 - 2014-12-23 03:27 - 00000000 ____D C:\WINDOWS\system32\SPReview 2015-10-01 21:08 - 2014-12-23 03:27 - 00000000 ____D C:\WINDOWS\system32\EventProviders 2015-10-01 21:07 - 2015-07-10 09:28 - 00000000 ____D C:\WINDOWS\System 2015-10-01 21:06 - 2015-09-19 17:11 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype 2015-10-01 21:06 - 2015-09-10 05:01 - 00000000 ____D C:\WINDOWS\DigitalLocker 2015-10-01 21:06 - 2015-07-10 09:28 - 00000000 __SHD C:\Program Files\Windows Sidebar 2015-10-01 21:06 - 2015-07-10 09:28 - 00000000 ____D C:\WINDOWS\schemas 2015-10-01 21:06 - 2015-07-10 09:28 - 00000000 ____D C:\Program Files\Microsoft.NET 2015-10-01 21:06 - 2015-07-10 09:28 - 00000000 ____D C:\Program Files\Common Files\microsoft shared 2015-10-01 21:06 - 2014-12-27 11:54 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon 2015-10-01 21:06 - 2014-12-26 11:32 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hewlett-Packard 2015-10-01 21:06 - 2014-12-26 11:31 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP 2015-10-01 21:06 - 2009-07-14 05:52 - 00000000 ____D C:\Program Files\Microsoft Games 2015-10-01 21:06 - 2009-07-14 05:52 - 00000000 ____D C:\Program Files\DVD Maker 2015-10-01 21:04 - 2015-07-10 09:28 - 00000000 ____D C:\WINDOWS\system32\Recovery 2015-10-01 20:30 - 2014-12-21 21:16 - 01241255 _____ C:\WINDOWS\WindowsUpdate (1).log 2015-10-01 20:28 - 2009-06-09 08:00 - 00008192 __RSH C:\BOOTSECT.BAK 2015-10-01 20:22 - 2009-07-14 05:34 - 00015600 ____H C:\WINDOWS\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2015-10-01 20:22 - 2009-07-14 05:34 - 00015600 ____H C:\WINDOWS\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2015-10-01 20:19 - 2015-09-10 06:05 - 00000000 ___HD C:\$Windows.~BT 2015-09-27 14:33 - 2015-02-03 20:12 - 00000000 ____D C:\Users\Marie-Sophie\AppData\Roaming\Apple Computer ==================== Dateien im Wurzelverzeichnis einiger Verzeichnisse ======= 2015-10-01 21:39 - 2015-10-01 21:39 - 0000000 ____H () C:\ProgramData\DP45977C.lfl ==================== Bamital & volsnap ================= (Es ist kein automatischer Fix für Dateien vorhanden, die an der Verifikation gescheitert sind.) C:\WINDOWS\explorer.exe => Datei ist digital signiert C:\WINDOWS\system32\winlogon.exe => Datei ist digital signiert C:\WINDOWS\system32\wininit.exe => Datei ist digital signiert C:\WINDOWS\system32\svchost.exe => Datei ist digital signiert C:\WINDOWS\system32\services.exe => Datei ist digital signiert C:\WINDOWS\system32\User32.dll => Datei ist digital signiert C:\WINDOWS\system32\userinit.exe => Datei ist digital signiert C:\WINDOWS\system32\rpcss.dll => Datei ist digital signiert C:\WINDOWS\system32\dnsapi.dll => Datei ist digital signiert C:\WINDOWS\system32\Drivers\volsnap.sys => Datei ist digital signiert LastRegBack: 2015-10-22 20:59 ==================== Ende vom FRST.txt ============================ |
|
28.10.2015, 06:12
| #2 |
| /// the machine /// TB-Ausbilder    | WIN10 installiert, Rechner läuft sehr langsam und unter manchen Userkonten kein Mozilla möglich Hi,
__________________bitte noch die Addition.txt von FRST posten 
__________________ |
|
21.02.2016, 14:52
| #3 |
| | WIN10 installiert, Rechner läuft sehr langsam und unter manchen Userkonten kein Mozilla möglich Hallo Schrauber,
__________________dieses Thema hier habe ich Ende Oktober nicht weitergemacht. Kann ich hier bitte nochmals die FRST log files aktualisieren und reinposten? Oder sollte ich lieber ein neues Thema erstellen? Problem ist, daß Firefox unter einem der user-Accounts NICHT mehr funktioniert. Viele Grüße Rainer Hallo Schrauber, hier das FRSTlog: Code:
ATTFilter Untersuchungsergebnis von Farbar Recovery Scan Tool (FRST) (x86) Version:20-02-2016 durchgeführt von Romer (Administrator) auf ROMER-PC (21-02-2016 14:39:42) Gestartet von C:\Users\Romer\Downloads Geladene Profile: Romer & Conny & Felix (Verfügbare Profile: Romer & Rainer-User & Marie-Sophie & Conny & Felix) Platform: Microsoft Windows 10 Home (X86) Sprache: Deutsch (Deutschland) Internet Explorer Version 11 (Standard-Browser: FF) Start-Modus: Normal Anleitung für Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Prozesse (Nicht auf der Ausnahmeliste) ================= (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Prozess geschlossen. Die Datei wird nicht verschoben.) (AMD) C:\Windows\System32\atiesrxx.exe (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe (Malwarebytes) C:\Program Files\ Malwarebytes Anti-Malware \mbamscheduler.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe (Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe (Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX86\officeclicktorun.exe (McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\McA21C.tmp (McAfee, Inc.) C:\Program Files\Common Files\McAfee\CSP\1.8.203.0\McCSPServiceHost.exe (Intel Security, Inc.) C:\Program Files\Common Files\Intel Security\PEF\CORE\PEFService.exe (McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfemms.exe (McAfee, Inc.) C:\Windows\System32\mfevtps.exe (McAfee, Inc.) C:\Windows\System32\mfevtps.exe (McAfee, Inc.) C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe (McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe (McAfee, Inc.) C:\Program Files\McAfee\MSC\McAPExe.exe (McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe (McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe (McAfee, Inc.) C:\Program Files\McAfee\SiteAdvisor\McSACore.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe (Hewlett-Packard) C:\Program Files\Hewlett-Packard\OrderReminder\OrderReminder.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe (Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe (McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.11.292\SSScheduler.exe (McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\McUICnt.exe (Microsoft Corporation) C:\Windows\System32\InstallAgent.exe (Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe (Adobe Systems Incorporated) C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_15.1026.13580.0_x86__8wekyb3d8bbwe\Microsoft.Photos.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe (Hewlett-Packard) C:\Program Files\Hewlett-Packard\OrderReminder\OrderReminder.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe (Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe (© 2015 Microsoft Corporation) C:\Users\Romer\AppData\Local\Microsoft\BingSvc\BingSvc.exe (McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.11.292\SSScheduler.exe (Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe (McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\McUICnt.exe (Microsoft Corporation) C:\Windows\System32\InstallAgent.exe (Farbar) C:\Users\Romer\Downloads\FRST(6).exe ==================== Registry (Nicht auf der Ausnahmeliste) =========================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt. Die Datei wird nicht verschoben.) HKLM\...\Run: [OrderReminder] => C:\Program Files\Hewlett-Packard\OrderReminder\OrderReminder.exe [98304 2006-01-30] (Hewlett-Packard) HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [3527880 2015-06-12] (Synaptics Incorporated) HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [14476032 2015-10-01] (Realtek Semiconductor) HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [157456 2015-12-17] (Apple Inc.) HKU\S-1-5-21-734981412-4070128847-1335923988-1000\...\Run: [BingSvc] => C:\Users\Romer\AppData\Local\Microsoft\BingSvc\BingSvc.exe [144008 2016-01-01] (© 2015 Microsoft Corporation) HKU\S-1-5-21-734981412-4070128847-1335923988-1006\...\MountPoints2: {42b86a75-7d4e-11e5-a069-00235af6c96a} - "F:\autorun.exe" ShellIconOverlayIdentifiers: [ SkyDrivePro1 (ErrorConflict)] -> {8BA85C75-763B-4103-94EB-9470F12FE0F7} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2016-01-20] (Microsoft Corporation) ShellIconOverlayIdentifiers: [ SkyDrivePro2 (SyncInProgress)] -> {CD55129A-B1A1-438E-A425-CEBC7DC684EE} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2016-01-20] (Microsoft Corporation) ShellIconOverlayIdentifiers: [ SkyDrivePro3 (InSync)] -> {E768CD3B-BDDC-436D-9C13-E1B39CA257B1} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2016-01-20] (Microsoft Corporation) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk [2016-02-21] ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.11.292\SSScheduler.exe (McAfee, Inc.) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Winsol_Autostart.lnk [2015-04-27] ShortcutTarget: Winsol_Autostart.lnk -> C:\Program Files\Technische Alternative\Winsol\Winsol.exe (Technische Alternative GmbH) ==================== Internet (Nicht auf der Ausnahmeliste) ==================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Eintrag entfernt oder auf den Standardwert zurückgesetzt, wenn es sich um einen Registryeintrag handelt.) Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [122128 2015-08-12] (Apple Inc.) Hosts: 0.0.0.1 mssplus.mcafee.com Tcpip\Parameters: [DhcpNameServer] 192.168.178.1 Tcpip\..\Interfaces\{6adde083-e5fc-41cb-801f-39a50de40cd0}: [DhcpNameServer] 172.20.10.1 Tcpip\..\Interfaces\{83254866-51b2-4ded-a0f7-c4535522175c}: [DhcpNameServer] 172.20.10.1 Tcpip\..\Interfaces\{a38c698b-149f-4dd2-923b-45ce6fc69f88}: [DhcpNameServer] 192.168.178.1 Tcpip\..\Interfaces\{f1445627-88bd-4c5d-9eac-1dddce526762}: [DhcpNameServer] 192.168.178.1 Internet Explorer: ================== HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com HKU\S-1-5-21-734981412-4070128847-1335923988-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/?pc=SL5M&ocid=SL5MDHP&osmkt=de-de HKU\S-1-5-21-734981412-4070128847-1335923988-1006\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=TSEG&bmod=TSEG; HKU\S-1-5-21-734981412-4070128847-1335923988-1006\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com/ie HKU\S-1-5-21-734981412-4070128847-1335923988-1006\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank HKU\S-1-5-21-734981412-4070128847-1335923988-1007\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com/ig/redirectdomain?brand=TSEG&bmod=TSEG; SearchScopes: HKLM -> {38AEB7B3-42CC-4C33-9290-BEA08B6FE742} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSEG; SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-21-734981412-4070128847-1335923988-1000 -> {38AEB7B3-42CC-4C33-9290-BEA08B6FE742} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSEG; SearchScopes: HKU\S-1-5-21-734981412-4070128847-1335923988-1000 -> {3B68BF06-4CA1-4767-A738-3B271E28FA21} URL = hxxps://de.search.yahoo.com/search?fr=mcafee&type=B011DE642D20141004&p={SearchTerms} SearchScopes: HKU\S-1-5-21-734981412-4070128847-1335923988-1006 -> DefaultScope {AECE9ED2-CE7D-4026-8887-D88A4EE550D6} URL = hxxps://de.search.yahoo.com/search?fr=mcafee&type=C011DE642D20141221&p={searchTerms} SearchScopes: HKU\S-1-5-21-734981412-4070128847-1335923988-1006 -> F31624B0AF444080B7F139E05E41A758 URL = hxxp://isearch.avg.com/search?cid={72680FDB-E8CB-437D-AEE8-9F9D0761B89D}&mid=34d71d940f5847d1b30bd16a1c122099-aca251ad60a79a90d151588985182fee0518d1c3&lang=de&ds=tt014&pr=sa&d=2011-12-19 22:25:18&v=14.2.0.1&pid=avg&sg=&sap=dsp&q={searchTerms} SearchScopes: HKU\S-1-5-21-734981412-4070128847-1335923988-1006 -> {38AEB7B3-42CC-4C33-9290-BEA08B6FE742} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSEG; SearchScopes: HKU\S-1-5-21-734981412-4070128847-1335923988-1006 -> {70D46D94-BF1E-45ED-B567-48701376298E} URL = hxxp://127.0.0.1:4664/search&s=ZHvLVGGP9n6-ozM1JZTV7R9h9fY?q={searchTerms} SearchScopes: HKU\S-1-5-21-734981412-4070128847-1335923988-1006 -> {95B7759C-8C7F-4BF1-B163-73684A933233} URL = hxxp://isearch.avg.com/search?cid={72680FDB-E8CB-437D-AEE8-9F9D0761B89D}&mid=34d71d940f5847d1b30bd16a1c122099-aca251ad60a79a90d151588985182fee0518d1c3&lang=de&ds=tt014&pr=sa&d=2011-12-19 22:25:18&v=15.3.0.11&pid=avg&sg=0&sap=dsp&q={searchTerms} SearchScopes: HKU\S-1-5-21-734981412-4070128847-1335923988-1006 -> {AECE9ED2-CE7D-4026-8887-D88A4EE550D6} URL = hxxps://de.search.yahoo.com/search?fr=mcafee&type=C011DE642D20141221&p={searchTerms} SearchScopes: HKU\S-1-5-21-734981412-4070128847-1335923988-1006 -> {AFDBDDAA-5D3F-42EE-B79C-185A7020515B} URL = SearchScopes: HKU\S-1-5-21-734981412-4070128847-1335923988-1007 -> F31624B0AF444080B7F139E05E41A758 URL = hxxp://isearch.avg.com/search?cid={72680FDB-E8CB-437D-AEE8-9F9D0761B89D}&mid=34d71d940f5847d1b30bd16a1c122099-aca251ad60a79a90d151588985182fee0518d1c3&lang=de&ds=tt014&pr=sa&d=2011-12-19 22:25:18&v=14.2.0.1&pid=avg&sg=&sap=dsp&q={searchTerms} SearchScopes: HKU\S-1-5-21-734981412-4070128847-1335923988-1007 -> {38AEB7B3-42CC-4C33-9290-BEA08B6FE742} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSEG; SearchScopes: HKU\S-1-5-21-734981412-4070128847-1335923988-1007 -> {70D46D94-BF1E-45ED-B567-48701376298E} URL = hxxp://127.0.0.1:4664/search&s=--TPDnzbWu8LCOGM1VS2YYTq9fs?q={searchTerms} SearchScopes: HKU\S-1-5-21-734981412-4070128847-1335923988-1007 -> {AFDBDDAA-5D3F-42EE-B79C-185A7020515B} URL = BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\Office15\OCHelper.dll [2015-12-15] (Microsoft Corporation) BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2016-01-20] (Microsoft Corporation) Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll [2015-10-16] (McAfee, Inc.) Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2015-02-03] (Microsoft Corporation) Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll [2015-10-16] (McAfee, Inc.) Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\McAfee\MSC\McSnIePl.dll [2016-01-08] (McAfee, Inc.) FireFox: ======== FF ProfilePath: C:\Users\Romer\AppData\Roaming\Mozilla\Firefox\Profiles\ouma2d78.default FF SearchEngineOrder.3: Bing FF SelectedSearchEngine: Bing FF Homepage: hxxp://www.msn.com/?pc=SL5M&ocid=SL5MDHP&osmkt=de-de FF Keyword.URL: hxxp://www.bing.com/search?FORM=SL5MDF&PC=SL5M&q= FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32_20_0_0_306.dll [2016-02-09] () FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll [2015-10-14] () FF Plugin: @mcafee.com/MSC,version=10 -> c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL [2016-01-08] () FF Plugin: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2015-11-03] (Microsoft Corporation) FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-11] ( Microsoft Corporation) FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2014-12-26] (Microsoft Corporation) FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-09-30] (Adobe Systems Inc.) FF SearchPlugin: C:\Users\Romer\AppData\Roaming\Mozilla\Firefox\Profiles\ouma2d78.default\searchplugins\bing-.xml [2016-01-01] FF SearchPlugin: C:\Users\Romer\AppData\Roaming\Mozilla\Firefox\Profiles\ouma2d78.default\searchplugins\McSiteAdvisor.xml [2016-02-21] FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\McSiteAdvisor.xml [2015-08-09] FF Extension: McAfee WebAdvisor - C:\Program Files\McAfee\SiteAdvisor\saffplg.xpi [2015-12-16] FF Extension: Bing Search - C:\Users\Romer\AppData\Roaming\Mozilla\Firefox\Profiles\ouma2d78.default\Extensions\bingsearch.full@microsoft.com.xpi [2016-01-01] FF Extension: Adblock Plus - C:\Users\Romer\AppData\Roaming\Mozilla\Firefox\Profiles\ouma2d78.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2016-02-21] FF HKLM\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files\McAfee\SiteAdvisor\saffplg.xpi FF HKLM\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK FF Extension: McAfee Anti-Spam Thunderbird Extension - C:\Program Files\McAfee\MSK [2016-01-20] [ist nicht signiert] FF HKU\S-1-5-21-734981412-4070128847-1335923988-1000\...\Firefox\Extensions: [{e4f94d1e-2f53-401e-8885-681602c0ddd8}] - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi => nicht gefunden FF HKU\S-1-5-21-734981412-4070128847-1335923988-1007\...\Firefox\Extensions: [{e4f94d1e-2f53-401e-8885-681602c0ddd8}] - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi => nicht gefunden FF ExtraCheck: C:\Program Files\mozilla firefox\defaults\pref\itms.js [2015-11-16] Chrome: ======= CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files\McAfee\SiteAdvisor\McChPlg.crx [2015-10-16] ==================== Dienste (Nicht auf der Ausnahmeliste) ======================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.) S2 0140461446397186mcinstcleanup; C:\WINDOWS\TEMP\014046~1.EXE [918056 2015-11-27] (McAfee, Inc.) R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX86\OfficeClickToRun.exe [1887928 2015-12-22] (Microsoft Corporation) R2 HomeNetSvc; C:\Program Files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe [378336 2016-01-03] (McAfee, Inc.) R2 MBAMScheduler; C:\Program Files\ Malwarebytes Anti-Malware \mbamscheduler.exe [1513784 2015-10-05] (Malwarebytes) S2 MBAMService; C:\Program Files\ Malwarebytes Anti-Malware \mbamservice.exe [1135416 2015-10-05] (Malwarebytes) R2 McAfee SiteAdvisor Service; C:\Program Files\McAfee\SiteAdvisor\McSACore.exe [134208 2015-10-16] (McAfee, Inc.) R2 McAPExe; C:\Program Files\McAfee\MSC\McAPExe.exe [771808 2016-01-08] (McAfee, Inc.) R2 McBootDelayStartSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [378336 2016-01-03] (McAfee, Inc.) S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.11.292\McCHSvc.exe [239880 2016-02-05] (McAfee, Inc.) R2 mccspsvc; C:\Program Files\Common Files\McAfee\CSP\1.8.203.0\McCSPServiceHost.exe [1251264 2015-12-02] (McAfee, Inc.) R2 McMPFSvc; C:\Program Files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe [378336 2016-01-03] (McAfee, Inc.) R2 McNaiAnn; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [378336 2016-01-03] (McAfee, Inc.) S3 McODS; C:\Program Files\McAfee\VirusScan\mcods.exe [533872 2016-01-08] (McAfee, Inc.) R2 mcpltsvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [378336 2016-01-03] (McAfee, Inc.) R2 McProxy; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [378336 2016-01-03] (McAfee, Inc.) R3 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [198136 2015-11-18] (McAfee, Inc.) R2 mfemms; C:\Program Files\Common Files\McAfee\SystemCore\\mfemms.exe [341768 2016-01-04] (McAfee, Inc.) R2 mfevtp; C:\Windows\system32\mfevtps.exe [263520 2015-11-18] (McAfee, Inc.) R2 MSK80Service; C:\Program Files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe [378336 2016-01-03] (McAfee, Inc.) R2 PEFService; C:\Program Files\Common Files\Intel Security\PEF\CORE\PEFService.exe [743968 2015-12-14] (Intel Security, Inc.) R2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [216776 2015-06-12] (Synaptics Incorporated) S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [277760 2015-07-10] (Microsoft Corporation) S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23264 2015-07-10] (Microsoft Corporation) ===================== Treiber (Nicht auf der Ausnahmeliste) ========================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.) R3 cfwids; C:\WINDOWS\System32\drivers\cfwids.sys [72560 2015-11-25] (McAfee, Inc.) S3 HipShieldK; C:\WINDOWS\System32\drivers\HipShieldK.sys [157288 2015-05-19] (McAfee, Inc.) R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [23256 2015-10-05] (Malwarebytes) S3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [51928 2015-10-05] (Malwarebytes Corporation) R3 mfeaack; C:\WINDOWS\System32\drivers\mfeaack.sys [321768 2015-11-25] (McAfee, Inc.) R3 mfeavfk; C:\WINDOWS\System32\drivers\mfeavfk.sys [272840 2015-11-25] (McAfee, Inc.) S0 mfeelamk; C:\WINDOWS\System32\drivers\mfeelamk.sys [72344 2015-11-25] (McAfee, Inc.) R3 mfefirek; C:\WINDOWS\System32\drivers\mfefirek.sys [382032 2015-11-25] (McAfee, Inc.) R0 mfehidk; C:\WINDOWS\System32\drivers\mfehidk.sys [650904 2015-11-25] (McAfee, Inc.) R3 mfencbdc; C:\WINDOWS\System32\DRIVERS\mfencbdc.sys [426464 2015-11-20] (McAfee, Inc.) S3 mfencrk; C:\WINDOWS\System32\DRIVERS\mfencrk.sys [89552 2015-11-20] (McAfee, Inc.) R3 mfesapsn; C:\Program Files\McAfee\SiteAdvisor\mfesapsn.sys [32816 2015-10-16] (McAfee, Inc.) R0 mfewfpk; C:\WINDOWS\System32\drivers\mfewfpk.sys [200800 2015-11-25] (McAfee, Inc.) R3 rt640x86; C:\WINDOWS\System32\drivers\rt640x86.sys [492032 2015-07-10] (Realtek ) R3 SmbDrvI; C:\WINDOWS\system32\DRIVERS\Smb_driver_Intel.sys [35528 2015-06-12] (Synaptics Incorporated) R3 Thotkey; C:\WINDOWS\System32\drivers\Thotkey.sys [41584 2015-10-01] (Toshiba Corporation) S3 UdeCx; C:\WINDOWS\System32\drivers\udecx.sys [31744 2015-07-10] () S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [37400 2015-07-10] (Microsoft Corporation) S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [245600 2015-07-10] (Microsoft Corporation) S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [97632 2015-07-10] (Microsoft Corporation) S3 WUDFWpdMtp; C:\WINDOWS\system32\DRIVERS\WUDFRd.sys [161792 2015-07-10] (Microsoft Corporation) U3 idsvc; kein ImagePath U3 mfeaack01; kein ImagePath U3 mfeavfk01; kein ImagePath U3 mfeavfk02; kein ImagePath U3 mfehidk01; kein ImagePath U3 mfehidk02; kein ImagePath S3 wfpcapture; \SystemRoot\System32\drivers\wfpcapture.sys [X] U3 wpcsvc; kein ImagePath ==================== NetSvcs (Nicht auf der Ausnahmeliste) =================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.) ==================== Ein Monat: Erstellte Dateien und Ordner ======== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.) 2016-02-21 14:38 - 2016-02-21 14:39 - 01722368 _____ (Farbar) C:\Users\Romer\Downloads\FRST(6).exe 2016-02-21 14:23 - 2016-02-21 14:23 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee 2016-02-21 14:18 - 2016-02-21 14:18 - 00016148 _____ C:\WINDOWS\system32\ROMER-PC_Romer_HistoryPrediction.bin 2016-02-21 14:18 - 2016-02-21 14:18 - 00016148 _____ C:\WINDOWS\system32\ROMER-PC_Conny_HistoryPrediction.bin 2016-02-21 12:42 - 2016-02-21 12:42 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus 2016-02-16 20:17 - 2016-02-16 20:17 - 00000000 ____D C:\WINDOWS\LastGood 2016-02-13 17:58 - 2016-02-13 17:58 - 00000000 ____D C:\Program Files\Mozilla Firefox 2016-02-12 00:16 - 2016-02-12 00:16 - 00016148 _____ C:\WINDOWS\system32\ROMER-PC_Rainer-User_HistoryPrediction.bin 2016-02-09 23:02 - 2016-02-09 23:02 - 00095090 _____ C:\Users\Rainer-User\Downloads\Kontoauszug_DE39_6009_0800_0003_9044_49_Nr_1_2016-01-31.pdf 2016-02-05 22:35 - 2016-02-05 22:35 - 00217082 _____ C:\Users\Rainer-User\Downloads\Mieterselbstauskunft.pdf 2016-02-03 21:10 - 2015-10-16 04:10 - 00810488 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe 2016-02-03 21:10 - 2015-10-16 04:10 - 00176632 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl 2016-02-03 10:16 - 2016-02-03 10:16 - 00016148 _____ C:\WINDOWS\system32\ROMER-PC_Marie-Sophie_HistoryPrediction.bin 2016-02-02 20:23 - 2016-02-02 20:23 - 00016183 _____ C:\Users\Marie-Sophie\Downloads\Lebenslauf BOGY.odt 2016-02-02 16:18 - 2016-02-02 16:18 - 00016148 _____ C:\WINDOWS\system32\ROMER-PC_Felix_HistoryPrediction.bin 2016-02-01 20:17 - 2016-02-01 20:17 - 00000000 ____D C:\Users\Conny\Tracing 2016-01-30 23:55 - 2016-01-30 23:56 - 04132023 _____ C:\Users\Rainer-User\Downloads\ratgeber-fuer-bienenfreunde.pdf 2016-01-29 18:31 - 2016-01-29 18:31 - 02257582 _____ C:\Users\Rainer-User\Downloads\sammeldownload_20160129_183115.zip 2016-01-29 18:26 - 2016-01-29 18:26 - 00085740 _____ C:\Users\Rainer-User\Downloads\Kontoauszug_DE19_6009_0800_0003_9044_21_Nr_11_2015-12-31.pdf 2016-01-29 18:26 - 2016-01-29 18:26 - 00085740 _____ C:\Users\Rainer-User\Downloads\Kontoauszug_DE19_6009_0800_0003_9044_21_Nr_11_2015-12-31(1).pdf 2016-01-29 18:26 - 2016-01-29 18:26 - 00083731 _____ C:\Users\Rainer-User\Downloads\Kontoauszug_DE78_6009_0800_3003_9044_21_Nr_5_2015-12-31.pdf 2016-01-29 18:26 - 2016-01-29 18:26 - 00083459 _____ C:\Users\Rainer-User\Downloads\Kontoauszug_DE63_6009_0800_0103_9044_21_Nr_9_2015-12-31.pdf 2016-01-29 18:26 - 2016-01-29 18:26 - 00083335 _____ C:\Users\Rainer-User\Downloads\Kontoauszug_DE46_6009_0800_0373_9044_21_Nr_2_2015-12-31.pdf 2016-01-29 18:26 - 2016-01-29 18:26 - 00083332 _____ C:\Users\Rainer-User\Downloads\Kontoauszug_DE55_6009_0800_0173_9044_21_Nr_2_2015-12-31.pdf 2016-01-29 18:26 - 2016-01-29 18:26 - 00083322 _____ C:\Users\Rainer-User\Downloads\Kontoauszug_DE37_6009_0800_0573_9044_21_Nr_2_2015-12-31.pdf 2016-01-29 18:26 - 2016-01-29 18:26 - 00083285 _____ C:\Users\Rainer-User\Downloads\Kontoauszug_DE81_6009_0800_0673_9044_21_Nr_2_2015-12-31.pdf 2016-01-29 18:04 - 2016-01-29 18:04 - 00108387 _____ C:\Users\Rainer-User\Downloads\Mitteilung_DE39_6009_0800_0003_9044_49_Nr_16_2016-01-01.pdf 2016-01-29 18:04 - 2016-01-29 18:04 - 00108386 _____ C:\Users\Rainer-User\Downloads\Mitteilung_DE39_6009_0800_0003_9044_49_Nr_17_2016-01-01.pdf 2016-01-29 18:04 - 2016-01-29 18:04 - 00108377 _____ C:\Users\Rainer-User\Downloads\Mitteilung_DE39_6009_0800_0003_9044_49_Nr_15_2016-01-01.pdf 2016-01-29 18:04 - 2016-01-29 18:04 - 00105868 _____ C:\Users\Rainer-User\Downloads\Mitteilung_DE39_6009_0800_0003_9044_49_Nr_18_2016-01-01.pdf 2016-01-29 18:04 - 2016-01-29 18:04 - 00103315 _____ C:\Users\Rainer-User\Downloads\Mitteilung_DE45_6009_0800_3103_9044_49_Nr_3_2016-01-01.pdf 2016-01-29 18:04 - 2016-01-29 18:04 - 00097426 _____ C:\Users\Rainer-User\Downloads\Kontoauszug_DE39_6009_0800_0003_9044_49_Nr_9_2015-12-31.pdf 2016-01-29 18:04 - 2016-01-29 18:04 - 00083844 _____ C:\Users\Rainer-User\Downloads\Kontoauszug_DE45_6009_0800_3103_9044_49_Nr_7_2015-12-31.pdf 2016-01-29 18:04 - 2016-01-29 18:04 - 00083672 _____ C:\Users\Rainer-User\Downloads\Kontoauszug_DE31_6009_0800_0073_9044_49_Nr_2_2015-12-31.pdf 2016-01-29 18:03 - 2016-02-01 20:15 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype 2016-01-29 18:03 - 2016-01-29 18:03 - 00000000 ___RD C:\Program Files\Skype 2016-01-29 18:03 - 2016-01-29 18:03 - 00000000 ____D C:\Program Files\Common Files\Skype 2016-01-29 18:02 - 2016-01-29 18:02 - 00001889 _____ C:\Users\Public\Desktop\QuickTime Player.lnk 2016-01-29 18:02 - 2016-01-29 18:02 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime 2016-01-29 18:01 - 2016-01-29 18:02 - 00000000 ____D C:\Program Files\QuickTime 2016-01-25 22:55 - 2016-01-25 22:55 - 00154547 _____ C:\Users\Rainer-User\Downloads\564494.pdf 2016-01-25 22:16 - 2016-01-25 22:16 - 00728641 _____ C:\Users\Rainer-User\Downloads\5 Benachrichtigungen.htm ==================== Ein Monat: Geänderte Dateien und Ordner ======== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.) 2016-02-21 14:39 - 2014-08-10 21:03 - 00020792 _____ C:\Users\Romer\Downloads\FRST.txt 2016-02-21 14:39 - 2013-11-10 23:10 - 00000000 ____D C:\FRST 2016-02-21 14:32 - 2015-07-10 09:28 - 00000000 ___HD C:\Program Files\WindowsApps 2016-02-21 14:32 - 2015-07-10 09:28 - 00000000 ____D C:\WINDOWS\AppReadiness 2016-02-21 14:20 - 2014-12-27 01:49 - 00000884 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job 2016-02-21 12:42 - 2015-11-15 09:21 - 00000000 ____D C:\Program Files\McAfee Security Scan 2016-02-21 12:42 - 2014-12-27 01:46 - 00002123 _____ C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk 2016-02-20 17:34 - 2015-07-10 07:59 - 00032768 ___SH C:\WINDOWS\system32\config\ELAM 2016-02-16 20:18 - 2015-11-01 17:57 - 00192944 _____ (DEVGURU Co., LTD.(www.devguru.co.kr)) C:\WINDOWS\system32\Drivers\ssudmdm.sys 2016-02-16 20:18 - 2015-07-10 09:27 - 00000000 ____D C:\WINDOWS\INF 2016-02-16 20:17 - 2015-11-01 17:52 - 00101040 _____ (DEVGURU Co., LTD.(www.devguru.co.kr)) C:\WINDOWS\system32\Drivers\ssudbus.sys 2016-02-11 23:56 - 2014-12-27 18:18 - 00000000 ____D C:\Users\Romer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR 2016-02-11 23:56 - 2014-12-27 18:18 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR 2016-02-11 23:56 - 2014-12-27 18:18 - 00000000 ____D C:\Program Files\WinRAR 2016-02-11 23:47 - 2015-10-01 21:01 - 00000000 ____D C:\Users\Rainer-User 2016-02-11 23:47 - 2015-03-12 19:17 - 1272570880 _____ C:\Users\Rainer-User\Rainer-User Outlook-Datendatei(1).pst 2016-02-11 19:06 - 2015-08-07 10:20 - 00000000 ____D C:\Users\Conny\AppData\Roaming\Skype 2016-02-11 00:09 - 2015-10-01 21:47 - 00000000 ____D C:\Users\Rainer-User\AppData\Local\Packages 2016-02-09 21:45 - 2015-07-10 09:20 - 00000000 ____D C:\WINDOWS\CbsTemp 2016-02-06 00:36 - 2015-01-04 19:17 - 00000000 ____D C:\Users\Romer\AppData\Local\ElevatedDiagnostics 2016-02-05 22:19 - 2015-10-01 21:52 - 00002443 _____ C:\Users\Rainer-User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk 2016-02-05 22:19 - 2015-10-01 21:52 - 00000000 ___RD C:\Users\Rainer-User\OneDrive 2016-02-05 12:54 - 2015-10-01 21:42 - 00002425 _____ C:\Users\Conny\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk 2016-02-05 12:54 - 2015-10-01 21:42 - 00000000 ___RD C:\Users\Conny\OneDrive 2016-02-03 21:27 - 2016-01-01 21:42 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight 2016-02-03 21:26 - 2016-01-01 21:42 - 00000000 ____D C:\Program Files\Microsoft Silverlight 2016-02-03 21:25 - 2014-12-21 22:06 - 00000000 ____D C:\WINDOWS\system32\MRT 2016-02-03 21:19 - 2014-12-21 22:06 - 141317472 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe 2016-02-02 22:42 - 2015-10-01 21:00 - 02030034 _____ C:\WINDOWS\system32\PerfStringBackup.INI 2016-02-02 22:42 - 2015-09-10 05:02 - 00867140 _____ C:\WINDOWS\system32\perfh007.dat 2016-02-02 22:42 - 2015-09-10 05:02 - 00188378 _____ C:\WINDOWS\system32\perfc007.dat 2016-02-02 20:24 - 2015-10-22 20:19 - 00000000 ____D C:\Users\Marie-Sophie\AppData\Local\Packages 2016-02-01 20:17 - 2015-10-01 21:01 - 00000000 ____D C:\Users\Conny 2016-02-01 20:15 - 2015-09-19 17:11 - 00002630 _____ C:\Users\Public\Desktop\Skype.lnk 2016-02-01 20:15 - 2015-08-07 10:20 - 00000000 ____D C:\Users\Conny\AppData\Local\Skype 2016-02-01 20:15 - 2015-01-04 19:11 - 00000000 ____D C:\ProgramData\Skype 2016-01-29 18:03 - 2015-01-04 20:14 - 00000000 ____D C:\Users\Rainer-User\AppData\Roaming\Skype 2016-01-29 18:03 - 2015-01-04 19:12 - 00000000 ____D C:\Users\Romer\AppData\Local\Skype ==================== Dateien im Wurzelverzeichnis einiger Verzeichnisse ======= 2015-10-01 21:39 - 2015-10-01 21:39 - 0000000 ____H () C:\ProgramData\DP45977C.lfl Einige Dateien in TEMP: ==================== C:\Users\Romer\AppData\Local\Temp\BingSvc.exe C:\Users\Romer\AppData\Local\Temp\BSvcProcessor.exe C:\Users\Romer\AppData\Local\Temp\BSvcUpdater.exe C:\Users\Romer\AppData\Local\Temp\DefaultPack.EXE ==================== Bamital & volsnap ================= (Es ist kein automatischer Fix für Dateien vorhanden, die an der Verifikation gescheitert sind.) C:\WINDOWS\explorer.exe => Datei ist digital signiert C:\WINDOWS\system32\winlogon.exe => Datei ist digital signiert C:\WINDOWS\system32\wininit.exe => Datei ist digital signiert C:\WINDOWS\system32\svchost.exe => Datei ist digital signiert C:\WINDOWS\system32\services.exe => Datei ist digital signiert C:\WINDOWS\system32\User32.dll => Datei ist digital signiert C:\WINDOWS\system32\userinit.exe => Datei ist digital signiert C:\WINDOWS\system32\rpcss.dll => Datei ist digital signiert C:\WINDOWS\system32\dnsapi.dll => Datei ist digital signiert C:\WINDOWS\system32\Drivers\volsnap.sys => Datei ist digital signiert LastRegBack: 2016-02-21 13:41 ==================== Ende vom FRST.txt ============================ Rainer Hallo Schrauber, hier nochmal die FRST-Txt mit angekreuztem Addition-TXT-Fenster: Code:
ATTFilter Untersuchungsergebnis von Farbar Recovery Scan Tool (FRST) (x86) Version:20-02-2016 durchgeführt von Romer (Administrator) auf ROMER-PC (21-02-2016 14:46:10) Gestartet von C:\Users\Romer\Downloads Geladene Profile: Romer & Conny & Felix (Verfügbare Profile: Romer & Rainer-User & Marie-Sophie & Conny & Felix) Platform: Microsoft Windows 10 Home (X86) Sprache: Deutsch (Deutschland) Internet Explorer Version 11 (Standard-Browser: FF) Start-Modus: Normal Anleitung für Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Prozesse (Nicht auf der Ausnahmeliste) ================= (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Prozess geschlossen. Die Datei wird nicht verschoben.) (AMD) C:\Windows\System32\atiesrxx.exe (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe (Malwarebytes) C:\Program Files\ Malwarebytes Anti-Malware \mbamscheduler.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe (Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe (Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX86\officeclicktorun.exe (McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\McA21C.tmp (McAfee, Inc.) C:\Program Files\Common Files\McAfee\CSP\1.8.203.0\McCSPServiceHost.exe (Intel Security, Inc.) C:\Program Files\Common Files\Intel Security\PEF\CORE\PEFService.exe (McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfemms.exe (McAfee, Inc.) C:\Windows\System32\mfevtps.exe (McAfee, Inc.) C:\Windows\System32\mfevtps.exe (McAfee, Inc.) C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe (McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe (McAfee, Inc.) C:\Program Files\McAfee\MSC\McAPExe.exe (McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe (McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe (McAfee, Inc.) C:\Program Files\McAfee\SiteAdvisor\McSACore.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe (Hewlett-Packard) C:\Program Files\Hewlett-Packard\OrderReminder\OrderReminder.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe (Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe (McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.11.292\SSScheduler.exe (McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\McUICnt.exe (Microsoft Corporation) C:\Windows\System32\InstallAgent.exe (Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe (Adobe Systems Incorporated) C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_15.1026.13580.0_x86__8wekyb3d8bbwe\Microsoft.Photos.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe (Hewlett-Packard) C:\Program Files\Hewlett-Packard\OrderReminder\OrderReminder.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe (Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe (© 2015 Microsoft Corporation) C:\Users\Romer\AppData\Local\Microsoft\BingSvc\BingSvc.exe (McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.11.292\SSScheduler.exe (Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe (McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\McUICnt.exe (Microsoft Corporation) C:\Windows\System32\InstallAgent.exe (Farbar) C:\Users\Romer\Downloads\FRST(6).exe ==================== Registry (Nicht auf der Ausnahmeliste) =========================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt. Die Datei wird nicht verschoben.) HKLM\...\Run: [OrderReminder] => C:\Program Files\Hewlett-Packard\OrderReminder\OrderReminder.exe [98304 2006-01-30] (Hewlett-Packard) HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [3527880 2015-06-12] (Synaptics Incorporated) HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [14476032 2015-10-01] (Realtek Semiconductor) HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [157456 2015-12-17] (Apple Inc.) HKU\S-1-5-21-734981412-4070128847-1335923988-1000\...\Run: [BingSvc] => C:\Users\Romer\AppData\Local\Microsoft\BingSvc\BingSvc.exe [144008 2016-01-01] (© 2015 Microsoft Corporation) HKU\S-1-5-21-734981412-4070128847-1335923988-1006\...\MountPoints2: {42b86a75-7d4e-11e5-a069-00235af6c96a} - "F:\autorun.exe" ShellIconOverlayIdentifiers: [ SkyDrivePro1 (ErrorConflict)] -> {8BA85C75-763B-4103-94EB-9470F12FE0F7} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2016-01-20] (Microsoft Corporation) ShellIconOverlayIdentifiers: [ SkyDrivePro2 (SyncInProgress)] -> {CD55129A-B1A1-438E-A425-CEBC7DC684EE} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2016-01-20] (Microsoft Corporation) ShellIconOverlayIdentifiers: [ SkyDrivePro3 (InSync)] -> {E768CD3B-BDDC-436D-9C13-E1B39CA257B1} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2016-01-20] (Microsoft Corporation) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk [2016-02-21] ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.11.292\SSScheduler.exe (McAfee, Inc.) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Winsol_Autostart.lnk [2015-04-27] ShortcutTarget: Winsol_Autostart.lnk -> C:\Program Files\Technische Alternative\Winsol\Winsol.exe (Technische Alternative GmbH) ==================== Internet (Nicht auf der Ausnahmeliste) ==================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Eintrag entfernt oder auf den Standardwert zurückgesetzt, wenn es sich um einen Registryeintrag handelt.) Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [122128 2015-08-12] (Apple Inc.) Hosts: 0.0.0.1 mssplus.mcafee.com Tcpip\Parameters: [DhcpNameServer] 192.168.178.1 Tcpip\..\Interfaces\{6adde083-e5fc-41cb-801f-39a50de40cd0}: [DhcpNameServer] 172.20.10.1 Tcpip\..\Interfaces\{83254866-51b2-4ded-a0f7-c4535522175c}: [DhcpNameServer] 172.20.10.1 Tcpip\..\Interfaces\{a38c698b-149f-4dd2-923b-45ce6fc69f88}: [DhcpNameServer] 192.168.178.1 Tcpip\..\Interfaces\{f1445627-88bd-4c5d-9eac-1dddce526762}: [DhcpNameServer] 192.168.178.1 Internet Explorer: ================== HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com HKU\S-1-5-21-734981412-4070128847-1335923988-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/?pc=SL5M&ocid=SL5MDHP&osmkt=de-de HKU\S-1-5-21-734981412-4070128847-1335923988-1006\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=TSEG&bmod=TSEG; HKU\S-1-5-21-734981412-4070128847-1335923988-1006\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com/ie HKU\S-1-5-21-734981412-4070128847-1335923988-1006\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank HKU\S-1-5-21-734981412-4070128847-1335923988-1007\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com/ig/redirectdomain?brand=TSEG&bmod=TSEG; SearchScopes: HKLM -> {38AEB7B3-42CC-4C33-9290-BEA08B6FE742} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSEG; SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-21-734981412-4070128847-1335923988-1000 -> {38AEB7B3-42CC-4C33-9290-BEA08B6FE742} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSEG; SearchScopes: HKU\S-1-5-21-734981412-4070128847-1335923988-1000 -> {3B68BF06-4CA1-4767-A738-3B271E28FA21} URL = hxxps://de.search.yahoo.com/search?fr=mcafee&type=B011DE642D20141004&p={SearchTerms} SearchScopes: HKU\S-1-5-21-734981412-4070128847-1335923988-1006 -> DefaultScope {AECE9ED2-CE7D-4026-8887-D88A4EE550D6} URL = hxxps://de.search.yahoo.com/search?fr=mcafee&type=C011DE642D20141221&p={searchTerms} SearchScopes: HKU\S-1-5-21-734981412-4070128847-1335923988-1006 -> F31624B0AF444080B7F139E05E41A758 URL = hxxp://isearch.avg.com/search?cid={72680FDB-E8CB-437D-AEE8-9F9D0761B89D}&mid=34d71d940f5847d1b30bd16a1c122099-aca251ad60a79a90d151588985182fee0518d1c3&lang=de&ds=tt014&pr=sa&d=2011-12-19 22:25:18&v=14.2.0.1&pid=avg&sg=&sap=dsp&q={searchTerms} SearchScopes: HKU\S-1-5-21-734981412-4070128847-1335923988-1006 -> {38AEB7B3-42CC-4C33-9290-BEA08B6FE742} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSEG; SearchScopes: HKU\S-1-5-21-734981412-4070128847-1335923988-1006 -> {70D46D94-BF1E-45ED-B567-48701376298E} URL = hxxp://127.0.0.1:4664/search&s=ZHvLVGGP9n6-ozM1JZTV7R9h9fY?q={searchTerms} SearchScopes: HKU\S-1-5-21-734981412-4070128847-1335923988-1006 -> {95B7759C-8C7F-4BF1-B163-73684A933233} URL = hxxp://isearch.avg.com/search?cid={72680FDB-E8CB-437D-AEE8-9F9D0761B89D}&mid=34d71d940f5847d1b30bd16a1c122099-aca251ad60a79a90d151588985182fee0518d1c3&lang=de&ds=tt014&pr=sa&d=2011-12-19 22:25:18&v=15.3.0.11&pid=avg&sg=0&sap=dsp&q={searchTerms} SearchScopes: HKU\S-1-5-21-734981412-4070128847-1335923988-1006 -> {AECE9ED2-CE7D-4026-8887-D88A4EE550D6} URL = hxxps://de.search.yahoo.com/search?fr=mcafee&type=C011DE642D20141221&p={searchTerms} SearchScopes: HKU\S-1-5-21-734981412-4070128847-1335923988-1006 -> {AFDBDDAA-5D3F-42EE-B79C-185A7020515B} URL = SearchScopes: HKU\S-1-5-21-734981412-4070128847-1335923988-1007 -> F31624B0AF444080B7F139E05E41A758 URL = hxxp://isearch.avg.com/search?cid={72680FDB-E8CB-437D-AEE8-9F9D0761B89D}&mid=34d71d940f5847d1b30bd16a1c122099-aca251ad60a79a90d151588985182fee0518d1c3&lang=de&ds=tt014&pr=sa&d=2011-12-19 22:25:18&v=14.2.0.1&pid=avg&sg=&sap=dsp&q={searchTerms} SearchScopes: HKU\S-1-5-21-734981412-4070128847-1335923988-1007 -> {38AEB7B3-42CC-4C33-9290-BEA08B6FE742} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSEG; SearchScopes: HKU\S-1-5-21-734981412-4070128847-1335923988-1007 -> {70D46D94-BF1E-45ED-B567-48701376298E} URL = hxxp://127.0.0.1:4664/search&s=--TPDnzbWu8LCOGM1VS2YYTq9fs?q={searchTerms} SearchScopes: HKU\S-1-5-21-734981412-4070128847-1335923988-1007 -> {AFDBDDAA-5D3F-42EE-B79C-185A7020515B} URL = BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\Office15\OCHelper.dll [2015-12-15] (Microsoft Corporation) BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2016-01-20] (Microsoft Corporation) Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll [2015-10-16] (McAfee, Inc.) Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2015-02-03] (Microsoft Corporation) Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll [2015-10-16] (McAfee, Inc.) Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\McAfee\MSC\McSnIePl.dll [2016-01-08] (McAfee, Inc.) FireFox: ======== FF ProfilePath: C:\Users\Romer\AppData\Roaming\Mozilla\Firefox\Profiles\ouma2d78.default FF SearchEngineOrder.3: Bing FF SelectedSearchEngine: Bing FF Homepage: hxxp://www.msn.com/?pc=SL5M&ocid=SL5MDHP&osmkt=de-de FF Keyword.URL: hxxp://www.bing.com/search?FORM=SL5MDF&PC=SL5M&q= FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32_20_0_0_306.dll [2016-02-09] () FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll [2015-10-14] () FF Plugin: @mcafee.com/MSC,version=10 -> c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL [2016-01-08] () FF Plugin: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2015-11-03] (Microsoft Corporation) FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-11] ( Microsoft Corporation) FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2014-12-26] (Microsoft Corporation) FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-09-30] (Adobe Systems Inc.) FF SearchPlugin: C:\Users\Romer\AppData\Roaming\Mozilla\Firefox\Profiles\ouma2d78.default\searchplugins\bing-.xml [2016-01-01] FF SearchPlugin: C:\Users\Romer\AppData\Roaming\Mozilla\Firefox\Profiles\ouma2d78.default\searchplugins\McSiteAdvisor.xml [2016-02-21] FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\McSiteAdvisor.xml [2015-08-09] FF Extension: McAfee WebAdvisor - C:\Program Files\McAfee\SiteAdvisor\saffplg.xpi [2015-12-16] FF Extension: Bing Search - C:\Users\Romer\AppData\Roaming\Mozilla\Firefox\Profiles\ouma2d78.default\Extensions\bingsearch.full@microsoft.com.xpi [2016-01-01] FF Extension: Adblock Plus - C:\Users\Romer\AppData\Roaming\Mozilla\Firefox\Profiles\ouma2d78.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2016-02-21] FF HKLM\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files\McAfee\SiteAdvisor\saffplg.xpi FF HKLM\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK FF Extension: McAfee Anti-Spam Thunderbird Extension - C:\Program Files\McAfee\MSK [2016-01-20] [ist nicht signiert] FF HKU\S-1-5-21-734981412-4070128847-1335923988-1000\...\Firefox\Extensions: [{e4f94d1e-2f53-401e-8885-681602c0ddd8}] - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi => nicht gefunden FF HKU\S-1-5-21-734981412-4070128847-1335923988-1007\...\Firefox\Extensions: [{e4f94d1e-2f53-401e-8885-681602c0ddd8}] - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi => nicht gefunden FF ExtraCheck: C:\Program Files\mozilla firefox\defaults\pref\itms.js [2015-11-16] Chrome: ======= CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files\McAfee\SiteAdvisor\McChPlg.crx [2015-10-16] ==================== Dienste (Nicht auf der Ausnahmeliste) ======================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.) S2 0140461446397186mcinstcleanup; C:\WINDOWS\TEMP\014046~1.EXE [918056 2015-11-27] (McAfee, Inc.) R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX86\OfficeClickToRun.exe [1887928 2015-12-22] (Microsoft Corporation) R2 HomeNetSvc; C:\Program Files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe [378336 2016-01-03] (McAfee, Inc.) R2 MBAMScheduler; C:\Program Files\ Malwarebytes Anti-Malware \mbamscheduler.exe [1513784 2015-10-05] (Malwarebytes) S2 MBAMService; C:\Program Files\ Malwarebytes Anti-Malware \mbamservice.exe [1135416 2015-10-05] (Malwarebytes) R2 McAfee SiteAdvisor Service; C:\Program Files\McAfee\SiteAdvisor\McSACore.exe [134208 2015-10-16] (McAfee, Inc.) R2 McAPExe; C:\Program Files\McAfee\MSC\McAPExe.exe [771808 2016-01-08] (McAfee, Inc.) R2 McBootDelayStartSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [378336 2016-01-03] (McAfee, Inc.) S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.11.292\McCHSvc.exe [239880 2016-02-05] (McAfee, Inc.) R2 mccspsvc; C:\Program Files\Common Files\McAfee\CSP\1.8.203.0\McCSPServiceHost.exe [1251264 2015-12-02] (McAfee, Inc.) R2 McMPFSvc; C:\Program Files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe [378336 2016-01-03] (McAfee, Inc.) R2 McNaiAnn; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [378336 2016-01-03] (McAfee, Inc.) S3 McODS; C:\Program Files\McAfee\VirusScan\mcods.exe [533872 2016-01-08] (McAfee, Inc.) R2 mcpltsvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [378336 2016-01-03] (McAfee, Inc.) R2 McProxy; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [378336 2016-01-03] (McAfee, Inc.) R3 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [198136 2015-11-18] (McAfee, Inc.) R2 mfemms; C:\Program Files\Common Files\McAfee\SystemCore\\mfemms.exe [341768 2016-01-04] (McAfee, Inc.) R2 mfevtp; C:\Windows\system32\mfevtps.exe [263520 2015-11-18] (McAfee, Inc.) R2 MSK80Service; C:\Program Files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe [378336 2016-01-03] (McAfee, Inc.) R2 PEFService; C:\Program Files\Common Files\Intel Security\PEF\CORE\PEFService.exe [743968 2015-12-14] (Intel Security, Inc.) R2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [216776 2015-06-12] (Synaptics Incorporated) S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [277760 2015-07-10] (Microsoft Corporation) S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23264 2015-07-10] (Microsoft Corporation) ===================== Treiber (Nicht auf der Ausnahmeliste) ========================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.) R3 cfwids; C:\WINDOWS\System32\drivers\cfwids.sys [72560 2015-11-25] (McAfee, Inc.) S3 HipShieldK; C:\WINDOWS\System32\drivers\HipShieldK.sys [157288 2015-05-19] (McAfee, Inc.) R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [23256 2015-10-05] (Malwarebytes) S3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [51928 2015-10-05] (Malwarebytes Corporation) R3 mfeaack; C:\WINDOWS\System32\drivers\mfeaack.sys [321768 2015-11-25] (McAfee, Inc.) R3 mfeavfk; C:\WINDOWS\System32\drivers\mfeavfk.sys [272840 2015-11-25] (McAfee, Inc.) S0 mfeelamk; C:\WINDOWS\System32\drivers\mfeelamk.sys [72344 2015-11-25] (McAfee, Inc.) R3 mfefirek; C:\WINDOWS\System32\drivers\mfefirek.sys [382032 2015-11-25] (McAfee, Inc.) R0 mfehidk; C:\WINDOWS\System32\drivers\mfehidk.sys [650904 2015-11-25] (McAfee, Inc.) R3 mfencbdc; C:\WINDOWS\System32\DRIVERS\mfencbdc.sys [426464 2015-11-20] (McAfee, Inc.) S3 mfencrk; C:\WINDOWS\System32\DRIVERS\mfencrk.sys [89552 2015-11-20] (McAfee, Inc.) R3 mfesapsn; C:\Program Files\McAfee\SiteAdvisor\mfesapsn.sys [32816 2015-10-16] (McAfee, Inc.) R0 mfewfpk; C:\WINDOWS\System32\drivers\mfewfpk.sys [200800 2015-11-25] (McAfee, Inc.) R3 rt640x86; C:\WINDOWS\System32\drivers\rt640x86.sys [492032 2015-07-10] (Realtek ) R3 SmbDrvI; C:\WINDOWS\system32\DRIVERS\Smb_driver_Intel.sys [35528 2015-06-12] (Synaptics Incorporated) R3 Thotkey; C:\WINDOWS\System32\drivers\Thotkey.sys [41584 2015-10-01] (Toshiba Corporation) S3 UdeCx; C:\WINDOWS\System32\drivers\udecx.sys [31744 2015-07-10] () S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [37400 2015-07-10] (Microsoft Corporation) S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [245600 2015-07-10] (Microsoft Corporation) S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [97632 2015-07-10] (Microsoft Corporation) S3 WUDFWpdMtp; C:\WINDOWS\system32\DRIVERS\WUDFRd.sys [161792 2015-07-10] (Microsoft Corporation) U3 idsvc; kein ImagePath U3 mfeaack01; kein ImagePath U3 mfeavfk01; kein ImagePath U3 mfeavfk02; kein ImagePath U3 mfehidk01; kein ImagePath U3 mfehidk02; kein ImagePath S3 wfpcapture; \SystemRoot\System32\drivers\wfpcapture.sys [X] U3 wpcsvc; kein ImagePath ==================== NetSvcs (Nicht auf der Ausnahmeliste) =================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.) ==================== Ein Monat: Erstellte Dateien und Ordner ======== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.) 2016-02-21 14:38 - 2016-02-21 14:39 - 01722368 _____ (Farbar) C:\Users\Romer\Downloads\FRST(6).exe 2016-02-21 14:23 - 2016-02-21 14:23 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee 2016-02-21 14:18 - 2016-02-21 14:18 - 00016148 _____ C:\WINDOWS\system32\ROMER-PC_Romer_HistoryPrediction.bin 2016-02-21 14:18 - 2016-02-21 14:18 - 00016148 _____ C:\WINDOWS\system32\ROMER-PC_Conny_HistoryPrediction.bin 2016-02-21 12:42 - 2016-02-21 12:42 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus 2016-02-16 20:17 - 2016-02-16 20:18 - 00000000 ____D C:\WINDOWS\LastGood 2016-02-13 17:58 - 2016-02-13 17:58 - 00000000 ____D C:\Program Files\Mozilla Firefox 2016-02-12 00:16 - 2016-02-12 00:16 - 00016148 _____ C:\WINDOWS\system32\ROMER-PC_Rainer-User_HistoryPrediction.bin 2016-02-09 23:02 - 2016-02-09 23:02 - 00095090 _____ C:\Users\Rainer-User\Downloads\Kontoauszug_DE39_6009_0800_0003_9044_49_Nr_1_2016-01-31.pdf 2016-02-05 22:35 - 2016-02-05 22:35 - 00217082 _____ C:\Users\Rainer-User\Downloads\Mieterselbstauskunft.pdf 2016-02-03 21:10 - 2015-10-16 04:10 - 00810488 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe 2016-02-03 21:10 - 2015-10-16 04:10 - 00176632 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl 2016-02-03 10:16 - 2016-02-03 10:16 - 00016148 _____ C:\WINDOWS\system32\ROMER-PC_Marie-Sophie_HistoryPrediction.bin 2016-02-02 20:23 - 2016-02-02 20:23 - 00016183 _____ C:\Users\Marie-Sophie\Downloads\Lebenslauf BOGY.odt 2016-02-02 16:18 - 2016-02-02 16:18 - 00016148 _____ C:\WINDOWS\system32\ROMER-PC_Felix_HistoryPrediction.bin 2016-02-01 20:17 - 2016-02-01 20:17 - 00000000 ____D C:\Users\Conny\Tracing 2016-01-30 23:55 - 2016-01-30 23:56 - 04132023 _____ C:\Users\Rainer-User\Downloads\ratgeber-fuer-bienenfreunde.pdf 2016-01-29 18:31 - 2016-01-29 18:31 - 02257582 _____ C:\Users\Rainer-User\Downloads\sammeldownload_20160129_183115.zip 2016-01-29 18:26 - 2016-01-29 18:26 - 00085740 _____ C:\Users\Rainer-User\Downloads\Kontoauszug_DE19_6009_0800_0003_9044_21_Nr_11_2015-12-31.pdf 2016-01-29 18:26 - 2016-01-29 18:26 - 00085740 _____ C:\Users\Rainer-User\Downloads\Kontoauszug_DE19_6009_0800_0003_9044_21_Nr_11_2015-12-31(1).pdf 2016-01-29 18:26 - 2016-01-29 18:26 - 00083731 _____ C:\Users\Rainer-User\Downloads\Kontoauszug_DE78_6009_0800_3003_9044_21_Nr_5_2015-12-31.pdf 2016-01-29 18:26 - 2016-01-29 18:26 - 00083459 _____ C:\Users\Rainer-User\Downloads\Kontoauszug_DE63_6009_0800_0103_9044_21_Nr_9_2015-12-31.pdf 2016-01-29 18:26 - 2016-01-29 18:26 - 00083335 _____ C:\Users\Rainer-User\Downloads\Kontoauszug_DE46_6009_0800_0373_9044_21_Nr_2_2015-12-31.pdf 2016-01-29 18:26 - 2016-01-29 18:26 - 00083332 _____ C:\Users\Rainer-User\Downloads\Kontoauszug_DE55_6009_0800_0173_9044_21_Nr_2_2015-12-31.pdf 2016-01-29 18:26 - 2016-01-29 18:26 - 00083322 _____ C:\Users\Rainer-User\Downloads\Kontoauszug_DE37_6009_0800_0573_9044_21_Nr_2_2015-12-31.pdf 2016-01-29 18:26 - 2016-01-29 18:26 - 00083285 _____ C:\Users\Rainer-User\Downloads\Kontoauszug_DE81_6009_0800_0673_9044_21_Nr_2_2015-12-31.pdf 2016-01-29 18:04 - 2016-01-29 18:04 - 00108387 _____ C:\Users\Rainer-User\Downloads\Mitteilung_DE39_6009_0800_0003_9044_49_Nr_16_2016-01-01.pdf 2016-01-29 18:04 - 2016-01-29 18:04 - 00108386 _____ C:\Users\Rainer-User\Downloads\Mitteilung_DE39_6009_0800_0003_9044_49_Nr_17_2016-01-01.pdf 2016-01-29 18:04 - 2016-01-29 18:04 - 00108377 _____ C:\Users\Rainer-User\Downloads\Mitteilung_DE39_6009_0800_0003_9044_49_Nr_15_2016-01-01.pdf 2016-01-29 18:04 - 2016-01-29 18:04 - 00105868 _____ C:\Users\Rainer-User\Downloads\Mitteilung_DE39_6009_0800_0003_9044_49_Nr_18_2016-01-01.pdf 2016-01-29 18:04 - 2016-01-29 18:04 - 00103315 _____ C:\Users\Rainer-User\Downloads\Mitteilung_DE45_6009_0800_3103_9044_49_Nr_3_2016-01-01.pdf 2016-01-29 18:04 - 2016-01-29 18:04 - 00097426 _____ C:\Users\Rainer-User\Downloads\Kontoauszug_DE39_6009_0800_0003_9044_49_Nr_9_2015-12-31.pdf 2016-01-29 18:04 - 2016-01-29 18:04 - 00083844 _____ C:\Users\Rainer-User\Downloads\Kontoauszug_DE45_6009_0800_3103_9044_49_Nr_7_2015-12-31.pdf 2016-01-29 18:04 - 2016-01-29 18:04 - 00083672 _____ C:\Users\Rainer-User\Downloads\Kontoauszug_DE31_6009_0800_0073_9044_49_Nr_2_2015-12-31.pdf 2016-01-29 18:03 - 2016-02-01 20:15 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype 2016-01-29 18:03 - 2016-01-29 18:03 - 00000000 ___RD C:\Program Files\Skype 2016-01-29 18:03 - 2016-01-29 18:03 - 00000000 ____D C:\Program Files\Common Files\Skype 2016-01-29 18:02 - 2016-01-29 18:02 - 00001889 _____ C:\Users\Public\Desktop\QuickTime Player.lnk 2016-01-29 18:02 - 2016-01-29 18:02 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime 2016-01-29 18:01 - 2016-01-29 18:02 - 00000000 ____D C:\Program Files\QuickTime 2016-01-25 22:55 - 2016-01-25 22:55 - 00154547 _____ C:\Users\Rainer-User\Downloads\564494.pdf 2016-01-25 22:16 - 2016-01-25 22:16 - 00728641 _____ C:\Users\Rainer-User\Downloads\5 Benachrichtigungen.htm ==================== Ein Monat: Geänderte Dateien und Ordner ======== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.) 2016-02-21 14:46 - 2014-08-10 21:03 - 00020792 _____ C:\Users\Romer\Downloads\FRST.txt 2016-02-21 14:46 - 2013-11-10 23:10 - 00000000 ____D C:\FRST 2016-02-21 14:32 - 2015-07-10 09:28 - 00000000 ___HD C:\Program Files\WindowsApps 2016-02-21 14:32 - 2015-07-10 09:28 - 00000000 ____D C:\WINDOWS\AppReadiness 2016-02-21 14:20 - 2014-12-27 01:49 - 00000884 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job 2016-02-21 12:42 - 2015-11-15 09:21 - 00000000 ____D C:\Program Files\McAfee Security Scan 2016-02-21 12:42 - 2014-12-27 01:46 - 00002123 _____ C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk 2016-02-20 17:34 - 2015-07-10 07:59 - 00032768 ___SH C:\WINDOWS\system32\config\ELAM 2016-02-16 20:18 - 2015-11-01 17:57 - 00192944 _____ (DEVGURU Co., LTD.(www.devguru.co.kr)) C:\WINDOWS\system32\Drivers\ssudmdm.sys 2016-02-16 20:18 - 2015-07-10 09:27 - 00000000 ____D C:\WINDOWS\INF 2016-02-16 20:17 - 2015-11-01 17:52 - 00101040 _____ (DEVGURU Co., LTD.(www.devguru.co.kr)) C:\WINDOWS\system32\Drivers\ssudbus.sys 2016-02-11 23:56 - 2014-12-27 18:18 - 00000000 ____D C:\Users\Romer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR 2016-02-11 23:56 - 2014-12-27 18:18 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR 2016-02-11 23:56 - 2014-12-27 18:18 - 00000000 ____D C:\Program Files\WinRAR 2016-02-11 23:47 - 2015-10-01 21:01 - 00000000 ____D C:\Users\Rainer-User 2016-02-11 23:47 - 2015-03-12 19:17 - 1272570880 _____ C:\Users\Rainer-User\Rainer-User Outlook-Datendatei(1).pst 2016-02-11 19:06 - 2015-08-07 10:20 - 00000000 ____D C:\Users\Conny\AppData\Roaming\Skype 2016-02-11 00:09 - 2015-10-01 21:47 - 00000000 ____D C:\Users\Rainer-User\AppData\Local\Packages 2016-02-09 21:45 - 2015-07-10 09:20 - 00000000 ____D C:\WINDOWS\CbsTemp 2016-02-06 00:36 - 2015-01-04 19:17 - 00000000 ____D C:\Users\Romer\AppData\Local\ElevatedDiagnostics 2016-02-05 22:19 - 2015-10-01 21:52 - 00002443 _____ C:\Users\Rainer-User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk 2016-02-05 22:19 - 2015-10-01 21:52 - 00000000 ___RD C:\Users\Rainer-User\OneDrive 2016-02-05 12:54 - 2015-10-01 21:42 - 00002425 _____ C:\Users\Conny\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk 2016-02-05 12:54 - 2015-10-01 21:42 - 00000000 ___RD C:\Users\Conny\OneDrive 2016-02-03 21:27 - 2016-01-01 21:42 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight 2016-02-03 21:26 - 2016-01-01 21:42 - 00000000 ____D C:\Program Files\Microsoft Silverlight 2016-02-03 21:25 - 2014-12-21 22:06 - 00000000 ____D C:\WINDOWS\system32\MRT 2016-02-03 21:19 - 2014-12-21 22:06 - 141317472 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe 2016-02-02 22:42 - 2015-10-01 21:00 - 02030034 _____ C:\WINDOWS\system32\PerfStringBackup.INI 2016-02-02 22:42 - 2015-09-10 05:02 - 00867140 _____ C:\WINDOWS\system32\perfh007.dat 2016-02-02 22:42 - 2015-09-10 05:02 - 00188378 _____ C:\WINDOWS\system32\perfc007.dat 2016-02-02 20:24 - 2015-10-22 20:19 - 00000000 ____D C:\Users\Marie-Sophie\AppData\Local\Packages 2016-02-01 20:17 - 2015-10-01 21:01 - 00000000 ____D C:\Users\Conny 2016-02-01 20:15 - 2015-09-19 17:11 - 00002630 _____ C:\Users\Public\Desktop\Skype.lnk 2016-02-01 20:15 - 2015-08-07 10:20 - 00000000 ____D C:\Users\Conny\AppData\Local\Skype 2016-02-01 20:15 - 2015-01-04 19:11 - 00000000 ____D C:\ProgramData\Skype 2016-01-29 18:03 - 2015-01-04 20:14 - 00000000 ____D C:\Users\Rainer-User\AppData\Roaming\Skype 2016-01-29 18:03 - 2015-01-04 19:12 - 00000000 ____D C:\Users\Romer\AppData\Local\Skype ==================== Dateien im Wurzelverzeichnis einiger Verzeichnisse ======= 2015-10-01 21:39 - 2015-10-01 21:39 - 0000000 ____H () C:\ProgramData\DP45977C.lfl Einige Dateien in TEMP: ==================== C:\Users\Romer\AppData\Local\Temp\BingSvc.exe C:\Users\Romer\AppData\Local\Temp\BSvcProcessor.exe C:\Users\Romer\AppData\Local\Temp\BSvcUpdater.exe C:\Users\Romer\AppData\Local\Temp\DefaultPack.EXE ==================== Bamital & volsnap ================= (Es ist kein automatischer Fix für Dateien vorhanden, die an der Verifikation gescheitert sind.) C:\WINDOWS\explorer.exe => Datei ist digital signiert C:\WINDOWS\system32\winlogon.exe => Datei ist digital signiert C:\WINDOWS\system32\wininit.exe => Datei ist digital signiert C:\WINDOWS\system32\svchost.exe => Datei ist digital signiert C:\WINDOWS\system32\services.exe => Datei ist digital signiert C:\WINDOWS\system32\User32.dll => Datei ist digital signiert C:\WINDOWS\system32\userinit.exe => Datei ist digital signiert C:\WINDOWS\system32\rpcss.dll => Datei ist digital signiert C:\WINDOWS\system32\dnsapi.dll => Datei ist digital signiert C:\WINDOWS\system32\Drivers\volsnap.sys => Datei ist digital signiert LastRegBack: 2016-02-21 13:41 ==================== Ende vom FRST.txt ============================ und hier die Addition-txt: Code:
ATTFilter Zusätzliches Untersuchungsergebnis von Farbar Recovery Scan Tool (x86) Version:20-02-2016
durchgeführt von Romer (2016-02-21 14:48:00)
Gestartet von C:\Users\Romer\Downloads
Microsoft Windows 10 Home (X86) (2015-10-01 20:31:26)
Start-Modus: Normal
==========================================================
==================== Konten: =============================
Administrator (S-1-5-21-734981412-4070128847-1335923988-500 - Administrator - Disabled)
Conny (S-1-5-21-734981412-4070128847-1335923988-1006 - Limited - Enabled) => C:\Users\Conny
DefaultAccount (S-1-5-21-734981412-4070128847-1335923988-503 - Limited - Disabled)
Felix (S-1-5-21-734981412-4070128847-1335923988-1007 - Limited - Enabled) => C:\Users\Felix
Gast (S-1-5-21-734981412-4070128847-1335923988-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-734981412-4070128847-1335923988-1008 - Limited - Enabled)
Marie-Sophie (S-1-5-21-734981412-4070128847-1335923988-1004 - Limited - Enabled) => C:\Users\Marie-Sophie
Rainer-User (S-1-5-21-734981412-4070128847-1335923988-1003 - Limited - Enabled) => C:\Users\Rainer-User
Romer (S-1-5-21-734981412-4070128847-1335923988-1000 - Administrator - Enabled) => C:\Users\Romer
==================== Sicherheits-Center ========================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er entfernt.)
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: McAfee Anti-Virus und Anti-Spyware (Enabled - Up to date) {DA9F8ED0-D0DE-39CC-F55A-51AB4CC1B556}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: McAfee Anti-Virus und Anti-Spyware (Enabled - Up to date) {61FE6F34-F6E4-3642-CFEA-6AD93746FFEB}
FW: McAfee Firewall (Enabled) {E2A40FF5-9AB1-3894-DE05-F89EB212F22D}
==================== Installierte Programme ======================
(Nur Adware-Programme mit dem Zusatz "Hidden" können in die Fixlist aufgenommen werden, um sie sichtbar zu machen. Die Adware-Programme sollten manuell deinstalliert werden.)
Adobe Acrobat Reader DC - Deutsch (HKLM\...\{AC76BA86-7AD7-1031-7B44-AC0F074E4100}) (Version: 15.009.20079 - Adobe Systems Incorporated)
Adobe Flash Player 20 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 20.0.0.306 - Adobe Systems Incorporated)
Apple Application Support (32-Bit) (HKLM\...\{7FA9ECCF-A2DE-4DA1-BFF3-81260DBDA68F}) (Version: 4.1.2 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{9A629DCB-415D-4A50-85B9-5C2E4F8F74A8}) (Version: 9.1.0.6 - Apple Inc.)
Apple Software Update (HKLM\...\{FFD1F7F1-1AC9-4BC4-A908-0686D635ABAF}) (Version: 2.1.4.131 - Apple Inc.)
ArcSoft PhotoBase 3 (HKLM\...\{C1D14C0D-FDAA-4DF2-8441-A902805CCE8C}) (Version: - )
ArcSoft PhotoStudio 5 (HKLM\...\{03F1CC67-5BD8-4C36-8394-76311B2AE69A}) (Version: - )
Bonjour (HKLM\...\{D168AAD0-6686-47C1-B599-CDD4888B9D1A}) (Version: 3.1.0.1 - Apple Inc.)
Canon ScanGear Starter (HKLM\...\{18A5DFF2-8A95-49F3-873F-743CB5549F3D}) (Version: - )
FOTOParadies (HKLM\...\{FD838798-E2CB-45FA-AF79-6011519031E2}}_is1) (Version: 3.5.5.15 - Foto Online Service GmbH)
HP OrderReminder (HKLM\...\HP OrderReminder) (Version: 2.1 - )
iTunes (HKLM\...\{2C741651-87E0-4479-9703-6DD0D7988B84}) (Version: 12.3.2.35 - Apple Inc.)
LaserJet 1018 (HKLM\...\HP-LaserJet 1018) (Version: - )
Malwarebytes Anti-Malware Version 2.2.0.1024 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.0.1024 - Malwarebytes)
Manual CanoScan 5000,5000F,8000F (HKLM\...\{D9261CAB-3E1D-423C-9DD6-2001056DA292}) (Version: - )
McAfee Internet Security (HKLM\...\MSC) (Version: 14.0.7080 - McAfee, Inc.)
McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.11.292.3 - McAfee, Inc.)
McAfee WebAdvisor (HKLM\...\{35ED3F83-4BDC-4c44-8EC6-6A8301C7413A}) (Version: 4.0.141 - McAfee, Inc.)
Microsoft Office Professional Plus 2013 - de-de (HKLM\...\ProPlusRetail - de-de) (Version: 15.0.4787.1002 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.41212.0 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM\...\{6AFCA4E1-9B78-3640-8F72-A7BF33448200}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM\...\{4fcf070a-daac-45e9-a8b0-6850941f7ed8}) (Version: 12.0.21005.1 - Microsoft Corporation)
Mozilla Firefox 44.0.2 (x86 de) (HKLM\...\Mozilla Firefox 44.0.2 (x86 de)) (Version: 44.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 44.0.2.5884 - Mozilla)
Office 15 Click-to-Run Extensibility Component (Version: 15.0.4787.1002 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (Version: 15.0.4787.1002 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (Version: 15.0.4787.1002 - Microsoft Corporation) Hidden
Presto! PageManager 6 (HKLM\...\{580183A6-FF92-11D5-9294-0050BA073EEC}) (Version: - )
QuickTime 7 (HKLM\...\{FF59BD75-466A-4D5A-AD23-AAD87C5FD44C}) (Version: 7.79.80.95 - Apple Inc.)
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7572 - Realtek Semiconductor Corp.)
Skype™ 7.18 (HKLM\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.18.109 - Skype Technologies S.A.)
Steuern sparen 2015 (HKLM\...\{0D57A71B-A1E1-40D8-BC17-8F4BD9163ED8}) (Version: 22.00.8811 - Buhl Data Service GmbH)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 19.0.10.0 - Synaptics Incorporated)
TAPPS 1.29 DE (HKLM\...\TAPPS DE_is1) (Version: 1.29 - Technische Alternative GmbH)
WinRAR 5.31 (32-Bit) (HKLM\...\WinRAR archiver) (Version: 5.31.0 - win.rar GmbH)
Winsol 2.04 (HKLM\...\Winsol_is1) (Version: 2.04 - Technische Alternative GmbH)
==================== Benutzerdefinierte CLSID (Nicht auf der Ausnahmeliste): ==========================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
==================== Geplante Aufgaben (Nicht auf der Ausnahmeliste) =============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
Task: {02E4987A-CEA0-4EEC-8914-27A2C234B40D} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> Keine Datei <==== ACHTUNG
Task: {0ABA9598-7973-4AA9-B385-EFCA2FEB69BB} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Microsoft Office 15\ClientX86\OfficeC2RClient.exe [2015-12-22] (Microsoft Corporation)
Task: {11DCE6C8-707B-44AC-ACAF-12DCB9F293D5} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> Keine Datei <==== ACHTUNG
Task: {21063A1F-EF4D-4661-98BB-714815EE162B} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> Keine Datei <==== ACHTUNG
Task: {23A4534C-E5A2-447C-AA17-A26DA8A79DC2} - System32\Tasks\Microsoft\Windows\Media Center\DispatchRecoveryTasks => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {261D9C44-E68F-41C5-A948-34E1E8B080B2} - System32\Tasks\Microsoft\Windows\Media Center\SqlLiteRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {2685C904-D219-46A0-B092-3C42E022EBD4} - System32\Tasks\Microsoft\Windows\Media Center\RecordingRestart => C:\WINDOWS\ehome\ehrec.exe
Task: {271428E7-1586-46E0-9DB6-18A42B3506DC} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> Keine Datei <==== ACHTUNG
Task: {2B2AD918-5C88-45E1-ABF8-B6D565E54043} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> Keine Datei <==== ACHTUNG
Task: {2BA44EB2-EFE1-40E0-9053-00F13A6080FD} - System32\Tasks\Microsoft\Windows\Media Center\InstallPlayReady => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {33CF03F6-E682-4C95-9B74-C5903DE40AD4} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> Keine Datei <==== ACHTUNG
Task: {367AFD39-A3B1-40F2-AE64-D2699A5BE496} - System32\Tasks\Intel Security DAT Reputation (AMCore) periodic endpoint safety pulse => C:\Program Files\Common Files\McAfee\AMContent\scanners\x86\datrep\54.0\mcdatrep.exe [2016-02-20] (McAfee, Inc.)
Task: {4F31DA62-6BDD-4A9C-9707-73F39BE8694B} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [2015-10-28] (Microsoft Corporation)
Task: {5056AF92-7DF7-4A0D-A40B-56EC92E4A968} - System32\Tasks\Microsoft\Windows\Media Center\RegisterSearch => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {520035E6-D51E-45CA-B6FB-6E50365F4CDF} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX86\OfficeC2RClient.exe [2015-12-22] (Microsoft Corporation)
Task: {5F2A5DEF-CF0C-43F0-B182-9BBC1C3C85CE} - System32\Tasks\Microsoft\Windows\Media Center\OCURActivate => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {6C9413BE-F394-45EA-A58C-67939B7E8AD6} - System32\Tasks\Microsoft\Windows\Media Center\ReindexSearchRoot => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {6E309496-8212-4C1B-832F-DBDE8E4DAD07} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> Keine Datei <==== ACHTUNG
Task: {711E46D1-8D3F-480E-8002-07E9F51FF55B} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2016-02-03] (Microsoft Corporation)
Task: {72EF3D92-6A54-475E-B5E9-AAE887C79AF7} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> Keine Datei <==== ACHTUNG
Task: {765D33BB-CA92-4B8F-98E4-6E4242573E1F} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> Keine Datei <==== ACHTUNG
Task: {824CA9C4-3023-4B37-993E-9C6A987585D5} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-10-28] (Adobe Systems Incorporated)
Task: {85950042-B6A4-4B2E-AEE8-23E469FE1328} - System32\Tasks\Microsoft\Windows\Media Center\PvrScheduleTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {920F546D-215B-4B89-9E90-D3022C0F9891} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> Keine Datei <==== ACHTUNG
Task: {9CA1FE74-67D6-4ECB-9875-54E43BC3B2E2} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> Keine Datei <==== ACHTUNG
Task: {9D4D9544-644E-4E5D-A4CD-ACBF1C86A8EC} - System32\Tasks\Microsoft\Windows\Media Center\MediaCenterRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {A1F076DA-C7B8-4FBE-B41A-59827EE27974} - System32\Tasks\Microsoft\Windows\Media Center\ActivateWindowsSearch => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {A44CF776-26B7-4C00-AAE3-D51B7B4E5E72} - System32\Tasks\McAfee\McAfee Idle Detection Task
Task: {A5358D8C-C4E4-4AAD-A7F8-3F0E373684C3} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2015-08-26] (Apple Inc.)
Task: {ABA5ADC7-4A82-4988-8ACB-AE3D70B14F7C} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate_scheduled => C:\WINDOWS\ehome\mcupdate.exe
Task: {AED01110-C71C-4BE3-9AD4-F24E7C91625A} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW1 => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {B2A5AF58-2138-46AB-A399-8AA11944375F} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate => C:\WINDOWS\ehome\mcupdate.exe
Task: {B39EAD9F-5030-4ACA-809A-04FDC62D6755} - System32\Tasks\Microsoft\Windows\Media Center\ehDRMInit => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {B94E744D-F149-4C9F-9BC8-3D3E2FF74396} - System32\Tasks\Intel Security DAT Reputation (AMCore) Post DAT update endpoint safety pulse => C:\Program Files\Common Files\McAfee\AMContent\scanners\x86\datrep\54.0\mcdatrep.exe [2016-02-20] (McAfee, Inc.)
Task: {BA215F88-A7E9-461B-9276-53CB4062FFB1} - System32\Tasks\McAfee\McAfee Auto Maintenance Task Agent
Task: {C5297FA3-A96D-41C7-8154-3166597FE34C} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW2 => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {D00572EA-AB48-46FD-91B6-1195B6F486AD} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2016-02-09] (Adobe Systems Incorporated)
Task: {D5570B8E-73E1-4144-A2E9-4B0A53F8FA46} - System32\Tasks\Microsoft\Windows\Media Center\OCURDiscovery => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {DA4D8B3C-B1E6-480E-B3A2-FE9D99CBCC81} - System32\Tasks\Microsoft\Windows\Media Center\ObjectStoreRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {DBA3B8DE-5189-490D-9A0A-1D210433E14D} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscovery => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {ED787222-2512-44E1-89D3-CFADA886A755} - System32\Tasks\Microsoft\Windows\Media Center\UpdateRecordPath => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {EE415A81-1421-4080-9DD9-85A9D81C636B} - System32\Tasks\Microsoft\Windows\Media Center\ConfigureInternetTimeService => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {EE816C28-F5EC-46A9-A6B0-0D567ABD7E52} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [2015-10-28] (Microsoft Corporation)
Task: {FA9D5BE0-868A-4E68-8DB0-1185F095A803} - System32\Tasks\Microsoft\Windows\Media Center\PeriodicScanRetry => C:\WINDOWS\ehome\MCUpdate.exe
Task: {FCF3FF9A-08DF-47D8-A420-E11CBACA0069} - System32\Tasks\Microsoft\Windows\Media Center\PvrRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Aufgabe verschoben. Die Datei, die durch die Aufgabe gestartet wird, wird nicht verschoben.)
Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
==================== Verknüpfungen =============================
(Die Einträge können gelistet werden, um sie zurückzusetzen oder zu entfernen.)
==================== Geladene Module (Nicht auf der Ausnahmeliste) ==============
2015-09-10 05:03 - 2015-09-10 05:03 - 00025088 _____ () C:\WINDOWS\SYSTEM32\licensemanagerapi.dll
2014-12-26 11:31 - 2012-09-18 15:26 - 00169472 _____ () C:\WINDOWS\System32\zlhp1020.dll
2014-12-26 11:32 - 2012-09-18 15:26 - 00059904 _____ () C:\WINDOWS\system32\spool\PRTPROCS\W32X86\pphp1020.dll
2014-12-26 11:31 - 2012-09-18 15:26 - 02223104 _____ () C:\WINDOWS\system32\spool\DRIVERS\W32X86\3\suhp1020.dll
2014-12-26 11:31 - 2012-09-18 15:26 - 00949248 _____ () C:\WINDOWS\system32\spool\DRIVERS\W32X86\3\gchp1020.dll
2015-09-10 05:03 - 2015-09-10 05:03 - 00301056 _____ () C:\WINDOWS\System32\diagtrack_wininternal.dll
2014-10-11 13:06 - 2014-10-11 13:06 - 00073544 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2015-10-13 05:46 - 2015-10-13 05:46 - 01040144 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2014-12-26 12:42 - 2015-10-13 02:43 - 00080040 _____ () C:\Program Files\Microsoft Office 15\ClientX86\ApiClient.dll
2015-10-01 21:47 - 2015-10-01 21:47 - 01766952 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
2015-10-01 21:47 - 2015-10-01 21:47 - 01766952 _____ () C:\WINDOWS\System32\CoreUIComponents.dll
2015-07-10 09:24 - 2015-07-10 09:24 - 00288768 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\QuickActions.dll
2015-07-10 09:24 - 2015-07-10 09:24 - 00111104 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\XamlTileRendering.dll
2015-10-01 21:47 - 2015-10-01 21:47 - 04317696 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2015-10-01 21:47 - 2015-10-01 21:47 - 00377856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2015-10-01 21:47 - 2015-10-01 21:47 - 01183232 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2015-10-01 21:47 - 2015-10-01 21:47 - 01425920 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2015-07-10 09:25 - 2015-09-10 05:03 - 00107520 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.ProxyStub.dll
2015-10-27 14:06 - 2015-10-27 14:06 - 00013312 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_15.1026.13580.0_x86__8wekyb3d8bbwe\Microsoft.Photos.exe
2015-10-27 14:06 - 2015-10-27 14:06 - 08897536 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_15.1026.13580.0_x86__8wekyb3d8bbwe\Microsoft.Photos.dll
2015-10-27 14:06 - 2015-10-27 14:06 - 00162304 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_15.1026.13580.0_x86__8wekyb3d8bbwe\StoreRatingPromotion.dll
==================== Alternate Data Streams (Nicht auf der Ausnahmeliste) =========
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird nur der ADS entfernt.)
==================== Abgesicherter Modus (Nicht auf der Ausnahmeliste) ===================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Der Wert "AlternateShell" wird wiederhergestellt.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcapexe => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McNaiAnn => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeaack => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeaack.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeavfk => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeavfk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefire => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfemms => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfetdi2k => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfetdi2k.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfevtp => ""="Service"
==================== EXE Verknüpfungen (Nicht auf der Ausnahmeliste) ===============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt.)
==================== Internet Explorer Vertrauenswürdig/Eingeschränkt ===============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt.)
==================== Hosts Inhalt: ===============================
(Wenn benötigt kann der Hosts: Schalter in die Fixlist aufgenommen werden um die Hosts Datei zurückzusetzen.)
2009-07-14 03:04 - 2016-02-21 12:42 - 00000862 ____A C:\WINDOWS\system32\Drivers\etc\hosts
0.0.0.1 mssplus.mcafee.com
==================== Andere Bereiche ============================
(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)
HKU\S-1-5-21-734981412-4070128847-1335923988-1000\Control Panel\Desktop\\Wallpaper -> C:\WINDOWS\web\wallpaper\Windows\img0.jpg
HKU\S-1-5-21-734981412-4070128847-1335923988-1006\Control Panel\Desktop\\Wallpaper -> D:\Familienregal\Rainer\a_Regal 1\Bilder\Bilder 2015\Bilder bis 2015 09 19 Nikon\DSC_0071.JPG
HKU\S-1-5-21-734981412-4070128847-1335923988-1007\Control Panel\Desktop\\Wallpaper -> C:\WINDOWS\web\wallpaper\Windows\img0.jpg
DNS Servers: 192.168.178.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall ist aktiviert.
==================== MSCONFIG/TASK MANAGER Deaktivierte Einträge ==
(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)
==================== FirewallRules (Nicht auf der Ausnahmeliste) ===============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [MSMQ-In-TCP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [MSMQ-Out-TCP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [MSMQ-In-UDP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [MSMQ-Out-UDP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [WCF-NetTcpActivator-In-TCP-32bit] => (Allow) LPort=808
FirewallRules: [{BBDFA310-49C0-4DF0-991E-1391CB56FCE9}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{1FD4393A-101B-4478-9319-CA0F5E58B20F}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{4594DA60-D31E-4340-B460-D299270C37D1}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{FD09628B-2732-4380-9691-59BD828B9438}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{A9D41A67-F61B-4EF1-9D8B-4E0592948E88}] => (Allow) C:\Program Files\Skype\Phone\Skype.exe
FirewallRules: [{E2F8DEF8-A15B-414E-8F87-15DC03CB972E}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\outlook.exe
FirewallRules: [{F2246FF8-B3F8-45F3-8243-FDCA6EE888D8}] => (Allow) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
FirewallRules: [{2BAFBC01-6C20-4BFA-8529-57502530AD98}] => (Allow) C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
FirewallRules: [{9A389069-55EB-43BE-8E46-04BC27C987EE}] => (Allow) C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
FirewallRules: [{3476DD47-5850-4990-9B8F-5ACDDC1D055E}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{3BDDCA7E-6175-4871-8DE2-CFB3C4EC2C39}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{1AC13EEF-4363-41D6-97AF-9B918714554B}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\Lync.exe
FirewallRules: [{5D80A50D-FD3C-4F95-937A-63E9E2499B2D}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\Lync.exe
FirewallRules: [{C8B53D39-7759-4554-82EC-E37E0434012C}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\UcMapi.exe
FirewallRules: [{696BC9D8-643D-498A-99C4-6E3BADA18E28}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\UcMapi.exe
FirewallRules: [{E907C95C-BAA6-4ABD-880F-2AF89EC2A401}] => (Allow) C:\Program Files\iTunes\iTunes.exe
==================== Wiederherstellungspunkte =========================
ACHTUNG: Systemwiederherstellung ist deaktiviert
==================== Fehlerhafte Geräte im Gerätemanager =============
==================== Fehlereinträge in der Ereignisanzeige: =========================
Applikationsfehler:
==================
Error: (02/21/2016 02:18:42 PM) (Source: ATIeRecord) (EventID: 16391) (User: )
Description: ATI EEU maximum number of session has been surpassed
Error: (02/21/2016 02:18:35 PM) (Source: ATIeRecord) (EventID: 16391) (User: )
Description: ATI EEU maximum number of session has been surpassed
Error: (02/21/2016 02:18:33 PM) (Source: ATIeRecord) (EventID: 16391) (User: )
Description: ATI EEU maximum number of session has been surpassed
Error: (02/21/2016 01:59:53 PM) (Source: MsiInstaller) (EventID: 1024) (User: Romer-PC)
Description: Produkt: Adobe Acrobat Reader DC - Deutsch - Update "{AC76BA86-7AD7-0000-2550-AC0F0A4E5B00}" konnte nicht installiert werden. Fehlercode 1625. Windows Installer kann Protokolle erstellen, um bei der Problembehandlung betreffend der Installation von Softwarepaketen behilflich zu sein. Verwenden Sie folgenden Link, um Anweisungen zur Aktivierung der Protokollierungsunterstützung zu erhalten: hxxp://go.microsoft.com/fwlink/?LinkId=23127
Error: (02/21/2016 01:47:02 PM) (Source: ATIeRecord) (EventID: 16391) (User: )
Description: ATI EEU maximum number of session has been surpassed
Error: (02/21/2016 01:45:37 PM) (Source: ATIeRecord) (EventID: 16391) (User: )
Description: ATI EEU maximum number of session has been surpassed
Error: (02/21/2016 01:45:36 PM) (Source: ATIeRecord) (EventID: 16391) (User: )
Description: ATI EEU maximum number of session has been surpassed
Error: (02/21/2016 01:45:36 PM) (Source: ATIeRecord) (EventID: 16391) (User: )
Description: ATI EEU maximum number of session has been surpassed
Error: (02/21/2016 01:45:33 PM) (Source: ATIeRecord) (EventID: 16391) (User: )
Description: ATI EEU maximum number of session has been surpassed
Error: (02/21/2016 01:45:15 PM) (Source: ATIeRecord) (EventID: 16391) (User: )
Description: ATI EEU maximum number of session has been surpassed
Systemfehler:
=============
Error: (02/21/2016 02:31:11 PM) (Source: DCOM) (EventID: 10016) (User: Romer-PC)
Description: AnwendungsspezifischLokalAktivierung{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}Romer-PCConnyS-1-5-21-734981412-4070128847-1335923988-1006LocalHost (unter Verwendung von LRPC)Nicht verfügbarNicht verfügbar
Error: (02/21/2016 02:30:20 PM) (Source: DCOM) (EventID: 10016) (User: Romer-PC)
Description: AnwendungsspezifischLokalAktivierung{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}Romer-PCConnyS-1-5-21-734981412-4070128847-1335923988-1006LocalHost (unter Verwendung von LRPC)Nicht verfügbarNicht verfügbar
Error: (02/21/2016 02:29:23 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT-AUTORITÄT)
Description: Installationsfehler: Die Installation des folgenden Updates ist mit Fehler 0x80073cf9 fehlgeschlagen: MSN Money
Error: (02/21/2016 02:28:57 PM) (Source: DCOM) (EventID: 10016) (User: Romer-PC)
Description: AnwendungsspezifischLokalAktivierung{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}Romer-PCConnyS-1-5-21-734981412-4070128847-1335923988-1006LocalHost (unter Verwendung von LRPC)Nicht verfügbarNicht verfügbar
Error: (02/21/2016 02:28:46 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT-AUTORITÄT)
Description: Installationsfehler: Die Installation des folgenden Updates ist mit Fehler 0x80073cf9 fehlgeschlagen: Get Office
Error: (02/21/2016 02:28:32 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT-AUTORITÄT)
Description: Installationsfehler: Die Installation des folgenden Updates ist mit Fehler 0x80073cf9 fehlgeschlagen: Get Office
Error: (02/21/2016 02:28:27 PM) (Source: DCOM) (EventID: 10016) (User: Romer-PC)
Description: AnwendungsspezifischLokalAktivierung{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}Romer-PCConnyS-1-5-21-734981412-4070128847-1335923988-1006LocalHost (unter Verwendung von LRPC)Nicht verfügbarNicht verfügbar
Error: (02/21/2016 02:28:12 PM) (Source: DCOM) (EventID: 10016) (User: Romer-PC)
Description: AnwendungsspezifischLokalAktivierung{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}Romer-PCConnyS-1-5-21-734981412-4070128847-1335923988-1006LocalHost (unter Verwendung von LRPC)Nicht verfügbarNicht verfügbar
Error: (02/21/2016 02:28:07 PM) (Source: DCOM) (EventID: 10016) (User: Romer-PC)
Description: AnwendungsspezifischLokalAktivierung{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}Romer-PCConnyS-1-5-21-734981412-4070128847-1335923988-1006LocalHost (unter Verwendung von LRPC)Nicht verfügbarNicht verfügbar
Error: (02/21/2016 02:28:06 PM) (Source: DCOM) (EventID: 10016) (User: Romer-PC)
Description: AnwendungsspezifischLokalAktivierung{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}Romer-PCConnyS-1-5-21-734981412-4070128847-1335923988-1006LocalHost (unter Verwendung von LRPC)Nicht verfügbarNicht verfügbar
CodeIntegrity:
===================================
Date: 2016-01-22 13:50:25.193
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume2\Windows\assembly\GAC\Microsoft.StdFormat\7.0.3300.0__b03f5f7f11d50a3a\Microsoft.StdFormat.dll that did not meet the Microsoft signing level requirements.
Date: 2016-01-22 13:50:25.063
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume2\Windows\assembly\GAC\ADODB\7.0.3300.0__b03f5f7f11d50a3a\ADODB.dll that did not meet the Microsoft signing level requirements.
Date: 2016-01-22 13:50:24.924
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume2\Windows\assembly\GAC\MSDATASRC\7.0.3300.0__b03f5f7f11d50a3a\MSDATASRC.dll that did not meet the Microsoft signing level requirements.
Date: 2016-01-22 13:50:24.439
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume2\Windows\assembly\GAC\Microsoft.StdFormat\7.0.3300.0__b03f5f7f11d50a3a\Microsoft.StdFormat.dll that did not meet the Microsoft signing level requirements.
Date: 2016-01-22 13:50:24.285
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume2\Windows\assembly\GAC\ADODB\7.0.3300.0__b03f5f7f11d50a3a\ADODB.dll that did not meet the Microsoft signing level requirements.
Date: 2016-01-22 13:50:24.043
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume2\Windows\assembly\GAC\MSDATASRC\7.0.3300.0__b03f5f7f11d50a3a\MSDATASRC.dll that did not meet the Microsoft signing level requirements.
Date: 2016-01-22 13:50:19.233
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume2\Windows\assembly\GAC\stdole\7.0.3300.0__b03f5f7f11d50a3a\stdole.dll that did not meet the Microsoft signing level requirements.
Date: 2016-01-22 13:50:16.298
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume2\Windows\assembly\GAC\stdole\7.0.3300.0__b03f5f7f11d50a3a\stdole.dll that did not meet the Microsoft signing level requirements.
Date: 2015-12-26 11:24:39.046
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume2\Windows\assembly\GAC\Microsoft.StdFormat\7.0.3300.0__b03f5f7f11d50a3a\Microsoft.StdFormat.dll that did not meet the Microsoft signing level requirements.
Date: 2015-12-26 11:24:38.914
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume2\Windows\assembly\GAC\ADODB\7.0.3300.0__b03f5f7f11d50a3a\ADODB.dll that did not meet the Microsoft signing level requirements.
==================== Memory info ===========================
Processor: Pentium(R) Dual-Core CPU T4300 @ 2.10GHz
Prozentuale Nutzung des RAM: 68%
Installierter physikalischer RAM: 3036.87 MB
Verfügbarer physikalischer RAM: 950.05 MB
Summe virtueller Speicher: 6108.87 MB
Verfügbarer virtueller Speicher: 3089.61 MB
==================== Laufwerke ================================
Drive c: (Vista) (Fixed) (Total:186.31 GB) (Free:63.89 GB) NTFS ==>[Laufwerk mit Startkomponenten (eingeholt von BCD)]
Drive d: (Data) (Fixed) (Total:184.84 GB) (Free:63.49 GB) NTFS
==================== MBR & Partitionstabelle ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 372.6 GB) (Disk ID: 7878FC96)
Partition 1: (Not Active) - (Size=1.5 GB) - (Type=27)
Partition 2: (Active) - (Size=186.3 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=184.8 GB) - (Type=07 NTFS)
==================== Ende vom Addition.txt ============================
Rainer |
|
| Themen zu WIN10 installiert, Rechner läuft sehr langsam und unter manchen Userkonten kein Mozilla möglich |
| administrator, adobe flash player, bonjour, defender, desktop, dnsapi.dll, explorer, firefox, flash player, home, installation, langsam, mozilla, ordner, prozesse, realtek, registry, scan, security, services.exe, siteadvisor, software, svchost.exe, system, temp, win10, windows |
Linear-Darstellung
