| |
| |||||||
Log-Analyse und Auswertung: Windows 10: Malwarebytes meldet infizierte Dateien, teilweise funktioniert das Internet nicht, generell PC langsamWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML |
 |
22.12.2015, 12:05
| #1 |
| |  Windows 10: Malwarebytes meldet infizierte Dateien, teilweise funktioniert das Internet nicht, generell PC langsam Guten Tag zusammen, seit ca. 1 Woche habe ich nun folgendes Problem. Nachdem ich laufend auf Werbeseiten weitergeleitet wurde, habe ich Malwarebytes installiert und es wurde prompt, nach einem Suchlauf, sehr viele Dateien in Quarantäne verschoben, die danach auch gelöscht wurden. Leider kommt es nach jedem PC-Start vor, dass sich Office-Note versucht zu starten und etwas senden möchte.. Des Weiteren kommt ca. 10 mal die Meldung das gefragt wird "wie soll dieses Element geöffnet werden?". Wenn ich ein Programm, beispielsweise Chrome anwähle, öffnen sich Werbeseiten. Nachdem alles abgebrochen wurde und generell im Internet gesurft wird, meldet sich teilweise Malwarebytes. Es kam nun schon einmal vor, dass das Internet gar nicht mehr ging. Erst nach einem Suchlauf von Malwarebytes und anschließendem Neustart ging es dann wieder. Wäre super wenn jemand helfen könnte. Anbei die logs von FRST FRST.txt Code:
ATTFilter Untersuchungsergebnis von Farbar Recovery Scan Tool (FRST) (x64) Version:20-12-2015 durchgeführt von Daniel (Administrator) auf GLOBALITY (22-12-2015 11:41:26) Gestartet von C:\Users\Daniel\Desktop Geladene Profile: Daniel & postgres (Verfügbare Profile: Daniel & postgres & Gl0ba_000) Platform: Windows 10 Pro (X64) Sprache: Deutsch (Deutschland) Internet Explorer Version 11 (Standard-Browser: "C:\Program Files (x86)\Sirrix AG\BitBox\bin\BitBoxClient.exe" start "%1") Start-Modus: Normal Anleitung für Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Prozesse (Nicht auf der Ausnahmeliste) ================= (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Prozess geschlossen. Die Datei wird nicht verschoben.) (AMD) C:\Windows\System32\atiesrxx.exe (AMD) C:\Windows\System32\atieclxx.exe (Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe (BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe (Sirrix AG) C:\Program Files (x86)\Sirrix AG\BitBox\bin\BitBoxService.exe (BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-UpdaterService.exe (Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe (Coupons.com Inc.) C:\Program Files (x86)\Coupons\CouponPrinterService.exe (devolo AG) C:\Program Files (x86)\devolo\dlan\devolonetsvc.exe (Malwarebytes) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe (Malwarebytes) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe (IObit) C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe (Star Finanz-Software Entwicklung und Vertriebs GmbH) C:\Program Files (x86)\StarMoney 9.0\ouservice\StarMoneyOnlineUpdate.exe (PacketVideo) C:\Program Files (x86)\Twonky\TwonkyServer\twonkystarter.exe () C:\Program Files (x86)\Twonky\TwonkyServer\twonkyproxy.exe (Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe () C:\Program Files (x86)\Twonky\TwonkyServer\twonkyserver.exe (PostgreSQL Global Development Group) C:\postgreSQL\bin\pg_ctl.exe (PostgreSQL Global Development Group) C:\postgreSQL\bin\postgres.exe (PostgreSQL Global Development Group) C:\postgreSQL\bin\postgres.exe (PostgreSQL Global Development Group) C:\postgreSQL\bin\postgres.exe (PostgreSQL Global Development Group) C:\postgreSQL\bin\postgres.exe (PostgreSQL Global Development Group) C:\postgreSQL\bin\postgres.exe (Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe (Malwarebytes) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe () C:\Program Files (x86)\QuickSearch\spw3016.exe (Joan Abner) C:\Program Files (x86)\QuickSearch\uninstall.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Sony) C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe () C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanionInfo.exe (LINE Corporation) C:\Program Files (x86)\Naver\LINE\Line.exe (Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe (Internet Monitor) C:\Users\Daniel\AppData\Roaming\BandwidthStat\bandwidthstat.exe (Elaborate Bytes AG) C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe (Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe (PacketVideo) C:\Program Files (x86)\Twonky\TwonkyServer\twonkytray.exe (Geek Software GmbH) C:\Program Files (x86)\PDF24\pdf24.exe () C:\Program Files\Rainmeter\Rainmeter.exe (Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe (BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-Agent.exe (Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe (Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\IPC\AdobeIPCBroker.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe (Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe ==================== Registry (Nicht auf der Ausnahmeliste) =========================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt. Die Datei wird nicht verschoben.) HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13885696 2015-06-24] (Realtek Semiconductor) HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [508240 2015-08-05] (Adobe Systems Incorporated) HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [767176 2015-11-04] (Advanced Micro Devices, Inc.) HKLM-x32\...\Run: [VirtualCloneDrive] => C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe [88984 2013-03-10] (Elaborate Bytes AG) HKLM-x32\...\Run: [PDFPrint] => C:\Program Files (x86)\PDF24\pdf24.exe [191016 2014-05-14] (Geek Software GmbH) HKLM-x32\...\Run: [SwitchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) HKLM-x32\...\Run: [AdobeCS6ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [1073312 2012-03-09] (Adobe Systems Incorporated) HKLM-x32\...\Run: [Adobe Creative Cloud] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2694040 2014-07-22] (Adobe Systems Incorporated) HKLM-x32\...\Run: [Andy] => C:\Program Files\Andy\HandyAndy.exe HKLM-x32\...\Run: [BlueStacks Agent] => C:\Program Files (x86)\BlueStacks\HD-Agent.exe [883280 2015-12-10] (BlueStack Systems, Inc.) HKU\S-1-5-21-2676936528-1030403693-891089861-1001\...\Run: [Sony PC Companion] => C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe [457088 2015-09-23] (Sony) HKU\S-1-5-21-2676936528-1030403693-891089861-1001\...\Run: [Line] => C:\Program Files (x86)\Naver\LINE\Line.exe [15664152 2015-08-18] (LINE Corporation) HKU\S-1-5-21-2676936528-1030403693-891089861-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [50755200 2015-12-08] (Skype Technologies S.A.) HKU\S-1-5-21-2676936528-1030403693-891089861-1001\...\Run: [BandwidthStat] => C:\Users\Daniel\AppData\Roaming\BandwidthStat\bandwidthstat.exe [569344 2015-12-15] (Internet Monitor) HKU\S-1-5-21-2676936528-1030403693-891089861-1006\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [50755200 2015-12-08] (Skype Technologies S.A.) HKU\S-1-5-21-2676936528-1030403693-891089861-1006\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [517632 2015-07-10] (Microsoft Corporation) ShellIconOverlayIdentifiers: [ AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync_x64.dll [2014-07-16] () ShellIconOverlayIdentifiers: [ AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync_x64.dll [2014-07-16] () ShellIconOverlayIdentifiers: [ AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync_x64.dll [2014-07-16] () Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Twonky Server.lnk [2015-12-15] ShortcutTarget: Twonky Server.lnk -> C:\Program Files (x86)\Twonky\TwonkyServer\twonkytray.exe (PacketVideo) Startup: C:\Users\Daniel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\An OneNote senden.lnk [2015-12-15] ShortcutTarget: An OneNote senden.lnk -> C:\Program Files\Microsoft Office\Office15\ONENOTEM.EXE (Microsoft Corporation) Startup: C:\Users\Daniel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Rainmeter.lnk [2015-12-15] ShortcutTarget: Rainmeter.lnk -> C:\Program Files\Rainmeter\Rainmeter.exe () CHR HKLM\SOFTWARE\Policies\Google: Beschränkung <======= ACHTUNG ==================== Internet (Nicht auf der Ausnahmeliste) ==================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Eintrag entfernt oder auf den Standardwert zurückgesetzt, wenn es sich um einen Registryeintrag handelt.) Hosts: Es ist mehr als ein Eintrag in der Hosts Datei zu finden. Siehe Hosts-Bereich in Addition.txt Tcpip\Parameters: [DhcpNameServer] 192.168.2.1 Tcpip\..\Interfaces\{c3d2b33a-5f1a-4bce-8c16-a5ea94bc6a72}: [DhcpNameServer] 192.168.2.1 Internet Explorer: ================== HKU\S-1-5-21-2676936528-1030403693-891089861-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Beschränkung <======= ACHTUNG HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank HKU\S-1-5-21-2676936528-1030403693-891089861-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://t.de.msn.com/ HKU\S-1-5-21-2676936528-1030403693-891089861-1006\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank HKU\S-1-5-21-2676936528-1030403693-891089861-1006\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://t.de.msn.com/ URLSearchHook: HKU\S-1-5-21-2676936528-1030403693-891089861-1001 - (Kein Name) - {EB6628CF-0675-4DAE-95CE-EFFA23169743} - Keine Datei BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll [2015-11-18] (Microsoft Corporation) BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_25\bin\ssv.dll [2014-12-24] (Oracle Corporation) BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL [2015-11-10] (Microsoft Corporation) BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_25\bin\jp2ssv.dll [2014-12-24] (Oracle Corporation) BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll [2015-11-18] (Microsoft Corporation) BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll [2015-05-09] (Oracle Corporation) BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL [2015-11-10] (Microsoft Corporation) BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [2015-05-09] (Oracle Corporation) Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL [2014-03-12] (Microsoft Corporation) Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2014-05-02] (Skype Technologies) FireFox: ======== FF ProfilePath: C:\Users\Daniel\AppData\Roaming\Mozilla\Firefox\Profiles\v7rfplju.default FF NewTab: about:newtab FF DefaultSearchEngine: MyStart FF Homepage: hxxps://www.mystart.com/?pr=systma&id=byd&v=1_0 FF Keyword.URL: FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_20_0_0_235.dll [2015-12-12] () FF Plugin: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll [2014-12-24] (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files\Java\jre1.8.0_25\bin\plugin2\npjp2.dll [2014-12-24] (Oracle Corporation) FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.41105.0\npctrl.dll [2015-11-04] ( Microsoft Corporation) FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~1\Office15\NPSPWRAP.DLL [2014-01-23] (Microsoft Corporation) FF Plugin: @videolan.org/vlc,version=2.1.4 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2014-02-28] (VideoLAN) FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [Keine Datei] FF Plugin: adobe.com/AdobeAAMDetect_x86_64 -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll [2014-07-22] (Adobe Systems) FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_20_0_0_235.dll [2015-12-12] () FF Plugin-x32: @java.com/DTPlugin,version=10.51.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll [2015-05-09] (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=10.51.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll [2015-05-09] (Oracle Corporation) FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2015-03-31] (Microsoft Corporation) FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.41105.0\npctrl.dll [2015-11-04] ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL [2014-01-22] (Microsoft Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-06] (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-06] (Google Inc.) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-09-27] (Adobe Systems Inc.) FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll [2014-07-22] (Adobe Systems) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll [2015-03-31] (Microsoft Corporation) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2015-09-27] (Adobe Systems Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\browser\plugins\npMozCouponPrinter.dll [2014-10-02] (Coupons, Inc.) FF Extension: Flash and Video Download - C:\Users\Daniel\AppData\Roaming\Mozilla\Firefox\Profiles\v7rfplju.default\extensions\{bee6eb20-01e0-ebd1-da83-080329fb9a3a} [2015-12-12] FF Extension: Flash Video Downloader - YouTube HD Download [4K] - C:\Users\Daniel\AppData\Roaming\Mozilla\Firefox\Profiles\v7rfplju.default\extensions\artur.dubovoy@gmail.com [2015-12-12] FF Extension: FireFTP - C:\Users\Daniel\AppData\Roaming\Mozilla\Firefox\Profiles\v7rfplju.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f} [2015-12-12] Chrome: ======= CHR HomePage: Default -> hxxp://www.google.de/ CHR Profile: C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Default CHR Extension: (Google*Übersetzer) - C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapbdbdomjkkjkaonfhkkikfgjllcleb [2015-11-17] CHR Extension: (Google Docs) - C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-02-04] CHR Extension: (Google Drive) - C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-25] CHR Extension: (YouTube) - C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-25] CHR Extension: (Google-Suche) - C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-30] CHR Extension: (FTP Free) - C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Default\Extensions\ehdgcfaoankkonoiichmblcfijkomfbn [2014-09-27] CHR Extension: (Video Downloader professional) - C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Default\Extensions\elicpjhcidhpjomhibiffojpinpmmpil [2015-01-14] CHR Extension: (ZenMate Security, Privacy & Unblock VPN) - C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Default\Extensions\fdcgdnkidjaadafnichfpabhfomcebme [2015-11-16] CHR Extension: (Google Docs Offline) - C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-11-17] CHR Extension: (Video Downloader [FVD]) - C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Default\Extensions\lfmhcpmkbdkbgbmkjoiopeeegenkdikp [2015-05-09] CHR Extension: (qipu Cashbackmelder open beta) - C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Default\Extensions\mloigoojndlehdjiemdfpiikieonngel [2015-01-16] CHR Extension: (Codeanywhere) - C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndcfkjjcjfpmmhdedhnbkknbehiadgjg [2014-05-13] CHR Extension: (Chrome Web Store-Zahlungen) - C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-08-01] CHR Extension: (Google Mail) - C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-28] ==================== Dienste (Nicht auf der Ausnahmeliste) ======================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.) R2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2016448 2015-11-25] (Adobe Systems, Incorporated) R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [344064 2015-07-15] (Advanced Micro Devices, Inc.) [Datei ist nicht signiert] R2 BitBoxService; C:\Program Files (x86)\Sirrix AG\BitBox\bin\BitBoxService.exe [738304 2015-11-13] (Sirrix AG) [Datei ist nicht signiert] S3 BstHdAndroidSvc; C:\Program Files (x86)\BlueStacks\HD-Service.exe [432720 2015-12-10] (BlueStack Systems, Inc.) R2 BstHdLogRotatorSvc; C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe [412240 2015-12-10] (BlueStack Systems, Inc.) R2 BstHdUpdaterSvc; C:\Program Files (x86)\BlueStacks\HD-UpdaterService.exe [854608 2015-12-10] (BlueStack Systems, Inc.) R2 CouponPrinterService; C:\Program Files (x86)\Coupons\CouponPrinterService.exe [179184 2014-10-15] (Coupons.com Inc.) R2 DevoloNetworkService; C:\Program Files (x86)\devolo\dlan\devolonetsvc.exe [3645432 2014-07-18] (devolo AG) R2 LiveUpdateSvc; C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe [2934048 2015-11-10] (IObit) R2 MBAMScheduler; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe [1513784 2015-10-05] (Malwarebytes) R2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [1135416 2015-10-05] (Malwarebytes) R2 postgresql-8.4; c:\postgreSQL\bin\pg_ctl.exe [66048 2014-02-18] (PostgreSQL Global Development Group) [Datei ist nicht signiert] R2 StarMoney 9.0 OnlineUpdate; C:\Program Files (x86)\StarMoney 9.0\ouservice\StarMoneyOnlineUpdate.exe [697488 2014-07-04] (Star Finanz-Software Entwicklung und Vertriebs GmbH) S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [Datei ist nicht signiert] R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [5426448 2014-12-15] (TeamViewer GmbH) R2 TwonkyProxy; C:\Program Files (x86)\Twonky\TwonkyServer\twonkyproxy.exe [885576 2013-05-23] () R2 TwonkyServer; C:\Program Files (x86)\Twonky\TwonkyServer\twonkystarter.exe [586568 2013-05-23] (PacketVideo) R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [362928 2015-07-10] (Microsoft Corporation) R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2015-07-10] (Microsoft Corporation) ===================== Treiber (Nicht auf der Ausnahmeliste) ========================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.) S0 amdkmafd; C:\Windows\System32\drivers\amdkmafd.sys [21160 2012-09-23] (Advanced Micro Devices, Inc.) R2 AODDriver4.2.0; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [59616 2014-02-11] (Advanced Micro Devices) R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdWT6.sys [102912 2015-05-28] (Advanced Micro Devices) R2 BstHdDrv; C:\Program Files (x86)\BlueStacks\HD-Hypervisor-amd64.sys [146040 2015-12-10] (BlueStack Systems) R1 HWiNFO32; C:\WINDOWS\SysWOW64\drivers\HWiNFO64A.SYS [26528 2015-12-15] (REALiX(tm)) R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25816 2015-10-05] (Malwarebytes) R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [192216 2015-12-22] (Malwarebytes) R3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [64216 2015-10-05] (Malwarebytes Corporation) R2 NPF_devolo; C:\Windows\sysWOW64\drivers\npf_devolo.sys [34048 2013-03-04] (CACE Technologies) R3 rt640x64; C:\Windows\System32\drivers\rt640x64.sys [587264 2015-07-10] (Realtek ) S3 UdeCx; C:\Windows\System32\drivers\udecx.sys [44032 2015-07-10] () R1 VBoxNetLwf; C:\Windows\system32\DRIVERS\VBoxNetLwf.sys [194816 2015-11-11] (Oracle Corporation) S0 WdBoot; C:\Windows\System32\drivers\WdBoot.sys [44568 2015-07-10] (Microsoft Corporation) R0 WdFilter; C:\Windows\System32\drivers\WdFilter.sys [291680 2015-07-10] (Microsoft Corporation) R2 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [119648 2015-07-10] (Microsoft Corporation) S3 VBoxNetFlt; \SystemRoot\system32\DRIVERS\VBoxNetFlt.sys [X] S3 wfpcapture; \SystemRoot\System32\drivers\wfpcapture.sys [X] ==================== NetSvcs (Nicht auf der Ausnahmeliste) =================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.) ==================== Ein Monat: Erstellte Dateien und Ordner ======== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.) 2015-12-22 11:39 - 2015-12-22 11:40 - 00050181 _____ C:\Users\Daniel\Desktop\Addition.txt 2015-12-22 11:37 - 2015-12-22 11:41 - 00022707 _____ C:\Users\Daniel\Desktop\FRST.txt 2015-12-22 11:37 - 2015-12-22 11:41 - 00000000 ____D C:\FRST 2015-12-22 11:36 - 2015-12-22 11:37 - 02370560 _____ (Farbar) C:\Users\Daniel\Desktop\FRST64.exe 2015-12-22 11:31 - 2015-12-22 11:31 - 00016148 _____ C:\WINDOWS\system32\GLOBALITY_Daniel_HistoryPrediction.bin 2015-12-21 14:38 - 2015-12-22 11:33 - 00003808 _____ C:\WINDOWS\System32\Tasks\AutoKMS 2015-12-21 14:28 - 2015-12-21 14:28 - 00514327 _____ C:\Users\Daniel\Desktop\20151221.pdf 2015-12-21 14:24 - 2015-12-21 14:24 - 00000000 ____D C:\ProgramData\ATI 2015-12-21 11:16 - 2015-12-21 11:16 - 00036520 _____ C:\Users\Daniel\Documents\arena.mrf 2015-12-21 10:28 - 2015-12-21 10:28 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD Catalyst Control Center 2015-12-21 10:26 - 2015-12-21 10:27 - 00000000 ____D C:\WINDOWS\LastGood.Tmp 2015-12-21 10:25 - 2015-12-21 10:25 - 47794160 _____ (Advanced Micro Devices Inc.) C:\WINDOWS\system32\amdocl64.dll 2015-12-21 10:25 - 2015-12-21 10:25 - 39720944 _____ (Advanced Micro Devices Inc.) C:\WINDOWS\SysWOW64\amdocl.dll 2015-12-21 10:25 - 2015-12-21 10:25 - 30775792 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\system32\atio6axx.dll 2015-12-21 10:25 - 2015-12-21 10:25 - 27544560 _____ (Advanced Micro Devices Inc.) C:\WINDOWS\system32\amdocl12cl64.dll 2015-12-21 10:25 - 2015-12-21 10:25 - 25320432 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\SysWOW64\atioglxx.dll 2015-12-21 10:25 - 2015-12-21 10:25 - 22327280 _____ (Advanced Micro Devices Inc.) C:\WINDOWS\SysWOW64\amdocl12cl.dll 2015-12-21 10:25 - 2015-12-21 10:25 - 15725552 _____ (Advanced Micro Devices Inc.) C:\WINDOWS\system32\aticaldd64.dll 2015-12-21 10:25 - 2015-12-21 10:25 - 14310896 _____ (Advanced Micro Devices Inc.) C:\WINDOWS\SysWOW64\aticaldd.dll 2015-12-21 10:25 - 2015-12-21 10:25 - 09355016 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\amdxc64.dll 2015-12-21 10:25 - 2015-12-21 10:25 - 08982432 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\atiumd6a.dll 2015-12-21 10:25 - 2015-12-21 10:25 - 08864920 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\atiumd64.dll 2015-12-21 10:25 - 2015-12-21 10:25 - 07683096 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\amdxc32.dll 2015-12-21 10:25 - 2015-12-21 10:25 - 06686192 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\amdmantle64.dll 2015-12-21 10:25 - 2015-12-21 10:25 - 05216240 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\amdmantle32.dll 2015-12-21 10:25 - 2015-12-21 10:25 - 03471376 _____ C:\WINDOWS\SysWOW64\atiumdva.cap 2015-12-21 10:25 - 2015-12-21 10:25 - 03437632 _____ C:\WINDOWS\system32\atiumd6a.cap 2015-12-21 10:25 - 2015-12-21 10:25 - 01256432 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\system32\atiadlxx.dll 2015-12-21 10:25 - 2015-12-21 10:25 - 01196032 _____ C:\WINDOWS\system32\amdocl_as64.exe 2015-12-21 10:25 - 2015-12-21 10:25 - 01070592 _____ C:\WINDOWS\system32\amdocl_ld64.exe 2015-12-21 10:25 - 2015-12-21 10:25 - 01004032 _____ C:\WINDOWS\SysWOW64\amdocl_as32.exe 2015-12-21 10:25 - 2015-12-21 10:25 - 00935408 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\SysWOW64\atiadlxy.dll 2015-12-21 10:25 - 2015-12-21 10:25 - 00935408 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\SysWOW64\atiadlxx.dll 2015-12-21 10:25 - 2015-12-21 10:25 - 00807424 _____ C:\WINDOWS\SysWOW64\amdocl_ld32.exe 2015-12-21 10:25 - 2015-12-21 10:25 - 00662400 _____ C:\WINDOWS\SysWOW64\atiapfxx.blb 2015-12-21 10:25 - 2015-12-21 10:25 - 00662400 _____ C:\WINDOWS\system32\atiapfxx.blb 2015-12-21 10:25 - 2015-12-21 10:25 - 00631792 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\system32\amdlvr64.dll 2015-12-21 10:25 - 2015-12-21 10:25 - 00524272 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\SysWOW64\amdlvr32.dll 2015-12-21 10:25 - 2015-12-21 10:25 - 00471320 _____ C:\WINDOWS\system32\amdmiracast.dll 2015-12-21 10:25 - 2015-12-21 10:25 - 00451056 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\system32\atidemgy.dll 2015-12-21 10:25 - 2015-12-21 10:25 - 00375792 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\system32\atiapfxx.exe 2015-12-21 10:25 - 2015-12-21 10:25 - 00341488 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\system32\ATIODE.exe 2015-12-21 10:25 - 2015-12-21 10:25 - 00243696 _____ C:\WINDOWS\system32\clinfo.exe 2015-12-21 10:25 - 2015-12-21 10:25 - 00213488 _____ C:\WINDOWS\system32\amdgfxinfo64.dll 2015-12-21 10:25 - 2015-12-21 10:25 - 00199664 _____ (AMD) C:\WINDOWS\system32\atitmm64.dll 2015-12-21 10:25 - 2015-12-21 10:25 - 00198640 _____ C:\WINDOWS\SysWOW64\amdgfxinfo32.dll 2015-12-21 10:25 - 2015-12-21 10:25 - 00168944 _____ C:\WINDOWS\system32\atieah64.exe 2015-12-21 10:25 - 2015-12-21 10:25 - 00165360 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\atig6txx.dll 2015-12-21 10:25 - 2015-12-21 10:25 - 00152560 _____ C:\WINDOWS\SysWOW64\atieah32.exe 2015-12-21 10:25 - 2015-12-21 10:25 - 00151936 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\system32\amdhcp64.dll 2015-12-21 10:25 - 2015-12-21 10:25 - 00150512 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\atigktxx.dll 2015-12-21 10:25 - 2015-12-21 10:25 - 00143344 _____ C:\WINDOWS\system32\amdhdl64.dll 2015-12-21 10:25 - 2015-12-21 10:25 - 00138384 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\SysWOW64\amdhcp32.dll 2015-12-21 10:25 - 2015-12-21 10:25 - 00136176 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\mantle64.dll 2015-12-21 10:25 - 2015-12-21 10:25 - 00132080 _____ C:\WINDOWS\SysWOW64\amdhdl32.dll 2015-12-21 10:25 - 2015-12-21 10:25 - 00130064 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\atiu9p64.dll 2015-12-21 10:25 - 2015-12-21 10:25 - 00122352 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\mantle32.dll 2015-12-21 10:25 - 2015-12-21 10:25 - 00117600 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\amdave64.dll 2015-12-21 10:25 - 2015-12-21 10:25 - 00111600 _____ C:\WINDOWS\system32\hsa-thunk64.dll 2015-12-21 10:25 - 2015-12-21 10:25 - 00111088 _____ C:\WINDOWS\SysWOW64\hsa-thunk.dll 2015-12-21 10:25 - 2015-12-21 10:25 - 00110320 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\amdave32.dll 2015-12-21 10:25 - 2015-12-21 10:25 - 00103408 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\mantleaxl64.dll 2015-12-21 10:25 - 2015-12-21 10:25 - 00097776 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\atisamu64.dll 2015-12-21 10:25 - 2015-12-21 10:25 - 00096752 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\mantleaxl32.dll 2015-12-21 10:25 - 2015-12-21 10:25 - 00089584 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\atisamu32.dll 2015-12-21 10:25 - 2015-12-21 10:25 - 00088000 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\atimpc64.dll 2015-12-21 10:25 - 2015-12-21 10:25 - 00088000 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\amdpcom64.dll 2015-12-21 10:25 - 2015-12-21 10:25 - 00083952 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\atig6pxx.dll 2015-12-21 10:25 - 2015-12-21 10:25 - 00081160 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\atimpc32.dll 2015-12-21 10:25 - 2015-12-21 10:25 - 00081160 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\amdpcom32.dll 2015-12-21 10:25 - 2015-12-21 10:25 - 00078320 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\atiglpxx.dll 2015-12-21 10:25 - 2015-12-21 10:25 - 00078320 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\atiglpxx.dll 2015-12-21 10:25 - 2015-12-21 10:25 - 00073712 _____ (Khronos Group) C:\WINDOWS\system32\OpenCL.dll 2015-12-21 10:25 - 2015-12-21 10:25 - 00071152 _____ (Advanced Micro Devices Inc.) C:\WINDOWS\system32\aticalrt64.dll 2015-12-21 10:25 - 2015-12-21 10:25 - 00068080 _____ (Khronos Group) C:\WINDOWS\SysWOW64\OpenCL.dll 2015-12-21 10:25 - 2015-12-21 10:25 - 00064496 _____ (Advanced Micro Devices Inc.) C:\WINDOWS\system32\aticalcl64.dll 2015-12-21 10:25 - 2015-12-21 10:25 - 00060912 _____ (Advanced Micro Devices Inc.) C:\WINDOWS\SysWOW64\aticalrt.dll 2015-12-21 10:25 - 2015-12-21 10:25 - 00059888 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\system32\ATIODCLI.exe 2015-12-21 10:25 - 2015-12-21 10:25 - 00059376 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\amdmmcl6.dll 2015-12-21 10:25 - 2015-12-21 10:25 - 00057840 _____ (Advanced Micro Devices Inc.) C:\WINDOWS\SysWOW64\aticalcl.dll 2015-12-21 10:25 - 2015-12-21 10:25 - 00052208 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\system32\Drivers\ati2erec.dll 2015-12-21 10:25 - 2015-12-21 10:25 - 00048112 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\amdmmcl.dll 2015-12-21 10:25 - 2015-12-21 10:25 - 00038384 _____ (AMD) C:\WINDOWS\system32\atimuixx.dll 2015-12-21 10:25 - 2015-12-21 10:25 - 00012784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\detoured.dll 2015-12-21 10:25 - 2015-12-21 10:25 - 00012784 _____ (Microsoft Corporation) C:\WINDOWS\system32\detoured.dll 2015-12-20 20:56 - 2015-12-20 20:56 - 00478062 _____ C:\Users\Daniel\Desktop\20151220.pdf 2015-12-20 17:19 - 2015-12-22 11:07 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox 2015-12-20 13:28 - 2015-12-21 14:29 - 00283623 _____ C:\Users\Daniel\Desktop\Dienstplan_TV_Cannstatt.xlsm 2015-12-20 10:36 - 2015-12-20 10:36 - 00255478 _____ C:\Users\Daniel\Downloads\Dienstplan_Änderung2_NEU (1).xlsm 2015-12-20 10:36 - 2015-12-20 10:36 - 00255478 _____ C:\Users\Daniel\Desktop\Dienstplan_Änderung2_NEU (1).xlsm 2015-12-18 10:57 - 2015-12-18 11:03 - 606692048 _____ (Sirrix AG) C:\Users\Daniel\Downloads\Browser_In_The_Box.4.1.4-r150.chrome.Archive.exe 2015-12-18 10:41 - 2015-12-19 19:28 - 00000222 _____ C:\Users\Daniel\Desktop\nicht angreiffen.txt 2015-12-18 10:36 - 2015-12-18 10:36 - 00617444 _____ C:\Users\Daniel\Downloads\Browser-in-the-Box_Benutzerhandbuch.pdf 2015-12-16 15:10 - 2015-12-16 15:10 - 00025360 _____ C:\Users\Daniel\Documents\far-Flung Prairie.mrf 2015-12-15 21:23 - 2015-12-15 21:23 - 00034360 _____ C:\Users\Daniel\Documents\nightfall swamp.mrf 2015-12-15 18:10 - 2015-12-15 18:11 - 21852240 _____ C:\Users\Daniel\Downloads\Smoothies.rar 2015-12-15 17:33 - 2015-12-15 17:33 - 00280112 _____ C:\WINDOWS\Minidump\121515-9359-01.dmp 2015-12-15 15:47 - 2015-12-15 15:47 - 00006660 _____ C:\Users\Daniel\Downloads\Rechnung Nr. 15005998.pdf 2015-12-15 13:56 - 2015-12-15 13:56 - 00023026 _____ C:\Users\Daniel\Downloads\Vodafone-Internet--Telefon-Kuendigung (1) (1).pdf 2015-12-15 13:53 - 2015-12-15 13:53 - 00023026 _____ C:\Users\Daniel\Downloads\Vodafone-Internet--Telefon-Kuendigung (1).pdf 2015-12-15 13:52 - 2015-12-15 13:53 - 00023026 _____ C:\Users\Daniel\Downloads\Vodafone-Internet--Telefon-Kuendigung.pdf 2015-12-15 13:36 - 2015-12-15 13:36 - 00000000 ____D C:\Users\Daniel\AppData\Roaming\Sirrix AG 2015-12-15 13:35 - 2015-12-15 13:35 - 00211398 _____ C:\Users\Daniel\Desktop\kündigung strom.pdf 2015-12-15 13:26 - 2015-12-18 11:04 - 00001332 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Browser in the Box.lnk 2015-12-15 13:26 - 2015-12-18 11:04 - 00001320 _____ C:\Users\Public\Desktop\Browser in the Box.lnk 2015-12-15 13:26 - 2015-12-15 13:26 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Browser in the Box 2015-12-15 13:25 - 2015-12-15 13:25 - 00000000 ____D C:\ProgramData\Sirrix AG 2015-12-15 13:25 - 2015-12-15 13:25 - 00000000 ____D C:\Program Files (x86)\Sirrix AG 2015-12-15 13:21 - 2015-12-15 13:21 - 00000000 ____D C:\Program Files\Oracle 2015-12-15 13:14 - 2015-12-15 13:19 - 565717248 _____ (Sirrix AG) C:\Users\Daniel\Downloads\Browser_In_The_Box.4.1.4-r150.firefox.Archive.exe 2015-12-15 13:12 - 2015-12-17 19:43 - 00002252 _____ C:\Users\Public\Desktop\Google Chrome.lnk 2015-12-15 13:11 - 2015-12-15 13:11 - 00927824 _____ (Google Inc.) C:\Users\Daniel\Downloads\ChromeSetup (1).exe 2015-12-15 12:47 - 2015-12-15 12:47 - 00436869 _____ C:\Users\Daniel\Downloads\Kündigung-strom-umzug-form (1).pdf 2015-12-15 12:44 - 2015-12-15 12:45 - 00436869 _____ C:\Users\Daniel\Downloads\Kündigung-strom-umzug-form.pdf 2015-12-15 12:28 - 2015-12-15 12:36 - 24149323 _____ C:\Users\Daniel\Downloads\Malwarebytes Anti-Malware Premium 2.2.0.1024.rar 2015-12-15 12:21 - 2015-12-22 11:31 - 00192216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys 2015-12-15 12:20 - 2015-12-15 13:10 - 00001165 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2015-12-15 12:20 - 2015-12-15 12:20 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 2015-12-15 12:20 - 2015-12-15 12:20 - 00000000 ____D C:\ProgramData\Malwarebytes 2015-12-15 12:20 - 2015-12-15 12:20 - 00000000 ____D C:\Program Files (x86)\ Malwarebytes Anti-Malware 2015-12-15 12:20 - 2015-10-05 09:50 - 00109272 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamchameleon.sys 2015-12-15 12:20 - 2015-10-05 09:50 - 00064216 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys 2015-12-15 12:20 - 2015-10-05 09:50 - 00025816 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys 2015-12-15 12:17 - 2015-12-15 12:18 - 22908888 _____ (Malwarebytes ) C:\Users\Daniel\Downloads\mbam-setup-2.2.0.1024.exe 2015-12-15 12:09 - 2015-12-15 12:09 - 00003530 _____ C:\WINDOWS\System32\Tasks\Ahonaradra 2015-12-15 12:02 - 2015-12-15 12:59 - 00000000 ____D C:\Users\Daniel\AppData\Roaming\systweak 2015-12-15 12:02 - 2015-11-20 19:27 - 00019888 _____ C:\WINDOWS\system32\roboot64.exe 2015-12-15 12:01 - 2015-12-15 12:01 - 00003774 _____ C:\WINDOWS\System32\Tasks\SoftUpgrade 2015-12-15 12:01 - 2015-12-15 12:01 - 00000000 ____D C:\Users\Daniel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BandwidthStat 2015-12-15 12:01 - 2015-12-15 12:01 - 00000000 ____D C:\Users\Daniel\AppData\Roaming\BandwidthStat 2015-12-15 12:01 - 2015-12-15 12:01 - 00000000 ____D C:\Program Files (x86)\SoftUpgrade 2015-12-15 11:58 - 2015-12-22 11:31 - 00000364 ____H C:\WINDOWS\Tasks\WOXRGHDNAFGIQKGK.job 2015-12-15 11:58 - 2015-12-15 12:24 - 00000000 ____D C:\ProgramData\Service1104 2015-12-15 11:58 - 2015-12-15 11:58 - 00003442 _____ C:\WINDOWS\System32\Tasks\WOXRGHDNAFGIQKGK 2015-12-15 11:58 - 2015-12-15 11:58 - 00000000 ____D C:\ProgramData\19a87fa1ec024bbcbb41931263354405 2015-12-15 11:57 - 2015-12-15 11:57 - 00275717 _____ C:\Users\Daniel\Documents\151210 Rechnung_Lingel.pdf 2015-12-15 11:35 - 2015-12-15 11:35 - 00000000 ____D C:\ProgramData\{FD6F83C0-EC70-4581-8361-C70CD1AA4B98} 2015-12-15 11:34 - 2015-12-15 11:34 - 00026528 _____ (REALiX(tm)) C:\WINDOWS\SysWOW64\Drivers\HWiNFO64A.SYS 2015-12-15 11:34 - 2015-12-15 11:34 - 00000000 ____D C:\WINDOWS\Tasks\ImCleanDisabled 2015-12-15 11:34 - 2015-01-10 15:32 - 00128288 _____ (IObit) C:\WINDOWS\system32\IObitSmartDefragExtension.dll 2015-12-15 11:34 - 2014-06-04 15:17 - 00034080 _____ (IObit) C:\WINDOWS\system32\SmartDefragBootTime.exe 2015-12-15 11:33 - 2015-12-15 11:41 - 00000000 ____D C:\Users\Daniel\AppData\Roaming\IObit 2015-12-15 11:33 - 2015-12-15 11:40 - 00000000 ____D C:\ProgramData\IObit 2015-12-15 11:33 - 2015-12-15 11:38 - 00000000 ____D C:\ProgramData\ProductData 2015-12-15 11:33 - 2015-12-15 11:33 - 00000000 ____D C:\Users\Daniel\AppData\Roaming\ProductData 2015-12-15 11:33 - 2015-12-15 11:33 - 00000000 ____D C:\Users\Daniel\AppData\Roaming\Apple Computer 2015-12-15 11:33 - 2015-12-15 11:33 - 00000000 ____D C:\Users\Daniel\AppData\LocalLow\IObit 2015-12-15 11:32 - 2015-12-15 11:41 - 00000000 ____D C:\Program Files (x86)\IObit 2015-12-15 11:32 - 2015-12-15 11:32 - 30003568 _____ (IObit ) C:\Users\Daniel\Downloads\IObit-Malware-Fighter-Setup3409.exe 2015-12-15 11:16 - 2015-12-15 11:16 - 17529025 _____ C:\Users\Daniel\Documents\151210 Rechnung Lingel.pdf 2015-12-15 11:11 - 2015-12-15 11:59 - 00000000 ____D C:\Users\Daniel\AppData\Roaming\cpuminer 2015-12-15 11:11 - 2015-12-15 11:58 - 00000008 _____ C:\END 2015-12-15 11:11 - 2015-12-15 11:11 - 00003160 _____ C:\WINDOWS\System32\Tasks\spw3016 2015-12-15 11:10 - 2015-12-22 11:31 - 00000000 ____D C:\Program Files (x86)\QuickSearch 2015-12-15 11:09 - 2015-12-15 12:58 - 00000000 ____D C:\Users\Daniel\AppData\Local\SmartWeb 2015-12-15 11:05 - 2015-12-15 11:13 - 00000000 ____D C:\Users\Daniel\AppData\Roaming\Opera Software 2015-12-15 11:05 - 2015-12-15 11:13 - 00000000 ____D C:\Users\Daniel\AppData\Local\Opera Software 2015-12-15 11:04 - 2015-12-15 11:05 - 17231872 _____ C:\Users\Daniel\Downloads\epson374980eu.exe 2015-12-15 11:03 - 2015-12-15 13:04 - 00000000 ____D C:\Program Files (x86)\03000200-1450173802-0500-0006-000700080009 2015-12-15 11:03 - 2015-12-15 11:02 - 00004182 _____ C:\WINDOWS\system32\Drivers\etc\hp.bak 2015-12-15 11:02 - 2015-12-15 13:07 - 00000306 __RSH C:\Users\Daniel\ntuser.pol 2015-12-15 11:02 - 2015-12-15 13:07 - 00000306 __RSH C:\ProgramData\ntuser.pol 2015-12-15 11:01 - 2015-12-15 11:01 - 00003294 _____ C:\WINDOWS\System32\Tasks\{9049D845-5093-42F1-ABE4-823668FF2E6F} 2015-12-15 10:59 - 2015-12-15 10:59 - 12793856 _____ C:\Users\Daniel\Downloads\epson325480eu.exe 2015-12-15 10:57 - 2015-12-15 10:57 - 25198592 _____ C:\Users\Daniel\Downloads\epson324666eu.dmg 2015-12-14 20:52 - 2015-12-14 20:52 - 00030000 _____ C:\Users\Daniel\Documents\13.mrf 2015-12-14 14:28 - 2015-12-14 14:32 - 00027280 _____ C:\Users\Daniel\Documents\sunshine beach.mrf 2015-12-14 14:23 - 2015-12-14 14:23 - 31302583 _____ C:\Users\Daniel\Downloads\auv116.pdf 2015-12-14 14:23 - 2015-12-14 14:23 - 31302583 _____ C:\Users\Daniel\Downloads\auv116 (1).pdf 2015-12-14 14:22 - 2015-12-14 14:23 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype 2015-12-14 14:22 - 2015-12-14 14:22 - 00000000 ___RD C:\Program Files (x86)\Skype 2015-12-14 14:11 - 2015-12-14 14:15 - 11692510 _____ C:\Users\Daniel\Downloads\GLGzFAmSSuC(zA.rar 2015-12-14 14:05 - 2015-12-14 14:15 - 32280461 _____ C:\Users\Daniel\Downloads\Nicht bestätigt 522240.crdownload 2015-12-14 13:48 - 2015-12-14 13:48 - 00030280 _____ C:\Users\Daniel\Documents\Climbing Olympus.mrf 2015-12-14 13:20 - 2015-12-15 16:21 - 00000000 ____D C:\Users\Daniel\AppData\Roaming\Mouse Recorder 2015-12-14 13:20 - 2015-12-14 13:20 - 00000000 ____D C:\ProgramData\MouseRecorder 2015-12-14 13:20 - 2015-12-14 13:20 - 00000000 ____D C:\ProgramData\Mouse Recorder 2015-12-14 13:20 - 2015-12-14 13:20 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MouseRecorder 2015-12-14 13:20 - 2015-12-14 13:20 - 00000000 ____D C:\Program Files (x86)\MouseRecorder 2015-12-14 13:19 - 2015-12-14 13:21 - 02467080 _____ (Bartels Media GmbH ) C:\Users\Daniel\Downloads\MouseRecorderSetup1042.exe 2015-12-14 13:17 - 2015-12-14 13:17 - 02331531 _____ C:\Users\Daniel\Downloads\MRP276Setup.zip 2015-12-14 13:10 - 2015-12-14 13:10 - 00000000 ____D C:\Users\Daniel\Documents\My Recorded Scripts 2015-12-14 13:10 - 2015-12-14 13:10 - 00000000 ____D C:\Users\Daniel\AppData\Roaming\Mouse Recorder Pro 2015-12-14 13:10 - 2015-12-14 13:10 - 00000000 ____D C:\Users\Daniel\AppData\Local\Nemex 2015-12-14 13:09 - 2015-12-14 13:09 - 02332069 _____ C:\Users\Daniel\Downloads\mrp275setup.zip 2015-12-14 13:01 - 2015-12-14 13:01 - 00842440 _____ (ghost-mouse.com ) C:\Users\Daniel\Downloads\GhostMouse323-Setup (1).exe 2015-12-14 12:55 - 2015-12-15 13:10 - 00001682 _____ C:\Users\Public\Desktop\BlueStacks.lnk 2015-12-14 12:55 - 2015-12-15 13:08 - 00001742 _____ C:\Users\Daniel\AppData\Roaming\Microsoft\Windows\Start Menu\BlueStacks.lnk 2015-12-14 12:55 - 2015-12-14 13:01 - 00842440 _____ (ghost-mouse.com ) C:\Users\Daniel\Downloads\GhostMouse323-Setup.exe 2015-12-14 12:55 - 2015-12-14 12:55 - 00000000 ____D C:\ProgramData\BlueStacksGameManager 2015-12-14 12:54 - 2015-12-14 12:54 - 00000000 ____D C:\Users\Daniel\AppData\Local\fabi.me 2015-12-14 12:53 - 2015-12-14 12:55 - 00000000 ____D C:\Program Files (x86)\BlueStacks 2015-12-14 12:53 - 2015-12-14 12:54 - 00000000 ____D C:\ProgramData\BlueStacks 2015-12-14 12:53 - 2015-12-14 12:53 - 00094899 _____ C:\Users\Daniel\Downloads\SpeedAutoClicker.zip 2015-12-14 12:46 - 2015-12-14 12:47 - 308301520 _____ (BlueStack Systems Inc.) C:\Users\Daniel\Downloads\BlueStacks2-Installer_native.exe 2015-12-12 19:59 - 2015-12-01 08:01 - 02115936 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys 2015-12-12 19:59 - 2015-12-01 06:51 - 07523840 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll 2015-12-12 19:59 - 2015-12-01 05:59 - 05455360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll 2015-12-12 19:59 - 2015-11-25 06:42 - 04532304 _____ (Microsoft Corporation) C:\WINDOWS\explorer.exe 2015-12-12 19:59 - 2015-11-25 06:33 - 03622272 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll 2015-12-12 19:59 - 2015-11-25 06:27 - 01366680 _____ (Microsoft Corporation) C:\WINDOWS\system32\user32.dll 2015-12-12 19:59 - 2015-11-25 06:12 - 04047288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\explorer.exe 2015-12-12 19:59 - 2015-11-25 06:09 - 01310880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\user32.dll 2015-12-12 19:59 - 2015-11-25 06:01 - 02879024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll 2015-12-12 19:59 - 2015-11-25 05:49 - 01569280 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Globalization.dll 2015-12-12 19:59 - 2015-11-25 05:44 - 21872640 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll 2015-12-12 19:59 - 2015-11-25 05:42 - 24592384 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll 2015-12-12 19:59 - 2015-11-25 05:36 - 01710592 _____ (Microsoft Corporation) C:\WINDOWS\system32\SRHInproc.dll 2015-12-12 19:59 - 2015-11-25 05:35 - 00929792 _____ (Microsoft Corporation) C:\WINDOWS\system32\SRH.dll 2015-12-12 19:59 - 2015-11-25 05:35 - 00845824 _____ (Microsoft Corporation) C:\WINDOWS\system32\Magnify.exe 2015-12-12 19:59 - 2015-11-25 05:34 - 12504576 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll 2015-12-12 19:59 - 2015-11-25 05:31 - 00121344 _____ (Microsoft Corporation) C:\WINDOWS\system32\DAMM.dll 2015-12-12 19:59 - 2015-11-25 05:30 - 00171008 _____ (Microsoft Corporation) C:\WINDOWS\system32\dot3mm.dll 2015-12-12 19:59 - 2015-11-25 05:29 - 01649152 _____ (Microsoft Corporation) C:\WINDOWS\system32\comsvcs.dll 2015-12-12 19:59 - 2015-11-25 05:29 - 00355328 _____ (Microsoft Corporation) C:\WINDOWS\system32\ninput.dll 2015-12-12 19:59 - 2015-11-25 05:28 - 00523776 _____ (Microsoft Corporation) C:\WINDOWS\system32\catsrvut.dll 2015-12-12 19:59 - 2015-11-25 05:27 - 02180608 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll 2015-12-12 19:59 - 2015-11-25 05:23 - 19323392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll 2015-12-12 19:59 - 2015-11-25 05:23 - 03588096 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys 2015-12-12 19:59 - 2015-11-25 05:23 - 00587776 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieui.dll 2015-12-12 19:59 - 2015-11-25 05:22 - 01717248 _____ (Microsoft Corporation) C:\WINDOWS\system32\GdiPlus.dll 2015-12-12 19:59 - 2015-11-25 05:22 - 01383424 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys 2015-12-12 19:59 - 2015-11-25 05:22 - 00603648 _____ (Microsoft Corporation) C:\WINDOWS\system32\duser.dll 2015-12-12 19:59 - 2015-11-25 05:19 - 01795584 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.dll 2015-12-12 19:59 - 2015-11-25 05:18 - 01233920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Globalization.dll 2015-12-12 19:59 - 2015-11-25 05:17 - 00774656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SRH.dll 2015-12-12 19:59 - 2015-11-25 05:16 - 01442816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SRHInproc.dll 2015-12-12 19:59 - 2015-11-25 05:16 - 00786432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Magnify.exe 2015-12-12 19:59 - 2015-11-25 05:11 - 00296960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ninput.dll 2015-12-12 19:59 - 2015-11-25 05:10 - 18801664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll 2015-12-12 19:59 - 2015-11-25 05:10 - 01328128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\comsvcs.dll 2015-12-12 19:59 - 2015-11-25 05:10 - 00415744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\catsrvut.dll 2015-12-12 19:59 - 2015-11-25 05:05 - 11263488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll 2015-12-12 19:59 - 2015-11-25 05:04 - 01467392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GdiPlus.dll 2015-12-12 19:59 - 2015-11-25 05:04 - 00480768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\duser.dll 2015-12-12 19:59 - 2015-11-25 05:04 - 00474624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieui.dll 2015-12-12 19:58 - 2015-12-01 07:03 - 00008192 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\gpuenergydrv.sys 2015-12-12 19:58 - 2015-12-01 06:54 - 00771072 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll 2015-12-12 19:58 - 2015-12-01 06:49 - 04792320 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll 2015-12-12 19:58 - 2015-12-01 06:02 - 03580416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll 2015-12-12 19:58 - 2015-11-25 06:42 - 00168288 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetworkUXBroker.exe 2015-12-12 19:58 - 2015-11-25 06:41 - 01822280 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll 2015-12-12 19:58 - 2015-11-25 06:40 - 00516448 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBHUB3.SYS 2015-12-12 19:58 - 2015-11-25 06:32 - 00113184 _____ (Microsoft Corporation) C:\WINDOWS\system32\userenv.dll 2015-12-12 19:58 - 2015-11-25 06:11 - 01532984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll 2015-12-12 19:58 - 2015-11-25 05:59 - 00092992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\userenv.dll 2015-12-12 19:58 - 2015-11-25 05:49 - 00498688 _____ (Microsoft Corporation) C:\WINDOWS\system32\WlanMediaManager.dll 2015-12-12 19:58 - 2015-11-25 05:49 - 00467456 _____ (Microsoft Corporation) C:\WINDOWS\system32\MBMediaManager.dll 2015-12-12 19:58 - 2015-11-25 05:49 - 00270336 _____ (Microsoft Corporation) C:\WINDOWS\system32\RasMediaManager.dll 2015-12-12 19:58 - 2015-11-25 05:48 - 00146944 _____ (Microsoft Corporation) C:\WINDOWS\system32\EthernetMediaManager.dll 2015-12-12 19:58 - 2015-11-25 05:48 - 00126464 _____ (Microsoft Corporation) C:\WINDOWS\system32\DAMediaManager.dll 2015-12-12 19:58 - 2015-11-25 05:37 - 02350592 _____ (Microsoft Corporation) C:\WINDOWS\system32\authui.dll 2015-12-12 19:58 - 2015-11-25 05:36 - 00022528 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usb8023.sys 2015-12-12 19:58 - 2015-11-25 05:30 - 00147968 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rmcast.sys 2015-12-12 19:58 - 2015-11-25 05:30 - 00080896 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hdaudbus.sys 2015-12-12 19:58 - 2015-11-25 05:28 - 00572928 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll 2015-12-12 19:58 - 2015-11-25 05:26 - 00849408 _____ (Microsoft Corporation) C:\WINDOWS\system32\comdlg32.dll 2015-12-12 19:58 - 2015-11-25 05:26 - 00181760 _____ (Microsoft Corporation) C:\WINDOWS\system32\shutdownux.dll 2015-12-12 19:58 - 2015-11-25 05:25 - 00324096 _____ (Microsoft Corporation) C:\WINDOWS\system32\profsvc.dll 2015-12-12 19:58 - 2015-11-25 05:25 - 00067072 _____ (Microsoft Corporation) C:\WINDOWS\system32\profext.dll 2015-12-12 19:58 - 2015-11-25 05:22 - 00007168 _____ (Microsoft Corporation) C:\WINDOWS\system32\kbdgeoqw.dll 2015-12-12 19:58 - 2015-11-25 05:22 - 00007168 _____ (Microsoft Corporation) C:\WINDOWS\system32\KBDAZST.DLL 2015-12-12 19:58 - 2015-11-25 05:22 - 00007168 _____ (Microsoft Corporation) C:\WINDOWS\system32\KBDAZEL.DLL 2015-12-12 19:58 - 2015-11-25 05:22 - 00007168 _____ (Microsoft Corporation) C:\WINDOWS\system32\KBDAZE.DLL 2015-12-12 19:58 - 2015-11-25 05:19 - 00185344 _____ (Microsoft Corporation) C:\WINDOWS\system32\psmsrv.dll 2015-12-12 19:58 - 2015-11-25 05:13 - 02153984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\authui.dll 2015-12-12 19:58 - 2015-11-25 05:10 - 00503296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll 2015-12-12 19:58 - 2015-11-25 05:08 - 00749568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\comdlg32.dll 2015-12-12 19:58 - 2015-11-25 05:07 - 00053248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\profext.dll 2015-12-12 19:58 - 2015-11-25 05:04 - 00007168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kbdgeoqw.dll 2015-12-12 19:58 - 2015-11-25 05:04 - 00007168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KBDAZST.DLL 2015-12-12 19:58 - 2015-11-25 05:04 - 00007168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KBDAZEL.DLL 2015-12-12 19:58 - 2015-11-25 05:04 - 00007168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KBDAZE.DLL 2015-12-12 19:58 - 2015-11-25 03:52 - 00775312 _____ C:\WINDOWS\SysWOW64\locale.nls 2015-12-12 19:58 - 2015-11-25 03:52 - 00775312 _____ C:\WINDOWS\system32\locale.nls 2015-12-06 18:50 - 2015-12-06 18:50 - 01142543 _____ C:\Users\Daniel\Downloads\Bewerbung_Melanie_Schwab 1.zip 2015-12-06 18:50 - 2015-12-06 18:50 - 01142543 _____ C:\Users\Daniel\Downloads\Bewerbung_Melanie_Schwab 1 (1).zip 2015-12-06 18:49 - 2015-12-06 18:49 - 04397665 _____ C:\Users\Daniel\Downloads\Bewerbung_Melanie_Schwab (1).zip 2015-12-06 18:48 - 2015-12-06 18:48 - 01142560 _____ C:\Users\Daniel\Downloads\Bewerbung_Melanie_Schwab.zip 2015-12-06 18:19 - 2015-12-06 18:19 - 03984004 _____ C:\Users\Daniel\Downloads\Bewerbung_Erzieherin_Daniele_Maier.pdf 2015-12-06 18:06 - 2015-12-06 18:06 - 00291489 _____ C:\Users\Daniel\Downloads\20151127131614271.pdf 2015-12-06 17:50 - 2015-12-06 17:50 - 00109513 _____ C:\Users\Daniel\Desktop\Anmeldung.pdf 2015-12-03 18:29 - 2015-12-03 18:29 - 00169351 _____ C:\Users\Daniel\Downloads\WAZ.pdf 2015-11-30 21:32 - 2015-11-30 21:32 - 00064681 _____ C:\Users\Daniel\Downloads\Rückseite.pdf 2015-11-30 21:31 - 2015-11-30 21:31 - 00064681 _____ C:\Users\Daniel\Desktop\Rückseite.pdf 2015-11-30 21:29 - 2015-11-30 21:29 - 00032176 _____ C:\Users\Daniel\Desktop\Vorderseite.pdf 2015-11-30 21:25 - 2015-11-30 21:25 - 04889088 _____ C:\Users\Daniel\Downloads\Da Carlo Front Visit.zdl 2015-11-30 21:25 - 2015-11-30 21:25 - 01163776 _____ C:\Users\Daniel\Downloads\Da Carlo Back Visit.zdl 2015-11-29 20:16 - 2015-11-29 20:16 - 00457667 _____ C:\Users\Daniel\Downloads\maui.pdf 2015-11-26 16:19 - 2015-11-26 17:43 - 00000000 ____D C:\Users\Daniel\Desktop\Schwab Melli 2015-11-25 16:11 - 2015-11-25 16:11 - 00255478 _____ C:\Users\Daniel\Desktop\Dienstplan_Änderung2_NEU.xlsm 2015-11-25 16:00 - 2015-11-25 16:00 - 00273974 _____ C:\Users\Daniel\Downloads\Dienstplan_Änderung2_NEU.xlsm 2015-11-25 15:59 - 2015-11-25 15:59 - 00076125 _____ C:\Users\Daniel\Downloads\Kopie von Dienstplan_Änderung2 (1).xlsx ==================== Ein Monat: Geänderte Dateien und Ordner ======== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.) 2015-12-22 11:39 - 2015-07-10 10:05 - 00000000 ____D C:\Windows 2015-12-22 11:37 - 2015-08-01 19:33 - 01790124 _____ C:\WINDOWS\system32\PerfStringBackup.INI 2015-12-22 11:37 - 2015-07-10 17:34 - 00771100 _____ C:\WINDOWS\system32\perfh007.dat 2015-12-22 11:37 - 2015-07-10 17:34 - 00153964 _____ C:\WINDOWS\system32\perfc007.dat 2015-12-22 11:37 - 2015-07-10 12:02 - 00000000 ____D C:\WINDOWS\INF 2015-12-22 11:36 - 2014-11-03 18:22 - 00000000 ____D C:\ProgramData\BlueStacksSetup 2015-12-22 11:32 - 2015-02-13 17:03 - 00000000 ____D C:\ProgramData\TwonkyServer 2015-12-22 11:32 - 2014-05-05 05:08 - 00000000 ____D C:\Users\Daniel\AppData\Roaming\Skype 2015-12-22 11:31 - 2015-08-01 19:21 - 00000000 ____D C:\Users\postgres 2015-12-22 11:31 - 2015-08-01 19:20 - 00000000 _____ C:\WINDOWS\system32\Drivers\lvuvc.hs 2015-12-22 11:31 - 2015-07-10 13:21 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT 2015-12-22 11:31 - 2014-05-05 05:06 - 00001134 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job 2015-12-22 11:28 - 2015-07-10 12:04 - 00000000 ____D C:\WINDOWS\Registration 2015-12-22 11:28 - 2015-07-10 10:05 - 00524288 ___SH C:\WINDOWS\system32\config\BBI 2015-12-22 11:28 - 2014-06-23 15:11 - 00065536 _____ C:\WINDOWS\system32\spu_storage.bin 2015-12-22 11:27 - 2015-08-01 19:21 - 00000000 ____D C:\Users\Daniel 2015-12-22 11:25 - 2014-05-05 05:06 - 00001138 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job 2015-12-22 11:09 - 2015-07-10 12:04 - 00000000 ____D C:\WINDOWS\system32\NDF 2015-12-22 11:08 - 2015-07-10 12:04 - 00000000 ____D C:\WINDOWS\AppReadiness 2015-12-22 11:07 - 2014-05-29 11:18 - 00000000 ____D C:\Users\Daniel\AppData\Local\CrashDumps 2015-12-22 11:07 - 2014-05-13 19:27 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service 2015-12-22 11:02 - 2014-06-07 19:47 - 00000884 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job 2015-12-22 08:54 - 2015-08-08 19:27 - 00004160 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{88EEB1D5-370C-4812-9418-EDF692A916C5} 2015-12-22 02:00 - 2014-06-23 14:35 - 00000000 ____D C:\Users\Daniel\AppData\Local\Adobe 2015-12-21 17:39 - 2015-07-10 12:04 - 00000000 ___HD C:\Program Files\WindowsApps 2015-12-21 15:41 - 2015-08-16 17:58 - 00000000 ____D C:\Program Files (x86)\StarMoney 9.0 2015-12-21 11:06 - 2015-10-03 15:02 - 00010560 _____ C:\Users\Daniel\Desktop\Lego-Architecture.xlsx 2015-12-21 10:28 - 2015-08-01 19:20 - 00000000 ____D C:\ProgramData\AMD 2015-12-21 10:28 - 2015-08-01 19:20 - 00000000 ____D C:\Program Files (x86)\ATI Technologies 2015-12-21 10:27 - 2014-05-05 05:07 - 00000000 ____D C:\AMD 2015-12-21 10:25 - 2015-08-25 19:22 - 21648880 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\system32\Drivers\atikmdag.sys 2015-12-21 10:25 - 2015-08-25 19:22 - 00255472 _____ (AMD) C:\WINDOWS\system32\atiesrxx.exe 2015-12-21 10:25 - 2015-07-16 01:12 - 00162232 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\atiuxp64.dll 2015-12-21 10:25 - 2015-07-16 01:11 - 12088000 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\atidxx64.dll 2015-12-21 10:25 - 2015-07-16 01:11 - 10211016 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\atidxx32.dll 2015-12-21 10:25 - 2015-07-16 01:11 - 08009360 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\atiumdva.dll 2015-12-21 10:25 - 2015-07-16 01:11 - 07482560 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\atiumdag.dll 2015-12-21 10:25 - 2015-07-16 01:11 - 01479808 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\aticfx64.dll 2015-12-21 10:25 - 2015-07-16 01:11 - 01223544 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\aticfx32.dll 2015-12-21 10:25 - 2015-07-16 01:11 - 00143056 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\atiuxpag.dll 2015-12-21 10:25 - 2015-07-16 01:11 - 00112360 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\atiu9pag.dll 2015-12-21 10:25 - 2015-07-16 00:17 - 00683504 _____ (AMD) C:\WINDOWS\system32\atieclxx.exe 2015-12-21 10:25 - 2015-07-16 00:13 - 00674288 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\system32\Drivers\atikmpag.sys 2015-12-21 10:25 - 2015-07-16 00:12 - 00874480 _____ (AMD) C:\WINDOWS\system32\coinst_15.20.dll 2015-12-20 10:37 - 2014-05-05 05:03 - 00000000 ____D C:\Users\Daniel\AppData\Local\Packages 2015-12-18 19:58 - 2015-09-19 10:01 - 00023600 _____ C:\Users\Daniel\Desktop\Kaufpreis Backnang.xlsx 2015-12-18 17:14 - 2015-07-10 17:44 - 00000000 ____D C:\WINDOWS\ShellNew 2015-12-18 10:51 - 2013-08-22 16:36 - 00000000 ____D C:\WINDOWS\system32\GroupPolicy 2015-12-17 18:52 - 2015-08-20 15:17 - 00002099 _____ C:\Users\Public\Desktop\Sony PC Companion 2.1.lnk 2015-12-17 18:52 - 2014-07-10 16:29 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sony 2015-12-17 18:52 - 2014-05-05 05:08 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information 2015-12-17 14:36 - 2015-07-10 12:04 - 00000000 ____D C:\WINDOWS\LiveKernelReports 2015-12-15 17:33 - 2015-08-15 18:33 - 00000000 ____D C:\WINDOWS\Minidump 2015-12-15 13:24 - 2014-11-03 18:30 - 00000000 ____D C:\Users\Daniel\.VirtualBox 2015-12-15 13:11 - 2015-08-01 19:25 - 00001540 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk 2015-12-15 13:11 - 2015-06-26 22:05 - 00001162 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CDBurnerXP.lnk 2015-12-15 13:11 - 2014-12-29 16:10 - 00000971 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 10.lnk 2015-12-15 13:11 - 2014-10-20 18:02 - 00000942 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GIMP 2.lnk 2015-12-15 13:11 - 2014-08-16 22:06 - 00001229 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Creative Cloud.lnk 2015-12-15 13:11 - 2014-08-16 20:58 - 00000920 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Photoshop CS6 (64 Bit).lnk 2015-12-15 13:11 - 2014-08-16 20:58 - 00000890 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Bridge CS6 (64bit).lnk 2015-12-15 13:11 - 2014-08-16 20:57 - 00001527 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe ExtendScript Toolkit CS6.lnk 2015-12-15 13:11 - 2014-08-16 20:57 - 00000985 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Extension Manager CS6.lnk 2015-12-15 13:11 - 2014-08-16 17:13 - 00001750 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Rainmeter.lnk 2015-12-15 13:11 - 2014-05-26 12:18 - 00002445 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk 2015-12-15 13:11 - 2014-05-13 19:27 - 00001159 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk 2015-12-15 13:10 - 2015-08-26 18:40 - 00001218 _____ C:\Users\Public\Desktop\CDBurnerXP.lnk 2015-12-15 13:10 - 2015-08-16 18:00 - 00002234 _____ C:\Users\Public\Desktop\StarMoney 9.0.lnk 2015-12-15 13:08 - 2015-08-01 20:21 - 00002425 _____ C:\Users\Daniel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk 2015-12-15 13:08 - 2015-05-16 13:40 - 00002158 _____ C:\Users\Daniel\AppData\Roaming\Microsoft\Windows\Start Menu\KÜCHEN QUELLE 3D.lnk 2015-12-15 13:08 - 2015-04-02 10:04 - 00000879 _____ C:\Users\Daniel\AppData\Roaming\Microsoft\Windows\Start Menu\µTorrent.lnk 2015-12-15 13:08 - 2015-01-18 17:42 - 00001033 _____ C:\Users\Daniel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\iPadian.lnk 2015-12-15 13:08 - 2015-01-08 18:29 - 00001822 _____ C:\Users\Daniel\AppData\Roaming\Microsoft\Windows\Start Menu\Coral Poker.lnk 2015-12-15 13:08 - 2014-12-16 14:46 - 00001830 _____ C:\Users\Daniel\AppData\Roaming\Microsoft\Windows\Start Menu\Winner Poker.lnk 2015-12-15 13:08 - 2014-08-21 15:45 - 00001136 _____ C:\ProgramData\Microsoft\Windows\Start Menu\LINE.lnk 2015-12-15 13:08 - 2014-07-25 19:12 - 00001792 _____ C:\ProgramData\Microsoft\Windows\Start Menu\24hPoker.lnk 2015-12-15 13:08 - 2014-07-02 16:36 - 00001102 _____ C:\ProgramData\Microsoft\Windows\Start Menu\PokerStars.eu.lnk 2015-12-15 13:08 - 2014-06-14 19:21 - 00001120 _____ C:\Users\Daniel\AppData\Roaming\Microsoft\Windows\Start Menu\PokerStars.eu.lnk 2015-12-15 13:08 - 2014-05-18 20:21 - 00000295 _____ C:\Users\Daniel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Papierkorb.lnk 2015-12-15 13:08 - 2014-05-17 11:36 - 00001079 _____ C:\Users\Daniel\AppData\Roaming\Microsoft\Windows\Start Menu\PokerRanger.lnk 2015-12-15 13:08 - 2014-05-05 15:46 - 00001188 _____ C:\Users\Daniel\AppData\Roaming\Microsoft\Windows\Start Menu\Startfenster.lnk 2015-12-15 13:08 - 2014-05-05 15:24 - 00000811 _____ C:\Users\Daniel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Betfair.com Poker.lnk 2015-12-15 13:07 - 2015-10-12 19:18 - 00002180 _____ C:\Users\Daniel\Desktop\AusweisApp2.lnk 2015-12-15 12:04 - 2015-08-01 20:18 - 00000000 __RHD C:\Users\Public\AccountPictures 2015-12-15 11:12 - 2014-10-20 17:34 - 00000000 ____D C:\WINDOWS\system32\appmgmt 2015-12-14 22:26 - 2015-07-10 12:04 - 00000000 ____D C:\WINDOWS\rescache 2015-12-14 22:20 - 2015-09-06 12:11 - 00000000 ____D C:\WINDOWS\Panther 2015-12-14 22:15 - 2015-10-30 20:28 - 00000000 ___HD C:\$WINDOWS.~BT 2015-12-14 19:15 - 2015-07-10 13:20 - 04962496 _____ C:\WINDOWS\system32\FNTCACHE.DAT 2015-12-14 14:22 - 2014-05-05 05:08 - 00000000 ____D C:\Users\Daniel\AppData\Local\Skype 2015-12-14 14:22 - 2014-05-05 05:07 - 00000000 ____D C:\ProgramData\Skype 2015-12-14 14:19 - 2015-07-10 12:04 - 00000000 ____D C:\WINDOWS\system32\oobe 2015-12-14 12:55 - 2015-07-10 12:04 - 00000000 __RHD C:\Users\Public\Libraries 2015-12-14 12:50 - 2014-11-03 18:25 - 00000000 ____D C:\Program Files\Andy 2015-12-14 11:44 - 2014-05-05 14:40 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013 2015-12-14 11:44 - 2014-05-05 14:38 - 00000000 ____D C:\ProgramData\Microsoft Help 2015-12-14 11:43 - 2013-08-22 14:25 - 00000167 _____ C:\WINDOWS\win.ini 2015-12-14 11:41 - 2014-05-10 14:33 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight 2015-12-14 11:40 - 2014-05-10 14:33 - 00000000 ____D C:\Program Files\Microsoft Silverlight 2015-12-14 11:40 - 2014-05-10 14:33 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight 2015-12-14 11:39 - 2015-07-10 11:55 - 00000000 ____D C:\WINDOWS\CbsTemp 2015-12-14 11:38 - 2014-05-07 16:59 - 00000000 ____D C:\WINDOWS\system32\MRT 2015-12-14 11:32 - 2014-05-07 16:59 - 140158008 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe 2015-12-14 09:46 - 2014-05-05 05:05 - 00000000 ___RD C:\Users\Daniel\OneDrive 2015-12-12 19:44 - 2014-06-14 19:21 - 00000000 ____D C:\Users\Daniel\AppData\Local\PokerStars.EU 2015-12-09 04:39 - 2014-05-07 18:25 - 00301728 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe 2015-12-06 11:19 - 2014-05-05 05:06 - 00004196 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA 2015-12-06 11:19 - 2014-05-05 05:06 - 00003964 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore 2015-12-06 11:04 - 2014-08-16 21:42 - 00000000 ____D C:\ProgramData\regid.1986-12.com.adobe 2015-12-06 11:04 - 2014-05-05 14:37 - 00000000 ____D C:\Users\Daniel\AppData\Local\AMD 2015-12-01 01:32 - 2015-10-03 15:01 - 00826872 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe 2015-12-01 01:32 - 2015-10-03 15:01 - 00176632 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl ==================== Dateien im Wurzelverzeichnis einiger Verzeichnisse ======= 2014-11-27 21:25 - 2014-11-27 21:25 - 0004676 _____ () C:\Users\Daniel\AppData\Local\recently-used.xbel 2015-05-16 13:40 - 2015-05-16 13:40 - 0370070 _____ () C:\Users\Daniel\AppData\Local\SquareClock.Production_Home_KQ_WebIcon.ico 2015-02-13 17:03 - 2015-02-13 17:03 - 0000011 _____ () C:\ProgramData\.tv7 2014-05-05 15:24 - 2014-05-05 15:24 - 0558105 _____ () C:\ProgramData\1399299703.bdinstall.bin 2015-01-05 15:23 - 2015-01-05 15:23 - 0259192 _____ () C:\ProgramData\1420467746.bdinstall.bin 2015-02-08 16:01 - 2015-02-08 16:01 - 0740775 _____ () C:\ProgramData\AndyDrivers.zip 2015-08-01 19:19 - 2015-08-01 19:19 - 0000000 ____H () C:\ProgramData\DP45977C.lfl 2014-08-09 18:17 - 2014-08-09 18:17 - 0005044 _____ () C:\ProgramData\flwjycbm.bab Einige Dateien in TEMP: ==================== C:\Users\Daniel\AppData\Local\Temp\prog.exe C:\Users\Daniel\AppData\Local\Temp\tmp6407.exe C:\Users\Daniel\AppData\Local\Temp\tmpF8DA.exe C:\Users\Daniel\AppData\Local\Temp\Uninstall.exe C:\Users\Daniel\AppData\Local\Temp\upd.exe ==================== Bamital & volsnap ================= (Es ist kein automatischer Fix für Dateien vorhanden, die an der Verifikation gescheitert sind.) C:\WINDOWS\system32\winlogon.exe => Datei ist digital signiert C:\WINDOWS\system32\wininit.exe => Datei ist digital signiert C:\WINDOWS\explorer.exe => Datei ist digital signiert C:\WINDOWS\SysWOW64\explorer.exe => Datei ist digital signiert C:\WINDOWS\system32\svchost.exe => Datei ist digital signiert C:\WINDOWS\SysWOW64\svchost.exe => Datei ist digital signiert C:\WINDOWS\system32\services.exe => Datei ist digital signiert C:\WINDOWS\system32\User32.dll => Datei ist digital signiert C:\WINDOWS\SysWOW64\User32.dll => Datei ist digital signiert C:\WINDOWS\system32\userinit.exe => Datei ist digital signiert C:\WINDOWS\SysWOW64\userinit.exe => Datei ist digital signiert C:\WINDOWS\system32\rpcss.dll => Datei ist digital signiert C:\WINDOWS\system32\dnsapi.dll => Datei ist digital signiert C:\WINDOWS\SysWOW64\dnsapi.dll => Datei ist digital signiert C:\WINDOWS\system32\Drivers\volsnap.sys => Datei ist digital signiert LastRegBack: 2015-12-14 22:04 ==================== Ende von FRST.txt ============================ Code:
ATTFilter Zusätzliches Untersuchungsergebnis von Farbar Recovery Scan Tool (x64) Version:20-12-2015
durchgeführt von Daniel (2015-12-22 11:42:03)
Gestartet von C:\Users\Daniel\Desktop
Windows 10 Pro (X64) (2015-08-01 19:18:38)
Start-Modus: Normal
==========================================================
==================== Konten: =============================
Administrator (S-1-5-21-2676936528-1030403693-891089861-500 - Administrator - Disabled)
BitBox (S-1-5-21-2676936528-1030403693-891089861-1013 - Limited - Enabled)
Daniel (S-1-5-21-2676936528-1030403693-891089861-1001 - Administrator - Enabled) => C:\Users\Daniel
DefaultAccount (S-1-5-21-2676936528-1030403693-891089861-503 - Limited - Disabled)
Gast (S-1-5-21-2676936528-1030403693-891089861-501 - Limited - Disabled)
Gl0ba_000 (S-1-5-21-2676936528-1030403693-891089861-1007 - Administrator - Enabled) => C:\Users\Gl0ba_000
HomeGroupUser$ (S-1-5-21-2676936528-1030403693-891089861-1003 - Limited - Enabled)
postgres (S-1-5-21-2676936528-1030403693-891089861-1006 - Limited - Enabled) => C:\Users\postgres
==================== Sicherheits-Center ========================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er entfernt.)
AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installierte Programme ======================
(Nur Adware-Programme mit dem Zusatz "Hidden" können in die Fixlist aufgenommen werden, um sie sichtbar zu machen. Die Adware-Programme sollten manuell deinstalliert werden.)
µTorrent (HKU\S-1-5-21-2676936528-1030403693-891089861-1001\...\uTorrent) (Version: 3.4.2.39586 - BitTorrent Inc.)
24hPoker (HKLM-x32\...\24hPoker (Poker)) (Version: 16.6.2.11243 - )
Adobe Creative Cloud (HKLM-x32\...\Adobe Creative Cloud) (Version: 2.7.1.418 - Adobe Systems Incorporated)
Adobe Flash Player 20 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 20.0.0.235 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.13) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.13 - Adobe Systems Incorporated)
Advanced WarCraft3 Configurator (remove only) (HKLM-x32\...\AWC) (Version: - )
ALNO AG Küchenplaner (HKLM-x32\...\{A89131FD-3D18-4DA8-84C8-622423011B51}_is1) (Version: 14a - ALNO AG)
AMD Catalyst Control Center (HKLM-x32\...\WUCCCApp) (Version: 1.00.0000 - AMD)
AMD Catalyst Install Manager (HKLM\...\{572C982F-95F5-0562-AE8F-8A9D7D024A88}) (Version: 8.0.916.0 - Advanced Micro Devices, Inc.)
Android SDK Tools (HKLM-x32\...\Android SDK Tools) (Version: 1.16 - Google Inc.)
Andy OS (HKLM-x32\...\Andy OS) (Version: 0.43 - Andy OS, Inc)
AusweisApp2 (HKLM-x32\...\{1C785E05-CFC7-43BE-9A52-9FB39C180CB8}) (Version: 1.2.2 - Governikus GmbH & Co. KG)
BandwidthStat (HKU\S-1-5-21-2676936528-1030403693-891089861-1001\...\BandwidthStat) (Version: 1.0 - BandwidthStat)
Betfair.com Poker (HKU\S-1-5-21-2676936528-1030403693-891089861-1001\...\Betfair.com Poker) (Version: - )
Betfair.com Poker (HKU\S-1-5-21-2676936528-1030403693-891089861-1006\...\Betfair.com Poker) (Version: - )
BlueStacks App Player (HKLM-x32\...\{1996E857-C787-4205-B4FF-73FDB117DCED}) (Version: 2.0.1.5621 - BlueStack Systems, Inc.)
Browser in the Box (HKLM-x32\...\BitBox) (Version: 4.1.4-r150 - Sirrix AG)
Business Card Designer Plus 11 (HKLM-x32\...\BCDP11_is1) (Version: - CAM Development)
Camtasia Studio 8 (HKLM-x32\...\{419CEBE1-36E9-4AB2-8586-D6213AE28621}) (Version: 8.4.0.1699 - TechSmith Corporation)
CDBurnerXP (HKLM-x32\...\{7E265513-8CDA-4631-B696-F40D983F3B07}_is1) (Version: 4.5.5.5790 - CDBurnerXP)
Coral Poker (HKU\S-1-5-21-2676936528-1030403693-891089861-1001\...\Coral Poker) (Version: - )
Coupon Printer for Windows (HKLM-x32\...\Coupon Printer for Windows5.0.1.3) (Version: 5.0.1.3 - Coupons.com Incorporated)
DesignPro 5 (HKLM-x32\...\InstallShield_{F82C6574-AD88-4B40-A432-970BC77F1BD2}) (Version: 5.5.708 - Avery)
DesignPro 5 (x32 Version: 5.5.708 - Avery) Hidden
devolo Cockpit (HKLM-x32\...\dlancockpit) (Version: 4.2.3.0 - devolo AG)
DHTML Editing Component (HKLM-x32\...\{2EA870FA-585F-4187-903D-CB9FFD21E2E0}) (Version: 6.02.0001 - Microsoft Corporation)
EPSON SX410 Series Printer Uninstall (HKLM\...\EPSON SX410 Series) (Version: - SEIKO EPSON Corporation)
etope Lister 2 (HKLM-x32\...\etope Lister_is1) (Version: - Freshworx GmbH & Co.KG)
FileZilla Client 3.13.0 (HKLM-x32\...\FileZilla Client) (Version: 3.13.0 - Tim Kosse)
Flashtool (HKLM-x32\...\Flashtool) (Version: 0.9.18.3 - Androxyde)
Full Tilt Poker.Eu (HKLM-x32\...\{127BEFB3-24B2-4B44-8E99-AD22C2A5A8ED}) (Version: 5.22.10.WIN.FullTilt.EU - )
Genymotion version 2.4.0 (HKLM\...\{6D180286-D4DF-40EF-9227-923B9C07C08A}_is1) (Version: 2.4.0 - Genymobile)
GetFLV 9.6.2.9 (HKLM-x32\...\GetFLV_is1) (Version: - GetFLV, Inc.)
GIMP 2.8.14 (HKLM\...\GIMP-2_is1) (Version: 2.8.14 - The GIMP Team)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 47.0.2526.106 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.29.1 - Google Inc.) Hidden
Holdem Manager 2 (HKLM-x32\...\HoldemManager2) (Version: - )
ICCup Launcher (HKLM-x32\...\ICCup Launcher_is1) (Version: 1.6 - ICCup)
Java 7 Update 51 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217051FF}) (Version: 7.0.510 - Oracle)
Java 7 Update 60 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F06417060FF}) (Version: 7.0.600 - Oracle)
Java 8 Update 25 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418025F0}) (Version: 8.0.250 - Oracle Corporation)
Java SE Development Kit 7 Update 60 (64-bit) (HKLM\...\{64A3A4F4-B792-11D6-A78A-00B0D0170600}) (Version: 1.7.0.600 - Oracle)
Java SE Development Kit 8 Update 5 (64-bit) (HKLM\...\{64A3A4F4-B792-11D6-A78A-00B0D0180050}) (Version: 8.0.50 - Oracle Corporation)
JDownloader 2 (HKLM\...\jdownloader2) (Version: 2.0 - AppWork GmbH)
KÜCHEN QUELLE 3D (HKU\S-1-5-21-2676936528-1030403693-891089861-1001\...\SquareClock_Production_Home_KQ_Web) (Version: - 3DVIA SAS)
LINE (HKLM-x32\...\LINE) (Version: 4.1.2.525 - LINE Corporation)
MakeMKV v1.9.0 (HKLM-x32\...\MakeMKV) (Version: v1.9.0 - GuinpinSoft inc)
Malwarebytes Anti-Malware Version 2.2.0.1024 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.0.1024 - Malwarebytes)
Microsoft Office Professional Plus 2013 (HKLM\...\Office15.PROPLUS) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.41105.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Visual Studio 2010-Tools für Office-Laufzeit (x64) Language Pack - DEU (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - DEU) (Version: 10.0.50903 - Microsoft Corporation)
MouseRecorder v1.0.42 (HKLM-x32\...\MouseRecorder_is1) (Version: 1.0.42 - Bartels Media GmbH)
Mozilla Firefox 43.0.1 (x86 de) (HKLM-x32\...\Mozilla Firefox 43.0.1 (x86 de)) (Version: 43.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 43.0.1.5828 - Mozilla)
Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.6.2 - Notepad++ Team)
Oracle VM VirtualBox 5.0.10_Sirrix (HKLM\...\{15DB0BEC-4D4B-4471-9E37-2FB454965C05}) (Version: 5.0.10 - Sirrix AG)
Outils de vérification linguistique 2013 de Microsoft Office*- Français (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
PDF Settings CS6 (x32 Version: 11.0 - Adobe Systems Incorporated) Hidden
PDF24 Creator 6.4.1 (HKLM-x32\...\{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1) (Version: - PDF24.org)
PokerRanger (HKLM-x32\...\PokerRanger) (Version: - Michael A. Voelkel)
PokerStars.eu (HKLM-x32\...\PokerStars.eu) (Version: - PokerStars.eu)
PokerStrategy.com Equilab (HKLM-x32\...\{86D09F48-CDAB-4B4C-8806-F6C16F17935A}) (Version: 1.2.8.0 - PokerStrategy.com)
PokerTracker 4 (remove only) (HKLM-x32\...\PokerTracker4) (Version: - )
PostgreSQL 8.4 (HKLM-x32\...\PostgreSQL 8.4) (Version: 8.4 - PostgreSQL Global Development Group)
Rainmeter (HKLM-x32\...\Rainmeter) (Version: 3.1 beta r2211 - )
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7535 - Realtek Semiconductor Corp.)
Roadkil's Unstoppable Copier Version 5.2 (HKLM-x32\...\{A306FD29-7D3A-4287-91AC-9A0180931395}_is1) (Version: - Roadkil.Net)
Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{D82063A8-7C8C-4C3B-A9BB-95138CA55D26}) (Version: - Microsoft)
Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (Version: - Microsoft) Hidden
Skype™ 7.16 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.16.102 - Skype Technologies S.A.)
Sony Mobile Update Engine (HKLM-x32\...\Update Engine) (Version: 2.15.9.201506301709 - Sony Mobile Communications Inc.)
Sony PC Companion 2.10.303 (HKLM-x32\...\{F09EF8F2-0976-42C1-8D9D-8DF78337C6E3}) (Version: 2.10.303 - Sony)
StarCraft (HKLM-x32\...\StarCraft) (Version: - Blizzard Entertainment)
StarMoney (x32 Version: 4.0.8.25 - StarFinanz) Hidden
StarMoney 9.0 (HKLM-x32\...\{FCC4357A-A357-4909-B67D-4C713548A97F}) (Version: 9.0 - Star Finanz GmbH)
TeamSpeak 3 Client (HKLM-x32\...\TeamSpeak 3 Client) (Version: 3.0.16 - TeamSpeak Systems GmbH)
TeamViewer 10 (HKLM-x32\...\TeamViewer) (Version: 10.0.36897 - TeamViewer)
Turbo Lister 2 (HKLM-x32\...\{8927E07C-97F7-4A54-88FB-D976F50DD46E}) (Version: 2.00.0000 - eBay Inc.)
Twonky Server (HKLM-x32\...\TwonkyServer) (Version: 7.2.3.0 - PacketVideo)
Universal Adb Driver (HKLM-x32\...\{D9C4202E-6D51-4B06-A8F1-22316E654BCA}) (Version: 1.0.0 - ClockworkMod)
Update for Skype for Business 2015 (KB3039776) 64-Bit Edition (HKLM\...\{90150000-012B-0407-1000-0000000FF1CE}_Office15.PROPLUS_{5D2260D6-DB16-41DC-915B-A39BF4F66362}) (Version: - Microsoft)
VirtualCloneDrive (HKLM-x32\...\VirtualCloneDrive) (Version: 5.4.7.0 - Elaborate Bytes)
VLC media player 2.1.4 (HKLM\...\VLC media player) (Version: 2.1.4 - VideoLAN)
Warcraft III (HKLM-x32\...\Warcraft III) (Version: - )
Winner Poker (HKU\S-1-5-21-2676936528-1030403693-891089861-1001\...\winnerpoker) (Version: - )
WinRAR 5.01 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 5.01.0 - win.rar GmbH)
==================== Benutzerdefinierte CLSID (Nicht auf der Ausnahmeliste): ==========================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
CustomCLSID: HKU\S-1-5-21-2676936528-1030403693-891089861-1001_Classes\CLSID\{71DCE5D6-4B57-496B-AC21-CD5B54EB93FD}\localserver32 -> C:\Users\Daniel\AppData\Local\Microsoft\OneDrive\17.3.6281.1202\FileCoAuth.exe (Microsoft Corporation)
==================== Wiederherstellungspunkte =========================
22-12-2015 06:33:31 Geplanter Prüfpunkt
==================== Hosts Inhalt: ==========================
(Wenn benötigt kann der Hosts: Schalter in die Fixlist aufgenommen werden um die Hosts Datei zurückzusetzen.)
2013-08-22 14:25 - 2015-12-15 11:02 - 00004182 ____A C:\WINDOWS\system32\Drivers\etc\hosts
127.0.0.1 192.150.14.69
127.0.0.1 192.150.18.101
127.0.0.1 192.150.18.108
127.0.0.1 192.150.22.4
127.0.0.1 192.150.22.40
127.0.0.1 192.150.8.100
127.0.0.1 192.150.8.118
127.0.0.1 192.168.112.207
127.0.0.1 192.168.112.2o7.net
127.0.0.1 194.224.66.48
127.0.0.1 199.7.52.190
127.0.0.1 199.7.52.190:80
127.0.0.1 199.7.54.72
127.0.0.1 199.7.54.72:80
127.0.0.1 209.34.83.67
127.0.0.1 209.34.83.67:43
127.0.0.1 209.34.83.67:443
127.0.0.1 209.34.83.73
127.0.0.1 209.34.83.73:43
127.0.0.1 209.34.83.73:443
127.0.0.1 209-34-83-73.ood.opsource.net
127.0.0.1 2o7.net
127.0.0.1 3dns.adobe.com
127.0.0.1 3dns-1.adobe.com
127.0.0.1 3dns-2.adobe.com
127.0.0.1 3dns-2.adobe.de
127.0.0.1 3dns-3.adobe.com
127.0.0.1 3dns-3.adobe.de
127.0.0.1 3dns-4.adobe.com
127.0.0.1 activate.adobe.com
Da befinden sich 83 zusätzliche Einträge.
==================== Geplante Aufgaben (Nicht auf der Ausnahmeliste) =============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
Task: {0D4EE4C0-C7D6-4D3A-81E2-A19A5990EC0D} - System32\Tasks\SoftUpgrade => C:\Program Files (x86)\SoftUpgrade\softup.exe [2015-12-01] ()
Task: {10A445EC-5812-459B-AB19-3EDBC80EB37E} - System32\Tasks\{9049D845-5093-42F1-ABE4-823668FF2E6F} => pcalua.exe -a C:\Users\Daniel\Downloads\epson325480eu.exe -d C:\Users\Daniel\Downloads
Task: {19192A32-34DD-4A03-A38D-B888B0D8A4B5} - System32\Tasks\{04A1AFE4-B868-406E-980C-5285134DB7CD} => pcalua.exe -a "C:\Users\Daniel\Desktop\USB VCOM Driver\install_driver.exe" -d "C:\Users\Daniel\Desktop\USB VCOM Driver"
Task: {1A081C88-BE90-499C-A32A-2F72BBA8AE85} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-12-12] (Adobe Systems Incorporated)
Task: {25E7AED0-66D0-49C9-875F-3D90724BFD45} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation)
Task: {29BCDCEF-5D03-45D0-954F-BA95F786AA3D} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> Keine Datei <==== ACHTUNG
Task: {2C34182D-826A-4049-B023-E33E6C57A78D} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2015-12-14] (Microsoft Corporation)
Task: {30720E03-8606-45DC-935D-0C6DDE2C60B0} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> Keine Datei <==== ACHTUNG
Task: {31CB0D50-2B69-4633-8AC6-3BB1A9A369C0} - System32\Tasks\AdobeAAMUpdater-1.0-Globality-Daniel => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2015-08-05] (Adobe Systems Incorporated)
Task: {3E3A08A1-4A29-4FFB-AD24-2E2A7E937FFB} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> Keine Datei <==== ACHTUNG
Task: {4ADC82BA-5D20-44A9-A007-49384C560CD7} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe [2014-01-23] (Microsoft Corporation)
Task: {5071EA31-FC77-4ACA-8EFC-E26A6A297D54} - \SmartWeb Upgrade Trigger Task -> Keine Datei <==== ACHTUNG
Task: {51830C57-7B39-4137-8081-94A14D0093E2} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> Keine Datei <==== ACHTUNG
Task: {5DE863B4-E0C5-4E86-9F52-801FA2B6210D} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-10-28] (Adobe Systems Incorporated)
Task: {65D9614B-71AB-4FA3-9710-7CBA1509B463} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-09-06] (Google Inc.)
Task: {6A60CB4C-7828-489A-8839-75C6BA3B4281} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> Keine Datei <==== ACHTUNG
Task: {6C87DDAE-46B3-4972-A2C3-5DD8D40ED8BA} - System32\Tasks\Ahonaradra => C:\ProgramData\Ahonaradra\1.0.7.1\vlotifox.exe
Task: {6E5102ED-DE5B-444E-81FD-40CDD6DCD691} - \SwiftSearch Auto Updater 1.10.0.25 Core -> Keine Datei <==== ACHTUNG
Task: {80016EDB-E276-499C-B2E8-CE4CEDD252AE} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> Keine Datei <==== ACHTUNG
Task: {8349288D-1F49-4203-BBB2-AE5A3099B1A5} - System32\Tasks\spw3016 => C:\Program Files (x86)\QuickSearch\spw3016.exe [2015-12-01] () <==== ACHTUNG
Task: {913B0182-B33B-4682-B8E9-F4E0C9B0C022} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> Keine Datei <==== ACHTUNG
Task: {B0677499-1F3A-4830-A73C-686C8F60B2B6} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> Keine Datei <==== ACHTUNG
Task: {B2C027EB-4715-4128-B2E2-153DB2C21BD2} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> Keine Datei <==== ACHTUNG
Task: {B616205F-BEC7-43E0-9210-2459C73CE583} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-09-06] (Google Inc.)
Task: {B7A31BED-B7FF-44A2-8968-F05FA6EAB4C6} - \SwiftSearch Auto Updater 1.10.0.25 Pending Update -> Keine Datei <==== ACHTUNG
Task: {E45D9012-778B-4B8C-ACDF-FA1D5D205CC7} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> Keine Datei <==== ACHTUNG
Task: {E6C20D06-5920-4CB4-96E0-906A774B8027} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation)
Task: {E850C883-1B0B-4502-9D71-7351BB937B6D} - System32\Tasks\WOXRGHDNAFGIQKGK => C:\ProgramData\Service1104\Service1104.exe <==== ACHTUNG
Task: {F2DDDD76-1783-4D8E-9127-CF6A50B82B7E} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> Keine Datei <==== ACHTUNG
Task: {FCEBFB6A-284A-4798-8AC3-F59C9FB85904} - System32\Tasks\AutoKMS => C:\Windows\AutoKMS\AutoKMS.exe [2014-05-05] ()
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Aufgabe verschoben. Die Datei, die durch die Aufgabe gestartet wird, wird nicht verschoben.)
Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\WOXRGHDNAFGIQKGK.job => C:\ProgramData\Service1104\Service1104.exe <==== ACHTUNG
==================== Verknüpfungen =============================
(Die Einträge können gelistet werden, um sie zurückzusetzen oder zu entfernen.)
==================== Geladene Module (Nicht auf der Ausnahmeliste) ==============
2015-08-01 20:12 - 2015-08-01 20:12 - 00032768 _____ () C:\WINDOWS\SYSTEM32\licensemanagerapi.dll
2015-07-15 20:39 - 2015-07-15 20:39 - 00214528 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Container.PerformanceTuning.dll
2014-02-11 06:08 - 2014-02-11 06:08 - 00817152 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Device.dll
2014-02-11 06:08 - 2014-02-11 06:08 - 03650560 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Platform.dll
2015-08-19 08:53 - 2015-08-11 10:14 - 00404480 _____ () C:\WINDOWS\System32\diagtrack_wininternal.dll
2013-05-23 14:57 - 2013-05-23 14:57 - 00885576 _____ () C:\Program Files (x86)\Twonky\TwonkyServer\twonkyproxy.exe
2013-05-23 14:58 - 2013-05-23 14:58 - 02204488 _____ () C:\Program Files (x86)\Twonky\TwonkyServer\TwonkyServer.exe
2015-10-01 02:38 - 2015-09-17 07:48 - 02494712 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
2015-12-01 21:15 - 2015-12-01 21:15 - 00058684 _____ () C:\Program Files (x86)\QuickSearch\spw3016.exe
2015-10-01 02:38 - 2015-09-17 07:48 - 02494712 _____ () C:\WINDOWS\System32\CoreUIComponents.dll
2014-07-16 10:06 - 2014-07-16 10:06 - 00672416 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync_x64.dll
2015-10-01 02:38 - 2015-09-17 06:48 - 00429056 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\QuickActions.dll
2015-12-12 19:59 - 2015-11-25 05:20 - 06569472 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2015-12-12 19:58 - 2015-11-25 05:17 - 00471040 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2015-12-12 19:59 - 2015-11-25 05:17 - 01808384 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2015-10-01 02:38 - 2015-09-17 06:43 - 02274816 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2014-07-10 16:29 - 2015-06-10 10:13 - 00113024 _____ () C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanionInfo.exe
2013-12-23 08:07 - 2013-12-23 08:07 - 00036536 _____ () C:\Program Files\Rainmeter\Rainmeter.exe
2013-12-23 08:07 - 2013-12-23 08:07 - 00793784 _____ () C:\Program Files\Rainmeter\Rainmeter.dll
2013-12-23 08:04 - 2013-12-23 08:04 - 00025088 _____ () C:\Program Files\Rainmeter\Plugins\QuotePlugin.dll
2015-07-15 20:38 - 2015-07-15 20:38 - 00102400 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Proxy.Native.dll
2010-12-23 11:06 - 2010-12-23 11:06 - 00028672 _____ () C:\Program Files (x86)\Sirrix AG\BitBox\bin\cx_Logging.pyd
2012-10-27 15:21 - 2012-10-27 15:21 - 00098816 _____ () C:\Program Files (x86)\Sirrix AG\BitBox\bin\win32api.pyd
2012-10-27 15:20 - 2012-10-27 15:20 - 00110080 _____ () C:\Program Files (x86)\Sirrix AG\BitBox\bin\pywintypes27.dll
2012-10-27 15:20 - 2012-10-27 15:20 - 00018432 _____ () C:\Program Files (x86)\Sirrix AG\BitBox\bin\win32event.pyd
2012-10-27 15:20 - 2012-10-27 15:20 - 00119808 _____ () C:\Program Files (x86)\Sirrix AG\BitBox\bin\win32file.pyd
2012-10-27 15:21 - 2012-10-27 15:21 - 00167936 _____ () C:\Program Files (x86)\Sirrix AG\BitBox\bin\win32gui.pyd
2012-10-27 15:20 - 2012-10-27 15:20 - 00024064 _____ () C:\Program Files (x86)\Sirrix AG\BitBox\bin\win32pipe.pyd
2012-10-27 15:20 - 2012-10-27 15:20 - 00035840 _____ () C:\Program Files (x86)\Sirrix AG\BitBox\bin\win32process.pyd
2012-10-27 15:20 - 2012-10-27 15:20 - 00017408 _____ () C:\Program Files (x86)\Sirrix AG\BitBox\bin\win32profile.pyd
2012-10-27 15:20 - 2012-10-27 15:20 - 00108544 _____ () C:\Program Files (x86)\Sirrix AG\BitBox\bin\win32security.pyd
2012-10-27 15:21 - 2012-10-27 15:21 - 00022528 _____ () C:\Program Files (x86)\Sirrix AG\BitBox\bin\win32ts.pyd
2012-10-27 15:22 - 2012-10-27 15:22 - 00364544 _____ () C:\Program Files (x86)\Sirrix AG\BitBox\bin\pythoncom27.dll
2012-10-27 15:23 - 2012-10-27 15:23 - 00320512 _____ () C:\Program Files (x86)\Sirrix AG\BitBox\bin\win32com.shell.shell.pyd
2014-06-30 16:04 - 2014-06-30 16:04 - 00087552 _____ () C:\Program Files (x86)\Sirrix AG\BitBox\bin\_ctypes.pyd
2014-06-30 16:04 - 2014-06-30 16:04 - 00715264 _____ () C:\Program Files (x86)\Sirrix AG\BitBox\bin\_hashlib.pyd
2014-06-30 16:03 - 2014-06-30 16:03 - 00046080 _____ () C:\Program Files (x86)\Sirrix AG\BitBox\bin\_socket.pyd
2014-06-30 16:04 - 2014-06-30 16:04 - 01160704 _____ () C:\Program Files (x86)\Sirrix AG\BitBox\bin\_ssl.pyd
2012-10-27 15:20 - 2012-10-27 15:20 - 00025600 _____ () C:\Program Files (x86)\Sirrix AG\BitBox\bin\win32cred.pyd
2012-10-27 15:20 - 2012-10-27 15:20 - 00011264 _____ () C:\Program Files (x86)\Sirrix AG\BitBox\bin\win32crypt.pyd
2012-10-27 15:20 - 2012-10-27 15:20 - 00064512 _____ () C:\Program Files (x86)\Sirrix AG\BitBox\bin\win32net.pyd
2015-12-15 11:33 - 2014-10-16 10:26 - 00622880 _____ () C:\Program Files (x86)\IObit\LiveUpdate\ProductStatistics.dll
2015-08-16 17:59 - 2011-01-13 10:44 - 00232800 _____ () C:\Program Files (x86)\StarMoney 9.0\ouservice\PATCHW32.dll
2013-05-23 14:58 - 2013-05-23 14:58 - 00222024 _____ () C:\Program Files (x86)\Twonky\TwonkyServer\wmdrmdll.dll
2014-05-05 05:11 - 2014-02-18 09:11 - 00172032 _____ () c:\postgreSQL\bin\LIBPQ.dll
2014-05-05 05:11 - 2012-08-14 14:19 - 00999424 _____ () c:\postgreSQL\bin\libxml2.dll
2015-12-22 11:31 - 2015-12-22 11:31 - 00013824 _____ () C:\WINDOWS\TEMP\nst7B7B.tmp\UAC.dll
2015-12-22 11:31 - 2015-12-22 11:31 - 00011264 _____ () C:\WINDOWS\TEMP\nst7B7B.tmp\System.dll
2015-12-22 11:31 - 2015-12-22 11:31 - 00006656 _____ () C:\WINDOWS\TEMP\nst7B7B.tmp\nsExec.dll
2015-12-22 11:31 - 2015-12-22 11:31 - 00011264 _____ () C:\WINDOWS\TEMP\nsoADD6.tmp\System.dll
2014-07-10 16:29 - 2012-04-30 10:57 - 00039936 _____ () C:\Program Files (x86)\Sony\Sony PC Companion\TMonitorAPI.dll
2014-07-10 16:29 - 2015-10-20 17:44 - 00242176 _____ () C:\Program Files (x86)\Sony\Sony PC Companion\MExplorer.dll
2011-07-07 13:54 - 2011-07-07 13:54 - 00233984 _____ () C:\Program Files (x86)\Sony\Sony PC Companion\Report.dll
2014-07-10 16:29 - 2015-04-21 12:22 - 00053248 _____ () C:\Program Files (x86)\Sony\Sony PC Companion\VObject.dll
2015-03-23 18:19 - 2015-03-23 18:19 - 02620416 _____ () C:\Program Files (x86)\Sony\Sony PC Companion\libxt.dll
2015-06-24 16:46 - 2015-06-24 16:46 - 00801792 _____ () C:\Program Files (x86)\Sony\Sony PC Companion\PhoneUpdate.dll
2015-08-18 03:20 - 2015-08-18 03:20 - 03129368 _____ () C:\Program Files (x86)\Naver\LINE\ampkit_windows.dll
2015-07-03 06:44 - 2015-07-03 06:44 - 00123416 _____ () C:\Program Files (x86)\Naver\LINE\PlayerHelper.dll
2015-11-25 20:18 - 2015-11-25 20:18 - 00147136 ____R () C:\Program Files (x86)\Skype\Phone\ssScreenVVS2.dll
2014-07-03 05:45 - 2014-07-03 05:45 - 32733056 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CEF\libcef.dll
2015-12-10 17:55 - 2015-12-14 12:54 - 03287552 _____ () C:\Program Files (x86)\BlueStacks\libGLESv2.dll
2015-08-15 13:42 - 2015-08-15 13:42 - 00039384 _____ () C:\Program Files\FileZilla FTP Client\fzshellext.dll
2015-12-17 19:38 - 2015-12-11 04:54 - 01583432 _____ () C:\Program Files (x86)\Google\Chrome\Application\47.0.2526.106\libglesv2.dll
2015-12-17 19:38 - 2015-12-11 04:54 - 00081224 _____ () C:\Program Files (x86)\Google\Chrome\Application\47.0.2526.106\libegl.dll
2014-07-03 05:45 - 2014-07-03 05:45 - 00742784 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CEF\libglesv2.dll
2014-07-03 05:45 - 2014-07-03 05:45 - 00136576 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CEF\libegl.dll
2015-12-17 19:38 - 2015-12-11 04:54 - 16573256 _____ () C:\Program Files (x86)\Google\Chrome\Application\47.0.2526.106\PepperFlash\pepflashplayer.dll
==================== Alternate Data Streams (Nicht auf der Ausnahmeliste) =========
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird nur der ADS entfernt.)
AlternateDataStreams: C:\Users\Daniel\Downloads\24hpoker.exe:BDU
AlternateDataStreams: C:\Users\Daniel\Downloads\awc117_setup.exe:BDU
AlternateDataStreams: C:\Users\Daniel\Downloads\bcdp115_setup.exe:BDU
AlternateDataStreams: C:\Users\Daniel\Downloads\dotNetFx40_Full_setup.exe:BDU
AlternateDataStreams: C:\Users\Daniel\Downloads\dotNetFx45_Full_setup.exe:BDU
AlternateDataStreams: C:\Users\Daniel\Downloads\Downloader_StarCraft_Combo_enGB (1).exe:BDU
AlternateDataStreams: C:\Users\Daniel\Downloads\Downloader_StarCraft_Combo_enGB.exe:BDU
AlternateDataStreams: C:\Users\Daniel\Downloads\driver_setup.exe:BDU
AlternateDataStreams: C:\Users\Daniel\Downloads\Firefox Setup Stub 29.0.1 (1).exe:BDU
AlternateDataStreams: C:\Users\Daniel\Downloads\Firefox Setup Stub 29.0.1.exe:BDU
AlternateDataStreams: C:\Users\Daniel\Downloads\Rainmeter-3.1-r2211-beta.exe:BDU
AlternateDataStreams: C:\Users\Daniel\Downloads\Rainmeter-3.2-r2302-beta.exe:BDU
AlternateDataStreams: C:\Users\Daniel\Downloads\TeamViewer_Setup_de.exe:BDU
AlternateDataStreams: C:\Users\Daniel\Downloads\Tunngle_Setup_v4.5.1.4b.exe:BDU
AlternateDataStreams: C:\Users\Daniel\Downloads\UnstopCpy_5_2_Win2K_UP_Setup.exe:BDU
==================== Abgesicherter Modus (Nicht auf der Ausnahmeliste) ===================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Der Wert "AlternateShell" wird wiederhergestellt.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\zcengine => ""="service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\zcwfp => ""="Driver"
==================== EXE Verknüpfungen (Nicht auf der Ausnahmeliste) ===============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt.)
==================== Internet Explorer Vertrauenswürdig/Eingeschränkt ===============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt.)
IE trusted site: HKU\S-1-5-21-2676936528-1030403693-891089861-1001\...\127.0.0.1 -> hxxp://127.0.0.1
==================== Andere Bereiche ============================
(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)
HKU\S-1-5-21-2676936528-1030403693-891089861-1001\Control Panel\Desktop\\Wallpaper -> C:\WINDOWS\web\wallpaper\Windows\img0.jpg
HKU\S-1-5-21-2676936528-1030403693-891089861-1006\Control Panel\Desktop\\Wallpaper ->
DNS Servers: 192.168.2.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall ist aktiviert.
==================== MSCONFIG/TASK MANAGER Deaktivierte Einträge ==
(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)
==================== Firewall Regeln (Nicht auf der Ausnahmeliste) ===============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{86B94AA2-1974-4259-8623-74A89B26E90A}] => (Allow) C:\Program Files (x86)\Sony Mobile\Update Engine\Sony Mobile Update Engine.exe
FirewallRules: [{71F2C407-7331-498A-8426-B24F465AF5A6}] => (Allow) C:\Program Files (x86)\Sony Mobile\Update Engine\Sony Mobile Update Engine.exe
FirewallRules: [UDP Query User{9697C13A-ACF0-42FA-8DB3-DE00CB791229}C:\program files\graphisoft\archicad 18\cinerender\cinerender 64bit.exe] => (Block) C:\program files\graphisoft\archicad 18\cinerender\cinerender 64bit.exe
FirewallRules: [TCP Query User{9B4EAA87-D5D7-4BC5-BBC8-3A1F66080E5C}C:\program files\graphisoft\archicad 18\cinerender\cinerender 64bit.exe] => (Block) C:\program files\graphisoft\archicad 18\cinerender\cinerender 64bit.exe
FirewallRules: [{A319014D-7C7C-4E14-8393-C7EBD13B7853}] => (Block) C:\program files\graphisoft\archicad 18\archicad.exe
FirewallRules: [{5DCE1293-AA8A-404E-9998-9C7D4E9EB905}] => (Block) C:\program files\graphisoft\archicad 18\archicad.exe
FirewallRules: [UDP Query User{371F79D9-44DB-460C-AFD1-22AD1EC9F1BF}C:\program files\graphisoft\archicad 18\archicad.exe] => (Allow) C:\program files\graphisoft\archicad 18\archicad.exe
FirewallRules: [TCP Query User{EE847DFA-BE7C-447E-B474-1FF81C73F2C9}C:\program files\graphisoft\archicad 18\archicad.exe] => (Allow) C:\program files\graphisoft\archicad 18\archicad.exe
FirewallRules: [{700DB8D3-9D38-4913-B53C-0DCFF12CB592}] => (Allow) C:\Users\Daniel\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{0CC39448-9F53-499A-B508-89E338783018}] => (Allow) C:\Users\Daniel\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{C969DC84-6A5C-4189-A0B9-09DEF39A2E3B}] => (Allow) C:\Program Files (x86)\Twonky\TwonkyServer\twonkyserver.exe
FirewallRules: [{4FFC1C3F-C2AE-41A6-8185-96D1ACEC7286}] => (Allow) C:\Program Files (x86)\Twonky\TwonkyServer\twonkyserver.exe
FirewallRules: [{651E66C8-FD77-4885-81EA-AC43378DD3BA}] => (Allow) C:\Program Files (x86)\Twonky\TwonkyServer\twonkyserver.exe
FirewallRules: [{7B85E5A8-2D27-4A7F-BD7E-BC73BF4163E9}] => (Allow) C:\Program Files (x86)\Twonky\TwonkyServer\twonkyserver.exe
FirewallRules: [{88DF49BF-3580-4919-97C1-E88AFF860949}] => (Allow) C:\Program Files (x86)\Twonky\TwonkyServer\twonkystarter.exe
FirewallRules: [{926FC48E-ED8B-4C92-955B-296B61E925CE}] => (Allow) C:\Program Files (x86)\Twonky\TwonkyServer\twonkystarter.exe
FirewallRules: [{1E8F8E48-947E-4D1F-9068-A487FE2A088B}] => (Allow) C:\Program Files (x86)\Twonky\TwonkyServer\twonkystarter.exe
FirewallRules: [{20323385-D02A-4647-B859-64512D6ED1F4}] => (Allow) C:\Program Files (x86)\Twonky\TwonkyServer\twonkystarter.exe
FirewallRules: [{087A2D3F-6CA3-4E74-8498-EEDFF4CF783F}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{60A11106-7FC4-457A-95C0-2C8D4199C1E9}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{E9E12CB3-9DE9-4FF7-89B2-09F9CEDF9BD0}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{115CCC81-9BE7-4D9A-B145-080EF6C055B9}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{EF5F2587-BAAB-4B16-AF91-609239231B84}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{987743EB-BBBE-4F9F-93BA-D70A431B2D4D}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{2A267BE3-3D53-4E9C-848F-061DDC151FF9}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe
FirewallRules: [{762FD712-99A1-403C-8D3E-67711B412F9A}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe
FirewallRules: [{CF0A6A64-9D00-43CA-83E2-DC5C6649F833}] => (Allow) C:\Program Files (x86)\Naver\LINE\Line.exe
FirewallRules: [{8EE06146-EB7F-4182-812B-C3D9EC267CF1}] => (Allow) C:\Program Files (x86)\Naver\LINE\Line.exe
FirewallRules: [{F7128546-8018-486F-9004-ACB69A65E116}] => (Block) C:\program files\andy\andy.exe
FirewallRules: [{6F7ABD7C-F397-4D1A-8BE8-DC0515F2A5AE}] => (Block) C:\program files\andy\andy.exe
FirewallRules: [UDP Query User{A3A97F3F-9A93-4F57-A1B7-36940B9C2874}C:\program files\andy\andy.exe] => (Allow) C:\program files\andy\andy.exe
FirewallRules: [TCP Query User{045EB7DF-B275-49C5-BA6B-428D73C6739D}C:\program files\andy\andy.exe] => (Allow) C:\program files\andy\andy.exe
FirewallRules: [{7AFFC66C-03DA-437C-8AB2-48E419AFDCA6}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{449501B3-39B2-4FB6-800B-6CD6DF00CF6C}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{90A1DF2C-EAC0-4B84-89A4-F662CA37FFDA}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{869BF00F-C079-4E88-9776-1A1A602DBEAF}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [UDP Query User{F141D448-2942-4F05-8703-8CF696BB6C17}C:\scbw\starcraft\starcraft.exe] => (Allow) C:\scbw\starcraft\starcraft.exe
FirewallRules: [TCP Query User{107F0B01-CB89-4B7F-B9E6-96BAF3571466}C:\scbw\starcraft\starcraft.exe] => (Allow) C:\scbw\starcraft\starcraft.exe
FirewallRules: [UDP Query User{AE6272D1-2450-4706-9C56-ABE0741995E6}C:\users\daniel\downloads\downloader_starcraft_combo_engb (1).exe] => (Allow) C:\users\daniel\downloads\downloader_starcraft_combo_engb (1).exe
FirewallRules: [TCP Query User{4BF3D7B6-2760-46E7-9F46-EAA1479759EA}C:\users\daniel\downloads\downloader_starcraft_combo_engb (1).exe] => (Allow) C:\users\daniel\downloads\downloader_starcraft_combo_engb (1).exe
FirewallRules: [{E6AC2223-4DF5-4F90-9EA9-491D258D5E83}] => (Allow) C:\Program Files (x86)\Sony Mobile\Update Engine\Sony Mobile Update Engine.exe
FirewallRules: [{33B49934-626B-4C3F-A78D-74BD348957E2}] => (Allow) C:\Program Files (x86)\Sony Mobile\Update Engine\Sony Mobile Update Engine.exe
FirewallRules: [{EA5CD453-3965-4133-86B6-0C000AF66A79}] => (Allow) C:\Program Files (x86)\devolo\dlan\devolonetsvc.exe
FirewallRules: [{1C40D6DB-86B4-40F9-BC4F-105E6472D27B}] => (Allow) C:\Program Files (x86)\devolo\dlan\devolonetsvc.exe
FirewallRules: [UDP Query User{C1B01E16-EF99-4E1A-A864-6DAFAC4E5798}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [TCP Query User{5D1CAF32-8957-4158-B3BE-D51582AB2CDC}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [{DF33C812-2F04-4249-A019-39D66D66E102}] => (Allow) C:\Program Files (x86)\Naver\LINE\Line.exe
FirewallRules: [{99695F8E-713E-405B-ADA2-A7C1891ECECE}] => (Allow) C:\Program Files (x86)\Naver\LINE\Line.exe
FirewallRules: [{8E1AE219-EBA9-4EFD-8FFA-223411B4EBC3}] => (Allow) LPort=8317
FirewallRules: [{776219E5-631E-46EA-8176-420BCE2E3E57}] => (Allow) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
FirewallRules: [{9B303E96-9E5E-4AF3-A676-55EAB07ADE03}] => (Allow) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
FirewallRules: [{15AFCDCC-5415-41DF-84A6-D7CEA5CE907D}] => (Allow) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer.exe
FirewallRules: [{00FE9CCC-9E80-4932-B040-921CE05C4CD6}] => (Allow) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer.exe
FirewallRules: [{C6817A1E-5A06-4512-BCD0-3D5F4FE632AD}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{1FFD8D93-168C-48E9-9FA7-DA75D40EEBD5}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{DB5E0589-EB8B-4178-A438-CEBB55E965C5}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe
FirewallRules: [{0D070EA1-F417-4FCF-ADD5-C44F463377AC}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe
FirewallRules: [{F7BE67E2-C360-4C22-AA77-B34EFAA51D95}] => (Allow) LPort=5432
FirewallRules: [UDP Query User{FB63639D-4AE2-498F-A6C2-CC670BB39AFA}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [TCP Query User{1D292F57-6542-46C2-81A4-6CFA258848F0}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [{472B1D19-BE19-4606-8C99-B557FEF56F58}] => (Allow) C:\Program Files (x86)\StarMoney 9.0\ouservice\StarMoneyOnlineUpdate.exe
FirewallRules: [{0623A238-71BD-432F-B885-2E66DC4792F1}] => (Allow) C:\Program Files (x86)\StarMoney 9.0\ouservice\StarMoneyOnlineUpdate.exe
FirewallRules: [{B217765B-9617-4A35-AC0A-A06D8094D9A9}] => (Allow) C:\Program Files (x86)\StarMoney 9.0\app\StarMoney.exe
FirewallRules: [{F7D88F94-E186-4887-ADF7-F8DC73A7D534}] => (Allow) C:\Program Files (x86)\StarMoney 9.0\app\StarMoney.exe
FirewallRules: [AusweisApp2-Firewall-Rule] => (Allow) C:\Program Files (x86)\AusweisApp2 1.2.2\AusweisApp2.exe
FirewallRules: [{8F64E530-817E-484F-836C-3C21038E9BB3}] => (Allow) C:\Users\Daniel\AppData\Local\Temp\Andy_45.5_x64\Setup.exe
FirewallRules: [{05E027AC-CF5F-4CB0-AF52-C1AF6B5385FD}] => (Allow) C:\Users\Daniel\AppData\Local\Temp\Andy_45.5_x64\Setup.exe
FirewallRules: [{B469A0FF-D98A-4C1D-AC14-08D0015304E8}] => (Allow) C:\Program Files (x86)\MouseRecorder\MouseRecorder.exe
FirewallRules: [{709E234E-C596-4BB0-B5A4-DD9B879BD223}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{13CDA863-80DD-487B-B2A1-DB8BF68E62F4}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{08DB7FE4-AE52-4F82-9111-2AC13B3561F6}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{CBCAC336-34FB-4FBD-B567-A0A04984BD0E}] => (Allow) %ProgramFiles% (x86)\Sirrix AG\BitBox\bin\BitBoxClient.exe
FirewallRules: [{7764F249-3B76-428C-9BB9-1A1A949F4AF4}] => (Allow) %ProgramFiles% (x86)\Sirrix AG\BitBox\bin\BitBoxClient.exe
==================== Fehlerhafte Geräte im Gerätemanager =============
==================== Fehlereinträge in der Ereignisanzeige: =========================
Applikationsfehler:
==================
Error: (12/22/2015 11:32:20 AM) (Source: Perflib) (EventID: 1008) (User: )
Description: WmiApRplC:\WINDOWS\system32\wbem\wmiaprpl.dll4
Error: (12/22/2015 11:32:20 AM) (Source: Perflib) (EventID: 1023) (User: )
Description: rdyboost4
Error: (12/22/2015 11:32:20 AM) (Source: PerfNet) (EventID: 2004) (User: )
Description:
Error: (12/22/2015 11:32:20 AM) (Source: Perflib) (EventID: 1008) (User: )
Description: MSDTCC:\WINDOWS\system32\msdtcuiu.DLL4
Error: (12/22/2015 11:32:20 AM) (Source: Perflib) (EventID: 1008) (User: )
Description: LsaC:\Windows\System32\Secur32.dll4
Error: (12/22/2015 11:32:20 AM) (Source: Perflib) (EventID: 1008) (User: )
Description: ESENTC:\WINDOWS\system32\esentprf.dll4
Error: (12/22/2015 11:32:20 AM) (Source: Perflib) (EventID: 1008) (User: )
Description: BITSC:\Windows\System32\bitsperf.dll4
Error: (12/22/2015 11:09:05 AM) (Source: Perflib) (EventID: 1008) (User: )
Description: WmiApRplC:\WINDOWS\system32\wbem\wmiaprpl.dll4
Error: (12/22/2015 11:09:05 AM) (Source: Perflib) (EventID: 1023) (User: )
Description: rdyboost4
Error: (12/22/2015 11:09:05 AM) (Source: PerfNet) (EventID: 2004) (User: )
Description:
Systemfehler:
=============
Error: (12/22/2015 11:34:33 AM) (Source: DCOM) (EventID: 10010) (User: NT-AUTORITÄT)
Description: {784E29F4-5EBE-4279-9948-1E8FE941646D}
Error: (12/22/2015 11:32:06 AM) (Source: Schannel) (EventID: 4120) (User: NT-AUTORITÄT)
Description: Es wurde eine schwerwiegende Warnung generiert und an den Remoteendpunkt gesendet. Dies kann dazu führen, dass die Verbindung beendet wird. Die schwerwiegende Warnung hat folgenden für das TLS-Protokoll definierten Code: 10. Der Windows-SChannel-Fehlerstatus lautet: 10.
Error: (12/22/2015 11:32:06 AM) (Source: Schannel) (EventID: 4120) (User: NT-AUTORITÄT)
Description: Es wurde eine schwerwiegende Warnung generiert und an den Remoteendpunkt gesendet. Dies kann dazu führen, dass die Verbindung beendet wird. Die schwerwiegende Warnung hat folgenden für das TLS-Protokoll definierten Code: 10. Der Windows-SChannel-Fehlerstatus lautet: 10.
Error: (12/22/2015 11:32:03 AM) (Source: Schannel) (EventID: 4120) (User: NT-AUTORITÄT)
Description: Es wurde eine schwerwiegende Warnung generiert und an den Remoteendpunkt gesendet. Dies kann dazu führen, dass die Verbindung beendet wird. Die schwerwiegende Warnung hat folgenden für das TLS-Protokoll definierten Code: 10. Der Windows-SChannel-Fehlerstatus lautet: 10.
Error: (12/22/2015 11:32:03 AM) (Source: Schannel) (EventID: 4120) (User: NT-AUTORITÄT)
Description: Es wurde eine schwerwiegende Warnung generiert und an den Remoteendpunkt gesendet. Dies kann dazu führen, dass die Verbindung beendet wird. Die schwerwiegende Warnung hat folgenden für das TLS-Protokoll definierten Code: 10. Der Windows-SChannel-Fehlerstatus lautet: 10.
Error: (12/22/2015 11:32:02 AM) (Source: Schannel) (EventID: 4120) (User: NT-AUTORITÄT)
Description: Es wurde eine schwerwiegende Warnung generiert und an den Remoteendpunkt gesendet. Dies kann dazu führen, dass die Verbindung beendet wird. Die schwerwiegende Warnung hat folgenden für das TLS-Protokoll definierten Code: 10. Der Windows-SChannel-Fehlerstatus lautet: 10.
Error: (12/22/2015 11:32:02 AM) (Source: Schannel) (EventID: 4120) (User: NT-AUTORITÄT)
Description: Es wurde eine schwerwiegende Warnung generiert und an den Remoteendpunkt gesendet. Dies kann dazu führen, dass die Verbindung beendet wird. Die schwerwiegende Warnung hat folgenden für das TLS-Protokoll definierten Code: 10. Der Windows-SChannel-Fehlerstatus lautet: 10.
Error: (12/22/2015 11:31:12 AM) (Source: EventLog) (EventID: 6008) (User: )
Description: Das System wurde zuvor am 22.12.2015 um 11:29:17 unerwartet heruntergefahren.
Error: (12/22/2015 11:30:10 AM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: Der Dienst "BlueStacks Updater Service" wurde nicht richtig gestartet.
Error: (12/22/2015 11:27:35 AM) (Source: DCOM) (EventID: 10010) (User: Globality)
Description: {9BA05972-F6A8-11CF-A442-00A0C90A8F39}
CodeIntegrity:
===================================
Date: 2015-12-21 10:25:12.441
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2015-12-20 13:30:38.676
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2015-12-20 13:30:33.747
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2015-12-20 13:29:35.352
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2015-12-20 13:29:22.557
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2015-12-18 12:28:26.016
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2015-12-18 12:28:25.986
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2015-12-18 12:27:44.183
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2015-12-15 22:15:40.448
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2015-12-15 16:38:57.109
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
==================== Speicherinformationen ===========================
Prozessor: AMD A8-5600K APU with Radeon(tm) HD Graphics
Prozentuale Nutzung des RAM: 45%
Installierter physikalischer RAM: 7630.72 MB
Verfügbarer physikalischer RAM: 4186.16 MB
Summe virtueller Speicher: 8846.72 MB
Verfügbarer virtueller Speicher: 4913.74 MB
==================== Laufwerke ================================
Drive c: () (Fixed) (Total:111.45 GB) (Free:2.85 GB) NTFS
Drive d: (Volume) (Fixed) (Total:1863.01 GB) (Free:72.16 GB) NTFS
Drive e: (Daniela&Daniel) (CDROM) (Total:0.2 GB) (Free:0 GB) UDF
Drive g: () (Fixed) (Total:465.76 GB) (Free:42.58 GB) NTFS
==================== MBR & Partitionstabelle ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 111.8 GB) (Disk ID: DD2BA3CD)
Partition 1: (Active) - (Size=350 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=111.4 GB) - (Type=07 NTFS)
========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 1863 GB) (Disk ID: 6BFA1C83)
Partition 1: (Not Active) - (Size=1863 GB) - (Type=07 NTFS)
========================================================
Disk: 2 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 7DECB287)
Partition 1: (Active) - (Size=465.8 GB) - (Type=07 NTFS)
==================== Ende von Addition.txt ============================
|
|
22.12.2015, 17:38
| #2 |
| /// Malwareteam  | Windows 10: Malwarebytes meldet infizierte Dateien, teilweise funktioniert das Internet nicht, generell PC langsam Mein Name ist Dennis und ich werde dir bei der Bereinigung helfen. Bitte beachte, dass es ein paar Regeln gibt:
Sollte ich nicht innerhalb von 48h antworten, schreibe mir eine PM! Kannst du mal bitte das Log von Malwarebytes posten?
__________________ |
|
22.12.2015, 17:40
| #3 |
| | Windows 10: Malwarebytes meldet infizierte Dateien, teilweise funktioniert das Internet nicht, generell PC langsam Guten Abend,
__________________vielen Dank und hier ist der Log: Code:
ATTFilter Malwarebytes Anti-Malware www.malwarebytes.org Suchlaufdatum: 22.12.2015 Suchlaufzeit: 11:14 Protokolldatei: Malwarebyte.txt Administrator: Ja Version: 2.2.0.1024 Malware-Datenbank: v2015.12.22.02 Rootkit-Datenbank: v2015.12.18.01 Lizenz: Premium-Version Malware-Schutz: Aktiviert Schutz vor bösartigen Websites: Aktiviert Selbstschutz: Deaktiviert Betriebssystem: Windows 10 CPU: x64 Dateisystem: NTFS Benutzer: Daniel Suchlauftyp: Bedrohungssuchlauf Ergebnis: Abgeschlossen Durchsuchte Objekte: 473103 Abgelaufene Zeit: 12 Min., 15 Sek. Speicher: Aktiviert Start: Aktiviert Dateisystem: Aktiviert Archive: Aktiviert Rootkits: Deaktiviert Heuristik: Aktiviert PUP: Aktiviert PUM: Aktiviert Prozesse: 0 (keine bösartigen Elemente erkannt) Module: 0 (keine bösartigen Elemente erkannt) Registrierungsschlüssel: 38 PUP.Optional.Komodia, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\zcwfp, In Quarantäne, [ea301d8ba8e3bb7b190e378c58a929d7], PUP.Optional.Komodia, HKLM\SOFTWARE\CLASSES\zcengineLib.DataContainer, In Quarantäne, [69b1f4b44b40c86e5847ee207b897d83], PUP.Optional.Komodia, HKLM\SOFTWARE\CLASSES\zcengineLib.DataContainer.1, In Quarantäne, [60ba74343853de58ced116f8a85c39c7], PUP.Optional.Komodia, HKLM\SOFTWARE\CLASSES\zcengineLib.DataController, In Quarantäne, [65b5c3e584070f27fea1a36b15ef52ae], PUP.Optional.Komodia, HKLM\SOFTWARE\CLASSES\zcengineLib.DataController.1, In Quarantäne, [8199b7f1dbb0be78851a68a6be46be42], PUP.Optional.Komodia, HKLM\SOFTWARE\CLASSES\zcengineLib.DataTable, In Quarantäne, [67b34167c2c90d29cfd0d33b689caf51], PUP.Optional.Komodia, HKLM\SOFTWARE\CLASSES\zcengineLib.DataTable.1, In Quarantäne, [0e0cfaae5734cc6a514ea96535cfb749], PUP.Optional.Komodia, HKLM\SOFTWARE\CLASSES\zcengineLib.DataTableFields, In Quarantäne, [f7230a9e2368063069369b73dc28fd03], PUP.Optional.Komodia, HKLM\SOFTWARE\CLASSES\zcengineLib.DataTableFields.1, In Quarantäne, [ef2b2f79a9e2d4629e017896798b19e7], PUP.Optional.Komodia, HKLM\SOFTWARE\CLASSES\zcengineLib.DataTableHolder, In Quarantäne, [a3777533a5e6b97d5946050964a0dc24], PUP.Optional.Komodia, HKLM\SOFTWARE\CLASSES\zcengineLib.DataTableHolder.1, In Quarantäne, [58c2f7b1b1da55e1f5aa6aa490743ec2], PUP.Optional.Komodia, HKLM\SOFTWARE\CLASSES\zcengineLib.LSPLogic, In Quarantäne, [5ebca602a2e980b62778eb23fc085ea2], PUP.Optional.Komodia, HKLM\SOFTWARE\CLASSES\zcengineLib.LSPLogic.1, In Quarantäne, [b169a80058339c9a4857b15dc24236ca], PUP.Optional.Komodia, HKLM\SOFTWARE\CLASSES\zcengineLib.ReadOnlyManager, In Quarantäne, [d4466c3c800ba09677286ea00004f709], PUP.Optional.Komodia, HKLM\SOFTWARE\CLASSES\zcengineLib.ReadOnlyManager.1, In Quarantäne, [5fbbe3c5c8c343f3029db25cf311c33d], PUP.Optional.Komodia, HKLM\SOFTWARE\CLASSES\zcengineLib.WFPController, In Quarantäne, [cf4b971113787fb7306fbf4fb94b8b75], PUP.Optional.Komodia, HKLM\SOFTWARE\CLASSES\zcengineLib.WFPController.1, In Quarantäne, [1bffeabe1378e94de2bd0d014fb55ea2], PUP.Optional.Komodia, HKLM\SOFTWARE\CLASSES\APPID\zcengine.EXE, In Quarantäne, [8b8f7830fb90063098069b73fe06c33d], PUP.Optional.Komodia, HKLM\SOFTWARE\CLASSES\WOW6432NODE\APPID\zcengine.EXE, In Quarantäne, [46d405a37813dd592b7310fe09fb8c74], PUP.Optional.Komodia, HKLM\SOFTWARE\WOW6432NODE\CLASSES\zcengineLib.DataContainer, In Quarantäne, [f82255533952ab8b9d0237d718ec966a], PUP.Optional.Komodia, HKLM\SOFTWARE\WOW6432NODE\CLASSES\zcengineLib.DataContainer.1, In Quarantäne, [3ae07e2a95f637ff732c8b8360a4d927], PUP.Optional.Komodia, HKLM\SOFTWARE\WOW6432NODE\CLASSES\zcengineLib.DataController, In Quarantäne, [64b60e9a2e5d86b0d4cbdb33cc38d62a], PUP.Optional.Komodia, HKLM\SOFTWARE\WOW6432NODE\CLASSES\zcengineLib.DataController.1, In Quarantäne, [af6b8127c3c8b77f683732dc19eb08f8], PUP.Optional.Komodia, HKLM\SOFTWARE\WOW6432NODE\CLASSES\zcengineLib.DataTable, In Quarantäne, [a773c5e3c3c8b086fda245c99272ee12], PUP.Optional.Komodia, HKLM\SOFTWARE\WOW6432NODE\CLASSES\zcengineLib.DataTable.1, In Quarantäne, [809abdeb008bf640f0afba546f958878], PUP.Optional.Komodia, HKLM\SOFTWARE\WOW6432NODE\CLASSES\zcengineLib.DataTableFields, In Quarantäne, [fe1ce6c2206b92a47c23f816f50f9c64], PUP.Optional.Komodia, HKLM\SOFTWARE\WOW6432NODE\CLASSES\zcengineLib.DataTableFields.1, In Quarantäne, [8496f1b726657eb8752a27e73fc56898], PUP.Optional.Komodia, HKLM\SOFTWARE\WOW6432NODE\CLASSES\zcengineLib.DataTableHolder, In Quarantäne, [c9516c3c454644f2c3dcae60ec18fc04], PUP.Optional.Komodia, HKLM\SOFTWARE\WOW6432NODE\CLASSES\zcengineLib.DataTableHolder.1, In Quarantäne, [f72385238209aa8c039c8b83ff05738d], PUP.Optional.Komodia, HKLM\SOFTWARE\WOW6432NODE\CLASSES\zcengineLib.LSPLogic, In Quarantäne, [9684bbedef9c74c2b9e67995ae56cb35], PUP.Optional.Komodia, HKLM\SOFTWARE\WOW6432NODE\CLASSES\zcengineLib.LSPLogic.1, In Quarantäne, [5bbf4662365581b5722d6aa4679dd32d], PUP.Optional.Komodia, HKLM\SOFTWARE\WOW6432NODE\CLASSES\zcengineLib.ReadOnlyManager, In Quarantäne, [ee2c04a4b1da37ff9906d7371de78080], PUP.Optional.Komodia, HKLM\SOFTWARE\WOW6432NODE\CLASSES\zcengineLib.ReadOnlyManager.1, In Quarantäne, [d3472088cbc08caa9f007b9332d2b848], PUP.Optional.Komodia, HKLM\SOFTWARE\WOW6432NODE\CLASSES\zcengineLib.WFPController, In Quarantäne, [ef2bb4f41a71da5c9f00a36b8c78ac54], PUP.Optional.Komodia, HKLM\SOFTWARE\WOW6432NODE\CLASSES\zcengineLib.WFPController.1, In Quarantäne, [5ac0f0b8d6b5b185841b20eebd471ee2], PUP.Optional.Komodia, HKLM\SOFTWARE\WOW6432NODE\CLASSES\APPID\zcengine.EXE, In Quarantäne, [e8326345e5a63cfaf2accd41fe0619e7], PUP.Optional.Komodia, HKLM\SOFTWARE\WOW6432NODE\QUICKSEARCH, In Quarantäne, [32e84464810aa1959907a965ad57cc34], PUP.Optional.Komodia, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\zcengine, In Quarantäne, [899105a38cff49ede1c02fdf3cc87789], Registrierungswerte: 1 PUP.Optional.Komodia, HKLM\SOFTWARE\WOW6432NODE\QUICKSEARCH|affid, 1123, In Quarantäne, [32e84464810aa1959907a965ad57cc34] Registrierungsdaten: 0 (keine bösartigen Elemente erkannt) Ordner: 0 (keine bösartigen Elemente erkannt) Dateien: 11 PUP.Optional.Komodia, C:\Windows\System32\drivers\zcwfp64.sys, Löschen bei Neustart, [ea301d8ba8e3bb7b190e378c58a929d7], PUP.Optional.Komodia.WnskRST, C:\Program Files (x86)\QuickSearch\zcengine.dll, In Quarantäne, [22f896123c4fb086a4841da6966be61a], PUP.Optional.Komodia.WnskRST, C:\Program Files (x86)\QuickSearch\zcengine64.dll, In Quarantäne, [bf5bc1e7ccbf2e0886a27350966bcb35], PUP.Optional.Komodia, C:\Program Files (x86)\QuickSearch\zcinstaller.exe, In Quarantäne, [50cad6d291fadd59cb5cbc0728d95aa6], PUP.Optional.Komodia, C:\Program Files (x86)\QuickSearch\zcwfp.sys, In Quarantäne, [52c877319eed3006171007bcca37f60a], PUP.Optional.Komodia, C:\Program Files (x86)\QuickSearch\zcwfp64.sys, In Quarantäne, [cd4dc9df4a4150e6fd2a5172fc050af6], PUP.Optional.Komodia.WnskRST, C:\Windows\System32\zcengine64.dll, Löschen bei Neustart, [be5c8127b7d4b482c761ffc4e41d06fa], PUP.Optional.Komodia.WnskRST, C:\Windows\SysWOW64\zcengine.dll, Löschen bei Neustart, [1ffbfaaea3e8b87e91973f84bc45916f], PUP.Optional.Komodia, C:\Users\Daniel\AppData\Local\Temp\zcengine.log, In Quarantäne, [58c2a4042c5f24129eff23eb020256aa], PUP.Optional.Komodia, C:\Windows\Temp\zcengine.log, In Quarantäne, [ec2e6741e9a2b97d613c4dc114f0c739], PUP.Optional.Komodia, C:\Program Files (x86)\QuickSearch\zcengine.exe, In Quarantäne, [899105a38cff49ede1c02fdf3cc87789], Physische Sektoren: 0 (keine bösartigen Elemente erkannt) (end) |
|
22.12.2015, 17:43
| #4 |
| /// Malwareteam | Windows 10: Malwarebytes meldet infizierte Dateien, teilweise funktioniert das Internet nicht, generell PC langsam Hi, zuerst muss mal das gecrackte Adobe-Zeugs runter, danach ein frisches FRST-Log mit Additions posten. |
|
22.12.2015, 18:24
| #5 |
| | Windows 10: Malwarebytes meldet infizierte Dateien, teilweise funktioniert das Internet nicht, generell PC langsam So, nun ist hoff ich alles weg. Danke dir FRST.txt FRST Logfile: Code:
ATTFilter Untersuchungsergebnis von Farbar Recovery Scan Tool (FRST) (x64) Version:20-12-2015 durchgeführt von Daniel (Administrator) auf GLOBALITY (22-12-2015 18:21:56) Gestartet von C:\Users\Daniel\Desktop Geladene Profile: Daniel & postgres (Verfügbare Profile: Daniel & postgres & Gl0ba_000) Platform: Windows 10 Pro (X64) Sprache: Deutsch (Deutschland) Internet Explorer Version 11 (Standard-Browser: "C:\Program Files (x86)\Sirrix AG\BitBox\bin\BitBoxClient.exe" start "%1") Start-Modus: Normal Anleitung für Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Prozesse (Nicht auf der Ausnahmeliste) ================= (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Prozess geschlossen. Die Datei wird nicht verschoben.) (AMD) C:\Windows\System32\atiesrxx.exe (AMD) C:\Windows\System32\atieclxx.exe (Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe (Sirrix AG) C:\Program Files (x86)\Sirrix AG\BitBox\bin\BitBoxService.exe (BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe (BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-UpdaterService.exe (Coupons.com Inc.) C:\Program Files (x86)\Coupons\CouponPrinterService.exe (Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe (devolo AG) C:\Program Files (x86)\devolo\dlan\devolonetsvc.exe (IObit) C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe (Malwarebytes) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe (Malwarebytes) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe (Star Finanz-Software Entwicklung und Vertriebs GmbH) C:\Program Files (x86)\StarMoney 9.0\ouservice\StarMoneyOnlineUpdate.exe (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe (Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe (PacketVideo) C:\Program Files (x86)\Twonky\TwonkyServer\twonkystarter.exe () C:\Program Files (x86)\Twonky\TwonkyServer\twonkyproxy.exe (PostgreSQL Global Development Group) C:\postgreSQL\bin\pg_ctl.exe (PostgreSQL Global Development Group) C:\postgreSQL\bin\postgres.exe (PostgreSQL Global Development Group) C:\postgreSQL\bin\postgres.exe (PostgreSQL Global Development Group) C:\postgreSQL\bin\postgres.exe (PostgreSQL Global Development Group) C:\postgreSQL\bin\postgres.exe (PostgreSQL Global Development Group) C:\postgreSQL\bin\postgres.exe () C:\Program Files (x86)\Twonky\TwonkyServer\twonkyserver.exe (Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe (Malwarebytes) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe () C:\Program Files (x86)\QuickSearch\spw3016.exe (Joan Abner) C:\Program Files (x86)\QuickSearch\uninstall.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Sony) C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe () C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanionInfo.exe (LINE Corporation) C:\Program Files (x86)\Naver\LINE\Line.exe (Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe (Internet Monitor) C:\Users\Daniel\AppData\Roaming\BandwidthStat\bandwidthstat.exe (Elaborate Bytes AG) C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe (Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe (Geek Software GmbH) C:\Program Files (x86)\PDF24\pdf24.exe (PacketVideo) C:\Program Files (x86)\Twonky\TwonkyServer\twonkytray.exe () C:\Program Files\Rainmeter\Rainmeter.exe (BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-Agent.exe (Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Microsoft Corporation) C:\Windows\SoftwareDistribution\Download\Install\AM_Delta_Patch_1.213.644.0.exe (Microsoft Corporation) C:\Windows\System32\MpSigStub.exe (Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Microsoft Corporation) C:\Windows\System32\SrTasks.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe ==================== Registry (Nicht auf der Ausnahmeliste) =========================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt. Die Datei wird nicht verschoben.) HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13885696 2015-06-24] (Realtek Semiconductor) HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [508240 2015-08-05] (Adobe Systems Incorporated) HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [767176 2015-11-04] (Advanced Micro Devices, Inc.) HKLM-x32\...\Run: [VirtualCloneDrive] => C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe [88984 2013-03-10] (Elaborate Bytes AG) HKLM-x32\...\Run: [PDFPrint] => C:\Program Files (x86)\PDF24\pdf24.exe [191016 2014-05-14] (Geek Software GmbH) HKLM-x32\...\Run: [SwitchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) HKLM-x32\...\Run: [AdobeCS6ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [1073312 2012-03-09] (Adobe Systems Incorporated) HKLM-x32\...\Run: [Andy] => C:\Program Files\Andy\HandyAndy.exe HKLM-x32\...\Run: [BlueStacks Agent] => C:\Program Files (x86)\BlueStacks\HD-Agent.exe [883280 2015-12-10] (BlueStack Systems, Inc.) HKU\S-1-5-21-2676936528-1030403693-891089861-1001\...\Run: [Sony PC Companion] => C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe [457088 2015-09-23] (Sony) HKU\S-1-5-21-2676936528-1030403693-891089861-1001\...\Run: [Line] => C:\Program Files (x86)\Naver\LINE\Line.exe [15664152 2015-08-18] (LINE Corporation) HKU\S-1-5-21-2676936528-1030403693-891089861-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [50755200 2015-12-08] (Skype Technologies S.A.) HKU\S-1-5-21-2676936528-1030403693-891089861-1001\...\Run: [BandwidthStat] => C:\Users\Daniel\AppData\Roaming\BandwidthStat\bandwidthstat.exe [569344 2015-12-15] (Internet Monitor) HKU\S-1-5-21-2676936528-1030403693-891089861-1006\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [50755200 2015-12-08] (Skype Technologies S.A.) HKU\S-1-5-21-2676936528-1030403693-891089861-1006\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [517632 2015-07-10] (Microsoft Corporation) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Twonky Server.lnk [2015-12-15] ShortcutTarget: Twonky Server.lnk -> C:\Program Files (x86)\Twonky\TwonkyServer\twonkytray.exe (PacketVideo) Startup: C:\Users\Daniel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\An OneNote senden.lnk [2015-12-15] ShortcutTarget: An OneNote senden.lnk -> C:\Program Files\Microsoft Office\Office15\ONENOTEM.EXE (Microsoft Corporation) Startup: C:\Users\Daniel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Rainmeter.lnk [2015-12-15] ShortcutTarget: Rainmeter.lnk -> C:\Program Files\Rainmeter\Rainmeter.exe () CHR HKLM\SOFTWARE\Policies\Google: Beschränkung <======= ACHTUNG ==================== Internet (Nicht auf der Ausnahmeliste) ==================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Eintrag entfernt oder auf den Standardwert zurückgesetzt, wenn es sich um einen Registryeintrag handelt.) Hosts: Es ist mehr als ein Eintrag in der Hosts Datei zu finden. Siehe Hosts-Bereich in Addition.txt Tcpip\Parameters: [DhcpNameServer] 192.168.2.1 Tcpip\..\Interfaces\{c3d2b33a-5f1a-4bce-8c16-a5ea94bc6a72}: [DhcpNameServer] 192.168.2.1 Internet Explorer: ================== HKU\S-1-5-21-2676936528-1030403693-891089861-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Beschränkung <======= ACHTUNG HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank HKU\S-1-5-21-2676936528-1030403693-891089861-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://t.de.msn.com/ HKU\S-1-5-21-2676936528-1030403693-891089861-1006\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank HKU\S-1-5-21-2676936528-1030403693-891089861-1006\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://t.de.msn.com/ URLSearchHook: HKU\S-1-5-21-2676936528-1030403693-891089861-1001 - (Kein Name) - {EB6628CF-0675-4DAE-95CE-EFFA23169743} - Keine Datei BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll [2015-11-18] (Microsoft Corporation) BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_25\bin\ssv.dll [2014-12-24] (Oracle Corporation) BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL [2015-11-10] (Microsoft Corporation) BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_25\bin\jp2ssv.dll [2014-12-24] (Oracle Corporation) BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll [2015-11-18] (Microsoft Corporation) BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll [2015-05-09] (Oracle Corporation) BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL [2015-11-10] (Microsoft Corporation) BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [2015-05-09] (Oracle Corporation) Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL [2014-03-12] (Microsoft Corporation) Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2014-05-02] (Skype Technologies) FireFox: ======== FF ProfilePath: C:\Users\Daniel\AppData\Roaming\Mozilla\Firefox\Profiles\v7rfplju.default FF NewTab: about:newtab FF DefaultSearchEngine: MyStart FF Homepage: hxxps://www.mystart.com/?pr=systma&id=byd&v=1_0 FF Keyword.URL: FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_20_0_0_235.dll [2015-12-12] () FF Plugin: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll [2014-12-24] (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files\Java\jre1.8.0_25\bin\plugin2\npjp2.dll [2014-12-24] (Oracle Corporation) FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.41105.0\npctrl.dll [2015-11-04] ( Microsoft Corporation) FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~1\Office15\NPSPWRAP.DLL [2014-01-23] (Microsoft Corporation) FF Plugin: @videolan.org/vlc,version=2.1.4 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2014-02-28] (VideoLAN) FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [Keine Datei] FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_20_0_0_235.dll [2015-12-12] () FF Plugin-x32: @java.com/DTPlugin,version=10.51.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll [2015-05-09] (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=10.51.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll [2015-05-09] (Oracle Corporation) FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2015-03-31] (Microsoft Corporation) FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.41105.0\npctrl.dll [2015-11-04] ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL [2014-01-22] (Microsoft Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-06] (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-06] (Google Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll [2015-03-31] (Microsoft Corporation) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\browser\plugins\npMozCouponPrinter.dll [2014-10-02] (Coupons, Inc.) FF Extension: Flash and Video Download - C:\Users\Daniel\AppData\Roaming\Mozilla\Firefox\Profiles\v7rfplju.default\extensions\{bee6eb20-01e0-ebd1-da83-080329fb9a3a} [2015-12-12] FF Extension: Flash Video Downloader - YouTube HD Download [4K] - C:\Users\Daniel\AppData\Roaming\Mozilla\Firefox\Profiles\v7rfplju.default\extensions\artur.dubovoy@gmail.com [2015-12-12] FF Extension: FireFTP - C:\Users\Daniel\AppData\Roaming\Mozilla\Firefox\Profiles\v7rfplju.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f} [2015-12-12] Chrome: ======= CHR HomePage: Default -> hxxp://www.google.de/ CHR Profile: C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Default CHR Extension: (Google*Übersetzer) - C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapbdbdomjkkjkaonfhkkikfgjllcleb [2015-11-17] CHR Extension: (Google Docs) - C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-02-04] CHR Extension: (Google Drive) - C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-25] CHR Extension: (YouTube) - C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-25] CHR Extension: (Google-Suche) - C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-30] CHR Extension: (FTP Free) - C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Default\Extensions\ehdgcfaoankkonoiichmblcfijkomfbn [2014-09-27] CHR Extension: (Video Downloader professional) - C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Default\Extensions\elicpjhcidhpjomhibiffojpinpmmpil [2015-01-14] CHR Extension: (ZenMate Security, Privacy & Unblock VPN) - C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Default\Extensions\fdcgdnkidjaadafnichfpabhfomcebme [2015-11-16] CHR Extension: (Google Docs Offline) - C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-11-17] CHR Extension: (Video Downloader [FVD]) - C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Default\Extensions\lfmhcpmkbdkbgbmkjoiopeeegenkdikp [2015-05-09] CHR Extension: (qipu Cashbackmelder open beta) - C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Default\Extensions\mloigoojndlehdjiemdfpiikieonngel [2015-01-16] CHR Extension: (Codeanywhere) - C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndcfkjjcjfpmmhdedhnbkknbehiadgjg [2014-05-13] CHR Extension: (Chrome Web Store-Zahlungen) - C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-08-01] CHR Extension: (Google Mail) - C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-28] ==================== Dienste (Nicht auf der Ausnahmeliste) ======================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.) R2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2016448 2015-11-25] (Adobe Systems, Incorporated) R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [344064 2015-07-15] (Advanced Micro Devices, Inc.) [Datei ist nicht signiert] R2 BitBoxService; C:\Program Files (x86)\Sirrix AG\BitBox\bin\BitBoxService.exe [738304 2015-11-13] (Sirrix AG) [Datei ist nicht signiert] S3 BstHdAndroidSvc; C:\Program Files (x86)\BlueStacks\HD-Service.exe [432720 2015-12-10] (BlueStack Systems, Inc.) R2 BstHdLogRotatorSvc; C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe [412240 2015-12-10] (BlueStack Systems, Inc.) R2 BstHdUpdaterSvc; C:\Program Files (x86)\BlueStacks\HD-UpdaterService.exe [854608 2015-12-10] (BlueStack Systems, Inc.) R2 CouponPrinterService; C:\Program Files (x86)\Coupons\CouponPrinterService.exe [179184 2014-10-15] (Coupons.com Inc.) R2 DevoloNetworkService; C:\Program Files (x86)\devolo\dlan\devolonetsvc.exe [3645432 2014-07-18] (devolo AG) R2 LiveUpdateSvc; C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe [2934048 2015-11-10] (IObit) R2 MBAMScheduler; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe [1513784 2015-10-05] (Malwarebytes) R2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [1135416 2015-10-05] (Malwarebytes) R2 postgresql-8.4; c:\postgreSQL\bin\pg_ctl.exe [66048 2014-02-18] (PostgreSQL Global Development Group) [Datei ist nicht signiert] R2 StarMoney 9.0 OnlineUpdate; C:\Program Files (x86)\StarMoney 9.0\ouservice\StarMoneyOnlineUpdate.exe [697488 2014-07-04] (Star Finanz-Software Entwicklung und Vertriebs GmbH) S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [Datei ist nicht signiert] R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [5426448 2014-12-15] (TeamViewer GmbH) R2 TwonkyProxy; C:\Program Files (x86)\Twonky\TwonkyServer\twonkyproxy.exe [885576 2013-05-23] () R2 TwonkyServer; C:\Program Files (x86)\Twonky\TwonkyServer\twonkystarter.exe [586568 2013-05-23] (PacketVideo) R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [362928 2015-07-10] (Microsoft Corporation) R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2015-07-10] (Microsoft Corporation) ===================== Treiber (Nicht auf der Ausnahmeliste) ========================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.) S0 amdkmafd; C:\Windows\System32\drivers\amdkmafd.sys [21160 2012-09-23] (Advanced Micro Devices, Inc.) R2 AODDriver4.2.0; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [59616 2014-02-11] (Advanced Micro Devices) R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdWT6.sys [102912 2015-05-28] (Advanced Micro Devices) R2 BstHdDrv; C:\Program Files (x86)\BlueStacks\HD-Hypervisor-amd64.sys [146040 2015-12-10] (BlueStack Systems) R1 HWiNFO32; C:\WINDOWS\SysWOW64\drivers\HWiNFO64A.SYS [26528 2015-12-15] (REALiX(tm)) R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25816 2015-10-05] (Malwarebytes) R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [192216 2015-12-22] (Malwarebytes) R3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [64216 2015-10-05] (Malwarebytes Corporation) R2 NPF_devolo; C:\Windows\sysWOW64\drivers\npf_devolo.sys [34048 2013-03-04] (CACE Technologies) R3 rt640x64; C:\Windows\System32\drivers\rt640x64.sys [587264 2015-07-10] (Realtek ) S3 UdeCx; C:\Windows\System32\drivers\udecx.sys [44032 2015-07-10] () R1 VBoxNetLwf; C:\Windows\system32\DRIVERS\VBoxNetLwf.sys [194816 2015-11-11] (Oracle Corporation) S0 WdBoot; C:\Windows\System32\drivers\WdBoot.sys [44568 2015-07-10] (Microsoft Corporation) R0 WdFilter; C:\Windows\System32\drivers\WdFilter.sys [291680 2015-07-10] (Microsoft Corporation) R2 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [119648 2015-07-10] (Microsoft Corporation) S3 VBoxNetFlt; \SystemRoot\system32\DRIVERS\VBoxNetFlt.sys [X] S3 wfpcapture; \SystemRoot\System32\drivers\wfpcapture.sys [X] ==================== NetSvcs (Nicht auf der Ausnahmeliste) =================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.) ==================== Ein Monat: Erstellte Dateien und Ordner ======== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.) 2015-12-22 18:21 - 2015-12-22 18:21 - 00021460 _____ C:\Users\Daniel\Desktop\FRST.txt 2015-12-22 18:20 - 2015-12-22 18:00 - 00001283 ____N C:\WINDOWS\system32\Drivers\etc\hosts_bkup 2015-12-22 18:15 - 2015-12-22 18:15 - 06708416 _____ (Adobe System Incorporated.) C:\Users\Daniel\Downloads\AdobeCreativeCloudCleanerTool.exe 2015-12-22 17:54 - 2015-12-22 17:54 - 00016148 _____ C:\WINDOWS\system32\GLOBALITY_Daniel_HistoryPrediction.bin 2015-12-22 12:01 - 2015-12-22 12:01 - 00007493 _____ C:\Users\Daniel\Desktop\Malwarebyte.txt 2015-12-22 11:49 - 2015-12-22 11:50 - 00000532 _____ C:\Users\Daniel\Desktop\Neues Textdokument.txt 2015-12-22 11:37 - 2015-12-22 18:21 - 00000000 ____D C:\FRST 2015-12-22 11:36 - 2015-12-22 11:37 - 02370560 _____ (Farbar) C:\Users\Daniel\Desktop\FRST64.exe 2015-12-21 14:28 - 2015-12-21 14:28 - 00514327 _____ C:\Users\Daniel\Desktop\20151221.pdf 2015-12-21 14:24 - 2015-12-21 14:24 - 00000000 ____D C:\ProgramData\ATI 2015-12-21 11:16 - 2015-12-21 11:16 - 00036520 _____ C:\Users\Daniel\Documents\arena.mrf 2015-12-21 10:28 - 2015-12-21 10:28 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD Catalyst Control Center 2015-12-21 10:26 - 2015-12-21 10:27 - 00000000 ____D C:\WINDOWS\LastGood.Tmp 2015-12-21 10:25 - 2015-12-21 10:25 - 47794160 _____ (Advanced Micro Devices Inc.) C:\WINDOWS\system32\amdocl64.dll 2015-12-21 10:25 - 2015-12-21 10:25 - 39720944 _____ (Advanced Micro Devices Inc.) C:\WINDOWS\SysWOW64\amdocl.dll 2015-12-21 10:25 - 2015-12-21 10:25 - 30775792 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\system32\atio6axx.dll 2015-12-21 10:25 - 2015-12-21 10:25 - 27544560 _____ (Advanced Micro Devices Inc.) C:\WINDOWS\system32\amdocl12cl64.dll 2015-12-21 10:25 - 2015-12-21 10:25 - 25320432 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\SysWOW64\atioglxx.dll 2015-12-21 10:25 - 2015-12-21 10:25 - 22327280 _____ (Advanced Micro Devices Inc.) C:\WINDOWS\SysWOW64\amdocl12cl.dll 2015-12-21 10:25 - 2015-12-21 10:25 - 15725552 _____ (Advanced Micro Devices Inc.) C:\WINDOWS\system32\aticaldd64.dll 2015-12-21 10:25 - 2015-12-21 10:25 - 14310896 _____ (Advanced Micro Devices Inc.) C:\WINDOWS\SysWOW64\aticaldd.dll 2015-12-21 10:25 - 2015-12-21 10:25 - 09355016 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\amdxc64.dll 2015-12-21 10:25 - 2015-12-21 10:25 - 08982432 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\atiumd6a.dll 2015-12-21 10:25 - 2015-12-21 10:25 - 08864920 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\atiumd64.dll 2015-12-21 10:25 - 2015-12-21 10:25 - 07683096 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\amdxc32.dll 2015-12-21 10:25 - 2015-12-21 10:25 - 06686192 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\amdmantle64.dll 2015-12-21 10:25 - 2015-12-21 10:25 - 05216240 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\amdmantle32.dll 2015-12-21 10:25 - 2015-12-21 10:25 - 03471376 _____ C:\WINDOWS\SysWOW64\atiumdva.cap 2015-12-21 10:25 - 2015-12-21 10:25 - 03437632 _____ C:\WINDOWS\system32\atiumd6a.cap 2015-12-21 10:25 - 2015-12-21 10:25 - 01256432 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\system32\atiadlxx.dll 2015-12-21 10:25 - 2015-12-21 10:25 - 01196032 _____ C:\WINDOWS\system32\amdocl_as64.exe 2015-12-21 10:25 - 2015-12-21 10:25 - 01070592 _____ C:\WINDOWS\system32\amdocl_ld64.exe 2015-12-21 10:25 - 2015-12-21 10:25 - 01004032 _____ C:\WINDOWS\SysWOW64\amdocl_as32.exe 2015-12-21 10:25 - 2015-12-21 10:25 - 00935408 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\SysWOW64\atiadlxy.dll 2015-12-21 10:25 - 2015-12-21 10:25 - 00935408 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\SysWOW64\atiadlxx.dll 2015-12-21 10:25 - 2015-12-21 10:25 - 00807424 _____ C:\WINDOWS\SysWOW64\amdocl_ld32.exe 2015-12-21 10:25 - 2015-12-21 10:25 - 00662400 _____ C:\WINDOWS\SysWOW64\atiapfxx.blb 2015-12-21 10:25 - 2015-12-21 10:25 - 00662400 _____ C:\WINDOWS\system32\atiapfxx.blb 2015-12-21 10:25 - 2015-12-21 10:25 - 00631792 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\system32\amdlvr64.dll 2015-12-21 10:25 - 2015-12-21 10:25 - 00524272 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\SysWOW64\amdlvr32.dll 2015-12-21 10:25 - 2015-12-21 10:25 - 00471320 _____ C:\WINDOWS\system32\amdmiracast.dll 2015-12-21 10:25 - 2015-12-21 10:25 - 00451056 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\system32\atidemgy.dll 2015-12-21 10:25 - 2015-12-21 10:25 - 00375792 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\system32\atiapfxx.exe 2015-12-21 10:25 - 2015-12-21 10:25 - 00341488 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\system32\ATIODE.exe 2015-12-21 10:25 - 2015-12-21 10:25 - 00243696 _____ C:\WINDOWS\system32\clinfo.exe 2015-12-21 10:25 - 2015-12-21 10:25 - 00213488 _____ C:\WINDOWS\system32\amdgfxinfo64.dll 2015-12-21 10:25 - 2015-12-21 10:25 - 00199664 _____ (AMD) C:\WINDOWS\system32\atitmm64.dll 2015-12-21 10:25 - 2015-12-21 10:25 - 00198640 _____ C:\WINDOWS\SysWOW64\amdgfxinfo32.dll 2015-12-21 10:25 - 2015-12-21 10:25 - 00168944 _____ C:\WINDOWS\system32\atieah64.exe 2015-12-21 10:25 - 2015-12-21 10:25 - 00165360 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\atig6txx.dll 2015-12-21 10:25 - 2015-12-21 10:25 - 00152560 _____ C:\WINDOWS\SysWOW64\atieah32.exe 2015-12-21 10:25 - 2015-12-21 10:25 - 00151936 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\system32\amdhcp64.dll 2015-12-21 10:25 - 2015-12-21 10:25 - 00150512 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\atigktxx.dll 2015-12-21 10:25 - 2015-12-21 10:25 - 00143344 _____ C:\WINDOWS\system32\amdhdl64.dll 2015-12-21 10:25 - 2015-12-21 10:25 - 00138384 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\SysWOW64\amdhcp32.dll 2015-12-21 10:25 - 2015-12-21 10:25 - 00136176 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\mantle64.dll 2015-12-21 10:25 - 2015-12-21 10:25 - 00132080 _____ C:\WINDOWS\SysWOW64\amdhdl32.dll 2015-12-21 10:25 - 2015-12-21 10:25 - 00130064 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\atiu9p64.dll 2015-12-21 10:25 - 2015-12-21 10:25 - 00122352 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\mantle32.dll 2015-12-21 10:25 - 2015-12-21 10:25 - 00117600 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\amdave64.dll 2015-12-21 10:25 - 2015-12-21 10:25 - 00111600 _____ C:\WINDOWS\system32\hsa-thunk64.dll 2015-12-21 10:25 - 2015-12-21 10:25 - 00111088 _____ C:\WINDOWS\SysWOW64\hsa-thunk.dll 2015-12-21 10:25 - 2015-12-21 10:25 - 00110320 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\amdave32.dll 2015-12-21 10:25 - 2015-12-21 10:25 - 00103408 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\mantleaxl64.dll 2015-12-21 10:25 - 2015-12-21 10:25 - 00097776 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\atisamu64.dll 2015-12-21 10:25 - 2015-12-21 10:25 - 00096752 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\mantleaxl32.dll 2015-12-21 10:25 - 2015-12-21 10:25 - 00089584 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\atisamu32.dll 2015-12-21 10:25 - 2015-12-21 10:25 - 00088000 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\atimpc64.dll 2015-12-21 10:25 - 2015-12-21 10:25 - 00088000 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\amdpcom64.dll 2015-12-21 10:25 - 2015-12-21 10:25 - 00083952 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\atig6pxx.dll 2015-12-21 10:25 - 2015-12-21 10:25 - 00081160 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\atimpc32.dll 2015-12-21 10:25 - 2015-12-21 10:25 - 00081160 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\amdpcom32.dll 2015-12-21 10:25 - 2015-12-21 10:25 - 00078320 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\atiglpxx.dll 2015-12-21 10:25 - 2015-12-21 10:25 - 00078320 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\atiglpxx.dll 2015-12-21 10:25 - 2015-12-21 10:25 - 00073712 _____ (Khronos Group) C:\WINDOWS\system32\OpenCL.dll 2015-12-21 10:25 - 2015-12-21 10:25 - 00071152 _____ (Advanced Micro Devices Inc.) C:\WINDOWS\system32\aticalrt64.dll 2015-12-21 10:25 - 2015-12-21 10:25 - 00068080 _____ (Khronos Group) C:\WINDOWS\SysWOW64\OpenCL.dll 2015-12-21 10:25 - 2015-12-21 10:25 - 00064496 _____ (Advanced Micro Devices Inc.) C:\WINDOWS\system32\aticalcl64.dll 2015-12-21 10:25 - 2015-12-21 10:25 - 00060912 _____ (Advanced Micro Devices Inc.) C:\WINDOWS\SysWOW64\aticalrt.dll 2015-12-21 10:25 - 2015-12-21 10:25 - 00059888 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\system32\ATIODCLI.exe 2015-12-21 10:25 - 2015-12-21 10:25 - 00059376 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\amdmmcl6.dll 2015-12-21 10:25 - 2015-12-21 10:25 - 00057840 _____ (Advanced Micro Devices Inc.) C:\WINDOWS\SysWOW64\aticalcl.dll 2015-12-21 10:25 - 2015-12-21 10:25 - 00052208 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\system32\Drivers\ati2erec.dll 2015-12-21 10:25 - 2015-12-21 10:25 - 00048112 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\amdmmcl.dll 2015-12-21 10:25 - 2015-12-21 10:25 - 00038384 _____ (AMD) C:\WINDOWS\system32\atimuixx.dll 2015-12-21 10:25 - 2015-12-21 10:25 - 00012784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\detoured.dll 2015-12-21 10:25 - 2015-12-21 10:25 - 00012784 _____ (Microsoft Corporation) C:\WINDOWS\system32\detoured.dll 2015-12-20 20:56 - 2015-12-20 20:56 - 00478062 _____ C:\Users\Daniel\Desktop\20151220.pdf 2015-12-20 17:19 - 2015-12-22 11:07 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox 2015-12-20 13:28 - 2015-12-21 14:29 - 00283623 _____ C:\Users\Daniel\Desktop\Dienstplan_TV_Cannstatt.xlsm 2015-12-20 10:36 - 2015-12-20 10:36 - 00255478 _____ C:\Users\Daniel\Downloads\Dienstplan_Änderung2_NEU (1).xlsm 2015-12-20 10:36 - 2015-12-20 10:36 - 00255478 _____ C:\Users\Daniel\Desktop\Dienstplan_Änderung2_NEU (1).xlsm 2015-12-18 10:57 - 2015-12-18 11:03 - 606692048 _____ (Sirrix AG) C:\Users\Daniel\Downloads\Browser_In_The_Box.4.1.4-r150.chrome.Archive.exe 2015-12-18 10:41 - 2015-12-19 19:28 - 00000222 _____ C:\Users\Daniel\Desktop\nicht angreiffen.txt 2015-12-18 10:36 - 2015-12-18 10:36 - 00617444 _____ C:\Users\Daniel\Downloads\Browser-in-the-Box_Benutzerhandbuch.pdf 2015-12-16 15:10 - 2015-12-16 15:10 - 00025360 _____ C:\Users\Daniel\Documents\far-Flung Prairie.mrf 2015-12-15 21:23 - 2015-12-15 21:23 - 00034360 _____ C:\Users\Daniel\Documents\nightfall swamp.mrf 2015-12-15 18:10 - 2015-12-15 18:11 - 21852240 _____ C:\Users\Daniel\Downloads\Smoothies.rar 2015-12-15 17:33 - 2015-12-15 17:33 - 00280112 _____ C:\WINDOWS\Minidump\121515-9359-01.dmp 2015-12-15 15:47 - 2015-12-15 15:47 - 00006660 _____ C:\Users\Daniel\Downloads\Rechnung Nr. 15005998.pdf 2015-12-15 13:56 - 2015-12-15 13:56 - 00023026 _____ C:\Users\Daniel\Downloads\Vodafone-Internet--Telefon-Kuendigung (1) (1).pdf 2015-12-15 13:53 - 2015-12-15 13:53 - 00023026 _____ C:\Users\Daniel\Downloads\Vodafone-Internet--Telefon-Kuendigung (1).pdf 2015-12-15 13:52 - 2015-12-15 13:53 - 00023026 _____ C:\Users\Daniel\Downloads\Vodafone-Internet--Telefon-Kuendigung.pdf 2015-12-15 13:36 - 2015-12-15 13:36 - 00000000 ____D C:\Users\Daniel\AppData\Roaming\Sirrix AG 2015-12-15 13:35 - 2015-12-15 13:35 - 00211398 _____ C:\Users\Daniel\Desktop\kündigung strom.pdf 2015-12-15 13:26 - 2015-12-18 11:04 - 00001332 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Browser in the Box.lnk 2015-12-15 13:26 - 2015-12-18 11:04 - 00001320 _____ C:\Users\Public\Desktop\Browser in the Box.lnk 2015-12-15 13:26 - 2015-12-15 13:26 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Browser in the Box 2015-12-15 13:25 - 2015-12-15 13:25 - 00000000 ____D C:\ProgramData\Sirrix AG 2015-12-15 13:25 - 2015-12-15 13:25 - 00000000 ____D C:\Program Files (x86)\Sirrix AG 2015-12-15 13:21 - 2015-12-15 13:21 - 00000000 ____D C:\Program Files\Oracle 2015-12-15 13:14 - 2015-12-15 13:19 - 565717248 _____ (Sirrix AG) C:\Users\Daniel\Downloads\Browser_In_The_Box.4.1.4-r150.firefox.Archive.exe 2015-12-15 13:12 - 2015-12-17 19:43 - 00002252 _____ C:\Users\Public\Desktop\Google Chrome.lnk 2015-12-15 13:11 - 2015-12-15 13:11 - 00927824 _____ (Google Inc.) C:\Users\Daniel\Downloads\ChromeSetup (1).exe 2015-12-15 12:47 - 2015-12-15 12:47 - 00436869 _____ C:\Users\Daniel\Downloads\Kündigung-strom-umzug-form (1).pdf 2015-12-15 12:44 - 2015-12-15 12:45 - 00436869 _____ C:\Users\Daniel\Downloads\Kündigung-strom-umzug-form.pdf 2015-12-15 12:28 - 2015-12-15 12:36 - 24149323 _____ C:\Users\Daniel\Downloads\Malwarebytes Anti-Malware Premium 2.2.0.1024.rar 2015-12-15 12:21 - 2015-12-22 17:54 - 00192216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys 2015-12-15 12:20 - 2015-12-15 13:10 - 00001165 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2015-12-15 12:20 - 2015-12-15 12:20 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 2015-12-15 12:20 - 2015-12-15 12:20 - 00000000 ____D C:\ProgramData\Malwarebytes 2015-12-15 12:20 - 2015-12-15 12:20 - 00000000 ____D C:\Program Files (x86)\ Malwarebytes Anti-Malware 2015-12-15 12:20 - 2015-10-05 09:50 - 00109272 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamchameleon.sys 2015-12-15 12:20 - 2015-10-05 09:50 - 00064216 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys 2015-12-15 12:20 - 2015-10-05 09:50 - 00025816 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys 2015-12-15 12:17 - 2015-12-15 12:18 - 22908888 _____ (Malwarebytes ) C:\Users\Daniel\Downloads\mbam-setup-2.2.0.1024.exe 2015-12-15 12:09 - 2015-12-15 12:09 - 00003530 _____ C:\WINDOWS\System32\Tasks\Ahonaradra 2015-12-15 12:02 - 2015-12-15 12:59 - 00000000 ____D C:\Users\Daniel\AppData\Roaming\systweak 2015-12-15 12:02 - 2015-11-20 19:27 - 00019888 _____ C:\WINDOWS\system32\roboot64.exe 2015-12-15 12:01 - 2015-12-15 12:01 - 00003774 _____ C:\WINDOWS\System32\Tasks\SoftUpgrade 2015-12-15 12:01 - 2015-12-15 12:01 - 00000000 ____D C:\Users\Daniel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BandwidthStat 2015-12-15 12:01 - 2015-12-15 12:01 - 00000000 ____D C:\Users\Daniel\AppData\Roaming\BandwidthStat 2015-12-15 12:01 - 2015-12-15 12:01 - 00000000 ____D C:\Program Files (x86)\SoftUpgrade 2015-12-15 11:58 - 2015-12-22 18:03 - 00000364 ____H C:\WINDOWS\Tasks\WOXRGHDNAFGIQKGK.job 2015-12-15 11:58 - 2015-12-15 12:24 - 00000000 ____D C:\ProgramData\Service1104 2015-12-15 11:58 - 2015-12-15 11:58 - 00003442 _____ C:\WINDOWS\System32\Tasks\WOXRGHDNAFGIQKGK 2015-12-15 11:58 - 2015-12-15 11:58 - 00000000 ____D C:\ProgramData\19a87fa1ec024bbcbb41931263354405 2015-12-15 11:57 - 2015-12-15 11:57 - 00275717 _____ C:\Users\Daniel\Documents\151210 Rechnung_Lingel.pdf 2015-12-15 11:35 - 2015-12-15 11:35 - 00000000 ____D C:\ProgramData\{FD6F83C0-EC70-4581-8361-C70CD1AA4B98} 2015-12-15 11:34 - 2015-12-15 11:34 - 00026528 _____ (REALiX(tm)) C:\WINDOWS\SysWOW64\Drivers\HWiNFO64A.SYS 2015-12-15 11:34 - 2015-12-15 11:34 - 00000000 ____D C:\WINDOWS\Tasks\ImCleanDisabled 2015-12-15 11:34 - 2015-01-10 15:32 - 00128288 _____ (IObit) C:\WINDOWS\system32\IObitSmartDefragExtension.dll 2015-12-15 11:34 - 2014-06-04 15:17 - 00034080 _____ (IObit) C:\WINDOWS\system32\SmartDefragBootTime.exe 2015-12-15 11:33 - 2015-12-22 11:52 - 00000000 ____D C:\ProgramData\ProductData 2015-12-15 11:33 - 2015-12-15 11:41 - 00000000 ____D C:\Users\Daniel\AppData\Roaming\IObit 2015-12-15 11:33 - 2015-12-15 11:40 - 00000000 ____D C:\ProgramData\IObit 2015-12-15 11:33 - 2015-12-15 11:33 - 00000000 ____D C:\Users\Daniel\AppData\Roaming\ProductData 2015-12-15 11:33 - 2015-12-15 11:33 - 00000000 ____D C:\Users\Daniel\AppData\Roaming\Apple Computer 2015-12-15 11:33 - 2015-12-15 11:33 - 00000000 ____D C:\Users\Daniel\AppData\LocalLow\IObit 2015-12-15 11:32 - 2015-12-15 11:41 - 00000000 ____D C:\Program Files (x86)\IObit 2015-12-15 11:32 - 2015-12-15 11:32 - 30003568 _____ (IObit ) C:\Users\Daniel\Downloads\IObit-Malware-Fighter-Setup3409.exe 2015-12-15 11:16 - 2015-12-15 11:16 - 17529025 _____ C:\Users\Daniel\Documents\151210 Rechnung Lingel.pdf 2015-12-15 11:11 - 2015-12-15 11:59 - 00000000 ____D C:\Users\Daniel\AppData\Roaming\cpuminer 2015-12-15 11:11 - 2015-12-15 11:58 - 00000008 _____ C:\END 2015-12-15 11:11 - 2015-12-15 11:11 - 00003160 _____ C:\WINDOWS\System32\Tasks\spw3016 2015-12-15 11:10 - 2015-12-22 17:54 - 00000000 ____D C:\Program Files (x86)\QuickSearch 2015-12-15 11:09 - 2015-12-15 12:58 - 00000000 ____D C:\Users\Daniel\AppData\Local\SmartWeb 2015-12-15 11:05 - 2015-12-15 11:13 - 00000000 ____D C:\Users\Daniel\AppData\Roaming\Opera Software 2015-12-15 11:05 - 2015-12-15 11:13 - 00000000 ____D C:\Users\Daniel\AppData\Local\Opera Software 2015-12-15 11:04 - 2015-12-15 11:05 - 17231872 _____ C:\Users\Daniel\Downloads\epson374980eu.exe 2015-12-15 11:03 - 2015-12-15 13:04 - 00000000 ____D C:\Program Files (x86)\03000200-1450173802-0500-0006-000700080009 2015-12-15 11:03 - 2015-12-15 11:02 - 00004182 _____ C:\WINDOWS\system32\Drivers\etc\hp.bak 2015-12-15 11:02 - 2015-12-15 13:07 - 00000306 __RSH C:\Users\Daniel\ntuser.pol 2015-12-15 11:02 - 2015-12-15 13:07 - 00000306 __RSH C:\ProgramData\ntuser.pol 2015-12-15 11:01 - 2015-12-15 11:01 - 00003294 _____ C:\WINDOWS\System32\Tasks\{9049D845-5093-42F1-ABE4-823668FF2E6F} 2015-12-15 10:59 - 2015-12-15 10:59 - 12793856 _____ C:\Users\Daniel\Downloads\epson325480eu.exe 2015-12-15 10:57 - 2015-12-15 10:57 - 25198592 _____ C:\Users\Daniel\Downloads\epson324666eu.dmg 2015-12-14 20:52 - 2015-12-14 20:52 - 00030000 _____ C:\Users\Daniel\Documents\13.mrf 2015-12-14 14:28 - 2015-12-14 14:32 - 00027280 _____ C:\Users\Daniel\Documents\sunshine beach.mrf 2015-12-14 14:23 - 2015-12-14 14:23 - 31302583 _____ C:\Users\Daniel\Downloads\auv116.pdf 2015-12-14 14:23 - 2015-12-14 14:23 - 31302583 _____ C:\Users\Daniel\Downloads\auv116 (1).pdf 2015-12-14 14:22 - 2015-12-14 14:23 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype 2015-12-14 14:22 - 2015-12-14 14:22 - 00000000 ___RD C:\Program Files (x86)\Skype 2015-12-14 14:11 - 2015-12-14 14:15 - 11692510 _____ C:\Users\Daniel\Downloads\GLGzFAmSSuC(zA.rar 2015-12-14 14:05 - 2015-12-14 14:15 - 32280461 _____ C:\Users\Daniel\Downloads\Nicht bestätigt 522240.crdownload 2015-12-14 13:48 - 2015-12-14 13:48 - 00030280 _____ C:\Users\Daniel\Documents\Climbing Olympus.mrf 2015-12-14 13:20 - 2015-12-15 16:21 - 00000000 ____D C:\Users\Daniel\AppData\Roaming\Mouse Recorder 2015-12-14 13:20 - 2015-12-14 13:20 - 00000000 ____D C:\ProgramData\MouseRecorder 2015-12-14 13:20 - 2015-12-14 13:20 - 00000000 ____D C:\ProgramData\Mouse Recorder 2015-12-14 13:20 - 2015-12-14 13:20 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MouseRecorder 2015-12-14 13:20 - 2015-12-14 13:20 - 00000000 ____D C:\Program Files (x86)\MouseRecorder 2015-12-14 13:19 - 2015-12-14 13:21 - 02467080 _____ (Bartels Media GmbH ) C:\Users\Daniel\Downloads\MouseRecorderSetup1042.exe 2015-12-14 13:17 - 2015-12-14 13:17 - 02331531 _____ C:\Users\Daniel\Downloads\MRP276Setup.zip 2015-12-14 13:10 - 2015-12-14 13:10 - 00000000 ____D C:\Users\Daniel\Documents\My Recorded Scripts 2015-12-14 13:10 - 2015-12-14 13:10 - 00000000 ____D C:\Users\Daniel\AppData\Roaming\Mouse Recorder Pro 2015-12-14 13:10 - 2015-12-14 13:10 - 00000000 ____D C:\Users\Daniel\AppData\Local\Nemex 2015-12-14 13:09 - 2015-12-14 13:09 - 02332069 _____ C:\Users\Daniel\Downloads\mrp275setup.zip 2015-12-14 13:01 - 2015-12-14 13:01 - 00842440 _____ (ghost-mouse.com ) C:\Users\Daniel\Downloads\GhostMouse323-Setup (1).exe 2015-12-14 12:55 - 2015-12-15 13:10 - 00001682 _____ C:\Users\Public\Desktop\BlueStacks.lnk 2015-12-14 12:55 - 2015-12-15 13:08 - 00001742 _____ C:\Users\Daniel\AppData\Roaming\Microsoft\Windows\Start Menu\BlueStacks.lnk 2015-12-14 12:55 - 2015-12-14 13:01 - 00842440 _____ (ghost-mouse.com ) C:\Users\Daniel\Downloads\GhostMouse323-Setup.exe 2015-12-14 12:55 - 2015-12-14 12:55 - 00000000 ____D C:\ProgramData\BlueStacksGameManager 2015-12-14 12:54 - 2015-12-14 12:54 - 00000000 ____D C:\Users\Daniel\AppData\Local\fabi.me 2015-12-14 12:53 - 2015-12-14 12:55 - 00000000 ____D C:\Program Files (x86)\BlueStacks 2015-12-14 12:53 - 2015-12-14 12:54 - 00000000 ____D C:\ProgramData\BlueStacks 2015-12-14 12:53 - 2015-12-14 12:53 - 00094899 _____ C:\Users\Daniel\Downloads\SpeedAutoClicker.zip 2015-12-14 12:46 - 2015-12-14 12:47 - 308301520 _____ (BlueStack Systems Inc.) C:\Users\Daniel\Downloads\BlueStacks2-Installer_native.exe 2015-12-12 19:59 - 2015-12-01 08:01 - 02115936 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys 2015-12-12 19:59 - 2015-12-01 06:51 - 07523840 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll 2015-12-12 19:59 - 2015-12-01 05:59 - 05455360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll 2015-12-12 19:59 - 2015-11-25 06:42 - 04532304 _____ (Microsoft Corporation) C:\WINDOWS\explorer.exe 2015-12-12 19:59 - 2015-11-25 06:33 - 03622272 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll 2015-12-12 19:59 - 2015-11-25 06:27 - 01366680 _____ (Microsoft Corporation) C:\WINDOWS\system32\user32.dll 2015-12-12 19:59 - 2015-11-25 06:12 - 04047288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\explorer.exe 2015-12-12 19:59 - 2015-11-25 06:09 - 01310880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\user32.dll 2015-12-12 19:59 - 2015-11-25 06:01 - 02879024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll 2015-12-12 19:59 - 2015-11-25 05:49 - 01569280 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Globalization.dll 2015-12-12 19:59 - 2015-11-25 05:44 - 21872640 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll 2015-12-12 19:59 - 2015-11-25 05:42 - 24592384 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll 2015-12-12 19:59 - 2015-11-25 05:36 - 01710592 _____ (Microsoft Corporation) C:\WINDOWS\system32\SRHInproc.dll 2015-12-12 19:59 - 2015-11-25 05:35 - 00929792 _____ (Microsoft Corporation) C:\WINDOWS\system32\SRH.dll 2015-12-12 19:59 - 2015-11-25 05:35 - 00845824 _____ (Microsoft Corporation) C:\WINDOWS\system32\Magnify.exe 2015-12-12 19:59 - 2015-11-25 05:34 - 12504576 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll 2015-12-12 19:59 - 2015-11-25 05:31 - 00121344 _____ (Microsoft Corporation) C:\WINDOWS\system32\DAMM.dll 2015-12-12 19:59 - 2015-11-25 05:30 - 00171008 _____ (Microsoft Corporation) C:\WINDOWS\system32\dot3mm.dll 2015-12-12 19:59 - 2015-11-25 05:29 - 01649152 _____ (Microsoft Corporation) C:\WINDOWS\system32\comsvcs.dll 2015-12-12 19:59 - 2015-11-25 05:29 - 00355328 _____ (Microsoft Corporation) C:\WINDOWS\system32\ninput.dll 2015-12-12 19:59 - 2015-11-25 05:28 - 00523776 _____ (Microsoft Corporation) C:\WINDOWS\system32\catsrvut.dll 2015-12-12 19:59 - 2015-11-25 05:27 - 02180608 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll 2015-12-12 19:59 - 2015-11-25 05:23 - 19323392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll 2015-12-12 19:59 - 2015-11-25 05:23 - 03588096 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys 2015-12-12 19:59 - 2015-11-25 05:23 - 00587776 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieui.dll 2015-12-12 19:59 - 2015-11-25 05:22 - 01717248 _____ (Microsoft Corporation) C:\WINDOWS\system32\GdiPlus.dll 2015-12-12 19:59 - 2015-11-25 05:22 - 01383424 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys 2015-12-12 19:59 - 2015-11-25 05:22 - 00603648 _____ (Microsoft Corporation) C:\WINDOWS\system32\duser.dll 2015-12-12 19:59 - 2015-11-25 05:19 - 01795584 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.dll 2015-12-12 19:59 - 2015-11-25 05:18 - 01233920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Globalization.dll 2015-12-12 19:59 - 2015-11-25 05:17 - 00774656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SRH.dll 2015-12-12 19:59 - 2015-11-25 05:16 - 01442816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SRHInproc.dll 2015-12-12 19:59 - 2015-11-25 05:16 - 00786432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Magnify.exe 2015-12-12 19:59 - 2015-11-25 05:11 - 00296960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ninput.dll 2015-12-12 19:59 - 2015-11-25 05:10 - 18801664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll 2015-12-12 19:59 - 2015-11-25 05:10 - 01328128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\comsvcs.dll 2015-12-12 19:59 - 2015-11-25 05:10 - 00415744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\catsrvut.dll 2015-12-12 19:59 - 2015-11-25 05:05 - 11263488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll 2015-12-12 19:59 - 2015-11-25 05:04 - 01467392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GdiPlus.dll 2015-12-12 19:59 - 2015-11-25 05:04 - 00480768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\duser.dll 2015-12-12 19:59 - 2015-11-25 05:04 - 00474624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieui.dll 2015-12-12 19:58 - 2015-12-01 07:03 - 00008192 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\gpuenergydrv.sys 2015-12-12 19:58 - 2015-12-01 06:54 - 00771072 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll 2015-12-12 19:58 - 2015-12-01 06:49 - 04792320 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll 2015-12-12 19:58 - 2015-12-01 06:02 - 03580416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll 2015-12-12 19:58 - 2015-11-25 06:42 - 00168288 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetworkUXBroker.exe 2015-12-12 19:58 - 2015-11-25 06:41 - 01822280 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll 2015-12-12 19:58 - 2015-11-25 06:40 - 00516448 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBHUB3.SYS 2015-12-12 19:58 - 2015-11-25 06:32 - 00113184 _____ (Microsoft Corporation) C:\WINDOWS\system32\userenv.dll 2015-12-12 19:58 - 2015-11-25 06:11 - 01532984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll 2015-12-12 19:58 - 2015-11-25 05:59 - 00092992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\userenv.dll 2015-12-12 19:58 - 2015-11-25 05:49 - 00498688 _____ (Microsoft Corporation) C:\WINDOWS\system32\WlanMediaManager.dll 2015-12-12 19:58 - 2015-11-25 05:49 - 00467456 _____ (Microsoft Corporation) C:\WINDOWS\system32\MBMediaManager.dll 2015-12-12 19:58 - 2015-11-25 05:49 - 00270336 _____ (Microsoft Corporation) C:\WINDOWS\system32\RasMediaManager.dll 2015-12-12 19:58 - 2015-11-25 05:48 - 00146944 _____ (Microsoft Corporation) C:\WINDOWS\system32\EthernetMediaManager.dll 2015-12-12 19:58 - 2015-11-25 05:48 - 00126464 _____ (Microsoft Corporation) C:\WINDOWS\system32\DAMediaManager.dll 2015-12-12 19:58 - 2015-11-25 05:37 - 02350592 _____ (Microsoft Corporation) C:\WINDOWS\system32\authui.dll 2015-12-12 19:58 - 2015-11-25 05:36 - 00022528 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usb8023.sys 2015-12-12 19:58 - 2015-11-25 05:30 - 00147968 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rmcast.sys 2015-12-12 19:58 - 2015-11-25 05:30 - 00080896 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hdaudbus.sys 2015-12-12 19:58 - 2015-11-25 05:28 - 00572928 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll 2015-12-12 19:58 - 2015-11-25 05:26 - 00849408 _____ (Microsoft Corporation) C:\WINDOWS\system32\comdlg32.dll 2015-12-12 19:58 - 2015-11-25 05:26 - 00181760 _____ (Microsoft Corporation) C:\WINDOWS\system32\shutdownux.dll 2015-12-12 19:58 - 2015-11-25 05:25 - 00324096 _____ (Microsoft Corporation) C:\WINDOWS\system32\profsvc.dll 2015-12-12 19:58 - 2015-11-25 05:25 - 00067072 _____ (Microsoft Corporation) C:\WINDOWS\system32\profext.dll 2015-12-12 19:58 - 2015-11-25 05:22 - 00007168 _____ (Microsoft Corporation) C:\WINDOWS\system32\kbdgeoqw.dll 2015-12-12 19:58 - 2015-11-25 05:22 - 00007168 _____ (Microsoft Corporation) C:\WINDOWS\system32\KBDAZST.DLL 2015-12-12 19:58 - 2015-11-25 05:22 - 00007168 _____ (Microsoft Corporation) C:\WINDOWS\system32\KBDAZEL.DLL 2015-12-12 19:58 - 2015-11-25 05:22 - 00007168 _____ (Microsoft Corporation) C:\WINDOWS\system32\KBDAZE.DLL 2015-12-12 19:58 - 2015-11-25 05:19 - 00185344 _____ (Microsoft Corporation) C:\WINDOWS\system32\psmsrv.dll 2015-12-12 19:58 - 2015-11-25 05:13 - 02153984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\authui.dll 2015-12-12 19:58 - 2015-11-25 05:10 - 00503296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll 2015-12-12 19:58 - 2015-11-25 05:08 - 00749568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\comdlg32.dll 2015-12-12 19:58 - 2015-11-25 05:07 - 00053248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\profext.dll 2015-12-12 19:58 - 2015-11-25 05:04 - 00007168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kbdgeoqw.dll 2015-12-12 19:58 - 2015-11-25 05:04 - 00007168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KBDAZST.DLL 2015-12-12 19:58 - 2015-11-25 05:04 - 00007168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KBDAZEL.DLL 2015-12-12 19:58 - 2015-11-25 05:04 - 00007168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KBDAZE.DLL 2015-12-12 19:58 - 2015-11-25 03:52 - 00775312 _____ C:\WINDOWS\SysWOW64\locale.nls 2015-12-12 19:58 - 2015-11-25 03:52 - 00775312 _____ C:\WINDOWS\system32\locale.nls 2015-12-06 18:50 - 2015-12-06 18:50 - 01142543 _____ C:\Users\Daniel\Downloads\Bewerbung_Melanie_Schwab 1.zip 2015-12-06 18:50 - 2015-12-06 18:50 - 01142543 _____ C:\Users\Daniel\Downloads\Bewerbung_Melanie_Schwab 1 (1).zip 2015-12-06 18:49 - 2015-12-06 18:49 - 04397665 _____ C:\Users\Daniel\Downloads\Bewerbung_Melanie_Schwab (1).zip 2015-12-06 18:48 - 2015-12-06 18:48 - 01142560 _____ C:\Users\Daniel\Downloads\Bewerbung_Melanie_Schwab.zip 2015-12-06 18:19 - 2015-12-06 18:19 - 03984004 _____ C:\Users\Daniel\Downloads\Bewerbung_Erzieherin_Daniele_Maier.pdf 2015-12-06 18:06 - 2015-12-06 18:06 - 00291489 _____ C:\Users\Daniel\Downloads\20151127131614271.pdf 2015-12-06 17:50 - 2015-12-06 17:50 - 00109513 _____ C:\Users\Daniel\Desktop\Anmeldung.pdf 2015-12-03 18:29 - 2015-12-03 18:29 - 00169351 _____ C:\Users\Daniel\Downloads\WAZ.pdf 2015-11-30 21:32 - 2015-11-30 21:32 - 00064681 _____ C:\Users\Daniel\Downloads\Rückseite.pdf 2015-11-30 21:31 - 2015-11-30 21:31 - 00064681 _____ C:\Users\Daniel\Desktop\Rückseite.pdf 2015-11-30 21:29 - 2015-11-30 21:29 - 00032176 _____ C:\Users\Daniel\Desktop\Vorderseite.pdf 2015-11-30 21:25 - 2015-11-30 21:25 - 04889088 _____ C:\Users\Daniel\Downloads\Da Carlo Front Visit.zdl 2015-11-30 21:25 - 2015-11-30 21:25 - 01163776 _____ C:\Users\Daniel\Downloads\Da Carlo Back Visit.zdl 2015-11-29 20:16 - 2015-11-29 20:16 - 00457667 _____ C:\Users\Daniel\Downloads\maui.pdf 2015-11-26 16:19 - 2015-11-26 17:43 - 00000000 ____D C:\Users\Daniel\Desktop\Schwab Melli 2015-11-25 16:11 - 2015-11-25 16:11 - 00255478 _____ C:\Users\Daniel\Desktop\Dienstplan_Änderung2_NEU.xlsm 2015-11-25 16:00 - 2015-11-25 16:00 - 00273974 _____ C:\Users\Daniel\Downloads\Dienstplan_Änderung2_NEU.xlsm 2015-11-25 15:59 - 2015-11-25 15:59 - 00076125 _____ C:\Users\Daniel\Downloads\Kopie von Dienstplan_Änderung2 (1).xlsx ==================== Ein Monat: Geänderte Dateien und Ordner ======== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.) 2015-12-22 18:21 - 2015-07-10 10:05 - 00000000 ____D C:\Windows 2015-12-22 18:21 - 2015-02-13 17:03 - 00000000 ____D C:\ProgramData\TwonkyServer 2015-12-22 18:18 - 2014-05-05 05:08 - 00000000 ____D C:\Users\Daniel\AppData\Roaming\Skype 2015-12-22 18:16 - 2014-08-16 20:56 - 00000000 ____D C:\Program Files\Common Files\Adobe 2015-12-22 18:16 - 2014-05-26 12:17 - 00000000 ____D C:\ProgramData\Adobe 2015-12-22 18:16 - 2014-05-05 05:03 - 00000000 ____D C:\Users\Daniel\AppData\Roaming\Adobe 2015-12-22 18:15 - 2014-05-26 12:17 - 00000000 ____D C:\Program Files (x86)\Adobe 2015-12-22 18:02 - 2014-06-07 19:47 - 00000884 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job 2015-12-22 18:00 - 2015-08-01 19:33 - 01790124 _____ C:\WINDOWS\system32\PerfStringBackup.INI 2015-12-22 18:00 - 2015-07-10 17:34 - 00771100 _____ C:\WINDOWS\system32\perfh007.dat 2015-12-22 18:00 - 2015-07-10 17:34 - 00153964 _____ C:\WINDOWS\system32\perfc007.dat 2015-12-22 18:00 - 2015-07-10 12:02 - 00000000 ____D C:\WINDOWS\INF 2015-12-22 17:58 - 2014-11-03 18:22 - 00000000 ____D C:\ProgramData\BlueStacksSetup 2015-12-22 17:54 - 2014-05-05 05:06 - 00001134 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job 2015-12-22 17:53 - 2015-08-01 19:20 - 00000000 _____ C:\WINDOWS\system32\Drivers\lvuvc.hs 2015-12-22 17:53 - 2015-07-10 13:21 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT 2015-12-22 17:53 - 2015-07-10 12:04 - 00000000 ____D C:\WINDOWS\AppReadiness 2015-12-22 17:53 - 2015-07-10 10:05 - 00524288 ___SH C:\WINDOWS\system32\config\BBI 2015-12-22 17:53 - 2014-06-23 15:11 - 00065536 _____ C:\WINDOWS\system32\spu_storage.bin 2015-12-22 17:51 - 2014-05-13 20:10 - 00000000 ____D C:\Users\Daniel\AppData\Roaming\Notepad++ 2015-12-22 17:45 - 2015-04-02 10:03 - 00000000 ____D C:\Users\Daniel\AppData\Roaming\uTorrent 2015-12-22 17:24 - 2014-05-05 05:06 - 00001138 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job 2015-12-22 15:45 - 2015-08-08 19:27 - 00004160 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{88EEB1D5-370C-4812-9418-EDF692A916C5} 2015-12-22 14:51 - 2015-07-10 12:04 - 00000000 ___HD C:\Program Files\WindowsApps 2015-12-22 11:50 - 2015-08-01 19:21 - 00000000 ____D C:\Users\postgres 2015-12-22 11:28 - 2015-07-10 12:04 - 00000000 ____D C:\WINDOWS\Registration 2015-12-22 11:27 - 2015-08-01 19:21 - 00000000 ____D C:\Users\Daniel 2015-12-22 11:09 - 2015-07-10 12:04 - 00000000 ____D C:\WINDOWS\system32\NDF 2015-12-22 11:07 - 2014-05-29 11:18 - 00000000 ____D C:\Users\Daniel\AppData\Local\CrashDumps 2015-12-22 11:07 - 2014-05-13 19:27 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service 2015-12-22 02:00 - 2014-06-23 14:35 - 00000000 ____D C:\Users\Daniel\AppData\Local\Adobe 2015-12-21 15:41 - 2015-08-16 17:58 - 00000000 ____D C:\Program Files (x86)\StarMoney 9.0 2015-12-21 11:06 - 2015-10-03 15:02 - 00010560 _____ C:\Users\Daniel\Desktop\Lego-Architecture.xlsx 2015-12-21 10:28 - 2015-08-01 19:20 - 00000000 ____D C:\ProgramData\AMD 2015-12-21 10:28 - 2015-08-01 19:20 - 00000000 ____D C:\Program Files (x86)\ATI Technologies 2015-12-21 10:27 - 2014-05-05 05:07 - 00000000 ____D C:\AMD 2015-12-21 10:25 - 2015-08-25 19:22 - 21648880 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\system32\Drivers\atikmdag.sys 2015-12-21 10:25 - 2015-08-25 19:22 - 00255472 _____ (AMD) C:\WINDOWS\system32\atiesrxx.exe 2015-12-21 10:25 - 2015-07-16 01:12 - 00162232 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\atiuxp64.dll 2015-12-21 10:25 - 2015-07-16 01:11 - 12088000 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\atidxx64.dll 2015-12-21 10:25 - 2015-07-16 01:11 - 10211016 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\atidxx32.dll 2015-12-21 10:25 - 2015-07-16 01:11 - 08009360 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\atiumdva.dll 2015-12-21 10:25 - 2015-07-16 01:11 - 07482560 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\atiumdag.dll 2015-12-21 10:25 - 2015-07-16 01:11 - 01479808 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\aticfx64.dll 2015-12-21 10:25 - 2015-07-16 01:11 - 01223544 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\aticfx32.dll 2015-12-21 10:25 - 2015-07-16 01:11 - 00143056 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\atiuxpag.dll 2015-12-21 10:25 - 2015-07-16 01:11 - 00112360 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\atiu9pag.dll 2015-12-21 10:25 - 2015-07-16 00:17 - 00683504 _____ (AMD) C:\WINDOWS\system32\atieclxx.exe 2015-12-21 10:25 - 2015-07-16 00:13 - 00674288 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\system32\Drivers\atikmpag.sys 2015-12-21 10:25 - 2015-07-16 00:12 - 00874480 _____ (AMD) C:\WINDOWS\system32\coinst_15.20.dll 2015-12-20 10:37 - 2014-05-05 05:03 - 00000000 ____D C:\Users\Daniel\AppData\Local\Packages 2015-12-18 19:58 - 2015-09-19 10:01 - 00023600 _____ C:\Users\Daniel\Desktop\Kaufpreis Backnang.xlsx 2015-12-18 17:14 - 2015-07-10 17:44 - 00000000 ____D C:\WINDOWS\ShellNew 2015-12-18 10:51 - 2013-08-22 16:36 - 00000000 ____D C:\WINDOWS\system32\GroupPolicy 2015-12-17 18:52 - 2015-08-20 15:17 - 00002099 _____ C:\Users\Public\Desktop\Sony PC Companion 2.1.lnk 2015-12-17 18:52 - 2014-07-10 16:29 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sony 2015-12-17 18:52 - 2014-05-05 05:08 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information 2015-12-17 14:36 - 2015-07-10 12:04 - 00000000 ____D C:\WINDOWS\LiveKernelReports 2015-12-15 17:33 - 2015-08-15 18:33 - 00000000 ____D C:\WINDOWS\Minidump 2015-12-15 13:24 - 2014-11-03 18:30 - 00000000 ____D C:\Users\Daniel\.VirtualBox 2015-12-15 13:11 - 2015-08-01 19:25 - 00001540 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk 2015-12-15 13:11 - 2015-06-26 22:05 - 00001162 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CDBurnerXP.lnk 2015-12-15 13:11 - 2014-12-29 16:10 - 00000971 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 10.lnk 2015-12-15 13:11 - 2014-10-20 18:02 - 00000942 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GIMP 2.lnk 2015-12-15 13:11 - 2014-08-16 20:58 - 00000890 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Bridge CS6 (64bit).lnk 2015-12-15 13:11 - 2014-08-16 20:57 - 00001527 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe ExtendScript Toolkit CS6.lnk 2015-12-15 13:11 - 2014-08-16 17:13 - 00001750 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Rainmeter.lnk 2015-12-15 13:11 - 2014-05-13 19:27 - 00001159 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk 2015-12-15 13:10 - 2015-08-26 18:40 - 00001218 _____ C:\Users\Public\Desktop\CDBurnerXP.lnk 2015-12-15 13:10 - 2015-08-16 18:00 - 00002234 _____ C:\Users\Public\Desktop\StarMoney 9.0.lnk 2015-12-15 13:08 - 2015-08-01 20:21 - 00002425 _____ C:\Users\Daniel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk 2015-12-15 13:08 - 2015-05-16 13:40 - 00002158 _____ C:\Users\Daniel\AppData\Roaming\Microsoft\Windows\Start Menu\KÜCHEN QUELLE 3D.lnk 2015-12-15 13:08 - 2015-01-18 17:42 - 00001033 _____ C:\Users\Daniel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\iPadian.lnk 2015-12-15 13:08 - 2015-01-08 18:29 - 00001822 _____ C:\Users\Daniel\AppData\Roaming\Microsoft\Windows\Start Menu\Coral Poker.lnk 2015-12-15 13:08 - 2014-12-16 14:46 - 00001830 _____ C:\Users\Daniel\AppData\Roaming\Microsoft\Windows\Start Menu\Winner Poker.lnk 2015-12-15 13:08 - 2014-08-21 15:45 - 00001136 _____ C:\ProgramData\Microsoft\Windows\Start Menu\LINE.lnk 2015-12-15 13:08 - 2014-07-25 19:12 - 00001792 _____ C:\ProgramData\Microsoft\Windows\Start Menu\24hPoker.lnk 2015-12-15 13:08 - 2014-07-02 16:36 - 00001102 _____ C:\ProgramData\Microsoft\Windows\Start Menu\PokerStars.eu.lnk 2015-12-15 13:08 - 2014-06-14 19:21 - 00001120 _____ C:\Users\Daniel\AppData\Roaming\Microsoft\Windows\Start Menu\PokerStars.eu.lnk 2015-12-15 13:08 - 2014-05-18 20:21 - 00000295 _____ C:\Users\Daniel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Papierkorb.lnk 2015-12-15 13:08 - 2014-05-17 11:36 - 00001079 _____ C:\Users\Daniel\AppData\Roaming\Microsoft\Windows\Start Menu\PokerRanger.lnk 2015-12-15 13:08 - 2014-05-05 15:46 - 00001188 _____ C:\Users\Daniel\AppData\Roaming\Microsoft\Windows\Start Menu\Startfenster.lnk 2015-12-15 13:08 - 2014-05-05 15:24 - 00000811 _____ C:\Users\Daniel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Betfair.com Poker.lnk 2015-12-15 13:07 - 2015-10-12 19:18 - 00002180 _____ C:\Users\Daniel\Desktop\AusweisApp2.lnk 2015-12-15 12:04 - 2015-08-01 20:18 - 00000000 __RHD C:\Users\Public\AccountPictures 2015-12-15 11:12 - 2014-10-20 17:34 - 00000000 ____D C:\WINDOWS\system32\appmgmt 2015-12-14 22:26 - 2015-07-10 12:04 - 00000000 ____D C:\WINDOWS\rescache 2015-12-14 22:20 - 2015-09-06 12:11 - 00000000 ____D C:\WINDOWS\Panther 2015-12-14 22:15 - 2015-10-30 20:28 - 00000000 ___HD C:\$WINDOWS.~BT 2015-12-14 19:15 - 2015-07-10 13:20 - 04962496 _____ C:\WINDOWS\system32\FNTCACHE.DAT 2015-12-14 14:22 - 2014-05-05 05:08 - 00000000 ____D C:\Users\Daniel\AppData\Local\Skype 2015-12-14 14:22 - 2014-05-05 05:07 - 00000000 ____D C:\ProgramData\Skype 2015-12-14 14:19 - 2015-07-10 12:04 - 00000000 ____D C:\WINDOWS\system32\oobe 2015-12-14 12:55 - 2015-07-10 12:04 - 00000000 __RHD C:\Users\Public\Libraries 2015-12-14 12:50 - 2014-11-03 18:25 - 00000000 ____D C:\Program Files\Andy 2015-12-14 11:44 - 2014-05-05 14:40 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013 2015-12-14 11:44 - 2014-05-05 14:38 - 00000000 ____D C:\ProgramData\Microsoft Help 2015-12-14 11:43 - 2013-08-22 14:25 - 00000167 _____ C:\WINDOWS\win.ini 2015-12-14 11:41 - 2014-05-10 14:33 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight 2015-12-14 11:40 - 2014-05-10 14:33 - 00000000 ____D C:\Program Files\Microsoft Silverlight 2015-12-14 11:40 - 2014-05-10 14:33 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight 2015-12-14 11:39 - 2015-07-10 11:55 - 00000000 ____D C:\WINDOWS\CbsTemp 2015-12-14 11:38 - 2014-05-07 16:59 - 00000000 ____D C:\WINDOWS\system32\MRT 2015-12-14 11:32 - 2014-05-07 16:59 - 140158008 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe 2015-12-14 09:46 - 2014-05-05 05:05 - 00000000 ___RD C:\Users\Daniel\OneDrive 2015-12-12 19:44 - 2014-06-14 19:21 - 00000000 ____D C:\Users\Daniel\AppData\Local\PokerStars.EU 2015-12-09 04:39 - 2014-05-07 18:25 - 00301728 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe 2015-12-06 11:19 - 2014-05-05 05:06 - 00004196 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA 2015-12-06 11:19 - 2014-05-05 05:06 - 00003964 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore 2015-12-06 11:04 - 2014-08-16 21:42 - 00000000 ____D C:\ProgramData\regid.1986-12.com.adobe 2015-12-06 11:04 - 2014-05-05 14:37 - 00000000 ____D C:\Users\Daniel\AppData\Local\AMD 2015-12-01 01:32 - 2015-10-03 15:01 - 00826872 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe 2015-12-01 01:32 - 2015-10-03 15:01 - 00176632 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl ==================== Dateien im Wurzelverzeichnis einiger Verzeichnisse ======= 2014-11-27 21:25 - 2014-11-27 21:25 - 0004676 _____ () C:\Users\Daniel\AppData\Local\recently-used.xbel 2015-05-16 13:40 - 2015-05-16 13:40 - 0370070 _____ () C:\Users\Daniel\AppData\Local\SquareClock.Production_Home_KQ_WebIcon.ico 2015-02-13 17:03 - 2015-02-13 17:03 - 0000011 _____ () C:\ProgramData\.tv7 2014-05-05 15:24 - 2014-05-05 15:24 - 0558105 _____ () C:\ProgramData\1399299703.bdinstall.bin 2015-01-05 15:23 - 2015-01-05 15:23 - 0259192 _____ () C:\ProgramData\1420467746.bdinstall.bin 2015-02-08 16:01 - 2015-02-08 16:01 - 0740775 _____ () C:\ProgramData\AndyDrivers.zip 2015-08-01 19:19 - 2015-08-01 19:19 - 0000000 ____H () C:\ProgramData\DP45977C.lfl 2014-08-09 18:17 - 2014-08-09 18:17 - 0005044 _____ () C:\ProgramData\flwjycbm.bab Einige Dateien in TEMP: ==================== C:\Users\Daniel\AppData\Local\Temp\prog.exe C:\Users\Daniel\AppData\Local\Temp\tmp6407.exe C:\Users\Daniel\AppData\Local\Temp\tmpF8DA.exe C:\Users\Daniel\AppData\Local\Temp\Uninstall.exe C:\Users\Daniel\AppData\Local\Temp\upd.exe ==================== Bamital & volsnap ================= (Es ist kein automatischer Fix für Dateien vorhanden, die an der Verifikation gescheitert sind.) C:\WINDOWS\system32\winlogon.exe => Datei ist digital signiert C:\WINDOWS\system32\wininit.exe => Datei ist digital signiert C:\WINDOWS\explorer.exe => Datei ist digital signiert C:\WINDOWS\SysWOW64\explorer.exe => Datei ist digital signiert C:\WINDOWS\system32\svchost.exe => Datei ist digital signiert C:\WINDOWS\SysWOW64\svchost.exe => Datei ist digital signiert C:\WINDOWS\system32\services.exe => Datei ist digital signiert C:\WINDOWS\system32\User32.dll => Datei ist digital signiert C:\WINDOWS\SysWOW64\User32.dll => Datei ist digital signiert C:\WINDOWS\system32\userinit.exe => Datei ist digital signiert C:\WINDOWS\SysWOW64\userinit.exe => Datei ist digital signiert C:\WINDOWS\system32\rpcss.dll => Datei ist digital signiert C:\WINDOWS\system32\dnsapi.dll => Datei ist digital signiert C:\WINDOWS\SysWOW64\dnsapi.dll => Datei ist digital signiert C:\WINDOWS\system32\Drivers\volsnap.sys => Datei ist digital signiert LastRegBack: 2015-12-14 22:04 ==================== Ende von FRST.txt ============================ Addition.txt FRST Additions Logfile: Code:
ATTFilter Zusätzliches Untersuchungsergebnis von Farbar Recovery Scan Tool (x64) Version:20-12-2015
durchgeführt von Daniel (2015-12-22 18:22:32)
Gestartet von C:\Users\Daniel\Desktop
Windows 10 Pro (X64) (2015-08-01 19:18:38)
Start-Modus: Normal
==========================================================
==================== Konten: =============================
Administrator (S-1-5-21-2676936528-1030403693-891089861-500 - Administrator - Disabled)
BitBox (S-1-5-21-2676936528-1030403693-891089861-1013 - Limited - Enabled)
Daniel (S-1-5-21-2676936528-1030403693-891089861-1001 - Administrator - Enabled) => C:\Users\Daniel
DefaultAccount (S-1-5-21-2676936528-1030403693-891089861-503 - Limited - Disabled)
Gast (S-1-5-21-2676936528-1030403693-891089861-501 - Limited - Disabled)
Gl0ba_000 (S-1-5-21-2676936528-1030403693-891089861-1007 - Administrator - Enabled) => C:\Users\Gl0ba_000
HomeGroupUser$ (S-1-5-21-2676936528-1030403693-891089861-1003 - Limited - Enabled)
postgres (S-1-5-21-2676936528-1030403693-891089861-1006 - Limited - Enabled) => C:\Users\postgres
==================== Sicherheits-Center ========================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er entfernt.)
AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installierte Programme ======================
(Nur Adware-Programme mit dem Zusatz "Hidden" können in die Fixlist aufgenommen werden, um sie sichtbar zu machen. Die Adware-Programme sollten manuell deinstalliert werden.)
24hPoker (HKLM-x32\...\24hPoker (Poker)) (Version: 16.6.2.11243 - )
Adobe Flash Player 20 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 20.0.0.235 - Adobe Systems Incorporated)
Advanced WarCraft3 Configurator (remove only) (HKLM-x32\...\AWC) (Version: - )
ALNO AG Küchenplaner (HKLM-x32\...\{A89131FD-3D18-4DA8-84C8-622423011B51}_is1) (Version: 14a - ALNO AG)
AMD Catalyst Control Center (HKLM-x32\...\WUCCCApp) (Version: 1.00.0000 - AMD)
AMD Catalyst Install Manager (HKLM\...\{572C982F-95F5-0562-AE8F-8A9D7D024A88}) (Version: 8.0.916.0 - Advanced Micro Devices, Inc.)
Android SDK Tools (HKLM-x32\...\Android SDK Tools) (Version: 1.16 - Google Inc.)
Andy OS (HKLM-x32\...\Andy OS) (Version: 0.43 - Andy OS, Inc)
AusweisApp2 (HKLM-x32\...\{1C785E05-CFC7-43BE-9A52-9FB39C180CB8}) (Version: 1.2.2 - Governikus GmbH & Co. KG)
BandwidthStat (HKU\S-1-5-21-2676936528-1030403693-891089861-1001\...\BandwidthStat) (Version: 1.0 - BandwidthStat)
Betfair.com Poker (HKU\S-1-5-21-2676936528-1030403693-891089861-1001\...\Betfair.com Poker) (Version: - )
Betfair.com Poker (HKU\S-1-5-21-2676936528-1030403693-891089861-1006\...\Betfair.com Poker) (Version: - )
BlueStacks App Player (HKLM-x32\...\{1996E857-C787-4205-B4FF-73FDB117DCED}) (Version: 2.0.1.5621 - BlueStack Systems, Inc.)
Browser in the Box (HKLM-x32\...\BitBox) (Version: 4.1.4-r150 - Sirrix AG)
Business Card Designer Plus 11 (HKLM-x32\...\BCDP11_is1) (Version: - CAM Development)
Camtasia Studio 8 (HKLM-x32\...\{419CEBE1-36E9-4AB2-8586-D6213AE28621}) (Version: 8.4.0.1699 - TechSmith Corporation)
CDBurnerXP (HKLM-x32\...\{7E265513-8CDA-4631-B696-F40D983F3B07}_is1) (Version: 4.5.5.5790 - CDBurnerXP)
Coral Poker (HKU\S-1-5-21-2676936528-1030403693-891089861-1001\...\Coral Poker) (Version: - )
Coupon Printer for Windows (HKLM-x32\...\Coupon Printer for Windows5.0.1.3) (Version: 5.0.1.3 - Coupons.com Incorporated)
DesignPro 5 (HKLM-x32\...\InstallShield_{F82C6574-AD88-4B40-A432-970BC77F1BD2}) (Version: 5.5.708 - Avery)
DesignPro 5 (x32 Version: 5.5.708 - Avery) Hidden
devolo Cockpit (HKLM-x32\...\dlancockpit) (Version: 4.2.3.0 - devolo AG)
DHTML Editing Component (HKLM-x32\...\{2EA870FA-585F-4187-903D-CB9FFD21E2E0}) (Version: 6.02.0001 - Microsoft Corporation)
EPSON SX410 Series Printer Uninstall (HKLM\...\EPSON SX410 Series) (Version: - SEIKO EPSON Corporation)
etope Lister 2 (HKLM-x32\...\etope Lister_is1) (Version: - Freshworx GmbH & Co.KG)
FileZilla Client 3.13.0 (HKLM-x32\...\FileZilla Client) (Version: 3.13.0 - Tim Kosse)
Flashtool (HKLM-x32\...\Flashtool) (Version: 0.9.18.3 - Androxyde)
Full Tilt Poker.Eu (HKLM-x32\...\{127BEFB3-24B2-4B44-8E99-AD22C2A5A8ED}) (Version: 5.22.10.WIN.FullTilt.EU - )
Genymotion version 2.4.0 (HKLM\...\{6D180286-D4DF-40EF-9227-923B9C07C08A}_is1) (Version: 2.4.0 - Genymobile)
GetFLV 9.6.2.9 (HKLM-x32\...\GetFLV_is1) (Version: - GetFLV, Inc.)
GIMP 2.8.14 (HKLM\...\GIMP-2_is1) (Version: 2.8.14 - The GIMP Team)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 47.0.2526.106 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.29.1 - Google Inc.) Hidden
Holdem Manager 2 (HKLM-x32\...\HoldemManager2) (Version: - )
ICCup Launcher (HKLM-x32\...\ICCup Launcher_is1) (Version: 1.6 - ICCup)
Java 7 Update 51 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217051FF}) (Version: 7.0.510 - Oracle)
Java 7 Update 60 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F06417060FF}) (Version: 7.0.600 - Oracle)
Java 8 Update 25 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418025F0}) (Version: 8.0.250 - Oracle Corporation)
Java SE Development Kit 7 Update 60 (64-bit) (HKLM\...\{64A3A4F4-B792-11D6-A78A-00B0D0170600}) (Version: 1.7.0.600 - Oracle)
Java SE Development Kit 8 Update 5 (64-bit) (HKLM\...\{64A3A4F4-B792-11D6-A78A-00B0D0180050}) (Version: 8.0.50 - Oracle Corporation)
JDownloader 2 (HKLM\...\jdownloader2) (Version: 2.0 - AppWork GmbH)
KÜCHEN QUELLE 3D (HKU\S-1-5-21-2676936528-1030403693-891089861-1001\...\SquareClock_Production_Home_KQ_Web) (Version: - 3DVIA SAS)
LINE (HKLM-x32\...\LINE) (Version: 4.1.2.525 - LINE Corporation)
MakeMKV v1.9.0 (HKLM-x32\...\MakeMKV) (Version: v1.9.0 - GuinpinSoft inc)
Malwarebytes Anti-Malware Version 2.2.0.1024 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.0.1024 - Malwarebytes)
Microsoft Office Professional Plus 2013 (HKLM\...\Office15.PROPLUS) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.41105.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Visual Studio 2010-Tools für Office-Laufzeit (x64) Language Pack - DEU (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - DEU) (Version: 10.0.50903 - Microsoft Corporation)
MouseRecorder v1.0.42 (HKLM-x32\...\MouseRecorder_is1) (Version: 1.0.42 - Bartels Media GmbH)
Mozilla Firefox 43.0.1 (x86 de) (HKLM-x32\...\Mozilla Firefox 43.0.1 (x86 de)) (Version: 43.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 43.0.1.5828 - Mozilla)
Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.6.2 - Notepad++ Team)
Oracle VM VirtualBox 5.0.10_Sirrix (HKLM\...\{15DB0BEC-4D4B-4471-9E37-2FB454965C05}) (Version: 5.0.10 - Sirrix AG)
Outils de vérification linguistique 2013 de Microsoft Office*- Français (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
PDF Settings CS6 (x32 Version: 11.0 - Adobe Systems Incorporated) Hidden
PDF24 Creator 6.4.1 (HKLM-x32\...\{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1) (Version: - PDF24.org)
PokerRanger (HKLM-x32\...\PokerRanger) (Version: - Michael A. Voelkel)
PokerStars.eu (HKLM-x32\...\PokerStars.eu) (Version: - PokerStars.eu)
PokerStrategy.com Equilab (HKLM-x32\...\{86D09F48-CDAB-4B4C-8806-F6C16F17935A}) (Version: 1.2.8.0 - PokerStrategy.com)
PokerTracker 4 (remove only) (HKLM-x32\...\PokerTracker4) (Version: - )
PostgreSQL 8.4 (HKLM-x32\...\PostgreSQL 8.4) (Version: 8.4 - PostgreSQL Global Development Group)
Rainmeter (HKLM-x32\...\Rainmeter) (Version: 3.1 beta r2211 - )
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7535 - Realtek Semiconductor Corp.)
Roadkil's Unstoppable Copier Version 5.2 (HKLM-x32\...\{A306FD29-7D3A-4287-91AC-9A0180931395}_is1) (Version: - Roadkil.Net)
Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{D82063A8-7C8C-4C3B-A9BB-95138CA55D26}) (Version: - Microsoft)
Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (Version: - Microsoft) Hidden
Skype™ 7.16 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.16.102 - Skype Technologies S.A.)
Sony Mobile Update Engine (HKLM-x32\...\Update Engine) (Version: 2.15.9.201506301709 - Sony Mobile Communications Inc.)
Sony PC Companion 2.10.303 (HKLM-x32\...\{F09EF8F2-0976-42C1-8D9D-8DF78337C6E3}) (Version: 2.10.303 - Sony)
StarCraft (HKLM-x32\...\StarCraft) (Version: - Blizzard Entertainment)
StarMoney (x32 Version: 4.0.8.25 - StarFinanz) Hidden
StarMoney 9.0 (HKLM-x32\...\{FCC4357A-A357-4909-B67D-4C713548A97F}) (Version: 9.0 - Star Finanz GmbH)
TeamSpeak 3 Client (HKLM-x32\...\TeamSpeak 3 Client) (Version: 3.0.16 - TeamSpeak Systems GmbH)
TeamViewer 10 (HKLM-x32\...\TeamViewer) (Version: 10.0.36897 - TeamViewer)
Turbo Lister 2 (HKLM-x32\...\{8927E07C-97F7-4A54-88FB-D976F50DD46E}) (Version: 2.00.0000 - eBay Inc.)
Twonky Server (HKLM-x32\...\TwonkyServer) (Version: 7.2.3.0 - PacketVideo)
Universal Adb Driver (HKLM-x32\...\{D9C4202E-6D51-4B06-A8F1-22316E654BCA}) (Version: 1.0.0 - ClockworkMod)
Update for Skype for Business 2015 (KB3039776) 64-Bit Edition (HKLM\...\{90150000-012B-0407-1000-0000000FF1CE}_Office15.PROPLUS_{5D2260D6-DB16-41DC-915B-A39BF4F66362}) (Version: - Microsoft)
VirtualCloneDrive (HKLM-x32\...\VirtualCloneDrive) (Version: 5.4.7.0 - Elaborate Bytes)
VLC media player 2.1.4 (HKLM\...\VLC media player) (Version: 2.1.4 - VideoLAN)
Warcraft III (HKLM-x32\...\Warcraft III) (Version: - )
Winner Poker (HKU\S-1-5-21-2676936528-1030403693-891089861-1001\...\winnerpoker) (Version: - )
WinRAR 5.01 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 5.01.0 - win.rar GmbH)
==================== Benutzerdefinierte CLSID (Nicht auf der Ausnahmeliste): ==========================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
CustomCLSID: HKU\S-1-5-21-2676936528-1030403693-891089861-1001_Classes\CLSID\{71DCE5D6-4B57-496B-AC21-CD5B54EB93FD}\localserver32 -> C:\Users\Daniel\AppData\Local\Microsoft\OneDrive\17.3.6281.1202\FileCoAuth.exe (Microsoft Corporation)
==================== Wiederherstellungspunkte =========================
22-12-2015 18:14:35 Removed Adobe Reader XI (11.0.13) - Deutsch.
==================== Hosts Inhalt: ==========================
(Wenn benötigt kann der Hosts: Schalter in die Fixlist aufgenommen werden um die Hosts Datei zurückzusetzen.)
2013-08-22 14:25 - 2015-12-22 18:20 - 00001262 ____A C:\WINDOWS\system32\Drivers\etc\hosts
127.0.0.1 192.150.14.69
127.0.0.1 192.150.18.101
127.0.0.1 192.150.18.108
127.0.0.1 192.150.22.4
127.0.0.1 192.150.22.40
127.0.0.1 192.150.8.100
127.0.0.1 192.150.8.118
127.0.0.1 192.168.112.207
127.0.0.1 192.168.112.2o7.net
127.0.0.1 194.224.66.48
127.0.0.1 199.7.52.190
127.0.0.1 199.7.52.190:80
127.0.0.1 199.7.54.72
127.0.0.1 199.7.54.72:80
127.0.0.1 209.34.83.67
127.0.0.1 209.34.83.67:43
127.0.0.1 209.34.83.67:443
127.0.0.1 209.34.83.73
127.0.0.1 209.34.83.73:43
127.0.0.1 209.34.83.73:443
==================== Geplante Aufgaben (Nicht auf der Ausnahmeliste) =============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
Task: {0D4EE4C0-C7D6-4D3A-81E2-A19A5990EC0D} - System32\Tasks\SoftUpgrade => C:\Program Files (x86)\SoftUpgrade\softup.exe [2015-12-01] ()
Task: {10A445EC-5812-459B-AB19-3EDBC80EB37E} - System32\Tasks\{9049D845-5093-42F1-ABE4-823668FF2E6F} => pcalua.exe -a C:\Users\Daniel\Downloads\epson325480eu.exe -d C:\Users\Daniel\Downloads
Task: {19192A32-34DD-4A03-A38D-B888B0D8A4B5} - System32\Tasks\{04A1AFE4-B868-406E-980C-5285134DB7CD} => pcalua.exe -a "C:\Users\Daniel\Desktop\USB VCOM Driver\install_driver.exe" -d "C:\Users\Daniel\Desktop\USB VCOM Driver"
Task: {1A081C88-BE90-499C-A32A-2F72BBA8AE85} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-12-12] (Adobe Systems Incorporated)
Task: {25E7AED0-66D0-49C9-875F-3D90724BFD45} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation)
Task: {26C149ED-D3CD-4CC4-BF7A-B365D3930DC6} - \AutoKMS -> Keine Datei <==== ACHTUNG
Task: {29BCDCEF-5D03-45D0-954F-BA95F786AA3D} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> Keine Datei <==== ACHTUNG
Task: {2C34182D-826A-4049-B023-E33E6C57A78D} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2015-12-14] (Microsoft Corporation)
Task: {30720E03-8606-45DC-935D-0C6DDE2C60B0} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> Keine Datei <==== ACHTUNG
Task: {31CB0D50-2B69-4633-8AC6-3BB1A9A369C0} - System32\Tasks\AdobeAAMUpdater-1.0-Globality-Daniel => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2015-08-05] (Adobe Systems Incorporated)
Task: {3E3A08A1-4A29-4FFB-AD24-2E2A7E937FFB} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> Keine Datei <==== ACHTUNG
Task: {4ADC82BA-5D20-44A9-A007-49384C560CD7} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe [2014-01-23] (Microsoft Corporation)
Task: {5071EA31-FC77-4ACA-8EFC-E26A6A297D54} - \SmartWeb Upgrade Trigger Task -> Keine Datei <==== ACHTUNG
Task: {51830C57-7B39-4137-8081-94A14D0093E2} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> Keine Datei <==== ACHTUNG
Task: {5DE863B4-E0C5-4E86-9F52-801FA2B6210D} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-10-28] (Adobe Systems Incorporated)
Task: {65D9614B-71AB-4FA3-9710-7CBA1509B463} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-09-06] (Google Inc.)
Task: {6A60CB4C-7828-489A-8839-75C6BA3B4281} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> Keine Datei <==== ACHTUNG
Task: {6C87DDAE-46B3-4972-A2C3-5DD8D40ED8BA} - System32\Tasks\Ahonaradra => C:\ProgramData\Ahonaradra\1.0.7.1\vlotifox.exe
Task: {6E5102ED-DE5B-444E-81FD-40CDD6DCD691} - \SwiftSearch Auto Updater 1.10.0.25 Core -> Keine Datei <==== ACHTUNG
Task: {80016EDB-E276-499C-B2E8-CE4CEDD252AE} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> Keine Datei <==== ACHTUNG
Task: {8349288D-1F49-4203-BBB2-AE5A3099B1A5} - System32\Tasks\spw3016 => C:\Program Files (x86)\QuickSearch\spw3016.exe [2015-12-01] () <==== ACHTUNG
Task: {913B0182-B33B-4682-B8E9-F4E0C9B0C022} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> Keine Datei <==== ACHTUNG
Task: {B0677499-1F3A-4830-A73C-686C8F60B2B6} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> Keine Datei <==== ACHTUNG
Task: {B2C027EB-4715-4128-B2E2-153DB2C21BD2} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> Keine Datei <==== ACHTUNG
Task: {B616205F-BEC7-43E0-9210-2459C73CE583} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-09-06] (Google Inc.)
Task: {B7A31BED-B7FF-44A2-8968-F05FA6EAB4C6} - \SwiftSearch Auto Updater 1.10.0.25 Pending Update -> Keine Datei <==== ACHTUNG
Task: {E45D9012-778B-4B8C-ACDF-FA1D5D205CC7} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> Keine Datei <==== ACHTUNG
Task: {E6C20D06-5920-4CB4-96E0-906A774B8027} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation)
Task: {E850C883-1B0B-4502-9D71-7351BB937B6D} - System32\Tasks\WOXRGHDNAFGIQKGK => C:\ProgramData\Service1104\Service1104.exe <==== ACHTUNG
Task: {F2DDDD76-1783-4D8E-9127-CF6A50B82B7E} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> Keine Datei <==== ACHTUNG
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Aufgabe verschoben. Die Datei, die durch die Aufgabe gestartet wird, wird nicht verschoben.)
Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\WOXRGHDNAFGIQKGK.job => C:\ProgramData\Service1104\Service1104.exe <==== ACHTUNG
==================== Verknüpfungen =============================
(Die Einträge können gelistet werden, um sie zurückzusetzen oder zu entfernen.)
==================== Geladene Module (Nicht auf der Ausnahmeliste) ==============
2015-08-01 20:12 - 2015-08-01 20:12 - 00032768 _____ () C:\WINDOWS\SYSTEM32\licensemanagerapi.dll
2015-07-15 20:39 - 2015-07-15 20:39 - 00214528 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Container.PerformanceTuning.dll
2014-02-11 06:08 - 2014-02-11 06:08 - 00817152 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Device.dll
2014-02-11 06:08 - 2014-02-11 06:08 - 03650560 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Platform.dll
2015-08-19 08:53 - 2015-08-11 10:14 - 00404480 _____ () C:\WINDOWS\System32\diagtrack_wininternal.dll
2013-05-23 14:57 - 2013-05-23 14:57 - 00885576 _____ () C:\Program Files (x86)\Twonky\TwonkyServer\twonkyproxy.exe
2013-05-23 14:58 - 2013-05-23 14:58 - 02204488 _____ () C:\Program Files (x86)\Twonky\TwonkyServer\TwonkyServer.exe
2015-10-01 02:38 - 2015-09-17 07:48 - 02494712 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
2015-12-01 21:15 - 2015-12-01 21:15 - 00058684 _____ () C:\Program Files (x86)\QuickSearch\spw3016.exe
2015-10-01 02:38 - 2015-09-17 07:48 - 02494712 _____ () C:\WINDOWS\System32\CoreUIComponents.dll
2015-08-15 13:42 - 2015-08-15 13:42 - 00043480 _____ () C:\Program Files\FileZilla FTP Client\fzshellext_64.dll
2015-10-01 02:38 - 2015-09-17 06:48 - 00429056 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\QuickActions.dll
2015-07-10 11:59 - 2015-07-10 11:59 - 00143360 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\XamlTileRendering.dll
2014-07-10 16:29 - 2015-06-10 10:13 - 00113024 _____ () C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanionInfo.exe
2013-12-23 08:07 - 2013-12-23 08:07 - 00036536 _____ () C:\Program Files\Rainmeter\Rainmeter.exe
2013-12-23 08:07 - 2013-12-23 08:07 - 00793784 _____ () C:\Program Files\Rainmeter\Rainmeter.dll
2013-12-23 08:04 - 2013-12-23 08:04 - 00025088 _____ () C:\Program Files\Rainmeter\Plugins\QuotePlugin.dll
2015-07-15 20:38 - 2015-07-15 20:38 - 00102400 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Proxy.Native.dll
2015-12-12 19:59 - 2015-11-25 05:20 - 06569472 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2015-12-12 19:58 - 2015-11-25 05:17 - 00471040 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2015-12-12 19:59 - 2015-11-25 05:17 - 01808384 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2015-10-01 02:38 - 2015-09-17 06:43 - 02274816 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2015-07-10 12:00 - 2015-07-10 17:43 - 00210432 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.ProxyStub.dll
2010-12-23 11:06 - 2010-12-23 11:06 - 00028672 _____ () C:\Program Files (x86)\Sirrix AG\BitBox\bin\cx_Logging.pyd
2012-10-27 15:21 - 2012-10-27 15:21 - 00098816 _____ () C:\Program Files (x86)\Sirrix AG\BitBox\bin\win32api.pyd
2012-10-27 15:20 - 2012-10-27 15:20 - 00110080 _____ () C:\Program Files (x86)\Sirrix AG\BitBox\bin\pywintypes27.dll
2012-10-27 15:20 - 2012-10-27 15:20 - 00018432 _____ () C:\Program Files (x86)\Sirrix AG\BitBox\bin\win32event.pyd
2012-10-27 15:20 - 2012-10-27 15:20 - 00119808 _____ () C:\Program Files (x86)\Sirrix AG\BitBox\bin\win32file.pyd
2012-10-27 15:21 - 2012-10-27 15:21 - 00167936 _____ () C:\Program Files (x86)\Sirrix AG\BitBox\bin\win32gui.pyd
2012-10-27 15:20 - 2012-10-27 15:20 - 00024064 _____ () C:\Program Files (x86)\Sirrix AG\BitBox\bin\win32pipe.pyd
2012-10-27 15:20 - 2012-10-27 15:20 - 00035840 _____ () C:\Program Files (x86)\Sirrix AG\BitBox\bin\win32process.pyd
2012-10-27 15:20 - 2012-10-27 15:20 - 00017408 _____ () C:\Program Files (x86)\Sirrix AG\BitBox\bin\win32profile.pyd
2012-10-27 15:20 - 2012-10-27 15:20 - 00108544 _____ () C:\Program Files (x86)\Sirrix AG\BitBox\bin\win32security.pyd
2012-10-27 15:21 - 2012-10-27 15:21 - 00022528 _____ () C:\Program Files (x86)\Sirrix AG\BitBox\bin\win32ts.pyd
2012-10-27 15:22 - 2012-10-27 15:22 - 00364544 _____ () C:\Program Files (x86)\Sirrix AG\BitBox\bin\pythoncom27.dll
2012-10-27 15:23 - 2012-10-27 15:23 - 00320512 _____ () C:\Program Files (x86)\Sirrix AG\BitBox\bin\win32com.shell.shell.pyd
2014-06-30 16:04 - 2014-06-30 16:04 - 00087552 _____ () C:\Program Files (x86)\Sirrix AG\BitBox\bin\_ctypes.pyd
2014-06-30 16:04 - 2014-06-30 16:04 - 00715264 _____ () C:\Program Files (x86)\Sirrix AG\BitBox\bin\_hashlib.pyd
2014-06-30 16:03 - 2014-06-30 16:03 - 00046080 _____ () C:\Program Files (x86)\Sirrix AG\BitBox\bin\_socket.pyd
2014-06-30 16:04 - 2014-06-30 16:04 - 01160704 _____ () C:\Program Files (x86)\Sirrix AG\BitBox\bin\_ssl.pyd
2012-10-27 15:20 - 2012-10-27 15:20 - 00025600 _____ () C:\Program Files (x86)\Sirrix AG\BitBox\bin\win32cred.pyd
2012-10-27 15:20 - 2012-10-27 15:20 - 00011264 _____ () C:\Program Files (x86)\Sirrix AG\BitBox\bin\win32crypt.pyd
2012-10-27 15:20 - 2012-10-27 15:20 - 00064512 _____ () C:\Program Files (x86)\Sirrix AG\BitBox\bin\win32net.pyd
2015-12-15 11:33 - 2014-10-16 10:26 - 00622880 _____ () C:\Program Files (x86)\IObit\LiveUpdate\ProductStatistics.dll
2015-08-16 17:59 - 2011-01-13 10:44 - 00232800 _____ () C:\Program Files (x86)\StarMoney 9.0\ouservice\PATCHW32.dll
2014-05-05 05:11 - 2014-02-18 09:11 - 00172032 _____ () c:\postgreSQL\bin\LIBPQ.dll
2014-05-05 05:11 - 2012-08-14 14:19 - 00999424 _____ () c:\postgreSQL\bin\libxml2.dll
2013-05-23 14:58 - 2013-05-23 14:58 - 00222024 _____ () C:\Program Files (x86)\Twonky\TwonkyServer\wmdrmdll.dll
2015-12-22 17:54 - 2015-12-22 17:54 - 00013824 _____ () C:\WINDOWS\TEMP\nslC16D.tmp\UAC.dll
2015-12-22 17:54 - 2015-12-22 17:54 - 00011264 _____ () C:\WINDOWS\TEMP\nslC16D.tmp\System.dll
2015-12-22 17:54 - 2015-12-22 17:54 - 00006656 _____ () C:\WINDOWS\TEMP\nslC16D.tmp\nsExec.dll
2015-12-22 17:54 - 2015-12-22 17:54 - 00011264 _____ () C:\WINDOWS\TEMP\nsc452.tmp\System.dll
2014-07-10 16:29 - 2012-04-30 10:57 - 00039936 _____ () C:\Program Files (x86)\Sony\Sony PC Companion\TMonitorAPI.dll
2014-07-10 16:29 - 2015-10-20 17:44 - 00242176 _____ () C:\Program Files (x86)\Sony\Sony PC Companion\MExplorer.dll
2011-07-07 13:54 - 2011-07-07 13:54 - 00233984 _____ () C:\Program Files (x86)\Sony\Sony PC Companion\Report.dll
2015-03-23 18:19 - 2015-03-23 18:19 - 02620416 _____ () C:\Program Files (x86)\Sony\Sony PC Companion\libxt.dll
2014-07-10 16:29 - 2015-04-21 12:22 - 00053248 _____ () C:\Program Files (x86)\Sony\Sony PC Companion\VObject.dll
2015-06-24 16:46 - 2015-06-24 16:46 - 00801792 _____ () C:\Program Files (x86)\Sony\Sony PC Companion\PhoneUpdate.dll
2015-08-18 03:20 - 2015-08-18 03:20 - 03129368 _____ () C:\Program Files (x86)\Naver\LINE\ampkit_windows.dll
2015-07-03 06:44 - 2015-07-03 06:44 - 00123416 _____ () C:\Program Files (x86)\Naver\LINE\PlayerHelper.dll
2015-11-25 20:18 - 2015-11-25 20:18 - 00147136 ____R () C:\Program Files (x86)\Skype\Phone\ssScreenVVS2.dll
2015-12-10 17:55 - 2015-12-14 12:54 - 03287552 _____ () C:\Program Files (x86)\BlueStacks\libGLESv2.dll
2015-08-15 13:42 - 2015-08-15 13:42 - 00039384 _____ () C:\Program Files\FileZilla FTP Client\fzshellext.dll
2015-12-17 19:38 - 2015-12-11 04:54 - 01583432 _____ () C:\Program Files (x86)\Google\Chrome\Application\47.0.2526.106\libglesv2.dll
2015-12-17 19:38 - 2015-12-11 04:54 - 00081224 _____ () C:\Program Files (x86)\Google\Chrome\Application\47.0.2526.106\libegl.dll
2015-12-17 19:38 - 2015-12-11 04:54 - 16573256 _____ () C:\Program Files (x86)\Google\Chrome\Application\47.0.2526.106\PepperFlash\pepflashplayer.dll
==================== Alternate Data Streams (Nicht auf der Ausnahmeliste) =========
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird nur der ADS entfernt.)
AlternateDataStreams: C:\Users\Daniel\Downloads\24hpoker.exe:BDU
AlternateDataStreams: C:\Users\Daniel\Downloads\awc117_setup.exe:BDU
AlternateDataStreams: C:\Users\Daniel\Downloads\bcdp115_setup.exe:BDU
AlternateDataStreams: C:\Users\Daniel\Downloads\dotNetFx40_Full_setup.exe:BDU
AlternateDataStreams: C:\Users\Daniel\Downloads\dotNetFx45_Full_setup.exe:BDU
AlternateDataStreams: C:\Users\Daniel\Downloads\Downloader_StarCraft_Combo_enGB (1).exe:BDU
AlternateDataStreams: C:\Users\Daniel\Downloads\Downloader_StarCraft_Combo_enGB.exe:BDU
AlternateDataStreams: C:\Users\Daniel\Downloads\driver_setup.exe:BDU
AlternateDataStreams: C:\Users\Daniel\Downloads\Firefox Setup Stub 29.0.1 (1).exe:BDU
AlternateDataStreams: C:\Users\Daniel\Downloads\Firefox Setup Stub 29.0.1.exe:BDU
AlternateDataStreams: C:\Users\Daniel\Downloads\Rainmeter-3.1-r2211-beta.exe:BDU
AlternateDataStreams: C:\Users\Daniel\Downloads\Rainmeter-3.2-r2302-beta.exe:BDU
AlternateDataStreams: C:\Users\Daniel\Downloads\TeamViewer_Setup_de.exe:BDU
AlternateDataStreams: C:\Users\Daniel\Downloads\Tunngle_Setup_v4.5.1.4b.exe:BDU
AlternateDataStreams: C:\Users\Daniel\Downloads\UnstopCpy_5_2_Win2K_UP_Setup.exe:BDU
==================== Abgesicherter Modus (Nicht auf der Ausnahmeliste) ===================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Der Wert "AlternateShell" wird wiederhergestellt.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\zcengine => ""="service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\zcwfp => ""="Driver"
==================== EXE Verknüpfungen (Nicht auf der Ausnahmeliste) ===============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt.)
==================== Internet Explorer Vertrauenswürdig/Eingeschränkt ===============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt.)
IE trusted site: HKU\S-1-5-21-2676936528-1030403693-891089861-1001\...\127.0.0.1 -> hxxp://127.0.0.1
==================== Andere Bereiche ============================
(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)
HKU\S-1-5-21-2676936528-1030403693-891089861-1001\Control Panel\Desktop\\Wallpaper -> C:\WINDOWS\web\wallpaper\Windows\img0.jpg
HKU\S-1-5-21-2676936528-1030403693-891089861-1006\Control Panel\Desktop\\Wallpaper ->
DNS Servers: 192.168.2.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall ist aktiviert.
==================== MSCONFIG/TASK MANAGER Deaktivierte Einträge ==
(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)
==================== Firewall Regeln (Nicht auf der Ausnahmeliste) ===============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{86B94AA2-1974-4259-8623-74A89B26E90A}] => (Allow) C:\Program Files (x86)\Sony Mobile\Update Engine\Sony Mobile Update Engine.exe
FirewallRules: [{71F2C407-7331-498A-8426-B24F465AF5A6}] => (Allow) C:\Program Files (x86)\Sony Mobile\Update Engine\Sony Mobile Update Engine.exe
FirewallRules: [UDP Query User{9697C13A-ACF0-42FA-8DB3-DE00CB791229}C:\program files\graphisoft\archicad 18\cinerender\cinerender 64bit.exe] => (Block) C:\program files\graphisoft\archicad 18\cinerender\cinerender 64bit.exe
FirewallRules: [TCP Query User{9B4EAA87-D5D7-4BC5-BBC8-3A1F66080E5C}C:\program files\graphisoft\archicad 18\cinerender\cinerender 64bit.exe] => (Block) C:\program files\graphisoft\archicad 18\cinerender\cinerender 64bit.exe
FirewallRules: [{A319014D-7C7C-4E14-8393-C7EBD13B7853}] => (Block) C:\program files\graphisoft\archicad 18\archicad.exe
FirewallRules: [{5DCE1293-AA8A-404E-9998-9C7D4E9EB905}] => (Block) C:\program files\graphisoft\archicad 18\archicad.exe
FirewallRules: [UDP Query User{371F79D9-44DB-460C-AFD1-22AD1EC9F1BF}C:\program files\graphisoft\archicad 18\archicad.exe] => (Allow) C:\program files\graphisoft\archicad 18\archicad.exe
FirewallRules: [TCP Query User{EE847DFA-BE7C-447E-B474-1FF81C73F2C9}C:\program files\graphisoft\archicad 18\archicad.exe] => (Allow) C:\program files\graphisoft\archicad 18\archicad.exe
FirewallRules: [{C969DC84-6A5C-4189-A0B9-09DEF39A2E3B}] => (Allow) C:\Program Files (x86)\Twonky\TwonkyServer\twonkyserver.exe
FirewallRules: [{4FFC1C3F-C2AE-41A6-8185-96D1ACEC7286}] => (Allow) C:\Program Files (x86)\Twonky\TwonkyServer\twonkyserver.exe
FirewallRules: [{651E66C8-FD77-4885-81EA-AC43378DD3BA}] => (Allow) C:\Program Files (x86)\Twonky\TwonkyServer\twonkyserver.exe
FirewallRules: [{7B85E5A8-2D27-4A7F-BD7E-BC73BF4163E9}] => (Allow) C:\Program Files (x86)\Twonky\TwonkyServer\twonkyserver.exe
FirewallRules: [{88DF49BF-3580-4919-97C1-E88AFF860949}] => (Allow) C:\Program Files (x86)\Twonky\TwonkyServer\twonkystarter.exe
FirewallRules: [{926FC48E-ED8B-4C92-955B-296B61E925CE}] => (Allow) C:\Program Files (x86)\Twonky\TwonkyServer\twonkystarter.exe
FirewallRules: [{1E8F8E48-947E-4D1F-9068-A487FE2A088B}] => (Allow) C:\Program Files (x86)\Twonky\TwonkyServer\twonkystarter.exe
FirewallRules: [{20323385-D02A-4647-B859-64512D6ED1F4}] => (Allow) C:\Program Files (x86)\Twonky\TwonkyServer\twonkystarter.exe
FirewallRules: [{087A2D3F-6CA3-4E74-8498-EEDFF4CF783F}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{60A11106-7FC4-457A-95C0-2C8D4199C1E9}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{E9E12CB3-9DE9-4FF7-89B2-09F9CEDF9BD0}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{115CCC81-9BE7-4D9A-B145-080EF6C055B9}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{EF5F2587-BAAB-4B16-AF91-609239231B84}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{987743EB-BBBE-4F9F-93BA-D70A431B2D4D}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{2A267BE3-3D53-4E9C-848F-061DDC151FF9}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe
FirewallRules: [{762FD712-99A1-403C-8D3E-67711B412F9A}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe
FirewallRules: [{CF0A6A64-9D00-43CA-83E2-DC5C6649F833}] => (Allow) C:\Program Files (x86)\Naver\LINE\Line.exe
FirewallRules: [{8EE06146-EB7F-4182-812B-C3D9EC267CF1}] => (Allow) C:\Program Files (x86)\Naver\LINE\Line.exe
FirewallRules: [{F7128546-8018-486F-9004-ACB69A65E116}] => (Block) C:\program files\andy\andy.exe
FirewallRules: [{6F7ABD7C-F397-4D1A-8BE8-DC0515F2A5AE}] => (Block) C:\program files\andy\andy.exe
FirewallRules: [UDP Query User{A3A97F3F-9A93-4F57-A1B7-36940B9C2874}C:\program files\andy\andy.exe] => (Allow) C:\program files\andy\andy.exe
FirewallRules: [TCP Query User{045EB7DF-B275-49C5-BA6B-428D73C6739D}C:\program files\andy\andy.exe] => (Allow) C:\program files\andy\andy.exe
FirewallRules: [{7AFFC66C-03DA-437C-8AB2-48E419AFDCA6}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{449501B3-39B2-4FB6-800B-6CD6DF00CF6C}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{90A1DF2C-EAC0-4B84-89A4-F662CA37FFDA}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{869BF00F-C079-4E88-9776-1A1A602DBEAF}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [UDP Query User{F141D448-2942-4F05-8703-8CF696BB6C17}C:\scbw\starcraft\starcraft.exe] => (Allow) C:\scbw\starcraft\starcraft.exe
FirewallRules: [TCP Query User{107F0B01-CB89-4B7F-B9E6-96BAF3571466}C:\scbw\starcraft\starcraft.exe] => (Allow) C:\scbw\starcraft\starcraft.exe
FirewallRules: [UDP Query User{AE6272D1-2450-4706-9C56-ABE0741995E6}C:\users\daniel\downloads\downloader_starcraft_combo_engb (1).exe] => (Allow) C:\users\daniel\downloads\downloader_starcraft_combo_engb (1).exe
FirewallRules: [TCP Query User{4BF3D7B6-2760-46E7-9F46-EAA1479759EA}C:\users\daniel\downloads\downloader_starcraft_combo_engb (1).exe] => (Allow) C:\users\daniel\downloads\downloader_starcraft_combo_engb (1).exe
FirewallRules: [{E6AC2223-4DF5-4F90-9EA9-491D258D5E83}] => (Allow) C:\Program Files (x86)\Sony Mobile\Update Engine\Sony Mobile Update Engine.exe
FirewallRules: [{33B49934-626B-4C3F-A78D-74BD348957E2}] => (Allow) C:\Program Files (x86)\Sony Mobile\Update Engine\Sony Mobile Update Engine.exe
FirewallRules: [{EA5CD453-3965-4133-86B6-0C000AF66A79}] => (Allow) C:\Program Files (x86)\devolo\dlan\devolonetsvc.exe
FirewallRules: [{1C40D6DB-86B4-40F9-BC4F-105E6472D27B}] => (Allow) C:\Program Files (x86)\devolo\dlan\devolonetsvc.exe
FirewallRules: [UDP Query User{C1B01E16-EF99-4E1A-A864-6DAFAC4E5798}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [TCP Query User{5D1CAF32-8957-4158-B3BE-D51582AB2CDC}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [{DF33C812-2F04-4249-A019-39D66D66E102}] => (Allow) C:\Program Files (x86)\Naver\LINE\Line.exe
FirewallRules: [{99695F8E-713E-405B-ADA2-A7C1891ECECE}] => (Allow) C:\Program Files (x86)\Naver\LINE\Line.exe
FirewallRules: [{8E1AE219-EBA9-4EFD-8FFA-223411B4EBC3}] => (Allow) LPort=8317
FirewallRules: [{776219E5-631E-46EA-8176-420BCE2E3E57}] => (Allow) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
FirewallRules: [{9B303E96-9E5E-4AF3-A676-55EAB07ADE03}] => (Allow) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
FirewallRules: [{15AFCDCC-5415-41DF-84A6-D7CEA5CE907D}] => (Allow) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer.exe
FirewallRules: [{00FE9CCC-9E80-4932-B040-921CE05C4CD6}] => (Allow) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer.exe
FirewallRules: [{C6817A1E-5A06-4512-BCD0-3D5F4FE632AD}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{1FFD8D93-168C-48E9-9FA7-DA75D40EEBD5}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{DB5E0589-EB8B-4178-A438-CEBB55E965C5}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe
FirewallRules: [{0D070EA1-F417-4FCF-ADD5-C44F463377AC}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe
FirewallRules: [{F7BE67E2-C360-4C22-AA77-B34EFAA51D95}] => (Allow) LPort=5432
FirewallRules: [UDP Query User{FB63639D-4AE2-498F-A6C2-CC670BB39AFA}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [TCP Query User{1D292F57-6542-46C2-81A4-6CFA258848F0}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [{472B1D19-BE19-4606-8C99-B557FEF56F58}] => (Allow) C:\Program Files (x86)\StarMoney 9.0\ouservice\StarMoneyOnlineUpdate.exe
FirewallRules: [{0623A238-71BD-432F-B885-2E66DC4792F1}] => (Allow) C:\Program Files (x86)\StarMoney 9.0\ouservice\StarMoneyOnlineUpdate.exe
FirewallRules: [{B217765B-9617-4A35-AC0A-A06D8094D9A9}] => (Allow) C:\Program Files (x86)\StarMoney 9.0\app\StarMoney.exe
FirewallRules: [{F7D88F94-E186-4887-ADF7-F8DC73A7D534}] => (Allow) C:\Program Files (x86)\StarMoney 9.0\app\StarMoney.exe
FirewallRules: [AusweisApp2-Firewall-Rule] => (Allow) C:\Program Files (x86)\AusweisApp2 1.2.2\AusweisApp2.exe
FirewallRules: [{8F64E530-817E-484F-836C-3C21038E9BB3}] => (Allow) C:\Users\Daniel\AppData\Local\Temp\Andy_45.5_x64\Setup.exe
FirewallRules: [{05E027AC-CF5F-4CB0-AF52-C1AF6B5385FD}] => (Allow) C:\Users\Daniel\AppData\Local\Temp\Andy_45.5_x64\Setup.exe
FirewallRules: [{B469A0FF-D98A-4C1D-AC14-08D0015304E8}] => (Allow) C:\Program Files (x86)\MouseRecorder\MouseRecorder.exe
FirewallRules: [{709E234E-C596-4BB0-B5A4-DD9B879BD223}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{13CDA863-80DD-487B-B2A1-DB8BF68E62F4}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{08DB7FE4-AE52-4F82-9111-2AC13B3561F6}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{CBCAC336-34FB-4FBD-B567-A0A04984BD0E}] => (Allow) %ProgramFiles% (x86)\Sirrix AG\BitBox\bin\BitBoxClient.exe
FirewallRules: [{7764F249-3B76-428C-9BB9-1A1A949F4AF4}] => (Allow) %ProgramFiles% (x86)\Sirrix AG\BitBox\bin\BitBoxClient.exe
==================== Fehlerhafte Geräte im Gerätemanager =============
==================== Fehlereinträge in der Ereignisanzeige: =========================
Applikationsfehler:
==================
Error: (12/22/2015 06:14:44 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Fehler beim Kryptografiedienst während der Verarbeitung des "OnIdentity()"-Aufrufobjekts "System Writer".
Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft-Verbindungsschichterkennungsprotokoll.
System Error:
Zugriff verweigert
.
Error: (12/22/2015 05:55:13 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: WmiApRplC:\WINDOWS\system32\wbem\wmiaprpl.dll4
Error: (12/22/2015 05:55:13 PM) (Source: Perflib) (EventID: 1023) (User: )
Description: rdyboost4
Error: (12/22/2015 05:55:12 PM) (Source: PerfNet) (EventID: 2004) (User: )
Description:
Error: (12/22/2015 05:55:12 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: MSDTCC:\WINDOWS\system32\msdtcuiu.DLL4
Error: (12/22/2015 05:55:12 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: LsaC:\Windows\System32\Secur32.dll4
Error: (12/22/2015 05:55:12 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: ESENTC:\WINDOWS\system32\esentprf.dll4
Error: (12/22/2015 05:55:12 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: BITSC:\Windows\System32\bitsperf.dll4
Error: (12/22/2015 05:52:51 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: Globality)
Description: Bei der Aktivierung der App „Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUI“ ist folgender Fehler aufgetreten: -2144927141. Weitere Informationen finden Sie im Protokoll „Microsoft-Windows-TWinUI/Betriebsbereit“.
Error: (12/22/2015 05:52:51 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: Globality)
Description: Bei der Aktivierung der App „Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy!App“ ist folgender Fehler aufgetreten: -2144927141. Weitere Informationen finden Sie im Protokoll „Microsoft-Windows-TWinUI/Betriebsbereit“.
Systemfehler:
=============
Error: (12/22/2015 05:57:28 PM) (Source: DCOM) (EventID: 10010) (User: NT-AUTORITÄT)
Description: {784E29F4-5EBE-4279-9948-1E8FE941646D}
Error: (12/22/2015 05:55:01 PM) (Source: Schannel) (EventID: 4120) (User: NT-AUTORITÄT)
Description: Es wurde eine schwerwiegende Warnung generiert und an den Remoteendpunkt gesendet. Dies kann dazu führen, dass die Verbindung beendet wird. Die schwerwiegende Warnung hat folgenden für das TLS-Protokoll definierten Code: 10. Der Windows-SChannel-Fehlerstatus lautet: 10.
Error: (12/22/2015 05:55:01 PM) (Source: Schannel) (EventID: 4120) (User: NT-AUTORITÄT)
Description: Es wurde eine schwerwiegende Warnung generiert und an den Remoteendpunkt gesendet. Dies kann dazu führen, dass die Verbindung beendet wird. Die schwerwiegende Warnung hat folgenden für das TLS-Protokoll definierten Code: 10. Der Windows-SChannel-Fehlerstatus lautet: 10.
Error: (12/22/2015 05:55:00 PM) (Source: Schannel) (EventID: 4120) (User: NT-AUTORITÄT)
Description: Es wurde eine schwerwiegende Warnung generiert und an den Remoteendpunkt gesendet. Dies kann dazu führen, dass die Verbindung beendet wird. Die schwerwiegende Warnung hat folgenden für das TLS-Protokoll definierten Code: 10. Der Windows-SChannel-Fehlerstatus lautet: 10.
Error: (12/22/2015 05:55:00 PM) (Source: Schannel) (EventID: 4120) (User: NT-AUTORITÄT)
Description: Es wurde eine schwerwiegende Warnung generiert und an den Remoteendpunkt gesendet. Dies kann dazu führen, dass die Verbindung beendet wird. Die schwerwiegende Warnung hat folgenden für das TLS-Protokoll definierten Code: 10. Der Windows-SChannel-Fehlerstatus lautet: 10.
Error: (12/22/2015 05:55:00 PM) (Source: Schannel) (EventID: 4120) (User: NT-AUTORITÄT)
Description: Es wurde eine schwerwiegende Warnung generiert und an den Remoteendpunkt gesendet. Dies kann dazu führen, dass die Verbindung beendet wird. Die schwerwiegende Warnung hat folgenden für das TLS-Protokoll definierten Code: 10. Der Windows-SChannel-Fehlerstatus lautet: 10.
Error: (12/22/2015 05:55:00 PM) (Source: Schannel) (EventID: 4120) (User: NT-AUTORITÄT)
Description: Es wurde eine schwerwiegende Warnung generiert und an den Remoteendpunkt gesendet. Dies kann dazu führen, dass die Verbindung beendet wird. Die schwerwiegende Warnung hat folgenden für das TLS-Protokoll definierten Code: 10. Der Windows-SChannel-Fehlerstatus lautet: 10.
Error: (12/22/2015 05:54:57 PM) (Source: Schannel) (EventID: 4120) (User: NT-AUTORITÄT)
Description: Es wurde eine schwerwiegende Warnung generiert und an den Remoteendpunkt gesendet. Dies kann dazu führen, dass die Verbindung beendet wird. Die schwerwiegende Warnung hat folgenden für das TLS-Protokoll definierten Code: 10. Der Windows-SChannel-Fehlerstatus lautet: 10.
Error: (12/22/2015 05:54:57 PM) (Source: Schannel) (EventID: 4120) (User: NT-AUTORITÄT)
Description: Es wurde eine schwerwiegende Warnung generiert und an den Remoteendpunkt gesendet. Dies kann dazu führen, dass die Verbindung beendet wird. Die schwerwiegende Warnung hat folgenden für das TLS-Protokoll definierten Code: 10. Der Windows-SChannel-Fehlerstatus lautet: 10.
Error: (12/22/2015 05:54:55 PM) (Source: Schannel) (EventID: 4120) (User: NT-AUTORITÄT)
Description: Es wurde eine schwerwiegende Warnung generiert und an den Remoteendpunkt gesendet. Dies kann dazu führen, dass die Verbindung beendet wird. Die schwerwiegende Warnung hat folgenden für das TLS-Protokoll definierten Code: 10. Der Windows-SChannel-Fehlerstatus lautet: 10.
CodeIntegrity:
===================================
Date: 2015-12-21 10:25:12.441
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2015-12-20 13:30:38.676
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2015-12-20 13:30:33.747
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2015-12-20 13:29:35.352
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2015-12-20 13:29:22.557
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2015-12-18 12:28:26.016
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2015-12-18 12:28:25.986
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2015-12-18 12:27:44.183
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2015-12-15 22:15:40.448
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2015-12-15 16:38:57.109
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
==================== Speicherinformationen ===========================
Prozessor: AMD A8-5600K APU with Radeon(tm) HD Graphics
Prozentuale Nutzung des RAM: 47%
Installierter physikalischer RAM: 7630.72 MB
Verfügbarer physikalischer RAM: 4034.93 MB
Summe virtueller Speicher: 8846.72 MB
Verfügbarer virtueller Speicher: 4356.8 MB
==================== Laufwerke ================================
Drive c: () (Fixed) (Total:111.45 GB) (Free:3.33 GB) NTFS
Drive d: (Volume) (Fixed) (Total:1863.01 GB) (Free:72.9 GB) NTFS
Drive e: (Daniela&Daniel) (CDROM) (Total:0.2 GB) (Free:0 GB) UDF
Drive g: () (Fixed) (Total:465.76 GB) (Free:42.58 GB) NTFS
==================== MBR & Partitionstabelle ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 111.8 GB) (Disk ID: DD2BA3CD)
Partition 1: (Active) - (Size=350 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=111.4 GB) - (Type=07 NTFS)
========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 1863 GB) (Disk ID: 6BFA1C83)
Partition 1: (Not Active) - (Size=1863 GB) - (Type=07 NTFS)
========================================================
Disk: 2 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 7DECB287)
Partition 1: (Active) - (Size=465.8 GB) - (Type=07 NTFS)
==================== Ende von Addition.txt ============================
|
|
22.12.2015, 18:28
| #6 |
| /// Malwareteam | Windows 10: Malwarebytes meldet infizierte Dateien, teilweise funktioniert das Internet nicht, generell PC langsam Hi, Schritt # 1: AdwCleaner Downloade Dir bitte  AdwCleaner auf deinen Desktop.
Schritt # 2: FRST Bitte noch ein frisches FRST-Log. Schritt # 3: Bitte Posten
__________________ --> Windows 10: Malwarebytes meldet infizierte Dateien, teilweise funktioniert das Internet nicht, generell PC langsam |
|
22.12.2015, 18:49
| #7 |
| | Windows 10: Malwarebytes meldet infizierte Dateien, teilweise funktioniert das Internet nicht, generell PC langsam hier die Logs. AdwCleaner[Ca].txt AdwCleaner Logfile: Code:
ATTFilter # AdwCleaner v5.026 - Bericht erstellt am 22/12/2015 um 18:43:18
# Aktualisiert am 21/12/2015 von Xplode
# Datenbank : 2015-12-21.3 [Server]
# Betriebssystem : Windows 10 Pro (x64)
# Benutzername : Daniel - GLOBALITY
# Gestartet von : C:\Users\Daniel\Desktop\AdwCleaner_5.026.exe
# Option : Löschen
# Unterstützung : hxxp://toolslib.net/forum
***** [ Dienste ] *****
[-] Dienst Gelöscht : CouponPrinterService
***** [ Ordner ] *****
[-] Ordner Gelöscht : C:\Program Files (x86)\Mobogenie
[-] Ordner Gelöscht : C:\Program Files (x86)\Coupons
[-] Ordner Gelöscht : C:\Program Files (x86)\QuickSearch
[-] Ordner Gelöscht : C:\Program Files (x86)\03000200-1450173802-0500-0006-000700080009
[-] Ordner Gelöscht : C:\ProgramData\WPM
[-] Ordner Gelöscht : C:\ProgramData\19a87fa1ec024bbcbb41931263354405
[-] Ordner Gelöscht : C:\ProgramData\Service1104
[-] Ordner Gelöscht : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Coupons
[-] Ordner Gelöscht : C:\Users\Daniel\AppData\Local\SmartWeb
[-] Ordner Gelöscht : C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Default\Extensions\lfmhcpmkbdkbgbmkjoiopeeegenkdikp
[-] Ordner Gelöscht : C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Default\Extensions\elicpjhcidhpjomhibiffojpinpmmpil
[-] Ordner Gelöscht : C:\Users\Daniel\AppData\Roaming\Systweak
[-] Ordner Gelöscht : C:\Users\Daniel\AppData\Roaming\cpuminer
[-] Ordner Gelöscht : C:\WINDOWS\SysWOW64\config\systemprofile\AppData\Local\zcengine
***** [ Dateien ] *****
[-] Datei Gelöscht : C:\END
[-] Datei Gelöscht : C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_lfmhcpmkbdkbgbmkjoiopeeegenkdikp_0.localstorage
[-] Datei Gelöscht : C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_lfmhcpmkbdkbgbmkjoiopeeegenkdikp_0.localstorage-journal
[-] Datei Gelöscht : C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_elicpjhcidhpjomhibiffojpinpmmpil_0.localstorage
[-] Datei Gelöscht : C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_elicpjhcidhpjomhibiffojpinpmmpil_0.localstorage-journal
[-] Datei Gelöscht : C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\elicpjhcidhpjomhibiffojpinpmmpil
[-] Datei Gelöscht : C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_gngocbkfmikdgphklgmmehbjjlfgdemm_0.localstorage
[-] Datei Gelöscht : C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_gngocbkfmikdgphklgmmehbjjlfgdemm_0.localstorage-journal
[-] Datei Gelöscht : C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Default\local storage\hxxp_www.best-deals-products.com_0.localstorage-journal
[-] Datei Gelöscht : C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Default\local storage\hxxp_www.superfish.com_0.localstorage-journal
[-] Datei Gelöscht : C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Default\local storage\hxxps_www.best-deals-products.com_0.localstorage-journal
[-] Datei Gelöscht : C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Default\local storage\hxxps_www.superfish.com_0.localstorage-journal
[-] Datei Gelöscht : C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_cdncache-a.akamaihd.net_0.localstorage
[-] Datei Gelöscht : C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_cdncache-a.akamaihd.net_0.localstorage-journal
[-] Datei Gelöscht : C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_www.superfish.com_0.localstorage
[-] Datei Gelöscht : C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.superfish.com_0.localstorage
[-] Datei Gelöscht : C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_www.mystart.com_0.localstorage
[-] Datei Gelöscht : C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_www.mystart.com_0.localstorage-journal
[-] Datei Gelöscht : C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_mmotraffic.com_0.localstorage
[-] Datei Gelöscht : C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_mmotraffic.com_0.localstorage-journal
[-] Datei Gelöscht : C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_st.chatango.com_0.localstorage
[-] Datei Gelöscht : C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_st.chatango.com_0.localstorage-journal
[-] Datei Gelöscht : C:\Users\Daniel\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Startfenster.lnk
[-] Datei Gelöscht : C:\Users\Daniel\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Startfenster.lnk
[-] Datei Gelöscht : C:\Users\Daniel\AppData\Roaming\Microsoft\Windows\Start Menu\Startfenster.lnk
[-] Datei Gelöscht : C:\Users\Daniel\Favorites\Startfenster.lnk
[-] Datei Gelöscht : C:\Users\Daniel\Favorites\Startfenster.lnk
[-] Datei Gelöscht : C:\Users\Daniel\Favorites\Links\Startfenster.lnk
[-] Datei Gelöscht : C:\Users\Daniel\Favorites\Links\Startfenster.lnk
[-] Datei Gelöscht : C:\WINDOWS\Installer\58262.msi
[-] Datei Gelöscht : C:\WINDOWS\SysNative\roboot64.exe
***** [ DLLs ] *****
***** [ Verknüpfungen ] *****
***** [ Aufgabenplanung ] *****
[-] Geplante Aufgabe Gelöscht : spw3016
[-] Geplante Aufgabe Gelöscht : WOXRGHDNAFGIQKGK
***** [ Registrierungsdatenbank ] *****
[-] Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\MobogenieAdd
[-] Schlüssel Gelöscht : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\Wpm
[-] Schlüssel Gelöscht : HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\zcwfp
[-] Schlüssel Gelöscht : HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\zcengine
[-] Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{9F2949D6-977B-4B61-B513-0C2EE52C2B4F}
[-] Schlüssel Gelöscht : HKCU\Software\Classes\CLSID\{9C4EFBD5-1ADF-41E6-BE26-AF44326E30E4}
[-] Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{9C4EFBD5-1ADF-41E6-BE26-AF44326E30E4}
[-] Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{34EBA76A-E745-4B18-96C9-2B8E2BA8B246}
[-] Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{3A8E009B-E66D-4016-87CF-EC57FA9A4BC1}
[-] Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{4D4D0357-0376-4656-A040-65AC089E84A2}
[-] Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{6D5AF218-5F7E-40E0-B49D-54FFAFE2001A}
[-] Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{89E46EA6-2F87-4D79-8FFA-8B264F93F54A}
[-] Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{9ECCDEFC-1C26-4BB3-B6DF-252672D9FFFA}
[-] Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{F1BC674D-15D8-46C5-AC51-12AB16D67616}
[-] Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{F811C371-1DC7-4E2F-8676-D96B85BE4AF1}
[-] Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{9522B3FB-7A2B-4646-8AF6-36E7F593073C}
[-] Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{3323765B-5B83-4406-841E-473DBA4B8F29}
[-] Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{389562C4-59D9-40C4-966E-28DA91725FFE}
[-] Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{3F8D3B31-AEB8-4ED7-8B05-5556068D6B54}
[-] Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{6ED1EF08-DFF4-4252-8986-691D06C54131}
[-] Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{83E07061-02D1-41EC-8751-BB176B823C38}
[-] Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{9F0948E7-227A-4F1B-9849-2D8912F185A7}
[-] Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{A471A4AA-5C18-429F-81BF-6C760941DB74}
[-] Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{C0A7C2B3-86D6-42AF-8221-79C9E4AD50BA}
[-] Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{F2FB003D-07C7-4E4D-80E3-00B49468A6F4}
[-] Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{F7971E81-FC71-4659-8CCE-C903576E0924}
[-] Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{00E3D575-A24C-4BBC-A708-BCDB8BBCA6C7}
[-] Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{024BF4C8-B53D-45B9-957F-D3BA9655FF39}
[-] Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{074DCA49-F6A1-417F-B79E-D5E3ADC30330}
[-] Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{029AF757-A988-4BDD-A744-A4C7BCEBB011}
[-] Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{9522B3FB-7A2B-4646-8AF6-36E7F593073C}
[-] Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID [{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}]
[-] Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{9522B3FB-7A2B-4646-8AF6-36E7F593073C}
[-] Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{EB6628CF-0675-4DAE-95CE-EFFA23169743}]
[-] Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\{9C4EFBD5-1ADF-41E6-BE26-AF44326E30E4}
[-] Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{3323765B-5B83-4406-841E-473DBA4B8F29}
[-] Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{389562C4-59D9-40C4-966E-28DA91725FFE}
[-] Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{3F8D3B31-AEB8-4ED7-8B05-5556068D6B54}
[-] Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{6ED1EF08-DFF4-4252-8986-691D06C54131}
[-] Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{83E07061-02D1-41EC-8751-BB176B823C38}
[-] Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{9F0948E7-227A-4F1B-9849-2D8912F185A7}
[-] Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{A471A4AA-5C18-429F-81BF-6C760941DB74}
[-] Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{C0A7C2B3-86D6-42AF-8221-79C9E4AD50BA}
[-] Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{F2FB003D-07C7-4E4D-80E3-00B49468A6F4}
[-] Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{F7971E81-FC71-4659-8CCE-C903576E0924}
[-] Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{00E3D575-A24C-4BBC-A708-BCDB8BBCA6C7}
[-] Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{024BF4C8-B53D-45B9-957F-D3BA9655FF39}
[-] Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{074DCA49-F6A1-417F-B79E-D5E3ADC30330}
[-] Schlüssel Gelöscht : HKCU\Software\OCS
[-] Schlüssel Gelöscht : HKCU\Software\Tutorials
[-] Schlüssel Gelöscht : HKCU\Software\DAILYPCCLEAN
[-] Schlüssel Gelöscht : HKCU\Software\tstamptoken
[-] Schlüssel Gelöscht : HKCU\Software\Microsoft\Tinstalls
[-] Schlüssel Gelöscht : HKLM\SOFTWARE\Wpm
[-] Schlüssel Gelöscht : HKLM\SOFTWARE\SVH
[-] Schlüssel Gelöscht : HKLM\SOFTWARE\QuickSearch
[-] Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Coupon Printer for Windows5.0.1.3
[-] Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SU
[-] Schlüssel Gelöscht : HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\mystart.com
[-] Schlüssel Gelöscht : HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\re-markit.co
[-] Schlüssel Gelöscht : HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\static.re-markit00.re-markit.co
[-] Schlüssel Gelöscht : HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\watch4.de
[-] Schlüssel Gelöscht : HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\www.mystart.com
[-] Schlüssel Gelöscht : HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\www.watch4.de
[-] Schlüssel Gelöscht : HKCU\SOFTWARE\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\mystart.com
[-] Schlüssel Gelöscht : HKCU\SOFTWARE\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\re-markit.co
[-] Schlüssel Gelöscht : HKCU\SOFTWARE\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\static.re-markit00.re-markit.co
[-] Schlüssel Gelöscht : HKCU\SOFTWARE\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\watch4.de
[-] Schlüssel Gelöscht : HKCU\SOFTWARE\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\www.mystart.com
[-] Schlüssel Gelöscht : HKCU\SOFTWARE\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\www.watch4.de
***** [ Internetbrowser ] *****
[-] [C:\Users\Daniel\AppData\Roaming\Mozilla\Firefox\Profiles\v7rfplju.default\prefs.js] [Preference] Gelöscht : user_pref("browser.startup.homepage", "hxxps://www.mystart.com/?pr=systma&id=byd&v=1_0");
[-] [C:\Users\Daniel\AppData\Roaming\Mozilla\Firefox\Profiles\v7rfplju.default\prefs.js] [Preference] Gelöscht : user_pref("extensions.fvd_single.__surfcanyon_disable_time", "1");
[-] [C:\Users\Daniel\AppData\Roaming\Mozilla\Firefox\Profiles\v7rfplju.default\prefs.js] [Preference] Gelöscht : user_pref("extensions.fvd_single.seopack.b_surfcanyon", true);
[-] [C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Gelöscht : sweet-page
[-] [C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Gelöscht : mystart.com
[-] [C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Gelöscht : mystart
[-] [C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Gelöscht : trovi.search
[-] [C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Extension] Gelöscht : booedmolknjekdopkepjjeckmjkdpfgl
[-] [C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Extension] Gelöscht : elicpjhcidhpjomhibiffojpinpmmpil
[-] [C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Extension] Gelöscht : flpcjncodpafbgdpnkljologafpionhb
[-] [C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Extension] Gelöscht : lfmhcpmkbdkbgbmkjoiopeeegenkdikp
*************************
:: "Tracing" Schlüssel gelöscht
:: Proxy Einstellungen zurückgesetzt
:: Winsock Einstellungen zurückgesetzt
:: Chrome Richtlinien gelöscht
########## EOF - C:\AdwCleaner\AdwCleaner[C1].txt - [15673 Bytes] ##########
FRST.txt FRST Logfile: Code:
ATTFilter Untersuchungsergebnis von Farbar Recovery Scan Tool (FRST) (x64) Version:20-12-2015 durchgeführt von Daniel (Administrator) auf GLOBALITY (22-12-2015 18:46:01) Gestartet von C:\Users\Daniel\Desktop Geladene Profile: Daniel & postgres (Verfügbare Profile: Daniel & postgres & Gl0ba_000) Platform: Windows 10 Pro (X64) Sprache: Deutsch (Deutschland) Internet Explorer Version 11 (Standard-Browser: "C:\Program Files (x86)\Sirrix AG\BitBox\bin\BitBoxClient.exe" start "%1") Start-Modus: Normal Anleitung für Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Prozesse (Nicht auf der Ausnahmeliste) ================= (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Prozess geschlossen. Die Datei wird nicht verschoben.) (AMD) C:\Windows\System32\atiesrxx.exe (AMD) C:\Windows\System32\atieclxx.exe (Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe (BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe (BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-UpdaterService.exe (Sirrix AG) C:\Program Files (x86)\Sirrix AG\BitBox\bin\BitBoxService.exe (Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe (devolo AG) C:\Program Files (x86)\devolo\dlan\devolonetsvc.exe (IObit) C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe (Malwarebytes) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe (Malwarebytes) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe (Skype Technologies) C:\Program Files (x86)\Skype\Updater\Updater.exe (Star Finanz-Software Entwicklung und Vertriebs GmbH) C:\Program Files (x86)\StarMoney 9.0\ouservice\StarMoneyOnlineUpdate.exe () C:\Program Files (x86)\Twonky\TwonkyServer\twonkyproxy.exe (PacketVideo) C:\Program Files (x86)\Twonky\TwonkyServer\twonkystarter.exe (Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe (PostgreSQL Global Development Group) C:\postgreSQL\bin\pg_ctl.exe () C:\Program Files (x86)\Twonky\TwonkyServer\twonkyserver.exe (PostgreSQL Global Development Group) C:\postgreSQL\bin\postgres.exe (PostgreSQL Global Development Group) C:\postgreSQL\bin\postgres.exe (PostgreSQL Global Development Group) C:\postgreSQL\bin\postgres.exe (PostgreSQL Global Development Group) C:\postgreSQL\bin\postgres.exe (PostgreSQL Global Development Group) C:\postgreSQL\bin\postgres.exe (Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe (Malwarebytes) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Sony) C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe () C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanionInfo.exe (LINE Corporation) C:\Program Files (x86)\Naver\LINE\Line.exe (Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe (Internet Monitor) C:\Users\Daniel\AppData\Roaming\BandwidthStat\bandwidthstat.exe (Elaborate Bytes AG) C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe (Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe (Geek Software GmbH) C:\Program Files (x86)\PDF24\pdf24.exe (PacketVideo) C:\Program Files (x86)\Twonky\TwonkyServer\twonkytray.exe (Microsoft Corporation) C:\Program Files\Microsoft Office\Office15\ONENOTEM.EXE () C:\Program Files\Rainmeter\Rainmeter.exe (BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-Agent.exe (Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe (IObit) C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe ==================== Registry (Nicht auf der Ausnahmeliste) =========================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt. Die Datei wird nicht verschoben.) HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13885696 2015-06-24] (Realtek Semiconductor) HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [508240 2015-08-05] (Adobe Systems Incorporated) HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [767176 2015-11-04] (Advanced Micro Devices, Inc.) HKLM-x32\...\Run: [VirtualCloneDrive] => C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe [88984 2013-03-10] (Elaborate Bytes AG) HKLM-x32\...\Run: [PDFPrint] => C:\Program Files (x86)\PDF24\pdf24.exe [191016 2014-05-14] (Geek Software GmbH) HKLM-x32\...\Run: [SwitchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) HKLM-x32\...\Run: [AdobeCS6ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [1073312 2012-03-09] (Adobe Systems Incorporated) HKLM-x32\...\Run: [Andy] => C:\Program Files\Andy\HandyAndy.exe HKLM-x32\...\Run: [BlueStacks Agent] => C:\Program Files (x86)\BlueStacks\HD-Agent.exe [883280 2015-12-10] (BlueStack Systems, Inc.) HKU\S-1-5-21-2676936528-1030403693-891089861-1001\...\Run: [Sony PC Companion] => C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe [457088 2015-09-23] (Sony) HKU\S-1-5-21-2676936528-1030403693-891089861-1001\...\Run: [Line] => C:\Program Files (x86)\Naver\LINE\Line.exe [15664152 2015-08-18] (LINE Corporation) HKU\S-1-5-21-2676936528-1030403693-891089861-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [50755200 2015-12-08] (Skype Technologies S.A.) HKU\S-1-5-21-2676936528-1030403693-891089861-1001\...\Run: [BandwidthStat] => C:\Users\Daniel\AppData\Roaming\BandwidthStat\bandwidthstat.exe [569344 2015-12-15] (Internet Monitor) HKU\S-1-5-21-2676936528-1030403693-891089861-1006\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [50755200 2015-12-08] (Skype Technologies S.A.) HKU\S-1-5-21-2676936528-1030403693-891089861-1006\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [517632 2015-07-10] (Microsoft Corporation) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Twonky Server.lnk [2015-12-15] ShortcutTarget: Twonky Server.lnk -> C:\Program Files (x86)\Twonky\TwonkyServer\twonkytray.exe (PacketVideo) Startup: C:\Users\Daniel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\An OneNote senden.lnk [2015-12-15] ShortcutTarget: An OneNote senden.lnk -> C:\Program Files\Microsoft Office\Office15\ONENOTEM.EXE (Microsoft Corporation) Startup: C:\Users\Daniel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Rainmeter.lnk [2015-12-15] ShortcutTarget: Rainmeter.lnk -> C:\Program Files\Rainmeter\Rainmeter.exe () ==================== Internet (Nicht auf der Ausnahmeliste) ==================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Eintrag entfernt oder auf den Standardwert zurückgesetzt, wenn es sich um einen Registryeintrag handelt.) Hosts: Es ist mehr als ein Eintrag in der Hosts Datei zu finden. Siehe Hosts-Bereich in Addition.txt Tcpip\Parameters: [DhcpNameServer] 192.168.2.1 Tcpip\..\Interfaces\{c3d2b33a-5f1a-4bce-8c16-a5ea94bc6a72}: [DhcpNameServer] 192.168.2.1 Internet Explorer: ================== HKU\S-1-5-21-2676936528-1030403693-891089861-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Beschränkung <======= ACHTUNG HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank HKU\S-1-5-21-2676936528-1030403693-891089861-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://t.de.msn.com/ HKU\S-1-5-21-2676936528-1030403693-891089861-1006\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank HKU\S-1-5-21-2676936528-1030403693-891089861-1006\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://t.de.msn.com/ BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll [2015-11-18] (Microsoft Corporation) BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_25\bin\ssv.dll [2014-12-24] (Oracle Corporation) BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL [2015-11-10] (Microsoft Corporation) BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_25\bin\jp2ssv.dll [2014-12-24] (Oracle Corporation) BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll [2015-11-18] (Microsoft Corporation) BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll [2015-05-09] (Oracle Corporation) BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL [2015-11-10] (Microsoft Corporation) BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [2015-05-09] (Oracle Corporation) Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL [2014-03-12] (Microsoft Corporation) Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2014-05-02] (Skype Technologies) FireFox: ======== FF ProfilePath: C:\Users\Daniel\AppData\Roaming\Mozilla\Firefox\Profiles\v7rfplju.default FF NewTab: about:newtab FF DefaultSearchEngine: MyStart FF Keyword.URL: FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_20_0_0_235.dll [2015-12-12] () FF Plugin: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll [2014-12-24] (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files\Java\jre1.8.0_25\bin\plugin2\npjp2.dll [2014-12-24] (Oracle Corporation) FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.41105.0\npctrl.dll [2015-11-04] ( Microsoft Corporation) FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~1\Office15\NPSPWRAP.DLL [2014-01-23] (Microsoft Corporation) FF Plugin: @videolan.org/vlc,version=2.1.4 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2014-02-28] (VideoLAN) FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [Keine Datei] FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_20_0_0_235.dll [2015-12-12] () FF Plugin-x32: @java.com/DTPlugin,version=10.51.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll [2015-05-09] (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=10.51.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll [2015-05-09] (Oracle Corporation) FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2015-03-31] (Microsoft Corporation) FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.41105.0\npctrl.dll [2015-11-04] ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL [2014-01-22] (Microsoft Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-06] (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-06] (Google Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll [2015-03-31] (Microsoft Corporation) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\browser\plugins\npMozCouponPrinter.dll [2014-10-02] (Coupons, Inc.) FF Extension: Flash and Video Download - C:\Users\Daniel\AppData\Roaming\Mozilla\Firefox\Profiles\v7rfplju.default\extensions\{bee6eb20-01e0-ebd1-da83-080329fb9a3a} [2015-12-12] FF Extension: Flash Video Downloader - YouTube HD Download [4K] - C:\Users\Daniel\AppData\Roaming\Mozilla\Firefox\Profiles\v7rfplju.default\extensions\artur.dubovoy@gmail.com [2015-12-12] FF Extension: FireFTP - C:\Users\Daniel\AppData\Roaming\Mozilla\Firefox\Profiles\v7rfplju.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f} [2015-12-12] Chrome: ======= CHR HomePage: Default -> hxxp://www.google.de/ CHR Profile: C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Default CHR Extension: (Google*Übersetzer) - C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapbdbdomjkkjkaonfhkkikfgjllcleb [2015-11-17] CHR Extension: (Google Docs) - C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-02-04] CHR Extension: (Google Drive) - C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-25] CHR Extension: (YouTube) - C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-25] CHR Extension: (Google-Suche) - C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-30] CHR Extension: (FTP Free) - C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Default\Extensions\ehdgcfaoankkonoiichmblcfijkomfbn [2014-09-27] CHR Extension: (ZenMate Security, Privacy & Unblock VPN) - C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Default\Extensions\fdcgdnkidjaadafnichfpabhfomcebme [2015-11-16] CHR Extension: (Google Docs Offline) - C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-11-17] CHR Extension: (qipu Cashbackmelder open beta) - C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Default\Extensions\mloigoojndlehdjiemdfpiikieonngel [2015-01-16] CHR Extension: (Codeanywhere) - C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndcfkjjcjfpmmhdedhnbkknbehiadgjg [2014-05-13] CHR Extension: (Chrome Web Store-Zahlungen) - C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-08-01] CHR Extension: (Google Mail) - C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-28] ==================== Dienste (Nicht auf der Ausnahmeliste) ======================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.) R2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2016448 2015-11-25] (Adobe Systems, Incorporated) R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [344064 2015-07-15] (Advanced Micro Devices, Inc.) [Datei ist nicht signiert] R2 BitBoxService; C:\Program Files (x86)\Sirrix AG\BitBox\bin\BitBoxService.exe [738304 2015-11-13] (Sirrix AG) [Datei ist nicht signiert] S3 BstHdAndroidSvc; C:\Program Files (x86)\BlueStacks\HD-Service.exe [432720 2015-12-10] (BlueStack Systems, Inc.) R2 BstHdLogRotatorSvc; C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe [412240 2015-12-10] (BlueStack Systems, Inc.) R2 BstHdUpdaterSvc; C:\Program Files (x86)\BlueStacks\HD-UpdaterService.exe [854608 2015-12-10] (BlueStack Systems, Inc.) R2 DevoloNetworkService; C:\Program Files (x86)\devolo\dlan\devolonetsvc.exe [3645432 2014-07-18] (devolo AG) R2 LiveUpdateSvc; C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe [2934048 2015-11-10] (IObit) R2 MBAMScheduler; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe [1513784 2015-10-05] (Malwarebytes) R2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [1135416 2015-10-05] (Malwarebytes) R2 postgresql-8.4; c:\postgreSQL\bin\pg_ctl.exe [66048 2014-02-18] (PostgreSQL Global Development Group) [Datei ist nicht signiert] R2 StarMoney 9.0 OnlineUpdate; C:\Program Files (x86)\StarMoney 9.0\ouservice\StarMoneyOnlineUpdate.exe [697488 2014-07-04] (Star Finanz-Software Entwicklung und Vertriebs GmbH) S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [Datei ist nicht signiert] R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [5426448 2014-12-15] (TeamViewer GmbH) R2 TwonkyProxy; C:\Program Files (x86)\Twonky\TwonkyServer\twonkyproxy.exe [885576 2013-05-23] () R2 TwonkyServer; C:\Program Files (x86)\Twonky\TwonkyServer\twonkystarter.exe [586568 2013-05-23] (PacketVideo) R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [362928 2015-07-10] (Microsoft Corporation) R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2015-07-10] (Microsoft Corporation) ===================== Treiber (Nicht auf der Ausnahmeliste) ========================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.) S0 amdkmafd; C:\Windows\System32\drivers\amdkmafd.sys [21160 2012-09-23] (Advanced Micro Devices, Inc.) R2 AODDriver4.2.0; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [59616 2014-02-11] (Advanced Micro Devices) R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdWT6.sys [102912 2015-05-28] (Advanced Micro Devices) R2 BstHdDrv; C:\Program Files (x86)\BlueStacks\HD-Hypervisor-amd64.sys [146040 2015-12-10] (BlueStack Systems) R1 HWiNFO32; C:\WINDOWS\SysWOW64\drivers\HWiNFO64A.SYS [26528 2015-12-15] (REALiX(tm)) R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25816 2015-10-05] (Malwarebytes) R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [192216 2015-12-22] (Malwarebytes) R3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [64216 2015-10-05] (Malwarebytes Corporation) R2 NPF_devolo; C:\Windows\sysWOW64\drivers\npf_devolo.sys [34048 2013-03-04] (CACE Technologies) R3 rt640x64; C:\Windows\System32\drivers\rt640x64.sys [587264 2015-07-10] (Realtek ) S3 UdeCx; C:\Windows\System32\drivers\udecx.sys [44032 2015-07-10] () R1 VBoxNetLwf; C:\Windows\system32\DRIVERS\VBoxNetLwf.sys [194816 2015-11-11] (Oracle Corporation) S0 WdBoot; C:\Windows\System32\drivers\WdBoot.sys [44568 2015-07-10] (Microsoft Corporation) R0 WdFilter; C:\Windows\System32\drivers\WdFilter.sys [291680 2015-07-10] (Microsoft Corporation) R2 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [119648 2015-07-10] (Microsoft Corporation) S3 VBoxNetFlt; \SystemRoot\system32\DRIVERS\VBoxNetFlt.sys [X] S3 wfpcapture; \SystemRoot\System32\drivers\wfpcapture.sys [X] ==================== NetSvcs (Nicht auf der Ausnahmeliste) =================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.) ==================== Ein Monat: Erstellte Dateien und Ordner ======== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.) 2015-12-22 18:45 - 2015-12-22 18:45 - 00003808 _____ C:\WINDOWS\System32\Tasks\AutoKMS 2015-12-22 18:44 - 2015-12-22 18:44 - 00016148 _____ C:\WINDOWS\system32\GLOBALITY_Daniel_HistoryPrediction.bin 2015-12-22 18:36 - 2015-12-22 18:43 - 00000000 ____D C:\AdwCleaner 2015-12-22 18:32 - 2015-12-22 18:32 - 01743360 _____ C:\Users\Daniel\Desktop\AdwCleaner_5.026.exe 2015-12-22 18:22 - 2015-12-22 18:23 - 00050521 _____ C:\Users\Daniel\Desktop\Addition.txt 2015-12-22 18:21 - 2015-12-22 18:46 - 00019742 _____ C:\Users\Daniel\Desktop\FRST.txt 2015-12-22 18:20 - 2015-12-22 18:00 - 00001283 ____N C:\WINDOWS\system32\Drivers\etc\hosts_bkup 2015-12-22 18:15 - 2015-12-22 18:15 - 06708416 _____ (Adobe System Incorporated.) C:\Users\Daniel\Downloads\AdobeCreativeCloudCleanerTool.exe 2015-12-22 12:01 - 2015-12-22 12:01 - 00007493 _____ C:\Users\Daniel\Desktop\Malwarebyte.txt 2015-12-22 11:49 - 2015-12-22 11:50 - 00000532 _____ C:\Users\Daniel\Desktop\Neues Textdokument.txt 2015-12-22 11:37 - 2015-12-22 18:45 - 00000000 ____D C:\FRST 2015-12-22 11:36 - 2015-12-22 11:37 - 02370560 _____ (Farbar) C:\Users\Daniel\Desktop\FRST64.exe 2015-12-21 14:28 - 2015-12-21 14:28 - 00514327 _____ C:\Users\Daniel\Desktop\20151221.pdf 2015-12-21 14:24 - 2015-12-21 14:24 - 00000000 ____D C:\ProgramData\ATI 2015-12-21 11:16 - 2015-12-21 11:16 - 00036520 _____ C:\Users\Daniel\Documents\arena.mrf 2015-12-21 10:28 - 2015-12-21 10:28 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD Catalyst Control Center 2015-12-21 10:26 - 2015-12-21 10:27 - 00000000 ____D C:\WINDOWS\LastGood.Tmp 2015-12-21 10:25 - 2015-12-21 10:25 - 47794160 _____ (Advanced Micro Devices Inc.) C:\WINDOWS\system32\amdocl64.dll 2015-12-21 10:25 - 2015-12-21 10:25 - 39720944 _____ (Advanced Micro Devices Inc.) C:\WINDOWS\SysWOW64\amdocl.dll 2015-12-21 10:25 - 2015-12-21 10:25 - 30775792 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\system32\atio6axx.dll 2015-12-21 10:25 - 2015-12-21 10:25 - 27544560 _____ (Advanced Micro Devices Inc.) C:\WINDOWS\system32\amdocl12cl64.dll 2015-12-21 10:25 - 2015-12-21 10:25 - 25320432 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\SysWOW64\atioglxx.dll 2015-12-21 10:25 - 2015-12-21 10:25 - 22327280 _____ (Advanced Micro Devices Inc.) C:\WINDOWS\SysWOW64\amdocl12cl.dll 2015-12-21 10:25 - 2015-12-21 10:25 - 15725552 _____ (Advanced Micro Devices Inc.) C:\WINDOWS\system32\aticaldd64.dll 2015-12-21 10:25 - 2015-12-21 10:25 - 14310896 _____ (Advanced Micro Devices Inc.) C:\WINDOWS\SysWOW64\aticaldd.dll 2015-12-21 10:25 - 2015-12-21 10:25 - 09355016 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\amdxc64.dll 2015-12-21 10:25 - 2015-12-21 10:25 - 08982432 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\atiumd6a.dll 2015-12-21 10:25 - 2015-12-21 10:25 - 08864920 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\atiumd64.dll 2015-12-21 10:25 - 2015-12-21 10:25 - 07683096 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\amdxc32.dll 2015-12-21 10:25 - 2015-12-21 10:25 - 06686192 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\amdmantle64.dll 2015-12-21 10:25 - 2015-12-21 10:25 - 05216240 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\amdmantle32.dll 2015-12-21 10:25 - 2015-12-21 10:25 - 03471376 _____ C:\WINDOWS\SysWOW64\atiumdva.cap 2015-12-21 10:25 - 2015-12-21 10:25 - 03437632 _____ C:\WINDOWS\system32\atiumd6a.cap 2015-12-21 10:25 - 2015-12-21 10:25 - 01256432 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\system32\atiadlxx.dll 2015-12-21 10:25 - 2015-12-21 10:25 - 01196032 _____ C:\WINDOWS\system32\amdocl_as64.exe 2015-12-21 10:25 - 2015-12-21 10:25 - 01070592 _____ C:\WINDOWS\system32\amdocl_ld64.exe 2015-12-21 10:25 - 2015-12-21 10:25 - 01004032 _____ C:\WINDOWS\SysWOW64\amdocl_as32.exe 2015-12-21 10:25 - 2015-12-21 10:25 - 00935408 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\SysWOW64\atiadlxy.dll 2015-12-21 10:25 - 2015-12-21 10:25 - 00935408 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\SysWOW64\atiadlxx.dll 2015-12-21 10:25 - 2015-12-21 10:25 - 00807424 _____ C:\WINDOWS\SysWOW64\amdocl_ld32.exe 2015-12-21 10:25 - 2015-12-21 10:25 - 00662400 _____ C:\WINDOWS\SysWOW64\atiapfxx.blb 2015-12-21 10:25 - 2015-12-21 10:25 - 00662400 _____ C:\WINDOWS\system32\atiapfxx.blb 2015-12-21 10:25 - 2015-12-21 10:25 - 00631792 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\system32\amdlvr64.dll 2015-12-21 10:25 - 2015-12-21 10:25 - 00524272 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\SysWOW64\amdlvr32.dll 2015-12-21 10:25 - 2015-12-21 10:25 - 00471320 _____ C:\WINDOWS\system32\amdmiracast.dll 2015-12-21 10:25 - 2015-12-21 10:25 - 00451056 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\system32\atidemgy.dll 2015-12-21 10:25 - 2015-12-21 10:25 - 00375792 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\system32\atiapfxx.exe 2015-12-21 10:25 - 2015-12-21 10:25 - 00341488 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\system32\ATIODE.exe 2015-12-21 10:25 - 2015-12-21 10:25 - 00243696 _____ C:\WINDOWS\system32\clinfo.exe 2015-12-21 10:25 - 2015-12-21 10:25 - 00213488 _____ C:\WINDOWS\system32\amdgfxinfo64.dll 2015-12-21 10:25 - 2015-12-21 10:25 - 00199664 _____ (AMD) C:\WINDOWS\system32\atitmm64.dll 2015-12-21 10:25 - 2015-12-21 10:25 - 00198640 _____ C:\WINDOWS\SysWOW64\amdgfxinfo32.dll 2015-12-21 10:25 - 2015-12-21 10:25 - 00168944 _____ C:\WINDOWS\system32\atieah64.exe 2015-12-21 10:25 - 2015-12-21 10:25 - 00165360 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\atig6txx.dll 2015-12-21 10:25 - 2015-12-21 10:25 - 00152560 _____ C:\WINDOWS\SysWOW64\atieah32.exe 2015-12-21 10:25 - 2015-12-21 10:25 - 00151936 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\system32\amdhcp64.dll 2015-12-21 10:25 - 2015-12-21 10:25 - 00150512 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\atigktxx.dll 2015-12-21 10:25 - 2015-12-21 10:25 - 00143344 _____ C:\WINDOWS\system32\amdhdl64.dll 2015-12-21 10:25 - 2015-12-21 10:25 - 00138384 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\SysWOW64\amdhcp32.dll 2015-12-21 10:25 - 2015-12-21 10:25 - 00136176 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\mantle64.dll 2015-12-21 10:25 - 2015-12-21 10:25 - 00132080 _____ C:\WINDOWS\SysWOW64\amdhdl32.dll 2015-12-21 10:25 - 2015-12-21 10:25 - 00130064 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\atiu9p64.dll 2015-12-21 10:25 - 2015-12-21 10:25 - 00122352 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\mantle32.dll 2015-12-21 10:25 - 2015-12-21 10:25 - 00117600 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\amdave64.dll 2015-12-21 10:25 - 2015-12-21 10:25 - 00111600 _____ C:\WINDOWS\system32\hsa-thunk64.dll 2015-12-21 10:25 - 2015-12-21 10:25 - 00111088 _____ C:\WINDOWS\SysWOW64\hsa-thunk.dll 2015-12-21 10:25 - 2015-12-21 10:25 - 00110320 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\amdave32.dll 2015-12-21 10:25 - 2015-12-21 10:25 - 00103408 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\mantleaxl64.dll 2015-12-21 10:25 - 2015-12-21 10:25 - 00097776 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\atisamu64.dll 2015-12-21 10:25 - 2015-12-21 10:25 - 00096752 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\mantleaxl32.dll 2015-12-21 10:25 - 2015-12-21 10:25 - 00089584 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\atisamu32.dll 2015-12-21 10:25 - 2015-12-21 10:25 - 00088000 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\atimpc64.dll 2015-12-21 10:25 - 2015-12-21 10:25 - 00088000 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\amdpcom64.dll 2015-12-21 10:25 - 2015-12-21 10:25 - 00083952 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\atig6pxx.dll 2015-12-21 10:25 - 2015-12-21 10:25 - 00081160 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\atimpc32.dll 2015-12-21 10:25 - 2015-12-21 10:25 - 00081160 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\amdpcom32.dll 2015-12-21 10:25 - 2015-12-21 10:25 - 00078320 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\atiglpxx.dll 2015-12-21 10:25 - 2015-12-21 10:25 - 00078320 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\atiglpxx.dll 2015-12-21 10:25 - 2015-12-21 10:25 - 00073712 _____ (Khronos Group) C:\WINDOWS\system32\OpenCL.dll 2015-12-21 10:25 - 2015-12-21 10:25 - 00071152 _____ (Advanced Micro Devices Inc.) C:\WINDOWS\system32\aticalrt64.dll 2015-12-21 10:25 - 2015-12-21 10:25 - 00068080 _____ (Khronos Group) C:\WINDOWS\SysWOW64\OpenCL.dll 2015-12-21 10:25 - 2015-12-21 10:25 - 00064496 _____ (Advanced Micro Devices Inc.) C:\WINDOWS\system32\aticalcl64.dll 2015-12-21 10:25 - 2015-12-21 10:25 - 00060912 _____ (Advanced Micro Devices Inc.) C:\WINDOWS\SysWOW64\aticalrt.dll 2015-12-21 10:25 - 2015-12-21 10:25 - 00059888 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\system32\ATIODCLI.exe 2015-12-21 10:25 - 2015-12-21 10:25 - 00059376 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\amdmmcl6.dll 2015-12-21 10:25 - 2015-12-21 10:25 - 00057840 _____ (Advanced Micro Devices Inc.) C:\WINDOWS\SysWOW64\aticalcl.dll 2015-12-21 10:25 - 2015-12-21 10:25 - 00052208 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\system32\Drivers\ati2erec.dll 2015-12-21 10:25 - 2015-12-21 10:25 - 00048112 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\amdmmcl.dll 2015-12-21 10:25 - 2015-12-21 10:25 - 00038384 _____ (AMD) C:\WINDOWS\system32\atimuixx.dll 2015-12-21 10:25 - 2015-12-21 10:25 - 00012784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\detoured.dll 2015-12-21 10:25 - 2015-12-21 10:25 - 00012784 _____ (Microsoft Corporation) C:\WINDOWS\system32\detoured.dll 2015-12-20 20:56 - 2015-12-20 20:56 - 00478062 _____ C:\Users\Daniel\Desktop\20151220.pdf 2015-12-20 17:19 - 2015-12-22 11:07 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox 2015-12-20 13:28 - 2015-12-21 14:29 - 00283623 _____ C:\Users\Daniel\Desktop\Dienstplan_TV_Cannstatt.xlsm 2015-12-20 10:36 - 2015-12-20 10:36 - 00255478 _____ C:\Users\Daniel\Downloads\Dienstplan_Änderung2_NEU (1).xlsm 2015-12-20 10:36 - 2015-12-20 10:36 - 00255478 _____ C:\Users\Daniel\Desktop\Dienstplan_Änderung2_NEU (1).xlsm 2015-12-18 10:57 - 2015-12-18 11:03 - 606692048 _____ (Sirrix AG) C:\Users\Daniel\Downloads\Browser_In_The_Box.4.1.4-r150.chrome.Archive.exe 2015-12-18 10:41 - 2015-12-19 19:28 - 00000222 _____ C:\Users\Daniel\Desktop\nicht angreiffen.txt 2015-12-18 10:36 - 2015-12-18 10:36 - 00617444 _____ C:\Users\Daniel\Downloads\Browser-in-the-Box_Benutzerhandbuch.pdf 2015-12-16 15:10 - 2015-12-16 15:10 - 00025360 _____ C:\Users\Daniel\Documents\far-Flung Prairie.mrf 2015-12-15 21:23 - 2015-12-15 21:23 - 00034360 _____ C:\Users\Daniel\Documents\nightfall swamp.mrf 2015-12-15 18:10 - 2015-12-15 18:11 - 21852240 _____ C:\Users\Daniel\Downloads\Smoothies.rar 2015-12-15 17:33 - 2015-12-15 17:33 - 00280112 _____ C:\WINDOWS\Minidump\121515-9359-01.dmp 2015-12-15 15:47 - 2015-12-15 15:47 - 00006660 _____ C:\Users\Daniel\Downloads\Rechnung Nr. 15005998.pdf 2015-12-15 13:56 - 2015-12-15 13:56 - 00023026 _____ C:\Users\Daniel\Downloads\Vodafone-Internet--Telefon-Kuendigung (1) (1).pdf 2015-12-15 13:53 - 2015-12-15 13:53 - 00023026 _____ C:\Users\Daniel\Downloads\Vodafone-Internet--Telefon-Kuendigung (1).pdf 2015-12-15 13:52 - 2015-12-15 13:53 - 00023026 _____ C:\Users\Daniel\Downloads\Vodafone-Internet--Telefon-Kuendigung.pdf 2015-12-15 13:36 - 2015-12-15 13:36 - 00000000 ____D C:\Users\Daniel\AppData\Roaming\Sirrix AG 2015-12-15 13:35 - 2015-12-15 13:35 - 00211398 _____ C:\Users\Daniel\Desktop\kündigung strom.pdf 2015-12-15 13:26 - 2015-12-18 11:04 - 00001332 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Browser in the Box.lnk 2015-12-15 13:26 - 2015-12-18 11:04 - 00001320 _____ C:\Users\Public\Desktop\Browser in the Box.lnk 2015-12-15 13:26 - 2015-12-15 13:26 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Browser in the Box 2015-12-15 13:25 - 2015-12-15 13:25 - 00000000 ____D C:\ProgramData\Sirrix AG 2015-12-15 13:25 - 2015-12-15 13:25 - 00000000 ____D C:\Program Files (x86)\Sirrix AG 2015-12-15 13:21 - 2015-12-15 13:21 - 00000000 ____D C:\Program Files\Oracle 2015-12-15 13:14 - 2015-12-15 13:19 - 565717248 _____ (Sirrix AG) C:\Users\Daniel\Downloads\Browser_In_The_Box.4.1.4-r150.firefox.Archive.exe 2015-12-15 13:12 - 2015-12-17 19:43 - 00002252 _____ C:\Users\Public\Desktop\Google Chrome.lnk 2015-12-15 13:11 - 2015-12-15 13:11 - 00927824 _____ (Google Inc.) C:\Users\Daniel\Downloads\ChromeSetup (1).exe 2015-12-15 12:47 - 2015-12-15 12:47 - 00436869 _____ C:\Users\Daniel\Downloads\Kündigung-strom-umzug-form (1).pdf 2015-12-15 12:44 - 2015-12-15 12:45 - 00436869 _____ C:\Users\Daniel\Downloads\Kündigung-strom-umzug-form.pdf 2015-12-15 12:28 - 2015-12-15 12:36 - 24149323 _____ C:\Users\Daniel\Downloads\Malwarebytes Anti-Malware Premium 2.2.0.1024.rar 2015-12-15 12:21 - 2015-12-22 18:45 - 00192216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys 2015-12-15 12:20 - 2015-12-15 13:10 - 00001165 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2015-12-15 12:20 - 2015-12-15 12:20 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 2015-12-15 12:20 - 2015-12-15 12:20 - 00000000 ____D C:\ProgramData\Malwarebytes 2015-12-15 12:20 - 2015-12-15 12:20 - 00000000 ____D C:\Program Files (x86)\ Malwarebytes Anti-Malware 2015-12-15 12:20 - 2015-10-05 09:50 - 00109272 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamchameleon.sys 2015-12-15 12:20 - 2015-10-05 09:50 - 00064216 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys 2015-12-15 12:20 - 2015-10-05 09:50 - 00025816 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys 2015-12-15 12:17 - 2015-12-15 12:18 - 22908888 _____ (Malwarebytes ) C:\Users\Daniel\Downloads\mbam-setup-2.2.0.1024.exe 2015-12-15 12:09 - 2015-12-15 12:09 - 00003530 _____ C:\WINDOWS\System32\Tasks\Ahonaradra 2015-12-15 12:01 - 2015-12-15 12:01 - 00003774 _____ C:\WINDOWS\System32\Tasks\SoftUpgrade 2015-12-15 12:01 - 2015-12-15 12:01 - 00000000 ____D C:\Users\Daniel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BandwidthStat 2015-12-15 12:01 - 2015-12-15 12:01 - 00000000 ____D C:\Users\Daniel\AppData\Roaming\BandwidthStat 2015-12-15 12:01 - 2015-12-15 12:01 - 00000000 ____D C:\Program Files (x86)\SoftUpgrade 2015-12-15 11:57 - 2015-12-15 11:57 - 00275717 _____ C:\Users\Daniel\Documents\151210 Rechnung_Lingel.pdf 2015-12-15 11:35 - 2015-12-15 11:35 - 00000000 ____D C:\ProgramData\{FD6F83C0-EC70-4581-8361-C70CD1AA4B98} 2015-12-15 11:34 - 2015-12-15 11:34 - 00026528 _____ (REALiX(tm)) C:\WINDOWS\SysWOW64\Drivers\HWiNFO64A.SYS 2015-12-15 11:34 - 2015-12-15 11:34 - 00000000 ____D C:\WINDOWS\Tasks\ImCleanDisabled 2015-12-15 11:34 - 2015-01-10 15:32 - 00128288 _____ (IObit) C:\WINDOWS\system32\IObitSmartDefragExtension.dll 2015-12-15 11:34 - 2014-06-04 15:17 - 00034080 _____ (IObit) C:\WINDOWS\system32\SmartDefragBootTime.exe 2015-12-15 11:33 - 2015-12-22 11:52 - 00000000 ____D C:\ProgramData\ProductData 2015-12-15 11:33 - 2015-12-15 11:41 - 00000000 ____D C:\Users\Daniel\AppData\Roaming\IObit 2015-12-15 11:33 - 2015-12-15 11:40 - 00000000 ____D C:\ProgramData\IObit 2015-12-15 11:33 - 2015-12-15 11:33 - 00000000 ____D C:\Users\Daniel\AppData\Roaming\ProductData 2015-12-15 11:33 - 2015-12-15 11:33 - 00000000 ____D C:\Users\Daniel\AppData\Roaming\Apple Computer 2015-12-15 11:33 - 2015-12-15 11:33 - 00000000 ____D C:\Users\Daniel\AppData\LocalLow\IObit 2015-12-15 11:32 - 2015-12-15 11:41 - 00000000 ____D C:\Program Files (x86)\IObit 2015-12-15 11:32 - 2015-12-15 11:32 - 30003568 _____ (IObit ) C:\Users\Daniel\Downloads\IObit-Malware-Fighter-Setup3409.exe 2015-12-15 11:16 - 2015-12-15 11:16 - 17529025 _____ C:\Users\Daniel\Documents\151210 Rechnung Lingel.pdf 2015-12-15 11:05 - 2015-12-15 11:13 - 00000000 ____D C:\Users\Daniel\AppData\Roaming\Opera Software 2015-12-15 11:05 - 2015-12-15 11:13 - 00000000 ____D C:\Users\Daniel\AppData\Local\Opera Software 2015-12-15 11:04 - 2015-12-15 11:05 - 17231872 _____ C:\Users\Daniel\Downloads\epson374980eu.exe 2015-12-15 11:03 - 2015-12-15 11:02 - 00004182 _____ C:\WINDOWS\system32\Drivers\etc\hp.bak 2015-12-15 11:02 - 2015-12-22 18:43 - 00000008 __RSH C:\Users\Daniel\ntuser.pol 2015-12-15 11:02 - 2015-12-22 18:43 - 00000008 __RSH C:\ProgramData\ntuser.pol 2015-12-15 11:01 - 2015-12-15 11:01 - 00003294 _____ C:\WINDOWS\System32\Tasks\{9049D845-5093-42F1-ABE4-823668FF2E6F} 2015-12-15 10:59 - 2015-12-15 10:59 - 12793856 _____ C:\Users\Daniel\Downloads\epson325480eu.exe 2015-12-15 10:57 - 2015-12-15 10:57 - 25198592 _____ C:\Users\Daniel\Downloads\epson324666eu.dmg 2015-12-14 20:52 - 2015-12-14 20:52 - 00030000 _____ C:\Users\Daniel\Documents\13.mrf 2015-12-14 14:28 - 2015-12-14 14:32 - 00027280 _____ C:\Users\Daniel\Documents\sunshine beach.mrf 2015-12-14 14:23 - 2015-12-14 14:23 - 31302583 _____ C:\Users\Daniel\Downloads\auv116.pdf 2015-12-14 14:23 - 2015-12-14 14:23 - 31302583 _____ C:\Users\Daniel\Downloads\auv116 (1).pdf 2015-12-14 14:22 - 2015-12-14 14:23 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype 2015-12-14 14:22 - 2015-12-14 14:22 - 00000000 ___RD C:\Program Files (x86)\Skype 2015-12-14 14:11 - 2015-12-14 14:15 - 11692510 _____ C:\Users\Daniel\Downloads\GLGzFAmSSuC(zA.rar 2015-12-14 14:05 - 2015-12-14 14:15 - 32280461 _____ C:\Users\Daniel\Downloads\Nicht bestätigt 522240.crdownload 2015-12-14 13:48 - 2015-12-14 13:48 - 00030280 _____ C:\Users\Daniel\Documents\Climbing Olympus.mrf 2015-12-14 13:20 - 2015-12-15 16:21 - 00000000 ____D C:\Users\Daniel\AppData\Roaming\Mouse Recorder 2015-12-14 13:20 - 2015-12-14 13:20 - 00000000 ____D C:\ProgramData\MouseRecorder 2015-12-14 13:20 - 2015-12-14 13:20 - 00000000 ____D C:\ProgramData\Mouse Recorder 2015-12-14 13:20 - 2015-12-14 13:20 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MouseRecorder 2015-12-14 13:20 - 2015-12-14 13:20 - 00000000 ____D C:\Program Files (x86)\MouseRecorder 2015-12-14 13:19 - 2015-12-14 13:21 - 02467080 _____ (Bartels Media GmbH ) C:\Users\Daniel\Downloads\MouseRecorderSetup1042.exe 2015-12-14 13:17 - 2015-12-14 13:17 - 02331531 _____ C:\Users\Daniel\Downloads\MRP276Setup.zip 2015-12-14 13:10 - 2015-12-14 13:10 - 00000000 ____D C:\Users\Daniel\Documents\My Recorded Scripts 2015-12-14 13:10 - 2015-12-14 13:10 - 00000000 ____D C:\Users\Daniel\AppData\Roaming\Mouse Recorder Pro 2015-12-14 13:10 - 2015-12-14 13:10 - 00000000 ____D C:\Users\Daniel\AppData\Local\Nemex 2015-12-14 13:09 - 2015-12-14 13:09 - 02332069 _____ C:\Users\Daniel\Downloads\mrp275setup.zip 2015-12-14 13:01 - 2015-12-14 13:01 - 00842440 _____ (ghost-mouse.com ) C:\Users\Daniel\Downloads\GhostMouse323-Setup (1).exe 2015-12-14 12:55 - 2015-12-15 13:10 - 00001682 _____ C:\Users\Public\Desktop\BlueStacks.lnk 2015-12-14 12:55 - 2015-12-15 13:08 - 00001742 _____ C:\Users\Daniel\AppData\Roaming\Microsoft\Windows\Start Menu\BlueStacks.lnk 2015-12-14 12:55 - 2015-12-14 13:01 - 00842440 _____ (ghost-mouse.com ) C:\Users\Daniel\Downloads\GhostMouse323-Setup.exe 2015-12-14 12:55 - 2015-12-14 12:55 - 00000000 ____D C:\ProgramData\BlueStacksGameManager 2015-12-14 12:54 - 2015-12-14 12:54 - 00000000 ____D C:\Users\Daniel\AppData\Local\fabi.me 2015-12-14 12:53 - 2015-12-14 12:55 - 00000000 ____D C:\Program Files (x86)\BlueStacks 2015-12-14 12:53 - 2015-12-14 12:54 - 00000000 ____D C:\ProgramData\BlueStacks 2015-12-14 12:53 - 2015-12-14 12:53 - 00094899 _____ C:\Users\Daniel\Downloads\SpeedAutoClicker.zip 2015-12-14 12:46 - 2015-12-14 12:47 - 308301520 _____ (BlueStack Systems Inc.) C:\Users\Daniel\Downloads\BlueStacks2-Installer_native.exe 2015-12-12 19:59 - 2015-12-01 08:01 - 02115936 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys 2015-12-12 19:59 - 2015-12-01 06:51 - 07523840 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll 2015-12-12 19:59 - 2015-12-01 05:59 - 05455360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll 2015-12-12 19:59 - 2015-11-25 06:42 - 04532304 _____ (Microsoft Corporation) C:\WINDOWS\explorer.exe 2015-12-12 19:59 - 2015-11-25 06:33 - 03622272 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll 2015-12-12 19:59 - 2015-11-25 06:27 - 01366680 _____ (Microsoft Corporation) C:\WINDOWS\system32\user32.dll 2015-12-12 19:59 - 2015-11-25 06:12 - 04047288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\explorer.exe 2015-12-12 19:59 - 2015-11-25 06:09 - 01310880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\user32.dll 2015-12-12 19:59 - 2015-11-25 06:01 - 02879024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll 2015-12-12 19:59 - 2015-11-25 05:49 - 01569280 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Globalization.dll 2015-12-12 19:59 - 2015-11-25 05:44 - 21872640 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll 2015-12-12 19:59 - 2015-11-25 05:42 - 24592384 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll 2015-12-12 19:59 - 2015-11-25 05:36 - 01710592 _____ (Microsoft Corporation) C:\WINDOWS\system32\SRHInproc.dll 2015-12-12 19:59 - 2015-11-25 05:35 - 00929792 _____ (Microsoft Corporation) C:\WINDOWS\system32\SRH.dll 2015-12-12 19:59 - 2015-11-25 05:35 - 00845824 _____ (Microsoft Corporation) C:\WINDOWS\system32\Magnify.exe 2015-12-12 19:59 - 2015-11-25 05:34 - 12504576 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll 2015-12-12 19:59 - 2015-11-25 05:31 - 00121344 _____ (Microsoft Corporation) C:\WINDOWS\system32\DAMM.dll 2015-12-12 19:59 - 2015-11-25 05:30 - 00171008 _____ (Microsoft Corporation) C:\WINDOWS\system32\dot3mm.dll 2015-12-12 19:59 - 2015-11-25 05:29 - 01649152 _____ (Microsoft Corporation) C:\WINDOWS\system32\comsvcs.dll 2015-12-12 19:59 - 2015-11-25 05:29 - 00355328 _____ (Microsoft Corporation) C:\WINDOWS\system32\ninput.dll 2015-12-12 19:59 - 2015-11-25 05:28 - 00523776 _____ (Microsoft Corporation) C:\WINDOWS\system32\catsrvut.dll 2015-12-12 19:59 - 2015-11-25 05:27 - 02180608 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll 2015-12-12 19:59 - 2015-11-25 05:23 - 19323392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll 2015-12-12 19:59 - 2015-11-25 05:23 - 03588096 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys 2015-12-12 19:59 - 2015-11-25 05:23 - 00587776 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieui.dll 2015-12-12 19:59 - 2015-11-25 05:22 - 01717248 _____ (Microsoft Corporation) C:\WINDOWS\system32\GdiPlus.dll 2015-12-12 19:59 - 2015-11-25 05:22 - 01383424 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys 2015-12-12 19:59 - 2015-11-25 05:22 - 00603648 _____ (Microsoft Corporation) C:\WINDOWS\system32\duser.dll 2015-12-12 19:59 - 2015-11-25 05:19 - 01795584 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.dll 2015-12-12 19:59 - 2015-11-25 05:18 - 01233920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Globalization.dll 2015-12-12 19:59 - 2015-11-25 05:17 - 00774656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SRH.dll 2015-12-12 19:59 - 2015-11-25 05:16 - 01442816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SRHInproc.dll 2015-12-12 19:59 - 2015-11-25 05:16 - 00786432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Magnify.exe 2015-12-12 19:59 - 2015-11-25 05:11 - 00296960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ninput.dll 2015-12-12 19:59 - 2015-11-25 05:10 - 18801664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll 2015-12-12 19:59 - 2015-11-25 05:10 - 01328128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\comsvcs.dll 2015-12-12 19:59 - 2015-11-25 05:10 - 00415744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\catsrvut.dll 2015-12-12 19:59 - 2015-11-25 05:05 - 11263488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll 2015-12-12 19:59 - 2015-11-25 05:04 - 01467392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GdiPlus.dll 2015-12-12 19:59 - 2015-11-25 05:04 - 00480768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\duser.dll 2015-12-12 19:59 - 2015-11-25 05:04 - 00474624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieui.dll 2015-12-12 19:58 - 2015-12-01 07:03 - 00008192 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\gpuenergydrv.sys 2015-12-12 19:58 - 2015-12-01 06:54 - 00771072 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll 2015-12-12 19:58 - 2015-12-01 06:49 - 04792320 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll 2015-12-12 19:58 - 2015-12-01 06:02 - 03580416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll 2015-12-12 19:58 - 2015-11-25 06:42 - 00168288 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetworkUXBroker.exe 2015-12-12 19:58 - 2015-11-25 06:41 - 01822280 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll 2015-12-12 19:58 - 2015-11-25 06:40 - 00516448 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBHUB3.SYS 2015-12-12 19:58 - 2015-11-25 06:32 - 00113184 _____ (Microsoft Corporation) C:\WINDOWS\system32\userenv.dll 2015-12-12 19:58 - 2015-11-25 06:11 - 01532984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll 2015-12-12 19:58 - 2015-11-25 05:59 - 00092992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\userenv.dll 2015-12-12 19:58 - 2015-11-25 05:49 - 00498688 _____ (Microsoft Corporation) C:\WINDOWS\system32\WlanMediaManager.dll 2015-12-12 19:58 - 2015-11-25 05:49 - 00467456 _____ (Microsoft Corporation) C:\WINDOWS\system32\MBMediaManager.dll 2015-12-12 19:58 - 2015-11-25 05:49 - 00270336 _____ (Microsoft Corporation) C:\WINDOWS\system32\RasMediaManager.dll 2015-12-12 19:58 - 2015-11-25 05:48 - 00146944 _____ (Microsoft Corporation) C:\WINDOWS\system32\EthernetMediaManager.dll 2015-12-12 19:58 - 2015-11-25 05:48 - 00126464 _____ (Microsoft Corporation) C:\WINDOWS\system32\DAMediaManager.dll 2015-12-12 19:58 - 2015-11-25 05:37 - 02350592 _____ (Microsoft Corporation) C:\WINDOWS\system32\authui.dll 2015-12-12 19:58 - 2015-11-25 05:36 - 00022528 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usb8023.sys 2015-12-12 19:58 - 2015-11-25 05:30 - 00147968 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rmcast.sys 2015-12-12 19:58 - 2015-11-25 05:30 - 00080896 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hdaudbus.sys 2015-12-12 19:58 - 2015-11-25 05:28 - 00572928 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll 2015-12-12 19:58 - 2015-11-25 05:26 - 00849408 _____ (Microsoft Corporation) C:\WINDOWS\system32\comdlg32.dll 2015-12-12 19:58 - 2015-11-25 05:26 - 00181760 _____ (Microsoft Corporation) C:\WINDOWS\system32\shutdownux.dll 2015-12-12 19:58 - 2015-11-25 05:25 - 00324096 _____ (Microsoft Corporation) C:\WINDOWS\system32\profsvc.dll 2015-12-12 19:58 - 2015-11-25 05:25 - 00067072 _____ (Microsoft Corporation) C:\WINDOWS\system32\profext.dll 2015-12-12 19:58 - 2015-11-25 05:22 - 00007168 _____ (Microsoft Corporation) C:\WINDOWS\system32\kbdgeoqw.dll 2015-12-12 19:58 - 2015-11-25 05:22 - 00007168 _____ (Microsoft Corporation) C:\WINDOWS\system32\KBDAZST.DLL 2015-12-12 19:58 - 2015-11-25 05:22 - 00007168 _____ (Microsoft Corporation) C:\WINDOWS\system32\KBDAZEL.DLL 2015-12-12 19:58 - 2015-11-25 05:22 - 00007168 _____ (Microsoft Corporation) C:\WINDOWS\system32\KBDAZE.DLL 2015-12-12 19:58 - 2015-11-25 05:19 - 00185344 _____ (Microsoft Corporation) C:\WINDOWS\system32\psmsrv.dll 2015-12-12 19:58 - 2015-11-25 05:13 - 02153984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\authui.dll 2015-12-12 19:58 - 2015-11-25 05:10 - 00503296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll 2015-12-12 19:58 - 2015-11-25 05:08 - 00749568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\comdlg32.dll 2015-12-12 19:58 - 2015-11-25 05:07 - 00053248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\profext.dll 2015-12-12 19:58 - 2015-11-25 05:04 - 00007168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kbdgeoqw.dll 2015-12-12 19:58 - 2015-11-25 05:04 - 00007168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KBDAZST.DLL 2015-12-12 19:58 - 2015-11-25 05:04 - 00007168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KBDAZEL.DLL 2015-12-12 19:58 - 2015-11-25 05:04 - 00007168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KBDAZE.DLL 2015-12-12 19:58 - 2015-11-25 03:52 - 00775312 _____ C:\WINDOWS\SysWOW64\locale.nls 2015-12-12 19:58 - 2015-11-25 03:52 - 00775312 _____ C:\WINDOWS\system32\locale.nls 2015-12-06 18:50 - 2015-12-06 18:50 - 01142543 _____ C:\Users\Daniel\Downloads\Bewerbung_Melanie_Schwab 1.zip 2015-12-06 18:50 - 2015-12-06 18:50 - 01142543 _____ C:\Users\Daniel\Downloads\Bewerbung_Melanie_Schwab 1 (1).zip 2015-12-06 18:49 - 2015-12-06 18:49 - 04397665 _____ C:\Users\Daniel\Downloads\Bewerbung_Melanie_Schwab (1).zip 2015-12-06 18:48 - 2015-12-06 18:48 - 01142560 _____ C:\Users\Daniel\Downloads\Bewerbung_Melanie_Schwab.zip 2015-12-06 18:19 - 2015-12-06 18:19 - 03984004 _____ C:\Users\Daniel\Downloads\Bewerbung_Erzieherin_Daniele_Maier.pdf 2015-12-06 18:06 - 2015-12-06 18:06 - 00291489 _____ C:\Users\Daniel\Downloads\20151127131614271.pdf 2015-12-06 17:50 - 2015-12-06 17:50 - 00109513 _____ C:\Users\Daniel\Desktop\Anmeldung.pdf 2015-12-03 18:29 - 2015-12-03 18:29 - 00169351 _____ C:\Users\Daniel\Downloads\WAZ.pdf 2015-11-30 21:32 - 2015-11-30 21:32 - 00064681 _____ C:\Users\Daniel\Downloads\Rückseite.pdf 2015-11-30 21:31 - 2015-11-30 21:31 - 00064681 _____ C:\Users\Daniel\Desktop\Rückseite.pdf 2015-11-30 21:29 - 2015-11-30 21:29 - 00032176 _____ C:\Users\Daniel\Desktop\Vorderseite.pdf 2015-11-30 21:25 - 2015-11-30 21:25 - 04889088 _____ C:\Users\Daniel\Downloads\Da Carlo Front Visit.zdl 2015-11-30 21:25 - 2015-11-30 21:25 - 01163776 _____ C:\Users\Daniel\Downloads\Da Carlo Back Visit.zdl 2015-11-29 20:16 - 2015-11-29 20:16 - 00457667 _____ C:\Users\Daniel\Downloads\maui.pdf 2015-11-26 16:19 - 2015-11-26 17:43 - 00000000 ____D C:\Users\Daniel\Desktop\Schwab Melli 2015-11-25 16:11 - 2015-11-25 16:11 - 00255478 _____ C:\Users\Daniel\Desktop\Dienstplan_Änderung2_NEU.xlsm 2015-11-25 16:00 - 2015-11-25 16:00 - 00273974 _____ C:\Users\Daniel\Downloads\Dienstplan_Änderung2_NEU.xlsm 2015-11-25 15:59 - 2015-11-25 15:59 - 00076125 _____ C:\Users\Daniel\Downloads\Kopie von Dienstplan_Änderung2 (1).xlsx ==================== Ein Monat: Geänderte Dateien und Ordner ======== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.) 2015-12-22 18:45 - 2015-02-13 17:03 - 00000000 ____D C:\ProgramData\TwonkyServer 2015-12-22 18:45 - 2014-05-05 05:08 - 00000000 ____D C:\Users\Daniel\AppData\Roaming\Skype 2015-12-22 18:45 - 2014-05-05 05:06 - 00001134 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job 2015-12-22 18:44 - 2015-08-01 19:20 - 00000000 _____ C:\WINDOWS\system32\Drivers\lvuvc.hs 2015-12-22 18:44 - 2015-07-10 13:21 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT 2015-12-22 18:44 - 2015-07-10 10:05 - 00524288 ___SH C:\WINDOWS\system32\config\BBI 2015-12-22 18:44 - 2014-06-23 15:11 - 00065536 _____ C:\WINDOWS\system32\spu_storage.bin 2015-12-22 18:43 - 2015-08-01 19:21 - 00000000 ____D C:\Users\Daniel 2015-12-22 18:24 - 2014-05-05 05:06 - 00001138 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job 2015-12-22 18:22 - 2015-07-10 10:05 - 00000000 ____D C:\Windows 2015-12-22 18:16 - 2014-08-16 20:56 - 00000000 ____D C:\Program Files\Common Files\Adobe 2015-12-22 18:16 - 2014-05-26 12:17 - 00000000 ____D C:\ProgramData\Adobe 2015-12-22 18:16 - 2014-05-05 05:03 - 00000000 ____D C:\Users\Daniel\AppData\Roaming\Adobe 2015-12-22 18:15 - 2014-05-26 12:17 - 00000000 ____D C:\Program Files (x86)\Adobe 2015-12-22 18:02 - 2014-06-07 19:47 - 00000884 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job 2015-12-22 18:00 - 2015-08-01 19:33 - 01790124 _____ C:\WINDOWS\system32\PerfStringBackup.INI 2015-12-22 18:00 - 2015-07-10 17:34 - 00771100 _____ C:\WINDOWS\system32\perfh007.dat 2015-12-22 18:00 - 2015-07-10 17:34 - 00153964 _____ C:\WINDOWS\system32\perfc007.dat 2015-12-22 18:00 - 2015-07-10 12:02 - 00000000 ____D C:\WINDOWS\INF 2015-12-22 17:58 - 2014-11-03 18:22 - 00000000 ____D C:\ProgramData\BlueStacksSetup 2015-12-22 17:53 - 2015-07-10 12:04 - 00000000 ____D C:\WINDOWS\AppReadiness 2015-12-22 17:51 - 2014-05-13 20:10 - 00000000 ____D C:\Users\Daniel\AppData\Roaming\Notepad++ 2015-12-22 17:45 - 2015-04-02 10:03 - 00000000 ____D C:\Users\Daniel\AppData\Roaming\uTorrent 2015-12-22 15:45 - 2015-08-08 19:27 - 00004160 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{88EEB1D5-370C-4812-9418-EDF692A916C5} 2015-12-22 14:51 - 2015-07-10 12:04 - 00000000 ___HD C:\Program Files\WindowsApps 2015-12-22 11:50 - 2015-08-01 19:21 - 00000000 ____D C:\Users\postgres 2015-12-22 11:28 - 2015-07-10 12:04 - 00000000 ____D C:\WINDOWS\Registration 2015-12-22 11:09 - 2015-07-10 12:04 - 00000000 ____D C:\WINDOWS\system32\NDF 2015-12-22 11:07 - 2014-05-29 11:18 - 00000000 ____D C:\Users\Daniel\AppData\Local\CrashDumps 2015-12-22 11:07 - 2014-05-13 19:27 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service 2015-12-22 02:00 - 2014-06-23 14:35 - 00000000 ____D C:\Users\Daniel\AppData\Local\Adobe 2015-12-21 15:41 - 2015-08-16 17:58 - 00000000 ____D C:\Program Files (x86)\StarMoney 9.0 2015-12-21 11:06 - 2015-10-03 15:02 - 00010560 _____ C:\Users\Daniel\Desktop\Lego-Architecture.xlsx 2015-12-21 10:28 - 2015-08-01 19:20 - 00000000 ____D C:\ProgramData\AMD 2015-12-21 10:28 - 2015-08-01 19:20 - 00000000 ____D C:\Program Files (x86)\ATI Technologies 2015-12-21 10:27 - 2014-05-05 05:07 - 00000000 ____D C:\AMD 2015-12-21 10:25 - 2015-08-25 19:22 - 21648880 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\system32\Drivers\atikmdag.sys 2015-12-21 10:25 - 2015-08-25 19:22 - 00255472 _____ (AMD) C:\WINDOWS\system32\atiesrxx.exe 2015-12-21 10:25 - 2015-07-16 01:12 - 00162232 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\atiuxp64.dll 2015-12-21 10:25 - 2015-07-16 01:11 - 12088000 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\atidxx64.dll 2015-12-21 10:25 - 2015-07-16 01:11 - 10211016 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\atidxx32.dll 2015-12-21 10:25 - 2015-07-16 01:11 - 08009360 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\atiumdva.dll 2015-12-21 10:25 - 2015-07-16 01:11 - 07482560 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\atiumdag.dll 2015-12-21 10:25 - 2015-07-16 01:11 - 01479808 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\aticfx64.dll 2015-12-21 10:25 - 2015-07-16 01:11 - 01223544 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\aticfx32.dll 2015-12-21 10:25 - 2015-07-16 01:11 - 00143056 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\atiuxpag.dll 2015-12-21 10:25 - 2015-07-16 01:11 - 00112360 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\atiu9pag.dll 2015-12-21 10:25 - 2015-07-16 00:17 - 00683504 _____ (AMD) C:\WINDOWS\system32\atieclxx.exe 2015-12-21 10:25 - 2015-07-16 00:13 - 00674288 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\system32\Drivers\atikmpag.sys 2015-12-21 10:25 - 2015-07-16 00:12 - 00874480 _____ (AMD) C:\WINDOWS\system32\coinst_15.20.dll 2015-12-20 10:37 - 2014-05-05 05:03 - 00000000 ____D C:\Users\Daniel\AppData\Local\Packages 2015-12-18 19:58 - 2015-09-19 10:01 - 00023600 _____ C:\Users\Daniel\Desktop\Kaufpreis Backnang.xlsx 2015-12-18 17:14 - 2015-07-10 17:44 - 00000000 ____D C:\WINDOWS\ShellNew 2015-12-17 18:52 - 2015-08-20 15:17 - 00002099 _____ C:\Users\Public\Desktop\Sony PC Companion 2.1.lnk 2015-12-17 18:52 - 2014-07-10 16:29 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sony 2015-12-17 18:52 - 2014-05-05 05:08 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information 2015-12-17 14:36 - 2015-07-10 12:04 - 00000000 ____D C:\WINDOWS\LiveKernelReports 2015-12-15 17:33 - 2015-08-15 18:33 - 00000000 ____D C:\WINDOWS\Minidump 2015-12-15 13:24 - 2014-11-03 18:30 - 00000000 ____D C:\Users\Daniel\.VirtualBox 2015-12-15 13:11 - 2015-08-01 19:25 - 00001540 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk 2015-12-15 13:11 - 2015-06-26 22:05 - 00001162 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CDBurnerXP.lnk 2015-12-15 13:11 - 2014-12-29 16:10 - 00000971 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 10.lnk 2015-12-15 13:11 - 2014-10-20 18:02 - 00000942 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GIMP 2.lnk 2015-12-15 13:11 - 2014-08-16 20:58 - 00000890 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Bridge CS6 (64bit).lnk 2015-12-15 13:11 - 2014-08-16 20:57 - 00001527 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe ExtendScript Toolkit CS6.lnk 2015-12-15 13:11 - 2014-08-16 17:13 - 00001750 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Rainmeter.lnk 2015-12-15 13:11 - 2014-05-13 19:27 - 00001159 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk 2015-12-15 13:10 - 2015-08-26 18:40 - 00001218 _____ C:\Users\Public\Desktop\CDBurnerXP.lnk 2015-12-15 13:10 - 2015-08-16 18:00 - 00002234 _____ C:\Users\Public\Desktop\StarMoney 9.0.lnk 2015-12-15 13:08 - 2015-08-01 20:21 - 00002425 _____ C:\Users\Daniel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk 2015-12-15 13:08 - 2015-05-16 13:40 - 00002158 _____ C:\Users\Daniel\AppData\Roaming\Microsoft\Windows\Start Menu\KÜCHEN QUELLE 3D.lnk 2015-12-15 13:08 - 2015-01-18 17:42 - 00001033 _____ C:\Users\Daniel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\iPadian.lnk 2015-12-15 13:08 - 2015-01-08 18:29 - 00001822 _____ C:\Users\Daniel\AppData\Roaming\Microsoft\Windows\Start Menu\Coral Poker.lnk 2015-12-15 13:08 - 2014-12-16 14:46 - 00001830 _____ C:\Users\Daniel\AppData\Roaming\Microsoft\Windows\Start Menu\Winner Poker.lnk 2015-12-15 13:08 - 2014-08-21 15:45 - 00001136 _____ C:\ProgramData\Microsoft\Windows\Start Menu\LINE.lnk 2015-12-15 13:08 - 2014-07-25 19:12 - 00001792 _____ C:\ProgramData\Microsoft\Windows\Start Menu\24hPoker.lnk 2015-12-15 13:08 - 2014-07-02 16:36 - 00001102 _____ C:\ProgramData\Microsoft\Windows\Start Menu\PokerStars.eu.lnk 2015-12-15 13:08 - 2014-06-14 19:21 - 00001120 _____ C:\Users\Daniel\AppData\Roaming\Microsoft\Windows\Start Menu\PokerStars.eu.lnk 2015-12-15 13:08 - 2014-05-18 20:21 - 00000295 _____ C:\Users\Daniel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Papierkorb.lnk 2015-12-15 13:08 - 2014-05-17 11:36 - 00001079 _____ C:\Users\Daniel\AppData\Roaming\Microsoft\Windows\Start Menu\PokerRanger.lnk 2015-12-15 13:08 - 2014-05-05 15:24 - 00000811 _____ C:\Users\Daniel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Betfair.com Poker.lnk 2015-12-15 13:07 - 2015-10-12 19:18 - 00002180 _____ C:\Users\Daniel\Desktop\AusweisApp2.lnk 2015-12-15 12:04 - 2015-08-01 20:18 - 00000000 __RHD C:\Users\Public\AccountPictures 2015-12-15 11:12 - 2014-10-20 17:34 - 00000000 ____D C:\WINDOWS\system32\appmgmt 2015-12-14 22:26 - 2015-07-10 12:04 - 00000000 ____D C:\WINDOWS\rescache 2015-12-14 22:20 - 2015-09-06 12:11 - 00000000 ____D C:\WINDOWS\Panther 2015-12-14 22:15 - 2015-10-30 20:28 - 00000000 ___HD C:\$WINDOWS.~BT 2015-12-14 19:15 - 2015-07-10 13:20 - 04962496 _____ C:\WINDOWS\system32\FNTCACHE.DAT 2015-12-14 14:22 - 2014-05-05 05:08 - 00000000 ____D C:\Users\Daniel\AppData\Local\Skype 2015-12-14 14:22 - 2014-05-05 05:07 - 00000000 ____D C:\ProgramData\Skype 2015-12-14 14:19 - 2015-07-10 12:04 - 00000000 ____D C:\WINDOWS\system32\oobe 2015-12-14 12:55 - 2015-07-10 12:04 - 00000000 __RHD C:\Users\Public\Libraries 2015-12-14 12:50 - 2014-11-03 18:25 - 00000000 ____D C:\Program Files\Andy 2015-12-14 11:44 - 2014-05-05 14:40 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013 2015-12-14 11:44 - 2014-05-05 14:38 - 00000000 ____D C:\ProgramData\Microsoft Help 2015-12-14 11:43 - 2013-08-22 14:25 - 00000167 _____ C:\WINDOWS\win.ini 2015-12-14 11:41 - 2014-05-10 14:33 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight 2015-12-14 11:40 - 2014-05-10 14:33 - 00000000 ____D C:\Program Files\Microsoft Silverlight 2015-12-14 11:40 - 2014-05-10 14:33 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight 2015-12-14 11:39 - 2015-07-10 11:55 - 00000000 ____D C:\WINDOWS\CbsTemp 2015-12-14 11:38 - 2014-05-07 16:59 - 00000000 ____D C:\WINDOWS\system32\MRT 2015-12-14 11:32 - 2014-05-07 16:59 - 140158008 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe 2015-12-14 09:46 - 2014-05-05 05:05 - 00000000 ___RD C:\Users\Daniel\OneDrive 2015-12-12 19:44 - 2014-06-14 19:21 - 00000000 ____D C:\Users\Daniel\AppData\Local\PokerStars.EU 2015-12-09 04:39 - 2014-05-07 18:25 - 00301728 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe 2015-12-06 11:19 - 2014-05-05 05:06 - 00004196 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA 2015-12-06 11:19 - 2014-05-05 05:06 - 00003964 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore 2015-12-06 11:04 - 2014-08-16 21:42 - 00000000 ____D C:\ProgramData\regid.1986-12.com.adobe 2015-12-06 11:04 - 2014-05-05 14:37 - 00000000 ____D C:\Users\Daniel\AppData\Local\AMD 2015-12-01 01:32 - 2015-10-03 15:01 - 00826872 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe 2015-12-01 01:32 - 2015-10-03 15:01 - 00176632 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl ==================== Dateien im Wurzelverzeichnis einiger Verzeichnisse ======= 2014-11-27 21:25 - 2014-11-27 21:25 - 0004676 _____ () C:\Users\Daniel\AppData\Local\recently-used.xbel 2015-05-16 13:40 - 2015-05-16 13:40 - 0370070 _____ () C:\Users\Daniel\AppData\Local\SquareClock.Production_Home_KQ_WebIcon.ico 2015-02-13 17:03 - 2015-02-13 17:03 - 0000011 _____ () C:\ProgramData\.tv7 2014-05-05 15:24 - 2014-05-05 15:24 - 0558105 _____ () C:\ProgramData\1399299703.bdinstall.bin 2015-01-05 15:23 - 2015-01-05 15:23 - 0259192 _____ () C:\ProgramData\1420467746.bdinstall.bin 2015-02-08 16:01 - 2015-02-08 16:01 - 0740775 _____ () C:\ProgramData\AndyDrivers.zip 2015-08-01 19:19 - 2015-08-01 19:19 - 0000000 ____H () C:\ProgramData\DP45977C.lfl 2014-08-09 18:17 - 2014-08-09 18:17 - 0005044 _____ () C:\ProgramData\flwjycbm.bab Einige Dateien in TEMP: ==================== C:\Users\Daniel\AppData\Local\Temp\prog.exe C:\Users\Daniel\AppData\Local\Temp\sqlite3.dll C:\Users\Daniel\AppData\Local\Temp\tmp6407.exe C:\Users\Daniel\AppData\Local\Temp\tmpF8DA.exe C:\Users\Daniel\AppData\Local\Temp\Uninstall.exe C:\Users\Daniel\AppData\Local\Temp\upd.exe ==================== Bamital & volsnap ================= (Es ist kein automatischer Fix für Dateien vorhanden, die an der Verifikation gescheitert sind.) C:\WINDOWS\system32\winlogon.exe => Datei ist digital signiert C:\WINDOWS\system32\wininit.exe => Datei ist digital signiert C:\WINDOWS\explorer.exe => Datei ist digital signiert C:\WINDOWS\SysWOW64\explorer.exe => Datei ist digital signiert C:\WINDOWS\system32\svchost.exe => Datei ist digital signiert C:\WINDOWS\SysWOW64\svchost.exe => Datei ist digital signiert C:\WINDOWS\system32\services.exe => Datei ist digital signiert C:\WINDOWS\system32\User32.dll => Datei ist digital signiert C:\WINDOWS\SysWOW64\User32.dll => Datei ist digital signiert C:\WINDOWS\system32\userinit.exe => Datei ist digital signiert C:\WINDOWS\SysWOW64\userinit.exe => Datei ist digital signiert C:\WINDOWS\system32\rpcss.dll => Datei ist digital signiert C:\WINDOWS\system32\dnsapi.dll => Datei ist digital signiert C:\WINDOWS\SysWOW64\dnsapi.dll => Datei ist digital signiert C:\WINDOWS\system32\Drivers\volsnap.sys => Datei ist digital signiert LastRegBack: 2015-12-14 22:04 ==================== Ende von FRST.txt ============================ |
|
22.12.2015, 19:16
| #8 |
| /// Malwareteam | Windows 10: Malwarebytes meldet infizierte Dateien, teilweise funktioniert das Internet nicht, generell PC langsam Hi, Schritt # 1: FRST Fix Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster. Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument Code:
ATTFilter HKU\S-1-5-21-2676936528-1030403693-891089861-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Beschränkung <======= ACHTUNG
FF DefaultSearchEngine: MyStart
C:\WINDOWS\system32\Drivers\etc\hosts_bkup
Hosts:
EmptyTemp:
Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
Schritt # 2: ESET ESET Online Scanner
Schritt # 3: FRST Und noch ein frisches FRST-Log bitte. Schritt # 3: Frage Noch Probleme?  Schritt # 5: Bitte Posten
|
|
23.12.2015, 13:38
| #9 |
| | Windows 10: Malwarebytes meldet infizierte Dateien, teilweise funktioniert das Internet nicht, generell PC langsam Mahlzeit Dennis, zuerst einmal vielen Dank. Der Rechner ist wieder schnell  ..anbei die Logs, danach folgen die "weiteren Probleme" FixLog.txt Code:
ATTFilter Entferungsergebnis von Farbar Recovery Scan Tool (x64) Version:20-12-2015
durchgeführt von Daniel (2015-12-22 19:23:33) Run:1
Gestartet von C:\Users\Daniel\Desktop
Geladene Profile: Daniel & postgres (Verfügbare Profile: Daniel & postgres & Gl0ba_000)
Start-Modus: Normal
==============================================
fixlist Inhalt:
*****************
HKU\S-1-5-21-2676936528-1030403693-891089861-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Beschränkung <======= ACHTUNG
FF DefaultSearchEngine: MyStart
C:\WINDOWS\system32\Drivers\etc\hosts_bkup
Hosts:
EmptyTemp:
*****************
"HKU\S-1-5-21-2676936528-1030403693-891089861-1001\SOFTWARE\Policies\Microsoft\Internet Explorer" => Schlüssel erfolgreich entfernt
Firefox DefaultSearchEngine erfolgreich entfernt
C:\WINDOWS\system32\Drivers\etc\hosts_bkup => erfolgreich verschoben
C:\Windows\System32\Drivers\etc\hosts => erfolgreich verschoben
Hosts erfolgreich wiederhergestellt.
EmptyTemp: => 2.5 GB temporäre Dateien entfernt.
Das System musste neu gestartet werden.
==== Ende von Fixlog 19:25:02 ====
Code:
ATTFilter ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# EOSSerial=eb7ff69065a4c243aaf5381b93264e08
# end=init
# utc_time=2015-12-22 06:29:53
# local_time=2015-12-22 07:29:53 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# osver=6.2.9200 NT
Update Init
Update Download
Update Finalize
Updated modules version: 27318
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# EOSSerial=eb7ff69065a4c243aaf5381b93264e08
# end=updated
# utc_time=2015-12-22 06:31:34
# local_time=2015-12-22 07:31:34 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# osver=6.2.9200 NT
ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# EOSSerial=eb7ff69065a4c243aaf5381b93264e08
# end=init
# utc_time=2015-12-23 06:41:20
# local_time=2015-12-23 07:41:20 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# osver=6.2.9200 NT
Update Init
Update Download
Update Finalize
Updated modules version: 27327
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# EOSSerial=eb7ff69065a4c243aaf5381b93264e08
# end=updated
# utc_time=2015-12-23 06:41:49
# local_time=2015-12-23 07:41:49 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# osver=6.2.9200 NT
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7777
# api_version=3.1.1
# EOSSerial=eb7ff69065a4c243aaf5381b93264e08
# engine=27327
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2015-12-23 10:19:51
# local_time=2015-12-23 11:19:51 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1031
# osver=6.2.9200 NT
# compatibility_mode_1=''
# compatibility_mode=5893 16776573 100 94 65640 14340003 0 0
# scanned=753786
# found=31
# cleaned=0
# scan_time=13082
sh=8B2D47430C9FD3F74947798E27795D62B6E6A2D2 ft=1 fh=7c25938210c7dad1 vn="Variante von Win32/Adware.ConvertAd.AEL Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\03000200-1450173802-0500-0006-000700080009\rnse2F2B.exe.vir"
sh=099B373E85EBF932283A50E8C646308D062A74ED ft=1 fh=69a5a546e2ddf66b vn="Win32/Adware.ConvertAd.AEP Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\03000200-1450173802-0500-0006-000700080009\Uninstall.exe.vir"
sh=8D92C8072C6A4C670D953D74FD7456C16D3DC3F6 ft=1 fh=8ee61ef52a422d8a vn="Variante von Win32/Adware.Coupons.AA Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Coupons\uninstall.exe.vir"
sh=96C0C8FA2B59DEF911E3C5E4845955478BBC9C50 ft=1 fh=70b69c28e7f6585c vn="Variante von Win32/Packed.Komodia.E verdächtige Datei" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\QuickSearch\AZDLL.dll.vir"
sh=9AADD3E826818FB0C9C5CCBA6D82AD31DBAF3720 ft=1 fh=a26ce6deec6c8691 vn="Variante von Win64/Packed.Komodia.F verdächtige Datei" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\QuickSearch\AZDLL64.dll.vir"
sh=E7F3436241D282B508DC11A6AB86CD5A5D8AC2C3 ft=1 fh=31c116d8fb6527c0 vn="Variante von Win64/Packed.Komodia.D verdächtige Datei" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\QuickSearch\AZDLL64.exe.vir"
sh=0CEDF45C3F5B1E824B405D43EA9732D6D4886F18 ft=1 fh=72a04e2614ea61e4 vn="Mehrere Bedrohungen" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\QuickSearch\setupfa_1123.exe.vir"
sh=91A7ED671D6E759290CCB3FD935C9C92BE8E144C ft=1 fh=c933aebbd376884b vn="Variante von Win32/Packed.Komodia.E verdächtige Datei" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\QuickSearch\zcenginecert.dll.vir"
sh=0113E5BFA2456495AA6C62475BDBB200AAC3F65A ft=1 fh=4f5468d640ecf4f1 vn="Variante von Win64/Packed.Komodia.D verdächtige Datei" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\QuickSearch\zengine64.exe.vir"
sh=16E2E4E68F197DF16CBB4A3C15337F000573B115 ft=0 fh=0000000000000000 vn="Variante von Android/Exploit.Lotoor.EW Trojaner" ac=I fn="C:\Flashtool\custom\root\run_root_shell\run_root_shell"
sh=74FACDDF0E4BDB1BDDD53B66488B29C568EF836A ft=0 fh=0000000000000000 vn="Android/Exploit.Lotoor.EP Trojaner" ac=I fn="C:\MtkDroidTools\files\pwn"
sh=3E219BC7B689208301845C582162208DDBD1A3B7 ft=0 fh=0000000000000000 vn="Android/Exploit.Lotoor.DH Trojaner" ac=I fn="C:\MtkDroidTools\files\zR"
sh=74FACDDF0E4BDB1BDDD53B66488B29C568EF836A ft=0 fh=0000000000000000 vn="Android/Exploit.Lotoor.EP Trojaner" ac=I fn="C:\Poker\files\pwn"
sh=3E219BC7B689208301845C582162208DDBD1A3B7 ft=0 fh=0000000000000000 vn="Android/Exploit.Lotoor.DH Trojaner" ac=I fn="C:\Poker\files\zR"
sh=74FACDDF0E4BDB1BDDD53B66488B29C568EF836A ft=0 fh=0000000000000000 vn="Android/Exploit.Lotoor.EP Trojaner" ac=I fn="C:\Poker\MtkDroidTools\files\pwn"
sh=3E219BC7B689208301845C582162208DDBD1A3B7 ft=0 fh=0000000000000000 vn="Android/Exploit.Lotoor.DH Trojaner" ac=I fn="C:\Poker\MtkDroidTools\files\zR"
sh=98BB61409B2A3729A81A418627847CA34750CDA1 ft=1 fh=c4a70072425fc364 vn="Variante von Win32/Adware.Coupons.AA Anwendung" ac=I fn="C:\Program Files (x86)\Google\Chrome\Application\plugins\npMozCouponPrinter.dll"
sh=98BB61409B2A3729A81A418627847CA34750CDA1 ft=1 fh=c4a70072425fc364 vn="Variante von Win32/Adware.Coupons.AA Anwendung" ac=I fn="C:\Program Files (x86)\Mozilla Firefox\browser\plugins\npMozCouponPrinter.dll"
sh=52DF752F17C4ADDD949469C5142041A96E5B5BE3 ft=0 fh=0000000000000000 vn="Variante von Android/Exploit.Lotoor.EW Trojaner" ac=I fn="C:\rooten\files\run_root_shell"
sh=2702A910AE0CE7F23568FB678D73A5FE91E159D2 ft=1 fh=3c9335911940df13 vn="Win32/Somoto.G evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Default\File System\005\t\00\00000000"
sh=C80717236B7C20671EAE67C1D622AB8053C595EE ft=1 fh=88d434eed201afcf vn="Win32/Somoto.G evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Default\File System\005\t\00\00000001"
sh=74FACDDF0E4BDB1BDDD53B66488B29C568EF836A ft=0 fh=0000000000000000 vn="Android/Exploit.Lotoor.EP Trojaner" ac=I fn="C:\Users\Daniel\AppData\Local\Skype\MtkDroidTools\files\pwn"
sh=CF5D65078EBC5E303843D37C1B49A4842CCAA6F8 ft=1 fh=88e77bea98981ff2 vn="Variante von Win32/DownloadSponsor.C evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Daniel\Downloads\ALNO_KPLSetup14a - CHIP-Installer.exe"
sh=297CC52598F94D3E4B110EB5267696842DDEF30A ft=1 fh=0dc4742c19b0f665 vn="Variante von Win32/Adware.Coupons.AA Anwendung" ac=I fn="C:\Users\Daniel\Downloads\CouponPrinter.exe"
sh=BE50478C5560ADEC236C14984D885E2221970E7B ft=0 fh=0000000000000000 vn="Variante von Android/Exploit.Lotoor.EW Trojaner" ac=I fn="C:\Users\Daniel\Downloads\DooMLoRD_Easy-Rooting-Toolkit_v19a_perf-event-exploit.zip"
sh=EE72A87BCF456F46BD376EF2060159DC38F90093 ft=1 fh=fd655e07d8cf3557 vn="Variante von Win32/InstallCore.ADX.gen evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Daniel\Downloads\ipadian.exe"
sh=C63E2FCF9DC6AB0EAAA67FA307C60FCC97E88CDA ft=1 fh=0c44a5bf20b49c22 vn="Variante von Win32/OutBrowse.CB evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Daniel\Downloads\setup.exe"
sh=7409EB1DEB8CFD42D98587492C38BEB47E805B68 ft=0 fh=0000000000000000 vn="Variante von Android/Exploit.Towel.A Trojaner" ac=I fn="C:\Users\Daniel\Downloads\tr.apk"
sh=9E48452F0BEB077875ECD5E625D888D9DBCB1B6E ft=1 fh=efa5a4c56e1322a3 vn="Variante von Win32/Adware.Coupons.AA Anwendung" ac=I fn="C:\Windows\CouponPrinter.ocx"
sh=AA0CDB3E32CF279719D0325A92B04214C48A447C ft=0 fh=0000000000000000 vn="LNK/Agent.CH Trojaner" ac=I fn="D:\sicherung\Dale Carnegie - Besser miteinander reden\Kostenloser Usenet Zugang.url"
sh=4E4B2F16C43FCFBFE3210DEBC006E0B45C6DE9DA ft=1 fh=ad40834f0d83a4c3 vn="Variante von Win32/Bundlore.B evtl. unerwünschte Anwendung" ac=I fn="D:\unsortiert\setup.exe"
FRST Logfile: Code:
ATTFilter Untersuchungsergebnis von Farbar Recovery Scan Tool (FRST) (x64) Version:20-12-2015 durchgeführt von Daniel (Administrator) auf GLOBALITY (23-12-2015 13:29:12) Gestartet von C:\Users\Daniel\Desktop Geladene Profile: Daniel & postgres (Verfügbare Profile: Daniel & postgres & Gl0ba_000) Platform: Windows 10 Pro (X64) Sprache: Deutsch (Deutschland) Internet Explorer Version 11 (Standard-Browser: "C:\Program Files (x86)\Sirrix AG\BitBox\bin\BitBoxClient.exe" start "%1") Start-Modus: Normal Anleitung für Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Prozesse (Nicht auf der Ausnahmeliste) ================= (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Prozess geschlossen. Die Datei wird nicht verschoben.) (AMD) C:\Windows\System32\atiesrxx.exe (AMD) C:\Windows\System32\atieclxx.exe (BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe (Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe (Sirrix AG) C:\Program Files (x86)\Sirrix AG\BitBox\bin\BitBoxService.exe (BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-UpdaterService.exe (Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe (devolo AG) C:\Program Files (x86)\devolo\dlan\devolonetsvc.exe (IObit) C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe (Malwarebytes) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe (Malwarebytes) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe (Star Finanz-Software Entwicklung und Vertriebs GmbH) C:\Program Files (x86)\StarMoney 9.0\ouservice\StarMoneyOnlineUpdate.exe (PacketVideo) C:\Program Files (x86)\Twonky\TwonkyServer\twonkystarter.exe () C:\Program Files (x86)\Twonky\TwonkyServer\twonkyproxy.exe (Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe (PostgreSQL Global Development Group) C:\postgreSQL\bin\pg_ctl.exe () C:\Program Files (x86)\Twonky\TwonkyServer\twonkyserver.exe (PostgreSQL Global Development Group) C:\postgreSQL\bin\postgres.exe (PostgreSQL Global Development Group) C:\postgreSQL\bin\postgres.exe (PostgreSQL Global Development Group) C:\postgreSQL\bin\postgres.exe (PostgreSQL Global Development Group) C:\postgreSQL\bin\postgres.exe (PostgreSQL Global Development Group) C:\postgreSQL\bin\postgres.exe (Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe (Malwarebytes) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Sony) C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe () C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanionInfo.exe (LINE Corporation) C:\Program Files (x86)\Naver\LINE\Line.exe (Internet Monitor) C:\Users\Daniel\AppData\Roaming\BandwidthStat\bandwidthstat.exe (Elaborate Bytes AG) C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe (PacketVideo) C:\Program Files (x86)\Twonky\TwonkyServer\twonkytray.exe (Geek Software GmbH) C:\Program Files (x86)\PDF24\pdf24.exe (Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe () C:\Program Files\Rainmeter\Rainmeter.exe (BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-Agent.exe (Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe (Microsoft Corporation) C:\Windows\System32\InstallAgent.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe ==================== Registry (Nicht auf der Ausnahmeliste) =========================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt. Die Datei wird nicht verschoben.) HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13885696 2015-06-24] (Realtek Semiconductor) HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [508240 2015-08-05] (Adobe Systems Incorporated) HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [767176 2015-11-04] (Advanced Micro Devices, Inc.) HKLM-x32\...\Run: [VirtualCloneDrive] => C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe [88984 2013-03-10] (Elaborate Bytes AG) HKLM-x32\...\Run: [PDFPrint] => C:\Program Files (x86)\PDF24\pdf24.exe [191016 2014-05-14] (Geek Software GmbH) HKLM-x32\...\Run: [SwitchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) HKLM-x32\...\Run: [AdobeCS6ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [1073312 2012-03-09] (Adobe Systems Incorporated) HKLM-x32\...\Run: [Andy] => C:\Program Files\Andy\HandyAndy.exe HKLM-x32\...\Run: [BlueStacks Agent] => C:\Program Files (x86)\BlueStacks\HD-Agent.exe [883280 2015-12-10] (BlueStack Systems, Inc.) HKU\S-1-5-21-2676936528-1030403693-891089861-1001\...\Run: [Sony PC Companion] => C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe [457088 2015-09-23] (Sony) HKU\S-1-5-21-2676936528-1030403693-891089861-1001\...\Run: [Line] => C:\Program Files (x86)\Naver\LINE\Line.exe [15664152 2015-08-18] (LINE Corporation) HKU\S-1-5-21-2676936528-1030403693-891089861-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [50755200 2015-12-08] (Skype Technologies S.A.) HKU\S-1-5-21-2676936528-1030403693-891089861-1001\...\Run: [BandwidthStat] => C:\Users\Daniel\AppData\Roaming\BandwidthStat\bandwidthstat.exe [569344 2015-12-15] (Internet Monitor) HKU\S-1-5-21-2676936528-1030403693-891089861-1006\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [50755200 2015-12-08] (Skype Technologies S.A.) HKU\S-1-5-21-2676936528-1030403693-891089861-1006\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [517632 2015-07-10] (Microsoft Corporation) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Twonky Server.lnk [2015-12-15] ShortcutTarget: Twonky Server.lnk -> C:\Program Files (x86)\Twonky\TwonkyServer\twonkytray.exe (PacketVideo) Startup: C:\Users\Daniel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\An OneNote senden.lnk [2015-12-15] ShortcutTarget: An OneNote senden.lnk -> C:\Program Files\Microsoft Office\Office15\ONENOTEM.EXE (Microsoft Corporation) Startup: C:\Users\Daniel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Rainmeter.lnk [2015-12-15] ShortcutTarget: Rainmeter.lnk -> C:\Program Files\Rainmeter\Rainmeter.exe () ==================== Internet (Nicht auf der Ausnahmeliste) ==================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Eintrag entfernt oder auf den Standardwert zurückgesetzt, wenn es sich um einen Registryeintrag handelt.) Tcpip\Parameters: [DhcpNameServer] 192.168.2.1 Tcpip\..\Interfaces\{c3d2b33a-5f1a-4bce-8c16-a5ea94bc6a72}: [DhcpNameServer] 192.168.2.1 Internet Explorer: ================== HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank HKU\S-1-5-21-2676936528-1030403693-891089861-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://t.de.msn.com/ HKU\S-1-5-21-2676936528-1030403693-891089861-1006\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank HKU\S-1-5-21-2676936528-1030403693-891089861-1006\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://t.de.msn.com/ BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll [2015-11-18] (Microsoft Corporation) BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_25\bin\ssv.dll [2014-12-24] (Oracle Corporation) BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL [2015-11-10] (Microsoft Corporation) BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_25\bin\jp2ssv.dll [2014-12-24] (Oracle Corporation) BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll [2015-11-18] (Microsoft Corporation) BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll [2015-05-09] (Oracle Corporation) BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL [2015-11-10] (Microsoft Corporation) BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [2015-05-09] (Oracle Corporation) Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL [2014-03-12] (Microsoft Corporation) Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2014-05-02] (Skype Technologies) FireFox: ======== FF ProfilePath: C:\Users\Daniel\AppData\Roaming\Mozilla\Firefox\Profiles\v7rfplju.default FF NewTab: about:newtab FF Keyword.URL: FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_20_0_0_235.dll [2015-12-12] () FF Plugin: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll [2014-12-24] (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files\Java\jre1.8.0_25\bin\plugin2\npjp2.dll [2014-12-24] (Oracle Corporation) FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.41105.0\npctrl.dll [2015-11-04] ( Microsoft Corporation) FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~1\Office15\NPSPWRAP.DLL [2014-01-23] (Microsoft Corporation) FF Plugin: @videolan.org/vlc,version=2.1.4 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2014-02-28] (VideoLAN) FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [Keine Datei] FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_20_0_0_235.dll [2015-12-12] () FF Plugin-x32: @java.com/DTPlugin,version=10.51.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll [2015-05-09] (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=10.51.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll [2015-05-09] (Oracle Corporation) FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2015-03-31] (Microsoft Corporation) FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.41105.0\npctrl.dll [2015-11-04] ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL [2014-01-22] (Microsoft Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-06] (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-06] (Google Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll [2015-03-31] (Microsoft Corporation) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\browser\plugins\npMozCouponPrinter.dll [2014-10-02] (Coupons, Inc.) FF Extension: Flash and Video Download - C:\Users\Daniel\AppData\Roaming\Mozilla\Firefox\Profiles\v7rfplju.default\extensions\{bee6eb20-01e0-ebd1-da83-080329fb9a3a} [2015-12-12] FF Extension: Flash Video Downloader - YouTube HD Download [4K] - C:\Users\Daniel\AppData\Roaming\Mozilla\Firefox\Profiles\v7rfplju.default\extensions\artur.dubovoy@gmail.com [2015-12-12] FF Extension: FireFTP - C:\Users\Daniel\AppData\Roaming\Mozilla\Firefox\Profiles\v7rfplju.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f} [2015-12-12] Chrome: ======= CHR HomePage: Default -> hxxp://www.google.de/ CHR Profile: C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Default CHR Extension: (Google*Übersetzer) - C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapbdbdomjkkjkaonfhkkikfgjllcleb [2015-11-17] CHR Extension: (Google Docs) - C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-02-04] CHR Extension: (Google Drive) - C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-25] CHR Extension: (YouTube) - C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-25] CHR Extension: (Google-Suche) - C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-30] CHR Extension: (FTP Free) - C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Default\Extensions\ehdgcfaoankkonoiichmblcfijkomfbn [2014-09-27] CHR Extension: (Video Downloader professional) - C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Default\Extensions\elicpjhcidhpjomhibiffojpinpmmpil [2015-12-22] CHR Extension: (ZenMate Security, Privacy & Unblock VPN) - C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Default\Extensions\fdcgdnkidjaadafnichfpabhfomcebme [2015-11-16] CHR Extension: (Google Docs Offline) - C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-11-17] CHR Extension: (qipu Cashbackmelder open beta) - C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Default\Extensions\mloigoojndlehdjiemdfpiikieonngel [2015-01-16] CHR Extension: (Codeanywhere) - C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndcfkjjcjfpmmhdedhnbkknbehiadgjg [2014-05-13] CHR Extension: (Chrome Web Store-Zahlungen) - C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-08-01] CHR Extension: (Google Mail) - C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-28] ==================== Dienste (Nicht auf der Ausnahmeliste) ======================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.) R2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2016448 2015-11-25] (Adobe Systems, Incorporated) R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [344064 2015-07-15] (Advanced Micro Devices, Inc.) [Datei ist nicht signiert] R2 BitBoxService; C:\Program Files (x86)\Sirrix AG\BitBox\bin\BitBoxService.exe [738304 2015-11-13] (Sirrix AG) [Datei ist nicht signiert] S3 BstHdAndroidSvc; C:\Program Files (x86)\BlueStacks\HD-Service.exe [432720 2015-12-10] (BlueStack Systems, Inc.) R2 BstHdLogRotatorSvc; C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe [412240 2015-12-10] (BlueStack Systems, Inc.) R2 BstHdUpdaterSvc; C:\Program Files (x86)\BlueStacks\HD-UpdaterService.exe [854608 2015-12-10] (BlueStack Systems, Inc.) R2 DevoloNetworkService; C:\Program Files (x86)\devolo\dlan\devolonetsvc.exe [3645432 2014-07-18] (devolo AG) R2 LiveUpdateSvc; C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe [2934048 2015-11-10] (IObit) R2 MBAMScheduler; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe [1513784 2015-10-05] (Malwarebytes) R2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [1135416 2015-10-05] (Malwarebytes) R2 postgresql-8.4; c:\postgreSQL\bin\pg_ctl.exe [66048 2014-02-18] (PostgreSQL Global Development Group) [Datei ist nicht signiert] R2 StarMoney 9.0 OnlineUpdate; C:\Program Files (x86)\StarMoney 9.0\ouservice\StarMoneyOnlineUpdate.exe [697488 2014-07-04] (Star Finanz-Software Entwicklung und Vertriebs GmbH) S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [Datei ist nicht signiert] R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [5426448 2014-12-15] (TeamViewer GmbH) R2 TwonkyProxy; C:\Program Files (x86)\Twonky\TwonkyServer\twonkyproxy.exe [885576 2013-05-23] () R2 TwonkyServer; C:\Program Files (x86)\Twonky\TwonkyServer\twonkystarter.exe [586568 2013-05-23] (PacketVideo) R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [362928 2015-07-10] (Microsoft Corporation) R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2015-07-10] (Microsoft Corporation) ===================== Treiber (Nicht auf der Ausnahmeliste) ========================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.) S0 amdkmafd; C:\Windows\System32\drivers\amdkmafd.sys [21160 2012-09-23] (Advanced Micro Devices, Inc.) R2 AODDriver4.2.0; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [59616 2014-02-11] (Advanced Micro Devices) R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdWT6.sys [102912 2015-05-28] (Advanced Micro Devices) R2 BstHdDrv; C:\Program Files (x86)\BlueStacks\HD-Hypervisor-amd64.sys [146040 2015-12-10] (BlueStack Systems) R1 HWiNFO32; C:\WINDOWS\SysWOW64\drivers\HWiNFO64A.SYS [26528 2015-12-15] (REALiX(tm)) R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25816 2015-10-05] (Malwarebytes) R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [192216 2015-12-23] (Malwarebytes) R3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [64216 2015-10-05] (Malwarebytes Corporation) R2 NPF_devolo; C:\Windows\sysWOW64\drivers\npf_devolo.sys [34048 2013-03-04] (CACE Technologies) R3 rt640x64; C:\Windows\System32\drivers\rt640x64.sys [587264 2015-07-10] (Realtek ) S3 UdeCx; C:\Windows\System32\drivers\udecx.sys [44032 2015-07-10] () R1 VBoxNetLwf; C:\Windows\system32\DRIVERS\VBoxNetLwf.sys [194816 2015-11-11] (Oracle Corporation) S0 WdBoot; C:\Windows\System32\drivers\WdBoot.sys [44568 2015-07-10] (Microsoft Corporation) R0 WdFilter; C:\Windows\System32\drivers\WdFilter.sys [291680 2015-07-10] (Microsoft Corporation) R2 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [119648 2015-07-10] (Microsoft Corporation) S3 VBoxNetFlt; \SystemRoot\system32\DRIVERS\VBoxNetFlt.sys [X] S3 wfpcapture; \SystemRoot\System32\drivers\wfpcapture.sys [X] ==================== NetSvcs (Nicht auf der Ausnahmeliste) =================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.) ==================== Ein Monat: Erstellte Dateien und Ordner ======== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.) 2015-12-23 13:24 - 2015-12-23 13:24 - 00016148 _____ C:\WINDOWS\system32\GLOBALITY_Daniel_HistoryPrediction.bin 2015-12-23 07:39 - 2015-12-23 07:39 - 00280168 _____ C:\WINDOWS\Minidump\122315-10015-01.dmp 2015-12-22 19:29 - 2015-12-22 19:29 - 02870984 _____ (ESET) C:\Users\Daniel\Downloads\esetsmartinstaller_deu.exe 2015-12-22 19:23 - 2015-12-22 19:25 - 00001115 _____ C:\Users\Daniel\Desktop\Fixlog.txt 2015-12-22 18:45 - 2015-12-23 07:41 - 00003808 _____ C:\WINDOWS\System32\Tasks\AutoKMS 2015-12-22 18:36 - 2015-12-22 18:43 - 00000000 ____D C:\AdwCleaner 2015-12-22 18:32 - 2015-12-22 18:32 - 01743360 _____ C:\Users\Daniel\Desktop\AdwCleaner_5.026.exe 2015-12-22 18:22 - 2015-12-22 18:23 - 00050521 _____ C:\Users\Daniel\Desktop\Addition.txt 2015-12-22 18:21 - 2015-12-23 13:29 - 00019946 _____ C:\Users\Daniel\Desktop\FRST.txt 2015-12-22 18:15 - 2015-12-22 18:15 - 06708416 _____ (Adobe System Incorporated.) C:\Users\Daniel\Downloads\AdobeCreativeCloudCleanerTool.exe 2015-12-22 12:01 - 2015-12-22 12:01 - 00007493 _____ C:\Users\Daniel\Desktop\Malwarebyte.txt 2015-12-22 11:49 - 2015-12-22 11:50 - 00000532 _____ C:\Users\Daniel\Desktop\Neues Textdokument.txt 2015-12-22 11:37 - 2015-12-23 13:29 - 00000000 ____D C:\FRST 2015-12-22 11:36 - 2015-12-22 11:37 - 02370560 _____ (Farbar) C:\Users\Daniel\Desktop\FRST64.exe 2015-12-21 14:28 - 2015-12-21 14:28 - 00514327 _____ C:\Users\Daniel\Desktop\20151221.pdf 2015-12-21 14:24 - 2015-12-21 14:24 - 00000000 ____D C:\ProgramData\ATI 2015-12-21 11:16 - 2015-12-21 11:16 - 00036520 _____ C:\Users\Daniel\Documents\arena.mrf 2015-12-21 10:28 - 2015-12-21 10:28 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD Catalyst Control Center 2015-12-21 10:26 - 2015-12-21 10:27 - 00000000 ____D C:\WINDOWS\LastGood.Tmp 2015-12-21 10:25 - 2015-12-21 10:25 - 47794160 _____ (Advanced Micro Devices Inc.) C:\WINDOWS\system32\amdocl64.dll 2015-12-21 10:25 - 2015-12-21 10:25 - 39720944 _____ (Advanced Micro Devices Inc.) C:\WINDOWS\SysWOW64\amdocl.dll 2015-12-21 10:25 - 2015-12-21 10:25 - 30775792 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\system32\atio6axx.dll 2015-12-21 10:25 - 2015-12-21 10:25 - 27544560 _____ (Advanced Micro Devices Inc.) C:\WINDOWS\system32\amdocl12cl64.dll 2015-12-21 10:25 - 2015-12-21 10:25 - 25320432 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\SysWOW64\atioglxx.dll 2015-12-21 10:25 - 2015-12-21 10:25 - 22327280 _____ (Advanced Micro Devices Inc.) C:\WINDOWS\SysWOW64\amdocl12cl.dll 2015-12-21 10:25 - 2015-12-21 10:25 - 15725552 _____ (Advanced Micro Devices Inc.) C:\WINDOWS\system32\aticaldd64.dll 2015-12-21 10:25 - 2015-12-21 10:25 - 14310896 _____ (Advanced Micro Devices Inc.) C:\WINDOWS\SysWOW64\aticaldd.dll 2015-12-21 10:25 - 2015-12-21 10:25 - 09355016 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\amdxc64.dll 2015-12-21 10:25 - 2015-12-21 10:25 - 08982432 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\atiumd6a.dll 2015-12-21 10:25 - 2015-12-21 10:25 - 08864920 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\atiumd64.dll 2015-12-21 10:25 - 2015-12-21 10:25 - 07683096 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\amdxc32.dll 2015-12-21 10:25 - 2015-12-21 10:25 - 06686192 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\amdmantle64.dll 2015-12-21 10:25 - 2015-12-21 10:25 - 05216240 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\amdmantle32.dll 2015-12-21 10:25 - 2015-12-21 10:25 - 03471376 _____ C:\WINDOWS\SysWOW64\atiumdva.cap 2015-12-21 10:25 - 2015-12-21 10:25 - 03437632 _____ C:\WINDOWS\system32\atiumd6a.cap 2015-12-21 10:25 - 2015-12-21 10:25 - 01256432 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\system32\atiadlxx.dll 2015-12-21 10:25 - 2015-12-21 10:25 - 01196032 _____ C:\WINDOWS\system32\amdocl_as64.exe 2015-12-21 10:25 - 2015-12-21 10:25 - 01070592 _____ C:\WINDOWS\system32\amdocl_ld64.exe 2015-12-21 10:25 - 2015-12-21 10:25 - 01004032 _____ C:\WINDOWS\SysWOW64\amdocl_as32.exe 2015-12-21 10:25 - 2015-12-21 10:25 - 00935408 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\SysWOW64\atiadlxy.dll 2015-12-21 10:25 - 2015-12-21 10:25 - 00935408 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\SysWOW64\atiadlxx.dll 2015-12-21 10:25 - 2015-12-21 10:25 - 00807424 _____ C:\WINDOWS\SysWOW64\amdocl_ld32.exe 2015-12-21 10:25 - 2015-12-21 10:25 - 00662400 _____ C:\WINDOWS\SysWOW64\atiapfxx.blb 2015-12-21 10:25 - 2015-12-21 10:25 - 00662400 _____ C:\WINDOWS\system32\atiapfxx.blb 2015-12-21 10:25 - 2015-12-21 10:25 - 00631792 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\system32\amdlvr64.dll 2015-12-21 10:25 - 2015-12-21 10:25 - 00524272 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\SysWOW64\amdlvr32.dll 2015-12-21 10:25 - 2015-12-21 10:25 - 00471320 _____ C:\WINDOWS\system32\amdmiracast.dll 2015-12-21 10:25 - 2015-12-21 10:25 - 00451056 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\system32\atidemgy.dll 2015-12-21 10:25 - 2015-12-21 10:25 - 00375792 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\system32\atiapfxx.exe 2015-12-21 10:25 - 2015-12-21 10:25 - 00341488 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\system32\ATIODE.exe 2015-12-21 10:25 - 2015-12-21 10:25 - 00243696 _____ C:\WINDOWS\system32\clinfo.exe 2015-12-21 10:25 - 2015-12-21 10:25 - 00213488 _____ C:\WINDOWS\system32\amdgfxinfo64.dll 2015-12-21 10:25 - 2015-12-21 10:25 - 00199664 _____ (AMD) C:\WINDOWS\system32\atitmm64.dll 2015-12-21 10:25 - 2015-12-21 10:25 - 00198640 _____ C:\WINDOWS\SysWOW64\amdgfxinfo32.dll 2015-12-21 10:25 - 2015-12-21 10:25 - 00168944 _____ C:\WINDOWS\system32\atieah64.exe 2015-12-21 10:25 - 2015-12-21 10:25 - 00165360 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\atig6txx.dll 2015-12-21 10:25 - 2015-12-21 10:25 - 00152560 _____ C:\WINDOWS\SysWOW64\atieah32.exe 2015-12-21 10:25 - 2015-12-21 10:25 - 00151936 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\system32\amdhcp64.dll 2015-12-21 10:25 - 2015-12-21 10:25 - 00150512 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\atigktxx.dll 2015-12-21 10:25 - 2015-12-21 10:25 - 00143344 _____ C:\WINDOWS\system32\amdhdl64.dll 2015-12-21 10:25 - 2015-12-21 10:25 - 00138384 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\SysWOW64\amdhcp32.dll 2015-12-21 10:25 - 2015-12-21 10:25 - 00136176 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\mantle64.dll 2015-12-21 10:25 - 2015-12-21 10:25 - 00132080 _____ C:\WINDOWS\SysWOW64\amdhdl32.dll 2015-12-21 10:25 - 2015-12-21 10:25 - 00130064 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\atiu9p64.dll 2015-12-21 10:25 - 2015-12-21 10:25 - 00122352 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\mantle32.dll 2015-12-21 10:25 - 2015-12-21 10:25 - 00117600 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\amdave64.dll 2015-12-21 10:25 - 2015-12-21 10:25 - 00111600 _____ C:\WINDOWS\system32\hsa-thunk64.dll 2015-12-21 10:25 - 2015-12-21 10:25 - 00111088 _____ C:\WINDOWS\SysWOW64\hsa-thunk.dll 2015-12-21 10:25 - 2015-12-21 10:25 - 00110320 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\amdave32.dll 2015-12-21 10:25 - 2015-12-21 10:25 - 00103408 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\mantleaxl64.dll 2015-12-21 10:25 - 2015-12-21 10:25 - 00097776 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\atisamu64.dll 2015-12-21 10:25 - 2015-12-21 10:25 - 00096752 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\mantleaxl32.dll 2015-12-21 10:25 - 2015-12-21 10:25 - 00089584 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\atisamu32.dll 2015-12-21 10:25 - 2015-12-21 10:25 - 00088000 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\atimpc64.dll 2015-12-21 10:25 - 2015-12-21 10:25 - 00088000 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\amdpcom64.dll 2015-12-21 10:25 - 2015-12-21 10:25 - 00083952 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\atig6pxx.dll 2015-12-21 10:25 - 2015-12-21 10:25 - 00081160 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\atimpc32.dll 2015-12-21 10:25 - 2015-12-21 10:25 - 00081160 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\amdpcom32.dll 2015-12-21 10:25 - 2015-12-21 10:25 - 00078320 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\atiglpxx.dll 2015-12-21 10:25 - 2015-12-21 10:25 - 00078320 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\atiglpxx.dll 2015-12-21 10:25 - 2015-12-21 10:25 - 00073712 _____ (Khronos Group) C:\WINDOWS\system32\OpenCL.dll 2015-12-21 10:25 - 2015-12-21 10:25 - 00071152 _____ (Advanced Micro Devices Inc.) C:\WINDOWS\system32\aticalrt64.dll 2015-12-21 10:25 - 2015-12-21 10:25 - 00068080 _____ (Khronos Group) C:\WINDOWS\SysWOW64\OpenCL.dll 2015-12-21 10:25 - 2015-12-21 10:25 - 00064496 _____ (Advanced Micro Devices Inc.) C:\WINDOWS\system32\aticalcl64.dll 2015-12-21 10:25 - 2015-12-21 10:25 - 00060912 _____ (Advanced Micro Devices Inc.) C:\WINDOWS\SysWOW64\aticalrt.dll 2015-12-21 10:25 - 2015-12-21 10:25 - 00059888 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\system32\ATIODCLI.exe 2015-12-21 10:25 - 2015-12-21 10:25 - 00059376 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\amdmmcl6.dll 2015-12-21 10:25 - 2015-12-21 10:25 - 00057840 _____ (Advanced Micro Devices Inc.) C:\WINDOWS\SysWOW64\aticalcl.dll 2015-12-21 10:25 - 2015-12-21 10:25 - 00052208 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\system32\Drivers\ati2erec.dll 2015-12-21 10:25 - 2015-12-21 10:25 - 00048112 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\amdmmcl.dll 2015-12-21 10:25 - 2015-12-21 10:25 - 00038384 _____ (AMD) C:\WINDOWS\system32\atimuixx.dll 2015-12-21 10:25 - 2015-12-21 10:25 - 00012784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\detoured.dll 2015-12-21 10:25 - 2015-12-21 10:25 - 00012784 _____ (Microsoft Corporation) C:\WINDOWS\system32\detoured.dll 2015-12-20 20:56 - 2015-12-20 20:56 - 00478062 _____ C:\Users\Daniel\Desktop\20151220.pdf 2015-12-20 17:19 - 2015-12-22 11:07 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox 2015-12-20 13:28 - 2015-12-21 14:29 - 00283623 _____ C:\Users\Daniel\Desktop\Dienstplan_TV_Cannstatt.xlsm 2015-12-20 10:36 - 2015-12-20 10:36 - 00255478 _____ C:\Users\Daniel\Downloads\Dienstplan_Änderung2_NEU (1).xlsm 2015-12-20 10:36 - 2015-12-20 10:36 - 00255478 _____ C:\Users\Daniel\Desktop\Dienstplan_Änderung2_NEU (1).xlsm 2015-12-18 10:57 - 2015-12-18 11:03 - 606692048 _____ (Sirrix AG) C:\Users\Daniel\Downloads\Browser_In_The_Box.4.1.4-r150.chrome.Archive.exe 2015-12-18 10:41 - 2015-12-19 19:28 - 00000222 _____ C:\Users\Daniel\Desktop\nicht angreiffen.txt 2015-12-18 10:36 - 2015-12-18 10:36 - 00617444 _____ C:\Users\Daniel\Downloads\Browser-in-the-Box_Benutzerhandbuch.pdf 2015-12-16 15:10 - 2015-12-16 15:10 - 00025360 _____ C:\Users\Daniel\Documents\far-Flung Prairie.mrf 2015-12-15 21:23 - 2015-12-15 21:23 - 00034360 _____ C:\Users\Daniel\Documents\nightfall swamp.mrf 2015-12-15 18:10 - 2015-12-15 18:11 - 21852240 _____ C:\Users\Daniel\Downloads\Smoothies.rar 2015-12-15 17:33 - 2015-12-15 17:33 - 00280112 _____ C:\WINDOWS\Minidump\121515-9359-01.dmp 2015-12-15 15:47 - 2015-12-15 15:47 - 00006660 _____ C:\Users\Daniel\Downloads\Rechnung Nr. 15005998.pdf 2015-12-15 13:56 - 2015-12-15 13:56 - 00023026 _____ C:\Users\Daniel\Downloads\Vodafone-Internet--Telefon-Kuendigung (1) (1).pdf 2015-12-15 13:53 - 2015-12-15 13:53 - 00023026 _____ C:\Users\Daniel\Downloads\Vodafone-Internet--Telefon-Kuendigung (1).pdf 2015-12-15 13:52 - 2015-12-15 13:53 - 00023026 _____ C:\Users\Daniel\Downloads\Vodafone-Internet--Telefon-Kuendigung.pdf 2015-12-15 13:36 - 2015-12-15 13:36 - 00000000 ____D C:\Users\Daniel\AppData\Roaming\Sirrix AG 2015-12-15 13:35 - 2015-12-15 13:35 - 00211398 _____ C:\Users\Daniel\Desktop\kündigung strom.pdf 2015-12-15 13:26 - 2015-12-18 11:04 - 00001332 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Browser in the Box.lnk 2015-12-15 13:26 - 2015-12-18 11:04 - 00001320 _____ C:\Users\Public\Desktop\Browser in the Box.lnk 2015-12-15 13:26 - 2015-12-15 13:26 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Browser in the Box 2015-12-15 13:25 - 2015-12-15 13:25 - 00000000 ____D C:\ProgramData\Sirrix AG 2015-12-15 13:25 - 2015-12-15 13:25 - 00000000 ____D C:\Program Files (x86)\Sirrix AG 2015-12-15 13:21 - 2015-12-15 13:21 - 00000000 ____D C:\Program Files\Oracle 2015-12-15 13:14 - 2015-12-15 13:19 - 565717248 _____ (Sirrix AG) C:\Users\Daniel\Downloads\Browser_In_The_Box.4.1.4-r150.firefox.Archive.exe 2015-12-15 13:12 - 2015-12-17 19:43 - 00002252 _____ C:\Users\Public\Desktop\Google Chrome.lnk 2015-12-15 13:11 - 2015-12-15 13:11 - 00927824 _____ (Google Inc.) C:\Users\Daniel\Downloads\ChromeSetup (1).exe 2015-12-15 12:47 - 2015-12-15 12:47 - 00436869 _____ C:\Users\Daniel\Downloads\Kündigung-strom-umzug-form (1).pdf 2015-12-15 12:44 - 2015-12-15 12:45 - 00436869 _____ C:\Users\Daniel\Downloads\Kündigung-strom-umzug-form.pdf 2015-12-15 12:28 - 2015-12-15 12:36 - 24149323 _____ C:\Users\Daniel\Downloads\Malwarebytes Anti-Malware Premium 2.2.0.1024.rar 2015-12-15 12:21 - 2015-12-23 12:14 - 00192216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys 2015-12-15 12:20 - 2015-12-15 13:10 - 00001165 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2015-12-15 12:20 - 2015-12-15 12:20 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 2015-12-15 12:20 - 2015-12-15 12:20 - 00000000 ____D C:\ProgramData\Malwarebytes 2015-12-15 12:20 - 2015-12-15 12:20 - 00000000 ____D C:\Program Files (x86)\ Malwarebytes Anti-Malware 2015-12-15 12:20 - 2015-10-05 09:50 - 00109272 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamchameleon.sys 2015-12-15 12:20 - 2015-10-05 09:50 - 00064216 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys 2015-12-15 12:20 - 2015-10-05 09:50 - 00025816 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys 2015-12-15 12:17 - 2015-12-15 12:18 - 22908888 _____ (Malwarebytes ) C:\Users\Daniel\Downloads\mbam-setup-2.2.0.1024.exe 2015-12-15 12:09 - 2015-12-15 12:09 - 00003530 _____ C:\WINDOWS\System32\Tasks\Ahonaradra 2015-12-15 12:01 - 2015-12-15 12:01 - 00003774 _____ C:\WINDOWS\System32\Tasks\SoftUpgrade 2015-12-15 12:01 - 2015-12-15 12:01 - 00000000 ____D C:\Users\Daniel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BandwidthStat 2015-12-15 12:01 - 2015-12-15 12:01 - 00000000 ____D C:\Users\Daniel\AppData\Roaming\BandwidthStat 2015-12-15 12:01 - 2015-12-15 12:01 - 00000000 ____D C:\Program Files (x86)\SoftUpgrade 2015-12-15 11:57 - 2015-12-15 11:57 - 00275717 _____ C:\Users\Daniel\Documents\151210 Rechnung_Lingel.pdf 2015-12-15 11:35 - 2015-12-15 11:35 - 00000000 ____D C:\ProgramData\{FD6F83C0-EC70-4581-8361-C70CD1AA4B98} 2015-12-15 11:34 - 2015-12-15 11:34 - 00026528 _____ (REALiX(tm)) C:\WINDOWS\SysWOW64\Drivers\HWiNFO64A.SYS 2015-12-15 11:34 - 2015-12-15 11:34 - 00000000 ____D C:\WINDOWS\Tasks\ImCleanDisabled 2015-12-15 11:34 - 2015-01-10 15:32 - 00128288 _____ (IObit) C:\WINDOWS\system32\IObitSmartDefragExtension.dll 2015-12-15 11:34 - 2014-06-04 15:17 - 00034080 _____ (IObit) C:\WINDOWS\system32\SmartDefragBootTime.exe 2015-12-15 11:33 - 2015-12-22 11:52 - 00000000 ____D C:\ProgramData\ProductData 2015-12-15 11:33 - 2015-12-15 11:41 - 00000000 ____D C:\Users\Daniel\AppData\Roaming\IObit 2015-12-15 11:33 - 2015-12-15 11:40 - 00000000 ____D C:\ProgramData\IObit 2015-12-15 11:33 - 2015-12-15 11:33 - 00000000 ____D C:\Users\Daniel\AppData\Roaming\ProductData 2015-12-15 11:33 - 2015-12-15 11:33 - 00000000 ____D C:\Users\Daniel\AppData\Roaming\Apple Computer 2015-12-15 11:33 - 2015-12-15 11:33 - 00000000 ____D C:\Users\Daniel\AppData\LocalLow\IObit 2015-12-15 11:32 - 2015-12-15 11:41 - 00000000 ____D C:\Program Files (x86)\IObit 2015-12-15 11:32 - 2015-12-15 11:32 - 30003568 _____ (IObit ) C:\Users\Daniel\Downloads\IObit-Malware-Fighter-Setup3409.exe 2015-12-15 11:16 - 2015-12-15 11:16 - 17529025 _____ C:\Users\Daniel\Documents\151210 Rechnung Lingel.pdf 2015-12-15 11:05 - 2015-12-15 11:13 - 00000000 ____D C:\Users\Daniel\AppData\Roaming\Opera Software 2015-12-15 11:05 - 2015-12-15 11:13 - 00000000 ____D C:\Users\Daniel\AppData\Local\Opera Software 2015-12-15 11:04 - 2015-12-15 11:05 - 17231872 _____ C:\Users\Daniel\Downloads\epson374980eu.exe 2015-12-15 11:03 - 2015-12-15 11:02 - 00004182 _____ C:\WINDOWS\system32\Drivers\etc\hp.bak 2015-12-15 11:02 - 2015-12-22 18:43 - 00000008 __RSH C:\Users\Daniel\ntuser.pol 2015-12-15 11:02 - 2015-12-22 18:43 - 00000008 __RSH C:\ProgramData\ntuser.pol 2015-12-15 11:01 - 2015-12-15 11:01 - 00003294 _____ C:\WINDOWS\System32\Tasks\{9049D845-5093-42F1-ABE4-823668FF2E6F} 2015-12-15 10:59 - 2015-12-15 10:59 - 12793856 _____ C:\Users\Daniel\Downloads\epson325480eu.exe 2015-12-15 10:57 - 2015-12-15 10:57 - 25198592 _____ C:\Users\Daniel\Downloads\epson324666eu.dmg 2015-12-14 20:52 - 2015-12-14 20:52 - 00030000 _____ C:\Users\Daniel\Documents\13.mrf 2015-12-14 14:28 - 2015-12-14 14:32 - 00027280 _____ C:\Users\Daniel\Documents\sunshine beach.mrf 2015-12-14 14:23 - 2015-12-14 14:23 - 31302583 _____ C:\Users\Daniel\Downloads\auv116.pdf 2015-12-14 14:23 - 2015-12-14 14:23 - 31302583 _____ C:\Users\Daniel\Downloads\auv116 (1).pdf 2015-12-14 14:22 - 2015-12-14 14:23 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype 2015-12-14 14:22 - 2015-12-14 14:22 - 00000000 ___RD C:\Program Files (x86)\Skype 2015-12-14 14:11 - 2015-12-14 14:15 - 11692510 _____ C:\Users\Daniel\Downloads\GLGzFAmSSuC(zA.rar 2015-12-14 14:05 - 2015-12-14 14:15 - 32280461 _____ C:\Users\Daniel\Downloads\Nicht bestätigt 522240.crdownload 2015-12-14 13:48 - 2015-12-14 13:48 - 00030280 _____ C:\Users\Daniel\Documents\Climbing Olympus.mrf 2015-12-14 13:20 - 2015-12-15 16:21 - 00000000 ____D C:\Users\Daniel\AppData\Roaming\Mouse Recorder 2015-12-14 13:20 - 2015-12-14 13:20 - 00000000 ____D C:\ProgramData\MouseRecorder 2015-12-14 13:20 - 2015-12-14 13:20 - 00000000 ____D C:\ProgramData\Mouse Recorder 2015-12-14 13:20 - 2015-12-14 13:20 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MouseRecorder 2015-12-14 13:20 - 2015-12-14 13:20 - 00000000 ____D C:\Program Files (x86)\MouseRecorder 2015-12-14 13:19 - 2015-12-14 13:21 - 02467080 _____ (Bartels Media GmbH ) C:\Users\Daniel\Downloads\MouseRecorderSetup1042.exe 2015-12-14 13:17 - 2015-12-14 13:17 - 02331531 _____ C:\Users\Daniel\Downloads\MRP276Setup.zip 2015-12-14 13:10 - 2015-12-14 13:10 - 00000000 ____D C:\Users\Daniel\Documents\My Recorded Scripts 2015-12-14 13:10 - 2015-12-14 13:10 - 00000000 ____D C:\Users\Daniel\AppData\Roaming\Mouse Recorder Pro 2015-12-14 13:10 - 2015-12-14 13:10 - 00000000 ____D C:\Users\Daniel\AppData\Local\Nemex 2015-12-14 13:09 - 2015-12-14 13:09 - 02332069 _____ C:\Users\Daniel\Downloads\mrp275setup.zip 2015-12-14 13:01 - 2015-12-14 13:01 - 00842440 _____ (ghost-mouse.com ) C:\Users\Daniel\Downloads\GhostMouse323-Setup (1).exe 2015-12-14 12:55 - 2015-12-15 13:10 - 00001682 _____ C:\Users\Public\Desktop\BlueStacks.lnk 2015-12-14 12:55 - 2015-12-15 13:08 - 00001742 _____ C:\Users\Daniel\AppData\Roaming\Microsoft\Windows\Start Menu\BlueStacks.lnk 2015-12-14 12:55 - 2015-12-14 13:01 - 00842440 _____ (ghost-mouse.com ) C:\Users\Daniel\Downloads\GhostMouse323-Setup.exe 2015-12-14 12:55 - 2015-12-14 12:55 - 00000000 ____D C:\ProgramData\BlueStacksGameManager 2015-12-14 12:54 - 2015-12-14 12:54 - 00000000 ____D C:\Users\Daniel\AppData\Local\fabi.me 2015-12-14 12:53 - 2015-12-14 12:55 - 00000000 ____D C:\Program Files (x86)\BlueStacks 2015-12-14 12:53 - 2015-12-14 12:54 - 00000000 ____D C:\ProgramData\BlueStacks 2015-12-14 12:53 - 2015-12-14 12:53 - 00094899 _____ C:\Users\Daniel\Downloads\SpeedAutoClicker.zip 2015-12-14 12:46 - 2015-12-14 12:47 - 308301520 _____ (BlueStack Systems Inc.) C:\Users\Daniel\Downloads\BlueStacks2-Installer_native.exe 2015-12-12 19:59 - 2015-12-01 08:01 - 02115936 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys 2015-12-12 19:59 - 2015-12-01 06:51 - 07523840 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll 2015-12-12 19:59 - 2015-12-01 05:59 - 05455360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll 2015-12-12 19:59 - 2015-11-25 06:42 - 04532304 _____ (Microsoft Corporation) C:\WINDOWS\explorer.exe 2015-12-12 19:59 - 2015-11-25 06:33 - 03622272 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll 2015-12-12 19:59 - 2015-11-25 06:27 - 01366680 _____ (Microsoft Corporation) C:\WINDOWS\system32\user32.dll 2015-12-12 19:59 - 2015-11-25 06:12 - 04047288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\explorer.exe 2015-12-12 19:59 - 2015-11-25 06:09 - 01310880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\user32.dll 2015-12-12 19:59 - 2015-11-25 06:01 - 02879024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll 2015-12-12 19:59 - 2015-11-25 05:49 - 01569280 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Globalization.dll 2015-12-12 19:59 - 2015-11-25 05:44 - 21872640 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll 2015-12-12 19:59 - 2015-11-25 05:42 - 24592384 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll 2015-12-12 19:59 - 2015-11-25 05:36 - 01710592 _____ (Microsoft Corporation) C:\WINDOWS\system32\SRHInproc.dll 2015-12-12 19:59 - 2015-11-25 05:35 - 00929792 _____ (Microsoft Corporation) C:\WINDOWS\system32\SRH.dll 2015-12-12 19:59 - 2015-11-25 05:35 - 00845824 _____ (Microsoft Corporation) C:\WINDOWS\system32\Magnify.exe 2015-12-12 19:59 - 2015-11-25 05:34 - 12504576 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll 2015-12-12 19:59 - 2015-11-25 05:31 - 00121344 _____ (Microsoft Corporation) C:\WINDOWS\system32\DAMM.dll 2015-12-12 19:59 - 2015-11-25 05:30 - 00171008 _____ (Microsoft Corporation) C:\WINDOWS\system32\dot3mm.dll 2015-12-12 19:59 - 2015-11-25 05:29 - 01649152 _____ (Microsoft Corporation) C:\WINDOWS\system32\comsvcs.dll 2015-12-12 19:59 - 2015-11-25 05:29 - 00355328 _____ (Microsoft Corporation) C:\WINDOWS\system32\ninput.dll 2015-12-12 19:59 - 2015-11-25 05:28 - 00523776 _____ (Microsoft Corporation) C:\WINDOWS\system32\catsrvut.dll 2015-12-12 19:59 - 2015-11-25 05:27 - 02180608 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll 2015-12-12 19:59 - 2015-11-25 05:23 - 19323392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll 2015-12-12 19:59 - 2015-11-25 05:23 - 03588096 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys 2015-12-12 19:59 - 2015-11-25 05:23 - 00587776 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieui.dll 2015-12-12 19:59 - 2015-11-25 05:22 - 01717248 _____ (Microsoft Corporation) C:\WINDOWS\system32\GdiPlus.dll 2015-12-12 19:59 - 2015-11-25 05:22 - 01383424 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys 2015-12-12 19:59 - 2015-11-25 05:22 - 00603648 _____ (Microsoft Corporation) C:\WINDOWS\system32\duser.dll 2015-12-12 19:59 - 2015-11-25 05:19 - 01795584 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.dll 2015-12-12 19:59 - 2015-11-25 05:18 - 01233920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Globalization.dll 2015-12-12 19:59 - 2015-11-25 05:17 - 00774656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SRH.dll 2015-12-12 19:59 - 2015-11-25 05:16 - 01442816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SRHInproc.dll 2015-12-12 19:59 - 2015-11-25 05:16 - 00786432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Magnify.exe 2015-12-12 19:59 - 2015-11-25 05:11 - 00296960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ninput.dll 2015-12-12 19:59 - 2015-11-25 05:10 - 18801664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll 2015-12-12 19:59 - 2015-11-25 05:10 - 01328128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\comsvcs.dll 2015-12-12 19:59 - 2015-11-25 05:10 - 00415744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\catsrvut.dll 2015-12-12 19:59 - 2015-11-25 05:05 - 11263488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll 2015-12-12 19:59 - 2015-11-25 05:04 - 01467392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GdiPlus.dll 2015-12-12 19:59 - 2015-11-25 05:04 - 00480768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\duser.dll 2015-12-12 19:59 - 2015-11-25 05:04 - 00474624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieui.dll 2015-12-12 19:58 - 2015-12-01 07:03 - 00008192 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\gpuenergydrv.sys 2015-12-12 19:58 - 2015-12-01 06:54 - 00771072 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll 2015-12-12 19:58 - 2015-12-01 06:49 - 04792320 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll 2015-12-12 19:58 - 2015-12-01 06:02 - 03580416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll 2015-12-12 19:58 - 2015-11-25 06:42 - 00168288 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetworkUXBroker.exe 2015-12-12 19:58 - 2015-11-25 06:41 - 01822280 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll 2015-12-12 19:58 - 2015-11-25 06:40 - 00516448 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBHUB3.SYS 2015-12-12 19:58 - 2015-11-25 06:32 - 00113184 _____ (Microsoft Corporation) C:\WINDOWS\system32\userenv.dll 2015-12-12 19:58 - 2015-11-25 06:11 - 01532984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll 2015-12-12 19:58 - 2015-11-25 05:59 - 00092992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\userenv.dll 2015-12-12 19:58 - 2015-11-25 05:49 - 00498688 _____ (Microsoft Corporation) C:\WINDOWS\system32\WlanMediaManager.dll 2015-12-12 19:58 - 2015-11-25 05:49 - 00467456 _____ (Microsoft Corporation) C:\WINDOWS\system32\MBMediaManager.dll 2015-12-12 19:58 - 2015-11-25 05:49 - 00270336 _____ (Microsoft Corporation) C:\WINDOWS\system32\RasMediaManager.dll 2015-12-12 19:58 - 2015-11-25 05:48 - 00146944 _____ (Microsoft Corporation) C:\WINDOWS\system32\EthernetMediaManager.dll 2015-12-12 19:58 - 2015-11-25 05:48 - 00126464 _____ (Microsoft Corporation) C:\WINDOWS\system32\DAMediaManager.dll 2015-12-12 19:58 - 2015-11-25 05:37 - 02350592 _____ (Microsoft Corporation) C:\WINDOWS\system32\authui.dll 2015-12-12 19:58 - 2015-11-25 05:36 - 00022528 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usb8023.sys 2015-12-12 19:58 - 2015-11-25 05:30 - 00147968 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rmcast.sys 2015-12-12 19:58 - 2015-11-25 05:30 - 00080896 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hdaudbus.sys 2015-12-12 19:58 - 2015-11-25 05:28 - 00572928 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll 2015-12-12 19:58 - 2015-11-25 05:26 - 00849408 _____ (Microsoft Corporation) C:\WINDOWS\system32\comdlg32.dll 2015-12-12 19:58 - 2015-11-25 05:26 - 00181760 _____ (Microsoft Corporation) C:\WINDOWS\system32\shutdownux.dll 2015-12-12 19:58 - 2015-11-25 05:25 - 00324096 _____ (Microsoft Corporation) C:\WINDOWS\system32\profsvc.dll 2015-12-12 19:58 - 2015-11-25 05:25 - 00067072 _____ (Microsoft Corporation) C:\WINDOWS\system32\profext.dll 2015-12-12 19:58 - 2015-11-25 05:22 - 00007168 _____ (Microsoft Corporation) C:\WINDOWS\system32\kbdgeoqw.dll 2015-12-12 19:58 - 2015-11-25 05:22 - 00007168 _____ (Microsoft Corporation) C:\WINDOWS\system32\KBDAZST.DLL 2015-12-12 19:58 - 2015-11-25 05:22 - 00007168 _____ (Microsoft Corporation) C:\WINDOWS\system32\KBDAZEL.DLL 2015-12-12 19:58 - 2015-11-25 05:22 - 00007168 _____ (Microsoft Corporation) C:\WINDOWS\system32\KBDAZE.DLL 2015-12-12 19:58 - 2015-11-25 05:19 - 00185344 _____ (Microsoft Corporation) C:\WINDOWS\system32\psmsrv.dll 2015-12-12 19:58 - 2015-11-25 05:13 - 02153984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\authui.dll 2015-12-12 19:58 - 2015-11-25 05:10 - 00503296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll 2015-12-12 19:58 - 2015-11-25 05:08 - 00749568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\comdlg32.dll 2015-12-12 19:58 - 2015-11-25 05:07 - 00053248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\profext.dll 2015-12-12 19:58 - 2015-11-25 05:04 - 00007168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kbdgeoqw.dll 2015-12-12 19:58 - 2015-11-25 05:04 - 00007168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KBDAZST.DLL 2015-12-12 19:58 - 2015-11-25 05:04 - 00007168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KBDAZEL.DLL 2015-12-12 19:58 - 2015-11-25 05:04 - 00007168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KBDAZE.DLL 2015-12-12 19:58 - 2015-11-25 03:52 - 00775312 _____ C:\WINDOWS\SysWOW64\locale.nls 2015-12-12 19:58 - 2015-11-25 03:52 - 00775312 _____ C:\WINDOWS\system32\locale.nls 2015-12-06 18:50 - 2015-12-06 18:50 - 01142543 _____ C:\Users\Daniel\Downloads\Bewerbung_Melanie_Schwab 1.zip 2015-12-06 18:50 - 2015-12-06 18:50 - 01142543 _____ C:\Users\Daniel\Downloads\Bewerbung_Melanie_Schwab 1 (1).zip 2015-12-06 18:49 - 2015-12-06 18:49 - 04397665 _____ C:\Users\Daniel\Downloads\Bewerbung_Melanie_Schwab (1).zip 2015-12-06 18:48 - 2015-12-06 18:48 - 01142560 _____ C:\Users\Daniel\Downloads\Bewerbung_Melanie_Schwab.zip 2015-12-06 18:19 - 2015-12-06 18:19 - 03984004 _____ C:\Users\Daniel\Downloads\Bewerbung_Erzieherin_Daniele_Maier.pdf 2015-12-06 18:06 - 2015-12-06 18:06 - 00291489 _____ C:\Users\Daniel\Downloads\20151127131614271.pdf 2015-12-06 17:50 - 2015-12-06 17:50 - 00109513 _____ C:\Users\Daniel\Desktop\Anmeldung.pdf 2015-12-03 18:29 - 2015-12-03 18:29 - 00169351 _____ C:\Users\Daniel\Downloads\WAZ.pdf 2015-11-30 21:32 - 2015-11-30 21:32 - 00064681 _____ C:\Users\Daniel\Downloads\Rückseite.pdf 2015-11-30 21:31 - 2015-11-30 21:31 - 00064681 _____ C:\Users\Daniel\Desktop\Rückseite.pdf 2015-11-30 21:29 - 2015-11-30 21:29 - 00032176 _____ C:\Users\Daniel\Desktop\Vorderseite.pdf 2015-11-30 21:25 - 2015-11-30 21:25 - 04889088 _____ C:\Users\Daniel\Downloads\Da Carlo Front Visit.zdl 2015-11-30 21:25 - 2015-11-30 21:25 - 01163776 _____ C:\Users\Daniel\Downloads\Da Carlo Back Visit.zdl 2015-11-29 20:16 - 2015-11-29 20:16 - 00457667 _____ C:\Users\Daniel\Downloads\maui.pdf 2015-11-26 16:19 - 2015-11-26 17:43 - 00000000 ____D C:\Users\Daniel\Desktop\Schwab Melli 2015-11-25 16:11 - 2015-11-25 16:11 - 00255478 _____ C:\Users\Daniel\Desktop\Dienstplan_Änderung2_NEU.xlsm 2015-11-25 16:00 - 2015-11-25 16:00 - 00273974 _____ C:\Users\Daniel\Downloads\Dienstplan_Änderung2_NEU.xlsm 2015-11-25 15:59 - 2015-11-25 15:59 - 00076125 _____ C:\Users\Daniel\Downloads\Kopie von Dienstplan_Änderung2 (1).xlsx ==================== Ein Monat: Geänderte Dateien und Ordner ======== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.) 2015-12-23 13:24 - 2014-05-05 05:06 - 00001138 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job 2015-12-23 13:22 - 2015-07-10 12:04 - 00000000 ____D C:\WINDOWS\AppReadiness 2015-12-23 13:02 - 2014-06-07 19:47 - 00000884 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job 2015-12-23 11:24 - 2014-05-05 05:06 - 00001134 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job 2015-12-23 08:17 - 2014-06-23 14:35 - 00000000 ____D C:\Users\Daniel\AppData\Local\Adobe 2015-12-23 08:16 - 2015-08-08 19:27 - 00004160 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{88EEB1D5-370C-4812-9418-EDF692A916C5} 2015-12-23 08:06 - 2015-02-13 17:03 - 00000000 ____D C:\ProgramData\TwonkyServer 2015-12-23 07:46 - 2015-08-01 19:33 - 01790124 _____ C:\WINDOWS\system32\PerfStringBackup.INI 2015-12-23 07:46 - 2015-07-10 17:34 - 00771100 _____ C:\WINDOWS\system32\perfh007.dat 2015-12-23 07:46 - 2015-07-10 17:34 - 00153964 _____ C:\WINDOWS\system32\perfc007.dat 2015-12-23 07:46 - 2015-07-10 12:02 - 00000000 ____D C:\WINDOWS\INF 2015-12-23 07:44 - 2014-11-03 18:22 - 00000000 ____D C:\ProgramData\BlueStacksSetup 2015-12-23 07:42 - 2014-05-05 05:08 - 00000000 ____D C:\Users\Daniel\AppData\Roaming\Skype 2015-12-23 07:39 - 2015-08-15 18:33 - 00000000 ____D C:\WINDOWS\Minidump 2015-12-23 07:39 - 2015-08-01 19:21 - 00000000 ____D C:\Users\postgres 2015-12-23 07:39 - 2015-08-01 19:21 - 00000000 ____D C:\Users\Daniel 2015-12-23 07:39 - 2015-08-01 19:20 - 00000000 _____ C:\WINDOWS\system32\Drivers\lvuvc.hs 2015-12-23 07:39 - 2015-07-10 13:21 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT 2015-12-23 07:39 - 2015-07-10 10:05 - 00000000 ____D C:\Windows 2015-12-22 19:25 - 2015-07-10 10:05 - 00524288 ___SH C:\WINDOWS\system32\config\BBI 2015-12-22 19:25 - 2014-06-23 15:11 - 00065536 _____ C:\WINDOWS\system32\spu_storage.bin 2015-12-22 18:16 - 2014-08-16 20:56 - 00000000 ____D C:\Program Files\Common Files\Adobe 2015-12-22 18:16 - 2014-05-26 12:17 - 00000000 ____D C:\ProgramData\Adobe 2015-12-22 18:16 - 2014-05-05 05:03 - 00000000 ____D C:\Users\Daniel\AppData\Roaming\Adobe 2015-12-22 18:15 - 2014-05-26 12:17 - 00000000 ____D C:\Program Files (x86)\Adobe 2015-12-22 17:51 - 2014-05-13 20:10 - 00000000 ____D C:\Users\Daniel\AppData\Roaming\Notepad++ 2015-12-22 17:45 - 2015-04-02 10:03 - 00000000 ____D C:\Users\Daniel\AppData\Roaming\uTorrent 2015-12-22 14:51 - 2015-07-10 12:04 - 00000000 ___HD C:\Program Files\WindowsApps 2015-12-22 11:28 - 2015-07-10 12:04 - 00000000 ____D C:\WINDOWS\Registration 2015-12-22 11:09 - 2015-07-10 12:04 - 00000000 ____D C:\WINDOWS\system32\NDF 2015-12-22 11:07 - 2014-05-29 11:18 - 00000000 ____D C:\Users\Daniel\AppData\Local\CrashDumps 2015-12-22 11:07 - 2014-05-13 19:27 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service 2015-12-21 15:41 - 2015-08-16 17:58 - 00000000 ____D C:\Program Files (x86)\StarMoney 9.0 2015-12-21 11:06 - 2015-10-03 15:02 - 00010560 _____ C:\Users\Daniel\Desktop\Lego-Architecture.xlsx 2015-12-21 10:28 - 2015-08-01 19:20 - 00000000 ____D C:\ProgramData\AMD 2015-12-21 10:28 - 2015-08-01 19:20 - 00000000 ____D C:\Program Files (x86)\ATI Technologies 2015-12-21 10:27 - 2014-05-05 05:07 - 00000000 ____D C:\AMD 2015-12-21 10:25 - 2015-08-25 19:22 - 21648880 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\system32\Drivers\atikmdag.sys 2015-12-21 10:25 - 2015-08-25 19:22 - 00255472 _____ (AMD) C:\WINDOWS\system32\atiesrxx.exe 2015-12-21 10:25 - 2015-07-16 01:12 - 00162232 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\atiuxp64.dll 2015-12-21 10:25 - 2015-07-16 01:11 - 12088000 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\atidxx64.dll 2015-12-21 10:25 - 2015-07-16 01:11 - 10211016 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\atidxx32.dll 2015-12-21 10:25 - 2015-07-16 01:11 - 08009360 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\atiumdva.dll 2015-12-21 10:25 - 2015-07-16 01:11 - 07482560 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\atiumdag.dll 2015-12-21 10:25 - 2015-07-16 01:11 - 01479808 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\aticfx64.dll 2015-12-21 10:25 - 2015-07-16 01:11 - 01223544 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\aticfx32.dll 2015-12-21 10:25 - 2015-07-16 01:11 - 00143056 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\atiuxpag.dll 2015-12-21 10:25 - 2015-07-16 01:11 - 00112360 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\atiu9pag.dll 2015-12-21 10:25 - 2015-07-16 00:17 - 00683504 _____ (AMD) C:\WINDOWS\system32\atieclxx.exe 2015-12-21 10:25 - 2015-07-16 00:13 - 00674288 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\system32\Drivers\atikmpag.sys 2015-12-21 10:25 - 2015-07-16 00:12 - 00874480 _____ (AMD) C:\WINDOWS\system32\coinst_15.20.dll 2015-12-20 10:37 - 2014-05-05 05:03 - 00000000 ____D C:\Users\Daniel\AppData\Local\Packages 2015-12-18 19:58 - 2015-09-19 10:01 - 00023600 _____ C:\Users\Daniel\Desktop\Kaufpreis Backnang.xlsx 2015-12-18 17:14 - 2015-07-10 17:44 - 00000000 ____D C:\WINDOWS\ShellNew 2015-12-17 18:52 - 2015-08-20 15:17 - 00002099 _____ C:\Users\Public\Desktop\Sony PC Companion 2.1.lnk 2015-12-17 18:52 - 2014-07-10 16:29 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sony 2015-12-17 18:52 - 2014-05-05 05:08 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information 2015-12-17 14:36 - 2015-07-10 12:04 - 00000000 ____D C:\WINDOWS\LiveKernelReports 2015-12-15 13:24 - 2014-11-03 18:30 - 00000000 ____D C:\Users\Daniel\.VirtualBox 2015-12-15 13:11 - 2015-08-01 19:25 - 00001540 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk 2015-12-15 13:11 - 2015-06-26 22:05 - 00001162 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CDBurnerXP.lnk 2015-12-15 13:11 - 2014-12-29 16:10 - 00000971 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 10.lnk 2015-12-15 13:11 - 2014-10-20 18:02 - 00000942 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GIMP 2.lnk 2015-12-15 13:11 - 2014-08-16 20:58 - 00000890 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Bridge CS6 (64bit).lnk 2015-12-15 13:11 - 2014-08-16 20:57 - 00001527 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe ExtendScript Toolkit CS6.lnk 2015-12-15 13:11 - 2014-08-16 17:13 - 00001750 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Rainmeter.lnk 2015-12-15 13:11 - 2014-05-13 19:27 - 00001159 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk 2015-12-15 13:10 - 2015-08-26 18:40 - 00001218 _____ C:\Users\Public\Desktop\CDBurnerXP.lnk 2015-12-15 13:10 - 2015-08-16 18:00 - 00002234 _____ C:\Users\Public\Desktop\StarMoney 9.0.lnk 2015-12-15 13:08 - 2015-08-01 20:21 - 00002425 _____ C:\Users\Daniel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk 2015-12-15 13:08 - 2015-05-16 13:40 - 00002158 _____ C:\Users\Daniel\AppData\Roaming\Microsoft\Windows\Start Menu\KÜCHEN QUELLE 3D.lnk 2015-12-15 13:08 - 2015-01-18 17:42 - 00001033 _____ C:\Users\Daniel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\iPadian.lnk 2015-12-15 13:08 - 2015-01-08 18:29 - 00001822 _____ C:\Users\Daniel\AppData\Roaming\Microsoft\Windows\Start Menu\Coral Poker.lnk 2015-12-15 13:08 - 2014-12-16 14:46 - 00001830 _____ C:\Users\Daniel\AppData\Roaming\Microsoft\Windows\Start Menu\Winner Poker.lnk 2015-12-15 13:08 - 2014-08-21 15:45 - 00001136 _____ C:\ProgramData\Microsoft\Windows\Start Menu\LINE.lnk 2015-12-15 13:08 - 2014-07-25 19:12 - 00001792 _____ C:\ProgramData\Microsoft\Windows\Start Menu\24hPoker.lnk 2015-12-15 13:08 - 2014-07-02 16:36 - 00001102 _____ C:\ProgramData\Microsoft\Windows\Start Menu\PokerStars.eu.lnk 2015-12-15 13:08 - 2014-06-14 19:21 - 00001120 _____ C:\Users\Daniel\AppData\Roaming\Microsoft\Windows\Start Menu\PokerStars.eu.lnk 2015-12-15 13:08 - 2014-05-18 20:21 - 00000295 _____ C:\Users\Daniel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Papierkorb.lnk 2015-12-15 13:08 - 2014-05-17 11:36 - 00001079 _____ C:\Users\Daniel\AppData\Roaming\Microsoft\Windows\Start Menu\PokerRanger.lnk 2015-12-15 13:08 - 2014-05-05 15:24 - 00000811 _____ C:\Users\Daniel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Betfair.com Poker.lnk 2015-12-15 13:07 - 2015-10-12 19:18 - 00002180 _____ C:\Users\Daniel\Desktop\AusweisApp2.lnk 2015-12-15 12:04 - 2015-08-01 20:18 - 00000000 __RHD C:\Users\Public\AccountPictures 2015-12-15 11:12 - 2014-10-20 17:34 - 00000000 ____D C:\WINDOWS\system32\appmgmt 2015-12-14 22:26 - 2015-07-10 12:04 - 00000000 ____D C:\WINDOWS\rescache 2015-12-14 22:20 - 2015-09-06 12:11 - 00000000 ____D C:\WINDOWS\Panther 2015-12-14 22:15 - 2015-10-30 20:28 - 00000000 ___HD C:\$WINDOWS.~BT 2015-12-14 19:15 - 2015-07-10 13:20 - 04962496 _____ C:\WINDOWS\system32\FNTCACHE.DAT 2015-12-14 14:22 - 2014-05-05 05:08 - 00000000 ____D C:\Users\Daniel\AppData\Local\Skype 2015-12-14 14:22 - 2014-05-05 05:07 - 00000000 ____D C:\ProgramData\Skype 2015-12-14 14:19 - 2015-07-10 12:04 - 00000000 ____D C:\WINDOWS\system32\oobe 2015-12-14 14:19 - 2014-05-10 14:33 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight 2015-12-14 12:55 - 2015-07-10 12:04 - 00000000 __RHD C:\Users\Public\Libraries 2015-12-14 12:50 - 2014-11-03 18:25 - 00000000 ____D C:\Program Files\Andy 2015-12-14 11:44 - 2014-05-05 14:40 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013 2015-12-14 11:44 - 2014-05-05 14:38 - 00000000 ____D C:\ProgramData\Microsoft Help 2015-12-14 11:43 - 2013-08-22 14:25 - 00000167 _____ C:\WINDOWS\win.ini 2015-12-14 11:41 - 2014-05-10 14:33 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight 2015-12-14 11:40 - 2014-05-10 14:33 - 00000000 ____D C:\Program Files\Microsoft Silverlight 2015-12-14 11:39 - 2015-07-10 11:55 - 00000000 ____D C:\WINDOWS\CbsTemp 2015-12-14 11:38 - 2014-05-07 16:59 - 00000000 ____D C:\WINDOWS\system32\MRT 2015-12-14 11:32 - 2014-05-07 16:59 - 140158008 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe 2015-12-14 09:46 - 2014-05-05 05:05 - 00000000 ___RD C:\Users\Daniel\OneDrive 2015-12-12 19:44 - 2014-06-14 19:21 - 00000000 ____D C:\Users\Daniel\AppData\Local\PokerStars.EU 2015-12-09 04:39 - 2014-05-07 18:25 - 00301728 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe 2015-12-06 11:19 - 2014-05-05 05:06 - 00004196 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA 2015-12-06 11:19 - 2014-05-05 05:06 - 00003964 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore 2015-12-06 11:04 - 2014-08-16 21:42 - 00000000 ____D C:\ProgramData\regid.1986-12.com.adobe 2015-12-06 11:04 - 2014-05-05 14:37 - 00000000 ____D C:\Users\Daniel\AppData\Local\AMD 2015-12-01 01:32 - 2015-10-03 15:01 - 00826872 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe 2015-12-01 01:32 - 2015-10-03 15:01 - 00176632 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl ==================== Dateien im Wurzelverzeichnis einiger Verzeichnisse ======= 2014-11-27 21:25 - 2014-11-27 21:25 - 0004676 _____ () C:\Users\Daniel\AppData\Local\recently-used.xbel 2015-05-16 13:40 - 2015-05-16 13:40 - 0370070 _____ () C:\Users\Daniel\AppData\Local\SquareClock.Production_Home_KQ_WebIcon.ico 2015-02-13 17:03 - 2015-02-13 17:03 - 0000011 _____ () C:\ProgramData\.tv7 2014-05-05 15:24 - 2014-05-05 15:24 - 0558105 _____ () C:\ProgramData\1399299703.bdinstall.bin 2015-01-05 15:23 - 2015-01-05 15:23 - 0259192 _____ () C:\ProgramData\1420467746.bdinstall.bin 2015-02-08 16:01 - 2015-02-08 16:01 - 0740775 _____ () C:\ProgramData\AndyDrivers.zip 2015-08-01 19:19 - 2015-08-01 19:19 - 0000000 ____H () C:\ProgramData\DP45977C.lfl 2014-08-09 18:17 - 2014-08-09 18:17 - 0005044 _____ () C:\ProgramData\flwjycbm.bab ==================== Bamital & volsnap ================= (Es ist kein automatischer Fix für Dateien vorhanden, die an der Verifikation gescheitert sind.) C:\WINDOWS\system32\winlogon.exe => Datei ist digital signiert C:\WINDOWS\system32\wininit.exe => Datei ist digital signiert C:\WINDOWS\explorer.exe => Datei ist digital signiert C:\WINDOWS\SysWOW64\explorer.exe => Datei ist digital signiert C:\WINDOWS\system32\svchost.exe => Datei ist digital signiert C:\WINDOWS\SysWOW64\svchost.exe => Datei ist digital signiert C:\WINDOWS\system32\services.exe => Datei ist digital signiert C:\WINDOWS\system32\User32.dll => Datei ist digital signiert C:\WINDOWS\SysWOW64\User32.dll => Datei ist digital signiert C:\WINDOWS\system32\userinit.exe => Datei ist digital signiert C:\WINDOWS\SysWOW64\userinit.exe => Datei ist digital signiert C:\WINDOWS\system32\rpcss.dll => Datei ist digital signiert C:\WINDOWS\system32\dnsapi.dll => Datei ist digital signiert C:\WINDOWS\SysWOW64\dnsapi.dll => Datei ist digital signiert C:\WINDOWS\system32\Drivers\volsnap.sys => Datei ist digital signiert LastRegBack: 2015-12-14 22:04 ==================== Ende von FRST.txt ============================ Ansonsten habe ich noch folgende Probleme (nach dem ESET-Scan wurde allerdings kein weiterer Neustart durchgeführt!) - Office Note versucht weiterhin nach jedem Neustart sich zu öffnen und was zu versenden - Nach jedem Neustart blinkt bei Malwarebyte verschiedene "Fehlermeldungen kurz auf"  |
|
23.12.2015, 13:54
| #10 |
| /// Malwareteam | Windows 10: Malwarebytes meldet infizierte Dateien, teilweise funktioniert das Internet nicht, generell PC langsam Hi, schau mal bitte in den Verlauf von MBAM ob dort irgendwelche Logs mit Funden dort sind. Desto neuer desto besser. Dieses auch noch hier posten. Schritt # 1: Revo Lade Dir bitte von hier  Revo Uninstaller (alternativ portable Revo Uninstaller) herunter.
Schritt # 2: FRST-Fix Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster. Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument Code:
ATTFilter
C:\Flashtool\custom\root\run_root_shell\run_root_shell
C:\MtkDroidTools\files\pwn
C:\MtkDroidTools\files\zR
C:\Poker\files\pwn
C:\Poker\files\zR
C:\Poker\MtkDroidTools\files\pwn
C:\Poker\MtkDroidTools\files\zR
C:\Program Files (x86)\Google\Chrome\Application\plugins\npMozCouponPrinter.dll
C:\Program Files (x86)\Mozilla Firefox\browser\plugins\npMozCouponPrinter.dll
C:\rooten\files\run_root_shell
C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Default\File System\005\t\00\00000000
C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Default\File System\005\t\00\00000001
C:\Users\Daniel\AppData\Local\Skype\MtkDroidTools\files\pwn
C:\Users\Daniel\Downloads\ALNO_KPLSetup14a - CHIP-Installer.exe
C:\Users\Daniel\Downloads\CouponPrinter.exe
C:\Users\Daniel\Downloads\DooMLoRD_Easy-Rooting-Toolkit_v19a_perf-event-exploit.zip
C:\Users\Daniel\Downloads\ipadian.exe
C:\Users\Daniel\Downloads\setup.exe
C:\Users\Daniel\Downloads\tr.apk
C:\Windows\CouponPrinter.ocx
D:\sicherung\Dale Carnegie - Besser miteinander reden\Kostenloser Usenet Zugang.url
D:\unsortiert\setup.exe
Startup: C:\Users\Daniel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\An OneNote senden.lnk [2015-12-15]
ShortcutTarget: An OneNote senden.lnk -> C:\Program Files\Microsoft Office\Office15\ONENOTEM.EXE (Microsoft Corporation)
EmptyTemp:
Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
Schritt # 3: FRST Und noch ein frisches FRST-Log bitte. Schritt # 4: Bitte Posten
|
|
23.12.2015, 14:51
| #11 |
| | Windows 10: Malwarebytes meldet infizierte Dateien, teilweise funktioniert das Internet nicht, generell PC langsam Vielen Dank! zu #1: Das Programm "Coupon Printer for Windows" gab es nicht zum Auswählen schutzprotokoll.txt von MBAM: Code:
ATTFilter Malwarebytes Anti-Malware www.malwarebytes.org Protection, 23.12.2015 07:39, SYSTEM, GLOBALITY, Protection, Malware Protection, Starting, Protection, 23.12.2015 07:39, SYSTEM, GLOBALITY, Protection, Malware Protection, Started, Protection, 23.12.2015 07:39, SYSTEM, GLOBALITY, Protection, Malicious Website Protection, Starting, Protection, 23.12.2015 07:39, SYSTEM, GLOBALITY, Protection, Malicious Website Protection, Started, Detection, 23.12.2015 07:40, SYSTEM, GLOBALITY, Protection, Malicious Website Protection, Domain, 136.243.22.25, interstat.eu, 49519, Outbound, C:\Users\Daniel\AppData\Roaming\BandwidthStat\bandwidthstat.exe, Detection, 23.12.2015 07:40, SYSTEM, GLOBALITY, Protection, Malicious Website Protection, Domain, 136.243.22.25, interstat.eu, 49519, Outbound, C:\Users\Daniel\AppData\Roaming\BandwidthStat\bandwidthstat.exe, Detection, 23.12.2015 07:40, SYSTEM, GLOBALITY, Protection, Malicious Website Protection, IP, 162.13.104.8, www.tr553.com, 49530, Outbound, C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe, Detection, 23.12.2015 07:40, SYSTEM, GLOBALITY, Protection, Malicious Website Protection, IP, 162.13.104.8, www.tr553.com, 49530, Outbound, C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe, Detection, 23.12.2015 07:40, SYSTEM, GLOBALITY, Protection, Malicious Website Protection, IP, 162.13.104.8, www.tr553.com, 49533, Outbound, C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe, Detection, 23.12.2015 07:40, SYSTEM, GLOBALITY, Protection, Malicious Website Protection, IP, 162.13.104.8, www.tr553.com, 49534, Outbound, C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe, Detection, 23.12.2015 07:40, SYSTEM, GLOBALITY, Protection, Malicious Website Protection, Domain, 37.58.102.38, doz.mazeability.com, 49535, Outbound, C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe, Detection, 23.12.2015 07:40, SYSTEM, GLOBALITY, Protection, Malicious Website Protection, Domain, 37.58.102.38, doz.mazeability.com, 49535, Outbound, C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe, Detection, 23.12.2015 07:40, SYSTEM, GLOBALITY, Protection, Malicious Website Protection, IP, 162.13.104.8, www.tr553.com, 49537, Outbound, C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe, Detection, 23.12.2015 07:40, SYSTEM, GLOBALITY, Protection, Malicious Website Protection, IP, 162.13.104.8, www.tr553.com, 49539, Outbound, C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe, Detection, 23.12.2015 07:40, SYSTEM, GLOBALITY, Protection, Malicious Website Protection, Domain, 37.58.102.38, doz.mazeability.com, 49540, Outbound, C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe, Detection, 23.12.2015 07:40, SYSTEM, GLOBALITY, Protection, Malicious Website Protection, IP, 162.13.104.8, www.tr553.com, 49542, Outbound, C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe, Detection, 23.12.2015 07:40, SYSTEM, GLOBALITY, Protection, Malicious Website Protection, IP, 162.13.104.8, www.tr553.com, 49543, Outbound, C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe, Detection, 23.12.2015 07:40, SYSTEM, GLOBALITY, Protection, Malicious Website Protection, IP, 162.13.104.8, www.tr553.com, 49574, Outbound, C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe, Detection, 23.12.2015 07:40, SYSTEM, GLOBALITY, Protection, Malicious Website Protection, IP, 162.13.104.8, www.tr553.com, 49575, Outbound, C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe, Detection, 23.12.2015 07:40, SYSTEM, GLOBALITY, Protection, Malicious Website Protection, IP, 162.13.104.8, www.tr553.com, 49577, Outbound, C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe, Detection, 23.12.2015 07:40, SYSTEM, GLOBALITY, Protection, Malicious Website Protection, Domain, 37.58.102.38, doz.mazeability.com, 49580, Outbound, C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe, Detection, 23.12.2015 07:40, SYSTEM, GLOBALITY, Protection, Malicious Website Protection, IP, 162.13.104.8, www.tr553.com, 49599, Outbound, C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe, Detection, 23.12.2015 07:40, SYSTEM, GLOBALITY, Protection, Malicious Website Protection, IP, 162.13.104.8, www.tr553.com, 49601, Outbound, C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe, Detection, 23.12.2015 07:40, SYSTEM, GLOBALITY, Protection, Malicious Website Protection, IP, 162.13.104.8, www.tr553.com, 49602, Outbound, C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe, Detection, 23.12.2015 07:40, SYSTEM, GLOBALITY, Protection, Malicious Website Protection, IP, 162.13.104.8, www.tr553.com, 49603, Outbound, C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe, Detection, 23.12.2015 07:40, SYSTEM, GLOBALITY, Protection, Malicious Website Protection, IP, 162.13.104.8, www.tr553.com, 49604, Outbound, C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe, Detection, 23.12.2015 07:40, SYSTEM, GLOBALITY, Protection, Malicious Website Protection, IP, 162.13.104.8, www.tr553.com, 49605, Outbound, C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe, Detection, 23.12.2015 07:40, SYSTEM, GLOBALITY, Protection, Malicious Website Protection, Domain, 37.58.102.38, doz.mazeability.com, 49607, Outbound, C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe, Detection, 23.12.2015 07:40, SYSTEM, GLOBALITY, Protection, Malicious Website Protection, Domain, 37.58.102.38, doz.mazeability.com, 49608, Outbound, C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe, Detection, 23.12.2015 07:40, SYSTEM, GLOBALITY, Protection, Malicious Website Protection, IP, 162.13.104.8, www.tr553.com, 49610, Outbound, C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe, Detection, 23.12.2015 07:40, SYSTEM, GLOBALITY, Protection, Malicious Website Protection, IP, 162.13.104.8, www.tr553.com, 49611, Outbound, C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe, Detection, 23.12.2015 07:40, SYSTEM, GLOBALITY, Protection, Malicious Website Protection, IP, 162.13.104.8, www.tr553.com, 49612, Outbound, C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe, Detection, 23.12.2015 07:40, SYSTEM, GLOBALITY, Protection, Malicious Website Protection, Domain, 37.58.102.38, doz.mazeability.com, 49613, Outbound, C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe, Update, 23.12.2015 08:02, SYSTEM, GLOBALITY, Scheduler, Domain Database, 2015.12.22.1, 2015.12.23.1, Update, 23.12.2015 08:02, SYSTEM, GLOBALITY, Scheduler, Malware Database, 2015.12.22.6, 2015.12.23.1, Protection, 23.12.2015 08:02, SYSTEM, GLOBALITY, Protection, Refresh, Starting, Protection, 23.12.2015 08:02, SYSTEM, GLOBALITY, Protection, Malicious Website Protection, Stopping, Protection, 23.12.2015 08:02, SYSTEM, GLOBALITY, Protection, Malicious Website Protection, Stopped, Protection, 23.12.2015 08:02, SYSTEM, GLOBALITY, Protection, Refresh, Success, Protection, 23.12.2015 08:02, SYSTEM, GLOBALITY, Protection, Malicious Website Protection, Starting, Protection, 23.12.2015 08:02, SYSTEM, GLOBALITY, Protection, Malicious Website Protection, Started, Detection, 23.12.2015 08:40, SYSTEM, GLOBALITY, Protection, Malicious Website Protection, Domain, 136.243.22.25, interstat.eu, 51734, Outbound, C:\Users\Daniel\AppData\Roaming\BandwidthStat\bandwidthstat.exe, Detection, 23.12.2015 08:40, SYSTEM, GLOBALITY, Protection, Malicious Website Protection, Domain, 136.243.22.25, interstat.eu, 51734, Outbound, C:\Users\Daniel\AppData\Roaming\BandwidthStat\bandwidthstat.exe, Update, 23.12.2015 09:09, SYSTEM, GLOBALITY, Scheduler, Malware Database, 2015.12.23.1, 2015.12.23.2, Protection, 23.12.2015 09:09, SYSTEM, GLOBALITY, Protection, Refresh, Starting, Protection, 23.12.2015 09:09, SYSTEM, GLOBALITY, Protection, Malicious Website Protection, Stopping, Protection, 23.12.2015 09:09, SYSTEM, GLOBALITY, Protection, Malicious Website Protection, Stopped, Protection, 23.12.2015 09:09, SYSTEM, GLOBALITY, Protection, Refresh, Success, Protection, 23.12.2015 09:09, SYSTEM, GLOBALITY, Protection, Malicious Website Protection, Starting, Protection, 23.12.2015 09:09, SYSTEM, GLOBALITY, Protection, Malicious Website Protection, Started, Detection, 23.12.2015 09:40, SYSTEM, GLOBALITY, Protection, Malicious Website Protection, Domain, 136.243.22.25, interstat.eu, 53651, Outbound, C:\Users\Daniel\AppData\Roaming\BandwidthStat\bandwidthstat.exe, Detection, 23.12.2015 09:40, SYSTEM, GLOBALITY, Protection, Malicious Website Protection, Domain, 136.243.22.25, interstat.eu, 53651, Outbound, C:\Users\Daniel\AppData\Roaming\BandwidthStat\bandwidthstat.exe, Detection, 23.12.2015 10:40, SYSTEM, GLOBALITY, Protection, Malicious Website Protection, Domain, 136.243.22.25, interstat.eu, 55585, Outbound, C:\Users\Daniel\AppData\Roaming\BandwidthStat\bandwidthstat.exe, Detection, 23.12.2015 11:40, SYSTEM, GLOBALITY, Protection, Malicious Website Protection, Domain, 136.243.22.25, interstat.eu, 57472, Outbound, C:\Users\Daniel\AppData\Roaming\BandwidthStat\bandwidthstat.exe, Update, 23.12.2015 12:14, SYSTEM, GLOBALITY, Scheduler, Malware Database, 2015.12.23.2, 2015.12.23.3, Protection, 23.12.2015 12:14, SYSTEM, GLOBALITY, Protection, Refresh, Starting, Protection, 23.12.2015 12:14, SYSTEM, GLOBALITY, Protection, Malicious Website Protection, Stopping, Protection, 23.12.2015 12:14, SYSTEM, GLOBALITY, Protection, Malicious Website Protection, Stopped, Protection, 23.12.2015 12:14, SYSTEM, GLOBALITY, Protection, Refresh, Success, Protection, 23.12.2015 12:14, SYSTEM, GLOBALITY, Protection, Malicious Website Protection, Starting, Protection, 23.12.2015 12:14, SYSTEM, GLOBALITY, Protection, Malicious Website Protection, Started, Detection, 23.12.2015 12:40, SYSTEM, GLOBALITY, Protection, Malicious Website Protection, Domain, 136.243.22.25, interstat.eu, 59421, Outbound, C:\Users\Daniel\AppData\Roaming\BandwidthStat\bandwidthstat.exe, Detection, 23.12.2015 12:40, SYSTEM, GLOBALITY, Protection, Malicious Website Protection, Domain, 136.243.22.25, interstat.eu, 59421, Outbound, C:\Users\Daniel\AppData\Roaming\BandwidthStat\bandwidthstat.exe, Detection, 23.12.2015 13:40, SYSTEM, GLOBALITY, Protection, Malicious Website Protection, Domain, 136.243.22.25, interstat.eu, 62038, Outbound, C:\Users\Daniel\AppData\Roaming\BandwidthStat\bandwidthstat.exe, (end) Code:
ATTFilter Malwarebytes Anti-Malware www.malwarebytes.org Suchlaufdatum: 23.12.2015 Suchlaufzeit: 14:23 Protokolldatei: Scanprotokoll.txt Administrator: Ja Version: 2.2.0.1024 Malware-Datenbank: v2015.12.23.03 Rootkit-Datenbank: v2015.12.18.01 Lizenz: Premium-Version Malware-Schutz: Aktiviert Schutz vor bösartigen Websites: Aktiviert Selbstschutz: Deaktiviert Betriebssystem: Windows 10 CPU: x64 Dateisystem: NTFS Benutzer: Daniel Suchlauftyp: Bedrohungssuchlauf Ergebnis: Abgeschlossen Durchsuchte Objekte: 468666 Abgelaufene Zeit: 18 Min., 13 Sek. Speicher: Aktiviert Start: Aktiviert Dateisystem: Aktiviert Archive: Aktiviert Rootkits: Deaktiviert Heuristik: Aktiviert PUP: Aktiviert PUM: Aktiviert Prozesse: 0 (keine bösartigen Elemente erkannt) Module: 0 (keine bösartigen Elemente erkannt) Registrierungsschlüssel: 1 PUP.Optional.Vitruvian, HKU\S-1-5-21-2676936528-1030403693-891089861-1001\SOFTWARE\INSTALLPATH\STATUS, In Quarantäne, [8ff0abfd58332c0ab6d10b0518ecbe42], Registrierungswerte: 3 PUP.Optional.Vitruvian, HKU\S-1-5-21-2676936528-1030403693-891089861-1001\SOFTWARE\INSTALLPATH\STATUS|SwiftSearch, I, In Quarantäne, [8ff0abfd58332c0ab6d10b0518ecbe42] PUP.Optional.VBates, HKU\S-1-5-21-2676936528-1030403693-891089861-1001\SOFTWARE\INSTALLPATH\STATUS|Groover, R, In Quarantäne, [6a1567417b100a2ce99de12fcd37d52b] PUP.Optional.Komodia, HKU\S-1-5-21-2676936528-1030403693-891089861-1001\SOFTWARE\INSTALLPATH\STATUS|FlowsurfCB, P, In Quarantäne, [c3bcdecaa3e8d165473064ac1de741bf] Registrierungsdaten: 0 (keine bösartigen Elemente erkannt) Ordner: 0 (keine bösartigen Elemente erkannt) Dateien: 0 (keine bösartigen Elemente erkannt) Physische Sektoren: 0 (keine bösartigen Elemente erkannt) (end) Code:
ATTFilter Entferungsergebnis von Farbar Recovery Scan Tool (x64) Version:20-12-2015
durchgeführt von Daniel (2015-12-23 14:21:42) Run:2
Gestartet von C:\Users\Daniel\Desktop
Geladene Profile: Daniel & postgres (Verfügbare Profile: Daniel & postgres & Gl0ba_000)
Start-Modus: Normal
==============================================
fixlist Inhalt:
*****************
C:\Flashtool\custom\root\run_root_shell\run_root_shell
C:\MtkDroidTools\files\pwn
C:\MtkDroidTools\files\zR
C:\Poker\files\pwn
C:\Poker\files\zR
C:\Poker\MtkDroidTools\files\pwn
C:\Poker\MtkDroidTools\files\zR
C:\Program Files (x86)\Google\Chrome\Application\plugins\npMozCouponPrinter.dll
C:\Program Files (x86)\Mozilla Firefox\browser\plugins\npMozCouponPrinter.dll
C:\rooten\files\run_root_shell
C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Default\File System\005\t\00\00000000
C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Default\File System\005\t\00\00000001
C:\Users\Daniel\AppData\Local\Skype\MtkDroidTools\files\pwn
C:\Users\Daniel\Downloads\ALNO_KPLSetup14a - CHIP-Installer.exe
C:\Users\Daniel\Downloads\CouponPrinter.exe
C:\Users\Daniel\Downloads\DooMLoRD_Easy-Rooting-Toolkit_v19a_perf-event-exploit.zip
C:\Users\Daniel\Downloads\ipadian.exe
C:\Users\Daniel\Downloads\setup.exe
C:\Users\Daniel\Downloads\tr.apk
C:\Windows\CouponPrinter.ocx
D:\sicherung\Dale Carnegie - Besser miteinander reden\Kostenloser Usenet Zugang.url
D:\unsortiert\setup.exe
Startup: C:\Users\Daniel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\An OneNote senden.lnk [2015-12-15]
ShortcutTarget: An OneNote senden.lnk -> C:\Program Files\Microsoft Office\Office15\ONENOTEM.EXE (Microsoft Corporation)
EmptyTemp:
*****************
C:\Flashtool\custom\root\run_root_shell\run_root_shell => erfolgreich verschoben
C:\MtkDroidTools\files\pwn => erfolgreich verschoben
C:\MtkDroidTools\files\zR => erfolgreich verschoben
C:\Poker\files\pwn => erfolgreich verschoben
C:\Poker\files\zR => erfolgreich verschoben
C:\Poker\MtkDroidTools\files\pwn => erfolgreich verschoben
C:\Poker\MtkDroidTools\files\zR => erfolgreich verschoben
C:\Program Files (x86)\Google\Chrome\Application\plugins\npMozCouponPrinter.dll => erfolgreich verschoben
C:\Program Files (x86)\Mozilla Firefox\browser\plugins\npMozCouponPrinter.dll => erfolgreich verschoben
C:\rooten\files\run_root_shell => erfolgreich verschoben
C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Default\File System\005\t\00\00000000 => erfolgreich verschoben
C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Default\File System\005\t\00\00000001 => erfolgreich verschoben
C:\Users\Daniel\AppData\Local\Skype\MtkDroidTools\files\pwn => erfolgreich verschoben
C:\Users\Daniel\Downloads\ALNO_KPLSetup14a - CHIP-Installer.exe => erfolgreich verschoben
C:\Users\Daniel\Downloads\CouponPrinter.exe => erfolgreich verschoben
C:\Users\Daniel\Downloads\DooMLoRD_Easy-Rooting-Toolkit_v19a_perf-event-exploit.zip => erfolgreich verschoben
C:\Users\Daniel\Downloads\ipadian.exe => erfolgreich verschoben
C:\Users\Daniel\Downloads\setup.exe => erfolgreich verschoben
C:\Users\Daniel\Downloads\tr.apk => erfolgreich verschoben
C:\Windows\CouponPrinter.ocx => erfolgreich verschoben
D:\sicherung\Dale Carnegie - Besser miteinander reden\Kostenloser Usenet Zugang.url => erfolgreich verschoben
D:\unsortiert\setup.exe => erfolgreich verschoben
C:\Users\Daniel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\An OneNote senden.lnk => erfolgreich verschoben
C:\Program Files\Microsoft Office\Office15\ONENOTEM.EXE => erfolgreich verschoben
EmptyTemp: => 34.3 MB temporäre Dateien entfernt.
Das System musste neu gestartet werden.
==== Ende von Fixlog 14:21:55 ====
FRST Logfile: Code:
ATTFilter Untersuchungsergebnis von Farbar Recovery Scan Tool (FRST) (x64) Version:20-12-2015 durchgeführt von Daniel (Administrator) auf GLOBALITY (23-12-2015 14:49:13) Gestartet von C:\Users\Daniel\Desktop Geladene Profile: Daniel & postgres (Verfügbare Profile: Daniel & postgres & Gl0ba_000) Platform: Windows 10 Pro (X64) Sprache: Deutsch (Deutschland) Internet Explorer Version 11 (Standard-Browser: "C:\Program Files (x86)\Sirrix AG\BitBox\bin\BitBoxClient.exe" start "%1") Start-Modus: Normal Anleitung für Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Prozesse (Nicht auf der Ausnahmeliste) ================= (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Prozess geschlossen. Die Datei wird nicht verschoben.) (AMD) C:\Windows\System32\atiesrxx.exe (AMD) C:\Windows\System32\atieclxx.exe (Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe (Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe (BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-UpdaterService.exe (Sirrix AG) C:\Program Files (x86)\Sirrix AG\BitBox\bin\BitBoxService.exe (BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe (devolo AG) C:\Program Files (x86)\devolo\dlan\devolonetsvc.exe (IObit) C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe (Malwarebytes) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe (Malwarebytes) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe (Star Finanz-Software Entwicklung und Vertriebs GmbH) C:\Program Files (x86)\StarMoney 9.0\ouservice\StarMoneyOnlineUpdate.exe (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe (PacketVideo) C:\Program Files (x86)\Twonky\TwonkyServer\twonkystarter.exe () C:\Program Files (x86)\Twonky\TwonkyServer\twonkyproxy.exe (Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe (PostgreSQL Global Development Group) C:\postgreSQL\bin\pg_ctl.exe () C:\Program Files (x86)\Twonky\TwonkyServer\twonkyserver.exe (PostgreSQL Global Development Group) C:\postgreSQL\bin\postgres.exe (PostgreSQL Global Development Group) C:\postgreSQL\bin\postgres.exe (PostgreSQL Global Development Group) C:\postgreSQL\bin\postgres.exe (PostgreSQL Global Development Group) C:\postgreSQL\bin\postgres.exe (PostgreSQL Global Development Group) C:\postgreSQL\bin\postgres.exe (Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe (Malwarebytes) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Sony) C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe () C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanionInfo.exe (LINE Corporation) C:\Program Files (x86)\Naver\LINE\Line.exe (Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe (Internet Monitor) C:\Users\Daniel\AppData\Roaming\BandwidthStat\bandwidthstat.exe (Elaborate Bytes AG) C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe (Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe (PacketVideo) C:\Program Files (x86)\Twonky\TwonkyServer\twonkytray.exe () C:\Program Files\Rainmeter\Rainmeter.exe (Geek Software GmbH) C:\Program Files (x86)\PDF24\pdf24.exe (BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-Agent.exe (Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe ==================== Registry (Nicht auf der Ausnahmeliste) =========================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt. Die Datei wird nicht verschoben.) HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13885696 2015-06-24] (Realtek Semiconductor) HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [508240 2015-08-05] (Adobe Systems Incorporated) HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [767176 2015-11-04] (Advanced Micro Devices, Inc.) HKLM-x32\...\Run: [VirtualCloneDrive] => C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe [88984 2013-03-10] (Elaborate Bytes AG) HKLM-x32\...\Run: [PDFPrint] => C:\Program Files (x86)\PDF24\pdf24.exe [191016 2014-05-14] (Geek Software GmbH) HKLM-x32\...\Run: [SwitchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) HKLM-x32\...\Run: [AdobeCS6ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [1073312 2012-03-09] (Adobe Systems Incorporated) HKLM-x32\...\Run: [Andy] => C:\Program Files\Andy\HandyAndy.exe HKLM-x32\...\Run: [BlueStacks Agent] => C:\Program Files (x86)\BlueStacks\HD-Agent.exe [883280 2015-12-10] (BlueStack Systems, Inc.) HKU\S-1-5-21-2676936528-1030403693-891089861-1001\...\Run: [Sony PC Companion] => C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe [457088 2015-09-23] (Sony) HKU\S-1-5-21-2676936528-1030403693-891089861-1001\...\Run: [Line] => C:\Program Files (x86)\Naver\LINE\Line.exe [15664152 2015-08-18] (LINE Corporation) HKU\S-1-5-21-2676936528-1030403693-891089861-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [50755200 2015-12-08] (Skype Technologies S.A.) HKU\S-1-5-21-2676936528-1030403693-891089861-1001\...\Run: [BandwidthStat] => C:\Users\Daniel\AppData\Roaming\BandwidthStat\bandwidthstat.exe [569344 2015-12-15] (Internet Monitor) HKU\S-1-5-21-2676936528-1030403693-891089861-1006\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [50755200 2015-12-08] (Skype Technologies S.A.) HKU\S-1-5-21-2676936528-1030403693-891089861-1006\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [517632 2015-07-10] (Microsoft Corporation) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Twonky Server.lnk [2015-12-15] ShortcutTarget: Twonky Server.lnk -> C:\Program Files (x86)\Twonky\TwonkyServer\twonkytray.exe (PacketVideo) Startup: C:\Users\Daniel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Rainmeter.lnk [2015-12-15] ShortcutTarget: Rainmeter.lnk -> C:\Program Files\Rainmeter\Rainmeter.exe () ==================== Internet (Nicht auf der Ausnahmeliste) ==================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Eintrag entfernt oder auf den Standardwert zurückgesetzt, wenn es sich um einen Registryeintrag handelt.) Tcpip\Parameters: [DhcpNameServer] 192.168.2.1 Tcpip\..\Interfaces\{c3d2b33a-5f1a-4bce-8c16-a5ea94bc6a72}: [DhcpNameServer] 192.168.2.1 Internet Explorer: ================== HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank HKU\S-1-5-21-2676936528-1030403693-891089861-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://t.de.msn.com/ HKU\S-1-5-21-2676936528-1030403693-891089861-1006\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank HKU\S-1-5-21-2676936528-1030403693-891089861-1006\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://t.de.msn.com/ BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll [2015-11-18] (Microsoft Corporation) BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_25\bin\ssv.dll [2014-12-24] (Oracle Corporation) BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL [2015-11-10] (Microsoft Corporation) BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_25\bin\jp2ssv.dll [2014-12-24] (Oracle Corporation) BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll [2015-11-18] (Microsoft Corporation) BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll [2015-05-09] (Oracle Corporation) BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL [2015-11-10] (Microsoft Corporation) BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [2015-05-09] (Oracle Corporation) Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL [2014-03-12] (Microsoft Corporation) Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2014-05-02] (Skype Technologies) FireFox: ======== FF ProfilePath: C:\Users\Daniel\AppData\Roaming\Mozilla\Firefox\Profiles\v7rfplju.default FF NewTab: about:newtab FF Keyword.URL: FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_20_0_0_235.dll [2015-12-12] () FF Plugin: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll [2014-12-24] (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files\Java\jre1.8.0_25\bin\plugin2\npjp2.dll [2014-12-24] (Oracle Corporation) FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.41105.0\npctrl.dll [2015-11-04] ( Microsoft Corporation) FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~1\Office15\NPSPWRAP.DLL [2014-01-23] (Microsoft Corporation) FF Plugin: @videolan.org/vlc,version=2.1.4 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2014-02-28] (VideoLAN) FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [Keine Datei] FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_20_0_0_235.dll [2015-12-12] () FF Plugin-x32: @java.com/DTPlugin,version=10.51.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll [2015-05-09] (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=10.51.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll [2015-05-09] (Oracle Corporation) FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2015-03-31] (Microsoft Corporation) FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.41105.0\npctrl.dll [2015-11-04] ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL [2014-01-22] (Microsoft Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-06] (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-06] (Google Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll [2015-03-31] (Microsoft Corporation) FF Extension: Flash and Video Download - C:\Users\Daniel\AppData\Roaming\Mozilla\Firefox\Profiles\v7rfplju.default\extensions\{bee6eb20-01e0-ebd1-da83-080329fb9a3a} [2015-12-12] FF Extension: Flash Video Downloader - YouTube HD Download [4K] - C:\Users\Daniel\AppData\Roaming\Mozilla\Firefox\Profiles\v7rfplju.default\extensions\artur.dubovoy@gmail.com [2015-12-12] FF Extension: FireFTP - C:\Users\Daniel\AppData\Roaming\Mozilla\Firefox\Profiles\v7rfplju.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f} [2015-12-12] Chrome: ======= CHR HomePage: Default -> hxxp://www.google.de/ CHR Profile: C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Default CHR Extension: (Google*Übersetzer) - C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapbdbdomjkkjkaonfhkkikfgjllcleb [2015-11-17] CHR Extension: (Google Docs) - C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-02-04] CHR Extension: (Google Drive) - C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-25] CHR Extension: (YouTube) - C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-25] CHR Extension: (Google-Suche) - C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-30] CHR Extension: (FTP Free) - C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Default\Extensions\ehdgcfaoankkonoiichmblcfijkomfbn [2014-09-27] CHR Extension: (Video Downloader professional) - C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Default\Extensions\elicpjhcidhpjomhibiffojpinpmmpil [2015-12-22] CHR Extension: (ZenMate Security, Privacy & Unblock VPN) - C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Default\Extensions\fdcgdnkidjaadafnichfpabhfomcebme [2015-11-16] CHR Extension: (Google Docs Offline) - C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-11-17] CHR Extension: (qipu Cashbackmelder open beta) - C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Default\Extensions\mloigoojndlehdjiemdfpiikieonngel [2015-01-16] CHR Extension: (Codeanywhere) - C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndcfkjjcjfpmmhdedhnbkknbehiadgjg [2014-05-13] CHR Extension: (Chrome Web Store-Zahlungen) - C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-08-01] CHR Extension: (Google Mail) - C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-28] ==================== Dienste (Nicht auf der Ausnahmeliste) ======================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.) R2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2016448 2015-11-25] (Adobe Systems, Incorporated) R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [344064 2015-07-15] (Advanced Micro Devices, Inc.) [Datei ist nicht signiert] R2 BitBoxService; C:\Program Files (x86)\Sirrix AG\BitBox\bin\BitBoxService.exe [738304 2015-11-13] (Sirrix AG) [Datei ist nicht signiert] S3 BstHdAndroidSvc; C:\Program Files (x86)\BlueStacks\HD-Service.exe [432720 2015-12-10] (BlueStack Systems, Inc.) R2 BstHdLogRotatorSvc; C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe [412240 2015-12-10] (BlueStack Systems, Inc.) R2 BstHdUpdaterSvc; C:\Program Files (x86)\BlueStacks\HD-UpdaterService.exe [854608 2015-12-10] (BlueStack Systems, Inc.) R2 DevoloNetworkService; C:\Program Files (x86)\devolo\dlan\devolonetsvc.exe [3645432 2014-07-18] (devolo AG) R2 LiveUpdateSvc; C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe [2934048 2015-11-10] (IObit) R2 MBAMScheduler; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe [1513784 2015-10-05] (Malwarebytes) R2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [1135416 2015-10-05] (Malwarebytes) R2 postgresql-8.4; c:\postgreSQL\bin\pg_ctl.exe [66048 2014-02-18] (PostgreSQL Global Development Group) [Datei ist nicht signiert] R2 StarMoney 9.0 OnlineUpdate; C:\Program Files (x86)\StarMoney 9.0\ouservice\StarMoneyOnlineUpdate.exe [697488 2014-07-04] (Star Finanz-Software Entwicklung und Vertriebs GmbH) S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [Datei ist nicht signiert] R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [5426448 2014-12-15] (TeamViewer GmbH) R2 TwonkyProxy; C:\Program Files (x86)\Twonky\TwonkyServer\twonkyproxy.exe [885576 2013-05-23] () R2 TwonkyServer; C:\Program Files (x86)\Twonky\TwonkyServer\twonkystarter.exe [586568 2013-05-23] (PacketVideo) R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [362928 2015-07-10] (Microsoft Corporation) R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2015-07-10] (Microsoft Corporation) ===================== Treiber (Nicht auf der Ausnahmeliste) ========================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.) S0 amdkmafd; C:\Windows\System32\drivers\amdkmafd.sys [21160 2012-09-23] (Advanced Micro Devices, Inc.) R2 AODDriver4.2.0; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [59616 2014-02-11] (Advanced Micro Devices) R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdWT6.sys [102912 2015-05-28] (Advanced Micro Devices) R2 BstHdDrv; C:\Program Files (x86)\BlueStacks\HD-Hypervisor-amd64.sys [146040 2015-12-10] (BlueStack Systems) R1 HWiNFO32; C:\WINDOWS\SysWOW64\drivers\HWiNFO64A.SYS [26528 2015-12-15] (REALiX(tm)) R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25816 2015-10-05] (Malwarebytes) R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [192216 2015-12-23] (Malwarebytes) R3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [64216 2015-10-05] (Malwarebytes Corporation) R2 NPF_devolo; C:\Windows\sysWOW64\drivers\npf_devolo.sys [34048 2013-03-04] (CACE Technologies) R3 rt640x64; C:\Windows\System32\drivers\rt640x64.sys [587264 2015-07-10] (Realtek ) S3 UdeCx; C:\Windows\System32\drivers\udecx.sys [44032 2015-07-10] () R1 VBoxNetLwf; C:\Windows\system32\DRIVERS\VBoxNetLwf.sys [194816 2015-11-11] (Oracle Corporation) S0 WdBoot; C:\Windows\System32\drivers\WdBoot.sys [44568 2015-07-10] (Microsoft Corporation) R0 WdFilter; C:\Windows\System32\drivers\WdFilter.sys [291680 2015-07-10] (Microsoft Corporation) R2 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [119648 2015-07-10] (Microsoft Corporation) S3 VBoxNetFlt; \SystemRoot\system32\DRIVERS\VBoxNetFlt.sys [X] S3 wfpcapture; \SystemRoot\System32\drivers\wfpcapture.sys [X] ==================== NetSvcs (Nicht auf der Ausnahmeliste) =================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.) ==================== Ein Monat: Erstellte Dateien und Ordner ======== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.) 2015-12-23 14:48 - 2015-12-23 14:48 - 00001778 _____ C:\Users\Daniel\Desktop\Scanprotokoll.txt 2015-12-23 14:42 - 2015-12-23 14:42 - 00001733 _____ C:\Erkannte Bedrohungen.txt 2015-12-23 14:42 - 2015-12-23 14:42 - 00001726 _____ C:\Scanprotokoll.txt 2015-12-23 14:39 - 2015-12-23 14:39 - 00016148 _____ C:\WINDOWS\system32\GLOBALITY_Daniel_HistoryPrediction.bin 2015-12-23 14:15 - 2015-12-23 14:15 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\Daniel\Downloads\revosetup95.exe 2015-12-23 14:15 - 2015-12-23 14:15 - 00001337 _____ C:\Users\Daniel\Desktop\Revo Uninstaller.lnk 2015-12-23 14:15 - 2015-12-23 14:15 - 00000000 ____D C:\Users\Daniel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller 2015-12-23 14:15 - 2015-12-23 14:15 - 00000000 ____D C:\Program Files (x86)\VS Revo Group 2015-12-23 14:14 - 2015-12-23 14:14 - 00010510 _____ C:\Users\Daniel\Desktop\schutzprotokoll.txt 2015-12-23 14:14 - 2015-12-23 14:14 - 00010510 _____ C:\Schutzprotokoll.txt 2015-12-23 07:39 - 2015-12-23 07:39 - 00280168 _____ C:\WINDOWS\Minidump\122315-10015-01.dmp 2015-12-22 19:29 - 2015-12-22 19:29 - 02870984 _____ (ESET) C:\Users\Daniel\Downloads\esetsmartinstaller_deu.exe 2015-12-22 19:23 - 2015-12-23 14:21 - 00003820 _____ C:\Users\Daniel\Desktop\Fixlog.txt 2015-12-22 18:45 - 2015-12-23 14:23 - 00003808 _____ C:\WINDOWS\System32\Tasks\AutoKMS 2015-12-22 18:36 - 2015-12-22 18:43 - 00000000 ____D C:\AdwCleaner 2015-12-22 18:32 - 2015-12-22 18:32 - 01743360 _____ C:\Users\Daniel\Desktop\AdwCleaner_5.026.exe 2015-12-22 18:22 - 2015-12-22 18:23 - 00050521 _____ C:\Users\Daniel\Desktop\Addition.txt 2015-12-22 18:21 - 2015-12-23 14:49 - 00019684 _____ C:\Users\Daniel\Desktop\FRST.txt 2015-12-22 18:15 - 2015-12-22 18:15 - 06708416 _____ (Adobe System Incorporated.) C:\Users\Daniel\Downloads\AdobeCreativeCloudCleanerTool.exe 2015-12-22 12:01 - 2015-12-22 12:01 - 00007493 _____ C:\Users\Daniel\Desktop\Malwarebyte.txt 2015-12-22 11:49 - 2015-12-22 11:50 - 00000532 _____ C:\Users\Daniel\Desktop\Neues Textdokument.txt 2015-12-22 11:37 - 2015-12-23 14:49 - 00000000 ____D C:\FRST 2015-12-22 11:36 - 2015-12-22 11:37 - 02370560 _____ (Farbar) C:\Users\Daniel\Desktop\FRST64.exe 2015-12-21 14:28 - 2015-12-21 14:28 - 00514327 _____ C:\Users\Daniel\Desktop\20151221.pdf 2015-12-21 14:24 - 2015-12-21 14:24 - 00000000 ____D C:\ProgramData\ATI 2015-12-21 11:16 - 2015-12-21 11:16 - 00036520 _____ C:\Users\Daniel\Documents\arena.mrf 2015-12-21 10:28 - 2015-12-21 10:28 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD Catalyst Control Center 2015-12-21 10:26 - 2015-12-21 10:27 - 00000000 ____D C:\WINDOWS\LastGood.Tmp 2015-12-21 10:25 - 2015-12-21 10:25 - 47794160 _____ (Advanced Micro Devices Inc.) C:\WINDOWS\system32\amdocl64.dll 2015-12-21 10:25 - 2015-12-21 10:25 - 39720944 _____ (Advanced Micro Devices Inc.) C:\WINDOWS\SysWOW64\amdocl.dll 2015-12-21 10:25 - 2015-12-21 10:25 - 30775792 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\system32\atio6axx.dll 2015-12-21 10:25 - 2015-12-21 10:25 - 27544560 _____ (Advanced Micro Devices Inc.) C:\WINDOWS\system32\amdocl12cl64.dll 2015-12-21 10:25 - 2015-12-21 10:25 - 25320432 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\SysWOW64\atioglxx.dll 2015-12-21 10:25 - 2015-12-21 10:25 - 22327280 _____ (Advanced Micro Devices Inc.) C:\WINDOWS\SysWOW64\amdocl12cl.dll 2015-12-21 10:25 - 2015-12-21 10:25 - 15725552 _____ (Advanced Micro Devices Inc.) C:\WINDOWS\system32\aticaldd64.dll 2015-12-21 10:25 - 2015-12-21 10:25 - 14310896 _____ (Advanced Micro Devices Inc.) C:\WINDOWS\SysWOW64\aticaldd.dll 2015-12-21 10:25 - 2015-12-21 10:25 - 09355016 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\amdxc64.dll 2015-12-21 10:25 - 2015-12-21 10:25 - 08982432 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\atiumd6a.dll 2015-12-21 10:25 - 2015-12-21 10:25 - 08864920 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\atiumd64.dll 2015-12-21 10:25 - 2015-12-21 10:25 - 07683096 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\amdxc32.dll 2015-12-21 10:25 - 2015-12-21 10:25 - 06686192 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\amdmantle64.dll 2015-12-21 10:25 - 2015-12-21 10:25 - 05216240 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\amdmantle32.dll 2015-12-21 10:25 - 2015-12-21 10:25 - 03471376 _____ C:\WINDOWS\SysWOW64\atiumdva.cap 2015-12-21 10:25 - 2015-12-21 10:25 - 03437632 _____ C:\WINDOWS\system32\atiumd6a.cap 2015-12-21 10:25 - 2015-12-21 10:25 - 01256432 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\system32\atiadlxx.dll 2015-12-21 10:25 - 2015-12-21 10:25 - 01196032 _____ C:\WINDOWS\system32\amdocl_as64.exe 2015-12-21 10:25 - 2015-12-21 10:25 - 01070592 _____ C:\WINDOWS\system32\amdocl_ld64.exe 2015-12-21 10:25 - 2015-12-21 10:25 - 01004032 _____ C:\WINDOWS\SysWOW64\amdocl_as32.exe 2015-12-21 10:25 - 2015-12-21 10:25 - 00935408 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\SysWOW64\atiadlxy.dll 2015-12-21 10:25 - 2015-12-21 10:25 - 00935408 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\SysWOW64\atiadlxx.dll 2015-12-21 10:25 - 2015-12-21 10:25 - 00807424 _____ C:\WINDOWS\SysWOW64\amdocl_ld32.exe 2015-12-21 10:25 - 2015-12-21 10:25 - 00662400 _____ C:\WINDOWS\SysWOW64\atiapfxx.blb 2015-12-21 10:25 - 2015-12-21 10:25 - 00662400 _____ C:\WINDOWS\system32\atiapfxx.blb 2015-12-21 10:25 - 2015-12-21 10:25 - 00631792 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\system32\amdlvr64.dll 2015-12-21 10:25 - 2015-12-21 10:25 - 00524272 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\SysWOW64\amdlvr32.dll 2015-12-21 10:25 - 2015-12-21 10:25 - 00471320 _____ C:\WINDOWS\system32\amdmiracast.dll 2015-12-21 10:25 - 2015-12-21 10:25 - 00451056 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\system32\atidemgy.dll 2015-12-21 10:25 - 2015-12-21 10:25 - 00375792 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\system32\atiapfxx.exe 2015-12-21 10:25 - 2015-12-21 10:25 - 00341488 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\system32\ATIODE.exe 2015-12-21 10:25 - 2015-12-21 10:25 - 00243696 _____ C:\WINDOWS\system32\clinfo.exe 2015-12-21 10:25 - 2015-12-21 10:25 - 00213488 _____ C:\WINDOWS\system32\amdgfxinfo64.dll 2015-12-21 10:25 - 2015-12-21 10:25 - 00199664 _____ (AMD) C:\WINDOWS\system32\atitmm64.dll 2015-12-21 10:25 - 2015-12-21 10:25 - 00198640 _____ C:\WINDOWS\SysWOW64\amdgfxinfo32.dll 2015-12-21 10:25 - 2015-12-21 10:25 - 00168944 _____ C:\WINDOWS\system32\atieah64.exe 2015-12-21 10:25 - 2015-12-21 10:25 - 00165360 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\atig6txx.dll 2015-12-21 10:25 - 2015-12-21 10:25 - 00152560 _____ C:\WINDOWS\SysWOW64\atieah32.exe 2015-12-21 10:25 - 2015-12-21 10:25 - 00151936 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\system32\amdhcp64.dll 2015-12-21 10:25 - 2015-12-21 10:25 - 00150512 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\atigktxx.dll 2015-12-21 10:25 - 2015-12-21 10:25 - 00143344 _____ C:\WINDOWS\system32\amdhdl64.dll 2015-12-21 10:25 - 2015-12-21 10:25 - 00138384 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\SysWOW64\amdhcp32.dll 2015-12-21 10:25 - 2015-12-21 10:25 - 00136176 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\mantle64.dll 2015-12-21 10:25 - 2015-12-21 10:25 - 00132080 _____ C:\WINDOWS\SysWOW64\amdhdl32.dll 2015-12-21 10:25 - 2015-12-21 10:25 - 00130064 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\atiu9p64.dll 2015-12-21 10:25 - 2015-12-21 10:25 - 00122352 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\mantle32.dll 2015-12-21 10:25 - 2015-12-21 10:25 - 00117600 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\amdave64.dll 2015-12-21 10:25 - 2015-12-21 10:25 - 00111600 _____ C:\WINDOWS\system32\hsa-thunk64.dll 2015-12-21 10:25 - 2015-12-21 10:25 - 00111088 _____ C:\WINDOWS\SysWOW64\hsa-thunk.dll 2015-12-21 10:25 - 2015-12-21 10:25 - 00110320 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\amdave32.dll 2015-12-21 10:25 - 2015-12-21 10:25 - 00103408 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\mantleaxl64.dll 2015-12-21 10:25 - 2015-12-21 10:25 - 00097776 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\atisamu64.dll 2015-12-21 10:25 - 2015-12-21 10:25 - 00096752 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\mantleaxl32.dll 2015-12-21 10:25 - 2015-12-21 10:25 - 00089584 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\atisamu32.dll 2015-12-21 10:25 - 2015-12-21 10:25 - 00088000 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\atimpc64.dll 2015-12-21 10:25 - 2015-12-21 10:25 - 00088000 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\amdpcom64.dll 2015-12-21 10:25 - 2015-12-21 10:25 - 00083952 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\atig6pxx.dll 2015-12-21 10:25 - 2015-12-21 10:25 - 00081160 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\atimpc32.dll 2015-12-21 10:25 - 2015-12-21 10:25 - 00081160 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\amdpcom32.dll 2015-12-21 10:25 - 2015-12-21 10:25 - 00078320 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\atiglpxx.dll 2015-12-21 10:25 - 2015-12-21 10:25 - 00078320 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\atiglpxx.dll 2015-12-21 10:25 - 2015-12-21 10:25 - 00073712 _____ (Khronos Group) C:\WINDOWS\system32\OpenCL.dll 2015-12-21 10:25 - 2015-12-21 10:25 - 00071152 _____ (Advanced Micro Devices Inc.) C:\WINDOWS\system32\aticalrt64.dll 2015-12-21 10:25 - 2015-12-21 10:25 - 00068080 _____ (Khronos Group) C:\WINDOWS\SysWOW64\OpenCL.dll 2015-12-21 10:25 - 2015-12-21 10:25 - 00064496 _____ (Advanced Micro Devices Inc.) C:\WINDOWS\system32\aticalcl64.dll 2015-12-21 10:25 - 2015-12-21 10:25 - 00060912 _____ (Advanced Micro Devices Inc.) C:\WINDOWS\SysWOW64\aticalrt.dll 2015-12-21 10:25 - 2015-12-21 10:25 - 00059888 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\system32\ATIODCLI.exe 2015-12-21 10:25 - 2015-12-21 10:25 - 00059376 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\amdmmcl6.dll 2015-12-21 10:25 - 2015-12-21 10:25 - 00057840 _____ (Advanced Micro Devices Inc.) C:\WINDOWS\SysWOW64\aticalcl.dll 2015-12-21 10:25 - 2015-12-21 10:25 - 00052208 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\system32\Drivers\ati2erec.dll 2015-12-21 10:25 - 2015-12-21 10:25 - 00048112 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\amdmmcl.dll 2015-12-21 10:25 - 2015-12-21 10:25 - 00038384 _____ (AMD) C:\WINDOWS\system32\atimuixx.dll 2015-12-21 10:25 - 2015-12-21 10:25 - 00012784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\detoured.dll 2015-12-21 10:25 - 2015-12-21 10:25 - 00012784 _____ (Microsoft Corporation) C:\WINDOWS\system32\detoured.dll 2015-12-20 20:56 - 2015-12-20 20:56 - 00478062 _____ C:\Users\Daniel\Desktop\20151220.pdf 2015-12-20 17:19 - 2015-12-22 11:07 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox 2015-12-20 13:28 - 2015-12-21 14:29 - 00283623 _____ C:\Users\Daniel\Desktop\Dienstplan_TV_Cannstatt.xlsm 2015-12-20 10:36 - 2015-12-20 10:36 - 00255478 _____ C:\Users\Daniel\Downloads\Dienstplan_Änderung2_NEU (1).xlsm 2015-12-20 10:36 - 2015-12-20 10:36 - 00255478 _____ C:\Users\Daniel\Desktop\Dienstplan_Änderung2_NEU (1).xlsm 2015-12-18 10:57 - 2015-12-18 11:03 - 606692048 _____ (Sirrix AG) C:\Users\Daniel\Downloads\Browser_In_The_Box.4.1.4-r150.chrome.Archive.exe 2015-12-18 10:41 - 2015-12-19 19:28 - 00000222 _____ C:\Users\Daniel\Desktop\nicht angreiffen.txt 2015-12-18 10:36 - 2015-12-18 10:36 - 00617444 _____ C:\Users\Daniel\Downloads\Browser-in-the-Box_Benutzerhandbuch.pdf 2015-12-16 15:10 - 2015-12-16 15:10 - 00025360 _____ C:\Users\Daniel\Documents\far-Flung Prairie.mrf 2015-12-15 21:23 - 2015-12-15 21:23 - 00034360 _____ C:\Users\Daniel\Documents\nightfall swamp.mrf 2015-12-15 18:10 - 2015-12-15 18:11 - 21852240 _____ C:\Users\Daniel\Downloads\Smoothies.rar 2015-12-15 17:33 - 2015-12-15 17:33 - 00280112 _____ C:\WINDOWS\Minidump\121515-9359-01.dmp 2015-12-15 15:47 - 2015-12-15 15:47 - 00006660 _____ C:\Users\Daniel\Downloads\Rechnung Nr. 15005998.pdf 2015-12-15 13:56 - 2015-12-15 13:56 - 00023026 _____ C:\Users\Daniel\Downloads\Vodafone-Internet--Telefon-Kuendigung (1) (1).pdf 2015-12-15 13:53 - 2015-12-15 13:53 - 00023026 _____ C:\Users\Daniel\Downloads\Vodafone-Internet--Telefon-Kuendigung (1).pdf 2015-12-15 13:52 - 2015-12-15 13:53 - 00023026 _____ C:\Users\Daniel\Downloads\Vodafone-Internet--Telefon-Kuendigung.pdf 2015-12-15 13:36 - 2015-12-15 13:36 - 00000000 ____D C:\Users\Daniel\AppData\Roaming\Sirrix AG 2015-12-15 13:35 - 2015-12-15 13:35 - 00211398 _____ C:\Users\Daniel\Desktop\kündigung strom.pdf 2015-12-15 13:26 - 2015-12-18 11:04 - 00001332 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Browser in the Box.lnk 2015-12-15 13:26 - 2015-12-18 11:04 - 00001320 _____ C:\Users\Public\Desktop\Browser in the Box.lnk 2015-12-15 13:26 - 2015-12-15 13:26 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Browser in the Box 2015-12-15 13:25 - 2015-12-15 13:25 - 00000000 ____D C:\ProgramData\Sirrix AG 2015-12-15 13:25 - 2015-12-15 13:25 - 00000000 ____D C:\Program Files (x86)\Sirrix AG 2015-12-15 13:21 - 2015-12-15 13:21 - 00000000 ____D C:\Program Files\Oracle 2015-12-15 13:14 - 2015-12-15 13:19 - 565717248 _____ (Sirrix AG) C:\Users\Daniel\Downloads\Browser_In_The_Box.4.1.4-r150.firefox.Archive.exe 2015-12-15 13:12 - 2015-12-17 19:43 - 00002252 _____ C:\Users\Public\Desktop\Google Chrome.lnk 2015-12-15 13:11 - 2015-12-15 13:11 - 00927824 _____ (Google Inc.) C:\Users\Daniel\Downloads\ChromeSetup (1).exe 2015-12-15 12:47 - 2015-12-15 12:47 - 00436869 _____ C:\Users\Daniel\Downloads\Kündigung-strom-umzug-form (1).pdf 2015-12-15 12:44 - 2015-12-15 12:45 - 00436869 _____ C:\Users\Daniel\Downloads\Kündigung-strom-umzug-form.pdf 2015-12-15 12:28 - 2015-12-15 12:36 - 24149323 _____ C:\Users\Daniel\Downloads\Malwarebytes Anti-Malware Premium 2.2.0.1024.rar 2015-12-15 12:21 - 2015-12-23 14:22 - 00192216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys 2015-12-15 12:20 - 2015-12-15 13:10 - 00001165 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2015-12-15 12:20 - 2015-12-15 12:20 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 2015-12-15 12:20 - 2015-12-15 12:20 - 00000000 ____D C:\ProgramData\Malwarebytes 2015-12-15 12:20 - 2015-12-15 12:20 - 00000000 ____D C:\Program Files (x86)\ Malwarebytes Anti-Malware 2015-12-15 12:20 - 2015-10-05 09:50 - 00109272 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamchameleon.sys 2015-12-15 12:20 - 2015-10-05 09:50 - 00064216 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys 2015-12-15 12:20 - 2015-10-05 09:50 - 00025816 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys 2015-12-15 12:17 - 2015-12-15 12:18 - 22908888 _____ (Malwarebytes ) C:\Users\Daniel\Downloads\mbam-setup-2.2.0.1024.exe 2015-12-15 12:09 - 2015-12-15 12:09 - 00003530 _____ C:\WINDOWS\System32\Tasks\Ahonaradra 2015-12-15 12:01 - 2015-12-15 12:01 - 00003774 _____ C:\WINDOWS\System32\Tasks\SoftUpgrade 2015-12-15 12:01 - 2015-12-15 12:01 - 00000000 ____D C:\Users\Daniel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BandwidthStat 2015-12-15 12:01 - 2015-12-15 12:01 - 00000000 ____D C:\Users\Daniel\AppData\Roaming\BandwidthStat 2015-12-15 12:01 - 2015-12-15 12:01 - 00000000 ____D C:\Program Files (x86)\SoftUpgrade 2015-12-15 11:57 - 2015-12-15 11:57 - 00275717 _____ C:\Users\Daniel\Documents\151210 Rechnung_Lingel.pdf 2015-12-15 11:35 - 2015-12-15 11:35 - 00000000 ____D C:\ProgramData\{FD6F83C0-EC70-4581-8361-C70CD1AA4B98} 2015-12-15 11:34 - 2015-12-15 11:34 - 00026528 _____ (REALiX(tm)) C:\WINDOWS\SysWOW64\Drivers\HWiNFO64A.SYS 2015-12-15 11:34 - 2015-12-15 11:34 - 00000000 ____D C:\WINDOWS\Tasks\ImCleanDisabled 2015-12-15 11:34 - 2015-01-10 15:32 - 00128288 _____ (IObit) C:\WINDOWS\system32\IObitSmartDefragExtension.dll 2015-12-15 11:34 - 2014-06-04 15:17 - 00034080 _____ (IObit) C:\WINDOWS\system32\SmartDefragBootTime.exe 2015-12-15 11:33 - 2015-12-22 11:52 - 00000000 ____D C:\ProgramData\ProductData 2015-12-15 11:33 - 2015-12-15 11:41 - 00000000 ____D C:\Users\Daniel\AppData\Roaming\IObit 2015-12-15 11:33 - 2015-12-15 11:40 - 00000000 ____D C:\ProgramData\IObit 2015-12-15 11:33 - 2015-12-15 11:33 - 00000000 ____D C:\Users\Daniel\AppData\Roaming\ProductData 2015-12-15 11:33 - 2015-12-15 11:33 - 00000000 ____D C:\Users\Daniel\AppData\Roaming\Apple Computer 2015-12-15 11:33 - 2015-12-15 11:33 - 00000000 ____D C:\Users\Daniel\AppData\LocalLow\IObit 2015-12-15 11:32 - 2015-12-15 11:41 - 00000000 ____D C:\Program Files (x86)\IObit 2015-12-15 11:32 - 2015-12-15 11:32 - 30003568 _____ (IObit ) C:\Users\Daniel\Downloads\IObit-Malware-Fighter-Setup3409.exe 2015-12-15 11:16 - 2015-12-15 11:16 - 17529025 _____ C:\Users\Daniel\Documents\151210 Rechnung Lingel.pdf 2015-12-15 11:05 - 2015-12-15 11:13 - 00000000 ____D C:\Users\Daniel\AppData\Roaming\Opera Software 2015-12-15 11:05 - 2015-12-15 11:13 - 00000000 ____D C:\Users\Daniel\AppData\Local\Opera Software 2015-12-15 11:04 - 2015-12-15 11:05 - 17231872 _____ C:\Users\Daniel\Downloads\epson374980eu.exe 2015-12-15 11:03 - 2015-12-15 11:02 - 00004182 _____ C:\WINDOWS\system32\Drivers\etc\hp.bak 2015-12-15 11:02 - 2015-12-22 18:43 - 00000008 __RSH C:\Users\Daniel\ntuser.pol 2015-12-15 11:02 - 2015-12-22 18:43 - 00000008 __RSH C:\ProgramData\ntuser.pol 2015-12-15 11:01 - 2015-12-15 11:01 - 00003294 _____ C:\WINDOWS\System32\Tasks\{9049D845-5093-42F1-ABE4-823668FF2E6F} 2015-12-15 10:59 - 2015-12-15 10:59 - 12793856 _____ C:\Users\Daniel\Downloads\epson325480eu.exe 2015-12-15 10:57 - 2015-12-15 10:57 - 25198592 _____ C:\Users\Daniel\Downloads\epson324666eu.dmg 2015-12-14 20:52 - 2015-12-14 20:52 - 00030000 _____ C:\Users\Daniel\Documents\13.mrf 2015-12-14 14:28 - 2015-12-14 14:32 - 00027280 _____ C:\Users\Daniel\Documents\sunshine beach.mrf 2015-12-14 14:23 - 2015-12-14 14:23 - 31302583 _____ C:\Users\Daniel\Downloads\auv116.pdf 2015-12-14 14:23 - 2015-12-14 14:23 - 31302583 _____ C:\Users\Daniel\Downloads\auv116 (1).pdf 2015-12-14 14:22 - 2015-12-14 14:23 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype 2015-12-14 14:22 - 2015-12-14 14:22 - 00000000 ___RD C:\Program Files (x86)\Skype 2015-12-14 14:11 - 2015-12-14 14:15 - 11692510 _____ C:\Users\Daniel\Downloads\GLGzFAmSSuC(zA.rar 2015-12-14 14:05 - 2015-12-14 14:15 - 32280461 _____ C:\Users\Daniel\Downloads\Nicht bestätigt 522240.crdownload 2015-12-14 13:48 - 2015-12-14 13:48 - 00030280 _____ C:\Users\Daniel\Documents\Climbing Olympus.mrf 2015-12-14 13:20 - 2015-12-15 16:21 - 00000000 ____D C:\Users\Daniel\AppData\Roaming\Mouse Recorder 2015-12-14 13:20 - 2015-12-14 13:20 - 00000000 ____D C:\ProgramData\MouseRecorder 2015-12-14 13:20 - 2015-12-14 13:20 - 00000000 ____D C:\ProgramData\Mouse Recorder 2015-12-14 13:20 - 2015-12-14 13:20 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MouseRecorder 2015-12-14 13:20 - 2015-12-14 13:20 - 00000000 ____D C:\Program Files (x86)\MouseRecorder 2015-12-14 13:19 - 2015-12-14 13:21 - 02467080 _____ (Bartels Media GmbH ) C:\Users\Daniel\Downloads\MouseRecorderSetup1042.exe 2015-12-14 13:17 - 2015-12-14 13:17 - 02331531 _____ C:\Users\Daniel\Downloads\MRP276Setup.zip 2015-12-14 13:10 - 2015-12-14 13:10 - 00000000 ____D C:\Users\Daniel\Documents\My Recorded Scripts 2015-12-14 13:10 - 2015-12-14 13:10 - 00000000 ____D C:\Users\Daniel\AppData\Roaming\Mouse Recorder Pro 2015-12-14 13:10 - 2015-12-14 13:10 - 00000000 ____D C:\Users\Daniel\AppData\Local\Nemex 2015-12-14 13:09 - 2015-12-14 13:09 - 02332069 _____ C:\Users\Daniel\Downloads\mrp275setup.zip 2015-12-14 13:01 - 2015-12-14 13:01 - 00842440 _____ (ghost-mouse.com ) C:\Users\Daniel\Downloads\GhostMouse323-Setup (1).exe 2015-12-14 12:55 - 2015-12-15 13:10 - 00001682 _____ C:\Users\Public\Desktop\BlueStacks.lnk 2015-12-14 12:55 - 2015-12-15 13:08 - 00001742 _____ C:\Users\Daniel\AppData\Roaming\Microsoft\Windows\Start Menu\BlueStacks.lnk 2015-12-14 12:55 - 2015-12-14 13:01 - 00842440 _____ (ghost-mouse.com ) C:\Users\Daniel\Downloads\GhostMouse323-Setup.exe 2015-12-14 12:55 - 2015-12-14 12:55 - 00000000 ____D C:\ProgramData\BlueStacksGameManager 2015-12-14 12:54 - 2015-12-14 12:54 - 00000000 ____D C:\Users\Daniel\AppData\Local\fabi.me 2015-12-14 12:53 - 2015-12-14 12:55 - 00000000 ____D C:\Program Files (x86)\BlueStacks 2015-12-14 12:53 - 2015-12-14 12:54 - 00000000 ____D C:\ProgramData\BlueStacks 2015-12-14 12:53 - 2015-12-14 12:53 - 00094899 _____ C:\Users\Daniel\Downloads\SpeedAutoClicker.zip 2015-12-14 12:46 - 2015-12-14 12:47 - 308301520 _____ (BlueStack Systems Inc.) C:\Users\Daniel\Downloads\BlueStacks2-Installer_native.exe 2015-12-12 19:59 - 2015-12-01 08:01 - 02115936 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys 2015-12-12 19:59 - 2015-12-01 06:51 - 07523840 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll 2015-12-12 19:59 - 2015-12-01 05:59 - 05455360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll 2015-12-12 19:59 - 2015-11-25 06:42 - 04532304 _____ (Microsoft Corporation) C:\WINDOWS\explorer.exe 2015-12-12 19:59 - 2015-11-25 06:33 - 03622272 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll 2015-12-12 19:59 - 2015-11-25 06:27 - 01366680 _____ (Microsoft Corporation) C:\WINDOWS\system32\user32.dll 2015-12-12 19:59 - 2015-11-25 06:12 - 04047288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\explorer.exe 2015-12-12 19:59 - 2015-11-25 06:09 - 01310880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\user32.dll 2015-12-12 19:59 - 2015-11-25 06:01 - 02879024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll 2015-12-12 19:59 - 2015-11-25 05:49 - 01569280 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Globalization.dll 2015-12-12 19:59 - 2015-11-25 05:44 - 21872640 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll 2015-12-12 19:59 - 2015-11-25 05:42 - 24592384 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll 2015-12-12 19:59 - 2015-11-25 05:36 - 01710592 _____ (Microsoft Corporation) C:\WINDOWS\system32\SRHInproc.dll 2015-12-12 19:59 - 2015-11-25 05:35 - 00929792 _____ (Microsoft Corporation) C:\WINDOWS\system32\SRH.dll 2015-12-12 19:59 - 2015-11-25 05:35 - 00845824 _____ (Microsoft Corporation) C:\WINDOWS\system32\Magnify.exe 2015-12-12 19:59 - 2015-11-25 05:34 - 12504576 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll 2015-12-12 19:59 - 2015-11-25 05:31 - 00121344 _____ (Microsoft Corporation) C:\WINDOWS\system32\DAMM.dll 2015-12-12 19:59 - 2015-11-25 05:30 - 00171008 _____ (Microsoft Corporation) C:\WINDOWS\system32\dot3mm.dll 2015-12-12 19:59 - 2015-11-25 05:29 - 01649152 _____ (Microsoft Corporation) C:\WINDOWS\system32\comsvcs.dll 2015-12-12 19:59 - 2015-11-25 05:29 - 00355328 _____ (Microsoft Corporation) C:\WINDOWS\system32\ninput.dll 2015-12-12 19:59 - 2015-11-25 05:28 - 00523776 _____ (Microsoft Corporation) C:\WINDOWS\system32\catsrvut.dll 2015-12-12 19:59 - 2015-11-25 05:27 - 02180608 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll 2015-12-12 19:59 - 2015-11-25 05:23 - 19323392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll 2015-12-12 19:59 - 2015-11-25 05:23 - 03588096 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys 2015-12-12 19:59 - 2015-11-25 05:23 - 00587776 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieui.dll 2015-12-12 19:59 - 2015-11-25 05:22 - 01717248 _____ (Microsoft Corporation) C:\WINDOWS\system32\GdiPlus.dll 2015-12-12 19:59 - 2015-11-25 05:22 - 01383424 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys 2015-12-12 19:59 - 2015-11-25 05:22 - 00603648 _____ (Microsoft Corporation) C:\WINDOWS\system32\duser.dll 2015-12-12 19:59 - 2015-11-25 05:19 - 01795584 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.dll 2015-12-12 19:59 - 2015-11-25 05:18 - 01233920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Globalization.dll 2015-12-12 19:59 - 2015-11-25 05:17 - 00774656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SRH.dll 2015-12-12 19:59 - 2015-11-25 05:16 - 01442816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SRHInproc.dll 2015-12-12 19:59 - 2015-11-25 05:16 - 00786432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Magnify.exe 2015-12-12 19:59 - 2015-11-25 05:11 - 00296960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ninput.dll 2015-12-12 19:59 - 2015-11-25 05:10 - 18801664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll 2015-12-12 19:59 - 2015-11-25 05:10 - 01328128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\comsvcs.dll 2015-12-12 19:59 - 2015-11-25 05:10 - 00415744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\catsrvut.dll 2015-12-12 19:59 - 2015-11-25 05:05 - 11263488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll 2015-12-12 19:59 - 2015-11-25 05:04 - 01467392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GdiPlus.dll 2015-12-12 19:59 - 2015-11-25 05:04 - 00480768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\duser.dll 2015-12-12 19:59 - 2015-11-25 05:04 - 00474624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieui.dll 2015-12-12 19:58 - 2015-12-01 07:03 - 00008192 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\gpuenergydrv.sys 2015-12-12 19:58 - 2015-12-01 06:54 - 00771072 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll 2015-12-12 19:58 - 2015-12-01 06:49 - 04792320 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll 2015-12-12 19:58 - 2015-12-01 06:02 - 03580416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll 2015-12-12 19:58 - 2015-11-25 06:42 - 00168288 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetworkUXBroker.exe 2015-12-12 19:58 - 2015-11-25 06:41 - 01822280 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll 2015-12-12 19:58 - 2015-11-25 06:40 - 00516448 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBHUB3.SYS 2015-12-12 19:58 - 2015-11-25 06:32 - 00113184 _____ (Microsoft Corporation) C:\WINDOWS\system32\userenv.dll 2015-12-12 19:58 - 2015-11-25 06:11 - 01532984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll 2015-12-12 19:58 - 2015-11-25 05:59 - 00092992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\userenv.dll 2015-12-12 19:58 - 2015-11-25 05:49 - 00498688 _____ (Microsoft Corporation) C:\WINDOWS\system32\WlanMediaManager.dll 2015-12-12 19:58 - 2015-11-25 05:49 - 00467456 _____ (Microsoft Corporation) C:\WINDOWS\system32\MBMediaManager.dll 2015-12-12 19:58 - 2015-11-25 05:49 - 00270336 _____ (Microsoft Corporation) C:\WINDOWS\system32\RasMediaManager.dll 2015-12-12 19:58 - 2015-11-25 05:48 - 00146944 _____ (Microsoft Corporation) C:\WINDOWS\system32\EthernetMediaManager.dll 2015-12-12 19:58 - 2015-11-25 05:48 - 00126464 _____ (Microsoft Corporation) C:\WINDOWS\system32\DAMediaManager.dll 2015-12-12 19:58 - 2015-11-25 05:37 - 02350592 _____ (Microsoft Corporation) C:\WINDOWS\system32\authui.dll 2015-12-12 19:58 - 2015-11-25 05:36 - 00022528 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usb8023.sys 2015-12-12 19:58 - 2015-11-25 05:30 - 00147968 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rmcast.sys 2015-12-12 19:58 - 2015-11-25 05:30 - 00080896 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hdaudbus.sys 2015-12-12 19:58 - 2015-11-25 05:28 - 00572928 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll 2015-12-12 19:58 - 2015-11-25 05:26 - 00849408 _____ (Microsoft Corporation) C:\WINDOWS\system32\comdlg32.dll 2015-12-12 19:58 - 2015-11-25 05:26 - 00181760 _____ (Microsoft Corporation) C:\WINDOWS\system32\shutdownux.dll 2015-12-12 19:58 - 2015-11-25 05:25 - 00324096 _____ (Microsoft Corporation) C:\WINDOWS\system32\profsvc.dll 2015-12-12 19:58 - 2015-11-25 05:25 - 00067072 _____ (Microsoft Corporation) C:\WINDOWS\system32\profext.dll 2015-12-12 19:58 - 2015-11-25 05:22 - 00007168 _____ (Microsoft Corporation) C:\WINDOWS\system32\kbdgeoqw.dll 2015-12-12 19:58 - 2015-11-25 05:22 - 00007168 _____ (Microsoft Corporation) C:\WINDOWS\system32\KBDAZST.DLL 2015-12-12 19:58 - 2015-11-25 05:22 - 00007168 _____ (Microsoft Corporation) C:\WINDOWS\system32\KBDAZEL.DLL 2015-12-12 19:58 - 2015-11-25 05:22 - 00007168 _____ (Microsoft Corporation) C:\WINDOWS\system32\KBDAZE.DLL 2015-12-12 19:58 - 2015-11-25 05:19 - 00185344 _____ (Microsoft Corporation) C:\WINDOWS\system32\psmsrv.dll 2015-12-12 19:58 - 2015-11-25 05:13 - 02153984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\authui.dll 2015-12-12 19:58 - 2015-11-25 05:10 - 00503296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll 2015-12-12 19:58 - 2015-11-25 05:08 - 00749568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\comdlg32.dll 2015-12-12 19:58 - 2015-11-25 05:07 - 00053248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\profext.dll 2015-12-12 19:58 - 2015-11-25 05:04 - 00007168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kbdgeoqw.dll 2015-12-12 19:58 - 2015-11-25 05:04 - 00007168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KBDAZST.DLL 2015-12-12 19:58 - 2015-11-25 05:04 - 00007168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KBDAZEL.DLL 2015-12-12 19:58 - 2015-11-25 05:04 - 00007168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KBDAZE.DLL 2015-12-12 19:58 - 2015-11-25 03:52 - 00775312 _____ C:\WINDOWS\SysWOW64\locale.nls 2015-12-12 19:58 - 2015-11-25 03:52 - 00775312 _____ C:\WINDOWS\system32\locale.nls 2015-12-06 18:50 - 2015-12-06 18:50 - 01142543 _____ C:\Users\Daniel\Downloads\Bewerbung_Melanie_Schwab 1.zip 2015-12-06 18:50 - 2015-12-06 18:50 - 01142543 _____ C:\Users\Daniel\Downloads\Bewerbung_Melanie_Schwab 1 (1).zip 2015-12-06 18:49 - 2015-12-06 18:49 - 04397665 _____ C:\Users\Daniel\Downloads\Bewerbung_Melanie_Schwab (1).zip 2015-12-06 18:48 - 2015-12-06 18:48 - 01142560 _____ C:\Users\Daniel\Downloads\Bewerbung_Melanie_Schwab.zip 2015-12-06 18:19 - 2015-12-06 18:19 - 03984004 _____ C:\Users\Daniel\Downloads\Bewerbung_Erzieherin_Daniele_Maier.pdf 2015-12-06 18:06 - 2015-12-06 18:06 - 00291489 _____ C:\Users\Daniel\Downloads\20151127131614271.pdf 2015-12-06 17:50 - 2015-12-06 17:50 - 00109513 _____ C:\Users\Daniel\Desktop\Anmeldung.pdf 2015-12-03 18:29 - 2015-12-03 18:29 - 00169351 _____ C:\Users\Daniel\Downloads\WAZ.pdf 2015-11-30 21:32 - 2015-11-30 21:32 - 00064681 _____ C:\Users\Daniel\Downloads\Rückseite.pdf 2015-11-30 21:31 - 2015-11-30 21:31 - 00064681 _____ C:\Users\Daniel\Desktop\Rückseite.pdf 2015-11-30 21:29 - 2015-11-30 21:29 - 00032176 _____ C:\Users\Daniel\Desktop\Vorderseite.pdf 2015-11-30 21:25 - 2015-11-30 21:25 - 04889088 _____ C:\Users\Daniel\Downloads\Da Carlo Front Visit.zdl 2015-11-30 21:25 - 2015-11-30 21:25 - 01163776 _____ C:\Users\Daniel\Downloads\Da Carlo Back Visit.zdl 2015-11-29 20:16 - 2015-11-29 20:16 - 00457667 _____ C:\Users\Daniel\Downloads\maui.pdf 2015-11-26 16:19 - 2015-11-26 17:43 - 00000000 ____D C:\Users\Daniel\Desktop\Schwab Melli 2015-11-25 16:11 - 2015-11-25 16:11 - 00255478 _____ C:\Users\Daniel\Desktop\Dienstplan_Änderung2_NEU.xlsm 2015-11-25 16:00 - 2015-11-25 16:00 - 00273974 _____ C:\Users\Daniel\Downloads\Dienstplan_Änderung2_NEU.xlsm 2015-11-25 15:59 - 2015-11-25 15:59 - 00076125 _____ C:\Users\Daniel\Downloads\Kopie von Dienstplan_Änderung2 (1).xlsx ==================== Ein Monat: Geänderte Dateien und Ordner ======== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.) 2015-12-23 14:49 - 2015-02-13 17:03 - 00000000 ____D C:\ProgramData\TwonkyServer 2015-12-23 14:29 - 2015-08-01 19:33 - 01790124 _____ C:\WINDOWS\system32\PerfStringBackup.INI 2015-12-23 14:29 - 2015-07-10 17:34 - 00771100 _____ C:\WINDOWS\system32\perfh007.dat 2015-12-23 14:29 - 2015-07-10 17:34 - 00153964 _____ C:\WINDOWS\system32\perfc007.dat 2015-12-23 14:29 - 2015-07-10 12:02 - 00000000 ____D C:\WINDOWS\INF 2015-12-23 14:27 - 2014-11-03 18:22 - 00000000 ____D C:\ProgramData\BlueStacksSetup 2015-12-23 14:24 - 2014-05-05 05:08 - 00000000 ____D C:\Users\Daniel\AppData\Roaming\Skype 2015-12-23 14:24 - 2014-05-05 05:06 - 00001138 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job 2015-12-23 14:22 - 2015-08-01 19:21 - 00000000 ____D C:\Users\postgres 2015-12-23 14:22 - 2015-08-01 19:20 - 00000000 _____ C:\WINDOWS\system32\Drivers\lvuvc.hs 2015-12-23 14:22 - 2015-07-10 13:21 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT 2015-12-23 14:22 - 2015-07-10 10:05 - 00524288 ___SH C:\WINDOWS\system32\config\BBI 2015-12-23 14:22 - 2014-06-23 15:11 - 00065536 _____ C:\WINDOWS\system32\spu_storage.bin 2015-12-23 14:22 - 2014-05-05 05:06 - 00001134 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job 2015-12-23 14:21 - 2015-07-10 10:05 - 00000000 ____D C:\Windows 2015-12-23 14:14 - 2015-08-08 19:27 - 00004160 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{88EEB1D5-370C-4812-9418-EDF692A916C5} 2015-12-23 14:11 - 2015-07-10 12:04 - 00000000 ____D C:\WINDOWS\AppReadiness 2015-12-23 14:02 - 2014-06-07 19:47 - 00000884 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job 2015-12-23 08:17 - 2014-06-23 14:35 - 00000000 ____D C:\Users\Daniel\AppData\Local\Adobe 2015-12-23 07:39 - 2015-08-15 18:33 - 00000000 ____D C:\WINDOWS\Minidump 2015-12-23 07:39 - 2015-08-01 19:21 - 00000000 ____D C:\Users\Daniel 2015-12-22 18:16 - 2014-08-16 20:56 - 00000000 ____D C:\Program Files\Common Files\Adobe 2015-12-22 18:16 - 2014-05-26 12:17 - 00000000 ____D C:\ProgramData\Adobe 2015-12-22 18:16 - 2014-05-05 05:03 - 00000000 ____D C:\Users\Daniel\AppData\Roaming\Adobe 2015-12-22 18:15 - 2014-05-26 12:17 - 00000000 ____D C:\Program Files (x86)\Adobe 2015-12-22 17:51 - 2014-05-13 20:10 - 00000000 ____D C:\Users\Daniel\AppData\Roaming\Notepad++ 2015-12-22 17:45 - 2015-04-02 10:03 - 00000000 ____D C:\Users\Daniel\AppData\Roaming\uTorrent 2015-12-22 14:51 - 2015-07-10 12:04 - 00000000 ___HD C:\Program Files\WindowsApps 2015-12-22 11:28 - 2015-07-10 12:04 - 00000000 ____D C:\WINDOWS\Registration 2015-12-22 11:09 - 2015-07-10 12:04 - 00000000 ____D C:\WINDOWS\system32\NDF 2015-12-22 11:07 - 2014-05-29 11:18 - 00000000 ____D C:\Users\Daniel\AppData\Local\CrashDumps 2015-12-22 11:07 - 2014-05-13 19:27 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service 2015-12-21 15:41 - 2015-08-16 17:58 - 00000000 ____D C:\Program Files (x86)\StarMoney 9.0 2015-12-21 11:06 - 2015-10-03 15:02 - 00010560 _____ C:\Users\Daniel\Desktop\Lego-Architecture.xlsx 2015-12-21 10:28 - 2015-08-01 19:20 - 00000000 ____D C:\ProgramData\AMD 2015-12-21 10:28 - 2015-08-01 19:20 - 00000000 ____D C:\Program Files (x86)\ATI Technologies 2015-12-21 10:27 - 2014-05-05 05:07 - 00000000 ____D C:\AMD 2015-12-21 10:25 - 2015-08-25 19:22 - 21648880 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\system32\Drivers\atikmdag.sys 2015-12-21 10:25 - 2015-08-25 19:22 - 00255472 _____ (AMD) C:\WINDOWS\system32\atiesrxx.exe 2015-12-21 10:25 - 2015-07-16 01:12 - 00162232 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\atiuxp64.dll 2015-12-21 10:25 - 2015-07-16 01:11 - 12088000 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\atidxx64.dll 2015-12-21 10:25 - 2015-07-16 01:11 - 10211016 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\atidxx32.dll 2015-12-21 10:25 - 2015-07-16 01:11 - 08009360 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\atiumdva.dll 2015-12-21 10:25 - 2015-07-16 01:11 - 07482560 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\atiumdag.dll 2015-12-21 10:25 - 2015-07-16 01:11 - 01479808 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\aticfx64.dll 2015-12-21 10:25 - 2015-07-16 01:11 - 01223544 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\aticfx32.dll 2015-12-21 10:25 - 2015-07-16 01:11 - 00143056 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\atiuxpag.dll 2015-12-21 10:25 - 2015-07-16 01:11 - 00112360 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\atiu9pag.dll 2015-12-21 10:25 - 2015-07-16 00:17 - 00683504 _____ (AMD) C:\WINDOWS\system32\atieclxx.exe 2015-12-21 10:25 - 2015-07-16 00:13 - 00674288 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\system32\Drivers\atikmpag.sys 2015-12-21 10:25 - 2015-07-16 00:12 - 00874480 _____ (AMD) C:\WINDOWS\system32\coinst_15.20.dll 2015-12-20 10:37 - 2014-05-05 05:03 - 00000000 ____D C:\Users\Daniel\AppData\Local\Packages 2015-12-18 19:58 - 2015-09-19 10:01 - 00023600 _____ C:\Users\Daniel\Desktop\Kaufpreis Backnang.xlsx 2015-12-18 17:14 - 2015-07-10 17:44 - 00000000 ____D C:\WINDOWS\ShellNew 2015-12-17 18:52 - 2015-08-20 15:17 - 00002099 _____ C:\Users\Public\Desktop\Sony PC Companion 2.1.lnk 2015-12-17 18:52 - 2014-07-10 16:29 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sony 2015-12-17 18:52 - 2014-05-05 05:08 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information 2015-12-17 14:36 - 2015-07-10 12:04 - 00000000 ____D C:\WINDOWS\LiveKernelReports 2015-12-15 13:24 - 2014-11-03 18:30 - 00000000 ____D C:\Users\Daniel\.VirtualBox 2015-12-15 13:11 - 2015-08-01 19:25 - 00001540 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk 2015-12-15 13:11 - 2015-06-26 22:05 - 00001162 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CDBurnerXP.lnk 2015-12-15 13:11 - 2014-12-29 16:10 - 00000971 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 10.lnk 2015-12-15 13:11 - 2014-10-20 18:02 - 00000942 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GIMP 2.lnk 2015-12-15 13:11 - 2014-08-16 20:58 - 00000890 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Bridge CS6 (64bit).lnk 2015-12-15 13:11 - 2014-08-16 20:57 - 00001527 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe ExtendScript Toolkit CS6.lnk 2015-12-15 13:11 - 2014-08-16 17:13 - 00001750 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Rainmeter.lnk 2015-12-15 13:11 - 2014-05-13 19:27 - 00001159 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk 2015-12-15 13:10 - 2015-08-26 18:40 - 00001218 _____ C:\Users\Public\Desktop\CDBurnerXP.lnk 2015-12-15 13:10 - 2015-08-16 18:00 - 00002234 _____ C:\Users\Public\Desktop\StarMoney 9.0.lnk 2015-12-15 13:08 - 2015-08-01 20:21 - 00002425 _____ C:\Users\Daniel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk 2015-12-15 13:08 - 2015-05-16 13:40 - 00002158 _____ C:\Users\Daniel\AppData\Roaming\Microsoft\Windows\Start Menu\KÜCHEN QUELLE 3D.lnk 2015-12-15 13:08 - 2015-01-18 17:42 - 00001033 _____ C:\Users\Daniel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\iPadian.lnk 2015-12-15 13:08 - 2015-01-08 18:29 - 00001822 _____ C:\Users\Daniel\AppData\Roaming\Microsoft\Windows\Start Menu\Coral Poker.lnk 2015-12-15 13:08 - 2014-12-16 14:46 - 00001830 _____ C:\Users\Daniel\AppData\Roaming\Microsoft\Windows\Start Menu\Winner Poker.lnk 2015-12-15 13:08 - 2014-08-21 15:45 - 00001136 _____ C:\ProgramData\Microsoft\Windows\Start Menu\LINE.lnk 2015-12-15 13:08 - 2014-07-25 19:12 - 00001792 _____ C:\ProgramData\Microsoft\Windows\Start Menu\24hPoker.lnk 2015-12-15 13:08 - 2014-07-02 16:36 - 00001102 _____ C:\ProgramData\Microsoft\Windows\Start Menu\PokerStars.eu.lnk 2015-12-15 13:08 - 2014-06-14 19:21 - 00001120 _____ C:\Users\Daniel\AppData\Roaming\Microsoft\Windows\Start Menu\PokerStars.eu.lnk 2015-12-15 13:08 - 2014-05-18 20:21 - 00000295 _____ C:\Users\Daniel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Papierkorb.lnk 2015-12-15 13:08 - 2014-05-17 11:36 - 00001079 _____ C:\Users\Daniel\AppData\Roaming\Microsoft\Windows\Start Menu\PokerRanger.lnk 2015-12-15 13:08 - 2014-05-05 15:24 - 00000811 _____ C:\Users\Daniel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Betfair.com Poker.lnk 2015-12-15 13:07 - 2015-10-12 19:18 - 00002180 _____ C:\Users\Daniel\Desktop\AusweisApp2.lnk 2015-12-15 12:04 - 2015-08-01 20:18 - 00000000 __RHD C:\Users\Public\AccountPictures 2015-12-15 11:12 - 2014-10-20 17:34 - 00000000 ____D C:\WINDOWS\system32\appmgmt 2015-12-14 22:26 - 2015-07-10 12:04 - 00000000 ____D C:\WINDOWS\rescache 2015-12-14 22:20 - 2015-09-06 12:11 - 00000000 ____D C:\WINDOWS\Panther 2015-12-14 22:15 - 2015-10-30 20:28 - 00000000 ___HD C:\$WINDOWS.~BT 2015-12-14 19:15 - 2015-07-10 13:20 - 04962496 _____ C:\WINDOWS\system32\FNTCACHE.DAT 2015-12-14 14:22 - 2014-05-05 05:08 - 00000000 ____D C:\Users\Daniel\AppData\Local\Skype 2015-12-14 14:22 - 2014-05-05 05:07 - 00000000 ____D C:\ProgramData\Skype 2015-12-14 14:19 - 2015-07-10 12:04 - 00000000 ____D C:\WINDOWS\system32\oobe 2015-12-14 14:19 - 2014-05-10 14:33 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight 2015-12-14 12:55 - 2015-07-10 12:04 - 00000000 __RHD C:\Users\Public\Libraries 2015-12-14 12:50 - 2014-11-03 18:25 - 00000000 ____D C:\Program Files\Andy 2015-12-14 11:44 - 2014-05-05 14:40 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013 2015-12-14 11:44 - 2014-05-05 14:38 - 00000000 ____D C:\ProgramData\Microsoft Help 2015-12-14 11:43 - 2013-08-22 14:25 - 00000167 _____ C:\WINDOWS\win.ini 2015-12-14 11:41 - 2014-05-10 14:33 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight 2015-12-14 11:40 - 2014-05-10 14:33 - 00000000 ____D C:\Program Files\Microsoft Silverlight 2015-12-14 11:39 - 2015-07-10 11:55 - 00000000 ____D C:\WINDOWS\CbsTemp 2015-12-14 11:38 - 2014-05-07 16:59 - 00000000 ____D C:\WINDOWS\system32\MRT 2015-12-14 11:32 - 2014-05-07 16:59 - 140158008 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe 2015-12-14 09:46 - 2014-05-05 05:05 - 00000000 ___RD C:\Users\Daniel\OneDrive 2015-12-12 19:44 - 2014-06-14 19:21 - 00000000 ____D C:\Users\Daniel\AppData\Local\PokerStars.EU 2015-12-09 04:39 - 2014-05-07 18:25 - 00301728 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe 2015-12-06 11:19 - 2014-05-05 05:06 - 00004196 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA 2015-12-06 11:19 - 2014-05-05 05:06 - 00003964 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore 2015-12-06 11:04 - 2014-08-16 21:42 - 00000000 ____D C:\ProgramData\regid.1986-12.com.adobe 2015-12-06 11:04 - 2014-05-05 14:37 - 00000000 ____D C:\Users\Daniel\AppData\Local\AMD 2015-12-01 01:32 - 2015-10-03 15:01 - 00826872 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe 2015-12-01 01:32 - 2015-10-03 15:01 - 00176632 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl ==================== Dateien im Wurzelverzeichnis einiger Verzeichnisse ======= 2014-11-27 21:25 - 2014-11-27 21:25 - 0004676 _____ () C:\Users\Daniel\AppData\Local\recently-used.xbel 2015-05-16 13:40 - 2015-05-16 13:40 - 0370070 _____ () C:\Users\Daniel\AppData\Local\SquareClock.Production_Home_KQ_WebIcon.ico 2015-02-13 17:03 - 2015-02-13 17:03 - 0000011 _____ () C:\ProgramData\.tv7 2014-05-05 15:24 - 2014-05-05 15:24 - 0558105 _____ () C:\ProgramData\1399299703.bdinstall.bin 2015-01-05 15:23 - 2015-01-05 15:23 - 0259192 _____ () C:\ProgramData\1420467746.bdinstall.bin 2015-02-08 16:01 - 2015-02-08 16:01 - 0740775 _____ () C:\ProgramData\AndyDrivers.zip 2015-08-01 19:19 - 2015-08-01 19:19 - 0000000 ____H () C:\ProgramData\DP45977C.lfl 2014-08-09 18:17 - 2014-08-09 18:17 - 0005044 _____ () C:\ProgramData\flwjycbm.bab ==================== Bamital & volsnap ================= (Es ist kein automatischer Fix für Dateien vorhanden, die an der Verifikation gescheitert sind.) C:\WINDOWS\system32\winlogon.exe => Datei ist digital signiert C:\WINDOWS\system32\wininit.exe => Datei ist digital signiert C:\WINDOWS\explorer.exe => Datei ist digital signiert C:\WINDOWS\SysWOW64\explorer.exe => Datei ist digital signiert C:\WINDOWS\system32\svchost.exe => Datei ist digital signiert C:\WINDOWS\SysWOW64\svchost.exe => Datei ist digital signiert C:\WINDOWS\system32\services.exe => Datei ist digital signiert C:\WINDOWS\system32\User32.dll => Datei ist digital signiert C:\WINDOWS\SysWOW64\User32.dll => Datei ist digital signiert C:\WINDOWS\system32\userinit.exe => Datei ist digital signiert C:\WINDOWS\SysWOW64\userinit.exe => Datei ist digital signiert C:\WINDOWS\system32\rpcss.dll => Datei ist digital signiert C:\WINDOWS\system32\dnsapi.dll => Datei ist digital signiert C:\WINDOWS\SysWOW64\dnsapi.dll => Datei ist digital signiert C:\WINDOWS\system32\Drivers\volsnap.sys => Datei ist digital signiert LastRegBack: 2015-12-14 22:04 ==================== Ende von FRST.txt ============================ |
|
23.12.2015, 15:24
| #12 |
| /// Malwareteam | Windows 10: Malwarebytes meldet infizierte Dateien, teilweise funktioniert das Internet nicht, generell PC langsam Hi, eine Meldung von MBAM kommt von dem Programm BandwidthStat. Dieses ist als unerwünschte Software bekannt. Wenn du es nicht benötigst, würde ich dir empfehlen es zu deinstallieren. Die andere kommt vom Sony PC Companion, welche versucht auf "tr553.com" zuzugreifen, was auch als unerwünschte Seite bekannt ist. Deinstallier und installiere es mal neu. Kommt die Meldung von OneNote beim Neustart immer noch? |
|
23.12.2015, 20:52
| #13 |
| | Windows 10: Malwarebytes meldet infizierte Dateien, teilweise funktioniert das Internet nicht, generell PC langsam Perfekt. Alles geht!! OneNote habe ich deinstalliert. Habe ich eh nie genutzt. Keine Meldungen mehr beim Neustart. Optimal. Vielen lieben Dank und frohes Fest. Hab euch ne Kleinigkeit gespendet! Grüße |
|
23.12.2015, 23:31
| #14 |
| /// Malwareteam | Windows 10: Malwarebytes meldet infizierte Dateien, teilweise funktioniert das Internet nicht, generell PC langsam Hi, danke für die Spende. Dir auch frohe Weihnachten und einen guten Rutsch! Dann wären wir hier durch. Deine Logs sind sauber Falls du deine Passwörter nicht regelmäßig änderst - jetzt ist der Zeitpunkt dafür! Schritt # 1: Entfernen unserer Tools Die Reihenfolge ist hier entscheidend.
Abschließend noch ein paar Tipps von mir: Schritt # 2: Empfohlene Software Habe immer ein aktuelles Antivirenprogramm deiner Wahl installiert und aktiviere die automatischen Updates (standardmäßig eingeschaltet). Ich empfehle:
Verwende nach Möglichkeit nicht den Internet Explorer, da dieser viele Sicherheitslücken enthält. Achte aber darauf, dass er immer up to date bleibt, weil viele Programme diesen zum Anzeigen von Websites benutzen. Alternativ kannst du verwenden:Dazu sind folgende Add-ons empfehlenswert:  uBlock Origin (Chrome) --> Blockiert Werbung. Werbung kann sehr nervig sein, aber auch auf schädliche Links verweisen. uBlock ist effizienter als der Konkurrent AdblockPlus. Ghostery --> Blockiert Tracker und Cookies, welche dich im Internet nachverfolgen können. Stelle jedoch bei der Installation sicher, dass du Ghostrank nicht zustimmst.Du kannst auch  Malwarebytes Anti-Exploit verwenden, um aktuelle Sicherheitslücken zu stopfen.Halte immer deine Plug-ins und Software aktuell, vor allem:
PluginCheck Filehippo App Manager Schritt # 3: Tipps um eine Neuinfektion zu vermeiden Downloade nach Möglichkeit immer direkt von der Herstellerseite oder alternativ von einem sauberen Download-Portal wie FilePony.de. Von Downloadern wie die von Chip, Softonic und Sourceforge raten wir ab: CHIP-Installer - was ist das? - Anleitungen Auch versuchen sich immer mehr Programme durch Installationsroutinen auf den PC "durchzumogeln". Das klappt ganz gut, weil viele Anwender sich diese nicht genau durchlesen und schnell durchklicken. Manchmal steht auch in den Lizenzvereinbarungen, dass ein Programm, was eigentlich als Freeware angepriesen wird, nur genutzt werden kann, wenn man sich bestimmte Toolbars oder andere Programme mitinstallieren lässt. Da hilft es nur aufmerksam zu sein. Ein Tool, welches dich dabei gut unterstützen kann, ist:  Unchecky. Dieses überwacht im Hintergrund Installationsprozesse und hakt automatisch nervige Adwarekomponenten wie Toolbars ab. Falls man etwas übersieht, warnt noch ein Pop-up, bevor man fortfahren kann.Wir raten von jeglichen Optimizern, Cleanern, SpeedUps und Ähnlichem ab, da diese Softwareprodukte meist keinen Performancegewinn bringen. Du kannst jedoch regelmäßig deinen PC mit der windowsinternen Datenträgerbereinigung behandeln. Überprüfe regelmäßig (mind. 1x pro Monat) deinen PC mit  Malwarebytes Anti-Malware und  ESET.Falls du dir unsicher bist, ob ein Download wirklich sauber ist, kannst du immer https://www.virustotal.com/ zurate ziehen. Schritt # 4: Unterstütze uns! Wenn du uns mit einer kleinen Spende unterstützen möchtest, so kannst du dies hier tun: http://www.trojaner-board.de/79994-s...ndenkonto.html  Es reicht aber auch schon ein simples  hier, wenn du mit uns zufrieden warst.  unsere Facebook-Seite!Bitte gib mir bescheid, wenn du das alles gelesen hast und alles klar ist, damit ich dieses Thema aus meinen Abos löschen kann. |
|
24.12.2015, 00:00
| #15 |
| | Windows 10: Malwarebytes meldet infizierte Dateien, teilweise funktioniert das Internet nicht, generell PC langsam Alles verstanden und teilweise die Programme heruntergeladen. Vielen Dank TipTop Service! |
|
| Themen zu Windows 10: Malwarebytes meldet infizierte Dateien, teilweise funktioniert das Internet nicht, generell PC langsam |
| bluestacks, bonjour, dnsapi.dll, downloader, ebay, flash player, freshworx, google, homepage, installation, internet, langsam, monitor, mozilla, programm, prozesse, realtek, registry, scan, security, senden, services.exe, starmoney, starten, super, svchost.exe, system, udp, warnung, windows, windows 10 pro |
dann auf 
und dann auf 
. 
Emsisoft Anti-Malware
Microsoft Security Essentials
Mozilla Firefox
Google Chrome
Flash Player
Java
PDF Reader
Linear-Darstellung
