| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Eset findet "Win32/Bundled.Toolbar.Google.D" und "Win32/OpenCandy.C"Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
18.09.2015, 15:54
| #1 |
 |  Eset findet "Win32/Bundled.Toolbar.Google.D" und "Win32/OpenCandy.C" Hallo Ihr Lieben, ich hatte gestern mal meinen routienemäßigen Check gemacht. Adwcleaner und Malwarebytes hatten nichts gefunden. Dann hatte ich den Eset Online Scanner laufen lassen und promt hatte der 13 Funde. Die wurden dann gelöscht. Code:
ATTFilter ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# EOSSerial=f2650abcdb08914999edfb32f6a4d422
# end=init
# utc_time=2015-09-17 03:28:42
# local_time=2015-09-17 05:28:42 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# osver=6.2.9200 NT
Update Init
Update Download
Update Finalize
Updated modules version: 25814
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# EOSSerial=f2650abcdb08914999edfb32f6a4d422
# end=updated
# utc_time=2015-09-17 04:14:05
# local_time=2015-09-17 06:14:05 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# osver=6.2.9200 NT
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7777
# api_version=3.1.1
# EOSSerial=f2650abcdb08914999edfb32f6a4d422
# engine=25814
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2015-09-17 06:46:13
# local_time=2015-09-17 08:46:13 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1031
# osver=6.2.9200 NT
# compatibility_mode_1='avast! Antivirus'
# compatibility_mode=783 16777213 71 92 719258 35337459 0 0
# compatibility_mode_1=''
# compatibility_mode=5893 16776574 100 94 1915394 5989585 0 0
# scanned=247265
# found=13
# cleaned=13
# scan_time=9128
sh=6F77F2137756740F4E632BDD7FDAE582929CB411 ft=1 fh=cd73fc9df274ad5b vn="Win32/Bundled.Toolbar.Google.D potenziell unsichere Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\Users\Berthold\AppData\Local\Microsoft\Windows\FileHistory\Data\235\C\Users\Berthold\Downloads\ccsetup509.exe"
sh=9AA5E59F80A95BDFC48FBB4DC9F4B7212749E67D ft=1 fh=2fe225811afcde6b vn="Win32/Bundled.Toolbar.Google.D potenziell unsichere Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\Users\Berthold\Downloads\ccsetup416.exe"
sh=1DE5D70A411EBBF4441FD569E7427CC28A4D6B13 ft=1 fh=b572351b8a033ea9 vn="Win32/Bundled.Toolbar.Google.D potenziell unsichere Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\Users\Berthold\Downloads\ccsetup417.exe"
sh=DFDA3BEB6A8E9899118BBDE16E4DE6878E323A90 ft=1 fh=dc19b4d7d4992970 vn="Win32/Bundled.Toolbar.Google.D potenziell unsichere Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\Users\Berthold\Downloads\ccsetup419.exe"
sh=B6B12E4F8E59C61EC67A5E17DEDA7EA5B2FEF364 ft=1 fh=65d7fe9609cd6c74 vn="Win32/Bundled.Toolbar.Google.D potenziell unsichere Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\Users\Berthold\Downloads\ccsetup500.exe"
sh=205EA3A873C765FF2E0F78FB1834D6EB44C21BF3 ft=1 fh=a409751ddc77dac3 vn="Win32/Bundled.Toolbar.Google.D potenziell unsichere Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\Users\Berthold\Downloads\ccsetup501.exe"
sh=976D24D060C8F9B655B5EC01472194B9DA6C190C ft=1 fh=1966d8d77ea974eb vn="Win32/Bundled.Toolbar.Google.D potenziell unsichere Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\Users\Berthold\Downloads\ccsetup503.exe"
sh=95515E5CD54F8D3B375FAFB34E53C0C1D2E7C344 ft=1 fh=00a7bfbc17a0357b vn="Win32/Bundled.Toolbar.Google.D potenziell unsichere Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\Users\Berthold\Downloads\ccsetup504.exe"
sh=3032CB5B0066ACB77259EC89E9ECAFDB21C06BE6 ft=1 fh=4cc4f419610b1b22 vn="Win32/Bundled.Toolbar.Google.D potenziell unsichere Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\Users\Berthold\Downloads\ccsetup505.exe"
sh=BCA0BBDC1ECA7D7049B11DFDF06A731B0DEB0330 ft=1 fh=5d043d2b7dcbb6c6 vn="Win32/Bundled.Toolbar.Google.D potenziell unsichere Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\Users\Berthold\Downloads\ccsetup507.exe"
sh=AA7AFFCBDAF13C3872F32EACCF3BEFB92FD0FA80 ft=1 fh=02ff89afc7fa57e5 vn="Win32/Bundled.Toolbar.Google.D potenziell unsichere Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\Users\Berthold\Downloads\ccsetup508.exe"
sh=6F77F2137756740F4E632BDD7FDAE582929CB411 ft=1 fh=cd73fc9df274ad5b vn="Win32/Bundled.Toolbar.Google.D potenziell unsichere Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\Users\Berthold\Downloads\ccsetup509.exe"
sh=EAB5485783DD8309AA3D4661D02F46B43E0838CD ft=1 fh=25560527ecdc8769 vn="Variante von Win32/OpenCandy.C potenziell unsichere Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\Users\Berthold\Downloads\FreeAudio1215Converter.exe"
Nachdem Avast die Funde in Quarantäne verbannt hat, hatte ich nochmal Adwcleaner laufen lassen. Siehe da, Funde: Code:
ATTFilter # AdwCleaner v5.007 - Bericht erstellt am 18/09/2015 um 06:59:18
# Aktualisiert am 08/09/2015 von Xplode
# Datenbank : 2015-09-17.3 [Server]
# Betriebssystem : Windows 10 Home (x64)
# Benutzername : Berthold - BERTHIPC2
# Gestartet von : C:\Users\Berthold\Downloads\AdwCleaner_5.007.exe
# Option : Suchlauf
# Unterstützung : hxxp://toolslib.net/forum
***** [ Dienste ] *****
***** [ Ordner ] *****
Ordner Gefunden : C:\Program Files (x86)\browsing secure
***** [ Dateien ] *****
***** [ Verknüpfungen ] *****
***** [ Geplante Tasks ] *****
Task Gefunden : Browsing Secure Updater
***** [ Registrierungsdatenbank ] *****
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\BrowsingSecure
***** [ Internetbrowser ] *****
[C:\Users\Berthold\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Extension] Gefunden : npdicihegicnhaangkdmcgbjceoemeoo
########## EOF - C:\AdwCleaner\AdwCleaner[S10].txt - [934 Bytes] ##########
Könnte jemand bitte mal prüfen, ob nun alles sauber ist. Das wäre total lieb. Bitte nicht böse sein, wenn ich jetzt noch keine weiteren Logs, laut eurer Anleitung schicke. Ich mache das, wenn jemand geantwortet hat. Das letzte Mal hatte ich mir dadurch selbst geantwortet und bin "übersehen" worden.
__________________ L.G. Nachtmann |
|
18.09.2015, 16:38
| #2 |
| /// the machine /// TB-Ausbilder    | Eset findet "Win32/Bundled.Toolbar.Google.D" und "Win32/OpenCandy.C" hi,
__________________Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop:  FRST 32-Bit | FRST 64-Bit(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
__________________ |
|
18.09.2015, 16:58
| #3 |
| | Eset findet "Win32/Bundled.Toolbar.Google.D" und "Win32/OpenCandy.C" Hi Schrauber,
__________________schön, dass du dich um mich kümmerst. Hier die Log's. Geht nur etappenweise. Code:
ATTFilter Untersuchungsergebnis von Farbar Recovery Scan Tool (FRST) (x64) Version:15-09-2015
durchgeführt von Berthold (Administrator) auf BERTHIPC2 (18-09-2015 17:02:38)
Gestartet von C:\Users\Berthold\Desktop
Geladene Profile: Berthold (Verfügbare Profile: Berthold)
Platform: Windows 10 Home (X64) Sprache: Deutsch (Deutschland)
Internet Explorer Version 11 (Standard-Browser: FF)
Start-Modus: Normal
Anleitung für Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Prozesse (Nicht auf der Ausnahmeliste) =================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Prozess geschlossen. Die Datei wird nicht verschoben.)
(Softex Inc.) C:\Program Files\Hewlett-Packard\SimplePass\OmniServ.exe
() C:\Program Files\Hewlett-Packard\SimplePass\cachesrvr.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Hewlett-Packard Company) C:\Windows\System32\hpservice.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\HP\HP System Event\HPWMISVC.exe
( ) C:\Windows\System32\lxdecoms.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae-svc.exe
(Secunia) C:\Program Files (x86)\Secunia\PSI\psia.exe
(DEVGURU Co., LTD.) C:\Program Files (x86)\Samsung\USB Drivers\25_escape\conn\ss_conn_service.exe
(PacketVideo) C:\Program Files (x86)\Twonky\TwonkyServer\twonkystarter.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae64.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersServer.exe
() C:\Program Files\Hewlett-Packard\SimplePass\opvapp.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\YouCam\YouCamService.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBroker.exe
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBrokerDsktop.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(AppEx Networks Corporation) C:\Program Files\AMD Quick Stream\AMDQuickStream.exe
(Secunia) C:\Program Files (x86)\Secunia\PSI\psi_tray.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP 3D DriveGuard\AccelerometerSt.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\MOM.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\CCC.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
() C:\Program Files\WindowsApps\Microsoft.Windows.Photos_15.827.16340.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
(Microsoft Corporation) C:\Windows\System32\Speech_OneCore\Common\SpeechRuntime.exe
() C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1509.14010.0_x64__8wekyb3d8bbwe\Calculator.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
==================== Registry (Nicht auf der Ausnahmeliste) ===========================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt. Die Datei wird nicht verschoben.)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [8505088 2015-08-05] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1402624 2015-08-05] (Realtek Semiconductor)
HKLM\...\Run: [SimplePass] => C:\Program Files\Hewlett-Packard\SimplePass\HPSmplPass.exe [2758200 2013-10-14] (Hewlett-Packard)
HKLM\...\Run: [OPBHOBroker] => C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBroker.exe [155704 2013-10-14] (Hewlett-Packard)
HKLM\...\Run: [OPBHOBrokerDesktop] => C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBrokerDsktop.exe [155704 2013-10-14] (Hewlett-Packard)
HKLM\...\Run: [lxdemon.exe] => C:\Program Files (x86)\Lexmark 4800 Series\lxdemon.exe [455600 2007-06-11] ()
HKLM\...\Run: [lxdeamon] => C:\Program Files (x86)\Lexmark 4800 Series\lxdeamon.exe [20480 2007-06-01] ()
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2771184 2013-07-26] (Synaptics Incorporated)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [6111824 2015-08-26] (AVAST Software)
HKLM-x32\...\Run: [KiesTrayAgent] => C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe [311616 2015-07-27] (Samsung Electronics Co., Ltd.)
HKLM-x32\...\Run: [FaxCenterServer] => C:\Program Files (x86)\Lexmark Fax Solutions\fm3032.exe [316336 2007-06-11] ()
HKLM-x32\...\Run: [HPMessageService] => C:\Program Files (x86)\HP\HP System Event\HPMSGSVC.exe [653576 2015-06-29] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [AccelerometerSysTrayApplet] => C:\Program Files (x86)\Hewlett-Packard\HP 3D DriveGuard\AccelerometerST.exe [127528 2015-07-08] (Hewlett-Packard Company)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\amd64\CLIStart.exe [767176 2015-07-27] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [Raptr] => C:\Program Files (x86)\Raptr\raptrstub.exe [56080 2015-07-27] (Raptr, Inc)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [597552 2015-08-04] (Oracle Corporation)
HKLM-x32\...\Run: [Malwarebytes Anti-Exploit] => C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.exe [2620728 2015-07-22] (Malwarebytes Corporation)
HKU\S-1-5-21-3686684737-2695999886-1653246583-1002\...\Run: [KiesPreload] => C:\Program Files (x86)\Samsung\Kies\Kies.exe [1566016 2015-07-27] (Samsung)
HKU\S-1-5-21-3686684737-2695999886-1653246583-1002\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8455960 2015-08-20] (Piriform Ltd)
HKU\S-1-5-21-3686684737-2695999886-1653246583-1002\...\Run: [WinPatrol] => C:\Program Files (x86)\Ruiware\WinPatrol\winpatrol.exe [1160536 2015-02-23] (Ruiware LLC)
HKU\S-1-5-21-3686684737-2695999886-1653246583-1002\...\Run: [Web Companion] => C:\Program Files (x86)\Lavasoft\Web Companion\Application\WebCompanion.exe --minimize
HKU\S-1-5-21-3686684737-2695999886-1653246583-1002\...\Run: [AppEx Accelerator UI] => C:\Program Files\AMD Quick Stream\AMDQuickStream.exe [488640 2015-04-06] (AppEx Networks Corporation)
HKU\S-1-5-21-3686684737-2695999886-1653246583-1002\...\Run: [GoogleChromeAutoLaunch_7AE7B307EC33E1AD1AC0F79361FE2428] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [815944 2015-09-12] (Google Inc.)
HKU\S-1-5-21-3686684737-2695999886-1653246583-1002\...\Run: [Google Update] => C:\Users\Berthold\AppData\Local\Google\Update\GoogleUpdate.exe [107848 2015-05-16] (Google Inc.)
HKU\S-1-5-21-3686684737-2695999886-1653246583-1002\...\RunOnce: [Uninstall C:\Users\Berthold\AppData\Local\Microsoft\OneDrive\17.3.5892.0626\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Berthold\AppData\Local\Microsoft\OneDrive\17.3.5892.0626\amd64"
ShellIconOverlayIdentifiers: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Berthold\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll [2015-06-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Berthold\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll [2015-06-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Berthold\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll [2015-06-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Berthold\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll [2015-06-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Berthold\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll [2015-06-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Berthold\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll [2015-06-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Berthold\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll [2015-06-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Berthold\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll [2015-06-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2015-08-09] (AVAST Software)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Secunia PSI Tray.lnk [2014-08-05]
ShortcutTarget: Secunia PSI Tray.lnk -> C:\Program Files (x86)\Secunia\PSI\psi_tray.exe (Secunia)
Startup: C:\Users\Berthold\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2015-03-19]
ShortcutTarget: Dropbox.lnk -> C:\Users\Berthold\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
GroupPolicy: Beschränkung - Chrome <======= ACHTUNG
==================== Internet (Nicht auf der Ausnahmeliste) ====================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Eintrag entfernt oder auf den Standardwert zurückgesetzt, wenn es sich um einen Registryeintrag handelt.)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
Tcpip\..\Interfaces\{bc0b068d-7b7a-4b67-95d6-40dac9f7e7bf}: [DhcpNameServer] 192.168.178.1
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.uk.msn.com/HPNOT14/4
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPNOT14/4
HKU\S-1-5-21-3686684737-2695999886-1653246583-1002\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://de.yahoo.com/?fr=yset_ie_syc_oracle&type=orcl_hpset
HKU\S-1-5-21-3686684737-2695999886-1653246583-1002\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPNOT14/4
SearchScopes: HKLM -> {9E8E555C-A695-4439-8B1F-AD190B1F0DAD} URL = hxxp://www.amazon.de/s/ref=azs_osd_ieade?ie=UTF-8&tag=hp-de2-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/707-154345-12128-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
SearchScopes: HKLM-x32 -> {9E8E555C-A695-4439-8B1F-AD190B1F0DAD} URL = hxxp://www.amazon.de/s/ref=azs_osd_ieade?ie=UTF-8&tag=hp-de2-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM-x32 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/707-154345-12128-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-3686684737-2695999886-1653246583-1002 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-3686684737-2695999886-1653246583-1002 -> {2BC23566-67B2-49D2-897F-7E39752193B8} URL = hxxps://de.search.yahoo.com/search?p={searchTerms}&fr=yset_ie_syc_oracle&type=orcl_default
SearchScopes: HKU\S-1-5-21-3686684737-2695999886-1653246583-1002 -> {9E8E555C-A695-4439-8B1F-AD190B1F0DAD} URL = hxxp://www.amazon.de/s/ref=azs_osd_ieade?ie=UTF-8&tag=hp-de2-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKU\S-1-5-21-3686684737-2695999886-1653246583-1002 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/707-154345-12128-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2015-08-09] (AVAST Software)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_60\bin\ssv.dll [2015-08-26] (Oracle Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2015-08-09] (AVAST Software)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_60\bin\jp2ssv.dll [2015-08-26] (Oracle Corporation)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2015-05-06] (Hewlett-Packard)
FireFox:
========
FF ProfilePath: C:\Users\Berthold\AppData\Roaming\Mozilla\Firefox\Profiles\g6le873v.default
FF NewTab: hxxp://www.google.de/
FF SearchEngineOrder.1: SuchMaschine
FF SelectedSearchEngine: Bing
FF Homepage: hxxp://www.google.de/
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_18_0_0_232.dll [2015-08-26] ()
FF Plugin: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll [2014-07-28] (Tracker Software Products (Canada) Ltd.)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin: @tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll [2014-07-28] (Tracker Software Products (Canada) Ltd.)
FF Plugin: @videolan.org/vlc,version=2.1.4 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-16] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-16] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.2.0 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-16] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.2.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-16] (VideoLAN)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_18_0_0_232.dll [2015-08-26] ()
FF Plugin-x32: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll [2014-07-28] (Tracker Software Products (Canada) Ltd.)
FF Plugin-x32: @java.com/DTPlugin,version=11.60.2 -> C:\Program Files (x86)\Java\jre1.8.0_60\bin\dtplugin\npDeployJava1.dll [2015-08-26] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.60.2 -> C:\Program Files (x86)\Java\jre1.8.0_60\bin\plugin2\npjp2.dll [2015-08-26] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll [2010-04-26] (Microsoft Corp.)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-17] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-17] (Google Inc.)
FF Plugin-x32: @tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll [2014-07-28] (Tracker Software Products (Canada) Ltd.)
FF Plugin HKU\S-1-5-21-3686684737-2695999886-1653246583-1002: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll [2014-07-28] (Tracker Software Products (Canada) Ltd.)
FF Plugin HKU\S-1-5-21-3686684737-2695999886-1653246583-1002: @talk.google.com/GoogleTalkPlugin -> C:\Users\Berthold\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll [2015-04-17] (Google)
FF Plugin HKU\S-1-5-21-3686684737-2695999886-1653246583-1002: @talk.google.com/O1DPlugin -> C:\Users\Berthold\AppData\Roaming\Mozilla\plugins\npo1d.dll [2015-04-17] (Google)
FF Plugin HKU\S-1-5-21-3686684737-2695999886-1653246583-1002: @tools.google.com/Google Update;version=3 -> C:\Users\Berthold\AppData\Local\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-17] (Google Inc.)
FF Plugin HKU\S-1-5-21-3686684737-2695999886-1653246583-1002: @tools.google.com/Google Update;version=9 -> C:\Users\Berthold\AppData\Local\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-17] (Google Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npPDFXCviewNPPlugin.dll [2014-07-28] (Tracker Software Products (Canada) Ltd.)
FF Plugin ProgramFiles/Appdata: C:\Users\Berthold\AppData\Roaming\mozilla\plugins\npgoogletalk.dll [2015-04-17] (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\Berthold\AppData\Roaming\mozilla\plugins\npo1d.dll [2015-04-17] (Google)
FF Extension: WOT - C:\Users\Berthold\AppData\Roaming\Mozilla\Firefox\Profiles\g6le873v.default\Extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} [2015-07-09]
FF Extension: Bing-Google - C:\Users\Berthold\AppData\Roaming\Mozilla\Firefox\Profiles\g6le873v.default\Extensions\@Bing-Google.xpi [2015-08-08]
FF Extension: Ghostery - C:\Users\Berthold\AppData\Roaming\Mozilla\Firefox\Profiles\g6le873v.default\Extensions\firefox@ghostery.com.xpi [2015-08-25]
FF Extension: Facebook Secret Emoticons - C:\Users\Berthold\AppData\Roaming\Mozilla\Firefox\Profiles\g6le873v.default\Extensions\jid0-XZn6pYCdV3ANrfYigxlyyGDrxAM@jetpack.xpi [2015-09-03]
FF Extension: ImTranslator - C:\Users\Berthold\AppData\Roaming\Mozilla\Firefox\Profiles\g6le873v.default\Extensions\{9AA46F4F-4DC7-4c06-97AF-5035170634FE}.xpi [2014-08-05]
FF Extension: Tab Mix Plus - C:\Users\Berthold\AppData\Roaming\Mozilla\Firefox\Profiles\g6le873v.default\Extensions\{dc572301-7619-498c-a57d-39143191b318}.xpi [2014-08-04]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-08-04]
Chrome:
=======
CHR StartupUrls: Default -> "hxxp://www.google.de/"
CHR Profile: C:\Users\Berthold\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\Berthold\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-08-05]
CHR Extension: (Google Drive) - C:\Users\Berthold\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-08-05]
CHR Extension: (WOT: Web of Trust, Website Reputation Ratings) - C:\Users\Berthold\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhmmomiinigofkjcapegjjndpbikblnp [2014-08-05]
CHR Extension: (YouTube) - C:\Users\Berthold\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-08-05]
CHR Extension: (Adblock Plus) - C:\Users\Berthold\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2014-08-05]
CHR Extension: (Google-Suche) - C:\Users\Berthold\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-08-05]
CHR Extension: (Google Text & Tabellen Offline) - C:\Users\Berthold\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-09-04]
CHR Extension: (Avast Online Security) - C:\Users\Berthold\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2014-08-05]
CHR Extension: (Downloads) - C:\Users\Berthold\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfchnphgogjhineanplmfkofljiagjfb [2014-08-05]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Berthold\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-04-17]
CHR Extension: (Chrome Web Store-Zahlungen) - C:\Users\Berthold\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-08-05]
CHR Extension: (Google Mail) - C:\Users\Berthold\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-08-05]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-04-11]
==================== Dienste (Nicht auf der Ausnahmeliste) ========================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [146600 2015-08-09] (AVAST Software)
R2 Cachedrv server; C:\Program Files\Hewlett-Packard\SimplePass\cachesrvr.exe [109568 2013-10-14] () [Datei ist nicht signiert]
S3 ehRecvr; C:\Windows\ehome\ehRecvr.exe [713728 2015-09-02] (Microsoft Corporation) [Datei ist nicht signiert]
S3 ehSched; C:\Windows\ehome\ehsched.exe [177152 2015-09-02] (Microsoft Corporation) [Datei ist nicht signiert]
R2 HPSupportSolutionsFrameworkService; c:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [24888 2015-07-26] (Hewlett-Packard Company)
R2 HPWMISVC; c:\Program Files (x86)\HP\HP System Event\HPWMISVC.exe [602888 2015-06-29] (Hewlett-Packard Development Company, L.P.)
S2 lxdeCATSCustConnectService; C:\Windows\system32\spool\DRIVERS\x64\3\\lxdeserv.exe [33712 2007-05-29] (Lexmark International, Inc.)
R2 lxde_device; C:\Windows\system32\lxdecoms.exe [1053104 2007-05-29] ( )
R2 lxde_device; C:\Windows\SysWOW64\lxdecoms.exe [598960 2007-05-29] ( )
R2 MbaeSvc; C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae-svc.exe [713016 2015-07-22] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [1133880 2015-06-18] (Malwarebytes Corporation)
S4 Mcx2Svc; C:\Windows\system32\Mcx2Svc.dll [83968 2015-09-05] (Microsoft Corporation) [Datei ist nicht signiert]
R2 omniserv; C:\Program Files\Hewlett-Packard\SimplePass\OmniServ.exe [87552 2013-10-14] (Softex Inc.) [Datei ist nicht signiert]
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [303360 2015-08-05] (Realtek Semiconductor)
R2 Secunia PSI Agent; C:\Program Files (x86)\Secunia\PSI\PSIA.exe [1229528 2013-12-06] (Secunia)
S2 Secunia Update Agent; C:\Program Files (x86)\Secunia\PSI\sua.exe [662232 2013-12-06] (Secunia)
R2 ss_conn_service; C:\Program Files (x86)\Samsung\USB Drivers\25_escape\conn\ss_conn_service.exe [743688 2015-05-21] (DEVGURU Co., LTD.)
R2 TwonkyServer; C:\Program Files (x86)\Twonky\TwonkyServer\twonkystarter.exe [629624 2014-05-12] (PacketVideo) [Datei ist nicht signiert]
S3 w3logsvc; C:\Windows\system32\inetsrv\w3logsvc.dll [84480 2015-08-03] (Microsoft Corporation)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [362928 2015-07-10] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2015-07-10] (Microsoft Corporation)
S2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe /launchService [X]
===================== Treiber (Nicht auf der Ausnahmeliste) ==========================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
S0 amdkmafd; C:\Windows\System32\drivers\amdkmafd.sys [31992 2015-06-03] (Advanced Micro Devices, Inc.)
R2 APXACC; C:\Windows\system32\DRIVERS\appexDrv.sys [229056 2015-04-03] (AppEx Networks Corporation)
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [28656 2015-08-09] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [90968 2015-08-09] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93528 2015-08-09] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65224 2015-08-09] (AVAST Software)
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1048344 2015-08-14] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [447944 2015-08-09] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [150672 2015-08-09] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [274808 2015-08-09] (AVAST Software)
R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdWT6.sys [102912 2015-07-22] (Advanced Micro Devices)
R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [91912 2013-11-12] (CyberLink)
R1 ESProtectionDriver; C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae64.sys [63064 2015-07-22] ()
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25816 2015-06-18] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [64216 2015-06-18] (Malwarebytes Corporation)
R3 PSI; C:\Windows\System32\DRIVERS\psi_mf_amd64.sys [18456 2013-12-06] (Secunia)
R3 RSP2STOR; C:\Windows\system32\DRIVERS\RtsP2Stor.sys [310528 2015-06-05] (Realtek Semiconductor Corp.)
R3 RTWlanE; C:\Windows\system32\DRIVERS\rtwlane.sys [4629744 2015-09-17] (Realtek Semiconductor Corporation )
S3 SmbDrv; C:\Windows\System32\drivers\Smb_driver_AMDASF.sys [30448 2013-07-26] (Synaptics Incorporated)
S3 SmbDrvI; C:\Windows\System32\drivers\Smb_driver_Intel.sys [34544 2013-07-26] (Synaptics Incorporated)
S3 UdeCx; C:\Windows\System32\drivers\udecx.sys [44032 2015-07-10] ()
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44568 2015-07-10] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [291680 2015-07-10] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [119648 2015-07-10] (Microsoft Corporation)
S3 WirelessButtonDriver; C:\Windows\System32\drivers\WirelessButtonDriver64.sys [30384 2015-06-23] (HP Inc.)
R3 WirelessButtonDriver64; C:\Windows\System32\drivers\WirelessButtonDriver64.sys [30384 2015-06-23] (HP Inc.)
S2 AODDriver4.2; \??\C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [X]
S3 wfpcapture; \SystemRoot\System32\drivers\wfpcapture.sys [X]
==================== NetSvcs (Nicht auf der Ausnahmeliste) ===================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
==================== Ein Monat: Erstellte Dateien und Ordner ========
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)
2015-09-18 17:02 - 2015-09-18 17:03 - 00027730 _____ C:\Users\Berthold\Desktop\FRST.txt
2015-09-18 17:02 - 2015-09-18 17:02 - 00000000 ____D C:\FRST
2015-09-18 17:01 - 2015-09-18 17:02 - 02191360 _____ (Farbar) C:\Users\Berthold\Desktop\FRST64.exe
2015-09-18 17:00 - 2015-09-18 17:00 - 00000478 _____ C:\Users\Berthold\Desktop\defogger_disable.log
2015-09-18 17:00 - 2015-09-18 17:00 - 00000000 _____ C:\Users\Berthold\defogger_reenable
2015-09-18 16:59 - 2015-09-18 17:00 - 00050477 _____ C:\Users\Berthold\Desktop\Defogger.exe
2015-09-18 16:28 - 2015-09-18 16:28 - 00016148 _____ C:\WINDOWS\system32\BERTHIPC2_Berthold_HistoryPrediction.bin
2015-09-18 07:12 - 2015-09-18 07:12 - 00001013 _____ C:\Users\Berthold\Desktop\AdwCleaner[S10].txt
2015-09-18 06:58 - 2015-09-18 06:59 - 01660416 _____ C:\Users\Berthold\Downloads\AdwCleaner_5.007.exe
2015-09-17 23:40 - 2015-09-17 23:40 - 898088453 _____ C:\WINDOWS\MEMORY.DMP
2015-09-17 23:40 - 2015-09-17 23:40 - 00280968 _____ C:\WINDOWS\Minidump\091715-27546-01.dmp
2015-09-17 17:28 - 2015-09-17 17:28 - 00000000 ____D C:\Program Files (x86)\ESET
2015-09-17 14:22 - 2015-09-17 14:22 - 00000000 ____D C:\WINDOWS\LastGood.Tmp
2015-09-15 15:46 - 2015-09-15 15:46 - 00000000 _____ C:\WINDOWS\setuperr.log
2015-09-15 15:46 - 2015-09-15 15:46 - 00000000 _____ C:\WINDOWS\setupact.log
2015-09-14 14:44 - 2015-09-14 14:44 - 00001682 _____ C:\Users\Berthold\Desktop\Media Center.lnk
2015-09-14 14:20 - 2015-09-18 16:30 - 00000275 _____ C:\WINDOWS\WindowsUpdate.log
2015-09-14 14:19 - 2015-09-14 14:19 - 00000000 ____D C:\Users\Berthold\Downloads\WindowsMediaCenter_10.0.10134.0v2.1_Deutsch
2015-09-14 14:17 - 2015-09-14 14:17 - 56901694 _____ C:\Users\Berthold\Downloads\WindowsMediaCenter_10.0.10134.0v2.1_Deutsch.zip
2015-09-10 15:50 - 2015-09-10 20:19 - 00000000 ____D C:\Users\Berthold\Desktop\Photo Funia
2015-09-09 17:14 - 2015-09-09 17:14 - 227973112 _____ (AMD Inc.) C:\Users\Berthold\Desktop\amd-catalyst-15.7.1-win10-64bit.exe
2015-09-09 17:11 - 2015-09-09 17:14 - 227973112 _____ (AMD Inc.) C:\Users\Berthold\Downloads\amd-catalyst-15.7.1-win10-64bit.exe
2015-09-09 16:46 - 2015-09-09 16:46 - 47795712 _____ (Advanced Micro Devices Inc.) C:\WINDOWS\system32\amdocl64.dll
2015-09-09 16:46 - 2015-09-09 16:46 - 39723544 _____ (Advanced Micro Devices Inc.) C:\WINDOWS\SysWOW64\amdocl.dll
2015-09-09 16:46 - 2015-09-09 16:46 - 30762496 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\system32\atio6axx.dll
2015-09-09 16:46 - 2015-09-09 16:46 - 27546120 _____ (Advanced Micro Devices Inc.) C:\WINDOWS\system32\amdocl12cl64.dll
2015-09-09 16:46 - 2015-09-09 16:46 - 25310216 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\SysWOW64\atioglxx.dll
2015-09-09 16:46 - 2015-09-09 16:46 - 22327320 _____ (Advanced Micro Devices Inc.) C:\WINDOWS\SysWOW64\amdocl12cl.dll
2015-09-09 16:46 - 2015-09-09 16:46 - 15725592 _____ (Advanced Micro Devices Inc.) C:\WINDOWS\system32\aticaldd64.dll
2015-09-09 16:46 - 2015-09-09 16:46 - 14310928 _____ (Advanced Micro Devices Inc.) C:\WINDOWS\SysWOW64\aticaldd.dll
2015-09-09 16:46 - 2015-09-09 16:46 - 09191344 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\amdxc64.dll
2015-09-09 16:46 - 2015-09-09 16:46 - 07575696 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\amdxc32.dll
2015-09-09 16:46 - 2015-09-09 16:46 - 06487560 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\amdmantle64.dll
2015-09-09 16:46 - 2015-09-09 16:46 - 05077016 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\amdmantle32.dll
2015-09-09 16:46 - 2015-09-09 16:46 - 03471376 _____ C:\WINDOWS\SysWOW64\atiumdva.cap
2015-09-09 16:46 - 2015-09-09 16:46 - 03437632 _____ C:\WINDOWS\system32\atiumd6a.cap
2015-09-09 16:46 - 2015-09-09 16:46 - 01196072 _____ C:\WINDOWS\system32\amdocl_as64.exe
2015-09-09 16:46 - 2015-09-09 16:46 - 01072152 _____ C:\WINDOWS\system32\amdocl_ld64.exe
2015-09-09 16:46 - 2015-09-09 16:46 - 01005584 _____ C:\WINDOWS\SysWOW64\amdocl_as32.exe
2015-09-09 16:46 - 2015-09-09 16:46 - 00936960 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\SysWOW64\atiadlxy.dll
2015-09-09 16:46 - 2015-09-09 16:46 - 00936960 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\SysWOW64\atiadlxx.dll
2015-09-09 16:46 - 2015-09-09 16:46 - 00833798 _____ C:\WINDOWS\system32\amdicdxx.dat
2015-09-09 16:46 - 2015-09-09 16:46 - 00807464 _____ C:\WINDOWS\SysWOW64\amdocl_ld32.exe
2015-09-09 16:46 - 2015-09-09 16:46 - 00660912 _____ C:\WINDOWS\SysWOW64\atiapfxx.blb
2015-09-09 16:46 - 2015-09-09 16:46 - 00660912 _____ C:\WINDOWS\system32\atiapfxx.blb
2015-09-09 16:46 - 2015-09-09 16:46 - 00472872 _____ C:\WINDOWS\system32\amdmiracast.dll
2015-09-09 16:46 - 2015-09-09 16:46 - 00377352 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\system32\atiapfxx.exe
2015-09-09 16:46 - 2015-09-09 16:46 - 00343048 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\system32\ATIODE.exe
2015-09-09 16:46 - 2015-09-09 16:46 - 00307936 _____ (Advanced Micro Devices) C:\WINDOWS\system32\Drivers\amdacpksd.sys
2015-09-09 16:46 - 2015-09-09 16:46 - 00245248 _____ C:\WINDOWS\system32\clinfo.exe
2015-09-09 16:46 - 2015-09-09 16:46 - 00213528 _____ C:\WINDOWS\system32\amdgfxinfo64.dll
2015-09-09 16:46 - 2015-09-09 16:46 - 00201216 _____ (AMD) C:\WINDOWS\system32\atitmm64.dll
2015-09-09 16:46 - 2015-09-09 16:46 - 00198680 _____ C:\WINDOWS\SysWOW64\amdgfxinfo32.dll
2015-09-09 16:46 - 2015-09-09 16:46 - 00170504 _____ C:\WINDOWS\system32\atieah64.exe
2015-09-09 16:46 - 2015-09-09 16:46 - 00169152 _____ C:\WINDOWS\system32\ativce03.dat
2015-09-09 16:46 - 2015-09-09 16:46 - 00167456 _____ C:\WINDOWS\system32\amde31a.dat
2015-09-09 16:46 - 2015-09-09 16:46 - 00165400 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\atig6txx.dll
2015-09-09 16:46 - 2015-09-09 16:46 - 00154120 _____ C:\WINDOWS\SysWOW64\atieah32.exe
2015-09-09 16:46 - 2015-09-09 16:46 - 00153496 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\system32\amdhcp64.dll
2015-09-09 16:46 - 2015-09-09 16:46 - 00152072 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\atigktxx.dll
2015-09-09 16:46 - 2015-09-09 16:46 - 00143384 _____ C:\WINDOWS\system32\amdhdl64.dll
2015-09-09 16:46 - 2015-09-09 16:46 - 00138416 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\SysWOW64\amdhcp32.dll
2015-09-09 16:46 - 2015-09-09 16:46 - 00137728 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\mantle64.dll
2015-09-09 16:46 - 2015-09-09 16:46 - 00132120 _____ C:\WINDOWS\SysWOW64\amdhdl32.dll
2015-09-09 16:46 - 2015-09-09 16:46 - 00123904 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\mantle32.dll
2015-09-09 16:46 - 2015-09-09 16:46 - 00117640 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\amdave64.dll
2015-09-09 16:46 - 2015-09-09 16:46 - 00111640 _____ C:\WINDOWS\system32\hsa-thunk64.dll
2015-09-09 16:46 - 2015-09-09 16:46 - 00111128 _____ C:\WINDOWS\SysWOW64\hsa-thunk.dll
2015-09-09 16:46 - 2015-09-09 16:46 - 00110352 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\amdave32.dll
2015-09-09 16:46 - 2015-09-09 16:46 - 00103432 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\mantleaxl64.dll
2015-09-09 16:46 - 2015-09-09 16:46 - 00100816 _____ C:\WINDOWS\system32\ativce02.dat
2015-09-09 16:46 - 2015-09-09 16:46 - 00097816 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\atisamu64.dll
2015-09-09 16:46 - 2015-09-09 16:46 - 00096768 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\mantleaxl32.dll
2015-09-09 16:46 - 2015-09-09 16:46 - 00091144 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\atisamu32.dll
2015-09-09 16:46 - 2015-09-09 16:46 - 00089560 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\atimpc64.dll
2015-09-09 16:46 - 2015-09-09 16:46 - 00089552 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\amdpcom64.dll
2015-09-09 16:46 - 2015-09-09 16:46 - 00085512 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\atig6pxx.dll
2015-09-09 16:46 - 2015-09-09 16:46 - 00082720 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\atimpc32.dll
2015-09-09 16:46 - 2015-09-09 16:46 - 00082720 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\amdpcom32.dll
2015-09-09 16:46 - 2015-09-09 16:46 - 00079880 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\atiglpxx.dll
2015-09-09 16:46 - 2015-09-09 16:46 - 00079880 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\atiglpxx.dll
2015-09-09 16:46 - 2015-09-09 16:46 - 00075272 _____ (Khronos Group) C:\WINDOWS\system32\OpenCL.dll
2015-09-09 16:46 - 2015-09-09 16:46 - 00071192 _____ (Advanced Micro Devices Inc.) C:\WINDOWS\system32\aticalrt64.dll
2015-09-09 16:46 - 2015-09-09 16:46 - 00068120 _____ (Khronos Group) C:\WINDOWS\SysWOW64\OpenCL.dll
Code:
ATTFilter 2015-09-09 16:46 - 2015-09-09 16:46 - 00064536 _____ (Advanced Micro Devices Inc.) C:\WINDOWS\system32\aticalcl64.dll
2015-09-09 16:46 - 2015-09-09 16:46 - 00060944 _____ (Advanced Micro Devices Inc.) C:\WINDOWS\SysWOW64\aticalrt.dll
2015-09-09 16:46 - 2015-09-09 16:46 - 00060928 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\amdmmcl6.dll
2015-09-09 16:46 - 2015-09-09 16:46 - 00059920 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\system32\ATIODCLI.exe
2015-09-09 16:46 - 2015-09-09 16:46 - 00057872 _____ (Advanced Micro Devices Inc.) C:\WINDOWS\SysWOW64\aticalcl.dll
2015-09-09 16:46 - 2015-09-09 16:46 - 00052248 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\system32\Drivers\ati2erec.dll
2015-09-09 16:46 - 2015-09-09 16:46 - 00048152 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\amdmmcl.dll
2015-09-09 16:46 - 2015-09-09 16:46 - 00038424 _____ (AMD) C:\WINDOWS\system32\atimuixx.dll
2015-09-09 16:46 - 2015-09-09 16:46 - 00012824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\detoured.dll
2015-09-09 16:46 - 2015-09-09 16:46 - 00012824 _____ (Microsoft Corporation) C:\WINDOWS\system32\detoured.dll
2015-09-09 12:41 - 2015-09-02 03:20 - 00077400 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2015-09-09 12:41 - 2015-09-02 02:25 - 03586560 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2015-09-09 12:41 - 2015-09-02 02:25 - 01382912 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2015-09-09 12:41 - 2015-08-27 08:36 - 03620736 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2015-09-09 12:41 - 2015-08-27 08:32 - 00608936 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontdrvhost.exe
2015-09-09 12:41 - 2015-08-27 08:04 - 21874688 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2015-09-09 12:41 - 2015-08-27 07:59 - 02880032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2015-09-09 12:41 - 2015-08-27 07:55 - 24594944 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2015-09-09 12:41 - 2015-08-27 07:54 - 00541248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontdrvhost.exe
2015-09-09 12:41 - 2015-08-27 07:54 - 00365568 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\atmfd.dll
2015-09-09 12:41 - 2015-08-27 07:51 - 02350592 _____ (Microsoft Corporation) C:\WINDOWS\system32\authui.dll
2015-09-09 12:41 - 2015-08-27 07:51 - 01774592 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Immersive.dll
2015-09-09 12:41 - 2015-08-27 07:49 - 01008640 _____ (Microsoft Corporation) C:\WINDOWS\system32\schedsvc.dll
2015-09-09 12:41 - 2015-08-27 07:47 - 12503552 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2015-09-09 12:41 - 2015-08-27 07:43 - 00826880 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2015-09-09 12:41 - 2015-08-27 07:43 - 00576000 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2015-09-09 12:41 - 2015-08-27 07:42 - 00596480 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSync.dll
2015-09-09 12:41 - 2015-08-27 07:42 - 00578560 _____ (Microsoft Corporation) C:\WINDOWS\system32\winlogon.exe
2015-09-09 12:41 - 2015-08-27 07:42 - 00187904 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.PicturePassword.dll
2015-09-09 12:41 - 2015-08-27 07:42 - 00184320 _____ (Microsoft Corporation) C:\WINDOWS\system32\shacct.dll
2015-09-09 12:41 - 2015-08-27 07:39 - 00045568 _____ (Adobe Systems) C:\WINDOWS\system32\atmlib.dll
2015-09-09 12:41 - 2015-08-27 07:23 - 19324416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2015-09-09 12:41 - 2015-08-27 07:23 - 00303104 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\atmfd.dll
2015-09-09 12:41 - 2015-08-27 07:16 - 18806272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2015-09-09 12:41 - 2015-08-27 07:16 - 02153472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\authui.dll
2015-09-09 12:41 - 2015-08-27 07:16 - 01612288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Immersive.dll
2015-09-09 12:41 - 2015-08-27 07:12 - 00650752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2015-09-09 12:41 - 2015-08-27 07:12 - 00504320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2015-09-09 12:41 - 2015-08-27 07:11 - 00484352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSync.dll
2015-09-09 12:41 - 2015-08-27 07:11 - 00139776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shacct.dll
2015-09-09 12:41 - 2015-08-27 07:09 - 11262464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2015-09-09 12:41 - 2015-08-27 07:08 - 00037376 _____ (Adobe Systems) C:\WINDOWS\SysWOW64\atmlib.dll
2015-09-09 06:55 - 2015-09-09 06:56 - 01046528 _____ C:\Users\Berthold\Downloads\MicrosoftFixit50848.msi
2015-09-05 18:30 - 2015-09-14 14:33 - 00000000 ___RD C:\Users\Public\Recorded TV
2015-09-05 18:30 - 2015-09-05 18:30 - 00000000 ____D C:\Users\Default
2015-09-05 18:30 - 2015-09-05 18:26 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories
2015-09-05 18:30 - 2015-09-05 11:15 - 00000000 ____D C:\WINDOWS\system32\spp
2015-09-05 18:26 - 2015-09-05 11:08 - 00129024 _____ (Microsoft Corporation) C:\WINDOWS\system32\iTVData.dll
2015-09-05 18:26 - 2015-09-05 11:08 - 00105472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iTVData.dll
2015-09-05 18:26 - 2015-09-05 11:08 - 00083968 _____ (Microsoft Corporation) C:\WINDOWS\system32\Mcx2Svc.dll
2015-09-05 18:26 - 2015-09-05 11:07 - 01533120 _____ (Microsoft Corporation) C:\WINDOWS\system32\mcmde.dll
2015-09-05 18:26 - 2015-09-05 11:07 - 00524288 _____ (Microsoft Corporation) C:\WINDOWS\system32\mspbda.dll
2015-09-05 18:26 - 2015-09-05 11:07 - 00056320 _____ (Microsoft Corporation) C:\WINDOWS\system32\MsPbdaCoInst.dll
2015-09-05 18:25 - 2015-09-05 11:07 - 00103936 _____ (Microsoft Corporation) C:\WINDOWS\system32\mcsrchPH.dll
2015-09-05 18:25 - 2015-09-05 11:07 - 00010240 _____ (Microsoft Corporation) C:\WINDOWS\system32\sysprepMCE.dll
2015-09-05 14:51 - 2015-09-05 14:52 - 68847040 _____ (chengdu Everimaging.Inc) C:\Users\Berthold\Downloads\Fotor_v2.0.3_Setup.exe
2015-08-31 16:58 - 2015-09-04 17:09 - 00000000 ____D C:\Users\Berthold\Documents\Facebook Sicherungen
2015-08-29 12:04 - 2015-08-29 12:04 - 00000271 _____ C:\Users\Berthold\Desktop\Facebook.url
2015-08-28 14:32 - 2015-08-28 21:17 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2015-08-28 14:20 - 2015-08-20 08:07 - 08019296 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2015-08-28 14:20 - 2015-08-20 08:06 - 00609592 _____ (Microsoft Corporation) C:\WINDOWS\system32\ci.dll
2015-08-28 14:20 - 2015-08-20 08:02 - 22324656 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2015-08-28 14:20 - 2015-08-20 07:26 - 00168960 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallAgent.exe
2015-08-28 14:20 - 2015-08-20 07:21 - 00193024 _____ (Microsoft Corporation) C:\WINDOWS\system32\EnterpriseModernAppMgmtCSP.dll
2015-08-28 14:20 - 2015-08-20 07:16 - 20857848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2015-08-28 14:20 - 2015-08-20 07:13 - 02235904 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2015-08-28 14:20 - 2015-08-18 09:56 - 02498808 _____ C:\WINDOWS\system32\CoreUIComponents.dll
2015-08-28 14:20 - 2015-08-18 09:55 - 00373072 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBXHCI.SYS
2015-08-28 14:20 - 2015-08-18 09:54 - 01396064 _____ (Microsoft Corporation) C:\WINDOWS\system32\LicenseManager.dll
2015-08-28 14:20 - 2015-08-18 09:27 - 01771592 _____ C:\WINDOWS\SysWOW64\CoreUIComponents.dll
2015-08-28 14:20 - 2015-08-18 09:24 - 00963920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LicenseManager.dll
2015-08-28 14:20 - 2015-08-18 09:13 - 00497664 _____ (Microsoft Corporation) C:\WINDOWS\system32\WlanMediaManager.dll
2015-08-28 14:20 - 2015-08-18 09:13 - 00387584 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupShim.dll
2015-08-28 14:20 - 2015-08-18 09:12 - 02225664 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetworkMobileSettings.dll
2015-08-28 14:20 - 2015-08-18 09:07 - 02226688 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlansvc.dll
2015-08-28 14:20 - 2015-08-18 09:04 - 01234944 _____ (Microsoft Corporation) C:\WINDOWS\system32\aitstatic.exe
2015-08-28 14:20 - 2015-08-18 09:04 - 00859136 _____ (Microsoft Corporation) C:\WINDOWS\system32\modernexecserver.dll
2015-08-28 14:20 - 2015-08-18 08:59 - 01294336 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcnwiz.dll
2015-08-28 14:20 - 2015-08-18 08:59 - 00140288 _____ (Microsoft Corporation) C:\WINDOWS\system32\WcnApi.dll
2015-08-28 14:20 - 2015-08-18 08:58 - 00187392 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupSvc.dll
2015-08-28 14:20 - 2015-08-18 08:58 - 00117760 _____ (Microsoft Corporation) C:\WINDOWS\system32\dafWCN.dll
2015-08-28 14:20 - 2015-08-18 08:58 - 00112640 _____ (Microsoft Corporation) C:\WINDOWS\system32\fdWCN.dll
2015-08-28 14:20 - 2015-08-18 08:58 - 00050176 _____ (Microsoft Corporation) C:\WINDOWS\system32\WcnNetsh.dll
2015-08-28 14:20 - 2015-08-18 08:57 - 00045568 _____ (Microsoft Corporation) C:\WINDOWS\system32\wfdprov.dll
2015-08-28 14:20 - 2015-08-18 08:56 - 00079872 _____ (Microsoft Corporation) C:\WINDOWS\system32\BthRadioMedia.dll
2015-08-28 14:20 - 2015-08-18 08:55 - 02178560 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2015-08-28 14:20 - 2015-08-18 08:54 - 00322048 _____ (Microsoft Corporation) C:\WINDOWS\system32\vaultsvc.dll
2015-08-28 14:20 - 2015-08-18 08:54 - 00247296 _____ C:\WINDOWS\system32\facecredentialprovider.dll
2015-08-28 14:20 - 2015-08-18 08:52 - 01888768 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll
2015-08-28 14:20 - 2015-08-18 08:50 - 01795072 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.dll
2015-08-28 14:20 - 2015-08-18 08:49 - 01061888 _____ (Microsoft Corporation) C:\WINDOWS\system32\reseteng.dll
2015-08-28 14:20 - 2015-08-18 08:49 - 00274432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupShim.dll
2015-08-28 14:20 - 2015-08-18 08:49 - 00246272 _____ (Microsoft Corporation) C:\WINDOWS\system32\PackageStateRoaming.dll
2015-08-28 14:20 - 2015-08-18 08:36 - 01226752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wcnwiz.dll
2015-08-28 14:20 - 2015-08-18 08:35 - 00100352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WcnApi.dll
2015-08-28 14:20 - 2015-08-18 08:35 - 00095744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fdWCN.dll
2015-08-28 14:20 - 2015-08-18 08:34 - 00037376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wfdprov.dll
2015-08-28 14:20 - 2015-08-18 08:29 - 01593344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmcore.dll
2015-08-28 14:20 - 2015-08-18 08:26 - 00195584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PackageStateRoaming.dll
2015-08-28 14:20 - 2015-08-18 06:44 - 00008847 _____ C:\WINDOWS\system32\ResPriHMImageList
2015-08-27 15:54 - 2015-08-27 15:54 - 00000000 _____ C:\WINDOWS\My Product Name
2015-08-27 15:54 - 2015-08-27 15:54 - 00000000 _____ C:\ProgramData\{C6FA530F-BB98-4D9F-BA00-45FD0698077C}
2015-08-27 15:54 - 2015-08-27 15:54 - 00000000 _____ C:\fb474331291e51eafd833ad2
2015-08-27 15:54 - 2015-08-27 15:54 - 00000000 _____ C:\9f7c0838ba71567d17d13b7719306c39
2015-08-27 15:54 - 2015-08-27 15:54 - 00000000 _____ C:\7cbf2ae7defba5cf754c22f685
2015-08-27 15:54 - 2015-08-27 15:54 - 00000000 _____ C:\60d6eb3c48e8d15bfd
2015-08-27 15:54 - 2015-08-27 15:54 - 00000000 _____ C:\3a727db3fe95fe643aec76
2015-08-27 15:54 - 2015-08-27 15:54 - 00000000 _____ C:\132954e6489889f28aef0a3d
2015-08-26 14:59 - 2015-09-18 07:02 - 00000000 ____D C:\AdwCleaner
2015-08-26 14:59 - 2015-08-26 14:59 - 01605632 _____ C:\Users\Berthold\Downloads\AdwCleaner_5.003.exe
2015-08-26 14:48 - 2015-08-26 14:48 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Exploit
2015-08-26 14:47 - 2015-09-18 06:48 - 00000000 ____D C:\ProgramData\Malwarebytes Anti-Exploit
2015-08-26 14:47 - 2015-08-26 14:47 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Exploit
2015-08-26 14:43 - 2015-08-26 14:43 - 02865192 _____ (Malwarebytes ) C:\Users\Berthold\Downloads\mbae-setup-1.07.1.1015.exe
2015-08-26 14:06 - 2015-08-26 14:06 - 00000000 ____D C:\Users\Berthold\AppData\Roaming\Sun
2015-08-26 14:06 - 2015-08-26 14:06 - 00000000 ____D C:\Users\Berthold\.oracle_jre_usage
2015-08-26 13:26 - 2015-08-26 13:26 - 00003650 _____ C:\WINDOWS\System32\Tasks\CreateExplorerShellUnelevatedTask
2015-08-26 13:25 - 2015-08-26 13:26 - 00002342 _____ C:\DelFix.txt
2015-08-26 13:25 - 2015-08-26 13:25 - 00000000 ____D C:\WINDOWS\ERUNT
2015-08-25 17:40 - 2015-08-25 17:40 - 00000856 _____ C:\Users\Berthold\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\adwcleaner_5.003.lnk
2015-08-24 23:20 - 2015-09-11 18:42 - 00000306 __RSH C:\ProgramData\ntuser.pol
2015-08-23 21:32 - 2015-09-17 23:40 - 00000000 ____D C:\WINDOWS\Minidump
2015-08-23 13:37 - 2015-08-27 17:01 - 00002527 _____ C:\Users\Berthold\Desktop\Erweiterte Startoption.lnk
2015-08-22 13:49 - 2015-08-22 13:49 - 00000000 ____D C:\Users\Berthold\AppData\Local\AppEx Networks
2015-08-22 13:49 - 2015-08-22 13:49 - 00000000 ____D C:\ProgramData\ATI
2015-08-22 13:45 - 2015-08-22 13:45 - 00000000 ____D C:\Users\Berthold\AppData\Roaming\library_dir
2015-08-22 13:45 - 2015-08-22 13:45 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD Gaming Evolved
2015-08-22 13:44 - 2015-08-23 20:52 - 00000000 ____D C:\Users\Berthold\AppData\Roaming\Raptr
2015-08-22 13:44 - 2015-08-22 13:45 - 00000000 ____D C:\Program Files (x86)\Raptr
2015-08-22 13:44 - 2015-08-22 13:44 - 00064363 _____ C:\WINDOWS\SysWOW64\CCCInstall_201508221344016830.log
2015-08-22 13:44 - 2015-08-22 13:44 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD Quick Stream
2015-08-22 13:44 - 2015-08-22 13:44 - 00000000 ____D C:\Program Files\AMD Quick Stream
2015-08-22 13:44 - 2015-04-03 01:14 - 00229056 _____ (AppEx Networks Corporation) C:\WINDOWS\system32\Drivers\appexDrv.sys
2015-08-22 13:43 - 2015-08-22 13:43 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD Catalyst Control Center
2015-08-22 13:39 - 2015-08-22 13:39 - 00000000 ____D C:\Program Files (x86)\AMD
2015-08-22 13:36 - 2015-08-22 13:36 - 00000000 ____D C:\AMD
2015-08-22 13:19 - 2015-08-22 13:21 - 257504624 _____ (AMD Inc.) C:\WINDOWS\SysWOW64\amd-catalyst-15.7.1-win10-64bit.exe
2015-08-22 13:18 - 2015-08-24 22:30 - 00000000 ____D C:\Program Files (x86)\Lavasoft
2015-08-22 13:18 - 2015-08-23 17:47 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lavasoft
2015-08-22 13:18 - 2015-06-08 14:13 - 00428880 _____ (Lavasoft Limited) C:\WINDOWS\system32\LavasoftTcpService64.dll
2015-08-22 13:18 - 2015-06-08 14:13 - 00348488 _____ (Lavasoft Limited) C:\WINDOWS\SysWOW64\LavasoftTcpService.dll
2015-08-20 09:23 - 2015-08-20 09:24 - 41194840 _____ (Amazon.com) C:\Users\Berthold\Downloads\KindleForPC-installer.exe
2015-08-19 17:37 - 2015-08-13 06:22 - 02093056 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlidsvc.dll
2015-08-19 17:37 - 2015-08-13 06:20 - 00414208 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentClient.dll
2015-08-19 17:37 - 2015-08-13 05:53 - 00311808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppXDeploymentClient.dll
2015-08-19 17:37 - 2015-08-11 12:04 - 04532304 _____ (Microsoft Corporation) C:\WINDOWS\explorer.exe
2015-08-19 17:37 - 2015-08-11 12:04 - 02462648 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
2015-08-19 17:37 - 2015-08-11 12:04 - 01087296 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfplat.dll
2015-08-19 17:37 - 2015-08-11 12:03 - 00442208 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\storport.sys
2015-08-19 17:37 - 2015-08-11 12:02 - 00554744 _____ (Microsoft Corporation) C:\WINDOWS\system32\directmanipulation.dll
2015-08-19 17:37 - 2015-08-11 12:02 - 00292856 _____ (Microsoft Corporation) C:\WINDOWS\system32\LockAppHost.exe
2015-08-19 17:37 - 2015-08-11 12:02 - 00080720 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\stornvme.sys
2015-08-19 17:37 - 2015-08-11 11:52 - 00993104 _____ (Microsoft Corporation) C:\WINDOWS\system32\ReAgent.dll
2015-08-19 17:37 - 2015-08-11 11:50 - 01643872 _____ (Microsoft Corporation) C:\WINDOWS\system32\diagtrack.dll
2015-08-19 17:37 - 2015-08-11 11:40 - 04048808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\explorer.exe
2015-08-19 17:37 - 2015-08-11 11:40 - 02151208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll
2015-08-19 17:37 - 2015-08-11 11:40 - 00918320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfplat.dll
2015-08-19 17:37 - 2015-08-11 11:38 - 00454000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\directmanipulation.dll
2015-08-19 17:37 - 2015-08-11 11:37 - 00243800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LockAppHost.exe
2015-08-19 17:37 - 2015-08-11 11:26 - 00845664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ReAgent.dll
2015-08-19 17:37 - 2015-08-11 11:23 - 16706560 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2015-08-19 17:37 - 2015-08-11 11:21 - 00148992 _____ (Microsoft Corporation) C:\WINDOWS\system32\tetheringservice.dll
2015-08-19 17:37 - 2015-08-11 11:21 - 00052224 _____ (Microsoft Corporation) C:\WINDOWS\system32\tetheringclient.dll
2015-08-19 17:37 - 2015-08-11 11:20 - 00483328 _____ (Microsoft Corporation) C:\WINDOWS\system32\OneDriveSettingSyncProvider.dll
2015-08-19 17:37 - 2015-08-11 11:19 - 00235520 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_Notifications.dll
2015-08-19 17:37 - 2015-08-11 11:18 - 00235008 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserMgrProxy.dll
2015-08-19 17:37 - 2015-08-11 11:16 - 02416640 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFMediaEngine.dll
2015-08-19 17:37 - 2015-08-11 11:14 - 00404480 _____ C:\WINDOWS\system32\diagtrack_wininternal.dll
2015-08-19 17:37 - 2015-08-11 11:13 - 00413184 _____ C:\WINDOWS\system32\diagtrack_win.dll
2015-08-19 17:37 - 2015-08-11 11:11 - 02446336 _____ C:\WINDOWS\system32\InputService.dll
2015-08-19 17:37 - 2015-08-11 11:11 - 00553472 _____ (Microsoft Corporation) C:\WINDOWS\system32\GamePanel.exe
2015-08-19 17:37 - 2015-08-11 11:10 - 00778752 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.dll
2015-08-19 17:37 - 2015-08-11 11:10 - 00324096 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2015-08-19 17:37 - 2015-08-11 11:10 - 00293376 _____ C:\WINDOWS\system32\TextInputFramework.dll
2015-08-19 17:37 - 2015-08-11 11:09 - 00032768 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuautoappupdate.dll
2015-08-19 17:37 - 2015-08-11 11:08 - 00893440 _____ (Microsoft Corporation) C:\WINDOWS\system32\MbaeApiPublic.dll
2015-08-19 17:37 - 2015-08-11 11:08 - 00563200 _____ (Microsoft Corporation) C:\WINDOWS\system32\MbaeApi.dll
2015-08-19 17:37 - 2015-08-11 11:07 - 01178112 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwansvc.dll
2015-08-19 17:37 - 2015-08-11 11:07 - 00593920 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcmsvc.dll
2015-08-19 17:37 - 2015-08-11 11:07 - 00115712 _____ (Microsoft Corporation) C:\WINDOWS\system32\MbaeParserTask.exe
2015-08-19 17:37 - 2015-08-11 11:06 - 07523328 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2015-08-19 17:37 - 2015-08-11 11:06 - 02662400 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Logon.dll
2015-08-19 17:37 - 2015-08-11 11:05 - 03527168 _____ (Microsoft Corporation) C:\WINDOWS\system32\tquery.dll
2015-08-19 17:37 - 2015-08-11 11:05 - 00996352 _____ (Microsoft Corporation) C:\WINDOWS\system32\RDXService.dll
2015-08-19 17:37 - 2015-08-11 11:05 - 00342016 _____ (Microsoft Corporation) C:\WINDOWS\system32\LocationGeofences.dll
2015-08-19 17:37 - 2015-08-11 11:05 - 00269312 _____ (Microsoft Corporation) C:\WINDOWS\system32\LocationFramework.dll
2015-08-19 17:37 - 2015-08-11 11:05 - 00137216 _____ (Microsoft Corporation) C:\WINDOWS\system32\LocationPermissions.dll
2015-08-19 17:37 - 2015-08-11 11:05 - 00078848 _____ (Microsoft Corporation) C:\WINDOWS\system32\LocationFrameworkInternalPS.dll
2015-08-19 17:37 - 2015-08-11 11:03 - 02558976 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssrch.dll
2015-08-19 17:37 - 2015-08-11 11:02 - 00621056 _____ (Microsoft Corporation) C:\WINDOWS\system32\enterprisecsps.dll
2015-08-19 17:37 - 2015-08-11 11:02 - 00186368 _____ (Microsoft Corporation) C:\WINDOWS\system32\cloudAP.dll
2015-08-19 17:37 - 2015-08-11 11:01 - 01334784 _____ (Microsoft Corporation) C:\WINDOWS\system32\UIAutomationCore.dll
2015-08-19 17:37 - 2015-08-11 11:00 - 00336384 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchProtocolHost.exe
2015-08-19 17:37 - 2015-08-11 11:00 - 00274432 _____ (Microsoft Corporation) C:\WINDOWS\system32\syncutil.dll
2015-08-19 17:37 - 2015-08-11 10:59 - 01106432 _____ (Microsoft Corporation) C:\WINDOWS\system32\sysmain.dll
2015-08-19 17:37 - 2015-08-11 10:59 - 00642560 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdbui.dll
2015-08-19 17:37 - 2015-08-11 10:59 - 00123392 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssprxy.dll
2015-08-19 17:37 - 2015-08-11 10:59 - 00042496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tetheringclient.dll
2015-08-19 17:37 - 2015-08-11 10:58 - 00372224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\OneDriveSettingSyncProvider.dll
2015-08-19 17:37 - 2015-08-11 10:57 - 13024768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2015-08-19 17:37 - 2015-08-11 10:57 - 00159744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserMgrProxy.dll
2015-08-19 17:37 - 2015-08-11 10:51 - 01916928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFMediaEngine.dll
2015-08-19 17:37 - 2015-08-11 10:51 - 01823232 _____ C:\WINDOWS\SysWOW64\InputService.dll
2015-08-19 17:37 - 2015-08-11 10:50 - 00420352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GamePanel.exe
2015-08-19 17:37 - 2015-08-11 10:50 - 00200704 _____ C:\WINDOWS\SysWOW64\TextInputFramework.dll
2015-08-19 17:37 - 2015-08-11 10:50 - 00131584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Core.TextInput.dll
2015-08-19 17:37 - 2015-08-11 10:49 - 00586752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.dll
2015-08-19 17:37 - 2015-08-11 10:49 - 00247808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2015-08-19 17:37 - 2015-08-11 10:48 - 00671232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MbaeApiPublic.dll
2015-08-19 17:37 - 2015-08-11 10:47 - 00448512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MbaeApi.dll
2015-08-19 17:37 - 2015-08-11 10:45 - 01820672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Logon.dll
2015-08-19 17:37 - 2015-08-11 10:43 - 02748416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tquery.dll
2015-08-19 17:37 - 2015-08-11 10:42 - 05454848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2015-08-19 17:37 - 2015-08-11 10:40 - 01964544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssrch.dll
2015-08-19 17:37 - 2015-08-11 10:40 - 01112064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UIAutomationCore.dll
2015-08-19 17:37 - 2015-08-11 10:39 - 00280576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchProtocolHost.exe
2015-08-19 17:37 - 2015-08-11 10:38 - 00162304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ReInfo.dll
==================== Ein Monat: Geänderte Dateien und Ordner ========
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)
2015-09-18 17:00 - 2015-08-03 03:13 - 00000000 ____D C:\Users\Berthold
2015-09-18 16:55 - 2015-05-16 16:30 - 00001152 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-3686684737-2695999886-1653246583-1002UA.job
2015-09-18 16:50 - 2014-08-05 19:48 - 00001138 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2015-09-18 16:41 - 2015-01-31 14:57 - 00000884 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2015-09-18 16:39 - 2014-08-05 20:04 - 00000000 ____D C:\Users\Berthold\Documents\Scribble Papers
2015-09-18 16:11 - 2015-07-10 13:04 - 00000000 ____D C:\WINDOWS\system32\sru
2015-09-18 15:59 - 2014-08-10 12:04 - 00113880 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2015-09-18 15:31 - 2015-07-10 13:04 - 00000000 ____D C:\WINDOWS\AppReadiness
2015-09-18 14:55 - 2015-05-16 16:30 - 00001100 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-3686684737-2695999886-1653246583-1002Core.job
2015-09-18 14:50 - 2014-08-05 19:48 - 00001134 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2015-09-18 07:06 - 2014-08-04 14:30 - 00000000 ____D C:\Users\Berthold\Documents\Youcam
2015-09-18 07:02 - 2015-08-03 03:25 - 00065536 _____ C:\WINDOWS\system32\spu_storage.bin
2015-09-18 07:02 - 2015-07-10 14:21 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2015-09-18 07:02 - 2015-07-10 11:05 - 00786432 ___SH C:\WINDOWS\system32\config\BBI
2015-09-17 20:54 - 2014-08-04 14:37 - 00004166 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{0881B6C8-8E2B-407F-9D16-3C9A313C705E}
2015-09-17 16:55 - 2014-08-04 23:22 - 00000000 ____D C:\Users\Berthold\AppData\Roaming\TV-Browser
2015-09-17 14:50 - 2015-05-16 16:30 - 00004280 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3686684737-2695999886-1653246583-1002UA
2015-09-17 14:50 - 2015-05-16 16:30 - 00003904 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3686684737-2695999886-1653246583-1002Core
2015-09-17 14:45 - 2014-08-05 19:48 - 00004196 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2015-09-17 14:45 - 2014-08-05 19:48 - 00003964 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2015-09-17 14:22 - 2015-06-05 13:05 - 04629744 _____ (Realtek Semiconductor Corporation ) C:\WINDOWS\system32\Drivers\rtwlane.sys
2015-09-16 16:02 - 2014-08-05 11:45 - 00000052 _____ C:\WINDOWS\SysWOW64\DOErrors.log
2015-09-16 11:22 - 2014-08-04 14:28 - 00000000 ____D C:\Users\Berthold\AppData\Local\Packages
2015-09-11 18:42 - 2014-08-05 16:59 - 00000000 ____D C:\Program Files (x86)\SpywareBlaster
2015-09-11 18:42 - 2013-12-12 08:05 - 00000000 ____D C:\ProgramData\Temp
2015-09-10 13:37 - 2014-08-05 17:19 - 00000000 ___RD C:\Users\Berthold\Desktop\Media
2015-09-09 18:23 - 2015-08-15 14:15 - 00000364 _____ C:\WINDOWS\Tasks\HPCeeScheduleForBerthold.job
2015-09-09 16:46 - 2015-08-01 00:51 - 21635072 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\system32\Drivers\atikmdag.sys
2015-09-09 16:46 - 2015-08-01 00:51 - 12062080 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\atidxx64.dll
2015-09-09 16:46 - 2015-08-01 00:51 - 10191288 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\atidxx32.dll
2015-09-09 16:46 - 2015-08-01 00:51 - 08009376 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\atiumdva.dll
2015-09-09 16:46 - 2015-08-01 00:51 - 07482080 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\atiumdag.dll
2015-09-09 16:46 - 2015-08-01 00:51 - 01468840 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\aticfx64.dll
2015-09-09 16:46 - 2015-08-01 00:51 - 01213224 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\aticfx32.dll
2015-09-09 16:46 - 2015-08-01 00:51 - 00874520 _____ (AMD) C:\WINDOWS\system32\coinst_15.20.dll
2015-09-09 16:46 - 2015-08-01 00:51 - 00673816 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\system32\Drivers\atikmpag.sys
2015-09-09 16:46 - 2015-08-01 00:51 - 00163792 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\atiuxp64.dll
2015-09-09 16:46 - 2015-08-01 00:51 - 00143088 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\atiuxpag.dll
2015-09-09 16:46 - 2015-08-01 00:51 - 00113920 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\atiu9pag.dll
2015-09-09 16:46 - 2015-07-16 04:11 - 08979792 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\atiumd6a.dll
2015-09-09 16:46 - 2015-07-16 04:11 - 08866472 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\atiumd64.dll
2015-09-09 16:46 - 2015-07-16 04:11 - 00130104 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\atiu9p64.dll
2015-09-09 16:46 - 2015-07-16 03:17 - 00681488 _____ (AMD) C:\WINDOWS\system32\atieclxx.exe
2015-09-09 16:46 - 2015-07-16 03:17 - 00452616 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\system32\atidemgy.dll
2015-09-09 16:46 - 2015-07-16 03:17 - 00257032 _____ (AMD) C:\WINDOWS\system32\atiesrxx.exe
2015-09-09 16:46 - 2015-07-16 03:13 - 01256472 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\system32\atiadlxx.dll
2015-09-09 16:27 - 2015-08-15 14:15 - 00003268 _____ C:\WINDOWS\System32\Tasks\HPCeeScheduleForBerthold
2015-09-09 12:59 - 2015-07-10 14:20 - 00255992 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2015-09-09 12:57 - 2015-07-10 18:46 - 00000000 ____D C:\Program Files\Windows Journal
2015-09-09 12:57 - 2015-07-10 13:04 - 00000000 ____D C:\WINDOWS\system32\appraiser
2015-09-09 12:54 - 2015-07-10 12:55 - 00000000 ____D C:\WINDOWS\CbsTemp
2015-09-09 12:54 - 2014-08-04 22:09 - 00000000 ____D C:\ProgramData\Microsoft Help
2015-09-09 12:52 - 2014-08-04 17:04 - 00000000 ____D C:\WINDOWS\system32\MRT
2015-09-06 17:31 - 2014-10-03 12:08 - 00000000 ____D C:\Users\Berthold\AppData\Roaming\Skype
2015-09-05 17:38 - 2015-07-10 13:04 - 00000000 ____D C:\WINDOWS\rescache
2015-09-04 22:59 - 2014-08-04 22:09 - 00000000 ____D C:\Users\Berthold\AppData\Local\Microsoft Help
2015-09-02 15:49 - 2014-08-10 14:23 - 00000000 ___RD C:\Users\Berthold\Dropbox
2015-09-02 15:49 - 2014-08-10 14:17 - 00000000 ____D C:\Users\Berthold\AppData\Roaming\Dropbox
2015-08-29 09:55 - 2013-08-22 17:36 - 00000000 ___HD C:\WINDOWS\system32\GroupPolicy
2015-08-29 09:54 - 2015-07-10 13:04 - 00000000 ____D C:\WINDOWS\SysWOW64\GroupPolicy
2015-08-28 21:27 - 2015-07-10 13:04 - 00000000 ____D C:\WINDOWS\system32\NDF
2015-08-28 21:17 - 2014-08-04 22:59 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2015-08-28 18:01 - 2015-07-10 13:04 - 00000000 ____D C:\WINDOWS\system32\oobe
2015-08-27 15:54 - 2013-09-01 05:49 - 00000000 ____D C:\SWSetup
2015-08-26 18:37 - 2014-08-04 17:04 - 134753440 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2015-08-26 15:13 - 2014-08-05 16:26 - 00000000 ____D C:\Program Files\CCleaner
2015-08-26 14:34 - 2014-12-26 15:00 - 00000000 ____D C:\Users\Berthold\AppData\Local\Adobe
2015-08-26 14:07 - 2014-08-04 22:53 - 00000000 ____D C:\ProgramData\Oracle
2015-08-26 14:06 - 2015-01-26 17:03 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2015-08-26 14:05 - 2015-01-26 17:03 - 00097888 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\WindowsAccessBridge-32.dll
2015-08-26 14:05 - 2015-01-26 17:02 - 00000000 ____D C:\Program Files (x86)\Java
2015-08-25 17:40 - 2014-08-04 20:48 - 00004280 _____ C:\WINDOWS\System32\Tasks\avast! Emergency Update
2015-08-23 21:12 - 2014-08-10 14:12 - 00000000 ____D C:\Users\Berthold\Desktop\Fahrplan
2015-08-23 20:29 - 2015-08-03 23:23 - 00000000 ____D C:\Users\Berthold\Desktop\Windows 10 ISO
2015-08-22 13:43 - 2015-08-03 03:08 - 00000000 ____D C:\Program Files\AMD
2015-08-22 13:42 - 2013-12-12 07:52 - 00000000 ____D C:\Program Files (x86)\ATI Technologies
2015-08-22 13:39 - 2013-12-12 07:51 - 00000000 ____D C:\ProgramData\Package Cache
2015-08-20 09:25 - 2014-08-10 12:38 - 00000000 ____D C:\Program Files (x86)\Amazon
2015-08-20 09:21 - 2014-08-10 12:39 - 00000000 ____D C:\Users\Berthold\Documents\My Kindle Content
2015-08-20 09:20 - 2014-08-10 12:39 - 00000000 ____D C:\Users\Berthold\AppData\Local\Amazon
2015-08-19 22:59 - 2014-08-04 22:01 - 00000000 ____D C:\Users\Berthold\Documents\E I G E N E D A T E I E N
2015-08-19 22:45 - 2014-08-10 14:12 - 00000000 ___RD C:\Users\Berthold\Desktop\Kalender
2015-08-19 20:07 - 2015-08-03 03:11 - 01994140 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2015-08-19 20:07 - 2015-07-10 18:34 - 00849328 _____ C:\WINDOWS\system32\perfh007.dat
2015-08-19 20:07 - 2015-07-10 18:34 - 00186568 _____ C:\WINDOWS\system32\perfc007.dat
2015-08-19 19:25 - 2014-08-10 14:10 - 00056064 _____ C:\Users\Berthold\AppData\Local\GDIPFONTCACHEV1.DAT
2015-08-19 19:16 - 2014-08-31 12:44 - 00000000 ____D C:\Users\Berthold\Documents\Kalender-Excel-8.9
2015-08-19 19:16 - 2014-08-31 12:44 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kalender-Excel-8.9
2015-08-19 18:11 - 2015-07-10 13:04 - 00000000 ____D C:\WINDOWS\system32\WinBioPlugIns
==================== Dateien im Wurzelverzeichnis einiger Verzeichnisse =======
2014-08-24 18:28 - 2014-08-24 18:28 - 0118727 _____ () C:\Users\Berthold\AppData\Local\ars.cache
2014-08-24 18:29 - 2014-08-24 18:29 - 0356185 _____ () C:\Users\Berthold\AppData\Local\census.cache
2014-08-24 18:00 - 2014-08-24 18:00 - 0000036 _____ () C:\Users\Berthold\AppData\Local\housecall.guid.cache
2014-08-20 19:30 - 2014-08-20 19:30 - 0000011 _____ () C:\ProgramData\.tv7
2015-08-27 15:54 - 2015-08-27 15:54 - 0000000 _____ () C:\ProgramData\{C6FA530F-BB98-4D9F-BA00-45FD0698077C}
Einige Dateien in TEMP:
====================
C:\Users\Berthold\AppData\Local\Temp\sqlite3.dll
==================== Bamital & volsnap =================
(Es ist kein automatischer Fix für Dateien vorhanden, die an der Verifikation gescheitert sind.)
C:\WINDOWS\system32\winlogon.exe => Datei ist digital signiert
C:\WINDOWS\system32\wininit.exe => Datei ist digital signiert
C:\WINDOWS\explorer.exe => Datei ist digital signiert
C:\WINDOWS\SysWOW64\explorer.exe => Datei ist digital signiert
C:\WINDOWS\system32\svchost.exe => Datei ist digital signiert
C:\WINDOWS\SysWOW64\svchost.exe => Datei ist digital signiert
C:\WINDOWS\system32\services.exe => Datei ist digital signiert
C:\WINDOWS\system32\User32.dll => Datei ist digital signiert
C:\WINDOWS\SysWOW64\User32.dll => Datei ist digital signiert
C:\WINDOWS\system32\userinit.exe => Datei ist digital signiert
C:\WINDOWS\SysWOW64\userinit.exe => Datei ist digital signiert
C:\WINDOWS\system32\rpcss.dll => Datei ist digital signiert
C:\WINDOWS\system32\dnsapi.dll => Datei ist digital signiert
C:\WINDOWS\SysWOW64\dnsapi.dll => Datei ist digital signiert
C:\WINDOWS\system32\Drivers\volsnap.sys => Datei ist digital signiert
LastRegBack: 2015-09-14 09:34
==================== Ende von FRST.txt ============================
Code:
ATTFilter Zusätzliches Untersuchungsergebnis von Farbar Recovery Scan Tool (x64) Version:15-09-2015
durchgeführt von Berthold (2015-09-18 17:03:45)
Gestartet von C:\Users\Berthold\Desktop
Windows 10 Home (X64) (2015-08-03 06:14:19)
Start-Modus: Normal
==========================================================
==================== Konten: =============================
Administrator (S-1-5-21-3686684737-2695999886-1653246583-500 - Administrator - Disabled)
Berthold (S-1-5-21-3686684737-2695999886-1653246583-1002 - Administrator - Enabled) => C:\Users\Berthold
DefaultAccount (S-1-5-21-3686684737-2695999886-1653246583-503 - Limited - Disabled)
Gast (S-1-5-21-3686684737-2695999886-1653246583-501 - Limited - Disabled)
==================== Sicherheits-Center ========================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er entfernt.)
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
==================== Installierte Programme ======================
(Nur Adware-Programme mit dem Zusatz "Hidden" können in die Fixlist aufgenommen werden, um sie sichtbar zu machen. Die Adware-Programme sollten manuell deinstalliert werden.)
7-Zip 9.22 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0922-000001000000}) (Version: 9.22.00.0 - Igor Pavlov)
ABBYY FineReader 6.0 Sprint (HKLM-x32\...\{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}) (Version: 6.00.1990.41618 - ABBYY Software House)
Adobe Flash Player 18 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 18.0.0.232 - Adobe Systems Incorporated)
Amazon Kindle (HKLM-x32\...\Amazon Kindle) (Version: - Amazon)
AMD Catalyst Install Manager (HKLM\...\{E2078C11-E9EC-BD96-037C-A3423082F2BF}) (Version: 8.0.916.0 - Advanced Micro Devices, Inc.)
AMD Quick Stream (HKLM\...\{E9EED4AE-682B-4501-9574-D09A21717599}_is1) (Version: 4.0.0.0 - AppEx Networks)
Avast Free Antivirus (HKLM-x32\...\Avast) (Version: 10.3.2225 - AVAST Software)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
calibre 64bit (HKLM\...\{57ADE316-7B2D-4DD0-BA95-11AF9B58B3DA}) (Version: 2.2.0 - Kovid Goyal)
CCleaner (HKLM\...\CCleaner) (Version: 5.09 - Piriform)
CyberLink LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.4.6515 - CyberLink Corp.)
CyberLink Media Suite 10 (HKLM-x32\...\InstallShield_{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}) (Version: 10.0.8.4420 - CyberLink Corp.)
Cyberlink PhotoDirector (HKLM-x32\...\InstallShield_{39337565-330E-4ab6-A9AE-AC81E0720B10}) (Version: 3.0.4.4824 - CyberLink Corp.)
CyberLink Power Media Player 12 (HKLM-x32\...\InstallShield_{B46BEA36-0B71-4A4E-AE41-87241643FA0A}) (Version: 12.0.5.4608 - CyberLink Corp.)
CyberLink Power2Go 8 (HKLM-x32\...\InstallShield_{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}) (Version: 8.0.8.4316 - CyberLink Corp.)
CyberLink PowerDirector 10 (HKLM-x32\...\InstallShield_{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}) (Version: 10.0.4.3122 - CyberLink Corp.)
CyberLink YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 5.0.5.4628 - CyberLink Corp.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Dropbox (HKU\S-1-5-21-3686684737-2695999886-1653246583-1002\...\Dropbox) (Version: 3.6.7 - Dropbox, Inc.)
Energy Star (HKLM-x32\...\{FC0ADA4D-8FA5-4452-8AFF-F0A0BAC97EF7}) (Version: 1.0.9 - Hewlett-Packard Company)
ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version: - )
Fotogalerie (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 45.0.2454.93 - Google Inc.)
Google Talk Plugin (HKLM-x32\...\{CA3DD97D-1FD7-37A7-BD5C-FC4430C8B8E6}) (Version: 5.41.2.0 - Google)
Google Update Helper (x32 Version: 1.3.28.15 - Google Inc.) Hidden
HP 3D DriveGuard (HKLM-x32\...\{E8D0E2B8-B64B-44BC-8E01-00DDACBDF78A}) (Version: 6.0.28.1 - Hewlett-Packard Company)
HP Connected Music (Meridian - installer) (HKLM-x32\...\StartHPConnectedMusic) (Version: 1.0 - Meridian Audio Ltd)
HP Connected Music (Meridian - player) (HKU\S-1-5-21-3686684737-2695999886-1653246583-1002\...\HPConnectedMusic) (Version: 1.1 (build 128) hp - Meridian Audio Ltd)
HP CoolSense (HKLM-x32\...\{E2C8D0C2-1C97-4C05-939A-5B13A0FE655C}) (Version: 2.20.31 - Hewlett-Packard Company)
HP Documentation (HKLM-x32\...\{F5120027-B9BF-4A48-86E9-63F7F79A5263}) (Version: 1.1.0.0 - Hewlett-Packard)
HP Registration Service (HKLM\...\{D1E8F2D7-7794-4245-B286-87ED86C1893C}) (Version: 1.2.7045.4591 - Hewlett-Packard)
HP SimplePass (HKLM-x32\...\InstallShield_{314FAD12-F785-4471-BCE8-AB506642B9A1}) (Version: 8.00.57 - Hewlett-Packard)
HP Support Assistant (HKLM-x32\...\{61EB474B-67A6-47F4-B1B7-386851BAB3D0}) (Version: 8.0.29.6 - Hewlett-Packard Company)
HP Support Solutions Framework (HKLM-x32\...\{B3FFA06F-CC21-439C-9452-DFE751ED58A8}) (Version: 12.0.30.81 - Hewlett-Packard Company)
HP System Event Utility (HKLM-x32\...\{8B4EE87E-6D40-4C91-B5E8-0DC77DC412F1}) (Version: 1.4.1 - Hewlett-Packard Company)
HP Utility Center (HKLM\...\{AED1C141-3AFC-47FE-AE90-C820AA60B103}) (Version: 2.2.5 - Hewlett-Packard Company)
HP Wireless Button Driver (HKLM-x32\...\{EFA01423-3857-468C-B7B6-F30AA08E50BC}) (Version: 1.1.5.1 - Hewlett-Packard Company)
Inst5675 (Version: 8.00.57 - Softex Inc.) Hidden
Inst5676 (Version: 8.00.57 - Softex Inc.) Hidden
Java 8 Update 60 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218060F0}) (Version: 8.0.600.27 - Oracle Corporation)
Junk Mail filter update (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Kalender-Excel-8.9 (HKLM-x32\...\Kalender-Excel-8.9_is1) (Version: 8.9 - MSDatec)
Lexmark 4800 Series (HKLM\...\Lexmark 4800 Series) (Version: - Lexmark International, Inc.)
Lexmark Fax-Lösungen (HKLM\...\Lexmark Fax Solutions) (Version: - )
Malwarebytes Anti-Exploit version 1.07.1.1015 (HKLM\...\Malwarebytes Anti-Exploit_is1) (Version: 1.07.1.1015 - Malwarebytes)
Malwarebytes Anti-Malware Version 2.1.8.1057 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.8.1057 - Malwarebytes Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Home and Student 2007 (HKLM-x32\...\HOMESTUDENTR) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Live Add-in 1.5 (HKLM-x32\...\{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}) (Version: 2.0.4024.1 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40728.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.51106 (HKLM-x32\...\{6e8f74e0-43bd-4dce-8477-6ff6828acc07}) (Version: 11.0.51106.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.51106 (HKLM-x32\...\{8e70e4e1-06d7-470b-9f74-a51bef21088e}) (Version: 11.0.51106.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
Movie Maker (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Mozilla Firefox 40.0.3 (x86 de) (HKLM-x32\...\Mozilla Firefox 40.0.3 (x86 de)) (Version: 40.0.3 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 40.0.3.5716 - Mozilla)
MyPhoneExplorer (HKLM-x32\...\MPE) (Version: 1.8.6 - F.J. Wechselberger)
OEM Application Profile (HKLM-x32\...\{70D5F822-F4C4-33D9-7EEC-2A4AF4EA7BDC}) (Version: 1.00.0000 - Ihr Firmenname)
PDF-Viewer (HKLM\...\{A278382D-4F1B-4D47-9885-8523F7261E8D}_is1) (Version: 2.5.309.0 - Tracker Software Products Ltd)
Raptr (HKLM-x32\...\Raptr) (Version: - )
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.2.9200.29068 - Realtek Semiconductor Corp.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.20.815.2013 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7548 - Realtek Semiconductor Corp.)
REALTEK Wireless LAN Driver (HKLM-x32\...\{A5107464-AA9B-4177-8129-5FF2F42DD322}) (Version: 1.00.12.0906 - REALTEK Semiconductor Corp.)
Revo Uninstaller 1.95 (HKLM-x32\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
Samsung Kies (HKLM-x32\...\InstallShield_{758C8301-2696-4855-AF45-534B1200980A}) (Version: 2.6.2.14014_6 - Samsung Electronics Co., Ltd.)
Samsung Kies (x32 Version: 2.6.2.14014_6 - Samsung Electronics Co., Ltd.) Hidden
Samsung USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.55.0 - Samsung Electronics Co., Ltd.)
Scribble Papers 2.8.3 (HKLM-x32\...\Scribble Papers_is1) (Version: - Jens Hoetger)
Secunia PSI (3.0.0.9016) (HKLM-x32\...\Secunia PSI) (Version: 3.0.0.9016 - Secunia)
Skype™ 7.5 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.5.101 - Skype Technologies S.A.)
SonyEditor (remove only) (HKLM-x32\...\SonyEditor) (Version: - )
SpywareBlaster 5.2 (HKLM-x32\...\SpywareBlaster_is1) (Version: 5.2.0 - BrightFort LLC)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 17.0.6.2 - Synaptics Incorporated)
System Power Shortcuts (HKLM-x32\...\{87673125-0D68-4740-97F5-5B4336DA7DCD}) (Version: 1.3.8209 - CAPPLOUD)
TV-Browser 3.4 (HKLM-x32\...\tvbrowser) (Version: 3.4 - TV-Browser Team)
Twonky Server (HKLM-x32\...\TwonkyServer) (Version: 7.3.0.0 - PacketVideo)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
Update für Microsoft Office Excel 2007 Help (KB963678) (HKLM-x32\...\{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{BEC163EC-7A83-48A1-BFB6-3BF47CC2F8CF}) (Version: - Microsoft)
Update für Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM-x32\...\{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{EA160DA3-E9B5-4D03-A518-21D306665B96}) (Version: - Microsoft)
Update für Microsoft Office Word 2007 Help (KB963665) (HKLM-x32\...\{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{38472199-D7B6-4833-A949-10E4EE6365A1}) (Version: - Microsoft)
VLC media player (HKLM\...\VLC media player) (Version: 2.2.1 - VideoLAN)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
WinPatrol (HKLM\...\{6A206A04-6BC1-411B-AA04-4E52EDEEADF2}) (Version: 33.1.2015.0 - WinPatrol)
==================== Benutzerdefinierte CLSID (Nicht auf der Ausnahmeliste): ==========================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
CustomCLSID: HKU\S-1-5-21-3686684737-2695999886-1653246583-1002_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Berthold\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3686684737-2695999886-1653246583-1002_Classes\CLSID\{1423F872-3F7F-4E57-B621-8B1A9D49B448}\InprocServer32 -> C:\Users\Berthold\AppData\Local\Google\Update\1.3.27.5\psuser_64.dll Keine Datei
CustomCLSID: HKU\S-1-5-21-3686684737-2695999886-1653246583-1002_Classes\CLSID\{5C8C2A98-6133-4EBA-BBCC-34D9EA01FC2E}\InprocServer32 -> C:\Users\Berthold\AppData\Local\Google\Update\1.3.28.1\psuser_64.dll Keine Datei
CustomCLSID: HKU\S-1-5-21-3686684737-2695999886-1653246583-1002_Classes\CLSID\{78550997-5DEF-4A8A-BAF9-D5774E87AC98}\InprocServer32 -> C:\Users\Berthold\AppData\Local\Google\Update\1.3.28.13\psuser_64.dll Keine Datei
CustomCLSID: HKU\S-1-5-21-3686684737-2695999886-1653246583-1002_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A}\InprocServer32 -> C:\Users\Berthold\AppData\Local\Google\Update\1.3.26.9\psuser_64.dll Keine Datei
CustomCLSID: HKU\S-1-5-21-3686684737-2695999886-1653246583-1002_Classes\CLSID\{D1EDC4F5-7F4D-4B12-906A-614ECF66DDAF}\InprocServer32 -> C:\Users\Berthold\AppData\Local\Google\Update\1.3.28.15\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-3686684737-2695999886-1653246583-1002_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Berthold\AppData\Local\Google\Update\1.3.28.15\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-3686684737-2695999886-1653246583-1002_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Users\Berthold\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3686684737-2695999886-1653246583-1002_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Berthold\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3686684737-2695999886-1653246583-1002_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Berthold\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3686684737-2695999886-1653246583-1002_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Berthold\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3686684737-2695999886-1653246583-1002_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Berthold\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3686684737-2695999886-1653246583-1002_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Berthold\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3686684737-2695999886-1653246583-1002_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Berthold\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3686684737-2695999886-1653246583-1002_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Berthold\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3686684737-2695999886-1653246583-1002_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Berthold\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll (Dropbox, Inc.)
==================== Wiederherstellungspunkte =========================
26-08-2015 13:26:18 Ende der Bereinigung
05-09-2015 15:00:59 Revo Uninstaller's restore point - Fotor 2.0.3
09-09-2015 12:41:35 Windows Update
17-09-2015 14:21:24 Windows Update
==================== Hosts Inhalt: ===============================
(Wenn benötigt kann der Hosts: Schalter in die Fixlist aufgenommen werden um die Hosts Datei zurückzusetzen.)
2013-08-22 15:25 - 2013-08-22 15:25 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts
==================== Geplante Aufgaben (Nicht auf der Ausnahmeliste) =============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
Task: {3B4BD7FF-4E6E-471B-B25A-CDF28B6B24B2} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> Keine Datei <==== ACHTUNG
Task: {3C1D20EB-5845-4C6A-8C0B-B645A30CCCC0} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> Keine Datei <==== ACHTUNG
Task: {40F9961E-3E09-46C7-9C57-2EE762DF611E} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-30] (Google Inc.)
Task: {445F040D-C8E9-495B-B3C1-DC62BA2F386E} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2015-07-11] (Hewlett-Packard Company)
Task: {44EA6FC7-7DCF-4C6B-A307-3597807085C5} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2015-07-11] (Hewlett-Packard Company)
Task: {4D6F0EDF-87DA-4A76-A801-EA67F6AD2BBD} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> Keine Datei <==== ACHTUNG
Task: {51DD8FCA-2C64-4ECC-BA76-B7B0DC4164BA} - System32\Tasks\HPCeeScheduleForBerthold => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2015-06-16] (Hewlett-Packard)
Task: {5CD6FC69-2B59-42CC-81B4-54A2C491107E} - System32\Tasks\CreateExplorerShellUnelevatedTask => C:\WINDOWS\explorer.exe [2015-08-11] (Microsoft Corporation)
Task: {63D0E381-4C59-488F-A781-F4852F54C6DE} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2015-08-26] (Microsoft Corporation)
Task: {6F41F1FA-45FA-4C9D-9D51-094A6C37B97B} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> Keine Datei <==== ACHTUNG
Task: {72AE06BB-453C-4C31-807D-4491D39A9B59} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> Keine Datei <==== ACHTUNG
Task: {89ECF89D-D3B6-44EF-A3CC-94CD90C54765} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> Keine Datei <==== ACHTUNG
Task: {8BC2F27A-096B-4F08-AB26-6242B7523BBC} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> Keine Datei <==== ACHTUNG
Task: {8E9334C5-094F-464C-9E5E-7AC8ECC070B6} - System32\Tasks\Hewlett-Packard\HP Active Health\HP Active Health Scan (HPSA) => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPActiveHealth\ActiveHealth.exe [2015-06-19] (Hewlett-Packard)
Task: {922E5946-5488-434D-BF1E-9389EF8024C4} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3686684737-2695999886-1653246583-1002UA => C:\Users\Berthold\AppData\Local\Google\Update\GoogleUpdate.exe [2015-05-16] (Google Inc.)
Task: {96C1EF9E-D73C-4C84-AF0A-D9681FE1CD5F} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-08-26] (Adobe Systems Incorporated)
Task: {97275210-F29E-4C12-9F4A-11C4C2F6C4E6} - System32\Tasks\Hewlett-Packard\HP CoolSense\HP CoolSense Start at Logon => C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe [2013-11-01] (Hewlett-Packard Development Company, L.P.)
Task: {9B75E86A-6F4F-42AC-B839-BD580AB42939} - System32\Tasks\YCMServiceAgent => C:\Program Files (x86)\CyberLink\YouCam\YouCamService.exe [2014-10-28] (CyberLink Corp.)
Task: {A0DF5B11-85BB-43D9-AF42-019305AC9974} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2015-08-20] (Piriform Ltd)
Task: {B2325376-FFBD-4A0A-A4AD-DADA202A0972} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [2015-06-24] (Hewlett-Packard)
Task: {B594C90B-7537-4C31-898C-4308700DC1F4} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2015-08-09] (AVAST Software)
Task: {B8227F19-37A7-47DE-AEEF-679497CF5CD2} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> Keine Datei <==== ACHTUNG
Task: {B985E41B-959D-42A5-9D35-10AFEE5D93ED} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> Keine Datei <==== ACHTUNG
Task: {BA42FD09-6B2E-4B43-9259-42E23D7BF678} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3686684737-2695999886-1653246583-1002Core => C:\Users\Berthold\AppData\Local\Google\Update\GoogleUpdate.exe [2015-05-16] (Google Inc.)
Task: {C4A7C2DA-7D1E-4C7A-9EC5-6D68D078BB68} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> Keine Datei <==== ACHTUNG
Task: {CB4D9D30-FE2C-4A9C-BD55-06D438D4F9FE} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Active Health Launcher => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPActiveHealth\ActiveHealth.exe [2015-06-19] (Hewlett-Packard)
Task: {CBFD66D2-360D-40C6-9719-236853B94290} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2015-08-27] (Hewlett-Packard)
Task: {E534B137-7A79-4786-BE89-E7F7FE08C6A6} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-30] (Google Inc.)
Task: {E9DB8E8F-8CE8-4B56-B76B-8CA75FF9DBEE} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2015-08-27] (Hewlett-Packard)
Task: {EB1444E1-95EF-45D7-BC2E-DB8F8FF99FB3} - System32\Tasks\CreateChoiceProcessTask => C:\Windows\BrowserChoice\browserchoice.exe
Task: {EE9F76A8-7DAA-43ED-B4E0-2E44AAE550C7} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> Keine Datei <==== ACHTUNG
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Aufgabe verschoben. Die Datei, die durch die Aufgabe gestartet wird, wird nicht verschoben.)
Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-3686684737-2695999886-1653246583-1002Core.job => C:\Users\Berthold\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-3686684737-2695999886-1653246583-1002UA.job => C:\Users\Berthold\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\HPCeeScheduleForBerthold.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe
==================== Geladene Module (Nicht auf der Ausnahmeliste) ==============
2015-08-03 03:51 - 2015-08-03 03:51 - 00032768 _____ () C:\WINDOWS\SYSTEM32\licensemanagerapi.dll
2013-10-14 11:25 - 2013-10-14 11:25 - 02541056 _____ () C:\Program Files\Hewlett-Packard\SimplePass\autheng.dll
2013-10-14 11:22 - 2013-10-14 11:22 - 00021504 _____ () C:\Program Files\Hewlett-Packard\SimplePass\cryptodll.dll
2013-10-14 11:22 - 2013-10-14 11:22 - 00035328 _____ () C:\Program Files\Hewlett-Packard\SimplePass\ssplogon.dll
2013-10-14 11:22 - 2013-10-14 11:22 - 00055296 _____ () C:\Program Files\Hewlett-Packard\SimplePass\RandomPass.dll
2013-10-14 11:35 - 2013-10-14 11:35 - 00306064 _____ () C:\Program Files\Hewlett-Packard\SimplePass\mstrpwd.dll
2013-10-14 11:35 - 2013-10-14 11:35 - 01297296 _____ () C:\Program Files\Hewlett-Packard\SimplePass\GraphicalPwd.dll
2013-10-14 11:23 - 2013-10-14 11:23 - 00109568 _____ () C:\Program Files\Hewlett-Packard\SimplePass\cachesrvr.exe
2013-10-14 11:24 - 2013-10-14 11:24 - 00627200 _____ () C:\Program Files\Hewlett-Packard\SimplePass\cachedrv.dll
2015-05-06 13:39 - 2006-02-23 11:35 - 00020480 _____ () C:\WINDOWS\System32\FritzColorPort64.dll
2014-08-13 10:55 - 2007-05-23 09:44 - 00045568 _____ () C:\WINDOWS\System32\LXF3PMON.DLL
2014-08-13 10:55 - 2007-01-17 14:07 - 00036864 _____ () C:\WINDOWS\System32\LXF3OEM.DLL
2014-08-13 10:55 - 2007-05-23 09:41 - 00081408 _____ () C:\Program Files (x86)\Lexmark Fax Solutions\ipcmt64.dll
2014-08-13 10:55 - 2007-05-23 09:44 - 00003584 _____ () C:\WINDOWS\System32\LXF3PMRC.DLL
2014-08-13 10:59 - 2007-05-25 19:44 - 00138240 _____ () C:\WINDOWS\system32\spool\PRTPROCS\x64\lxdedrpp.dll
2015-08-19 17:37 - 2015-08-11 11:14 - 00404480 _____ () C:\WINDOWS\System32\diagtrack_wininternal.dll
2015-08-28 14:20 - 2015-08-18 09:56 - 02498808 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
2015-08-28 14:20 - 2015-08-18 09:56 - 02498808 _____ () C:\WINDOWS\System32\CoreUIComponents.dll
2015-08-12 15:31 - 2015-08-03 03:09 - 02028544 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RulesService.dll
2015-07-10 13:00 - 2015-07-10 18:45 - 00471040 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2015-08-03 03:51 - 2015-08-03 03:51 - 00619008 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SignalsManager.dll
2015-08-12 15:31 - 2015-08-03 03:09 - 00928768 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RulesBackgroundTasks.dll
2015-08-19 17:37 - 2015-08-11 10:58 - 01808384 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2015-07-10 12:59 - 2015-07-10 12:59 - 00429056 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\QuickActions.dll
2015-08-12 15:32 - 2015-08-03 03:11 - 06569472 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2015-08-12 15:32 - 2015-08-03 03:14 - 00882688 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Actions.dll
2015-08-12 15:32 - 2015-08-03 03:09 - 02274816 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2015-08-03 03:51 - 2015-08-03 03:51 - 00577024 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.NodeWinrtWrap.dll
2015-07-10 13:00 - 2015-07-10 18:45 - 00210432 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.ProxyStub.dll
2015-08-03 03:51 - 2015-08-03 03:51 - 00181248 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\dss_service\node_modules\nodert-buffer-utils\bin\NodeRT_Buffer_Utils.node
2015-08-03 03:51 - 2015-08-03 03:51 - 00559616 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\dss_service\node_modules\windows.storage.streams\bin\NodeRT_Windows_Storage_Streams.node
2015-08-03 03:51 - 2015-08-03 03:51 - 00643072 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\dss_service\node_modules\windows.foundation.diagnostics\bin\NodeRT_Windows_Foundation_Diagnostics.node
2015-07-10 13:00 - 2015-07-10 18:45 - 00037888 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\dss_service\node_modules\winrt-projections\bin\Winrt_Projections.node
2015-08-03 03:51 - 2015-08-03 03:51 - 00796160 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\dss_service\node_modules\windows.web.http\bin\NodeRT_Windows_Web_Http.node
2015-08-03 03:51 - 2015-08-03 03:51 - 00961536 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\dss_service\node_modules\windows.web.http.headers\bin\NodeRT_Windows_Web_Http_Headers.node
2015-08-03 03:51 - 2015-08-03 03:51 - 00204288 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\dss_service\node_modules\windows.web.http.filters\bin\NodeRT_Windows_Web_Http_Filters.node
2015-08-03 03:51 - 2015-08-03 03:51 - 00397824 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\dss_service\node_modules\windows.foundation\bin\NodeRT_Windows_Foundation.node
2015-08-03 03:51 - 2015-08-03 03:51 - 00074240 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\dss_service\node_modules\windows.networking\bin\NodeRT_Windows_Networking.node
2015-08-03 03:51 - 2015-08-03 03:51 - 00093696 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\dss_service\node_modules\windows.security.cryptography\bin\NodeRT_Windows_Security_Cryptography.node
2015-08-03 03:51 - 2015-08-03 03:51 - 00124416 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\dss_service\node_modules\windows.cortana.pal\bin\NodeRT_Windows_Cortana_PAL.node
2013-10-14 11:30 - 2013-10-14 11:30 - 00065024 _____ () C:\Program Files\Hewlett-Packard\SimplePass\opvapp.exe
2015-08-29 13:51 - 2015-08-29 13:51 - 00007168 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_15.827.16340.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
2015-08-29 13:51 - 2015-08-29 13:51 - 11606528 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_15.827.16340.0_x64__8wekyb3d8bbwe\Microsoft.Photos.dll
2015-07-10 18:53 - 2015-07-10 18:53 - 07897088 _____ () C:\Program Files\WindowsApps\Microsoft.NET.Native.Framework.1.0_1.0.22929.0_x64__8wekyb3d8bbwe\SharedLibrary.dll
2015-09-18 15:30 - 2015-09-18 15:30 - 03495936 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1509.14010.0_x64__8wekyb3d8bbwe\Calculator.exe
2015-08-09 17:42 - 2015-08-09 17:42 - 00102864 _____ () C:\Program Files\AVAST Software\Avast\log.dll
2015-08-09 17:42 - 2015-08-09 17:42 - 00123976 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
2015-09-17 20:51 - 2015-09-17 20:51 - 02964480 _____ () C:\Program Files\AVAST Software\Avast\defs\15091703\algo.dll
2015-09-18 11:04 - 2015-09-18 11:04 - 02965504 _____ () C:\Program Files\AVAST Software\Avast\defs\15091800\algo.dll
2015-04-11 12:23 - 2015-04-11 12:23 - 40540672 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
==================== Alternate Data Streams (Nicht auf der Ausnahmeliste) =========
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird nur der ADS entfernt.)
AlternateDataStreams: C:\132954e6489889f28aef0a3d:Win32App
AlternateDataStreams: C:\3a727db3fe95fe643aec76:Win32App
AlternateDataStreams: C:\60d6eb3c48e8d15bfd:Win32App
AlternateDataStreams: C:\7cbf2ae7defba5cf754c22f685:Win32App
AlternateDataStreams: C:\9f7c0838ba71567d17d13b7719306c39:Win32App
AlternateDataStreams: C:\fb474331291e51eafd833ad2:Win32App
AlternateDataStreams: C:\Program Files\AMD:Win32App
AlternateDataStreams: C:\Program Files\AMD Quick Stream:Win32App
AlternateDataStreams: C:\Program Files\Bonjour:Win32App
AlternateDataStreams: C:\Program Files\Calibre2:Win32App
AlternateDataStreams: C:\Program Files\CCleaner:Win32App
AlternateDataStreams: C:\Program Files\Microsoft Silverlight:Win32App
AlternateDataStreams: C:\Program Files\Tracker Software:Win32App
AlternateDataStreams: C:\Program Files (x86)\Abbyy FineReader 6.0 Sprint:Win32App
AlternateDataStreams: C:\Program Files (x86)\AMD:Win32App
AlternateDataStreams: C:\Program Files (x86)\ATI Technologies:Win32App
AlternateDataStreams: C:\Program Files (x86)\Bonjour:Win32App
AlternateDataStreams: C:\Program Files (x86)\Hewlett-Packard:Win32App
AlternateDataStreams: C:\Program Files (x86)\HPConnectedMusic:Win32App
AlternateDataStreams: C:\Program Files (x86)\Malwarebytes Anti-Exploit:Win32App
AlternateDataStreams: C:\Program Files (x86)\ Malwarebytes Anti-Malware :Win32App
AlternateDataStreams: C:\Program Files (x86)\Microsoft Office:Win32App
AlternateDataStreams: C:\Program Files (x86)\Microsoft SQL Server Compact Edition:Win32App
AlternateDataStreams: C:\Program Files (x86)\Scribble Papers:Win32App
AlternateDataStreams: C:\Program Files (x86)\SpywareBlaster:Win32App
AlternateDataStreams: C:\Program Files (x86)\TV-Browser:Win32App
AlternateDataStreams: C:\Program Files (x86)\Windows Live:Win32App
AlternateDataStreams: C:\WINDOWS\My Product Name:Win32App
AlternateDataStreams: C:\Program Files\Common Files\microsoft shared:Win32App
AlternateDataStreams: C:\ProgramData\Temp:5C321E34
AlternateDataStreams: C:\ProgramData\{C6FA530F-BB98-4D9F-BA00-45FD0698077C}:Win32App
AlternateDataStreams: C:\Users\Berthold\SkyDrive:ms-properties
AlternateDataStreams: C:\Users\Berthold\Documents\Kalender-Excel-8.9:Win32App
==================== Abgesicherter Modus (Nicht auf der Ausnahmeliste) ===================
__________________ |
|
18.09.2015, 16:59
| #4 |
| | Eset findet "Win32/Bundled.Toolbar.Google.D" und "Win32/OpenCandy.C"Code:
ATTFilter (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Der Wert "AlternateShell" wird wiederhergestellt.)
==================== EXE Verknüpfungen (Nicht auf der Ausnahmeliste) ===============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt.)
==================== Internet Explorer Vertrauenswürdig/Eingeschränkt ===============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt.)
IE trusted site: HKU\S-1-5-21-3686684737-2695999886-1653246583-1002\...\localhost -> localhost
IE trusted site: HKU\S-1-5-21-3686684737-2695999886-1653246583-1002\...\webcompanion.com -> hxxp://webcompanion.com
IE restricted site: HKU\S-1-5-21-3686684737-2695999886-1653246583-1002\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-3686684737-2695999886-1653246583-1002\...\008k.com -> 008k.com
IE restricted site: HKU\S-1-5-21-3686684737-2695999886-1653246583-1002\...\00hq.com -> 00hq.com
IE restricted site: HKU\S-1-5-21-3686684737-2695999886-1653246583-1002\...\0190-dialers.com -> 0190-dialers.com
IE restricted site: HKU\S-1-5-21-3686684737-2695999886-1653246583-1002\...\01i.info -> 01i.info
IE restricted site: HKU\S-1-5-21-3686684737-2695999886-1653246583-1002\...\02pmnzy5eo29bfk4.com -> 02pmnzy5eo29bfk4.com
IE restricted site: HKU\S-1-5-21-3686684737-2695999886-1653246583-1002\...\0411dd.com -> 0411dd.com
IE restricted site: HKU\S-1-5-21-3686684737-2695999886-1653246583-1002\...\0511zfhl.com -> 0511zfhl.com
IE restricted site: HKU\S-1-5-21-3686684737-2695999886-1653246583-1002\...\05p.com -> 05p.com
IE restricted site: HKU\S-1-5-21-3686684737-2695999886-1653246583-1002\...\0632qyw.com -> 0632qyw.com
IE restricted site: HKU\S-1-5-21-3686684737-2695999886-1653246583-1002\...\07ic5do2myz3vzpk.com -> 07ic5do2myz3vzpk.com
IE restricted site: HKU\S-1-5-21-3686684737-2695999886-1653246583-1002\...\08nigbmwk43i01y6.com -> 08nigbmwk43i01y6.com
IE restricted site: HKU\S-1-5-21-3686684737-2695999886-1653246583-1002\...\093qpeuqpmz6ebfa.com -> 093qpeuqpmz6ebfa.com
IE restricted site: HKU\S-1-5-21-3686684737-2695999886-1653246583-1002\...\0calories.net -> 0calories.net
IE restricted site: HKU\S-1-5-21-3686684737-2695999886-1653246583-1002\...\0cj.net -> 0cj.net
IE restricted site: HKU\S-1-5-21-3686684737-2695999886-1653246583-1002\...\0scan.com -> 0scan.com
IE restricted site: HKU\S-1-5-21-3686684737-2695999886-1653246583-1002\...\1-britney-spears-nude.com -> 1-britney-spears-nude.com
IE restricted site: HKU\S-1-5-21-3686684737-2695999886-1653246583-1002\...\1-domains-registrations.com -> 1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-3686684737-2695999886-1653246583-1002\...\1-se.com -> 1-se.com
IE restricted site: HKU\S-1-5-21-3686684737-2695999886-1653246583-1002\...\1001movie.com -> 1001movie.com
Da befinden sich 6091 mehr eingeschränkte Seiten.
==================== Andere Bereiche ============================
(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)
HKU\S-1-5-21-3686684737-2695999886-1653246583-1002\Control Panel\Desktop\\Wallpaper -> C:\Users\Berthold\AppData\Local\Microsoft\Windows\Themes\RoamedThemeFiles\DesktopBackground\150dc770-fb3d-4a2b-a068-389dd77e5187_5 (2014_06_01 13_01_08 utc).jpg
DNS Servers: 192.168.178.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall ist aktiviert.
==================== MSCONFIG/TASK MANAGER Deaktivierte Einträge ==
(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)
HKLM\...\StartupApproved\Run: => "lxdeamon"
HKLM\...\StartupApproved\Run: => "lxdemon.exe"
HKLM\...\StartupApproved\Run32: => "SunJavaUpdateSched"
HKLM\...\StartupApproved\Run32: => "KiesTrayAgent"
HKLM\...\StartupApproved\Run32: => "FaxCenterServer"
HKLM\...\StartupApproved\Run32: => "lxdemon.exe"
HKLM\...\StartupApproved\Run32: => "lxdeamon"
HKLM\...\StartupApproved\Run32: => "Raptr"
HKU\S-1-5-21-3686684737-2695999886-1653246583-1002\...\StartupApproved\StartupFolder: => "Dropbox.lnk"
HKU\S-1-5-21-3686684737-2695999886-1653246583-1002\...\StartupApproved\Run: => "KiesPreload"
HKU\S-1-5-21-3686684737-2695999886-1653246583-1002\...\StartupApproved\Run: => "KiesAirMessage"
HKU\S-1-5-21-3686684737-2695999886-1653246583-1002\...\StartupApproved\Run: => "GoogleChromeAutoLaunch_7AE7B307EC33E1AD1AC0F79361FE2428"
HKU\S-1-5-21-3686684737-2695999886-1653246583-1002\...\StartupApproved\Run: => "CCleaner Monitoring"
HKU\S-1-5-21-3686684737-2695999886-1653246583-1002\...\StartupApproved\Run: => "Skype"
HKU\S-1-5-21-3686684737-2695999886-1653246583-1002\...\StartupApproved\Run: => "OneDrive"
HKU\S-1-5-21-3686684737-2695999886-1653246583-1002\...\StartupApproved\Run: => "Uninstall C:\Users\Berthold\AppData\Local\Microsoft\OneDrive\17.3.5892.0626\amd64"
HKU\S-1-5-21-3686684737-2695999886-1653246583-1002\...\StartupApproved\Run: => "Web Companion"
HKU\S-1-5-21-3686684737-2695999886-1653246583-1002\...\StartupApproved\Run: => "Google Update"
==================== Firewall Regeln (Nicht auf der Ausnahmeliste) ===============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{A693545B-724D-4927-A965-85DD154BCEA1}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPSOCKSVC.exe
FirewallRules: [UDP Query User{2BEFE274-467F-4B98-A76B-8F1CDD68D6F9}C:\users\berthold\appdata\local\temp\_istmp1.dir\_ins5576._mp] => (Allow) C:\users\berthold\appdata\local\temp\_istmp1.dir\_ins5576._mp
FirewallRules: [TCP Query User{662F43DA-FC53-4A18-89FF-4544CB3E278A}C:\users\berthold\appdata\local\temp\_istmp1.dir\_ins5576._mp] => (Allow) C:\users\berthold\appdata\local\temp\_istmp1.dir\_ins5576._mp
FirewallRules: [{2434788B-0B22-4276-A199-68110C2D8BDA}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPSOCKSVC.exe
FirewallRules: [{DB69D95C-9F6E-47E8-BB6A-6CF4F4463E1A}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\Movie\PowerDVD.exe
FirewallRules: [{A413E091-4058-4B25-8D82-66A4F3826AAE}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12ML.exe
FirewallRules: [{B808EA56-D6C3-4184-9235-E3C016D1E15B}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12Agent.exe
FirewallRules: [{C7D435C8-A3F2-4A5E-B9AD-160E23F13B62}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe
FirewallRules: [{02156C87-41F7-47AD-8227-72E384113E5D}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMR\PowerDVD12DMREngine.exe
FirewallRules: [{7508EBF2-AE73-4A19-972D-63BB13FE1729}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12.exe
FirewallRules: [{4F0BEF93-07BB-4674-97F4-C474A0A0B3B5}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPSOCKSVC.exe
FirewallRules: [{FF7E580B-1233-4622-8807-E194DB6A52D2}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{6C9BDE12-D9F9-49D3-8AE5-683CFC3C218A}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [UDP Query User{FF9966DD-6F04-4A7A-83F3-4EB8F6EFFFE4}C:\program files (x86)\growl for windows\growl.exe] => (Block) C:\program files (x86)\growl for windows\growl.exe
FirewallRules: [TCP Query User{108FFD9F-E0C8-41C7-B7A8-CBAA7C6A1109}C:\program files (x86)\growl for windows\growl.exe] => (Block) C:\program files (x86)\growl for windows\growl.exe
FirewallRules: [UDP Query User{64B0DAE1-CDA0-48D6-BDE8-3C61CE0EF63D}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [TCP Query User{B9B3EE39-BCD6-4F43-94D6-D6B641AC9C3E}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [UDP Query User{2239BC5B-104C-4FFD-8600-B6DD25360A12}C:\program files (x86)\lexmark 4800 series\lxdemon.exe] => (Block) C:\program files (x86)\lexmark 4800 series\lxdemon.exe
FirewallRules: [TCP Query User{C4B6CA84-F616-40D1-8E82-EBF8211C7CD1}C:\program files (x86)\lexmark 4800 series\lxdemon.exe] => (Block) C:\program files (x86)\lexmark 4800 series\lxdemon.exe
FirewallRules: [{39FEE209-0D96-4495-90A5-5D929F605B6E}] => (Allow) C:\Program Files (x86)\Twonky\TwonkyServer\twonkyserver.exe
FirewallRules: [{607A2AC2-CE98-4D5B-AAA3-FF9F1B2033C8}] => (Allow) C:\Program Files (x86)\Twonky\TwonkyServer\twonkyserver.exe
FirewallRules: [{F6750CC2-5CE8-48C1-A84E-0C95140605D6}] => (Allow) C:\Program Files (x86)\Twonky\TwonkyServer\twonkystarter.exe
FirewallRules: [{DFD55549-8449-47D8-B972-5AEE4CA9D088}] => (Allow) C:\Program Files (x86)\Twonky\TwonkyServer\twonkystarter.exe
FirewallRules: [{C577E3A7-75DB-4101-8A58-27C825CE2398}] => (Allow) C:\Windows\System32\spool\drivers\x64\3\lxdejswx.exe
FirewallRules: [{173D8151-DD0B-48EC-B114-2BD9D36979C2}] => (Allow) C:\Windows\System32\spool\drivers\x64\3\lxdejswx.exe
FirewallRules: [{A4694F8E-C8FA-43B4-BD17-4CD0EF07C717}] => (Allow) C:\Windows\System32\spool\drivers\x64\3\lxdetime.exe
FirewallRules: [{C24CD8FF-4848-456D-9DE7-64722B64E1AE}] => (Allow) C:\Windows\System32\spool\drivers\x64\3\lxdetime.exe
FirewallRules: [{D0644C59-CDDF-48C6-A55E-4DB616D780B4}] => (Allow) C:\Windows\System32\spool\drivers\x64\3\lxdepswx.exe
FirewallRules: [{7DB6BCD4-4AD9-430B-8F26-133AB57D8DCA}] => (Allow) C:\Windows\System32\spool\drivers\x64\3\lxdepswx.exe
FirewallRules: [{1CE7A1CC-2A3F-45B4-9C0B-6A8244713857}] => (Allow) C:\Windows\System32\lxdecoms.exe
FirewallRules: [{8439AE6C-3C4E-4FFA-9C11-8DF1186B219D}] => (Allow) C:\Windows\System32\lxdecoms.exe
FirewallRules: [{0F1BECBE-3779-4CF6-A64E-B9E79431FF94}] => (Allow) C:\Windows\System32\lxdecfg.exe
FirewallRules: [{BBFE8099-52AA-4E8D-B8D4-8E83C9DC35FE}] => (Allow) C:\Windows\System32\lxdecfg.exe
FirewallRules: [{9855A4ED-588D-4CF5-A59E-5D3B940BB4AF}] => (Allow) C:\Program Files (x86)\Lexmark 4800 Series\lxdemon.exe
FirewallRules: [{3575A985-524A-43D4-B0D3-8544D6D0A1AE}] => (Allow) C:\Program Files (x86)\Lexmark 4800 Series\lxdemon.exe
FirewallRules: [{14F3C682-7048-42A3-9642-4E66C18D772B}] => (Allow) C:\Program Files (x86)\Lexmark Fax Solutions\FaxCtr.exe
FirewallRules: [{0ECDAD07-92AD-45DF-B844-02C89E70C943}] => (Allow) C:\Program Files (x86)\Lexmark Fax Solutions\FaxCtr.exe
FirewallRules: [{31158FCD-7991-4634-AA04-6A7BACA447A0}] => (Allow) C:\Program Files (x86)\Abbyy FineReader 6.0 Sprint\Scan\ScanMan6.exe
FirewallRules: [{964B6E34-6C25-4F22-9B25-9E20C53DEF70}] => (Allow) C:\Program Files (x86)\Abbyy FineReader 6.0 Sprint\Scan\ScanMan6.exe
FirewallRules: [{D7711449-0EC2-4EF4-A955-E299EFB61FC0}] => (Allow) C:\Program Files (x86)\Lexmark 4800 Series\frun.exe
FirewallRules: [{3E440551-D617-4306-B65E-D0070BEDFBAE}] => (Allow) C:\Program Files (x86)\Lexmark 4800 Series\frun.exe
FirewallRules: [{D3B6E876-BE5B-4542-A200-34771D37AB72}] => (Allow) C:\Program Files (x86)\Lexmark 4800 Series\lxdeamon.exe
FirewallRules: [{C50EC38B-B9F3-48DE-8F87-F4D0BA744BA1}] => (Allow) C:\Program Files (x86)\Lexmark 4800 Series\lxdeamon.exe
FirewallRules: [{A469CA71-23F1-4E66-A1D0-DA84BCBBAB5B}] => (Allow) C:\Windows\SysWOW64\lxdecoms.exe
FirewallRules: [{E2012CD9-B7D3-4FE9-AA68-B23B4CC2BE4C}] => (Allow) C:\Windows\SysWOW64\lxdecoms.exe
FirewallRules: [{82011E68-DB03-4872-A8BA-D31104ACCB8F}] => (Allow) C:\Users\Berthold\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{D5DE0A02-4C38-4BBA-96A6-2312A3B8B54F}] => (Allow) C:\Users\Berthold\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{818B539D-0E04-47D2-8E0B-FCB0961E14C4}] => (Allow) C:\Windows\SysWOW64\muzapp.exe
FirewallRules: [{722DA0AC-F6A6-49C5-9328-DE3651BBF9D7}] => (Allow) C:\Windows\SysWOW64\muzapp.exe
FirewallRules: [{B859BC3B-50EB-4ECA-A10F-DB10676D902B}] => (Allow) LPort=1900
FirewallRules: [{FAB3784D-5728-4792-8F6B-2E6E9A215F0E}] => (Allow) LPort=2869
FirewallRules: [{0AD20097-0805-426F-8C1D-9E899353B3FA}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{1EA13D32-19E5-4F54-B6B1-DFB503C6800B}] => (Allow) C:\Program Files (x86)\Java\jre7\bin\javaw.exe
FirewallRules: [{708067F3-B530-4948-9A4E-2415B325F5EE}] => (Allow) C:\Program Files (x86)\Java\jre7\bin\javaw.exe
FirewallRules: [{F694A131-9248-42F4-9AA6-A3E20A7C32C0}] => (Allow) C:\Program Files (x86)\Java\jre7\bin\java.exe
FirewallRules: [{83D1599D-4784-4992-A4B4-9C00A4AA7917}] => (Allow) C:\Program Files (x86)\Java\jre7\bin\java.exe
FirewallRules: [{9A069695-977F-4015-9625-E17FB0FC05D0}] => (Allow) C:\Program Files (x86)\TV-Browser\tvbrowser_noDD.exe
FirewallRules: [{59605CBD-9753-40C7-A0F2-966C76015FBC}] => (Allow) C:\Program Files (x86)\TV-Browser\tvbrowser_noDD.exe
FirewallRules: [{271C54E2-C8AA-40C8-AE9C-B6210AAFE6F4}] => (Allow) C:\Program Files (x86)\TV-Browser\tvbrowser.exe
FirewallRules: [{8FD99964-732F-401D-AD7A-541B632CD220}] => (Allow) C:\Program Files (x86)\TV-Browser\tvbrowser.exe
FirewallRules: [{E9084636-8956-49DA-8739-F767BD8C528C}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe
FirewallRules: [{B45E4DEE-8CEC-435D-90BC-016331B51BCA}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe
FirewallRules: [{8400B4F1-3101-4C94-9284-E9C0DC997BDE}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDirector10\PDR10.EXE
FirewallRules: [{AD68F353-368A-432C-874A-3C52D33A8100}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe
FirewallRules: [{DD2009E8-67BE-49B5-BA0B-012B791EDBE7}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe
FirewallRules: [{259DFBC8-69CC-4025-879F-374B5AA0A83A}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{4741714C-05B4-45D4-B566-17B73F3C8BDF}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{B718A86E-4430-433F-AAE1-7E0A15B9124E}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{6171AE94-B1E0-4591-AC0D-E92F282EBA00}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{740316C6-89F0-4D5B-8F41-C9A588149EBE}] => (Allow) %LocalAppData%\HPConnectedMusic\Application\spotify_helper.exe
FirewallRules: [{2722EECD-EF33-4626-9E6F-768567C28F53}] => (Allow) %LocalAppData%\HPConnectedMusic\Application\spotify_helper.exe
FirewallRules: [{DC78DCEF-DC34-4F2E-8255-0C20811FC20D}] => (Allow) %LocalAppData%\HPConnectedMusic\Application\HPConnectedMusic.exe
FirewallRules: [{E2617407-4947-4E7D-B7E1-A8863EE2FEF2}] => (Allow) %LocalAppData%\HPConnectedMusic\Application\HPConnectedMusic.exe
FirewallRules: [{71387604-07E3-479C-A451-ED3F01D73EC0}] => (Allow) C:\Program Files (x86)\HPConnectedMusic\HPConnectedMusic.exe
FirewallRules: [{8E98784D-0CE3-4F1A-BE8F-085B9D9E157D}] => (Allow) C:\Program Files (x86)\HPConnectedMusic\HPConnectedMusic.exe
FirewallRules: [{5878246E-661D-4088-8C98-DB4ADCB4DBDB}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPDeviceDetection3.exe
FirewallRules: [{FBA90462-5879-4457-9C63-9C87CAB7566D}] => (Allow) C:\Program Files (x86)\Raptr\raptr.exe
FirewallRules: [{8EE5099B-F1FA-4B05-BAC9-F0D7C1F5BE39}] => (Allow) C:\Program Files (x86)\Raptr\raptr.exe
FirewallRules: [{CDF4E44E-3587-4C25-9313-2A48BD29421C}] => (Allow) C:\Program Files (x86)\Raptr\raptr_im.exe
FirewallRules: [{9C419513-00ED-402B-B16A-188716AC29BF}] => (Allow) C:\Program Files (x86)\Raptr\raptr_im.exe
FirewallRules: [{842FB6C5-F41B-4B97-A5C3-D6080DD4A1B5}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
==================== Fehlerhafte Geräte im Gerätemanager =============
Name: PnP-Monitor (Standard)
Description: PnP-Monitor (Standard)
Class Guid: {4d36e96e-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standardmonitortypen)
Service: monitor
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
==================== Fehlereinträge in der Ereignisanzeige: =========================
Applikationsfehler:
==================
Error: (09/18/2015 04:26:44 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10240.16384_none_f41f7b285750ef43.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10240.16384_none_f41f7b285750ef43.manifest2" in Zeile C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10240.16384_none_f41f7b285750ef43.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10240.16384_none_f41f7b285750ef43.manifest.
Komponente 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10240.16384_none_3bccb1ff6bcd1849.manifest.
Error: (09/18/2015 03:46:00 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10240.16384_none_f41f7b285750ef43.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10240.16384_none_f41f7b285750ef43.manifest2" in Zeile C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10240.16384_none_f41f7b285750ef43.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10240.16384_none_f41f7b285750ef43.manifest.
Komponente 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10240.16384_none_3bccb1ff6bcd1849.manifest.
Error: (09/18/2015 03:42:47 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10240.16384_none_f41f7b285750ef43.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10240.16384_none_f41f7b285750ef43.manifest2" in Zeile C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10240.16384_none_f41f7b285750ef43.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10240.16384_none_f41f7b285750ef43.manifest.
Komponente 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10240.16384_none_3bccb1ff6bcd1849.manifest.
Error: (09/18/2015 07:14:33 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10240.16384_none_f41f7b285750ef43.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10240.16384_none_f41f7b285750ef43.manifest2" in Zeile C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10240.16384_none_f41f7b285750ef43.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10240.16384_none_f41f7b285750ef43.manifest.
Komponente 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10240.16384_none_3bccb1ff6bcd1849.manifest.
Error: (09/17/2015 09:34:45 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: chrome.exe, Version: 45.0.2454.93, Zeitstempel: 0x55f350f6
Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000
Ausnahmecode: 0xc0000008
Fehleroffset: 0x6de154ba
ID des fehlerhaften Prozesses: 0x11a4
Startzeit der fehlerhaften Anwendung: 0xchrome.exe0
Pfad der fehlerhaften Anwendung: chrome.exe1
Pfad des fehlerhaften Moduls: chrome.exe2
Berichtskennung: chrome.exe3
Vollständiger Name des fehlerhaften Pakets: chrome.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: chrome.exe5
Error: (09/17/2015 09:09:36 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: chrome.exe, Version: 45.0.2454.93, Zeitstempel: 0x55f350f6
Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000
Ausnahmecode: 0xc0000008
Fehleroffset: 0x6de154ba
ID des fehlerhaften Prozesses: 0x1060
Startzeit der fehlerhaften Anwendung: 0xchrome.exe0
Pfad der fehlerhaften Anwendung: chrome.exe1
Pfad des fehlerhaften Moduls: chrome.exe2
Berichtskennung: chrome.exe3
Vollständiger Name des fehlerhaften Pakets: chrome.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: chrome.exe5
Error: (09/17/2015 09:03:46 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10240.16384_none_f41f7b285750ef43.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10240.16384_none_f41f7b285750ef43.manifest2" in Zeile C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10240.16384_none_f41f7b285750ef43.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10240.16384_none_f41f7b285750ef43.manifest.
Komponente 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10240.16384_none_3bccb1ff6bcd1849.manifest.
Error: (09/17/2015 08:56:02 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10240.16384_none_f41f7b285750ef43.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10240.16384_none_f41f7b285750ef43.manifest2" in Zeile C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10240.16384_none_f41f7b285750ef43.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10240.16384_none_f41f7b285750ef43.manifest.
Komponente 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10240.16384_none_3bccb1ff6bcd1849.manifest.
Error: (09/17/2015 08:56:01 PM) (Source: ESENT) (EventID: 413) (User: )
Description: SettingSyncHost (7968) Es konnte keine neue Protokolldatei erstellt werden, weil die Datenbank nicht auf das Protokolllaufwerk schreiben kann. Das Laufwerk ist möglicherweise schreibgeschützt, falsch konfiguriert, beschädigt oder hat zu wenig freien Speicherplatz. Fehler -1032.
Error: (09/17/2015 08:56:01 PM) (Source: ESENT) (EventID: 488) (User: )
Description: SettingSyncHost (7968) Der Versuch, die Datei "C:\WINDOWS\system32\edbtmp.log" zu erstellen, ist mit Systemfehler 5 (0x00000005): "Zugriff verweigert " fehlgeschlagen. Fehler -1032 (0xfffffbf8) beim Erstellen von Dateien.
Systemfehler:
=============
Error: (09/18/2015 09:35:51 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "eapihdrv" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1275
Error: (09/18/2015 09:35:51 AM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \??\C:\Users\Berthold\AppData\Local\Temp\ehdrv.sys
Error: (09/18/2015 09:35:50 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "eapihdrv" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1275
Error: (09/18/2015 09:35:50 AM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \??\C:\Users\Berthold\AppData\Local\Temp\ehdrv.sys
Error: (09/18/2015 09:35:50 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "eapihdrv" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1275
Error: (09/18/2015 09:35:50 AM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \??\C:\Users\Berthold\AppData\Local\Temp\ehdrv.sys
Error: (09/18/2015 09:35:50 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "eapihdrv" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1275
Error: (09/18/2015 09:35:50 AM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \??\C:\Users\Berthold\AppData\Local\Temp\ehdrv.sys
Error: (09/18/2015 09:35:50 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "eapihdrv" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1275
Error: (09/18/2015 09:35:50 AM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \??\C:\Users\Berthold\AppData\Local\Temp\ehdrv.sys
CodeIntegrity:
===================================
Date: 2015-09-18 13:17:36.140
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2015-09-18 13:17:36.049
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2015-09-18 13:17:35.304
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2015-09-18 13:17:35.188
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2015-09-18 13:17:35.066
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2015-09-18 13:17:34.972
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2015-09-18 13:17:34.846
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2015-09-18 13:17:34.730
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2015-09-18 13:17:34.620
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2015-09-18 13:17:34.519
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
==================== Speicherinformationen ===========================
Prozessor: AMD A8-4500M APU with Radeon(tm) HD Graphics
Prozentuale Nutzung des RAM: 35%
Installierter physikalischer RAM: 7366.26 MB
Verfügbarer physikalischer RAM: 4716.86 MB
Summe virtueller Speicher: 8518.26 MB
Verfügbarer virtueller Speicher: 5454.38 MB
==================== Laufwerke ================================
Drive c: () (Fixed) (Total:682.79 GB) (Free:599.92 GB) NTFS
Drive d: (RECOVERY) (Fixed) (Total:15.07 GB) (Free:1.48 GB) NTFS ==>[System mit Startkomponenten (eingeholt von lesen Laufwerk)]
==================== MBR & Partitionstabelle ==================
========================================================
Disk: 0 (Size: 698.6 GB) (Disk ID: E8C19AB5)
Partition: GPT.
==================== Ende von Addition.txt ============================
__________________ L.G. Nachtmann |
|
19.09.2015, 16:16
| #5 |
| /// the machine /// TB-Ausbilder | Eset findet "Win32/Bundled.Toolbar.Google.D" und "Win32/OpenCandy.C" Alles gut, da wurden nur Downloads angemeckert. Du musst unbedingt aufpassen was du lädst und wo.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
19.09.2015, 20:05
| #6 |
| | Eset findet "Win32/Bundled.Toolbar.Google.D" und "Win32/OpenCandy.C" Hi, dannn danke ich dir herzlichst. Bin ich also sauber? Ich habe eigentlich nix runtergeladen. Außer Aktualisierungen von CCleaner, Adwcleaner etc. Und die immer von File Pony. Na ja...
__________________ --> Eset findet "Win32/Bundled.Toolbar.Google.D" und "Win32/OpenCandy.C" |
|
20.09.2015, 12:16
| #7 | |
| /// the machine /// TB-Ausbilder | Eset findet "Win32/Bundled.Toolbar.Google.D" und "Win32/OpenCandy.C"Zitat:
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
21.09.2015, 14:22
| #9 |
| /// the machine /// TB-Ausbilder | Eset findet "Win32/Bundled.Toolbar.Google.D" und "Win32/OpenCandy.C" Ja, fertig  Beim Installieren eben den zusätzlichen Mist abwählen. Cleanup: (Die Reihenfolge ist hier entscheidend) Falls Defogger verwendet wurde: Erneut starten und auf Re-enable klicken. Falls Combofix verwendet wurde:  Combofix deinstallieren .
Alle Logs gepostet? Dann lade Dir bitte  DelFix herunter.
Hinweis: DelFix entfernt u.a. alle verwendeten Programme, die Quarantäne unserer Scanner, den Java-Cache und löscht sich abschließend selbst. Starte Deinen Rechner abschließend neu. Sollten jetzt noch Programme aus unserer Bereinigung übrig sein, kannst Du diese bedenkenlos löschen. Wenn Du möchtest, kannst Du hier sagen, ob Du mit mir und meiner Hilfe zufrieden warst...  und/oder das Forum mit einer kleinen Spende  unterstützen.   Absicherung:Beim Betriebsystem Windows die automatischen Updates aktivieren. Auch die sicherheitsrelevante Software sollte immer nur in der aktuellsten Version vorliegen: Browser Java Flash-Player PDF-Reader Sicherheitslücken in deren alten Versionen werden dazu ausgenutzt, um beim einfachen Besuch einer manipulierten Website per "Drive-by" Malware zu installieren. Ich empfehle z.B. die Verwendung von Mozilla Firefox statt des Internet Explorers. Zudem lassen sich mit dem Firefox auch PDF-Dokumente öffnen. Aktiviere eine Firewall. Die in Windows integrierte genügt im Normalfall völlig. Verwende ein Antivirusprogramm mit Echtzeitscanner und stets aktueller Signaturendatenbank. Meine Empfehlung:  Emsisoft Zusätzlich kannst Du Deinen PC regelmäßig mit Malwarebytes Anti-Malware und ESET scannen. Optional:  NoScript verhindert das Ausführen von aktiven Inhalten (Java, JavaScript, Flash,...) für sämtliche Websites. Man kann aber nach dem Prinzip einer Whitelist festlegen, auf welchen Seiten Scripts erlaubt werden sollen. Malwarebytes Anti Exploit: Schützt die Anwendungen des Computers vor der Ausnutzung bekannter Schwachstellen.Lade Software von einem sauberen Portal wie  .Wähle beim Installieren von Software immer die benutzerdefinierte Option und entferne den Haken bei allen optional angebotenen Toolbars oder sonstigen, fürs Programm, irrelevanten Ergänzungen. Um Adware wieder los zu werden, empfiehlt sich zunächst die Deinstallation sowie die anschließende Resteentfernung mit Adwarecleaner . Abschließend noch ein paar grundsätzliche Bemerkungen: Ändere regelmäßig Deine wichtigen Online-Passwörter und erstelle regelmäßig Backups Deiner wichtigen Dateien oder des Systems. Der Nutzen von Registry-Cleanern, Optimizern usw. zur Performancesteigerung ist umstritten. Ich empfehle deshalb, die Finger von der Registry zu lassen und lieber die windowseigene Datenträgerbereinigung zu verwenden.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
21.09.2015, 15:45
| #10 |
| | Eset findet "Win32/Bundled.Toolbar.Google.D" und "Win32/OpenCandy.C" Dann danke ich dir nochmals gaaaaanz dolle für alles und wünsche dir alles Gute. 
__________________ L.G. Nachtmann |
|
22.09.2015, 15:48
| #11 |
| /// the machine /// TB-Ausbilder | Eset findet "Win32/Bundled.Toolbar.Google.D" und "Win32/OpenCandy.C" Gern Geschehen
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
| Themen zu Eset findet "Win32/Bundled.Toolbar.Google.D" und "Win32/OpenCandy.C" |
| antivirus, appdata, avast, bericht, betriebssystem, browser, ccsetup, check, code, datei, dateien, downloader, escan, eset, home, log, malwarebytes, microsoft, online, ordner, prüfen, scan, server, software, total, windows |
+ R Taste und schreibe Combofix /Uninstall in das 
Linear-Darstellung
