|
Log-Analyse und Auswertung: Windows 8.1 64bit - Browser spuckt mir eine IP aus Chile ausWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
11.08.2015, 20:18 | #1 |
| Windows 8.1 64bit - Browser spuckt mir eine IP aus Chile aus Guten Tag, vorhin hatte sich meine Geschwindigkeit beim surfen rapide verlangsamt. Ich bekam im Browser eine IPv4 Meldung von Google, welches auf "viele Zugriffe" aus dem Netz hinweisen wollte. Als IP bekam ich angezeigt: 190.151.10.226 Laut Internet soll das wohl ein Bot sein? Zur Info: ESET Smart Security 8 + MBAM Premium aktiv. Gruß Chris Siehe Logs: Code:
ATTFilter defogger_disable by jpshortstuff (23.02.10.1) Log created at 20:51 on 11/08/2015 (Christian) Checking for autostart values... HKCU\~\Run values retrieved. HKLM\~\Run values retrieved. Checking for services/drivers... -=E.O.F=- Code:
ATTFilter GMER 2.1.19357 - hxxp://www.gmer.net Rootkit scan 2015-08-11 21:10:53 Windows 6.2.9200 x64 \Device\Harddisk1\DR1 -> \Device\00000025 M4-CT256M4SSD2 rev.070H 238,47GB Running: Gmer-19357.exe; Driver: C:\Users\CHRIST~1\AppData\Local\Temp\fwryipow.sys ---- User code sections - GMER 2.1 ---- .text C:\Windows\System\HsMgr64.exe[5900] C:\Windows\SYSTEM32\combase.dll!CoCreateInstance 00007ff87bb4d050 7 bytes JMP 00007ff97b9800d8 .text C:\Windows\System\HsMgr64.exe[5900] C:\Windows\SYSTEM32\combase.dll!CoCreateInstanceEx 00007ff87bb71340 7 bytes JMP 00007ff97b980110 .text C:\Windows\System\HsMgr64.exe[5900] C:\Windows\SYSTEM32\DSOUND.dll!DirectSoundCreate8 00007ff8604cc7c0 5 bytes JMP 00007ff87b980180 .text C:\Windows\System\HsMgr64.exe[5900] C:\Windows\SYSTEM32\DSOUND.dll!DirectSoundCaptureCreate8 00007ff8604d0b50 7 bytes JMP 00007ff87b9805a8 .text C:\Windows\System\HsMgr64.exe[5900] C:\Windows\SYSTEM32\DSOUND.dll!DirectSoundCaptureCreate 00007ff8604e7f30 7 bytes JMP 00007ff87b980570 .text C:\Windows\System\HsMgr64.exe[5900] C:\Windows\SYSTEM32\DSOUND.dll!DirectSoundCreate 00007ff8604e8050 7 bytes JMP 00007ff87b980148 .text C:\Windows\System\HsMgr64.exe[5900] C:\Windows\SYSTEM32\DSOUND.dll!DirectSoundFullDuplexCreate 00007ff8604e8170 5 bytes JMP 00007ff87b9805e0 ---- Threads - GMER 2.1 ---- Thread C:\Windows\system32\csrss.exe [632:656] fffff960009ad2d0 ---- Processes - GMER 2.1 ---- Process C:\Users\Christian\AppData\Roaming\Dropbox\bin\Dropbox.exe (*** suspicious ***) @ C:\Users\Christian\AppData\Roaming\Dropbox\bin\Dropbox.exe [6912] (FILE NOT FOUND) 0000000001220000 Library c:\users\christ~1\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpej5y3l.dll (*** suspicious ***) @ C:\Users\Christian\AppData\Roaming\Dropbox\bin\Dropbox.exe [6912](2015-08-11 18:37:44) 000000005a600000 Library C:\Users\Christian\AppData\Roaming\Dropbox\bin\Qt5Core.dll (*** suspicious ***) @ C:\Users\Christian\AppData\Roaming\Dropbox\bin\Dropbox.exe [6912] (C++ application development framework./Digia Plc and/or its subsidiary(-ies))(2015-03-04 21:45:24) 0000000059f30000 Library C:\Users\Christian\AppData\Roaming\Dropbox\bin\icuin55.dll (*** suspicious ***) @ C:\Users\Christian\AppData\Roaming\Dropbox\bin\Dropbox.exe [6912] (ICU I18N DLL/The ICU Project)(2015-07-30 16:36:57) 000000004a900000 Library C:\Users\Christian\AppData\Roaming\Dropbox\bin\icuuc55.dll (*** suspicious ***) @ C:\Users\Christian\AppData\Roaming\Dropbox\bin\Dropbox.exe [6912] (ICU Common DLL/The ICU Project)(2015-07-30 16:36:57) 0000000006210000 Library C:\Users\Christian\AppData\Roaming\Dropbox\bin\icudt55.dll (*** suspicious ***) @ C:\Users\Christian\AppData\Roaming\Dropbox\bin\Dropbox.exe [6912] (ICU Data DLL/The ICU Project)(2015-07-30 16:36:57) 0000000058340000 Library C:\Users\Christian\AppData\Roaming\Dropbox\bin\Qt5Widgets.dll (*** suspicious ***) @ C:\Users\Christian\AppData\Roaming\Dropbox\bin\Dropbox.exe [6912] (C++ application development framework./Digia Plc and/or its subsidiary(-ies))(2015-03-04 21:45:28) 0000000057eb0000 Library C:\Users\Christian\AppData\Roaming\Dropbox\bin\Qt5Gui.dll (*** suspicious ***) @ C:\Users\Christian\AppData\Roaming\Dropbox\bin\Dropbox.exe [6912] (C++ application development framework./Digia Plc and/or its subsidiary(-ies))(2015-03-04 21:45:26) 0000000057a70000 Library C:\Users\Christian\AppData\Roaming\Dropbox\bin\Qt5Network.dll (*** suspicious ***) @ C:\Users\Christian\AppData\Roaming\Dropbox\bin\Dropbox.exe [6912] (C++ application development framework./Digia Plc and/or its subsidiary(-ies))(2015-03-04 21:45:26) 00000000578d0000 Library C:\Users\Christian\AppData\Roaming\Dropbox\bin\Qt5WebKit.dll (*** suspicious ***) @ C:\Users\Christian\AppData\Roaming\Dropbox\bin\Dropbox.exe [6912] (C++ application development framework./Digia Plc and/or its subsidiary(-ies))(2015-03-04 21:45:26) 00000000568b0000 Library C:\Users\Christian\AppData\Roaming\Dropbox\bin\Qt5Quick.dll (*** suspicious ***) @ C:\Users\Christian\AppData\Roaming\Dropbox\bin\Dropbox.exe [6912] (C++ application development framework./Digia Plc and/or its subsidiary(-ies))(2015-03-04 21:45:26) 0000000056660000 Library C:\Users\Christian\AppData\Roaming\Dropbox\bin\Qt5Qml.dll (*** suspicious ***) @ C:\Users\Christian\AppData\Roaming\Dropbox\bin\Dropbox.exe [6912] (C++ application development framework./Digia Plc and/or its subsidiary(-ies))(2015-03-04 21:45:26) 00000000563f0000 Library C:\Users\Christian\AppData\Roaming\Dropbox\bin\Qt5WebChannel.dll (*** suspicious ***) @ C:\Users\Christian\AppData\Roaming\Dropbox\bin\Dropbox.exe [6912] (C++ application development framework./Digia Plc and/or its subsidiary(-ies))(2015-07-30 16:36:57) 00000000563d0000 Library C:\Users\Christian\AppData\Roaming\Dropbox\bin\Qt5Sql.dll (*** suspicious ***) @ C:\Users\Christian\AppData\Roaming\Dropbox\bin\Dropbox.exe [6912] (C++ application development framework./Digia Plc and/or its subsidiary(-ies))(2015-03-04 21:45:26) 00000000563a0000 Library C:\Users\Christian\AppData\Roaming\Dropbox\bin\Qt5WebKitWidgets.dll (*** suspicious ***) @ C:\Users\Christian\AppData\Roaming\Dropbox\bin\Dropbox.exe [6912] (C++ application development framework./Digia Plc and/or its subsidiary(-ies))(2015-03-04 21:45:28) 0000000056360000 Library C:\Users\Christian\AppData\Roaming\Dropbox\bin\Qt5PrintSupport.dll (*** suspicious ***) @ C:\Users\Christian\AppData\Roaming\Dropbox\bin\Dropbox.exe [6912] (C++ application development framework./Digia Plc and/or its subsidiary(-ies))(2015-03-04 21:45:26) 0000000056310000 Library C:\Users\Christian\AppData\Roaming\Dropbox\bin\Qt5OpenGL.dll (*** suspicious ***) @ C:\Users\Christian\AppData\Roaming\Dropbox\bin\Dropbox.exe [6912] (C++ application development framework./Digia Plc and/or its subsidiary(-ies))(2015-03-04 21:45:26) 00000000562c0000 Library C:\Users\Christian\AppData\Roaming\Dropbox\bin\plugins\platforms\qwindows.dll (*** suspicious ***) @ C:\Users\Christian\AppData\Roaming\Dropbox\bin\Dropbox.exe [6912] (C++ application development framework./Digia Plc and/or its subsidiary(-ies))(2015-03-04 21:45:30) 00000000561d0000 Library C:\Users\Christian\AppData\Roaming\Dropbox\bin\plugins\imageformats\qjpeg.dll (*** suspicious ***) @ C:\Users\Christian\AppData\Roaming\Dropbox\bin\Dropbox.exe [6912] (C++ application development framework./Digia Plc and/or its subsidiary(-ies))(2015-03-04 21:45:30) 0000000056190000 Library C:\Users\Christian\AppData\Roaming\Dropbox\bin\QtQuick.2\qtquick2plugin.dll (*** suspicious ***) @ C:\Users\Christian\AppData\Roaming\Dropbox\bin\Dropbox.exe [6912](2015-03-04 21:45:30) 000000005df30000 Library C:\Users\Christian\AppData\Roaming\Dropbox\bin\QtQuick\Controls\qtquickcontrolsplugin.dll (*** suspicious ***) @ C:\Users\Christian\AppData\Roaming\Dropbox\bin\Dropbox.exe [6912](2015-03-04 21:45:30) 0000000054b70000 Library C:\Users\Christian\AppData\Roaming\Dropbox\bin\QtQuick\Layouts\qquicklayoutsplugin.dll (*** suspicious ***) @ C:\Users\Christian\AppData\Roaming\Dropbox\bin\Dropbox.exe [6912](2015-07-30 16:36:58) 0000000054b50000 Library C:\Users\Christian\AppData\Roaming\Dropbox\bin\QtQuick\Window.2\windowplugin.dll (*** suspicious ***) @ C:\Users\Christian\AppData\Roaming\Dropbox\bin\Dropbox.exe [6912](2015-03-04 21:45:30) 0000000059f20000 ---- Disk sectors - GMER 2.1 ---- Disk \Device\Harddisk1\DR1 unknown MBR code ---- EOF - GMER 2.1 ---- Code:
ATTFilter Malwarebytes Anti-Malware www.malwarebytes.org Suchlaufdatum: 11.08.2015 Suchlaufzeit: 20:37 Protokolldatei: mbam.txt Administrator: Ja Version: 2.1.8.1057 Malware-Datenbank: v2015.08.11.06 Rootkit-Datenbank: v2015.08.06.01 Lizenz: Premium-Version Malware-Schutz: Aktiviert Schutz vor bösartigen Websites: Aktiviert Selbstschutz: Aktiviert Betriebssystem: Windows 8.1 CPU: x64 Dateisystem: NTFS Benutzer: Name Suchlauftyp: Bedrohungssuchlauf Ergebnis: Abgeschlossen Durchsuchte Objekte: 353743 Abgelaufene Zeit: 7 Min., 12 Sek. Speicher: Aktiviert Start: Aktiviert Dateisystem: Aktiviert Archive: Aktiviert Rootkits: Aktiviert Heuristik: Aktiviert PUP: Aktiviert PUM: Aktiviert Prozesse: 0 (keine bösartigen Elemente erkannt) Module: 0 (keine bösartigen Elemente erkannt) Registrierungsschlüssel: 0 (keine bösartigen Elemente erkannt) Registrierungswerte: 0 (keine bösartigen Elemente erkannt) Registrierungsdaten: 0 (keine bösartigen Elemente erkannt) Ordner: 0 (keine bösartigen Elemente erkannt) Dateien: 0 (keine bösartigen Elemente erkannt) Physische Sektoren: 0 (keine bösartigen Elemente erkannt) (end) |
11.08.2015, 20:19 | #2 |
| Windows 8.1 64bit - Browser spuckt mir eine IP aus Chile ausCode:
ATTFilter Untersuchungsergebnis von Farbar Recovery Scan Tool (FRST) (x64) Version:11-08-2015 durchgeführt von Christian (Administrator) auf CHRISDESKTOP (11-08-2015 21:03:47) Gestartet von C:\Users\Christian\Downloads Geladene Profile: Christian (Verfügbare Profile: Christian) Platform: Windows 8.1 Pro (X64) Sprache: Deutsch (Deutschland) Internet Explorer Version 11 (Standard-Browser: Chrome) Start-Modus: Normal Anleitung für Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Prozesse (Nicht auf der Ausnahmeliste) ================= (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Prozess geschlossen. Die Datei wird nicht verschoben.) (AMD) C:\Windows\System32\atiesrxx.exe (AMD) C:\Windows\System32\atieclxx.exe (Intel Corporation) C:\Windows\System32\igfxCUIService.exe (Apple Inc.) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe (Microsoft Corporation) C:\Windows\System32\dasHost.exe (ESET) C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe () C:\Program Files\Everything\Everything.exe (Garmin Ltd. or its subsidiaries) C:\Program Files (x86)\Garmin\Device Interaction Service\GarminService.exe (Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe (Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe (Nitro PDF Software) C:\Program Files\Common Files\Nitro\Reader\3.0\NitroPDFReaderDriverService3x64.exe () C:\Windows\SysWOW64\PnkBstrA.exe () C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe (Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe (Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe (Intel Corporation) C:\Windows\System32\igfxEM.exe (IvoSoft) C:\Program Files\Classic Shell\ClassicStartMenu.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe () C:\Windows\SysWOW64\HsMgr.exe (CMedia) C:\Program Files\ASUS Xonar DX Audio\Customapp\AsusAudioCenter.exe () C:\Windows\System\HsMgr64.exe (ESET) C:\Program Files\ESET\ESET Smart Security\egui.exe (Greenshot) C:\Program Files\Greenshot\Greenshot.exe () C:\Program Files\Everything\Everything.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Polar Electro Oy) C:\Program Files (x86)\Polar\Polar FlowSync\flowsync.exe (Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe (Secomba GmbH) C:\Program Files (x86)\Boxcryptor\Boxcryptor.exe () C:\Program Files\Rainlendar2\Rainlendar2.exe (Garmin Ltd. or its subsidiaries) C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe (QIP) M:\#Programme\QIP 2012\qip.exe (Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe (Dropbox, Inc.) C:\Users\Christian\AppData\Roaming\Dropbox\bin\Dropbox.exe (AgileBits) C:\Program Files (x86)\1Password 4\Agile1pAgent.exe (CANON INC.) C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe (mIRC Co. Ltd.) M:\#Programme\gIRC\mirc.exe (Telegram Messenger LLP) C:\Users\Christian\AppData\Roaming\Telegram Desktop\Telegram.exe (Advanced Micro Devices Inc.) C:\AMD\ATI.ACE\Core-Static\MOM.exe (Advanced Micro Devices Inc.) C:\AMD\ATI.ACE\Core-Static\CCC.exe (Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe (Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe (Adobe Systems Incorporated) C:\Program Files\Adobe\Elements 13 Organizer\PhotoshopElementsFileAgent.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (AgileBits) C:\Program Files (x86)\1Password 4\1Password.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe ==================== Registry (Nicht auf der Ausnahmeliste) ================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt. Die Datei wird nicht verschoben.) HKLM\...\Run: [Classic Start Menu] => C:\Program Files\Classic Shell\ClassicStartMenu.exe [161984 2014-04-20] (IvoSoft) HKLM\...\Run: [Cmaudio8788] => C:\Windows\syswow64\RunDll32.exe C:\Windows\Syswow64\cmicnfgp.dll,CMICtrlWnd HKLM\...\Run: [Cmaudio8788GX] => C:\Windows\syswow64\HsMgr.exe [200704 2008-07-11] () HKLM\...\Run: [Cmaudio8788GX64] => C:\Windows\system\HsMgr64.exe [282112 2008-07-11] () HKLM\...\Run: [egui] => C:\Program Files\ESET\ESET Smart Security\egui.exe [5595848 2015-01-28] (ESET) HKLM\...\Run: [Greenshot] => C:\Program Files\Greenshot\Greenshot.exe [536576 2014-12-29] (Greenshot) HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [557984 2014-08-27] (Adobe Systems Incorporated) HKLM\...\Run: [Everything] => C:\Program Files\Everything\Everything.exe [1441792 2014-08-06] () HKLM-x32\...\Run: [Agile1pAgent] => C:\Program Files (x86)\1Password 4\Agile1pAgent.exe [4859152 2015-07-29] (AgileBits) HKLM-x32\...\Run: [IJNetworkScannerSelectorEX] => C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe [452272 2012-08-31] (CANON INC.) HKLM-x32\...\Run: [PDFPrint] => C:\Program Files (x86)\PDF24\pdf24.exe [193568 2014-11-28] (Geek Software GmbH) HKLM-x32\...\Run: [] => [X] HKLM-x32\...\Run: [Razer Synapse] => C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe [590144 2015-04-22] (Razer Inc.) HKLM-x32\...\Run: [BlueStacks Agent] => C:\Program Files (x86)\BlueStacks\HD-Agent.exe [896632 2015-07-22] (BlueStack Systems, Inc.) HKLM-x32\...\Run: [StartCCC] => C:\AMD\ATI.ACE\Core-Static\amd64\CLIStart.exe [767176 2015-07-28] (Advanced Micro Devices, Inc.) HKU\S-1-5-21-3557826585-2545589941-765533996-1001\...\Run: [GoogleChromeAutoLaunch_F95133299531DA24C7CB703BC8432DCE] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [813896 2015-07-31] (Google Inc.) HKU\S-1-5-21-3557826585-2545589941-765533996-1001\...\Run: [Polar FlowSync] => C:\Program Files (x86)\Polar\Polar FlowSync\flowsync.exe [1125376 2014-11-11] (Polar Electro Oy) HKU\S-1-5-21-3557826585-2545589941-765533996-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8418584 2015-07-17] (Piriform Ltd) HKU\S-1-5-21-3557826585-2545589941-765533996-1001\...\Run: [CCleaner] => C:\Program Files\CCleaner\CCleaner64.exe [8418584 2015-07-17] (Piriform Ltd) HKU\S-1-5-21-3557826585-2545589941-765533996-1001\...\Run: [EPLTarget\P0000000000000000] => C:\Windows\system32\spool\DRIVERS\x64\3\E_IATILEE.EXE [297024 2013-01-24] (SEIKO EPSON CORPORATION) HKU\S-1-5-21-3557826585-2545589941-765533996-1001\...\Run: [Dropbox Update] => C:\Users\Christian\AppData\Local\Dropbox\Update\DropboxUpdate.exe [134512 2015-06-12] (Dropbox, Inc.) HKU\S-1-5-21-3557826585-2545589941-765533996-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [53282944 2015-06-29] (Skype Technologies S.A.) HKU\S-1-5-21-3557826585-2545589941-765533996-1001\...\Run: [Boxcryptor.exe] => C:\Program Files (x86)\Boxcryptor\Boxcryptor.exe [2460424 2015-06-26] (Secomba GmbH) HKU\S-1-5-21-3557826585-2545589941-765533996-1001\...\Run: [Rainlendar2] => C:\Program Files\Rainlendar2\Rainlendar2.exe [4411488 2014-03-16] () HKU\S-1-5-21-3557826585-2545589941-765533996-1001\...\Run: [GarminExpressTrayApp] => C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe [1404248 2015-07-29] (Garmin Ltd. or its subsidiaries) HKU\S-1-5-21-3557826585-2545589941-765533996-1001\...\Run: [Infium] => M:\#Programme\QIP 2012\qip.exe [8503280 2014-03-04] (QIP) Startup: C:\Users\Christian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma.lnk [2015-05-28] ShortcutTarget: Adobe Gamma.lnk -> C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.) Startup: C:\Users\Christian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2015-04-03] ShortcutTarget: Dropbox.lnk -> C:\Users\Christian\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) Startup: C:\Users\Christian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Folding@home.lnk [2015-07-27] ShortcutTarget: Folding@home.lnk -> C:\Program Files (x86)\FAHClient\HideConsole.exe () Startup: C:\Users\Christian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mirc - Verknüpfung.lnk [2015-07-05] ShortcutTarget: mirc - Verknüpfung.lnk -> M:\#Programme\gIRC\mirc.exe (mIRC Co. Ltd.) Startup: C:\Users\Christian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Telegram.lnk [2015-08-10] ShortcutTarget: Telegram.lnk -> C:\Users\Christian\AppData\Roaming\Telegram Desktop\Telegram.exe (Telegram Messenger LLP) SSODL: EldosMountNotificator-cbfs4 - {1A0784DC-4CE3-4BC6-9318-6B5BAC32AA2F} - C:\Windows\system32\cbfsMntNtf4.dll (EldoS Corporation) SSODL-x32: EldosMountNotificator-cbfs4 - {1A0784DC-4CE3-4BC6-9318-6B5BAC32AA2F} - C:\Windows\SysWOW64\cbfsMntNtf4.dll (EldoS Corporation) ShellIconOverlayIdentifiers: [ "CryptorShellExtHandler.IconOverlayExt"] -> {011F39D2-A764-419E-9479-69C93F6D37E0} => C:\Program Files (x86)\Boxcryptor\ShellExt\x64\Boxcryptor.Ext.dll [2015-06-26] (Secomba GmbH) ShellIconOverlayIdentifiers: [ "CryptorShellExtHandler.IconOverlayExt2"] -> {F61B4933-D8AF-40DE-A335-F9B3BE1FF878} => C:\Program Files (x86)\Boxcryptor\ShellExt\x64\Boxcryptor.IconOverlayBlocker.Ext.dll [2015-06-26] (Secomba GmbH) ShellIconOverlayIdentifiers: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Christian\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll [2015-08-06] (Dropbox, Inc.) ShellIconOverlayIdentifiers: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Christian\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll [2015-08-06] (Dropbox, Inc.) ShellIconOverlayIdentifiers: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Christian\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll [2015-08-06] (Dropbox, Inc.) ShellIconOverlayIdentifiers: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Christian\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll [2015-08-06] (Dropbox, Inc.) ShellIconOverlayIdentifiers: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Christian\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll [2015-08-06] (Dropbox, Inc.) ShellIconOverlayIdentifiers: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Christian\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll [2015-08-06] (Dropbox, Inc.) ShellIconOverlayIdentifiers: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Christian\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll [2015-08-06] (Dropbox, Inc.) ShellIconOverlayIdentifiers: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Christian\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll [2015-08-06] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [EldosIconOverlay-cbfs4] -> {76212FC9-6D58-4922-AC6B-82A31D17104E} => C:\Windows\system32\cbfsMntNtf4.dll [2013-11-15] (EldoS Corporation) ShellIconOverlayIdentifiers: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer64.dll [2014-04-20] (IvoSoft) ShellIconOverlayIdentifiers-x32: [ "CryptorShellExtHandler.IconOverlayExt"] -> {011F39D2-A764-419E-9479-69C93F6D37E0} => C:\Program Files (x86)\Boxcryptor\ShellExt\x86\Boxcryptor.Ext.dll [2015-06-26] (Secomba GmbH) ShellIconOverlayIdentifiers-x32: [ "CryptorShellExtHandler.IconOverlayExt2"] -> {F61B4933-D8AF-40DE-A335-F9B3BE1FF878} => C:\Program Files (x86)\Boxcryptor\ShellExt\x86\Boxcryptor.IconOverlayBlocker.Ext.dll [2015-06-26] (Secomba GmbH) ShellIconOverlayIdentifiers-x32: [EldosIconOverlay-cbfs4] -> {76212FC9-6D58-4922-AC6B-82A31D17104E} => C:\Windows\SysWOW64\cbfsMntNtf4.dll [2013-11-15] (EldoS Corporation) ShellIconOverlayIdentifiers-x32: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer32.dll [2014-04-20] (IvoSoft) ==================== Internet (Nicht auf der Ausnahmeliste) ==================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Eintrag entfernt oder auf den Standardwert zurückgesetzt, wenn es sich um einen Registryeintrag handelt..) HKU\S-1-5-21-3557826585-2545589941-765533996-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/de-de/?ocid=iehp BHO: 1Password -> {037C06D5-3893-49E8-9AC0-41F7524AFBF5} -> C:\Program Files (x86)\1Password 4\x64\Agile1pIE4.dll [2015-07-29] (AgileBits) BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll [2015-06-09] (Microsoft Corporation) BHO: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer64.dll [2014-04-20] (IvoSoft) BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [2015-06-16] (Microsoft Corporation) BHO: ClassicIEBHO Class -> {EA801577-E6AD-4BD5-8F71-4BE0154331A4} -> C:\Program Files\Classic Shell\ClassicIEDLL_64.dll [2014-04-20] (IvoSoft) BHO-x32: 1Password -> {037C06D5-3893-49E8-9AC0-41F7524AFBF5} -> C:\Program Files (x86)\1Password 4\x86\Agile1pIE4.dll [2015-07-29] (AgileBits) BHO-x32: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer32.dll [2014-04-20] (IvoSoft) BHO-x32: ClassicIEBHO Class -> {EA801577-E6AD-4BD5-8F71-4BE0154331A4} -> C:\Program Files\Classic Shell\ClassicIEDLL_32.dll [2014-04-20] (IvoSoft) Toolbar: HKLM - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer64.dll [2014-04-20] (IvoSoft) Toolbar: HKLM-x32 - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer32.dll [2014-04-20] (IvoSoft) Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2015-06-01] (Microsoft Corporation) Tcpip\Parameters: [DhcpNameServer] 192.168.0.1 Tcpip\..\Interfaces\{7EF60E29-A117-4FCD-B3D5-07222DAC1A17}: [DhcpNameServer] 192.168.0.1 FireFox: ======== FF Plugin: @esn/npbattlelog,version=2.6.2 -> C:\Program Files (x86)\Battlelog Web Plugins\2.6.2\npbattlelogx64.dll [2015-01-13] (EA Digital Illusions CE AB) FF Plugin-x32: @esn/npbattlelog,version=2.6.2 -> C:\Program Files (x86)\Battlelog Web Plugins\2.6.2\npbattlelog.dll [Keine Datei] FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2015-06-01] (Microsoft Corporation) FF Plugin-x32: @nitropdf.com/NitroPDF -> C:\Program Files (x86)\Nitro\Reader 3\npnitromozilla.dll [2013-03-26] (Nitro PDF) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-07-16] (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-07-16] (Google Inc.) Chrome: ======= CHR Profile: C:\Users\Christian\AppData\Local\Google\Chrome\User Data\Default CHR Extension: (Google Slides) - C:\Users\Christian\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-04-03] CHR Extension: (Duolingo on the Web) - C:\Users\Christian\AppData\Local\Google\Chrome\User Data\Default\Extensions\aiahmijlpehemcpleichkcokhegllfjl [2015-04-03] CHR Extension: (Facebook Video Downloader) - C:\Users\Christian\AppData\Local\Google\Chrome\User Data\Default\Extensions\amjcoehkcacocffpmhnefgoeanepjfkf [2015-04-24] CHR Extension: (Google Docs) - C:\Users\Christian\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-04-03] CHR Extension: (1Password: Password Manager and Secure Wallet) - C:\Users\Christian\AppData\Local\Google\Chrome\User Data\Default\Extensions\aomjjhallfgjeglblehebfpbcfeobpgk [2015-04-03] CHR Extension: (Google Drive) - C:\Users\Christian\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-04-03] CHR Extension: (aklamio Cashbar) - C:\Users\Christian\AppData\Local\Google\Chrome\User Data\Default\Extensions\bailoifpnpbamefjlgpcfebledceocbf [2015-04-03] CHR Extension: (WOT: Web of Trust, Website Reputation Ratings) - C:\Users\Christian\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhmmomiinigofkjcapegjjndpbikblnp [2015-04-03] CHR Extension: (YouTube) - C:\Users\Christian\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-04-03] CHR Extension: (Adblock Plus) - C:\Users\Christian\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2015-04-03] CHR Extension: (Telegram) - C:\Users\Christian\AppData\Local\Google\Chrome\User Data\Default\Extensions\clhhggbfdinjmjhajaheehoeibfljjno [2015-04-03] CHR Extension: (Google Search) - C:\Users\Christian\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-04-03] CHR Extension: (Tampermonkey) - C:\Users\Christian\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhdgffkkebhmkfjojejmpbldmpobfkfo [2015-04-03] CHR Extension: (busuu.com) - C:\Users\Christian\AppData\Local\Google\Chrome\User Data\Default\Extensions\epadnjldocmkadjbopkanclaamocokoo [2015-04-03] CHR Extension: (Google Sheets) - C:\Users\Christian\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-04-03] CHR Extension: (Web page captures from browser) - C:\Users\Christian\AppData\Local\Google\Chrome\User Data\Default\Extensions\fomlbefjpamblimccfdomfgpgokdljcg [2015-04-03] CHR Extension: (yingBar) - C:\Users\Christian\AppData\Local\Google\Chrome\User Data\Default\Extensions\gckfalecfdjjpbelmpfieecfdeapfoep [2015-04-03] CHR Extension: (FoxyProxy Standard) - C:\Users\Christian\AppData\Local\Google\Chrome\User Data\Default\Extensions\gcknhkkoolaabfmlnjonogaaifnjlfnp [2015-04-03] CHR Extension: (Desktop Notifications for Android) - C:\Users\Christian\AppData\Local\Google\Chrome\User Data\Default\Extensions\giicnncicnopjohcpamieklkiacdoeni [2015-04-03] CHR Extension: (Downloads - Your Download Box) - C:\Users\Christian\AppData\Local\Google\Chrome\User Data\Default\Extensions\gjihnjejboipjmadkpmknccijhibnpfe [2015-04-03] CHR Extension: (Unlimited Free VPN - Hola) - C:\Users\Christian\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkojfkhlekighikafcpjkiklfbnlmeio [2015-04-03] CHR Extension: (Stealthy) - C:\Users\Christian\AppData\Local\Google\Chrome\User Data\Default\Extensions\ieaebnkibonmpbhdaanjkmedikadnoje [2015-04-03] CHR Extension: (Dropbox) - C:\Users\Christian\AppData\Local\Google\Chrome\User Data\Default\Extensions\ioekoebejdcmnlefjiknokhhafglcjdl [2015-04-03] CHR Extension: (Disconnect) - C:\Users\Christian\AppData\Local\Google\Chrome\User Data\Default\Extensions\jeoacafpbcihiomhlakheieifhpjdfeo [2015-04-03] CHR Extension: (Image Search Options) - C:\Users\Christian\AppData\Local\Google\Chrome\User Data\Default\Extensions\kljmejbpilkadikecejccebmccagifhl [2015-04-03] CHR Extension: (iGraal) - C:\Users\Christian\AppData\Local\Google\Chrome\User Data\Default\Extensions\kmhkepipobnjllejbafajoemahjejdcm [2015-04-03] CHR Extension: (Auto HD For YouTube™) - C:\Users\Christian\AppData\Local\Google\Chrome\User Data\Default\Extensions\koiaokdomkpjdgniimnkhgbilbjgpeak [2015-04-03] CHR Extension: (Momentum) - C:\Users\Christian\AppData\Local\Google\Chrome\User Data\Default\Extensions\laookkfknpbbblfpciffpaejjkokdgca [2015-04-03] CHR Extension: (Evernote Web) - C:\Users\Christian\AppData\Local\Google\Chrome\User Data\Default\Extensions\lbfehkoinhhcknnbdgnnmjhiladcgbol [2015-04-03] CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Christian\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-04-03] CHR Extension: (Capture Webpage Screenshot - FireShot) - C:\Users\Christian\AppData\Local\Google\Chrome\User Data\Default\Extensions\mcbpblocgmgfnpjjppndjkmgjaogfceg [2015-04-03] CHR Extension: (qipu Cashbackmelder open beta) - C:\Users\Christian\AppData\Local\Google\Chrome\User Data\Default\Extensions\mloigoojndlehdjiemdfpiikieonngel [2015-04-03] CHR Extension: (Ghostery) - C:\Users\Christian\AppData\Local\Google\Chrome\User Data\Default\Extensions\mlomiejdfkolichcflejclcbmpeaniij [2015-04-03] CHR Extension: (F.B Purity-Clean Up Facebook) - C:\Users\Christian\AppData\Local\Google\Chrome\User Data\Default\Extensions\ncdlagniojmheiklojdcpdaeepochckl [2015-04-03] CHR Extension: (Hangouts) - C:\Users\Christian\AppData\Local\Google\Chrome\User Data\Default\Extensions\nckgahadagoaajjgafhacjanaoiihapd [2015-04-03] CHR Extension: (Keepa - Amazon Price Tracker) - C:\Users\Christian\AppData\Local\Google\Chrome\User Data\Default\Extensions\neebplgakaahbhdphmkckjjcegoiijjo [2015-04-03] CHR Extension: (Chrome Web Store Payments) - C:\Users\Christian\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-04-03] CHR Extension: (eBay XXL-Photos) - C:\Users\Christian\AppData\Local\Google\Chrome\User Data\Default\Extensions\nndhjgnljmmablcpnppcdfbagielaiho [2015-04-03] CHR Extension: (Enhanced Steam) - C:\Users\Christian\AppData\Local\Google\Chrome\User Data\Default\Extensions\okadibdjfemgnhjiembecghcbfknbfhg [2015-04-03] CHR Extension: (PAYBACK Internet Assistent für Google Chrome) - C:\Users\Christian\AppData\Local\Google\Chrome\User Data\Default\Extensions\pbfjbhoglggakhkngkbfehgghkaadeba [2015-04-03] CHR Extension: (ModernDeck) - C:\Users\Christian\AppData\Local\Google\Chrome\User Data\Default\Extensions\pbpfgdgddpnbjcbpofmdanfbbigocklj [2015-04-03] CHR Extension: (Gutscheinsammler Finder) - C:\Users\Christian\AppData\Local\Google\Chrome\User Data\Default\Extensions\pilobbegphefikcgjpajnneiiahhejam [2015-04-03] CHR Extension: (Gmail) - C:\Users\Christian\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-04-03] ==================== Dienste (Nicht auf der Ausnahmeliste) ======================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.) S3 Adobe LM Service; C:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [72704 2015-05-28] (Adobe Systems) [Datei ist nicht signiert] R2 AdobeActiveFileMonitor13.0; C:\Program Files\Adobe\Elements 13 Organizer\PhotoshopElementsFileAgent.exe [231120 2014-08-31] (Adobe Systems Incorporated) S3 BstHdAndroidSvc; C:\Program Files (x86)\BlueStacks\HD-Service.exe [433784 2015-06-16] (BlueStack Systems, Inc.) S3 BstHdLogRotatorSvc; C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe [413304 2015-06-16] (BlueStack Systems, Inc.) S3 BstHdUpdaterSvc; C:\Program Files (x86)\BlueStacks\HD-UpdaterService.exe [831096 2015-07-21] (BlueStack Systems, Inc.) S3 BthHFSrv; C:\Windows\System32\BthHFSrv.dll [324608 2014-10-29] (Microsoft Corporation) R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2753720 2015-07-01] (Microsoft Corporation) R2 ekrn; C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe [1349576 2015-01-28] (ESET) R2 Everything; C:\Program Files\Everything\Everything.exe [1441792 2014-08-06] () [Datei ist nicht signiert] R2 Garmin Device Interaction Service; C:\Program Files (x86)\Garmin\Device Interaction Service\GarminService.exe [754120 2015-07-29] (Garmin Ltd. or its subsidiaries) R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [319376 2014-10-01] (Intel Corporation) R2 MBAMScheduler; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe [1871160 2015-06-18] (Malwarebytes Corporation) R2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [1133880 2015-06-18] (Malwarebytes Corporation) R2 NitroReaderDriverReadSpool3; C:\Program Files\Common Files\Nitro\Reader\3.0\NitroPDFReaderDriverService3x64.exe [230416 2013-03-26] (Nitro PDF Software) S3 Origin Client Service; E:\Origin\OriginClientService.exe [2007048 2015-08-02] (Electronic Arts) R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76152 2015-04-05] () R2 Razer Game Scanner Service; C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe [187072 2015-02-05] () R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [5495056 2015-06-18] (TeamViewer GmbH) S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366520 2015-02-04] (Microsoft Corporation) S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2015-02-04] (Microsoft Corporation) ===================== Treiber (Nicht auf der Ausnahmeliste) ========================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.) S0 amdkmafd; C:\Windows\System32\drivers\amdkmafd.sys [21160 2012-09-23] (Advanced Micro Devices, Inc.) R0 amdkmpfd; C:\Windows\System32\drivers\amdkmpfd.sys [62152 2014-10-28] (Advanced Micro Devices, Inc.) R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdWB6.sys [102912 2015-07-15] (Advanced Micro Devices) R2 BstHdDrv; C:\Program Files (x86)\BlueStacks\HD-Hypervisor-amd64.sys [145528 2015-06-16] (BlueStack Systems) R1 cbfs4; C:\Windows\system32\drivers\cbfs4.sys [387776 2013-11-15] (EldoS Corporation) R3 cmudaxp; C:\Windows\system32\drivers\cmudaxp.sys [2735616 2013-12-11] (C-Media Inc) R1 eamonm; C:\Windows\System32\DRIVERS\eamonm.sys [246000 2015-03-10] (ESET) R0 edevmon; C:\Windows\System32\DRIVERS\edevmon.sys [241880 2015-03-10] (ESET) R1 ehdrv; C:\Windows\system32\DRIVERS\ehdrv.sys [169792 2015-03-10] (ESET) R2 epfw; C:\Windows\system32\DRIVERS\epfw.sys [222280 2015-03-10] (ESET) R1 EpfwLWF; C:\Windows\system32\DRIVERS\EpfwLWF.sys [44632 2015-03-10] (ESET) R0 epfwwfp; C:\Windows\System32\DRIVERS\epfwwfp.sys [64208 2015-03-10] (ESET) R1 mbamchameleon; C:\Windows\system32\drivers\mbamchameleon.sys [109272 2015-06-18] (Malwarebytes Corporation) R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-06-18] (Malwarebytes Corporation) R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [113880 2015-08-11] (Malwarebytes Corporation) R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [64216 2015-06-18] (Malwarebytes Corporation) R0 PxHlpa64; C:\Windows\System32\drivers\PxHlpa64.sys [56336 2013-09-03] (Corel Corporation) S3 RTCore64; C:\Program Files (x86)\MSI Afterburner\RTCore64.sys [13368 2013-03-11] () R3 rzendpt; C:\Windows\System32\drivers\rzendpt.sys [49872 2015-07-13] (Razer Inc) R2 rzpmgrk; C:\Windows\system32\drivers\rzpmgrk.sys [37184 2015-02-05] (Razer, Inc.) R2 rzpnk; C:\Windows\system32\drivers\rzpnk.sys [129600 2015-03-03] (Razer, Inc.) U5 TMUSB; C:\Windows\System32\DRIVERS\TMUSB64.SYS [63096 2014-03-19] (Seiko Epson Corporation) R1 UimBus; C:\Windows\System32\drivers\UimBus.sys [102664 2014-05-19] () R1 Uim_DEVIM; C:\Windows\System32\drivers\uim_devim.sys [25992 2014-05-19] () R1 Uim_IM; C:\Windows\System32\drivers\uim_im.sys [700296 2014-05-19] () R3 vpnpbus; C:\Windows\System32\drivers\vpnpbus.sys [18624 2013-11-15] (EldoS Corporation) S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2015-02-04] (Microsoft Corporation) ==================== NetSvcs (Nicht auf der Ausnahmeliste) =================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.) ==================== Ein Monat: Erstellte Dateien und Ordner ======== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.) 2015-08-11 21:02 - 2015-08-11 21:02 - 00380416 _____ C:\Users\Christian\Downloads\Gmer-19357.exe 2015-08-11 20:59 - 2015-08-11 21:03 - 00001184 _____ C:\Users\Christian\Desktop\mbam.txt 2015-08-11 20:52 - 2015-08-11 21:03 - 00044061 _____ C:\Users\Christian\Downloads\Addition.txt 2015-08-11 20:52 - 2015-08-11 21:03 - 00029543 _____ C:\Users\Christian\Downloads\FRST.txt 2015-08-11 20:52 - 2015-08-11 21:03 - 00000000 ____D C:\FRST 2015-08-11 20:52 - 2015-08-11 20:52 - 02172416 _____ (Farbar) C:\Users\Christian\Downloads\FRST64.exe 2015-08-11 20:50 - 2015-08-11 20:50 - 00000000 _____ C:\Users\Christian\defogger_reenable 2015-08-11 20:49 - 2015-08-11 20:51 - 00000480 _____ C:\Users\Christian\Downloads\defogger_disable.log 2015-08-11 20:48 - 2015-08-11 20:48 - 00050477 _____ C:\Users\Christian\Downloads\Defogger.exe 2015-08-11 20:35 - 2015-08-11 20:35 - 00000000 _____ C:\Users\Christian\Desktop\190.151.10.226.txt 2015-08-11 19:38 - 2015-08-11 19:38 - 00000000 ____D C:\Users\Christian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox 2015-08-11 16:15 - 2015-08-11 16:16 - 00000000 ____D C:\Users\Christian\Downloads\Neuer Ordner 2015-08-11 13:58 - 2015-08-11 13:58 - 00000000 ____D C:\ProgramData\ATI 2015-08-10 12:39 - 2015-08-10 12:39 - 00003554 _____ C:\Windows\System32\Tasks\GarminUpdaterTask 2015-08-10 12:39 - 2015-08-10 12:39 - 00001917 _____ C:\Users\Public\Desktop\Garmin Express.lnk 2015-08-10 12:39 - 2015-08-10 12:39 - 00000000 ____D C:\Users\Christian\AppData\Roaming\Garmin 2015-08-10 12:39 - 2015-08-10 12:39 - 00000000 ____D C:\Users\Christian\AppData\Local\Garmin_Ltd._or_its_subsid 2015-08-10 12:39 - 2015-08-10 12:39 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Garmin 2015-08-10 12:39 - 2015-08-10 12:39 - 00000000 ____D C:\ProgramData\Garmin 2015-08-10 12:39 - 2015-08-10 12:39 - 00000000 ____D C:\Program Files\DIFX 2015-08-10 12:39 - 2015-08-10 12:39 - 00000000 ____D C:\Program Files (x86)\Garmin 2015-08-10 11:22 - 2015-08-10 11:22 - 00048947 _____ C:\Windows\SysWOW64\CCCInstall_201508101122310578.log 2015-08-10 11:22 - 2015-08-10 11:22 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD Catalyst Control Center 2015-08-10 11:21 - 2015-08-10 11:21 - 00000000 ____D C:\Windows\LastGood.Tmp 2015-08-10 11:14 - 2015-08-11 20:59 - 00564012 _____ C:\Windows\WindowsUpdate.log 2015-08-10 01:07 - 2015-08-10 01:07 - 00000752 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinSCP.lnk 2015-08-10 01:07 - 2015-08-10 01:07 - 00000668 _____ C:\Users\Public\Desktop\WinSCP.lnk 2015-08-10 00:40 - 2015-08-10 00:40 - 00000000 ____D C:\Users\Christian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Total Commander 2015-08-10 00:40 - 2015-08-10 00:40 - 00000000 ____D C:\Users\Christian\AppData\Roaming\GHISLER 2015-08-09 22:34 - 2015-08-09 22:34 - 00000036 _____ C:\Users\Christian\Desktop\Ohne Titel.avi.sfl 2015-08-09 13:51 - 2015-08-09 14:19 - 00000000 ____D C:\Users\Christian\Desktop\GIGASET QV1030 2015-08-07 22:41 - 2015-08-07 22:41 - 00000014 _____ C:\Users\Christian\Desktop\g2a.txt 2015-08-05 00:20 - 2015-08-06 23:06 - 00000000 ____D C:\Windows\Minidump 2015-08-03 20:55 - 2015-08-03 20:55 - 00003364 _____ C:\Windows\System32\Tasks\Skype 2015-08-02 23:32 - 2015-08-02 23:39 - 00000000 ____D C:\Users\Christian\Desktop\Spende 2015-08-02 20:22 - 2015-08-02 20:22 - 00000000 ____D C:\Users\Christian\Desktop\Verkauf 2015-08-02 19:13 - 2015-08-11 20:40 - 00000000 ____D C:\Users\Christian\.rainlendar2 2015-08-02 19:13 - 2015-08-02 19:13 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Rainlendar2 2015-08-02 19:12 - 2015-08-02 19:13 - 00000000 ____D C:\Program Files\Rainlendar2 2015-08-02 18:46 - 2015-08-02 18:46 - 00000000 ____D C:\Users\Christian\AppData\Local\CEF 2015-08-02 16:23 - 2015-07-14 23:59 - 01113944 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ndis.sys 2015-08-02 16:23 - 2015-07-14 23:59 - 00487256 _____ (Microsoft Corporation) C:\Windows\system32\netcfgx.dll 2015-08-02 16:23 - 2015-07-14 23:59 - 00393560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\netcfgx.dll 2015-08-02 16:23 - 2015-06-12 19:03 - 18823680 _____ (Microsoft Corporation) C:\Windows\system32\Windows.UI.Xaml.dll 2015-08-02 16:23 - 2015-06-12 18:36 - 15159296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.UI.Xaml.dll 2015-08-02 16:23 - 2015-06-11 22:12 - 02476376 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys 2015-08-02 16:23 - 2015-06-11 22:12 - 00428888 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\FWPKCLNT.SYS 2015-08-02 16:23 - 2015-06-09 20:27 - 00411133 _____ C:\Windows\system32\ApnDatabase.xml 2015-08-01 18:05 - 2015-08-01 18:05 - 00000000 ____D C:\ProgramData\newbackup 2015-08-01 18:04 - 2015-08-01 18:04 - 00000000 ____D C:\ProgramData\rmbwizard 2015-08-01 18:04 - 2015-08-01 18:04 - 00000000 ____D C:\ProgramData\launcher 2015-08-01 18:03 - 2015-08-01 18:03 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Paragon Backup and Recovery™ 2014 Free 2015-08-01 18:03 - 2015-08-01 18:03 - 00000000 ____D C:\Program Files\Paragon Software 2015-08-01 18:02 - 2015-08-01 18:02 - 00000000 ____D C:\Users\Christian\AppData\Local\Downloaded Installations 2015-08-01 18:02 - 2015-08-01 18:02 - 00000000 ____D C:\ProgramData\explauncher 2015-07-29 05:44 - 2015-07-29 05:44 - 00458472 _____ C:\Windows\system32\amdmiracast.dll 2015-07-29 05:44 - 2015-07-29 05:44 - 00107784 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\amdave64.dll 2015-07-29 05:44 - 2015-07-29 05:44 - 00100568 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\amdave32.dll 2015-07-29 05:43 - 2015-07-29 05:43 - 00141792 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\amdhcp64.dll 2015-07-29 05:43 - 2015-07-29 05:43 - 00128384 _____ (Advanced Micro Devices, Inc.) C:\Windows\SysWOW64\amdhcp32.dll 2015-07-29 05:43 - 2015-07-29 05:43 - 00078432 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atimpc64.dll 2015-07-29 05:42 - 2015-07-29 05:42 - 00078432 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\amdpcom64.dll 2015-07-29 05:42 - 2015-07-29 05:42 - 00071704 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atimpc32.dll 2015-07-29 05:42 - 2015-07-29 05:42 - 00071704 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\amdpcom32.dll 2015-07-29 05:26 - 2015-07-29 05:26 - 00297672 _____ (Advanced Micro Devices) C:\Windows\system32\Drivers\amdacpksd.sys 2015-07-29 05:15 - 2015-07-29 05:15 - 21622784 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\Drivers\atikmdag.sys 2015-07-29 05:09 - 2015-07-29 05:09 - 47785472 _____ (Advanced Micro Devices Inc.) C:\Windows\system32\amdocl64.dll 2015-07-29 05:09 - 2015-07-29 05:09 - 00235008 _____ C:\Windows\system32\clinfo.exe 2015-07-29 05:08 - 2015-07-29 05:08 - 39714816 _____ (Advanced Micro Devices Inc.) C:\Windows\SysWOW64\amdocl.dll 2015-07-29 05:07 - 2015-07-29 05:07 - 00065024 _____ (Khronos Group) C:\Windows\system32\OpenCL.dll 2015-07-29 05:07 - 2015-07-29 05:07 - 00059392 _____ (Khronos Group) C:\Windows\SysWOW64\OpenCL.dll 2015-07-29 05:06 - 2015-07-29 05:06 - 27535872 _____ (Advanced Micro Devices Inc.) C:\Windows\system32\amdocl12cl64.dll 2015-07-29 05:05 - 2015-07-29 05:05 - 22318592 _____ (Advanced Micro Devices Inc.) C:\Windows\SysWOW64\amdocl12cl.dll 2015-07-29 04:41 - 2015-07-29 04:41 - 06477312 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\amdmantle64.dll 2015-07-29 04:41 - 2015-07-29 04:41 - 00127488 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\mantle64.dll 2015-07-29 04:41 - 2015-07-29 04:41 - 00113664 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\mantle32.dll 2015-07-29 04:36 - 2015-07-29 04:36 - 05068288 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\amdmantle32.dll 2015-07-29 04:34 - 2015-07-29 04:34 - 30752256 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\atio6axx.dll 2015-07-29 04:34 - 2015-07-29 04:34 - 00134656 _____ C:\Windows\system32\amdhdl64.dll 2015-07-29 04:34 - 2015-07-29 04:34 - 00123392 _____ C:\Windows\SysWOW64\amdhdl32.dll 2015-07-29 04:34 - 2015-07-29 04:34 - 00050688 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\amdmmcl6.dll 2015-07-29 04:34 - 2015-07-29 04:34 - 00039424 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\amdmmcl.dll 2015-07-29 04:33 - 2015-07-29 04:33 - 00093696 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\mantleaxl64.dll 2015-07-29 04:33 - 2015-07-29 04:33 - 00086528 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\mantleaxl32.dll 2015-07-29 04:32 - 2015-07-29 04:32 - 03437632 _____ C:\Windows\system32\atiumd6a.cap 2015-07-29 04:30 - 2015-07-29 04:30 - 15716864 _____ (Advanced Micro Devices Inc.) C:\Windows\system32\aticaldd64.dll 2015-07-29 04:30 - 2015-07-29 04:30 - 00660928 _____ C:\Windows\SysWOW64\atiapfxx.blb 2015-07-29 04:30 - 2015-07-29 04:30 - 00660928 _____ C:\Windows\system32\atiapfxx.blb 2015-07-29 04:30 - 2015-07-29 04:30 - 00367104 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\atiapfxx.exe 2015-07-29 04:30 - 2015-07-29 04:30 - 00062464 _____ (Advanced Micro Devices Inc.) C:\Windows\system32\aticalrt64.dll 2015-07-29 04:30 - 2015-07-29 04:30 - 00055808 _____ (Advanced Micro Devices Inc.) C:\Windows\system32\aticalcl64.dll 2015-07-29 04:30 - 2015-07-29 04:30 - 00052224 _____ (Advanced Micro Devices Inc.) C:\Windows\SysWOW64\aticalrt.dll 2015-07-29 04:30 - 2015-07-29 04:30 - 00049152 _____ (Advanced Micro Devices Inc.) C:\Windows\SysWOW64\aticalcl.dll 2015-07-29 04:29 - 2015-07-29 04:29 - 14302208 _____ (Advanced Micro Devices Inc.) C:\Windows\SysWOW64\aticaldd.dll 2015-07-29 04:28 - 2015-07-29 04:28 - 25299968 _____ (Advanced Micro Devices, Inc.) C:\Windows\SysWOW64\atioglxx.dll 2015-07-29 04:28 - 2015-07-29 04:28 - 03471376 _____ C:\Windows\SysWOW64\atiumdva.cap 2015-07-29 04:26 - 2015-07-29 04:26 - 00672768 _____ (AMD) C:\Windows\system32\atieclxx.exe 2015-07-29 04:26 - 2015-07-29 04:26 - 00204800 _____ C:\Windows\system32\amdgfxinfo64.dll 2015-07-29 04:26 - 2015-07-29 04:26 - 00189952 _____ C:\Windows\SysWOW64\amdgfxinfo32.dll 2015-07-29 04:26 - 2015-07-29 04:26 - 00160256 _____ C:\Windows\system32\atieah64.exe 2015-07-29 04:26 - 2015-07-29 04:26 - 00143872 _____ C:\Windows\SysWOW64\atieah32.exe 2015-07-29 04:26 - 2015-07-29 04:26 - 00029696 _____ (AMD) C:\Windows\system32\atimuixx.dll 2015-07-29 04:25 - 2015-07-29 04:25 - 00246784 _____ (AMD) C:\Windows\system32\atiesrxx.exe 2015-07-29 04:25 - 2015-07-29 04:25 - 00190976 _____ (AMD) C:\Windows\system32\atitmm64.dll 2015-07-29 04:24 - 2015-07-29 04:24 - 00089088 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atisamu64.dll 2015-07-29 04:24 - 2015-07-29 04:24 - 00080896 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atisamu32.dll 2015-07-29 04:23 - 2015-07-29 04:23 - 00043520 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\Drivers\ati2erec.dll 2015-07-29 04:22 - 2015-07-29 04:22 - 00926720 _____ (Advanced Micro Devices, Inc.) C:\Windows\SysWOW64\atiadlxy.dll 2015-07-29 04:22 - 2015-07-29 04:22 - 00926720 _____ (Advanced Micro Devices, Inc.) C:\Windows\SysWOW64\atiadlxx.dll 2015-07-29 04:22 - 2015-07-29 04:22 - 00665088 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\Drivers\atikmpag.sys 2015-07-29 04:22 - 2015-07-29 04:22 - 00156672 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atig6txx.dll 2015-07-29 04:22 - 2015-07-29 04:22 - 00141824 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atigktxx.dll 2015-07-29 04:22 - 2015-07-29 04:22 - 00075264 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atig6pxx.dll 2015-07-29 04:22 - 2015-07-29 04:22 - 00069632 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atiglpxx.dll 2015-07-29 04:22 - 2015-07-29 04:22 - 00069632 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atiglpxx.dll 2015-07-29 04:19 - 2015-07-29 04:19 - 00102912 _____ C:\Windows\system32\hsa-thunk64.dll 2015-07-29 04:19 - 2015-07-29 04:19 - 00102400 _____ C:\Windows\SysWOW64\hsa-thunk.dll 2015-07-28 19:10 - 2015-07-25 15:34 - 01084928 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll 2015-07-27 22:18 - 2015-07-27 22:18 - 00000000 ____D C:\Users\Christian\AppData\Roaming\AMD 2015-07-27 21:56 - 2015-08-11 20:37 - 00000000 ____D C:\Users\Christian\AppData\Roaming\FAHClient 2015-07-27 21:56 - 2015-07-27 21:56 - 00000000 ____D C:\Users\Christian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FAHClient 2015-07-27 21:56 - 2015-07-27 21:56 - 00000000 ____D C:\Program Files (x86)\FAHClient 2015-07-27 09:21 - 2015-07-27 09:21 - 00089104 _____ (Razer Inc) C:\Windows\system32\RazerCoinstaller.dll 2015-07-26 23:04 - 2015-07-26 23:06 - 00000000 ____D C:\Users\Christian\Desktop\FH Bewerbungen WiSe_2015 2015-07-25 13:56 - 2015-08-11 20:35 - 00000000 ____D C:\Users\Christian\AppData\Roaming\Everything 2015-07-25 13:56 - 2015-07-25 13:56 - 00000000 ____D C:\Users\Christian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Everything 2015-07-25 13:56 - 2015-07-25 13:56 - 00000000 ____D C:\Program Files\Everything 2015-07-23 07:50 - 2015-04-30 22:35 - 00124112 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll 2015-07-23 07:50 - 2015-04-30 22:35 - 00102608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll 2015-07-23 07:41 - 2014-06-10 00:13 - 00035480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TsWpfWrp.exe 2015-07-23 07:41 - 2014-06-10 00:13 - 00035480 _____ (Microsoft Corporation) C:\Windows\system32\TsWpfWrp.exe 2015-07-21 21:26 - 2015-07-23 18:33 - 00000000 ____D C:\Program Files (x86)\Mozilla Thunderbird 2015-07-21 18:45 - 2015-07-21 18:45 - 00000000 ____D C:\Users\Christian\AppData\Roaming\Publish Providers 2015-07-21 18:42 - 2015-08-09 22:31 - 00000000 ____D C:\Users\Christian\Documents\Movie Studio Platinum 12.0 Projekte 2015-07-21 18:41 - 2015-07-21 18:42 - 00000000 ____D C:\Users\Christian\AppData\Local\Sony 2015-07-21 18:41 - 2015-07-21 18:41 - 00000000 ____D C:\ProgramData\Sony 2015-07-21 18:41 - 2015-07-21 18:41 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sony 2015-07-21 18:41 - 2015-07-21 18:41 - 00000000 ____D C:\Program Files\Sony 2015-07-21 18:41 - 2015-07-21 18:41 - 00000000 ____D C:\Program Files (x86)\Sony 2015-07-21 18:35 - 2015-07-21 18:35 - 00000000 ____D C:\Windows\SysWOW64\XPSViewer 2015-07-21 18:35 - 2015-07-21 18:35 - 00000000 ____D C:\Program Files\Reference Assemblies 2015-07-21 18:35 - 2015-07-21 18:35 - 00000000 ____D C:\Program Files\MSBuild 2015-07-21 18:35 - 2015-07-21 18:35 - 00000000 ____D C:\Program Files (x86)\Reference Assemblies 2015-07-21 18:35 - 2015-07-21 18:35 - 00000000 ____D C:\Program Files (x86)\MSBuild 2015-07-21 18:34 - 2013-08-03 06:48 - 01166520 _____ (Microsoft Corporation) C:\Windows\system32\PresentationNative_v0300.dll 2015-07-21 18:34 - 2013-08-03 06:41 - 00778936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PresentationNative_v0300.dll 2015-07-21 18:31 - 2015-07-21 18:54 - 00000000 ____D C:\Users\Christian\AppData\Roaming\Sony 2015-07-21 17:17 - 2015-07-14 16:14 - 00358912 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll 2015-07-21 17:17 - 2015-07-14 16:14 - 00301056 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll 2015-07-21 17:17 - 2015-07-14 16:14 - 00035840 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll 2015-07-21 17:17 - 2015-07-14 16:13 - 00044032 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll 2015-07-20 22:53 - 2015-05-12 02:24 - 00536920 _____ (Microsoft Corporation) C:\Windows\system32\mcupdate_GenuineIntel.dll 2015-07-20 22:53 - 2015-05-01 03:13 - 06521800 _____ (Microsoft Corporation) C:\Windows\system32\sppsvc.exe 2015-07-20 22:53 - 2015-05-01 03:13 - 01488000 _____ (Microsoft Corporation) C:\Windows\system32\sppobjs.dll 2015-07-20 22:53 - 2015-05-01 03:13 - 00261376 _____ (Microsoft Corporation) C:\Windows\system32\sppwinob.dll 2015-07-15 19:51 - 2015-06-28 07:07 - 00442712 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll 2015-07-15 19:51 - 2015-06-28 07:07 - 00178008 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys 2015-07-15 19:51 - 2015-06-28 07:06 - 01311960 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll 2015-07-15 19:51 - 2015-06-28 07:06 - 00332120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll 2015-07-15 19:51 - 2015-06-27 18:42 - 00747520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll 2015-07-15 19:51 - 2015-06-27 05:13 - 00202240 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys 2015-07-15 19:51 - 2015-06-27 05:12 - 00401408 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys 2015-07-15 19:51 - 2015-06-27 05:12 - 00284672 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys 2015-07-15 19:51 - 2015-06-27 04:40 - 00445440 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll 2015-07-15 19:51 - 2015-06-27 04:05 - 01441792 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll 2015-07-15 19:51 - 2015-06-27 04:00 - 00989184 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll 2015-07-15 19:51 - 2015-06-27 03:53 - 00324096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll 2015-07-15 19:51 - 2015-06-27 03:26 - 00802816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll 2015-07-15 19:51 - 2015-06-25 04:31 - 04177920 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys 2015-07-15 19:50 - 2015-07-09 21:51 - 00136904 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe 2015-07-15 19:50 - 2015-07-09 20:40 - 00359936 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll 2015-07-15 19:50 - 2015-07-09 18:03 - 03701760 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll 2015-07-15 19:50 - 2015-07-09 17:54 - 00035840 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe 2015-07-15 19:50 - 2015-07-09 17:53 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll 2015-07-15 19:50 - 2015-07-09 17:50 - 00409088 _____ (Microsoft Corporation) C:\Windows\system32\WUSettingsProvider.dll 2015-07-15 19:50 - 2015-07-09 17:50 - 00095744 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll 2015-07-15 19:50 - 2015-07-09 17:48 - 00891904 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll 2015-07-15 19:50 - 2015-07-09 17:46 - 02229248 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll 2015-07-15 19:50 - 2015-07-09 17:38 - 00029696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe 2015-07-15 19:50 - 2015-07-09 17:37 - 00124928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll 2015-07-15 19:50 - 2015-07-09 17:35 - 00081920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll 2015-07-15 19:50 - 2015-07-09 17:34 - 00721920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll 2015-07-15 19:50 - 2015-06-27 05:08 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll 2015-07-15 19:50 - 2015-06-27 05:08 - 00052224 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll 2015-07-15 19:50 - 2015-06-27 04:14 - 00027136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll 2015-07-15 19:50 - 2015-05-30 23:18 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\werdiagcontroller.dll 2015-07-15 19:50 - 2015-05-30 21:36 - 00230400 _____ (Microsoft Corporation) C:\Windows\system32\AudioEndpointBuilder.dll 2015-07-15 19:50 - 2015-05-30 21:35 - 00911360 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll 2015-07-15 19:49 - 2015-07-02 23:21 - 19877376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2015-07-15 19:49 - 2015-07-02 22:49 - 25193984 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2015-07-15 19:49 - 2015-07-02 00:08 - 05923840 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2015-07-15 19:49 - 2015-07-01 23:14 - 04520448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2015-07-15 19:49 - 2015-06-16 00:41 - 00065024 _____ (Microsoft Corporation) C:\Windows\system32\msiexec.exe 2015-07-15 19:49 - 2015-06-16 00:24 - 03320320 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll 2015-07-15 19:49 - 2015-06-15 23:16 - 00059904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msiexec.exe 2015-07-15 19:49 - 2015-06-15 23:09 - 03607552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll 2015-07-15 19:49 - 2015-06-15 22:50 - 02774528 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll 2015-07-15 19:49 - 2015-06-15 21:57 - 02460160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll 2015-07-15 19:49 - 2015-03-09 04:02 - 00067584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\storvsp.sys 2015-07-15 19:48 - 2015-07-02 22:50 - 02279424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2015-07-15 19:48 - 2015-07-02 22:23 - 02885632 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2015-07-15 19:48 - 2015-07-02 22:19 - 12855296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2015-07-15 19:48 - 2015-07-02 21:55 - 01310720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2015-07-15 19:48 - 2015-07-02 21:20 - 14453248 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2015-07-15 19:48 - 2015-07-02 20:59 - 01545728 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2015-07-15 19:48 - 2015-06-16 07:36 - 01661576 _____ (Microsoft Corporation) C:\Windows\system32\ole32.dll 2015-07-15 19:48 - 2015-06-16 07:36 - 01212248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ole32.dll 2015-07-15 19:48 - 2015-06-16 00:39 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll 2015-07-15 19:48 - 2015-06-16 00:38 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll 2015-07-15 19:48 - 2015-06-16 00:26 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2015-07-15 19:48 - 2015-06-16 00:24 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll 2015-07-15 19:48 - 2015-06-16 00:02 - 00087552 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx 2015-07-15 19:48 - 2015-06-15 23:58 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll 2015-07-15 19:48 - 2015-06-15 23:57 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2015-07-15 19:48 - 2015-06-15 23:56 - 00145408 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll 2015-07-15 19:48 - 2015-06-15 23:55 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll 2015-07-15 19:48 - 2015-06-15 23:49 - 01032704 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll 2015-07-15 19:48 - 2015-06-15 23:41 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll 2015-07-15 19:48 - 2015-06-15 23:38 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2015-07-15 19:48 - 2015-06-15 23:36 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2015-07-15 19:48 - 2015-06-15 23:17 - 02880000 _____ (Microsoft Corporation) C:\Windows\system32\actxprxy.dll 2015-07-15 19:48 - 2015-06-15 23:16 - 02427392 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2015-07-15 19:48 - 2015-06-15 23:15 - 00504320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll 2015-07-15 19:48 - 2015-06-15 23:13 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll 2015-07-15 19:48 - 2015-06-15 23:04 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2015-07-15 19:48 - 2015-06-15 23:03 - 00664064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll 2015-07-15 19:48 - 2015-06-15 22:52 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll 2015-07-15 19:48 - 2015-06-15 22:47 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx 2015-07-15 19:48 - 2015-06-15 22:44 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll 2015-07-15 19:48 - 2015-06-15 22:43 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll 2015-07-15 19:48 - 2015-06-15 22:42 - 00128000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll 2015-07-15 19:48 - 2015-06-15 22:41 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll 2015-07-15 19:48 - 2015-06-15 22:37 - 00880128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll 2015-07-15 19:48 - 2015-06-15 22:32 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll 2015-07-15 19:48 - 2015-06-15 22:31 - 00689152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2015-07-15 19:48 - 2015-06-15 22:30 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl 2015-07-15 19:48 - 2015-06-15 22:30 - 00327168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll 2015-07-15 19:48 - 2015-06-15 22:17 - 01048576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\actxprxy.dll 2015-07-15 19:48 - 2015-06-15 22:07 - 01951232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2015-07-15 19:48 - 2015-06-15 22:02 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll 2015-07-15 19:48 - 2015-06-11 05:49 - 01380600 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll 2015-07-15 19:48 - 2015-06-10 18:13 - 01097216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll 2015-07-15 12:20 - 2015-07-15 12:20 - 00103424 _____ (Advanced Micro Devices) C:\Windows\system32\DelayAPO.dll 2015-07-15 12:20 - 2015-07-15 12:20 - 00102912 _____ (Advanced Micro Devices) C:\Windows\system32\Drivers\AtihdWB6.sys 2015-07-14 20:35 - 2015-06-30 00:43 - 00026288 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe 2015-07-14 20:35 - 2015-06-29 17:07 - 01145856 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll 2015-07-14 20:35 - 2015-06-29 17:07 - 00764928 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll 2015-07-14 20:35 - 2015-06-29 17:07 - 00433152 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll 2015-07-14 20:35 - 2015-06-29 17:07 - 00067584 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll 2015-07-14 20:35 - 2015-06-27 01:21 - 00726528 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll 2015-07-14 20:35 - 2015-06-27 01:21 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll 2015-07-14 20:35 - 2015-05-12 15:19 - 00294912 _____ (Microsoft Corporation) C:\Windows\system32\SystemEventsBrokerServer.dll 2015-07-14 20:35 - 2015-05-11 18:34 - 00332800 _____ (Microsoft Corporation) C:\Windows\system32\fhcpl.dll 2015-07-14 20:35 - 2015-05-07 19:50 - 22292672 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll 2015-07-14 20:35 - 2015-05-07 19:00 - 03109376 _____ (Microsoft Corporation) C:\Windows\system32\ExplorerFrame.dll 2015-07-14 20:35 - 2015-05-07 18:53 - 19734960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll 2015-07-14 20:35 - 2015-05-07 18:47 - 00564224 _____ (Microsoft Corporation) C:\Windows\system32\apphelp.dll 2015-07-14 20:35 - 2015-05-07 18:12 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ExplorerFrame.dll 2015-07-14 20:35 - 2015-05-07 17:21 - 00522240 _____ (Microsoft Corporation) C:\Windows\system32\GeofenceMonitorService.dll 2015-07-14 20:35 - 2015-05-07 17:05 - 00367104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\GeofenceMonitorService.dll 2015-07-14 20:35 - 2015-05-03 17:09 - 00274944 _____ (Microsoft Corporation) C:\Windows\system32\Windows.ApplicationModel.Store.TestingFramework.dll 2015-07-14 20:35 - 2015-05-03 17:07 - 07784448 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Data.Pdf.dll 2015-07-14 20:35 - 2015-05-03 16:58 - 00210944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll 2015-07-14 20:35 - 2015-05-03 16:57 - 05264384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Data.Pdf.dll 2015-07-14 20:35 - 2015-05-03 16:55 - 00971776 _____ (Microsoft Corporation) C:\Windows\system32\WSShared.dll 2015-07-14 20:35 - 2015-05-03 16:49 - 00811008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSShared.dll 2015-07-14 20:35 - 2015-05-03 02:39 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll 2015-07-14 20:35 - 2015-04-30 01:22 - 00130048 _____ (Microsoft Corporation) C:\Windows\system32\WiFiDisplay.dll 2015-07-14 20:35 - 2015-04-28 15:13 - 00513480 _____ C:\Windows\SysWOW64\locale.nls 2015-07-14 20:35 - 2015-04-28 15:13 - 00513480 _____ C:\Windows\system32\locale.nls 2015-07-14 20:35 - 2015-04-25 04:25 - 00020992 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usb8023.sys 2015-07-14 20:35 - 2015-04-23 17:47 - 03084288 _____ (Microsoft Corporation) C:\Windows\system32\msftedit.dll 2015-07-14 20:35 - 2015-04-23 17:16 - 02471424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msftedit.dll 2015-07-13 19:19 - 2015-07-13 19:19 - 00053787 _____ C:\Windows\SysWOW64\CCCInstall_201507131919386011.log 2015-07-13 19:19 - 2015-07-13 19:19 - 00000000 ____D C:\Program Files (x86)\AMD 2015-07-13 17:19 - 2015-07-13 17:19 - 00169152 _____ C:\Windows\system32\ativce03.dat 2015-07-13 17:19 - 2015-07-13 17:19 - 00167456 _____ C:\Windows\system32\amde31a.dat 2015-07-13 09:34 - 2015-07-13 09:34 - 00200920 _____ (Razer Inc) C:\Windows\system32\Drivers\rzudd.sys 2015-07-13 09:34 - 2015-07-13 09:34 - 00049872 _____ (Razer Inc) C:\Windows\system32\Drivers\rzendpt.sys ==================== Ein Monat: Geänderte Dateien und Ordner ======== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.) 2015-08-11 21:04 - 2015-05-18 19:04 - 00000945 _____ C:\Windows\Tasks\EPSON XP-412 413 415 Series Update {138DC8C1-9376-4B23-B6AD-BB2F375DE385}.job 2015-08-11 21:04 - 2015-05-18 19:04 - 00000759 _____ C:\Windows\Tasks\EPSON XP-412 413 415 Series Invitation {138DC8C1-9376-4B23-B6AD-BB2F375DE385}.job 2015-08-11 21:04 - 2015-04-11 16:43 - 00000000 ____D C:\Users\Christian\AppData\Roaming\Nitro PDF 2015-08-11 21:02 - 2015-04-03 15:40 - 00001144 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2015-08-11 21:02 - 2015-04-03 15:40 - 00001140 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2015-08-11 21:02 - 2013-08-22 17:36 - 00000000 ____D C:\Windows\system32\sru 2015-08-11 21:01 - 2015-04-03 16:26 - 00000000 ____D C:\Users\Christian\AppData\Roaming\AgileBits 2015-08-11 20:55 - 2015-06-14 17:44 - 00000000 ____D C:\Users\Christian\AppData\Roaming\Skype 2015-08-11 20:50 - 2015-04-03 15:36 - 00000000 ____D C:\Users\Christian 2015-08-11 20:49 - 2015-04-03 16:19 - 00000000 ____D C:\Users\Christian\AppData\Roaming\ClassicShell 2015-08-11 20:45 - 2015-04-03 15:36 - 00000000 ____D C:\Users\Christian\AppData\Local\VirtualStore 2015-08-11 20:43 - 2014-09-24 08:16 - 01776918 _____ C:\Windows\system32\PerfStringBackup.INI 2015-08-11 20:43 - 2014-09-24 07:43 - 00764340 _____ C:\Windows\system32\perfh007.dat 2015-08-11 20:43 - 2014-09-24 07:43 - 00159160 _____ C:\Windows\system32\perfc007.dat 2015-08-11 20:40 - 2015-05-16 01:44 - 00000000 ____D C:\Users\Christian\AppData\Roaming\mIRC 2015-08-11 20:37 - 2015-04-13 22:26 - 00113880 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2015-08-11 20:37 - 2015-04-03 16:24 - 00000000 ____D C:\Users\Christian\AppData\Roaming\Dropbox 2015-08-11 20:37 - 2013-08-22 16:45 - 00000006 ____H C:\Windows\Tasks\SA.DAT 2015-08-11 20:36 - 2013-08-22 15:25 - 00262144 ___SH C:\Windows\system32\config\BBI 2015-08-11 20:35 - 2015-06-12 22:25 - 00001266 _____ C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-3557826585-2545589941-765533996-1001UA.job 2015-08-11 20:16 - 2015-04-03 15:41 - 00003598 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3557826585-2545589941-765533996-1001 2015-08-11 20:09 - 2015-04-03 17:52 - 00003962 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{27C6D7FB-4289-49E3-A0CE-D5E22103A395} 2015-08-11 14:01 - 2015-05-28 20:28 - 00000000 ____D C:\Users\Christian\AppData\Local\Adobe 2015-08-10 13:35 - 2015-06-12 22:25 - 00001214 _____ C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-3557826585-2545589941-765533996-1001Core.job 2015-08-10 12:39 - 2015-04-03 15:42 - 00000000 ____D C:\ProgramData\Package Cache 2015-08-10 11:50 - 2015-04-03 23:30 - 00000000 ____D C:\Users\Christian\Desktop\Sortieren 2015-08-10 11:22 - 2015-04-03 15:41 - 00000000 ____D C:\AMD 2015-08-10 01:07 - 2015-04-13 23:44 - 00000600 _____ C:\Users\Christian\AppData\Roaming\winscp.rnd 2015-08-09 22:47 - 2015-04-04 22:27 - 00000000 ____D C:\Users\Christian\AppData\Roaming\vlc 2015-08-07 00:31 - 2015-05-05 18:30 - 00000000 ____D C:\ProgramData\boost_interprocess 2015-08-06 19:42 - 2013-08-22 17:36 - 00000000 ____D C:\Windows\AppReadiness 2015-08-06 19:37 - 2015-04-03 15:36 - 00000000 ____D C:\Users\Christian\AppData\Local\Packages 2015-08-03 00:20 - 2015-04-03 18:00 - 00000000 ____D C:\ProgramData\Origin 2015-08-02 16:23 - 2013-08-22 17:20 - 00000000 ____D C:\Windows\CbsTemp 2015-08-02 16:22 - 2015-05-16 17:11 - 00000000 ____D C:\Program Files (x86)\BlueStacks 2015-08-02 16:03 - 2013-03-31 17:20 - 00001371 _____ C:\Users\Christian\Desktop\Systemwiederherstellung.lnk 2015-08-02 11:01 - 2015-05-16 17:11 - 00000000 ____D C:\ProgramData\BlueStacksSetup 2015-08-01 12:22 - 2015-04-03 15:44 - 00000000 ____D C:\Program Files (x86)\Razer 2015-07-30 18:36 - 2015-04-03 16:22 - 00000000 ____D C:\Program Files (x86)\1Password 4 2015-07-29 05:42 - 2015-03-19 06:15 - 00133016 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atiuxpag.dll 2015-07-29 05:42 - 2015-03-19 06:15 - 00120144 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atiu9p64.dll 2015-07-29 05:42 - 2014-07-21 22:04 - 00152056 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atiuxp64.dll 2015-07-29 05:42 - 2014-07-21 22:04 - 00102616 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atiu9pag.dll 2015-07-29 05:41 - 2014-07-21 22:04 - 11948704 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atidxx64.dll 2015-07-29 05:41 - 2014-07-21 22:04 - 01445224 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\aticfx64.dll 2015-07-29 05:41 - 2014-07-21 22:04 - 01193904 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\aticfx32.dll 2015-07-29 05:40 - 2015-03-19 06:14 - 10094152 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atidxx32.dll 2015-07-29 05:40 - 2014-07-21 22:04 - 07929616 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atiumdva.dll 2015-07-29 05:40 - 2014-07-21 22:04 - 07408936 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atiumdag.dll 2015-07-29 05:39 - 2015-03-19 06:14 - 08893160 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atiumd6a.dll 2015-07-29 05:39 - 2015-03-19 06:14 - 08779872 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atiumd64.dll 2015-07-29 04:26 - 2015-03-19 04:04 - 00442368 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\atidemgy.dll 2015-07-29 04:22 - 2015-03-19 03:40 - 01247744 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\atiadlxx.dll 2015-07-29 04:17 - 2015-06-23 03:21 - 00865792 _____ (AMD) C:\Windows\system32\coinst_15.20.dll 2015-07-28 22:07 - 2015-04-03 16:57 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service 2015-07-28 21:05 - 2015-07-10 19:29 - 00000000 ___HD C:\$Windows.~BT 2015-07-28 21:00 - 2015-04-03 16:31 - 00000000 ____D C:\Windows\Panther 2015-07-25 15:20 - 2013-08-22 17:36 - 00000000 ____D C:\Windows\rescache 2015-07-25 13:39 - 2015-05-16 22:38 - 00000000 ____D C:\Program Files\CCleaner 2015-07-25 13:37 - 2015-04-03 16:44 - 00000000 ___SD C:\Windows\system32\GWX 2015-07-23 07:54 - 2015-05-17 13:55 - 00000000 ____D C:\Program Files\Microsoft Office 15 2015-07-21 18:35 - 2013-08-22 17:36 - 00000000 ____D C:\Windows\SysWOW64\MUI 2015-07-21 18:35 - 2013-08-22 17:36 - 00000000 ____D C:\Windows\system32\MUI 2015-07-20 18:25 - 2015-05-25 11:16 - 00000000 ____D C:\Users\Christian\AppData\Local\Greenshot 2015-07-19 13:30 - 2015-06-12 22:25 - 00004220 _____ C:\Windows\System32\Tasks\DropboxUpdateTaskUserS-1-5-21-3557826585-2545589941-765533996-1001UA 2015-07-19 13:30 - 2015-06-12 22:25 - 00003840 _____ C:\Windows\System32\Tasks\DropboxUpdateTaskUserS-1-5-21-3557826585-2545589941-765533996-1001Core 2015-07-17 19:38 - 2015-04-03 16:44 - 00000000 ___SD C:\Windows\SysWOW64\GWX 2015-07-16 20:57 - 2015-04-03 15:40 - 00004116 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA 2015-07-16 20:57 - 2015-04-03 15:40 - 00003880 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore 2015-07-15 23:38 - 2013-08-22 17:36 - 00000000 ___RD C:\Windows\ToastData 2015-07-15 23:38 - 2013-08-22 17:36 - 00000000 ____D C:\Windows\WinStore 2015-07-15 23:38 - 2013-08-22 17:36 - 00000000 ____D C:\Windows\PolicyDefinitions 2015-07-15 23:34 - 2015-04-03 15:57 - 00000000 ____D C:\Windows\system32\MRT 2015-07-15 19:45 - 2015-04-03 16:39 - 00000000 ____D C:\Windows\system32\appraiser 2015-07-15 19:45 - 2014-09-24 09:41 - 00000000 ___SD C:\Windows\system32\CompatTel 2015-07-13 23:10 - 2014-09-24 09:43 - 00792568 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2015-07-13 23:10 - 2014-09-24 09:43 - 00178168 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2015-07-13 19:18 - 2015-04-03 15:41 - 00000000 ____D C:\Program Files\AMD 2015-07-13 19:16 - 2015-06-14 17:44 - 00000000 ___RD C:\Program Files (x86)\Skype 2015-07-13 19:16 - 2015-06-14 17:44 - 00000000 ____D C:\ProgramData\Skype 2015-07-12 16:25 - 2015-07-11 21:30 - 00000448 __RSH C:\ProgramData\ntuser.pol ==================== Dateien im Wurzelverzeichnis einiger Verzeichnisse ======= 2015-04-13 23:44 - 2015-08-10 01:07 - 0000600 _____ () C:\Users\Christian\AppData\Roaming\winscp.rnd 2015-04-12 00:45 - 2015-06-16 23:24 - 0000600 _____ () C:\Users\Christian\AppData\Local\PUTTY.RND Einige Dateien in TEMP: ==================== C:\Users\Christian\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpej5y3l.dll ==================== Bamital & volsnap Check ================= (Es ist kein automatischer Fix für Dateien vorhanden, die an der Verifikation gescheitert sind.) C:\Windows\system32\winlogon.exe => Datei ist digital signiert C:\Windows\system32\wininit.exe => Datei ist digital signiert C:\Windows\explorer.exe => Datei ist digital signiert C:\Windows\SysWOW64\explorer.exe => Datei ist digital signiert C:\Windows\system32\svchost.exe => Datei ist digital signiert C:\Windows\SysWOW64\svchost.exe => Datei ist digital signiert C:\Windows\system32\services.exe => Datei ist digital signiert C:\Windows\system32\User32.dll => Datei ist digital signiert C:\Windows\SysWOW64\User32.dll => Datei ist digital signiert C:\Windows\system32\userinit.exe => Datei ist digital signiert C:\Windows\SysWOW64\userinit.exe => Datei ist digital signiert C:\Windows\system32\rpcss.dll => Datei ist digital signiert C:\Windows\system32\dnsapi.dll => Datei ist digital signiert C:\Windows\SysWOW64\dnsapi.dll => Datei ist digital signiert C:\Windows\system32\Drivers\volsnap.sys => Datei ist digital signiert LastRegBack: 2015-08-06 19:19 ==================== Ende von Ergebnis ============================ Code:
ATTFilter Zusätzliches Untersuchungsergebnis von Farbar Recovery Scan Tool (x64) Version:11-08-2015 durchgeführt von Christian (2015-08-11 21:04:10) Gestartet von C:\Users\Christian\Downloads Start-Modus: Normal ========================================================== ==================== Konten: ============================= Administrator (S-1-5-21-3557826585-2545589941-765533996-500 - Administrator - Disabled) Alexander (S-1-5-21-3557826585-2545589941-765533996-1003 - Limited - Enabled) Christian (S-1-5-21-3557826585-2545589941-765533996-1001 - Administrator - Enabled) => C:\Users\Christian Gast (S-1-5-21-3557826585-2545589941-765533996-501 - Limited - Disabled) ==================== Sicherheits-Center ======================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er entfernt.) AV: ESET Smart Security 8.0 (Enabled - Up to date) {19259FAE-8396-A113-46DB-15B0E7DFA289} AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: ESET Smart Security 8.0 (Enabled - Up to date) {A2447E4A-A5AC-AE9D-7C6B-2EC29C58E834} FW: ESET Personal Firewall (Enabled) {211E1E8B-C9F9-A04B-6D84-BC85190CE5F2} ==================== Installierte Programme ====================== (Nur Adware-Programme mit dem Zusatz "Hidden" können in die Fixlist aufgenommen werden, um sie sichtbar zu machen. Die Adware-Programme sollten manuell deinstalliert werden.) 1Password 4.6.0.584 (HKLM-x32\...\1Password4_is1) (Version: 4.0 - AgileBits) 7-Zip 9.38 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0938-000001000000}) (Version: 9.38.00.0 - Igor Pavlov) Adobe Photoshop CS2 (HKLM-x32\...\Adobe Photoshop CS2 - {236BB7C4-4419-42FD-0407-1E257A25E34D}) (Version: 9.0 - Adobe Systems, Inc.) Adobe Photoshop Elements 13 (HKLM-x32\...\{609818B9-23EB-4196-B466-EFE05E92A32F}) (Version: 13.0 - Adobe Systems Incorporated) AMD Catalyst Install Manager (HKLM\...\{DA9FFDE7-5474-DE51-8729-76A31DB5682B}) (Version: 8.0.916.0 - Advanced Micro Devices, Inc.) ANT Drivers Installer x64 (Version: 2.3.4 - Garmin Ltd or its subsidiaries) Hidden ASUS Xonar DX Audio (HKLM-x32\...\{71B53BA8-4BE3-49AF-BC3E-07F392008788}) (Version: - ASUSTeK Computer Inc.) Battlefield 3™ (HKLM-x32\...\{76285C16-411A-488A-BCE3-C83CB933D8CF}) (Version: 1.6.0.0 - Electronic Arts) Battlefield 4™ (HKLM-x32\...\{ABADE36E-EC37-413B-8179-B432AD3FACE7}) (Version: 1.4.2.30944 - Electronic Arts) Battlefield: Bad Company™ 2 (HKLM-x32\...\{3AC8457C-0385-4BEA-A959-E095F05D6D67}) (Version: 1.0.1.0 - Electronic Arts) Biet-O-Matic v2.14.12 (HKLM-x32\...\Biet-O-Matic v2.14.12) (Version: 2.14.12 - BOM Development Team) BlueStacks App Player (HKLM-x32\...\BlueStacks App Player) (Version: 0.9.30.9239 - BlueStack Systems, Inc.) BlueStacks Notification Center (HKLM-x32\...\{79809712-A577-4B8C-A9FC-51945690C7DC}) (Version: 0.9.30.9239 - BlueStack Systems, Inc.) Bonjour (HKLM\...\{E4F5E48E-7155-4CF9-88CD-7F377EC9AC54}) (Version: 2.0.4.0 - Apple Inc.) Boxcryptor 2.1 (HKLM-x32\...\{1981BB13-D371-48B4-96C3-83BD9BEFEE12}) (Version: 2.1.417.123 - Secomba GmbH) Canon IJ Network Scanner Selector EX (HKLM-x32\...\Canon_IJ_Network_Scanner_Selector_EX) (Version: - Canon Inc.) Canon IJ Network Tool (HKLM-x32\...\Canon_IJ_Network_UTILITY) (Version: 3.2.0 - Canon Inc.) Canon IJ Scan Utility (HKLM-x32\...\Canon_IJ_Scan_Utility) (Version: - Canon Inc.) Canon MX920 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MX920_series) (Version: 1.00 - Canon Inc.) Catalyst Control Center (HKLM-x32\...\WUCCCApp) (Version: 1.00.0000 - AMD) CCleaner (HKLM\...\CCleaner) (Version: 5.08 - Piriform) CDBurnerXP (HKLM-x32\...\{7E265513-8CDA-4631-B696-F40D983F3B07}_is1) (Version: 4.5.5.5642 - CDBurnerXP) CDex - Open Source Digital Audio CD Extractor (HKLM-x32\...\CDex) (Version: 1.78.0.2015 - Georgy Berdyshev) Classic Shell (HKLM\...\{840C85B7-D3D6-4143-9AF9-DAE80FD54CFC}) (Version: 4.1.0 - IvoSoft) Dropbox (HKU\S-1-5-21-3557826585-2545589941-765533996-1001\...\Dropbox) (Version: 3.8.6 - Dropbox, Inc.) Elevated Installer (x32 Version: 4.1.5.0 - Garmin Ltd or its subsidiaries) Hidden EPSON XP-412 413 415 Series Printer Uninstall (HKLM\...\EPSON XP-412 413 415 Series) (Version: - SEIKO EPSON Corporation) ESET Smart Security (HKLM\...\{7BB8ADC6-BA3A-4757-9BE8-4485C651C99C}) (Version: 8.0.312.3 - ESET, spol s r. o.) Everything 1.3.4.686 (x64) (HKLM\...\Everything) (Version: - ) FAHClient (HKLM-x32\...\FAHClient) (Version: 7.4.4 - Stanford University) Fraps (remove only) (HKLM-x32\...\Fraps) (Version: - ) Gamers.IRC 6.07 (HKLM-x32\...\Gamers.IRC) (Version: - ) Garmin Express (HKLM-x32\...\{42f02a91-da9c-48e1-8dc5-37f4449db969}) (Version: 4.1.5.0 - Garmin Ltd or its subsidiaries) Garmin Express (x32 Version: 4.1.5.0 - Garmin Ltd or its subsidiaries) Hidden Garmin Express Tray (x32 Version: 4.1.5.0 - Garmin Ltd or its subsidiaries) Hidden GhostMouse (HKLM-x32\...\GhostMouse_is1) (Version: Free V3.1 - AutomaticSolution Software) Google Chrome (HKLM-x32\...\Google Chrome) (Version: 44.0.2403.130 - Google Inc.) Google Update Helper (x32 Version: 1.3.24.15 - Google Inc.) Hidden Google Update Helper (x32 Version: 1.3.28.1 - Google Inc.) Hidden Greenshot 1.2.4.10 (HKLM\...\Greenshot_is1) (Version: 1.2.4.10 - Greenshot) Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3958 - Intel Corporation) LAME v3.99.3 (for Windows) (HKLM-x32\...\LAME_is1) (Version: - ) LibreOffice 4.3.7.2 (HKLM-x32\...\{8ED4A1FC-56CF-414C-A9AB-A37714AA9EA7}) (Version: 4.3.7.2 - The Document Foundation) LiveUSB Creator (remove only) (HKLM-x32\...\LiveUSB Creator) (Version: - ) Malwarebytes Anti-Malware Version 2.1.8.1057 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.8.1057 - Malwarebytes Corporation) Medal of Honor (TM) (HKLM-x32\...\{415030B8-3E8B-462A-8C03-41D95AA3AB3B}) (Version: 1.0.0.0 - Electronic Arts) Microsoft Office Home and Student 2013 - de-de (HKLM\...\HomeStudentRetail - de-de) (Version: 15.0.4737.1003 - Microsoft Corporation) Microsoft SkyDrive (HKU\S-1-5-21-3557826585-2545589941-765533996-1001\...\SkyDriveSetup.exe) (Version: 16.4.6012.0828 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{6AFCA4E1-9B78-3640-8F72-A7BF33448200}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation) Movie Studio Platinum 12.0 (64-bit) (HKLM\...\{6C3C3A70-958D-11E2-B0E5-F04DA23A5C58}) (Version: 12.0.896 - Sony) Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 31.6.0 - Mozilla) Mozilla Thunderbird 38.1.0 (x86 de) (HKLM-x32\...\Mozilla Thunderbird 38.1.0 (x86 de)) (Version: 38.1.0 - Mozilla) MSI Afterburner 4.0.0 (HKLM-x32\...\Afterburner) (Version: 4.0.0 - MSI Co., LTD) Nitro Reader 3 (HKLM\...\{47220B83-D895-4262-9227-E5D8FA7F7384}) (Version: 3.5.2.10 - Nitro) NVIDIA PhysX (HKLM-x32\...\{1C4551A6-4743-4093-91E4-1477CD655043}) (Version: 9.09.0203 - NVIDIA Corporation) Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4737.1003 - Microsoft Corporation) Hidden Office 15 Click-to-Run Licensing Component (Version: 15.0.4737.1003 - Microsoft Corporation) Hidden Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4737.1003 - Microsoft Corporation) Hidden OpenAL (HKLM-x32\...\OpenAL) (Version: - ) Origin (HKLM-x32\...\Origin) (Version: 9.5.11.2855 - Electronic Arts, Inc.) Paragon Backup and Recovery™ 2014 Free (HKLM\...\{C268B5E1-A5DA-11DF-A289-005056C00008}) (Version: 90.00.0003 - Paragon Software) PDF24 Creator 6.9.2 (HKLM-x32\...\{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1) (Version: - PDF24.org) Polar FlowSync Version 2.3.8 (HKLM-x32\...\{A1538F5C-7B65-4DB6-9FFB-FFC0DF2E85D8}_is1) (Version: 2.3.8 - Polar Electro Oy) PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.991 - Even Balance, Inc.) PVZ Garden Warfare (HKLM-x32\...\{A5AC7D7B-C1D5-4AF9-8829-993DA335BE1B}) (Version: 1.0.3.0 - Electronic Arts) Rainlendar2 (remove only) (HKLM-x32\...\Rainlendar2) (Version: - ) Razer Synapse (HKLM-x32\...\{0D78BEE2-F8FF-4498-AF1A-3FF81CED8AC6}) (Version: 1.18.19.25502 - Razer Inc.) RivaTuner Statistics Server 6.2.0 (HKLM-x32\...\RTSS) (Version: 6.2.0 - Unwinder) Skype™ 7.6 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.6.105 - Skype Technologies S.A.) TeamViewer 10 (HKLM-x32\...\TeamViewer) (Version: 10.0.43879 - TeamViewer) Telegram Desktop version 0.8.48 (HKU\S-1-5-21-3557826585-2545589941-765533996-1001\...\{53F49750-6209-4FBF-9CA8-7A333C87D1ED}_is1) (Version: 0.8.48 - Telegram Messenger LLP) Titanfall™ (HKLM-x32\...\{347EE0C3-0690-48F6-A231-53853C2A80D6}) (Version: 1.0.10.1 - Electronic Arts) Total Commander 64-bit (Remove or Repair) (HKLM-x32\...\Totalcmd64) (Version: 8.51a - Ghisler Software GmbH) Universal Adb Driver (HKLM-x32\...\{D9C4202E-6D51-4B06-A8F1-22316E654BCA}) (Version: 1.0.0 - ClockworkMod) VLC media player (HKLM\...\VLC media player) (Version: 2.2.0 - VideoLAN) Windows-Treiberpaket - Dynastream Innovations, Inc. ANT LibUSB Drivers (04/11/2012 1.2.40.201) (HKLM\...\F9D2A789F9CFF8CEC36B544F53877C80F1F73C46) (Version: 04/11/2012 1.2.40.201 - Dynastream Innovations, Inc.) Windows-Treiberpaket - Silicon Labs Software (DSI_SiUSBXp_3_1) USB (02/06/2007 3.1) (HKLM\...\D1506E0025B5A3F9EB8270FE81C1EEDD9388B8A2) (Version: 02/06/2007 3.1 - Silicon Labs Software) WinSCP 5.7.5 (HKLM-x32\...\winscp3_is1) (Version: 5.7.5 - Martin Prikryl) ==================== Benutzerdefinierte CLSID (Nicht auf der Ausnahmeliste): ========================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.) CustomCLSID: HKU\S-1-5-21-3557826585-2545589941-765533996-1001_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Christian\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-3557826585-2545589941-765533996-1001_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\Windows\system32\igfxEM.exe (Intel Corporation) CustomCLSID: HKU\S-1-5-21-3557826585-2545589941-765533996-1001_Classes\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}\InprocServer32 -> C:\Users\Christian\AppData\Local\Microsoft\SkyDrive\16.4.6012.0828_1\amd64\SkyDriveShell64.dll (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-3557826585-2545589941-765533996-1001_Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}\InprocServer32 -> C:\Users\Christian\AppData\Local\Microsoft\SkyDrive\16.4.6012.0828_1\amd64\SkyDriveShell64.dll (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-3557826585-2545589941-765533996-1001_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Users\Christian\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-3557826585-2545589941-765533996-1001_Classes\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}\InprocServer32 -> C:\Users\Christian\AppData\Local\Microsoft\SkyDrive\16.4.6012.0828_1\amd64\SkyDriveShell64.dll (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-3557826585-2545589941-765533996-1001_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\Christian\AppData\Local\Microsoft\SkyDrive\16.4.6012.0828_1\amd64\FileSyncApi64.dll (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-3557826585-2545589941-765533996-1001_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Christian\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-3557826585-2545589941-765533996-1001_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Christian\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-3557826585-2545589941-765533996-1001_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Christian\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-3557826585-2545589941-765533996-1001_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Christian\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-3557826585-2545589941-765533996-1001_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Christian\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-3557826585-2545589941-765533996-1001_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Christian\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-3557826585-2545589941-765533996-1001_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Christian\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-3557826585-2545589941-765533996-1001_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Christian\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-3557826585-2545589941-765533996-1001_Classes\CLSID\{FBC9D74C-AF55-4309-9FB2-C426E071637F}\InprocServer32 -> C:\Users\Christian\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll (Dropbox, Inc.) ==================== Wiederherstellungspunkte ========================= 21-07-2015 18:33:52 Windows Modules Installer 26-07-2015 13:53:06 Windows Update 26-07-2015 23:05:00 test 30-07-2015 19:16:57 Windows Update 01-08-2015 18:03:18 Installiert Paragon Backup and Recovery™ 2014 Free. 02-08-2015 16:03:09 Test 06-08-2015 19:19:32 Windows Update 10-08-2015 12:24:51 Windows Update ==================== Hosts Inhalt: =============================== (Wenn benötigt kann der Hosts: Schalter in die Fixlist aufgenommen werden um die Hosts Datei zurückzusetzen.) 2013-08-22 15:25 - 2013-08-22 15:25 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts ==================== Geplante Aufgaben (Nicht auf der Ausnahmeliste) ============= (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.) Task: {16157B6A-4B7E-46BA-80EB-BC88C0EA77F1} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-04-03] (Google Inc.) Task: {2CCAC52B-EA3B-4D4B-BF3F-46B41066BCF4} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\Windows\system32\MRT.exe [2015-07-03] (Microsoft Corporation) Task: {360C60DB-B185-43B8-9827-C3CA23C9550C} - System32\Tasks\AdobeAAMUpdater-1.0-ChrisDesktop-Christian => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2014-08-27] (Adobe Systems Incorporated) Task: {61B4CFE3-1CFD-4B01-B8B6-5ED7BBDD2A18} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-3557826585-2545589941-765533996-1001UA => C:\Users\Christian\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2015-06-12] (Dropbox, Inc.) Task: {67D4A2CE-3FF9-42A0-A485-7313BF34F18E} - System32\Tasks\EPSON XP-412 413 415 Series Invitation {138DC8C1-9376-4B23-B6AD-BB2F375DE385} => C:\Windows\system32\spool\DRIVERS\x64\3\E_ITSLEE.EXE [2013-02-28] (SEIKO EPSON CORPORATION) Task: {71211321-888E-4275-B8E0-C5AB5D95D437} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2015-07-01] (Microsoft Corporation) Task: {87232722-8846-48D5-9EB3-30ADA03FB8DF} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-3557826585-2545589941-765533996-1001Core => C:\Users\Christian\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2015-06-12] (Dropbox, Inc.) Task: {8B27E65B-120F-411C-8425-F88A2B27F94B} - System32\Tasks\GarminUpdaterTask => C:\Program Files (x86)\Garmin\Express SelfUpdater\ExpressSelfUpdater.exe [2015-07-29] () Task: {909B3163-6960-457B-87F0-2E262EE468C8} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2015-07-01] (Microsoft Corporation) Task: {9814A1F6-1997-4CD3-AD68-5B453B5CE006} - System32\Tasks\Skype => C:\Program Files (x86)\Skype\Phone\Skype.exe [2015-06-29] (Skype Technologies S.A.) Task: {B846E6DF-0F77-433E-B2F8-6D13E884653A} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2015-07-17] (Piriform Ltd) Task: {BE8374A3-1CF5-4EE5-8A21-AFDC5EE9FF5A} - System32\Tasks\EPSON XP-412 413 415 Series Update {138DC8C1-9376-4B23-B6AD-BB2F375DE385} => C:\Windows\system32\spool\DRIVERS\x64\3\E_ITSLEE.EXE [2013-02-28] (SEIKO EPSON CORPORATION) Task: {C69D90D1-B104-433D-968B-D5A6CA99CB5F} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-04-03] (Google Inc.) (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Aufgabe verschoben. Die Datei, die durch die Aufgabe gestartet wird, wird nicht verschoben.) Task: C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-3557826585-2545589941-765533996-1001Core.job => C:\Users\Christian\AppData\Local\Dropbox\Update\DropboxUpdate.exe Task: C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-3557826585-2545589941-765533996-1001UA.job => C:\Users\Christian\AppData\Local\Dropbox\Update\DropboxUpdate.exe Task: C:\Windows\Tasks\EPSON XP-412 413 415 Series Invitation {138DC8C1-9376-4B23-B6AD-BB2F375DE385}.job => C:\Windows\system32\spool\DRIVERS\x64\3\E_ITSLEE.EXE Task: C:\Windows\Tasks\EPSON XP-412 413 415 Series Update {138DC8C1-9376-4B23-B6AD-BB2F375DE385}.job => C:\Windows\system32\spool\DRIVERS\x64\3\E_ITSLEE.EXE:/EXE:{138DC8C1-9376-4B23-B6AD-BB2F375DE385} /F:UpdateWORKGROUP\CHRISDESKTOP$ĊSearches for EPSON software updates, and notifies you when updates are available.If this task is disabled or stopped, your EPSON software will not be automatically kept up to date.Thi Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe ==================== Geladene Module (Nicht auf der Ausnahmeliste) ============== 2015-05-29 19:00 - 2014-05-20 09:19 - 00105640 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll 2015-07-25 13:56 - 2014-08-06 03:04 - 01441792 _____ () C:\Program Files\Everything\Everything.exe 2015-04-04 23:04 - 2015-04-05 13:58 - 00076152 _____ () C:\Windows\SysWOW64\PnkBstrA.exe 2015-02-05 01:24 - 2015-02-05 01:25 - 00187072 _____ () C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe 2015-04-03 23:21 - 2008-07-11 16:04 - 00200704 ____N () C:\Windows\SysWOW64\HsMgr.exe 2015-04-03 23:21 - 2008-07-11 16:03 - 00282112 ____N () C:\Windows\System\HsMgr64.exe 2015-05-04 21:25 - 2015-05-04 21:25 - 00055576 _____ () C:\Program Files\CCleaner\branding.dll 2015-07-17 19:34 - 2015-07-17 19:34 - 00057344 _____ () C:\Program Files\CCleaner\lang\lang-1031.dll 2014-03-16 19:42 - 2014-03-16 19:42 - 04411488 _____ () C:\Program Files\Rainlendar2\Rainlendar2.exe 2012-05-16 21:12 - 2012-05-16 21:12 - 00179200 _____ () C:\Program Files\Rainlendar2\lua52.dll 2014-03-14 12:24 - 2014-03-14 12:24 - 00324608 _____ () C:\Program Files\Rainlendar2\libical.dll 2014-03-16 19:42 - 2014-03-16 19:42 - 00082528 _____ () C:\Program Files\Rainlendar2\plugins\iCalendarPlugin.dll 2014-03-14 12:24 - 2014-03-14 12:24 - 00080384 _____ () C:\Program Files\Rainlendar2\libicalss.dll 2014-03-16 19:44 - 2014-03-16 19:44 - 00346208 _____ () C:\Program Files\Rainlendar2\plugins\GoogleCalendarPlugin.dll 2012-06-17 15:21 - 2012-06-17 15:21 - 00015360 _____ () C:\Program Files\Rainlendar2\lfs.dll 2015-04-03 23:21 - 2012-06-06 10:56 - 00143360 ____N () C:\Program Files\ASUS Xonar DX Audio\Customapp\VmixP8.dll 2015-08-04 21:03 - 2015-07-31 08:19 - 01405768 _____ () C:\Program Files (x86)\Google\Chrome\Application\44.0.2403.130\libglesv2.dll 2015-08-04 21:03 - 2015-07-31 08:19 - 00081224 _____ () C:\Program Files (x86)\Google\Chrome\Application\44.0.2403.130\libegl.dll 2015-05-05 18:30 - 2014-11-11 10:19 - 01703424 _____ () C:\Program Files (x86)\Polar\Polar FlowSync\polar20.dll 2015-05-05 18:30 - 2013-08-25 20:52 - 00048128 _____ () C:\Program Files (x86)\Polar\Polar FlowSync\libEGL.dll 2015-05-05 18:30 - 2013-08-25 20:52 - 00728576 _____ () C:\Program Files (x86)\Polar\Polar FlowSync\libGLESv2.dll 2015-05-05 18:30 - 2013-08-25 20:59 - 00833024 _____ () C:\Program Files (x86)\Polar\Polar FlowSync\platforms\qwindows.dll 2012-12-29 21:58 - 2014-03-04 14:28 - 01072624 _____ () M:\#Programme\QIP 2012\Protos\InfICQ\InfICQ.dll 2012-12-29 21:58 - 2014-03-04 14:28 - 00519152 _____ () M:\#Programme\QIP 2012\Protos\MRA\MRA.dll 2012-12-29 21:58 - 2014-03-04 14:28 - 00881136 _____ () M:\#Programme\QIP 2012\Protos\Social\Social.dll 2012-12-29 21:58 - 2014-03-04 14:27 - 04663792 _____ () M:\#Programme\QIP 2012\Core\voip.dll 2015-08-11 20:37 - 2015-08-11 20:37 - 00071168 _____ () c:\Users\Christian\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpej5y3l.dll 2015-03-04 23:45 - 2015-08-05 22:49 - 00012800 _____ () C:\Users\Christian\AppData\Roaming\Dropbox\bin\QtQuick.2\qtquick2plugin.dll 2015-03-04 23:45 - 2015-08-05 22:49 - 00779776 _____ () C:\Users\Christian\AppData\Roaming\Dropbox\bin\QtQuick\Controls\qtquickcontrolsplugin.dll 2015-07-30 18:36 - 2015-08-05 22:49 - 00056320 _____ () C:\Users\Christian\AppData\Roaming\Dropbox\bin\QtQuick\Layouts\qquicklayoutsplugin.dll 2015-03-04 23:45 - 2015-08-05 22:49 - 00012288 _____ () C:\Users\Christian\AppData\Roaming\Dropbox\bin\QtQuick\Window.2\windowplugin.dll 2015-04-03 16:22 - 2015-04-28 10:50 - 00376832 _____ () C:\Program Files (x86)\1Password 4\js3215R.dll 2006-11-11 20:10 - 2006-11-11 20:10 - 00025600 _____ () C:\Users\Christian\AppData\Roaming\mIRC\bin\dll\tbwin.dll 2015-07-21 21:26 - 2015-07-21 21:26 - 00153712 _____ () C:\Program Files (x86)\Mozilla Thunderbird\NSLDAP32V60.dll 2015-07-21 21:26 - 2015-07-21 21:26 - 00023152 _____ () C:\Program Files (x86)\Mozilla Thunderbird\NSLDAPPR32V60.dll ==================== Alternate Data Streams (Nicht auf der Ausnahmeliste) ========= (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird nur der ADS entfernt.) ==================== Abgesicherter Modus (Nicht auf der Ausnahmeliste) =================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Der Wert "AlternateShell" wird wiederhergestellt.) ==================== EXE Verknüpfungen (Nicht auf der Ausnahmeliste) =============== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt.) ==================== Internet Explorer Vertrauenswürdig/Eingeschränkt =============== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt.) ==================== Andere Bereiche ============================ (Aktuell gibt es keinen automatisierten Fix für diesen Bereich.) HKU\S-1-5-21-3557826585-2545589941-765533996-1001\Control Panel\Desktop\\Wallpaper -> C:\Windows\Web\Wallpaper\Theme1\img3.jpg DNS Servers: 192.168.0.1 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1) Windows Firewall ist aktiviert. ==================== MSCONFIG/TASK MANAGER Deaktivierte Einträge == (Aktuell gibt es keinen automatisierten Fix für diesen Bereich.) HKLM\...\StartupApproved\Run32: => "PDFPrint" HKLM\...\StartupApproved\Run32: => "Razer Synapse" HKLM\...\StartupApproved\Run32: => "BlueStacks Agent" HKU\S-1-5-21-3557826585-2545589941-765533996-1001\...\StartupApproved\Run: => "EPLTarget\P0000000000000000" HKU\S-1-5-21-3557826585-2545589941-765533996-1001\...\StartupApproved\Run: => "Skype" ==================== Firewall Regeln (Nicht auf der Ausnahmeliste) =============== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.) FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139 FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppextcomobj.exe FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppextcomobj.exe FirewallRules: [{A0E68A8A-C78D-4C70-A7EE-0D162756C7F4}] => (Allow) C:\Users\Christian\AppData\Roaming\Dropbox\bin\Dropbox.exe FirewallRules: [{07CDD1C2-347C-4682-B569-CD0A2DCDFE87}] => (Allow) C:\Users\Christian\AppData\Roaming\Dropbox\bin\Dropbox.exe FirewallRules: [{82BC5B3F-8893-48C7-8C95-6D781B26687F}] => (Allow) E:\Steam\Steam.exe FirewallRules: [{0E94E070-401E-4501-B553-C083F3D8AB7C}] => (Allow) E:\Steam\Steam.exe FirewallRules: [{34D4BE86-6947-4D54-A57A-9D31DEE3FACF}] => (Allow) E:\Steam\bin\steamwebhelper.exe FirewallRules: [{F1F93A5D-6A20-4355-AEC2-8F5F74C8ACC3}] => (Allow) E:\Steam\bin\steamwebhelper.exe FirewallRules: [{9A7FA505-CCA9-44B6-BDDB-A257BE4EA0BA}] => (Allow) E:\Program Files (x86)\Origin Games\Battlefield Bad Company 2\BFBC2Game.exe FirewallRules: [{C1F43AD8-7FFF-4424-86D3-AC66FCB325C7}] => (Allow) E:\Program Files (x86)\Origin Games\Battlefield Bad Company 2\BFBC2Game.exe FirewallRules: [{090F91A5-106C-4519-B0A1-130D2A20C163}] => (Allow) E:\Program Files (x86)\Origin Games\Titanfall\Titanfall.exe FirewallRules: [{2478147D-14F0-4866-879A-6C1FC0455B7D}] => (Allow) E:\Program Files (x86)\Origin Games\Titanfall\Titanfall.exe FirewallRules: [{4D6A8492-A0D4-405C-80C3-114DB3E7BD64}] => (Allow) E:\Program Files (x86)\Origin Games\Plants vs Zombies Garden Warfare\PVZ.Main_Win64_Retail.exe FirewallRules: [{CB08137B-B0EC-442A-A352-F87EEDECA8B9}] => (Allow) E:\Program Files (x86)\Origin Games\Plants vs Zombies Garden Warfare\PVZ.Main_Win64_Retail.exe FirewallRules: [{8BB001E8-03D4-4E04-B235-954AF4DCF97A}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe FirewallRules: [{56C8E8F4-7BCB-427C-8113-48620E034A3E}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe FirewallRules: [{C09CC13A-620D-4770-9D7E-AF6B1FF22529}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe FirewallRules: [{1E358811-DD67-4957-88F5-E7005C23012E}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe FirewallRules: [{5B5DB8A3-F067-4396-8D53-186D14EDCCAE}] => (Allow) E:\Program Files (x86)\Origin Games\Battlefield 3\bf3.exe FirewallRules: [{22D509F2-7D06-49D1-959D-35923E3B4071}] => (Allow) E:\Program Files (x86)\Origin Games\Battlefield 3\bf3.exe FirewallRules: [{92404180-7B77-4D06-90CB-E908DC2ECD3D}] => (Allow) LPort=5354 FirewallRules: [{F6DF705A-2EC2-4775-B821-FD2490B0AF69}] => (Allow) LPort=5354 FirewallRules: [{8E37C1E9-EE69-4129-ADEC-49E4AA839370}] => (Allow) LPort=5354 FirewallRules: [{5814DC48-BE90-41DD-B8BB-FA2211AC9EAD}] => (Allow) LPort=5354 FirewallRules: [{FA797CB9-4ED1-4F1A-AAF2-4938772E3F76}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe FirewallRules: [{E701014E-3EDF-4DD5-8D8F-E206ACD221C3}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe FirewallRules: [{5AECB17C-AC72-4472-A098-36ECE65E34C8}] => (Allow) E:\Steam\steamapps\common\Half-Life 2 Update\hl2.exe FirewallRules: [{77D12322-64F8-44E2-8C75-75A4326CC830}] => (Allow) E:\Steam\steamapps\common\Half-Life 2 Update\hl2.exe FirewallRules: [{22D5DAE6-E98C-4E0E-A447-687DB8C99B29}] => (Allow) C:\Users\Christian\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe FirewallRules: [{05CFF6F2-D465-4E29-B28B-2D18849EF81A}] => (Allow) E:\Program Files (x86)\Origin Games\Battlefield 4\bf4_x86.exe FirewallRules: [{626115C0-61BC-4BF9-BC49-F55D57A85743}] => (Allow) E:\Program Files (x86)\Origin Games\Battlefield 4\bf4_x86.exe FirewallRules: [{BD8D8B4F-7C99-4844-9F68-8581F27F5AA1}] => (Allow) E:\Program Files (x86)\Origin Games\Battlefield 4\bf4.exe FirewallRules: [{B1FC601C-F92C-40C2-B7FC-0E97DACC58AD}] => (Allow) E:\Program Files (x86)\Origin Games\Battlefield 4\bf4.exe FirewallRules: [{F5017239-9C6D-41D3-B848-E8EBA594CD1A}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe FirewallRules: [{3C0C6172-3EB4-4589-8690-65E7899A80CC}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe FirewallRules: [{90399C66-CA74-41B8-9C8F-08613D13EFAD}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe FirewallRules: [{9ADCE691-B4D9-4F69-9E37-F6CD05563469}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe FirewallRules: [{770F3DDC-5131-4BAE-9216-2D0D26B68C7C}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe ==================== Fehlerhafte Geräte im Gerätemanager ============= Name: Description: Class Guid: Manufacturer: Service: Problem: : The drivers for this device are not installed. (Code 28) Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard. ==================== Fehlereinträge in der Ereignisanzeige: ========================= Applikationsfehler: ================== Error: (08/11/2015 08:37:09 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Name der fehlerhaften Anwendung: svchost.exe_stisvc, Version: 6.3.9600.17415, Zeitstempel: 0x54504177 Name des fehlerhaften Moduls: ntdll.dll, Version: 6.3.9600.17736, Zeitstempel: 0x550f4336 Ausnahmecode: 0xc0000008 Fehleroffset: 0x000000000009310a ID des fehlerhaften Prozesses: 0x8e0 Startzeit der fehlerhaften Anwendung: 0xsvchost.exe_stisvc0 Pfad der fehlerhaften Anwendung: svchost.exe_stisvc1 Pfad des fehlerhaften Moduls: svchost.exe_stisvc2 Berichtskennung: svchost.exe_stisvc3 Vollständiger Name des fehlerhaften Pakets: svchost.exe_stisvc4 Anwendungs-ID, die relativ zum fehlerhaften Paket ist: svchost.exe_stisvc5 Error: (08/11/2015 07:57:09 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Name der fehlerhaften Anwendung: FahCore_a4.exe, Version: 0.0.0.0, Zeitstempel: 0x4d23eafc Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000 Ausnahmecode: 0xc0000005 Fehleroffset: 0xffffff9c ID des fehlerhaften Prozesses: 0x8008 Startzeit der fehlerhaften Anwendung: 0xFahCore_a4.exe0 Pfad der fehlerhaften Anwendung: FahCore_a4.exe1 Pfad des fehlerhaften Moduls: FahCore_a4.exe2 Berichtskennung: FahCore_a4.exe3 Vollständiger Name des fehlerhaften Pakets: FahCore_a4.exe4 Anwendungs-ID, die relativ zum fehlerhaften Paket ist: FahCore_a4.exe5 Error: (08/11/2015 07:31:47 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: ) Description: Fehler beim Kryptografiedienst während der Verarbeitung des "OnIdentity()"-Aufrufobjekts "System Writer". Details: AddLegacyDriverFiles: Unable to back up image of binary Microsoft-Verbindungsschichterkennungsprotokoll. System Error: Zugriff verweigert . Error: (08/11/2015 05:59:43 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Name der fehlerhaften Anwendung: FahCore_a4.exe, Version: 0.0.0.0, Zeitstempel: 0x4d23eafc Name des fehlerhaften Moduls: FahCore_a4.exe, Version: 0.0.0.0, Zeitstempel: 0x4d23eafc Ausnahmecode: 0xc0000005 Fehleroffset: 0x00351762 ID des fehlerhaften Prozesses: 0x6960 Startzeit der fehlerhaften Anwendung: 0xFahCore_a4.exe0 Pfad der fehlerhaften Anwendung: FahCore_a4.exe1 Pfad des fehlerhaften Moduls: FahCore_a4.exe2 Berichtskennung: FahCore_a4.exe3 Vollständiger Name des fehlerhaften Pakets: FahCore_a4.exe4 Anwendungs-ID, die relativ zum fehlerhaften Paket ist: FahCore_a4.exe5 Error: (08/11/2015 04:08:18 PM) (Source: VSS) (EventID: 8193) (User: ) Description: Volumeschattenkopie-Dienstfehler: Beim Aufrufen von Routine "IVssAsrWriterBackup::GetAsrMetadata" ist ein unerwarteter Fehler aufgetreten. hr = 0x80070001, Unzulässige Funktion. . Vorgang: PrepareForBackup-Ereignis Kontext: Ausführungskontext: ASR Writer Ausführungskontext: Writer Generatorklassen-ID: {be000cbe-11fe-4426-9c58-531aa6355fc4} Generatorname: ASR Writer Generatorinstanz-ID: {5a2dcd85-7de2-47f5-80dc-a5070092cdb2} Fehlerspezifische Details: ASR Writer: Unzulässige Funktion. (0x80070001) Error: (08/11/2015 04:07:43 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: ) Description: Fehler beim Kryptografiedienst während der Verarbeitung des "OnIdentity()"-Aufrufobjekts "System Writer". Details: AddLegacyDriverFiles: Unable to back up image of binary Microsoft-Verbindungsschichterkennungsprotokoll. System Error: Zugriff verweigert . Error: (08/11/2015 04:07:15 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: ) Description: Fehler beim Kryptografiedienst während der Verarbeitung des "OnIdentity()"-Aufrufobjekts "System Writer". Details: AddLegacyDriverFiles: Unable to back up image of binary Microsoft-Verbindungsschichterkennungsprotokoll. System Error: Zugriff verweigert . Error: (08/11/2015 03:43:35 PM) (Source: VSS) (EventID: 8193) (User: ) Description: Volumeschattenkopie-Dienstfehler: Beim Aufrufen von Routine "IVssAsrWriterBackup::GetAsrMetadata" ist ein unerwarteter Fehler aufgetreten. hr = 0x80070001, Unzulässige Funktion. . Vorgang: PrepareForBackup-Ereignis Kontext: Ausführungskontext: ASR Writer Ausführungskontext: Writer Generatorklassen-ID: {be000cbe-11fe-4426-9c58-531aa6355fc4} Generatorname: ASR Writer Generatorinstanz-ID: {5a2dcd85-7de2-47f5-80dc-a5070092cdb2} Fehlerspezifische Details: ASR Writer: Unzulässige Funktion. (0x80070001) Error: (08/11/2015 03:42:59 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: ) Description: Fehler beim Kryptografiedienst während der Verarbeitung des "OnIdentity()"-Aufrufobjekts "System Writer". Details: AddLegacyDriverFiles: Unable to back up image of binary Microsoft-Verbindungsschichterkennungsprotokoll. System Error: Zugriff verweigert . Error: (08/11/2015 02:53:59 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: ) Description: Fehler beim Kryptografiedienst während der Verarbeitung des "OnIdentity()"-Aufrufobjekts "System Writer". Details: AddLegacyDriverFiles: Unable to back up image of binary Microsoft-Verbindungsschichterkennungsprotokoll. System Error: Zugriff verweigert . Systemfehler: ============= Error: (08/11/2015 08:51:36 PM) (Source: bowser) (EventID: 8003) (User: ) Description: Der Hauptsuchdienst erhielt eine Serverankündigung vom Computer "LENOVO-PC", der der Hauptsuchdienst der Domäne für den NetBT_Tcpip_{7EF60E29-A117-4FCD-B3D5-07222DAC1A17}-Transport zu sein scheint. Der Hauptsuchdienst wurde beendet oder es wird eine Auswahl erzwungen. Error: (08/11/2015 08:49:21 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT-AUTORITÄT) Description: Installationsfehler: Die Installation des folgenden Updates ist mit Fehler 0x80240020 fehlgeschlagen: Upgrade auf Windows 10 Pro Error: (08/11/2015 08:37:09 PM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: Dienst "Windows-Bilderfassung (WIA)" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert. Error: (08/11/2015 08:36:45 PM) (Source: Microsoft-Windows-EnhancedStorage-EhStorTcgDrv) (EventID: 10) (User: NT-AUTORITÄT) Description: A TCG Command has returned an error. Desc: AuthenticateSession Param1: 0x1 Param2: 0x60000001c Param3: 0x900000006 Param4: 0x0 Status: 0x1 Error: (08/11/2015 08:10:14 PM) (Source: bowser) (EventID: 8003) (User: ) Description: Der Hauptsuchdienst erhielt eine Serverankündigung vom Computer "LENOVO-PC", der der Hauptsuchdienst der Domäne für den NetBT_Tcpip_{7EF60E29-A117-4FCD-B3D5-07222DAC1A17}-Transport zu sein scheint. Der Hauptsuchdienst wurde beendet oder es wird eine Auswahl erzwungen. Error: (08/11/2015 07:33:39 PM) (Source: DCOM) (EventID: 10010) (User: ChrisDesktop) Description: {1B1F472E-3221-4826-97DB-2C2324D389AE} Error: (08/11/2015 07:33:08 PM) (Source: DCOM) (EventID: 10010) (User: ChrisDesktop) Description: {BF6C1E47-86EC-4194-9CE5-13C15DCB2001} Error: (08/11/2015 06:39:34 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT-AUTORITÄT) Description: Installationsfehler: Die Installation des folgenden Updates ist mit Fehler 0x80070490 fehlgeschlagen: EPSON - Printers - EPSON XP-412 413 415 Series Error: (08/11/2015 04:09:33 PM) (Source: DCOM) (EventID: 10010) (User: ChrisDesktop) Description: {1B1F472E-3221-4826-97DB-2C2324D389AE} Error: (08/11/2015 04:09:02 PM) (Source: DCOM) (EventID: 10010) (User: ChrisDesktop) Description: {BF6C1E47-86EC-4194-9CE5-13C15DCB2001} Microsoft Office: ========================= Error: (08/11/2015 08:37:09 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: svchost.exe_stisvc6.3.9600.1741554504177ntdll.dll6.3.9600.17736550f4336c0000008000000000009310a8e001d0d464ba204bc5C:\Windows\system32\svchost.exeC:\Windows\SYSTEM32\ntdll.dllf88a68cc-4057-11e5-8272-bc5ff444a3ec Error: (08/11/2015 07:57:09 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: FahCore_a4.exe0.0.0.04d23eafcunknown0.0.0.000000000c0000005ffffff9c800801d0d44ebe1c52caC:\Users\Christian\AppData\Roaming\FAHClient\cores\web.stanford.edu\~pande\Win32\AMD64\Core_a4.fah\FahCore_a4.exeunknown624907d4-4052-11e5-8271-bc5ff444a3ec Error: (08/11/2015 07:31:47 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: ) Description: Details: AddLegacyDriverFiles: Unable to back up image of binary Microsoft-Verbindungsschichterkennungsprotokoll. System Error: Zugriff verweigert Error: (08/11/2015 05:59:43 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: FahCore_a4.exe0.0.0.04d23eafcFahCore_a4.exe0.0.0.04d23eafcc000000500351762696001d0d449b3637749C:\Users\Christian\AppData\Roaming\FAHClient\cores\web.stanford.edu\~pande\Win32\AMD64\Core_a4.fah\FahCore_a4.exeC:\Users\Christian\AppData\Roaming\FAHClient\cores\web.stanford.edu\~pande\Win32\AMD64\Core_a4.fah\FahCore_a4.exefa6f183a-4041-11e5-8271-bc5ff444a3ec Error: (08/11/2015 04:08:18 PM) (Source: VSS) (EventID: 8193) (User: ) Description: IVssAsrWriterBackup::GetAsrMetadata0x80070001, Unzulässige Funktion. Vorgang: PrepareForBackup-Ereignis Kontext: Ausführungskontext: ASR Writer Ausführungskontext: Writer Generatorklassen-ID: {be000cbe-11fe-4426-9c58-531aa6355fc4} Generatorname: ASR Writer Generatorinstanz-ID: {5a2dcd85-7de2-47f5-80dc-a5070092cdb2} Fehlerspezifische Details: ASR Writer: Unzulässige Funktion. (0x80070001) Error: (08/11/2015 04:07:43 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: ) Description: Details: AddLegacyDriverFiles: Unable to back up image of binary Microsoft-Verbindungsschichterkennungsprotokoll. System Error: Zugriff verweigert Error: (08/11/2015 04:07:15 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: ) Description: Details: AddLegacyDriverFiles: Unable to back up image of binary Microsoft-Verbindungsschichterkennungsprotokoll. System Error: Zugriff verweigert Error: (08/11/2015 03:43:35 PM) (Source: VSS) (EventID: 8193) (User: ) Description: IVssAsrWriterBackup::GetAsrMetadata0x80070001, Unzulässige Funktion. Vorgang: PrepareForBackup-Ereignis Kontext: Ausführungskontext: ASR Writer Ausführungskontext: Writer Generatorklassen-ID: {be000cbe-11fe-4426-9c58-531aa6355fc4} Generatorname: ASR Writer Generatorinstanz-ID: {5a2dcd85-7de2-47f5-80dc-a5070092cdb2} Fehlerspezifische Details: ASR Writer: Unzulässige Funktion. (0x80070001) Error: (08/11/2015 03:42:59 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: ) Description: Details: AddLegacyDriverFiles: Unable to back up image of binary Microsoft-Verbindungsschichterkennungsprotokoll. System Error: Zugriff verweigert Error: (08/11/2015 02:53:59 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: ) Description: Details: AddLegacyDriverFiles: Unable to back up image of binary Microsoft-Verbindungsschichterkennungsprotokoll. System Error: Zugriff verweigert ==================== Speicherinformationen =========================== Processor: Intel(R) Core(TM) i7-3770K CPU @ 3.50GHz Prozentuale Nutzung des RAM: 22% Installierter physikalischer RAM: 16268.75 MB Verfügbarer physikalischer RAM: 12580.02 MB Summe virtueller Speicher: 32652.75 MB Verfügbarer virtueller Speicher: 27860.57 MB ==================== Laufwerke ================================ Drive c: (Windows SSD) (Fixed) (Total:237.96 GB) (Free:109.11 GB) NTFS Drive d: (Datengrab HDD) (Fixed) (Total:465.76 GB) (Free:465.57 GB) NTFS Drive e: (Games SSD) (Fixed) (Total:476.81 GB) (Free:282.79 GB) NTFS Drive f: () (Fixed) (Total:465.76 GB) (Free:465.57 GB) NTFS Drive g: (INTENSO) (Fixed) (Total:931.51 GB) (Free:931.26 GB) NTFS Drive m: (Daten HDD) (Fixed) (Total:931.51 GB) (Free:428.29 GB) NTFS Drive n: (Seagate Expansion Drive) (Fixed) (Total:1863.01 GB) (Free:1325.53 GB) NTFS Drive x: (Boxcryptor) (Fixed) (Total:931.51 GB) (Free:428.29 GB) FAT32 ==================== MBR & Partitionstabelle ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 476.9 GB) (Disk ID: 00000000) Partition: GPT. ======================================================== Disk: 1 (Size: 238.5 GB) (Disk ID: 4D5CACFB) Partition: GPT. ======================================================== Disk: 2 (MBR Code: Windows XP) (Size: 465.8 GB) (Disk ID: 71617673) Partition 1: (Active) - (Size=465.8 GB) - (Type=07 NTFS) ======================================================== Disk: 3 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 5F80408B) Partition 1: (Not Active) - (Size=931.5 GB) - (Type=07 NTFS) ======================================================== Disk: 4 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 8E564E73) Partition 1: (Not Active) - (Size=465.8 GB) - (Type=07 NTFS) ======================================================== Disk: 5 (Size: 1863 GB) (Disk ID: 9C2D6363) Partition 1: (Not Active) - (Size=1863 GB) - (Type=07 NTFS) ======================================================== Disk: 6 (Size: 931.5 GB) (Disk ID: 9257AB85) Partition 1: (Not Active) - (Size=931.5 GB) - (Type=07 NTFS) ==================== Ende von Ergebnis ============================ |
12.08.2015, 07:20 | #3 |
/// the machine /// TB-Ausbilder | Windows 8.1 64bit - Browser spuckt mir eine IP aus Chile aus hi,
__________________Downloade dir bitte Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.
Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers
__________________ |
12.08.2015, 11:44 | #4 |
| Windows 8.1 64bit - Browser spuckt mir eine IP aus Chile aus Hallo schrauber, danke für deine Hilfe! Code:
ATTFilter Malwarebytes Anti-Rootkit BETA 1.09.1.1004 www.malwarebytes.org Database version: main: v2015.08.12.02 rootkit: v2015.08.06.01 Windows 8.1 x64 NTFS Internet Explorer 11.0.9600.17937 Christian :: CHRISDESKTOP [administrator] 12.08.2015 12:35:21 mbar-log-2015-08-12 (12-35-21).txt Scan type: Quick scan Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken Scan options disabled: Objects scanned: 354717 Time elapsed: 6 minute(s), 17 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) Physical Sectors Detected: 0 (No malicious items detected) (end) |
13.08.2015, 08:12 | #5 |
/// the machine /// TB-Ausbilder | Windows 8.1 64bit - Browser spuckt mir eine IP aus Chile aus Downloade Dir bitte Malwarebytes Anti-Malware
Downloade Dir bitte AdwCleaner auf deinen Desktop.
Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
und ein frisches FRST log bitte.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
13.08.2015, 08:46 | #6 |
| Windows 8.1 64bit - Browser spuckt mir eine IP aus Chile ausCode:
ATTFilter Malwarebytes Anti-Malware www.malwarebytes.org Suchlaufdatum: 13.08.2015 Suchlaufzeit: 09:19 Protokolldatei: mbam.txt Administrator: Ja Version: 2.1.8.1057 Malware-Datenbank: v2015.08.13.02 Rootkit-Datenbank: v2015.08.06.01 Lizenz: Premium-Version Malware-Schutz: Aktiviert Schutz vor bösartigen Websites: Aktiviert Selbstschutz: Aktiviert Betriebssystem: Windows 8.1 CPU: x64 Dateisystem: NTFS Benutzer: Christian Suchlauftyp: Bedrohungssuchlauf Ergebnis: Abgeschlossen Durchsuchte Objekte: 361592 Abgelaufene Zeit: 7 Min., 22 Sek. Speicher: Aktiviert Start: Aktiviert Dateisystem: Aktiviert Archive: Aktiviert Rootkits: Aktiviert Heuristik: Aktiviert PUP: Aktiviert PUM: Aktiviert Prozesse: 0 (keine bösartigen Elemente erkannt) Module: 0 (keine bösartigen Elemente erkannt) Registrierungsschlüssel: 0 (keine bösartigen Elemente erkannt) Registrierungswerte: 0 (keine bösartigen Elemente erkannt) Registrierungsdaten: 0 (keine bösartigen Elemente erkannt) Ordner: 0 (keine bösartigen Elemente erkannt) Dateien: 0 (keine bösartigen Elemente erkannt) Physische Sektoren: 0 (keine bösartigen Elemente erkannt) (end) Code:
ATTFilter # AdwCleaner v4.208 - Bericht erstellt 13/08/2015 um 09:36:33 # Aktualisiert 09/07/2015 von Xplode # Datenbank : 2015-08-12.1 [Server] # Betriebssystem : Windows 8.1 Pro (x64) # Benutzername : Christian - CHRISDESKTOP # Gestarted von : C:\Users\Christian\Downloads\AdwCleaner_4.208.exe # Option : Löschen ***** [ Dienste ] ***** ***** [ Dateien / Ordner ] ***** ***** [ Geplante Tasks ] ***** ***** [ Verknüpfungen ] ***** ***** [ Registrierungsdatenbank ] ***** ***** [ Internetbrowser ] ***** -\\ Internet Explorer v11.0.9600.17840 -\\ Google Chrome v44.0.2403.155 [C:\Users\Christian\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Gelöscht [Search Provider] : hxxp://www.sweet-page.com/web/?type=ds&ts=1412626042&from=cor&uid=INTELXSSDSC2CT180A3XXXXXXXXXXXXXXXXXXX_CVMP215506V1180CGN&q={searchTerms} [C:\Users\Christian\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Gelöscht [Search Provider] : hxxp://www.softonic.de/s/{searchTerms} [C:\Users\Christian\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Gelöscht [Search Provider] : hxxp://en.softonic.com/s/{searchTerms} ************************* AdwCleaner[R0].txt - [946 Bytes] - [13/08/2015 09:33:56] AdwCleaner[R1].txt - [1441 Bytes] - [13/08/2015 09:35:57] AdwCleaner[S0].txt - [778 Bytes] - [13/08/2015 09:35:40] AdwCleaner[S1].txt - [1361 Bytes] - [13/08/2015 09:36:33] ########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [1420 Bytes] ########## Code:
ATTFilter ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Junkware Removal Tool (JRT) by Malwarebytes Version: 7.5.6 (08.10.2015:1) OS: Windows 8.1 Pro x64 Ran by Christian on 13.08.2015 at 9:39:55,66 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~ Services ~~~ Tasks ~~~ Registry Values Successfully deleted: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\GoogleChromeAutoLaunch_F95133299531DA24C7CB703BC8432DCE ~~~ Registry Keys Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{037C06D5-3893-49E8-9AC0-41F7524AFBF5} Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{037C06D5-3893-49E8-9AC0-41F7524AFBF5} Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{037C06D5-3893-49E8-9AC0-41F7524AFBF5} ~~~ Files ~~~ Folders ~~~ Chrome Successfully deleted: [Folder] C:\Users\Christian\Appdata\Local\Google\Chrome\User Data\Default\Extensions\gkojfkhlekighikafcpjkiklfbnlmeio Successfully deleted: [Folder] C:\Users\Christian\Appdata\Local\Google\Chrome\User Data\Default\Extensions\lbfehkoinhhcknnbdgnnmjhiladcgbol [C:\Users\Christian\Appdata\Local\Google\Chrome\User Data\Default\Preferences] - default search provider reset [C:\Users\Christian\Appdata\Local\Google\Chrome\User Data\Default\Preferences] - Extensions Deleted: gkojfkhlekighikafcpjkiklfbnlmeio [C:\Users\Christian\Appdata\Local\Google\Chrome\User Data\Default\Secure Preferences] - default search provider reset [C:\Users\Christian\Appdata\Local\Google\Chrome\User Data\Default\Secure Preferences] - Extensions Deleted: [ gkojfkhlekighikafcpjkiklfbnlmeio, lbfehkoinhhcknnbdgnnmjhiladcgbol ] ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Scan was completed on 13.08.2015 at 9:41:52,74 End of JRT log ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Code:
ATTFilter Untersuchungsergebnis von Farbar Recovery Scan Tool (FRST) (x64) Version:12-08-2015 durchgeführt von Christian (Administrator) auf CHRISDESKTOP (13-08-2015 09:44:05) Gestartet von C:\Users\Christian\Downloads Geladene Profile: Christian (Verfügbare Profile: Christian) Platform: Windows 8.1 Pro (X64) Sprache: Deutsch (Deutschland) Internet Explorer Version 11 (Standard-Browser: Chrome) Start-Modus: Normal Anleitung für Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Prozesse (Nicht auf der Ausnahmeliste) ================= (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Prozess geschlossen. Die Datei wird nicht verschoben.) (ESET) C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe (Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe (IvoSoft) C:\Program Files\Classic Shell\ClassicStartMenu.exe (ESET) C:\Program Files\ESET\ESET Smart Security\egui.exe (mIRC Co. Ltd.) D:\#Programme\gIRC\mirc.exe (Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe (Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe (Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe () C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe (Garmin Ltd. or its subsidiaries) C:\Program Files (x86)\Garmin\Device Interaction Service\GarminService.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe ==================== Registry (Nicht auf der Ausnahmeliste) ================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt. Die Datei wird nicht verschoben.) HKLM\...\Run: [Classic Start Menu] => C:\Program Files\Classic Shell\ClassicStartMenu.exe [161984 2014-04-20] (IvoSoft) HKLM\...\Run: [Cmaudio8788] => C:\Windows\syswow64\RunDll32.exe C:\Windows\Syswow64\cmicnfgp.dll,CMICtrlWnd HKLM\...\Run: [Cmaudio8788GX] => C:\Windows\syswow64\HsMgr.exe [200704 2008-07-11] () HKLM\...\Run: [Cmaudio8788GX64] => C:\Windows\system\HsMgr64.exe [282112 2008-07-11] () HKLM\...\Run: [egui] => C:\Program Files\ESET\ESET Smart Security\egui.exe [5595848 2015-01-28] (ESET) HKLM\...\Run: [Greenshot] => C:\Program Files\Greenshot\Greenshot.exe [536576 2014-12-29] (Greenshot) HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [557984 2014-08-27] (Adobe Systems Incorporated) HKLM\...\Run: [Everything] => C:\Program Files\Everything\Everything.exe [1441792 2014-08-06] () HKLM-x32\...\Run: [Agile1pAgent] => C:\Program Files (x86)\1Password 4\Agile1pAgent.exe [4859152 2015-07-29] (AgileBits) HKLM-x32\...\Run: [IJNetworkScannerSelectorEX] => C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe [452272 2012-08-31] (CANON INC.) HKLM-x32\...\Run: [PDFPrint] => C:\Program Files (x86)\PDF24\pdf24.exe [193568 2014-11-28] (Geek Software GmbH) HKLM-x32\...\Run: [] => [X] HKLM-x32\...\Run: [Razer Synapse] => C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe [590144 2015-04-22] (Razer Inc.) HKLM-x32\...\Run: [BlueStacks Agent] => C:\Program Files (x86)\BlueStacks\HD-Agent.exe [896632 2015-07-22] (BlueStack Systems, Inc.) HKLM-x32\...\Run: [StartCCC] => C:\AMD\ATI.ACE\Core-Static\amd64\CLIStart.exe [767176 2015-07-28] (Advanced Micro Devices, Inc.) HKU\S-1-5-21-3557826585-2545589941-765533996-1001\...\Run: [Polar FlowSync] => C:\Program Files (x86)\Polar\Polar FlowSync\flowsync.exe [1125376 2014-11-11] (Polar Electro Oy) HKU\S-1-5-21-3557826585-2545589941-765533996-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8418584 2015-07-17] (Piriform Ltd) HKU\S-1-5-21-3557826585-2545589941-765533996-1001\...\Run: [CCleaner] => C:\Program Files\CCleaner\CCleaner64.exe [8418584 2015-07-17] (Piriform Ltd) HKU\S-1-5-21-3557826585-2545589941-765533996-1001\...\Run: [EPLTarget\P0000000000000000] => C:\Windows\system32\spool\DRIVERS\x64\3\E_IATILEE.EXE [297024 2013-01-24] (SEIKO EPSON CORPORATION) HKU\S-1-5-21-3557826585-2545589941-765533996-1001\...\Run: [Dropbox Update] => C:\Users\Christian\AppData\Local\Dropbox\Update\DropboxUpdate.exe [134512 2015-06-12] (Dropbox, Inc.) HKU\S-1-5-21-3557826585-2545589941-765533996-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [53282944 2015-06-29] (Skype Technologies S.A.) HKU\S-1-5-21-3557826585-2545589941-765533996-1001\...\Run: [Boxcryptor.exe] => C:\Program Files (x86)\Boxcryptor\Boxcryptor.exe [2460424 2015-06-26] (Secomba GmbH) HKU\S-1-5-21-3557826585-2545589941-765533996-1001\...\Run: [Rainlendar2] => C:\Program Files\Rainlendar2\Rainlendar2.exe [4411488 2014-03-16] () HKU\S-1-5-21-3557826585-2545589941-765533996-1001\...\Run: [GarminExpressTrayApp] => C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe [1404248 2015-07-29] (Garmin Ltd. or its subsidiaries) HKU\S-1-5-21-3557826585-2545589941-765533996-1001\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [22344224 2015-07-29] (Google) HKU\S-1-5-21-3557826585-2545589941-765533996-1001\...\Run: [ScreenBlur by InDeep Software] => D:\#Programme\ScreenBlur\ScreenBlur.exe [615936 2015-08-12] (InDeep Software) HKU\S-1-5-21-3557826585-2545589941-765533996-1001\...\Run: [Infium] => D:\#Programme\QIP 2012\qip.exe [8503280 2014-03-04] (QIP) HKU\S-1-5-21-3557826585-2545589941-765533996-1001\...\Run: [GoogleChromeAutoLaunch_F95133299531DA24C7CB703BC8432DCE] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [813896 2015-08-08] (Google Inc.) Startup: C:\Users\Christian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma.lnk [2015-05-28] ShortcutTarget: Adobe Gamma.lnk -> C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.) Startup: C:\Users\Christian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2015-04-03] ShortcutTarget: Dropbox.lnk -> C:\Users\Christian\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) Startup: C:\Users\Christian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Folding@home.lnk [2015-07-27] ShortcutTarget: Folding@home.lnk -> C:\Program Files (x86)\FAHClient\HideConsole.exe () Startup: C:\Users\Christian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mirc - Verknüpfung.lnk [2015-07-05] ShortcutTarget: mirc - Verknüpfung.lnk -> D:\#Programme\gIRC\mirc.exe (mIRC Co. Ltd.) Startup: C:\Users\Christian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Telegram.lnk [2015-08-10] ShortcutTarget: Telegram.lnk -> C:\Users\Christian\AppData\Roaming\Telegram Desktop\Telegram.exe (Telegram Messenger LLP) SSODL: EldosMountNotificator-cbfs4 - {1A0784DC-4CE3-4BC6-9318-6B5BAC32AA2F} - C:\Windows\system32\cbfsMntNtf4.dll (EldoS Corporation) SSODL-x32: EldosMountNotificator-cbfs4 - {1A0784DC-4CE3-4BC6-9318-6B5BAC32AA2F} - C:\Windows\SysWOW64\cbfsMntNtf4.dll (EldoS Corporation) ShellIconOverlayIdentifiers: [ "CryptorShellExtHandler.IconOverlayExt"] -> {011F39D2-A764-419E-9479-69C93F6D37E0} => C:\Program Files (x86)\Boxcryptor\ShellExt\x64\Boxcryptor.Ext.dll [2015-06-26] (Secomba GmbH) ShellIconOverlayIdentifiers: [ "CryptorShellExtHandler.IconOverlayExt2"] -> {F61B4933-D8AF-40DE-A335-F9B3BE1FF878} => C:\Program Files (x86)\Boxcryptor\ShellExt\x64\Boxcryptor.IconOverlayBlocker.Ext.dll [2015-06-26] (Secomba GmbH) ShellIconOverlayIdentifiers: [ GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2015-07-29] (Google) ShellIconOverlayIdentifiers: [ GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2015-07-29] (Google) ShellIconOverlayIdentifiers: [ GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2015-07-29] (Google) ShellIconOverlayIdentifiers: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Christian\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll [2015-08-06] (Dropbox, Inc.) ShellIconOverlayIdentifiers: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Christian\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll [2015-08-06] (Dropbox, Inc.) ShellIconOverlayIdentifiers: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Christian\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll [2015-08-06] (Dropbox, Inc.) ShellIconOverlayIdentifiers: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Christian\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll [2015-08-06] (Dropbox, Inc.) ShellIconOverlayIdentifiers: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Christian\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll [2015-08-06] (Dropbox, Inc.) ShellIconOverlayIdentifiers: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Christian\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll [2015-08-06] (Dropbox, Inc.) ShellIconOverlayIdentifiers: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Christian\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll [2015-08-06] (Dropbox, Inc.) ShellIconOverlayIdentifiers: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Christian\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll [2015-08-06] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [EldosIconOverlay-cbfs4] -> {76212FC9-6D58-4922-AC6B-82A31D17104E} => C:\Windows\system32\cbfsMntNtf4.dll [2013-11-15] (EldoS Corporation) ShellIconOverlayIdentifiers: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer64.dll [2014-04-20] (IvoSoft) ShellIconOverlayIdentifiers-x32: [ "CryptorShellExtHandler.IconOverlayExt"] -> {011F39D2-A764-419E-9479-69C93F6D37E0} => C:\Program Files (x86)\Boxcryptor\ShellExt\x86\Boxcryptor.Ext.dll [2015-06-26] (Secomba GmbH) ShellIconOverlayIdentifiers-x32: [ "CryptorShellExtHandler.IconOverlayExt2"] -> {F61B4933-D8AF-40DE-A335-F9B3BE1FF878} => C:\Program Files (x86)\Boxcryptor\ShellExt\x86\Boxcryptor.IconOverlayBlocker.Ext.dll [2015-06-26] (Secomba GmbH) ShellIconOverlayIdentifiers-x32: [EldosIconOverlay-cbfs4] -> {76212FC9-6D58-4922-AC6B-82A31D17104E} => C:\Windows\SysWOW64\cbfsMntNtf4.dll [2013-11-15] (EldoS Corporation) ShellIconOverlayIdentifiers-x32: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer32.dll [2014-04-20] (IvoSoft) ==================== Internet (Nicht auf der Ausnahmeliste) ==================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Eintrag entfernt oder auf den Standardwert zurückgesetzt, wenn es sich um einen Registryeintrag handelt..) HKU\S-1-5-21-3557826585-2545589941-765533996-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/de-de/?ocid=iehp SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = BHO: 1Password -> {037C06D5-3893-49E8-9AC0-41F7524AFBF5} -> C:\Program Files (x86)\1Password 4\x64\Agile1pIE4.dll [2015-07-29] (AgileBits) BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll [2015-06-09] (Microsoft Corporation) BHO: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer64.dll [2014-04-20] (IvoSoft) BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [2015-06-16] (Microsoft Corporation) BHO: ClassicIEBHO Class -> {EA801577-E6AD-4BD5-8F71-4BE0154331A4} -> C:\Program Files\Classic Shell\ClassicIEDLL_64.dll [2014-04-20] (IvoSoft) BHO-x32: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer32.dll [2014-04-20] (IvoSoft) BHO-x32: ClassicIEBHO Class -> {EA801577-E6AD-4BD5-8F71-4BE0154331A4} -> C:\Program Files\Classic Shell\ClassicIEDLL_32.dll [2014-04-20] (IvoSoft) Toolbar: HKLM - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer64.dll [2014-04-20] (IvoSoft) Toolbar: HKLM-x32 - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer32.dll [2014-04-20] (IvoSoft) Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2015-06-01] (Microsoft Corporation) Tcpip\Parameters: [DhcpNameServer] 192.168.0.1 Tcpip\..\Interfaces\{7EF60E29-A117-4FCD-B3D5-07222DAC1A17}: [DhcpNameServer] 192.168.0.1 FireFox: ======== FF Plugin: @esn/npbattlelog,version=2.6.2 -> C:\Program Files (x86)\Battlelog Web Plugins\2.6.2\npbattlelogx64.dll [2015-01-13] (EA Digital Illusions CE AB) FF Plugin-x32: @esn/npbattlelog,version=2.6.2 -> C:\Program Files (x86)\Battlelog Web Plugins\2.6.2\npbattlelog.dll [Keine Datei] FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2015-06-01] (Microsoft Corporation) FF Plugin-x32: @nitropdf.com/NitroPDF -> C:\Program Files (x86)\Nitro\Reader 3\npnitromozilla.dll [2013-03-26] (Nitro PDF) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-07-16] (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-07-16] (Google Inc.) Chrome: ======= CHR Profile: C:\Users\Christian\AppData\Local\Google\Chrome\User Data\Default CHR Extension: (Google Slides) - C:\Users\Christian\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-04-03] CHR Extension: (Duolingo on the Web) - C:\Users\Christian\AppData\Local\Google\Chrome\User Data\Default\Extensions\aiahmijlpehemcpleichkcokhegllfjl [2015-04-03] CHR Extension: (Facebook Video Downloader) - C:\Users\Christian\AppData\Local\Google\Chrome\User Data\Default\Extensions\amjcoehkcacocffpmhnefgoeanepjfkf [2015-04-24] CHR Extension: (Google Docs) - C:\Users\Christian\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-04-03] CHR Extension: (1Password: Password Manager and Secure Wallet) - C:\Users\Christian\AppData\Local\Google\Chrome\User Data\Default\Extensions\aomjjhallfgjeglblehebfpbcfeobpgk [2015-04-03] CHR Extension: (Google Drive) - C:\Users\Christian\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-04-03] CHR Extension: (aklamio Cashbar) - C:\Users\Christian\AppData\Local\Google\Chrome\User Data\Default\Extensions\bailoifpnpbamefjlgpcfebledceocbf [2015-04-03] CHR Extension: (WOT: Web of Trust, Website Reputation Ratings) - C:\Users\Christian\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhmmomiinigofkjcapegjjndpbikblnp [2015-04-03] CHR Extension: (YouTube) - C:\Users\Christian\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-04-03] CHR Extension: (Adblock Plus) - C:\Users\Christian\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2015-04-03] CHR Extension: (Telegram) - C:\Users\Christian\AppData\Local\Google\Chrome\User Data\Default\Extensions\clhhggbfdinjmjhajaheehoeibfljjno [2015-04-03] CHR Extension: (Google Search) - C:\Users\Christian\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-04-03] CHR Extension: (Tampermonkey) - C:\Users\Christian\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhdgffkkebhmkfjojejmpbldmpobfkfo [2015-04-03] CHR Extension: (busuu.com) - C:\Users\Christian\AppData\Local\Google\Chrome\User Data\Default\Extensions\epadnjldocmkadjbopkanclaamocokoo [2015-04-03] CHR Extension: (Google Sheets) - C:\Users\Christian\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-04-03] CHR Extension: (Web page captures from browser) - C:\Users\Christian\AppData\Local\Google\Chrome\User Data\Default\Extensions\fomlbefjpamblimccfdomfgpgokdljcg [2015-04-03] CHR Extension: (yingBar) - C:\Users\Christian\AppData\Local\Google\Chrome\User Data\Default\Extensions\gckfalecfdjjpbelmpfieecfdeapfoep [2015-04-03] CHR Extension: (FoxyProxy Standard) - C:\Users\Christian\AppData\Local\Google\Chrome\User Data\Default\Extensions\gcknhkkoolaabfmlnjonogaaifnjlfnp [2015-04-03] CHR Extension: (Desktop Notifications for Android) - C:\Users\Christian\AppData\Local\Google\Chrome\User Data\Default\Extensions\giicnncicnopjohcpamieklkiacdoeni [2015-04-03] CHR Extension: (Downloads - Your Download Box) - C:\Users\Christian\AppData\Local\Google\Chrome\User Data\Default\Extensions\gjihnjejboipjmadkpmknccijhibnpfe [2015-04-03] CHR Extension: (Unlimited Free VPN - Hola) - C:\Users\Christian\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkojfkhlekighikafcpjkiklfbnlmeio [2015-08-13] CHR Extension: (Dropbox) - C:\Users\Christian\AppData\Local\Google\Chrome\User Data\Default\Extensions\ioekoebejdcmnlefjiknokhhafglcjdl [2015-04-03] CHR Extension: (Disconnect) - C:\Users\Christian\AppData\Local\Google\Chrome\User Data\Default\Extensions\jeoacafpbcihiomhlakheieifhpjdfeo [2015-04-03] CHR Extension: (Image Search Options) - C:\Users\Christian\AppData\Local\Google\Chrome\User Data\Default\Extensions\kljmejbpilkadikecejccebmccagifhl [2015-04-03] CHR Extension: (iGraal) - C:\Users\Christian\AppData\Local\Google\Chrome\User Data\Default\Extensions\kmhkepipobnjllejbafajoemahjejdcm [2015-04-03] CHR Extension: (Auto HD For YouTube™) - C:\Users\Christian\AppData\Local\Google\Chrome\User Data\Default\Extensions\koiaokdomkpjdgniimnkhgbilbjgpeak [2015-04-03] CHR Extension: (Momentum) - C:\Users\Christian\AppData\Local\Google\Chrome\User Data\Default\Extensions\laookkfknpbbblfpciffpaejjkokdgca [2015-04-03] CHR Extension: (Evernote Web) - C:\Users\Christian\AppData\Local\Google\Chrome\User Data\Default\Extensions\lbfehkoinhhcknnbdgnnmjhiladcgbol [2015-08-13] CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Christian\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-04-03] CHR Extension: (Capture Webpage Screenshot - FireShot) - C:\Users\Christian\AppData\Local\Google\Chrome\User Data\Default\Extensions\mcbpblocgmgfnpjjppndjkmgjaogfceg [2015-04-03] CHR Extension: (qipu Cashbackmelder open beta) - C:\Users\Christian\AppData\Local\Google\Chrome\User Data\Default\Extensions\mloigoojndlehdjiemdfpiikieonngel [2015-04-03] CHR Extension: (Ghostery) - C:\Users\Christian\AppData\Local\Google\Chrome\User Data\Default\Extensions\mlomiejdfkolichcflejclcbmpeaniij [2015-04-03] CHR Extension: (F.B Purity-Clean Up Facebook) - C:\Users\Christian\AppData\Local\Google\Chrome\User Data\Default\Extensions\ncdlagniojmheiklojdcpdaeepochckl [2015-04-03] CHR Extension: (Hangouts) - C:\Users\Christian\AppData\Local\Google\Chrome\User Data\Default\Extensions\nckgahadagoaajjgafhacjanaoiihapd [2015-04-03] CHR Extension: (Keepa - Amazon Price Tracker) - C:\Users\Christian\AppData\Local\Google\Chrome\User Data\Default\Extensions\neebplgakaahbhdphmkckjjcegoiijjo [2015-04-03] CHR Extension: (Chrome Web Store Payments) - C:\Users\Christian\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-04-03] CHR Extension: (eBay XXL-Photos) - C:\Users\Christian\AppData\Local\Google\Chrome\User Data\Default\Extensions\nndhjgnljmmablcpnppcdfbagielaiho [2015-04-03] CHR Extension: (Enhanced Steam) - C:\Users\Christian\AppData\Local\Google\Chrome\User Data\Default\Extensions\okadibdjfemgnhjiembecghcbfknbfhg [2015-04-03] CHR Extension: (PAYBACK Internet Assistent für Google Chrome) - C:\Users\Christian\AppData\Local\Google\Chrome\User Data\Default\Extensions\pbfjbhoglggakhkngkbfehgghkaadeba [2015-04-03] CHR Extension: (ModernDeck) - C:\Users\Christian\AppData\Local\Google\Chrome\User Data\Default\Extensions\pbpfgdgddpnbjcbpofmdanfbbigocklj [2015-04-03] CHR Extension: (Gutscheinsammler Finder) - C:\Users\Christian\AppData\Local\Google\Chrome\User Data\Default\Extensions\pilobbegphefikcgjpajnneiiahhejam [2015-04-03] CHR Extension: (Gmail) - C:\Users\Christian\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-04-03] CHR HKU\S-1-5-21-3557826585-2545589941-765533996-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - https://clients2.google.com/service/update2/crx ==================== Dienste (Nicht auf der Ausnahmeliste) ======================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.) S3 Adobe LM Service; C:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [72704 2015-05-28] (Adobe Systems) [Datei ist nicht signiert] S2 AdobeActiveFileMonitor13.0; C:\Program Files\Adobe\Elements 13 Organizer\PhotoshopElementsFileAgent.exe [231120 2014-08-31] (Adobe Systems Incorporated) S3 BstHdAndroidSvc; C:\Program Files (x86)\BlueStacks\HD-Service.exe [433784 2015-06-16] (BlueStack Systems, Inc.) S3 BstHdLogRotatorSvc; C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe [413304 2015-06-16] (BlueStack Systems, Inc.) S3 BstHdUpdaterSvc; C:\Program Files (x86)\BlueStacks\HD-UpdaterService.exe [831096 2015-07-21] (BlueStack Systems, Inc.) S3 BthHFSrv; C:\Windows\System32\BthHFSrv.dll [324608 2014-10-29] (Microsoft Corporation) R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2753720 2015-07-01] (Microsoft Corporation) R2 ekrn; C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe [1349576 2015-01-28] (ESET) S2 Everything; C:\Program Files\Everything\Everything.exe [1441792 2014-08-06] () [Datei ist nicht signiert] R2 Garmin Device Interaction Service; C:\Program Files (x86)\Garmin\Device Interaction Service\GarminService.exe [754120 2015-07-29] (Garmin Ltd. or its subsidiaries) S2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [319376 2014-10-01] (Intel Corporation) S2 MBAMScheduler; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe [1871160 2015-06-18] (Malwarebytes Corporation) S2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [1133880 2015-06-18] (Malwarebytes Corporation) S2 NitroReaderDriverReadSpool3; C:\Program Files\Common Files\Nitro\Reader\3.0\NitroPDFReaderDriverService3x64.exe [230416 2013-03-26] (Nitro PDF Software) S3 Origin Client Service; E:\Origin\OriginClientService.exe [2007048 2015-08-02] (Electronic Arts) S2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76152 2015-04-05] () R2 Razer Game Scanner Service; C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe [187072 2015-02-05] () R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [5495056 2015-06-18] (TeamViewer GmbH) S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366552 2015-07-07] (Microsoft Corporation) S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2015-07-07] (Microsoft Corporation) ===================== Treiber (Nicht auf der Ausnahmeliste) ========================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.) S0 amdkmafd; C:\Windows\System32\drivers\amdkmafd.sys [21160 2012-09-23] (Advanced Micro Devices, Inc.) R0 amdkmpfd; C:\Windows\System32\drivers\amdkmpfd.sys [62152 2014-10-28] (Advanced Micro Devices, Inc.) R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdWB6.sys [102912 2015-07-15] (Advanced Micro Devices) R2 BstHdDrv; C:\Program Files (x86)\BlueStacks\HD-Hypervisor-amd64.sys [145528 2015-06-16] (BlueStack Systems) R1 cbfs4; C:\Windows\system32\drivers\cbfs4.sys [387776 2013-11-15] (EldoS Corporation) R3 cmudaxp; C:\Windows\system32\drivers\cmudaxp.sys [2735616 2013-12-11] (C-Media Inc) R1 eamonm; C:\Windows\System32\DRIVERS\eamonm.sys [246000 2015-03-10] (ESET) R0 edevmon; C:\Windows\System32\DRIVERS\edevmon.sys [241880 2015-03-10] (ESET) R1 ehdrv; C:\Windows\system32\DRIVERS\ehdrv.sys [169792 2015-03-10] (ESET) R2 epfw; C:\Windows\system32\DRIVERS\epfw.sys [222280 2015-03-10] (ESET) R1 EpfwLWF; C:\Windows\system32\DRIVERS\EpfwLWF.sys [44632 2015-03-10] (ESET) R0 epfwwfp; C:\Windows\System32\DRIVERS\epfwwfp.sys [64208 2015-03-10] (ESET) R1 mbamchameleon; C:\Windows\system32\drivers\mbamchameleon.sys [109272 2015-06-18] (Malwarebytes Corporation) S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-06-18] (Malwarebytes Corporation) S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [64216 2015-06-18] (Malwarebytes Corporation) R0 PxHlpa64; C:\Windows\System32\drivers\PxHlpa64.sys [56336 2013-09-03] (Corel Corporation) S3 RTCore64; C:\Program Files (x86)\MSI Afterburner\RTCore64.sys [13368 2013-03-11] () R3 rzendpt; C:\Windows\System32\drivers\rzendpt.sys [49872 2015-07-13] (Razer Inc) R2 rzpmgrk; C:\Windows\system32\drivers\rzpmgrk.sys [37184 2015-02-05] (Razer, Inc.) R2 rzpnk; C:\Windows\system32\drivers\rzpnk.sys [129600 2015-03-03] (Razer, Inc.) U5 TMUSB; C:\Windows\System32\DRIVERS\TMUSB64.SYS [63096 2014-03-19] (Seiko Epson Corporation) R1 UimBus; C:\Windows\System32\drivers\UimBus.sys [102664 2014-05-19] () R1 Uim_DEVIM; C:\Windows\System32\drivers\uim_devim.sys [25992 2014-05-19] () R1 Uim_IM; C:\Windows\System32\drivers\uim_im.sys [700296 2014-05-19] () R3 vpnpbus; C:\Windows\System32\drivers\vpnpbus.sys [18624 2013-11-15] (EldoS Corporation) ==================== NetSvcs (Nicht auf der Ausnahmeliste) =================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.) ==================== Ein Monat: Erstellte Dateien und Ordner ======== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.) 2015-08-13 09:44 - 2015-08-13 09:44 - 00028155 _____ C:\Users\Christian\Downloads\FRST.txt 2015-08-13 09:43 - 2015-08-13 09:43 - 00000000 ____D C:\Users\Christian\Downloads\FRST-OlderVersion 2015-08-13 09:41 - 2015-08-13 09:42 - 00002085 _____ C:\Users\Christian\Desktop\JRT.txt 2015-08-13 09:39 - 2015-08-13 09:39 - 01791580 _____ (Malwarebytes Corporation) C:\Users\Christian\Downloads\JRT.exe 2015-08-13 09:38 - 2015-08-13 09:38 - 00001500 _____ C:\Users\Christian\Desktop\AdwCleaner[S1].txt 2015-08-13 09:33 - 2015-08-13 09:36 - 00000000 ____D C:\AdwCleaner 2015-08-13 09:33 - 2015-08-13 09:33 - 02248704 _____ C:\Users\Christian\Downloads\AdwCleaner_4.208.exe 2015-08-12 20:38 - 2015-08-12 20:38 - 00000000 ____D C:\Users\Christian\AppData\Local\GHISLER 2015-08-12 20:37 - 2015-08-12 20:38 - 00000000 ____D C:\Users\Christian\Desktop\GPX 2015-08-12 19:25 - 2015-08-13 09:36 - 00310126 ____N C:\Windows\WindowsUpdate.log 2015-08-12 18:22 - 2015-08-12 18:22 - 00548073 _____ C:\Users\Christian\Downloads\ScreenBlur_1.3.0.27.zip 2015-08-12 15:37 - 2015-08-12 15:51 - 00000000 ____D C:\Users\Christian\Desktop\New folder1 2015-08-12 15:36 - 2015-08-12 15:36 - 00000808 _____ C:\Users\Christian\Desktop\dreamboxEDIT.lnk 2015-08-12 15:36 - 2015-08-12 15:36 - 00000000 ____D C:\Users\Christian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\dreamboxEDIT 2015-08-12 12:49 - 2015-08-12 12:50 - 00000000 ____D C:\ProgramData\F-Secure 2015-08-12 12:49 - 2015-08-12 12:49 - 00572456 _____ (F-Secure Corporation) C:\Users\Christian\Downloads\F-SecureOnlineScanner.exe 2015-08-12 12:49 - 2015-08-12 12:49 - 00000000 ____D C:\Users\Christian\AppData\Local\F-Secure 2015-08-12 12:35 - 2015-08-12 17:12 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable) 2015-08-12 12:34 - 2015-08-12 15:06 - 00000000 ____D C:\Users\Christian\Desktop\mbar 2015-08-12 12:33 - 2015-08-12 12:33 - 16502728 _____ (Malwarebytes Corp.) C:\Users\Christian\Downloads\mbar-1.09.1.1004.exe 2015-08-12 00:58 - 2015-08-12 00:58 - 00042040 _____ C:\Users\Christian\Documents\netscan.xml 2015-08-12 00:55 - 2015-08-12 00:55 - 02889262 _____ C:\Users\Christian\Downloads\netscan-607.zip 2015-08-11 23:21 - 2015-08-11 23:21 - 00001559 _____ C:\Users\Christian\Desktop\Google Drive.lnk 2015-08-11 23:19 - 2015-08-11 23:19 - 00931408 _____ (Google Inc.) C:\Users\Christian\Downloads\googledrivesync.exe 2015-08-11 23:19 - 2015-08-11 23:19 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive 2015-08-11 22:52 - 2015-08-12 15:28 - 00000000 ____D C:\Users\Christian\Documents\1Password 2015-08-11 21:34 - 2015-07-30 16:04 - 00124624 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll 2015-08-11 21:34 - 2015-07-30 15:48 - 00103120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll 2015-08-11 21:30 - 2015-07-29 16:37 - 01994752 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll 2015-08-11 21:30 - 2015-07-29 16:30 - 01381888 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll 2015-08-11 21:30 - 2015-07-29 16:23 - 01559552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll 2015-08-11 21:30 - 2015-07-29 01:24 - 00025776 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe 2015-08-11 21:30 - 2015-07-28 16:24 - 01148416 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll 2015-08-11 21:30 - 2015-07-28 16:24 - 01116160 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll 2015-08-11 21:30 - 2015-07-28 16:24 - 00774144 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll 2015-08-11 21:30 - 2015-07-28 16:24 - 00743424 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll 2015-08-11 21:30 - 2015-07-28 16:24 - 00437248 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll 2015-08-11 21:30 - 2015-07-28 16:24 - 00069120 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll 2015-08-11 21:30 - 2015-07-24 20:57 - 04177408 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys 2015-08-11 21:30 - 2015-07-24 20:57 - 00358912 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll 2015-08-11 21:30 - 2015-07-24 20:52 - 00044032 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll 2015-08-11 21:30 - 2015-07-24 19:27 - 00301568 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll 2015-08-11 21:30 - 2015-07-24 19:23 - 00035840 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll 2015-08-11 21:30 - 2015-07-19 03:58 - 00136904 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe 2015-08-11 21:30 - 2015-07-18 20:51 - 03704320 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll 2015-08-11 21:30 - 2015-07-18 20:31 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll 2015-08-11 21:30 - 2015-07-18 20:31 - 00095744 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll 2015-08-11 21:30 - 2015-07-18 20:31 - 00035840 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe 2015-08-11 21:30 - 2015-07-18 20:29 - 00409088 _____ (Microsoft Corporation) C:\Windows\system32\WUSettingsProvider.dll 2015-08-11 21:30 - 2015-07-18 20:29 - 00124928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll 2015-08-11 21:30 - 2015-07-18 20:29 - 00029696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe 2015-08-11 21:30 - 2015-07-18 20:28 - 00081920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll 2015-08-11 21:30 - 2015-07-18 20:12 - 02228736 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll 2015-08-11 21:30 - 2015-07-18 20:10 - 00891904 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll 2015-08-11 21:30 - 2015-07-18 20:09 - 00721920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll 2015-08-11 21:30 - 2015-07-16 23:14 - 25192448 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2015-08-11 21:30 - 2015-07-16 22:36 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll 2015-08-11 21:30 - 2015-07-16 22:36 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec 2015-08-11 21:30 - 2015-07-16 22:35 - 02885632 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2015-08-11 21:30 - 2015-07-16 22:26 - 05923328 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2015-08-11 21:30 - 2015-07-16 22:23 - 00615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2015-08-11 21:30 - 2015-07-16 22:21 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll 2015-08-11 21:30 - 2015-07-16 22:20 - 19870208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2015-08-11 21:30 - 2015-07-16 21:53 - 00145408 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll 2015-08-11 21:30 - 2015-07-16 21:51 - 00504320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll 2015-08-11 21:30 - 2015-07-16 21:50 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec 2015-08-11 21:30 - 2015-07-16 21:45 - 02279424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2015-08-11 21:30 - 2015-07-16 21:45 - 01032704 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll 2015-08-11 21:30 - 2015-07-16 21:41 - 00479232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2015-08-11 21:30 - 2015-07-16 21:39 - 00664064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll 2015-08-11 21:30 - 2015-07-16 21:38 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll 2015-08-11 21:30 - 2015-07-16 21:36 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2015-08-11 21:30 - 2015-07-16 21:34 - 14451200 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2015-08-11 21:30 - 2015-07-16 21:32 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2015-08-11 21:30 - 2015-07-16 21:14 - 02880000 _____ (Microsoft Corporation) C:\Windows\system32\actxprxy.dll 2015-08-11 21:30 - 2015-07-16 21:13 - 00880128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll 2015-08-11 21:30 - 2015-07-16 21:12 - 04520448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2015-08-11 21:30 - 2015-07-16 21:12 - 02427904 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2015-08-11 21:30 - 2015-07-16 21:10 - 12856832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2015-08-11 21:30 - 2015-07-16 21:06 - 00689152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2015-08-11 21:30 - 2015-07-16 21:01 - 01545728 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2015-08-11 21:30 - 2015-07-16 20:52 - 01048576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\actxprxy.dll 2015-08-11 21:30 - 2015-07-16 20:49 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll 2015-08-11 21:30 - 2015-07-16 20:42 - 01951232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2015-08-11 21:30 - 2015-07-16 20:38 - 01310720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2015-08-11 21:30 - 2015-07-16 20:37 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll 2015-08-11 21:30 - 2015-07-16 02:29 - 07458648 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe 2015-08-11 21:30 - 2015-07-16 02:29 - 01735000 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll 2015-08-11 21:30 - 2015-07-16 02:29 - 00101720 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mountmgr.sys 2015-08-11 21:30 - 2015-07-16 02:28 - 01499920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll 2015-08-11 21:30 - 2015-07-14 05:22 - 02529880 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll 2015-08-11 21:30 - 2015-07-14 05:21 - 01901776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll 2015-08-11 21:30 - 2015-07-13 21:46 - 00059392 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll 2015-08-11 21:30 - 2015-07-13 21:45 - 00059392 _____ (Microsoft Corporation) C:\Windows\system32\basesrv.dll 2015-08-11 21:30 - 2015-07-10 20:19 - 01101824 _____ (Microsoft Corporation) C:\Windows\system32\rdvidcrl.dll 2015-08-11 21:30 - 2015-07-10 19:54 - 01217024 _____ (Microsoft Corporation) C:\Windows\system32\sysmain.dll 2015-08-11 21:30 - 2015-07-10 19:42 - 02345472 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll 2015-08-11 21:30 - 2015-07-10 19:14 - 00856064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdvidcrl.dll 2015-08-11 21:30 - 2015-07-10 19:13 - 07032320 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll 2015-08-11 21:30 - 2015-07-10 18:47 - 01556992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll 2015-08-11 21:30 - 2015-07-10 18:31 - 06213120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll 2015-08-11 21:30 - 2015-07-09 19:13 - 00221184 _____ (Microsoft Corporation) C:\Windows\system32\notepad.exe 2015-08-11 21:30 - 2015-07-09 19:13 - 00221184 _____ (Microsoft Corporation) C:\Windows\notepad.exe 2015-08-11 21:30 - 2015-07-09 18:30 - 00212992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe 2015-08-11 21:30 - 2015-07-07 11:40 - 00270168 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdFilter.sys 2015-08-11 21:30 - 2015-07-07 11:40 - 00114520 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdNisDrv.sys 2015-08-11 21:30 - 2015-07-07 11:40 - 00044560 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdBoot.sys 2015-08-11 21:30 - 2015-07-02 00:19 - 00228864 _____ (Microsoft Corporation) C:\Windows\system32\WebClnt.dll 2015-08-11 21:30 - 2015-07-02 00:16 - 00104448 _____ (Microsoft Corporation) C:\Windows\system32\davclnt.dll 2015-08-11 21:30 - 2015-07-01 23:37 - 00198656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WebClnt.dll 2015-08-11 21:30 - 2015-07-01 23:35 - 00087040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\davclnt.dll 2015-08-11 21:10 - 2015-08-11 21:10 - 00010079 _____ C:\Users\Christian\Desktop\Gmer.txt 2015-08-11 21:02 - 2015-08-11 21:02 - 00380416 _____ C:\Users\Christian\Downloads\Gmer-19357.exe 2015-08-11 20:59 - 2015-08-13 09:31 - 00001189 _____ C:\Users\Christian\Desktop\mbam.txt 2015-08-11 20:52 - 2015-08-13 09:44 - 00000000 ____D C:\FRST 2015-08-11 20:52 - 2015-08-13 09:43 - 02173952 _____ (Farbar) C:\Users\Christian\Downloads\FRST64.exe 2015-08-11 20:50 - 2015-08-11 20:50 - 00000000 _____ C:\Users\Christian\defogger_reenable 2015-08-11 20:48 - 2015-08-11 20:48 - 00050477 _____ C:\Users\Christian\Downloads\Defogger.exe 2015-08-11 20:35 - 2015-08-11 20:35 - 00000000 _____ C:\Users\Christian\Desktop\190.151.10.226.txt 2015-08-11 19:38 - 2015-08-11 19:38 - 00000000 ____D C:\Users\Christian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox 2015-08-11 16:15 - 2015-08-11 16:16 - 00000000 ____D C:\Users\Christian\Downloads\Neuer Ordner 2015-08-11 13:58 - 2015-08-11 13:58 - 00000000 ____D C:\ProgramData\ATI 2015-08-10 12:39 - 2015-08-10 12:39 - 00003554 _____ C:\Windows\System32\Tasks\GarminUpdaterTask 2015-08-10 12:39 - 2015-08-10 12:39 - 00000000 ____D C:\Users\Christian\AppData\Roaming\Garmin 2015-08-10 12:39 - 2015-08-10 12:39 - 00000000 ____D C:\Users\Christian\AppData\Local\Garmin_Ltd._or_its_subsid 2015-08-10 12:39 - 2015-08-10 12:39 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Garmin 2015-08-10 12:39 - 2015-08-10 12:39 - 00000000 ____D C:\ProgramData\Garmin 2015-08-10 12:39 - 2015-08-10 12:39 - 00000000 ____D C:\Program Files\DIFX 2015-08-10 12:39 - 2015-08-10 12:39 - 00000000 ____D C:\Program Files (x86)\Garmin 2015-08-10 11:22 - 2015-08-10 11:22 - 00048947 _____ C:\Windows\SysWOW64\CCCInstall_201508101122310578.log 2015-08-10 11:22 - 2015-08-10 11:22 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD Catalyst Control Center 2015-08-10 01:07 - 2015-08-10 01:07 - 00000752 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinSCP.lnk 2015-08-10 01:07 - 2015-08-10 01:07 - 00000668 _____ C:\Users\Public\Desktop\WinSCP.lnk 2015-08-10 00:40 - 2015-08-10 00:40 - 00000000 ____D C:\Users\Christian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Total Commander 2015-08-10 00:40 - 2015-08-10 00:40 - 00000000 ____D C:\Users\Christian\AppData\Roaming\GHISLER 2015-08-09 22:34 - 2015-08-09 22:34 - 00000036 _____ C:\Users\Christian\Desktop\Ohne Titel.avi.sfl 2015-08-09 13:51 - 2015-08-11 21:16 - 00000000 ____D C:\Users\Christian\Desktop\GIGASET QV1030 2015-08-07 22:41 - 2015-08-07 22:41 - 00000014 _____ C:\Users\Christian\Desktop\g2a.txt 2015-08-05 00:20 - 2015-08-06 23:06 - 00000000 ____D C:\Windows\Minidump 2015-08-03 20:55 - 2015-08-03 20:55 - 00003364 _____ C:\Windows\System32\Tasks\Skype 2015-08-02 23:32 - 2015-08-02 23:39 - 00000000 ____D C:\Users\Christian\Desktop\Spende 2015-08-02 20:22 - 2015-08-02 20:22 - 00000000 ____D C:\Users\Christian\Desktop\Verkauf 2015-08-02 19:13 - 2015-08-13 09:38 - 00000000 ____D C:\Users\Christian\.rainlendar2 2015-08-02 19:13 - 2015-08-02 19:13 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Rainlendar2 2015-08-02 19:12 - 2015-08-02 19:13 - 00000000 ____D C:\Program Files\Rainlendar2 2015-08-02 18:46 - 2015-08-02 18:46 - 00000000 ____D C:\Users\Christian\AppData\Local\CEF 2015-08-02 16:23 - 2015-07-14 23:59 - 01113944 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ndis.sys 2015-08-02 16:23 - 2015-07-14 23:59 - 00487256 _____ (Microsoft Corporation) C:\Windows\system32\netcfgx.dll 2015-08-02 16:23 - 2015-07-14 23:59 - 00393560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\netcfgx.dll 2015-08-02 16:23 - 2015-06-12 19:03 - 18823680 _____ (Microsoft Corporation) C:\Windows\system32\Windows.UI.Xaml.dll 2015-08-02 16:23 - 2015-06-12 18:36 - 15159296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.UI.Xaml.dll 2015-08-02 16:23 - 2015-06-11 22:12 - 02476376 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys 2015-08-02 16:23 - 2015-06-11 22:12 - 00428888 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\FWPKCLNT.SYS 2015-08-02 16:23 - 2015-06-09 20:27 - 00411133 _____ C:\Windows\system32\ApnDatabase.xml 2015-08-01 18:05 - 2015-08-01 18:05 - 00000000 ____D C:\ProgramData\newbackup 2015-08-01 18:04 - 2015-08-01 18:04 - 00000000 ____D C:\ProgramData\rmbwizard 2015-08-01 18:04 - 2015-08-01 18:04 - 00000000 ____D C:\ProgramData\launcher 2015-08-01 18:03 - 2015-08-01 18:03 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Paragon Backup and Recovery™ 2014 Free 2015-08-01 18:03 - 2015-08-01 18:03 - 00000000 ____D C:\Program Files\Paragon Software 2015-08-01 18:02 - 2015-08-01 18:02 - 00000000 ____D C:\Users\Christian\AppData\Local\Downloaded Installations 2015-08-01 18:02 - 2015-08-01 18:02 - 00000000 ____D C:\ProgramData\explauncher 2015-07-29 05:44 - 2015-07-29 05:44 - 00458472 _____ C:\Windows\system32\amdmiracast.dll 2015-07-29 05:44 - 2015-07-29 05:44 - 00107784 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\amdave64.dll 2015-07-29 05:44 - 2015-07-29 05:44 - 00100568 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\amdave32.dll 2015-07-29 05:43 - 2015-07-29 05:43 - 00141792 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\amdhcp64.dll 2015-07-29 05:43 - 2015-07-29 05:43 - 00128384 _____ (Advanced Micro Devices, Inc.) C:\Windows\SysWOW64\amdhcp32.dll 2015-07-29 05:43 - 2015-07-29 05:43 - 00078432 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atimpc64.dll 2015-07-29 05:42 - 2015-07-29 05:42 - 00078432 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\amdpcom64.dll 2015-07-29 05:42 - 2015-07-29 05:42 - 00071704 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atimpc32.dll 2015-07-29 05:42 - 2015-07-29 05:42 - 00071704 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\amdpcom32.dll 2015-07-29 05:26 - 2015-07-29 05:26 - 00297672 _____ (Advanced Micro Devices) C:\Windows\system32\Drivers\amdacpksd.sys 2015-07-29 05:15 - 2015-07-29 05:15 - 21622784 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\Drivers\atikmdag.sys 2015-07-29 05:09 - 2015-07-29 05:09 - 47785472 _____ (Advanced Micro Devices Inc.) C:\Windows\system32\amdocl64.dll 2015-07-29 05:09 - 2015-07-29 05:09 - 00235008 _____ C:\Windows\system32\clinfo.exe 2015-07-29 05:08 - 2015-07-29 05:08 - 39714816 _____ (Advanced Micro Devices Inc.) C:\Windows\SysWOW64\amdocl.dll 2015-07-29 05:07 - 2015-07-29 05:07 - 00065024 _____ (Khronos Group) C:\Windows\system32\OpenCL.dll 2015-07-29 05:07 - 2015-07-29 05:07 - 00059392 _____ (Khronos Group) C:\Windows\SysWOW64\OpenCL.dll 2015-07-29 05:06 - 2015-07-29 05:06 - 27535872 _____ (Advanced Micro Devices Inc.) C:\Windows\system32\amdocl12cl64.dll 2015-07-29 05:05 - 2015-07-29 05:05 - 22318592 _____ (Advanced Micro Devices Inc.) C:\Windows\SysWOW64\amdocl12cl.dll 2015-07-29 04:41 - 2015-07-29 04:41 - 06477312 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\amdmantle64.dll 2015-07-29 04:41 - 2015-07-29 04:41 - 00127488 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\mantle64.dll 2015-07-29 04:41 - 2015-07-29 04:41 - 00113664 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\mantle32.dll 2015-07-29 04:36 - 2015-07-29 04:36 - 05068288 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\amdmantle32.dll 2015-07-29 04:34 - 2015-07-29 04:34 - 30752256 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\atio6axx.dll 2015-07-29 04:34 - 2015-07-29 04:34 - 00134656 _____ C:\Windows\system32\amdhdl64.dll 2015-07-29 04:34 - 2015-07-29 04:34 - 00123392 _____ C:\Windows\SysWOW64\amdhdl32.dll 2015-07-29 04:34 - 2015-07-29 04:34 - 00050688 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\amdmmcl6.dll 2015-07-29 04:34 - 2015-07-29 04:34 - 00039424 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\amdmmcl.dll 2015-07-29 04:33 - 2015-07-29 04:33 - 00093696 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\mantleaxl64.dll 2015-07-29 04:33 - 2015-07-29 04:33 - 00086528 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\mantleaxl32.dll 2015-07-29 04:32 - 2015-07-29 04:32 - 03437632 _____ C:\Windows\system32\atiumd6a.cap 2015-07-29 04:30 - 2015-07-29 04:30 - 15716864 _____ (Advanced Micro Devices Inc.) C:\Windows\system32\aticaldd64.dll 2015-07-29 04:30 - 2015-07-29 04:30 - 00660928 _____ C:\Windows\SysWOW64\atiapfxx.blb 2015-07-29 04:30 - 2015-07-29 04:30 - 00660928 _____ C:\Windows\system32\atiapfxx.blb 2015-07-29 04:30 - 2015-07-29 04:30 - 00367104 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\atiapfxx.exe 2015-07-29 04:30 - 2015-07-29 04:30 - 00062464 _____ (Advanced Micro Devices Inc.) C:\Windows\system32\aticalrt64.dll 2015-07-29 04:30 - 2015-07-29 04:30 - 00055808 _____ (Advanced Micro Devices Inc.) C:\Windows\system32\aticalcl64.dll 2015-07-29 04:30 - 2015-07-29 04:30 - 00052224 _____ (Advanced Micro Devices Inc.) C:\Windows\SysWOW64\aticalrt.dll 2015-07-29 04:30 - 2015-07-29 04:30 - 00049152 _____ (Advanced Micro Devices Inc.) C:\Windows\SysWOW64\aticalcl.dll 2015-07-29 04:29 - 2015-07-29 04:29 - 14302208 _____ (Advanced Micro Devices Inc.) C:\Windows\SysWOW64\aticaldd.dll 2015-07-29 04:28 - 2015-07-29 04:28 - 25299968 _____ (Advanced Micro Devices, Inc.) C:\Windows\SysWOW64\atioglxx.dll 2015-07-29 04:28 - 2015-07-29 04:28 - 03471376 _____ C:\Windows\SysWOW64\atiumdva.cap 2015-07-29 04:26 - 2015-07-29 04:26 - 00672768 _____ (AMD) C:\Windows\system32\atieclxx.exe 2015-07-29 04:26 - 2015-07-29 04:26 - 00204800 _____ C:\Windows\system32\amdgfxinfo64.dll 2015-07-29 04:26 - 2015-07-29 04:26 - 00189952 _____ C:\Windows\SysWOW64\amdgfxinfo32.dll 2015-07-29 04:26 - 2015-07-29 04:26 - 00160256 _____ C:\Windows\system32\atieah64.exe 2015-07-29 04:26 - 2015-07-29 04:26 - 00143872 _____ C:\Windows\SysWOW64\atieah32.exe 2015-07-29 04:26 - 2015-07-29 04:26 - 00029696 _____ (AMD) C:\Windows\system32\atimuixx.dll 2015-07-29 04:25 - 2015-07-29 04:25 - 00246784 _____ (AMD) C:\Windows\system32\atiesrxx.exe 2015-07-29 04:25 - 2015-07-29 04:25 - 00190976 _____ (AMD) C:\Windows\system32\atitmm64.dll 2015-07-29 04:24 - 2015-07-29 04:24 - 00089088 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atisamu64.dll 2015-07-29 04:24 - 2015-07-29 04:24 - 00080896 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atisamu32.dll 2015-07-29 04:23 - 2015-07-29 04:23 - 00043520 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\Drivers\ati2erec.dll 2015-07-29 04:22 - 2015-07-29 04:22 - 00926720 _____ (Advanced Micro Devices, Inc.) C:\Windows\SysWOW64\atiadlxy.dll 2015-07-29 04:22 - 2015-07-29 04:22 - 00926720 _____ (Advanced Micro Devices, Inc.) C:\Windows\SysWOW64\atiadlxx.dll 2015-07-29 04:22 - 2015-07-29 04:22 - 00665088 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\Drivers\atikmpag.sys 2015-07-29 04:22 - 2015-07-29 04:22 - 00156672 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atig6txx.dll 2015-07-29 04:22 - 2015-07-29 04:22 - 00141824 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atigktxx.dll 2015-07-29 04:22 - 2015-07-29 04:22 - 00075264 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atig6pxx.dll 2015-07-29 04:22 - 2015-07-29 04:22 - 00069632 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atiglpxx.dll 2015-07-29 04:22 - 2015-07-29 04:22 - 00069632 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atiglpxx.dll 2015-07-29 04:19 - 2015-07-29 04:19 - 00102912 _____ C:\Windows\system32\hsa-thunk64.dll 2015-07-29 04:19 - 2015-07-29 04:19 - 00102400 _____ C:\Windows\SysWOW64\hsa-thunk.dll 2015-07-27 22:18 - 2015-07-27 22:18 - 00000000 ____D C:\Users\Christian\AppData\Roaming\AMD 2015-07-27 21:56 - 2015-08-13 09:38 - 00000000 ____D C:\Users\Christian\AppData\Roaming\FAHClient 2015-07-27 21:56 - 2015-07-27 21:56 - 00000000 ____D C:\Users\Christian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FAHClient 2015-07-27 21:56 - 2015-07-27 21:56 - 00000000 ____D C:\Program Files (x86)\FAHClient 2015-07-27 09:21 - 2015-07-27 09:21 - 00089104 _____ (Razer Inc) C:\Windows\system32\RazerCoinstaller.dll 2015-07-26 23:04 - 2015-07-26 23:06 - 00000000 ____D C:\Users\Christian\Desktop\FH Bewerbungen WiSe_2015 2015-07-25 13:56 - 2015-08-13 00:02 - 00000000 ____D C:\Users\Christian\AppData\Roaming\Everything 2015-07-25 13:56 - 2015-07-25 13:56 - 00000000 ____D C:\Users\Christian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Everything 2015-07-25 13:56 - 2015-07-25 13:56 - 00000000 ____D C:\Program Files\Everything 2015-07-23 07:41 - 2014-06-10 00:13 - 00035480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TsWpfWrp.exe 2015-07-23 07:41 - 2014-06-10 00:13 - 00035480 _____ (Microsoft Corporation) C:\Windows\system32\TsWpfWrp.exe 2015-07-21 21:26 - 2015-07-23 18:33 - 00000000 ____D C:\Program Files (x86)\Mozilla Thunderbird 2015-07-21 18:45 - 2015-07-21 18:45 - 00000000 ____D C:\Users\Christian\AppData\Roaming\Publish Providers 2015-07-21 18:42 - 2015-08-09 22:31 - 00000000 ____D C:\Users\Christian\Documents\Movie Studio Platinum 12.0 Projekte 2015-07-21 18:41 - 2015-07-21 18:42 - 00000000 ____D C:\Users\Christian\AppData\Local\Sony 2015-07-21 18:41 - 2015-07-21 18:41 - 00000000 ____D C:\ProgramData\Sony 2015-07-21 18:41 - 2015-07-21 18:41 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sony 2015-07-21 18:41 - 2015-07-21 18:41 - 00000000 ____D C:\Program Files\Sony 2015-07-21 18:41 - 2015-07-21 18:41 - 00000000 ____D C:\Program Files (x86)\Sony 2015-07-21 18:35 - 2015-07-21 18:35 - 00000000 ____D C:\Windows\SysWOW64\XPSViewer 2015-07-21 18:35 - 2015-07-21 18:35 - 00000000 ____D C:\Program Files\Reference Assemblies 2015-07-21 18:35 - 2015-07-21 18:35 - 00000000 ____D C:\Program Files\MSBuild 2015-07-21 18:35 - 2015-07-21 18:35 - 00000000 ____D C:\Program Files (x86)\Reference Assemblies 2015-07-21 18:35 - 2015-07-21 18:35 - 00000000 ____D C:\Program Files (x86)\MSBuild 2015-07-21 18:34 - 2013-08-03 06:48 - 01166520 _____ (Microsoft Corporation) C:\Windows\system32\PresentationNative_v0300.dll 2015-07-21 18:34 - 2013-08-03 06:41 - 00778936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PresentationNative_v0300.dll 2015-07-21 18:31 - 2015-07-21 18:54 - 00000000 ____D C:\Users\Christian\AppData\Roaming\Sony 2015-07-20 22:53 - 2015-05-12 02:24 - 00536920 _____ (Microsoft Corporation) C:\Windows\system32\mcupdate_GenuineIntel.dll 2015-07-20 22:53 - 2015-05-01 03:13 - 06521800 _____ (Microsoft Corporation) C:\Windows\system32\sppsvc.exe 2015-07-20 22:53 - 2015-05-01 03:13 - 01488000 _____ (Microsoft Corporation) C:\Windows\system32\sppobjs.dll 2015-07-20 22:53 - 2015-05-01 03:13 - 00261376 _____ (Microsoft Corporation) C:\Windows\system32\sppwinob.dll 2015-07-15 19:51 - 2015-06-28 07:07 - 00442712 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll 2015-07-15 19:51 - 2015-06-28 07:07 - 00178008 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys 2015-07-15 19:51 - 2015-06-28 07:06 - 01311960 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll 2015-07-15 19:51 - 2015-06-28 07:06 - 00332120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll 2015-07-15 19:51 - 2015-06-27 18:42 - 00747520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll 2015-07-15 19:51 - 2015-06-27 05:13 - 00202240 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys 2015-07-15 19:51 - 2015-06-27 05:12 - 00401408 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys 2015-07-15 19:51 - 2015-06-27 05:12 - 00284672 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys 2015-07-15 19:51 - 2015-06-27 04:40 - 00445440 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll 2015-07-15 19:51 - 2015-06-27 04:05 - 01441792 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll 2015-07-15 19:51 - 2015-06-27 04:00 - 00989184 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll 2015-07-15 19:51 - 2015-06-27 03:53 - 00324096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll 2015-07-15 19:51 - 2015-06-27 03:26 - 00802816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll 2015-07-15 19:50 - 2015-07-09 20:40 - 00359936 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll 2015-07-15 19:50 - 2015-06-27 05:08 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll 2015-07-15 19:50 - 2015-06-27 05:08 - 00052224 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll 2015-07-15 19:50 - 2015-06-27 04:14 - 00027136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll 2015-07-15 19:50 - 2015-05-30 23:18 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\werdiagcontroller.dll 2015-07-15 19:50 - 2015-05-30 21:36 - 00230400 _____ (Microsoft Corporation) C:\Windows\system32\AudioEndpointBuilder.dll 2015-07-15 19:50 - 2015-05-30 21:35 - 00911360 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll 2015-07-15 19:49 - 2015-06-16 00:41 - 00065024 _____ (Microsoft Corporation) C:\Windows\system32\msiexec.exe 2015-07-15 19:49 - 2015-06-16 00:24 - 03320320 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll 2015-07-15 19:49 - 2015-06-15 23:16 - 00059904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msiexec.exe 2015-07-15 19:49 - 2015-06-15 23:09 - 03607552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll 2015-07-15 19:49 - 2015-06-15 22:50 - 02774528 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll 2015-07-15 19:49 - 2015-06-15 21:57 - 02460160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll 2015-07-15 19:49 - 2015-03-09 04:02 - 00067584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\storvsp.sys 2015-07-15 19:48 - 2015-06-16 07:36 - 01661576 _____ (Microsoft Corporation) C:\Windows\system32\ole32.dll 2015-07-15 19:48 - 2015-06-16 07:36 - 01212248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ole32.dll 2015-07-15 19:48 - 2015-06-16 00:38 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll 2015-07-15 19:48 - 2015-06-16 00:02 - 00087552 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx 2015-07-15 19:48 - 2015-06-15 23:58 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll 2015-07-15 19:48 - 2015-06-15 23:57 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2015-07-15 19:48 - 2015-06-15 23:55 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll 2015-07-15 19:48 - 2015-06-15 23:13 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll 2015-07-15 19:48 - 2015-06-15 22:47 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx 2015-07-15 19:48 - 2015-06-15 22:44 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll 2015-07-15 19:48 - 2015-06-15 22:43 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll 2015-07-15 19:48 - 2015-06-15 22:42 - 00128000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll 2015-07-15 19:48 - 2015-06-15 22:41 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll 2015-07-15 19:48 - 2015-06-15 22:32 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll 2015-07-15 19:48 - 2015-06-15 22:30 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl 2015-07-15 19:48 - 2015-06-15 22:30 - 00327168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll 2015-07-15 19:48 - 2015-06-11 05:49 - 01380600 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll 2015-07-15 19:48 - 2015-06-10 18:13 - 01097216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll 2015-07-15 12:20 - 2015-07-15 12:20 - 00103424 _____ (Advanced Micro Devices) C:\Windows\system32\DelayAPO.dll 2015-07-15 12:20 - 2015-07-15 12:20 - 00102912 _____ (Advanced Micro Devices) C:\Windows\system32\Drivers\AtihdWB6.sys 2015-07-14 20:35 - 2015-06-27 01:21 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll 2015-07-14 20:35 - 2015-05-12 15:19 - 00294912 _____ (Microsoft Corporation) C:\Windows\system32\SystemEventsBrokerServer.dll 2015-07-14 20:35 - 2015-05-11 18:34 - 00332800 _____ (Microsoft Corporation) C:\Windows\system32\fhcpl.dll 2015-07-14 20:35 - 2015-05-07 19:50 - 22292672 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll 2015-07-14 20:35 - 2015-05-07 19:00 - 03109376 _____ (Microsoft Corporation) C:\Windows\system32\ExplorerFrame.dll 2015-07-14 20:35 - 2015-05-07 18:53 - 19734960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll 2015-07-14 20:35 - 2015-05-07 18:47 - 00564224 _____ (Microsoft Corporation) C:\Windows\system32\apphelp.dll 2015-07-14 20:35 - 2015-05-07 18:12 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ExplorerFrame.dll 2015-07-14 20:35 - 2015-05-07 17:21 - 00522240 _____ (Microsoft Corporation) C:\Windows\system32\GeofenceMonitorService.dll 2015-07-14 20:35 - 2015-05-07 17:05 - 00367104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\GeofenceMonitorService.dll 2015-07-14 20:35 - 2015-05-03 17:09 - 00274944 _____ (Microsoft Corporation) C:\Windows\system32\Windows.ApplicationModel.Store.TestingFramework.dll 2015-07-14 20:35 - 2015-05-03 17:07 - 07784448 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Data.Pdf.dll 2015-07-14 20:35 - 2015-05-03 16:58 - 00210944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll 2015-07-14 20:35 - 2015-05-03 16:57 - 05264384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Data.Pdf.dll 2015-07-14 20:35 - 2015-05-03 16:55 - 00971776 _____ (Microsoft Corporation) C:\Windows\system32\WSShared.dll 2015-07-14 20:35 - 2015-05-03 16:49 - 00811008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSShared.dll 2015-07-14 20:35 - 2015-05-03 02:39 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll 2015-07-14 20:35 - 2015-04-30 01:22 - 00130048 _____ (Microsoft Corporation) C:\Windows\system32\WiFiDisplay.dll 2015-07-14 20:35 - 2015-04-28 15:13 - 00513480 _____ C:\Windows\SysWOW64\locale.nls 2015-07-14 20:35 - 2015-04-28 15:13 - 00513480 _____ C:\Windows\system32\locale.nls 2015-07-14 20:35 - 2015-04-25 04:25 - 00020992 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usb8023.sys 2015-07-14 20:35 - 2015-04-23 17:47 - 03084288 _____ (Microsoft Corporation) C:\Windows\system32\msftedit.dll 2015-07-14 20:35 - 2015-04-23 17:16 - 02471424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msftedit.dll ==================== Ein Monat: Geänderte Dateien und Ordner ======== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.) 2015-08-13 09:43 - 2015-05-16 01:44 - 00000000 ____D C:\Users\Christian\AppData\Roaming\mIRC 2015-08-13 09:43 - 2014-09-24 08:16 - 01776918 _____ C:\Windows\system32\PerfStringBackup.INI 2015-08-13 09:43 - 2014-09-24 07:43 - 00764340 _____ C:\Windows\system32\perfh007.dat 2015-08-13 09:43 - 2014-09-24 07:43 - 00159160 _____ C:\Windows\system32\perfc007.dat 2015-08-13 09:42 - 2015-04-03 15:41 - 00003596 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3557826585-2545589941-765533996-1001 2015-08-13 09:38 - 2015-06-14 17:44 - 00000000 ____D C:\Users\Christian\AppData\Roaming\Skype 2015-08-13 09:38 - 2015-04-03 16:24 - 00000000 ____D C:\Users\Christian\AppData\Roaming\Dropbox 2015-08-13 09:37 - 2015-04-13 22:26 - 00113880 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2015-08-13 09:37 - 2015-04-03 15:40 - 00001140 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2015-08-13 09:37 - 2013-08-22 16:45 - 00000006 ____H C:\Windows\Tasks\SA.DAT 2015-08-13 09:36 - 2013-08-22 15:25 - 00262144 ___SH C:\Windows\system32\config\BBI 2015-08-13 09:35 - 2015-06-12 22:25 - 00001266 _____ C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-3557826585-2545589941-765533996-1001UA.job 2015-08-13 09:35 - 2015-04-03 16:19 - 00000000 ____D C:\Users\Christian\AppData\Roaming\ClassicShell 2015-08-13 09:04 - 2015-05-18 19:04 - 00000945 _____ C:\Windows\Tasks\EPSON XP-412 413 415 Series Update {138DC8C1-9376-4B23-B6AD-BB2F375DE385}.job 2015-08-13 09:04 - 2015-05-18 19:04 - 00000759 _____ C:\Windows\Tasks\EPSON XP-412 413 415 Series Invitation {138DC8C1-9376-4B23-B6AD-BB2F375DE385}.job 2015-08-13 09:04 - 2015-04-11 16:43 - 00000000 ____D C:\Users\Christian\AppData\Roaming\Nitro PDF 2015-08-13 09:03 - 2015-04-03 15:40 - 00001144 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2015-08-13 09:00 - 2013-08-22 17:36 - 00000000 ____D C:\Windows\system32\sru 2015-08-13 08:22 - 2015-05-28 20:28 - 00000000 ____D C:\Users\Christian\AppData\Local\Adobe 2015-08-13 08:22 - 2015-04-03 17:52 - 00003962 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{27C6D7FB-4289-49E3-A0CE-D5E22103A395} 2015-08-13 00:02 - 2015-04-13 23:44 - 00000600 _____ C:\Users\Christian\AppData\Roaming\winscp.rnd 2015-08-12 20:06 - 2013-08-22 17:36 - 00000000 ____D C:\Windows\AppReadiness 2015-08-12 18:29 - 2015-05-25 11:16 - 00000000 ____D C:\Users\Christian\AppData\Local\Greenshot 2015-08-12 17:06 - 2015-05-05 18:30 - 00000000 ____D C:\ProgramData\boost_interprocess 2015-08-12 15:31 - 2015-04-03 16:26 - 00000000 ____D C:\Users\Christian\AppData\Roaming\AgileBits 2015-08-12 14:31 - 2013-08-22 17:36 - 00000000 ____D C:\Windows\rescache 2015-08-12 13:35 - 2015-06-12 22:25 - 00001214 _____ C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-3557826585-2545589941-765533996-1001Core.job 2015-08-11 23:19 - 2015-04-03 15:40 - 00000000 ____D C:\Users\Christian\AppData\Local\Google 2015-08-11 23:19 - 2015-04-03 15:40 - 00000000 ____D C:\Program Files (x86)\Google 2015-08-11 23:03 - 2015-04-03 15:36 - 00000000 ____D C:\Users\Christian 2015-08-11 21:36 - 2013-08-22 17:36 - 00000000 ___RD C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools 2015-08-11 21:36 - 2013-08-22 17:36 - 00000000 ___RD C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories 2015-08-11 21:36 - 2013-08-22 17:36 - 00000000 ___RD C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools 2015-08-11 21:36 - 2013-08-22 17:36 - 00000000 ___RD C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories 2015-08-11 21:36 - 2013-08-22 17:36 - 00000000 ____D C:\Program Files\Windows Defender 2015-08-11 21:36 - 2013-08-22 17:36 - 00000000 ____D C:\Program Files (x86)\Windows Defender 2015-08-11 21:34 - 2015-04-03 15:57 - 00000000 ____D C:\Windows\system32\MRT 2015-08-11 21:34 - 2013-08-22 17:20 - 00000000 ____D C:\Windows\CbsTemp 2015-08-11 21:31 - 2015-04-03 15:57 - 132483416 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe 2015-08-11 21:30 - 2015-04-03 16:39 - 00000000 ____D C:\Windows\system32\appraiser 2015-08-11 21:30 - 2014-09-24 09:41 - 00000000 ___SD C:\Windows\system32\CompatTel 2015-08-11 20:45 - 2015-04-03 15:36 - 00000000 ____D C:\Users\Christian\AppData\Local\VirtualStore 2015-08-10 12:39 - 2015-04-03 15:42 - 00000000 ____D C:\ProgramData\Package Cache 2015-08-10 11:50 - 2015-04-03 23:30 - 00000000 ____D C:\Users\Christian\Desktop\Sortieren 2015-08-10 11:22 - 2015-04-03 15:41 - 00000000 ____D C:\AMD 2015-08-09 22:47 - 2015-04-04 22:27 - 00000000 ____D C:\Users\Christian\AppData\Roaming\vlc 2015-08-08 15:55 - 2014-09-24 09:43 - 00794088 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2015-08-08 15:55 - 2014-09-24 09:43 - 00179688 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2015-08-06 19:37 - 2015-04-03 15:36 - 00000000 ____D C:\Users\Christian\AppData\Local\Packages 2015-08-03 00:20 - 2015-04-03 18:00 - 00000000 ____D C:\ProgramData\Origin 2015-08-02 16:22 - 2015-05-16 17:11 - 00000000 ____D C:\Program Files (x86)\BlueStacks 2015-08-02 16:03 - 2013-03-31 17:20 - 00001371 _____ C:\Users\Christian\Desktop\Systemwiederherstellung.lnk 2015-08-02 11:01 - 2015-05-16 17:11 - 00000000 ____D C:\ProgramData\BlueStacksSetup 2015-08-01 12:22 - 2015-04-03 15:44 - 00000000 ____D C:\Program Files (x86)\Razer 2015-07-30 18:36 - 2015-04-03 16:22 - 00000000 ____D C:\Program Files (x86)\1Password 4 2015-07-29 05:42 - 2015-03-19 06:15 - 00133016 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atiuxpag.dll 2015-07-29 05:42 - 2015-03-19 06:15 - 00120144 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atiu9p64.dll 2015-07-29 05:42 - 2014-07-21 22:04 - 00152056 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atiuxp64.dll 2015-07-29 05:42 - 2014-07-21 22:04 - 00102616 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atiu9pag.dll 2015-07-29 05:41 - 2014-07-21 22:04 - 11948704 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atidxx64.dll 2015-07-29 05:41 - 2014-07-21 22:04 - 01445224 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\aticfx64.dll 2015-07-29 05:41 - 2014-07-21 22:04 - 01193904 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\aticfx32.dll 2015-07-29 05:40 - 2015-03-19 06:14 - 10094152 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atidxx32.dll 2015-07-29 05:40 - 2014-07-21 22:04 - 07929616 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atiumdva.dll 2015-07-29 05:40 - 2014-07-21 22:04 - 07408936 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atiumdag.dll 2015-07-29 05:39 - 2015-03-19 06:14 - 08893160 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atiumd6a.dll 2015-07-29 05:39 - 2015-03-19 06:14 - 08779872 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atiumd64.dll 2015-07-29 04:26 - 2015-03-19 04:04 - 00442368 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\atidemgy.dll 2015-07-29 04:22 - 2015-03-19 03:40 - 01247744 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\atiadlxx.dll 2015-07-29 04:17 - 2015-06-23 03:21 - 00865792 _____ (AMD) C:\Windows\system32\coinst_15.20.dll 2015-07-28 22:07 - 2015-04-03 16:57 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service 2015-07-28 21:05 - 2015-07-10 19:29 - 00000000 ___HD C:\$Windows.~BT 2015-07-28 21:00 - 2015-04-03 16:31 - 00000000 ____D C:\Windows\Panther 2015-07-25 13:39 - 2015-05-16 22:38 - 00000000 ____D C:\Program Files\CCleaner 2015-07-25 13:37 - 2015-04-03 16:44 - 00000000 ___SD C:\Windows\system32\GWX 2015-07-23 07:54 - 2015-05-17 13:55 - 00000000 ____D C:\Program Files\Microsoft Office 15 2015-07-21 18:35 - 2013-08-22 17:36 - 00000000 ____D C:\Windows\SysWOW64\MUI 2015-07-21 18:35 - 2013-08-22 17:36 - 00000000 ____D C:\Windows\system32\MUI 2015-07-19 13:30 - 2015-06-12 22:25 - 00004220 _____ C:\Windows\System32\Tasks\DropboxUpdateTaskUserS-1-5-21-3557826585-2545589941-765533996-1001UA 2015-07-19 13:30 - 2015-06-12 22:25 - 00003840 _____ C:\Windows\System32\Tasks\DropboxUpdateTaskUserS-1-5-21-3557826585-2545589941-765533996-1001Core 2015-07-17 19:38 - 2015-04-03 16:44 - 00000000 ___SD C:\Windows\SysWOW64\GWX 2015-07-16 20:57 - 2015-04-03 15:40 - 00004116 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA 2015-07-16 20:57 - 2015-04-03 15:40 - 00003880 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore 2015-07-15 23:38 - 2013-08-22 17:36 - 00000000 ___RD C:\Windows\ToastData 2015-07-15 23:38 - 2013-08-22 17:36 - 00000000 ____D C:\Windows\WinStore 2015-07-15 23:38 - 2013-08-22 17:36 - 00000000 ____D C:\Windows\PolicyDefinitions ==================== Dateien im Wurzelverzeichnis einiger Verzeichnisse ======= 2015-04-13 23:44 - 2015-08-13 00:02 - 0000600 _____ () C:\Users\Christian\AppData\Roaming\winscp.rnd 2015-04-12 00:45 - 2015-06-16 23:24 - 0000600 _____ () C:\Users\Christian\AppData\Local\PUTTY.RND Einige Dateien in TEMP: ==================== C:\Users\Christian\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmppxeuki.dll C:\Users\Christian\AppData\Local\Temp\Quarantine.exe C:\Users\Christian\AppData\Local\Temp\sqlite3.dll ==================== Bamital & volsnap ================= (Es ist kein automatischer Fix für Dateien vorhanden, die an der Verifikation gescheitert sind.) C:\Windows\system32\winlogon.exe => Datei ist digital signiert C:\Windows\system32\wininit.exe => Datei ist digital signiert C:\Windows\explorer.exe => Datei ist digital signiert C:\Windows\SysWOW64\explorer.exe => Datei ist digital signiert C:\Windows\system32\svchost.exe => Datei ist digital signiert C:\Windows\SysWOW64\svchost.exe => Datei ist digital signiert C:\Windows\system32\services.exe => Datei ist digital signiert C:\Windows\system32\User32.dll => Datei ist digital signiert C:\Windows\SysWOW64\User32.dll => Datei ist digital signiert C:\Windows\system32\userinit.exe => Datei ist digital signiert C:\Windows\SysWOW64\userinit.exe => Datei ist digital signiert C:\Windows\system32\rpcss.dll => Datei ist digital signiert C:\Windows\system32\dnsapi.dll => Datei ist digital signiert C:\Windows\SysWOW64\dnsapi.dll => Datei ist digital signiert C:\Windows\system32\Drivers\volsnap.sys => Datei ist digital signiert LastRegBack: 2015-08-06 19:19 ==================== Ende von Ergebnis ============================ |
13.08.2015, 15:00 | #7 |
/// the machine /// TB-Ausbilder | Windows 8.1 64bit - Browser spuckt mir eine IP aus Chile ausESET Online Scanner
Downloade Dir bitte SecurityCheck und:
und ein frisches FRST log bitte. Noch Probleme?
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
13.08.2015, 19:25 | #8 |
| Windows 8.1 64bit - Browser spuckt mir eine IP aus Chile aus Ich hatte seitdem keine Meldung mehr, war hoffentlich nur eine einmalige Sache? Evtl. Proxy aktiv? Zumindest hatte ich keinen gestartet. Code:
ATTFilter ESETSmartInstaller@High as downloader log: all ok # product=EOS # version=8 # OnlineScannerApp.exe=1.0.0.1 # EOSSerial=57eedc279ec9cf4fa80a07fb9153de2f # end=init # utc_time=2015-08-13 02:47:33 # local_time=2015-08-13 04:47:33 (+0100, Mitteleuropäische Sommerzeit) # country="Germany" # osver=6.2.9200 NT # nod_component=V3 Build:0x30000000 Update Init Update Download Update Finalize Updated modules version: 25262 # product=EOS # version=8 # OnlineScannerApp.exe=1.0.0.1 # EOSSerial=57eedc279ec9cf4fa80a07fb9153de2f # end=updated # utc_time=2015-08-13 02:48:33 # local_time=2015-08-13 04:48:33 (+0100, Mitteleuropäische Sommerzeit) # country="Germany" # osver=6.2.9200 NT # nod_component=V3 Build:0x30000000 # product=EOS # version=8 # OnlineScannerApp.exe=1.0.0.1 # OnlineScanner.ocx=1.0.0.7777 # api_version=3.1.1 # EOSSerial=57eedc279ec9cf4fa80a07fb9153de2f # engine=25262 # end=finished # remove_checked=false # archives_checked=true # unwanted_checked=true # unsafe_checked=false # antistealth_checked=true # utc_time=2015-08-13 04:01:29 # local_time=2015-08-13 06:01:29 (+0100, Mitteleuropäische Sommerzeit) # country="Germany" # lang=1031 # osver=6.2.9200 NT # compatibility_mode_1='' # compatibility_mode=5893 16776574 100 94 159914 13157956 0 0 # compatibility_mode_1='ESET Smart Security 8.0' # compatibility_mode=8228 16777213 100 100 8321777 17038395 0 0 # scanned=344318 # found=0 # cleaned=0 # scan_time=4375 # nod_component=V3 Build:0x30000000 Code:
ATTFilter Results of screen317's Security Check version 1.006 x64 (UAC is enabled) Internet Explorer 11 ``````````````Antivirus/Firewall Check:`````````````` ESET Smart Security 8.0 Windows Defender Antivirus out of date! `````````Anti-malware/Other Utilities Check:````````` Mozilla Thunderbird (38.1.0) Google Chrome (44.0.2403.130) Google Chrome (44.0.2403.155) ````````Process Check: objlist.exe by Laurent```````` ESET NOD32 Antivirus egui.exe ESET NOD32 Antivirus ekrn.exe Malwarebytes Anti-Malware mbamservice.exe Malwarebytes Anti-Malware mbam.exe ESET ESET Online Scanner OnlineScannerApp.exe Malwarebytes Anti-Malware mbamscheduler.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C: % ````````````````````End of Log`````````````````````` Code:
ATTFilter Untersuchungsergebnis von Farbar Recovery Scan Tool (FRST) (x64) Version:12-08-2015 durchgeführt von Christian (Administrator) auf CHRISDESKTOP (13-08-2015 20:23:36) Gestartet von C:\Users\Christian\Downloads Geladene Profile: Christian (Verfügbare Profile: Christian) Platform: Windows 8.1 Pro (X64) Sprache: Deutsch (Deutschland) Internet Explorer Version 11 (Standard-Browser: Chrome) Start-Modus: Normal Anleitung für Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Prozesse (Nicht auf der Ausnahmeliste) ================= (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Prozess geschlossen. Die Datei wird nicht verschoben.) (AMD) C:\Windows\System32\atiesrxx.exe (AMD) C:\Windows\System32\atieclxx.exe (Intel Corporation) C:\Windows\System32\igfxCUIService.exe (Apple Inc.) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe (ESET) C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe () C:\Program Files\Everything\Everything.exe (Garmin Ltd. or its subsidiaries) C:\Program Files (x86)\Garmin\Device Interaction Service\GarminService.exe (Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe (Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe (Nitro PDF Software) C:\Program Files\Common Files\Nitro\Reader\3.0\NitroPDFReaderDriverService3x64.exe () C:\Windows\SysWOW64\PnkBstrA.exe () C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe (Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe (Adobe Systems Incorporated) C:\Program Files\Adobe\Elements 13 Organizer\PhotoshopElementsFileAgent.exe (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.28.1\GoogleCrashHandler.exe (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.28.1\GoogleCrashHandler64.exe (Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe (IvoSoft) C:\Program Files\Classic Shell\ClassicStartMenu.exe (Intel Corporation) C:\Windows\System32\igfxEM.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (CMedia) C:\Program Files\ASUS Xonar DX Audio\Customapp\AsusAudioCenter.exe () C:\Windows\SysWOW64\HsMgr.exe () C:\Windows\System\HsMgr64.exe (ESET) C:\Program Files\ESET\ESET Smart Security\egui.exe (Greenshot) C:\Program Files\Greenshot\Greenshot.exe () C:\Program Files\Everything\Everything.exe (Polar Electro Oy) C:\Program Files (x86)\Polar\Polar FlowSync\flowsync.exe (Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe (Secomba GmbH) C:\Program Files (x86)\Boxcryptor\Boxcryptor.exe () C:\Program Files\Rainlendar2\Rainlendar2.exe (Garmin Ltd. or its subsidiaries) C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe (Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe (Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe (Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe (InDeep Software) D:\#Programme\ScreenBlur\ScreenBlur.exe (QIP) D:\#Programme\QIP 2012\qip.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Dropbox, Inc.) C:\Users\Christian\AppData\Roaming\Dropbox\bin\Dropbox.exe (AgileBits) C:\Program Files (x86)\1Password 4\Agile1pAgent.exe (CANON INC.) C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe (Advanced Micro Devices Inc.) C:\AMD\ATI.ACE\Core-Static\MOM.exe (Advanced Micro Devices Inc.) C:\AMD\ATI.ACE\Core-Static\CCC.exe () C:\Program Files (x86)\FAHClient\FAHClient.exe (mIRC Co. Ltd.) D:\#Programme\gIRC\mirc.exe (Telegram Messenger LLP) C:\Users\Christian\AppData\Roaming\Telegram Desktop\Telegram.exe (AgileBits) C:\Program Files (x86)\1Password 4\1Password.exe (Valve Corporation) E:\Steam\Steam.exe (Valve Corporation) E:\Steam\bin\steamwebhelper.exe (Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation) E:\Steam\bin\steamwebhelper.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (ESET) C:\Program Files (x86)\ESET\ESET Online Scanner\OnlineScannerApp.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe () C:\Users\Christian\Downloads\SecurityCheck.exe (Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe ==================== Registry (Nicht auf der Ausnahmeliste) ================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt. Die Datei wird nicht verschoben.) HKLM\...\Run: [Classic Start Menu] => C:\Program Files\Classic Shell\ClassicStartMenu.exe [161984 2014-04-20] (IvoSoft) HKLM\...\Run: [Cmaudio8788] => C:\Windows\syswow64\RunDll32.exe C:\Windows\Syswow64\cmicnfgp.dll,CMICtrlWnd HKLM\...\Run: [Cmaudio8788GX] => C:\Windows\syswow64\HsMgr.exe [200704 2008-07-11] () HKLM\...\Run: [Cmaudio8788GX64] => C:\Windows\system\HsMgr64.exe [282112 2008-07-11] () HKLM\...\Run: [egui] => C:\Program Files\ESET\ESET Smart Security\egui.exe [5595848 2015-01-28] (ESET) HKLM\...\Run: [Greenshot] => C:\Program Files\Greenshot\Greenshot.exe [536576 2014-12-29] (Greenshot) HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [557984 2014-08-27] (Adobe Systems Incorporated) HKLM\...\Run: [Everything] => C:\Program Files\Everything\Everything.exe [1441792 2014-08-06] () HKLM-x32\...\Run: [Agile1pAgent] => C:\Program Files (x86)\1Password 4\Agile1pAgent.exe [4859152 2015-07-29] (AgileBits) HKLM-x32\...\Run: [IJNetworkScannerSelectorEX] => C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe [452272 2012-08-31] (CANON INC.) HKLM-x32\...\Run: [PDFPrint] => C:\Program Files (x86)\PDF24\pdf24.exe [193568 2014-11-28] (Geek Software GmbH) HKLM-x32\...\Run: [] => [X] HKLM-x32\...\Run: [Razer Synapse] => C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe [590144 2015-04-22] (Razer Inc.) HKLM-x32\...\Run: [BlueStacks Agent] => C:\Program Files (x86)\BlueStacks\HD-Agent.exe [896632 2015-07-22] (BlueStack Systems, Inc.) HKLM-x32\...\Run: [StartCCC] => C:\AMD\ATI.ACE\Core-Static\amd64\CLIStart.exe [767176 2015-07-28] (Advanced Micro Devices, Inc.) HKU\S-1-5-21-3557826585-2545589941-765533996-1001\...\Run: [Polar FlowSync] => C:\Program Files (x86)\Polar\Polar FlowSync\flowsync.exe [1125376 2014-11-11] (Polar Electro Oy) HKU\S-1-5-21-3557826585-2545589941-765533996-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8418584 2015-07-17] (Piriform Ltd) HKU\S-1-5-21-3557826585-2545589941-765533996-1001\...\Run: [CCleaner] => C:\Program Files\CCleaner\CCleaner64.exe [8418584 2015-07-17] (Piriform Ltd) HKU\S-1-5-21-3557826585-2545589941-765533996-1001\...\Run: [EPLTarget\P0000000000000000] => C:\Windows\system32\spool\DRIVERS\x64\3\E_IATILEE.EXE [297024 2013-01-24] (SEIKO EPSON CORPORATION) HKU\S-1-5-21-3557826585-2545589941-765533996-1001\...\Run: [Dropbox Update] => C:\Users\Christian\AppData\Local\Dropbox\Update\DropboxUpdate.exe [134512 2015-06-12] (Dropbox, Inc.) HKU\S-1-5-21-3557826585-2545589941-765533996-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [53282944 2015-06-29] (Skype Technologies S.A.) HKU\S-1-5-21-3557826585-2545589941-765533996-1001\...\Run: [Boxcryptor.exe] => C:\Program Files (x86)\Boxcryptor\Boxcryptor.exe [2460424 2015-06-26] (Secomba GmbH) HKU\S-1-5-21-3557826585-2545589941-765533996-1001\...\Run: [Rainlendar2] => C:\Program Files\Rainlendar2\Rainlendar2.exe [4411488 2014-03-16] () HKU\S-1-5-21-3557826585-2545589941-765533996-1001\...\Run: [GarminExpressTrayApp] => C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe [1404248 2015-07-29] (Garmin Ltd. or its subsidiaries) HKU\S-1-5-21-3557826585-2545589941-765533996-1001\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [22344224 2015-07-29] (Google) HKU\S-1-5-21-3557826585-2545589941-765533996-1001\...\Run: [ScreenBlur by InDeep Software] => D:\#Programme\ScreenBlur\ScreenBlur.exe [615936 2015-08-12] (InDeep Software) HKU\S-1-5-21-3557826585-2545589941-765533996-1001\...\Run: [GoogleChromeAutoLaunch_F95133299531DA24C7CB703BC8432DCE] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [813896 2015-08-08] (Google Inc.) HKU\S-1-5-21-3557826585-2545589941-765533996-1001\...\Run: [Infium] => D:\#Programme\QIP 2012\qip.exe [8503280 2014-03-04] (QIP) Startup: C:\Users\Christian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma.lnk [2015-05-28] ShortcutTarget: Adobe Gamma.lnk -> C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.) Startup: C:\Users\Christian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2015-04-03] ShortcutTarget: Dropbox.lnk -> C:\Users\Christian\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) Startup: C:\Users\Christian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Folding@home.lnk [2015-07-27] ShortcutTarget: Folding@home.lnk -> C:\Program Files (x86)\FAHClient\HideConsole.exe () Startup: C:\Users\Christian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mirc - Verknüpfung.lnk [2015-07-05] ShortcutTarget: mirc - Verknüpfung.lnk -> D:\#Programme\gIRC\mirc.exe (mIRC Co. Ltd.) Startup: C:\Users\Christian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Telegram.lnk [2015-08-10] ShortcutTarget: Telegram.lnk -> C:\Users\Christian\AppData\Roaming\Telegram Desktop\Telegram.exe (Telegram Messenger LLP) SSODL: EldosMountNotificator-cbfs4 - {1A0784DC-4CE3-4BC6-9318-6B5BAC32AA2F} - C:\Windows\system32\cbfsMntNtf4.dll (EldoS Corporation) SSODL-x32: EldosMountNotificator-cbfs4 - {1A0784DC-4CE3-4BC6-9318-6B5BAC32AA2F} - C:\Windows\SysWOW64\cbfsMntNtf4.dll (EldoS Corporation) ShellIconOverlayIdentifiers: [ "CryptorShellExtHandler.IconOverlayExt"] -> {011F39D2-A764-419E-9479-69C93F6D37E0} => C:\Program Files (x86)\Boxcryptor\ShellExt\x64\Boxcryptor.Ext.dll [2015-06-26] (Secomba GmbH) ShellIconOverlayIdentifiers: [ "CryptorShellExtHandler.IconOverlayExt2"] -> {F61B4933-D8AF-40DE-A335-F9B3BE1FF878} => C:\Program Files (x86)\Boxcryptor\ShellExt\x64\Boxcryptor.IconOverlayBlocker.Ext.dll [2015-06-26] (Secomba GmbH) ShellIconOverlayIdentifiers: [ GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2015-07-29] (Google) ShellIconOverlayIdentifiers: [ GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2015-07-29] (Google) ShellIconOverlayIdentifiers: [ GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2015-07-29] (Google) ShellIconOverlayIdentifiers: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Christian\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll [2015-08-06] (Dropbox, Inc.) ShellIconOverlayIdentifiers: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Christian\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll [2015-08-06] (Dropbox, Inc.) ShellIconOverlayIdentifiers: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Christian\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll [2015-08-06] (Dropbox, Inc.) ShellIconOverlayIdentifiers: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Christian\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll [2015-08-06] (Dropbox, Inc.) ShellIconOverlayIdentifiers: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Christian\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll [2015-08-06] (Dropbox, Inc.) ShellIconOverlayIdentifiers: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Christian\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll [2015-08-06] (Dropbox, Inc.) ShellIconOverlayIdentifiers: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Christian\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll [2015-08-06] (Dropbox, Inc.) ShellIconOverlayIdentifiers: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Christian\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll [2015-08-06] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [EldosIconOverlay-cbfs4] -> {76212FC9-6D58-4922-AC6B-82A31D17104E} => C:\Windows\system32\cbfsMntNtf4.dll [2013-11-15] (EldoS Corporation) ShellIconOverlayIdentifiers: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer64.dll [2014-04-20] (IvoSoft) ShellIconOverlayIdentifiers-x32: [ "CryptorShellExtHandler.IconOverlayExt"] -> {011F39D2-A764-419E-9479-69C93F6D37E0} => C:\Program Files (x86)\Boxcryptor\ShellExt\x86\Boxcryptor.Ext.dll [2015-06-26] (Secomba GmbH) ShellIconOverlayIdentifiers-x32: [ "CryptorShellExtHandler.IconOverlayExt2"] -> {F61B4933-D8AF-40DE-A335-F9B3BE1FF878} => C:\Program Files (x86)\Boxcryptor\ShellExt\x86\Boxcryptor.IconOverlayBlocker.Ext.dll [2015-06-26] (Secomba GmbH) ShellIconOverlayIdentifiers-x32: [EldosIconOverlay-cbfs4] -> {76212FC9-6D58-4922-AC6B-82A31D17104E} => C:\Windows\SysWOW64\cbfsMntNtf4.dll [2013-11-15] (EldoS Corporation) ShellIconOverlayIdentifiers-x32: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer32.dll [2014-04-20] (IvoSoft) ==================== Internet (Nicht auf der Ausnahmeliste) ==================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Eintrag entfernt oder auf den Standardwert zurückgesetzt, wenn es sich um einen Registryeintrag handelt..) HKU\S-1-5-21-3557826585-2545589941-765533996-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/de-de/?ocid=iehp SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = BHO: 1Password -> {037C06D5-3893-49E8-9AC0-41F7524AFBF5} -> C:\Program Files (x86)\1Password 4\x64\Agile1pIE4.dll [2015-07-29] (AgileBits) BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll [2015-06-09] (Microsoft Corporation) BHO: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer64.dll [2014-04-20] (IvoSoft) BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [2015-06-16] (Microsoft Corporation) BHO: ClassicIEBHO Class -> {EA801577-E6AD-4BD5-8F71-4BE0154331A4} -> C:\Program Files\Classic Shell\ClassicIEDLL_64.dll [2014-04-20] (IvoSoft) BHO-x32: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer32.dll [2014-04-20] (IvoSoft) BHO-x32: ClassicIEBHO Class -> {EA801577-E6AD-4BD5-8F71-4BE0154331A4} -> C:\Program Files\Classic Shell\ClassicIEDLL_32.dll [2014-04-20] (IvoSoft) Toolbar: HKLM - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer64.dll [2014-04-20] (IvoSoft) Toolbar: HKLM-x32 - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer32.dll [2014-04-20] (IvoSoft) Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2015-06-01] (Microsoft Corporation) Tcpip\Parameters: [DhcpNameServer] 192.168.0.1 Tcpip\..\Interfaces\{7EF60E29-A117-4FCD-B3D5-07222DAC1A17}: [DhcpNameServer] 192.168.0.1 FireFox: ======== FF Plugin: @esn/npbattlelog,version=2.6.2 -> C:\Program Files (x86)\Battlelog Web Plugins\2.6.2\npbattlelogx64.dll [2015-01-13] (EA Digital Illusions CE AB) FF Plugin-x32: @esn/npbattlelog,version=2.6.2 -> C:\Program Files (x86)\Battlelog Web Plugins\2.6.2\npbattlelog.dll [Keine Datei] FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2015-06-01] (Microsoft Corporation) FF Plugin-x32: @nitropdf.com/NitroPDF -> C:\Program Files (x86)\Nitro\Reader 3\npnitromozilla.dll [2013-03-26] (Nitro PDF) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-07-16] (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-07-16] (Google Inc.) Chrome: ======= CHR Profile: C:\Users\Christian\AppData\Local\Google\Chrome\User Data\Default CHR Extension: (Google Slides) - C:\Users\Christian\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-04-03] CHR Extension: (Duolingo on the Web) - C:\Users\Christian\AppData\Local\Google\Chrome\User Data\Default\Extensions\aiahmijlpehemcpleichkcokhegllfjl [2015-04-03] CHR Extension: (Facebook Video Downloader) - C:\Users\Christian\AppData\Local\Google\Chrome\User Data\Default\Extensions\amjcoehkcacocffpmhnefgoeanepjfkf [2015-04-24] CHR Extension: (Google Docs) - C:\Users\Christian\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-04-03] CHR Extension: (1Password: Password Manager and Secure Wallet) - C:\Users\Christian\AppData\Local\Google\Chrome\User Data\Default\Extensions\aomjjhallfgjeglblehebfpbcfeobpgk [2015-04-03] CHR Extension: (Google Drive) - C:\Users\Christian\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-04-03] CHR Extension: (aklamio Cashbar) - C:\Users\Christian\AppData\Local\Google\Chrome\User Data\Default\Extensions\bailoifpnpbamefjlgpcfebledceocbf [2015-04-03] CHR Extension: (WOT: Web of Trust, Website Reputation Ratings) - C:\Users\Christian\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhmmomiinigofkjcapegjjndpbikblnp [2015-04-03] CHR Extension: (YouTube) - C:\Users\Christian\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-04-03] CHR Extension: (Adblock Plus) - C:\Users\Christian\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2015-04-03] CHR Extension: (Telegram) - C:\Users\Christian\AppData\Local\Google\Chrome\User Data\Default\Extensions\clhhggbfdinjmjhajaheehoeibfljjno [2015-04-03] CHR Extension: (Google Search) - C:\Users\Christian\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-04-03] CHR Extension: (Tampermonkey) - C:\Users\Christian\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhdgffkkebhmkfjojejmpbldmpobfkfo [2015-04-03] CHR Extension: (busuu.com) - C:\Users\Christian\AppData\Local\Google\Chrome\User Data\Default\Extensions\epadnjldocmkadjbopkanclaamocokoo [2015-04-03] CHR Extension: (Google Sheets) - C:\Users\Christian\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-04-03] CHR Extension: (Web page captures from browser) - C:\Users\Christian\AppData\Local\Google\Chrome\User Data\Default\Extensions\fomlbefjpamblimccfdomfgpgokdljcg [2015-04-03] CHR Extension: (yingBar) - C:\Users\Christian\AppData\Local\Google\Chrome\User Data\Default\Extensions\gckfalecfdjjpbelmpfieecfdeapfoep [2015-04-03] CHR Extension: (FoxyProxy Standard) - C:\Users\Christian\AppData\Local\Google\Chrome\User Data\Default\Extensions\gcknhkkoolaabfmlnjonogaaifnjlfnp [2015-04-03] CHR Extension: (Desktop Notifications for Android) - C:\Users\Christian\AppData\Local\Google\Chrome\User Data\Default\Extensions\giicnncicnopjohcpamieklkiacdoeni [2015-04-03] CHR Extension: (Downloads - Your Download Box) - C:\Users\Christian\AppData\Local\Google\Chrome\User Data\Default\Extensions\gjihnjejboipjmadkpmknccijhibnpfe [2015-04-03] CHR Extension: (Unlimited Free VPN - Hola) - C:\Users\Christian\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkojfkhlekighikafcpjkiklfbnlmeio [2015-08-13] CHR Extension: (Dropbox) - C:\Users\Christian\AppData\Local\Google\Chrome\User Data\Default\Extensions\ioekoebejdcmnlefjiknokhhafglcjdl [2015-04-03] CHR Extension: (Disconnect) - C:\Users\Christian\AppData\Local\Google\Chrome\User Data\Default\Extensions\jeoacafpbcihiomhlakheieifhpjdfeo [2015-04-03] CHR Extension: (Image Search Options) - C:\Users\Christian\AppData\Local\Google\Chrome\User Data\Default\Extensions\kljmejbpilkadikecejccebmccagifhl [2015-04-03] CHR Extension: (iGraal) - C:\Users\Christian\AppData\Local\Google\Chrome\User Data\Default\Extensions\kmhkepipobnjllejbafajoemahjejdcm [2015-04-03] CHR Extension: (Auto HD For YouTube™) - C:\Users\Christian\AppData\Local\Google\Chrome\User Data\Default\Extensions\koiaokdomkpjdgniimnkhgbilbjgpeak [2015-04-03] CHR Extension: (Momentum) - C:\Users\Christian\AppData\Local\Google\Chrome\User Data\Default\Extensions\laookkfknpbbblfpciffpaejjkokdgca [2015-04-03] CHR Extension: (Evernote Web) - C:\Users\Christian\AppData\Local\Google\Chrome\User Data\Default\Extensions\lbfehkoinhhcknnbdgnnmjhiladcgbol [2015-08-13] CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Christian\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-04-03] CHR Extension: (Capture Webpage Screenshot - FireShot) - C:\Users\Christian\AppData\Local\Google\Chrome\User Data\Default\Extensions\mcbpblocgmgfnpjjppndjkmgjaogfceg [2015-04-03] CHR Extension: (qipu Cashbackmelder open beta) - C:\Users\Christian\AppData\Local\Google\Chrome\User Data\Default\Extensions\mloigoojndlehdjiemdfpiikieonngel [2015-04-03] CHR Extension: (Ghostery) - C:\Users\Christian\AppData\Local\Google\Chrome\User Data\Default\Extensions\mlomiejdfkolichcflejclcbmpeaniij [2015-04-03] CHR Extension: (F.B Purity-Clean Up Facebook) - C:\Users\Christian\AppData\Local\Google\Chrome\User Data\Default\Extensions\ncdlagniojmheiklojdcpdaeepochckl [2015-04-03] CHR Extension: (Hangouts) - C:\Users\Christian\AppData\Local\Google\Chrome\User Data\Default\Extensions\nckgahadagoaajjgafhacjanaoiihapd [2015-04-03] CHR Extension: (Keepa - Amazon Price Tracker) - C:\Users\Christian\AppData\Local\Google\Chrome\User Data\Default\Extensions\neebplgakaahbhdphmkckjjcegoiijjo [2015-04-03] CHR Extension: (Chrome Web Store Payments) - C:\Users\Christian\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-04-03] CHR Extension: (eBay XXL-Photos) - C:\Users\Christian\AppData\Local\Google\Chrome\User Data\Default\Extensions\nndhjgnljmmablcpnppcdfbagielaiho [2015-04-03] CHR Extension: (Enhanced Steam) - C:\Users\Christian\AppData\Local\Google\Chrome\User Data\Default\Extensions\okadibdjfemgnhjiembecghcbfknbfhg [2015-04-03] CHR Extension: (PAYBACK Internet Assistent für Google Chrome) - C:\Users\Christian\AppData\Local\Google\Chrome\User Data\Default\Extensions\pbfjbhoglggakhkngkbfehgghkaadeba [2015-04-03] CHR Extension: (ModernDeck) - C:\Users\Christian\AppData\Local\Google\Chrome\User Data\Default\Extensions\pbpfgdgddpnbjcbpofmdanfbbigocklj [2015-04-03] CHR Extension: (Gutscheinsammler Finder) - C:\Users\Christian\AppData\Local\Google\Chrome\User Data\Default\Extensions\pilobbegphefikcgjpajnneiiahhejam [2015-04-03] CHR Extension: (Gmail) - C:\Users\Christian\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-04-03] CHR HKU\S-1-5-21-3557826585-2545589941-765533996-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - https://clients2.google.com/service/update2/crx ==================== Dienste (Nicht auf der Ausnahmeliste) ======================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.) S3 Adobe LM Service; C:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [72704 2015-05-28] (Adobe Systems) [Datei ist nicht signiert] R2 AdobeActiveFileMonitor13.0; C:\Program Files\Adobe\Elements 13 Organizer\PhotoshopElementsFileAgent.exe [231120 2014-08-31] (Adobe Systems Incorporated) S3 BstHdAndroidSvc; C:\Program Files (x86)\BlueStacks\HD-Service.exe [433784 2015-06-16] (BlueStack Systems, Inc.) S3 BstHdLogRotatorSvc; C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe [413304 2015-06-16] (BlueStack Systems, Inc.) S3 BstHdUpdaterSvc; C:\Program Files (x86)\BlueStacks\HD-UpdaterService.exe [831096 2015-07-21] (BlueStack Systems, Inc.) S3 BthHFSrv; C:\Windows\System32\BthHFSrv.dll [324608 2014-10-29] (Microsoft Corporation) R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2753720 2015-07-01] (Microsoft Corporation) R2 ekrn; C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe [1349576 2015-01-28] (ESET) R2 Everything; C:\Program Files\Everything\Everything.exe [1441792 2014-08-06] () [Datei ist nicht signiert] R2 Garmin Device Interaction Service; C:\Program Files (x86)\Garmin\Device Interaction Service\GarminService.exe [754120 2015-07-29] (Garmin Ltd. or its subsidiaries) R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [319376 2014-10-01] (Intel Corporation) R2 MBAMScheduler; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe [1871160 2015-06-18] (Malwarebytes Corporation) R2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [1133880 2015-06-18] (Malwarebytes Corporation) R2 NitroReaderDriverReadSpool3; C:\Program Files\Common Files\Nitro\Reader\3.0\NitroPDFReaderDriverService3x64.exe [230416 2013-03-26] (Nitro PDF Software) S3 Origin Client Service; E:\Origin\OriginClientService.exe [2007048 2015-08-02] (Electronic Arts) R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76152 2015-04-05] () R2 Razer Game Scanner Service; C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe [187072 2015-02-05] () R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [5495056 2015-06-18] (TeamViewer GmbH) S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366552 2015-07-07] (Microsoft Corporation) S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2015-07-07] (Microsoft Corporation) ===================== Treiber (Nicht auf der Ausnahmeliste) ========================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.) S0 amdkmafd; C:\Windows\System32\drivers\amdkmafd.sys [21160 2012-09-23] (Advanced Micro Devices, Inc.) R0 amdkmpfd; C:\Windows\System32\drivers\amdkmpfd.sys [62152 2014-10-28] (Advanced Micro Devices, Inc.) R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdWB6.sys [102912 2015-07-15] (Advanced Micro Devices) R2 BstHdDrv; C:\Program Files (x86)\BlueStacks\HD-Hypervisor-amd64.sys [145528 2015-06-16] (BlueStack Systems) R1 cbfs4; C:\Windows\system32\drivers\cbfs4.sys [387776 2013-11-15] (EldoS Corporation) R3 cmudaxp; C:\Windows\system32\drivers\cmudaxp.sys [2735616 2013-12-11] (C-Media Inc) R1 eamonm; C:\Windows\System32\DRIVERS\eamonm.sys [246000 2015-03-10] (ESET) R0 edevmon; C:\Windows\System32\DRIVERS\edevmon.sys [241880 2015-03-10] (ESET) R1 ehdrv; C:\Windows\system32\DRIVERS\ehdrv.sys [169792 2015-03-10] (ESET) R2 epfw; C:\Windows\system32\DRIVERS\epfw.sys [222280 2015-03-10] (ESET) R1 EpfwLWF; C:\Windows\system32\DRIVERS\EpfwLWF.sys [44632 2015-03-10] (ESET) R0 epfwwfp; C:\Windows\System32\DRIVERS\epfwwfp.sys [64208 2015-03-10] (ESET) R1 mbamchameleon; C:\Windows\system32\drivers\mbamchameleon.sys [109272 2015-06-18] (Malwarebytes Corporation) R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-06-18] (Malwarebytes Corporation) R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [113880 2015-08-13] (Malwarebytes Corporation) R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [64216 2015-06-18] (Malwarebytes Corporation) R0 PxHlpa64; C:\Windows\System32\drivers\PxHlpa64.sys [56336 2013-09-03] (Corel Corporation) S3 RTCore64; C:\Program Files (x86)\MSI Afterburner\RTCore64.sys [13368 2013-03-11] () R3 rzendpt; C:\Windows\System32\drivers\rzendpt.sys [49872 2015-07-13] (Razer Inc) R2 rzpmgrk; C:\Windows\system32\drivers\rzpmgrk.sys [37184 2015-02-05] (Razer, Inc.) R2 rzpnk; C:\Windows\system32\drivers\rzpnk.sys [129600 2015-03-03] (Razer, Inc.) U5 TMUSB; C:\Windows\System32\DRIVERS\TMUSB64.SYS [63096 2014-03-19] (Seiko Epson Corporation) R1 UimBus; C:\Windows\System32\drivers\UimBus.sys [102664 2014-05-19] () R1 Uim_DEVIM; C:\Windows\System32\drivers\uim_devim.sys [25992 2014-05-19] () R1 Uim_IM; C:\Windows\System32\drivers\uim_im.sys [700296 2014-05-19] () R3 vpnpbus; C:\Windows\System32\drivers\vpnpbus.sys [18624 2013-11-15] (EldoS Corporation) ==================== NetSvcs (Nicht auf der Ausnahmeliste) =================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.) ==================== Ein Monat: Erstellte Dateien und Ordner ======== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.) 2015-08-13 20:23 - 2015-08-13 20:23 - 00031516 _____ C:\Users\Christian\Downloads\FRST.txt 2015-08-13 20:23 - 2015-08-13 20:23 - 00000955 _____ C:\Users\Christian\Desktop\checkup.txt 2015-08-13 20:22 - 2015-08-13 20:22 - 00001513 _____ C:\Users\Christian\Desktop\eset.txt 2015-08-13 16:51 - 2015-08-13 16:51 - 00852684 _____ C:\Users\Christian\Downloads\SecurityCheck.exe 2015-08-13 16:47 - 2015-08-13 16:47 - 02870984 _____ (ESET) C:\Users\Christian\Downloads\esetsmartinstaller_deu.exe 2015-08-13 16:47 - 2015-08-13 16:47 - 00000000 ____D C:\Program Files (x86)\ESET 2015-08-13 09:44 - 2015-08-13 09:44 - 00039775 _____ C:\Users\Christian\Downloads\Addition.txt 2015-08-13 09:43 - 2015-08-13 09:43 - 00000000 ____D C:\Users\Christian\Downloads\FRST-OlderVersion 2015-08-13 09:39 - 2015-08-13 09:39 - 01791580 _____ (Malwarebytes Corporation) C:\Users\Christian\Downloads\JRT.exe 2015-08-13 09:33 - 2015-08-13 09:36 - 00000000 ____D C:\AdwCleaner 2015-08-13 09:33 - 2015-08-13 09:33 - 02248704 _____ C:\Users\Christian\Downloads\AdwCleaner_4.208.exe 2015-08-12 20:38 - 2015-08-12 20:38 - 00000000 ____D C:\Users\Christian\AppData\Local\GHISLER 2015-08-12 20:37 - 2015-08-12 20:38 - 00000000 ____D C:\Users\Christian\Desktop\GPX 2015-08-12 19:25 - 2015-08-13 15:57 - 00588148 _____ C:\Windows\WindowsUpdate.log 2015-08-12 18:22 - 2015-08-12 18:22 - 00548073 _____ C:\Users\Christian\Downloads\ScreenBlur_1.3.0.27.zip 2015-08-12 15:36 - 2015-08-12 15:36 - 00000808 _____ C:\Users\Christian\Desktop\dreamboxEDIT.lnk 2015-08-12 15:36 - 2015-08-12 15:36 - 00000000 ____D C:\Users\Christian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\dreamboxEDIT 2015-08-12 12:49 - 2015-08-12 12:50 - 00000000 ____D C:\ProgramData\F-Secure 2015-08-12 12:49 - 2015-08-12 12:49 - 00572456 _____ (F-Secure Corporation) C:\Users\Christian\Downloads\F-SecureOnlineScanner.exe 2015-08-12 12:49 - 2015-08-12 12:49 - 00000000 ____D C:\Users\Christian\AppData\Local\F-Secure 2015-08-12 12:35 - 2015-08-12 17:12 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable) 2015-08-12 12:34 - 2015-08-12 15:06 - 00000000 ____D C:\Users\Christian\Desktop\mbar 2015-08-12 12:33 - 2015-08-12 12:33 - 16502728 _____ (Malwarebytes Corp.) C:\Users\Christian\Downloads\mbar-1.09.1.1004.exe 2015-08-12 00:58 - 2015-08-12 00:58 - 00042040 _____ C:\Users\Christian\Documents\netscan.xml 2015-08-12 00:55 - 2015-08-12 00:55 - 02889262 _____ C:\Users\Christian\Downloads\netscan-607.zip 2015-08-11 23:21 - 2015-08-11 23:21 - 00001559 _____ C:\Users\Christian\Desktop\Google Drive.lnk 2015-08-11 23:19 - 2015-08-11 23:19 - 00931408 _____ (Google Inc.) C:\Users\Christian\Downloads\googledrivesync.exe 2015-08-11 23:19 - 2015-08-11 23:19 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive 2015-08-11 22:52 - 2015-08-12 15:28 - 00000000 ____D C:\Users\Christian\Documents\1Password 2015-08-11 21:34 - 2015-07-30 16:04 - 00124624 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll 2015-08-11 21:34 - 2015-07-30 15:48 - 00103120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll 2015-08-11 21:30 - 2015-07-29 16:37 - 01994752 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll 2015-08-11 21:30 - 2015-07-29 16:30 - 01381888 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll 2015-08-11 21:30 - 2015-07-29 16:23 - 01559552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll 2015-08-11 21:30 - 2015-07-29 01:24 - 00025776 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe 2015-08-11 21:30 - 2015-07-28 16:24 - 01148416 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll 2015-08-11 21:30 - 2015-07-28 16:24 - 01116160 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll 2015-08-11 21:30 - 2015-07-28 16:24 - 00774144 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll 2015-08-11 21:30 - 2015-07-28 16:24 - 00743424 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll 2015-08-11 21:30 - 2015-07-28 16:24 - 00437248 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll 2015-08-11 21:30 - 2015-07-28 16:24 - 00069120 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll 2015-08-11 21:30 - 2015-07-24 20:57 - 04177408 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys 2015-08-11 21:30 - 2015-07-24 20:57 - 00358912 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll 2015-08-11 21:30 - 2015-07-24 20:52 - 00044032 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll 2015-08-11 21:30 - 2015-07-24 19:27 - 00301568 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll 2015-08-11 21:30 - 2015-07-24 19:23 - 00035840 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll 2015-08-11 21:30 - 2015-07-19 03:58 - 00136904 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe 2015-08-11 21:30 - 2015-07-18 20:51 - 03704320 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll 2015-08-11 21:30 - 2015-07-18 20:31 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll 2015-08-11 21:30 - 2015-07-18 20:31 - 00095744 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll 2015-08-11 21:30 - 2015-07-18 20:31 - 00035840 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe 2015-08-11 21:30 - 2015-07-18 20:29 - 00409088 _____ (Microsoft Corporation) C:\Windows\system32\WUSettingsProvider.dll 2015-08-11 21:30 - 2015-07-18 20:29 - 00124928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll 2015-08-11 21:30 - 2015-07-18 20:29 - 00029696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe 2015-08-11 21:30 - 2015-07-18 20:28 - 00081920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll 2015-08-11 21:30 - 2015-07-18 20:12 - 02228736 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll 2015-08-11 21:30 - 2015-07-18 20:10 - 00891904 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll 2015-08-11 21:30 - 2015-07-18 20:09 - 00721920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll 2015-08-11 21:30 - 2015-07-16 23:14 - 25192448 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2015-08-11 21:30 - 2015-07-16 22:36 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll 2015-08-11 21:30 - 2015-07-16 22:36 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec 2015-08-11 21:30 - 2015-07-16 22:35 - 02885632 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2015-08-11 21:30 - 2015-07-16 22:26 - 05923328 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2015-08-11 21:30 - 2015-07-16 22:23 - 00615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2015-08-11 21:30 - 2015-07-16 22:21 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll 2015-08-11 21:30 - 2015-07-16 22:20 - 19870208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2015-08-11 21:30 - 2015-07-16 21:53 - 00145408 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll 2015-08-11 21:30 - 2015-07-16 21:51 - 00504320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll 2015-08-11 21:30 - 2015-07-16 21:50 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec 2015-08-11 21:30 - 2015-07-16 21:45 - 02279424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2015-08-11 21:30 - 2015-07-16 21:45 - 01032704 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll 2015-08-11 21:30 - 2015-07-16 21:41 - 00479232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2015-08-11 21:30 - 2015-07-16 21:39 - 00664064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll 2015-08-11 21:30 - 2015-07-16 21:38 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll 2015-08-11 21:30 - 2015-07-16 21:36 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2015-08-11 21:30 - 2015-07-16 21:34 - 14451200 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2015-08-11 21:30 - 2015-07-16 21:32 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2015-08-11 21:30 - 2015-07-16 21:14 - 02880000 _____ (Microsoft Corporation) C:\Windows\system32\actxprxy.dll 2015-08-11 21:30 - 2015-07-16 21:13 - 00880128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll 2015-08-11 21:30 - 2015-07-16 21:12 - 04520448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2015-08-11 21:30 - 2015-07-16 21:12 - 02427904 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2015-08-11 21:30 - 2015-07-16 21:10 - 12856832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2015-08-11 21:30 - 2015-07-16 21:06 - 00689152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2015-08-11 21:30 - 2015-07-16 21:01 - 01545728 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2015-08-11 21:30 - 2015-07-16 20:52 - 01048576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\actxprxy.dll 2015-08-11 21:30 - 2015-07-16 20:49 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll 2015-08-11 21:30 - 2015-07-16 20:42 - 01951232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2015-08-11 21:30 - 2015-07-16 20:38 - 01310720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2015-08-11 21:30 - 2015-07-16 20:37 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll 2015-08-11 21:30 - 2015-07-16 02:29 - 07458648 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe 2015-08-11 21:30 - 2015-07-16 02:29 - 01735000 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll 2015-08-11 21:30 - 2015-07-16 02:29 - 00101720 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mountmgr.sys 2015-08-11 21:30 - 2015-07-16 02:28 - 01499920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll 2015-08-11 21:30 - 2015-07-14 05:22 - 02529880 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll 2015-08-11 21:30 - 2015-07-14 05:21 - 01901776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll 2015-08-11 21:30 - 2015-07-13 21:46 - 00059392 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll 2015-08-11 21:30 - 2015-07-13 21:45 - 00059392 _____ (Microsoft Corporation) C:\Windows\system32\basesrv.dll 2015-08-11 21:30 - 2015-07-10 20:19 - 01101824 _____ (Microsoft Corporation) C:\Windows\system32\rdvidcrl.dll 2015-08-11 21:30 - 2015-07-10 19:54 - 01217024 _____ (Microsoft Corporation) C:\Windows\system32\sysmain.dll 2015-08-11 21:30 - 2015-07-10 19:42 - 02345472 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll 2015-08-11 21:30 - 2015-07-10 19:14 - 00856064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdvidcrl.dll 2015-08-11 21:30 - 2015-07-10 19:13 - 07032320 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll 2015-08-11 21:30 - 2015-07-10 18:47 - 01556992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll 2015-08-11 21:30 - 2015-07-10 18:31 - 06213120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll 2015-08-11 21:30 - 2015-07-09 19:13 - 00221184 _____ (Microsoft Corporation) C:\Windows\system32\notepad.exe 2015-08-11 21:30 - 2015-07-09 19:13 - 00221184 _____ (Microsoft Corporation) C:\Windows\notepad.exe 2015-08-11 21:30 - 2015-07-09 18:30 - 00212992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe 2015-08-11 21:30 - 2015-07-07 11:40 - 00270168 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdFilter.sys 2015-08-11 21:30 - 2015-07-07 11:40 - 00114520 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdNisDrv.sys 2015-08-11 21:30 - 2015-07-07 11:40 - 00044560 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdBoot.sys 2015-08-11 21:30 - 2015-07-02 00:19 - 00228864 _____ (Microsoft Corporation) C:\Windows\system32\WebClnt.dll 2015-08-11 21:30 - 2015-07-02 00:16 - 00104448 _____ (Microsoft Corporation) C:\Windows\system32\davclnt.dll 2015-08-11 21:30 - 2015-07-01 23:37 - 00198656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WebClnt.dll 2015-08-11 21:30 - 2015-07-01 23:35 - 00087040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\davclnt.dll 2015-08-11 21:02 - 2015-08-11 21:02 - 00380416 _____ C:\Users\Christian\Downloads\Gmer-19357.exe 2015-08-11 20:52 - 2015-08-13 20:23 - 00000000 ____D C:\FRST 2015-08-11 20:52 - 2015-08-13 09:43 - 02173952 _____ (Farbar) C:\Users\Christian\Downloads\FRST64.exe 2015-08-11 20:50 - 2015-08-11 20:50 - 00000000 _____ C:\Users\Christian\defogger_reenable 2015-08-11 20:48 - 2015-08-11 20:48 - 00050477 _____ C:\Users\Christian\Downloads\Defogger.exe 2015-08-11 20:35 - 2015-08-11 20:35 - 00000000 _____ C:\Users\Christian\Desktop\190.151.10.226.txt 2015-08-11 19:38 - 2015-08-11 19:38 - 00000000 ____D C:\Users\Christian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox 2015-08-11 16:15 - 2015-08-11 16:16 - 00000000 ____D C:\Users\Christian\Downloads\Neuer Ordner 2015-08-11 13:58 - 2015-08-11 13:58 - 00000000 ____D C:\ProgramData\ATI 2015-08-10 12:39 - 2015-08-10 12:39 - 00003554 _____ C:\Windows\System32\Tasks\GarminUpdaterTask 2015-08-10 12:39 - 2015-08-10 12:39 - 00000000 ____D C:\Users\Christian\AppData\Roaming\Garmin 2015-08-10 12:39 - 2015-08-10 12:39 - 00000000 ____D C:\Users\Christian\AppData\Local\Garmin_Ltd._or_its_subsid 2015-08-10 12:39 - 2015-08-10 12:39 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Garmin 2015-08-10 12:39 - 2015-08-10 12:39 - 00000000 ____D C:\ProgramData\Garmin 2015-08-10 12:39 - 2015-08-10 12:39 - 00000000 ____D C:\Program Files\DIFX 2015-08-10 12:39 - 2015-08-10 12:39 - 00000000 ____D C:\Program Files (x86)\Garmin 2015-08-10 11:22 - 2015-08-10 11:22 - 00048947 _____ C:\Windows\SysWOW64\CCCInstall_201508101122310578.log 2015-08-10 11:22 - 2015-08-10 11:22 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD Catalyst Control Center 2015-08-10 01:07 - 2015-08-10 01:07 - 00000752 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinSCP.lnk 2015-08-10 01:07 - 2015-08-10 01:07 - 00000668 _____ C:\Users\Public\Desktop\WinSCP.lnk 2015-08-10 00:40 - 2015-08-10 00:40 - 00000000 ____D C:\Users\Christian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Total Commander 2015-08-10 00:40 - 2015-08-10 00:40 - 00000000 ____D C:\Users\Christian\AppData\Roaming\GHISLER 2015-08-09 22:34 - 2015-08-09 22:34 - 00000036 _____ C:\Users\Christian\Desktop\Ohne Titel.avi.sfl 2015-08-09 13:51 - 2015-08-11 21:16 - 00000000 ____D C:\Users\Christian\Desktop\GIGASET QV1030 2015-08-07 22:41 - 2015-08-07 22:41 - 00000014 _____ C:\Users\Christian\Desktop\g2a.txt 2015-08-05 00:20 - 2015-08-06 23:06 - 00000000 ____D C:\Windows\Minidump 2015-08-03 20:55 - 2015-08-03 20:55 - 00003364 _____ C:\Windows\System32\Tasks\Skype 2015-08-02 23:32 - 2015-08-02 23:39 - 00000000 ____D C:\Users\Christian\Desktop\Spende 2015-08-02 20:22 - 2015-08-02 20:22 - 00000000 ____D C:\Users\Christian\Desktop\Verkauf 2015-08-02 19:13 - 2015-08-13 10:24 - 00000000 ____D C:\Users\Christian\.rainlendar2 2015-08-02 19:13 - 2015-08-02 19:13 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Rainlendar2 2015-08-02 19:12 - 2015-08-02 19:13 - 00000000 ____D C:\Program Files\Rainlendar2 2015-08-02 18:46 - 2015-08-02 18:46 - 00000000 ____D C:\Users\Christian\AppData\Local\CEF 2015-08-02 16:23 - 2015-07-14 23:59 - 01113944 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ndis.sys 2015-08-02 16:23 - 2015-07-14 23:59 - 00487256 _____ (Microsoft Corporation) C:\Windows\system32\netcfgx.dll 2015-08-02 16:23 - 2015-07-14 23:59 - 00393560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\netcfgx.dll 2015-08-02 16:23 - 2015-06-12 19:03 - 18823680 _____ (Microsoft Corporation) C:\Windows\system32\Windows.UI.Xaml.dll 2015-08-02 16:23 - 2015-06-12 18:36 - 15159296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.UI.Xaml.dll 2015-08-02 16:23 - 2015-06-11 22:12 - 02476376 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys 2015-08-02 16:23 - 2015-06-11 22:12 - 00428888 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\FWPKCLNT.SYS 2015-08-02 16:23 - 2015-06-09 20:27 - 00411133 _____ C:\Windows\system32\ApnDatabase.xml 2015-08-01 18:05 - 2015-08-01 18:05 - 00000000 ____D C:\ProgramData\newbackup 2015-08-01 18:04 - 2015-08-01 18:04 - 00000000 ____D C:\ProgramData\rmbwizard 2015-08-01 18:04 - 2015-08-01 18:04 - 00000000 ____D C:\ProgramData\launcher 2015-08-01 18:03 - 2015-08-01 18:03 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Paragon Backup and Recovery™ 2014 Free 2015-08-01 18:03 - 2015-08-01 18:03 - 00000000 ____D C:\Program Files\Paragon Software 2015-08-01 18:02 - 2015-08-01 18:02 - 00000000 ____D C:\Users\Christian\AppData\Local\Downloaded Installations 2015-08-01 18:02 - 2015-08-01 18:02 - 00000000 ____D C:\ProgramData\explauncher 2015-07-29 05:44 - 2015-07-29 05:44 - 00458472 _____ C:\Windows\system32\amdmiracast.dll 2015-07-29 05:44 - 2015-07-29 05:44 - 00107784 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\amdave64.dll 2015-07-29 05:44 - 2015-07-29 05:44 - 00100568 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\amdave32.dll 2015-07-29 05:43 - 2015-07-29 05:43 - 00141792 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\amdhcp64.dll 2015-07-29 05:43 - 2015-07-29 05:43 - 00128384 _____ (Advanced Micro Devices, Inc.) C:\Windows\SysWOW64\amdhcp32.dll 2015-07-29 05:43 - 2015-07-29 05:43 - 00078432 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atimpc64.dll 2015-07-29 05:42 - 2015-07-29 05:42 - 00078432 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\amdpcom64.dll 2015-07-29 05:42 - 2015-07-29 05:42 - 00071704 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atimpc32.dll 2015-07-29 05:42 - 2015-07-29 05:42 - 00071704 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\amdpcom32.dll 2015-07-29 05:26 - 2015-07-29 05:26 - 00297672 _____ (Advanced Micro Devices) C:\Windows\system32\Drivers\amdacpksd.sys 2015-07-29 05:15 - 2015-07-29 05:15 - 21622784 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\Drivers\atikmdag.sys 2015-07-29 05:09 - 2015-07-29 05:09 - 47785472 _____ (Advanced Micro Devices Inc.) C:\Windows\system32\amdocl64.dll 2015-07-29 05:09 - 2015-07-29 05:09 - 00235008 _____ C:\Windows\system32\clinfo.exe 2015-07-29 05:08 - 2015-07-29 05:08 - 39714816 _____ (Advanced Micro Devices Inc.) C:\Windows\SysWOW64\amdocl.dll 2015-07-29 05:07 - 2015-07-29 05:07 - 00065024 _____ (Khronos Group) C:\Windows\system32\OpenCL.dll 2015-07-29 05:07 - 2015-07-29 05:07 - 00059392 _____ (Khronos Group) C:\Windows\SysWOW64\OpenCL.dll 2015-07-29 05:06 - 2015-07-29 05:06 - 27535872 _____ (Advanced Micro Devices Inc.) C:\Windows\system32\amdocl12cl64.dll 2015-07-29 05:05 - 2015-07-29 05:05 - 22318592 _____ (Advanced Micro Devices Inc.) C:\Windows\SysWOW64\amdocl12cl.dll 2015-07-29 04:41 - 2015-07-29 04:41 - 06477312 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\amdmantle64.dll 2015-07-29 04:41 - 2015-07-29 04:41 - 00127488 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\mantle64.dll 2015-07-29 04:41 - 2015-07-29 04:41 - 00113664 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\mantle32.dll 2015-07-29 04:36 - 2015-07-29 04:36 - 05068288 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\amdmantle32.dll 2015-07-29 04:34 - 2015-07-29 04:34 - 30752256 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\atio6axx.dll 2015-07-29 04:34 - 2015-07-29 04:34 - 00134656 _____ C:\Windows\system32\amdhdl64.dll 2015-07-29 04:34 - 2015-07-29 04:34 - 00123392 _____ C:\Windows\SysWOW64\amdhdl32.dll 2015-07-29 04:34 - 2015-07-29 04:34 - 00050688 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\amdmmcl6.dll 2015-07-29 04:34 - 2015-07-29 04:34 - 00039424 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\amdmmcl.dll 2015-07-29 04:33 - 2015-07-29 04:33 - 00093696 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\mantleaxl64.dll 2015-07-29 04:33 - 2015-07-29 04:33 - 00086528 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\mantleaxl32.dll 2015-07-29 04:32 - 2015-07-29 04:32 - 03437632 _____ C:\Windows\system32\atiumd6a.cap 2015-07-29 04:30 - 2015-07-29 04:30 - 15716864 _____ (Advanced Micro Devices Inc.) C:\Windows\system32\aticaldd64.dll 2015-07-29 04:30 - 2015-07-29 04:30 - 00660928 _____ C:\Windows\SysWOW64\atiapfxx.blb 2015-07-29 04:30 - 2015-07-29 04:30 - 00660928 _____ C:\Windows\system32\atiapfxx.blb 2015-07-29 04:30 - 2015-07-29 04:30 - 00367104 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\atiapfxx.exe 2015-07-29 04:30 - 2015-07-29 04:30 - 00062464 _____ (Advanced Micro Devices Inc.) C:\Windows\system32\aticalrt64.dll 2015-07-29 04:30 - 2015-07-29 04:30 - 00055808 _____ (Advanced Micro Devices Inc.) C:\Windows\system32\aticalcl64.dll 2015-07-29 04:30 - 2015-07-29 04:30 - 00052224 _____ (Advanced Micro Devices Inc.) C:\Windows\SysWOW64\aticalrt.dll 2015-07-29 04:30 - 2015-07-29 04:30 - 00049152 _____ (Advanced Micro Devices Inc.) C:\Windows\SysWOW64\aticalcl.dll 2015-07-29 04:29 - 2015-07-29 04:29 - 14302208 _____ (Advanced Micro Devices Inc.) C:\Windows\SysWOW64\aticaldd.dll 2015-07-29 04:28 - 2015-07-29 04:28 - 25299968 _____ (Advanced Micro Devices, Inc.) C:\Windows\SysWOW64\atioglxx.dll 2015-07-29 04:28 - 2015-07-29 04:28 - 03471376 _____ C:\Windows\SysWOW64\atiumdva.cap 2015-07-29 04:26 - 2015-07-29 04:26 - 00672768 _____ (AMD) C:\Windows\system32\atieclxx.exe 2015-07-29 04:26 - 2015-07-29 04:26 - 00204800 _____ C:\Windows\system32\amdgfxinfo64.dll 2015-07-29 04:26 - 2015-07-29 04:26 - 00189952 _____ C:\Windows\SysWOW64\amdgfxinfo32.dll 2015-07-29 04:26 - 2015-07-29 04:26 - 00160256 _____ C:\Windows\system32\atieah64.exe 2015-07-29 04:26 - 2015-07-29 04:26 - 00143872 _____ C:\Windows\SysWOW64\atieah32.exe 2015-07-29 04:26 - 2015-07-29 04:26 - 00029696 _____ (AMD) C:\Windows\system32\atimuixx.dll 2015-07-29 04:25 - 2015-07-29 04:25 - 00246784 _____ (AMD) C:\Windows\system32\atiesrxx.exe 2015-07-29 04:25 - 2015-07-29 04:25 - 00190976 _____ (AMD) C:\Windows\system32\atitmm64.dll 2015-07-29 04:24 - 2015-07-29 04:24 - 00089088 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atisamu64.dll 2015-07-29 04:24 - 2015-07-29 04:24 - 00080896 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atisamu32.dll 2015-07-29 04:23 - 2015-07-29 04:23 - 00043520 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\Drivers\ati2erec.dll 2015-07-29 04:22 - 2015-07-29 04:22 - 00926720 _____ (Advanced Micro Devices, Inc.) C:\Windows\SysWOW64\atiadlxy.dll 2015-07-29 04:22 - 2015-07-29 04:22 - 00926720 _____ (Advanced Micro Devices, Inc.) C:\Windows\SysWOW64\atiadlxx.dll 2015-07-29 04:22 - 2015-07-29 04:22 - 00665088 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\Drivers\atikmpag.sys 2015-07-29 04:22 - 2015-07-29 04:22 - 00156672 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atig6txx.dll 2015-07-29 04:22 - 2015-07-29 04:22 - 00141824 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atigktxx.dll 2015-07-29 04:22 - 2015-07-29 04:22 - 00075264 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atig6pxx.dll 2015-07-29 04:22 - 2015-07-29 04:22 - 00069632 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atiglpxx.dll 2015-07-29 04:22 - 2015-07-29 04:22 - 00069632 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atiglpxx.dll 2015-07-29 04:19 - 2015-07-29 04:19 - 00102912 _____ C:\Windows\system32\hsa-thunk64.dll 2015-07-29 04:19 - 2015-07-29 04:19 - 00102400 _____ C:\Windows\SysWOW64\hsa-thunk.dll 2015-07-27 22:18 - 2015-07-27 22:18 - 00000000 ____D C:\Users\Christian\AppData\Roaming\AMD 2015-07-27 21:56 - 2015-08-13 10:24 - 00000000 ____D C:\Users\Christian\AppData\Roaming\FAHClient 2015-07-27 21:56 - 2015-07-27 21:56 - 00000000 ____D C:\Users\Christian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FAHClient 2015-07-27 21:56 - 2015-07-27 21:56 - 00000000 ____D C:\Program Files (x86)\FAHClient 2015-07-27 09:21 - 2015-07-27 09:21 - 00089104 _____ (Razer Inc) C:\Windows\system32\RazerCoinstaller.dll 2015-07-26 23:04 - 2015-07-26 23:06 - 00000000 ____D C:\Users\Christian\Desktop\FH Bewerbungen WiSe_2015 2015-07-25 13:56 - 2015-08-13 10:43 - 00000000 ____D C:\Users\Christian\AppData\Roaming\Everything 2015-07-25 13:56 - 2015-07-25 13:56 - 00000000 ____D C:\Users\Christian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Everything 2015-07-25 13:56 - 2015-07-25 13:56 - 00000000 ____D C:\Program Files\Everything 2015-07-23 07:41 - 2014-06-10 00:13 - 00035480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TsWpfWrp.exe 2015-07-23 07:41 - 2014-06-10 00:13 - 00035480 _____ (Microsoft Corporation) C:\Windows\system32\TsWpfWrp.exe 2015-07-21 21:26 - 2015-07-23 18:33 - 00000000 ____D C:\Program Files (x86)\Mozilla Thunderbird 2015-07-21 18:45 - 2015-07-21 18:45 - 00000000 ____D C:\Users\Christian\AppData\Roaming\Publish Providers 2015-07-21 18:42 - 2015-08-09 22:31 - 00000000 ____D C:\Users\Christian\Documents\Movie Studio Platinum 12.0 Projekte 2015-07-21 18:41 - 2015-07-21 18:42 - 00000000 ____D C:\Users\Christian\AppData\Local\Sony 2015-07-21 18:41 - 2015-07-21 18:41 - 00000000 ____D C:\ProgramData\Sony 2015-07-21 18:41 - 2015-07-21 18:41 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sony 2015-07-21 18:41 - 2015-07-21 18:41 - 00000000 ____D C:\Program Files\Sony 2015-07-21 18:41 - 2015-07-21 18:41 - 00000000 ____D C:\Program Files (x86)\Sony 2015-07-21 18:35 - 2015-07-21 18:35 - 00000000 ____D C:\Windows\SysWOW64\XPSViewer 2015-07-21 18:35 - 2015-07-21 18:35 - 00000000 ____D C:\Program Files\Reference Assemblies 2015-07-21 18:35 - 2015-07-21 18:35 - 00000000 ____D C:\Program Files\MSBuild 2015-07-21 18:35 - 2015-07-21 18:35 - 00000000 ____D C:\Program Files (x86)\Reference Assemblies 2015-07-21 18:35 - 2015-07-21 18:35 - 00000000 ____D C:\Program Files (x86)\MSBuild 2015-07-21 18:34 - 2013-08-03 06:48 - 01166520 _____ (Microsoft Corporation) C:\Windows\system32\PresentationNative_v0300.dll 2015-07-21 18:34 - 2013-08-03 06:41 - 00778936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PresentationNative_v0300.dll 2015-07-21 18:31 - 2015-07-21 18:54 - 00000000 ____D C:\Users\Christian\AppData\Roaming\Sony 2015-07-20 22:53 - 2015-05-12 02:24 - 00536920 _____ (Microsoft Corporation) C:\Windows\system32\mcupdate_GenuineIntel.dll 2015-07-20 22:53 - 2015-05-01 03:13 - 06521800 _____ (Microsoft Corporation) C:\Windows\system32\sppsvc.exe 2015-07-20 22:53 - 2015-05-01 03:13 - 01488000 _____ (Microsoft Corporation) C:\Windows\system32\sppobjs.dll 2015-07-20 22:53 - 2015-05-01 03:13 - 00261376 _____ (Microsoft Corporation) C:\Windows\system32\sppwinob.dll 2015-07-15 19:51 - 2015-06-28 07:07 - 00442712 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll 2015-07-15 19:51 - 2015-06-28 07:07 - 00178008 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys 2015-07-15 19:51 - 2015-06-28 07:06 - 01311960 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll 2015-07-15 19:51 - 2015-06-28 07:06 - 00332120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll 2015-07-15 19:51 - 2015-06-27 18:42 - 00747520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll 2015-07-15 19:51 - 2015-06-27 05:13 - 00202240 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys 2015-07-15 19:51 - 2015-06-27 05:12 - 00401408 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys 2015-07-15 19:51 - 2015-06-27 05:12 - 00284672 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys 2015-07-15 19:51 - 2015-06-27 04:40 - 00445440 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll 2015-07-15 19:51 - 2015-06-27 04:05 - 01441792 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll 2015-07-15 19:51 - 2015-06-27 04:00 - 00989184 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll 2015-07-15 19:51 - 2015-06-27 03:53 - 00324096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll 2015-07-15 19:51 - 2015-06-27 03:26 - 00802816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll 2015-07-15 19:50 - 2015-07-09 20:40 - 00359936 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll 2015-07-15 19:50 - 2015-06-27 05:08 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll 2015-07-15 19:50 - 2015-06-27 05:08 - 00052224 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll 2015-07-15 19:50 - 2015-06-27 04:14 - 00027136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll 2015-07-15 19:50 - 2015-05-30 23:18 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\werdiagcontroller.dll 2015-07-15 19:50 - 2015-05-30 21:36 - 00230400 _____ (Microsoft Corporation) C:\Windows\system32\AudioEndpointBuilder.dll 2015-07-15 19:50 - 2015-05-30 21:35 - 00911360 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll 2015-07-15 19:49 - 2015-06-16 00:41 - 00065024 _____ (Microsoft Corporation) C:\Windows\system32\msiexec.exe 2015-07-15 19:49 - 2015-06-16 00:24 - 03320320 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll 2015-07-15 19:49 - 2015-06-15 23:16 - 00059904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msiexec.exe 2015-07-15 19:49 - 2015-06-15 23:09 - 03607552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll 2015-07-15 19:49 - 2015-06-15 22:50 - 02774528 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll 2015-07-15 19:49 - 2015-06-15 21:57 - 02460160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll 2015-07-15 19:49 - 2015-03-09 04:02 - 00067584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\storvsp.sys 2015-07-15 19:48 - 2015-06-16 07:36 - 01661576 _____ (Microsoft Corporation) C:\Windows\system32\ole32.dll 2015-07-15 19:48 - 2015-06-16 07:36 - 01212248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ole32.dll 2015-07-15 19:48 - 2015-06-16 00:38 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll 2015-07-15 19:48 - 2015-06-16 00:02 - 00087552 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx 2015-07-15 19:48 - 2015-06-15 23:58 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll 2015-07-15 19:48 - 2015-06-15 23:57 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2015-07-15 19:48 - 2015-06-15 23:55 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll 2015-07-15 19:48 - 2015-06-15 23:13 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll 2015-07-15 19:48 - 2015-06-15 22:47 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx 2015-07-15 19:48 - 2015-06-15 22:44 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll 2015-07-15 19:48 - 2015-06-15 22:43 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll 2015-07-15 19:48 - 2015-06-15 22:42 - 00128000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll 2015-07-15 19:48 - 2015-06-15 22:41 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll 2015-07-15 19:48 - 2015-06-15 22:32 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll 2015-07-15 19:48 - 2015-06-15 22:30 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl 2015-07-15 19:48 - 2015-06-15 22:30 - 00327168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll 2015-07-15 19:48 - 2015-06-11 05:49 - 01380600 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll 2015-07-15 19:48 - 2015-06-10 18:13 - 01097216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll 2015-07-15 12:20 - 2015-07-15 12:20 - 00103424 _____ (Advanced Micro Devices) C:\Windows\system32\DelayAPO.dll 2015-07-15 12:20 - 2015-07-15 12:20 - 00102912 _____ (Advanced Micro Devices) C:\Windows\system32\Drivers\AtihdWB6.sys 2015-07-14 20:35 - 2015-06-27 01:21 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll 2015-07-14 20:35 - 2015-05-12 15:19 - 00294912 _____ (Microsoft Corporation) C:\Windows\system32\SystemEventsBrokerServer.dll 2015-07-14 20:35 - 2015-05-11 18:34 - 00332800 _____ (Microsoft Corporation) C:\Windows\system32\fhcpl.dll 2015-07-14 20:35 - 2015-05-07 19:50 - 22292672 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll 2015-07-14 20:35 - 2015-05-07 19:00 - 03109376 _____ (Microsoft Corporation) C:\Windows\system32\ExplorerFrame.dll 2015-07-14 20:35 - 2015-05-07 18:53 - 19734960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll 2015-07-14 20:35 - 2015-05-07 18:47 - 00564224 _____ (Microsoft Corporation) C:\Windows\system32\apphelp.dll 2015-07-14 20:35 - 2015-05-07 18:12 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ExplorerFrame.dll 2015-07-14 20:35 - 2015-05-07 17:21 - 00522240 _____ (Microsoft Corporation) C:\Windows\system32\GeofenceMonitorService.dll 2015-07-14 20:35 - 2015-05-07 17:05 - 00367104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\GeofenceMonitorService.dll 2015-07-14 20:35 - 2015-05-03 17:09 - 00274944 _____ (Microsoft Corporation) C:\Windows\system32\Windows.ApplicationModel.Store.TestingFramework.dll 2015-07-14 20:35 - 2015-05-03 17:07 - 07784448 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Data.Pdf.dll 2015-07-14 20:35 - 2015-05-03 16:58 - 00210944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll 2015-07-14 20:35 - 2015-05-03 16:57 - 05264384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Data.Pdf.dll 2015-07-14 20:35 - 2015-05-03 16:55 - 00971776 _____ (Microsoft Corporation) C:\Windows\system32\WSShared.dll 2015-07-14 20:35 - 2015-05-03 16:49 - 00811008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSShared.dll 2015-07-14 20:35 - 2015-05-03 02:39 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll 2015-07-14 20:35 - 2015-04-30 01:22 - 00130048 _____ (Microsoft Corporation) C:\Windows\system32\WiFiDisplay.dll 2015-07-14 20:35 - 2015-04-28 15:13 - 00513480 _____ C:\Windows\SysWOW64\locale.nls 2015-07-14 20:35 - 2015-04-28 15:13 - 00513480 _____ C:\Windows\system32\locale.nls 2015-07-14 20:35 - 2015-04-25 04:25 - 00020992 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usb8023.sys 2015-07-14 20:35 - 2015-04-23 17:47 - 03084288 _____ (Microsoft Corporation) C:\Windows\system32\msftedit.dll 2015-07-14 20:35 - 2015-04-23 17:16 - 02471424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msftedit.dll ==================== Ein Monat: Geänderte Dateien und Ordner ======== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.) 2015-08-13 20:23 - 2015-05-16 01:44 - 00000000 ____D C:\Users\Christian\AppData\Roaming\mIRC 2015-08-13 20:04 - 2015-05-18 19:04 - 00000945 _____ C:\Windows\Tasks\EPSON XP-412 413 415 Series Update {138DC8C1-9376-4B23-B6AD-BB2F375DE385}.job 2015-08-13 20:04 - 2015-05-18 19:04 - 00000759 _____ C:\Windows\Tasks\EPSON XP-412 413 415 Series Invitation {138DC8C1-9376-4B23-B6AD-BB2F375DE385}.job 2015-08-13 20:04 - 2015-04-11 16:43 - 00000000 ____D C:\Users\Christian\AppData\Roaming\Nitro PDF 2015-08-13 20:02 - 2015-04-03 15:40 - 00001144 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2015-08-13 20:00 - 2013-08-22 17:36 - 00000000 ____D C:\Windows\system32\sru 2015-08-13 19:35 - 2015-06-12 22:25 - 00001266 _____ C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-3557826585-2545589941-765533996-1001UA.job 2015-08-13 17:34 - 2015-04-13 22:26 - 00113880 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2015-08-13 14:47 - 2015-04-03 17:52 - 00003962 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{27C6D7FB-4289-49E3-A0CE-D5E22103A395} 2015-08-13 13:35 - 2015-06-12 22:25 - 00001214 _____ C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-3557826585-2545589941-765533996-1001Core.job 2015-08-13 11:28 - 2015-04-03 15:41 - 00003598 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3557826585-2545589941-765533996-1001 2015-08-13 10:43 - 2015-04-03 16:19 - 00000000 ____D C:\Users\Christian\AppData\Roaming\ClassicShell 2015-08-13 10:42 - 2015-04-03 16:26 - 00000000 ____D C:\Users\Christian\AppData\Roaming\AgileBits 2015-08-13 10:24 - 2015-04-03 16:24 - 00000000 ____D C:\Users\Christian\AppData\Roaming\Dropbox 2015-08-13 10:24 - 2015-04-03 15:40 - 00001140 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2015-08-13 10:05 - 2014-09-24 08:16 - 01776918 _____ C:\Windows\system32\PerfStringBackup.INI 2015-08-13 10:05 - 2014-09-24 07:43 - 00764340 _____ C:\Windows\system32\perfh007.dat 2015-08-13 10:05 - 2014-09-24 07:43 - 00159160 _____ C:\Windows\system32\perfc007.dat 2015-08-13 10:01 - 2013-08-22 16:45 - 00000006 ____H C:\Windows\Tasks\SA.DAT 2015-08-13 09:38 - 2015-06-14 17:44 - 00000000 ____D C:\Users\Christian\AppData\Roaming\Skype 2015-08-13 09:36 - 2013-08-22 15:25 - 00262144 ___SH C:\Windows\system32\config\BBI 2015-08-13 08:22 - 2015-05-28 20:28 - 00000000 ____D C:\Users\Christian\AppData\Local\Adobe 2015-08-13 00:02 - 2015-04-13 23:44 - 00000600 _____ C:\Users\Christian\AppData\Roaming\winscp.rnd 2015-08-12 20:06 - 2013-08-22 17:36 - 00000000 ____D C:\Windows\AppReadiness 2015-08-12 18:29 - 2015-05-25 11:16 - 00000000 ____D C:\Users\Christian\AppData\Local\Greenshot 2015-08-12 17:06 - 2015-05-05 18:30 - 00000000 ____D C:\ProgramData\boost_interprocess 2015-08-12 14:31 - 2013-08-22 17:36 - 00000000 ____D C:\Windows\rescache 2015-08-11 23:19 - 2015-04-03 15:40 - 00000000 ____D C:\Users\Christian\AppData\Local\Google 2015-08-11 23:19 - 2015-04-03 15:40 - 00000000 ____D C:\Program Files (x86)\Google 2015-08-11 23:03 - 2015-04-03 15:36 - 00000000 ____D C:\Users\Christian 2015-08-11 21:36 - 2013-08-22 17:36 - 00000000 ___RD C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools 2015-08-11 21:36 - 2013-08-22 17:36 - 00000000 ___RD C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories 2015-08-11 21:36 - 2013-08-22 17:36 - 00000000 ___RD C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools 2015-08-11 21:36 - 2013-08-22 17:36 - 00000000 ___RD C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories 2015-08-11 21:36 - 2013-08-22 17:36 - 00000000 ____D C:\Program Files\Windows Defender 2015-08-11 21:36 - 2013-08-22 17:36 - 00000000 ____D C:\Program Files (x86)\Windows Defender 2015-08-11 21:34 - 2015-04-03 15:57 - 00000000 ____D C:\Windows\system32\MRT 2015-08-11 21:34 - 2013-08-22 17:20 - 00000000 ____D C:\Windows\CbsTemp 2015-08-11 21:31 - 2015-04-03 15:57 - 132483416 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe 2015-08-11 21:30 - 2015-04-03 16:39 - 00000000 ____D C:\Windows\system32\appraiser 2015-08-11 21:30 - 2014-09-24 09:41 - 00000000 ___SD C:\Windows\system32\CompatTel 2015-08-11 20:45 - 2015-04-03 15:36 - 00000000 ____D C:\Users\Christian\AppData\Local\VirtualStore 2015-08-10 12:39 - 2015-04-03 15:42 - 00000000 ____D C:\ProgramData\Package Cache 2015-08-10 11:50 - 2015-04-03 23:30 - 00000000 ____D C:\Users\Christian\Desktop\Sortieren 2015-08-10 11:22 - 2015-04-03 15:41 - 00000000 ____D C:\AMD 2015-08-09 22:47 - 2015-04-04 22:27 - 00000000 ____D C:\Users\Christian\AppData\Roaming\vlc 2015-08-08 15:55 - 2014-09-24 09:43 - 00794088 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2015-08-08 15:55 - 2014-09-24 09:43 - 00179688 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2015-08-06 19:37 - 2015-04-03 15:36 - 00000000 ____D C:\Users\Christian\AppData\Local\Packages 2015-08-03 00:20 - 2015-04-03 18:00 - 00000000 ____D C:\ProgramData\Origin 2015-08-02 16:22 - 2015-05-16 17:11 - 00000000 ____D C:\Program Files (x86)\BlueStacks 2015-08-02 16:03 - 2013-03-31 17:20 - 00001371 _____ C:\Users\Christian\Desktop\Systemwiederherstellung.lnk 2015-08-02 11:01 - 2015-05-16 17:11 - 00000000 ____D C:\ProgramData\BlueStacksSetup 2015-08-01 12:22 - 2015-04-03 15:44 - 00000000 ____D C:\Program Files (x86)\Razer 2015-07-30 18:36 - 2015-04-03 16:22 - 00000000 ____D C:\Program Files (x86)\1Password 4 2015-07-29 05:42 - 2015-03-19 06:15 - 00133016 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atiuxpag.dll 2015-07-29 05:42 - 2015-03-19 06:15 - 00120144 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atiu9p64.dll 2015-07-29 05:42 - 2014-07-21 22:04 - 00152056 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atiuxp64.dll 2015-07-29 05:42 - 2014-07-21 22:04 - 00102616 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atiu9pag.dll 2015-07-29 05:41 - 2014-07-21 22:04 - 11948704 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atidxx64.dll 2015-07-29 05:41 - 2014-07-21 22:04 - 01445224 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\aticfx64.dll 2015-07-29 05:41 - 2014-07-21 22:04 - 01193904 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\aticfx32.dll 2015-07-29 05:40 - 2015-03-19 06:14 - 10094152 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atidxx32.dll 2015-07-29 05:40 - 2014-07-21 22:04 - 07929616 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atiumdva.dll 2015-07-29 05:40 - 2014-07-21 22:04 - 07408936 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atiumdag.dll 2015-07-29 05:39 - 2015-03-19 06:14 - 08893160 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atiumd6a.dll 2015-07-29 05:39 - 2015-03-19 06:14 - 08779872 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atiumd64.dll 2015-07-29 04:26 - 2015-03-19 04:04 - 00442368 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\atidemgy.dll 2015-07-29 04:22 - 2015-03-19 03:40 - 01247744 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\atiadlxx.dll 2015-07-29 04:17 - 2015-06-23 03:21 - 00865792 _____ (AMD) C:\Windows\system32\coinst_15.20.dll 2015-07-28 22:07 - 2015-04-03 16:57 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service 2015-07-28 21:05 - 2015-07-10 19:29 - 00000000 ___HD C:\$Windows.~BT 2015-07-28 21:00 - 2015-04-03 16:31 - 00000000 ____D C:\Windows\Panther 2015-07-25 13:39 - 2015-05-16 22:38 - 00000000 ____D C:\Program Files\CCleaner 2015-07-25 13:37 - 2015-04-03 16:44 - 00000000 ___SD C:\Windows\system32\GWX 2015-07-23 07:54 - 2015-05-17 13:55 - 00000000 ____D C:\Program Files\Microsoft Office 15 2015-07-21 18:35 - 2013-08-22 17:36 - 00000000 ____D C:\Windows\SysWOW64\MUI 2015-07-21 18:35 - 2013-08-22 17:36 - 00000000 ____D C:\Windows\system32\MUI 2015-07-19 13:30 - 2015-06-12 22:25 - 00004220 _____ C:\Windows\System32\Tasks\DropboxUpdateTaskUserS-1-5-21-3557826585-2545589941-765533996-1001UA 2015-07-19 13:30 - 2015-06-12 22:25 - 00003840 _____ C:\Windows\System32\Tasks\DropboxUpdateTaskUserS-1-5-21-3557826585-2545589941-765533996-1001Core 2015-07-17 19:38 - 2015-04-03 16:44 - 00000000 ___SD C:\Windows\SysWOW64\GWX 2015-07-16 20:57 - 2015-04-03 15:40 - 00004116 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA 2015-07-16 20:57 - 2015-04-03 15:40 - 00003880 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore 2015-07-15 23:38 - 2013-08-22 17:36 - 00000000 ___RD C:\Windows\ToastData 2015-07-15 23:38 - 2013-08-22 17:36 - 00000000 ____D C:\Windows\WinStore 2015-07-15 23:38 - 2013-08-22 17:36 - 00000000 ____D C:\Windows\PolicyDefinitions ==================== Dateien im Wurzelverzeichnis einiger Verzeichnisse ======= 2015-04-13 23:44 - 2015-08-13 00:02 - 0000600 _____ () C:\Users\Christian\AppData\Roaming\winscp.rnd 2015-04-12 00:45 - 2015-06-16 23:24 - 0000600 _____ () C:\Users\Christian\AppData\Local\PUTTY.RND Einige Dateien in TEMP: ==================== C:\Users\Christian\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpiy6m6l.dll C:\Users\Christian\AppData\Local\Temp\Quarantine.exe C:\Users\Christian\AppData\Local\Temp\sqlite3.dll ==================== Bamital & volsnap ================= (Es ist kein automatischer Fix für Dateien vorhanden, die an der Verifikation gescheitert sind.) C:\Windows\system32\winlogon.exe => Datei ist digital signiert C:\Windows\system32\wininit.exe => Datei ist digital signiert C:\Windows\explorer.exe => Datei ist digital signiert C:\Windows\SysWOW64\explorer.exe => Datei ist digital signiert C:\Windows\system32\svchost.exe => Datei ist digital signiert C:\Windows\SysWOW64\svchost.exe => Datei ist digital signiert C:\Windows\system32\services.exe => Datei ist digital signiert C:\Windows\system32\User32.dll => Datei ist digital signiert C:\Windows\SysWOW64\User32.dll => Datei ist digital signiert C:\Windows\system32\userinit.exe => Datei ist digital signiert C:\Windows\SysWOW64\userinit.exe => Datei ist digital signiert C:\Windows\system32\rpcss.dll => Datei ist digital signiert C:\Windows\system32\dnsapi.dll => Datei ist digital signiert C:\Windows\SysWOW64\dnsapi.dll => Datei ist digital signiert C:\Windows\system32\Drivers\volsnap.sys => Datei ist digital signiert LastRegBack: 2015-08-06 19:19 ==================== Ende von Ergebnis ============================ |
14.08.2015, 16:01 | #9 |
/// the machine /// TB-Ausbilder | Windows 8.1 64bit - Browser spuckt mir eine IP aus Chile ausCleanup: (Die Reihenfolge ist hier entscheidend) Falls Defogger verwendet wurde: Erneut starten und auf Re-enable klicken. Falls Combofix verwendet wurde: Combofix deinstallieren
Alle Logs gepostet? Dann lade Dir bitte DelFix herunter.
Hinweis: DelFix entfernt u.a. alle verwendeten Programme, die Quarantäne unserer Scanner, den Java-Cache und löscht sich abschließend selbst. Starte Deinen Rechner abschließend neu. Sollten jetzt noch Programme aus unserer Bereinigung übrig sein, kannst Du diese bedenkenlos löschen. Wenn Du möchtest, kannst Du hier sagen, ob Du mit mir und meiner Hilfe zufrieden warst...und/oder das Forum mit einer kleinen Spende unterstützen. Absicherung: Beim Betriebsystem Windows die automatischen Updates aktivieren. Auch die sicherheitsrelevante Software sollte immer nur in der aktuellsten Version vorliegen: Browser Java Flash-Player PDF-Reader Sicherheitslücken in deren alten Versionen werden dazu ausgenutzt, um beim einfachen Besuch einer manipulierten Website per "Drive-by" Malware zu installieren. Ich empfehle z.B. die Verwendung von Mozilla Firefox statt des Internet Explorers. Zudem lassen sich mit dem Firefox auch PDF-Dokumente öffnen. Aktiviere eine Firewall. Die in Windows integrierte genügt im Normalfall völlig. Verwende ein Antivirusprogramm mit Echtzeitscanner und stets aktueller Signaturendatenbank. Meine Empfehlung: Emsisoft Zusätzlich kannst Du Deinen PC regelmäßig mit Malwarebytes Anti-Malware und ESET scannen. Optional: NoScript verhindert das Ausführen von aktiven Inhalten (Java, JavaScript, Flash,...) für sämtliche Websites. Man kann aber nach dem Prinzip einer Whitelist festlegen, auf welchen Seiten Scripts erlaubt werden sollen. Malwarebytes Anti Exploit: Schützt die Anwendungen des Computers vor der Ausnutzung bekannter Schwachstellen. Lade Software von einem sauberen Portal wie . Wähle beim Installieren von Software immer die benutzerdefinierte Option und entferne den Haken bei allen optional angebotenen Toolbars oder sonstigen, fürs Programm, irrelevanten Ergänzungen. Um Adware wieder los zu werden, empfiehlt sich zunächst die Deinstallation sowie die anschließende Resteentfernung mit Adwcleaner . Abschließend noch ein paar grundsätzliche Bemerkungen: Ändere regelmäßig Deine wichtigen Online-Passwörter und erstelle regelmäßig Backups Deiner wichtigen Dateien oder des Systems. Der Nutzen von Registry-Cleanern, Optimizern usw. zur Performancesteigerung ist umstritten. Ich empfehle deshalb, die Finger von der Registry zu lassen und lieber die windowseigene Datenträgerbereinigung zu verwenden.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
Themen zu Windows 8.1 64bit - Browser spuckt mir eine IP aus Chile aus |
appdata, autostart, bot, browser, bytes, code, csrss.exe, erkannt, eset, file, gmer, google, harddisk, internet, malwarebytes, not, roaming, scan, security, surfen, system, system32, temp, websites, windows, windows 8.1 64bit |