Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: Verdacht auf Keylogger o.ä. - Vorgang?

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 02.06.2016, 16:15   #1
Mors
 
Verdacht auf Keylogger o.ä. - Vorgang? - Standard

Verdacht auf Keylogger o.ä. - Vorgang?



Grüß Gott,
gestern Abend habe ich mir die Trial-Version des Programms "All in One Keylogger" von relytec.com runtergeladen. Ich versprach mir davon in erster Linie Schutz für meine Tochter, die neuerdings auch gerne im Internet surft, und dieses Programm wurde in einem Monitoring-Vergleich positiv erwähnt. Wirklich gefallen hat mir das Programm aber nicht, da es den PC stark verlangsamt hat, daher habe ich es schnell wieder deinstalliert. Während der Installation hat mein Virenprogramm auch etwas von Keylogger gemault, aber leider habe ich das bei einem Programm mit Keylogger im Namen nicht so wichtig genommen und ignoriert.
Gleichzeitig mit der Deinstallation, ca. 1:15, bekam ich eine PayPal-Bestätigungsmail über eine Überweisung von sechs Cent (Dollar) an "UnifiedRegistrar", wo ich scheinbar angeblich mehrere Domainnamen gemietet habe. Im Verlauf einer halben Stunde wiederholte sich das, insgesamt kam es zu drei PayPal-Überweisungen über insgesamt 16 Cent.
Ich habe darauf sofort mein PayPal-Passwort geändert (daraufhin kamen keine weiteren PayPal-Mails) sowie deren Support kontaktiert, um die Zahlungen rückgängig zu machen.

Nun frage ich mich zum einen, ob ich mir (über das Programm?) etwas eingefangen habe, zum anderen wie ich am besten weiter vorgehe. Mein Virenprogramm hat eben nichts gefunden - aber welche Malware deinstalliert sich schon brav selber, wenn man auf "Deinstallieren" klickt? Ich bin immer noch sehr vorsichtig am Rechner und benutze für alles, wo man sich einloggen muss, vorerst mein Tablet.
So richtig klug werde ich aus der Paypal-Geschichte eh nicht - ich habe mich weder in mein PayPal- noch in ein sonstiges Konto eingeloggt, seit ich das Programm installiert hatte. Auf welche Art und Weise könnten sie dennoch an mein Passwort gelangt sein? Und warum verwenden sie es für Kleckersummen an ein namhaftes Unternehmen und ändern danach nicht mal mein Passwort?
Das logischste wäre, dass das Programm sauber war und die PayPal-Sache einfach ein komischer Zufall. Andere Vorkommnisse gab es bisher jedenfalls nicht, niemand hat sich versucht woanders einzuloggen. Mulmig ist mir trotzdem.

Vielleicht wisst ihr ja weiter - Vielen Dank dafür im Voraus!
Mors

PS: Nun habe ich doch noch etwas gefunden: tr/spy.paux wurde in die Quarantäne verschoben und wird nun gelöscht.

Geändert von Mors (02.06.2016 um 16:52 Uhr)

Alt 02.06.2016, 17:47   #2
markusg
/// Malware-holic
 
Verdacht auf Keylogger o.ä. - Vorgang? - Standard

Verdacht auf Keylogger o.ä. - Vorgang?



Hi,
Warum sollte deine tochter sicherer sein, wenn du wirklich alles aufzeichnest was sie macht, zumal du dein zeug dann ja auch aufzeichnest.
Geht mich nichts an und ich will dich keineswegs beleren, und ein verantwortungsbewusster umgang mit dem pc, wie mit allem ist wichtig, aber man sollte sich überlegen wie man früher selbst reagiert hätte, wenn die eltern wirklich jedes stück schrift lesen würden was man selbst schreibt, ich glaube eine so krasse überwachung macht es allen schwieriger,und man würde das selbst wohl eher auch nicht wollen greift halt extrem in ihre ppersönlichkeitsrechte ein/
wollte ich nur kurz los werden, nichts für ungut.
was hatt denn paypal bzw die firma dazu esagt? kannst du mir den link zum keylogger senden?
Als private nachricht.
Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST Download FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
  • Starte jetzt FRST.
  • Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
  • Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
  • Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)

__________________

__________________

Alt 02.06.2016, 18:19   #3
Mors
 
Verdacht auf Keylogger o.ä. - Vorgang? - Standard

Verdacht auf Keylogger o.ä. - Vorgang?



Ich hatte natürlich nicht vor, sie zu überwachen oder alle ihre Texte mitzulesen. Ich hatte mich nur nach Möglichkeiten umgesehen, besuchte Websites oder Chatgespräche nach bestimmten Wörtern zu durchsuchen und habe mir in dem Zusammenhang lediglich einige Alternativen anschauen wollen. Bin hierbei wohl etwas übers Ziel hinausgeschossen.

FRST.txt:
Code:
ATTFilter
Untersuchungsergebnis von Farbar Recovery Scan Tool (FRST) (x64) Version:01-06-2016
durchgeführt von Mors (Administrator) auf MORS-PC (02-06-2016 19:02:06)
Gestartet von C:\Users\Mors\Desktop
Geladene Profile: Mors &  (Verfügbare Profile: Mors)
Platform: Windows 10 Home Version 1511 (X64) Sprache: Deutsch (Deutschland)
Internet Explorer Version 11 (Standard-Browser: Chrome)
Start-Modus: Normal
Anleitung für Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Prozesse (Nicht auf der Ausnahmeliste) =================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Prozess geschlossen. Die Datei wird nicht verschoben.)

(IObit) C:\Program Files (x86)\IObit\Advanced SystemCare\ASCService.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\sched.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avguard.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe
(IObit) C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(Wondershare) C:\Program Files (x86)\Wondershare\WAF\2.1.6.0\WsAppService.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe
(Digital Wave Ltd.) C:\Program Files (x86)\Common Files\DVDVideoSoft\lib\app_updater.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avshadow.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(IObit) C:\Program Files (x86)\IObit\Advanced SystemCare\Monitor.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe
(TalkHelper Team) C:\Program Files (x86)\TalkHelper Call Recorder for Skype\TalkHelper.exe
(Renesas Electronics Corporation) C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avgnt.exe
(Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
() C:\Program Files (x86)\Acronis\DriveMonitor\adm_tray.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.Systray.exe
(Logitech Inc.) C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe
() C:\Program Files (x86)\Logitech\LWS\Webcam Software\CameraHelperShell.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
(IObit) C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallMonitor.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avcenter.exe
() C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkypeHost.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.WindowsStore_11602.1.26.0_x64__8wekyb3d8bbwe\WinStore.Mobile.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.ZuneMusic_3.6.20961.0_x64__8wekyb3d8bbwe\Music.UI.exe
(Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avscan.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avscan.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe


==================== Registry (Nicht auf der Ausnahmeliste) ===========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt. Die Datei wird nicht verschoben.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [8849152 2016-04-28] (Realtek Semiconductor)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2787264 2016-01-23] (NVIDIA Corporation)
HKLM\...\Run: [Acronis Scheduler2 Service] => C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe [462400 2011-02-12] (Acronis)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [176952 2016-05-11] (Apple Inc.)
HKLM-x32\...\Run: [NUSB3MON] => C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [113288 2010-11-17] (Renesas Electronics Corporation)
HKLM-x32\...\Run: [Avira SystrayStartTrigger] => C:\Program Files (x86)\Avira\Launcher\Avira.SystrayStartTrigger.exe [67840 2016-05-04] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\Antivirus\avgnt.exe [814608 2016-05-10] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [Dropbox] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [23745808 2016-05-07] (Dropbox, Inc.)
HKLM-x32\...\Run: [adm_tray.exe] => C:\Program Files (x86)\Acronis\DriveMonitor\adm_tray.exe [470120 2011-02-24] ()
HKLM-x32\...\Run: [Wondershare Helper Compact.exe] => C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
HKLM-x32\...\Run: [DelaypluginInstall] => C:\ProgramData\Wondershare\Video Converter Ultimate\DelayPluginI.exe [1971856 2016-03-21] ()
HKLM-x32\...\Run: [LWS] => C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe [204136 2012-09-13] (Logitech Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [595992 2016-03-20] (Oracle Corporation)
HKU\S-1-5-21-211363319-1696189197-2757610549-1000\...\Run: [Advanced SystemCare 9] => C:\Program Files (x86)\IObit\Advanced SystemCare\ASCTray.exe [2019616 2016-01-11] (IObit)
HKU\S-1-5-21-211363319-1696189197-2757610549-1000\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [3077712 2016-03-31] (Valve Corporation)
HKU\S-1-5-21-211363319-1696189197-2757610549-1000\...\Run: [TalkHelper] => C:\Program Files (x86)\TalkHelper Call Recorder for Skype\TalkHelper.exe [4619776 2016-05-02] (TalkHelper Team)
HKU\S-1-5-21-211363319-1696189197-2757610549-1000\...\Policies\Explorer: [NolowDiskSpaceChecks] 1
HKU\S-1-5-21-211363319-1696189197-2757610549-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [Advanced SystemCare 9] => C:\Program Files (x86)\IObit\Advanced SystemCare\ASCTray.exe [2019616 2016-01-11] (IObit)
HKU\S-1-5-21-211363319-1696189197-2757610549-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [3077712 2016-03-31] (Valve Corporation)
HKU\S-1-5-21-211363319-1696189197-2757610549-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [TalkHelper] => C:\Program Files (x86)\TalkHelper Call Recorder for Skype\TalkHelper.exe [4619776 2016-05-02] (TalkHelper Team)
HKU\S-1-5-21-211363319-1696189197-2757610549-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Policies\Explorer: [NolowDiskSpaceChecks] 1
ShellIconOverlayIdentifiers: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.34.dll [2016-05-07] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.34.dll [2016-05-07] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.34.dll [2016-05-07] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.34.dll [2016-05-07] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.34.dll [2016-05-07] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.34.dll [2016-05-07] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.34.dll [2016-05-07] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.34.dll [2016-05-07] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.34.dll [2016-05-07] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.34.dll [2016-05-07] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.34.dll [2016-05-07] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.34.dll [2016-05-07] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.34.dll [2016-05-07] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.34.dll [2016-05-07] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.34.dll [2016-05-07] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.34.dll [2016-05-07] (Dropbox, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\cv act sc interface RegisterTool.lnk [2016-03-18]
ShortcutTarget: cv act sc interface RegisterTool.lnk -> C:\Program Files (x86)\cv cryptovision\cv act sc interface\RegisterTool.exe (cv cryptovision GmbH)

==================== Internet (Nicht auf der Ausnahmeliste) ====================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Eintrag entfernt oder auf den Standardwert zurückgesetzt, wenn es sich um einen Registryeintrag handelt.)

Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
Tcpip\..\Interfaces\{312ff9a3-939c-48dd-b62e-b5331522da71}: [DhcpNameServer] 192.168.2.1

Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Beschränkung <======= ACHTUNG
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: ExplorerWnd Helper -> {10921475-03CE-4E04-90CE-E2E7EF20C814} -> C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallExplorer.dll [2015-11-12] (IObit)
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2016-05-01] (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_77\bin\ssv.dll [2016-04-17] (Oracle Corporation)
BHO: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\GROOVEEX.DLL [2016-05-01] (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_77\bin\jp2ssv.dll [2016-04-17] (Oracle Corporation)
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\Office16\OCHelper.dll [2016-05-01] (Microsoft Corporation)
BHO-x32: Wondershare Video Converter Ultimate 7.1.0 -> {451C804F-C205-4F03-B48E-537EC94937BF} -> C:\ProgramData\Wondershare\Video Converter Ultimate\WSBrowserAppMgr.dll [2016-03-21] (Wondershare)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_77\bin\ssv.dll [2016-04-17] (Oracle Corporation)
BHO-x32: Advanced SystemCare Surfing Protection -> {BA0C978D-D909-49B6-AFE2-8BDE245DC7E6} -> C:\Program Files (x86)\IObit\Surfing Protection\BrowerProtect\ASCPlugin_Protection.dll [2014-10-17] (IObit)
BHO-x32: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\Office16\GROOVEEX.DLL [2016-05-01] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_77\bin\jp2ssv.dll [2016-04-17] (Oracle Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-05-01] (Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-05-01] (Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-05-01] (Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-05-01] (Microsoft Corporation)
Handler: WSWSVCUchrome - {1CA93FF0-A218-44F1 -  Keine Datei

FireFox:
========
FF ProfilePath: C:\Users\Mors\AppData\Roaming\Mozilla\Firefox\Profiles\wcG1AlNQ.default
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_21_0_0_242.dll [2016-05-22] ()
FF Plugin: @java.com/DTPlugin,version=11.77.2 -> C:\Program Files\Java\jre1.8.0_77\bin\dtplugin\npDeployJava1.dll [2016-04-17] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.77.2 -> C:\Program Files\Java\jre1.8.0_77\bin\plugin2\npjp2.dll [2016-04-17] (Oracle Corporation)
FF Plugin: @videolan.org/vlc,version=2.2.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-16] (VideoLAN)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_21_0_0_242.dll [2016-05-22] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2015-12-18] ()
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2015-12-29] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2015-12-29] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xdp -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2015-12-29] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xfdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2015-12-29] (Foxit Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.77.2 -> C:\Program Files (x86)\Java\jre1.8.0_77\bin\dtplugin\npDeployJava1.dll [2016-04-17] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.77.2 -> C:\Program Files (x86)\Java\jre1.8.0_77\bin\plugin2\npjp2.dll [2016-04-17] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2016-05-01] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2016-05-01] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-10] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-10] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-12-18] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-211363319-1696189197-2757610549-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Mors\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2016-05-08] (Unity Technologies ApS)
FF Plugin HKU\S-1-5-21-211363319-1696189197-2757610549-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Mors\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2016-05-08] (Unity Technologies ApS)
FF user.js: detected! => C:\Users\Mors\AppData\Roaming\Mozilla\Firefox\Profiles\wcG1AlNQ.default\user.js [2016-02-08]
FF Extension: Avira Browser Safety - C:\Users\Mors\AppData\Roaming\Mozilla\Firefox\Profiles\wcG1AlNQ.default\Extensions\abs@avira.com [2016-05-22]
FF HKLM-x32\...\Firefox\Extensions: [WSVCU@Wondershare.com] - C:\ProgramData\Wondershare\Video Converter Ultimate\WSVCU@Wondershare.com_xpi
FF Extension: Wondershare Video Converter Ultimate - C:\ProgramData\Wondershare\Video Converter Ultimate\WSVCU@Wondershare.com_xpi [2016-03-31]
FF ExtraCheck: C:\Program Files\mozilla firefox\defaults\pref\itms.js [2016-04-27]

Chrome: 
=======
CHR HomePage: Default -> hxxp://www.mystartsearch.com/?type=hp&ts=1432935206&z=ed0a286dd3fc1274bc87d32g6zec7o0t2c8w5o6eez&from=cor&uid=SAMSUNGXHD103SJ_S246J1KZ318475
CHR StartupUrls: Default -> "hxxp://www.mystartsearch.com/?type=hp&ts=1432935206&z=ed0a286dd3fc1274bc87d32g6zec7o0t2c8w5o6eez&from=cor&uid=SAMSUNGXHD103SJ_S246J1KZ318475","hxxp://www.mystartsearch.com/?type=hp&ts=1433966823&z=b1b642dfdcc8f0a536b1419gbz0c5cat7qfq5b1o6o&from=cor&uid=WDCXWD20EZRX-00D8PB0_WD-WCC4N3EHCHULHCHUL"
CHR Session Restore: Default -> ist aktiviert.
CHR Profile: C:\Users\Mors\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (ProxFlow) - C:\Users\Mors\AppData\Local\Google\Chrome\User Data\Default\Extensions\aakchaleigkohafkfjfjbblobjifikek [2016-05-08]
CHR Extension: (Google Präsentationen) - C:\Users\Mors\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-02-04]
CHR Extension: (Google Docs) - C:\Users\Mors\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-02-04]
CHR Extension: (Google Drive) - C:\Users\Mors\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-02-04]
CHR Extension: (YouTube) - C:\Users\Mors\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-02-04]
CHR Extension: (Google-Suche) - C:\Users\Mors\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2016-02-04]
CHR Extension: (Who Deleted Me) - C:\Users\Mors\AppData\Local\Google\Chrome\User Data\Default\Extensions\eiepnnbjenknnjgabbodaihlnkkpkgll [2016-03-25]
CHR Extension: (Google Tabellen) - C:\Users\Mors\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-02-04]
CHR Extension: (Avira Browserschutz) - C:\Users\Mors\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk [2016-05-13]
CHR Extension: (Google Docs Offline) - C:\Users\Mors\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-15]
CHR Extension: (Chrome Web Store-Zahlungen) - C:\Users\Mors\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-04]
CHR Extension: (Google Mail) - C:\Users\Mors\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-02-04]
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx

==================== Dienste (Nicht auf der Ausnahmeliste) ========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

R2 AdvancedSystemCareService9; C:\Program Files (x86)\IObit\Advanced SystemCare\ASCService.exe [446240 2016-01-05] (IObit)
S2 AntiVirMailService; C:\Program Files (x86)\Avira\Antivirus\avmailc7.exe [970656 2016-05-10] (Avira Operations GmbH & Co. KG)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\Antivirus\sched.exe [467016 2016-05-10] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\Antivirus\avguard.exe [467016 2016-05-10] (Avira Operations GmbH & Co. KG)
S2 AntiVirWebService; C:\Program Files (x86)\Avira\Antivirus\avwebg7.exe [1435704 2016-05-10] (Avira Operations GmbH & Co. KG)
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2016-03-02] (Apple Inc.)
R2 Avira.ServiceHost; C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe [276424 2016-05-04] (Avira Operations GmbH & Co. KG)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [2912496 2016-05-01] (Microsoft Corporation)
S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-02-05] (Dropbox, Inc.)
S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-02-05] (Dropbox, Inc.)
R2 DigitalWave.Update.Service; C:\Program Files (x86)\Common Files\DVDVideoSoft\lib\app_updater.exe [388968 2016-03-29] (Digital Wave Ltd.)
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1163200 2016-01-23] (NVIDIA Corporation)
R2 LiveUpdateSvc; C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe [2945312 2016-01-14] (IObit)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1879488 2016-01-23] (NVIDIA Corporation)
R3 NvStreamNetworkSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe [6308288 2016-01-23] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [4812736 2016-01-23] (NVIDIA Corporation)
S3 Origin Client Service; D:\Origin\OriginClientService.exe [2104840 2016-02-04] (Electronic Arts)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [364464 2015-10-30] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2015-10-30] (Microsoft Corporation)
R2 WsAppService; C:\Program Files (x86)\Wondershare\WAF\2.1.6.0\WsAppService.exe [388608 2016-01-28] (Wondershare) [Datei ist nicht signiert]
S3 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [X]

===================== Treiber (Nicht auf der Ausnahmeliste) ==========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

S3 A38CCID; C:\Windows\system32\DRIVERS\a38ccid.sys [82480 2015-08-19] (Advanced Card Systems Ltd.)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [128664 2016-03-11] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [146712 2016-05-10] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\system32\DRIVERS\avkmgr.sys [35488 2016-02-04] (Avira Operations GmbH & Co. KG)
R2 avnetflt; C:\Windows\system32\DRIVERS\avnetflt.sys [78208 2016-05-10] (Avira Operations GmbH & Co. KG)
S3 CySmb; C:\Windows\System32\drivers\cysmb.sys [10752 2016-02-04] (Cypress Semiconductor, Inc.)
R1 HWiNFO32; C:\WINDOWS\SysWOW64\drivers\HWiNFO64A.SYS [27552 2016-02-04] (REALiX(tm))
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [26560 2016-01-23] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [47760 2015-12-18] (NVIDIA Corporation)
R3 rt640x64; C:\Windows\System32\drivers\rt640x64.sys [936192 2016-04-28] (Realtek                                            )
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44568 2015-10-30] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [293216 2015-10-30] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [118112 2015-10-30] (Microsoft Corporation)
U3 idsvc; kein ImagePath

==================== NetSvcs (Nicht auf der Ausnahmeliste) ===================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)


==================== Ein Monat: Erstellte Dateien und Ordner ========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)

2016-06-02 19:02 - 2016-06-02 19:02 - 00027275 _____ C:\Users\Mors\Desktop\FRST.txt
2016-06-02 19:02 - 2016-06-02 19:02 - 00000000 ____D C:\FRST
2016-06-02 19:01 - 2016-06-02 19:01 - 02383872 _____ (Farbar) C:\Users\Mors\Desktop\FRST64.exe
2016-06-02 18:10 - 2016-06-02 18:11 - 00192216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2016-06-02 18:09 - 2016-06-02 18:09 - 00001187 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2016-06-02 18:09 - 2016-06-02 18:09 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2016-06-02 18:09 - 2016-06-02 18:09 - 00000000 ____D C:\ProgramData\Malwarebytes
2016-06-02 18:09 - 2016-06-02 18:09 - 00000000 ____D C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2016-06-02 18:09 - 2016-03-10 14:09 - 00065408 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys
2016-06-02 18:09 - 2016-03-10 14:08 - 00140672 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2016-06-02 18:09 - 2016-03-10 14:08 - 00027008 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2016-06-02 18:05 - 2016-06-02 18:09 - 22851472 _____ (Malwarebytes ) C:\Users\Mors\Downloads\mbam-setup-2.2.1.1043.exe
2016-06-02 01:01 - 2016-06-02 01:13 - 00000000 ____D C:\ProgramData\TEMP
2016-06-02 01:01 - 2005-04-15 19:58 - 01071088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSCOMCTL.OCX
2016-06-02 01:01 - 2004-03-09 00:00 - 00212240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\RICHTX32.OCX
2016-06-02 01:01 - 2004-03-09 00:00 - 00124688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSWINSCK.OCX
2016-06-02 01:01 - 2004-02-23 00:00 - 00119808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSSTDFMT.DLL
2016-06-02 01:01 - 2003-07-06 14:07 - 00372736 _____ (Intel Corporation) C:\WINDOWS\SysWOW64\IJL_11.DLL
2016-06-01 12:31 - 2016-06-01 12:31 - 04030644 _____ C:\Users\Mors\Downloads\skriptPII.pdf
2016-06-01 11:41 - 2016-06-01 12:10 - 00000000 ____D C:\Users\Mors\Downloads\qrc-xmow
2016-05-31 14:39 - 2015-03-03 12:14 - 00645632 _____ C:\WINDOWS\SysWOW64\xvidcore.dll
2016-05-31 14:39 - 2015-03-03 12:14 - 00240640 _____ C:\WINDOWS\SysWOW64\xvidvfw.dll
2016-05-31 14:39 - 2015-03-03 12:14 - 00153088 _____ C:\WINDOWS\SysWOW64\xvid.ax
2016-05-31 14:38 - 2016-05-31 14:38 - 00001359 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Absolute Uninstaller.lnk
2016-05-31 14:38 - 2016-05-31 14:38 - 00001347 _____ C:\Users\Public\Desktop\Absolute Uninstaller.lnk
2016-05-31 14:38 - 2016-05-31 14:38 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Glarysoft
2016-05-31 14:38 - 2016-05-31 14:38 - 00000000 ____D C:\Program Files (x86)\Glarysoft
2016-05-24 14:39 - 2016-05-24 14:39 - 00002380 _____ C:\Users\Mors\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2016-05-23 16:01 - 2016-05-23 16:01 - 00142060 _____ C:\Users\Mors\Downloads\h02.pdf
2016-05-22 16:24 - 2016-05-22 16:24 - 00000000 ____D C:\Users\Mors\AppData\LocalLow\Unity
2016-05-22 16:24 - 2016-05-22 16:24 - 00000000 ____D C:\Users\Mors\AppData\Local\Unity
2016-05-22 16:22 - 2016-06-02 18:40 - 00000884 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2016-05-22 16:22 - 2016-05-22 16:22 - 00003860 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2016-05-22 16:18 - 2016-05-22 16:23 - 00000000 ____D C:\Users\Mors\AppData\Local\Adobe
2016-05-20 21:04 - 2016-05-20 21:04 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2016-05-20 21:04 - 2016-05-20 21:04 - 00000000 ____D C:\Program Files\iTunes
2016-05-20 21:04 - 2016-05-20 21:04 - 00000000 ____D C:\Program Files\iPod
2016-05-20 21:04 - 2016-05-20 21:04 - 00000000 ____D C:\Program Files (x86)\iTunes
2016-05-14 20:28 - 2016-05-11 21:57 - 00829944 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2016-05-14 20:28 - 2016-05-11 21:57 - 00176632 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2016-05-14 01:45 - 2016-05-14 01:45 - 05062655 _____ C:\Users\Mors\Downloads\Portfolio-test-03.pdf
2016-05-13 01:05 - 2016-05-13 01:05 - 00015703 _____ C:\WINDOWS\system32\OEMDefaultAssociations.xml
2016-05-11 19:36 - 2016-05-11 19:36 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox
2016-05-11 14:39 - 2016-04-30 08:31 - 03591168 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2016-05-11 14:39 - 2016-04-23 08:12 - 01401024 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2016-05-11 14:39 - 2016-04-23 08:12 - 01184960 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2016-05-11 14:39 - 2016-04-23 08:12 - 00713920 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
2016-05-11 14:39 - 2016-04-23 08:12 - 00514752 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2016-05-11 14:39 - 2016-04-23 08:12 - 00190144 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceCensus.exe
2016-05-11 14:39 - 2016-04-23 08:12 - 00046784 _____ (Microsoft Corporation) C:\WINDOWS\system32\CompatTelRunner.exe
2016-05-11 14:39 - 2016-04-23 07:28 - 01557768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll
2016-05-11 14:39 - 2016-04-23 07:28 - 01542816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2016-05-11 14:39 - 2016-04-23 07:24 - 07474528 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2016-05-11 14:39 - 2016-04-23 07:24 - 01997328 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
2016-05-11 14:39 - 2016-04-23 07:24 - 01819208 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2016-05-11 14:39 - 2016-04-23 07:10 - 03673424 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2016-05-11 14:39 - 2016-04-23 07:10 - 02919832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2016-05-11 14:39 - 2016-04-23 07:09 - 22561256 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2016-05-11 14:39 - 2016-04-23 07:09 - 21123320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2016-05-11 14:39 - 2016-04-23 07:09 - 05240960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll
2016-05-11 14:39 - 2016-04-23 07:09 - 04074160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\explorer.exe
2016-05-11 14:39 - 2016-04-23 07:08 - 06605504 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll
2016-05-11 14:39 - 2016-04-23 07:08 - 04515256 _____ (Microsoft Corporation) C:\WINDOWS\explorer.exe
2016-05-11 14:39 - 2016-04-23 07:01 - 01996640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2016-05-11 14:39 - 2016-04-23 07:01 - 00650304 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxgi.dll
2016-05-11 14:39 - 2016-04-23 06:39 - 00089088 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsCSP.dll
2016-05-11 14:39 - 2016-04-23 06:32 - 00028672 _____ (Microsoft Corporation) C:\WINDOWS\system32\mapsupdatetask.dll
2016-05-11 14:39 - 2016-04-23 06:31 - 13018112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2016-05-11 14:39 - 2016-04-23 06:31 - 00074752 _____ (Microsoft Corporation) C:\WINDOWS\system32\MosStorage.dll
2016-05-11 14:39 - 2016-04-23 06:30 - 22379008 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2016-05-11 14:39 - 2016-04-23 06:30 - 00120320 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsBtSvc.dll
2016-05-11 14:39 - 2016-04-23 06:29 - 00072704 _____ (Microsoft Corporation) C:\WINDOWS\system32\moshost.dll
2016-05-11 14:39 - 2016-04-23 06:28 - 16984576 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2016-05-11 14:39 - 2016-04-23 06:26 - 00269824 _____ (Microsoft Corporation) C:\WINDOWS\system32\moshostcore.dll
2016-05-11 14:39 - 2016-04-23 06:26 - 00059904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MosStorage.dll
2016-05-11 14:39 - 2016-04-23 06:25 - 00087040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapsBtSvc.dll
2016-05-11 14:39 - 2016-04-23 06:23 - 11545088 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2016-05-11 14:39 - 2016-04-23 06:22 - 09918976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2016-05-11 14:39 - 2016-04-23 06:22 - 00460800 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapConfiguration.dll
2016-05-11 14:39 - 2016-04-23 06:20 - 19344384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2016-05-11 14:39 - 2016-04-23 06:20 - 18676224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2016-05-11 14:39 - 2016-04-23 06:20 - 00606720 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcmsvc.dll
2016-05-11 14:39 - 2016-04-23 06:19 - 07977472 _____ (Microsoft Corporation) C:\WINDOWS\system32\mos.dll
2016-05-11 14:39 - 2016-04-23 06:19 - 01056256 _____ (Microsoft Corporation) C:\WINDOWS\system32\JpMapControl.dll
2016-05-11 14:39 - 2016-04-23 06:19 - 00970752 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
2016-05-11 14:39 - 2016-04-23 06:19 - 00853504 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsStore.dll
2016-05-11 14:39 - 2016-04-23 06:19 - 00440320 _____ (Microsoft Corporation) C:\WINDOWS\system32\CredProvDataModel.dll
2016-05-11 14:39 - 2016-04-23 06:18 - 24604672 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2016-05-11 14:39 - 2016-04-23 06:18 - 00988160 _____ (Microsoft Corporation) C:\WINDOWS\system32\NMAA.dll
2016-05-11 14:39 - 2016-04-23 06:18 - 00939520 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapControlCore.dll
2016-05-11 14:39 - 2016-04-23 06:18 - 00870400 _____ (Microsoft Corporation) C:\WINDOWS\system32\modernexecserver.dll
2016-05-11 14:39 - 2016-04-23 06:18 - 00349696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapConfiguration.dll
2016-05-11 14:39 - 2016-04-23 06:16 - 01319424 _____ (Microsoft Corporation) C:\WINDOWS\system32\wifinetworkmanager.dll
2016-05-11 14:39 - 2016-04-23 06:16 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\JpMapControl.dll
2016-05-11 14:39 - 2016-04-23 06:15 - 00792064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll
2016-05-11 14:39 - 2016-04-23 06:15 - 00784896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NMAA.dll
2016-05-11 14:39 - 2016-04-23 06:15 - 00348672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CredProvDataModel.dll
2016-05-11 14:39 - 2016-04-23 06:14 - 13383168 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2016-05-11 14:39 - 2016-04-23 06:14 - 00821760 _____ (Microsoft Corporation) C:\WINDOWS\system32\TokenBroker.dll
2016-05-11 14:39 - 2016-04-23 06:14 - 00711680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapControlCore.dll
2016-05-11 14:39 - 2016-04-23 06:13 - 07200256 _____ (Microsoft Corporation) C:\WINDOWS\system32\BingMaps.dll
2016-05-11 14:39 - 2016-04-23 06:13 - 06295552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mos.dll
2016-05-11 14:39 - 2016-04-23 06:10 - 12125696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2016-05-11 14:39 - 2016-04-23 06:10 - 00639488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TokenBroker.dll
2016-05-11 14:39 - 2016-04-23 06:09 - 03666432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2016-05-11 14:39 - 2016-04-23 06:09 - 02582016 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFMediaEngine.dll
2016-05-11 14:39 - 2016-04-23 06:08 - 05324288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll
2016-05-11 14:39 - 2016-04-23 06:08 - 02061824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFMediaEngine.dll
2016-05-11 14:39 - 2016-04-23 06:07 - 05205504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BingMaps.dll
2016-05-11 14:39 - 2016-04-23 06:07 - 02598912 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetworkMobileSettings.dll
2016-05-11 14:39 - 2016-04-23 06:06 - 06974464 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll
2016-05-11 14:39 - 2016-04-23 06:05 - 05502976 _____ (Microsoft Corporation) C:\WINDOWS\system32\d2d1.dll
2016-05-11 14:39 - 2016-04-23 06:05 - 02166784 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2016-05-11 14:39 - 2016-04-23 06:05 - 02066432 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.dll
2016-05-11 14:39 - 2016-04-23 06:05 - 01946112 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll
2016-05-11 14:39 - 2016-04-23 06:04 - 04759040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d2d1.dll
2016-05-11 14:39 - 2016-04-23 06:04 - 01731072 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2016-05-11 14:39 - 2016-04-23 06:03 - 05660160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2016-05-11 14:39 - 2016-04-23 06:03 - 04894208 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2016-05-11 14:39 - 2016-04-23 06:03 - 02280960 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2016-05-11 14:39 - 2016-04-23 06:03 - 02000896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.appcore.dll
2016-05-11 14:39 - 2016-04-23 06:03 - 00754176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncCore.dll
2016-05-11 14:39 - 2016-04-23 06:02 - 07832576 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2016-05-11 14:39 - 2016-04-23 06:02 - 02444288 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.appcore.dll
2016-05-11 14:39 - 2016-04-23 06:00 - 00984576 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncCore.dll
2016-05-11 14:38 - 2016-05-06 06:53 - 00095072 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sdport.sys
2016-05-11 14:38 - 2016-05-06 06:05 - 00241664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cryptngc.dll
2016-05-11 14:38 - 2016-05-06 06:03 - 00649216 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngcsvc.dll
2016-05-11 14:38 - 2016-05-06 05:53 - 00351232 _____ (Microsoft Corporation) C:\WINDOWS\system32\NgcCtnr.dll
2016-05-11 14:38 - 2016-05-06 05:49 - 00289792 _____ (Microsoft Corporation) C:\WINDOWS\system32\NgcCtnrSvc.dll
2016-05-11 14:38 - 2016-05-06 05:44 - 00582656 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngccredprov.dll
2016-05-11 14:38 - 2016-05-06 05:43 - 00320000 _____ (Microsoft Corporation) C:\WINDOWS\system32\cryptngc.dll
2016-05-11 14:38 - 2016-05-06 05:23 - 00076288 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngcpopkeysrv.dll
2016-05-11 14:38 - 2016-04-30 08:42 - 01387520 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2016-05-11 14:38 - 2016-04-23 08:12 - 00294592 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll
2016-05-11 14:38 - 2016-04-23 08:12 - 00092352 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2016-05-11 14:38 - 2016-04-23 07:26 - 00707608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rpcrt4.dll
2016-05-11 14:38 - 2016-04-23 07:24 - 00754664 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreMessaging.dll
2016-05-11 14:38 - 2016-04-23 07:24 - 00638816 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\fvevol.sys
2016-05-11 14:38 - 2016-04-23 07:24 - 00335712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\fastfat.sys
2016-05-11 14:38 - 2016-04-23 07:24 - 00099680 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pdc.sys
2016-05-11 14:38 - 2016-04-23 07:22 - 01161120 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpcrt4.dll
2016-05-11 14:38 - 2016-04-23 07:18 - 00026408 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
2016-05-11 14:38 - 2016-04-23 07:13 - 00502104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupEngine.dll
2016-05-11 14:38 - 2016-04-23 07:13 - 00306832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wlanapi.dll
2016-05-11 14:38 - 2016-04-23 07:13 - 00084832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupApi.dll
2016-05-11 14:38 - 2016-04-23 07:12 - 00925064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfplat.dll
2016-05-11 14:38 - 2016-04-23 07:12 - 00451928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFCaptureEngine.dll
2016-05-11 14:38 - 2016-04-23 07:12 - 00413536 _____ (Microsoft Corporation) C:\WINDOWS\system32\wifitask.exe
2016-05-11 14:38 - 2016-04-23 07:11 - 01092464 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfplat.dll
2016-05-11 14:38 - 2016-04-23 07:11 - 00696672 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupEngine.dll
2016-05-11 14:38 - 2016-04-23 07:11 - 00498960 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFCaptureEngine.dll
2016-05-11 14:38 - 2016-04-23 07:11 - 00390496 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlanapi.dll
2016-05-11 14:38 - 2016-04-23 07:11 - 00131424 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ufxsynopsys.sys
2016-05-11 14:38 - 2016-04-23 07:11 - 00115040 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupApi.dll
2016-05-11 14:38 - 2016-04-23 07:10 - 00330072 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pci.sys
2016-05-11 14:38 - 2016-04-23 07:09 - 00569744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SHCore.dll
2016-05-11 14:38 - 2016-04-23 07:09 - 00565600 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncHost.exe
2016-05-11 14:38 - 2016-04-23 07:09 - 00465760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncHost.exe
2016-05-11 14:38 - 2016-04-23 07:09 - 00303216 _____ (Microsoft Corporation) C:\WINDOWS\system32\LockAppHost.exe
2016-05-11 14:38 - 2016-04-23 07:09 - 00255168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LockAppHost.exe
2016-05-11 14:38 - 2016-04-23 07:08 - 00725776 _____ (Microsoft Corporation) C:\WINDOWS\system32\SHCore.dll
2016-05-11 14:38 - 2016-04-23 07:07 - 01848072 _____ (Microsoft Corporation) C:\WINDOWS\system32\crypt32.dll
2016-05-11 14:38 - 2016-04-23 07:07 - 01536088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\crypt32.dll
2016-05-11 14:38 - 2016-04-23 07:07 - 00204048 _____ (Microsoft Corporation) C:\WINDOWS\system32\rsaenh.dll
2016-05-11 14:38 - 2016-04-23 07:07 - 00183904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rsaenh.dll
2016-05-11 14:38 - 2016-04-23 07:06 - 00291360 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininit.exe
2016-05-11 14:38 - 2016-04-23 07:02 - 00188256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppxAllUserStore.dll
2016-05-11 14:38 - 2016-04-23 07:01 - 00619296 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d10level9.dll
2016-05-11 14:38 - 2016-04-23 07:01 - 00577368 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys
2016-05-11 14:38 - 2016-04-23 07:01 - 00522176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxgi.dll
2016-05-11 14:38 - 2016-04-23 07:01 - 00513368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d10level9.dll
2016-05-11 14:38 - 2016-04-23 07:01 - 00393568 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys
2016-05-11 14:38 - 2016-04-23 07:01 - 00217440 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxAllUserStore.dll
2016-05-11 14:38 - 2016-04-23 07:00 - 01776768 _____ (Microsoft Corporation) C:\WINDOWS\system32\WindowsCodecs.dll
2016-05-11 14:38 - 2016-04-23 07:00 - 01594920 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32.dll
2016-05-11 14:38 - 2016-04-23 07:00 - 01522152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WindowsCodecs.dll
2016-05-11 14:38 - 2016-04-23 07:00 - 01399224 _____ (Microsoft Corporation) C:\WINDOWS\system32\user32.dll
2016-05-11 14:38 - 2016-04-23 07:00 - 01372304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32.dll
2016-05-11 14:38 - 2016-04-23 07:00 - 01337240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\user32.dll
2016-05-11 14:38 - 2016-04-23 07:00 - 00550656 _____ (Microsoft Corporation) C:\WINDOWS\system32\directmanipulation.dll
2016-05-11 14:38 - 2016-04-23 07:00 - 00453472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\directmanipulation.dll
2016-05-11 14:38 - 2016-04-23 07:00 - 00058208 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwminit.dll
2016-05-11 14:38 - 2016-04-23 06:56 - 00534872 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBHUB3.SYS
2016-05-11 14:38 - 2016-04-23 06:35 - 00066560 _____ (Microsoft Corporation) C:\WINDOWS\system32\MosHostClient.dll
2016-05-11 14:38 - 2016-04-23 06:34 - 00067072 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbser.sys
2016-05-11 14:38 - 2016-04-23 06:34 - 00059392 _____ (Microsoft Corporation) C:\WINDOWS\system32\hmkd.dll
2016-05-11 14:38 - 2016-04-23 06:34 - 00048128 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups.dll
2016-05-11 14:38 - 2016-04-23 06:33 - 00089600 _____ (Microsoft Corporation) C:\WINDOWS\system32\NFCProvisioningPlugin.dll
2016-05-11 14:38 - 2016-04-23 06:33 - 00063488 _____ (Microsoft Corporation) C:\WINDOWS\system32\wshbth.dll
2016-05-11 14:38 - 2016-04-23 06:33 - 00063488 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\UcmCx.sys
2016-05-11 14:38 - 2016-04-23 06:33 - 00038400 _____ (Microsoft Corporation) C:\WINDOWS\system32\ByteCodeGenerator.exe
2016-05-11 14:38 - 2016-04-23 06:32 - 00134656 _____ (Microsoft Corporation) C:\WINDOWS\system32\wificonnapi.dll
2016-05-11 14:38 - 2016-04-23 06:32 - 00069632 _____ (Microsoft Corporation) C:\WINDOWS\system32\EnterpriseDesktopAppMgmtCSP.dll
2016-05-11 14:38 - 2016-04-23 06:30 - 00050176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MosHostClient.dll
2016-05-11 14:38 - 2016-04-23 06:29 - 00192000 _____ (Microsoft Corporation) C:\WINDOWS\system32\provisioningcsp.dll
2016-05-11 14:38 - 2016-04-23 06:29 - 00151040 _____ (Microsoft Corporation) C:\WINDOWS\system32\VEStoreEventHandlers.dll
2016-05-11 14:38 - 2016-04-23 06:29 - 00087552 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\filecrypt.sys
2016-05-11 14:38 - 2016-04-23 06:29 - 00087040 _____ (Microsoft Corporation) C:\WINDOWS\system32\MDMAppInstaller.exe
2016-05-11 14:38 - 2016-04-23 06:29 - 00047104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\hmkd.dll
2016-05-11 14:38 - 2016-04-23 06:29 - 00031232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ByteCodeGenerator.exe
2016-05-11 14:38 - 2016-04-23 06:29 - 00023552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wups.dll
2016-05-11 14:38 - 2016-04-23 06:28 - 00130560 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudDomainJoinDataModelServer.dll
2016-05-11 14:38 - 2016-04-23 06:28 - 00127488 _____ (Microsoft Corporation) C:\WINDOWS\system32\VEDataLayerHelpers.dll
2016-05-11 14:38 - 2016-04-23 06:28 - 00104448 _____ (Microsoft Corporation) C:\WINDOWS\system32\BluetoothApis.dll
2016-05-11 14:38 - 2016-04-23 06:28 - 00086528 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppCapture.dll
2016-05-11 14:38 - 2016-04-23 06:28 - 00051712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wshbth.dll
2016-05-11 14:38 - 2016-04-23 06:27 - 00155136 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hidclass.sys
2016-05-11 14:38 - 2016-04-23 06:27 - 00039424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wfdprov.dll
2016-05-11 14:38 - 2016-04-23 06:26 - 00086528 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpdbusenum.dll
2016-05-11 14:38 - 2016-04-23 06:25 - 00630784 _____ (Microsoft Corporation) C:\WINDOWS\system32\PhoneProviders.dll
2016-05-11 14:38 - 2016-04-23 06:25 - 00617984 _____ (Microsoft Corporation) C:\WINDOWS\system32\StorSvc.dll
2016-05-11 14:38 - 2016-04-23 06:25 - 00210432 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcmcsp.dll
2016-05-11 14:38 - 2016-04-23 06:25 - 00207360 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupSvc.dll
2016-05-11 14:38 - 2016-04-23 06:24 - 00764928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
2016-05-11 14:38 - 2016-04-23 06:24 - 00689152 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieproxy.dll
2016-05-11 14:38 - 2016-04-23 06:24 - 00292864 _____ (Microsoft Corporation) C:\WINDOWS\system32\provengine.dll
2016-05-11 14:38 - 2016-04-23 06:24 - 00287232 _____ (Microsoft Corporation) C:\WINDOWS\system32\provhandlers.dll
2016-05-11 14:38 - 2016-04-23 06:24 - 00181248 _____ (Microsoft Corporation) C:\WINDOWS\system32\shacct.dll
2016-05-11 14:38 - 2016-04-23 06:24 - 00166400 _____ (Microsoft Corporation) C:\WINDOWS\system32\SubscriptionMgr.dll
2016-05-11 14:38 - 2016-04-23 06:24 - 00084480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\VEDataLayerHelpers.dll
2016-05-11 14:38 - 2016-04-23 06:23 - 00414720 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcastdvr.exe
2016-05-11 14:38 - 2016-04-23 06:23 - 00279040 _____ (Microsoft Corporation) C:\WINDOWS\system32\ListSvc.dll
2016-05-11 14:38 - 2016-04-23 06:23 - 00179712 _____ (Microsoft Corporation) C:\WINDOWS\system32\BrowserSettingSync.dll
2016-05-11 14:38 - 2016-04-23 06:23 - 00080896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BluetoothApis.dll
2016-05-11 14:38 - 2016-04-23 06:22 - 00285696 _____ (Microsoft Corporation) C:\WINDOWS\system32\VEEventDispatcher.dll
2016-05-11 14:38 - 2016-04-23 06:21 - 00479232 _____ (Microsoft Corporation) C:\WINDOWS\system32\schannel.dll
2016-05-11 14:38 - 2016-04-23 06:21 - 00314880 _____ (Microsoft Corporation) C:\WINDOWS\system32\RDXTaskFactory.dll
2016-05-11 14:38 - 2016-04-23 06:20 - 00497152 _____ (Microsoft Corporation) C:\WINDOWS\system32\tileobjserver.dll
2016-05-11 14:38 - 2016-04-23 06:20 - 00484352 _____ (Microsoft Corporation) C:\WINDOWS\system32\DataSenseHandlers.dll
2016-05-11 14:38 - 2016-04-23 06:20 - 00356864 _____ (Microsoft Corporation) C:\WINDOWS\system32\ActivationManager.dll
2016-05-11 14:38 - 2016-04-23 06:20 - 00307200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieproxy.dll
2016-05-11 14:38 - 2016-04-23 06:20 - 00137728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shacct.dll
2016-05-11 14:38 - 2016-04-23 06:19 - 00395264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wlansec.dll
2016-05-11 14:38 - 2016-04-23 06:19 - 00140800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BrowserSettingSync.dll
2016-05-11 14:38 - 2016-04-23 06:18 - 00988672 _____ (Microsoft Corporation) C:\WINDOWS\system32\SharedStartModel.dll
2016-05-11 14:38 - 2016-04-23 06:18 - 00804352 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2016-05-11 14:38 - 2016-04-23 06:18 - 00605184 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2016-05-11 14:38 - 2016-04-23 06:18 - 00585728 _____ (Microsoft Corporation) C:\WINDOWS\system32\winlogon.exe
2016-05-11 14:38 - 2016-04-23 06:18 - 00515072 _____ (Microsoft Corporation) C:\WINDOWS\system32\OneDriveSettingSyncProvider.dll
2016-05-11 14:38 - 2016-04-23 06:18 - 00471552 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupShim.dll
2016-05-11 14:38 - 2016-04-23 06:18 - 00436736 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentClient.dll
2016-05-11 14:38 - 2016-04-23 06:18 - 00219648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\VEEventDispatcher.dll
2016-05-11 14:38 - 2016-04-23 06:17 - 01213440 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwansvc.dll
2016-05-11 14:38 - 2016-04-23 06:17 - 00529920 _____ (Microsoft Corporation) C:\WINDOWS\system32\LogonController.dll
2016-05-11 14:38 - 2016-04-23 06:17 - 00388608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\schannel.dll
2016-05-11 14:38 - 2016-04-23 06:17 - 00337920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wlanmsm.dll
2016-05-11 14:38 - 2016-04-23 06:16 - 00848896 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2016-05-11 14:38 - 2016-04-23 06:15 - 01073152 _____ (Microsoft Corporation) C:\WINDOWS\system32\RDXService.dll
2016-05-11 14:38 - 2016-04-23 06:15 - 00865792 _____ (Microsoft Corporation) C:\WINDOWS\system32\AzureSettingSyncProvider.dll
2016-05-11 14:38 - 2016-04-23 06:15 - 00673280 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.dll
2016-05-11 14:38 - 2016-04-23 06:15 - 00400896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\OneDriveSettingSyncProvider.dll
2016-05-11 14:38 - 2016-04-23 06:14 - 00870912 _____ (Microsoft Corporation) C:\WINDOWS\system32\MPSSVC.dll
2016-05-11 14:38 - 2016-04-23 06:14 - 00647680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2016-05-11 14:38 - 2016-04-23 06:14 - 00503296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2016-05-11 14:38 - 2016-04-23 06:14 - 00354304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupShim.dll
2016-05-11 14:38 - 2016-04-23 06:14 - 00342528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppXDeploymentClient.dll
2016-05-11 14:38 - 2016-04-23 06:13 - 00705536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
2016-05-11 14:38 - 2016-04-23 06:13 - 00489984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.dll
2016-05-11 14:38 - 2016-04-23 06:13 - 00434688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LogonController.dll
2016-05-11 14:38 - 2016-04-23 06:12 - 00667648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AzureSettingSyncProvider.dll
2016-05-11 14:38 - 2016-04-23 06:07 - 01500160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2016-05-11 14:38 - 2016-04-23 06:07 - 00848896 _____ (Microsoft Corporation) C:\WINDOWS\system32\samsrv.dll
2016-05-11 14:38 - 2016-04-23 06:05 - 01626624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmcore.dll
2016-05-11 14:38 - 2016-04-23 06:05 - 00613376 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSync.dll
2016-05-11 14:38 - 2016-04-23 06:05 - 00111616 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatepolicy.dll
2016-05-11 14:38 - 2016-04-23 06:05 - 00103936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\updatepolicy.dll
2016-05-11 14:38 - 2016-04-23 06:03 - 02193408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\actxprxy.dll
2016-05-11 14:38 - 2016-04-23 06:03 - 00503296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSync.dll
2016-05-11 14:38 - 2016-04-23 06:01 - 04775424 _____ (Microsoft Corporation) C:\WINDOWS\system32\actxprxy.dll
2016-05-11 14:38 - 2016-04-23 06:00 - 01390080 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Shell.dll
2016-05-11 14:38 - 2016-04-23 05:45 - 00461824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CoreMessaging.dll
2016-05-11 14:38 - 2016-04-23 04:10 - 00215040 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepic.dll
2016-05-11 14:38 - 2016-04-23 04:10 - 00002186 _____ C:\WINDOWS\system32\AppxProvisioning.xml
2016-05-11 14:38 - 2016-04-19 00:30 - 00002186 _____ C:\WINDOWS\SysWOW64\AppxProvisioning.xml
2016-05-11 12:13 - 2016-05-11 12:13 - 00003972 _____ C:\WINDOWS\System32\Tasks\Adobe Acrobat Update Task
2016-05-10 23:29 - 2016-06-02 18:34 - 00001134 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2016-05-10 23:29 - 2016-06-02 16:10 - 00001130 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job

==================== Ein Monat: Geänderte Dateien und Ordner ========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)

2016-06-02 18:03 - 2016-02-05 02:58 - 00001226 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskMachineUA.job
2016-06-02 17:22 - 2016-02-04 23:01 - 00004152 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{3D1826E0-00CC-4C51-B0BB-C991F4597851}
2016-06-02 16:18 - 2015-10-30 09:24 - 00000000 ____D C:\WINDOWS\AppReadiness
2016-06-02 16:17 - 2015-10-30 09:24 - 00000000 ___HD C:\Program Files\WindowsApps
2016-06-02 16:10 - 2016-02-05 03:00 - 00000000 ___RD C:\Users\Mors\Dropbox
2016-06-02 16:10 - 2016-02-05 02:58 - 00001222 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskMachineCore.job
2016-06-02 16:10 - 2016-02-05 00:43 - 00000000 ____D C:\Users\Mors\AppData\Roaming\Skype
2016-06-02 00:24 - 2016-02-04 21:10 - 00000000 ____D C:\Users\Mors\Desktop\Kramzeugs
2016-06-01 20:43 - 2016-02-05 23:57 - 00000000 ____D C:\Users\Mors\AppData\Roaming\vlc
2016-06-01 13:17 - 2016-02-04 19:27 - 00000000 ____D C:\ProgramData\Package Cache
2016-06-01 13:17 - 2016-02-04 19:27 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2016-06-01 12:20 - 2016-02-05 02:49 - 00000000 ____D C:\Users\Mors\AppData\Local\JDownloader v2.0
2016-05-28 00:28 - 2016-02-04 19:12 - 00000000 ____D C:\ProgramData\ProductData
2016-05-27 12:24 - 2016-02-05 00:43 - 00000000 ____D C:\ProgramData\Skype
2016-05-26 17:29 - 2016-02-05 02:44 - 00000000 ____D C:\Users\Mors\AppData\Roaming\Mp3tag
2016-05-26 17:29 - 2016-02-04 21:27 - 00000000 ____D C:\Users\Mors\Downloads\Neue Musik
2016-05-24 14:39 - 2016-02-04 20:12 - 00000000 ___RD C:\Users\Mors\OneDrive
2016-05-24 00:03 - 2016-02-04 21:18 - 00000000 ____D C:\Program Files (x86)\Tor Browser
2016-05-22 22:47 - 2016-02-05 02:47 - 00000000 ____D C:\Users\Mors\Downloads\Antheas Kunstwerke
2016-05-22 03:33 - 2016-03-18 12:20 - 00000000 ____D C:\Users\Mors
2016-05-21 16:54 - 2016-02-04 21:17 - 00000000 ___RD C:\Users\Mors\Desktop\Programme
2016-05-20 21:21 - 2016-02-04 21:09 - 00000000 ____D C:\Users\Mors\AppData\Roaming\Guild Wars 2
2016-05-20 21:10 - 2015-10-30 09:24 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2016-05-20 21:08 - 2016-02-05 03:14 - 00000000 ____D C:\Program Files (x86)\Microsoft Office
2016-05-20 21:04 - 2016-02-04 23:04 - 00000000 ____D C:\Program Files\Common Files\Apple
2016-05-14 20:28 - 2015-10-30 09:11 - 00000000 ____D C:\WINDOWS\CbsTemp
2016-05-14 11:25 - 2016-02-04 20:05 - 01799166 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2016-05-14 11:25 - 2015-10-30 20:35 - 00775524 _____ C:\WINDOWS\system32\perfh007.dat
2016-05-14 11:25 - 2015-10-30 20:35 - 00155338 _____ C:\WINDOWS\system32\perfc007.dat
2016-05-14 11:25 - 2015-10-30 09:21 - 00000000 ____D C:\WINDOWS\INF
2016-05-14 02:16 - 2016-03-18 12:31 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2016-05-14 02:16 - 2015-10-30 08:28 - 00524288 ___SH C:\WINDOWS\system32\config\BBI
2016-05-13 17:19 - 2015-10-30 09:24 - 00000000 ____D C:\WINDOWS\rescache
2016-05-13 11:39 - 2016-02-04 20:08 - 00000000 ____D C:\Users\Mors\AppData\Local\Packages
2016-05-13 11:34 - 2015-09-10 07:37 - 00000000 __RHD C:\Users\Public\AccountPictures
2016-05-13 01:05 - 2015-10-30 20:44 - 00000000 ____D C:\Program Files\Windows Journal
2016-05-13 01:05 - 2015-10-30 09:24 - 00000000 ____D C:\WINDOWS\system32\oobe
2016-05-13 01:05 - 2015-10-30 09:24 - 00000000 ____D C:\WINDOWS\system32\appraiser
2016-05-13 01:05 - 2015-10-30 09:24 - 00000000 ____D C:\WINDOWS\Provisioning
2016-05-13 01:05 - 2015-10-30 09:24 - 00000000 ____D C:\WINDOWS\bcastdvr
2016-05-13 00:36 - 2016-02-04 21:23 - 00002264 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-05-13 00:36 - 2016-02-04 21:23 - 00002252 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2016-05-12 00:03 - 2016-02-04 18:10 - 00000000 ____D C:\WINDOWS\system32\MRT
2016-05-11 23:55 - 2016-02-04 18:10 - 139319312 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2016-05-11 19:36 - 2016-02-05 02:58 - 00000000 ____D C:\Users\Mors\AppData\Local\Dropbox
2016-05-11 19:36 - 2016-02-05 02:58 - 00000000 ____D C:\Program Files (x86)\Dropbox
2016-05-10 23:29 - 2016-02-04 21:22 - 00004192 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2016-05-10 23:29 - 2016-02-04 21:22 - 00003960 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2016-05-10 18:56 - 2016-02-04 19:29 - 00146712 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avipbb.sys
2016-05-10 18:56 - 2016-02-04 19:29 - 00078208 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avnetflt.sys
2016-05-10 13:35 - 2016-02-05 00:43 - 00000000 ___RD C:\Program Files (x86)\Skype
2016-05-08 23:10 - 2016-04-28 18:28 - 00000000 ____D C:\Users\Mors\AppData\Local\Battle.net
2016-05-08 22:51 - 2016-04-28 18:28 - 00000000 ____D C:\Program Files (x86)\Battle.net

Einige Dateien in TEMP:
====================
C:\Users\Mors\AppData\Local\Temp\avgnt.exe


==================== Bamital & volsnap =================

(Es ist kein automatischer Fix für Dateien vorhanden, die an der Verifikation gescheitert sind.)

C:\WINDOWS\system32\winlogon.exe => Datei ist digital signiert
C:\WINDOWS\system32\wininit.exe => Datei ist digital signiert
C:\WINDOWS\explorer.exe => Datei ist digital signiert
C:\WINDOWS\SysWOW64\explorer.exe => Datei ist digital signiert
C:\WINDOWS\system32\svchost.exe => Datei ist digital signiert
C:\WINDOWS\SysWOW64\svchost.exe => Datei ist digital signiert
C:\WINDOWS\system32\services.exe => Datei ist digital signiert
C:\WINDOWS\system32\User32.dll => Datei ist digital signiert
C:\WINDOWS\SysWOW64\User32.dll => Datei ist digital signiert
C:\WINDOWS\system32\userinit.exe => Datei ist digital signiert
C:\WINDOWS\SysWOW64\userinit.exe => Datei ist digital signiert
C:\WINDOWS\system32\rpcss.dll => Datei ist digital signiert
C:\WINDOWS\system32\dnsapi.dll => Datei ist digital signiert
C:\WINDOWS\SysWOW64\dnsapi.dll => Datei ist digital signiert
C:\WINDOWS\system32\Drivers\volsnap.sys => Datei ist digital signiert


LastRegBack: 2016-05-24 13:27

==================== Ende von FRST.txt ============================
         
__________________

Alt 02.06.2016, 18:20   #4
Mors
 
Verdacht auf Keylogger o.ä. - Vorgang? - Standard

Verdacht auf Keylogger o.ä. - Vorgang?



Addition.txt:
Code:
ATTFilter
Zusätzliches Untersuchungsergebnis von Farbar Recovery Scan Tool (x64) Version:01-06-2016
durchgeführt von Mors (2016-06-02 19:02:58)
Gestartet von C:\Users\Mors\Desktop
Windows 10 Home Version 1511 (X64) (2016-03-18 10:35:44)
Start-Modus: Normal
==========================================================


==================== Konten: =============================

Administrator (S-1-5-21-211363319-1696189197-2757610549-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-211363319-1696189197-2757610549-503 - Limited - Disabled)
Gast (S-1-5-21-211363319-1696189197-2757610549-501 - Limited - Disabled)
Mors (S-1-5-21-211363319-1696189197-2757610549-1000 - Administrator - Enabled) => C:\Users\Mors

==================== Sicherheits-Center ========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er entfernt.)

AV: Avira Antivirus (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avira Antivirus (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installierte Programme ======================

(Nur Adware-Programme mit dem Zusatz "Hidden" können in die Fixlist aufgenommen werden, um sie sichtbar zu machen. Die Adware-Programme sollten manuell deinstalliert werden.)

Absolute Uninstaller 5.3.1.21 (HKLM-x32\...\Absolute Uninstaller) (Version: 5.3.1.21 - Glarysoft Ltd)
Acronis Drive Monitor (HKLM-x32\...\{706AE61D-40A4-4F50-8359-FE8F6F7FA461}) (Version: 1.0.566 - Acronis)
Adobe Acrobat Reader DC - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AC0F074E4100}) (Version: 15.010.20056 - Adobe Systems Incorporated)
Adobe Flash Player 21 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 21.0.0.242 - Adobe Systems Incorporated)
Apple Application Support (32-Bit) (HKLM-x32\...\{26356515-5821-40FA-9C3D-9785052A1062}) (Version: 4.3.1 - Apple Inc.)
Apple Application Support (64-Bit) (HKLM\...\{C2651553-6CA3-4822-B2E6-BC4ACA6E0EA2}) (Version: 4.3.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{2E4AF2A6-50EA-4260-9BA4-5E582D11879A}) (Version: 9.3.0.15 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{56EC47AA-5813-4FF6-8E75-544026FBEA83}) (Version: 2.2.0.150 - Apple Inc.)
Assassin's Creed (HKLM-x32\...\{8CFA9151-6404-409A-AF22-4632D04582FD}) (Version: 1.00 - Ubisoft)
Avira Antivirus (HKLM-x32\...\Avira Antivirus) (Version: 15.0.17.273 - Avira Operations GmbH & Co. KG)
Avira Launcher (HKLM-x32\...\{28d41884-9b36-4f54-bed2-92863f08e65d}) (Version: 1.1.62.21333 - Avira Operations GmbH & Co. KG)
Avira Launcher (x32 Version: 1.1.62.21333 - Avira Operations GmbH & Co. KG) Hidden
Battle.net (HKLM-x32\...\Battle.net) (Version:  - Blizzard Entertainment)
BitTorrent (HKU\S-1-5-21-211363319-1696189197-2757610549-1000\...\BitTorrent) (Version: 7.9.2.33395 - BitTorrent Inc.)
BitTorrent (HKU\S-1-5-21-211363319-1696189197-2757610549-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\BitTorrent) (Version: 7.9.2.33395 - BitTorrent Inc.)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
CameraHelperMsi (x32 Version: 13.51.815.0 - Logitech) Hidden
cv act sc/interface - Admin Edition (64-Bit) (HKLM\...\{05A84E0B-67C4-4ACA-8CAD-F62673D4C194}) (Version: 6.4.4 - cv cryptovision GmbH)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Darksiders (HKLM\...\Steam App 50620) (Version:  - Vigil Games)
Darksiders II (HKLM\...\Steam App 50650) (Version:  - Vigil Games)
DarksidersInstaller (HKLM-x32\...\{B93EEE50-9C8F-45DF-95E4-3D85A6E242F3}) (Version: 1.00.1000 - Ihr Firmenname)
Dropbox (HKLM-x32\...\Dropbox) (Version: 3.20.1 - Dropbox, Inc.)
Dropbox Update Helper (x32 Version: 1.3.27.77 - Dropbox, Inc.) Hidden
erLT (x32 Version: 1.20.138.34 - Logitech, Inc.) Hidden
Fotogalerie (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Free Video to DVD Converter (HKLM-x32\...\Free Video to DVD Converter_is1) (Version: 5.0.78.328 - DVDVideoSoft Ltd.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 50.0.2661.102 - Google Inc.)
Google Update Helper (x32 Version: 1.3.30.3 - Google Inc.) Hidden
GUILD WARS (HKLM-x32\...\Guild Wars) (Version:  - )
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1144 - Intel Corporation)
IObit Uninstaller (HKLM-x32\...\IObitUninstall) (Version: 5.2.1.126 - IObit)
iTunes (HKLM\...\{58D7E5F7-BAD1-49C5-93C8-B655736EDA00}) (Version: 12.4.0.119 - Apple Inc.)
Java 8 Update 77 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418077F0}) (Version: 8.0.770.3 - Oracle Corporation)
Java 8 Update 77 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218077F0}) (Version: 8.0.770.3 - Oracle Corporation)
Java SE Development Kit 8 Update 71 (64-bit) (HKLM\...\{64A3A4F4-B792-11D6-A78A-00B0D0180710}) (Version: 8.0.710.15 - Oracle Corporation)
JDownloader 2 (HKLM\...\jdownloader2) (Version: 2.0 - AppWork GmbH)
Logitech Webcam-Software (HKLM-x32\...\{D40EB009-0499-459c-A8AF-C9C110766215}) (Version: 2.80 - Logitech Inc.)
Malwarebytes Anti-Malware Version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation)
Microsoft Office 365 ProPlus - de-de (HKLM\...\O365ProPlusRetail - de-de) (Version: 16.0.6001.1078 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Movie Maker (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Mozilla Firefox 44.0 (x86 de) (HKLM-x32\...\Mozilla Firefox 44.0 (x86 de)) (Version: 44.0 - Mozilla)
Mozilla Firefox 45.0.2 (x64 de) (HKLM\...\Mozilla Firefox 45.0.2 (x64 de)) (Version: 45.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 45.0.2 - Mozilla)
Mp3tag v2.75 (HKLM-x32\...\Mp3tag) (Version: v2.75 - Florian Heidenreich)
NVIDIA 3D Vision Controller-Treiber 352.65 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 352.65 - NVIDIA Corporation)
NVIDIA GeForce Experience 2.9.1.35 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.9.1.35 - NVIDIA Corporation)
NVIDIA HD-Audiotreiber 1.3.34.4 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.34.4 - NVIDIA Corporation)
NVIDIA PhysX-Systemsoftware 9.15.0428 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.15.0428 - NVIDIA Corporation)
Office 16 Click-to-Run Extensibility Component (x32 Version: 16.0.6001.1078 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (Version: 16.0.6001.1078 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (x32 Version: 16.0.6001.1078 - Microsoft Corporation) Hidden
Origin (HKLM-x32\...\Origin) (Version: 9.11.5.17432 - Electronic Arts, Inc.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.37.1229.2010 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7746 - Realtek Semiconductor Corp.)
Renesas Electronics USB 3.0 Host Controller Driver (HKLM-x32\...\InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}) (Version: 2.0.32.0 - Renesas Electronics Corporation)
Renesas Electronics USB 3.0 Host Controller Driver (x32 Version: 2.0.32.0 - Renesas Electronics Corporation) Hidden
RUBICon (HKLM-x32\...\{438134D3-0BD4-4C52-8575-5B2B63AD01C2}) (Version: 2.0.25 - RUB)
RuneScape Launcher 1.2.7 (HKLM-x32\...\{FA52A2D0-298E-4D40-8BB7-39928627EA6A}) (Version: 1.2.7 - Jagex Ltd)
SHIELD Streaming (Version: 4.1.0260 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (Version: 2.9.1.35 - NVIDIA Corporation) Hidden
Skype™ 7.24 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.24.104 - Skype Technologies S.A.)
Startfenster (HKLM-x32\...\Startfenster) (Version:  - Startfenster)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
TalkHelper Call Recorder for Skype Version 1.8.5 (HKLM-x32\...\{D290FF60-4288-4A56-9361-F215D78E84D3}_is1) (Version: 1.8.5 - TalkHelper Team)
TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.0.18 - TeamSpeak Systems GmbH)
The Binding of Isaac (HKLM\...\Steam App 113200) (Version:  - Edmund McMillen and Florian Himsl)
Unity Web Player (HKU\S-1-5-21-211363319-1696189197-2757610549-1000\...\UnityWebPlayer) (Version: 5.3.5f1 - Unity Technologies ApS)
Unity Web Player (HKU\S-1-5-21-211363319-1696189197-2757610549-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\UnityWebPlayer) (Version: 5.3.5f1 - Unity Technologies ApS)
VLC media player (HKLM\...\VLC media player) (Version: 2.2.1 - VideoLAN)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
WinRAR 5.30 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 5.30.0 - win.rar GmbH)
World of Warcraft (HKLM-x32\...\World of Warcraft) (Version:  - Blizzard Entertainment)

==================== Benutzerdefinierte CLSID (Nicht auf der Ausnahmeliste): ==========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

CustomCLSID: HKU\S-1-5-21-211363319-1696189197-2757610549-1000_Classes\CLSID\{71DCE5D6-4B57-496B-AC21-CD5B54EB93FD}\localserver32 -> C:\Users\Mors\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\FileCoAuth.exe (Microsoft Corporation)

==================== Geplante Aufgaben (Nicht auf der Ausnahmeliste) =============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

Task: {0ECB6F84-90A3-4640-A780-D4D70F4C6BC9} - System32\Tasks\Microsoft\Windows\Media Center\OCURDiscovery => C:\Windows\ehome\ehPrivJob.exe
Task: {168574CD-DF30-46A1-9FCC-657C78D4F2BE} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscovery => C:\Windows\ehome\ehPrivJob.exe
Task: {1BBA3AC4-EE4B-4D6F-8C01-6994EBEADFBA} - System32\Tasks\Microsoft\Windows\Media Center\DispatchRecoveryTasks => C:\Windows\ehome\ehPrivJob.exe
Task: {349EA479-F98B-488B-A415-468D3FBF18C0} - System32\Tasks\Driver Booster SkipUAC (Mors) => C:\Program Files (x86)\IObit\Driver Booster\DriverBooster.exe [2016-01-18] (IObit)
Task: {42A65B1C-A720-4C0A-9068-E45204F1D444} - System32\Tasks\Microsoft\Windows\Media Center\PeriodicScanRetry => C:\Windows\ehome\MCUpdate.exe
Task: {42B913B3-001E-497A-91C5-1FF279E8209B} - System32\Tasks\Uninstaller_SkipUac_Mors => C:\Program Files (x86)\IObit\IObit Uninstaller\IObitUninstaler.exe [2016-01-12] (IObit)
Task: {463675ED-BA5F-4968-BE2F-144716F12E61} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate_scheduled => C:\Windows\ehome\mcupdate.exe
Task: {47FC9374-39F5-4128-B5B9-668B833638DA} - System32\Tasks\ASC9_PerformanceMonitor => C:\Program Files (x86)\IObit\Advanced SystemCare\Monitor.exe [2016-01-15] (IObit)
Task: {54C7761D-2516-48E9-84DB-847B8F51EF49} - System32\Tasks\Microsoft\Windows\Media Center\ObjectStoreRecoveryTask => C:\Windows\ehome\mcupdate.exe
Task: {55C05511-D91E-440B-BB63-952606DD1BF6} - System32\Tasks\Microsoft\Windows\Media Center\ConfigureInternetTimeService => C:\Windows\ehome\ehPrivJob.exe
Task: {581B15D9-0077-47E9-825C-2BA9BAD62AB6} - System32\Tasks\Microsoft\Windows\Media Center\StartRecording => C:\Windows\ehome\ehrec.exe
Task: {6259FFC4-68A9-46C0-8A19-FE2AFEA4A26F} - System32\Tasks\Microsoft\Windows\Media Center\UpdateRecordPath => C:\Windows\ehome\ehPrivJob.exe
Task: {62771CFC-AC8E-4CF7-877D-729FE747419E} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe [2016-05-01] (Microsoft Corporation)
Task: {664C425E-5B6B-4E46-A6A1-9DD77D9D0F58} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-05-22] (Adobe Systems Incorporated)
Task: {6FE6F7B1-94AB-4354-9004-D15A71BBE7A5} - System32\Tasks\Driver Booster Scheduler => C:\Program Files (x86)\IObit\Driver Booster\Scheduler.exe [2016-01-13] (IObit)
Task: {7007D011-B0F6-43E1-A23F-80AAF3E29F88} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW1 => C:\Windows\ehome\ehPrivJob.exe
Task: {70ACEFE5-9B3C-4F8D-8C67-EE7448771D79} - System32\Tasks\ASC9_SkipUac_Mors => C:\Program Files (x86)\IObit\Advanced SystemCare\ASC.exe [2016-01-18] (IObit)
Task: {7177C4C3-A902-4381-8EBD-886C2442A977} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2016-02-23] (Apple Inc.)
Task: {72042DB3-D4C7-4611-9174-9D1A6F225713} - System32\Tasks\Microsoft\Windows\Media Center\InstallPlayReady => C:\Windows\ehome\ehPrivJob.exe
Task: {721DE76A-E0CB-4F6C-A981-CEF665F9B311} - System32\Tasks\{88228D2D-1A01-416A-AFC7-A5237DFDB66D} => pcalua.exe -a C:\Users\Mors\Downloads\DTLiteInstaller.exe -d C:\Users\Mors\Downloads
Task: {7B519A98-D667-4A88-8B24-30CE05D31D09} - System32\Tasks\Microsoft\Windows\Media Center\MediaCenterRecoveryTask => C:\Windows\ehome\mcupdate.exe
Task: {806EAE5F-C97D-453A-A3D9-497A1592EDC2} - System32\Tasks\Microsoft\Windows\Media Center\OCURActivate => C:\Windows\ehome\ehPrivJob.exe
Task: {851C46D3-C6E8-4703-B875-D437DA9F4BDB} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonx86\Microsoft Shared\Office16\OLicenseHeartbeat.exe [2016-05-01] (Microsoft Corporation)
Task: {87472D2E-E6CB-4AD2-BE11-1E4E84C449C4} - System32\Tasks\{D5D7DCED-9292-4141-949D-3B5D685105A3} => pcalua.exe -a C:\Users\Mors\Downloads\DTLite10202Installer.exe -d C:\Users\Mors\Downloads
Task: {A068E979-3559-4F7A-98C4-C88782B2A3B7} - System32\Tasks\DropboxUpdateTaskMachineUA => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2016-02-05] (Dropbox, Inc.)
Task: {A7934EF4-C58D-4036-9AE0-B0A2FE4285CC} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-04-22] (Adobe Systems Incorporated)
Task: {A7C76F6C-16C5-49B5-8F61-DAB4A4A30CC5} - System32\Tasks\Microsoft\Windows\Media Center\SqlLiteRecoveryTask => C:\Windows\ehome\mcupdate.exe
Task: {AC1418DB-EE2D-494B-B0B4-C0F5678C2028} - System32\Tasks\Microsoft\Windows\Media Center\PvrRecoveryTask => C:\Windows\ehome\mcupdate.exe
Task: {B151E451-5BB5-403C-88C5-EFE1D601C9C2} - System32\Tasks\DropboxUpdateTaskMachineCore => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2016-02-05] (Dropbox, Inc.)
Task: {BFDF9687-498D-423A-BA2C-7D724709252D} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW2 => C:\Windows\ehome\ehPrivJob.exe
Task: {D17338D5-5A4D-43E9-BB17-41488A2B8C82} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2016-05-01] (Microsoft Corporation)
Task: {D3BD488D-56E9-4C75-BDFA-952C0CDC0B10} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-02-04] (Google Inc.)
Task: {DB800F0A-31C0-4E51-A903-F3A90375951A} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate => C:\Windows\ehome\mcupdate.exe
Task: {DC89EF01-2D78-4AD6-B113-5BE7A8AA4830} - System32\Tasks\Microsoft\Windows\Media Center\RegisterSearch => C:\Windows\ehome\ehPrivJob.exe
Task: {E057A403-CFAD-46F0-93E9-5E5AC4C9AF00} - System32\Tasks\Microsoft\Windows\Media Center\ActivateWindowsSearch => C:\Windows\ehome\ehPrivJob.exe
Task: {E117C151-483D-40F1-A681-CF89F1DB4FE3} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2016-05-01] (Microsoft Corporation)
Task: {E38307AB-F9BA-4A04-BF94-8B84FF43A37F} - System32\Tasks\Microsoft\Windows\Media Center\ehDRMInit => C:\Windows\ehome\ehPrivJob.exe
Task: {F378E5E5-7B8A-471D-99E9-0012CF98DD0D} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe [2016-05-01] (Microsoft Corporation)
Task: {F3C89F2D-7615-42A8-BF62-C4B1F0E32F7B} - System32\Tasks\Microsoft\Windows\Media Center\RecordingRestart => C:\Windows\ehome\ehrec.exe
Task: {F490D104-EE84-45C0-985A-E7BEC0A380D0} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-02-04] (Google Inc.)
Task: {F53A6B8B-8A72-48E1-AA46-76A799D0BDBB} - System32\Tasks\Microsoft\Windows\Media Center\PvrScheduleTask => C:\Windows\ehome\mcupdate.exe
Task: {F7418D4D-9B36-4644-BF58-5DACDB6AE509} - System32\Tasks\Microsoft\Windows\Media Center\ReindexSearchRoot => C:\Windows\ehome\ehPrivJob.exe

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Aufgabe verschoben. Die Datei, die durch die Aufgabe gestartet wird, wird nicht verschoben.)

Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineCore.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineUA.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\Uninstaller_SkipUac_Mors.job => C:\Program Files (x86)\IObit\IObit Uninstaller\IObitUninstaler.exe

==================== Verknüpfungen =============================

(Die Einträge können gelistet werden, um sie zurückzusetzen oder zu entfernen.)

==================== Geladene Module (Nicht auf der Ausnahmeliste) ==============

2016-03-18 23:56 - 2016-03-18 23:56 - 00092472 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2016-04-22 01:07 - 2016-04-22 01:07 - 01337144 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2016-02-05 02:55 - 2016-01-23 04:55 - 00291264 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamBase.dll
2016-05-20 21:04 - 2016-05-01 04:52 - 00171712 _____ () C:\Program Files\Common Files\Microsoft Shared\ClickToRun\ApiClient.dll
2015-10-30 09:18 - 2015-10-30 09:18 - 00185856 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll
2016-03-18 12:16 - 2016-03-22 04:37 - 00133056 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2016-04-13 18:57 - 2016-03-29 12:20 - 02656952 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
2016-04-13 18:57 - 2016-03-29 12:20 - 02656952 _____ () C:\WINDOWS\System32\CoreUIComponents.dll
2016-05-24 14:39 - 2016-05-24 14:39 - 00959168 _____ () C:\Users\Mors\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\amd64\ClientTelemetry.dll
2016-03-31 22:58 - 2015-02-27 14:38 - 00721263 _____ () C:\WINDOWS\SysWOW64\WSCM64.dll
2016-03-18 12:07 - 2016-03-18 12:07 - 00093696 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\Windows.UI.Shell.SharedUtilities.dll
2016-05-11 14:38 - 2016-04-23 06:25 - 00472064 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\QuickActions.dll
2016-05-11 14:39 - 2016-04-23 06:02 - 07992832 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2016-05-11 14:39 - 2016-04-23 05:58 - 00591360 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2016-05-11 14:39 - 2016-04-23 05:58 - 02483200 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2016-05-11 14:39 - 2016-04-23 06:01 - 04089856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2011-02-24 20:07 - 2011-02-24 20:07 - 00470120 _____ () C:\Program Files (x86)\Acronis\DriveMonitor\adm_tray.exe
2012-09-13 00:38 - 2012-09-13 00:38 - 00264040 _____ () C:\Program Files (x86)\Logitech\LWS\Webcam Software\CameraHelperShell.exe
2016-04-19 10:54 - 2016-04-19 10:54 - 00144384 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkypeHost.exe
2016-05-08 10:41 - 2016-05-08 10:41 - 10256384 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsStore_11602.1.26.0_x64__8wekyb3d8bbwe\WinStore.Entertainment.Mobile.dll
2016-02-04 19:12 - 2014-10-16 11:26 - 00622880 _____ () C:\Program Files (x86)\IObit\LiveUpdate\ProductStatistics.dll
2016-03-31 23:34 - 2016-03-29 00:06 - 00253800 _____ () C:\Program Files (x86)\Common Files\DVDVideoSoft\lib\collector.dll
2016-03-31 23:34 - 2016-03-29 00:06 - 00110952 _____ () C:\Program Files (x86)\Common Files\DVDVideoSoft\lib\zlib1.dll
2016-03-31 23:34 - 2016-03-29 00:06 - 00295272 _____ () C:\Program Files (x86)\Common Files\DVDVideoSoft\lib\stat.dll
2016-03-31 23:34 - 2016-03-29 00:06 - 00104296 _____ () C:\Program Files (x86)\Common Files\DVDVideoSoft\lib\boost_filesystem-vc120-mt-1_56.dll
2016-03-31 23:34 - 2016-03-29 00:06 - 00020328 _____ () C:\Program Files (x86)\Common Files\DVDVideoSoft\lib\boost_system-vc120-mt-1_56.dll
2016-03-31 23:34 - 2016-03-29 00:06 - 00044392 _____ () C:\Program Files (x86)\Common Files\DVDVideoSoft\lib\boost_date_time-vc120-mt-1_56.dll
2016-02-04 19:19 - 2015-12-23 19:32 - 00355616 _____ () C:\Program Files (x86)\IObit\Advanced SystemCare\madExcept_.bpl
2016-02-04 19:19 - 2015-12-23 19:32 - 00190240 _____ () C:\Program Files (x86)\IObit\Advanced SystemCare\madBasic_.bpl
2016-02-04 19:19 - 2015-12-23 19:32 - 00057632 _____ () C:\Program Files (x86)\IObit\Advanced SystemCare\madDisAsm_.bpl
2016-02-05 02:55 - 2016-01-23 04:55 - 00018880 _____ () C:\Program Files (x86)\NVIDIA Corporation\Update Core\detoured.dll
2016-05-24 14:39 - 2016-05-24 14:39 - 00679624 _____ () C:\Users\Mors\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\ClientTelemetry.dll
2016-05-11 19:36 - 2016-04-19 21:47 - 00034768 _____ () C:\Program Files (x86)\Dropbox\Client\_multiprocessing.pyd
2016-05-11 19:36 - 2016-04-19 21:48 - 00019408 _____ () C:\Program Files (x86)\Dropbox\Client\faulthandler.pyd
2016-05-11 19:36 - 2016-04-19 21:47 - 00116688 _____ () C:\Program Files (x86)\Dropbox\Client\pywintypes27.dll
2016-05-11 19:36 - 2016-04-19 21:47 - 00093640 _____ () C:\Program Files (x86)\Dropbox\Client\_ctypes.pyd
2016-05-11 19:36 - 2016-04-19 21:47 - 00018376 _____ () C:\Program Files (x86)\Dropbox\Client\select.pyd
2016-05-11 19:36 - 2016-05-07 00:35 - 00019760 _____ () C:\Program Files (x86)\Dropbox\Client\tornado.speedups.pyd
2016-05-11 19:36 - 2016-04-19 21:49 - 00105928 _____ () C:\Program Files (x86)\Dropbox\Client\win32api.pyd
2016-05-11 19:36 - 2016-04-19 21:47 - 00392144 _____ () C:\Program Files (x86)\Dropbox\Client\pythoncom27.dll
2016-05-11 19:36 - 2016-05-07 00:35 - 00381752 _____ () C:\Program Files (x86)\Dropbox\Client\win32com.shell.shell.pyd
2016-05-11 19:36 - 2016-04-19 21:47 - 00692688 _____ () C:\Program Files (x86)\Dropbox\Client\unicodedata.pyd
2016-05-11 19:36 - 2016-05-07 00:34 - 00020816 _____ () C:\Program Files (x86)\Dropbox\Client\cryptography.hazmat.bindings._constant_time.pyd
2016-05-11 19:36 - 2016-04-19 21:48 - 00121296 _____ () C:\Program Files (x86)\Dropbox\Client\_cffi_backend.pyd
2016-05-11 19:36 - 2016-05-07 00:34 - 01682760 _____ () C:\Program Files (x86)\Dropbox\Client\cryptography.hazmat.bindings._openssl.pyd
2016-05-11 19:36 - 2016-05-07 00:34 - 00020808 _____ () C:\Program Files (x86)\Dropbox\Client\cryptography.hazmat.bindings._padding.pyd
2016-05-11 19:36 - 2016-05-07 00:35 - 00021840 _____ () C:\Program Files (x86)\Dropbox\Client\_cffi_unicode_environ_win32_x8bf8e68bx9968e850.pyd
2016-05-11 19:36 - 2016-05-07 00:34 - 00038696 _____ () C:\Program Files (x86)\Dropbox\Client\fastpath.pyd
2016-05-11 19:36 - 2016-04-19 21:49 - 00020936 _____ () C:\Program Files (x86)\Dropbox\Client\mmapfile.pyd
2016-05-11 19:36 - 2016-04-19 21:49 - 00024528 _____ () C:\Program Files (x86)\Dropbox\Client\win32event.pyd
2016-05-11 19:36 - 2016-04-19 21:49 - 00114640 _____ () C:\Program Files (x86)\Dropbox\Client\win32security.pyd
2016-05-11 19:36 - 2016-04-19 21:49 - 00124880 _____ () C:\Program Files (x86)\Dropbox\Client\win32file.pyd
2016-05-11 19:36 - 2016-05-07 00:35 - 00021832 _____ () C:\Program Files (x86)\Dropbox\Client\_cffi_pywin_kernel32_x64d8f881xc8c369be.pyd
2016-05-11 19:36 - 2016-04-19 21:49 - 00024016 _____ () C:\Program Files (x86)\Dropbox\Client\win32clipboard.pyd
2016-05-11 19:36 - 2016-04-19 21:49 - 00175560 _____ () C:\Program Files (x86)\Dropbox\Client\win32gui.pyd
2016-05-11 19:36 - 2016-04-19 21:49 - 00030160 _____ () C:\Program Files (x86)\Dropbox\Client\win32pipe.pyd
2016-05-11 19:36 - 2016-04-19 21:49 - 00043472 _____ () C:\Program Files (x86)\Dropbox\Client\win32process.pyd
2016-05-11 19:36 - 2016-04-19 21:49 - 00028616 _____ () C:\Program Files (x86)\Dropbox\Client\win32ts.pyd
2016-05-11 19:36 - 2016-04-19 21:49 - 00048592 _____ () C:\Program Files (x86)\Dropbox\Client\win32service.pyd
2016-05-11 19:36 - 2016-05-07 00:34 - 00026456 _____ () C:\Program Files (x86)\Dropbox\Client\dropbox.infinite.win.compiled._driverinstallation.pyd
2016-05-11 19:36 - 2016-04-19 21:49 - 00057808 _____ () C:\Program Files (x86)\Dropbox\Client\win32evtlog.pyd
2016-05-11 19:36 - 2016-04-19 21:49 - 00024016 _____ () C:\Program Files (x86)\Dropbox\Client\win32profile.pyd
2016-05-11 19:36 - 2016-05-07 00:34 - 00117056 _____ () C:\Program Files (x86)\Dropbox\Client\breakpad.client.windows.handler.pyd
2016-05-11 19:36 - 2016-05-07 00:34 - 00052024 _____ () C:\Program Files (x86)\Dropbox\Client\psutil._psutil_windows.pyd
2016-05-11 19:36 - 2016-04-19 21:47 - 00134608 _____ () C:\Program Files (x86)\Dropbox\Client\_elementtree.pyd
2016-05-11 19:36 - 2016-04-19 21:47 - 00134088 _____ () C:\Program Files (x86)\Dropbox\Client\pyexpat.pyd
2016-05-11 19:36 - 2016-04-19 21:48 - 00240584 _____ () C:\Program Files (x86)\Dropbox\Client\jpegtran.pyd
2016-05-11 19:36 - 2016-05-07 00:35 - 00020800 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.iphlpapi._winffi_iphlpapi.pyd
2016-05-11 19:36 - 2016-05-07 00:35 - 00021824 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.kernel32._winffi_kernel32.pyd
2016-05-11 19:36 - 2016-05-07 00:35 - 00019776 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.winerror._winffi_winerror.pyd
2016-05-11 19:36 - 2016-05-07 00:35 - 00020800 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.wininet._winffi_wininet.pyd
2016-05-11 19:36 - 2016-05-07 00:34 - 00024392 _____ () C:\Program Files (x86)\Dropbox\Client\librsyncffi.compiled._librsyncffi.pyd
2016-05-11 19:36 - 2016-04-19 21:50 - 00036296 _____ () C:\Program Files (x86)\Dropbox\Client\librsync.dll
2016-05-11 19:36 - 2016-05-07 00:34 - 00020280 _____ () C:\Program Files (x86)\Dropbox\Client\cpuid.compiled._cpuid.pyd
2016-05-11 19:36 - 2016-05-07 00:35 - 00023376 _____ () C:\Program Files (x86)\Dropbox\Client\winscreenshot.compiled._CaptureScreenshot.pyd
2016-05-11 19:36 - 2016-04-19 21:49 - 00350152 _____ () C:\Program Files (x86)\Dropbox\Client\winxpgui.pyd
2016-05-11 19:36 - 2016-05-07 00:35 - 00022352 _____ () C:\Program Files (x86)\Dropbox\Client\winverifysignature.compiled._VerifySignature.pyd
2016-05-11 19:36 - 2016-05-07 00:34 - 00031568 _____ () C:\Program Files (x86)\Dropbox\Client\enterprise_data.compiled._enterprise_data.pyd
2016-05-11 19:36 - 2016-03-12 02:46 - 00293392 _____ () C:\Program Files (x86)\Dropbox\Client\EnterpriseDataAdapter.dll
2016-05-11 19:36 - 2016-05-07 00:34 - 00084280 _____ () C:\Program Files (x86)\Dropbox\Client\dropbox_sqlite_ext.DLL
2016-05-11 19:36 - 2016-05-07 00:34 - 01826096 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtCore.pyd
2016-05-11 19:36 - 2016-04-19 21:48 - 00083912 _____ () C:\Program Files (x86)\Dropbox\Client\sip.pyd
2016-05-11 19:36 - 2016-05-07 00:35 - 03928880 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWidgets.pyd
2016-05-11 19:36 - 2016-05-07 00:34 - 01971504 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtGui.pyd
2016-05-11 19:36 - 2016-05-07 00:34 - 00531248 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtNetwork.pyd
2016-05-11 19:36 - 2016-05-07 00:35 - 00132912 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebKit.pyd
2016-05-11 19:36 - 2016-05-07 00:35 - 00223544 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebKitWidgets.pyd
2016-05-11 19:36 - 2016-05-07 00:34 - 00207672 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtPrintSupport.pyd
2016-05-11 19:36 - 2016-04-19 21:49 - 00060880 _____ () C:\Program Files (x86)\Dropbox\Client\win32print.pyd
2016-05-11 19:36 - 2016-05-07 00:35 - 00025928 _____ () C:\Program Files (x86)\Dropbox\Client\windisplaytoast.compiled._DisplayToast.pyd
2016-05-11 19:36 - 2016-05-07 00:35 - 00024904 _____ () C:\Program Files (x86)\Dropbox\Client\_cffi_wpad_proxy_win_x752e3d61xdcfdcc84.pyd
2016-05-11 19:36 - 2016-05-07 00:35 - 00546096 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtQuick.pyd
2016-05-11 19:36 - 2016-05-07 00:35 - 00357680 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtQml.pyd
2011-02-24 19:39 - 2011-02-24 19:39 - 00012128 _____ () C:\Program Files (x86)\Common Files\Acronis\DriveMonitor\Common\icudt38.dll
2012-09-13 00:38 - 2012-09-13 00:38 - 02144104 _____ () C:\Program Files (x86)\Logitech\LWS\Webcam Software\QtCore4.dll
2012-09-13 00:38 - 2012-09-13 00:38 - 07955304 _____ () C:\Program Files (x86)\Logitech\LWS\Webcam Software\QtGui4.dll
2012-09-13 00:38 - 2012-09-13 00:38 - 00341352 _____ () C:\Program Files (x86)\Logitech\LWS\Webcam Software\QtXml4.dll
2012-09-13 00:38 - 2012-09-13 00:38 - 00028008 _____ () C:\Program Files (x86)\Logitech\LWS\Webcam Software\imageformats\QGif4.dll
2012-09-13 00:38 - 2012-09-13 00:38 - 00127336 _____ () C:\Program Files (x86)\Logitech\LWS\Webcam Software\imageformats\QJpeg4.dll
2012-09-13 00:39 - 2012-09-13 00:39 - 00336232 _____ () C:\Program Files (x86)\Common Files\logishrd\LWSPlugins\LWS\Applets\CameraHelper\DevManagerCore.dll
2016-02-04 19:19 - 2015-12-23 19:32 - 00355616 _____ () C:\Program Files (x86)\IObit\IObit Uninstaller\madExcept_.bpl
2016-02-04 19:19 - 2015-12-23 19:32 - 00190240 _____ () C:\Program Files (x86)\IObit\IObit Uninstaller\madBasic_.bpl
2016-02-04 19:19 - 2015-12-23 19:32 - 00057632 _____ () C:\Program Files (x86)\IObit\IObit Uninstaller\madDisAsm_.bpl
2016-04-19 10:54 - 2016-04-19 10:54 - 00141312 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkypeBackgroundTasks.dll
2016-04-19 10:54 - 2016-04-19 10:54 - 22284800 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkyWrap.dll
2016-05-13 00:36 - 2016-05-11 13:48 - 01738904 _____ () C:\Program Files (x86)\Google\Chrome\Application\50.0.2661.102\libglesv2.dll
2016-05-13 00:36 - 2016-05-11 13:48 - 00086168 _____ () C:\Program Files (x86)\Google\Chrome\Application\50.0.2661.102\libegl.dll
2016-05-13 00:36 - 2016-05-11 13:48 - 17565848 _____ () C:\Program Files (x86)\Google\Chrome\Application\50.0.2661.102\PepperFlash\pepflashplayer.dll

==================== Alternate Data Streams (Nicht auf der Ausnahmeliste) =========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird nur der ADS entfernt.)

AlternateDataStreams: C:\ProgramData\TEMP:8927A071 [382]

==================== Abgesicherter Modus (Nicht auf der Ausnahmeliste) ===================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Der Wert "AlternateShell" wird wiederhergestellt.)


==================== Verknüpfungen (Nicht auf der Ausnahmeliste) ===============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt.)


==================== Internet Explorer Vertrauenswürdig/Eingeschränkt ===============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt.)

IE trusted site: HKU\S-1-5-21-211363319-1696189197-2757610549-1000\...\sharepoint.com -> hxxps://ruhrunibochumde-files.sharepoint.com
IE restricted site: HKU\S-1-5-21-211363319-1696189197-2757610549-1000\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-211363319-1696189197-2757610549-1000\...\008k.com -> 008k.com
IE restricted site: HKU\S-1-5-21-211363319-1696189197-2757610549-1000\...\00hq.com -> 00hq.com
IE restricted site: HKU\S-1-5-21-211363319-1696189197-2757610549-1000\...\0190-dialers.com -> 0190-dialers.com
IE restricted site: HKU\S-1-5-21-211363319-1696189197-2757610549-1000\...\01i.info -> 01i.info
IE restricted site: HKU\S-1-5-21-211363319-1696189197-2757610549-1000\...\02pmnzy5eo29bfk4.com -> 02pmnzy5eo29bfk4.com
IE restricted site: HKU\S-1-5-21-211363319-1696189197-2757610549-1000\...\05p.com -> 05p.com
IE restricted site: HKU\S-1-5-21-211363319-1696189197-2757610549-1000\...\07ic5do2myz3vzpk.com -> 07ic5do2myz3vzpk.com
IE restricted site: HKU\S-1-5-21-211363319-1696189197-2757610549-1000\...\08nigbmwk43i01y6.com -> 08nigbmwk43i01y6.com
IE restricted site: HKU\S-1-5-21-211363319-1696189197-2757610549-1000\...\093qpeuqpmz6ebfa.com -> 093qpeuqpmz6ebfa.com
IE restricted site: HKU\S-1-5-21-211363319-1696189197-2757610549-1000\...\0calories.net -> 0calories.net
IE restricted site: HKU\S-1-5-21-211363319-1696189197-2757610549-1000\...\0cj.net -> 0cj.net
IE restricted site: HKU\S-1-5-21-211363319-1696189197-2757610549-1000\...\0scan.com -> 0scan.com
IE restricted site: HKU\S-1-5-21-211363319-1696189197-2757610549-1000\...\1-britney-spears-nude.com -> 1-britney-spears-nude.com
IE restricted site: HKU\S-1-5-21-211363319-1696189197-2757610549-1000\...\1-domains-registrations.com -> 1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-211363319-1696189197-2757610549-1000\...\1-se.com -> 1-se.com
IE restricted site: HKU\S-1-5-21-211363319-1696189197-2757610549-1000\...\1001movie.com -> 1001movie.com
IE restricted site: HKU\S-1-5-21-211363319-1696189197-2757610549-1000\...\1001night.biz -> 1001night.biz
IE restricted site: HKU\S-1-5-21-211363319-1696189197-2757610549-1000\...\100gal.net -> 100gal.net
IE restricted site: HKU\S-1-5-21-211363319-1696189197-2757610549-1000\...\100sexlinks.com -> 100sexlinks.com

Da befinden sich 4788 mehr Seiten.

IE trusted site: HKU\S-1-5-21-211363319-1696189197-2757610549-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\sharepoint.com -> hxxps://ruhrunibochumde-files.sharepoint.com
IE restricted site: HKU\S-1-5-21-211363319-1696189197-2757610549-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-211363319-1696189197-2757610549-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\008k.com -> 008k.com
IE restricted site: HKU\S-1-5-21-211363319-1696189197-2757610549-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\00hq.com -> 00hq.com
IE restricted site: HKU\S-1-5-21-211363319-1696189197-2757610549-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\0190-dialers.com -> 0190-dialers.com
IE restricted site: HKU\S-1-5-21-211363319-1696189197-2757610549-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\01i.info -> 01i.info
IE restricted site: HKU\S-1-5-21-211363319-1696189197-2757610549-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\02pmnzy5eo29bfk4.com -> 02pmnzy5eo29bfk4.com
IE restricted site: HKU\S-1-5-21-211363319-1696189197-2757610549-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\05p.com -> 05p.com
IE restricted site: HKU\S-1-5-21-211363319-1696189197-2757610549-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\07ic5do2myz3vzpk.com -> 07ic5do2myz3vzpk.com
IE restricted site: HKU\S-1-5-21-211363319-1696189197-2757610549-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\08nigbmwk43i01y6.com -> 08nigbmwk43i01y6.com
IE restricted site: HKU\S-1-5-21-211363319-1696189197-2757610549-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\093qpeuqpmz6ebfa.com -> 093qpeuqpmz6ebfa.com
IE restricted site: HKU\S-1-5-21-211363319-1696189197-2757610549-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\0calories.net -> 0calories.net
IE restricted site: HKU\S-1-5-21-211363319-1696189197-2757610549-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\0cj.net -> 0cj.net
IE restricted site: HKU\S-1-5-21-211363319-1696189197-2757610549-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\0scan.com -> 0scan.com
IE restricted site: HKU\S-1-5-21-211363319-1696189197-2757610549-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\1-britney-spears-nude.com -> 1-britney-spears-nude.com
IE restricted site: HKU\S-1-5-21-211363319-1696189197-2757610549-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\1-domains-registrations.com -> 1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-211363319-1696189197-2757610549-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\1-se.com -> 1-se.com
IE restricted site: HKU\S-1-5-21-211363319-1696189197-2757610549-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\1001movie.com -> 1001movie.com
IE restricted site: HKU\S-1-5-21-211363319-1696189197-2757610549-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\1001night.biz -> 1001night.biz
IE restricted site: HKU\S-1-5-21-211363319-1696189197-2757610549-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\100gal.net -> 100gal.net
IE restricted site: HKU\S-1-5-21-211363319-1696189197-2757610549-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\100sexlinks.com -> 100sexlinks.com

Da befinden sich 4788 mehr Seiten.


==================== Hosts Inhalt: ===============================

(Wenn benötigt kann der Hosts: Schalter in die Fixlist aufgenommen werden um die Hosts Datei zurückzusetzen.)

2009-07-14 04:34 - 2009-06-10 23:00 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts


==================== Andere Bereiche ============================

(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)

HKU\S-1-5-21-211363319-1696189197-2757610549-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Mors\Desktop\Kramzeugs\Avatare, Banner und Wallpaper\GW2Desktop.jpg
HKU\S-1-5-21-211363319-1696189197-2757610549-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Control Panel\Desktop\\Wallpaper -> C:\Users\Mors\Desktop\Kramzeugs\Avatare, Banner und Wallpaper\GW2Desktop.jpg
DNS Servers: 192.168.2.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall ist aktiviert.

==================== MSCONFIG/TASK MANAGER Deaktivierte Einträge ==

(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)

HKLM\...\StartupApproved\StartupFolder: => "cv act sc interface RegisterTool.lnk"
HKLM\...\StartupApproved\Run: => "iTunesHelper"
HKU\S-1-5-21-211363319-1696189197-2757610549-1000\...\StartupApproved\Run: => "Advanced SystemCare 9"
HKU\S-1-5-21-211363319-1696189197-2757610549-1000\...\StartupApproved\Run: => "Skype"
HKU\S-1-5-21-211363319-1696189197-2757610549-1000\...\StartupApproved\Run: => "Steam"
HKU\S-1-5-21-211363319-1696189197-2757610549-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\StartupApproved\Run: => "Advanced SystemCare 9"
HKU\S-1-5-21-211363319-1696189197-2757610549-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\StartupApproved\Run: => "Skype"
HKU\S-1-5-21-211363319-1696189197-2757610549-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\StartupApproved\Run: => "Steam"

==================== Firewall Regeln (Nicht auf der Ausnahmeliste) ===============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{CFEB07B6-3BF9-4E48-A10B-818B1AFBD124}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Darksiders\DarksidersPC.exe
FirewallRules: [{257E71E5-3A67-4DFB-9BCB-CC82E31A9913}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Darksiders\DarksidersPC.exe
FirewallRules: [{DB94974D-AC31-4077-86F7-CE83690D79E2}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\The Binding Of Isaac\Isaac.exe
FirewallRules: [{3B98F525-0EAE-4664-A162-EEB74AA8ED6B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\The Binding Of Isaac\Isaac.exe
FirewallRules: [{1ACDE481-3639-4FE3-9A8C-B4048A631918}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{1046BC1D-94BC-4558-A6D8-DE7E145D82E5}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{18602EB8-F16F-49ED-A1E5-42D37976C33E}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{1F517E94-3A71-4E1C-A41C-7143937C408D}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{E247B60F-775F-4453-BF8E-D87D0A6D3941}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe
FirewallRules: [{A98F221D-0DA4-4219-A4F5-CF2A5A6D5C8A}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe
FirewallRules: [{B55203C9-5FA2-4A6E-B08A-4A5FF036F60B}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe
FirewallRules: [{24233B4F-387C-4E69-AA04-CA4D20B6E3B5}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe
FirewallRules: [{D10D789A-1DA4-419B-81B9-63E81EACDA37}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\outlook.exe
FirewallRules: [{DCA76117-B6CE-40AD-B129-A7F5A05E60DD}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{F9B3CC18-43D6-4A24-8A66-0B36DBE80CAE}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{11C0FBED-AFEB-4B63-AB8A-9095B2490E44}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
FirewallRules: [{1827961C-8D08-4B8C-B6EA-3799B6C9C242}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [{72DE6A4A-FBC3-49B5-8F04-A1E4BC2B1281}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [{CEDC1EB5-E5AE-4A53-A179-58EE50094EEF}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{99835110-F91E-4BA8-BC96-88A84EB78F19}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{99A041BC-AAD3-4B13-87CA-FDC829DD2DBD}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{5274E22F-8BAE-4049-B760-1A46199BBCBF}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{AFC7F434-2616-4278-8789-1543DDC7760F}] => (Allow) C:\Users\Mors\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [{CDBE08E4-7DF5-4288-94D8-EED891D205CB}] => (Allow) C:\Users\Mors\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [{95E99B5C-4475-4C4A-B3BB-1EE4C8C07261}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{AF902F9A-3543-4FE5-9B03-787822D1CDD9}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{4277D694-83C1-420E-AC02-F34A6580646E}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{9414CDFF-BF28-46D7-89E7-EF7EA792A7D6}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{C127A472-F592-4C96-911B-4BBF2BCB212D}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{9D081DCC-4616-4C27-93E2-EAD105DB6024}] => (Allow) C:\Program Files (x86)\IObit\Driver Booster\AutoUpdate.exe
FirewallRules: [{3AC04A85-225B-450B-9162-B8DD46B1FA89}] => (Allow) C:\Program Files (x86)\IObit\Driver Booster\AutoUpdate.exe
FirewallRules: [{B9972142-8CC5-4007-8C19-6E0D8DCA73B0}] => (Allow) C:\Program Files (x86)\IObit\Driver Booster\DBDownloader.exe
FirewallRules: [{F6BE067E-85AA-4E8C-BB38-4CE1D8344432}] => (Allow) C:\Program Files (x86)\IObit\Driver Booster\DBDownloader.exe
FirewallRules: [{6B77CD2E-5A20-4008-8F05-4BD05BB06169}] => (Allow) C:\Program Files (x86)\IObit\Driver Booster\DriverBooster.exe
FirewallRules: [{14C810DC-4C07-495F-9389-D2F059F42811}] => (Allow) C:\Program Files (x86)\IObit\Driver Booster\DriverBooster.exe
FirewallRules: [{028E73D9-BACA-4FF8-AD84-6BDF49596775}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Darksiders 2\Darksiders2.exe
FirewallRules: [{7A6DEF31-6B27-4AC4-87E8-075B9B5544F7}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Darksiders 2\Darksiders2.exe
FirewallRules: [{1334734A-CB95-4766-AD73-A7D898E5E8B7}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{F951EE50-FD3F-4C66-9DA3-182171FA58D5}] => (Allow) LPort=2869
FirewallRules: [{2EED8ED4-5579-42EF-9CA8-D2764D99D282}] => (Allow) LPort=1900
FirewallRules: [{F0788408-0C6B-4698-863B-C291BCBDCCB0}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{7665005C-B384-47BE-A643-701194BAFB57}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{ED658D7E-F996-4F06-A2BE-E6CA026ED603}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{BC099B76-5ADB-4CB8-917D-4385D60AE6CA}] => (Allow) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
FirewallRules: [{3C1B213C-E961-42EA-9056-5F54AC9689D2}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{C5C49B9B-E01F-4DC1-A87F-6693310EEB25}] => (Allow) C:\Program Files\iTunes\iTunes.exe

==================== Wiederherstellungspunkte =========================

21-05-2016 12:35:53 Geplanter Prüfpunkt
30-05-2016 16:32:25 Geplanter Prüfpunkt

==================== Fehlerhafte Geräte im Gerätemanager =============

Name: Multimediacontroller
Description: Multimediacontroller
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Multimediacontroller
Description: Multimediacontroller
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Videocontroller für Multimedia
Description: Videocontroller für Multimedia
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.


==================== Fehlereinträge in der Ereignisanzeige: =========================

Applikationsfehler:
==================
Error: (06/02/2016 04:20:00 PM) (Source: Office 2016 Licensing Service) (EventID: 0) (User: )
Description: Subscription licensing service failed: -1073418220

Error: (06/01/2016 11:46:29 AM) (Source: Office 2016 Licensing Service) (EventID: 0) (User: )
Description: Subscription licensing service failed: -1073418220

Error: (05/31/2016 01:10:45 PM) (Source: Office 2016 Licensing Service) (EventID: 0) (User: )
Description: Subscription licensing service failed: -1073418220

Error: (05/30/2016 04:32:36 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Fehler beim Kryptografiedienst während der Verarbeitung des "OnIdentity()"-Aufrufobjekts "System Writer".

Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft-Verbindungsschichterkennungsprotokoll.

System Error:
Zugriff verweigert
.

Error: (05/30/2016 11:46:30 AM) (Source: Office 2016 Licensing Service) (EventID: 0) (User: )
Description: Subscription licensing service failed: -1073418220

Error: (05/29/2016 01:32:52 PM) (Source: Office 2016 Licensing Service) (EventID: 0) (User: )
Description: Subscription licensing service failed: -1073418220

Error: (05/28/2016 01:33:05 AM) (Source: Office 2016 Licensing Service) (EventID: 0) (User: )
Description: Subscription licensing service failed: -1073418220

Error: (05/27/2016 12:33:18 PM) (Source: Office 2016 Licensing Service) (EventID: 0) (User: )
Description: Subscription licensing service failed: -1073418220

Error: (05/26/2016 01:33:05 AM) (Source: Office 2016 Licensing Service) (EventID: 0) (User: )
Description: Subscription licensing service failed: -1073418220

Error: (05/25/2016 07:47:50 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 2235


Systemfehler:
=============
Error: (06/02/2016 01:33:37 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Synchronisierungshost_288608c7" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 10000 Millisekunden durchgeführt: Neustart des Diensts.

Error: (06/01/2016 03:00:41 PM) (Source: bowser) (EventID: 8003) (User: )
Description: Der Hauptsuchdienst erhielt eine Serverankündigung vom Computer "MORSTABLETPC",
der der Hauptsuchdienst der Domäne für den NetBT_Tcpip_{312FF9A3-939C-48DD-B62E-B5331522DA71}-Transport zu sein scheint.
Der Hauptsuchdienst wurde beendet oder es wird eine Auswahl erzwungen.

Error: (06/01/2016 01:35:17 PM) (Source: bowser) (EventID: 8003) (User: )
Description: Der Hauptsuchdienst erhielt eine Serverankündigung vom Computer "MORSTABLETPC",
der der Hauptsuchdienst der Domäne für den NetBT_Tcpip_{312FF9A3-939C-48DD-B62E-B5331522DA71}-Transport zu sein scheint.
Der Hauptsuchdienst wurde beendet oder es wird eine Auswahl erzwungen.

Error: (06/01/2016 02:22:34 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Synchronisierungshost_250872af" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 10000 Millisekunden durchgeführt: Neustart des Diensts.

Error: (05/31/2016 02:19:45 PM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT)
Description: AnwendungsspezifischLokalAktivierung{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}NT-AUTORITÄTLokaler DienstS-1-5-19LocalHost (unter Verwendung von LRPC)Nicht verfügbarNicht verfügbar

Error: (05/31/2016 02:19:45 PM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT)
Description: AnwendungsspezifischLokalAktivierung{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}NT-AUTORITÄTLokaler DienstS-1-5-19LocalHost (unter Verwendung von LRPC)Nicht verfügbarNicht verfügbar

Error: (05/31/2016 02:19:45 PM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT)
Description: AnwendungsspezifischLokalAktivierung{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}NT-AUTORITÄTLokaler DienstS-1-5-19LocalHost (unter Verwendung von LRPC)Nicht verfügbarNicht verfügbar

Error: (05/31/2016 02:19:45 PM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT)
Description: AnwendungsspezifischLokalAktivierung{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}NT-AUTORITÄTLokaler DienstS-1-5-19LocalHost (unter Verwendung von LRPC)Nicht verfügbarNicht verfügbar

Error: (05/31/2016 01:58:22 PM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT)
Description: AnwendungsspezifischLokalAktivierung{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}NT-AUTORITÄTLokaler DienstS-1-5-19LocalHost (unter Verwendung von LRPC)Nicht verfügbarNicht verfügbar

Error: (05/31/2016 01:58:22 PM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT)
Description: AnwendungsspezifischLokalAktivierung{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}NT-AUTORITÄTLokaler DienstS-1-5-19LocalHost (unter Verwendung von LRPC)Nicht verfügbarNicht verfügbar


CodeIntegrity:
===================================
  Date: 2016-05-29 00:56:16.335
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

  Date: 2016-05-20 21:08:41.736
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

  Date: 2016-05-20 20:57:52.376
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

  Date: 2016-05-13 11:33:23.196
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

  Date: 2016-05-12 14:30:35.295
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

  Date: 2016-04-28 16:14:43.577
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

  Date: 2016-04-20 13:08:23.635
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

  Date: 2016-04-15 15:20:39.078
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

  Date: 2016-04-15 09:54:02.790
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

  Date: 2016-04-14 01:18:31.200
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.


==================== Speicherinformationen =========================== 

Prozessor: Intel(R) Core(TM) i5-2500K CPU @ 3.30GHz
Prozentuale Nutzung des RAM: 27%
Installierter physikalischer RAM: 16355.32 MB
Verfügbarer physikalischer RAM: 11829.31 MB
Summe virtueller Speicher: 32739.32 MB
Verfügbarer virtueller Speicher: 27745.53 MB

==================== Laufwerke ================================

Drive c: () (Fixed) (Total:1862.48 GB) (Free:1743.63 GB) NTFS
Drive d: (Volume) (Fixed) (Total:931.51 GB) (Free:597.3 GB) NTFS ==>[System mit Startkomponenten (eingeholt von Laufwerk)]
Drive f: (Seagate Expansion Drive) (Fixed) (Total:1863.02 GB) (Free:904.96 GB) NTFS
Drive g: (TOSHIBA-MIN) (Fixed) (Total:111.76 GB) (Free:84.29 GB) FAT32

==================== MBR & Partitionstabelle ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 1863 GB) (Disk ID: DBE1EC3C)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=1862.5 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=450 MB) - (Type=27)

========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 0005D46D)
Partition 1: (Active) - (Size=931.5 GB) - (Type=07 NTFS)

========================================================
Disk: 2 (Size: 1863 GB) (Disk ID: 7B4EFDC8)
Partition 1: (Not Active) - (Size=1863 GB) - (Type=07 NTFS)

========================================================
Disk: 3 (Size: 111.8 GB) (Disk ID: 3E1ED0E5)
Partition 1: (Not Active) - (Size=111.8 GB) - (Type=0C)

==================== Ende von Addition.txt ============================
         

Alt 02.06.2016, 18:50   #5
markusg
/// Malware-holic
 
Verdacht auf Keylogger o.ä. - Vorgang? - Standard

Verdacht auf Keylogger o.ä. - Vorgang?



Hi, öffne mal avira, berichte bzw ereignisse und poste die aktuellen Fundmeldungen, das selbe bitte bei Malwarebytes.

__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 02.06.2016, 19:33   #6
Mors
 
Verdacht auf Keylogger o.ä. - Vorgang? - Standard

Verdacht auf Keylogger o.ä. - Vorgang?



Avira hat nur die inzwischen entfernte tr/spy.paux gefunden, siehe Log. Malwarebytes hat daraufhin gar nichts mehr gefunden.

Die Event-Beschreibung dazu von Avira sah so aus:
The pattern of 'TR/Spy.Gen (Cloud) [TR/Spy.Gen]'
detected in file 'C:\Windows\SysWOW64\mseuncern.dll.
Action performed: Deny access

Code:
ATTFilter
Free Antivirus
Report file date: Donnerstag, 2. Juni 2016  16:21


The program is running as an unrestricted full version.
Online services are available.

Licensee        : Free
Serial number   : 0000149996-AVHOE-0000001
Platform        : Windows 10 Home
Windows version : (plain)  [10.0.10586]
Boot mode       : Normally booted
Username        : Mors
Computer name   : MORS-PC

Version information:
build.dat       : 15.0.17.273    92152 Bytes  04.04.2016 17:07:00
AVSCAN.EXE      : 15.0.17.264  1258544 Bytes  10.05.2016 16:56:33
AVSCANRC.DLL    : 15.0.17.269    55480 Bytes  10.05.2016 16:56:33
LUKE.DLL        : 15.0.17.264    68864 Bytes  10.05.2016 16:56:40
AVSCPLR.DLL     : 15.0.17.264   130712 Bytes  10.05.2016 16:56:33
REPAIR.DLL      : 15.0.17.264   640544 Bytes  10.05.2016 16:56:32
repair.rdf      : 1.0.17.38    1627624 Bytes  01.06.2016 15:16:23
AVREG.DLL       : 15.0.17.264   350584 Bytes  10.05.2016 16:56:32
avlode.dll      : 15.0.17.264   722920 Bytes  10.05.2016 16:56:31
avlode.rdf      : 14.0.5.36      94056 Bytes  01.03.2016 15:45:29
XBV00010.VDF    : 8.12.37.66      2048 Bytes  17.12.2015 18:12:35
XBV00011.VDF    : 8.12.37.66      2048 Bytes  17.12.2015 18:12:35
XBV00012.VDF    : 8.12.37.66      2048 Bytes  17.12.2015 18:12:35
XBV00013.VDF    : 8.12.37.66      2048 Bytes  17.12.2015 18:12:36
XBV00014.VDF    : 8.12.37.66      2048 Bytes  17.12.2015 18:12:36
XBV00015.VDF    : 8.12.37.66      2048 Bytes  17.12.2015 18:12:36
XBV00016.VDF    : 8.12.37.66      2048 Bytes  17.12.2015 18:12:36
XBV00017.VDF    : 8.12.37.66      2048 Bytes  17.12.2015 18:12:36
XBV00018.VDF    : 8.12.37.66      2048 Bytes  17.12.2015 18:12:36
XBV00019.VDF    : 8.12.37.66      2048 Bytes  17.12.2015 18:12:36
XBV00020.VDF    : 8.12.37.66      2048 Bytes  17.12.2015 18:12:36
XBV00021.VDF    : 8.12.37.66      2048 Bytes  17.12.2015 18:12:36
XBV00022.VDF    : 8.12.37.66      2048 Bytes  17.12.2015 18:12:36
XBV00023.VDF    : 8.12.37.66      2048 Bytes  17.12.2015 18:12:36
XBV00024.VDF    : 8.12.37.66      2048 Bytes  17.12.2015 18:12:36
XBV00025.VDF    : 8.12.37.66      2048 Bytes  17.12.2015 18:12:36
XBV00026.VDF    : 8.12.37.66      2048 Bytes  17.12.2015 18:12:36
XBV00027.VDF    : 8.12.37.66      2048 Bytes  17.12.2015 18:12:36
XBV00028.VDF    : 8.12.37.66      2048 Bytes  17.12.2015 18:12:36
XBV00029.VDF    : 8.12.37.66      2048 Bytes  17.12.2015 18:12:36
XBV00030.VDF    : 8.12.37.66      2048 Bytes  17.12.2015 18:12:37
XBV00031.VDF    : 8.12.37.66      2048 Bytes  17.12.2015 18:12:37
XBV00032.VDF    : 8.12.37.66      2048 Bytes  17.12.2015 18:12:37
XBV00033.VDF    : 8.12.37.66      2048 Bytes  17.12.2015 18:12:37
XBV00034.VDF    : 8.12.37.66      2048 Bytes  17.12.2015 18:12:37
XBV00035.VDF    : 8.12.37.66      2048 Bytes  17.12.2015 18:12:37
XBV00036.VDF    : 8.12.37.66      2048 Bytes  17.12.2015 18:12:37
XBV00037.VDF    : 8.12.37.66      2048 Bytes  17.12.2015 18:12:37
XBV00038.VDF    : 8.12.37.66      2048 Bytes  17.12.2015 18:12:37
XBV00039.VDF    : 8.12.37.66      2048 Bytes  17.12.2015 18:12:37
XBV00040.VDF    : 8.12.37.66      2048 Bytes  17.12.2015 18:12:37
XBV00041.VDF    : 8.12.37.66      2048 Bytes  17.12.2015 18:12:37
XBV00083.VDF    : 8.12.95.102     2048 Bytes  28.05.2016 11:23:36
XBV00084.VDF    : 8.12.95.102     2048 Bytes  28.05.2016 11:23:36
XBV00085.VDF    : 8.12.95.102     2048 Bytes  28.05.2016 11:23:36
XBV00086.VDF    : 8.12.95.102     2048 Bytes  28.05.2016 11:23:36
XBV00087.VDF    : 8.12.95.102     2048 Bytes  28.05.2016 11:23:36
XBV00088.VDF    : 8.12.95.102     2048 Bytes  28.05.2016 11:23:36
XBV00089.VDF    : 8.12.95.102     2048 Bytes  28.05.2016 11:23:36
XBV00090.VDF    : 8.12.95.102     2048 Bytes  28.05.2016 11:23:36
XBV00091.VDF    : 8.12.95.102     2048 Bytes  28.05.2016 11:23:36
XBV00092.VDF    : 8.12.95.102     2048 Bytes  28.05.2016 11:23:36
XBV00093.VDF    : 8.12.95.102     2048 Bytes  28.05.2016 11:23:36
XBV00094.VDF    : 8.12.95.102     2048 Bytes  28.05.2016 11:23:36
XBV00095.VDF    : 8.12.95.102     2048 Bytes  28.05.2016 11:23:36
XBV00096.VDF    : 8.12.95.102     2048 Bytes  28.05.2016 11:23:36
XBV00097.VDF    : 8.12.95.102     2048 Bytes  28.05.2016 11:23:36
XBV00098.VDF    : 8.12.95.102     2048 Bytes  28.05.2016 11:23:36
XBV00099.VDF    : 8.12.95.102     2048 Bytes  28.05.2016 11:23:36
XBV00100.VDF    : 8.12.95.102     2048 Bytes  28.05.2016 11:23:36
XBV00101.VDF    : 8.12.95.102     2048 Bytes  28.05.2016 11:23:36
XBV00102.VDF    : 8.12.95.102     2048 Bytes  28.05.2016 11:23:36
XBV00103.VDF    : 8.12.95.102     2048 Bytes  28.05.2016 11:23:36
XBV00104.VDF    : 8.12.95.102     2048 Bytes  28.05.2016 11:23:36
XBV00105.VDF    : 8.12.95.102     2048 Bytes  28.05.2016 11:23:36
XBV00106.VDF    : 8.12.95.102     2048 Bytes  28.05.2016 11:23:36
XBV00107.VDF    : 8.12.95.102     2048 Bytes  28.05.2016 11:23:36
XBV00108.VDF    : 8.12.95.102     2048 Bytes  28.05.2016 11:23:36
XBV00109.VDF    : 8.12.95.102     2048 Bytes  28.05.2016 11:23:36
XBV00110.VDF    : 8.12.95.102     2048 Bytes  28.05.2016 11:23:36
XBV00111.VDF    : 8.12.95.102     2048 Bytes  28.05.2016 11:23:37
XBV00112.VDF    : 8.12.95.102     2048 Bytes  28.05.2016 11:23:37
XBV00113.VDF    : 8.12.95.102     2048 Bytes  28.05.2016 11:23:37
XBV00114.VDF    : 8.12.95.102     2048 Bytes  28.05.2016 11:23:37
XBV00115.VDF    : 8.12.95.102     2048 Bytes  28.05.2016 11:23:37
XBV00116.VDF    : 8.12.95.102     2048 Bytes  28.05.2016 11:23:37
XBV00117.VDF    : 8.12.95.102     2048 Bytes  28.05.2016 11:23:37
XBV00118.VDF    : 8.12.95.102     2048 Bytes  28.05.2016 11:23:37
XBV00119.VDF    : 8.12.95.102     2048 Bytes  28.05.2016 11:23:37
XBV00120.VDF    : 8.12.95.102     2048 Bytes  28.05.2016 11:23:37
XBV00121.VDF    : 8.12.95.102     2048 Bytes  28.05.2016 11:23:37
XBV00122.VDF    : 8.12.95.102     2048 Bytes  28.05.2016 11:23:37
XBV00123.VDF    : 8.12.95.102     2048 Bytes  28.05.2016 11:23:37
XBV00124.VDF    : 8.12.95.102     2048 Bytes  28.05.2016 11:23:37
XBV00125.VDF    : 8.12.95.102     2048 Bytes  28.05.2016 11:23:37
XBV00126.VDF    : 8.12.95.102     2048 Bytes  28.05.2016 11:23:37
XBV00127.VDF    : 8.12.95.102     2048 Bytes  28.05.2016 11:23:37
XBV00128.VDF    : 8.12.95.102     2048 Bytes  28.05.2016 11:23:37
XBV00129.VDF    : 8.12.95.102     2048 Bytes  28.05.2016 11:23:37
XBV00130.VDF    : 8.12.95.102     2048 Bytes  28.05.2016 11:23:37
XBV00131.VDF    : 8.12.95.102     2048 Bytes  28.05.2016 11:23:37
XBV00132.VDF    : 8.12.95.102     2048 Bytes  28.05.2016 11:23:37
XBV00133.VDF    : 8.12.95.102     2048 Bytes  28.05.2016 11:23:37
XBV00134.VDF    : 8.12.95.102     2048 Bytes  28.05.2016 11:23:37
XBV00135.VDF    : 8.12.95.102     2048 Bytes  28.05.2016 11:23:37
XBV00136.VDF    : 8.12.95.102     2048 Bytes  28.05.2016 11:23:37
XBV00137.VDF    : 8.12.95.102     2048 Bytes  28.05.2016 11:23:37
XBV00138.VDF    : 8.12.95.102     2048 Bytes  28.05.2016 11:23:37
XBV00139.VDF    : 8.12.95.102     2048 Bytes  28.05.2016 11:23:37
XBV00140.VDF    : 8.12.95.102     2048 Bytes  28.05.2016 11:23:37
XBV00141.VDF    : 8.12.95.102     2048 Bytes  28.05.2016 11:23:37
XBV00142.VDF    : 8.12.95.102     2048 Bytes  28.05.2016 11:23:37
XBV00143.VDF    : 8.12.95.102     2048 Bytes  28.05.2016 11:23:37
XBV00144.VDF    : 8.12.95.102     2048 Bytes  28.05.2016 11:23:37
XBV00145.VDF    : 8.12.95.102     2048 Bytes  28.05.2016 11:23:37
XBV00146.VDF    : 8.12.95.102     2048 Bytes  28.05.2016 11:23:37
XBV00147.VDF    : 8.12.95.102     2048 Bytes  28.05.2016 11:23:37
XBV00148.VDF    : 8.12.95.102     2048 Bytes  28.05.2016 11:23:37
XBV00149.VDF    : 8.12.95.102     2048 Bytes  28.05.2016 11:23:37
XBV00150.VDF    : 8.12.95.102     2048 Bytes  28.05.2016 11:23:37
XBV00151.VDF    : 8.12.95.102     2048 Bytes  28.05.2016 11:23:37
XBV00152.VDF    : 8.12.95.102     2048 Bytes  28.05.2016 11:23:37
XBV00153.VDF    : 8.12.95.102     2048 Bytes  28.05.2016 11:23:38
XBV00154.VDF    : 8.12.95.102     2048 Bytes  28.05.2016 11:23:38
XBV00155.VDF    : 8.12.95.102     2048 Bytes  28.05.2016 11:23:38
XBV00156.VDF    : 8.12.95.102     2048 Bytes  28.05.2016 11:23:38
XBV00157.VDF    : 8.12.95.102     2048 Bytes  28.05.2016 11:23:38
XBV00158.VDF    : 8.12.95.102     2048 Bytes  28.05.2016 11:23:38
XBV00159.VDF    : 8.12.95.102     2048 Bytes  28.05.2016 11:23:38
XBV00160.VDF    : 8.12.95.102     2048 Bytes  28.05.2016 11:23:38
XBV00161.VDF    : 8.12.95.102     2048 Bytes  28.05.2016 11:23:38
XBV00162.VDF    : 8.12.95.102     2048 Bytes  28.05.2016 11:23:38
XBV00163.VDF    : 8.12.95.102     2048 Bytes  28.05.2016 11:23:38
XBV00164.VDF    : 8.12.95.102     2048 Bytes  28.05.2016 11:23:38
XBV00165.VDF    : 8.12.95.102     2048 Bytes  28.05.2016 11:23:38
XBV00166.VDF    : 8.12.95.102     2048 Bytes  28.05.2016 11:23:38
XBV00167.VDF    : 8.12.95.102     2048 Bytes  28.05.2016 11:23:38
XBV00168.VDF    : 8.12.95.102     2048 Bytes  28.05.2016 11:23:38
XBV00169.VDF    : 8.12.95.102     2048 Bytes  28.05.2016 11:23:38
XBV00170.VDF    : 8.12.95.102     2048 Bytes  28.05.2016 11:23:38
XBV00171.VDF    : 8.12.95.102     2048 Bytes  28.05.2016 11:23:38
XBV00172.VDF    : 8.12.95.102     2048 Bytes  28.05.2016 11:23:38
XBV00173.VDF    : 8.12.95.102     2048 Bytes  28.05.2016 11:23:38
XBV00174.VDF    : 8.12.95.102     2048 Bytes  28.05.2016 11:23:38
XBV00175.VDF    : 8.12.95.102     2048 Bytes  28.05.2016 11:23:38
XBV00176.VDF    : 8.12.95.102     2048 Bytes  28.05.2016 11:23:38
XBV00177.VDF    : 8.12.95.102     2048 Bytes  28.05.2016 11:23:38
XBV00178.VDF    : 8.12.95.102     2048 Bytes  28.05.2016 11:23:38
XBV00179.VDF    : 8.12.95.102     2048 Bytes  28.05.2016 11:23:38
XBV00180.VDF    : 8.12.95.102     2048 Bytes  28.05.2016 11:23:38
XBV00181.VDF    : 8.12.95.102     2048 Bytes  28.05.2016 11:23:38
XBV00182.VDF    : 8.12.95.102     2048 Bytes  28.05.2016 11:23:38
XBV00183.VDF    : 8.12.95.102     2048 Bytes  28.05.2016 11:23:38
XBV00184.VDF    : 8.12.95.102     2048 Bytes  28.05.2016 11:23:38
XBV00185.VDF    : 8.12.95.102     2048 Bytes  28.05.2016 11:23:38
XBV00186.VDF    : 8.12.95.102     2048 Bytes  28.05.2016 11:23:38
XBV00187.VDF    : 8.12.95.102     2048 Bytes  28.05.2016 11:23:38
XBV00188.VDF    : 8.12.95.102     2048 Bytes  28.05.2016 11:23:38
XBV00189.VDF    : 8.12.95.102     2048 Bytes  28.05.2016 11:23:38
XBV00190.VDF    : 8.12.95.102     2048 Bytes  28.05.2016 11:23:38
XBV00191.VDF    : 8.12.95.102     2048 Bytes  28.05.2016 11:23:38
XBV00192.VDF    : 8.12.95.102     2048 Bytes  28.05.2016 11:23:38
XBV00193.VDF    : 8.12.95.102     2048 Bytes  28.05.2016 11:23:38
XBV00194.VDF    : 8.12.95.102     2048 Bytes  28.05.2016 11:23:38
XBV00195.VDF    : 8.12.95.102     2048 Bytes  28.05.2016 11:23:38
XBV00196.VDF    : 8.12.95.102     2048 Bytes  28.05.2016 11:23:38
XBV00197.VDF    : 8.12.95.102     2048 Bytes  28.05.2016 11:23:39
XBV00198.VDF    : 8.12.95.102     2048 Bytes  28.05.2016 11:23:39
XBV00199.VDF    : 8.12.95.102     2048 Bytes  28.05.2016 11:23:39
XBV00200.VDF    : 8.12.95.102     2048 Bytes  28.05.2016 11:23:39
XBV00201.VDF    : 8.12.95.102     2048 Bytes  28.05.2016 11:23:39
XBV00202.VDF    : 8.12.95.102     2048 Bytes  28.05.2016 11:23:39
XBV00203.VDF    : 8.12.95.102     2048 Bytes  28.05.2016 11:23:39
XBV00204.VDF    : 8.12.95.102     2048 Bytes  28.05.2016 11:23:39
XBV00205.VDF    : 8.12.95.102     2048 Bytes  28.05.2016 11:23:39
XBV00206.VDF    : 8.12.95.102     2048 Bytes  28.05.2016 11:23:39
XBV00207.VDF    : 8.12.95.102     2048 Bytes  28.05.2016 11:23:39
XBV00208.VDF    : 8.12.95.102     2048 Bytes  28.05.2016 11:23:39
XBV00209.VDF    : 8.12.95.102     2048 Bytes  28.05.2016 11:23:39
XBV00210.VDF    : 8.12.95.102     2048 Bytes  28.05.2016 11:23:39
XBV00211.VDF    : 8.12.95.102     2048 Bytes  28.05.2016 11:23:39
XBV00212.VDF    : 8.12.95.102     2048 Bytes  28.05.2016 11:23:39
XBV00213.VDF    : 8.12.95.102     2048 Bytes  28.05.2016 11:23:39
XBV00214.VDF    : 8.12.95.102     2048 Bytes  28.05.2016 11:23:39
XBV00215.VDF    : 8.12.95.102     2048 Bytes  28.05.2016 11:23:39
XBV00216.VDF    : 8.12.95.102     2048 Bytes  28.05.2016 11:23:39
XBV00217.VDF    : 8.12.95.102     2048 Bytes  28.05.2016 11:23:39
XBV00218.VDF    : 8.12.95.102     2048 Bytes  28.05.2016 11:23:39
XBV00219.VDF    : 8.12.95.102     2048 Bytes  28.05.2016 11:23:39
XBV00220.VDF    : 8.12.95.102     2048 Bytes  28.05.2016 11:23:39
XBV00221.VDF    : 8.12.95.102     2048 Bytes  28.05.2016 11:23:39
XBV00222.VDF    : 8.12.95.102     2048 Bytes  28.05.2016 11:23:39
XBV00223.VDF    : 8.12.95.102     2048 Bytes  28.05.2016 11:23:39
XBV00224.VDF    : 8.12.95.102     2048 Bytes  28.05.2016 11:23:39
XBV00225.VDF    : 8.12.95.102     2048 Bytes  28.05.2016 11:23:39
XBV00226.VDF    : 8.12.95.102     2048 Bytes  28.05.2016 11:23:39
XBV00227.VDF    : 8.12.95.102     2048 Bytes  28.05.2016 11:23:39
XBV00228.VDF    : 8.12.95.102     2048 Bytes  28.05.2016 11:23:39
XBV00229.VDF    : 8.12.95.102     2048 Bytes  28.05.2016 11:23:39
XBV00230.VDF    : 8.12.95.102     2048 Bytes  28.05.2016 11:23:39
XBV00231.VDF    : 8.12.95.102     2048 Bytes  28.05.2016 11:23:39
XBV00232.VDF    : 8.12.95.102     2048 Bytes  28.05.2016 11:23:39
XBV00233.VDF    : 8.12.95.102     2048 Bytes  28.05.2016 11:23:39
XBV00234.VDF    : 8.12.95.102     2048 Bytes  28.05.2016 11:23:39
XBV00235.VDF    : 8.12.95.102     2048 Bytes  28.05.2016 11:23:39
XBV00236.VDF    : 8.12.95.102     2048 Bytes  28.05.2016 11:23:39
XBV00237.VDF    : 8.12.95.102     2048 Bytes  28.05.2016 11:23:39
XBV00238.VDF    : 8.12.95.102     2048 Bytes  28.05.2016 11:23:39
XBV00239.VDF    : 8.12.95.102     2048 Bytes  28.05.2016 11:23:39
XBV00240.VDF    : 8.12.95.102     2048 Bytes  28.05.2016 11:23:39
XBV00241.VDF    : 8.12.95.102     2048 Bytes  28.05.2016 11:23:40
XBV00242.VDF    : 8.12.95.102     2048 Bytes  28.05.2016 11:23:40
XBV00243.VDF    : 8.12.95.102     2048 Bytes  28.05.2016 11:23:40
XBV00244.VDF    : 8.12.95.102     2048 Bytes  28.05.2016 11:23:40
XBV00245.VDF    : 8.12.95.102     2048 Bytes  28.05.2016 11:23:40
XBV00246.VDF    : 8.12.95.102     2048 Bytes  28.05.2016 11:23:40
XBV00247.VDF    : 8.12.95.102     2048 Bytes  28.05.2016 11:23:40
XBV00248.VDF    : 8.12.95.102     2048 Bytes  28.05.2016 11:23:40
XBV00249.VDF    : 8.12.95.102     2048 Bytes  28.05.2016 11:23:40
XBV00250.VDF    : 8.12.95.102     2048 Bytes  28.05.2016 11:23:40
XBV00251.VDF    : 8.12.95.102     2048 Bytes  28.05.2016 11:23:40
XBV00252.VDF    : 8.12.95.102     2048 Bytes  28.05.2016 11:23:40
XBV00253.VDF    : 8.12.95.102     2048 Bytes  28.05.2016 11:23:40
XBV00254.VDF    : 8.12.95.102     2048 Bytes  28.05.2016 11:23:40
XBV00255.VDF    : 8.12.95.102     2048 Bytes  28.05.2016 11:23:40
XBV00000.VDF    : 7.11.70.0   66736640 Bytes  04.04.2013 14:25:02
XBV00001.VDF    : 7.11.237.0  48041984 Bytes  02.06.2015 18:12:16
XBV00002.VDF    : 7.12.37.36  16452096 Bytes  17.12.2015 18:12:28
XBV00003.VDF    : 8.12.44.142  3948032 Bytes  09.01.2016 18:12:32
XBV00004.VDF    : 8.12.52.208  4036096 Bytes  02.02.2016 18:12:35
XBV00005.VDF    : 8.12.62.184  2779136 Bytes  26.02.2016 18:25:13
XBV00006.VDF    : 8.12.71.186  2191360 Bytes  19.03.2016 17:36:03
XBV00007.VDF    : 8.12.80.192  3617280 Bytes  13.04.2016 10:17:06
XBV00008.VDF    : 8.12.88.34   4358144 Bytes  06.05.2016 08:35:29
XBV00009.VDF    : 8.12.95.102  4861952 Bytes  28.05.2016 11:23:35
XBV00042.VDF    : 8.12.95.104   110080 Bytes  29.05.2016 11:23:35
XBV00043.VDF    : 8.12.95.122     9728 Bytes  29.05.2016 11:23:35
XBV00044.VDF    : 8.12.95.140    12288 Bytes  29.05.2016 13:23:32
XBV00045.VDF    : 8.12.95.158    17920 Bytes  29.05.2016 15:23:34
XBV00046.VDF    : 8.12.95.176    88576 Bytes  30.05.2016 09:00:33
XBV00047.VDF    : 8.12.95.194     5120 Bytes  30.05.2016 09:00:33
XBV00048.VDF    : 8.12.95.212     2048 Bytes  30.05.2016 09:00:33
XBV00049.VDF    : 8.12.95.230    11264 Bytes  30.05.2016 09:00:33
XBV00050.VDF    : 8.12.95.232     9216 Bytes  30.05.2016 09:00:33
XBV00051.VDF    : 8.12.95.234     8704 Bytes  30.05.2016 11:00:26
XBV00052.VDF    : 8.12.95.236     9728 Bytes  30.05.2016 11:00:26
XBV00053.VDF    : 8.12.95.240   123904 Bytes  30.05.2016 08:45:24
XBV00054.VDF    : 8.12.95.242    40448 Bytes  30.05.2016 08:45:24
XBV00055.VDF    : 8.12.95.244     2048 Bytes  30.05.2016 08:45:24
XBV00056.VDF    : 8.12.95.246     2048 Bytes  30.05.2016 08:45:24
XBV00057.VDF    : 8.12.95.248     2048 Bytes  30.05.2016 08:45:24
XBV00058.VDF    : 8.12.96.12    186880 Bytes  31.05.2016 08:45:24
XBV00059.VDF    : 8.12.96.28     12800 Bytes  31.05.2016 08:45:24
XBV00060.VDF    : 8.12.96.44     14336 Bytes  31.05.2016 08:45:24
XBV00061.VDF    : 8.12.96.60     17920 Bytes  31.05.2016 12:58:27
XBV00062.VDF    : 8.12.96.76     20992 Bytes  31.05.2016 12:58:27
XBV00063.VDF    : 8.12.96.94     55808 Bytes  31.05.2016 16:58:26
XBV00064.VDF    : 8.12.96.96      2048 Bytes  31.05.2016 16:58:26
XBV00065.VDF    : 8.12.96.98     18944 Bytes  31.05.2016 18:58:30
XBV00066.VDF    : 8.12.96.100    24064 Bytes  31.05.2016 22:58:30
XBV00067.VDF    : 8.12.96.102    12288 Bytes  31.05.2016 22:58:30
XBV00068.VDF    : 8.12.96.120    64512 Bytes  01.06.2016 09:16:27
XBV00069.VDF    : 8.12.96.136     8704 Bytes  01.06.2016 09:16:27
XBV00070.VDF    : 8.12.96.152    11776 Bytes  01.06.2016 09:16:27
XBV00071.VDF    : 8.12.96.168    17408 Bytes  01.06.2016 09:16:27
XBV00072.VDF    : 8.12.96.170    11264 Bytes  01.06.2016 11:16:21
XBV00073.VDF    : 8.12.96.174    72192 Bytes  01.06.2016 17:16:21
XBV00074.VDF    : 8.12.96.176    20992 Bytes  01.06.2016 19:16:22
XBV00075.VDF    : 8.12.96.178    15872 Bytes  01.06.2016 19:16:22
XBV00076.VDF    : 8.12.96.180     7680 Bytes  01.06.2016 21:16:21
XBV00077.VDF    : 8.12.96.182    10240 Bytes  01.06.2016 23:16:21
XBV00078.VDF    : 8.12.96.186    23040 Bytes  02.06.2016 14:10:50
XBV00079.VDF    : 8.12.96.188     5120 Bytes  02.06.2016 14:10:50
XBV00080.VDF    : 8.12.96.190     5632 Bytes  02.06.2016 14:10:50
XBV00081.VDF    : 8.12.96.192    20992 Bytes  02.06.2016 14:10:50
XBV00082.VDF    : 8.12.96.194    15872 Bytes  02.06.2016 14:10:50
LOCAL000.VDF    : 8.12.96.194 160039936 Bytes  02.06.2016 14:11:07
Engine version  : 8.3.40.32 
AEBB.DLL        : 8.1.3.0        59296 Bytes  03.12.2015 14:24:25
AECORE.DLL      : 8.3.12.4      247720 Bytes  21.03.2016 13:23:06
AECRYPTO.DLL    : 8.2.0.2       128936 Bytes  12.05.2016 12:27:44
AEDROID.DLL     : 8.4.3.362    2717608 Bytes  29.04.2016 11:33:29
AEEMU.DLL       : 8.1.3.8       404328 Bytes  18.03.2016 11:31:25
AEEXP.DLL       : 8.4.2.182     305064 Bytes  01.06.2016 13:16:20
AEGEN.DLL       : 8.1.8.116     547696 Bytes  24.05.2016 10:21:16
AEHELP.DLL      : 8.3.2.10      284584 Bytes  15.02.2016 13:00:39
AEHEUR.DLL      : 8.1.4.2316  10283888 Bytes  27.05.2016 10:24:08
AELIBINF.DLL    : 8.2.1.4        68464 Bytes  12.05.2016 12:27:44
AEMOBILE.DLL    : 8.1.8.10      301936 Bytes  03.12.2015 14:24:25
AEOFFICE.DLL    : 8.3.3.36      473968 Bytes  02.06.2016 14:10:50
AEPACK.DLL      : 8.4.2.14      805744 Bytes  31.03.2016 11:22:29
AERDL.DLL       : 8.2.1.42      813928 Bytes  18.03.2016 11:31:26
AESBX.DLL       : 8.2.21.4     1629032 Bytes  16.03.2016 12:40:25
AESCN.DLL       : 8.3.4.6       141216 Bytes  08.05.2016 08:35:27
AESCRIPT.DLL    : 8.3.0.150     617328 Bytes  02.06.2016 14:10:50
AEVDF.DLL       : 8.3.3.4       142184 Bytes  21.03.2016 13:23:07
AVWINLL.DLL     : 15.0.17.264    27680 Bytes  10.05.2016 16:56:29
AVPREF.DLL      : 15.0.17.264    53944 Bytes  10.05.2016 16:56:32
AVREP.DLL       : 15.0.17.264   223400 Bytes  10.05.2016 16:56:32
AVARKT.DLL      : 15.0.17.264   230080 Bytes  10.05.2016 16:56:30
AVEVTLOG.DLL    : 15.0.17.264   202776 Bytes  10.05.2016 16:56:30
SQLITE3.DLL     : 15.0.17.264   459752 Bytes  10.05.2016 16:56:41
AVSMTP.DLL      : 15.0.17.264    80200 Bytes  10.05.2016 16:56:33
NETNT.DLL       : 15.0.17.264    16880 Bytes  10.05.2016 16:56:40
CommonImageRc.dll: 15.0.17.269  4307832 Bytes  10.05.2016 16:56:29
CommonTextRc.dll: 15.0.17.269    68352 Bytes  10.05.2016 16:56:29

Configuration settings for the scan:
Jobname.............................: Scan for rootkits
Configuration file..................: C:\ProgramData\Avira\Antivirus\PROFILES\rootkit.avp
Reporting...........................: default
Primary action......................: Interactive
Secondary action....................: Ignore
Scan master boot sector.............: on
Scan boot sector....................: on
Process scan........................: on
Extended process scan...............: on
Scan registry.......................: on
Search for rootkits.................: on
Integrity checking of system files..: off
Scan all files......................: All files
Scan archives.......................: on
Limit recursion depth...............: 20
Smart extensions....................: on
Macrovirus heuristic................: on
File heuristic......................: Complete
Skipped files.......................: 

Start of the scan: Donnerstag, 2. Juni 2016  16:21

Starting search for hidden objects.

The scan of running processes will be started:
Scan process 'svchost.exe' - '74' Module(s) have been scanned
Scan process 'svchost.exe' - '31' Module(s) have been scanned
Scan process 'svchost.exe' - '245' Module(s) have been scanned
Scan process 'svchost.exe' - '108' Module(s) have been scanned
Scan process 'svchost.exe' - '119' Module(s) have been scanned
Scan process 'svchost.exe' - '55' Module(s) have been scanned
Scan process 'svchost.exe' - '108' Module(s) have been scanned
Scan process 'svchost.exe' - '80' Module(s) have been scanned
Scan process 'svchost.exe' - '93' Module(s) have been scanned
Scan process 'WUDFHost.exe' - '31' Module(s) have been scanned
Scan process 'dashost.exe' - '60' Module(s) have been scanned
Scan process 'nvvsvc.exe' - '32' Module(s) have been scanned
Scan process 'spoolsv.exe' - '92' Module(s) have been scanned
Scan process 'sched.exe' - '77' Module(s) have been scanned
Scan process 'GfExperienceService.exe' - '46' Module(s) have been scanned
Scan process 'mDNSResponder.exe' - '29' Module(s) have been scanned
Scan process 'svchost.exe' - '91' Module(s) have been scanned
Scan process 'AppleMobileDeviceService.exe' - '60' Module(s) have been scanned
Scan process 'avguard.exe' - '135' Module(s) have been scanned
Scan process 'NvStreamService.exe' - '56' Module(s) have been scanned
Scan process 'svchost.exe' - '40' Module(s) have been scanned
Scan process 'LiveUpdate.exe' - '56' Module(s) have been scanned
Scan process 'NvNetworkService.exe' - '55' Module(s) have been scanned
Scan process 'WsAppService.exe' - '69' Module(s) have been scanned
Scan process 'armsvc.exe' - '32' Module(s) have been scanned
Scan process 'schedul2.exe' - '41' Module(s) have been scanned
Scan process 'app_updater.exe' - '60' Module(s) have been scanned
Scan process 'svchost.exe' - '28' Module(s) have been scanned
Scan process 'avshadow.exe' - '25' Module(s) have been scanned
Scan process 'NvStreamNetworkService.exe' - '64' Module(s) have been scanned
Scan process 'iPodService.exe' - '28' Module(s) have been scanned
Scan process 'OfficeClickToRun.exe' - '107' Module(s) have been scanned
Scan process 'SearchIndexer.exe' - '55' Module(s) have been scanned
Scan process 'Avira.ServiceHost.exe' - '119' Module(s) have been scanned
Scan process 'svchost.exe' - '26' Module(s) have been scanned
Scan process 'dwm.exe' - '47' Module(s) have been scanned
Scan process 'nvxdsync.exe' - '60' Module(s) have been scanned
Scan process 'nvvsvc.exe' - '49' Module(s) have been scanned
Scan process 'RuntimeBroker.exe' - '101' Module(s) have been scanned
Scan process 'sihost.exe' - '56' Module(s) have been scanned
Scan process 'Monitor.exe' - '69' Module(s) have been scanned
Scan process 'taskhostw.exe' - '40' Module(s) have been scanned
Scan process 'Explorer.EXE' - '227' Module(s) have been scanned
Scan process 'ShellExperienceHost.exe' - '115' Module(s) have been scanned
Scan process 'SearchUI.exe' - '121' Module(s) have been scanned
Scan process 'nvtray.exe' - '51' Module(s) have been scanned
Scan process 'NvBackend.exe' - '63' Module(s) have been scanned
Scan process 'RtkNGUI64.exe' - '57' Module(s) have been scanned
Scan process 'schedhlp.exe' - '31' Module(s) have been scanned
Scan process 'OneDrive.exe' - '85' Module(s) have been scanned
Scan process 'TalkHelper.exe' - '81' Module(s) have been scanned
Scan process 'nusb3mon.exe' - '38' Module(s) have been scanned
Scan process 'avgnt.exe' - '107' Module(s) have been scanned
Scan process 'Dropbox.exe' - '187' Module(s) have been scanned
Scan process 'adm_tray.exe' - '48' Module(s) have been scanned
Scan process 'Avira.Systray.exe' - '134' Module(s) have been scanned
Scan process 'LWS.exe' - '54' Module(s) have been scanned
Scan process 'CameraHelperShell.exe' - '74' Module(s) have been scanned
Scan process 'jusched.exe' - '42' Module(s) have been scanned
Scan process 'NvStreamUserAgent.exe' - '66' Module(s) have been scanned
Scan process 'conhost.exe' - '31' Module(s) have been scanned
Scan process 'wmiprvse.exe' - '31' Module(s) have been scanned
Scan process 'wmiprvse.exe' - '25' Module(s) have been scanned
Scan process 'UninstallMonitor.exe' - '62' Module(s) have been scanned
Scan process 'svchost.exe' - '56' Module(s) have been scanned
Scan process 'avcenter.exe' - '146' Module(s) have been scanned
Scan process 'SkypeHost.exe' - '51' Module(s) have been scanned
Scan process 'jucheck.exe' - '63' Module(s) have been scanned
Scan process 'avscan.exe' - '75' Module(s) have been scanned
Scan process 'avscan.exe' - '117' Module(s) have been scanned
Scan process 'vssvc.exe' - '32' Module(s) have been scanned
Scan process 'taskeng.exe' - '19' Module(s) have been scanned
Scan process 'wmiprvse.exe' - '61' Module(s) have been scanned
Scan process 'chrome.exe' - '107' Module(s) have been scanned
Scan process 'chrome.exe' - '35' Module(s) have been scanned
Scan process 'chrome.exe' - '76' Module(s) have been scanned
Scan process 'chrome.exe' - '55' Module(s) have been scanned
Scan process 'chrome.exe' - '55' Module(s) have been scanned
Scan process 'chrome.exe' - '55' Module(s) have been scanned
Scan process 'chrome.exe' - '55' Module(s) have been scanned
Scan process 'chrome.exe' - '55' Module(s) have been scanned
Scan process 'chrome.exe' - '55' Module(s) have been scanned
Scan process 'chrome.exe' - '55' Module(s) have been scanned
Scan process 'chrome.exe' - '55' Module(s) have been scanned
Scan process 'chrome.exe' - '55' Module(s) have been scanned
Scan process 'SearchProtocolHost.exe' - '23' Module(s) have been scanned
Scan process 'SearchFilterHost.exe' - '20' Module(s) have been scanned
Scan process 'TrustedInstaller.exe' - '19' Module(s) have been scanned
Scan process 'TiWorker.exe' - '41' Module(s) have been scanned
Scan process 'SearchProtocolHost.exe' - '24' Module(s) have been scanned
Scan process 'lsass.exe' - '82' Module(s) have been scanned
Scan process 'WinLogon.exe' - '36' Module(s) have been scanned

Starting to scan executable files (registry):
The registry was scanned ( '1979' files ).


Starting the file scan:

Begin scan in 'C:'
C:\Windows\SysWOW64\mseuncern.dll
  [DETECTION] Is the TR/Spy.paux Trojan

Beginning disinfection:
C:\Windows\SysWOW64\mseuncern.dll
  [DETECTION] Is the TR/Spy.paux Trojan
  [NOTE]      The file was moved to the quarantine directory under the name '47bdd20b.qua'!


End of the scan: Donnerstag, 2. Juni 2016  17:46
Used time:  1:17:02 Hour(s)

The scan has been done completely.

  38562 Scanned directories
 1082530 Files were scanned
      1 Viruses and/or unwanted programs were found
      0 Files were classified as suspicious
      0 Files were deleted
      0 Viruses and unwanted programs were repaired
      1 Files were moved to quarantine
      0 Files were renamed
      0 Files cannot be scanned
 1082529 Files not concerned
   8297 Archives were scanned
      0 Warnings
      1 Notes
 1081126 Objects were scanned with rootkit scan
      0 Hidden objects were found
         

Alt 02.06.2016, 19:41   #7
markusg
/// Malware-holic
 
Verdacht auf Keylogger o.ä. - Vorgang? - Standard

Verdacht auf Keylogger o.ä. - Vorgang?



Ok, Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 02.06.2016, 20:16   #8
Mors
 
Verdacht auf Keylogger o.ä. - Vorgang? - Standard

Verdacht auf Keylogger o.ä. - Vorgang?



Hier der AdwCleaner-Log:
Ich sag jetzt schon mal danke für die tolle Hilfe!

Code:
ATTFilter
# AdwCleaner v5.119 - Bericht erstellt am 02/06/2016 um 20:53:33
# Aktualisiert am 30/05/2016 von Xplode
# Datenbank : 2016-05-30.3 [Server]
# Betriebssystem : Windows 10 Home  (X64)
# Benutzername : Mors - MORS-PC
# Gestartet von : C:\Users\Mors\Desktop\AdwCleaner_5.119.exe
# Option : Löschen
# Unterstützung : hxxp://toolslib.net/forum

***** [ Dienste ] *****


***** [ Ordner ] *****

[-] Ordner gelöscht : C:\Program Files (x86)\Startfenster

***** [ Dateien ] *****

[-] Datei gelöscht : C:\Users\Mors\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_st.chatango.com_0.localstorage

***** [ DLLs ] *****


***** [ WMI ] *****


***** [ Verknüpfungen ] *****


***** [ Aufgabenplanung ] *****


***** [ Registrierungsdatenbank ] *****

[-] Schlüssel gelöscht : HKLM\SOFTWARE\Classes\f
[-] Schlüssel gelöscht : HKLM\SOFTWARE\Classes\CLSID\{1663C10B-0D55-438D-8496-19A3DBAEC0E4}
[-] Schlüssel gelöscht : HKLM\SOFTWARE\Classes\CLSID\{A43DE495-3D00-47D4-9D2C-303115707939}
[-] Schlüssel gelöscht : HKLM\SOFTWARE\Classes\CLSID\{BA0C978D-D909-49B6-AFE2-8BDE245DC7E6}
[-] Schlüssel gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BA0C978D-D909-49B6-AFE2-8BDE245DC7E6}
[-] Schlüssel gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{BA0C978D-D909-49B6-AFE2-8BDE245DC7E6}
[-] Schlüssel gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{10921475-03CE-4E04-90CE-E2E7EF20C814}
[-] Schlüssel gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{BA0C978D-D909-49B6-AFE2-8BDE245DC7E6}
[-] Schlüssel gelöscht : HKCU\Software\OCS
[-] Schlüssel gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Startfenster
[-] Schlüssel gelöscht : HKU\S-1-5-21-211363319-1696189197-2757610549-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\OCS
[-] Schlüssel gelöscht : HKU\S-1-5-21-211363319-1696189197-2757610549-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\Software\OCS

***** [ Internetbrowser ] *****

[-] [C:\Users\Mors\AppData\Roaming\Mozilla\Firefox\Profiles\wcG1AlNQ.default\prefs.js] gelöscht : user_pref("network.hxxp.request.max-start-delay", 0);
[-] [C:\Users\Mors\AppData\Roaming\Mozilla\Firefox\Profiles\wcG1AlNQ.default\user.js] gelöscht : user_pref("network.hxxp.request.max-start-delay", 0);
[-] [C:\Users\Mors\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] gelöscht : mystartsearch
[-] [C:\Users\Mors\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] gelöscht : mystartsearch.com
[-] [C:\Users\Mors\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Startup_URLs] gelöscht : hxxp://www.mystartsearch.com/?type=hp&ts=1432935206&z=ed0a286dd3fc1274bc87d32g6zec7o0t2c8w5o6eez&from=cor&uid=SAMSUNGXHD103SJ_S246J1KZ318475
[-] [C:\Users\Mors\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Startup_URLs] gelöscht : hxxp://www.mystartsearch.com/?type=hp&ts=1433966823&z=b1b642dfdcc8f0a536b1419gbz0c5cat7qfq5b1o6o&from=cor&uid=WDCXWD20EZRX-00D8PB0_WD-WCC4N3EHCHULHCHUL
[-] [C:\Users\Mors\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Homepage] gelöscht : hxxp://www.mystartsearch.com/?type=hp&ts=1432935206&z=ed0a286dd3fc1274bc87d32g6zec7o0t2c8w5o6eez&from=cor&uid=SAMSUNGXHD103SJ_S246J1KZ318475

*************************

:: "Tracing" Schlüssel gelöscht
:: Proxy Einstellungen zurückgesetzt
:: Winsock Einstellungen zurückgesetzt
:: Internet Explorer Richtlinien gelöscht
:: Chrome Richtlinien gelöscht

*************************

C:\AdwCleaner\AdwCleaner[C1].txt - [3674 Bytes] - [02/06/2016 20:53:33]
C:\AdwCleaner\AdwCleaner[S1].txt - [3583 Bytes] - [02/06/2016 20:51:43]

########## EOF - C:\AdwCleaner\AdwCleaner[C1].txt - [3820 Bytes] ##########
         

Alt 02.06.2016, 20:23   #9
markusg
/// Malware-holic
 
Verdacht auf Keylogger o.ä. - Vorgang? - Standard

Verdacht auf Keylogger o.ä. - Vorgang?



1. starte neu, lade hitmanpro 64 bit: Downloads - SurfRight 2 programm starten, auf einstellungen gehen, im ersten fenster alles anhaken, also unbekannte dateien hochladen, komprimieren etc. bei standardaktion ignorieren. dann auf lizenz und die testlizenz aktivieren, ohne newsletter. auf scan, beim hochfahren, methode, standard, rest bleibt. dann neustarten, der scan sollte anlaufen. du löschst bitte noch nichts, gehst auf weiter speicherst das log und kopierst es hier rein,danke
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 02.06.2016, 21:01   #10
Mors
 
Verdacht auf Keylogger o.ä. - Vorgang? - Standard

Verdacht auf Keylogger o.ä. - Vorgang?



Erledigt, hier der Log:

Code:
ATTFilter
HitmanPro 3.7.14.265
www.hitmanpro.com

   Computer name . . . . : MORS-PC
   Windows . . . . . . . : 10.0.0.10586.X64/4
   User name . . . . . . : Mors-PC\Mors
   UAC . . . . . . . . . : Enabled
   License . . . . . . . : Trial (30 days left)

   Scan date . . . . . . : 2016-06-02 21:48:07
   Scan mode . . . . . . : Normal
   Scan duration . . . . : 4m 56s
   Disk access mode  . . : Direct disk access (SRB)
   Cloud . . . . . . . . : Internet
   Reboot  . . . . . . . : No

   Threats . . . . . . . : 1
   Traces  . . . . . . . : 255

   Objects scanned . . . : 2.032.707
   Files scanned . . . . : 77.580
   Remnants scanned  . . : 509.722 files / 1.445.405 keys

Malware _____________________________________________________________________

   C:\WINDOWS\system32\mseuncern64.dll -> Quarantined
      Size . . . . . . . : 118.784 bytes
      Age  . . . . . . . : 0.9 days (2016-06-02 01:01:31)
      Entropy  . . . . . : 5.8
      SHA-256  . . . . . : 20E6F803AC621B1940A87EA4E6C87258AFC763AFBFA485FFE4B508AC53E387BA
    > Kaspersky  . . . . : not-a-virus:HEUR:Monitor.Win32.BeyondKeyLogger.heur
      Fuzzy  . . . . . . : 110.0
      Forensic Cluster
         -18.8s C:\Windows\Prefetch\KEYSETUP.TMP-8C925EAA.pf
         -17.4s C:\Windows\Prefetch\KEYSETUP.TMP-0C0E7938.pf
          0.0s C:\Windows\System32\mseuncern64.dll
          0.1s C:\Windows\SysWOW64\IJL_11.DLL
          0.1s C:\Windows\SysWOW64\MSCOMCTL.OCX
          0.1s C:\Windows\SysWOW64\MSSTDFMT.DLL
          0.2s C:\Windows\SysWOW64\RICHTX32.OCX
          0.3s C:\Windows\SysWOW64\MSWINSCK.OCX
          1.2s C:\Users\Mors\AppData\Roaming\IObit\IObit Uninstaller\UMLog\2016-06-02.log
          5.2s C:\ProgramData\TEMP\
          6.7s C:\Windows\SysWOW64\mswlnpore.dll
         12.6s C:\Windows\Prefetch\ZNPFZR.EXE-AA9FDB09.pf


Suspicious files ____________________________________________________________

   C:\Users\Mors\Desktop\FRST64.exe
      Size . . . . . . . : 2.383.872 bytes
      Age  . . . . . . . : 0.1 days (2016-06-02 19:01:00)
      Entropy  . . . . . : 7.6
      SHA-256  . . . . . : 68D3444DC8EED7750F78DB574D0714A4811794E9A57AE09D259711ED79A431EA
      Needs elevation  . : Yes
      Fuzzy  . . . . . . : 24.0
         Program has no publisher information but prompts the user for permission elevation.
         Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
         Authors name is missing in version info. This is not common to most programs.
         Version control is missing. This file is probably created by an individual. This is not typical for most programs.
         Time indicates that the file appeared recently on this computer.


Potential Unwanted Programs _________________________________________________

   mystartsearch
   C:\Users\Mors\AppData\Local\Google\Chrome\User Data\Default\Web Data

   mystartsearch.com
   C:\Users\Mors\AppData\Local\Google\Chrome\User Data\Default\Web Data


Cookies _____________________________________________________________________

   C:\Users\Mors\AppData\Local\Google\Chrome\User Data\Default\Cookies:2o7.net
   C:\Users\Mors\AppData\Local\Google\Chrome\User Data\Default\Cookies:abmr.net
   C:\Users\Mors\AppData\Local\Google\Chrome\User Data\Default\Cookies:acuityplatform.com
   C:\Users\Mors\AppData\Local\Google\Chrome\User Data\Default\Cookies:ad-emea.doubleclick.net
   C:\Users\Mors\AppData\Local\Google\Chrome\User Data\Default\Cookies:ad.360yield.com
   C:\Users\Mors\AppData\Local\Google\Chrome\User Data\Default\Cookies:ad.ad-srv.net
   C:\Users\Mors\AppData\Local\Google\Chrome\User Data\Default\Cookies:ad.dyntracker.com
   C:\Users\Mors\AppData\Local\Google\Chrome\User Data\Default\Cookies:ad.ics-int.com
   C:\Users\Mors\AppData\Local\Google\Chrome\User Data\Default\Cookies:ad.thoughtsondance.info
   C:\Users\Mors\AppData\Local\Google\Chrome\User Data\Default\Cookies:ad.turn.com
   C:\Users\Mors\AppData\Local\Google\Chrome\User Data\Default\Cookies:ad.vkoad.com
   C:\Users\Mors\AppData\Local\Google\Chrome\User Data\Default\Cookies:ad.zanox.com
   C:\Users\Mors\AppData\Local\Google\Chrome\User Data\Default\Cookies:ad1.adfarm1.adition.com
   C:\Users\Mors\AppData\Local\Google\Chrome\User Data\Default\Cookies:ad2.adfarm1.adition.com
   C:\Users\Mors\AppData\Local\Google\Chrome\User Data\Default\Cookies:ad3.adfarm1.adition.com
   C:\Users\Mors\AppData\Local\Google\Chrome\User Data\Default\Cookies:ad9.adfarm1.adition.com
   C:\Users\Mors\AppData\Local\Google\Chrome\User Data\Default\Cookies:adadvisor.net
   C:\Users\Mors\AppData\Local\Google\Chrome\User Data\Default\Cookies:adaptv.advertising.com
   C:\Users\Mors\AppData\Local\Google\Chrome\User Data\Default\Cookies:adbrn.com
   C:\Users\Mors\AppData\Local\Google\Chrome\User Data\Default\Cookies:adfarm1.adition.com
   C:\Users\Mors\AppData\Local\Google\Chrome\User Data\Default\Cookies:adform.net
   C:\Users\Mors\AppData\Local\Google\Chrome\User Data\Default\Cookies:adgrx.com
   C:\Users\Mors\AppData\Local\Google\Chrome\User Data\Default\Cookies:adhigh.net
   C:\Users\Mors\AppData\Local\Google\Chrome\User Data\Default\Cookies:admized.com
   C:\Users\Mors\AppData\Local\Google\Chrome\User Data\Default\Cookies:adnxs.com
   C:\Users\Mors\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.betweendigital.com
   C:\Users\Mors\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.chargeads.com
   C:\Users\Mors\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.converge-digital.com
   C:\Users\Mors\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.creative-serving.com
   C:\Users\Mors\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.deliverimp.com
   C:\Users\Mors\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.kiosked.com
   C:\Users\Mors\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.programattik.com
   C:\Users\Mors\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.quartermedia.de
   C:\Users\Mors\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.smartstream.tv
   C:\Users\Mors\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.stickyadstv.com
   C:\Users\Mors\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.thehiveworks.com
   C:\Users\Mors\AppData\Local\Google\Chrome\User Data\Default\Cookies:adsby.bidtheatre.com
   C:\Users\Mors\AppData\Local\Google\Chrome\User Data\Default\Cookies:adscale.de
   C:\Users\Mors\AppData\Local\Google\Chrome\User Data\Default\Cookies:adscience.nl
   C:\Users\Mors\AppData\Local\Google\Chrome\User Data\Default\Cookies:adserver.admeen.com
   C:\Users\Mors\AppData\Local\Google\Chrome\User Data\Default\Cookies:adserver.doccheck.com
   C:\Users\Mors\AppData\Local\Google\Chrome\User Data\Default\Cookies:adserving.ancoraplatform.com
   C:\Users\Mors\AppData\Local\Google\Chrome\User Data\Default\Cookies:adservingfactory.com
   C:\Users\Mors\AppData\Local\Google\Chrome\User Data\Default\Cookies:adsrvr.org
   C:\Users\Mors\AppData\Local\Google\Chrome\User Data\Default\Cookies:adsymptotic.com
   C:\Users\Mors\AppData\Local\Google\Chrome\User Data\Default\Cookies:adtech.de
   C:\Users\Mors\AppData\Local\Google\Chrome\User Data\Default\Cookies:adtechjp.com
   C:\Users\Mors\AppData\Local\Google\Chrome\User Data\Default\Cookies:adtechus.com
   C:\Users\Mors\AppData\Local\Google\Chrome\User Data\Default\Cookies:advertising.com
   C:\Users\Mors\AppData\Local\Google\Chrome\User Data\Default\Cookies:advertur.ru
   C:\Users\Mors\AppData\Local\Google\Chrome\User Data\Default\Cookies:adzerk.net
   C:\Users\Mors\AppData\Local\Google\Chrome\User Data\Default\Cookies:agkn.com
   C:\Users\Mors\AppData\Local\Google\Chrome\User Data\Default\Cookies:angsrvr.com
   C:\Users\Mors\AppData\Local\Google\Chrome\User Data\Default\Cookies:at.atwola.com
   C:\Users\Mors\AppData\Local\Google\Chrome\User Data\Default\Cookies:atdmt.com
   C:\Users\Mors\AppData\Local\Google\Chrome\User Data\Default\Cookies:atemda.com
   C:\Users\Mors\AppData\Local\Google\Chrome\User Data\Default\Cookies:atwola.com
   C:\Users\Mors\AppData\Local\Google\Chrome\User Data\Default\Cookies:audienceiq.com
   C:\Users\Mors\AppData\Local\Google\Chrome\User Data\Default\Cookies:basebanner.com
   C:\Users\Mors\AppData\Local\Google\Chrome\User Data\Default\Cookies:bidr.io
   C:\Users\Mors\AppData\Local\Google\Chrome\User Data\Default\Cookies:bidswitch.net
   C:\Users\Mors\AppData\Local\Google\Chrome\User Data\Default\Cookies:bluekai.com
   C:\Users\Mors\AppData\Local\Google\Chrome\User Data\Default\Cookies:bs.serving-sys.com
   C:\Users\Mors\AppData\Local\Google\Chrome\User Data\Default\Cookies:casalemedia.com
   C:\Users\Mors\AppData\Local\Google\Chrome\User Data\Default\Cookies:cdn.at.atwola.com
   C:\Users\Mors\AppData\Local\Google\Chrome\User Data\Default\Cookies:cdn.taboola.com
   C:\Users\Mors\AppData\Local\Google\Chrome\User Data\Default\Cookies:chango.com
   C:\Users\Mors\AppData\Local\Google\Chrome\User Data\Default\Cookies:collective-media.net
   C:\Users\Mors\AppData\Local\Google\Chrome\User Data\Default\Cookies:contextweb.com
   C:\Users\Mors\AppData\Local\Google\Chrome\User Data\Default\Cookies:crwdcntrl.net
   C:\Users\Mors\AppData\Local\Google\Chrome\User Data\Default\Cookies:ctnsnet.com
   C:\Users\Mors\AppData\Local\Google\Chrome\User Data\Default\Cookies:d.turn.com
   C:\Users\Mors\AppData\Local\Google\Chrome\User Data\Default\Cookies:de.sitestat.com
   C:\Users\Mors\AppData\Local\Google\Chrome\User Data\Default\Cookies:de17a.com
   C:\Users\Mors\AppData\Local\Google\Chrome\User Data\Default\Cookies:delivery.b.switchadhub.com
   C:\Users\Mors\AppData\Local\Google\Chrome\User Data\Default\Cookies:delivery.d.switchadhub.com
   C:\Users\Mors\AppData\Local\Google\Chrome\User Data\Default\Cookies:demdex.net
   C:\Users\Mors\AppData\Local\Google\Chrome\User Data\Default\Cookies:dmtry.com
   C:\Users\Mors\AppData\Local\Google\Chrome\User Data\Default\Cookies:dotomi.com
   C:\Users\Mors\AppData\Local\Google\Chrome\User Data\Default\Cookies:doubleclick.net
   C:\Users\Mors\AppData\Local\Google\Chrome\User Data\Default\Cookies:dpclk.com
   C:\Users\Mors\AppData\Local\Google\Chrome\User Data\Default\Cookies:dpm.demdex.net
   C:\Users\Mors\AppData\Local\Google\Chrome\User Data\Default\Cookies:dumontnet.d3.sc.omtrdc.net
   C:\Users\Mors\AppData\Local\Google\Chrome\User Data\Default\Cookies:eas4.emediate.eu
   C:\Users\Mors\AppData\Local\Google\Chrome\User Data\Default\Cookies:erne.co
   C:\Users\Mors\AppData\Local\Google\Chrome\User Data\Default\Cookies:ero-advertising.com
   C:\Users\Mors\AppData\Local\Google\Chrome\User Data\Default\Cookies:everesttech.net
   C:\Users\Mors\AppData\Local\Google\Chrome\User Data\Default\Cookies:eyeviewads.com
   C:\Users\Mors\AppData\Local\Google\Chrome\User Data\Default\Cookies:fastclick.net
   C:\Users\Mors\AppData\Local\Google\Chrome\User Data\Default\Cookies:flashtalking.com
   C:\Users\Mors\AppData\Local\Google\Chrome\User Data\Default\Cookies:go.sonobi.com
   C:\Users\Mors\AppData\Local\Google\Chrome\User Data\Default\Cookies:googleadservices.com
   C:\Users\Mors\AppData\Local\Google\Chrome\User Data\Default\Cookies:gssprt.jp
   C:\Users\Mors\AppData\Local\Google\Chrome\User Data\Default\Cookies:gwallet.com
   C:\Users\Mors\AppData\Local\Google\Chrome\User Data\Default\Cookies:ibillboard.com
   C:\Users\Mors\AppData\Local\Google\Chrome\User Data\Default\Cookies:ih.adscale.de
   C:\Users\Mors\AppData\Local\Google\Chrome\User Data\Default\Cookies:imrworldwide.com
   C:\Users\Mors\AppData\Local\Google\Chrome\User Data\Default\Cookies:krxd.net
   C:\Users\Mors\AppData\Local\Google\Chrome\User Data\Default\Cookies:lijit.com
   C:\Users\Mors\AppData\Local\Google\Chrome\User Data\Default\Cookies:liverail.com
   C:\Users\Mors\AppData\Local\Google\Chrome\User Data\Default\Cookies:m6r.eu
   C:\Users\Mors\AppData\Local\Google\Chrome\User Data\Default\Cookies:match.rundsp.com
   C:\Users\Mors\AppData\Local\Google\Chrome\User Data\Default\Cookies:mathtag.com
   C:\Users\Mors\AppData\Local\Google\Chrome\User Data\Default\Cookies:mcdonald.d3.sc.omtrdc.net
   C:\Users\Mors\AppData\Local\Google\Chrome\User Data\Default\Cookies:mediaplex.com
   C:\Users\Mors\AppData\Local\Google\Chrome\User Data\Default\Cookies:metrigo.com
   C:\Users\Mors\AppData\Local\Google\Chrome\User Data\Default\Cookies:mmstat.com
   C:\Users\Mors\AppData\Local\Google\Chrome\User Data\Default\Cookies:mookie1.com
   C:\Users\Mors\AppData\Local\Google\Chrome\User Data\Default\Cookies:mxptint.net
   C:\Users\Mors\AppData\Local\Google\Chrome\User Data\Default\Cookies:nexac.com
   C:\Users\Mors\AppData\Local\Google\Chrome\User Data\Default\Cookies:openx.net
   C:\Users\Mors\AppData\Local\Google\Chrome\User Data\Default\Cookies:optimatic.com
   C:\Users\Mors\AppData\Local\Google\Chrome\User Data\Default\Cookies:outbrain.com
   C:\Users\Mors\AppData\Local\Google\Chrome\User Data\Default\Cookies:owneriq.net
   C:\Users\Mors\AppData\Local\Google\Chrome\User Data\Default\Cookies:ox-d.ebayde.servedbyopenx.com
   C:\Users\Mors\AppData\Local\Google\Chrome\User Data\Default\Cookies:ox-d.spartz.servedbyopenx.com
   C:\Users\Mors\AppData\Local\Google\Chrome\User Data\Default\Cookies:paypal.d1.sc.omtrdc.net
   C:\Users\Mors\AppData\Local\Google\Chrome\User Data\Default\Cookies:pixel.rubiconproject.com
   C:\Users\Mors\AppData\Local\Google\Chrome\User Data\Default\Cookies:pixel.sitescout.com
   C:\Users\Mors\AppData\Local\Google\Chrome\User Data\Default\Cookies:pubmatic.com
   C:\Users\Mors\AppData\Local\Google\Chrome\User Data\Default\Cookies:r.turn.com
   C:\Users\Mors\AppData\Local\Google\Chrome\User Data\Default\Cookies:revsci.net
   C:\Users\Mors\AppData\Local\Google\Chrome\User Data\Default\Cookies:rfihub.com
   C:\Users\Mors\AppData\Local\Google\Chrome\User Data\Default\Cookies:rhythmxchange.com
   C:\Users\Mors\AppData\Local\Google\Chrome\User Data\Default\Cookies:rlcdn.com
   C:\Users\Mors\AppData\Local\Google\Chrome\User Data\Default\Cookies:rodale.d1.sc.omtrdc.net
   C:\Users\Mors\AppData\Local\Google\Chrome\User Data\Default\Cookies:rtbidder.net
   C:\Users\Mors\AppData\Local\Google\Chrome\User Data\Default\Cookies:rubiconproject.com
   C:\Users\Mors\AppData\Local\Google\Chrome\User Data\Default\Cookies:rvty.net
   C:\Users\Mors\AppData\Local\Google\Chrome\User Data\Default\Cookies:sandbox.bidswitch.net
   C:\Users\Mors\AppData\Local\Google\Chrome\User Data\Default\Cookies:scorecardresearch.com
   C:\Users\Mors\AppData\Local\Google\Chrome\User Data\Default\Cookies:serving-sys.com
   C:\Users\Mors\AppData\Local\Google\Chrome\User Data\Default\Cookies:simpli.fi
   C:\Users\Mors\AppData\Local\Google\Chrome\User Data\Default\Cookies:sitescout.com
   C:\Users\Mors\AppData\Local\Google\Chrome\User Data\Default\Cookies:skimresources.com
   C:\Users\Mors\AppData\Local\Google\Chrome\User Data\Default\Cookies:smartadserver.com
   C:\Users\Mors\AppData\Local\Google\Chrome\User Data\Default\Cookies:statcounter.com
   C:\Users\Mors\AppData\Local\Google\Chrome\User Data\Default\Cookies:stats.computecmedia.de
   C:\Users\Mors\AppData\Local\Google\Chrome\User Data\Default\Cookies:stats.paypal.com
   C:\Users\Mors\AppData\Local\Google\Chrome\User Data\Default\Cookies:survey.g.doubleclick.net
   C:\Users\Mors\AppData\Local\Google\Chrome\User Data\Default\Cookies:swid.switchads.com
   C:\Users\Mors\AppData\Local\Google\Chrome\User Data\Default\Cookies:sxp.smartclip.net
   C:\Users\Mors\AppData\Local\Google\Chrome\User Data\Default\Cookies:taboola.com
   C:\Users\Mors\AppData\Local\Google\Chrome\User Data\Default\Cookies:tap-t.rubiconproject.com
   C:\Users\Mors\AppData\Local\Google\Chrome\User Data\Default\Cookies:tap.rubiconproject.com
   C:\Users\Mors\AppData\Local\Google\Chrome\User Data\Default\Cookies:tap2-cdn.rubiconproject.com
   C:\Users\Mors\AppData\Local\Google\Chrome\User Data\Default\Cookies:tapad.com
   C:\Users\Mors\AppData\Local\Google\Chrome\User Data\Default\Cookies:tidaltv.com
   C:\Users\Mors\AppData\Local\Google\Chrome\User Data\Default\Cookies:track.adform.net
   C:\Users\Mors\AppData\Local\Google\Chrome\User Data\Default\Cookies:track.wt-eu02.net
   C:\Users\Mors\AppData\Local\Google\Chrome\User Data\Default\Cookies:track.zalando.de
   C:\Users\Mors\AppData\Local\Google\Chrome\User Data\Default\Cookies:tradedoubler.com
   C:\Users\Mors\AppData\Local\Google\Chrome\User Data\Default\Cookies:trc.taboola.com
   C:\Users\Mors\AppData\Local\Google\Chrome\User Data\Default\Cookies:tremorhub.com
   C:\Users\Mors\AppData\Local\Google\Chrome\User Data\Default\Cookies:tribalfusion.com
   C:\Users\Mors\AppData\Local\Google\Chrome\User Data\Default\Cookies:tubemogul.com
   C:\Users\Mors\AppData\Local\Google\Chrome\User Data\Default\Cookies:turn.com
   C:\Users\Mors\AppData\Local\Google\Chrome\User Data\Default\Cookies:video.adaptv.advertising.com
   C:\Users\Mors\AppData\Local\Google\Chrome\User Data\Default\Cookies:vindicosuite.com
   C:\Users\Mors\AppData\Local\Google\Chrome\User Data\Default\Cookies:w55c.net
   C:\Users\Mors\AppData\Local\Google\Chrome\User Data\Default\Cookies:wtp101.com
   C:\Users\Mors\AppData\Local\Google\Chrome\User Data\Default\Cookies:ww251.smartadserver.com
   C:\Users\Mors\AppData\Local\Google\Chrome\User Data\Default\Cookies:www.googleadservices.com
   C:\Users\Mors\AppData\Local\Google\Chrome\User Data\Default\Cookies:www3.smartadserver.com
   C:\Users\Mors\AppData\Local\Google\Chrome\User Data\Default\Cookies:yieldlab.net
   C:\Users\Mors\AppData\Local\Microsoft\Windows\INetCookies\10XIDCXJ.txt
   C:\Users\Mors\AppData\Local\Microsoft\Windows\INetCookies\1S3JPOA5.txt
   C:\Users\Mors\AppData\Local\Microsoft\Windows\INetCookies\25ZV851N.txt
   C:\Users\Mors\AppData\Local\Microsoft\Windows\INetCookies\3NFSDCDN.txt
   C:\Users\Mors\AppData\Local\Microsoft\Windows\INetCookies\7Q5XV681.txt
   C:\Users\Mors\AppData\Local\Microsoft\Windows\INetCookies\88TXW2QS.txt
   C:\Users\Mors\AppData\Local\Microsoft\Windows\INetCookies\8M4CNH8Q.txt
   C:\Users\Mors\AppData\Local\Microsoft\Windows\INetCookies\9P5FPJ5V.txt
   C:\Users\Mors\AppData\Local\Microsoft\Windows\INetCookies\BZSXQE2Z.txt
   C:\Users\Mors\AppData\Local\Microsoft\Windows\INetCookies\CWLRP06J.txt
   C:\Users\Mors\AppData\Local\Microsoft\Windows\INetCookies\DY1L1QW1.txt
   C:\Users\Mors\AppData\Local\Microsoft\Windows\INetCookies\GR2FL8SQ.txt
   C:\Users\Mors\AppData\Local\Microsoft\Windows\INetCookies\H8FS3IV5.txt
   C:\Users\Mors\AppData\Local\Microsoft\Windows\INetCookies\KVP8LZPK.txt
   C:\Users\Mors\AppData\Local\Microsoft\Windows\INetCookies\Low\6O24HP5S.txt
   C:\Users\Mors\AppData\Local\Microsoft\Windows\INetCookies\Low\noel@137852403.log.optimizely[1].txt
   C:\Users\Mors\AppData\Local\Microsoft\Windows\INetCookies\Low\noel@adnxs[1].txt
   C:\Users\Mors\AppData\Local\Microsoft\Windows\INetCookies\Low\noel@bs.serving-sys[1].txt
   C:\Users\Mors\AppData\Local\Microsoft\Windows\INetCookies\Low\noel@doubleclick[2].txt
   C:\Users\Mors\AppData\Local\Microsoft\Windows\INetCookies\Low\noel@outbrain[2].txt
   C:\Users\Mors\AppData\Local\Microsoft\Windows\INetCookies\Low\noel@scorecardresearch[2].txt
   C:\Users\Mors\AppData\Local\Microsoft\Windows\INetCookies\Low\noel@serving-sys[2].txt
   C:\Users\Mors\AppData\Local\Microsoft\Windows\INetCookies\N50YSXES.txt
   C:\Users\Mors\AppData\Local\Microsoft\Windows\INetCookies\NLH4LAV0.txt
   C:\Users\Mors\AppData\Local\Microsoft\Windows\INetCookies\noel@atdmt[1].txt
   C:\Users\Mors\AppData\Local\Microsoft\Windows\INetCookies\noel@bidswitch[2].txt
   C:\Users\Mors\AppData\Local\Microsoft\Windows\INetCookies\noel@d.adroll[1].txt
   C:\Users\Mors\AppData\Local\Microsoft\Windows\INetCookies\noel@doubleclick[2].txt
   C:\Users\Mors\AppData\Local\Microsoft\Windows\INetCookies\noel@openx[1].txt
   C:\Users\Mors\AppData\Local\Microsoft\Windows\INetCookies\noel@pixel.rubiconproject[1].txt
   C:\Users\Mors\AppData\Local\Microsoft\Windows\INetCookies\noel@pubmatic[1].txt
   C:\Users\Mors\AppData\Local\Microsoft\Windows\INetCookies\noel@rlcdn[2].txt
   C:\Users\Mors\AppData\Local\Microsoft\Windows\INetCookies\noel@rubiconproject[1].txt
   C:\Users\Mors\AppData\Local\Microsoft\Windows\INetCookies\OBGWFB5I.txt
   C:\Users\Mors\AppData\Local\Microsoft\Windows\INetCookies\OO25QJCJ.txt
   C:\Users\Mors\AppData\Local\Microsoft\Windows\INetCookies\OO8BA2WT.txt
   C:\Users\Mors\AppData\Local\Microsoft\Windows\INetCookies\P27W2NRY.txt
   C:\Users\Mors\AppData\Local\Microsoft\Windows\INetCookies\RJUFDS0S.txt
   C:\Users\Mors\AppData\Local\Microsoft\Windows\INetCookies\RM1A8VQJ.txt
   C:\Users\Mors\AppData\Local\Microsoft\Windows\INetCookies\SYFJGAUZ.txt
   C:\Users\Mors\AppData\Local\Microsoft\Windows\INetCookies\SZFSM327.txt
   C:\Users\Mors\AppData\Local\Microsoft\Windows\INetCookies\TVS3TX0A.txt
   C:\Users\Mors\AppData\Local\Microsoft\Windows\INetCookies\TZQR8U6M.txt
   C:\Users\Mors\AppData\Local\Microsoft\Windows\INetCookies\VJBH25C6.txt
   C:\Users\Mors\AppData\Local\Microsoft\Windows\INetCookies\X6AMV82R.txt
   C:\Users\Mors\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\0Z6X6DPC.txt
   C:\Users\Mors\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\C5XVKSZV.txt
   C:\Users\Mors\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\HVYXCIXK.txt
   C:\Users\Mors\AppData\Roaming\Mozilla\Firefox\Profiles\wcG1AlNQ.default\cookies.sqlite:aamtest.demdex.net
   C:\Users\Mors\AppData\Roaming\Mozilla\Firefox\Profiles\wcG1AlNQ.default\cookies.sqlite:ad.ad-srv.net
   C:\Users\Mors\AppData\Roaming\Mozilla\Firefox\Profiles\wcG1AlNQ.default\cookies.sqlite:ad.zanox.com
   C:\Users\Mors\AppData\Roaming\Mozilla\Firefox\Profiles\wcG1AlNQ.default\cookies.sqlite:addthis.com
   C:\Users\Mors\AppData\Roaming\Mozilla\Firefox\Profiles\wcG1AlNQ.default\cookies.sqlite:adnxs.com
   C:\Users\Mors\AppData\Roaming\Mozilla\Firefox\Profiles\wcG1AlNQ.default\cookies.sqlite:adscale.de
   C:\Users\Mors\AppData\Roaming\Mozilla\Firefox\Profiles\wcG1AlNQ.default\cookies.sqlite:adsymptotic.com
   C:\Users\Mors\AppData\Roaming\Mozilla\Firefox\Profiles\wcG1AlNQ.default\cookies.sqlite:advertising.com
   C:\Users\Mors\AppData\Roaming\Mozilla\Firefox\Profiles\wcG1AlNQ.default\cookies.sqlite:at.atwola.com
   C:\Users\Mors\AppData\Roaming\Mozilla\Firefox\Profiles\wcG1AlNQ.default\cookies.sqlite:casalemedia.com
   C:\Users\Mors\AppData\Roaming\Mozilla\Firefox\Profiles\wcG1AlNQ.default\cookies.sqlite:de17a.com
   C:\Users\Mors\AppData\Roaming\Mozilla\Firefox\Profiles\wcG1AlNQ.default\cookies.sqlite:demdex.net
   C:\Users\Mors\AppData\Roaming\Mozilla\Firefox\Profiles\wcG1AlNQ.default\cookies.sqlite:doubleclick.net
   C:\Users\Mors\AppData\Roaming\Mozilla\Firefox\Profiles\wcG1AlNQ.default\cookies.sqlite:dpm.demdex.net
   C:\Users\Mors\AppData\Roaming\Mozilla\Firefox\Profiles\wcG1AlNQ.default\cookies.sqlite:everesttech.net
   C:\Users\Mors\AppData\Roaming\Mozilla\Firefox\Profiles\wcG1AlNQ.default\cookies.sqlite:gwallet.com
   C:\Users\Mors\AppData\Roaming\Mozilla\Firefox\Profiles\wcG1AlNQ.default\cookies.sqlite:ih.adscale.de
   C:\Users\Mors\AppData\Roaming\Mozilla\Firefox\Profiles\wcG1AlNQ.default\cookies.sqlite:m6r.eu
   C:\Users\Mors\AppData\Roaming\Mozilla\Firefox\Profiles\wcG1AlNQ.default\cookies.sqlite:mathtag.com
   C:\Users\Mors\AppData\Roaming\Mozilla\Firefox\Profiles\wcG1AlNQ.default\cookies.sqlite:metrigo.com
   C:\Users\Mors\AppData\Roaming\Mozilla\Firefox\Profiles\wcG1AlNQ.default\cookies.sqlite:mookie1.com
   C:\Users\Mors\AppData\Roaming\Mozilla\Firefox\Profiles\wcG1AlNQ.default\cookies.sqlite:nexac.com
   C:\Users\Mors\AppData\Roaming\Mozilla\Firefox\Profiles\wcG1AlNQ.default\cookies.sqlite:openx.net
   C:\Users\Mors\AppData\Roaming\Mozilla\Firefox\Profiles\wcG1AlNQ.default\cookies.sqlite:pixel.rubiconproject.com
   C:\Users\Mors\AppData\Roaming\Mozilla\Firefox\Profiles\wcG1AlNQ.default\cookies.sqlite:pubmatic.com
   C:\Users\Mors\AppData\Roaming\Mozilla\Firefox\Profiles\wcG1AlNQ.default\cookies.sqlite:rfihub.com
   C:\Users\Mors\AppData\Roaming\Mozilla\Firefox\Profiles\wcG1AlNQ.default\cookies.sqlite:rlcdn.com
   C:\Users\Mors\AppData\Roaming\Mozilla\Firefox\Profiles\wcG1AlNQ.default\cookies.sqlite:rubiconproject.com
   C:\Users\Mors\AppData\Roaming\Mozilla\Firefox\Profiles\wcG1AlNQ.default\cookies.sqlite:rvty.net
   C:\Users\Mors\AppData\Roaming\Mozilla\Firefox\Profiles\wcG1AlNQ.default\cookies.sqlite:scorecardresearch.com
   C:\Users\Mors\AppData\Roaming\Mozilla\Firefox\Profiles\wcG1AlNQ.default\cookies.sqlite:server.cpmstar.com
   C:\Users\Mors\AppData\Roaming\Mozilla\Firefox\Profiles\wcG1AlNQ.default\cookies.sqlite:simpli.fi
   C:\Users\Mors\AppData\Roaming\Mozilla\Firefox\Profiles\wcG1AlNQ.default\cookies.sqlite:sitescout.com
   C:\Users\Mors\AppData\Roaming\Mozilla\Firefox\Profiles\wcG1AlNQ.default\cookies.sqlite:tapad.com
   C:\Users\Mors\AppData\Roaming\Mozilla\Firefox\Profiles\wcG1AlNQ.default\cookies.sqlite:tradedoubler.com
   C:\Users\Mors\AppData\Roaming\Mozilla\Firefox\Profiles\wcG1AlNQ.default\cookies.sqlite:tribalfusion.com
   C:\Users\Mors\AppData\Roaming\Mozilla\Firefox\Profiles\wcG1AlNQ.default\cookies.sqlite:turn.com
   C:\Users\Mors\AppData\Roaming\Mozilla\Firefox\Profiles\wcG1AlNQ.default\cookies.sqlite:w55c.net
         

Alt 02.06.2016, 21:21   #11
markusg
/// Malware-holic
 
Verdacht auf Keylogger o.ä. - Vorgang? - Standard

Verdacht auf Keylogger o.ä. - Vorgang?



Hi, öffne hitmanpro, Einstellungen scan, geplanter scan, beim hochfahren standardscan, öffne während des scans keine programme, wenn fertig poste das neue log bitte.
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 02.06.2016, 21:39   #12
Mors
 
Verdacht auf Keylogger o.ä. - Vorgang? - Standard

Verdacht auf Keylogger o.ä. - Vorgang?



Lediglich Skype hat sich beim Hochfahren automatisch geöffnet... sollte ich das vorher aus dem Startup nehmen?

Code:
ATTFilter
HitmanPro 3.7.14.265
www.hitmanpro.com

   Computer name . . . . : MORS-PC
   Windows . . . . . . . : 10.0.0.10586.X64/4
   User name . . . . . . : Mors-PC\Mors
   UAC . . . . . . . . . : Enabled
   License . . . . . . . : Trial (30 days left)

   Scan date . . . . . . : 2016-06-02 22:32:04
   Scan mode . . . . . . : Normal
   Scan duration . . . . : 4m 5s
   Disk access mode  . . : Direct disk access (SRB)
   Cloud . . . . . . . . : Internet
   Reboot  . . . . . . . : No

   Threats . . . . . . . : 0
   Traces  . . . . . . . : 42

   Objects scanned . . . : 2.033.165
   Files scanned . . . . : 77.654
   Remnants scanned  . . : 509.969 files / 1.445.542 keys

Suspicious files ____________________________________________________________

   C:\Users\Mors\Desktop\FRST64.exe
      Size . . . . . . . : 2.383.872 bytes
      Age  . . . . . . . : 0.1 days (2016-06-02 19:01:00)
      Entropy  . . . . . : 7.6
      SHA-256  . . . . . : 68D3444DC8EED7750F78DB574D0714A4811794E9A57AE09D259711ED79A431EA
      Needs elevation  . : Yes
      Fuzzy  . . . . . . : 24.0
         Program has no publisher information but prompts the user for permission elevation.
         Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
         Authors name is missing in version info. This is not common to most programs.
         Version control is missing. This file is probably created by an individual. This is not typical for most programs.
         Time indicates that the file appeared recently on this computer.


Potential Unwanted Programs _________________________________________________

   mystartsearch
   C:\Users\Mors\AppData\Local\Google\Chrome\User Data\Default\Web Data

   mystartsearch.com
   C:\Users\Mors\AppData\Local\Google\Chrome\User Data\Default\Web Data


Cookies _____________________________________________________________________

   C:\Users\Mors\AppData\Local\Google\Chrome\User Data\Default\Cookies:ad.360yield.com
   C:\Users\Mors\AppData\Local\Google\Chrome\User Data\Default\Cookies:ad.turn.com
   C:\Users\Mors\AppData\Local\Google\Chrome\User Data\Default\Cookies:adaptv.advertising.com
   C:\Users\Mors\AppData\Local\Google\Chrome\User Data\Default\Cookies:adfarm1.adition.com
   C:\Users\Mors\AppData\Local\Google\Chrome\User Data\Default\Cookies:adform.net
   C:\Users\Mors\AppData\Local\Google\Chrome\User Data\Default\Cookies:adformdsp.net
   C:\Users\Mors\AppData\Local\Google\Chrome\User Data\Default\Cookies:adnxs.com
   C:\Users\Mors\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.quartermedia.de
   C:\Users\Mors\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.stickyadstv.com
   C:\Users\Mors\AppData\Local\Google\Chrome\User Data\Default\Cookies:adscale.de
   C:\Users\Mors\AppData\Local\Google\Chrome\User Data\Default\Cookies:adsrvr.org
   C:\Users\Mors\AppData\Local\Google\Chrome\User Data\Default\Cookies:adtech.de
   C:\Users\Mors\AppData\Local\Google\Chrome\User Data\Default\Cookies:advertising.com
   C:\Users\Mors\AppData\Local\Google\Chrome\User Data\Default\Cookies:adx.adform.net
   C:\Users\Mors\AppData\Local\Google\Chrome\User Data\Default\Cookies:bidswitch.net
   C:\Users\Mors\AppData\Local\Google\Chrome\User Data\Default\Cookies:bluekai.com
   C:\Users\Mors\AppData\Local\Google\Chrome\User Data\Default\Cookies:casalemedia.com
   C:\Users\Mors\AppData\Local\Google\Chrome\User Data\Default\Cookies:chango.com
   C:\Users\Mors\AppData\Local\Google\Chrome\User Data\Default\Cookies:contextweb.com
   C:\Users\Mors\AppData\Local\Google\Chrome\User Data\Default\Cookies:doubleclick.net
   C:\Users\Mors\AppData\Local\Google\Chrome\User Data\Default\Cookies:gwallet.com
   C:\Users\Mors\AppData\Local\Google\Chrome\User Data\Default\Cookies:ih.adscale.de
   C:\Users\Mors\AppData\Local\Google\Chrome\User Data\Default\Cookies:lijit.com
   C:\Users\Mors\AppData\Local\Google\Chrome\User Data\Default\Cookies:liverail.com
   C:\Users\Mors\AppData\Local\Google\Chrome\User Data\Default\Cookies:mathtag.com
   C:\Users\Mors\AppData\Local\Google\Chrome\User Data\Default\Cookies:mookie1.com
   C:\Users\Mors\AppData\Local\Google\Chrome\User Data\Default\Cookies:nexac.com
   C:\Users\Mors\AppData\Local\Google\Chrome\User Data\Default\Cookies:openx.net
   C:\Users\Mors\AppData\Local\Google\Chrome\User Data\Default\Cookies:pixel.rubiconproject.com
   C:\Users\Mors\AppData\Local\Google\Chrome\User Data\Default\Cookies:pubmatic.com
   C:\Users\Mors\AppData\Local\Google\Chrome\User Data\Default\Cookies:rubiconproject.com
   C:\Users\Mors\AppData\Local\Google\Chrome\User Data\Default\Cookies:server.adformdsp.net
   C:\Users\Mors\AppData\Local\Google\Chrome\User Data\Default\Cookies:sitescout.com
   C:\Users\Mors\AppData\Local\Google\Chrome\User Data\Default\Cookies:smartadserver.com
   C:\Users\Mors\AppData\Local\Google\Chrome\User Data\Default\Cookies:sxp.smartclip.net
   C:\Users\Mors\AppData\Local\Google\Chrome\User Data\Default\Cookies:turn.com
   C:\Users\Mors\AppData\Local\Google\Chrome\User Data\Default\Cookies:w55c.net
   C:\Users\Mors\AppData\Local\Google\Chrome\User Data\Default\Cookies:ww251.smartadserver.com
   C:\Users\Mors\AppData\Local\Google\Chrome\User Data\Default\Cookies:yieldlab.net
         

Alt 02.06.2016, 21:45   #13
markusg
/// Malware-holic
 
Verdacht auf Keylogger o.ä. - Vorgang? - Standard

Verdacht auf Keylogger o.ä. - Vorgang?



Ok, falls du jetzt frst gelöscht haben Solltest, lade es erneut und Scanne wie oben geschrieben.
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 02.06.2016, 21:54   #14
Mors
 
Verdacht auf Keylogger o.ä. - Vorgang? - Standard

Verdacht auf Keylogger o.ä. - Vorgang?



Nee, FRST war noch da.

FRST.txt:

Code:
ATTFilter
Untersuchungsergebnis von Farbar Recovery Scan Tool (FRST) (x64) Version:01-06-2016
durchgeführt von Mors (Administrator) auf MORS-PC (02-06-2016 22:47:37)
Gestartet von C:\Users\Mors\Desktop
Geladene Profile: Mors (Verfügbare Profile: Mors)
Platform: Windows 10 Home Version 1511 (X64) Sprache: Deutsch (Deutschland)
Internet Explorer Version 11 (Standard-Browser: Chrome)
Start-Modus: Normal
Anleitung für Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Prozesse (Nicht auf der Ausnahmeliste) =================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Prozess geschlossen. Die Datei wird nicht verschoben.)

(IObit) C:\Program Files (x86)\IObit\Advanced SystemCare\ASCService.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(SurfRight B.V.) C:\Program Files\HitmanPro\hmpsched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avguard.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(IObit) C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe
(Digital Wave Ltd.) C:\Program Files (x86)\Common Files\DVDVideoSoft\lib\app_updater.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe
(Wondershare) C:\Program Files (x86)\Wondershare\WAF\2.1.6.0\WsAppService.exe
() C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkypeHost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avshadow.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
(IObit) C:\Program Files (x86)\IObit\Advanced SystemCare\Monitor.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe
(TalkHelper Team) C:\Program Files (x86)\TalkHelper Call Recorder for Skype\TalkHelper.exe
(Renesas Electronics Corporation) C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avgnt.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.Systray.exe
(Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
() C:\Program Files (x86)\Acronis\DriveMonitor\adm_tray.exe
(Logitech Inc.) C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe
() C:\Program Files (x86)\Logitech\LWS\Webcam Software\CameraHelperShell.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
(IObit) C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallMonitor.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.WindowsStore_11602.1.26.0_x64__8wekyb3d8bbwe\WinStore.Mobile.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.ZuneMusic_3.6.20961.0_x64__8wekyb3d8bbwe\Music.UI.exe
(Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Nicht auf der Ausnahmeliste) ===========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt. Die Datei wird nicht verschoben.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [8849152 2016-04-28] (Realtek Semiconductor)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2787264 2016-01-23] (NVIDIA Corporation)
HKLM\...\Run: [Acronis Scheduler2 Service] => C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe [462400 2011-02-12] (Acronis)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [176952 2016-05-11] (Apple Inc.)
HKLM-x32\...\Run: [NUSB3MON] => C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [113288 2010-11-17] (Renesas Electronics Corporation)
HKLM-x32\...\Run: [Avira SystrayStartTrigger] => C:\Program Files (x86)\Avira\Launcher\Avira.SystrayStartTrigger.exe [67840 2016-05-04] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\Antivirus\avgnt.exe [814608 2016-05-10] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [Dropbox] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [23745808 2016-05-07] (Dropbox, Inc.)
HKLM-x32\...\Run: [adm_tray.exe] => C:\Program Files (x86)\Acronis\DriveMonitor\adm_tray.exe [470120 2011-02-24] ()
HKLM-x32\...\Run: [Wondershare Helper Compact.exe] => C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
HKLM-x32\...\Run: [DelaypluginInstall] => C:\ProgramData\Wondershare\Video Converter Ultimate\DelayPluginI.exe [1971856 2016-03-21] ()
HKLM-x32\...\Run: [LWS] => C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe [204136 2012-09-13] (Logitech Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [595992 2016-05-20] (Oracle Corporation)
HKU\S-1-5-21-211363319-1696189197-2757610549-1000\...\Run: [Advanced SystemCare 9] => C:\Program Files (x86)\IObit\Advanced SystemCare\ASCTray.exe [2019616 2016-01-11] (IObit)
HKU\S-1-5-21-211363319-1696189197-2757610549-1000\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [3077712 2016-03-31] (Valve Corporation)
HKU\S-1-5-21-211363319-1696189197-2757610549-1000\...\Run: [TalkHelper] => C:\Program Files (x86)\TalkHelper Call Recorder for Skype\TalkHelper.exe [4619776 2016-05-02] (TalkHelper Team)
HKU\S-1-5-21-211363319-1696189197-2757610549-1000\...\Policies\Explorer: [NolowDiskSpaceChecks] 1
ShellIconOverlayIdentifiers: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.34.dll [2016-05-07] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.34.dll [2016-05-07] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.34.dll [2016-05-07] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.34.dll [2016-05-07] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.34.dll [2016-05-07] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.34.dll [2016-05-07] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.34.dll [2016-05-07] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.34.dll [2016-05-07] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.34.dll [2016-05-07] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.34.dll [2016-05-07] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.34.dll [2016-05-07] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.34.dll [2016-05-07] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.34.dll [2016-05-07] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.34.dll [2016-05-07] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.34.dll [2016-05-07] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.34.dll [2016-05-07] (Dropbox, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\cv act sc interface RegisterTool.lnk [2016-03-18]
ShortcutTarget: cv act sc interface RegisterTool.lnk -> C:\Program Files (x86)\cv cryptovision\cv act sc interface\RegisterTool.exe (cv cryptovision GmbH)

==================== Internet (Nicht auf der Ausnahmeliste) ====================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Eintrag entfernt oder auf den Standardwert zurückgesetzt, wenn es sich um einen Registryeintrag handelt.)

Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
Tcpip\..\Interfaces\{312ff9a3-939c-48dd-b62e-b5331522da71}: [DhcpNameServer] 192.168.2.1

Internet Explorer:
==================
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: ExplorerWnd Helper -> {10921475-03CE-4E04-90CE-E2E7EF20C814} -> C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallExplorer.dll [2015-11-12] (IObit)
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2016-05-01] (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_91\bin\ssv.dll [2016-06-02] (Oracle Corporation)
BHO: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\GROOVEEX.DLL [2016-05-01] (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_91\bin\jp2ssv.dll [2016-06-02] (Oracle Corporation)
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\Office16\OCHelper.dll [2016-05-01] (Microsoft Corporation)
BHO-x32: Wondershare Video Converter Ultimate 7.1.0 -> {451C804F-C205-4F03-B48E-537EC94937BF} -> C:\ProgramData\Wondershare\Video Converter Ultimate\WSBrowserAppMgr.dll [2016-03-21] (Wondershare)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\ssv.dll [2016-06-02] (Oracle Corporation)
BHO-x32: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\Office16\GROOVEEX.DLL [2016-05-01] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\jp2ssv.dll [2016-06-02] (Oracle Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-05-01] (Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-05-01] (Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-05-01] (Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-05-01] (Microsoft Corporation)
Handler: WSWSVCUchrome - {1CA93FF0-A218-44F1 -  Keine Datei

FireFox:
========
FF ProfilePath: C:\Users\Mors\AppData\Roaming\Mozilla\Firefox\Profiles\wcG1AlNQ.default
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_21_0_0_242.dll [2016-05-22] ()
FF Plugin: @java.com/DTPlugin,version=11.91.2 -> C:\Program Files\Java\jre1.8.0_91\bin\dtplugin\npDeployJava1.dll [2016-06-02] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.91.2 -> C:\Program Files\Java\jre1.8.0_91\bin\plugin2\npjp2.dll [2016-06-02] (Oracle Corporation)
FF Plugin: @videolan.org/vlc,version=2.2.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-16] (VideoLAN)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_21_0_0_242.dll [2016-05-22] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2015-12-18] ()
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2015-12-29] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2015-12-29] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xdp -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2015-12-29] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xfdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2015-12-29] (Foxit Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.91.2 -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\dtplugin\npDeployJava1.dll [2016-06-02] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.91.2 -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\plugin2\npjp2.dll [2016-06-02] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2016-05-01] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2016-05-01] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-10] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-10] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-12-18] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-211363319-1696189197-2757610549-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Mors\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2016-05-08] (Unity Technologies ApS)
FF user.js: detected! => C:\Users\Mors\AppData\Roaming\Mozilla\Firefox\Profiles\wcG1AlNQ.default\user.js [2016-06-02]
FF Extension: Avira Browser Safety - C:\Users\Mors\AppData\Roaming\Mozilla\Firefox\Profiles\wcG1AlNQ.default\Extensions\abs@avira.com [2016-05-22]
FF HKLM-x32\...\Firefox\Extensions: [WSVCU@Wondershare.com] - C:\ProgramData\Wondershare\Video Converter Ultimate\WSVCU@Wondershare.com_xpi
FF Extension: Wondershare Video Converter Ultimate - C:\ProgramData\Wondershare\Video Converter Ultimate\WSVCU@Wondershare.com_xpi [2016-03-31]
FF ExtraCheck: C:\Program Files\mozilla firefox\defaults\pref\itms.js [2016-04-27]

Chrome: 
=======
CHR HomePage: Default -> hxxp://www.mystartsearch.com/?type=hp&ts=1432935206&z=ed0a286dd3fc1274bc87d32g6zec7o0t2c8w5o6eez&from=cor&uid=SAMSUNGXHD103SJ_S246J1KZ318475
CHR StartupUrls: Default -> "hxxp://www.mystartsearch.com/?type=hp&ts=1432935206&z=ed0a286dd3fc1274bc87d32g6zec7o0t2c8w5o6eez&from=cor&uid=SAMSUNGXHD103SJ_S246J1KZ318475","hxxp://www.mystartsearch.com/?type=hp&ts=1433966823&z=b1b642dfdcc8f0a536b1419gbz0c5cat7qfq5b1o6o&from=cor&uid=WDCXWD20EZRX-00D8PB0_WD-WCC4N3EHCHULHCHUL"
CHR Session Restore: Default -> ist aktiviert.
CHR Profile: C:\Users\Mors\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (ProxFlow) - C:\Users\Mors\AppData\Local\Google\Chrome\User Data\Default\Extensions\aakchaleigkohafkfjfjbblobjifikek [2016-05-08]
CHR Extension: (Google Präsentationen) - C:\Users\Mors\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-02-04]
CHR Extension: (Google Docs) - C:\Users\Mors\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-02-04]
CHR Extension: (Google Drive) - C:\Users\Mors\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-02-04]
CHR Extension: (YouTube) - C:\Users\Mors\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-02-04]
CHR Extension: (Google-Suche) - C:\Users\Mors\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2016-02-04]
CHR Extension: (Who Deleted Me) - C:\Users\Mors\AppData\Local\Google\Chrome\User Data\Default\Extensions\eiepnnbjenknnjgabbodaihlnkkpkgll [2016-03-25]
CHR Extension: (Google Tabellen) - C:\Users\Mors\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-02-04]
CHR Extension: (Avira Browserschutz) - C:\Users\Mors\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk [2016-05-13]
CHR Extension: (Google Docs Offline) - C:\Users\Mors\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-15]
CHR Extension: (Chrome Web Store-Zahlungen) - C:\Users\Mors\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-04]
CHR Extension: (Google Mail) - C:\Users\Mors\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-02-04]
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx

==================== Dienste (Nicht auf der Ausnahmeliste) ========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

R2 AdvancedSystemCareService9; C:\Program Files (x86)\IObit\Advanced SystemCare\ASCService.exe [446240 2016-01-05] (IObit)
S2 AntiVirMailService; C:\Program Files (x86)\Avira\Antivirus\avmailc7.exe [970656 2016-05-10] (Avira Operations GmbH & Co. KG)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\Antivirus\sched.exe [467016 2016-05-10] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\Antivirus\avguard.exe [467016 2016-05-10] (Avira Operations GmbH & Co. KG)
S2 AntiVirWebService; C:\Program Files (x86)\Avira\Antivirus\avwebg7.exe [1435704 2016-05-10] (Avira Operations GmbH & Co. KG)
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2016-03-02] (Apple Inc.)
R2 Avira.ServiceHost; C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe [276424 2016-05-04] (Avira Operations GmbH & Co. KG)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [2912496 2016-05-01] (Microsoft Corporation)
S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-02-05] (Dropbox, Inc.)
S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-02-05] (Dropbox, Inc.)
R2 DigitalWave.Update.Service; C:\Program Files (x86)\Common Files\DVDVideoSoft\lib\app_updater.exe [388968 2016-03-29] (Digital Wave Ltd.)
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1163200 2016-01-23] (NVIDIA Corporation)
R2 HitmanProScheduler; C:\Program Files\HitmanPro\hmpsched.exe [135496 2016-06-02] (SurfRight B.V.)
R2 LiveUpdateSvc; C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe [2945312 2016-01-14] (IObit)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1879488 2016-01-23] (NVIDIA Corporation)
R3 NvStreamNetworkSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe [6308288 2016-01-23] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [4812736 2016-01-23] (NVIDIA Corporation)
S3 Origin Client Service; D:\Origin\OriginClientService.exe [2104840 2016-02-04] (Electronic Arts)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [364464 2015-10-30] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2015-10-30] (Microsoft Corporation)
R2 WsAppService; C:\Program Files (x86)\Wondershare\WAF\2.1.6.0\WsAppService.exe [388608 2016-01-28] (Wondershare) [Datei ist nicht signiert]
S3 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [X]

===================== Treiber (Nicht auf der Ausnahmeliste) ==========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

S3 A38CCID; C:\Windows\system32\DRIVERS\a38ccid.sys [82480 2015-08-19] (Advanced Card Systems Ltd.)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [128664 2016-03-11] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [146712 2016-05-10] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\system32\DRIVERS\avkmgr.sys [35488 2016-02-04] (Avira Operations GmbH & Co. KG)
R2 avnetflt; C:\Windows\system32\DRIVERS\avnetflt.sys [78208 2016-05-10] (Avira Operations GmbH & Co. KG)
S3 CySmb; C:\Windows\System32\drivers\cysmb.sys [10752 2016-02-04] (Cypress Semiconductor, Inc.)
R1 HWiNFO32; C:\WINDOWS\SysWOW64\drivers\HWiNFO64A.SYS [27552 2016-02-04] (REALiX(tm))
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [26560 2016-01-23] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [47760 2015-12-18] (NVIDIA Corporation)
R3 rt640x64; C:\Windows\System32\drivers\rt640x64.sys [936192 2016-04-28] (Realtek                                            )
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44568 2015-10-30] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [293216 2015-10-30] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [118112 2015-10-30] (Microsoft Corporation)
U3 idsvc; kein ImagePath

==================== NetSvcs (Nicht auf der Ausnahmeliste) ===================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)


==================== Ein Monat: Erstellte Dateien und Ordner ========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)

2016-06-02 22:47 - 2016-06-02 22:47 - 00025662 _____ C:\Users\Mors\Desktop\FRST.txt
2016-06-02 21:54 - 2016-06-02 21:54 - 00012872 _____ (SurfRight B.V.) C:\WINDOWS\system32\bootdelete.exe
2016-06-02 21:48 - 2016-06-02 22:32 - 00046960 _____ C:\WINDOWS\system32\Drivers\hitmanpro37.sys
2016-06-02 21:46 - 2016-06-02 21:46 - 00001974 _____ C:\Users\Public\Desktop\HitmanPro.lnk
2016-06-02 21:46 - 2016-06-02 21:46 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HitmanPro
2016-06-02 21:45 - 2016-06-02 21:46 - 00000000 ____D C:\Program Files\HitmanPro
2016-06-02 21:44 - 2016-06-02 21:53 - 00000000 ____D C:\ProgramData\HitmanPro
2016-06-02 21:43 - 2016-06-02 21:44 - 11438608 _____ (SurfRight B.V.) C:\Users\Mors\Downloads\HitmanPro_x64.exe
2016-06-02 21:39 - 2016-06-02 21:38 - 00110144 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\WindowsAccessBridge-64.dll
2016-06-02 21:39 - 2016-06-02 21:38 - 00110144 _____ (Oracle Corporation) C:\WINDOWS\system32\WindowsAccessBridge-64.dll
2016-06-02 21:39 - 2016-06-02 21:38 - 00097344 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\WindowsAccessBridge-32.dll
2016-06-02 20:48 - 2016-06-02 20:53 - 00000000 ____D C:\AdwCleaner
2016-06-02 20:47 - 2016-06-02 20:47 - 03677248 _____ C:\Users\Mors\Desktop\AdwCleaner_5.119.exe
2016-06-02 19:02 - 2016-06-02 22:47 - 00000000 ____D C:\FRST
2016-06-02 19:01 - 2016-06-02 19:01 - 02383872 _____ (Farbar) C:\Users\Mors\Desktop\FRST64.exe
2016-06-02 18:10 - 2016-06-02 20:33 - 00192216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2016-06-02 18:09 - 2016-06-02 18:09 - 00001187 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2016-06-02 18:09 - 2016-06-02 18:09 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2016-06-02 18:09 - 2016-06-02 18:09 - 00000000 ____D C:\ProgramData\Malwarebytes
2016-06-02 18:09 - 2016-06-02 18:09 - 00000000 ____D C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2016-06-02 18:09 - 2016-03-10 14:09 - 00065408 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys
2016-06-02 18:09 - 2016-03-10 14:08 - 00140672 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2016-06-02 18:09 - 2016-03-10 14:08 - 00027008 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2016-06-02 18:05 - 2016-06-02 18:09 - 22851472 _____ (Malwarebytes ) C:\Users\Mors\Downloads\mbam-setup-2.2.1.1043.exe
2016-06-02 01:01 - 2016-06-02 01:13 - 00000000 ____D C:\ProgramData\TEMP
2016-06-02 01:01 - 2005-04-15 19:58 - 01071088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSCOMCTL.OCX
2016-06-02 01:01 - 2004-03-09 00:00 - 00212240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\RICHTX32.OCX
2016-06-02 01:01 - 2004-03-09 00:00 - 00124688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSWINSCK.OCX
2016-06-02 01:01 - 2004-02-23 00:00 - 00119808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSSTDFMT.DLL
2016-06-02 01:01 - 2003-07-06 14:07 - 00372736 _____ (Intel Corporation) C:\WINDOWS\SysWOW64\IJL_11.DLL
2016-06-01 12:31 - 2016-06-01 12:31 - 04030644 _____ C:\Users\Mors\Downloads\skriptPII.pdf
2016-06-01 11:41 - 2016-06-01 12:10 - 00000000 ____D C:\Users\Mors\Downloads\qrc-xmow
2016-05-31 14:39 - 2016-05-31 14:39 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TalkHelper Call Recorder for Skype
2016-05-31 14:39 - 2015-03-03 12:14 - 00645632 _____ C:\WINDOWS\SysWOW64\xvidcore.dll
2016-05-31 14:39 - 2015-03-03 12:14 - 00240640 _____ C:\WINDOWS\SysWOW64\xvidvfw.dll
2016-05-31 14:39 - 2015-03-03 12:14 - 00153088 _____ C:\WINDOWS\SysWOW64\xvid.ax
2016-05-31 14:38 - 2016-05-31 14:38 - 00001359 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Absolute Uninstaller.lnk
2016-05-31 14:38 - 2016-05-31 14:38 - 00001347 _____ C:\Users\Public\Desktop\Absolute Uninstaller.lnk
2016-05-31 14:38 - 2016-05-31 14:38 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Glarysoft
2016-05-31 14:38 - 2016-05-31 14:38 - 00000000 ____D C:\Program Files (x86)\Glarysoft
2016-05-24 14:39 - 2016-05-24 14:39 - 00002380 _____ C:\Users\Mors\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2016-05-23 16:01 - 2016-05-23 16:01 - 00142060 _____ C:\Users\Mors\Downloads\h02.pdf
2016-05-22 16:24 - 2016-05-22 16:24 - 00000000 ____D C:\Users\Mors\AppData\LocalLow\Unity
2016-05-22 16:24 - 2016-05-22 16:24 - 00000000 ____D C:\Users\Mors\AppData\Local\Unity
2016-05-22 16:22 - 2016-06-02 22:40 - 00000884 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2016-05-22 16:22 - 2016-05-22 16:22 - 00003860 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2016-05-22 16:18 - 2016-05-22 16:23 - 00000000 ____D C:\Users\Mors\AppData\Local\Adobe
2016-05-20 21:04 - 2016-05-20 21:04 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2016-05-20 21:04 - 2016-05-20 21:04 - 00000000 ____D C:\Program Files\iTunes
2016-05-20 21:04 - 2016-05-20 21:04 - 00000000 ____D C:\Program Files\iPod
2016-05-20 21:04 - 2016-05-20 21:04 - 00000000 ____D C:\Program Files (x86)\iTunes
2016-05-14 20:28 - 2016-05-11 21:57 - 00829944 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2016-05-14 20:28 - 2016-05-11 21:57 - 00176632 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2016-05-14 01:45 - 2016-05-14 01:45 - 05062655 _____ C:\Users\Mors\Downloads\Portfolio-test-03.pdf
2016-05-13 01:05 - 2016-05-13 01:05 - 00015703 _____ C:\WINDOWS\system32\OEMDefaultAssociations.xml
2016-05-11 19:36 - 2016-05-11 19:36 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox
2016-05-11 14:39 - 2016-04-30 08:31 - 03591168 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2016-05-11 14:39 - 2016-04-23 08:12 - 01401024 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2016-05-11 14:39 - 2016-04-23 08:12 - 01184960 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2016-05-11 14:39 - 2016-04-23 08:12 - 00713920 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
2016-05-11 14:39 - 2016-04-23 08:12 - 00514752 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2016-05-11 14:39 - 2016-04-23 08:12 - 00190144 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceCensus.exe
2016-05-11 14:39 - 2016-04-23 08:12 - 00046784 _____ (Microsoft Corporation) C:\WINDOWS\system32\CompatTelRunner.exe
2016-05-11 14:39 - 2016-04-23 07:28 - 01557768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll
2016-05-11 14:39 - 2016-04-23 07:28 - 01542816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2016-05-11 14:39 - 2016-04-23 07:24 - 07474528 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2016-05-11 14:39 - 2016-04-23 07:24 - 01997328 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
2016-05-11 14:39 - 2016-04-23 07:24 - 01819208 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2016-05-11 14:39 - 2016-04-23 07:10 - 03673424 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2016-05-11 14:39 - 2016-04-23 07:10 - 02919832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2016-05-11 14:39 - 2016-04-23 07:09 - 22561256 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2016-05-11 14:39 - 2016-04-23 07:09 - 21123320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2016-05-11 14:39 - 2016-04-23 07:09 - 05240960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll
2016-05-11 14:39 - 2016-04-23 07:09 - 04074160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\explorer.exe
2016-05-11 14:39 - 2016-04-23 07:08 - 06605504 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll
2016-05-11 14:39 - 2016-04-23 07:08 - 04515256 _____ (Microsoft Corporation) C:\WINDOWS\explorer.exe
2016-05-11 14:39 - 2016-04-23 07:01 - 01996640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2016-05-11 14:39 - 2016-04-23 07:01 - 00650304 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxgi.dll
2016-05-11 14:39 - 2016-04-23 06:39 - 00089088 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsCSP.dll
2016-05-11 14:39 - 2016-04-23 06:32 - 00028672 _____ (Microsoft Corporation) C:\WINDOWS\system32\mapsupdatetask.dll
2016-05-11 14:39 - 2016-04-23 06:31 - 13018112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2016-05-11 14:39 - 2016-04-23 06:31 - 00074752 _____ (Microsoft Corporation) C:\WINDOWS\system32\MosStorage.dll
2016-05-11 14:39 - 2016-04-23 06:30 - 22379008 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2016-05-11 14:39 - 2016-04-23 06:30 - 00120320 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsBtSvc.dll
2016-05-11 14:39 - 2016-04-23 06:29 - 00072704 _____ (Microsoft Corporation) C:\WINDOWS\system32\moshost.dll
2016-05-11 14:39 - 2016-04-23 06:28 - 16984576 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2016-05-11 14:39 - 2016-04-23 06:26 - 00269824 _____ (Microsoft Corporation) C:\WINDOWS\system32\moshostcore.dll
2016-05-11 14:39 - 2016-04-23 06:26 - 00059904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MosStorage.dll
2016-05-11 14:39 - 2016-04-23 06:25 - 00087040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapsBtSvc.dll
2016-05-11 14:39 - 2016-04-23 06:23 - 11545088 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2016-05-11 14:39 - 2016-04-23 06:22 - 09918976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2016-05-11 14:39 - 2016-04-23 06:22 - 00460800 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapConfiguration.dll
2016-05-11 14:39 - 2016-04-23 06:20 - 19344384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2016-05-11 14:39 - 2016-04-23 06:20 - 18676224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2016-05-11 14:39 - 2016-04-23 06:20 - 00606720 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcmsvc.dll
2016-05-11 14:39 - 2016-04-23 06:19 - 07977472 _____ (Microsoft Corporation) C:\WINDOWS\system32\mos.dll
2016-05-11 14:39 - 2016-04-23 06:19 - 01056256 _____ (Microsoft Corporation) C:\WINDOWS\system32\JpMapControl.dll
2016-05-11 14:39 - 2016-04-23 06:19 - 00970752 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
2016-05-11 14:39 - 2016-04-23 06:19 - 00853504 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsStore.dll
2016-05-11 14:39 - 2016-04-23 06:19 - 00440320 _____ (Microsoft Corporation) C:\WINDOWS\system32\CredProvDataModel.dll
2016-05-11 14:39 - 2016-04-23 06:18 - 24604672 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2016-05-11 14:39 - 2016-04-23 06:18 - 00988160 _____ (Microsoft Corporation) C:\WINDOWS\system32\NMAA.dll
2016-05-11 14:39 - 2016-04-23 06:18 - 00939520 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapControlCore.dll
2016-05-11 14:39 - 2016-04-23 06:18 - 00870400 _____ (Microsoft Corporation) C:\WINDOWS\system32\modernexecserver.dll
2016-05-11 14:39 - 2016-04-23 06:18 - 00349696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapConfiguration.dll
2016-05-11 14:39 - 2016-04-23 06:16 - 01319424 _____ (Microsoft Corporation) C:\WINDOWS\system32\wifinetworkmanager.dll
2016-05-11 14:39 - 2016-04-23 06:16 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\JpMapControl.dll
2016-05-11 14:39 - 2016-04-23 06:15 - 00792064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll
2016-05-11 14:39 - 2016-04-23 06:15 - 00784896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NMAA.dll
2016-05-11 14:39 - 2016-04-23 06:15 - 00348672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CredProvDataModel.dll
2016-05-11 14:39 - 2016-04-23 06:14 - 13383168 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2016-05-11 14:39 - 2016-04-23 06:14 - 00821760 _____ (Microsoft Corporation) C:\WINDOWS\system32\TokenBroker.dll
2016-05-11 14:39 - 2016-04-23 06:14 - 00711680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapControlCore.dll
2016-05-11 14:39 - 2016-04-23 06:13 - 07200256 _____ (Microsoft Corporation) C:\WINDOWS\system32\BingMaps.dll
2016-05-11 14:39 - 2016-04-23 06:13 - 06295552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mos.dll
2016-05-11 14:39 - 2016-04-23 06:10 - 12125696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2016-05-11 14:39 - 2016-04-23 06:10 - 00639488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TokenBroker.dll
2016-05-11 14:39 - 2016-04-23 06:09 - 03666432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2016-05-11 14:39 - 2016-04-23 06:09 - 02582016 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFMediaEngine.dll
2016-05-11 14:39 - 2016-04-23 06:08 - 05324288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll
2016-05-11 14:39 - 2016-04-23 06:08 - 02061824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFMediaEngine.dll
2016-05-11 14:39 - 2016-04-23 06:07 - 05205504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BingMaps.dll
2016-05-11 14:39 - 2016-04-23 06:07 - 02598912 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetworkMobileSettings.dll
2016-05-11 14:39 - 2016-04-23 06:06 - 06974464 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll
2016-05-11 14:39 - 2016-04-23 06:05 - 05502976 _____ (Microsoft Corporation) C:\WINDOWS\system32\d2d1.dll
2016-05-11 14:39 - 2016-04-23 06:05 - 02166784 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2016-05-11 14:39 - 2016-04-23 06:05 - 02066432 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.dll
2016-05-11 14:39 - 2016-04-23 06:05 - 01946112 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll
2016-05-11 14:39 - 2016-04-23 06:04 - 04759040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d2d1.dll
2016-05-11 14:39 - 2016-04-23 06:04 - 01731072 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2016-05-11 14:39 - 2016-04-23 06:03 - 05660160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2016-05-11 14:39 - 2016-04-23 06:03 - 04894208 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2016-05-11 14:39 - 2016-04-23 06:03 - 02280960 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2016-05-11 14:39 - 2016-04-23 06:03 - 02000896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.appcore.dll
2016-05-11 14:39 - 2016-04-23 06:03 - 00754176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncCore.dll
2016-05-11 14:39 - 2016-04-23 06:02 - 07832576 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2016-05-11 14:39 - 2016-04-23 06:02 - 02444288 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.appcore.dll
2016-05-11 14:39 - 2016-04-23 06:00 - 00984576 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncCore.dll
2016-05-11 14:38 - 2016-05-06 06:53 - 00095072 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sdport.sys
2016-05-11 14:38 - 2016-05-06 06:05 - 00241664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cryptngc.dll
2016-05-11 14:38 - 2016-05-06 06:03 - 00649216 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngcsvc.dll
2016-05-11 14:38 - 2016-05-06 05:53 - 00351232 _____ (Microsoft Corporation) C:\WINDOWS\system32\NgcCtnr.dll
2016-05-11 14:38 - 2016-05-06 05:49 - 00289792 _____ (Microsoft Corporation) C:\WINDOWS\system32\NgcCtnrSvc.dll
2016-05-11 14:38 - 2016-05-06 05:44 - 00582656 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngccredprov.dll
2016-05-11 14:38 - 2016-05-06 05:43 - 00320000 _____ (Microsoft Corporation) C:\WINDOWS\system32\cryptngc.dll
2016-05-11 14:38 - 2016-05-06 05:23 - 00076288 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngcpopkeysrv.dll
2016-05-11 14:38 - 2016-04-30 08:42 - 01387520 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2016-05-11 14:38 - 2016-04-23 08:12 - 00294592 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll
2016-05-11 14:38 - 2016-04-23 08:12 - 00092352 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2016-05-11 14:38 - 2016-04-23 07:26 - 00707608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rpcrt4.dll
2016-05-11 14:38 - 2016-04-23 07:24 - 00754664 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreMessaging.dll
2016-05-11 14:38 - 2016-04-23 07:24 - 00638816 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\fvevol.sys
2016-05-11 14:38 - 2016-04-23 07:24 - 00335712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\fastfat.sys
2016-05-11 14:38 - 2016-04-23 07:24 - 00099680 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pdc.sys
2016-05-11 14:38 - 2016-04-23 07:22 - 01161120 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpcrt4.dll
2016-05-11 14:38 - 2016-04-23 07:18 - 00026408 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
2016-05-11 14:38 - 2016-04-23 07:13 - 00502104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupEngine.dll
2016-05-11 14:38 - 2016-04-23 07:13 - 00306832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wlanapi.dll
2016-05-11 14:38 - 2016-04-23 07:13 - 00084832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupApi.dll
2016-05-11 14:38 - 2016-04-23 07:12 - 00925064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfplat.dll
2016-05-11 14:38 - 2016-04-23 07:12 - 00451928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFCaptureEngine.dll
2016-05-11 14:38 - 2016-04-23 07:12 - 00413536 _____ (Microsoft Corporation) C:\WINDOWS\system32\wifitask.exe
2016-05-11 14:38 - 2016-04-23 07:11 - 01092464 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfplat.dll
2016-05-11 14:38 - 2016-04-23 07:11 - 00696672 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupEngine.dll
2016-05-11 14:38 - 2016-04-23 07:11 - 00498960 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFCaptureEngine.dll
2016-05-11 14:38 - 2016-04-23 07:11 - 00390496 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlanapi.dll
2016-05-11 14:38 - 2016-04-23 07:11 - 00131424 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ufxsynopsys.sys
2016-05-11 14:38 - 2016-04-23 07:11 - 00115040 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupApi.dll
2016-05-11 14:38 - 2016-04-23 07:10 - 00330072 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pci.sys
2016-05-11 14:38 - 2016-04-23 07:09 - 00569744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SHCore.dll
2016-05-11 14:38 - 2016-04-23 07:09 - 00565600 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncHost.exe
2016-05-11 14:38 - 2016-04-23 07:09 - 00465760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncHost.exe
2016-05-11 14:38 - 2016-04-23 07:09 - 00303216 _____ (Microsoft Corporation) C:\WINDOWS\system32\LockAppHost.exe
2016-05-11 14:38 - 2016-04-23 07:09 - 00255168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LockAppHost.exe
2016-05-11 14:38 - 2016-04-23 07:08 - 00725776 _____ (Microsoft Corporation) C:\WINDOWS\system32\SHCore.dll
2016-05-11 14:38 - 2016-04-23 07:07 - 01848072 _____ (Microsoft Corporation) C:\WINDOWS\system32\crypt32.dll
2016-05-11 14:38 - 2016-04-23 07:07 - 01536088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\crypt32.dll
2016-05-11 14:38 - 2016-04-23 07:07 - 00204048 _____ (Microsoft Corporation) C:\WINDOWS\system32\rsaenh.dll
2016-05-11 14:38 - 2016-04-23 07:07 - 00183904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rsaenh.dll
2016-05-11 14:38 - 2016-04-23 07:06 - 00291360 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininit.exe
2016-05-11 14:38 - 2016-04-23 07:02 - 00188256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppxAllUserStore.dll
2016-05-11 14:38 - 2016-04-23 07:01 - 00619296 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d10level9.dll
2016-05-11 14:38 - 2016-04-23 07:01 - 00577368 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys
2016-05-11 14:38 - 2016-04-23 07:01 - 00522176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxgi.dll
2016-05-11 14:38 - 2016-04-23 07:01 - 00513368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d10level9.dll
2016-05-11 14:38 - 2016-04-23 07:01 - 00393568 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys
2016-05-11 14:38 - 2016-04-23 07:01 - 00217440 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxAllUserStore.dll
2016-05-11 14:38 - 2016-04-23 07:00 - 01776768 _____ (Microsoft Corporation) C:\WINDOWS\system32\WindowsCodecs.dll
2016-05-11 14:38 - 2016-04-23 07:00 - 01594920 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32.dll
2016-05-11 14:38 - 2016-04-23 07:00 - 01522152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WindowsCodecs.dll
2016-05-11 14:38 - 2016-04-23 07:00 - 01399224 _____ (Microsoft Corporation) C:\WINDOWS\system32\user32.dll
2016-05-11 14:38 - 2016-04-23 07:00 - 01372304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32.dll
2016-05-11 14:38 - 2016-04-23 07:00 - 01337240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\user32.dll
2016-05-11 14:38 - 2016-04-23 07:00 - 00550656 _____ (Microsoft Corporation) C:\WINDOWS\system32\directmanipulation.dll
2016-05-11 14:38 - 2016-04-23 07:00 - 00453472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\directmanipulation.dll
2016-05-11 14:38 - 2016-04-23 07:00 - 00058208 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwminit.dll
2016-05-11 14:38 - 2016-04-23 06:56 - 00534872 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBHUB3.SYS
2016-05-11 14:38 - 2016-04-23 06:35 - 00066560 _____ (Microsoft Corporation) C:\WINDOWS\system32\MosHostClient.dll
2016-05-11 14:38 - 2016-04-23 06:34 - 00067072 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbser.sys
2016-05-11 14:38 - 2016-04-23 06:34 - 00059392 _____ (Microsoft Corporation) C:\WINDOWS\system32\hmkd.dll
2016-05-11 14:38 - 2016-04-23 06:34 - 00048128 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups.dll
2016-05-11 14:38 - 2016-04-23 06:33 - 00089600 _____ (Microsoft Corporation) C:\WINDOWS\system32\NFCProvisioningPlugin.dll
2016-05-11 14:38 - 2016-04-23 06:33 - 00063488 _____ (Microsoft Corporation) C:\WINDOWS\system32\wshbth.dll
2016-05-11 14:38 - 2016-04-23 06:33 - 00063488 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\UcmCx.sys
2016-05-11 14:38 - 2016-04-23 06:33 - 00038400 _____ (Microsoft Corporation) C:\WINDOWS\system32\ByteCodeGenerator.exe
2016-05-11 14:38 - 2016-04-23 06:32 - 00134656 _____ (Microsoft Corporation) C:\WINDOWS\system32\wificonnapi.dll
2016-05-11 14:38 - 2016-04-23 06:32 - 00069632 _____ (Microsoft Corporation) C:\WINDOWS\system32\EnterpriseDesktopAppMgmtCSP.dll
2016-05-11 14:38 - 2016-04-23 06:30 - 00050176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MosHostClient.dll
2016-05-11 14:38 - 2016-04-23 06:29 - 00192000 _____ (Microsoft Corporation) C:\WINDOWS\system32\provisioningcsp.dll
2016-05-11 14:38 - 2016-04-23 06:29 - 00151040 _____ (Microsoft Corporation) C:\WINDOWS\system32\VEStoreEventHandlers.dll
2016-05-11 14:38 - 2016-04-23 06:29 - 00087552 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\filecrypt.sys
2016-05-11 14:38 - 2016-04-23 06:29 - 00087040 _____ (Microsoft Corporation) C:\WINDOWS\system32\MDMAppInstaller.exe
2016-05-11 14:38 - 2016-04-23 06:29 - 00047104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\hmkd.dll
2016-05-11 14:38 - 2016-04-23 06:29 - 00031232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ByteCodeGenerator.exe
2016-05-11 14:38 - 2016-04-23 06:29 - 00023552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wups.dll
2016-05-11 14:38 - 2016-04-23 06:28 - 00130560 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudDomainJoinDataModelServer.dll
2016-05-11 14:38 - 2016-04-23 06:28 - 00127488 _____ (Microsoft Corporation) C:\WINDOWS\system32\VEDataLayerHelpers.dll
2016-05-11 14:38 - 2016-04-23 06:28 - 00104448 _____ (Microsoft Corporation) C:\WINDOWS\system32\BluetoothApis.dll
2016-05-11 14:38 - 2016-04-23 06:28 - 00086528 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppCapture.dll
2016-05-11 14:38 - 2016-04-23 06:28 - 00051712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wshbth.dll
2016-05-11 14:38 - 2016-04-23 06:27 - 00155136 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hidclass.sys
2016-05-11 14:38 - 2016-04-23 06:27 - 00039424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wfdprov.dll
2016-05-11 14:38 - 2016-04-23 06:26 - 00086528 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpdbusenum.dll
2016-05-11 14:38 - 2016-04-23 06:25 - 00630784 _____ (Microsoft Corporation) C:\WINDOWS\system32\PhoneProviders.dll
2016-05-11 14:38 - 2016-04-23 06:25 - 00617984 _____ (Microsoft Corporation) C:\WINDOWS\system32\StorSvc.dll
2016-05-11 14:38 - 2016-04-23 06:25 - 00210432 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcmcsp.dll
2016-05-11 14:38 - 2016-04-23 06:25 - 00207360 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupSvc.dll
2016-05-11 14:38 - 2016-04-23 06:24 - 00764928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
2016-05-11 14:38 - 2016-04-23 06:24 - 00689152 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieproxy.dll
2016-05-11 14:38 - 2016-04-23 06:24 - 00292864 _____ (Microsoft Corporation) C:\WINDOWS\system32\provengine.dll
2016-05-11 14:38 - 2016-04-23 06:24 - 00287232 _____ (Microsoft Corporation) C:\WINDOWS\system32\provhandlers.dll
2016-05-11 14:38 - 2016-04-23 06:24 - 00181248 _____ (Microsoft Corporation) C:\WINDOWS\system32\shacct.dll
2016-05-11 14:38 - 2016-04-23 06:24 - 00166400 _____ (Microsoft Corporation) C:\WINDOWS\system32\SubscriptionMgr.dll
2016-05-11 14:38 - 2016-04-23 06:24 - 00084480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\VEDataLayerHelpers.dll
2016-05-11 14:38 - 2016-04-23 06:23 - 00414720 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcastdvr.exe
2016-05-11 14:38 - 2016-04-23 06:23 - 00279040 _____ (Microsoft Corporation) C:\WINDOWS\system32\ListSvc.dll
2016-05-11 14:38 - 2016-04-23 06:23 - 00179712 _____ (Microsoft Corporation) C:\WINDOWS\system32\BrowserSettingSync.dll
2016-05-11 14:38 - 2016-04-23 06:23 - 00080896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BluetoothApis.dll
2016-05-11 14:38 - 2016-04-23 06:22 - 00285696 _____ (Microsoft Corporation) C:\WINDOWS\system32\VEEventDispatcher.dll
2016-05-11 14:38 - 2016-04-23 06:21 - 00479232 _____ (Microsoft Corporation) C:\WINDOWS\system32\schannel.dll
2016-05-11 14:38 - 2016-04-23 06:21 - 00314880 _____ (Microsoft Corporation) C:\WINDOWS\system32\RDXTaskFactory.dll
2016-05-11 14:38 - 2016-04-23 06:20 - 00497152 _____ (Microsoft Corporation) C:\WINDOWS\system32\tileobjserver.dll
2016-05-11 14:38 - 2016-04-23 06:20 - 00484352 _____ (Microsoft Corporation) C:\WINDOWS\system32\DataSenseHandlers.dll
2016-05-11 14:38 - 2016-04-23 06:20 - 00356864 _____ (Microsoft Corporation) C:\WINDOWS\system32\ActivationManager.dll
2016-05-11 14:38 - 2016-04-23 06:20 - 00307200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieproxy.dll
2016-05-11 14:38 - 2016-04-23 06:20 - 00137728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shacct.dll
2016-05-11 14:38 - 2016-04-23 06:19 - 00395264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wlansec.dll
2016-05-11 14:38 - 2016-04-23 06:19 - 00140800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BrowserSettingSync.dll
2016-05-11 14:38 - 2016-04-23 06:18 - 00988672 _____ (Microsoft Corporation) C:\WINDOWS\system32\SharedStartModel.dll
2016-05-11 14:38 - 2016-04-23 06:18 - 00804352 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2016-05-11 14:38 - 2016-04-23 06:18 - 00605184 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2016-05-11 14:38 - 2016-04-23 06:18 - 00585728 _____ (Microsoft Corporation) C:\WINDOWS\system32\winlogon.exe
2016-05-11 14:38 - 2016-04-23 06:18 - 00515072 _____ (Microsoft Corporation) C:\WINDOWS\system32\OneDriveSettingSyncProvider.dll
2016-05-11 14:38 - 2016-04-23 06:18 - 00471552 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupShim.dll
2016-05-11 14:38 - 2016-04-23 06:18 - 00436736 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentClient.dll
2016-05-11 14:38 - 2016-04-23 06:18 - 00219648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\VEEventDispatcher.dll
2016-05-11 14:38 - 2016-04-23 06:17 - 01213440 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwansvc.dll
2016-05-11 14:38 - 2016-04-23 06:17 - 00529920 _____ (Microsoft Corporation) C:\WINDOWS\system32\LogonController.dll
2016-05-11 14:38 - 2016-04-23 06:17 - 00388608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\schannel.dll
2016-05-11 14:38 - 2016-04-23 06:17 - 00337920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wlanmsm.dll
2016-05-11 14:38 - 2016-04-23 06:16 - 00848896 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2016-05-11 14:38 - 2016-04-23 06:15 - 01073152 _____ (Microsoft Corporation) C:\WINDOWS\system32\RDXService.dll
2016-05-11 14:38 - 2016-04-23 06:15 - 00865792 _____ (Microsoft Corporation) C:\WINDOWS\system32\AzureSettingSyncProvider.dll
2016-05-11 14:38 - 2016-04-23 06:15 - 00673280 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.dll
2016-05-11 14:38 - 2016-04-23 06:15 - 00400896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\OneDriveSettingSyncProvider.dll
2016-05-11 14:38 - 2016-04-23 06:14 - 00870912 _____ (Microsoft Corporation) C:\WINDOWS\system32\MPSSVC.dll
2016-05-11 14:38 - 2016-04-23 06:14 - 00647680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2016-05-11 14:38 - 2016-04-23 06:14 - 00503296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2016-05-11 14:38 - 2016-04-23 06:14 - 00354304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupShim.dll
2016-05-11 14:38 - 2016-04-23 06:14 - 00342528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppXDeploymentClient.dll
2016-05-11 14:38 - 2016-04-23 06:13 - 00705536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
2016-05-11 14:38 - 2016-04-23 06:13 - 00489984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.dll
2016-05-11 14:38 - 2016-04-23 06:13 - 00434688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LogonController.dll
2016-05-11 14:38 - 2016-04-23 06:12 - 00667648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AzureSettingSyncProvider.dll
2016-05-11 14:38 - 2016-04-23 06:07 - 01500160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2016-05-11 14:38 - 2016-04-23 06:07 - 00848896 _____ (Microsoft Corporation) C:\WINDOWS\system32\samsrv.dll
2016-05-11 14:38 - 2016-04-23 06:05 - 01626624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmcore.dll
2016-05-11 14:38 - 2016-04-23 06:05 - 00613376 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSync.dll
2016-05-11 14:38 - 2016-04-23 06:05 - 00111616 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatepolicy.dll
2016-05-11 14:38 - 2016-04-23 06:05 - 00103936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\updatepolicy.dll
2016-05-11 14:38 - 2016-04-23 06:03 - 02193408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\actxprxy.dll
2016-05-11 14:38 - 2016-04-23 06:03 - 00503296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSync.dll
2016-05-11 14:38 - 2016-04-23 06:01 - 04775424 _____ (Microsoft Corporation) C:\WINDOWS\system32\actxprxy.dll
2016-05-11 14:38 - 2016-04-23 06:00 - 01390080 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Shell.dll
2016-05-11 14:38 - 2016-04-23 05:45 - 00461824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CoreMessaging.dll
2016-05-11 14:38 - 2016-04-23 04:10 - 00215040 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepic.dll
2016-05-11 14:38 - 2016-04-23 04:10 - 00002186 _____ C:\WINDOWS\system32\AppxProvisioning.xml
2016-05-11 14:38 - 2016-04-19 00:30 - 00002186 _____ C:\WINDOWS\SysWOW64\AppxProvisioning.xml
2016-05-11 12:13 - 2016-05-11 12:13 - 00003972 _____ C:\WINDOWS\System32\Tasks\Adobe Acrobat Update Task
2016-05-10 23:29 - 2016-06-02 22:34 - 00001134 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2016-05-10 23:29 - 2016-06-02 22:31 - 00001130 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job

==================== Ein Monat: Geänderte Dateien und Ordner ========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)

2016-06-02 22:38 - 2016-02-04 20:05 - 01799166 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2016-06-02 22:38 - 2015-10-30 20:35 - 00775524 _____ C:\WINDOWS\system32\perfh007.dat
2016-06-02 22:38 - 2015-10-30 20:35 - 00155338 _____ C:\WINDOWS\system32\perfc007.dat
2016-06-02 22:38 - 2015-10-30 09:21 - 00000000 ____D C:\WINDOWS\INF
2016-06-02 22:37 - 2016-02-04 23:01 - 00004152 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{3D1826E0-00CC-4C51-B0BB-C991F4597851}
2016-06-02 22:36 - 2016-02-05 00:43 - 00000000 ____D C:\Users\Mors\AppData\Roaming\Skype
2016-06-02 22:32 - 2016-02-05 03:00 - 00000000 ___RD C:\Users\Mors\Dropbox
2016-06-02 22:31 - 2016-03-18 12:31 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2016-06-02 22:31 - 2016-02-05 02:58 - 00001222 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskMachineCore.job
2016-06-02 22:31 - 2015-10-30 08:28 - 00524288 ___SH C:\WINDOWS\system32\config\BBI
2016-06-02 22:03 - 2016-02-05 02:58 - 00001226 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskMachineUA.job
2016-06-02 21:41 - 2016-02-04 23:00 - 00000000 ____D C:\ProgramData\Oracle
2016-06-02 21:39 - 2016-04-17 11:45 - 00000000 ____D C:\Program Files (x86)\Java
2016-06-02 21:39 - 2016-02-05 20:40 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java Development Kit
2016-06-02 21:39 - 2016-02-05 20:39 - 00000000 ____D C:\Program Files\Java
2016-06-02 21:39 - 2016-02-04 23:00 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2016-06-02 21:38 - 2016-02-04 23:01 - 00000000 ____D C:\Users\Mors\.oracle_jre_usage
2016-06-02 21:30 - 2016-02-05 23:57 - 00000000 ____D C:\Users\Mors\AppData\Roaming\vlc
2016-06-02 16:18 - 2015-10-30 09:24 - 00000000 ____D C:\WINDOWS\AppReadiness
2016-06-02 16:17 - 2015-10-30 09:24 - 00000000 ___HD C:\Program Files\WindowsApps
2016-06-02 00:24 - 2016-02-04 21:10 - 00000000 ____D C:\Users\Mors\Desktop\Kramzeugs
2016-06-01 13:17 - 2016-02-04 19:27 - 00000000 ____D C:\ProgramData\Package Cache
2016-06-01 13:17 - 2016-02-04 19:27 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2016-06-01 12:20 - 2016-02-05 02:49 - 00000000 ____D C:\Users\Mors\AppData\Local\JDownloader v2.0
2016-05-28 00:28 - 2016-02-04 19:12 - 00000000 ____D C:\ProgramData\ProductData
2016-05-27 12:24 - 2016-02-05 00:43 - 00000000 ____D C:\ProgramData\Skype
2016-05-26 17:29 - 2016-02-05 02:44 - 00000000 ____D C:\Users\Mors\AppData\Roaming\Mp3tag
2016-05-26 17:29 - 2016-02-04 21:27 - 00000000 ____D C:\Users\Mors\Downloads\Neue Musik
2016-05-24 14:39 - 2016-02-04 20:12 - 00000000 ___RD C:\Users\Mors\OneDrive
2016-05-24 00:03 - 2016-02-04 21:18 - 00000000 ____D C:\Program Files (x86)\Tor Browser
2016-05-22 22:47 - 2016-02-05 02:47 - 00000000 ____D C:\Users\Mors\Downloads\Antheas Kunstwerke
2016-05-22 03:33 - 2016-03-18 12:20 - 00000000 ____D C:\Users\Mors
2016-05-21 16:54 - 2016-02-04 21:17 - 00000000 ___RD C:\Users\Mors\Desktop\Programme
2016-05-20 21:21 - 2016-02-04 21:09 - 00000000 ____D C:\Users\Mors\AppData\Roaming\Guild Wars 2
2016-05-20 21:10 - 2015-10-30 09:24 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2016-05-20 21:08 - 2016-02-05 03:14 - 00000000 ____D C:\Program Files (x86)\Microsoft Office
2016-05-20 21:04 - 2016-02-04 23:04 - 00000000 ____D C:\Program Files\Common Files\Apple
2016-05-14 20:28 - 2015-10-30 09:11 - 00000000 ____D C:\WINDOWS\CbsTemp
2016-05-13 17:19 - 2015-10-30 09:24 - 00000000 ____D C:\WINDOWS\rescache
2016-05-13 11:39 - 2016-02-04 20:08 - 00000000 ____D C:\Users\Mors\AppData\Local\Packages
2016-05-13 11:34 - 2015-09-10 07:37 - 00000000 __RHD C:\Users\Public\AccountPictures
2016-05-13 01:05 - 2015-10-30 20:44 - 00000000 ____D C:\Program Files\Windows Journal
2016-05-13 01:05 - 2015-10-30 09:24 - 00000000 ____D C:\WINDOWS\system32\oobe
2016-05-13 01:05 - 2015-10-30 09:24 - 00000000 ____D C:\WINDOWS\system32\appraiser
2016-05-13 01:05 - 2015-10-30 09:24 - 00000000 ____D C:\WINDOWS\Provisioning
2016-05-13 01:05 - 2015-10-30 09:24 - 00000000 ____D C:\WINDOWS\bcastdvr
2016-05-13 00:36 - 2016-02-04 21:23 - 00002264 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-05-13 00:36 - 2016-02-04 21:23 - 00002252 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2016-05-12 00:03 - 2016-02-04 18:10 - 00000000 ____D C:\WINDOWS\system32\MRT
2016-05-11 23:55 - 2016-02-04 18:10 - 139319312 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2016-05-11 19:36 - 2016-02-05 02:58 - 00000000 ____D C:\Users\Mors\AppData\Local\Dropbox
2016-05-11 19:36 - 2016-02-05 02:58 - 00000000 ____D C:\Program Files (x86)\Dropbox
2016-05-10 23:29 - 2016-02-04 21:22 - 00004192 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2016-05-10 23:29 - 2016-02-04 21:22 - 00003960 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2016-05-10 18:56 - 2016-02-04 19:29 - 00146712 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avipbb.sys
2016-05-10 18:56 - 2016-02-04 19:29 - 00078208 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avnetflt.sys
2016-05-10 13:35 - 2016-02-05 00:43 - 00000000 ___RD C:\Program Files (x86)\Skype
2016-05-08 23:10 - 2016-04-28 18:28 - 00000000 ____D C:\Users\Mors\AppData\Local\Battle.net
2016-05-08 22:51 - 2016-04-28 18:28 - 00000000 ____D C:\Program Files (x86)\Battle.net

Einige Dateien in TEMP:
====================
C:\Users\Mors\AppData\Local\Temp\avgnt.exe
C:\Users\Mors\AppData\Local\Temp\jre-8u91-windows-au.exe
C:\Users\Mors\AppData\Local\Temp\libeay32.dll
C:\Users\Mors\AppData\Local\Temp\msvcr120.dll
C:\Users\Mors\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap =================

(Es ist kein automatischer Fix für Dateien vorhanden, die an der Verifikation gescheitert sind.)

C:\WINDOWS\system32\winlogon.exe => Datei ist digital signiert
C:\WINDOWS\system32\wininit.exe => Datei ist digital signiert
C:\WINDOWS\explorer.exe => Datei ist digital signiert
C:\WINDOWS\SysWOW64\explorer.exe => Datei ist digital signiert
C:\WINDOWS\system32\svchost.exe => Datei ist digital signiert
C:\WINDOWS\SysWOW64\svchost.exe => Datei ist digital signiert
C:\WINDOWS\system32\services.exe => Datei ist digital signiert
C:\WINDOWS\system32\User32.dll => Datei ist digital signiert
C:\WINDOWS\SysWOW64\User32.dll => Datei ist digital signiert
C:\WINDOWS\system32\userinit.exe => Datei ist digital signiert
C:\WINDOWS\SysWOW64\userinit.exe => Datei ist digital signiert
C:\WINDOWS\system32\rpcss.dll => Datei ist digital signiert
C:\WINDOWS\system32\dnsapi.dll => Datei ist digital signiert
C:\WINDOWS\SysWOW64\dnsapi.dll => Datei ist digital signiert
C:\WINDOWS\system32\Drivers\volsnap.sys => Datei ist digital signiert


LastRegBack: 2016-05-24 13:27

==================== Ende von FRST.txt ============================
         

Alt 02.06.2016, 21:55   #15
Mors
 
Verdacht auf Keylogger o.ä. - Vorgang? - Standard

Verdacht auf Keylogger o.ä. - Vorgang?



Addition.txt:

Code:
ATTFilter
Zusätzliches Untersuchungsergebnis von Farbar Recovery Scan Tool (x64) Version:01-06-2016
durchgeführt von Mors (2016-06-02 22:47:56)
Gestartet von C:\Users\Mors\Desktop
Windows 10 Home Version 1511 (X64) (2016-03-18 10:35:44)
Start-Modus: Normal
==========================================================


==================== Konten: =============================

Administrator (S-1-5-21-211363319-1696189197-2757610549-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-211363319-1696189197-2757610549-503 - Limited - Disabled)
Gast (S-1-5-21-211363319-1696189197-2757610549-501 - Limited - Disabled)
Mors (S-1-5-21-211363319-1696189197-2757610549-1000 - Administrator - Enabled) => C:\Users\Mors

==================== Sicherheits-Center ========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er entfernt.)

AV: Avira Antivirus (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avira Antivirus (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installierte Programme ======================

(Nur Adware-Programme mit dem Zusatz "Hidden" können in die Fixlist aufgenommen werden, um sie sichtbar zu machen. Die Adware-Programme sollten manuell deinstalliert werden.)

Absolute Uninstaller 5.3.1.21 (HKLM-x32\...\Absolute Uninstaller) (Version: 5.3.1.21 - Glarysoft Ltd)
Acronis Drive Monitor (HKLM-x32\...\{706AE61D-40A4-4F50-8359-FE8F6F7FA461}) (Version: 1.0.566 - Acronis)
Adobe Acrobat Reader DC - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AC0F074E4100}) (Version: 15.010.20056 - Adobe Systems Incorporated)
Adobe Flash Player 21 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 21.0.0.242 - Adobe Systems Incorporated)
Apple Application Support (32-Bit) (HKLM-x32\...\{26356515-5821-40FA-9C3D-9785052A1062}) (Version: 4.3.1 - Apple Inc.)
Apple Application Support (64-Bit) (HKLM\...\{C2651553-6CA3-4822-B2E6-BC4ACA6E0EA2}) (Version: 4.3.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{2E4AF2A6-50EA-4260-9BA4-5E582D11879A}) (Version: 9.3.0.15 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{56EC47AA-5813-4FF6-8E75-544026FBEA83}) (Version: 2.2.0.150 - Apple Inc.)
Assassin's Creed (HKLM-x32\...\{8CFA9151-6404-409A-AF22-4632D04582FD}) (Version: 1.00 - Ubisoft)
Avira Antivirus (HKLM-x32\...\Avira Antivirus) (Version: 15.0.17.273 - Avira Operations GmbH & Co. KG)
Avira Launcher (HKLM-x32\...\{28d41884-9b36-4f54-bed2-92863f08e65d}) (Version: 1.1.62.21333 - Avira Operations GmbH & Co. KG)
Avira Launcher (x32 Version: 1.1.62.21333 - Avira Operations GmbH & Co. KG) Hidden
Battle.net (HKLM-x32\...\Battle.net) (Version:  - Blizzard Entertainment)
BitTorrent (HKU\S-1-5-21-211363319-1696189197-2757610549-1000\...\BitTorrent) (Version: 7.9.2.33395 - BitTorrent Inc.)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
CameraHelperMsi (x32 Version: 13.51.815.0 - Logitech) Hidden
cv act sc/interface - Admin Edition (64-Bit) (HKLM\...\{05A84E0B-67C4-4ACA-8CAD-F62673D4C194}) (Version: 6.4.4 - cv cryptovision GmbH)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Darksiders (HKLM\...\Steam App 50620) (Version:  - Vigil Games)
Darksiders II (HKLM\...\Steam App 50650) (Version:  - Vigil Games)
DarksidersInstaller (HKLM-x32\...\{B93EEE50-9C8F-45DF-95E4-3D85A6E242F3}) (Version: 1.00.1000 - Ihr Firmenname)
Dropbox (HKLM-x32\...\Dropbox) (Version: 3.20.1 - Dropbox, Inc.)
Dropbox Update Helper (x32 Version: 1.3.27.77 - Dropbox, Inc.) Hidden
erLT (x32 Version: 1.20.138.34 - Logitech, Inc.) Hidden
Fotogalerie (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Free Video to DVD Converter (HKLM-x32\...\Free Video to DVD Converter_is1) (Version: 5.0.78.328 - DVDVideoSoft Ltd.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 50.0.2661.102 - Google Inc.)
Google Update Helper (x32 Version: 1.3.30.3 - Google Inc.) Hidden
GUILD WARS (HKLM-x32\...\Guild Wars) (Version:  - )
HitmanPro 3.7 (HKLM\...\HitmanPro37) (Version: 3.7.14.265 - SurfRight B.V.)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1144 - Intel Corporation)
IObit Uninstaller (HKLM-x32\...\IObitUninstall) (Version: 5.2.1.126 - IObit)
iTunes (HKLM\...\{58D7E5F7-BAD1-49C5-93C8-B655736EDA00}) (Version: 12.4.0.119 - Apple Inc.)
Java 8 Update 91 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418091F0}) (Version: 8.0.910.15 - Oracle Corporation)
Java 8 Update 91 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218091F0}) (Version: 8.0.910.15 - Oracle Corporation)
Java SE Development Kit 8 Update 71 (64-bit) (HKLM\...\{64A3A4F4-B792-11D6-A78A-00B0D0180710}) (Version: 8.0.710.15 - Oracle Corporation)
JDownloader 2 (HKLM\...\jdownloader2) (Version: 2.0 - AppWork GmbH)
Logitech Webcam-Software (HKLM-x32\...\{D40EB009-0499-459c-A8AF-C9C110766215}) (Version: 2.80 - Logitech Inc.)
Malwarebytes Anti-Malware Version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation)
Microsoft Office 365 ProPlus - de-de (HKLM\...\O365ProPlusRetail - de-de) (Version: 16.0.6001.1078 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Movie Maker (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Mozilla Firefox 44.0 (x86 de) (HKLM-x32\...\Mozilla Firefox 44.0 (x86 de)) (Version: 44.0 - Mozilla)
Mozilla Firefox 45.0.2 (x64 de) (HKLM\...\Mozilla Firefox 45.0.2 (x64 de)) (Version: 45.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 45.0.2 - Mozilla)
Mp3tag v2.75 (HKLM-x32\...\Mp3tag) (Version: v2.75 - Florian Heidenreich)
NVIDIA 3D Vision Controller-Treiber 352.65 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 352.65 - NVIDIA Corporation)
NVIDIA GeForce Experience 2.9.1.35 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.9.1.35 - NVIDIA Corporation)
NVIDIA HD-Audiotreiber 1.3.34.4 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.34.4 - NVIDIA Corporation)
NVIDIA PhysX-Systemsoftware 9.15.0428 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.15.0428 - NVIDIA Corporation)
Office 16 Click-to-Run Extensibility Component (x32 Version: 16.0.6001.1078 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (Version: 16.0.6001.1078 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (x32 Version: 16.0.6001.1078 - Microsoft Corporation) Hidden
Origin (HKLM-x32\...\Origin) (Version: 9.11.5.17432 - Electronic Arts, Inc.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.37.1229.2010 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7746 - Realtek Semiconductor Corp.)
Renesas Electronics USB 3.0 Host Controller Driver (HKLM-x32\...\InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}) (Version: 2.0.32.0 - Renesas Electronics Corporation)
Renesas Electronics USB 3.0 Host Controller Driver (x32 Version: 2.0.32.0 - Renesas Electronics Corporation) Hidden
RUBICon (HKLM-x32\...\{438134D3-0BD4-4C52-8575-5B2B63AD01C2}) (Version: 2.0.25 - RUB)
RuneScape Launcher 1.2.7 (HKLM-x32\...\{FA52A2D0-298E-4D40-8BB7-39928627EA6A}) (Version: 1.2.7 - Jagex Ltd)
SHIELD Streaming (Version: 4.1.0260 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (Version: 2.9.1.35 - NVIDIA Corporation) Hidden
Skype™ 7.24 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.24.104 - Skype Technologies S.A.)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
TalkHelper Call Recorder for Skype Version 1.8.5 (HKLM-x32\...\{D290FF60-4288-4A56-9361-F215D78E84D3}_is1) (Version: 1.8.5 - TalkHelper Team)
TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.0.18 - TeamSpeak Systems GmbH)
The Binding of Isaac (HKLM\...\Steam App 113200) (Version:  - Edmund McMillen and Florian Himsl)
Unity Web Player (HKU\S-1-5-21-211363319-1696189197-2757610549-1000\...\UnityWebPlayer) (Version: 5.3.5f1 - Unity Technologies ApS)
VLC media player (HKLM\...\VLC media player) (Version: 2.2.1 - VideoLAN)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
WinRAR 5.30 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 5.30.0 - win.rar GmbH)
World of Warcraft (HKLM-x32\...\World of Warcraft) (Version:  - Blizzard Entertainment)

==================== Benutzerdefinierte CLSID (Nicht auf der Ausnahmeliste): ==========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

CustomCLSID: HKU\S-1-5-21-211363319-1696189197-2757610549-1000_Classes\CLSID\{71DCE5D6-4B57-496B-AC21-CD5B54EB93FD}\localserver32 -> C:\Users\Mors\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\FileCoAuth.exe (Microsoft Corporation)

==================== Geplante Aufgaben (Nicht auf der Ausnahmeliste) =============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

Task: {0ECB6F84-90A3-4640-A780-D4D70F4C6BC9} - System32\Tasks\Microsoft\Windows\Media Center\OCURDiscovery => C:\Windows\ehome\ehPrivJob.exe
Task: {168574CD-DF30-46A1-9FCC-657C78D4F2BE} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscovery => C:\Windows\ehome\ehPrivJob.exe
Task: {1BBA3AC4-EE4B-4D6F-8C01-6994EBEADFBA} - System32\Tasks\Microsoft\Windows\Media Center\DispatchRecoveryTasks => C:\Windows\ehome\ehPrivJob.exe
Task: {349EA479-F98B-488B-A415-468D3FBF18C0} - System32\Tasks\Driver Booster SkipUAC (Mors) => C:\Program Files (x86)\IObit\Driver Booster\DriverBooster.exe [2016-01-18] (IObit)
Task: {42A65B1C-A720-4C0A-9068-E45204F1D444} - System32\Tasks\Microsoft\Windows\Media Center\PeriodicScanRetry => C:\Windows\ehome\MCUpdate.exe
Task: {42B913B3-001E-497A-91C5-1FF279E8209B} - System32\Tasks\Uninstaller_SkipUac_Mors => C:\Program Files (x86)\IObit\IObit Uninstaller\IObitUninstaler.exe [2016-01-12] (IObit)
Task: {463675ED-BA5F-4968-BE2F-144716F12E61} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate_scheduled => C:\Windows\ehome\mcupdate.exe
Task: {47FC9374-39F5-4128-B5B9-668B833638DA} - System32\Tasks\ASC9_PerformanceMonitor => C:\Program Files (x86)\IObit\Advanced SystemCare\Monitor.exe [2016-01-15] (IObit)
Task: {54C7761D-2516-48E9-84DB-847B8F51EF49} - System32\Tasks\Microsoft\Windows\Media Center\ObjectStoreRecoveryTask => C:\Windows\ehome\mcupdate.exe
Task: {55C05511-D91E-440B-BB63-952606DD1BF6} - System32\Tasks\Microsoft\Windows\Media Center\ConfigureInternetTimeService => C:\Windows\ehome\ehPrivJob.exe
Task: {581B15D9-0077-47E9-825C-2BA9BAD62AB6} - System32\Tasks\Microsoft\Windows\Media Center\StartRecording => C:\Windows\ehome\ehrec.exe
Task: {6259FFC4-68A9-46C0-8A19-FE2AFEA4A26F} - System32\Tasks\Microsoft\Windows\Media Center\UpdateRecordPath => C:\Windows\ehome\ehPrivJob.exe
Task: {62771CFC-AC8E-4CF7-877D-729FE747419E} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe [2016-05-01] (Microsoft Corporation)
Task: {664C425E-5B6B-4E46-A6A1-9DD77D9D0F58} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-05-22] (Adobe Systems Incorporated)
Task: {6FE6F7B1-94AB-4354-9004-D15A71BBE7A5} - System32\Tasks\Driver Booster Scheduler => C:\Program Files (x86)\IObit\Driver Booster\Scheduler.exe [2016-01-13] (IObit)
Task: {7007D011-B0F6-43E1-A23F-80AAF3E29F88} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW1 => C:\Windows\ehome\ehPrivJob.exe
Task: {70ACEFE5-9B3C-4F8D-8C67-EE7448771D79} - System32\Tasks\ASC9_SkipUac_Mors => C:\Program Files (x86)\IObit\Advanced SystemCare\ASC.exe [2016-01-18] (IObit)
Task: {7177C4C3-A902-4381-8EBD-886C2442A977} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2016-02-23] (Apple Inc.)
Task: {72042DB3-D4C7-4611-9174-9D1A6F225713} - System32\Tasks\Microsoft\Windows\Media Center\InstallPlayReady => C:\Windows\ehome\ehPrivJob.exe
Task: {721DE76A-E0CB-4F6C-A981-CEF665F9B311} - System32\Tasks\{88228D2D-1A01-416A-AFC7-A5237DFDB66D} => pcalua.exe -a C:\Users\Mors\Downloads\DTLiteInstaller.exe -d C:\Users\Mors\Downloads
Task: {7B519A98-D667-4A88-8B24-30CE05D31D09} - System32\Tasks\Microsoft\Windows\Media Center\MediaCenterRecoveryTask => C:\Windows\ehome\mcupdate.exe
Task: {806EAE5F-C97D-453A-A3D9-497A1592EDC2} - System32\Tasks\Microsoft\Windows\Media Center\OCURActivate => C:\Windows\ehome\ehPrivJob.exe
Task: {851C46D3-C6E8-4703-B875-D437DA9F4BDB} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonx86\Microsoft Shared\Office16\OLicenseHeartbeat.exe [2016-05-01] (Microsoft Corporation)
Task: {87472D2E-E6CB-4AD2-BE11-1E4E84C449C4} - System32\Tasks\{D5D7DCED-9292-4141-949D-3B5D685105A3} => pcalua.exe -a C:\Users\Mors\Downloads\DTLite10202Installer.exe -d C:\Users\Mors\Downloads
Task: {A068E979-3559-4F7A-98C4-C88782B2A3B7} - System32\Tasks\DropboxUpdateTaskMachineUA => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2016-02-05] (Dropbox, Inc.)
Task: {A7934EF4-C58D-4036-9AE0-B0A2FE4285CC} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-04-22] (Adobe Systems Incorporated)
Task: {A7C76F6C-16C5-49B5-8F61-DAB4A4A30CC5} - System32\Tasks\Microsoft\Windows\Media Center\SqlLiteRecoveryTask => C:\Windows\ehome\mcupdate.exe
Task: {AC1418DB-EE2D-494B-B0B4-C0F5678C2028} - System32\Tasks\Microsoft\Windows\Media Center\PvrRecoveryTask => C:\Windows\ehome\mcupdate.exe
Task: {B151E451-5BB5-403C-88C5-EFE1D601C9C2} - System32\Tasks\DropboxUpdateTaskMachineCore => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2016-02-05] (Dropbox, Inc.)
Task: {BFDF9687-498D-423A-BA2C-7D724709252D} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW2 => C:\Windows\ehome\ehPrivJob.exe
Task: {D17338D5-5A4D-43E9-BB17-41488A2B8C82} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2016-05-01] (Microsoft Corporation)
Task: {D3BD488D-56E9-4C75-BDFA-952C0CDC0B10} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-02-04] (Google Inc.)
Task: {DB800F0A-31C0-4E51-A903-F3A90375951A} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate => C:\Windows\ehome\mcupdate.exe
Task: {DC89EF01-2D78-4AD6-B113-5BE7A8AA4830} - System32\Tasks\Microsoft\Windows\Media Center\RegisterSearch => C:\Windows\ehome\ehPrivJob.exe
Task: {E057A403-CFAD-46F0-93E9-5E5AC4C9AF00} - System32\Tasks\Microsoft\Windows\Media Center\ActivateWindowsSearch => C:\Windows\ehome\ehPrivJob.exe
Task: {E117C151-483D-40F1-A681-CF89F1DB4FE3} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2016-05-01] (Microsoft Corporation)
Task: {E38307AB-F9BA-4A04-BF94-8B84FF43A37F} - System32\Tasks\Microsoft\Windows\Media Center\ehDRMInit => C:\Windows\ehome\ehPrivJob.exe
Task: {F378E5E5-7B8A-471D-99E9-0012CF98DD0D} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe [2016-05-01] (Microsoft Corporation)
Task: {F3C89F2D-7615-42A8-BF62-C4B1F0E32F7B} - System32\Tasks\Microsoft\Windows\Media Center\RecordingRestart => C:\Windows\ehome\ehrec.exe
Task: {F490D104-EE84-45C0-985A-E7BEC0A380D0} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-02-04] (Google Inc.)
Task: {F53A6B8B-8A72-48E1-AA46-76A799D0BDBB} - System32\Tasks\Microsoft\Windows\Media Center\PvrScheduleTask => C:\Windows\ehome\mcupdate.exe
Task: {F7418D4D-9B36-4644-BF58-5DACDB6AE509} - System32\Tasks\Microsoft\Windows\Media Center\ReindexSearchRoot => C:\Windows\ehome\ehPrivJob.exe

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Aufgabe verschoben. Die Datei, die durch die Aufgabe gestartet wird, wird nicht verschoben.)

Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineCore.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineUA.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\Uninstaller_SkipUac_Mors.job => C:\Program Files (x86)\IObit\IObit Uninstaller\IObitUninstaler.exe

==================== Verknüpfungen =============================

(Die Einträge können gelistet werden, um sie zurückzusetzen oder zu entfernen.)

==================== Geladene Module (Nicht auf der Ausnahmeliste) ==============

2015-10-30 09:18 - 2015-10-30 09:18 - 00185856 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll
2016-03-18 12:16 - 2016-03-22 04:37 - 00133056 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2016-03-18 23:56 - 2016-03-18 23:56 - 00092472 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2016-04-22 01:07 - 2016-04-22 01:07 - 01337144 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2016-05-20 21:04 - 2016-05-01 04:52 - 00171712 _____ () C:\Program Files\Common Files\Microsoft Shared\ClickToRun\ApiClient.dll
2016-02-05 02:55 - 2016-01-23 04:55 - 00291264 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamBase.dll
2016-04-13 18:57 - 2016-03-29 12:20 - 02656952 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
2016-04-13 18:57 - 2016-03-29 12:20 - 02656952 _____ () C:\WINDOWS\System32\CoreUIComponents.dll
2016-05-24 14:39 - 2016-05-24 14:39 - 00959168 _____ () C:\Users\Mors\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\amd64\ClientTelemetry.dll
2016-04-19 10:54 - 2016-04-19 10:54 - 00144384 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkypeHost.exe
2016-03-18 12:07 - 2016-03-18 12:07 - 00093696 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\Windows.UI.Shell.SharedUtilities.dll
2016-05-11 14:38 - 2016-04-23 06:25 - 00472064 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\QuickActions.dll
2016-05-11 14:39 - 2016-04-23 06:02 - 07992832 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2016-05-11 14:39 - 2016-04-23 05:58 - 00591360 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2016-05-11 14:39 - 2016-04-23 05:58 - 02483200 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2016-05-11 14:39 - 2016-04-23 06:01 - 04089856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2011-02-24 20:07 - 2011-02-24 20:07 - 00470120 _____ () C:\Program Files (x86)\Acronis\DriveMonitor\adm_tray.exe
2012-09-13 00:38 - 2012-09-13 00:38 - 00264040 _____ () C:\Program Files (x86)\Logitech\LWS\Webcam Software\CameraHelperShell.exe
2016-05-08 10:41 - 2016-05-08 10:41 - 10256384 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsStore_11602.1.26.0_x64__8wekyb3d8bbwe\WinStore.Entertainment.Mobile.dll
2016-02-04 19:12 - 2014-10-16 11:26 - 00622880 _____ () C:\Program Files (x86)\IObit\LiveUpdate\ProductStatistics.dll
2016-03-31 23:34 - 2016-03-29 00:06 - 00110952 _____ () C:\Program Files (x86)\Common Files\DVDVideoSoft\lib\zlib1.dll
2016-03-31 23:34 - 2016-03-29 00:06 - 00253800 _____ () C:\Program Files (x86)\Common Files\DVDVideoSoft\lib\collector.dll
2016-03-31 23:34 - 2016-03-29 00:06 - 00295272 _____ () C:\Program Files (x86)\Common Files\DVDVideoSoft\lib\stat.dll
2016-03-31 23:34 - 2016-03-29 00:06 - 00104296 _____ () C:\Program Files (x86)\Common Files\DVDVideoSoft\lib\boost_filesystem-vc120-mt-1_56.dll
2016-03-31 23:34 - 2016-03-29 00:06 - 00020328 _____ () C:\Program Files (x86)\Common Files\DVDVideoSoft\lib\boost_system-vc120-mt-1_56.dll
2016-03-31 23:34 - 2016-03-29 00:06 - 00044392 _____ () C:\Program Files (x86)\Common Files\DVDVideoSoft\lib\boost_date_time-vc120-mt-1_56.dll
2016-04-19 10:54 - 2016-04-19 10:54 - 00141312 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkypeBackgroundTasks.dll
2016-04-19 10:54 - 2016-04-19 10:54 - 22284800 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkyWrap.dll
2016-02-05 02:55 - 2016-01-23 04:55 - 00018880 _____ () C:\Program Files (x86)\NVIDIA Corporation\Update Core\detoured.dll
2016-02-04 19:19 - 2015-12-23 19:32 - 00355616 _____ () C:\Program Files (x86)\IObit\Advanced SystemCare\madExcept_.bpl
2016-02-04 19:19 - 2015-12-23 19:32 - 00190240 _____ () C:\Program Files (x86)\IObit\Advanced SystemCare\madBasic_.bpl
2016-02-04 19:19 - 2015-12-23 19:32 - 00057632 _____ () C:\Program Files (x86)\IObit\Advanced SystemCare\madDisAsm_.bpl
2016-05-24 14:39 - 2016-05-24 14:39 - 00679624 _____ () C:\Users\Mors\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\ClientTelemetry.dll
2016-05-11 19:36 - 2016-04-19 21:47 - 00034768 _____ () C:\Program Files (x86)\Dropbox\Client\_multiprocessing.pyd
2016-05-11 19:36 - 2016-04-19 21:48 - 00019408 _____ () C:\Program Files (x86)\Dropbox\Client\faulthandler.pyd
2016-05-11 19:36 - 2016-04-19 21:47 - 00116688 _____ () C:\Program Files (x86)\Dropbox\Client\pywintypes27.dll
2016-05-11 19:36 - 2016-04-19 21:47 - 00093640 _____ () C:\Program Files (x86)\Dropbox\Client\_ctypes.pyd
2016-05-11 19:36 - 2016-04-19 21:47 - 00018376 _____ () C:\Program Files (x86)\Dropbox\Client\select.pyd
2016-05-11 19:36 - 2016-05-07 00:35 - 00019760 _____ () C:\Program Files (x86)\Dropbox\Client\tornado.speedups.pyd
2016-05-11 19:36 - 2016-04-19 21:49 - 00105928 _____ () C:\Program Files (x86)\Dropbox\Client\win32api.pyd
2016-05-11 19:36 - 2016-04-19 21:47 - 00392144 _____ () C:\Program Files (x86)\Dropbox\Client\pythoncom27.dll
2016-05-11 19:36 - 2016-05-07 00:35 - 00381752 _____ () C:\Program Files (x86)\Dropbox\Client\win32com.shell.shell.pyd
2016-05-11 19:36 - 2016-04-19 21:47 - 00692688 _____ () C:\Program Files (x86)\Dropbox\Client\unicodedata.pyd
2016-05-11 19:36 - 2016-05-07 00:34 - 00020816 _____ () C:\Program Files (x86)\Dropbox\Client\cryptography.hazmat.bindings._constant_time.pyd
2016-05-11 19:36 - 2016-04-19 21:48 - 00121296 _____ () C:\Program Files (x86)\Dropbox\Client\_cffi_backend.pyd
2016-05-11 19:36 - 2016-05-07 00:34 - 01682760 _____ () C:\Program Files (x86)\Dropbox\Client\cryptography.hazmat.bindings._openssl.pyd
2016-05-11 19:36 - 2016-05-07 00:34 - 00020808 _____ () C:\Program Files (x86)\Dropbox\Client\cryptography.hazmat.bindings._padding.pyd
2016-05-11 19:36 - 2016-05-07 00:35 - 00021840 _____ () C:\Program Files (x86)\Dropbox\Client\_cffi_unicode_environ_win32_x8bf8e68bx9968e850.pyd
2016-05-11 19:36 - 2016-05-07 00:34 - 00038696 _____ () C:\Program Files (x86)\Dropbox\Client\fastpath.pyd
2016-05-11 19:36 - 2016-04-19 21:49 - 00020936 _____ () C:\Program Files (x86)\Dropbox\Client\mmapfile.pyd
2016-05-11 19:36 - 2016-04-19 21:49 - 00024528 _____ () C:\Program Files (x86)\Dropbox\Client\win32event.pyd
2016-05-11 19:36 - 2016-04-19 21:49 - 00114640 _____ () C:\Program Files (x86)\Dropbox\Client\win32security.pyd
2016-05-11 19:36 - 2016-04-19 21:49 - 00124880 _____ () C:\Program Files (x86)\Dropbox\Client\win32file.pyd
2016-05-11 19:36 - 2016-05-07 00:35 - 00021832 _____ () C:\Program Files (x86)\Dropbox\Client\_cffi_pywin_kernel32_x64d8f881xc8c369be.pyd
2016-05-11 19:36 - 2016-04-19 21:49 - 00024016 _____ () C:\Program Files (x86)\Dropbox\Client\win32clipboard.pyd
2016-05-11 19:36 - 2016-04-19 21:49 - 00175560 _____ () C:\Program Files (x86)\Dropbox\Client\win32gui.pyd
2016-05-11 19:36 - 2016-04-19 21:49 - 00030160 _____ () C:\Program Files (x86)\Dropbox\Client\win32pipe.pyd
2016-05-11 19:36 - 2016-04-19 21:49 - 00043472 _____ () C:\Program Files (x86)\Dropbox\Client\win32process.pyd
2016-05-11 19:36 - 2016-04-19 21:49 - 00028616 _____ () C:\Program Files (x86)\Dropbox\Client\win32ts.pyd
2016-05-11 19:36 - 2016-04-19 21:49 - 00048592 _____ () C:\Program Files (x86)\Dropbox\Client\win32service.pyd
2016-05-11 19:36 - 2016-05-07 00:34 - 00026456 _____ () C:\Program Files (x86)\Dropbox\Client\dropbox.infinite.win.compiled._driverinstallation.pyd
2016-05-11 19:36 - 2016-04-19 21:49 - 00057808 _____ () C:\Program Files (x86)\Dropbox\Client\win32evtlog.pyd
2016-05-11 19:36 - 2016-04-19 21:49 - 00024016 _____ () C:\Program Files (x86)\Dropbox\Client\win32profile.pyd
2016-05-11 19:36 - 2016-05-07 00:34 - 00117056 _____ () C:\Program Files (x86)\Dropbox\Client\breakpad.client.windows.handler.pyd
2016-05-11 19:36 - 2016-05-07 00:34 - 00052024 _____ () C:\Program Files (x86)\Dropbox\Client\psutil._psutil_windows.pyd
2016-05-11 19:36 - 2016-04-19 21:47 - 00134608 _____ () C:\Program Files (x86)\Dropbox\Client\_elementtree.pyd
2016-05-11 19:36 - 2016-04-19 21:47 - 00134088 _____ () C:\Program Files (x86)\Dropbox\Client\pyexpat.pyd
2016-05-11 19:36 - 2016-04-19 21:48 - 00240584 _____ () C:\Program Files (x86)\Dropbox\Client\jpegtran.pyd
2016-05-11 19:36 - 2016-05-07 00:35 - 00020800 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.iphlpapi._winffi_iphlpapi.pyd
2016-05-11 19:36 - 2016-05-07 00:35 - 00021824 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.kernel32._winffi_kernel32.pyd
2016-05-11 19:36 - 2016-05-07 00:35 - 00019776 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.winerror._winffi_winerror.pyd
2016-05-11 19:36 - 2016-05-07 00:35 - 00020800 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.wininet._winffi_wininet.pyd
2016-05-11 19:36 - 2016-05-07 00:34 - 00024392 _____ () C:\Program Files (x86)\Dropbox\Client\librsyncffi.compiled._librsyncffi.pyd
2016-05-11 19:36 - 2016-04-19 21:50 - 00036296 _____ () C:\Program Files (x86)\Dropbox\Client\librsync.dll
2016-05-11 19:36 - 2016-05-07 00:34 - 00020280 _____ () C:\Program Files (x86)\Dropbox\Client\cpuid.compiled._cpuid.pyd
2016-05-11 19:36 - 2016-05-07 00:35 - 00023376 _____ () C:\Program Files (x86)\Dropbox\Client\winscreenshot.compiled._CaptureScreenshot.pyd
2016-05-11 19:36 - 2016-04-19 21:49 - 00350152 _____ () C:\Program Files (x86)\Dropbox\Client\winxpgui.pyd
2016-05-11 19:36 - 2016-05-07 00:35 - 00022352 _____ () C:\Program Files (x86)\Dropbox\Client\winverifysignature.compiled._VerifySignature.pyd
2016-05-11 19:36 - 2016-05-07 00:34 - 00031568 _____ () C:\Program Files (x86)\Dropbox\Client\enterprise_data.compiled._enterprise_data.pyd
2016-05-11 19:36 - 2016-03-12 02:46 - 00293392 _____ () C:\Program Files (x86)\Dropbox\Client\EnterpriseDataAdapter.dll
2016-05-11 19:36 - 2016-05-07 00:34 - 00084280 _____ () C:\Program Files (x86)\Dropbox\Client\dropbox_sqlite_ext.DLL
2016-05-11 19:36 - 2016-05-07 00:34 - 01826096 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtCore.pyd
2016-05-11 19:36 - 2016-04-19 21:48 - 00083912 _____ () C:\Program Files (x86)\Dropbox\Client\sip.pyd
2016-05-11 19:36 - 2016-05-07 00:35 - 03928880 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWidgets.pyd
2016-05-11 19:36 - 2016-05-07 00:34 - 01971504 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtGui.pyd
2016-05-11 19:36 - 2016-05-07 00:34 - 00531248 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtNetwork.pyd
2016-05-11 19:36 - 2016-05-07 00:35 - 00132912 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebKit.pyd
2016-05-11 19:36 - 2016-05-07 00:35 - 00223544 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebKitWidgets.pyd
2016-05-11 19:36 - 2016-05-07 00:34 - 00207672 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtPrintSupport.pyd
2016-05-11 19:36 - 2016-04-19 21:49 - 00060880 _____ () C:\Program Files (x86)\Dropbox\Client\win32print.pyd
2016-05-11 19:36 - 2016-05-07 00:35 - 00025928 _____ () C:\Program Files (x86)\Dropbox\Client\windisplaytoast.compiled._DisplayToast.pyd
2016-05-11 19:36 - 2016-05-07 00:35 - 00024904 _____ () C:\Program Files (x86)\Dropbox\Client\_cffi_wpad_proxy_win_x752e3d61xdcfdcc84.pyd
2016-05-11 19:36 - 2016-05-07 00:35 - 00546096 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtQuick.pyd
2016-05-11 19:36 - 2016-05-07 00:35 - 00357680 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtQml.pyd
2011-02-24 19:39 - 2011-02-24 19:39 - 00012128 _____ () C:\Program Files (x86)\Common Files\Acronis\DriveMonitor\Common\icudt38.dll
2012-09-13 00:38 - 2012-09-13 00:38 - 02144104 _____ () C:\Program Files (x86)\Logitech\LWS\Webcam Software\QtCore4.dll
2012-09-13 00:38 - 2012-09-13 00:38 - 07955304 _____ () C:\Program Files (x86)\Logitech\LWS\Webcam Software\QtGui4.dll
2012-09-13 00:38 - 2012-09-13 00:38 - 00341352 _____ () C:\Program Files (x86)\Logitech\LWS\Webcam Software\QtXml4.dll
2012-09-13 00:38 - 2012-09-13 00:38 - 00028008 _____ () C:\Program Files (x86)\Logitech\LWS\Webcam Software\imageformats\QGif4.dll
2012-09-13 00:38 - 2012-09-13 00:38 - 00127336 _____ () C:\Program Files (x86)\Logitech\LWS\Webcam Software\imageformats\QJpeg4.dll
2012-09-13 00:39 - 2012-09-13 00:39 - 00336232 _____ () C:\Program Files (x86)\Common Files\logishrd\LWSPlugins\LWS\Applets\CameraHelper\DevManagerCore.dll
2016-02-04 19:19 - 2015-12-23 19:32 - 00355616 _____ () C:\Program Files (x86)\IObit\IObit Uninstaller\madExcept_.bpl
2016-02-04 19:19 - 2015-12-23 19:32 - 00190240 _____ () C:\Program Files (x86)\IObit\IObit Uninstaller\madBasic_.bpl
2016-02-04 19:19 - 2015-12-23 19:32 - 00057632 _____ () C:\Program Files (x86)\IObit\IObit Uninstaller\madDisAsm_.bpl
2016-05-13 00:36 - 2016-05-11 13:48 - 01738904 _____ () C:\Program Files (x86)\Google\Chrome\Application\50.0.2661.102\libglesv2.dll
2016-05-13 00:36 - 2016-05-11 13:48 - 00086168 _____ () C:\Program Files (x86)\Google\Chrome\Application\50.0.2661.102\libegl.dll
2011-02-24 20:05 - 2011-02-24 20:05 - 03518032 _____ () C:\Program Files (x86)\Acronis\DriveMonitor\adm.exe
2011-02-24 20:05 - 2011-02-24 20:05 - 00638064 _____ () C:\Program Files (x86)\Acronis\DriveMonitor\x_adm_driver.dll
2011-02-24 19:39 - 2011-02-24 19:39 - 00018272 _____ () C:\Program Files (x86)\Acronis\DriveMonitor\log_trace.dll

==================== Alternate Data Streams (Nicht auf der Ausnahmeliste) =========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird nur der ADS entfernt.)

AlternateDataStreams: C:\ProgramData\TEMP:8927A071 [382]

==================== Abgesicherter Modus (Nicht auf der Ausnahmeliste) ===================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Der Wert "AlternateShell" wird wiederhergestellt.)


==================== Verknüpfungen (Nicht auf der Ausnahmeliste) ===============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt.)


==================== Internet Explorer Vertrauenswürdig/Eingeschränkt ===============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt.)

IE trusted site: HKU\S-1-5-21-211363319-1696189197-2757610549-1000\...\sharepoint.com -> hxxps://ruhrunibochumde-files.sharepoint.com
IE restricted site: HKU\S-1-5-21-211363319-1696189197-2757610549-1000\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-211363319-1696189197-2757610549-1000\...\008k.com -> 008k.com
IE restricted site: HKU\S-1-5-21-211363319-1696189197-2757610549-1000\...\00hq.com -> 00hq.com
IE restricted site: HKU\S-1-5-21-211363319-1696189197-2757610549-1000\...\0190-dialers.com -> 0190-dialers.com
IE restricted site: HKU\S-1-5-21-211363319-1696189197-2757610549-1000\...\01i.info -> 01i.info
IE restricted site: HKU\S-1-5-21-211363319-1696189197-2757610549-1000\...\02pmnzy5eo29bfk4.com -> 02pmnzy5eo29bfk4.com
IE restricted site: HKU\S-1-5-21-211363319-1696189197-2757610549-1000\...\05p.com -> 05p.com
IE restricted site: HKU\S-1-5-21-211363319-1696189197-2757610549-1000\...\07ic5do2myz3vzpk.com -> 07ic5do2myz3vzpk.com
IE restricted site: HKU\S-1-5-21-211363319-1696189197-2757610549-1000\...\08nigbmwk43i01y6.com -> 08nigbmwk43i01y6.com
IE restricted site: HKU\S-1-5-21-211363319-1696189197-2757610549-1000\...\093qpeuqpmz6ebfa.com -> 093qpeuqpmz6ebfa.com
IE restricted site: HKU\S-1-5-21-211363319-1696189197-2757610549-1000\...\0calories.net -> 0calories.net
IE restricted site: HKU\S-1-5-21-211363319-1696189197-2757610549-1000\...\0cj.net -> 0cj.net
IE restricted site: HKU\S-1-5-21-211363319-1696189197-2757610549-1000\...\0scan.com -> 0scan.com
IE restricted site: HKU\S-1-5-21-211363319-1696189197-2757610549-1000\...\1-britney-spears-nude.com -> 1-britney-spears-nude.com
IE restricted site: HKU\S-1-5-21-211363319-1696189197-2757610549-1000\...\1-domains-registrations.com -> 1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-211363319-1696189197-2757610549-1000\...\1-se.com -> 1-se.com
IE restricted site: HKU\S-1-5-21-211363319-1696189197-2757610549-1000\...\1001movie.com -> 1001movie.com
IE restricted site: HKU\S-1-5-21-211363319-1696189197-2757610549-1000\...\1001night.biz -> 1001night.biz
IE restricted site: HKU\S-1-5-21-211363319-1696189197-2757610549-1000\...\100gal.net -> 100gal.net
IE restricted site: HKU\S-1-5-21-211363319-1696189197-2757610549-1000\...\100sexlinks.com -> 100sexlinks.com

Da befinden sich 4788 mehr Seiten.


==================== Hosts Inhalt: ===============================

(Wenn benötigt kann der Hosts: Schalter in die Fixlist aufgenommen werden um die Hosts Datei zurückzusetzen.)

2009-07-14 04:34 - 2009-06-10 23:00 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts


==================== Andere Bereiche ============================

(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)

HKU\S-1-5-21-211363319-1696189197-2757610549-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Mors\Desktop\Kramzeugs\Avatare, Banner und Wallpaper\GW2Desktop.jpg
DNS Servers: 192.168.2.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall ist aktiviert.

==================== MSCONFIG/TASK MANAGER Deaktivierte Einträge ==

(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)

HKLM\...\StartupApproved\StartupFolder: => "cv act sc interface RegisterTool.lnk"
HKLM\...\StartupApproved\Run: => "iTunesHelper"
HKU\S-1-5-21-211363319-1696189197-2757610549-1000\...\StartupApproved\Run: => "Advanced SystemCare 9"
HKU\S-1-5-21-211363319-1696189197-2757610549-1000\...\StartupApproved\Run: => "Skype"
HKU\S-1-5-21-211363319-1696189197-2757610549-1000\...\StartupApproved\Run: => "Steam"

==================== Firewall Regeln (Nicht auf der Ausnahmeliste) ===============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{CFEB07B6-3BF9-4E48-A10B-818B1AFBD124}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Darksiders\DarksidersPC.exe
FirewallRules: [{257E71E5-3A67-4DFB-9BCB-CC82E31A9913}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Darksiders\DarksidersPC.exe
FirewallRules: [{DB94974D-AC31-4077-86F7-CE83690D79E2}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\The Binding Of Isaac\Isaac.exe
FirewallRules: [{3B98F525-0EAE-4664-A162-EEB74AA8ED6B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\The Binding Of Isaac\Isaac.exe
FirewallRules: [{1ACDE481-3639-4FE3-9A8C-B4048A631918}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{1046BC1D-94BC-4558-A6D8-DE7E145D82E5}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{18602EB8-F16F-49ED-A1E5-42D37976C33E}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{1F517E94-3A71-4E1C-A41C-7143937C408D}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{E247B60F-775F-4453-BF8E-D87D0A6D3941}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe
FirewallRules: [{A98F221D-0DA4-4219-A4F5-CF2A5A6D5C8A}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe
FirewallRules: [{B55203C9-5FA2-4A6E-B08A-4A5FF036F60B}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe
FirewallRules: [{24233B4F-387C-4E69-AA04-CA4D20B6E3B5}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe
FirewallRules: [{D10D789A-1DA4-419B-81B9-63E81EACDA37}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\outlook.exe
FirewallRules: [{DCA76117-B6CE-40AD-B129-A7F5A05E60DD}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{F9B3CC18-43D6-4A24-8A66-0B36DBE80CAE}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{11C0FBED-AFEB-4B63-AB8A-9095B2490E44}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
FirewallRules: [{1827961C-8D08-4B8C-B6EA-3799B6C9C242}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [{72DE6A4A-FBC3-49B5-8F04-A1E4BC2B1281}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [{CEDC1EB5-E5AE-4A53-A179-58EE50094EEF}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{99835110-F91E-4BA8-BC96-88A84EB78F19}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{99A041BC-AAD3-4B13-87CA-FDC829DD2DBD}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{5274E22F-8BAE-4049-B760-1A46199BBCBF}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{AFC7F434-2616-4278-8789-1543DDC7760F}] => (Allow) C:\Users\Mors\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [{CDBE08E4-7DF5-4288-94D8-EED891D205CB}] => (Allow) C:\Users\Mors\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [{95E99B5C-4475-4C4A-B3BB-1EE4C8C07261}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{AF902F9A-3543-4FE5-9B03-787822D1CDD9}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{4277D694-83C1-420E-AC02-F34A6580646E}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{9414CDFF-BF28-46D7-89E7-EF7EA792A7D6}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{C127A472-F592-4C96-911B-4BBF2BCB212D}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{9D081DCC-4616-4C27-93E2-EAD105DB6024}] => (Allow) C:\Program Files (x86)\IObit\Driver Booster\AutoUpdate.exe
FirewallRules: [{3AC04A85-225B-450B-9162-B8DD46B1FA89}] => (Allow) C:\Program Files (x86)\IObit\Driver Booster\AutoUpdate.exe
FirewallRules: [{B9972142-8CC5-4007-8C19-6E0D8DCA73B0}] => (Allow) C:\Program Files (x86)\IObit\Driver Booster\DBDownloader.exe
FirewallRules: [{F6BE067E-85AA-4E8C-BB38-4CE1D8344432}] => (Allow) C:\Program Files (x86)\IObit\Driver Booster\DBDownloader.exe
FirewallRules: [{6B77CD2E-5A20-4008-8F05-4BD05BB06169}] => (Allow) C:\Program Files (x86)\IObit\Driver Booster\DriverBooster.exe
FirewallRules: [{14C810DC-4C07-495F-9389-D2F059F42811}] => (Allow) C:\Program Files (x86)\IObit\Driver Booster\DriverBooster.exe
FirewallRules: [{028E73D9-BACA-4FF8-AD84-6BDF49596775}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Darksiders 2\Darksiders2.exe
FirewallRules: [{7A6DEF31-6B27-4AC4-87E8-075B9B5544F7}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Darksiders 2\Darksiders2.exe
FirewallRules: [{1334734A-CB95-4766-AD73-A7D898E5E8B7}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{F951EE50-FD3F-4C66-9DA3-182171FA58D5}] => (Allow) LPort=2869
FirewallRules: [{2EED8ED4-5579-42EF-9CA8-D2764D99D282}] => (Allow) LPort=1900
FirewallRules: [{F0788408-0C6B-4698-863B-C291BCBDCCB0}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{7665005C-B384-47BE-A643-701194BAFB57}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{ED658D7E-F996-4F06-A2BE-E6CA026ED603}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{BC099B76-5ADB-4CB8-917D-4385D60AE6CA}] => (Allow) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
FirewallRules: [{3C1B213C-E961-42EA-9056-5F54AC9689D2}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{C5C49B9B-E01F-4DC1-A87F-6693310EEB25}] => (Allow) C:\Program Files\iTunes\iTunes.exe

==================== Wiederherstellungspunkte =========================

21-05-2016 12:35:53 Geplanter Prüfpunkt
30-05-2016 16:32:25 Geplanter Prüfpunkt
02-06-2016 21:53:17 Prüfpunkt von HitmanPro

==================== Fehlerhafte Geräte im Gerätemanager =============

Name: Multimediacontroller
Description: Multimediacontroller
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Multimediacontroller
Description: Multimediacontroller
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Videocontroller für Multimedia
Description: Videocontroller für Multimedia
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.


==================== Fehlereinträge in der Ereignisanzeige: =========================

Applikationsfehler:
==================
Error: (06/02/2016 10:30:57 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: svchost.exe, Version: 10.0.10586.0, Zeitstempel: 0x5632d7ba
Name des fehlerhaften Moduls: ESENT.dll, Version: 10.0.10586.212, Zeitstempel: 0x56fa1686
Ausnahmecode: 0xc0000602
Fehleroffset: 0x000000000022885f
ID des fehlerhaften Prozesses: 0xb5c
Startzeit der fehlerhaften Anwendung: 0xsvchost.exe0
Pfad der fehlerhaften Anwendung: svchost.exe1
Pfad des fehlerhaften Moduls: svchost.exe2
Berichtskennung: svchost.exe3
Vollständiger Name des fehlerhaften Pakets: svchost.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: svchost.exe5

Error: (06/02/2016 10:30:57 PM) (Source: ESENT) (EventID: 908) (User: )
Description: svchost (2908) Der Prozess wird aufgrund eines nicht behebbaren Fehlers beendet: PV: 10.0.10586.0 SV: 10.0.10586.0 GLE: 0 ERR: 0(:0): dllentry.cxx(103) (ESENT[10.0.10586.0] RETAIL RTM MBCS)

Error: (06/02/2016 09:53:27 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Fehler beim Kryptografiedienst während der Verarbeitung des "OnIdentity()"-Aufrufobjekts "System Writer".

Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft-Verbindungsschichterkennungsprotokoll.

System Error:
Zugriff verweigert
.

Error: (06/02/2016 09:53:13 PM) (Source: VSS) (EventID: 8194) (User: )
Description: Volumeschattenkopie-Dienstfehler: Beim Abfragen nach der Schnittstelle "IVssWriterCallback" ist ein unerwarteter Fehler aufgetreten. hr = 0x80070005, Zugriff verweigert
.
Die Ursache hierfür ist oft eine falsche Sicherheitseinstellung im Schreib- oder Anfrageprozess.


Vorgang:
   Generatordaten werden gesammelt

Kontext:
   Generatorklassen-ID: {e8132975-6f93-4464-a53e-1050253ae220}
   Generatorname: System Writer
   Generatorinstanz-ID: {cb7ed548-305b-4b8d-889d-1691b2b01795}

Error: (06/02/2016 09:46:49 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: svchost.exe, Version: 10.0.10586.0, Zeitstempel: 0x5632d7ba
Name des fehlerhaften Moduls: ESENT.dll, Version: 10.0.10586.212, Zeitstempel: 0x56fa1686
Ausnahmecode: 0xc0000602
Fehleroffset: 0x000000000022885f
ID des fehlerhaften Prozesses: 0xa68
Startzeit der fehlerhaften Anwendung: 0xsvchost.exe0
Pfad der fehlerhaften Anwendung: svchost.exe1
Pfad des fehlerhaften Moduls: svchost.exe2
Berichtskennung: svchost.exe3
Vollständiger Name des fehlerhaften Pakets: svchost.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: svchost.exe5

Error: (06/02/2016 09:46:49 PM) (Source: ESENT) (EventID: 908) (User: )
Description: svchost (2664) Der Prozess wird aufgrund eines nicht behebbaren Fehlers beendet: PV: 10.0.10586.0 SV: 10.0.10586.0 GLE: 0 ERR: -1603(fucb.cxx:359): dllentry.cxx(103) (ESENT[10.0.10586.0] RETAIL RTM MBCS)

Error: (06/02/2016 04:20:00 PM) (Source: Office 2016 Licensing Service) (EventID: 0) (User: )
Description: Subscription licensing service failed: -1073418220

Error: (06/01/2016 11:46:29 AM) (Source: Office 2016 Licensing Service) (EventID: 0) (User: )
Description: Subscription licensing service failed: -1073418220

Error: (05/31/2016 01:10:45 PM) (Source: Office 2016 Licensing Service) (EventID: 0) (User: )
Description: Subscription licensing service failed: -1073418220

Error: (05/30/2016 04:32:36 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Fehler beim Kryptografiedienst während der Verarbeitung des "OnIdentity()"-Aufrufobjekts "System Writer".

Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft-Verbindungsschichterkennungsprotokoll.

System Error:
Zugriff verweigert
.


Systemfehler:
=============
Error: (06/02/2016 10:31:50 PM) (Source: NETLOGON) (EventID: 3095) (User: )
Description: Dieser Computer ist als Mitglied einer Arbeitsgruppe konfiguriert, nicht als
Mitglied einer Domäne. Der Anmeldedienst braucht bei dieser
Konfiguration nicht gestartet zu sein.

Error: (06/02/2016 10:30:57 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "StateRepository-Dienst" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 120000 Millisekunden durchgeführt: Neustart des Diensts.

Error: (06/02/2016 10:30:56 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Synchronisierungshost_3fb08" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 10000 Millisekunden durchgeführt: Neustart des Diensts.

Error: (06/02/2016 09:47:33 PM) (Source: NETLOGON) (EventID: 3095) (User: )
Description: Dieser Computer ist als Mitglied einer Arbeitsgruppe konfiguriert, nicht als
Mitglied einer Domäne. Der Anmeldedienst braucht bei dieser
Konfiguration nicht gestartet zu sein.

Error: (06/02/2016 09:46:49 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "StateRepository-Dienst" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 120000 Millisekunden durchgeführt: Neustart des Diensts.

Error: (06/02/2016 09:46:48 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Synchronisierungshost_3e19d" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 10000 Millisekunden durchgeführt: Neustart des Diensts.

Error: (06/02/2016 09:32:00 PM) (Source: NETLOGON) (EventID: 3095) (User: )
Description: Dieser Computer ist als Mitglied einer Arbeitsgruppe konfiguriert, nicht als
Mitglied einer Domäne. Der Anmeldedienst braucht bei dieser
Konfiguration nicht gestartet zu sein.

Error: (06/02/2016 09:31:03 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Synchronisierungshost_ae2f2" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 10000 Millisekunden durchgeführt: Neustart des Diensts.

Error: (06/02/2016 08:55:34 PM) (Source: NETLOGON) (EventID: 3095) (User: )
Description: Dieser Computer ist als Mitglied einer Arbeitsgruppe konfiguriert, nicht als
Mitglied einer Domäne. Der Anmeldedienst braucht bei dieser
Konfiguration nicht gestartet zu sein.

Error: (06/02/2016 08:54:31 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Apple Mobile Device Service" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%1053


CodeIntegrity:
===================================
  Date: 2016-05-29 00:56:16.335
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

  Date: 2016-05-20 21:08:41.736
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

  Date: 2016-05-20 20:57:52.376
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

  Date: 2016-05-13 11:33:23.196
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

  Date: 2016-05-12 14:30:35.295
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

  Date: 2016-04-28 16:14:43.577
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

  Date: 2016-04-20 13:08:23.635
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

  Date: 2016-04-15 15:20:39.078
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

  Date: 2016-04-15 09:54:02.790
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

  Date: 2016-04-14 01:18:31.200
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.


==================== Speicherinformationen =========================== 

Prozessor: Intel(R) Core(TM) i5-2500K CPU @ 3.30GHz
Prozentuale Nutzung des RAM: 17%
Installierter physikalischer RAM: 16355.32 MB
Verfügbarer physikalischer RAM: 13487.54 MB
Summe virtueller Speicher: 32739.32 MB
Verfügbarer virtueller Speicher: 29687.48 MB

==================== Laufwerke ================================

Drive c: () (Fixed) (Total:1862.48 GB) (Free:1744.28 GB) NTFS
Drive d: (Volume) (Fixed) (Total:931.51 GB) (Free:597.3 GB) NTFS ==>[System mit Startkomponenten (eingeholt von Laufwerk)]
Drive f: (Seagate Expansion Drive) (Fixed) (Total:1863.02 GB) (Free:904.96 GB) NTFS
Drive g: (TOSHIBA-MIN) (Fixed) (Total:111.76 GB) (Free:84.29 GB) FAT32

==================== MBR & Partitionstabelle ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 1863 GB) (Disk ID: DBE1EC3C)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=1862.5 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=450 MB) - (Type=27)

========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 0005D46D)
Partition 1: (Active) - (Size=931.5 GB) - (Type=07 NTFS)

========================================================
Disk: 2 (Size: 1863 GB) (Disk ID: 7B4EFDC8)
Partition 1: (Not Active) - (Size=1863 GB) - (Type=07 NTFS)

========================================================
Disk: 3 (Size: 111.8 GB) (Disk ID: 3E1ED0E5)
Partition 1: (Not Active) - (Size=111.8 GB) - (Type=0C)

==================== Ende von Addition.txt ============================
         

Antwort

Themen zu Verdacht auf Keylogger o.ä. - Vorgang?
anderen, besten, deinstallation, einfach, eingefangen, einloggen, frage, geändert, installation, internet, keylogger, klick, kontaktiert, konto, malware, namen, nichts, rechner, schnell, schutz, verdacht, verlauf, warum, wichtig, wirklich, Überweisung, ändern



Ähnliche Themen: Verdacht auf Keylogger o.ä. - Vorgang?


  1. Verdacht auf KeyLogger
    Plagegeister aller Art und deren Bekämpfung - 12.01.2015 (14)
  2. Windows 7: Verdacht auf Keylogger
    Log-Analyse und Auswertung - 22.06.2014 (16)
  3. Verdacht auf Keylogger
    Log-Analyse und Auswertung - 28.05.2014 (5)
  4. Verdacht auf Keylogger
    Log-Analyse und Auswertung - 03.03.2014 (9)
  5. Verdacht auf keylogger
    Plagegeister aller Art und deren Bekämpfung - 06.10.2012 (17)
  6. Verdacht auf Keylogger
    Log-Analyse und Auswertung - 19.09.2011 (1)
  7. Verdacht auf Keylogger
    Log-Analyse und Auswertung - 07.05.2011 (16)
  8. Verdacht auf Keylogger
    Log-Analyse und Auswertung - 18.02.2011 (4)
  9. Verdacht auf KeyLogger
    Log-Analyse und Auswertung - 21.02.2010 (2)
  10. Verdacht auf Keylogger
    Log-Analyse und Auswertung - 02.01.2010 (4)
  11. Verdacht auf Keylogger
    Log-Analyse und Auswertung - 11.12.2009 (1)
  12. Keylogger Verdacht!
    Plagegeister aller Art und deren Bekämpfung - 15.09.2009 (6)
  13. Verdacht auf Trojaner/Keylogger
    Plagegeister aller Art und deren Bekämpfung - 26.05.2009 (0)
  14. Hab nen verdacht auf nen Keylogger
    Mülltonne - 04.09.2008 (0)
  15. Verdacht auf Keylogger
    Log-Analyse und Auswertung - 10.08.2008 (1)
  16. Verdacht auf keylogger!
    Log-Analyse und Auswertung - 01.11.2007 (11)
  17. verdacht auf keylogger!
    Log-Analyse und Auswertung - 23.10.2007 (7)

Zum Thema Verdacht auf Keylogger o.ä. - Vorgang? - Grüß Gott, gestern Abend habe ich mir die Trial-Version des Programms "All in One Keylogger" von relytec.com runtergeladen. Ich versprach mir davon in erster Linie Schutz für meine Tochter, die - Verdacht auf Keylogger o.ä. - Vorgang?...
Archiv
Du betrachtest: Verdacht auf Keylogger o.ä. - Vorgang? auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.