| |
| |||||||
Log-Analyse und Auswertung: Win 10: Infektion mit Trace.Registry.VirusShield2009!A2 und einigen PUP´sWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
16.09.2015, 07:36
| #16 |
| /// Malwareteam  |  Win 10: Infektion mit Trace.Registry.VirusShield2009!A2 und einigen PUP´s Hi, Schritt # 1: ESET ESET Online Scanner
Schritt # 2: Security Check Downloade Dir bitte  SecurityCheck und:
Schritt # 3: FRST bitte ein frisches FRST-Log Schritt #4: Frage Gibts noch Probleme?  Schritt # 5: Bitte Posten
|
|
17.09.2015, 17:01
| #17 |
 | Win 10: Infektion mit Trace.Registry.VirusShield2009!A2 und einigen PUP´s Moin.
__________________Code:
ATTFilter ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# EOSSerial=b47cf353d8c9b5448c2e18d233f51d00
# end=init
# utc_time=2015-09-17 01:43:14
# local_time=2015-09-17 03:43:14 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# osver=6.2.9200 NT
Update Init
Update Download
Update Finalize
Updated modules version: 25808
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# EOSSerial=b47cf353d8c9b5448c2e18d233f51d00
# end=updated
# utc_time=2015-09-17 01:51:35
# local_time=2015-09-17 03:51:35 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# osver=6.2.9200 NT
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7777
# api_version=3.1.1
# EOSSerial=b47cf353d8c9b5448c2e18d233f51d00
# engine=25808
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2015-09-17 03:02:39
# local_time=2015-09-17 05:02:39 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1031
# osver=6.2.9200 NT
# compatibility_mode_1=''
# compatibility_mode=5893 16776573 100 94 5250 5976171 0 0
# scanned=418568
# found=1
# cleaned=0
# scan_time=4263
sh=F1EFF6451CED129C0E5C0A510955F234A01158A0 ft=1 fh=332b4278a72373e2 vn="Variante von Win32/Toolbar.Babylon.E evtl. unerwünschte Anwendung" ac=I fn="C:\$Recycle.Bin\S-1-5-21-1888364831-2858631773-2981139133-1001\$RYX5PBQ.exe"
Code:
ATTFilter Results of screen317's Security Check version 1.008 x64 (UAC is enabled) Internet Explorer 11 ``````````````Antivirus/Firewall Check:`````````````` Windows Defender WMI entry may not exist for antivirus; attempting automatic update. `````````Anti-malware/Other Utilities Check:````````` Secunia PSI (3.0.0.9016) Java 8 Update 60 Adobe Flash Player 18.0.0.232 Mozilla Firefox (40.0.3) Mozilla Thunderbird (38.2.0) Google Chrome (44.0.2403.157) Google Chrome (45.0.2454.85) ````````Process Check: objlist.exe by Laurent```````` Windows Defender MSMpEng.exe Malwarebytes Anti-Malware mbamservice.exe Malwarebytes Anti-Malware mbam.exe Malwarebytes Anti-Exploit mbae-svc.exe Malwarebytes Anti-Malware mbamscheduler.exe Malwarebytes Anti-Exploit mbae64.exe Malwarebytes Anti-Exploit mbae.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C: % ````````````````````End of Log`````````````````````` Code:
ATTFilter Untersuchungsergebnis von Farbar Recovery Scan Tool (FRST) (x64) Version:15-09-2015 durchgeführt von *** (Administrator) auf ***(17-09-2015 17:45:50) Gestartet von C:\Users\***\Downloads Geladene Profile: *** (Verfügbare Profile: *** & .NET v4.5 & .NET v4.5 Classic) Platform: Windows 10 Pro (X64) Sprache: Deutsch (Deutschland) Internet Explorer Version 11 (Standard-Browser: Chrome) Start-Modus: Normal Anleitung für Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Prozesse (Nicht auf der Ausnahmeliste) ================= (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Prozess geschlossen. Die Datei wird nicht verschoben.) (AMD) C:\Windows\System32\atiesrxx.exe (Sandboxie Holdings, LLC) D:\Program Files\Sandboxie\SbieSvc.exe (Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe (Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe (Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe (DTS) C:\Program Files\Realtek\Audio\HDA\DTSAudioService64.exe (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae-svc.exe (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe (Ralink Technology, Corp.) C:\Program Files (x86)\Ralink\Common\RaRegistry.exe (Ralink Technology, Corp.) C:\Program Files (x86)\Ralink\Common\RaRegistry64.exe (Secunia) C:\Program Files (x86)\Secunia\PSI\psia.exe (Microsoft Corporation) C:\Windows\System32\TCPSVCS.EXE (Malwarebytes Corporation) D:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe (Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe (Malwarebytes Corporation) D:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae64.exe (DEVGURU Co., LTD.) D:\Program Files (x86)\USB Drivers\25_escape\conn\ss_conn_service.exe (Secunia) C:\Program Files (x86)\Secunia\PSI\sua.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe (AMD) C:\Windows\System32\atieclxx.exe (Malwarebytes Corporation) D:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe (Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Hewlett-Packard Co.) C:\Program Files\HP\HP Photosmart Plus B210 series\Bin\ScanToPCActivationApp.exe (Sandboxie Holdings, LLC) D:\Program Files\Sandboxie\SbieCtrl.exe (Hewlett-Packard Development Company, LP) C:\Program Files\HP\HP ENVY 4500 series\Bin\ScanToPCActivationApp.exe (Microsoft Corporation) C:\Users\***\AppData\Local\Snip\Snip.exe (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.exe (Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe (Secunia) C:\Program Files (x86)\Secunia\PSI\psi_tray.exe (Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.28.15\GoogleCrashHandler.exe (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.28.15\GoogleCrashHandler64.exe () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_15.827.16340.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe ==================== Registry (Nicht auf der Ausnahmeliste) =========================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt. Die Datei wird nicht verschoben.) HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [8492800 2015-06-24] (Realtek Semiconductor) HKLM\...\Run: [RtHDVBg_DTS] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1402624 2015-06-24] (Realtek Semiconductor) HKLM\...\Run: [IntelliPoint] => C:\Program Files\Microsoft IntelliPoint\ipoint.exe [2417032 2011-08-01] (Microsoft Corporation) HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [767176 2015-08-03] (Advanced Micro Devices, Inc.) HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation) HKLM-x32\...\Run: [WISO Mein Geld 2015 Professional .NET] => D:\Program Files (x86)\Buhl\WISO Mein Geld 2015\mg.exe [1120568 2015-07-22] (Buhl Data Service) HKLM-x32\...\Run: [Malwarebytes Anti-Exploit] => C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.exe [2620728 2015-07-22] (Malwarebytes Corporation) HKLM-x32\...\Run: [Dropbox] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [39175960 2015-08-14] (Dropbox, Inc.) HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [597552 2015-08-04] (Oracle Corporation) HKLM\...\Policies\Explorer\Run: [BtvStack] => C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe HKU\S-1-5-21-1888364831-2858631773-2981139133-1001\...\Run: [Google Update] => C:\Users\***\AppData\Local\Google\Update\GoogleUpdate.exe [144200 2015-08-30] (Google Inc.) HKU\S-1-5-21-1888364831-2858631773-2981139133-1001\...\Run: [WEB.DE Application {sync-000021}] => C:\Users\***\AppData\Local\WEB.DE Application {sync-000021}\webde_onlinespeicher.exe [781312 2015-02-18] (1&1 Mail & Media GmbH) HKU\S-1-5-21-1888364831-2858631773-2981139133-1001\...\Run: [HP Photosmart Plus B210 series (NET)] => C:\Program Files\HP\HP Photosmart Plus B210 series\Bin\ScanToPCActivationApp.exe [2573416 2012-10-17] (Hewlett-Packard Co.) HKU\S-1-5-21-1888364831-2858631773-2981139133-1001\...\Run: [SandboxieControl] => d:\Program Files\Sandboxie\SbieCtrl.exe [787592 2015-09-03] (Sandboxie Holdings, LLC) HKU\S-1-5-21-1888364831-2858631773-2981139133-1001\...\Run: [HP ENVY 4500 series (NET)] => C:\Program Files\HP\HP ENVY 4500 series\Bin\ScanToPCActivationApp.exe [3487240 2014-07-21] (Hewlett-Packard Development Company, LP) HKU\S-1-5-21-1888364831-2858631773-2981139133-1001\...\Run: [Speech Recognition] => C:\WINDOWS\Speech\Common\sapisvr.exe [45056 2015-07-10] (Microsoft Corporation) HKU\S-1-5-21-1888364831-2858631773-2981139133-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [53729824 2015-08-07] (Skype Technologies S.A.) HKU\S-1-5-21-1888364831-2858631773-2981139133-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8455960 2015-08-20] (Piriform Ltd) HKU\S-1-5-21-1888364831-2858631773-2981139133-1001\...\Run: [Snip] => C:\Users\***\AppData\Local\Snip\Snip.exe [1675408 2015-09-10] (Microsoft Corporation) ShellIconOverlayIdentifiers: [ 1&1 Sync Overlay 1] -> {02B2B772-B8A8-4DA4-9B18-42551A54A1A8} => C:\Program Files\Common Files\1&1 Sync\1&1SyncShellExtension64_1_0_0_1_20150212142954828.dll [2014-11-27] (1&1 Mail & Media GmbH) ShellIconOverlayIdentifiers: [ 1&1 Sync Overlay 2] -> {0575AB16-E932-4160-8936-4DBE195BDBD7} => C:\Program Files\Common Files\1&1 Sync\1&1SyncShellExtension64_1_0_0_1_20150212142954828.dll [2014-11-27] (1&1 Mail & Media GmbH) ShellIconOverlayIdentifiers: [ 1&1 Sync Overlay 3] -> {0E9EF89A-96D3-4DE6-B2F8-E9548AA5321E} => C:\Program Files\Common Files\1&1 Sync\1&1SyncShellExtension64_1_0_0_1_20150212142954828.dll [2014-11-27] (1&1 Mail & Media GmbH) ShellIconOverlayIdentifiers: [ 1&1 Sync Overlay 4] -> {1A4AFFE1-B2F9-483D-B627-D9A339DBFD34} => C:\Program Files\Common Files\1&1 Sync\1&1SyncShellExtension64_1_0_0_1_20150212142954828.dll [2014-11-27] (1&1 Mail & Media GmbH) ShellIconOverlayIdentifiers: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.dll [2015-08-14] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.dll [2015-08-14] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.dll [2015-08-14] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.dll [2015-08-14] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.dll [2015-08-14] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.dll [2015-08-14] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.dll [2015-08-14] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.dll [2015-08-14] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer64.dll [2014-04-20] (IvoSoft) ShellIconOverlayIdentifiers-x32: [ 1&1 Sync Overlay 1] -> {02B2B772-B8A8-4DA4-9B18-42551A54A1A8} => C:\Program Files (x86)\Common Files\1&1 Sync\1&1SyncShellExtension_1_0_0_1_20150212142954828.dll [2014-11-27] (1&1 Mail & Media GmbH) ShellIconOverlayIdentifiers-x32: [ 1&1 Sync Overlay 2] -> {0575AB16-E932-4160-8936-4DBE195BDBD7} => C:\Program Files (x86)\Common Files\1&1 Sync\1&1SyncShellExtension_1_0_0_1_20150212142954828.dll [2014-11-27] (1&1 Mail & Media GmbH) ShellIconOverlayIdentifiers-x32: [ 1&1 Sync Overlay 3] -> {0E9EF89A-96D3-4DE6-B2F8-E9548AA5321E} => C:\Program Files (x86)\Common Files\1&1 Sync\1&1SyncShellExtension_1_0_0_1_20150212142954828.dll [2014-11-27] (1&1 Mail & Media GmbH) ShellIconOverlayIdentifiers-x32: [ 1&1 Sync Overlay 4] -> {1A4AFFE1-B2F9-483D-B627-D9A339DBFD34} => C:\Program Files (x86)\Common Files\1&1 Sync\1&1SyncShellExtension_1_0_0_1_20150212142954828.dll [2014-11-27] (1&1 Mail & Media GmbH) ShellIconOverlayIdentifiers-x32: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.27.dll [2015-08-14] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.27.dll [2015-08-14] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.27.dll [2015-08-14] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.27.dll [2015-08-14] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.27.dll [2015-08-14] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.27.dll [2015-08-14] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.27.dll [2015-08-14] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.27.dll [2015-08-14] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer32.dll [2014-04-20] (IvoSoft) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Install LastPass FF RunOnce.lnk [2014-10-06] ShortcutTarget: Install LastPass FF RunOnce.lnk -> C:\Program Files (x86)\Common Files\lpuninstall.exe (LastPass) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Install LastPass IE RunOnce.lnk [2014-01-20] ShortcutTarget: Install LastPass IE RunOnce.lnk -> C:\Program Files (x86)\Common Files\lpuninstall.exe (LastPass) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Ralink Wireless Utility.lnk [2015-02-19] Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Secunia PSI Tray.lnk [2014-10-02] ShortcutTarget: Secunia PSI Tray.lnk -> C:\Program Files (x86)\Secunia\PSI\psi_tray.exe (Secunia) Startup: C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk [2015-09-06] ShortcutTarget: OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk -> C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation) ==================== Internet (Nicht auf der Ausnahmeliste) ==================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Eintrag entfernt oder auf den Standardwert zurückgesetzt, wenn es sich um einen Registryeintrag handelt.) Tcpip\Parameters: [DhcpNameServer] 192.168.2.1 Tcpip\..\Interfaces\{1f429b3c-0def-4794-9fcd-1bd8383e754d}: [DhcpNameServer] 192.168.2.1 Tcpip\..\Interfaces\{f4f984b3-14b6-4096-bca6-c6781cd9c88e}: [DhcpNameServer] 192.168.2.1 Internet Explorer: ================== HKU\S-1-5-21-1888364831-2858631773-2981139133-1001\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com/ie HKU\S-1-5-21-1888364831-2858631773-2981139133-1001\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com/ie HKU\S-1-5-21-1888364831-2858631773-2981139133-1001\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.giga.de/androidnews/ SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-21-1888364831-2858631773-2981139133-1001 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.google.com/search?q={sear BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation) BHO: LastPass Vault -> {95D9ECF5-2A4D-4550-BE49-70D42F71296E} -> d:\Program Files (x86)\LastPass\LPToolbar_x64.dll [2014-10-06] (LastPass) BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2015-05-01] (Microsoft Corporation) BHO: Kein Name -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> Keine Datei BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation) BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_60\bin\ssv.dll [2015-09-10] (Oracle Corporation) BHO-x32: LastPass Vault -> {95D9ECF5-2A4D-4550-BE49-70D42F71296E} -> d:\Program Files (x86)\LastPass\LPToolbar.dll [2014-10-06] (LastPass) BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2015-05-01] (Microsoft Corporation) BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation) BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_60\bin\jp2ssv.dll [2015-09-10] (Oracle Corporation) Toolbar: HKLM - LastPass Toolbar - {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - d:\Program Files (x86)\LastPass\LPToolbar_x64.dll [2014-10-06] (LastPass) Toolbar: HKLM-x32 - LastPass Toolbar - {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - d:\Program Files (x86)\LastPass\LPToolbar.dll [2014-10-06] (LastPass) Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2015-05-01] (Microsoft Corporation) Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2015-05-01] (Microsoft Corporation) FireFox: ======== FF ProfilePath: C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\xj48727q.default-1427810809798 FF Homepage: hxxp://www.diesiedleronline.de/de/spielen FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_18_0_0_232.dll [2015-09-10] () FF Plugin: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> d:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll [2015-06-08] (Tracker Software Products (Canada) Ltd.) FF Plugin: @lastpass.com/NPLastPass -> d:\Program Files (x86)\LastPass\nplastpass64.dll [2014-10-06] (LastPass) FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation) FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation) FF Plugin: @tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> D:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll [2015-06-08] (Tracker Software Products (Canada) Ltd.) FF Plugin: @videolan.org/vlc,version=2.1.2 -> d:\Program Files\VideoLAN\VLC\npvlc.dll [2014-07-30] (VideoLAN) FF Plugin: @videolan.org/vlc,version=2.1.4 -> d:\Program Files\VideoLAN\VLC\npvlc.dll [2014-07-30] (VideoLAN) FF Plugin: @videolan.org/vlc,version=2.1.5 -> d:\Program Files\VideoLAN\VLC\npvlc.dll [2014-07-30] (VideoLAN) FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_18_0_0_232.dll [2015-09-10] () FF Plugin-x32: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> d:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll [2015-06-08] (Tracker Software Products (Canada) Ltd.) FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll [2015-07-11] (Google, Inc.) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-08-08] (Intel Corporation) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-08-08] (Intel Corporation) FF Plugin-x32: @java.com/DTPlugin,version=11.60.2 -> C:\Program Files (x86)\Java\jre1.8.0_60\bin\dtplugin\npDeployJava1.dll [2015-09-10] (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=11.60.2 -> C:\Program Files (x86)\Java\jre1.8.0_60\bin\plugin2\npjp2.dll [2015-09-10] (Oracle Corporation) FF Plugin-x32: @lastpass.com/NPLastPass -> d:\Program Files (x86)\LastPass\nplastpass.dll [2014-10-06] (LastPass) FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-17] (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-17] (Google Inc.) FF Plugin-x32: @tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> D:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll [2015-06-08] (Tracker Software Products (Canada) Ltd.) FF Plugin HKU\S-1-5-21-1888364831-2858631773-2981139133-1001: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> d:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll [2015-06-08] (Tracker Software Products (Canada) Ltd.) FF Plugin HKU\S-1-5-21-1888364831-2858631773-2981139133-1001: @tools.google.com/Google Update;version=3 -> C:\Users\***\AppData\Local\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-16] (Google Inc.) FF Plugin HKU\S-1-5-21-1888364831-2858631773-2981139133-1001: @tools.google.com/Google Update;version=9 -> C:\Users\***\AppData\Local\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-16] (Google Inc.) FF Plugin HKU\S-1-5-21-1888364831-2858631773-2981139133-1001: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\***\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2015-06-08] (Unity Technologies ApS) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npPDFXCviewNPPlugin.dll [2014-02-17] (Tracker Software Products (Canada) Ltd.) FF Extension: LastPass - C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\xj48727q.default-1427810809798\Extensions\support@lastpass.com [2015-07-19] FF Extension: Video AdBlock for Firefox - C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\xj48727q.default-1427810809798\Extensions\{a00bef25-f21a-4539-adbb-b179b29e2b92} [2015-09-14] FF Extension: WOT - C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\xj48727q.default-1427810809798\Extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} [2015-07-09] FF Extension: ProxMate - C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\xj48727q.default-1427810809798\Extensions\jid1-QpHD8URtZWJC2A@jetpack.xpi [2015-04-18] FF Extension: NoScript - C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\xj48727q.default-1427810809798\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2015-03-31] FF Extension: Adblock Plus - C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\xj48727q.default-1427810809798\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2015-03-31] FF Extension: BetterPrivacy - C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\xj48727q.default-1427810809798\Extensions\{d40f5e7b-d2cf-4856-b441-cc613eeffbe3}.xpi [2015-03-31] FF Extension: Kein Name - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2015-08-28] Chrome: ======= CHR HomePage: Default -> hxxp://www.google.com/ CHR StartupUrls: Default -> "hxxp://www.spiegel.de/","hxxp://forum.ubuntuusers.de/topic/kann-keine-programme-per-software-center-downl/","hxxp://www.happypainting.de/","hxxp://www.pentaxians.de/","hxxp://www.web.de/","hxxp://www.t-online.de/","http://www.trojaner-board.de/166488-...chtungen.html" CHR Profile: C:\Users\***\AppData\Local\Google\Chrome\User Data\Default CHR Extension: (NoScript Suite Lite) - C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\ahnanjpbkghcdgmlchbcfoiefnifjeni [2015-05-28] CHR Extension: (Google Drive) - C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-05-02] CHR Extension: (TV) - C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\beobeededemalmllhkmnkinmfembdimh [2015-05-02] CHR Extension: (ColorZilla) - C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhlhnicpbhignbdhedgjhgdocnmhomnp [2015-09-05] CHR Extension: (WOT: Web of Trust, Website Reputation Ratings) - C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhmmomiinigofkjcapegjjndpbikblnp [2015-05-02] CHR Extension: (YouTube) - C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-14] CHR Extension: (Meine IP-Adresse) - C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\ccfphbgnmmhjfalloifioeeeokjemobf [2015-05-02] CHR Extension: (Adblock Plus) - C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2015-05-02] CHR Extension: (TrafficLight) - C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfnpidifppmenkapgihekkeednfoenal [2015-05-02] CHR Extension: (Adblock für Youtube™) - C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\cmedhionkhpnakcndndgjdbohmhepckk [2015-09-14] CHR Extension: (Google-Suche) - C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-05-02] CHR Extension: (Facebook Customizer (by Adblock Plus)) - C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\deoeenbkoccjaefmmhpmlegngdjohdcm [2015-05-02] CHR Extension: (Best Utility Apps) - C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\dnfkmehkjocihlfmcjkmdiekloihfaog [2015-05-02] CHR Extension: (VTchromizer) - C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\efbjojhplkelaegfbieplglfidafgoka [2015-09-14] CHR Extension: (Facebook Disconnect) - C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejpepffjfmamnambagiibghpglaidiec [2015-05-02] CHR Extension: (Google Text & Tabellen Offline) - C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-09-03] CHR Extension: (AdBlock) - C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2015-05-02] CHR Extension: („Pin it“-Button) - C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\gpdjojdkbbmdfjfahjcgigfpmkopogic [2015-09-15] CHR Extension: (LastPass: Free Password Manager) - C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdokiejnpimakedhajhdlcegeplioahd [2015-05-02] CHR Extension: (PDF Mergy) - C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\hgecghmkcdefnknohcimkoemhaofpoha [2015-05-02] CHR Extension: (Subscriptions for YouTube™) - C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\ibcngljpkdlakkbhmbfhjabcblbcldbl [2015-05-02] CHR Extension: (ProxMate) - C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\ifalmiidchkjjmkkbkoaibpmoeichmki [2015-06-22] CHR Extension: (Dropbox) - C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\ioekoebejdcmnlefjiknokhhafglcjdl [2015-05-02] CHR Extension: (Interstellar) - C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\kackgkhdbldcojljaeoaghlhfbbldkil [2015-05-02] CHR Extension: (Chrome Hotword Shared Module) - C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-05-02] CHR Extension: (Google Maps) - C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\lneaknkopdijkpnocmklfnjbeapigfbh [2015-05-02] CHR Extension: (Chrono Download Manager) - C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\mciiogijehkdemklbdcbfkefimifhecn [2015-05-02] CHR Extension: (Ghostery) - C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\mlomiejdfkolichcflejclcbmpeaniij [2015-05-02] CHR Extension: (Chrome Web Store-Zahlungen) - C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-05-02] CHR Extension: (Hover Zoom) - C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\nonjdcjchghhkdoolnlbekcfllmednbl [2015-09-14] CHR Extension: (Adblock Pro) - C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\ocifcklkibdehekfnmflempfgjhbedch [2015-05-02] CHR Extension: (QVIVO) - C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\ohdmoikcfdlgffkebhcojlghnccgngbg [2015-05-02] CHR Extension: (Meine IP-Adresse) - C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfhoeoiodcebkkigjiooibeccnfmmkoe [2015-05-02] CHR Extension: (Google Mail) - C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-05-02] CHR HKU\S-1-5-21-1888364831-2858631773-2981139133-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [bknbnapaddjdnbilpmlacdkjdkjmbjhd] - hxxp://clients2.google.com/service/update2/crx CHR HKLM-x32\...\Chrome\Extension: [bknbnapaddjdnbilpmlacdkjdkjmbjhd] - hxxp://clients2.google.com/service/update2/crx CHR HKLM-x32\...\Chrome\Extension: [fknfdieimobmimhdkfkheeejenmdjhoe] - C:\Program Files (x86)\pandasecuritytb\chrome-newtab-search.crx <nicht gefunden> CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2015-05-01] CHR HKLM-x32\...\Chrome\Extension: [ocbnpbkmjpgbdcgiflkgkpnkinifpgpj] - C:\Users\***\ChromeExtensions\ocbnpbkmjpgbdcgiflkgkpnkinifpgpj\amazon-icon-2.crx [2015-02-15] Opera: ======= OPR Extension: (Ghostery) - C:\Users\***\AppData\Roaming\Opera Software\Opera Stable\Extensions\bbkekonodcdmedgffkkbgmnnekbainbg [2015-04-30] OPR Extension: (dr34polw) - C:\Users\***\AppData\Roaming\Opera Software\Opera Stable\Extensions\cfkmglogfkpfekddlalobmhdbkjneejb [2015-08-03] OPR Extension: (dr34polw) - C:\Users\***\AppData\Roaming\Opera Software\Opera Stable\Extensions\cgdogbijachehheddakopmfjahhgmmma [2015-08-03] OPR Extension: (Avira Browser Safety) - C:\Users\***\AppData\Roaming\Opera Software\Opera Stable\Extensions\dalelnnofafalcmkmnhdbigbjjkloabo [2015-08-03] OPR Extension: (weboftrust) - C:\Users\***\AppData\Roaming\Opera Software\Opera Stable\Extensions\eeokceolphhfjdfcibaiiopmekmcbedp [2015-08-03] OPR Extension: (Cookie Jar) - C:\Users\***\AppData\Roaming\Opera Software\Opera Stable\Extensions\gapogllmojifhogcdfmommbeafllndoa [2015-08-03] OPR Extension: (Google Analytics Opt-out (by Google)) - C:\Users\***\AppData\Roaming\Opera Software\Opera Stable\Extensions\hmffjpdmbgflojiohllanjaggdenggdo [2015-08-03] OPR Extension: (dr34polw) - C:\Users\***\AppData\Roaming\Opera Software\Opera Stable\Extensions\ipiopppcaojnchgoepoemlbdccogeije [2015-08-03] OPR Extension: (emmyaldor) - C:\Users\***\AppData\Roaming\Opera Software\Opera Stable\Extensions\knbfimhapmnifdchcafinkbfikmomaak [2015-09-10] OPR Extension: (History Eraser) - C:\Users\***\AppData\Roaming\Opera Software\Opera Stable\Extensions\lfpoajlbkhlfoeeokbppmecpplmieedm [2015-08-03] ==================== Dienste (Nicht auf der Ausnahmeliste) ======================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.) R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1394816 2015-05-01] (Microsoft Corporation) R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1772672 2015-05-01] (Microsoft Corporation) S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [134512 2015-06-13] (Dropbox, Inc.) S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [134512 2015-06-13] (Dropbox, Inc.) R2 DTSAudioService; C:\Program Files\Realtek\Audio\HDA\DTSAudioService64.exe [218768 2015-06-24] (DTS) S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe [69632 2005-11-14] (Macrovision Corporation) [Datei ist nicht signiert] R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [733696 2013-05-11] (Intel(R) Corporation) [Datei ist nicht signiert] S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [822232 2013-05-11] (Intel(R) Corporation) R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-08-08] (Intel Corporation) R2 MbaeSvc; C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae-svc.exe [713016 2015-07-22] (Malwarebytes Corporation) R4 MBAMScheduler; d:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe [1871160 2015-06-18] (Malwarebytes Corporation) R2 MBAMService; d:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [1133880 2015-06-18] (Malwarebytes Corporation) S3 RaMediaServer; C:\Program Files (x86)\Ralink\Common\RaMediaServer.exe [1863680 2012-07-06] (Ralink) [Datei ist nicht signiert] R2 SbieSvc; d:\Program Files\Sandboxie\SbieSvc.exe [177800 2015-09-03] (Sandboxie Holdings, LLC) R2 Secunia PSI Agent; C:\Program Files (x86)\Secunia\PSI\PSIA.exe [1229528 2013-12-06] (Secunia) R2 Secunia Update Agent; C:\Program Files (x86)\Secunia\PSI\sua.exe [662232 2013-12-06] (Secunia) R2 ss_conn_service; D:\Program Files (x86)\USB Drivers\25_escape\conn\ss_conn_service.exe [743688 2014-10-13] (DEVGURU Co., LTD.) S3 w3logsvc; C:\Windows\system32\inetsrv\w3logsvc.dll [84480 2015-09-09] (Microsoft Corporation) R2 W3SVC; C:\Windows\system32\inetsrv\iisw3adm.dll [578560 2015-09-09] (Microsoft Corporation) S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [362928 2015-07-10] (Microsoft Corporation) R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2015-07-10] (Microsoft Corporation) ===================== Treiber (Nicht auf der Ausnahmeliste) ========================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.) S0 amdkmafd; C:\Windows\System32\drivers\amdkmafd.sys [21160 2012-09-23] (Advanced Micro Devices, Inc.) S3 AmUHubftr; C:\Windows\System32\drivers\AmUHubftr.sys [25880 2013-12-20] (Alcor Micro, Corp.) R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdWT6.sys [102912 2015-05-28] (Advanced Micro Devices) S3 Bulk1528; C:\Windows\System32\Drivers\Bulk1528.sys [17792 2009-10-20] (SunPlus) S2 Ca1528av; C:\Windows\System32\Drivers\Ca1528av.sys [533760 2008-12-17] (Digital Camera) R1 ESProtectionDriver; C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae64.sys [63064 2015-07-22] () R3 i8042HDR; C:\Windows\system32\DRIVERS\i8042HDR.sys [15920 2009-08-14] (Windows (R) Codename Longhorn DDK provider) S3 LcUvcUpper; C:\Windows\system32\DRIVERS\LcUvcUpper.sys [34424 2015-08-27] (Microsoft Corporation) R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25816 2015-06-18] (Malwarebytes Corporation) R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [113880 2015-09-17] (Malwarebytes Corporation) R3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [64216 2015-06-18] (Malwarebytes Corporation) R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [99288 2013-08-08] (Intel Corporation) S3 MEMSWEEP2; C:\WINDOWS\system32\15E3.tmp [6144 2009-06-18] (Sophos Plc) [Datei ist nicht signiert] R3 netr28ux; C:\Windows\System32\drivers\netr28ux.sys [2204304 2015-07-10] (MediaTek Inc.) R3 PSI; C:\Windows\System32\DRIVERS\psi_mf_amd64.sys [18456 2013-12-06] (Secunia) R3 rt640x64; C:\Windows\System32\drivers\rt640x64.sys [587264 2015-07-10] (Realtek ) R3 SbieDrv; d:\Program Files\Sandboxie\SbieDrv.sys [191112 2015-09-03] (Sandboxie Holdings, LLC) S3 UdeCx; C:\Windows\System32\drivers\udecx.sys [44032 2015-07-10] () S1 UimBus; C:\Windows\System32\drivers\UimBus.sys [102664 2014-05-19] () S1 Uim_DEVIM; C:\Windows\System32\drivers\uim_devim.sys [25992 2014-05-19] () S1 Uim_IM; C:\Windows\System32\drivers\uim_im.sys [700296 2014-05-19] () S0 WdBoot; C:\Windows\System32\drivers\WdBoot.sys [44568 2015-07-10] (Microsoft Corporation) R0 WdFilter; C:\Windows\System32\drivers\WdFilter.sys [291680 2015-07-10] (Microsoft Corporation) S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [119648 2015-07-10] (Microsoft Corporation) S3 wfpcapture; \SystemRoot\System32\drivers\wfpcapture.sys [X] ==================== NetSvcs (Nicht auf der Ausnahmeliste) =================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.) ==================== Ein Monat: Erstellte Dateien und Ordner ======== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.) 2015-09-17 17:44 - 2015-09-17 17:44 - 00852704 _____ C:\Users\***\Downloads\SecurityCheck.exe 2015-09-17 17:34 - 2015-09-17 17:34 - 00016148 _____ C:\WINDOWS\system32\OPQIWUER_***_HistoryPrediction.bin 2015-09-17 15:43 - 2015-09-17 15:43 - 00000000 ____D C:\Program Files (x86)\ESET 2015-09-17 15:42 - 2015-09-17 15:42 - 02870984 _____ (ESET) C:\Users\***\Downloads\esetsmartinstaller_deu.exe 2015-09-17 15:33 - 2015-09-17 15:33 - 00000000 _____ C:\WINDOWS\setuperr.log 2015-09-17 15:33 - 2015-09-17 15:33 - 00000000 _____ C:\WINDOWS\setupact.log 2015-09-16 18:53 - 2015-09-16 18:53 - 00281832 _____ C:\WINDOWS\Minidump\091615-12156-01.dmp 2015-09-15 20:44 - 2015-09-15 20:44 - 00000000 ____D C:\Users\***\Downloads\FRST-OlderVersion 2015-09-15 20:32 - 2015-09-15 20:35 - 00000000 ____D C:\Users\***\Downloads\Sicherheit 2015-09-15 20:32 - 2015-09-15 20:32 - 00003111 _____ C:\Users\***\Downloads\MBAM_PUPs_Funde.txt 2015-09-15 18:43 - 2015-09-15 18:43 - 00001832 _____ C:\Users\***\Desktop\JRT.txt 2015-09-15 16:17 - 2015-09-15 18:40 - 01799392 _____ (Malwarebytes Corporation) C:\Users\***\Downloads\JRT_7600.exe 2015-09-15 16:06 - 2015-09-15 20:40 - 00000000 ____D C:\AdwCleaner 2015-09-15 16:05 - 2015-09-15 16:05 - 01660416 _____ C:\Users\***\Downloads\AdwCleaner_5.007.exe 2015-09-14 18:55 - 2015-09-14 18:55 - 00000000 ____D C:\Users\***\AppData\Roaming\dlg 2015-09-14 18:54 - 2015-09-14 18:54 - 00001318 _____ C:\Users\Public\Desktop\DVDVideoSoft Free Studio.lnk 2015-09-14 18:54 - 2015-09-14 18:54 - 00001146 _____ C:\Users\Public\Desktop\Free MP4 Video Converter.lnk 2015-09-14 18:54 - 2015-09-14 18:54 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVDVideoSoft 2015-09-14 18:52 - 2015-09-14 18:54 - 00000000 ____D C:\Users\***\AppData\Roaming\DVDVideoSoft 2015-09-14 13:24 - 2015-09-14 13:24 - 01190104 _____ (Adobe Systems Incorporated) C:\Users\***\Downloads\flashplayer18pp_da_install.exe 2015-09-14 13:22 - 2015-09-17 17:23 - 00000884 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job 2015-09-14 13:22 - 2015-09-14 19:09 - 00000946 _____ C:\WINDOWS\Tasks\Adobe Flash Player PPAPI Notifier.job 2015-09-14 13:22 - 2015-09-14 13:26 - 00003870 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater 2015-09-14 13:22 - 2015-09-14 13:22 - 00004008 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player PPAPI Notifier 2015-09-14 12:36 - 2015-09-14 12:36 - 00000000 ____D C:\Users\***\Downloads\tweaking.com_windows_repair_aio 2015-09-14 12:35 - 2015-09-14 12:35 - 00000117 _____ C:\Users\***\Desktop\ndrinfo_nds.m3u 2015-09-13 22:01 - 2015-09-13 22:01 - 06781458 _____ C:\Users\***\Downloads\VID-20150913-WA0001 (1).mp4 2015-09-13 22:01 - 2015-09-13 22:01 - 00000000 ____D C:\Users\***\AppData\Roaming\MPC-HC 2015-09-13 21:59 - 2015-09-13 21:59 - 00003008 _____ C:\WINDOWS\System32\Tasks\klcp_update 2015-09-13 21:59 - 2015-09-13 21:59 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack 2015-09-13 21:59 - 2015-08-24 20:00 - 00112128 _____ C:\WINDOWS\SysWOW64\ff_vfw.dll 2015-09-13 21:59 - 2015-06-22 15:25 - 00254976 _____ C:\WINDOWS\system32\xvidvfw.dll 2015-09-13 21:59 - 2015-06-22 15:25 - 00240128 _____ C:\WINDOWS\SysWOW64\xvidvfw.dll 2015-09-13 21:59 - 2015-06-22 15:24 - 00729088 _____ C:\WINDOWS\system32\xvidcore.dll 2015-09-13 21:59 - 2015-02-28 17:22 - 03571200 _____ (x264vfw project) C:\WINDOWS\system32\x264vfw64.dll 2015-09-13 21:59 - 2015-02-28 17:21 - 03591680 _____ (x264vfw project) C:\WINDOWS\SysWOW64\x264vfw.dll 2015-09-13 21:59 - 2012-07-21 12:55 - 00180736 _____ (fccHandler) C:\WINDOWS\system32\ac3acm.acm 2015-09-13 21:59 - 2012-07-21 12:54 - 00122880 _____ (fccHandler) C:\WINDOWS\SysWOW64\ac3acm.acm 2015-09-13 21:59 - 2011-12-07 19:37 - 00148992 _____ ( ) C:\WINDOWS\system32\lagarith.dll 2015-09-13 21:59 - 2011-12-07 19:32 - 00216064 _____ ( ) C:\WINDOWS\SysWOW64\lagarith.dll 2015-09-13 21:58 - 2015-09-13 21:59 - 00000000 ____D C:\Program Files (x86)\K-Lite Codec Pack 2015-09-13 21:47 - 2015-09-13 21:57 - 41563740 _____ ( ) C:\Users\***\Downloads\K-Lite_Codec_Pack_1140_Mega.exe 2015-09-13 11:37 - 2015-09-13 11:37 - 00000798 _____ C:\Users\***\Documents\Fixlist.txt 2015-09-12 22:28 - 2015-09-12 22:28 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sandboxie 2015-09-12 22:27 - 2015-09-12 22:28 - 05176416 _____ (Sandboxie Holdings, LLC) C:\Users\***\Downloads\SandboxieInstall64-502.exe 2015-09-12 18:43 - 2015-09-12 18:43 - 00005850 _____ C:\Users\***\Downloads\Malware 1x PUP am 30.07.15.txt 2015-09-12 18:42 - 2015-09-12 18:42 - 00004039 _____ C:\Users\***\Downloads\Malware 2x PUP am 1.8.15.txt 2015-09-12 18:27 - 2015-09-12 18:27 - 00281832 _____ C:\WINDOWS\Minidump\091215-10046-01.dmp 2015-09-12 17:17 - 2015-09-12 18:24 - 00380416 _____ C:\Users\***\Downloads\Gmer-19357.exe 2015-09-12 14:41 - 2015-09-14 20:02 - 00056181 _____ C:\Users\***\Downloads\Addition.txt 2015-09-12 14:40 - 2015-09-17 17:45 - 00036396 _____ C:\Users\***\Downloads\FRST.txt 2015-09-12 14:40 - 2015-09-17 17:45 - 00000000 ____D C:\FRST 2015-09-12 14:35 - 2015-09-12 14:35 - 00001380 _____ C:\Users\***\Downloads\a2scan_150912-134822.txt 2015-09-12 14:34 - 2015-09-15 20:44 - 02191360 _____ (Farbar) C:\Users\***\Downloads\FRST64.exe 2015-09-12 14:33 - 2015-09-12 14:33 - 00050477 _____ C:\Users\***\Downloads\Defogger.exe 2015-09-12 14:33 - 2015-09-12 14:33 - 00000468 _____ C:\Users\***\Downloads\defogger_disable.log 2015-09-12 14:33 - 2015-09-12 14:33 - 00000000 _____ C:\Users\***\defogger_reenable 2015-09-12 13:35 - 2015-09-17 17:24 - 00000275 _____ C:\WINDOWS\WindowsUpdate.log 2015-09-12 13:35 - 2015-09-15 16:13 - 00002676 _____ C:\WINDOWS\PFRO.log 2015-09-11 13:41 - 2015-09-11 13:41 - 00000000 ____D C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Snip 2015-09-11 13:41 - 2015-09-11 13:41 - 00000000 ____D C:\Users\***\AppData\Local\Snip 2015-09-10 20:13 - 2015-09-10 20:13 - 00097888 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\WindowsAccessBridge-32.dll 2015-09-10 20:13 - 2015-09-10 20:13 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java 2015-09-10 20:07 - 2015-09-10 19:32 - 00000030 _____ C:\AVScanner.ini 2015-09-09 17:09 - 2015-09-09 17:09 - 00003284 _____ C:\WINDOWS\System32\Tasks\{70F4BB8E-DF69-4214-A82D-13742A7694BD} 2015-09-09 10:53 - 2015-09-09 10:53 - 00000020 ___SH C:\Users\.NET v4.5\ntuser.ini 2015-09-09 10:53 - 2015-09-09 10:53 - 00000020 ___SH C:\Users\.NET v4.5 Classic\ntuser.ini 2015-09-09 10:53 - 2015-09-09 10:53 - 00000000 _SHDL C:\Users\.NET v4.5\Vorlagen 2015-09-09 10:53 - 2015-09-09 10:53 - 00000000 _SHDL C:\Users\.NET v4.5\Startmenü 2015-09-09 10:53 - 2015-09-09 10:53 - 00000000 _SHDL C:\Users\.NET v4.5\Netzwerkumgebung 2015-09-09 10:53 - 2015-09-09 10:53 - 00000000 _SHDL C:\Users\.NET v4.5\Lokale Einstellungen 2015-09-09 10:53 - 2015-09-09 10:53 - 00000000 _SHDL C:\Users\.NET v4.5\Eigene Dateien 2015-09-09 10:53 - 2015-09-09 10:53 - 00000000 _SHDL C:\Users\.NET v4.5\Druckumgebung 2015-09-09 10:53 - 2015-09-09 10:53 - 00000000 _SHDL C:\Users\.NET v4.5\Documents\Eigene Musik 2015-09-09 10:53 - 2015-09-09 10:53 - 00000000 _SHDL C:\Users\.NET v4.5\Documents\Eigene Bilder 2015-09-09 10:53 - 2015-09-09 10:53 - 00000000 _SHDL C:\Users\.NET v4.5\AppData\Roaming\Microsoft\Windows\Start Menu\Programme 2015-09-09 10:53 - 2015-09-09 10:53 - 00000000 _SHDL C:\Users\.NET v4.5\AppData\Local\Verlauf 2015-09-09 10:53 - 2015-09-09 10:53 - 00000000 _SHDL C:\Users\.NET v4.5\AppData\Local\Anwendungsdaten 2015-09-09 10:53 - 2015-09-09 10:53 - 00000000 _SHDL C:\Users\.NET v4.5\Anwendungsdaten 2015-09-09 10:53 - 2015-09-09 10:53 - 00000000 _SHDL C:\Users\.NET v4.5 Classic\Vorlagen 2015-09-09 10:53 - 2015-09-09 10:53 - 00000000 _SHDL C:\Users\.NET v4.5 Classic\Startmenü 2015-09-09 10:53 - 2015-09-09 10:53 - 00000000 _SHDL C:\Users\.NET v4.5 Classic\Netzwerkumgebung 2015-09-09 10:53 - 2015-09-09 10:53 - 00000000 _SHDL C:\Users\.NET v4.5 Classic\Lokale Einstellungen 2015-09-09 10:53 - 2015-09-09 10:53 - 00000000 _SHDL C:\Users\.NET v4.5 Classic\Eigene Dateien 2015-09-09 10:53 - 2015-09-09 10:53 - 00000000 _SHDL C:\Users\.NET v4.5 Classic\Druckumgebung 2015-09-09 10:53 - 2015-09-09 10:53 - 00000000 _SHDL C:\Users\.NET v4.5 Classic\Documents\Eigene Musik 2015-09-09 10:53 - 2015-09-09 10:53 - 00000000 _SHDL C:\Users\.NET v4.5 Classic\Documents\Eigene Bilder 2015-09-09 10:53 - 2015-09-09 10:53 - 00000000 _SHDL C:\Users\.NET v4.5 Classic\AppData\Roaming\Microsoft\Windows\Start Menu\Programme 2015-09-09 10:53 - 2015-09-09 10:53 - 00000000 _SHDL C:\Users\.NET v4.5 Classic\AppData\Local\Verlauf 2015-09-09 10:53 - 2015-09-09 10:53 - 00000000 _SHDL C:\Users\.NET v4.5 Classic\AppData\Local\Anwendungsdaten 2015-09-09 10:53 - 2015-09-09 10:53 - 00000000 _SHDL C:\Users\.NET v4.5 Classic\Anwendungsdaten 2015-09-09 10:53 - 2015-09-09 10:53 - 00000000 ____D C:\WINDOWS\SysWOW64\BestPractices 2015-09-09 10:53 - 2015-09-09 10:53 - 00000000 ____D C:\WINDOWS\system32\BestPractices 2015-09-09 10:53 - 2015-09-09 10:53 - 00000000 ____D C:\Users\.NET v4.5 Classic 2015-09-09 10:53 - 2015-09-09 10:53 - 00000000 ____D C:\Users\.NET v4.5 2015-09-09 10:53 - 2015-09-09 10:53 - 00000000 ____D C:\inetpub 2015-09-09 10:53 - 2015-08-13 12:55 - 00000000 ___RD C:\Users\.NET v4.5\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories 2015-09-09 10:53 - 2015-08-13 12:55 - 00000000 ___RD C:\Users\.NET v4.5 Classic\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories 2015-09-09 10:53 - 2015-07-30 21:07 - 00000000 ____D C:\Users\.NET v4.5\AppData\Roaming\ATI 2015-09-09 10:53 - 2015-07-30 21:07 - 00000000 ____D C:\Users\.NET v4.5\AppData\Local\Microsoft Help 2015-09-09 10:53 - 2015-07-30 21:07 - 00000000 ____D C:\Users\.NET v4.5\AppData\Local\ATI 2015-09-09 10:53 - 2015-07-30 21:07 - 00000000 ____D C:\Users\.NET v4.5 Classic\AppData\Roaming\ATI 2015-09-09 10:53 - 2015-07-30 21:07 - 00000000 ____D C:\Users\.NET v4.5 Classic\AppData\Local\Microsoft Help 2015-09-09 10:53 - 2015-07-30 21:07 - 00000000 ____D C:\Users\.NET v4.5 Classic\AppData\Local\ATI 2015-09-09 10:53 - 2015-07-10 13:04 - 00000000 __RSD C:\Users\.NET v4.5\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell 2015-09-09 10:53 - 2015-07-10 13:04 - 00000000 __RSD C:\Users\.NET v4.5 Classic\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell 2015-09-09 10:53 - 2015-07-10 13:04 - 00000000 ___RD C:\Users\.NET v4.5\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools 2015-09-09 10:53 - 2015-07-10 13:04 - 00000000 ___RD C:\Users\.NET v4.5\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility 2015-09-09 10:53 - 2015-07-10 13:04 - 00000000 ___RD C:\Users\.NET v4.5 Classic\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools 2015-09-09 10:53 - 2015-07-10 13:04 - 00000000 ___RD C:\Users\.NET v4.5 Classic\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility 2015-09-09 10:53 - 2015-07-10 13:04 - 00000000 ____D C:\Users\.NET v4.5\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance 2015-09-09 10:53 - 2015-07-10 13:04 - 00000000 ____D C:\Users\.NET v4.5 Classic\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance 2015-09-09 10:30 - 2015-09-09 10:30 - 00313004 _____ C:\Users\***\Documents\cc_20150909_103017.reg 2015-09-09 10:27 - 2015-09-09 10:27 - 00002852 _____ C:\WINDOWS\System32\Tasks\CCleanerSkipUAC 2015-09-09 10:27 - 2015-09-09 10:27 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner 2015-09-09 10:27 - 2015-09-09 10:27 - 00000000 ____D C:\Program Files\CCleaner 2015-09-09 08:34 - 2015-09-09 08:34 - 00001682 _____ C:\Users\***\Desktop\Notepad++.lnk 2015-09-08 23:48 - 2015-09-09 13:12 - 00000000 ____D C:\Users\***\AppData\Roaming\Notepad++ 2015-09-08 23:48 - 2015-09-08 23:48 - 00000000 ____D C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Notepad++ 2015-09-08 23:48 - 2015-09-08 23:48 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Notepad++ 2015-09-08 23:40 - 2015-09-08 23:40 - 00000000 ____D C:\Users\***\AppData\Roaming\Sun 2015-09-08 23:40 - 2015-09-08 23:40 - 00000000 ____D C:\Users\***\.oracle_jre_usage 2015-09-08 23:13 - 2015-09-10 20:13 - 00000000 ____D C:\ProgramData\Oracle 2015-09-08 22:58 - 2015-09-02 03:20 - 00077400 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll 2015-09-08 22:58 - 2015-09-02 02:25 - 03586560 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys 2015-09-08 22:58 - 2015-09-02 02:25 - 01382912 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys 2015-09-08 22:58 - 2015-08-27 08:36 - 03620736 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll 2015-09-08 22:58 - 2015-08-27 08:32 - 00608936 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontdrvhost.exe 2015-09-08 22:58 - 2015-08-27 08:04 - 21874688 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll 2015-09-08 22:58 - 2015-08-27 07:59 - 02880032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll 2015-09-08 22:58 - 2015-08-27 07:55 - 24594944 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll 2015-09-08 22:58 - 2015-08-27 07:54 - 00541248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontdrvhost.exe 2015-09-08 22:58 - 2015-08-27 07:54 - 00365568 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\atmfd.dll 2015-09-08 22:58 - 2015-08-27 07:51 - 02350592 _____ (Microsoft Corporation) C:\WINDOWS\system32\authui.dll 2015-09-08 22:58 - 2015-08-27 07:51 - 01774592 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Immersive.dll 2015-09-08 22:58 - 2015-08-27 07:49 - 01008640 _____ (Microsoft Corporation) C:\WINDOWS\system32\schedsvc.dll 2015-09-08 22:58 - 2015-08-27 07:47 - 12503552 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll 2015-09-08 22:58 - 2015-08-27 07:43 - 00826880 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll 2015-09-08 22:58 - 2015-08-27 07:43 - 00576000 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll 2015-09-08 22:58 - 2015-08-27 07:42 - 00596480 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSync.dll 2015-09-08 22:58 - 2015-08-27 07:42 - 00578560 _____ (Microsoft Corporation) C:\WINDOWS\system32\winlogon.exe 2015-09-08 22:58 - 2015-08-27 07:42 - 00187904 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.PicturePassword.dll 2015-09-08 22:58 - 2015-08-27 07:42 - 00184320 _____ (Microsoft Corporation) C:\WINDOWS\system32\shacct.dll 2015-09-08 22:58 - 2015-08-27 07:39 - 00045568 _____ (Adobe Systems) C:\WINDOWS\system32\atmlib.dll 2015-09-08 22:58 - 2015-08-27 07:23 - 19324416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll 2015-09-08 22:58 - 2015-08-27 07:23 - 00303104 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\atmfd.dll 2015-09-08 22:58 - 2015-08-27 07:16 - 18806272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll 2015-09-08 22:58 - 2015-08-27 07:16 - 02153472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\authui.dll 2015-09-08 22:58 - 2015-08-27 07:16 - 01612288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Immersive.dll 2015-09-08 22:58 - 2015-08-27 07:12 - 00650752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll 2015-09-08 22:58 - 2015-08-27 07:12 - 00504320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll 2015-09-08 22:58 - 2015-08-27 07:11 - 00484352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSync.dll 2015-09-08 22:58 - 2015-08-27 07:11 - 00139776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shacct.dll 2015-09-08 22:58 - 2015-08-27 07:09 - 11262464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll 2015-09-08 22:58 - 2015-08-27 07:08 - 00037376 _____ (Adobe Systems) C:\WINDOWS\SysWOW64\atmlib.dll 2015-09-06 22:30 - 2015-09-06 22:30 - 00003236 _____ C:\WINDOWS\System32\Tasks\{B4166901-0BCE-4DB5-9228-DF2E0E6A54F0} 2015-09-06 22:25 - 2015-09-06 22:25 - 00000000 ____D C:\ProgramData\McAfee 2015-09-06 22:20 - 2015-09-07 22:23 - 00000000 ____D C:\Program Files (x86)\Mozilla Thunderbird 2015-09-06 22:01 - 2015-09-10 21:22 - 00000000 ____D C:\Users\***\AppData\Roaming\FileZilla 2015-09-06 22:01 - 2015-09-09 22:23 - 00000775 _____ C:\Users\***\Desktop\FileZilla Client.lnk 2015-09-06 22:01 - 2015-09-06 22:01 - 00000000 ____D C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FileZilla FTP Client 2015-09-06 21:09 - 2015-09-06 21:09 - 00001219 _____ C:\Users\Public\Desktop\LibreOffice 5.0.lnk 2015-09-06 21:09 - 2015-09-06 21:09 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LibreOffice 5.0 2015-09-06 21:08 - 2015-09-06 21:09 - 00000000 ____D C:\Program Files (x86)\LibreOffice 5 2015-09-06 21:01 - 2015-09-10 19:58 - 00000000 ____D C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\TYPO3 4.7.7 2015-09-06 18:25 - 2015-09-06 18:25 - 00000000 ____D C:\Users\***\AppData\Local\Microsoft_Corporation 2015-09-06 16:32 - 2015-09-06 16:32 - 00000000 ____D C:\Users\***\Documents\OneNote-Notizbücher 2015-09-06 13:02 - 2015-09-06 13:09 - 00000463 ____H C:\Users\***\Documents\.picasa.ini 2015-09-01 21:49 - 2015-09-01 21:49 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox 2015-09-01 17:36 - 2015-09-16 18:59 - 00003962 _____ C:\WINDOWS\System32\Tasks\Opera scheduled Autoupdate 1438604478 2015-08-30 11:34 - 2015-09-17 15:35 - 00467133 _____ C:\Users\***\AppData\Local\Snip.txt 2015-08-30 11:34 - 2015-09-16 18:11 - 00000000 ____D C:\Users\***\Documents\My Snips 2015-08-30 11:34 - 2015-09-11 13:41 - 00000000 ____D C:\Users\***\AppData\Local\Package Cache 2015-08-28 21:14 - 2015-08-20 08:07 - 08019296 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe 2015-08-28 21:14 - 2015-08-20 08:06 - 00609592 _____ (Microsoft Corporation) C:\WINDOWS\system32\ci.dll 2015-08-28 21:14 - 2015-08-20 08:02 - 22324656 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll 2015-08-28 21:14 - 2015-08-20 07:26 - 00168960 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallAgent.exe 2015-08-28 21:14 - 2015-08-20 07:21 - 00193024 _____ (Microsoft Corporation) C:\WINDOWS\system32\EnterpriseModernAppMgmtCSP.dll 2015-08-28 21:14 - 2015-08-20 07:16 - 20857848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll 2015-08-28 21:14 - 2015-08-20 07:13 - 02235904 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll 2015-08-28 21:14 - 2015-08-20 07:09 - 00929280 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthport.sys 2015-08-28 21:14 - 2015-08-18 09:56 - 02498808 _____ C:\WINDOWS\system32\CoreUIComponents.dll 2015-08-28 21:14 - 2015-08-18 09:55 - 00373072 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBXHCI.SYS 2015-08-28 21:14 - 2015-08-18 09:54 - 01396064 _____ (Microsoft Corporation) C:\WINDOWS\system32\LicenseManager.dll 2015-08-28 21:14 - 2015-08-18 09:27 - 01771592 _____ C:\WINDOWS\SysWOW64\CoreUIComponents.dll 2015-08-28 21:14 - 2015-08-18 09:24 - 00963920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LicenseManager.dll 2015-08-28 21:14 - 2015-08-18 09:13 - 00497664 _____ (Microsoft Corporation) C:\WINDOWS\system32\WlanMediaManager.dll 2015-08-28 21:14 - 2015-08-18 09:13 - 00387584 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupShim.dll 2015-08-28 21:14 - 2015-08-18 09:12 - 02225664 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetworkMobileSettings.dll 2015-08-28 21:14 - 2015-08-18 09:07 - 02226688 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlansvc.dll 2015-08-28 21:14 - 2015-08-18 09:04 - 01234944 _____ (Microsoft Corporation) C:\WINDOWS\system32\aitstatic.exe 2015-08-28 21:14 - 2015-08-18 09:04 - 00859136 _____ (Microsoft Corporation) C:\WINDOWS\system32\modernexecserver.dll 2015-08-28 21:14 - 2015-08-18 08:59 - 01294336 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcnwiz.dll 2015-08-28 21:14 - 2015-08-18 08:59 - 00140288 _____ (Microsoft Corporation) C:\WINDOWS\system32\WcnApi.dll 2015-08-28 21:14 - 2015-08-18 08:58 - 00187392 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupSvc.dll 2015-08-28 21:14 - 2015-08-18 08:58 - 00117760 _____ (Microsoft Corporation) C:\WINDOWS\system32\dafWCN.dll 2015-08-28 21:14 - 2015-08-18 08:58 - 00112640 _____ (Microsoft Corporation) C:\WINDOWS\system32\fdWCN.dll 2015-08-28 21:14 - 2015-08-18 08:58 - 00050176 _____ (Microsoft Corporation) C:\WINDOWS\system32\WcnNetsh.dll 2015-08-28 21:14 - 2015-08-18 08:57 - 00045568 _____ (Microsoft Corporation) C:\WINDOWS\system32\wfdprov.dll 2015-08-28 21:14 - 2015-08-18 08:56 - 00079872 _____ (Microsoft Corporation) C:\WINDOWS\system32\BthRadioMedia.dll 2015-08-28 21:14 - 2015-08-18 08:55 - 02178560 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll 2015-08-28 21:14 - 2015-08-18 08:54 - 00322048 _____ (Microsoft Corporation) C:\WINDOWS\system32\vaultsvc.dll 2015-08-28 21:14 - 2015-08-18 08:54 - 00247296 _____ C:\WINDOWS\system32\facecredentialprovider.dll 2015-08-28 21:14 - 2015-08-18 08:52 - 01888768 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll 2015-08-28 21:14 - 2015-08-18 08:50 - 01795072 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.dll 2015-08-28 21:14 - 2015-08-18 08:49 - 01061888 _____ (Microsoft Corporation) C:\WINDOWS\system32\reseteng.dll 2015-08-28 21:14 - 2015-08-18 08:49 - 00274432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupShim.dll 2015-08-28 21:14 - 2015-08-18 08:49 - 00246272 _____ (Microsoft Corporation) C:\WINDOWS\system32\PackageStateRoaming.dll 2015-08-28 21:14 - 2015-08-18 08:36 - 01226752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wcnwiz.dll 2015-08-28 21:14 - 2015-08-18 08:35 - 00100352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WcnApi.dll 2015-08-28 21:14 - 2015-08-18 08:35 - 00095744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fdWCN.dll 2015-08-28 21:14 - 2015-08-18 08:34 - 00037376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wfdprov.dll 2015-08-28 21:14 - 2015-08-18 08:29 - 01593344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmcore.dll 2015-08-28 21:14 - 2015-08-18 08:26 - 00195584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PackageStateRoaming.dll 2015-08-28 21:14 - 2015-08-18 06:44 - 00008847 _____ C:\WINDOWS\system32\ResPriHMImageList 2015-08-28 15:15 - 2015-08-28 21:02 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox 2015-08-27 18:37 - 2015-08-27 18:37 - 00000000 ____D C:\ProgramData\ATI 2015-08-27 17:57 - 2015-08-27 17:57 - 00002642 _____ C:\Users\Public\Desktop\Skype.lnk 2015-08-27 17:57 - 2015-08-27 17:57 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype 2015-08-27 15:46 - 2015-08-27 15:46 - 00674424 _____ (Microsoft Corporation) C:\WINDOWS\system32\LCCoin425.dll 2015-08-27 15:46 - 2015-08-27 15:46 - 00034424 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\LcUvcUpper.sys 2015-08-27 15:46 - 2015-08-27 15:46 - 00000000 ____H C:\WINDOWS\system32\Drivers\Msft_Kernel_LcUvcUpper_01011.Wdf 2015-08-27 15:46 - 2015-08-27 15:46 - 00000000 ____D C:\Program Files\Microsoft LifeCam 2015-08-27 15:46 - 2015-08-27 15:46 - 00000000 ____D C:\Program Files (x86)\Microsoft LifeCam 2015-08-27 15:42 - 2015-08-27 15:42 - 00000000 ____D C:\Users\***\Tracing 2015-08-25 21:57 - 2015-08-25 21:57 - 00000000 ____D C:\Users\***\Desktop\Alle Aufgaben.{ED7BA470-8E54-465E-825C-99712043E01C} 2015-08-21 18:19 - 2015-08-21 18:19 - 00062133 _____ C:\WINDOWS\SysWOW64\CCCInstall_201508211819281921.log 2015-08-21 18:19 - 2015-08-21 18:19 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD Catalyst Control Center 2015-08-21 18:19 - 2015-08-21 18:19 - 00000000 ____D C:\Program Files\ATI Technologies 2015-08-21 18:19 - 2015-08-21 18:19 - 00000000 ____D C:\Program Files (x86)\ATI Technologies 2015-08-21 18:18 - 2015-08-21 18:18 - 00061253 _____ C:\WINDOWS\SysWOW64\CCCInstall_201508211818434195.log 2015-08-21 18:17 - 2015-08-21 18:17 - 47795680 _____ (Advanced Micro Devices Inc.) C:\WINDOWS\system32\amdocl64.dll 2015-08-21 18:17 - 2015-08-21 18:17 - 39723504 _____ (Advanced Micro Devices Inc.) C:\WINDOWS\SysWOW64\amdocl.dll 2015-08-21 18:17 - 2015-08-21 18:17 - 30760944 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\system32\atio6axx.dll 2015-08-21 18:17 - 2015-08-21 18:17 - 27544560 _____ (Advanced Micro Devices Inc.) C:\WINDOWS\system32\amdocl12cl64.dll 2015-08-21 18:17 - 2015-08-21 18:17 - 25308656 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\SysWOW64\atioglxx.dll 2015-08-21 18:17 - 2015-08-21 18:17 - 22328800 _____ (Advanced Micro Devices Inc.) C:\WINDOWS\SysWOW64\amdocl12cl.dll 2015-08-21 18:17 - 2015-08-21 18:17 - 15727072 _____ (Advanced Micro Devices Inc.) C:\WINDOWS\system32\aticaldd64.dll 2015-08-21 18:17 - 2015-08-21 18:17 - 14312416 _____ (Advanced Micro Devices Inc.) C:\WINDOWS\SysWOW64\aticaldd.dll 2015-08-21 18:17 - 2015-08-21 18:17 - 09191312 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\amdxc64.dll 2015-08-21 18:17 - 2015-08-21 18:17 - 08979760 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\atiumd6a.dll 2015-08-21 18:17 - 2015-08-21 18:17 - 08865496 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\atiumd64.dll 2015-08-21 18:17 - 2015-08-21 18:17 - 08009344 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\atiumdva.dll 2015-08-21 18:17 - 2015-08-21 18:17 - 07575664 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\amdxc32.dll 2015-08-21 18:17 - 2015-08-21 18:17 - 07482560 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\atiumdag.dll 2015-08-21 18:17 - 2015-08-21 18:17 - 06486000 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\amdmantle64.dll 2015-08-21 18:17 - 2015-08-21 18:17 - 05076976 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\amdmantle32.dll 2015-08-21 18:17 - 2015-08-21 18:17 - 03471376 _____ C:\WINDOWS\SysWOW64\atiumdva.cap 2015-08-21 18:17 - 2015-08-21 18:17 - 03437632 _____ C:\WINDOWS\system32\atiumd6a.cap 2015-08-21 18:17 - 2015-08-21 18:17 - 01257952 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\system32\atiadlxx.dll 2015-08-21 18:17 - 2015-08-21 18:17 - 01196032 _____ C:\WINDOWS\system32\amdocl_as64.exe 2015-08-21 18:17 - 2015-08-21 18:17 - 01070592 _____ C:\WINDOWS\system32\amdocl_ld64.exe 2015-08-21 18:17 - 2015-08-21 18:17 - 01005552 _____ C:\WINDOWS\SysWOW64\amdocl_as32.exe 2015-08-21 18:17 - 2015-08-21 18:17 - 00936928 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\SysWOW64\atiadlxy.dll 2015-08-21 18:17 - 2015-08-21 18:17 - 00936928 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\SysWOW64\atiadlxx.dll 2015-08-21 18:17 - 2015-08-21 18:17 - 00807424 _____ C:\WINDOWS\SysWOW64\amdocl_ld32.exe 2015-08-21 18:17 - 2015-08-21 18:17 - 00660928 _____ C:\WINDOWS\SysWOW64\atiapfxx.blb 2015-08-21 18:17 - 2015-08-21 18:17 - 00660928 _____ C:\WINDOWS\system32\atiapfxx.blb 2015-08-21 18:17 - 2015-08-21 18:17 - 00472832 _____ C:\WINDOWS\system32\amdmiracast.dll 2015-08-21 18:17 - 2015-08-21 18:17 - 00452576 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\system32\atidemgy.dll 2015-08-21 18:17 - 2015-08-21 18:17 - 00377312 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\system32\atiapfxx.exe 2015-08-21 18:17 - 2015-08-21 18:17 - 00341488 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\system32\ATIODE.exe 2015-08-21 18:17 - 2015-08-21 18:17 - 00243696 _____ C:\WINDOWS\system32\clinfo.exe 2015-08-21 18:17 - 2015-08-21 18:17 - 00213488 _____ C:\WINDOWS\system32\amdgfxinfo64.dll 2015-08-21 18:17 - 2015-08-21 18:17 - 00201184 _____ (AMD) C:\WINDOWS\system32\atitmm64.dll 2015-08-21 18:17 - 2015-08-21 18:17 - 00198640 _____ C:\WINDOWS\SysWOW64\amdgfxinfo32.dll 2015-08-21 18:17 - 2015-08-21 18:17 - 00170464 _____ C:\WINDOWS\system32\atieah64.exe 2015-08-21 18:17 - 2015-08-21 18:17 - 00165360 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\atig6txx.dll 2015-08-21 18:17 - 2015-08-21 18:17 - 00152560 _____ C:\WINDOWS\SysWOW64\atieah32.exe 2015-08-21 18:17 - 2015-08-21 18:17 - 00152032 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\atigktxx.dll 2015-08-21 18:17 - 2015-08-21 18:17 - 00143344 _____ C:\WINDOWS\system32\amdhdl64.dll 2015-08-21 18:17 - 2015-08-21 18:17 - 00136176 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\mantle64.dll 2015-08-21 18:17 - 2015-08-21 18:17 - 00132080 _____ C:\WINDOWS\SysWOW64\amdhdl32.dll 2015-08-21 18:17 - 2015-08-21 18:17 - 00131592 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\atiu9p64.dll 2015-08-21 18:17 - 2015-08-21 18:17 - 00122352 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\mantle32.dll 2015-08-21 18:17 - 2015-08-21 18:17 - 00113880 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\atiu9pag.dll 2015-08-21 18:17 - 2015-08-21 18:17 - 00111600 _____ C:\WINDOWS\system32\hsa-thunk64.dll 2015-08-21 18:17 - 2015-08-21 18:17 - 00111088 _____ C:\WINDOWS\SysWOW64\hsa-thunk.dll 2015-08-21 18:17 - 2015-08-21 18:17 - 00102384 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\mantleaxl64.dll 2015-08-21 18:17 - 2015-08-21 18:17 - 00095216 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\mantleaxl32.dll 2015-08-21 18:17 - 2015-08-21 18:17 - 00089520 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\atimpc64.dll 2015-08-21 18:17 - 2015-08-21 18:17 - 00088000 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\amdpcom64.dll 2015-08-21 18:17 - 2015-08-21 18:17 - 00085472 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\atig6pxx.dll 2015-08-21 18:17 - 2015-08-21 18:17 - 00082680 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\amdpcom32.dll 2015-08-21 18:17 - 2015-08-21 18:17 - 00081160 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\atimpc32.dll 2015-08-21 18:17 - 2015-08-21 18:17 - 00078320 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\atiglpxx.dll 2015-08-21 18:17 - 2015-08-21 18:17 - 00078320 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\atiglpxx.dll 2015-08-21 18:17 - 2015-08-21 18:17 - 00073712 _____ (Khronos Group) C:\WINDOWS\system32\OpenCL.dll 2015-08-21 18:17 - 2015-08-21 18:17 - 00071152 _____ (Advanced Micro Devices Inc.) C:\WINDOWS\system32\aticalrt64.dll 2015-08-21 18:17 - 2015-08-21 18:17 - 00069600 _____ (Khronos Group) C:\WINDOWS\SysWOW64\OpenCL.dll 2015-08-21 18:17 - 2015-08-21 18:17 - 00064496 _____ (Advanced Micro Devices Inc.) C:\WINDOWS\system32\aticalcl64.dll 2015-08-21 18:17 - 2015-08-21 18:17 - 00062432 _____ (Advanced Micro Devices Inc.) C:\WINDOWS\SysWOW64\aticalrt.dll 2015-08-21 18:17 - 2015-08-21 18:17 - 00061408 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\system32\ATIODCLI.exe 2015-08-21 18:17 - 2015-08-21 18:17 - 00059376 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\amdmmcl6.dll 2015-08-21 18:17 - 2015-08-21 18:17 - 00059360 _____ (Advanced Micro Devices Inc.) C:\WINDOWS\SysWOW64\aticalcl.dll 2015-08-21 18:17 - 2015-08-21 18:17 - 00052208 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\system32\Drivers\ati2erec.dll 2015-08-21 18:17 - 2015-08-21 18:17 - 00049632 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\amdmmcl.dll 2015-08-21 18:17 - 2015-08-21 18:17 - 00039904 _____ (AMD) C:\WINDOWS\system32\atimuixx.dll 2015-08-21 18:17 - 2015-08-21 18:17 - 00012784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\detoured.dll 2015-08-21 18:17 - 2015-08-21 18:17 - 00012784 _____ (Microsoft Corporation) C:\WINDOWS\system32\detoured.dll 2015-08-19 17:08 - 2015-08-13 06:22 - 02093056 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlidsvc.dll 2015-08-19 17:08 - 2015-08-13 06:20 - 00414208 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentClient.dll 2015-08-19 17:08 - 2015-08-13 05:53 - 00311808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppXDeploymentClient.dll 2015-08-19 17:08 - 2015-08-11 12:04 - 04532304 _____ (Microsoft Corporation) C:\WINDOWS\explorer.exe 2015-08-19 17:08 - 2015-08-11 12:04 - 02462648 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll 2015-08-19 17:08 - 2015-08-11 12:04 - 01087296 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfplat.dll 2015-08-19 17:08 - 2015-08-11 12:03 - 00442208 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\storport.sys 2015-08-19 17:08 - 2015-08-11 12:02 - 00554744 _____ (Microsoft Corporation) C:\WINDOWS\system32\directmanipulation.dll 2015-08-19 17:08 - 2015-08-11 12:02 - 00292856 _____ (Microsoft Corporation) C:\WINDOWS\system32\LockAppHost.exe 2015-08-19 17:08 - 2015-08-11 12:02 - 00080720 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\stornvme.sys 2015-08-19 17:08 - 2015-08-11 11:52 - 00993104 _____ (Microsoft Corporation) C:\WINDOWS\system32\ReAgent.dll 2015-08-19 17:08 - 2015-08-11 11:50 - 01643872 _____ (Microsoft Corporation) C:\WINDOWS\system32\diagtrack.dll 2015-08-19 17:08 - 2015-08-11 11:40 - 04048808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\explorer.exe 2015-08-19 17:08 - 2015-08-11 11:40 - 02151208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll 2015-08-19 17:08 - 2015-08-11 11:40 - 00918320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfplat.dll 2015-08-19 17:08 - 2015-08-11 11:38 - 00454000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\directmanipulation.dll 2015-08-19 17:08 - 2015-08-11 11:37 - 00243800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LockAppHost.exe 2015-08-19 17:08 - 2015-08-11 11:26 - 00845664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ReAgent.dll 2015-08-19 17:08 - 2015-08-11 11:23 - 16706560 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll 2015-08-19 17:08 - 2015-08-11 11:21 - 00148992 _____ (Microsoft Corporation) C:\WINDOWS\system32\tetheringservice.dll 2015-08-19 17:08 - 2015-08-11 11:21 - 00052224 _____ (Microsoft Corporation) C:\WINDOWS\system32\tetheringclient.dll 2015-08-19 17:08 - 2015-08-11 11:20 - 00483328 _____ (Microsoft Corporation) C:\WINDOWS\system32\OneDriveSettingSyncProvider.dll 2015-08-19 17:08 - 2015-08-11 11:19 - 00235520 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_Notifications.dll 2015-08-19 17:08 - 2015-08-11 11:18 - 00235008 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserMgrProxy.dll 2015-08-19 17:08 - 2015-08-11 11:16 - 02416640 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFMediaEngine.dll 2015-08-19 17:08 - 2015-08-11 11:14 - 00404480 _____ C:\WINDOWS\system32\diagtrack_wininternal.dll 2015-08-19 17:08 - 2015-08-11 11:13 - 00413184 _____ C:\WINDOWS\system32\diagtrack_win.dll 2015-08-19 17:08 - 2015-08-11 11:11 - 02446336 _____ C:\WINDOWS\system32\InputService.dll 2015-08-19 17:08 - 2015-08-11 11:11 - 00553472 _____ (Microsoft Corporation) C:\WINDOWS\system32\GamePanel.exe 2015-08-19 17:08 - 2015-08-11 11:10 - 00778752 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.dll 2015-08-19 17:08 - 2015-08-11 11:10 - 00324096 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.TestingFramework.dll 2015-08-19 17:08 - 2015-08-11 11:10 - 00293376 _____ C:\WINDOWS\system32\TextInputFramework.dll 2015-08-19 17:08 - 2015-08-11 11:09 - 00032768 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuautoappupdate.dll 2015-08-19 17:08 - 2015-08-11 11:08 - 00893440 _____ (Microsoft Corporation) C:\WINDOWS\system32\MbaeApiPublic.dll 2015-08-19 17:08 - 2015-08-11 11:08 - 00563200 _____ (Microsoft Corporation) C:\WINDOWS\system32\MbaeApi.dll 2015-08-19 17:08 - 2015-08-11 11:07 - 01178112 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwansvc.dll 2015-08-19 17:08 - 2015-08-11 11:07 - 00593920 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcmsvc.dll 2015-08-19 17:08 - 2015-08-11 11:07 - 00115712 _____ (Microsoft Corporation) C:\WINDOWS\system32\MbaeParserTask.exe 2015-08-19 17:08 - 2015-08-11 11:06 - 07523328 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll 2015-08-19 17:08 - 2015-08-11 11:06 - 02662400 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Logon.dll 2015-08-19 17:08 - 2015-08-11 11:05 - 03527168 _____ (Microsoft Corporation) C:\WINDOWS\system32\tquery.dll 2015-08-19 17:08 - 2015-08-11 11:05 - 00996352 _____ (Microsoft Corporation) C:\WINDOWS\system32\RDXService.dll 2015-08-19 17:08 - 2015-08-11 11:05 - 00342016 _____ (Microsoft Corporation) C:\WINDOWS\system32\LocationGeofences.dll 2015-08-19 17:08 - 2015-08-11 11:05 - 00269312 _____ (Microsoft Corporation) C:\WINDOWS\system32\LocationFramework.dll 2015-08-19 17:08 - 2015-08-11 11:05 - 00137216 _____ (Microsoft Corporation) C:\WINDOWS\system32\LocationPermissions.dll 2015-08-19 17:08 - 2015-08-11 11:05 - 00078848 _____ (Microsoft Corporation) C:\WINDOWS\system32\LocationFrameworkInternalPS.dll 2015-08-19 17:08 - 2015-08-11 11:03 - 02558976 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssrch.dll 2015-08-19 17:08 - 2015-08-11 11:02 - 00621056 _____ (Microsoft Corporation) C:\WINDOWS\system32\enterprisecsps.dll 2015-08-19 17:08 - 2015-08-11 11:02 - 00186368 _____ (Microsoft Corporation) C:\WINDOWS\system32\cloudAP.dll 2015-08-19 17:08 - 2015-08-11 11:01 - 01334784 _____ (Microsoft Corporation) C:\WINDOWS\system32\UIAutomationCore.dll 2015-08-19 17:08 - 2015-08-11 11:00 - 00336384 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchProtocolHost.exe 2015-08-19 17:08 - 2015-08-11 11:00 - 00274432 _____ (Microsoft Corporation) C:\WINDOWS\system32\syncutil.dll 2015-08-19 17:08 - 2015-08-11 10:59 - 01106432 _____ (Microsoft Corporation) C:\WINDOWS\system32\sysmain.dll 2015-08-19 17:08 - 2015-08-11 10:59 - 00642560 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdbui.dll 2015-08-19 17:08 - 2015-08-11 10:59 - 00123392 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssprxy.dll 2015-08-19 17:08 - 2015-08-11 10:59 - 00042496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tetheringclient.dll 2015-08-19 17:08 - 2015-08-11 10:58 - 00372224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\OneDriveSettingSyncProvider.dll 2015-08-19 17:08 - 2015-08-11 10:57 - 13024768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll 2015-08-19 17:08 - 2015-08-11 10:57 - 00159744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserMgrProxy.dll 2015-08-19 17:08 - 2015-08-11 10:51 - 01916928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFMediaEngine.dll 2015-08-19 17:08 - 2015-08-11 10:51 - 01823232 _____ C:\WINDOWS\SysWOW64\InputService.dll 2015-08-19 17:08 - 2015-08-11 10:50 - 00420352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GamePanel.exe 2015-08-19 17:08 - 2015-08-11 10:50 - 00200704 _____ C:\WINDOWS\SysWOW64\TextInputFramework.dll 2015-08-19 17:08 - 2015-08-11 10:50 - 00131584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Core.TextInput.dll 2015-08-19 17:08 - 2015-08-11 10:49 - 00586752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.dll 2015-08-19 17:08 - 2015-08-11 10:49 - 00247808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll 2015-08-19 17:08 - 2015-08-11 10:48 - 00671232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MbaeApiPublic.dll 2015-08-19 17:08 - 2015-08-11 10:47 - 00448512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MbaeApi.dll 2015-08-19 17:08 - 2015-08-11 10:45 - 01820672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Logon.dll 2015-08-19 17:08 - 2015-08-11 10:43 - 02748416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tquery.dll 2015-08-19 17:08 - 2015-08-11 10:42 - 05454848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll 2015-08-19 17:08 - 2015-08-11 10:40 - 01964544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssrch.dll 2015-08-19 17:08 - 2015-08-11 10:40 - 01112064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UIAutomationCore.dll 2015-08-19 17:08 - 2015-08-11 10:39 - 00280576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchProtocolHost.exe 2015-08-19 17:08 - 2015-08-11 10:38 - 00162304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ReInfo.dll ==================== Ein Monat: Geänderte Dateien und Ordner ======== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.) 2015-09-17 17:40 - 2014-03-16 13:40 - 00001130 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-1888364831-2858631773-2981139133-1001UA.job 2015-09-17 17:35 - 2015-07-10 13:04 - 00000000 ____D C:\WINDOWS\system32\sru 2015-09-17 16:55 - 2015-06-13 15:45 - 00001226 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskMachineUA.job 2015-09-17 16:53 - 2015-05-02 11:27 - 00001136 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job 2015-09-17 15:53 - 2015-05-02 11:27 - 00001132 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job 2015-09-17 15:48 - 2015-05-02 11:27 - 00004194 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA 2015-09-17 15:48 - 2015-05-02 11:27 - 00003962 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore 2015-09-17 15:45 - 2015-07-30 21:13 - 01981972 _____ C:\WINDOWS\system32\PerfStringBackup.INI 2015-09-17 15:45 - 2015-07-10 18:34 - 00847780 _____ C:\WINDOWS\system32\perfh007.dat 2015-09-17 15:45 - 2015-07-10 18:34 - 00180556 _____ C:\WINDOWS\system32\perfc007.dat 2015-09-17 15:44 - 2015-05-23 17:16 - 00003662 _____ C:\WINDOWS\Sandboxie.ini 2015-09-17 15:37 - 2014-10-26 16:05 - 00004154 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{687F2EEC-A316-484A-B958-97FEC835D3B2} 2015-09-17 15:35 - 2015-06-13 15:47 - 00000000 ___RD C:\Users\***\Dropbox 2015-09-17 15:35 - 2015-06-13 15:45 - 00000000 ____D C:\Users\***\AppData\Local\Dropbox 2015-09-17 15:35 - 2015-05-28 15:05 - 00000000 ____D C:\ProgramData\Malwarebytes Anti-Exploit 2015-09-17 15:35 - 2015-03-24 18:45 - 00113880 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys 2015-09-17 15:34 - 2015-06-13 15:45 - 00001222 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskMachineCore.job 2015-09-17 15:33 - 2015-07-10 13:04 - 00000000 ____D C:\WINDOWS\AppReadiness 2015-09-16 22:23 - 2014-05-07 19:37 - 00000000 ____D C:\Users\***\AppData\Roaming\vlc 2015-09-16 21:52 - 2015-07-30 19:11 - 00000000 ____D C:\Users\***\Documents\WISO Mein Geld 2015-09-16 21:50 - 2015-07-10 14:21 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT 2015-09-16 19:53 - 2015-07-30 21:05 - 00000000 ____D C:\Users\*** 2015-09-16 18:59 - 2015-08-03 14:21 - 00001120 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera.lnk 2015-09-16 18:59 - 2015-04-30 19:34 - 00000000 ____D C:\Program Files (x86)\Opera 2015-09-16 18:53 - 2015-08-01 12:44 - 00000000 ____D C:\WINDOWS\Minidump 2015-09-16 18:40 - 2014-03-16 13:40 - 00001078 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-1888364831-2858631773-2981139133-1001Core.job 2015-09-16 18:35 - 2014-03-16 13:40 - 00004244 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1888364831-2858631773-2981139133-1001UA 2015-09-16 18:35 - 2014-03-16 13:40 - 00003868 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1888364831-2858631773-2981139133-1001Core 2015-09-16 18:02 - 2014-01-20 21:44 - 00000000 ____D C:\Users\***\AppData\Local\Packages 2015-09-16 18:00 - 2015-07-30 21:15 - 00002390 _____ C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk 2015-09-16 18:00 - 2015-07-30 21:13 - 00000000 ___RD C:\Users\***\OneDrive 2015-09-15 16:12 - 2015-07-10 11:05 - 00524288 ___SH C:\WINDOWS\system32\config\BBI 2015-09-14 18:52 - 2015-07-10 13:04 - 00000000 ____D C:\WINDOWS\system32\restore 2015-09-14 13:26 - 2014-10-17 21:33 - 00000000 ____D C:\Users\***\AppData\Local\Adobe 2015-09-14 13:13 - 2015-05-23 17:16 - 00000865 _____ C:\Users\***\Desktop\Sandboxed Web Browser.lnk 2015-09-12 13:36 - 2015-07-10 12:55 - 00000000 ____D C:\WINDOWS\CbsTemp 2015-09-12 12:49 - 2014-01-20 22:19 - 00000000 ____D C:\Users\***\AppData\Local\Google 2015-09-10 20:13 - 2014-10-16 20:18 - 00000000 ____D C:\Program Files (x86)\Java 2015-09-10 19:59 - 2015-03-24 19:05 - 00000000 ____D C:\Users\***\Desktop\Sicherheit 2015-09-10 18:47 - 2015-07-10 13:04 - 00000000 ____D C:\WINDOWS\LiveKernelReports 2015-09-10 16:09 - 2015-07-10 13:04 - 00000000 ____D C:\WINDOWS\rescache 2015-09-09 11:04 - 2015-07-10 14:20 - 00409488 _____ C:\WINDOWS\system32\FNTCACHE.DAT 2015-09-09 10:53 - 2015-07-10 13:04 - 00000000 ____D C:\WINDOWS\SysWOW64\inetsrv 2015-09-09 10:53 - 2015-07-10 13:04 - 00000000 ____D C:\WINDOWS\system32\inetsrv 2015-09-09 10:53 - 2015-07-10 13:01 - 00168960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iisRtl.dll 2015-09-09 10:53 - 2015-07-10 13:01 - 00050688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\admwprox.dll 2015-09-09 10:53 - 2015-07-10 13:01 - 00026112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ahadmin.dll 2015-09-09 10:53 - 2015-07-10 13:01 - 00016896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iisreset.exe 2015-09-09 10:53 - 2015-07-10 13:01 - 00011264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wamregps.dll 2015-09-09 10:53 - 2015-07-10 13:01 - 00010240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iisrstap.dll 2015-09-09 10:53 - 2015-07-10 13:00 - 00202240 _____ (Microsoft Corporation) C:\WINDOWS\system32\iisRtl.dll 2015-09-09 10:53 - 2015-07-10 13:00 - 00055808 _____ (Microsoft Corporation) C:\WINDOWS\system32\admwprox.dll 2015-09-09 10:53 - 2015-07-10 13:00 - 00053248 _____ (Microsoft Corporation) C:\WINDOWS\system32\ahadmin.dll 2015-09-09 10:53 - 2015-07-10 13:00 - 00018432 _____ (Microsoft Corporation) C:\WINDOWS\system32\iisreset.exe 2015-09-09 10:53 - 2015-07-10 13:00 - 00015360 _____ (Microsoft Corporation) C:\WINDOWS\system32\wamregps.dll 2015-09-09 10:53 - 2015-07-10 13:00 - 00013312 _____ (Microsoft Corporation) C:\WINDOWS\system32\iisrstap.dll 2015-09-09 10:53 - 2015-07-10 12:59 - 00022528 _____ (Microsoft Corporation) C:\WINDOWS\system32\simptcp.dll 2015-09-09 10:33 - 2015-05-19 18:01 - 00000000 ____D C:\Users\***\AppData\Roaming\Media Player Classic 2015-09-09 10:33 - 2015-02-14 17:51 - 00000000 ____D C:\Users\***\AppData\Local\CrashDumps 2015-09-09 10:33 - 2014-06-30 14:40 - 00000000 ____D C:\Program Files (x86)\Steam 2015-09-08 23:07 - 2014-07-02 17:11 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service 2015-09-08 23:06 - 2015-07-10 18:44 - 00000000 ____D C:\Program Files\Windows Journal 2015-09-08 23:06 - 2015-07-10 13:04 - 00000000 ____D C:\WINDOWS\system32\appraiser 2015-09-08 23:04 - 2014-05-10 14:38 - 00000000 ____D C:\ProgramData\Microsoft Help 2015-09-08 23:03 - 2013-08-22 15:25 - 00000203 _____ C:\WINDOWS\win.ini 2015-09-08 23:02 - 2014-01-20 22:10 - 00000000 ____D C:\WINDOWS\system32\MRT 2015-09-06 17:07 - 2015-07-30 19:10 - 00000000 ____D C:\Users\***\Documents\Rou 2015-09-06 12:51 - 2015-07-30 19:10 - 00000000 ____D C:\Users\***\Documents\Thai Chi - Yang Stile 2015-09-03 21:49 - 2015-05-02 11:27 - 00002252 _____ C:\Users\Public\Desktop\Google Chrome.lnk 2015-09-03 16:18 - 2015-07-10 13:04 - 00000000 ____D C:\WINDOWS\system32\oobe 2015-09-01 21:49 - 2015-06-13 15:45 - 00000000 ____D C:\Program Files (x86)\Dropbox 2015-08-27 18:43 - 2014-01-20 22:56 - 00000000 ____D C:\Users\***\AppData\Roaming\Skype 2015-08-27 17:57 - 2014-08-13 18:27 - 00000000 ___RD C:\Program Files (x86)\Skype 2015-08-27 17:57 - 2014-01-20 22:56 - 00000000 ____D C:\ProgramData\Skype 2015-08-26 18:37 - 2014-01-20 22:10 - 134753440 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe 2015-08-21 18:18 - 2012-07-26 09:25 - 00000000 ____D C:\AMD 2015-08-21 18:17 - 2015-07-16 02:12 - 00162240 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\atiuxp64.dll 2015-08-21 18:17 - 2015-07-16 02:11 - 12062040 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\atidxx64.dll 2015-08-21 18:17 - 2015-07-16 02:11 - 10191264 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\atidxx32.dll 2015-08-21 18:17 - 2015-07-16 02:11 - 01468224 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\aticfx64.dll 2015-08-21 18:17 - 2015-07-16 02:11 - 01213192 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\aticfx32.dll 2015-08-21 18:17 - 2015-07-16 02:11 - 00143048 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\atiuxpag.dll 2015-08-21 18:17 - 2015-07-16 02:06 - 21632992 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\system32\Drivers\atikmdag.sys 2015-08-21 18:17 - 2015-07-16 01:17 - 00681456 _____ (AMD) C:\WINDOWS\system32\atieclxx.exe 2015-08-21 18:17 - 2015-07-16 01:17 - 00256992 _____ (AMD) C:\WINDOWS\system32\atiesrxx.exe 2015-08-21 18:17 - 2015-07-16 01:13 - 00675296 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\system32\Drivers\atikmpag.sys 2015-08-21 18:17 - 2015-07-16 01:12 - 00874480 _____ (AMD) C:\WINDOWS\system32\coinst_15.20.dll 2015-08-19 17:15 - 2015-07-10 13:04 - 00000000 ____D C:\WINDOWS\system32\WinBioPlugIns 2015-08-18 20:32 - 2014-05-10 14:38 - 00000000 ____D C:\Users\***\AppData\Local\Microsoft Help ==================== Dateien im Wurzelverzeichnis einiger Verzeichnisse ======= 2014-01-20 23:03 - 2014-10-06 18:29 - 13024768 _____ (LastPass) C:\Program Files (x86)\Common Files\lpuninstall.exe 2015-07-30 19:04 - 2015-07-30 19:05 - 0000467 _____ () C:\Users\***\AppData\Roaming\burnaware.ini 2015-07-30 22:44 - 2015-07-30 22:44 - 0000078 _____ () C:\Users\***\AppData\Roaming\mainhst.zgh 2014-10-04 14:43 - 2014-10-04 14:43 - 0001285 _____ () C:\Users\***\AppData\Local\recently-used.xbel 2015-05-01 21:58 - 2015-05-01 21:58 - 0007595 _____ () C:\Users\***\AppData\Local\Resmon.ResmonCfg 2015-08-30 11:34 - 2015-09-17 15:35 - 0467133 _____ () C:\Users\***\AppData\Local\Snip.txt 2015-02-14 11:57 - 2015-02-14 11:57 - 0000057 _____ () C:\ProgramData\Ament.ini 2015-07-30 21:04 - 2015-07-30 21:04 - 0000000 ____H () C:\ProgramData\DP45977C.lfl 2014-11-06 16:41 - 2014-11-28 14:36 - 0000215 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc Dateien, die verschoben oder gelöscht werden sollten: ==================== C:\Users\***\fbchathistory.dat Einige Dateien in TEMP: ==================== C:\Users\***\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpa8os2s.dll C:\Users\***\AppData\Local\Temp\sqlite3.dll ==================== Bamital & volsnap ================= (Es ist kein automatischer Fix für Dateien vorhanden, die an der Verifikation gescheitert sind.) C:\WINDOWS\system32\winlogon.exe => Datei ist digital signiert C:\WINDOWS\system32\wininit.exe => Datei ist digital signiert C:\WINDOWS\explorer.exe => Datei ist digital signiert C:\WINDOWS\SysWOW64\explorer.exe => Datei ist digital signiert C:\WINDOWS\system32\svchost.exe => Datei ist digital signiert C:\WINDOWS\SysWOW64\svchost.exe => Datei ist digital signiert C:\WINDOWS\system32\services.exe => Datei ist digital signiert C:\WINDOWS\system32\User32.dll => Datei ist digital signiert C:\WINDOWS\SysWOW64\User32.dll => Datei ist digital signiert C:\WINDOWS\system32\userinit.exe => Datei ist digital signiert C:\WINDOWS\SysWOW64\userinit.exe => Datei ist digital signiert C:\WINDOWS\system32\rpcss.dll => Datei ist digital signiert C:\WINDOWS\system32\dnsapi.dll => Datei ist digital signiert C:\WINDOWS\SysWOW64\dnsapi.dll => Datei ist digital signiert C:\WINDOWS\system32\Drivers\volsnap.sys => Datei ist digital signiert LastRegBack: 2015-09-13 11:50 ==================== Ende von FRST.txt ============================ Noch Probleme? Mal gucken. Seit einiger Zeit, spielt vor jedem Youtube-Vid. ein Werbespot und dann gleich 1:30 Min. im Schnitt. k.A. ob durch google (Youtube) die AdblockPlus Funktion unterdrückt wird, oder ob es iwie malware ist. Gruß verrant Das mit Youtube scheint auch nur auf Chrome so zu sein. Gruß verrant |
|
17.09.2015, 19:37
| #18 |
| /// Malwareteam | Win 10: Infektion mit Trace.Registry.VirusShield2009!A2 und einigen PUP´s Hi,
__________________das mit dem Chrome ist ein neues "Feature" von Google. Die habens geschafft, Werbeblocker in Youtube zu umgehen. Wenn dich das stört, musst du derzeit leider auf andere Browser ausweichen. Google starts punishing AdBlock users with unskippable YouTube video ads | Apps and Software | Geek.com Dann wären wir hier durch. Schritt # 1: Entfernen unserer Tools Die Reihenfolge ist hier entscheidend.
Abschließend noch ein paar Tipps von mir: Schritt # 2: Empfohlene Software Habe immer ein aktuelles Antivirenprogramm deiner Wahl installiert und aktiviere die automatischen Updates (standardmäßig eingeschaltet). Verwende nach Möglichkeit nicht den Internet Explorer, da dieser viele Sicherheitslücken enthält. Achte aber darauf, dass er immer up to date bleibt, weil viele Programme diesen zum Anzeigen von Websites benutzen. Alternativ kannst du verwenden:Dazu sind folgende Add-ons empfehlenswert:  uBlock Origin (Chrome) --> Blockiert Werbung. Werbung kann sehr nervig sein, aber auch auf schädliche Links verweisen. uBlock ist effizienter als der Konkurrent AdblockPlus. Ghostery --> Blockiert Tracker und Cookies, welche dich im Internet nachverfolgen können.Du kannst auch  Malwarebytes Anti-Exploit verwenden, um aktuelle Sicherheitslücken zu stopfen.Halte immer deine Plug-ins und Software aktuell, vor allem:
PluginCheck Filehippo App Manager Schritt # 3: Tipps um eine Neuinfektion zu vermeiden Downloade nach Möglichkeit immer direkt von der Herstellerseite oder alternativ von einem sauberen Download-Portal wie FilePony.de. Von Downloadern wie die von Chip, Softonic und Sourceforge raten wir ab: http://anleitung.trojaner-board.de/chip-installer Auch versuchen sich immer mehr Programme durch Installationsroutinen auf den PC "durchzumogeln". Das klappt ganz gut, weil viele Anwender sich diese nicht genau durchlesen und schnell durchklicken. Manchmal steht auch in den Lizenzvereinbarungen, dass ein Programm, was eigentlich als Freeware angepriesen wird, nur genutzt werden kann, wenn man sich bestimmte Toolbars oder andere Programme mitinstallieren lässt. Da hilft es nur aufmerksam zu sein. Ein Tool, welches dich dabei gut unterstützen kann, ist:  Unchecky. Dieses überwacht im Hintergrund Installationsprozesse und hakt automatisch nervige Adwarekomponenten wie Toolbars ab. Falls man etwas übersieht, warnt noch ein Pop-up, bevor man fortfahren kann.Wir raten von jeglichen Optimizern, Cleanern, SpeedUps und Ähnlichem ab, da diese Softwareprodukte meist keinen Performancegewinn bringen. Du kannst jedoch regelmäßig deinen PC mit der windowsinternen Datenträgerbereinigung behandeln. Überprüfe regelmäßig (mind. 1x pro Monat) deinen PC mit  Malwarebytes Anti-Malware und  ESET.Falls du dir unsicher bist, ob ein Download wirklich sauber ist, kannst du immer https://www.virustotal.com/ zurate ziehen. Schritt # 4: Unterstütze uns! Wenn du uns mit einer kleinen Spende unterstützen möchtest, so kannst du dies hier tun: http://www.trojaner-board.de/79994-s...ndenkonto.html  Es reicht aber auch schon ein simples  hier, wenn du mit uns zufrieden warst.  unsere Facebook-Seite!Bitte gib mir bescheid, wenn du das alles gelesen hast und alles klar ist, damit ich dieses Thema aus meinen Abos löschen kann.
__________________ |
|
19.09.2015, 18:26
| #19 |
| | Win 10: Infektion mit Trace.Registry.VirusShield2009!A2 und einigen PUP´s Sieht fertig aus. Malwarebites und Win Defender gleichzeitig? Ist Secunia PSI nicht mehr Programm der Wahl? Würde es gerne loswerden und gegen die beiden empfohlenen Tauschen. Richtige Vorgehensweise? Danke für die empfohlenen Programme. Wenn nichts überraschendes mehr auf meine Fragen oben kommt. Gerne Thema beenden. Hier schon mal schönen Danke. Eindeutige Schritte, schnelle Reaktionen.  LG verrant |
|
19.09.2015, 20:47
| #20 |
| /// Malwareteam | Win 10: Infektion mit Trace.Registry.VirusShield2009!A2 und einigen PUP´s Hi, MBAM hat nur in der Premium-Version einen Echtzeitschutz, ansonsten nur einen Scanner. Wenn du dich dafür entscheidest, kannst dus ruhig neben dem Defender laufen lassen, der allein reicht aber auch vollkommen aus. Secunia hat bei mir nie richtig funktioniert, deshalb empfehl ich FileHippo. Wenn du drauf umsteigen willst einfach Secunia deinstallieren, danach FileHippo drauf. Oder beides gleichzeitig, geht auch. |
|
20.09.2015, 12:01
| #21 |
| | Win 10: Infektion mit Trace.Registry.VirusShield2009!A2 und einigen PUP´s Gruß verrant |
|
| Themen zu Win 10: Infektion mit Trace.Registry.VirusShield2009!A2 und einigen PUP´s |
| administrator, defender, desktop, dnsapi.dll, einstellungen, explorer, failed, flash player, google, google analytics, helper, homepage, install.exe, mozilla, onedrive, pup.optional.opencandy, pup.optional.relevantknowledge, pup.optional.securityutility, realtek, rundll, server, services.exe, software, system, win32/toolbar.babylon.e, windows, windows 10 pro, windowsapps |
Mozilla Firefox
Google Chrome
Flash Player
Java
PDF Reader
Linear-Darstellung
