| |
| |||||||
Log-Analyse und Auswertung: Trojaner eBay&email Hack vom PC entfernenWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
03.12.2015, 09:48
| #1 |
 |  Trojaner eBay&email Hack vom PC entfernen Hallo an alle! ich wurde vor ein paar Wochen Opfer eines Hackangriffs auf mein ebay Kleinanzeigen und mein EMail Konto wodurch der Verkauf eines Autos auf meinen Namen durchgeführt werden sollte. Die Sache wurde glücklicherweise früh genug von eBay unterbunden. Der Virenscann mit Avira hat mir dann auch prompt den Fund eines Trojaners auf meiner Festplatte gemeldet. Die log-Datei ist leider nicht mehr bei Avira gelistet. Über Avira habe ich den Trojaner dann löschen lassen und naiver Weise gedacht die Sache wäre nun erledigt. Der PC (/Surface Pro 3) läuft auch ohne Probleme. In den letzten Tag sind mir jetzt aber doch ein paar Ungereimtheiten aufgefallen: mein E-Mail Konto zeigt mir fehlgeschlagene Logins an welche nicht von mir kommen und das lrz Netnetzwerk in der Uni sperrt mir ab und dann den Zugang wegen "exzessiver Überschreitung der erlaubten Packetrate" bei normaler Internetnutzung. Daher der Vermutung, dass der Trojaner u.U. noch aktiv ist. Im Anhang die geforderten Logfiles. GMER spuckt leider gleich beim Starten die Fehlermeldung "C:\Windows\[...]: Der Prozess kann nicht auf die Datei zugreifen, da sie von einem anderen Prozess verwendet wird." und hängt sich beim Bestätigen auf. Die angegeben Anweisungen wurden befolgt. Vielen Dank schon einmal für die Hilfe! Additional.txt musste ich leider aus Rücksicht auf die maximale Zeichenlänge herausnehmen. Reiche ich im nächsten Beitrag nach! defogger_disable.log Code:
ATTFilter defogger_disable by jpshortstuff (23.02.10.1)
Log created at 09:15 on 03/12/2015 (Lorenz)
Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.
Checking for services/drivers...
-=E.O.F=-
Code:
ATTFilter Untersuchungsergebnis von Farbar Recovery Scan Tool (FRST) (x64) Version:01-12-2015
durchgeführt von Lorenz (Administrator) auf LOLLOSURFACE (03-12-2015 09:22:49)
Gestartet von C:\Users\Lorenz\Downloads
Geladene Profile: Lorenz (Verfügbare Profile: Lorenz)
Platform: Windows 10 Pro Version 1511 (X64) Sprache: Deutsch (Deutschland)
Internet Explorer Version 11 (Standard-Browser: FF)
Start-Modus: Normal
Anleitung für Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Prozesse (Nicht auf der Ausnahmeliste) =================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Prozess geschlossen. Die Datei wird nicht verschoben.)
(Cisco Systems, Inc.) C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe
(Intel Corporation) C:\Windows\SysWOW64\IntelCpHeciSvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avguard.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Autodesk, Inc.) C:\Program Files\Autodesk\Inventor 2014\Moldflow\bin\mitsijm.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(devolo AG) C:\Program Files (x86)\devolo\dlan\devolonetsvc.exe
() C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avshadow.exe
(1&1 Mail & Media GmbH) C:\Users\Lorenz\AppData\Local\WEB.DE Application {sync-000021}\webde_onlinespeicher.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
(Akamai Technologies, Inc.) C:\Users\Lorenz\AppData\Local\Akamai\netsession_win.exe
(Akamai Technologies, Inc.) C:\Users\Lorenz\AppData\Local\Akamai\netsession_win.exe
(Autodesk, Inc.) C:\Program Files\Autodesk\Autodesk Sync\AdSync.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\office15\onenotem.exe
(Dropbox, Inc.) C:\Users\Lorenz\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Cisco Systems, Inc.) C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.Systray.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avgnt.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersServer.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\csisyncclient.exe
(Microsoft Corporation) C:\Windows\System32\InstallAgent.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.WindowsStore_2015.23.23.0_x64__8wekyb3d8bbwe\WinStore.Mobile.exe
() C:\Program Files\WindowsApps\Microsoft.CommsPhone_1.10.23004.0_x64__8wekyb3d8bbwe\CallsApp.exe
() C:\Program Files\WindowsApps\Microsoft.ConnectivityStore_1.1511.2.0_x64__8wekyb3d8bbwe\ConnectivityStore.Windows.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.29.1\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.29.1\GoogleCrashHandler64.exe
() C:\Program Files\WindowsApps\Microsoft.Messaging_1.11.19004.0_x86__8wekyb3d8bbwe\SkypeHost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\office15\msosync.exe
() C:\Users\Lorenz\Downloads\Gmer-19357.exe
==================== Registry (Nicht auf der Ausnahmeliste) ===========================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt. Die Datei wird nicht verschoben.)
HKLM-x32\...\Run: [doubleTwist] => C:\Program Files (x86)\doubleTwist\doubleTwist.Light.exe
HKLM-x32\...\Run: [Wondershare Helper Compact.exe] => C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe [2072928 2014-10-31] (Wondershare)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2015-06-16] (Apple Inc.)
HKLM-x32\...\Run: [Avira SystrayStartTrigger] => C:\Program Files (x86)\Avira\Launcher\Avira.SystrayStartTrigger.exe [66320 2015-11-03] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [Cisco AnyConnect Secure Mobility Agent for Windows] => C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe [708496 2015-09-23] (Cisco Systems, Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [597040 2015-10-06] (Oracle Corporation)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\Antivirus\avgnt.exe [803200 2015-12-01] (Avira Operations GmbH & Co. KG)
Winlogon\Notify\ScCertProp: wlnotify.dll [X]
HKU\S-1-5-21-2261460588-3622448717-587553582-1001\...\Run: [WEB.DE Application {sync-000021}] => C:\Users\Lorenz\AppData\Local\WEB.DE Application {sync-000021}\webde_onlinespeicher.exe [794112 2015-10-29] (1&1 Mail & Media GmbH)
HKU\S-1-5-21-2261460588-3622448717-587553582-1001\...\Run: [Spotify Web Helper] => C:\Users\Lorenz\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1676344 2015-02-08] (Spotify Ltd)
HKU\S-1-5-21-2261460588-3622448717-587553582-1001\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [60688 2015-10-21] (Apple Inc.)
HKU\S-1-5-21-2261460588-3622448717-587553582-1001\...\Run: [ApplePhotoStreams] => C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [61200 2015-10-21] (Apple Inc.)
HKU\S-1-5-21-2261460588-3622448717-587553582-1001\...\Run: [Dropbox Update] => C:\Users\Lorenz\AppData\Local\Dropbox\Update\DropboxUpdate.exe [134512 2015-06-17] (Dropbox, Inc.)
HKU\S-1-5-21-2261460588-3622448717-587553582-1001\...\Run: [iCloudDrive] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe [103696 2015-10-21] (Apple Inc.)
HKU\S-1-5-21-2261460588-3622448717-587553582-1001\...\Run: [Akamai NetSession Interface] => C:\Users\Lorenz\AppData\Local\Akamai\netsession_win.exe [4691384 2015-09-10] (Akamai Technologies, Inc.)
HKU\S-1-5-21-2261460588-3622448717-587553582-1001\...\Run: [Autodesk Sync] => C:\Program Files\Autodesk\Autodesk Sync\AdSync.exe [1081224 2013-02-05] (Autodesk, Inc.)
ShellIconOverlayIdentifiers: [ 1&1 Sync Overlay 1] -> {02B2B772-B8A8-4DA4-9B18-42551A54A1A8} => C:\Program Files\Common Files\1&1 Sync\1&1SyncShellExtension64_1_0_0_3_20151009105810302.dll [2015-08-21] (1&1 Mail & Media GmbH)
ShellIconOverlayIdentifiers: [ 1&1 Sync Overlay 2] -> {0575AB16-E932-4160-8936-4DBE195BDBD7} => C:\Program Files\Common Files\1&1 Sync\1&1SyncShellExtension64_1_0_0_3_20151009105810302.dll [2015-08-21] (1&1 Mail & Media GmbH)
ShellIconOverlayIdentifiers: [ 1&1 Sync Overlay 3] -> {0E9EF89A-96D3-4DE6-B2F8-E9548AA5321E} => C:\Program Files\Common Files\1&1 Sync\1&1SyncShellExtension64_1_0_0_3_20151009105810302.dll [2015-08-21] (1&1 Mail & Media GmbH)
ShellIconOverlayIdentifiers: [ 1&1 Sync Overlay 4] -> {1A4AFFE1-B2F9-483D-B627-D9A339DBFD34} => C:\Program Files\Common Files\1&1 Sync\1&1SyncShellExtension64_1_0_0_3_20151009105810302.dll [2015-08-21] (1&1 Mail & Media GmbH)
ShellIconOverlayIdentifiers: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Lorenz\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll [2015-11-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Lorenz\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll [2015-11-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Lorenz\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll [2015-11-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Lorenz\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll [2015-11-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Lorenz\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll [2015-11-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Lorenz\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll [2015-11-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Lorenz\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll [2015-11-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Lorenz\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll [2015-11-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [AutoCAD Digital Signatures Icon Overlay Handler] -> {36A21736-36C2-4C11-8ACB-D4136F2B57BD} => C:\WINDOWS\system32\AcSignIcon.dll [2013-02-08] (Autodesk, Inc.)
ShellIconOverlayIdentifiers-x32: [ 1&1 Sync Overlay 1] -> {02B2B772-B8A8-4DA4-9B18-42551A54A1A8} => C:\Program Files (x86)\Common Files\1&1 Sync\1&1SyncShellExtension_1_0_0_3_20151009105810302.dll [2015-08-21] (1&1 Mail & Media GmbH)
ShellIconOverlayIdentifiers-x32: [ 1&1 Sync Overlay 2] -> {0575AB16-E932-4160-8936-4DBE195BDBD7} => C:\Program Files (x86)\Common Files\1&1 Sync\1&1SyncShellExtension_1_0_0_3_20151009105810302.dll [2015-08-21] (1&1 Mail & Media GmbH)
ShellIconOverlayIdentifiers-x32: [ 1&1 Sync Overlay 3] -> {0E9EF89A-96D3-4DE6-B2F8-E9548AA5321E} => C:\Program Files (x86)\Common Files\1&1 Sync\1&1SyncShellExtension_1_0_0_3_20151009105810302.dll [2015-08-21] (1&1 Mail & Media GmbH)
ShellIconOverlayIdentifiers-x32: [ 1&1 Sync Overlay 4] -> {1A4AFFE1-B2F9-483D-B627-D9A339DBFD34} => C:\Program Files (x86)\Common Files\1&1 Sync\1&1SyncShellExtension_1_0_0_3_20151009105810302.dll [2015-08-21] (1&1 Mail & Media GmbH)
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro1 (ErrorConflict)] -> {8BA85C75-763B-4103-94EB-9470F12FE0F7} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2015-10-13] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro2 (SyncInProgress)] -> {CD55129A-B1A1-438E-A425-CEBC7DC684EE} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2015-10-13] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro3 (InSync)] -> {E768CD3B-BDDC-436D-9C13-E1B39CA257B1} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2015-10-13] (Microsoft Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\phase-6 Reminder.lnk [2015-10-20]
ShortcutTarget: phase-6 Reminder.lnk -> C:\Program Files (x86)\phase-6\phase-6\reminder\reminder.exe (phase-6)
Startup: C:\Users\Lorenz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\An OneNote senden.lnk [2015-12-02]
ShortcutTarget: An OneNote senden.lnk -> C:\Program Files\Microsoft Office 15\root\office15\onenotem.exe (Microsoft Corporation)
Startup: C:\Users\Lorenz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2015-11-12]
ShortcutTarget: Dropbox.lnk -> C:\Users\Lorenz\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
==================== Internet (Nicht auf der Ausnahmeliste) ====================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Eintrag entfernt oder auf den Standardwert zurückgesetzt, wenn es sich um einen Registryeintrag handelt.)
Tcpip\..\Interfaces\{4af4bd94-f876-4a1e-aafd-4c94f42317df}: [NameServer] 10.156.33.53,129.187.5.1
Tcpip\..\Interfaces\{524448cb-31f1-4839-9c46-203aa2eaab44}: [DhcpNameServer] 192.168.2.1
Internet Explorer:
==================
HKU\S-1-5-21-2261460588-3622448717-587553582-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://istart.webssearches.com/?type=hp&ts=1414232571&from=exp&uid=ST3500320AS_6QM0WA8AXXXX6QM0WA8A
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll [2015-10-13] (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_65\bin\ssv.dll [2015-11-13] (Oracle Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [2015-10-13] (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_65\bin\jp2ssv.dll [2015-11-13] (Oracle Corporation)
BHO: DVDVideoSoft IE Extension -> {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} -> C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns64.dll [2014-10-15] (DVDVideoSoft Ltd.)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\Office15\OCHelper.dll [2015-10-13] (Microsoft Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2015-10-13] (Microsoft Corporation)
BHO-x32: DVDVideoSoft IE Extension -> {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} -> C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll [2015-01-28] (DVDVideoSoft Ltd.)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2015-02-03] (Microsoft Corporation)
FireFox:
========
FF ProfilePath: C:\Users\Lorenz\AppData\Roaming\Mozilla\Firefox\Profiles\e2xmbe04.default
FF Homepage: hxxp://go.web.de/tb/mff_startpage
FF Session Restore: -> ist aktiviert.
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_19_0_0_245.dll [2015-11-11] ()
FF Plugin: @java.com/DTPlugin,version=11.65.2 -> C:\Program Files\Java\jre1.8.0_65\bin\dtplugin\npDeployJava1.dll [2015-11-13] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.65.2 -> C:\Program Files\Java\jre1.8.0_65\bin\plugin2\npjp2.dll [2015-11-13] (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_19_0_0_245.dll [2015-11-11] ()
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2015-01-12] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2015-01-12] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xdp -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2015-01-12] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xfdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2015-01-12] (Foxit Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2015-02-17] (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2014-10-14] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-02] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-02] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-09-30] (Adobe Systems Inc.)
FF Plugin-x32: PDF Architect 2 -> C:\Program Files (x86)\PDF Architect 2\np-previewer.dll [2014-10-10] (pdfforge GmbH)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2015-09-30] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npPDFXCviewNPPlugin.dll [2014-10-28] (Tracker Software Products (Canada) Ltd.)
FF SearchPlugin: C:\Users\Lorenz\AppData\Roaming\Mozilla\Firefox\Profiles\e2xmbe04.default\searchplugins\avira-safesearch.xml [2015-02-26]
FF SearchPlugin: C:\Users\Lorenz\AppData\Roaming\Mozilla\Firefox\Profiles\e2xmbe04.default\searchplugins\google-images.xml [2014-10-14]
FF SearchPlugin: C:\Users\Lorenz\AppData\Roaming\Mozilla\Firefox\Profiles\e2xmbe04.default\searchplugins\google-maps.xml [2014-10-14]
FF SearchPlugin: C:\Users\Lorenz\AppData\Roaming\Mozilla\Firefox\Profiles\e2xmbe04.default\searchplugins\youtube.xml [2015-10-28]
FF Extension: WOT - C:\Users\Lorenz\AppData\Roaming\Mozilla\Firefox\Profiles\e2xmbe04.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} [2015-11-28]
FF Extension: Avira Browser Safety - C:\Users\Lorenz\AppData\Roaming\Mozilla\Firefox\Profiles\e2xmbe04.default\Extensions\abs@avira.com [2015-10-23] [ist nicht signiert]
FF Extension: Cliqz - C:\Users\Lorenz\AppData\Roaming\Mozilla\Firefox\Profiles\e2xmbe04.default\Extensions\cliqz@cliqz.com.xpi [2015-11-09] [ist nicht signiert]
FF Extension: YouTube to MP3 Free Converter - C:\Users\Lorenz\AppData\Roaming\Mozilla\Firefox\Profiles\e2xmbe04.default\Extensions\extension@321youtube.com.xpi [2015-05-29]
FF Extension: MEGA - C:\Users\Lorenz\AppData\Roaming\Mozilla\Firefox\Profiles\e2xmbe04.default\Extensions\firefox@mega.co.nz.xpi [2015-11-10] [ist nicht signiert]
FF Extension: WEB.DE MailCheck - C:\Users\Lorenz\AppData\Roaming\Mozilla\Firefox\Profiles\e2xmbe04.default\Extensions\mailcheck@web.de [2015-11-09]
FF Extension: DVDVideoSoft YouTube MP3 and Video Download - C:\Users\Lorenz\AppData\Roaming\Mozilla\Firefox\Profiles\e2xmbe04.default\Extensions\{B64D9B05-48E1-4CEB-BF58-E0643994E900}.xpi [2015-01-28] [ist nicht signiert]
FF Extension: SoundCloud Downloader - Technowise - C:\Users\Lorenz\AppData\Roaming\Mozilla\Firefox\Profiles\e2xmbe04.default\Extensions\{c8d3bc80-0810-4d21-a2c2-be5f2b2832ac}.xpi [2015-09-30]
FF Extension: Adblock Plus - C:\Users\Lorenz\AppData\Roaming\Mozilla\Firefox\Profiles\e2xmbe04.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2015-11-26]
FF HKU\S-1-5-21-2261460588-3622448717-587553582-1001\...\Firefox\Extensions: [cliqz@cliqz.com] - C:\Users\Lorenz\AppData\Roaming\Mozilla\Firefox\Profiles\e2xmbe04.default\extensions\cliqz@cliqz.com => nicht gefunden
Chrome:
=======
CHR Profile: C:\Users\Lorenz\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Präsentationen) - C:\Users\Lorenz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-02-10]
CHR Extension: (Google Docs) - C:\Users\Lorenz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-02-10]
CHR Extension: (Google Drive) - C:\Users\Lorenz\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-24]
CHR Extension: (YouTube) - C:\Users\Lorenz\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-10-22]
CHR Extension: (Google-Suche) - C:\Users\Lorenz\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-28]
CHR Extension: (Google Tabellen) - C:\Users\Lorenz\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-02-10]
CHR Extension: (Avira Browserschutz) - C:\Users\Lorenz\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk [2015-10-22]
CHR Extension: (Google Docs Offline) - C:\Users\Lorenz\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-11-20]
CHR Extension: (Chrome Web Store-Zahlungen) - C:\Users\Lorenz\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-07-25]
CHR Extension: (Google Mail) - C:\Users\Lorenz\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-04-16]
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
==================== Dienste (Nicht auf der Ausnahmeliste) ========================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
S2 AntiVirMailService; C:\Program Files (x86)\Avira\Antivirus\avmailc7.exe [948392 2015-12-01] (Avira Operations GmbH & Co. KG)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\Antivirus\sched.exe [466408 2015-12-01] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\Antivirus\avguard.exe [466408 2015-12-01] (Avira Operations GmbH & Co. KG)
S2 AntiVirWebService; C:\Program Files (x86)\Avira\Antivirus\avwebg7.exe [1418560 2015-12-01] (Avira Operations GmbH & Co. KG)
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77104 2015-09-02] (Apple Inc.)
R2 Avira.ServiceHost; C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe [250136 2015-11-03] (Avira Operations GmbH & Co. KG)
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2797752 2015-10-13] (Microsoft Corporation)
R2 DevoloNetworkService; C:\Program Files (x86)\devolo\dlan\devolonetsvc.exe [3755976 2015-07-01] (devolo AG)
R2 mitsijm2014; C:\Program Files\Autodesk\Inventor 2014\Moldflow\bin\mitsijm.exe [952608 2013-01-25] (Autodesk, Inc.)
R2 PassThru Service; C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [167424 2012-12-07] () [Datei ist nicht signiert]
S3 PDF Architect 2; C:\Program Files (x86)\PDF Architect 2\ws.exe [1771560 2014-10-10] (pdfforge GmbH)
S3 pdfforge CrashHandler; C:\Program Files (x86)\PDF Architect 2\crash-handler-ws.exe [861736 2014-10-10] (pdfforge GmbH)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [364464 2015-10-30] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2015-10-30] (Microsoft Corporation)
===================== Treiber (Nicht auf der Ausnahmeliste) ==========================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [135880 2015-12-01] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [146696 2015-12-01] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\system32\DRIVERS\avkmgr.sys [35488 2015-12-01] (Avira Operations GmbH & Co. KG)
R2 avnetflt; C:\Windows\system32\DRIVERS\avnetflt.sys [73032 2015-12-01] (Avira Operations GmbH & Co. KG)
S3 HtcVCom32; C:\Windows\system32\DRIVERS\HtcVComV64.sys [121800 2010-03-09] (QUALCOMM Incorporated)
S3 iaLPSS_GPIO; C:\Windows\System32\drivers\iaLPSS_GPIO.sys [24568 2013-10-07] (Intel Corporation)
S3 iaLPSS_I2C; C:\Windows\System32\drivers\iaLPSS_I2C.sys [99320 2013-10-07] (Intel Corporation)
R3 MEIx64; C:\Windows\System32\drivers\TeeDriverW8x64.sys [193336 2015-09-30] (Intel Corporation)
R3 mrvlpcie8897; C:\Windows\System32\drivers\mrvlpcie8897.sys [1037824 2015-10-30] (Marvell Semiconductors Inc.)
R2 NPF_devolo; C:\Windows\sysWOW64\drivers\npf_devolo.sys [34048 2015-07-01] (CACE Technologies)
S3 SCL01164; C:\Windows\system32\DRIVERS\SCL01164.sys [72320 2010-05-07] (SCM Microsystems Inc.)
R3 SurfaceAccessoryDevice; C:\Windows\System32\drivers\SurfaceAccessoryDevice.sys [51856 2014-05-30] (Microsoft Corporation)
R3 SurfaceCapacitiveHomeButton; C:\Windows\System32\drivers\SurfaceCapacitiveHomeButton.sys [44152 2014-11-27] (Microsoft Corporation)
R3 SurfaceDisplayCalibration; C:\Windows\System32\drivers\SurfaceDisplayCalibration.sys [41616 2014-05-02] (Microsoft Corporation)
R3 SurfaceIntegrationDriver; C:\Windows\System32\drivers\SurfaceIntegrationDriver.sys [63000 2015-09-30] (Microsoft Corporation)
R0 SurfacePciController; C:\Windows\System32\drivers\SurfacePciController.sys [35440 2014-10-08] (Microsoft Corporation)
R3 SurfacePenDriver; C:\Windows\System32\drivers\SurfacePenDriver.sys [76424 2015-03-31] (Microsoft Corporation)
S3 SurfaceTypeCover; C:\Windows\System32\drivers\SurfaceTypeCover.sys [67592 2015-10-27] (Microsoft Corporation)
S3 SurfaceTypeCoverV3Integration; C:\Windows\System32\drivers\SurfaceTypeCoverV3Integration.sys [52760 2015-10-27] (Microsoft Corporation)
R3 TrueColor; C:\Windows\system32\DRIVERS\TrueColor.sys [35952 2014-07-07] ()
R3 vpnva; C:\Windows\System32\drivers\vpnva64-6.sys [52592 2015-09-23] (Cisco Systems, Inc.)
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44568 2015-10-30] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [293216 2015-10-30] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [118112 2015-10-30] (Microsoft Corporation)
U3 uxliykoc; C:\Users\Lorenz\AppData\Local\Temp\uxliykoc.sys [56496 2015-12-03] (GMER) [Datei ist nicht signiert]
==================== NetSvcs (Nicht auf der Ausnahmeliste) ===================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
==================== Ein Monat: Erstellte Dateien und Ordner ========
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)
2015-12-03 09:22 - 2015-12-03 09:23 - 00026884 _____ C:\Users\Lorenz\Downloads\FRST.txt
2015-12-03 09:22 - 2015-12-03 09:22 - 00000000 ____D C:\FRST
2015-12-03 09:17 - 2015-12-03 09:19 - 02350080 _____ (Farbar) C:\Users\Lorenz\Downloads\FRST64.exe
2015-12-03 09:15 - 2015-12-03 09:15 - 00000000 _____ C:\Users\Lorenz\defogger_reenable
2015-12-03 09:14 - 2015-12-03 09:21 - 00380416 _____ C:\Users\Lorenz\Downloads\Gmer-19357.exe
2015-12-03 09:14 - 2015-12-03 09:15 - 00050477 _____ C:\Users\Lorenz\Downloads\Defogger.exe
2015-12-02 11:41 - 2015-12-02 11:41 - 00000000 ___HD C:\OneDriveTemp
2015-12-02 11:41 - 2015-12-02 11:41 - 00000000 ____D C:\Users\Lorenz\AppData\Local\ActiveSync
2015-12-02 11:33 - 2015-12-02 11:33 - 00000020 ___SH C:\Users\Lorenz\ntuser.ini
2015-12-02 11:33 - 2015-12-02 11:33 - 00000000 _SHDL C:\Users\Default\Vorlagen
2015-12-02 11:33 - 2015-12-02 11:33 - 00000000 _SHDL C:\Users\Default\Startmenü
2015-12-02 11:33 - 2015-12-02 11:33 - 00000000 _SHDL C:\Users\Default\Netzwerkumgebung
2015-12-02 11:33 - 2015-12-02 11:33 - 00000000 _SHDL C:\Users\Default\Lokale Einstellungen
2015-12-02 11:33 - 2015-12-02 11:33 - 00000000 _SHDL C:\Users\Default\Eigene Dateien
2015-12-02 11:33 - 2015-12-02 11:33 - 00000000 _SHDL C:\Users\Default\Druckumgebung
2015-12-02 11:33 - 2015-12-02 11:33 - 00000000 _SHDL C:\Users\Default\Documents\Eigene Videos
2015-12-02 11:33 - 2015-12-02 11:33 - 00000000 _SHDL C:\Users\Default\Documents\Eigene Musik
2015-12-02 11:33 - 2015-12-02 11:33 - 00000000 _SHDL C:\Users\Default\Documents\Eigene Bilder
2015-12-02 11:33 - 2015-12-02 11:33 - 00000000 _SHDL C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2015-12-02 11:33 - 2015-12-02 11:33 - 00000000 _SHDL C:\Users\Default\AppData\Local\Verlauf
2015-12-02 11:33 - 2015-12-02 11:33 - 00000000 _SHDL C:\Users\Default\AppData\Local\Anwendungsdaten
2015-12-02 11:33 - 2015-12-02 11:33 - 00000000 _SHDL C:\Users\Default\Anwendungsdaten
2015-12-02 11:33 - 2015-12-02 11:33 - 00000000 _SHDL C:\Users\Default User\Documents\Eigene Videos
2015-12-02 11:33 - 2015-12-02 11:33 - 00000000 _SHDL C:\Users\Default User\Documents\Eigene Musik
2015-12-02 11:33 - 2015-12-02 11:33 - 00000000 _SHDL C:\Users\Default User\Documents\Eigene Bilder
2015-12-02 11:33 - 2015-12-02 11:33 - 00000000 _SHDL C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2015-12-02 11:33 - 2015-12-02 11:33 - 00000000 _SHDL C:\Users\Default User\AppData\Local\Verlauf
2015-12-02 11:33 - 2015-12-02 11:33 - 00000000 _SHDL C:\Users\Default User\AppData\Local\Anwendungsdaten
2015-12-02 11:30 - 2015-12-02 11:39 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2015-12-02 11:26 - 2015-12-02 11:26 - 00001576 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2015-12-02 11:21 - 2015-12-02 11:27 - 00000000 ____D C:\WINDOWS\system32\config\bbimigrate
2015-12-02 11:20 - 2015-12-03 09:15 - 00000000 ____D C:\Users\Lorenz
2015-12-02 11:20 - 2015-12-02 11:20 - 00000000 _SHDL C:\Users\Lorenz\Vorlagen
2015-12-02 11:20 - 2015-12-02 11:20 - 00000000 _SHDL C:\Users\Lorenz\Startmenü
2015-12-02 11:20 - 2015-12-02 11:20 - 00000000 _SHDL C:\Users\Lorenz\Netzwerkumgebung
2015-12-02 11:20 - 2015-12-02 11:20 - 00000000 _SHDL C:\Users\Lorenz\Lokale Einstellungen
2015-12-02 11:20 - 2015-12-02 11:20 - 00000000 _SHDL C:\Users\Lorenz\Eigene Dateien
2015-12-02 11:20 - 2015-12-02 11:20 - 00000000 _SHDL C:\Users\Lorenz\Druckumgebung
2015-12-02 11:20 - 2015-12-02 11:20 - 00000000 _SHDL C:\Users\Lorenz\Documents\Eigene Videos
2015-12-02 11:20 - 2015-12-02 11:20 - 00000000 _SHDL C:\Users\Lorenz\Documents\Eigene Musik
2015-12-02 11:20 - 2015-12-02 11:20 - 00000000 _SHDL C:\Users\Lorenz\Documents\Eigene Bilder
2015-12-02 11:20 - 2015-12-02 11:20 - 00000000 _SHDL C:\Users\Lorenz\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2015-12-02 11:20 - 2015-12-02 11:20 - 00000000 _SHDL C:\Users\Lorenz\AppData\Local\Verlauf
2015-12-02 11:20 - 2015-12-02 11:20 - 00000000 _SHDL C:\Users\Lorenz\AppData\Local\Anwendungsdaten
2015-12-02 11:20 - 2015-12-02 11:20 - 00000000 _SHDL C:\Users\Lorenz\Anwendungsdaten
2015-12-02 11:19 - 2015-12-02 11:19 - 00000000 ____H C:\WINDOWS\system32\Drivers\Msft_User_SensorsHid_02_15_00.Wdf
2015-12-02 11:19 - 2015-12-02 11:19 - 00000000 ____H C:\WINDOWS\system32\Drivers\Msft_Kernel_TrueColor_01011.Wdf
2015-12-02 11:19 - 2015-12-02 11:19 - 00000000 ____H C:\WINDOWS\system32\Drivers\Msft_Kernel_SurfacePenDriver_01011.Wdf
2015-12-02 11:19 - 2015-12-02 11:19 - 00000000 ____D C:\WINDOWS\SysWOW64\TrueColor5.2
2015-12-02 11:19 - 2015-12-02 11:19 - 00000000 ____D C:\WINDOWS\system32\TrueColor5.2
2015-12-02 11:19 - 2015-10-30 08:17 - 02718208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PrintConfig.dll
2015-12-02 11:19 - 2015-09-06 12:12 - 00099856 _____ (Khronos Group) C:\WINDOWS\system32\OpenCL.DLL
2015-12-02 11:18 - 2015-12-02 11:18 - 00000000 ____H C:\ProgramData\DP45977C.lfl
2015-12-02 11:18 - 2015-12-02 11:18 - 00000000 ____D C:\WINDOWS\Firmware
2015-12-02 11:18 - 2015-12-02 11:18 - 00000000 ____D C:\Program Files\Intel
2015-12-02 11:17 - 2015-12-03 08:39 - 00000000 ____D C:\WINDOWS\system32\SleepStudy
2015-12-02 11:17 - 2015-12-02 12:00 - 00000000 ___DC C:\WINDOWS\Panther
2015-12-02 11:17 - 2015-12-02 11:39 - 00442840 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2015-12-02 11:15 - 2015-12-02 11:15 - 24603136 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2015-12-02 11:15 - 2015-12-02 11:15 - 22572632 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2015-12-02 11:15 - 2015-12-02 11:15 - 22394880 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2015-12-02 11:15 - 2015-12-02 11:15 - 21125408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2015-12-02 11:15 - 2015-12-02 11:15 - 19339776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2015-12-02 11:15 - 2015-12-02 11:15 - 18677760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2015-12-02 11:15 - 2015-12-02 11:15 - 16984064 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2015-12-02 11:15 - 2015-12-02 11:15 - 13376512 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2015-12-02 11:15 - 2015-12-02 11:15 - 13017088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2015-12-02 11:15 - 2015-12-02 11:15 - 12120064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2015-12-02 11:15 - 2015-12-02 11:15 - 11545088 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2015-12-02 11:15 - 2015-12-02 11:15 - 09918976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2015-12-02 11:15 - 2015-12-02 11:15 - 07476576 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2015-12-02 11:15 - 2015-12-02 11:15 - 03670832 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2015-12-02 11:15 - 2015-12-02 11:15 - 03592704 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2015-12-02 11:15 - 2015-12-02 11:15 - 02918808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2015-12-02 11:15 - 2015-12-02 11:15 - 02756096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.tlb
2015-12-02 11:15 - 2015-12-02 11:15 - 02756096 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.tlb
2015-12-02 11:15 - 2015-12-02 11:15 - 02587136 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFMediaEngine.dll
2015-12-02 11:15 - 2015-12-02 11:15 - 02544264 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
2015-12-02 11:15 - 2015-12-02 11:15 - 02444288 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.appcore.dll
2015-12-02 11:15 - 2015-12-02 11:15 - 02179584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll
2015-12-02 11:15 - 2015-12-02 11:15 - 02064384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFMediaEngine.dll
2015-12-02 11:15 - 2015-12-02 11:15 - 02001408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.appcore.dll
2015-12-02 11:15 - 2015-12-02 11:15 - 01998848 _____ (Microsoft Corporation) C:\WINDOWS\system32\ActiveSyncProvider.dll
2015-12-02 11:15 - 2015-12-02 11:15 - 01707008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ActiveSyncProvider.dll
2015-12-02 11:15 - 2015-12-02 11:15 - 01393664 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2015-12-02 11:15 - 2015-12-02 11:15 - 01268736 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.Resources.dll
2015-12-02 11:15 - 2015-12-02 11:15 - 01268736 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.Resources.dll
2015-12-02 11:15 - 2015-12-02 11:15 - 01212416 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwansvc.dll
2015-12-02 11:15 - 2015-12-02 11:15 - 01063424 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2015-12-02 11:15 - 2015-12-02 11:15 - 00969728 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
2015-12-02 11:15 - 2015-12-02 11:15 - 00914944 _____ (Microsoft Corporation) C:\WINDOWS\system32\usermgr.dll
2015-12-02 11:15 - 2015-12-02 11:15 - 00911648 _____ (Microsoft Corporation) C:\WINDOWS\system32\dcomp.dll
2015-12-02 11:15 - 2015-12-02 11:15 - 00870400 _____ (Microsoft Corporation) C:\WINDOWS\system32\modernexecserver.dll
2015-12-02 11:15 - 2015-12-02 11:15 - 00809312 _____ (Microsoft Corporation) C:\WINDOWS\system32\WWAHost.exe
2015-12-02 11:15 - 2015-12-02 11:15 - 00803840 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2015-12-02 11:15 - 2015-12-02 11:15 - 00791552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll
2015-12-02 11:15 - 2015-12-02 11:15 - 00704352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WWAHost.exe
2015-12-02 11:15 - 2015-12-02 11:15 - 00698208 _____ (Microsoft Corporation) C:\WINDOWS\system32\wimgapi.dll
2015-12-02 11:15 - 2015-12-02 11:15 - 00675064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dcomp.dll
2015-12-02 11:15 - 2015-12-02 11:15 - 00674816 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.dll
2015-12-02 11:15 - 2015-12-02 11:15 - 00647168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2015-12-02 11:15 - 2015-12-02 11:15 - 00630632 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontdrvhost.exe
2015-12-02 11:15 - 2015-12-02 11:15 - 00623616 _____ (Microsoft Corporation) C:\WINDOWS\system32\PhoneProviders.dll
2015-12-02 11:15 - 2015-12-02 11:15 - 00586208 _____ (Microsoft Corporation) C:\WINDOWS\system32\mf.dll
2015-12-02 11:15 - 2015-12-02 11:15 - 00586080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wimgapi.dll
2015-12-02 11:15 - 2015-12-02 11:15 - 00578912 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\afd.sys
2015-12-02 11:15 - 2015-12-02 11:15 - 00543232 _____ (Microsoft Corporation) C:\WINDOWS\system32\StoreAgent.dll
2015-12-02 11:15 - 2015-12-02 11:15 - 00540752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontdrvhost.exe
2015-12-02 11:15 - 2015-12-02 11:15 - 00536768 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSes.dll
2015-12-02 11:15 - 2015-12-02 11:15 - 00523616 _____ (Microsoft Corporation) C:\WINDOWS\system32\wimserv.exe
2015-12-02 11:15 - 2015-12-02 11:15 - 00517632 _____ (Microsoft Corporation) C:\WINDOWS\system32\winspool.drv
2015-12-02 11:15 - 2015-12-02 11:15 - 00516544 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEng.dll
2015-12-02 11:15 - 2015-12-02 11:15 - 00511320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mf.dll
2015-12-02 11:15 - 2015-12-02 11:15 - 00497664 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmkvsrcsnk.dll
2015-12-02 11:15 - 2015-12-02 11:15 - 00490496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.dll
2015-12-02 11:15 - 2015-12-02 11:15 - 00454056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioEng.dll
2015-12-02 11:15 - 2015-12-02 11:15 - 00450560 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Bluetooth.dll
2015-12-02 11:15 - 2015-12-02 11:15 - 00414720 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcastdvr.exe
2015-12-02 11:15 - 2015-12-02 11:15 - 00409088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\StoreAgent.dll
2015-12-02 11:15 - 2015-12-02 11:15 - 00408128 _____ (Microsoft Corporation) C:\WINDOWS\system32\AUDIOKSE.dll
2015-12-02 11:15 - 2015-12-02 11:15 - 00405048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioSes.dll
2015-12-02 11:15 - 2015-12-02 11:15 - 00400896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winspool.drv
2015-12-02 11:15 - 2015-12-02 11:15 - 00382464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmkvsrcsnk.dll
2015-12-02 11:15 - 2015-12-02 11:15 - 00369912 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiodg.exe
2015-12-02 11:15 - 2015-12-02 11:15 - 00366224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AUDIOKSE.dll
2015-12-02 11:15 - 2015-12-02 11:15 - 00365568 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\atmfd.dll
2015-12-02 11:15 - 2015-12-02 11:15 - 00334736 _____ (Microsoft Corporation) C:\WINDOWS\system32\policymanager.dll
2015-12-02 11:15 - 2015-12-02 11:15 - 00334336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\bcastdvr.exe
2015-12-02 11:15 - 2015-12-02 11:15 - 00315904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Internal.Bluetooth.dll
2015-12-02 11:15 - 2015-12-02 11:15 - 00303104 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\atmfd.dll
2015-12-02 11:15 - 2015-12-02 11:15 - 00296488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\policymanager.dll
2015-12-02 11:15 - 2015-12-02 11:15 - 00292352 _____ (Microsoft Corporation) C:\WINDOWS\system32\provengine.dll
2015-12-02 11:15 - 2015-12-02 11:15 - 00286720 _____ (Microsoft Corporation) C:\WINDOWS\system32\deviceaccess.dll
2015-12-02 11:15 - 2015-12-02 11:15 - 00286208 _____ (Microsoft Corporation) C:\WINDOWS\system32\provhandlers.dll
2015-12-02 11:15 - 2015-12-02 11:15 - 00275456 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll
2015-12-02 11:15 - 2015-12-02 11:15 - 00245848 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfps.dll
2015-12-02 11:15 - 2015-12-02 11:15 - 00231936 _____ (Microsoft Corporation) C:\WINDOWS\system32\KnobsCore.dll
2015-12-02 11:15 - 2015-12-02 11:15 - 00227840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\deviceaccess.dll
2015-12-02 11:15 - 2015-12-02 11:15 - 00204800 _____ (Microsoft Corporation) C:\WINDOWS\system32\Microsoft-Windows-AppModelExecEvents.dll
2015-12-02 11:15 - 2015-12-02 11:15 - 00198656 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallAgent.exe
2015-12-02 11:15 - 2015-12-02 11:15 - 00192000 _____ (Microsoft Corporation) C:\WINDOWS\system32\provisioningcsp.dll
2015-12-02 11:15 - 2015-12-02 11:15 - 00165376 _____ (Microsoft Corporation) C:\WINDOWS\system32\provdatastore.dll
2015-12-02 11:15 - 2015-12-02 11:15 - 00163328 _____ (Microsoft Corporation) C:\WINDOWS\system32\provops.dll
2015-12-02 11:15 - 2015-12-02 11:15 - 00162304 _____ (Microsoft Corporation) C:\WINDOWS\system32\tetheringservice.dll
2015-12-02 11:15 - 2015-12-02 11:15 - 00161792 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceCensus.exe
2015-12-02 11:15 - 2015-12-02 11:15 - 00160768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallAgent.exe
2015-12-02 11:15 - 2015-12-02 11:15 - 00122368 _____ (Microsoft Corporation) C:\WINDOWS\system32\KnobsCsp.dll
2015-12-02 11:15 - 2015-12-02 11:15 - 00118624 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tdx.sys
2015-12-02 11:15 - 2015-12-02 11:15 - 00118272 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontsub.dll
2015-12-02 11:15 - 2015-12-02 11:15 - 00116728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfps.dll
2015-12-02 11:15 - 2015-12-02 11:15 - 00115200 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2015-12-02 11:15 - 2015-12-02 11:15 - 00110032 _____ (Microsoft Corporation) C:\WINDOWS\system32\EncDump.dll
2015-12-02 11:15 - 2015-12-02 11:15 - 00093696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontsub.dll
2015-12-02 11:15 - 2015-12-02 11:15 - 00092352 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2015-12-02 11:15 - 2015-12-02 11:15 - 00089600 _____ (Microsoft Corporation) C:\WINDOWS\system32\NFCProvisioningPlugin.dll
2015-12-02 11:15 - 2015-12-02 11:15 - 00088392 _____ (Microsoft Corporation) C:\WINDOWS\system32\remoteaudioendpoint.dll
2015-12-02 11:15 - 2015-12-02 11:15 - 00087040 _____ (Microsoft Corporation) C:\WINDOWS\system32\tzautoupdate.dll
2015-12-02 11:15 - 2015-12-02 11:15 - 00086528 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppCapture.dll
2015-12-02 11:15 - 2015-12-02 11:15 - 00078336 _____ (Microsoft Corporation) C:\WINDOWS\system32\BarcodeProvisioningPlugin.dll
2015-12-02 11:15 - 2015-12-02 11:15 - 00077312 _____ (Microsoft Corporation) C:\WINDOWS\system32\ProvPluginEng.dll
2015-12-02 11:15 - 2015-12-02 11:15 - 00075264 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwanprotdim.dll
2015-12-02 11:15 - 2015-12-02 11:15 - 00073360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\remoteaudioendpoint.dll
2015-12-02 11:15 - 2015-12-02 11:15 - 00070656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppCapture.dll
2015-12-02 11:15 - 2015-12-02 11:15 - 00056320 _____ (Microsoft Corporation) C:\WINDOWS\system32\provtool.exe
2015-12-02 11:15 - 2015-12-02 11:15 - 00052736 _____ (Microsoft Corporation) C:\WINDOWS\system32\tetheringclient.dll
2015-12-02 11:15 - 2015-12-02 11:15 - 00052736 _____ (Microsoft Corporation) C:\WINDOWS\system32\RemovableMediaProvisioningPlugin.dll
2015-12-02 11:15 - 2015-12-02 11:15 - 00045568 _____ (Adobe Systems) C:\WINDOWS\system32\atmlib.dll
2015-12-02 11:15 - 2015-12-02 11:15 - 00043520 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcastdvr.proxy.dll
2015-12-02 11:15 - 2015-12-02 11:15 - 00037376 _____ (Microsoft Corporation) C:\WINDOWS\system32\LaunchWinApp.exe
2015-12-02 11:15 - 2015-12-02 11:15 - 00037376 _____ (Adobe Systems) C:\WINDOWS\SysWOW64\atmlib.dll
2015-12-02 11:15 - 2015-12-02 11:15 - 00035680 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wimmount.sys
2015-12-02 11:15 - 2015-12-02 11:15 - 00035656 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfpmp.exe
2015-12-02 11:15 - 2015-12-02 11:15 - 00032040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfpmp.exe
2015-12-02 11:15 - 2015-12-02 11:15 - 00030720 _____ (Microsoft Corporation) C:\WINDOWS\system32\tetheringconfigsp.dll
2015-12-02 11:15 - 2015-12-02 11:15 - 00029696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LaunchWinApp.exe
2015-12-02 11:15 - 2015-12-02 11:15 - 00028160 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Management.Provisioning.ProxyStub.dll
2015-12-02 11:15 - 2015-12-02 11:15 - 00027136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\bcastdvr.proxy.dll
2015-12-02 11:15 - 2015-12-02 11:15 - 00017408 _____ (Microsoft Corporation) C:\WINDOWS\system32\IcsEntitlementHost.exe
2015-12-02 11:15 - 2015-12-02 11:15 - 00014336 _____ (Microsoft Corporation) C:\WINDOWS\system32\dciman32.dll
2015-12-02 11:15 - 2015-12-02 11:15 - 00011776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dciman32.dll
2015-12-02 11:15 - 2015-12-02 11:15 - 00007680 _____ (Microsoft Corporation) C:\WINDOWS\system32\readingviewresources.dll
2015-12-02 11:15 - 2015-12-02 11:15 - 00003072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\lpk.dll
2015-12-02 11:15 - 2015-12-02 11:15 - 00003072 _____ (Microsoft Corporation) C:\WINDOWS\system32\lpk.dll
2015-12-02 11:15 - 2015-12-02 11:15 - 00000000 ____D C:\Windows.old
2015-12-02 11:13 - 2015-12-02 11:13 - 00008192 _____ C:\WINDOWS\system32\config\userdiff
2015-12-02 11:11 - 2015-12-02 11:11 - 00000000 ____D C:\WINDOWS\SysWOW64\XPSViewer
2015-12-02 11:11 - 2015-12-02 11:11 - 00000000 ____D C:\Program Files\Reference Assemblies
2015-12-02 11:11 - 2015-12-02 11:11 - 00000000 ____D C:\Program Files\MSBuild
2015-12-02 11:11 - 2015-12-02 11:11 - 00000000 ____D C:\Program Files (x86)\Reference Assemblies
2015-12-02 11:11 - 2015-12-02 11:11 - 00000000 ____D C:\Program Files (x86)\MSBuild
2015-12-02 11:11 - 2015-10-23 17:47 - 00778936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PresentationNative_v0300.dll
2015-12-02 11:11 - 2015-10-23 17:47 - 00103120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2015-12-02 11:11 - 2015-10-23 17:47 - 00035480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TsWpfWrp.exe
2015-12-02 11:11 - 2015-10-23 17:46 - 01166520 _____ (Microsoft Corporation) C:\WINDOWS\system32\PresentationNative_v0300.dll
2015-12-02 11:11 - 2015-10-23 17:46 - 00035480 _____ (Microsoft Corporation) C:\WINDOWS\system32\TsWpfWrp.exe
2015-12-02 11:11 - 2015-10-23 17:45 - 00124624 _____ (Microsoft Corporation) C:\WINDOWS\system32\PresentationCFFRasterizerNative_v0300.dll
2015-11-27 22:15 - 2015-12-01 14:15 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2015-11-27 21:54 - 2015-11-27 21:54 - 05359935 _____ C:\Users\Lorenz\Downloads\kinox_app_1.0.5.apk
2015-11-23 17:35 - 2015-11-23 17:35 - 00000000 ____D C:\Users\Lorenz\AppData\Roaming\Avira
2015-11-23 16:34 - 2015-12-01 14:13 - 00146696 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avipbb.sys
2015-11-23 16:34 - 2015-12-01 14:13 - 00135880 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avgntflt.sys
2015-11-23 16:34 - 2015-12-01 14:13 - 00073032 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avnetflt.sys
2015-11-23 16:34 - 2015-12-01 14:13 - 00035488 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avkmgr.sys
2015-11-23 16:32 - 2015-11-23 16:32 - 04584344 _____ (Avira Operations GmbH & Co. KG) C:\Users\Lorenz\Downloads\avira_de_av_5655784164__ws.exe
2015-11-23 16:31 - 2015-07-05 11:08 - 00300704 _____ (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe
2015-11-23 16:28 - 2015-11-23 16:29 - 00000000 ____D C:\escw_103_sa
2015-11-23 16:17 - 2015-11-23 16:18 - 152989672 _____ C:\Users\Lorenz\Downloads\escw_103_sa_sfx.exe
2015-11-20 08:13 - 2015-11-20 10:36 - 00000000 ____D C:\Users\Lorenz\AppData\Local\ABBF10EB-058A-4174-AE2A-78C7323AAD12.aplzod
2015-11-19 11:50 - 2015-12-02 11:27 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iCloud
2015-11-14 23:13 - 2015-11-28 18:39 - 00000000 ____D C:\Users\Lorenz\AppData\Local\Foxit Reader
2015-11-13 13:19 - 2015-11-13 13:19 - 00000000 ____D C:\Users\Lorenz\.tooling
2015-11-13 13:12 - 2015-11-30 13:19 - 00000000 ____D C:\Users\Lorenz\AppData\Local\Eclipse
2015-11-13 13:10 - 2015-11-13 13:10 - 00001126 _____ C:\Users\Lorenz\Desktop\Eclipse Java Mars.lnk
2015-11-13 13:10 - 2015-11-13 13:10 - 00000000 ____D C:\Users\Lorenz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Eclipse
2015-11-13 13:03 - 2015-11-13 13:03 - 00000000 ____D C:\Users\Lorenz\eclipse
2015-11-13 13:03 - 2015-11-13 13:03 - 00000000 ____D C:\Users\Lorenz\AppData\Roaming\Sun
2015-11-13 13:03 - 2015-11-13 13:03 - 00000000 ____D C:\Users\Lorenz\AppData\LocalLow\Sun
2015-11-13 13:02 - 2015-12-02 11:27 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2015-11-13 13:02 - 2015-11-30 13:19 - 00000000 ____D C:\Users\Lorenz\.p2
2015-11-13 13:02 - 2015-11-13 13:02 - 00110176 _____ (Oracle Corporation) C:\WINDOWS\system32\WindowsAccessBridge-64.dll
2015-11-13 13:01 - 2015-11-13 13:04 - 00000000 ____D C:\ProgramData\Oracle
2015-11-13 13:01 - 2015-11-13 13:03 - 00000000 ____D C:\Users\Lorenz\.oracle_jre_usage
2015-11-13 13:01 - 2015-11-13 13:01 - 46355176 _____ C:\Users\Lorenz\Downloads\eclipse-inst-win64.exe
2015-11-13 12:58 - 2015-12-02 11:27 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java Development Kit
2015-11-13 12:58 - 2015-11-13 13:01 - 00000000 ____D C:\Program Files\Java
2015-11-13 12:57 - 2015-11-13 12:57 - 00000000 ____D C:\Users\Lorenz\AppData\LocalLow\Oracle
2015-11-13 12:55 - 2015-11-13 12:57 - 195629144 _____ (Oracle Corporation) C:\Users\Lorenz\Downloads\jdk-8u65-windows-x64.exe
2015-11-12 16:17 - 2015-12-02 11:27 - 00000000 ____D C:\Users\Lorenz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2015-11-11 12:44 - 2015-11-23 19:57 - 631695404 _____ C:\WINDOWS\MEMORY.DMP
==================== Ein Monat: Geänderte Dateien und Ordner ========
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)
2015-12-03 09:22 - 2015-10-30 07:28 - 00000000 ____D C:\Windows
2015-12-03 09:10 - 2015-06-17 07:00 - 00001254 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskUserS-1-5-21-2261460588-3622448717-587553582-1001UA.job
2015-12-03 08:50 - 2015-10-30 08:24 - 00000000 ___HD C:\Program Files\WindowsApps
2015-12-03 08:50 - 2015-10-30 08:24 - 00000000 ____D C:\WINDOWS\AppReadiness
2015-12-03 08:49 - 2014-10-16 15:30 - 00000884 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2015-12-03 08:48 - 2015-10-30 19:35 - 00776766 _____ C:\WINDOWS\system32\perfh007.dat
2015-12-03 08:48 - 2015-10-30 19:35 - 00155544 _____ C:\WINDOWS\system32\perfc007.dat
2015-12-03 08:48 - 2015-10-30 08:21 - 00000000 ____D C:\WINDOWS\INF
2015-12-03 08:48 - 2015-08-03 23:45 - 01799166 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2015-12-03 08:42 - 2015-10-30 08:24 - 00000000 ____D C:\WINDOWS\appcompat
2015-12-03 08:39 - 2014-10-14 19:24 - 00004166 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{CA419BB4-6605-47F9-9529-DB8D2C018ECF}
2015-12-02 22:28 - 2015-01-22 15:44 - 00001144 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2015-12-02 16:30 - 2015-10-30 08:24 - 00000000 ____D C:\WINDOWS\LiveKernelReports
2015-12-02 15:11 - 2015-06-17 07:00 - 00001202 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskUserS-1-5-21-2261460588-3622448717-587553582-1001Core.job
2015-12-02 13:25 - 2015-01-22 15:44 - 00001140 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2015-12-02 13:20 - 2015-01-22 15:44 - 00004202 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2015-12-02 13:20 - 2015-01-22 15:44 - 00003970 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2015-12-02 11:46 - 2014-10-14 19:17 - 00000000 ____D C:\Users\Lorenz\AppData\Local\Packages
2015-12-02 11:41 - 2015-08-04 08:20 - 00002407 _____ C:\Users\Lorenz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2015-12-02 11:41 - 2014-10-15 21:30 - 00000000 ___RD C:\Users\Lorenz\Dropbox
2015-12-02 11:41 - 2014-10-15 21:28 - 00000000 ____D C:\Users\Lorenz\AppData\Roaming\Dropbox
2015-12-02 11:41 - 2014-10-14 19:20 - 00000000 __RDO C:\Users\Lorenz\OneDrive
2015-12-02 11:40 - 2015-10-30 08:24 - 00000000 ___RD C:\WINDOWS\DevicesFlow
2015-12-02 11:39 - 2015-08-01 11:37 - 00000000 ___RD C:\Users\Lorenz\iCloudDrive
2015-12-02 11:34 - 2015-10-30 08:24 - 00000000 ___RD C:\WINDOWS\PrintDialog
2015-12-02 11:34 - 2015-10-30 08:24 - 00000000 ___RD C:\WINDOWS\MiracastView
2015-12-02 11:33 - 2015-10-30 08:24 - 00000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2015-12-02 11:33 - 2015-10-30 08:24 - 00000000 ____D C:\Program Files\Windows NT
2015-12-02 11:33 - 2014-08-06 14:02 - 00000000 __RHD C:\Users\Public\AccountPictures
2015-12-02 11:32 - 2015-10-30 08:24 - 00000000 ____D C:\WINDOWS\rescache
2015-12-02 11:32 - 2015-10-30 08:24 - 00000000 ____D C:\WINDOWS\Registration
2015-12-02 11:32 - 2015-08-01 23:13 - 00020958 _____ C:\WINDOWS\diagwrn.xml
2015-12-02 11:32 - 2015-08-01 23:13 - 00020958 _____ C:\WINDOWS\diagerr.xml
2015-12-02 11:31 - 2015-10-30 08:24 - 00000000 ____D C:\WINDOWS\system32\WinBioDatabase
2015-12-02 11:30 - 2015-10-30 08:24 - 00000000 __RSD C:\WINDOWS\Media
2015-12-02 11:30 - 2015-10-30 08:24 - 00000000 __RHD C:\Users\Public\Libraries
2015-12-02 11:30 - 2015-08-03 23:43 - 00023056 _____ C:\WINDOWS\system32\emptyregdb.dat
2015-12-02 11:30 - 2015-07-22 13:00 - 00002954 _____ C:\WINDOWS\System32\Tasks\Adobe Acrobat Update Task
2015-12-02 11:30 - 2015-06-17 07:00 - 00003868 _____ C:\WINDOWS\System32\Tasks\DropboxUpdateTaskUserS-1-5-21-2261460588-3622448717-587553582-1001UA
2015-12-02 11:30 - 2015-06-17 07:00 - 00003596 _____ C:\WINDOWS\System32\Tasks\DropboxUpdateTaskUserS-1-5-21-2261460588-3622448717-587553582-1001Core
2015-12-02 11:30 - 2014-10-16 15:30 - 00003098 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2015-12-02 11:30 - 2014-10-14 19:24 - 00002878 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2261460588-3622448717-587553582-1001
2015-12-02 11:27 - 2015-10-30 08:24 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2015-12-02 11:27 - 2015-10-30 07:28 - 00524288 ___SH C:\WINDOWS\system32\config\BBI
2015-12-02 11:27 - 2015-10-30 07:28 - 00008192 ___SH C:\WINDOWS\system32\config\ELAM
2015-12-02 11:27 - 2015-10-29 08:46 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2015-12-02 11:27 - 2015-10-25 12:15 - 00000000 ____D C:\Users\Lorenz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Autodesk
2015-12-02 11:27 - 2015-10-25 12:07 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Autodesk Inventor 2014
2015-12-02 11:27 - 2015-10-25 12:04 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DWG TrueView 2014
2015-12-02 11:27 - 2015-10-25 12:02 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Autodesk
2015-12-02 11:27 - 2015-10-20 09:11 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\phase-6
2015-12-02 11:27 - 2015-08-04 09:15 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
2015-12-02 11:27 - 2015-07-10 10:05 - 00000000 ____D C:\Users\Default.migrated
2015-12-02 11:27 - 2015-07-08 11:19 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
2015-12-02 11:27 - 2015-07-04 08:27 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\devolo
2015-12-02 11:27 - 2015-04-14 20:47 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RStudio
2015-12-02 11:27 - 2015-04-14 17:04 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\R
2015-12-02 11:27 - 2015-03-24 17:11 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ElsterFormular
2015-12-02 11:27 - 2015-01-22 15:44 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-12-02 11:27 - 2014-11-20 15:15 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDFCreator
2015-12-02 11:27 - 2014-11-20 15:15 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDF Architect 2
2015-12-02 11:27 - 2014-11-15 21:19 - 00000000 ____D C:\Users\Lorenz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2015-12-02 11:27 - 2014-11-15 21:19 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
2015-12-02 11:27 - 2014-11-13 19:56 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon MP630 series
2015-12-02 11:27 - 2014-11-06 20:48 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVDVideoSoft
2015-12-02 11:27 - 2014-10-22 22:50 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PhotoScape
2015-12-02 11:27 - 2014-10-16 15:37 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MatheGrafix
2015-12-02 11:27 - 2014-10-15 21:19 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2015-12-02 11:23 - 2015-10-30 08:24 - 00000000 ___SD C:\WINDOWS\Downloaded Program Files
2015-12-02 11:23 - 2015-10-30 08:24 - 00000000 ___RD C:\WINDOWS\PurchaseDialog
2015-12-02 11:23 - 2015-10-30 08:24 - 00000000 ____D C:\WINDOWS\system32\spool
2015-12-02 11:23 - 2015-10-30 08:24 - 00000000 ____D C:\WINDOWS\system32\oobe
2015-12-02 11:23 - 2015-10-30 08:24 - 00000000 ____D C:\WINDOWS\system32\NDF
2015-12-02 11:23 - 2015-10-30 08:24 - 00000000 ____D C:\WINDOWS\system32\InputMethod
2015-12-02 11:23 - 2015-10-30 08:24 - 00000000 ____D C:\WINDOWS\PolicyDefinitions
2015-12-02 11:23 - 2015-10-30 08:24 - 00000000 ____D C:\WINDOWS\InputMethod
2015-12-02 11:23 - 2015-10-30 08:24 - 00000000 ____D C:\ProgramData\USOPrivate
2015-12-02 11:23 - 2015-10-30 08:24 - 00000000 ____D C:\Program Files\Common Files\microsoft shared
2015-12-02 11:23 - 2015-10-22 19:56 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cisco
2015-12-02 11:23 - 2015-05-26 14:55 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Texmaker
2015-12-02 11:23 - 2014-11-15 21:03 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HTC
2015-12-02 11:23 - 2014-11-13 19:56 - 00000000 ___HD C:\WINDOWS\system32\CanonIJ Uninstaller Information
2015-12-02 11:23 - 2014-10-30 21:22 - 00000000 ____D C:\WINDOWS\system32\appmgmt
2015-12-02 11:23 - 2014-10-30 20:35 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SCM Microsystems
2015-12-02 11:23 - 2014-10-20 17:58 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon Utilities
2015-12-02 11:23 - 2013-08-22 16:36 - 00000000 ____D C:\WINDOWS\system32\WindowsInternal.Inbox.Shared
2015-12-02 11:23 - 2013-08-22 16:36 - 00000000 ____D C:\WINDOWS\system32\WindowsInternal.Inbox.Media.Shared
2015-12-02 11:23 - 2013-08-22 16:36 - 00000000 ____D C:\WINDOWS\ADFS
2015-12-02 11:20 - 2015-10-30 07:28 - 00000000 ____D C:\WINDOWS\system32\Sysprep
2015-12-02 11:17 - 2015-10-30 19:58 - 00000000 ____D C:\WINDOWS\ServiceProfiles
2015-12-02 11:17 - 2015-10-30 08:24 - 00028672 _____ C:\WINDOWS\system32\config\BCD-Template
2015-12-02 11:15 - 2015-10-30 08:24 - 00000000 ____D C:\WINDOWS\system32\SystemResetPlatform
2015-12-02 11:15 - 2015-10-30 08:24 - 00000000 ____D C:\WINDOWS\system32\appraiser
2015-12-02 11:15 - 2015-10-30 08:24 - 00000000 ____D C:\WINDOWS\Provisioning
2015-12-02 11:15 - 2015-10-30 08:11 - 00000000 ____D C:\WINDOWS\CbsTemp
2015-12-02 11:15 - 2015-10-30 07:28 - 00000000 ____D C:\WINDOWS\SysWOW64\Dism
2015-12-02 11:15 - 2015-10-30 07:28 - 00000000 ____D C:\WINDOWS\system32\Dism
2015-12-02 11:11 - 2015-10-30 08:24 - 00000000 ____D C:\WINDOWS\SysWOW64\MUI
2015-12-02 11:11 - 2015-10-30 08:24 - 00000000 ____D C:\WINDOWS\system32\MUI
2015-12-02 10:57 - 2015-10-30 20:28 - 00000000 ___HD C:\$WINDOWS.~BT
2015-12-01 14:15 - 2014-10-14 20:34 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2015-11-27 16:13 - 2015-11-02 15:55 - 00000000 ____D C:\Users\Lorenz\AppData\Roaming\Foxit Software
2015-11-26 10:27 - 2015-10-22 21:57 - 00000000 ____D C:\Users\Lorenz\Documents\inventor
2015-11-26 08:05 - 2014-10-14 23:54 - 00000000 ____D C:\Program Files\Microsoft Office 15
2015-11-26 08:02 - 2015-07-22 13:00 - 00002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2015-11-23 16:34 - 2014-10-15 21:19 - 00000000 ____D C:\ProgramData\Avira
2015-11-23 16:34 - 2014-10-15 21:19 - 00000000 ____D C:\Program Files (x86)\Avira
2015-11-23 16:32 - 2014-05-08 23:25 - 00000000 ____D C:\ProgramData\Package Cache
2015-11-22 10:18 - 2014-10-17 08:38 - 00000000 ____D C:\WINDOWS\system32\MRT
2015-11-22 10:15 - 2014-10-17 08:38 - 145617392 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2015-11-20 10:39 - 2015-07-06 08:40 - 00000000 ____D C:\Users\Lorenz\Documents\Outlook-Dateien
2015-11-19 11:50 - 2015-04-14 12:15 - 00000000 ____D C:\Users\Lorenz\AppData\Local\Apple Inc
2015-11-19 11:49 - 2014-10-25 18:09 - 00000000 ____D C:\Program Files\Common Files\Apple
2015-11-13 18:30 - 2015-10-23 08:54 - 00000000 ____D C:\ProgramData\boost_interprocess
2015-11-13 13:17 - 2015-07-16 10:33 - 00000000 ____D C:\Users\Lorenz\.eclipse
2015-11-11 20:55 - 2015-01-22 15:44 - 00002259 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2015-11-11 08:08 - 2014-12-03 19:22 - 00000000 ____D C:\Users\Lorenz\AppData\Local\WEB.DE Application {sync-000021}
==================== Dateien im Wurzelverzeichnis einiger Verzeichnisse =======
2015-10-09 18:04 - 2015-10-09 18:04 - 0000833 _____ () C:\Users\Lorenz\AppData\Local\recently-used.xbel
2015-12-02 11:18 - 2015-12-02 11:18 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
Einige Dateien in TEMP:
====================
C:\Users\Lorenz\AppData\Local\Temp\avgnt.exe
C:\Users\Lorenz\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpesyusy.dll
==================== Bamital & volsnap =================
(Es ist kein automatischer Fix für Dateien vorhanden, die an der Verifikation gescheitert sind.)
C:\WINDOWS\system32\winlogon.exe => Datei ist digital signiert
C:\WINDOWS\system32\wininit.exe => Datei ist digital signiert
C:\WINDOWS\explorer.exe => Datei ist digital signiert
C:\WINDOWS\SysWOW64\explorer.exe => Datei ist digital signiert
C:\WINDOWS\system32\svchost.exe => Datei ist digital signiert
C:\WINDOWS\SysWOW64\svchost.exe => Datei ist digital signiert
C:\WINDOWS\system32\services.exe => Datei ist digital signiert
C:\WINDOWS\system32\User32.dll => Datei ist digital signiert
C:\WINDOWS\SysWOW64\User32.dll => Datei ist digital signiert
C:\WINDOWS\system32\userinit.exe => Datei ist digital signiert
C:\WINDOWS\SysWOW64\userinit.exe => Datei ist digital signiert
C:\WINDOWS\system32\rpcss.dll => Datei ist digital signiert
C:\WINDOWS\system32\dnsapi.dll => Datei ist digital signiert
C:\WINDOWS\SysWOW64\dnsapi.dll => Datei ist digital signiert
C:\WINDOWS\system32\Drivers\volsnap.sys => Datei ist digital signiert
LastRegBack: 2015-12-02 11:17
==================== Ende von FRST.txt ============================
|
|
03.12.2015, 10:58
| #2 |
| /// the machine /// TB-Ausbilder    | Trojaner eBay&email Hack vom PC entfernen hi,
__________________Addition.txt fehlt noch.
__________________ |
|
03.12.2015, 12:55
| #3 |
| | Trojaner eBay&email Hack vom PC entfernen Ergänzend:
__________________Addition.txt Code:
ATTFilter Zusätzliches Untersuchungsergebnis von Farbar Recovery Scan Tool (x64) Version:01-12-2015
durchgeführt von Lorenz (2015-12-03 09:23:20)
Gestartet von C:\Users\Lorenz\Downloads
Windows 10 Pro (X64) (2015-12-02 10:33:37)
Start-Modus: Normal
==========================================================
==================== Konten: =============================
Administrator (S-1-5-21-2261460588-3622448717-587553582-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-2261460588-3622448717-587553582-503 - Limited - Disabled)
Gast (S-1-5-21-2261460588-3622448717-587553582-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2261460588-3622448717-587553582-1003 - Limited - Enabled)
Lorenz (S-1-5-21-2261460588-3622448717-587553582-1001 - Administrator - Enabled) => C:\Users\Lorenz
==================== Sicherheits-Center ========================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er entfernt.)
AV: Avira Antivirus (Disabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avira Antivirus (Disabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installierte Programme ======================
(Nur Adware-Programme mit dem Zusatz "Hidden" können in die Fixlist aufgenommen werden, um sie sichtbar zu machen. Die Adware-Programme sollten manuell deinstalliert werden.)
Adobe Acrobat Reader DC - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AC0F074E4100}) (Version: 15.009.20079 - Adobe Systems Incorporated)
Adobe Flash Player 19 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 19.0.0.245 - Adobe Systems Incorporated)
Akamai NetSession Interface (HKU\S-1-5-21-2261460588-3622448717-587553582-1001\...\Akamai) (Version: - Akamai Technologies, Inc)
Apple Application Support (32-Bit) (HKLM-x32\...\{649A1FD9-5892-46AD-8DF0-C4A43FF61CB7}) (Version: 4.1 - Apple Inc.)
Apple Application Support (64-Bit) (HKLM\...\{0DE0A178-AC7B-4650-806C-CF226DE03766}) (Version: 4.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{FD244E19-6EFE-4A2D-948A-0D45D4C168BE}) (Version: 9.0.0.26 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{FFD1F7F1-1AC9-4BC4-A908-0686D635ABAF}) (Version: 2.1.4.131 - Apple Inc.)
Autodesk 360 (HKLM\...\{52B28CAD-F49D-47BA-9FFE-29C2E85F0D0B}) (Version: 4.0.27.1 - Autodesk)
Autodesk Design Review 2013 (HKLM-x32\...\Autodesk Design Review 2013) (Version: 13.0.0.82 - Autodesk, Inc.)
Autodesk Design Review 2013 (x32 Version: 13.0.0.82 - Autodesk, Inc.) Hidden
Autodesk DWG TrueView 2014 (HKLM\...\DWG TrueView 2014) (Version: 19.1.18.0 - Autodesk)
Autodesk Inventor Professional 2014 - Deutsch (German) (HKLM\...\Autodesk Inventor Professional 2014) (Version: 18.2.24600.0000 - Autodesk)
Autodesk Inventor Professional 2014 (Version: 18.2.24600.0000 - Autodesk) Hidden
Autodesk Inventor Professional 2014 Language Pack - Deutsch (German) (Version: 18.0.17000.0000 - Autodesk) Hidden
Autodesk Inventor Professional 2014 SP1 (HKLM\...\Autodesk Inventor Professional 2014 SP1) (Version: 18.2.24600.0000 - Autodesk)
Autodesk Inventor Professional 2014 SP2 (HKLM\...\Autodesk Inventor Professional 2014 SP2) (Version: 18.2.24600.0000 - Autodesk)
Autodesk Material Library 2014 (HKLM-x32\...\{644F9B19-A462-499C-BF4D-300ABC2A28B1}) (Version: 4.0.19.0 - Autodesk)
Autodesk Material Library Base Resolution Image Library 2014 (HKLM-x32\...\{51BF3210-B825-4092-8E0D-66D689916E02}) (Version: 4.0.19.0 - Autodesk)
Autodesk Material Library Low Resolution Image Library 2014 (HKLM-x32\...\{5C29CC1F-218F-4C30-948A-11066CAC59FB}) (Version: 4.0.19.0 - Autodesk)
Autodesk Revit Interoperability for Inventor 2014 (HKLM\...\Autodesk Revit Interoperability for Inventor 2014) (Version: 13.02.15161 - Autodesk)
Autodesk Revit Interoperability for Inventor 2014 (Version: 13.02.15161 - Autodesk) Hidden
Avira Antivirus (HKLM-x32\...\Avira Antivirus) (Version: 15.0.15.125 - Avira Operations GmbH & Co. KG)
Avira Launcher (HKLM-x32\...\{529e47ba-e07b-414b-ae0b-1d17f85738f1}) (Version: 1.1.50.18326 - Avira Operations GmbH & Co. KG)
Avira Launcher (x32 Version: 1.1.50.18326 - Avira Operations GmbH & Co. KG) Hidden
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
Canon MP Navigator EX 2.0 (HKLM-x32\...\MP Navigator EX 2.0) (Version: - )
Canon MP630 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP630_series) (Version: - )
Canon My Printer (HKLM-x32\...\CanonMyPrinter) (Version: 3.2.1 - Canon Inc.)
Cisco AnyConnect Secure Mobility Client (HKLM-x32\...\Cisco AnyConnect Secure Mobility Client) (Version: 3.1.11004 - Cisco Systems, Inc.)
Cisco AnyConnect Secure Mobility Client (x32 Version: 3.1.11004 - Cisco Systems, Inc.) Hidden
Cliqz (HKLM-x32\...\{5A0C0737-6AFE-4DC6-A8B4-6DFE509ACD75}_is1) (Version: 0.5.22 - Cliqz.com)
devolo Cockpit (HKLM-x32\...\dlancockpit) (Version: 4.3.1.0 - devolo AG)
Dropbox (HKU\S-1-5-21-2261460588-3622448717-587553582-1001\...\Dropbox) (Version: 3.10.11 - Dropbox, Inc.)
DWG TrueView 2014 (Version: 19.1.18.0 - Autodesk) Hidden
Eco Materials Adviser for Autodesk Inventor 2014 (64-bit) (HKLM\...\{530B8614-C5DE-475B-AF6F-71BED461552C}) (Version: 4.4.1.0 - Granta Design Limited)
ElsterFormular (HKLM-x32\...\ElsterFormular) (Version: 16.1.20150309 - Landesfinanzdirektion Thüringen)
FARO LS 1.1.501.0 (64bit) (HKLM-x32\...\{8A470330-70B2-49AD-86AF-79885EF9898A}) (Version: 5.1.0.30630 - FARO Scanner Production)
Foxit Reader (HKLM-x32\...\Foxit Reader_is1) (Version: 7.2.5.930 - Foxit Software Inc.)
Free Audio CD Burner version 2.0.33.415 (HKLM-x32\...\Free Audio CD Burner_is1) (Version: 2.0.33.415 - DVDVideoSoft Ltd.)
Free Studio version 6.4.3.128 (HKLM-x32\...\Free Studio_is1) (Version: 6.4.3.128 - DVDVideoSoft Ltd.)
Free YouTube Download version 3.2.49.1122 (HKLM-x32\...\Free YouTube Download_is1) (Version: 3.2.49.1122 - DVDVideoSoft Ltd.)
Free YouTube to MP3 Converter version 3.12.49.1022 (HKLM-x32\...\Free YouTube to MP3 Converter_is1) (Version: 3.12.49.1022 - DVDVideoSoft Ltd.)
GIMP 2.8.14 (HKLM\...\GIMP-2_is1) (Version: 2.8.14 - The GIMP Team)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 46.0.2490.86 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.29.1 - Google Inc.) Hidden
HTC Driver Installer (HKLM-x32\...\{4CEEE5D0-F905-4688-B9F9-ECC710507796}) (Version: 4.16.0.001 - HTC Corporation)
iCloud (HKLM\...\{B33C558F-772F-4308-A059-390FBF9BAAAE}) (Version: 5.0.2.61 - Apple Inc.)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.15.4256 - Intel Corporation)
IPTInstaller (HKLM-x32\...\{08208143-777D-4A06-BB54-71BF0AD1BB70}) (Version: 4.0.8 - HTC)
Java 8 Update 65 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418065F0}) (Version: 8.0.650.17 - Oracle Corporation)
Java SE Development Kit 8 Update 65 (64-bit) (HKLM\...\{64A3A4F4-B792-11D6-A78A-00B0D0180650}) (Version: 8.0.650.17 - Oracle Corporation)
MatheGrafix 10 (Version 10.2) (HKLM-x32\...\MatheGrafix 10_is1) (Version: - )
Microsoft Mathematics Add-In for Word and OneNote (HKLM-x32\...\{90150000-00D8-0407-0000-0000000FF1CE}) (Version: 15.0.4481.1008 - Microsoft Corporation)
Microsoft Office 365 ProPlus - de-de (HKLM\...\O365ProPlusRetail - de-de) (Version: 15.0.4771.1004 - Microsoft Corporation)
Microsoft OneNote 2013 - de-de (HKLM\...\OneNoteFreeRetail - de-de) (Version: 15.0.4771.1004 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40728.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.51106 (HKLM-x32\...\{8e70e4e1-06d7-470b-9f74-a51bef21088e}) (Version: 11.0.51106.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{4fcf070a-daac-45e9-a8b0-6850941f7ed8}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Visual Studio 2010-Tools für Office-Laufzeit (x64) Language Pack - DEU (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - DEU) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft WSE 3.0 Runtime (HKLM-x32\...\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}) (Version: 3.0.5305.0 - Microsoft Corp.)
Mozilla Firefox 43.0 (x86 de) (HKLM-x32\...\Mozilla Firefox 43.0 (x86 de)) (Version: 43.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 43.0.0.5808 - Mozilla)
Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4771.1004 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (Version: 15.0.4771.1004 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4771.1004 - Microsoft Corporation) Hidden
PDF Architect 2 (HKLM-x32\...\PDF Architect 2) (Version: 2.0.24.16092 - pdfforge GmbH)
PDF Architect 2 View Module (HKLM-x32\...\{D691E998-CF53-4F6C-AC20-E4284660E0E7}) (Version: 2.1.6.19758 - pdfforge GmbH)
PDFCreator (HKLM-x32\...\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}) (Version: 1.7.3 - pdfforge)
phase-6 2.3.3 (HKLM-x32\...\phase-6) (Version: 2.3.3 - phase-6)
PhotoScape (HKLM-x32\...\PhotoScape) (Version: - )
QuickTime 7 (HKLM-x32\...\{627FFC10-CE0A-497F-BA2B-208CAC638010}) (Version: 7.77.80.95 - Apple Inc.)
R for Windows 3.1.3 (HKLM\...\R for Windows 3.1.3_is1) (Version: 3.1.3 - R Core Team)
RStudio (HKLM-x32\...\RStudio) (Version: 0.98.1103 - RStudio)
SCL011 Contactless Reader (HKLM-x32\...\{101A21B2-E102-4F64-A7FA-CEF7182D0E2D}) (Version: 1.01 - SCM Microsystems)
Spotify (HKU\S-1-5-21-2261460588-3622448717-587553582-1001\...\Spotify) (Version: 0.9.15.27.g87efe634 - Spotify AB)
Texmaker (HKLM-x32\...\Texmaker) (Version: - )
Visual C++ 2008 - x64 (KB958357) - v9.0.30729.177 (HKLM-x32\...\{6DA2B636-698A-3294-BF4A-B5E11B238CDD}.KB958357) (Version: 9.0.30729.177 - Microsoft Corporation)
Visual C++ 2008 - x64 (KB958357) - v9.0.30729.177 (HKLM-x32\...\{8CCEA24C-51AE-3B71-9092-7D0C44DDA2DF}.KB958357) (Version: 9.0.30729.177 - Microsoft Corporation)
Visual C++ 2008 - x64 (KB958357) - v9.0.30729.177 (HKLM-x32\...\{C3A57BB3-9AA6-3F6F-9395-6C062BDD5FC4}.KB958357) (Version: 9.0.30729.177 - Microsoft Corporation)
Visual C++ 2008 - x64 (KB958357) - v9.0.30729.177 (HKLM-x32\...\{F6F09DD8-F39B-3A16-ADB9-C9E6B56903F9}.KB958357) (Version: 9.0.30729.177 - Microsoft Corporation)
Visual C++ 2008 - x86 (KB958357) - v9.0.30729.177 (HKLM-x32\...\{04B34E21-5BEE-3D2B-8D3D-E3E80D253F64}.KB958357) (Version: 9.0.30729.177 - Microsoft Corporation)
Visual C++ 2008 - x86 (KB958357) - v9.0.30729.177 (HKLM-x32\...\{14866AAD-1F23-39AC-A62B-7091ED1ADE64}.KB958357) (Version: 9.0.30729.177 - Microsoft Corporation)
Visual C++ 2008 - x86 (KB958357) - v9.0.30729.177 (HKLM-x32\...\{4B90093A-5D9C-3956-8ABB-95848BE6EFAD}.KB958357) (Version: 9.0.30729.177 - Microsoft Corporation)
Visual C++ 2008 - x86 (KB958357) - v9.0.30729.177 (HKLM-x32\...\{B42E259C-E4D4-37F1-A1B2-EB9C4FC5A04D}.KB958357) (Version: 9.0.30729.177 - Microsoft Corporation)
WEB.DE Online-Speicher 1.21.5458.0 (HKU\S-1-5-21-2261460588-3622448717-587553582-1001\...\WEB.DE Application {sync-000021}) (Version: 1.21.5458.0 - 1&1 Mail & Media GmbH)
WinRAR 5.11 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.11.0 - win.rar GmbH)
==================== Benutzerdefinierte CLSID (Nicht auf der Ausnahmeliste): ==========================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
CustomCLSID: HKU\S-1-5-21-2261460588-3622448717-587553582-1001_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Lorenz\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2261460588-3622448717-587553582-1001_Classes\CLSID\{00F064D8-FEC3-48ac-B07D-39C314D1727B}\InprocServer32 -> C:\Program Files\Autodesk\Inventor 2014\Bin\ServiceModule.dll (Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-2261460588-3622448717-587553582-1001_Classes\CLSID\{0215A4C0-5431-4FD0-9B06-46589B5C4939}\InprocServer32 -> axdb.dll => Keine Datei
CustomCLSID: HKU\S-1-5-21-2261460588-3622448717-587553582-1001_Classes\CLSID\{048ED0E0-12CF-4C0F-9FFA-947C2FBE8C8E}\InprocServer32 -> axdb.dll => Keine Datei
CustomCLSID: HKU\S-1-5-21-2261460588-3622448717-587553582-1001_Classes\CLSID\{071339A1-1946-44B2-B63E-50459B15DB86}\InprocServer32 -> axdb.dll => Keine Datei
CustomCLSID: HKU\S-1-5-21-2261460588-3622448717-587553582-1001_Classes\CLSID\{073CB204-6B29-46FC-AB98-451F1D068741}\InprocServer32 -> C:\Program Files\Autodesk\Inventor 2014\Bin\TestServer.dll (Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-2261460588-3622448717-587553582-1001_Classes\CLSID\{08A60FF7-BB37-44F4-9759-0ADA6C7B9CC9}\InprocServer32 -> axdb.dll => Keine Datei
CustomCLSID: HKU\S-1-5-21-2261460588-3622448717-587553582-1001_Classes\CLSID\{0B38CACA-3D3C-48EA-BEB5-7D95F4F6EE15}\InprocServer32 -> axdb.dll => Keine Datei
CustomCLSID: HKU\S-1-5-21-2261460588-3622448717-587553582-1001_Classes\CLSID\{0C3393F8-94F5-4B79-8C01-49A2D0CC0FE9}\InprocServer32 -> axdb.dll => Keine Datei
CustomCLSID: HKU\S-1-5-21-2261460588-3622448717-587553582-1001_Classes\CLSID\{0D555CE0-304A-47A6-858B-B145209A3982}\InprocServer32 -> axdb.dll => Keine Datei
CustomCLSID: HKU\S-1-5-21-2261460588-3622448717-587553582-1001_Classes\CLSID\{1029ABC3-2457-11D5-8E9D-0010B541CD80}\localserver32 -> C:\Program Files\Autodesk\Inventor 2014\Compatibility\Bin\DbxBridge.exe (Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-2261460588-3622448717-587553582-1001_Classes\CLSID\{12545889-6D32-4424-9967-1E1D7BD1F809}\InprocServer32 -> axdb.dll => Keine Datei
CustomCLSID: HKU\S-1-5-21-2261460588-3622448717-587553582-1001_Classes\CLSID\{13009989-EFB5-48C9-8BD2-943E0392BD71}\InprocServer32 -> C:\Program Files\Autodesk\Inventor 2014\Bin\RxAppCtrl.Ocx (Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-2261460588-3622448717-587553582-1001_Classes\CLSID\{14679E3B-C952-4998-8E13-4B1286E6DD99}\InprocServer32 -> axdb.dll => Keine Datei
CustomCLSID: HKU\S-1-5-21-2261460588-3622448717-587553582-1001_Classes\CLSID\{1481B385-759A-4B00-9257-E96357563999}\InprocServer32 -> axdb.dll => Keine Datei
CustomCLSID: HKU\S-1-5-21-2261460588-3622448717-587553582-1001_Classes\CLSID\{162EF0A1-5A33-46F2-ACCF-CA388B084A09}\InprocServer32 -> axdb.dll => Keine Datei
CustomCLSID: HKU\S-1-5-21-2261460588-3622448717-587553582-1001_Classes\CLSID\{18A21864-E37B-42b9-9612-2C1E8C450A29}\InprocServer32 -> C:\Program Files\Autodesk\Inventor 2014\Bin\ServiceModule.dll (Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-2261460588-3622448717-587553582-1001_Classes\CLSID\{1D625598-C876-4C51-8EF5-F9D8F96F62AA}\InprocServer32 -> axdb.dll => Keine Datei
CustomCLSID: HKU\S-1-5-21-2261460588-3622448717-587553582-1001_Classes\CLSID\{1D6DFD6A-9E16-435A-9327-6FFEC6BA372F}\InprocServer32 -> axdb.dll => Keine Datei
CustomCLSID: HKU\S-1-5-21-2261460588-3622448717-587553582-1001_Classes\CLSID\{1E5724EA-3423-4BD3-ABD6-46E650D2DC66}\InprocServer32 -> AcETransmit.dll => Keine Datei
CustomCLSID: HKU\S-1-5-21-2261460588-3622448717-587553582-1001_Classes\CLSID\{1E8A29BA-827D-4031-A4A3-AE7999B402F6}\InprocServer32 -> axdb.dll => Keine Datei
CustomCLSID: HKU\S-1-5-21-2261460588-3622448717-587553582-1001_Classes\CLSID\{1EA072EE-57FD-495E-889C-8243C3BDBDBC}\InprocServer32 -> axdb.dll => Keine Datei
CustomCLSID: HKU\S-1-5-21-2261460588-3622448717-587553582-1001_Classes\CLSID\{1FD7F53F-7ED5-439C-9A77-A3821CD09E98}\InprocServer32 -> axdb.dll => Keine Datei
CustomCLSID: HKU\S-1-5-21-2261460588-3622448717-587553582-1001_Classes\CLSID\{20E47D5B-529A-45BD-8E77-BF1A3064A008}\InprocServer32 -> axdb.dll => Keine Datei
CustomCLSID: HKU\S-1-5-21-2261460588-3622448717-587553582-1001_Classes\CLSID\{21DB88B0-BFBF-11D4-8DE6-0010B541CAA8}\InprocServer32 -> C:\Program Files\Autodesk\Inventor 2014\Bin\iDrop.dll (Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-2261460588-3622448717-587553582-1001_Classes\CLSID\{244298EC-E661-11d4-BC13-0010B5891E89}\InprocServer32 -> C:\Program Files\Autodesk\Inventor 2014\Bin\TI.dll (Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-2261460588-3622448717-587553582-1001_Classes\CLSID\{2709544A-5B24-4F9F-A5DA-CEC7297D3A4E}\InprocServer32 -> axdb.dll => Keine Datei
CustomCLSID: HKU\S-1-5-21-2261460588-3622448717-587553582-1001_Classes\CLSID\{2BCA857B-A18B-4AFA-B183-CC0E49C12058}\InprocServer32 -> axdb.dll => Keine Datei
CustomCLSID: HKU\S-1-5-21-2261460588-3622448717-587553582-1001_Classes\CLSID\{2C74F89E-7421-46B4-BA54-F86F1BD9F237}\InprocServer32 -> axdb.dll => Keine Datei
CustomCLSID: HKU\S-1-5-21-2261460588-3622448717-587553582-1001_Classes\CLSID\{2C7D1157-7D50-4A88-9777-5EBBA3189AB8}\InprocServer32 -> axdb.dll => Keine Datei
CustomCLSID: HKU\S-1-5-21-2261460588-3622448717-587553582-1001_Classes\CLSID\{2F8377FC-50C1-44EF-AB7A-8FF1BB8EA277}\InprocServer32 -> C:\Program Files\Autodesk\Inventor 2014\Bin\ServiceModule.dll (Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-2261460588-3622448717-587553582-1001_Classes\CLSID\{3497C2EC-5684-4B21-AF74-F6760E0221DC}\InprocServer32 -> axdb.dll => Keine Datei
CustomCLSID: HKU\S-1-5-21-2261460588-3622448717-587553582-1001_Classes\CLSID\{3897B445-D5B8-410d-899A-9789B8ADB643}\localserver32 -> C:\Program Files\Autodesk\Inventor 2014\Compatibility\Bin\DbxBridge.exe (Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-2261460588-3622448717-587553582-1001_Classes\CLSID\{38C8B14E-7879-4DA9-8C3F-8CAAC359293A}\InprocServer32 -> axdb.dll => Keine Datei
CustomCLSID: HKU\S-1-5-21-2261460588-3622448717-587553582-1001_Classes\CLSID\{3C3F63EA-C7BA-11d4-8E60-0010B541CD80}\localserver32 -> C:\Program Files\Autodesk\Inventor 2014\Compatibility\Bin\DbxBridge.exe (Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-2261460588-3622448717-587553582-1001_Classes\CLSID\{3faa4380-a399-11cf-a466-00805fe418f6}\InprocServer32 -> C:\Program Files\Autodesk\DWG TrueView 2014\en-US\dwgviewrficn.dll (Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-2261460588-3622448717-587553582-1001_Classes\CLSID\{3FC94EB5-AEBD-4f3f-A2A4-B6CE57113C01}\InprocServer32 -> C:\Program Files\Autodesk\Inventor 2014\Bin\RxAppDocView.dll (Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-2261460588-3622448717-587553582-1001_Classes\CLSID\{3FCEB42C-9B98-486A-BED7-FD7F3ADB7291}\InprocServer32 -> AcETransmit.dll => Keine Datei
CustomCLSID: HKU\S-1-5-21-2261460588-3622448717-587553582-1001_Classes\CLSID\{40770568-0D5E-49D4-BE47-BC47A4F0B0A4}\InprocServer32 -> axdb.dll => Keine Datei
CustomCLSID: HKU\S-1-5-21-2261460588-3622448717-587553582-1001_Classes\CLSID\{44A52280-AE56-490D-890C-89FB7279ED6B}\InprocServer32 -> axdb.dll => Keine Datei
CustomCLSID: HKU\S-1-5-21-2261460588-3622448717-587553582-1001_Classes\CLSID\{45122C53-8483-4b62-B15A-EAA9FE5FC3D5}\InprocServer32 -> C:\Program Files\Autodesk\Inventor 2014\Bin\ServiceModule.dll (Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-2261460588-3622448717-587553582-1001_Classes\CLSID\{46C56738-39C6-4240-8B9B-008CCD769A84}\InprocServer32 -> axdb.dll => Keine Datei
CustomCLSID: HKU\S-1-5-21-2261460588-3622448717-587553582-1001_Classes\CLSID\{47179DDE-10AC-4737-97C9-8CE5379343EA}\InprocServer32 -> AcETransmit.dll => Keine Datei
CustomCLSID: HKU\S-1-5-21-2261460588-3622448717-587553582-1001_Classes\CLSID\{475C7B4A-6964-4F9E-9708-05A16EAC31D0}\InprocServer32 -> axdb.dll => Keine Datei
CustomCLSID: HKU\S-1-5-21-2261460588-3622448717-587553582-1001_Classes\CLSID\{48270F9E-CCF6-4C79-B6FF-267C960E6425}\InprocServer32 -> axdb.dll => Keine Datei
CustomCLSID: HKU\S-1-5-21-2261460588-3622448717-587553582-1001_Classes\CLSID\{48FEFCD7-5D7C-4E4A-9F11-60E69A31D4B1}\InprocServer32 -> axdb.dll => Keine Datei
CustomCLSID: HKU\S-1-5-21-2261460588-3622448717-587553582-1001_Classes\CLSID\{49998808-648A-4A9C-A7A5-B1672775D9AB}\InprocServer32 -> axdb.dll => Keine Datei
CustomCLSID: HKU\S-1-5-21-2261460588-3622448717-587553582-1001_Classes\CLSID\{4A756F5F-CBA4-428B-B17F-AF80C0C8502D}\InprocServer32 -> axdb.dll => Keine Datei
CustomCLSID: HKU\S-1-5-21-2261460588-3622448717-587553582-1001_Classes\CLSID\{4B40437B-8972-4444-BBE3-1588FF55F203}\InprocServer32 -> axdb.dll => Keine Datei
CustomCLSID: HKU\S-1-5-21-2261460588-3622448717-587553582-1001_Classes\CLSID\{4BD03680-3C0F-4501-AFF7-3D008586917F}\InprocServer32 -> axdb.dll => Keine Datei
CustomCLSID: HKU\S-1-5-21-2261460588-3622448717-587553582-1001_Classes\CLSID\{4C80573A-9150-11d2-B772-0060B0F159EF}\InprocServer32 -> C:\Program Files\Autodesk\Inventor 2014\Bin\RxAppDocView.dll (Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-2261460588-3622448717-587553582-1001_Classes\CLSID\{4D29B490-49B2-11D0-93C3-7E0706000000}\localserver32 -> C:\Program Files\Autodesk\Inventor 2014\Bin\Inventor.exe (Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-2261460588-3622448717-587553582-1001_Classes\CLSID\{4E6F2E83-E7F0-4333-9772-875EB733C820}\InprocServer32 -> C:\Program Files\Autodesk\Inventor 2014\Bin\RxTest.dll (Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-2261460588-3622448717-587553582-1001_Classes\CLSID\{5544903C-2CCC-487C-91BB-F310B72A8E9B}\InprocServer32 -> AcETransmit.dll => Keine Datei
CustomCLSID: HKU\S-1-5-21-2261460588-3622448717-587553582-1001_Classes\CLSID\{59A224A2-BEF8-4C89-96E0-83A5411ABB6C}\InprocServer32 -> axdb.dll => Keine Datei
CustomCLSID: HKU\S-1-5-21-2261460588-3622448717-587553582-1001_Classes\CLSID\{622F6193-E4DD-46E6-BC66-2ED88E9FD28D}\InprocServer32 -> axdb.dll => Keine Datei
CustomCLSID: HKU\S-1-5-21-2261460588-3622448717-587553582-1001_Classes\CLSID\{62FBB030-24C7-11D3-B78D-0060B0F159EF}\localserver32 -> C:\Program Files\Autodesk\Inventor 2014\Bin\Inventor.exe (Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-2261460588-3622448717-587553582-1001_Classes\CLSID\{644190AE-BD8F-493F-B63D-C79404AC5E07}\InprocServer32 -> C:\Program Files\Autodesk\Inventor 2014\Bin\ServiceModule.dll (Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-2261460588-3622448717-587553582-1001_Classes\CLSID\{6451051B-AD22-4C6A-ACCE-013A0E1DDBC3}\InprocServer32 -> axdb.dll => Keine Datei
CustomCLSID: HKU\S-1-5-21-2261460588-3622448717-587553582-1001_Classes\CLSID\{64B99FDB-1D85-447F-98C7-569DBDA723DB}\InprocServer32 -> axdb.dll => Keine Datei
CustomCLSID: HKU\S-1-5-21-2261460588-3622448717-587553582-1001_Classes\CLSID\{6A221957-2D85-42A7-8E19-BE33950D1DEB}\localserver32 -> C:\Program Files\Autodesk\DWG TrueView 2014\dwgviewr.exe (Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-2261460588-3622448717-587553582-1001_Classes\CLSID\{6BCE6F6E-C050-4F39-BD98-E2743949F724}\InprocServer32 -> axdb.dll => Keine Datei
CustomCLSID: HKU\S-1-5-21-2261460588-3622448717-587553582-1001_Classes\CLSID\{6F56D7C9-18DD-4C15-9FA8-C54E3610EC40}\InprocServer32 -> axdb.dll => Keine Datei
CustomCLSID: HKU\S-1-5-21-2261460588-3622448717-587553582-1001_Classes\CLSID\{6FDE7A70-351B-11d6-988B-0010B57A8BB7}\InprocServer32 -> C:\Program Files\Autodesk\Inventor 2014\Bin\DtBridge.dll (Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-2261460588-3622448717-587553582-1001_Classes\CLSID\{6FDE7A71-351B-11d6-988B-0010B57A8BB7}\InprocServer32 -> C:\Program Files\Autodesk\Inventor 2014\Bin\DtBridge.dll (Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-2261460588-3622448717-587553582-1001_Classes\CLSID\{6FDE7A72-351B-11d6-988B-0010B57A8BB7}\InprocServer32 -> C:\Program Files\Autodesk\Inventor 2014\Bin\DtBridge.dll (Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-2261460588-3622448717-587553582-1001_Classes\CLSID\{6FDE7A73-351B-11d6-988B-0010B57A8BB7}\InprocServer32 -> C:\Program Files\Autodesk\Inventor 2014\Bin\DtBridge.dll (Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-2261460588-3622448717-587553582-1001_Classes\CLSID\{6FDE7A74-351B-11d6-988B-0010B57A8BB7}\InprocServer32 -> C:\Program Files\Autodesk\Inventor 2014\Bin\DtBridge.dll (Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-2261460588-3622448717-587553582-1001_Classes\CLSID\{6FDE7A77-351B-11d6-988B-0010B57A8BB7}\InprocServer32 -> C:\Program Files\Autodesk\Inventor 2014\Bin\DtCp.dll (Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-2261460588-3622448717-587553582-1001_Classes\CLSID\{70DBCAE8-8C2B-450C-9E1D-43E4686C6512}\InprocServer32 -> axdb.dll => Keine Datei
CustomCLSID: HKU\S-1-5-21-2261460588-3622448717-587553582-1001_Classes\CLSID\{713C0E8A-5AE8-4695-B442-5ED6C4FE5C42}\InprocServer32 -> axdb.dll => Keine Datei
CustomCLSID: HKU\S-1-5-21-2261460588-3622448717-587553582-1001_Classes\CLSID\{71DCE5D6-4B57-496B-AC21-CD5B54EB93FD}\localserver32 -> C:\Users\Lorenz\AppData\Local\Microsoft\OneDrive\17.3.6201.1019_1\FileCoAuth.exe (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2261460588-3622448717-587553582-1001_Classes\CLSID\{7293E009-3015-4AD3-96EC-D42C36B5FCE3}\InprocServer32 -> AcETransmit.dll => Keine Datei
CustomCLSID: HKU\S-1-5-21-2261460588-3622448717-587553582-1001_Classes\CLSID\{72EC5CC5-88F3-45B1-A865-0A327DF58CC8}\InprocServer32 -> C:\Program Files\Autodesk\Inventor 2014\Bin\ServiceModule.dll (Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-2261460588-3622448717-587553582-1001_Classes\CLSID\{72EFC580-D085-4B81-8C55-26A79E445338}\InprocServer32 -> axdb.dll => Keine Datei
CustomCLSID: HKU\S-1-5-21-2261460588-3622448717-587553582-1001_Classes\CLSID\{750AEC19-2E4C-4ED9-9B9F-F9CAFCD060F3}\InprocServer32 -> axdb.dll => Keine Datei
CustomCLSID: HKU\S-1-5-21-2261460588-3622448717-587553582-1001_Classes\CLSID\{76283A80-50DD-11D3-A7E3-00C04F79D7BC}\localserver32 -> C:\Program Files\Autodesk\Inventor 2014\Bin\Inventor.exe (Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-2261460588-3622448717-587553582-1001_Classes\CLSID\{794199C5-827C-41C8-8CB2-3A1EA056AF5E}\InprocServer32 -> axdb.dll => Keine Datei
CustomCLSID: HKU\S-1-5-21-2261460588-3622448717-587553582-1001_Classes\CLSID\{798391FE-4AF2-4851-9DDA-1F0D70C02A9E}\InprocServer32 -> axdb.dll => Keine Datei
CustomCLSID: HKU\S-1-5-21-2261460588-3622448717-587553582-1001_Classes\CLSID\{7BA16B3F-1AB3-4BD7-B959-52C4B8504EE9}\InprocServer32 -> AcInetUI.dll => Keine Datei
CustomCLSID: HKU\S-1-5-21-2261460588-3622448717-587553582-1001_Classes\CLSID\{7C239DAB-BC87-45F3-B7B1-FCC1541A235B}\InprocServer32 -> axdb.dll => Keine Datei
CustomCLSID: HKU\S-1-5-21-2261460588-3622448717-587553582-1001_Classes\CLSID\{81D07C3D-0350-11D3-B7C2-0060B0EC020B}\InprocServer32 -> C:\Program Files\Autodesk\Inventor 2014\Bin\RxAppCtrl.Ocx (Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-2261460588-3622448717-587553582-1001_Classes\CLSID\{834CE679-2E47-49DE-9E41-FEC87E9192EB}\InprocServer32 -> axdb.dll => Keine Datei
CustomCLSID: HKU\S-1-5-21-2261460588-3622448717-587553582-1001_Classes\CLSID\{8421A29C-54B8-11D1-9837-0060B03C43C8}\InprocServer32 -> C:\Program Files\Autodesk\Inventor 2014\Bin\SolidObject.Dll ()
CustomCLSID: HKU\S-1-5-21-2261460588-3622448717-587553582-1001_Classes\CLSID\{846217D0-8954-11D2-8DCD-0060B0C32531}\InprocServer32 -> C:\Program Files\Autodesk\Inventor 2014\Bin\UCxTextBtn.Ocx (Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-2261460588-3622448717-587553582-1001_Classes\CLSID\{846217D1-8954-11D2-8DCD-0060B0C32531}\InprocServer32 -> C:\Program Files\Autodesk\Inventor 2014\Bin\UCxTextBtn.Ocx (Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-2261460588-3622448717-587553582-1001_Classes\CLSID\{849AFB5B-D6C9-4924-A712-F7118FF9611F}\InprocServer32 -> axdb.dll => Keine Datei
CustomCLSID: HKU\S-1-5-21-2261460588-3622448717-587553582-1001_Classes\CLSID\{85452F88-5071-492E-B850-2E3C586DCBD8}\InprocServer32 -> axdb.dll => Keine Datei
CustomCLSID: HKU\S-1-5-21-2261460588-3622448717-587553582-1001_Classes\CLSID\{87F5CF8F-A06D-498F-A05F-E520E6B570DB}\InprocServer32 -> axdb.dll => Keine Datei
CustomCLSID: HKU\S-1-5-21-2261460588-3622448717-587553582-1001_Classes\CLSID\{89F0FC31-3B1D-494B-A75B-6BD4FA527B8A}\InprocServer32 -> axdb.dll => Keine Datei
CustomCLSID: HKU\S-1-5-21-2261460588-3622448717-587553582-1001_Classes\CLSID\{8AA16DFC-DFC6-4B51-8FA2-A5D812BE33BF}\InprocServer32 -> axdb.dll => Keine Datei
CustomCLSID: HKU\S-1-5-21-2261460588-3622448717-587553582-1001_Classes\CLSID\{8B0E6BD9-610C-11D1-9842-0060B03C43C8}\InprocServer32 -> C:\Program Files\Autodesk\Inventor 2014\Bin\SolidObject.Dll ()
CustomCLSID: HKU\S-1-5-21-2261460588-3622448717-587553582-1001_Classes\CLSID\{8C23B656-4E6E-4B45-9920-9617168D39A3}\InprocServer32 -> C:\Program Files\Autodesk\Inventor 2014\Bin\TestServer.dll (Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-2261460588-3622448717-587553582-1001_Classes\CLSID\{8ED07FEF-E1B0-4CC3-B2BA-D354828AB952}\InprocServer32 -> axdb.dll => Keine Datei
CustomCLSID: HKU\S-1-5-21-2261460588-3622448717-587553582-1001_Classes\CLSID\{97E17F04-17DF-11d5-BC38-0010B5891E89}\InprocServer32 -> C:\Program Files\Autodesk\Inventor 2014\Bin\BodyReceiver.dll ()
CustomCLSID: HKU\S-1-5-21-2261460588-3622448717-587553582-1001_Classes\CLSID\{988F4102-E6E3-4282-ACAC-55270827F2A8}\InprocServer32 -> axdb.dll => Keine Datei
CustomCLSID: HKU\S-1-5-21-2261460588-3622448717-587553582-1001_Classes\CLSID\{9906CDFC-DB2C-4126-9422-13139B148495}\InprocServer32 -> axdb.dll => Keine Datei
CustomCLSID: HKU\S-1-5-21-2261460588-3622448717-587553582-1001_Classes\CLSID\{9A21C6C5-27FC-4442-8590-575E7AFD73BB}\InprocServer32 -> axdb.dll => Keine Datei
CustomCLSID: HKU\S-1-5-21-2261460588-3622448717-587553582-1001_Classes\CLSID\{9ECF83FB-23C5-43B6-83DE-93CFBDD74D4A}\InprocServer32 -> axdb.dll => Keine Datei
CustomCLSID: HKU\S-1-5-21-2261460588-3622448717-587553582-1001_Classes\CLSID\{A58F47CC-FF65-4152-B0B1-666C643A5BFC}\InprocServer32 -> AcETransmit.dll => Keine Datei
CustomCLSID: HKU\S-1-5-21-2261460588-3622448717-587553582-1001_Classes\CLSID\{A6A3D586-44CF-44C2-A92C-620BB713B4F2}\InprocServer32 -> axdb.dll => Keine Datei
CustomCLSID: HKU\S-1-5-21-2261460588-3622448717-587553582-1001_Classes\CLSID\{ABBE3F83-D585-4A50-9B69-198B0F566F2E}\InprocServer32 -> axdb.dll => Keine Datei
CustomCLSID: HKU\S-1-5-21-2261460588-3622448717-587553582-1001_Classes\CLSID\{AC5CECFA-F03A-41D2-A89C-704C44935941}\InprocServer32 -> axdb.dll => Keine Datei
CustomCLSID: HKU\S-1-5-21-2261460588-3622448717-587553582-1001_Classes\CLSID\{B1560245-190E-4BBD-81DF-9B642D0E5325}\InprocServer32 -> axdb.dll => Keine Datei
CustomCLSID: HKU\S-1-5-21-2261460588-3622448717-587553582-1001_Classes\CLSID\{B2A579E0-A797-40B1-8AEE-A8F6404719F8}\InprocServer32 -> axdb.dll => Keine Datei
CustomCLSID: HKU\S-1-5-21-2261460588-3622448717-587553582-1001_Classes\CLSID\{B47196BC-D4AB-41BB-A771-543D67CFC9F5}\InprocServer32 -> AcETransmit.dll => Keine Datei
CustomCLSID: HKU\S-1-5-21-2261460588-3622448717-587553582-1001_Classes\CLSID\{B53CEF4B-1A13-49DE-BBC5-A7100FB2F38C}\InprocServer32 -> axdb.dll => Keine Datei
CustomCLSID: HKU\S-1-5-21-2261460588-3622448717-587553582-1001_Classes\CLSID\{B5EE2B68-9A23-4BCD-BB77-FEA6DFB24DD6}\InprocServer32 -> axdb.dll => Keine Datei
CustomCLSID: HKU\S-1-5-21-2261460588-3622448717-587553582-1001_Classes\CLSID\{B6B5DC40-96E3-11d2-B774-0060B0F159EF}\localserver32 -> C:\Program Files\Autodesk\Inventor 2014\Bin\Inventor.exe (Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-2261460588-3622448717-587553582-1001_Classes\CLSID\{B80687F9-FA4C-4735-9DC4-E5715F2BC698}\InprocServer32 -> axdb.dll => Keine Datei
CustomCLSID: HKU\S-1-5-21-2261460588-3622448717-587553582-1001_Classes\CLSID\{B8E7214B-25CA-4116-84CB-E86FB9625B36}\InprocServer32 -> C:\Program Files\Autodesk\Inventor 2014\Bin\ServiceModule.dll (Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-2261460588-3622448717-587553582-1001_Classes\CLSID\{BAE5802A-CF21-4F9C-AE04-D98F4036AC31}\InprocServer32 -> axdb.dll => Keine Datei
CustomCLSID: HKU\S-1-5-21-2261460588-3622448717-587553582-1001_Classes\CLSID\{BBF6A206-CB04-479D-96AE-349E1E83319A}\InprocServer32 -> axdb.dll => Keine Datei
CustomCLSID: HKU\S-1-5-21-2261460588-3622448717-587553582-1001_Classes\CLSID\{BBF9FDF1-52DC-11D0-8C04-0800090BE8EC}\localserver32 -> C:\Program Files\Autodesk\Inventor 2014\Bin\Inventor.exe (Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-2261460588-3622448717-587553582-1001_Classes\CLSID\{BC71DEA1-D6FB-48B8-AB06-D151C81BBCDD}\InprocServer32 -> axdb.dll => Keine Datei
CustomCLSID: HKU\S-1-5-21-2261460588-3622448717-587553582-1001_Classes\CLSID\{BE54741D-E02B-4572-93D6-105AF4EDE777}\InprocServer32 -> C:\Program Files\Autodesk\Inventor 2014\Bin\ServiceModule.dll (Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-2261460588-3622448717-587553582-1001_Classes\CLSID\{BF224DC3-B602-4EEE-BFE9-9E4E0AED6837}\InprocServer32 -> axdb.dll => Keine Datei
CustomCLSID: HKU\S-1-5-21-2261460588-3622448717-587553582-1001_Classes\CLSID\{BF4CC07E-E9BB-40D6-873F-855B211033B9}\InprocServer32 -> axdb.dll => Keine Datei
CustomCLSID: HKU\S-1-5-21-2261460588-3622448717-587553582-1001_Classes\CLSID\{C061C82C-D041-4214-BB07-B608107CEFCB}\InprocServer32 -> axdb.dll => Keine Datei
CustomCLSID: HKU\S-1-5-21-2261460588-3622448717-587553582-1001_Classes\CLSID\{C2D4ACCC-A3D1-4A0A-AD59-0DD8BA3D5EE1}\InprocServer32 -> axdb.dll => Keine Datei
CustomCLSID: HKU\S-1-5-21-2261460588-3622448717-587553582-1001_Classes\CLSID\{C343ED84-A129-11d3-B799-0060B0F159EF}\InprocServer32 -> C:\Program Files\Autodesk\Inventor 2014\Bin\RxApprenticeServer.dll (Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-2261460588-3622448717-587553582-1001_Classes\CLSID\{C8C18F89-794D-466B-8B97-95634D9890EF}\InprocServer32 -> axdb.dll => Keine Datei
CustomCLSID: HKU\S-1-5-21-2261460588-3622448717-587553582-1001_Classes\CLSID\{C8EC7647-1E79-4F13-81D7-2EED803D0D22}\InprocServer32 -> axdb.dll => Keine Datei
CustomCLSID: HKU\S-1-5-21-2261460588-3622448717-587553582-1001_Classes\CLSID\{C92F8F8C-8B2C-11d4-B872-0060B0EC020B}\InprocServer32 -> C:\Program Files\Autodesk\Inventor 2014\Bin\DtBridge.dll (Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-2261460588-3622448717-587553582-1001_Classes\CLSID\{CC23CA32-9892-4FBA-A108-FE31CA0F35A6}\InprocServer32 -> axdb.dll => Keine Datei
CustomCLSID: HKU\S-1-5-21-2261460588-3622448717-587553582-1001_Classes\CLSID\{CD865713-70D6-4E15-BB7B-9B99AD9DEB85}\InprocServer32 -> axdb.dll => Keine Datei
CustomCLSID: HKU\S-1-5-21-2261460588-3622448717-587553582-1001_Classes\CLSID\{CFEE2BAF-14F9-4D23-853D-B6E2BCC14263}\InprocServer32 -> C:\Program Files\Autodesk\Inventor 2014\Bin\ServiceModule.dll (Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-2261460588-3622448717-587553582-1001_Classes\CLSID\{D56F5AB3-9C4D-4F1A-A851-A671D9FE8C22}\InprocServer32 -> AcETransmit.dll => Keine Datei
CustomCLSID: HKU\S-1-5-21-2261460588-3622448717-587553582-1001_Classes\CLSID\{D66873EA-AAE5-41CC-8DD2-8CE3228E9F89}\InprocServer32 -> axdb.dll => Keine Datei
CustomCLSID: HKU\S-1-5-21-2261460588-3622448717-587553582-1001_Classes\CLSID\{D7A1987D-4A73-11D1-9A4B-080009DCE505}\InprocServer32 -> C:\Program Files\Autodesk\Inventor 2014\Bin\ColorButton.Ocx (Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-2261460588-3622448717-587553582-1001_Classes\CLSID\{D7A1987E-4A73-11D1-9A4B-080009DCE505}\InprocServer32 -> C:\Program Files\Autodesk\Inventor 2014\Bin\ColorButton.Ocx (Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-2261460588-3622448717-587553582-1001_Classes\CLSID\{D86B6C47-11F2-4D95-B635-EA575F0892FC}\InprocServer32 -> axdb.dll => Keine Datei
CustomCLSID: HKU\S-1-5-21-2261460588-3622448717-587553582-1001_Classes\CLSID\{DA1F437C-9BD9-11d4-B87C-0060B0EC020B}\InprocServer32 -> C:\Program Files\Autodesk\Inventor 2014\Bin\DtBridge.dll (Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-2261460588-3622448717-587553582-1001_Classes\CLSID\{DB207560-8449-4FAF-BDC2-61676EB012D4}\InprocServer32 -> axdb.dll => Keine Datei
CustomCLSID: HKU\S-1-5-21-2261460588-3622448717-587553582-1001_Classes\CLSID\{DB5D476B-3FF4-4E9D-A606-1E2B473BE571}\InprocServer32 -> C:\Program Files\Autodesk\Inventor 2014\Bin\AcInetUI.dll (Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-2261460588-3622448717-587553582-1001_Classes\CLSID\{DCA7356C-FF94-4b20-AE04-7AA6A8E14117}\InprocServer32 -> C:\Program Files\Autodesk\Inventor 2014\Bin\ServiceModule.dll (Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-2261460588-3622448717-587553582-1001_Classes\CLSID\{DDA9A20F-5B56-49F5-9465-CE82FC199352}\InprocServer32 -> C:\Program Files\Autodesk\Inventor 2014\Bin\ServiceModule.dll (Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-2261460588-3622448717-587553582-1001_Classes\CLSID\{DE6B563C-B074-4BF1-A8A0-B3FED8703E99}\InprocServer32 -> C:\Program Files\Autodesk\Inventor 2014\Bin\ServiceModule.dll (Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-2261460588-3622448717-587553582-1001_Classes\CLSID\{DE74F5AD-DA2F-429F-BAF9-850A2808D585}\InprocServer32 -> axdb.dll => Keine Datei
CustomCLSID: HKU\S-1-5-21-2261460588-3622448717-587553582-1001_Classes\CLSID\{DF6525C2-6358-4B07-813D-708120C5FE1A}\InprocServer32 -> axdb.dll => Keine Datei
CustomCLSID: HKU\S-1-5-21-2261460588-3622448717-587553582-1001_Classes\CLSID\{E177A457-9EAA-43C3-A3CE-84874A28F6CA}\InprocServer32 -> axdb.dll => Keine Datei
CustomCLSID: HKU\S-1-5-21-2261460588-3622448717-587553582-1001_Classes\CLSID\{E1C85E9F-60B2-4007-80C3-2C5E09474C3B}\InprocServer32 -> C:\Program Files\Autodesk\Inventor 2014\Bin\RxInventorUtilities.dll (Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-2261460588-3622448717-587553582-1001_Classes\CLSID\{E29F6C45-6927-4508-8F3F-34105FD3FC5F}\InprocServer32 -> axdb.dll => Keine Datei
CustomCLSID: HKU\S-1-5-21-2261460588-3622448717-587553582-1001_Classes\CLSID\{E4222C78-3670-4BB1-9AD4-7D8F3E581F2D}\InprocServer32 -> axdb.dll => Keine Datei
CustomCLSID: HKU\S-1-5-21-2261460588-3622448717-587553582-1001_Classes\CLSID\{E5B0515D-48D2-4F04-906D-0192ED65A2DD}\InprocServer32 -> C:\Program Files\Autodesk\Inventor 2014\Bin\TestServer.dll (Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-2261460588-3622448717-587553582-1001_Classes\CLSID\{E60F81E1-49B3-11D0-93C3-7E0706000000}\localserver32 -> C:\Program Files\Autodesk\Inventor 2014\Bin\Inventor.exe (Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-2261460588-3622448717-587553582-1001_Classes\CLSID\{E70DE962-842A-4488-9481-1D0FD72A020F}\InprocServer32 -> axdb.dll => Keine Datei
CustomCLSID: HKU\S-1-5-21-2261460588-3622448717-587553582-1001_Classes\CLSID\{E9C07CEC-7B82-49E4-BBA2-7533B88E9D64}\InprocServer32 -> axdb.dll => Keine Datei
CustomCLSID: HKU\S-1-5-21-2261460588-3622448717-587553582-1001_Classes\CLSID\{EA34A0C0-5CE7-4701-A6FA-117D25CD5EBB}\InprocServer32 -> axdb.dll => Keine Datei
CustomCLSID: HKU\S-1-5-21-2261460588-3622448717-587553582-1001_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Users\Lorenz\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2261460588-3622448717-587553582-1001_Classes\CLSID\{EF01D98A-747B-4522-AD70-991B90855DBF}\InprocServer32 -> axdb.dll => Keine Datei
CustomCLSID: HKU\S-1-5-21-2261460588-3622448717-587553582-1001_Classes\CLSID\{F13E75B9-6AF6-49CB-80B3-6D2FF6E09932}\InprocServer32 -> C:\Program Files\Autodesk\Inventor 2014\Bin\ServiceModule.dll (Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-2261460588-3622448717-587553582-1001_Classes\CLSID\{F196F03F-651A-43AF-BE34-D11942F24445}\InprocServer32 -> axdb.dll => Keine Datei
CustomCLSID: HKU\S-1-5-21-2261460588-3622448717-587553582-1001_Classes\CLSID\{F2DB0EE3-7137-4CB0-8349-483C4FF2143A}\InprocServer32 -> axdb.dll => Keine Datei
CustomCLSID: HKU\S-1-5-21-2261460588-3622448717-587553582-1001_Classes\CLSID\{F40E2FF0-4D77-40B2-9A44-A3AEECCE8EFF}\InprocServer32 -> axdb.dll => Keine Datei
CustomCLSID: HKU\S-1-5-21-2261460588-3622448717-587553582-1001_Classes\CLSID\{F5522F0C-962A-48AC-9992-E81B07628F1F}\InprocServer32 -> axdb.dll => Keine Datei
CustomCLSID: HKU\S-1-5-21-2261460588-3622448717-587553582-1001_Classes\CLSID\{F61064CC-DBFB-47ee-9BC8-CA5A1CBDF0DA}\InprocServer32 -> C:\Program Files\Autodesk\Inventor 2014\Bin\InvResc.dll (Autodesk)
CustomCLSID: HKU\S-1-5-21-2261460588-3622448717-587553582-1001_Classes\CLSID\{F78DCF7C-043D-45FC-9D21-676FC307BA3F}\InprocServer32 -> axdb.dll => Keine Datei
CustomCLSID: HKU\S-1-5-21-2261460588-3622448717-587553582-1001_Classes\CLSID\{F868EAEC-1B73-4F5E-BA73-90EBA94E75BE}\InprocServer32 -> axdb.dll => Keine Datei
CustomCLSID: HKU\S-1-5-21-2261460588-3622448717-587553582-1001_Classes\CLSID\{FA62F626-EBD5-4dc5-B970-D9E81E0E20E0}\InprocServer32 -> C:\Program Files\Autodesk\Inventor 2014\Bin\ServiceModule.dll (Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-2261460588-3622448717-587553582-1001_Classes\CLSID\{FA97F7A7-FD19-4D55-ABF2-CFEFFF777426}\InprocServer32 -> axdb.dll => Keine Datei
CustomCLSID: HKU\S-1-5-21-2261460588-3622448717-587553582-1001_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Lorenz\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2261460588-3622448717-587553582-1001_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Lorenz\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2261460588-3622448717-587553582-1001_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Lorenz\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2261460588-3622448717-587553582-1001_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Lorenz\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2261460588-3622448717-587553582-1001_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Lorenz\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2261460588-3622448717-587553582-1001_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Lorenz\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2261460588-3622448717-587553582-1001_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Lorenz\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2261460588-3622448717-587553582-1001_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Lorenz\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2261460588-3622448717-587553582-1001_Classes\CLSID\{FB469644-3F14-4403-ACCA-6B13486FF7BD}\localserver32 -> C:\Program Files\Autodesk\Inventor 2014\Bin\InvTXTStack.exe (Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-2261460588-3622448717-587553582-1001_Classes\CLSID\{FBC9D74C-AF55-4309-9FB2-C426E071637F}\InprocServer32 -> C:\Users\Lorenz\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2261460588-3622448717-587553582-1001_Classes\CLSID\{FD51ED8A-D518-4554-B236-B6E9D234FD03}\InprocServer32 -> axdb.dll => Keine Datei
CustomCLSID: HKU\S-1-5-21-2261460588-3622448717-587553582-1001_Classes\CLSID\{FE054BB2-AF94-40AC-88AA-2F59F7018B1D}\InprocServer32 -> axdb.dll => Keine Datei
CustomCLSID: HKU\S-1-5-21-2261460588-3622448717-587553582-1001_Classes\CLSID\{FE317223-8EDE-4684-B424-E48B9EA90220}\InprocServer32 -> axdb.dll => Keine Datei
CustomCLSID: HKU\S-1-5-21-2261460588-3622448717-587553582-1001_Classes\CLSID\{FE718E8F-C3AA-4F30-9103-432450CF1DA1}\InprocServer32 -> axdb.dll => Keine Datei
==================== Wiederherstellungspunkte =========================
ACHTUNG: Systemwiederherstellung ist deaktiviert
==================== Hosts Inhalt: ===============================
(Wenn benötigt kann der Hosts: Schalter in die Fixlist aufgenommen werden um die Hosts Datei zurückzusetzen.)
2013-08-22 14:25 - 2015-11-23 19:57 - 00000827 ____A C:\WINDOWS\system32\Drivers\etc\hosts
==================== Geplante Aufgaben (Nicht auf der Ausnahmeliste) =============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
Task: {039F6EB5-4845-4C63-B3AB-3F412038FA62} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> Keine Datei <==== ACHTUNG
Task: {2B9B6351-4C3C-4FED-976E-DA0863AE0375} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [2015-10-28] (Microsoft Corporation)
Task: {33558449-0525-454D-976F-8308A02F1638} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> Keine Datei <==== ACHTUNG
Task: {37CC279E-827F-43F4-9ACD-CA3E31FCB974} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> Keine Datei <==== ACHTUNG
Task: {3E7139DA-4E7F-461E-8E8F-49E15060BDBD} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> Keine Datei <==== ACHTUNG
Task: {4031F68F-5425-4686-9A94-CDC0206B94BC} - System32\Tasks\Adobe Flash Player Updater => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-11-11] (Adobe Systems Incorporated)
Task: {43DEF1AA-17E0-47EC-B39F-2534BD28BB56} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-31] (Google Inc.)
Task: {4832373B-5E2E-4096-8D52-F712E71B6BA0} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2015-10-13] (Microsoft Corporation)
Task: {511740AA-7566-4115-9538-9B8AFC8CD08C} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-2261460588-3622448717-587553582-1001UA => C:\Users\Lorenz\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2015-06-17] (Dropbox, Inc.)
Task: {5F5410AD-C646-4D57-A50C-0E5E79DCCFDC} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> Keine Datei <==== ACHTUNG
Task: {6E058F59-CD31-4977-A597-BC889BC9B98F} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonx86\Microsoft Shared\OFFICE15\OLicenseHeartbeat.exe [2015-10-13] (Microsoft Corporation)
Task: {6F494FC1-A7D5-4279-9E1D-E84746778DB0} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2015-08-26] (Apple Inc.)
Task: {7326A39C-D206-4567-92F7-745098983A8D} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> Keine Datei <==== ACHTUNG
Task: {73B51674-63FA-4B40-9453-12EBD4467C6A} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-10-28] (Adobe Systems Incorporated)
Task: {7B7C48A3-90B6-4293-9F3A-A96834DE5E5C} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [2015-10-28] (Microsoft Corporation)
Task: {816C1BF6-56B9-43F4-B29F-49DBF13ED960} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2015-10-13] (Microsoft Corporation)
Task: {817037CD-BE00-4D9E-A87F-75886B2726F2} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> Keine Datei <==== ACHTUNG
Task: {82DFDB81-F803-419B-8274-7773E2E2AA30} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2015-11-22] (Microsoft Corporation)
Task: {A70DA316-A26D-4FA2-A06A-145B4CB89C93} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-2261460588-3622448717-587553582-1001Core => C:\Users\Lorenz\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2015-06-17] (Dropbox, Inc.)
Task: {B4B9D3E7-C3C0-40F9-98DD-5E47D4F8E4F6} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> Keine Datei <==== ACHTUNG
Task: {BECD6D2B-63EC-477F-843F-F90B0AC698E1} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-31] (Google Inc.)
Task: {C8D7FD22-B50F-4E17-8D6B-1199D62810CD} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> Keine Datei <==== ACHTUNG
Task: {C96F067A-C8FD-46FD-BB12-A3AD515BFF85} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> Keine Datei <==== ACHTUNG
Task: {CD3D0700-523A-46B5-94A9-5452AEA6BB08} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> Keine Datei <==== ACHTUNG
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Aufgabe verschoben. Die Datei, die durch die Aufgabe gestartet wird, wird nicht verschoben.)
Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskUserS-1-5-21-2261460588-3622448717-587553582-1001Core.job => C:\Users\Lorenz\AppData\Local\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskUserS-1-5-21-2261460588-3622448717-587553582-1001UA.job => C:\Users\Lorenz\AppData\Local\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
==================== Verknüpfungen =============================
(Die Einträge können gelistet werden, um sie zurückzusetzen oder zu entfernen.)
ShortcutWithArgument: C:\Users\Lorenz\Desktop\Autodesk Inventor 2014 jetzt installieren.lnk -> C:\Autodesk\Autodesk_Inventor_2014_German_64bit_wi_de-DE\Setup.exe (Autodesk, Inc.) -> /URL "hxxp://edutrial.autodesk.com/SWDLDNET3/2014/INVNTOR/WI/Autodesk_Inventor_2014_German_64bit_wi_de-DE_Setup.exe?dummy=0" /skipPI /SN 900-64758105 /PK 797F1 /akamai <==== ACHTUNG
ShortcutWithArgument: C:\Users\Lorenz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Autodesk\Autodesk Inventor 2014 jetzt installieren.lnk -> C:\Autodesk\Autodesk_Inventor_2014_German_64bit_wi_de-DE\Setup.exe (Autodesk, Inc.) -> /URL "hxxp://edutrial.autodesk.com/SWDLDNET3/2014/INVNTOR/WI/Autodesk_Inventor_2014_German_64bit_wi_de-DE_Setup.exe?dummy=0" /skipPI /SN 900-64758105 /PK 797F1 /akamai <==== ACHTUNG
==================== Geladene Module (Nicht auf der Ausnahmeliste) ==============
2015-10-30 08:18 - 2015-10-30 08:18 - 00185856 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll
2015-10-13 05:45 - 2015-10-13 05:45 - 00085800 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2015-10-13 05:45 - 2015-10-13 05:45 - 01328912 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2012-12-07 18:27 - 2012-12-07 18:27 - 00167424 _____ () C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
2014-10-14 23:54 - 2015-10-13 04:34 - 00105640 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll
2015-10-30 08:17 - 2015-10-30 08:17 - 02652784 _____ () C:\WINDOWS\System32\CoreUIComponents.dll
2013-02-05 00:21 - 2013-02-05 00:21 - 00124448 _____ () C:\Program Files\Autodesk\Autodesk Sync\QJson.dll
2013-02-05 00:21 - 2013-02-05 00:21 - 00045088 _____ () C:\Program Files\Autodesk\Autodesk Sync\QtSolutions_MFCMigrationFramework_Ad_2.dll
2013-02-05 00:21 - 2013-02-05 00:21 - 00056352 _____ () C:\Program Files\Autodesk\Autodesk Sync\qoauth_Ad_1.dll
2013-02-05 00:21 - 2013-02-05 00:21 - 00937504 _____ () C:\Program Files\Autodesk\Autodesk Sync\qca_Ad_2.dll
2015-10-30 08:17 - 2015-10-30 08:17 - 02652784 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
2015-10-30 08:17 - 2015-10-30 08:17 - 00093696 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\Windows.UI.Shell.SharedUtilities.dll
2015-10-30 08:17 - 2015-10-30 08:17 - 00472064 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\QuickActions.dll
2015-10-30 08:18 - 2015-10-30 19:46 - 08005632 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2015-10-30 08:18 - 2015-10-30 19:46 - 00591360 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2015-10-30 08:18 - 2015-10-30 19:46 - 02483200 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2015-10-30 08:18 - 2015-10-30 19:46 - 04089856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2015-11-19 01:59 - 2015-11-19 01:59 - 09074176 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsStore_2015.23.23.0_x64__8wekyb3d8bbwe\WinStore.Entertainment.Mobile.dll
2015-11-19 01:59 - 2015-11-19 01:59 - 02416640 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsStore_2015.23.23.0_x64__8wekyb3d8bbwe\MS.Entertainment.Common.Mobile.dll
2015-12-02 12:04 - 2015-12-02 12:05 - 01905152 _____ () C:\Program Files\WindowsApps\Microsoft.CommsPhone_1.10.23004.0_x64__8wekyb3d8bbwe\CallsApp.exe
2015-12-02 12:04 - 2015-12-02 12:05 - 03501056 _____ () C:\Program Files\WindowsApps\Microsoft.CommsPhone_1.10.23004.0_x64__8wekyb3d8bbwe\CallsCore.dll
2015-12-02 12:04 - 2015-12-02 12:05 - 00366592 _____ () C:\Program Files\WindowsApps\Microsoft.CommsPhone_1.10.23004.0_x64__8wekyb3d8bbwe\CallsPresenters.dll
2015-12-02 12:04 - 2015-12-02 12:05 - 00334848 _____ () C:\Program Files\WindowsApps\Microsoft.CommsPhone_1.10.23004.0_x64__8wekyb3d8bbwe\PersonPicture.UAP.dll
2015-12-02 12:11 - 2015-12-02 12:11 - 00014336 _____ () C:\Program Files\WindowsApps\Microsoft.ConnectivityStore_1.1511.2.0_x64__8wekyb3d8bbwe\ConnectivityStore.Windows.exe
2015-12-02 12:11 - 2015-12-02 12:11 - 05351424 _____ () C:\Program Files\WindowsApps\Microsoft.ConnectivityStore_1.1511.2.0_x64__8wekyb3d8bbwe\ConnectivityStore.Windows.dll
2015-12-03 08:49 - 2015-12-03 08:49 - 00144384 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_1.11.19004.0_x86__8wekyb3d8bbwe\SkypeHost.exe
2015-10-30 08:18 - 2015-10-30 08:18 - 00218456 _____ () c:\windows\system32\WerEtw.dll
2015-12-03 09:14 - 2015-12-03 09:21 - 00380416 _____ () C:\Users\Lorenz\Downloads\Gmer-19357.exe
2015-09-23 18:43 - 2015-09-23 18:43 - 00063376 _____ () C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\zlib1.dll
2014-10-11 12:06 - 2014-10-11 12:06 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2015-10-13 05:45 - 2015-10-13 05:45 - 00237328 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxslt.dll
2015-10-13 05:46 - 2015-10-13 05:46 - 01040144 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2014-11-12 23:00 - 2014-11-12 23:00 - 00316576 _____ () C:\Program Files\Microsoft Office 15\root\office15\AppVIsvStream32.dll
2015-10-01 19:15 - 2015-11-05 00:44 - 00166416 _____ () C:\Users\Lorenz\AppData\Roaming\Dropbox\bin\EnterpriseDataAdapter.dll
2015-12-02 11:39 - 2015-12-02 11:39 - 00071168 _____ () c:\users\lorenz\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpesyusy.dll
2015-03-04 22:45 - 2015-09-03 01:11 - 00012800 _____ () C:\Users\Lorenz\AppData\Roaming\Dropbox\bin\QtQuick.2\qtquick2plugin.dll
2015-03-04 22:45 - 2015-09-03 01:11 - 00779776 _____ () C:\Users\Lorenz\AppData\Roaming\Dropbox\bin\QtQuick\Controls\qtquickcontrolsplugin.dll
2015-07-30 07:12 - 2015-09-03 01:11 - 00056320 _____ () C:\Users\Lorenz\AppData\Roaming\Dropbox\bin\QtQuick\Layouts\qquicklayoutsplugin.dll
2015-03-04 22:45 - 2015-09-03 01:11 - 00012288 _____ () C:\Users\Lorenz\AppData\Roaming\Dropbox\bin\QtQuick\Window.2\windowplugin.dll
2014-11-12 23:01 - 2014-11-12 23:01 - 00316576 _____ () C:\Program Files\Microsoft Office 15\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\AppVIsvStream32.dll
2015-12-03 08:49 - 2015-12-03 08:49 - 00152064 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_1.11.19004.0_x86__8wekyb3d8bbwe\SkypeBackgroundTasks.dll
2015-12-03 08:49 - 2015-12-03 08:49 - 18906624 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_1.11.19004.0_x86__8wekyb3d8bbwe\SkyWrap.dll
2014-11-12 23:00 - 2014-11-12 23:00 - 00316576 _____ () C:\Program Files\Microsoft Office 15\Root\Office15\AppVIsvStream32.dll
==================== Alternate Data Streams (Nicht auf der Ausnahmeliste) =========
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird nur der ADS entfernt.)
AlternateDataStreams: C:\1f9e1aa180442c629e102706db656d1b:Win32App
AlternateDataStreams: C:\a0fe25edd4b6d65c24:Win32App
AlternateDataStreams: C:\b8eba2e3714cffccfa:Win32App
AlternateDataStreams: C:\b9dd9ab158415c954a9a:Win32App
AlternateDataStreams: C:\d2e532d7f27ca77f1292ff:Win32App
AlternateDataStreams: C:\Program Files\Autodesk:Win32App
AlternateDataStreams: C:\Program Files\Bonjour:Win32App
AlternateDataStreams: C:\Program Files\GIMP 2:Win32App
AlternateDataStreams: C:\Program Files\Microsoft Office 15:Win32App
AlternateDataStreams: C:\Program Files\WinRAR:Win32App
AlternateDataStreams: C:\Program Files (x86)\Apple Software Update:Win32App
AlternateDataStreams: C:\Program Files (x86)\Bonjour:Win32App
AlternateDataStreams: C:\Program Files (x86)\DVDVideoSoft:Win32App
AlternateDataStreams: C:\Program Files (x86)\ElsterFormular:Win32App
AlternateDataStreams: C:\Program Files (x86)\MatheGrafix:Win32App
AlternateDataStreams: C:\Program Files (x86)\PDF Architect 2:Win32App
AlternateDataStreams: C:\Program Files (x86)\QuickTime:Win32App
AlternateDataStreams: C:\Program Files (x86)\SCM Microsystems:Win32App
AlternateDataStreams: C:\Program Files\Common Files\Autodesk Shared:Win32App
AlternateDataStreams: C:\ProgramData\Autodesk:Win32App
AlternateDataStreams: C:\Users\Lorenz\Desktop\OpenOffice 4.1.1 (de) Installation Files:Win32App
==================== Abgesicherter Modus (Nicht auf der Ausnahmeliste) ===================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Der Wert "AlternateShell" wird wiederhergestellt.)
==================== EXE Verknüpfungen (Nicht auf der Ausnahmeliste) ===============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt.)
==================== Internet Explorer Vertrauenswürdig/Eingeschränkt ===============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt.)
==================== Andere Bereiche ============================
(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)
HKU\S-1-5-21-2261460588-3622448717-587553582-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Lorenz\AppData\Local\Microsoft\Windows\Themes\RoamedThemeFiles\DesktopBackground\desktop-hintergrund.bmp
DNS Servers: Datenträger ist nicht mit dem Internet verbunden.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall ist aktiviert.
==================== MSCONFIG/TASK MANAGER Deaktivierte Einträge ==
(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)
HKLM\...\StartupApproved\StartupFolder: => "phase-6 Reminder.lnk"
HKLM\...\StartupApproved\Run32: => "Wondershare Helper Compact.exe"
HKU\S-1-5-21-2261460588-3622448717-587553582-1001\...\StartupApproved\Run: => "Spotify Web Helper"
==================== Firewall Regeln (Nicht auf der Ausnahmeliste) ===============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{DD19F24D-207E-4CC0-83E5-3C68E491BE61}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\UcMapi.exe
FirewallRules: [{9F6D0BE4-F7F8-4B48-A5CF-D885E981495E}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\UcMapi.exe
FirewallRules: [{D334F619-823E-4AFA-B666-3E1ECB0A51C0}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\Lync.exe
FirewallRules: [{1AF95BEF-E4EC-4B90-BDAC-4E1EF9461102}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\Lync.exe
FirewallRules: [{A2691B81-1557-4B43-90AE-0534AF6B0E79}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{EAA5309B-8E01-4188-8367-11CB9C2C57B6}] => (Block) C:\users\lorenz\appdata\local\akamai\netsession_win.exe
FirewallRules: [{271011FA-6897-4938-968F-2C8A61263B8E}] => (Block) C:\users\lorenz\appdata\local\akamai\netsession_win.exe
FirewallRules: [UDP Query User{0246E737-F210-4303-8CDB-38A9E6956945}C:\users\lorenz\appdata\local\akamai\netsession_win.exe] => (Allow) C:\users\lorenz\appdata\local\akamai\netsession_win.exe
FirewallRules: [TCP Query User{208DB9BF-AB99-42AC-8D4F-AA984323AD5D}C:\users\lorenz\appdata\local\akamai\netsession_win.exe] => (Allow) C:\users\lorenz\appdata\local\akamai\netsession_win.exe
FirewallRules: [{2A974E81-B00A-4EE8-8F45-76141B3F492A}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{E94C5AD9-9A1A-496E-B237-954B015E584C}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{A1F11245-4345-435D-990F-507C68F01371}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{A7D4CA0A-B178-4425-96C1-FC92B903B146}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{DEF0628C-D018-444A-8FFD-A7574455FECB}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{8BE30D93-935C-49A9-9551-EEE5DBE595FD}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{82125D68-5920-4FB4-95BA-63F4B741B17C}] => (Allow) C:\Program Files (x86)\devolo\dlan\devolonetsvc.exe
FirewallRules: [{2558D83A-093C-4634-95C7-18734146105A}] => (Allow) C:\Program Files (x86)\devolo\dlan\devolonetsvc.exe
FirewallRules: [{DC9F84A5-8B09-42FB-B270-5766923DE8CF}] => (Allow) C:\Users\Lorenz\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe
FirewallRules: [{8C0AE940-DDA7-4819-9DAD-9EC06024EC90}] => (Allow) C:\Users\Lorenz\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{FB0415CB-EE95-45A8-AFA5-6DC5224D630D}] => (Allow) C:\Users\Lorenz\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [TCP Query User{18E208C2-6B54-40F8-A18C-DC31C9EF65CA}C:\windows\system32\mobsync.exe] => (Allow) C:\windows\system32\mobsync.exe
FirewallRules: [UDP Query User{9BBB0B8D-81E5-4E5C-8C07-DD8BCF09614C}C:\windows\system32\mobsync.exe] => (Allow) C:\windows\system32\mobsync.exe
FirewallRules: [{035E752C-8929-4356-A336-8708B5E07B10}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{DE37742D-08E2-40D2-A0EE-B0137913AB05}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{EECC559B-F91F-4CF1-9A5C-2DE3F3F7DF08}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{3C0D20EC-0776-49FC-AAEC-6AA270FA2603}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [TCP Query User{EDD1B7FF-38D2-499D-B992-2DBCE248BC05}C:\program files\common files\microsoft shared\ink\tabtip.exe] => (Allow) C:\program files\common files\microsoft shared\ink\tabtip.exe
FirewallRules: [UDP Query User{B1FF283D-0AC5-43E6-B012-7D7C2BF33208}C:\program files\common files\microsoft shared\ink\tabtip.exe] => (Allow) C:\program files\common files\microsoft shared\ink\tabtip.exe
FirewallRules: [{38E988C7-DF39-41E3-BB8F-A4BD10FAFD05}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{CAFC1B1D-E36B-4FBB-8E04-940705A5AEAC}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [TCP Query User{4534D099-5AA1-422C-A3B3-C4AF97D64ABD}C:\program files (x86)\mozilla firefox\firefox.exe] => (Allow) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [UDP Query User{90B2B3E9-9E92-436E-BA5E-5B6147FBBC0A}C:\program files (x86)\mozilla firefox\firefox.exe] => (Allow) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [TCP Query User{9E930DCB-5A8B-43CF-814C-271FAC42B139}C:\users\lorenz\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\lorenz\appdata\roaming\spotify\spotify.exe
FirewallRules: [UDP Query User{526BAA18-DF10-4C84-BF25-E1199B0B3299}C:\users\lorenz\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\lorenz\appdata\roaming\spotify\spotify.exe
FirewallRules: [TCP Query User{DD0EA4D1-2B3F-4249-B58B-79DF2C26D11C}C:\users\lorenz\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\lorenz\appdata\roaming\spotify\spotify.exe
FirewallRules: [UDP Query User{B7C2E08F-BC7A-48FC-9FEC-90534CAAC6A6}C:\users\lorenz\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\lorenz\appdata\roaming\spotify\spotify.exe
FirewallRules: [TCP Query User{86367DB9-8D62-4E58-83E3-4BEDC4AC285C}C:\users\lorenz\appdata\roaming\dropbox\bin\dropbox.exe] => (Allow) C:\users\lorenz\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [UDP Query User{CB62D506-C6A6-46AA-886C-F044EC2C69C0}C:\users\lorenz\appdata\roaming\dropbox\bin\dropbox.exe] => (Allow) C:\users\lorenz\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [{5F48521F-95A7-4ED7-93E8-CCF0DE5B8259}] => (Allow) C:\Program Files (x86)\DVDVideoSoft\Free Torrent Download\FreeTorrentDownload.exe
FirewallRules: [{FF7BE876-1477-48AE-B747-47DB71D9F896}] => (Allow) C:\Program Files (x86)\DVDVideoSoft\Free Torrent Download\FreeTorrentDownload.exe
FirewallRules: [{58325CAA-5393-4F48-8BC4-2DE1971FDCF4}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\outlook.exe
FirewallRules: [TCP Query User{72F84FBF-AD0B-4BDF-B1E0-5DCF52200BAA}C:\program files (x86)\wondershare\mobilego for android\mobilegoservice.exe] => (Allow) C:\program files (x86)\wondershare\mobilego for android\mobilegoservice.exe
FirewallRules: [UDP Query User{9D0539FF-5A10-4BB2-AC57-31997B6ABB13}C:\program files (x86)\wondershare\mobilego for android\mobilegoservice.exe] => (Allow) C:\program files (x86)\wondershare\mobilego for android\mobilegoservice.exe
FirewallRules: [TCP Query User{D327CD0E-E249-42CA-9885-10399A67085E}C:\program files (x86)\wondershare\mobilego for android\mobilegoservice.exe] => (Block) C:\program files (x86)\wondershare\mobilego for android\mobilegoservice.exe
FirewallRules: [UDP Query User{9A89E5B5-5C57-427C-A71F-3D924E2DC4C7}C:\program files (x86)\wondershare\mobilego for android\mobilegoservice.exe] => (Block) C:\program files (x86)\wondershare\mobilego for android\mobilegoservice.exe
FirewallRules: [TCP Query User{45CD64E6-5878-4602-BA2B-CFFB28385294}C:\windows\system32\settingsynchost.exe] => (Allow) C:\windows\system32\settingsynchost.exe
FirewallRules: [UDP Query User{87265AFE-12DF-455C-9780-34D09DA6EAC2}C:\windows\system32\settingsynchost.exe] => (Allow) C:\windows\system32\settingsynchost.exe
==================== Fehlerhafte Geräte im Gerätemanager =============
==================== Fehlereinträge in der Ereignisanzeige: =========================
Applikationsfehler:
==================
Error: (12/03/2015 09:22:01 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: Gmer-19357.exe, Version: 2.1.19357.0, Zeitstempel: 0x52e7ea83
Name des fehlerhaften Moduls: Gmer-19357.exe, Version: 2.1.19357.0, Zeitstempel: 0x52e7ea83
Ausnahmecode: 0xc0000005
Fehleroffset: 0x000011aa
ID des fehlerhaften Prozesses: 0x4c
Startzeit der fehlerhaften Anwendung: 0xGmer-19357.exe0
Pfad der fehlerhaften Anwendung: Gmer-19357.exe1
Pfad des fehlerhaften Moduls: Gmer-19357.exe2
Berichtskennung: Gmer-19357.exe3
Vollständiger Name des fehlerhaften Pakets: Gmer-19357.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: Gmer-19357.exe5
Error: (12/02/2015 11:58:55 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 1125
Error: (12/02/2015 11:58:55 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 1125
Error: (12/02/2015 11:58:55 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
Error: (12/02/2015 00:06:18 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: LOLLOSURFACE)
Description: Bei der Aktivierung der App „Microsoft.WindowsPhone_8wekyb3d8bbwe!CompanionApp.App“ ist folgender Fehler aufgetreten: -2147024770. Weitere Informationen finden Sie im Protokoll „Microsoft-Windows-TWinUI/Betriebsbereit“.
Error: (12/02/2015 00:00:49 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: LOLLOSURFACE)
Description: Bei der Aktivierung der App „Microsoft.WindowsPhone_8wekyb3d8bbwe!CompanionApp.App“ ist folgender Fehler aufgetreten: -2147024770. Weitere Informationen finden Sie im Protokoll „Microsoft-Windows-TWinUI/Betriebsbereit“.
Error: (12/02/2015 00:00:05 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: LOLLOSURFACE)
Description: Bei der Aktivierung der App „Microsoft.WindowsPhone_8wekyb3d8bbwe!CompanionApp.App“ ist folgender Fehler aufgetreten: -2147024770. Weitere Informationen finden Sie im Protokoll „Microsoft-Windows-TWinUI/Betriebsbereit“.
Error: (12/02/2015 11:53:34 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: LOLLOSURFACE)
Description: Bei der Aktivierung der App „Microsoft.WindowsPhone_8wekyb3d8bbwe!CompanionApp.App“ ist folgender Fehler aufgetreten: -2147024770. Weitere Informationen finden Sie im Protokoll „Microsoft-Windows-TWinUI/Betriebsbereit“.
Error: (12/02/2015 11:48:14 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: LOLLOSURFACE)
Description: Bei der Aktivierung der App „Microsoft.WindowsPhone_8wekyb3d8bbwe!CompanionApp.App“ ist folgender Fehler aufgetreten: -2147024770. Weitere Informationen finden Sie im Protokoll „Microsoft-Windows-TWinUI/Betriebsbereit“.
Error: (12/02/2015 11:43:33 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: LOLLOSURFACE)
Description: Bei der Aktivierung der App „Microsoft.WindowsPhone_8wekyb3d8bbwe!CompanionApp.App“ ist folgender Fehler aufgetreten: -2147024770. Weitere Informationen finden Sie im Protokoll „Microsoft-Windows-TWinUI/Betriebsbereit“.
Systemfehler:
=============
Error: (12/03/2015 08:48:28 AM) (Source: DCOM) (EventID: 10010) (User: NT-AUTORITÄT)
Description: {784E29F4-5EBE-4279-9948-1E8FE941646D}
Error: (12/03/2015 08:41:30 AM) (Source: DCOM) (EventID: 10010) (User: NT-AUTORITÄT)
Description: {784E29F4-5EBE-4279-9948-1E8FE941646D}
Error: (12/02/2015 11:34:53 PM) (Source: DCOM) (EventID: 10010) (User: LOLLOSURFACE)
Description: {9A4948D9-13FC-4FAC-B60A-FBA6EE0FB11C}
Error: (12/02/2015 11:22:37 PM) (Source: DCOM) (EventID: 10010) (User: NT-AUTORITÄT)
Description: {7006698D-2974-4091-A424-85DD0B909E23}
Error: (12/02/2015 09:33:12 PM) (Source: DCOM) (EventID: 10010) (User: LOLLOSURFACE)
Description: {1A1F4206-0688-4E7F-BE03-D82EC69DF9A5}
Error: (12/02/2015 09:31:00 PM) (Source: DCOM) (EventID: 10010) (User: LOLLOSURFACE)
Description: {9A4948D9-13FC-4FAC-B60A-FBA6EE0FB11C}
Error: (12/02/2015 09:31:00 PM) (Source: DCOM) (EventID: 10010) (User: LOLLOSURFACE)
Description: {1A1F4206-0688-4E7F-BE03-D82EC69DF9A5}
Error: (12/02/2015 08:22:02 PM) (Source: DCOM) (EventID: 10010) (User: LOLLOSURFACE)
Description: {1A1F4206-0688-4E7F-BE03-D82EC69DF9A5}
Error: (12/02/2015 08:12:00 PM) (Source: DCOM) (EventID: 10010) (User: LOLLOSURFACE)
Description: {9A4948D9-13FC-4FAC-B60A-FBA6EE0FB11C}
Error: (12/02/2015 07:58:53 PM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT)
Description: AnwendungsspezifischLokalAktivierung{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT-AUTORITÄTSYSTEMS-1-5-18LocalHost (unter Verwendung von LRPC)Nicht verfügbarNicht verfügbar
CodeIntegrity:
===================================
Date: 2015-12-02 11:44:15.196
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.
Date: 2015-12-02 11:30:19.272
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.
Date: 2015-12-02 11:30:15.674
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.
Date: 2015-12-02 11:18:06.852
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.
==================== Speicherinformationen ===========================
Prozessor: Intel(R) Core(TM) i5-4300U CPU @ 1.90GHz
Prozentuale Nutzung des RAM: 72%
Installierter physikalischer RAM: 4001.07 MB
Verfügbarer physikalischer RAM: 1106.56 MB
Summe virtueller Speicher: 7713.07 MB
Verfügbarer virtueller Speicher: 3784.48 MB
==================== Laufwerke ================================
Drive c: (Windows) (Fixed) (Total:113.05 GB) (Free:14.84 GB) NTFS
Drive g: (Seagate Expansion Drive) (Fixed) (Total:1863.01 GB) (Free:1792.21 GB) NTFS
==================== MBR & Partitionstabelle ==================
========================================================
Disk: 0 (Size: 119.2 GB) (Disk ID: FCD318ED)
Partition: GPT.
Attempted reading MBR returned 0 bytes.
Could not read MBR for disk 1.
==================== Ende von Addition.txt ============================
|
|
04.12.2015, 15:05
| #4 |
| /// the machine /// TB-Ausbilder | Trojaner eBay&email Hack vom PC entfernen hi, Downloade dir bitte  Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.
Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers Downloade dir bitte  TDSSKiller.exe und speichere diese Datei auf dem Desktop
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
04.12.2015, 17:59
| #5 |
| | Trojaner eBay&email Hack vom PC entfernen Hallo schrauber, danke für deine Hilfe. Hier die beiden logfiles: 1.Malwarebytes Anti-Rootkit Code:
ATTFilter Malwarebytes Anti-Rootkit BETA 1.9.3.1001
www.malwarebytes.org
Database version:
main: v2015.12.04.03
rootkit: v2015.11.26.01
Windows 10 x64 NTFS
Internet Explorer 11.11.10586.0
Lorenz :: LOLLOSURFACE [administrator]
04.12.2015 17:34:44
mbar-log-2015-12-04 (17-34-44).txt
Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled:
Objects scanned: 379755
Time elapsed: 11 minute(s), 38 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
Physical Sectors Detected: 0
(No malicious items detected)
(end)
Code:
ATTFilter 17:54:28.0310 0x16ac TDSS rootkit removing tool 3.1.0.7 Nov 29 2015 22:37:04
17:54:28.0310 0x16ac UEFI system
17:54:32.0045 0x16ac ============================================================
17:54:32.0045 0x16ac Current date / time: 2015/12/04 17:54:32.0045
17:54:32.0045 0x16ac SystemInfo:
17:54:32.0047 0x16ac
17:54:32.0047 0x16ac OS Version: 10.0.10586 ServicePack: 0.0
17:54:32.0047 0x16ac Product type: Workstation
17:54:32.0047 0x16ac ComputerName: LOLLOSURFACE
17:54:32.0047 0x16ac UserName: Lorenz
17:54:32.0047 0x16ac Windows directory: C:\WINDOWS
17:54:32.0047 0x16ac System windows directory: C:\WINDOWS
17:54:32.0047 0x16ac Running under WOW64
17:54:32.0047 0x16ac Processor architecture: Intel x64
17:54:32.0047 0x16ac Number of processors: 4
17:54:32.0047 0x16ac Page size: 0x1000
17:54:32.0047 0x16ac Boot type: Normal boot
17:54:32.0047 0x16ac ============================================================
17:54:32.0336 0x16ac KLMD registered as C:\WINDOWS\system32\drivers\28437521.sys
17:54:32.0820 0x16ac System UUID: {968AF6B3-001E-A7BA-9277-8CFA4F563D7F}
17:54:39.0074 0x16ac Drive \Device\Harddisk1\DR2 - Size: 0x1D1C1115000 ( 1863.02 Gb ), SectorSize: 0x1000, Cylinders: 0x76C0, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
17:54:39.0121 0x16ac Drive \Device\Harddisk0\DR0 - Size: 0x1DCF856000 ( 119.24 Gb ), SectorSize: 0x200, Cylinders: 0x3CCE, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
17:54:39.0166 0x16ac Drive \Device\Harddisk1\DR2 - Size: 0x1D1C1115000 ( 1863.02 Gb ), SectorSize: 0x1000, Cylinders: 0x76C0, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
17:54:39.0180 0x16ac ============================================================
17:54:39.0180 0x16ac \Device\Harddisk1\DR2:
17:54:39.0181 0x16ac MBR partitions:
17:54:39.0181 0x16ac \Device\Harddisk1\DR2\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x1D1C0915
17:54:39.0181 0x16ac \Device\Harddisk0\DR0:
17:54:39.0182 0x16ac GPT partitions:
17:54:39.0184 0x16ac \Device\Harddisk0\DR0\Partition1: GPT, TypeGUID: {DE94BBA4-06D1-4D40-A16A-BFD50179D6AC}, UniqueGUID: {6A25F400-4AE8-4BA1-A393-4593F9044E99}, Name: Basic data partition, StartLBA 0x800, BlocksNum 0xB4000
17:54:39.0184 0x16ac \Device\Harddisk0\DR0\Partition2: GPT, TypeGUID: {C12A7328-F81F-11D2-BA4B-00A0C93EC93B}, UniqueGUID: {7EBE2721-0B89-4A77-928B-242CAFFF2F52}, Name: EFI system partition, StartLBA 0xB4800, BlocksNum 0x64000
17:54:39.0184 0x16ac \Device\Harddisk0\DR0\Partition3: GPT, TypeGUID: {E3C9E316-0B5C-4DB8-817D-F92DF00215AE}, UniqueGUID: {04157608-BC00-4FF0-B346-078E440C5F6D}, Name: Microsoft reserved partition, StartLBA 0x118800, BlocksNum 0x40000
17:54:39.0184 0x16ac \Device\Harddisk0\DR0\Partition4: GPT, TypeGUID: {EBD0A0A2-B9E5-4433-87C0-68B6B72699C7}, UniqueGUID: {0C47CE9C-C752-49DD-A16D-C0C7F2C8BD68}, Name: Basic data partition, StartLBA 0x158800, BlocksNum 0xE21A800
17:54:39.0184 0x16ac \Device\Harddisk0\DR0\Partition5: GPT, TypeGUID: {DE94BBA4-06D1-4D40-A16A-BFD50179D6AC}, UniqueGUID: {EB239154-EDA5-48B3-86B1-1C385DAD7A25}, Name: , StartLBA 0xE373000, BlocksNum 0xE1000
17:54:39.0184 0x16ac \Device\Harddisk0\DR0\Partition6: GPT, TypeGUID: {DE94BBA4-06D1-4D40-A16A-BFD50179D6AC}, UniqueGUID: {76973FC5-5A2E-4D2C-884F-F28C4F887842}, Name: Basic data partition, StartLBA 0xE454000, BlocksNum 0xA28000
17:54:39.0184 0x16ac MBR partitions:
17:54:39.0184 0x16ac \Device\Harddisk1\DR2:
17:54:39.0185 0x16ac MBR partitions:
17:54:39.0185 0x16ac \Device\Harddisk1\DR2\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x1D1C0915
17:54:39.0185 0x16ac ============================================================
17:54:39.0261 0x16ac G: <-> \Device\Harddisk1\DR2\Partition1
17:54:39.0261 0x16ac ============================================================
17:54:39.0261 0x16ac Initialize success
17:54:39.0261 0x16ac ============================================================
17:55:25.0048 0x22e4 ============================================================
17:55:25.0048 0x22e4 Scan started
17:55:25.0048 0x22e4 Mode: Manual; SigCheck; TDLFS;
17:55:25.0048 0x22e4 ============================================================
17:55:25.0048 0x22e4 KSN ping started
17:55:27.0448 0x22e4 KSN ping finished: true
17:55:33.0108 0x22e4 ================ Scan system memory ========================
17:55:33.0108 0x22e4 System memory - ok
17:55:33.0109 0x22e4 ================ Scan services =============================
17:55:33.0131 0x22e4 1394ohci - ok
17:55:33.0137 0x22e4 3ware - ok
17:55:33.0146 0x22e4 ACPI - ok
17:55:33.0152 0x22e4 acpiex - ok
17:55:33.0160 0x22e4 acpipagr - ok
17:55:33.0165 0x22e4 AcpiPmi - ok
17:55:33.0173 0x22e4 acpitime - ok
17:55:33.0181 0x22e4 acsock - ok
17:55:33.0190 0x22e4 AdobeARMservice - ok
17:55:33.0196 0x22e4 AdobeFlashPlayerUpdateSvc - ok
17:55:33.0206 0x22e4 ADP80XX - ok
17:55:33.0216 0x22e4 AFD - ok
17:55:33.0221 0x22e4 agp440 - ok
17:55:33.0232 0x22e4 ahcache - ok
17:55:33.0238 0x22e4 AJRouter - ok
17:55:33.0245 0x22e4 ALG - ok
17:55:33.0252 0x22e4 AmdK8 - ok
17:55:33.0259 0x22e4 AmdPPM - ok
17:55:33.0266 0x22e4 amdsata - ok
17:55:33.0273 0x22e4 amdsbs - ok
17:55:33.0282 0x22e4 amdxata - ok
17:55:33.0287 0x22e4 AntiVirMailService - ok
17:55:33.0299 0x22e4 AntiVirSchedulerService - ok
17:55:33.0306 0x22e4 AntiVirService - ok
17:55:33.0315 0x22e4 AntiVirWebService - ok
17:55:33.0323 0x22e4 AppID - ok
17:55:33.0335 0x22e4 AppIDSvc - ok
17:55:33.0346 0x22e4 Appinfo - ok
17:55:33.0361 0x22e4 Apple Mobile Device Service - ok
17:55:33.0370 0x22e4 AppMgmt - ok
17:55:33.0380 0x22e4 AppReadiness - ok
17:55:33.0390 0x22e4 AppXSvc - ok
17:55:33.0400 0x22e4 arcsas - ok
17:55:33.0410 0x22e4 AsyncMac - ok
17:55:33.0418 0x22e4 atapi - ok
17:55:33.0427 0x22e4 AudioEndpointBuilder - ok
17:55:33.0435 0x22e4 Audiosrv - ok
17:55:33.0443 0x22e4 avgntflt - ok
17:55:33.0450 0x22e4 avipbb - ok
17:55:33.0456 0x22e4 Avira.ServiceHost - ok
17:55:33.0465 0x22e4 avkmgr - ok
17:55:33.0477 0x22e4 avnetflt - ok
17:55:33.0484 0x22e4 AxInstSV - ok
17:55:33.0492 0x22e4 b06bdrv - ok
17:55:33.0499 0x22e4 BasicDisplay - ok
17:55:33.0505 0x22e4 BasicRender - ok
17:55:33.0516 0x22e4 bcmfn - ok
17:55:33.0525 0x22e4 bcmfn2 - ok
17:55:33.0532 0x22e4 BDESVC - ok
17:55:33.0540 0x22e4 Beep - ok
17:55:33.0546 0x22e4 BFE - ok
17:55:33.0553 0x22e4 BITS - ok
17:55:33.0562 0x22e4 Bonjour Service - ok
17:55:33.0568 0x22e4 bowser - ok
17:55:33.0577 0x22e4 BrokerInfrastructure - ok
17:55:33.0584 0x22e4 Browser - ok
17:55:33.0596 0x22e4 BthA2DP - ok
17:55:33.0603 0x22e4 BthAvrcpTg - ok
17:55:33.0611 0x22e4 BthEnum - ok
17:55:33.0619 0x22e4 BthHFAud - ok
17:55:33.0627 0x22e4 BthHFEnum - ok
17:55:33.0636 0x22e4 bthhfhid - ok
17:55:33.0644 0x22e4 BthHFSrv - ok
17:55:33.0650 0x22e4 BthLEEnum - ok
17:55:33.0658 0x22e4 BTHMODEM - ok
17:55:33.0666 0x22e4 BthPan - ok
17:55:33.0675 0x22e4 BTHPORT - ok
17:55:33.0684 0x22e4 bthserv - ok
17:55:33.0692 0x22e4 BTHUSB - ok
17:55:33.0699 0x22e4 buttonconverter - ok
17:55:33.0706 0x22e4 CapImg - ok
17:55:33.0714 0x22e4 cdfs - ok
17:55:33.0721 0x22e4 CDPSvc - ok
17:55:33.0735 0x22e4 cdrom - ok
17:55:33.0745 0x22e4 CertPropSvc - ok
17:55:33.0753 0x22e4 circlass - ok
17:55:33.0764 0x22e4 CLFS - ok
17:55:33.0773 0x22e4 ClickToRunSvc - ok
17:55:33.0784 0x22e4 ClipSVC - ok
17:55:33.0813 0x22e4 CmBatt - ok
17:55:33.0820 0x22e4 CNG - ok
17:55:33.0831 0x22e4 cnghwassist - ok
17:55:33.0847 0x22e4 CompositeBus - ok
17:55:33.0857 0x22e4 COMSysApp - ok
17:55:33.0867 0x22e4 condrv - ok
17:55:33.0877 0x22e4 CoreMessagingRegistrar - ok
17:55:33.0893 0x22e4 cphs - ok
17:55:33.0905 0x22e4 CryptSvc - ok
17:55:33.0915 0x22e4 CSC - ok
17:55:33.0925 0x22e4 CscService - ok
17:55:33.0935 0x22e4 dam - ok
17:55:33.0948 0x22e4 DcomLaunch - ok
17:55:33.0956 0x22e4 DcpSvc - ok
17:55:33.0969 0x22e4 defragsvc - ok
17:55:33.0980 0x22e4 DeviceAssociationService - ok
17:55:33.0988 0x22e4 DeviceInstall - ok
17:55:33.0999 0x22e4 DevoloNetworkService - ok
17:55:34.0008 0x22e4 DevQueryBroker - ok
17:55:34.0016 0x22e4 Dfsc - ok
17:55:34.0026 0x22e4 dg_ssudbus - ok
17:55:34.0036 0x22e4 Dhcp - ok
17:55:34.0048 0x22e4 diagnosticshub.standardcollector.service - ok
17:55:34.0056 0x22e4 DiagTrack - ok
17:55:34.0078 0x22e4 disk - ok
17:55:34.0087 0x22e4 DmEnrollmentSvc - ok
17:55:34.0098 0x22e4 dmvsc - ok
17:55:34.0110 0x22e4 dmwappushservice - ok
17:55:34.0119 0x22e4 Dnscache - ok
17:55:34.0134 0x22e4 dot3svc - ok
17:55:34.0143 0x22e4 DPS - ok
17:55:34.0152 0x22e4 drmkaud - ok
17:55:34.0162 0x22e4 DsmSvc - ok
17:55:34.0172 0x22e4 DsSvc - ok
17:55:34.0182 0x22e4 DXGKrnl - ok
17:55:34.0193 0x22e4 Eaphost - ok
17:55:34.0203 0x22e4 ebdrv - ok
17:55:34.0219 0x22e4 EFS - ok
17:55:34.0229 0x22e4 EhStorClass - ok
17:55:34.0237 0x22e4 EhStorTcgDrv - ok
17:55:34.0246 0x22e4 embeddedmode - ok
17:55:34.0252 0x22e4 EntAppSvc - ok
17:55:34.0259 0x22e4 ErrDev - ok
17:55:34.0276 0x22e4 EventSystem - ok
17:55:34.0282 0x22e4 exfat - ok
17:55:34.0289 0x22e4 fastfat - ok
17:55:34.0297 0x22e4 Fax - ok
17:55:34.0305 0x22e4 fdc - ok
17:55:34.0314 0x22e4 fdPHost - ok
17:55:34.0322 0x22e4 FDResPub - ok
17:55:34.0330 0x22e4 fhsvc - ok
17:55:34.0337 0x22e4 FileCrypt - ok
17:55:34.0347 0x22e4 FileInfo - ok
17:55:34.0355 0x22e4 Filetrace - ok
17:55:34.0364 0x22e4 FlexNet Licensing Service 64 - ok
17:55:34.0370 0x22e4 flpydisk - ok
17:55:34.0379 0x22e4 FltMgr - ok
17:55:34.0385 0x22e4 FontCache - ok
17:55:34.0393 0x22e4 FontCache3.0.0.0 - ok
17:55:34.0399 0x22e4 FsDepends - ok
17:55:34.0408 0x22e4 Fs_Rec - ok
17:55:34.0416 0x22e4 fvevol - ok
17:55:34.0422 0x22e4 gagp30kx - ok
17:55:34.0431 0x22e4 GEARAspiWDM - ok
17:55:34.0440 0x22e4 gencounter - ok
17:55:34.0449 0x22e4 genericusbfn - ok
17:55:34.0455 0x22e4 GPIOClx0101 - ok
17:55:34.0464 0x22e4 gpsvc - ok
17:55:34.0471 0x22e4 GpuEnergyDrv - ok
17:55:34.0479 0x22e4 gupdate - ok
17:55:34.0486 0x22e4 gupdatem - ok
17:55:34.0497 0x22e4 HDAudBus - ok
17:55:34.0504 0x22e4 HidBatt - ok
17:55:34.0513 0x22e4 HidBth - ok
17:55:34.0520 0x22e4 hidi2c - ok
17:55:34.0529 0x22e4 hidinterrupt - ok
17:55:34.0536 0x22e4 HidIr - ok
17:55:34.0544 0x22e4 hidserv - ok
17:55:34.0551 0x22e4 HidUsb - ok
17:55:34.0558 0x22e4 HomeGroupListener - ok
17:55:34.0566 0x22e4 HomeGroupProvider - ok
17:55:34.0573 0x22e4 HpSAMD - ok
17:55:34.0583 0x22e4 HtcVCom32 - ok
17:55:34.0591 0x22e4 HTTP - ok
17:55:34.0602 0x22e4 hwpolicy - ok
17:55:34.0612 0x22e4 hyperkbd - ok
17:55:34.0619 0x22e4 i8042prt - ok
17:55:34.0627 0x22e4 iai2c - ok
17:55:34.0633 0x22e4 iaLPSS2i_I2C - ok
17:55:34.0643 0x22e4 iaLPSSi_GPIO - ok
17:55:34.0655 0x22e4 iaLPSSi_I2C - ok
17:55:34.0664 0x22e4 iaLPSS_GPIO - ok
17:55:34.0672 0x22e4 iaLPSS_I2C - ok
17:55:34.0681 0x22e4 iaStorAV - ok
17:55:34.0688 0x22e4 iaStorV - ok
17:55:34.0698 0x22e4 ibbus - ok
17:55:34.0706 0x22e4 icssvc - ok
17:55:34.0718 0x22e4 IEEtwCollectorService - ok
17:55:34.0728 0x22e4 igfx - ok
17:55:34.0737 0x22e4 IKEEXT - ok
17:55:34.0747 0x22e4 intaud_WaveExtensible - ok
17:55:34.0754 0x22e4 IntcAzAudAddService - ok
17:55:34.0766 0x22e4 IntcDAud - ok
17:55:34.0776 0x22e4 intelide - ok
17:55:34.0783 0x22e4 intelpep - ok
17:55:34.0790 0x22e4 intelppm - ok
17:55:34.0798 0x22e4 IoQos - ok
17:55:34.0806 0x22e4 IpFilterDriver - ok
17:55:34.0814 0x22e4 iphlpsvc - ok
17:55:34.0821 0x22e4 IPMIDRV - ok
17:55:34.0828 0x22e4 IPNAT - ok
17:55:34.0836 0x22e4 IRENUM - ok
17:55:34.0845 0x22e4 isapnp - ok
17:55:34.0853 0x22e4 iScsiPrt - ok
17:55:34.0862 0x22e4 iwdbus - ok
17:55:34.0872 0x22e4 kbdclass - ok
17:55:34.0884 0x22e4 kbdhid - ok
17:55:34.0893 0x22e4 kdnic - ok
17:55:34.0900 0x22e4 KeyIso - ok
17:55:34.0907 0x22e4 KSecDD - ok
17:55:34.0915 0x22e4 KSecPkg - ok
17:55:34.0922 0x22e4 ksthunk - ok
17:55:34.0932 0x22e4 KtmRm - ok
17:55:34.0939 0x22e4 LanmanServer - ok
17:55:34.0947 0x22e4 LanmanWorkstation - ok
17:55:34.0961 0x22e4 lfsvc - ok
17:55:34.0968 0x22e4 LicenseManager - ok
17:55:34.0980 0x22e4 lltdio - ok
17:55:34.0990 0x22e4 lltdsvc - ok
17:55:34.0999 0x22e4 lmhosts - ok
17:55:35.0012 0x22e4 LSI_SAS - ok
17:55:35.0020 0x22e4 LSI_SAS2i - ok
17:55:35.0032 0x22e4 LSI_SAS3i - ok
17:55:35.0041 0x22e4 LSI_SSS - ok
17:55:35.0050 0x22e4 LSM - ok
17:55:35.0058 0x22e4 luafv - ok
17:55:35.0068 0x22e4 MapsBroker - ok
17:55:35.0079 0x22e4 megasas - ok
17:55:35.0089 0x22e4 megasr - ok
17:55:35.0102 0x22e4 MEIx64 - ok
17:55:35.0113 0x22e4 MessagingService - ok
17:55:35.0132 0x22e4 mitsijm2014 - ok
17:55:35.0144 0x22e4 mlx4_bus - ok
17:55:35.0154 0x22e4 MMCSS - ok
17:55:35.0164 0x22e4 Modem - ok
17:55:35.0173 0x22e4 monitor - ok
17:55:35.0182 0x22e4 mouclass - ok
17:55:35.0195 0x22e4 mouhid - ok
17:55:35.0204 0x22e4 mountmgr - ok
17:55:35.0220 0x22e4 MozillaMaintenance - ok
17:55:35.0233 0x22e4 mpsdrv - ok
17:55:35.0244 0x22e4 MpsSvc - ok
17:55:35.0255 0x22e4 mrvlpcie8897 - ok
17:55:35.0266 0x22e4 MRxDAV - ok
17:55:35.0275 0x22e4 mrxsmb - ok
17:55:35.0286 0x22e4 mrxsmb10 - ok
17:55:35.0295 0x22e4 mrxsmb20 - ok
17:55:35.0306 0x22e4 MsBridge - ok
17:55:35.0318 0x22e4 MSDTC - ok
17:55:35.0336 0x22e4 Msfs - ok
17:55:35.0346 0x22e4 msgpiowin32 - ok
17:55:35.0359 0x22e4 mshidkmdf - ok
17:55:35.0370 0x22e4 mshidumdf - ok
17:55:35.0382 0x22e4 msisadrv - ok
17:55:35.0389 0x22e4 MSiSCSI - ok
17:55:35.0398 0x22e4 msiserver - ok
17:55:35.0410 0x22e4 MSKSSRV - ok
17:55:35.0419 0x22e4 MsLldp - ok
17:55:35.0428 0x22e4 MSPCLOCK - ok
17:55:35.0437 0x22e4 MSPQM - ok
17:55:35.0445 0x22e4 MsRPC - ok
17:55:35.0457 0x22e4 mssmbios - ok
17:55:35.0465 0x22e4 MSTEE - ok
17:55:35.0472 0x22e4 MTConfig - ok
17:55:35.0488 0x22e4 Mup - ok
17:55:35.0496 0x22e4 mvumis - ok
17:55:35.0508 0x22e4 NativeWifiP - ok
17:55:35.0519 0x22e4 NcaSvc - ok
17:55:35.0530 0x22e4 NcbService - ok
17:55:35.0538 0x22e4 NcdAutoSetup - ok
17:55:35.0549 0x22e4 ndfltr - ok
17:55:35.0558 0x22e4 NDIS - ok
17:55:35.0568 0x22e4 NdisCap - ok
17:55:35.0580 0x22e4 NdisImPlatform - ok
17:55:35.0600 0x22e4 NdisTapi - ok
17:55:35.0612 0x22e4 Ndisuio - ok
17:55:35.0620 0x22e4 NdisVirtualBus - ok
17:55:35.0630 0x22e4 NdisWan - ok
17:55:35.0638 0x22e4 ndiswanlegacy - ok
17:55:35.0647 0x22e4 ndproxy - ok
17:55:35.0655 0x22e4 Ndu - ok
17:55:35.0665 0x22e4 NetBIOS - ok
17:55:35.0678 0x22e4 NetBT - ok
17:55:35.0687 0x22e4 Netlogon - ok
17:55:35.0697 0x22e4 Netman - ok
17:55:35.0705 0x22e4 netprofm - ok
17:55:35.0714 0x22e4 NetSetupSvc - ok
17:55:35.0723 0x22e4 NetTcpPortSharing - ok
17:55:35.0742 0x22e4 NgcCtnrSvc - ok
17:55:35.0752 0x22e4 NgcSvc - ok
17:55:35.0764 0x22e4 NlaSvc - ok
17:55:35.0774 0x22e4 Npfs - ok
17:55:35.0784 0x22e4 NPF_devolo - ok
17:55:35.0792 0x22e4 npsvctrig - ok
17:55:35.0803 0x22e4 nsi - ok
17:55:35.0814 0x22e4 nsiproxy - ok
17:55:35.0830 0x22e4 NTFS - ok
17:55:35.0842 0x22e4 Null - ok
17:55:35.0853 0x22e4 nvraid - ok
17:55:35.0863 0x22e4 nvstor - ok
17:55:35.0873 0x22e4 nv_agp - ok
17:55:35.0883 0x22e4 OneSyncSvc - ok
17:55:35.0902 0x22e4 ose - ok
17:55:35.0912 0x22e4 p2pimsvc - ok
17:55:35.0922 0x22e4 p2psvc - ok
17:55:35.0936 0x22e4 Parport - ok
17:55:35.0945 0x22e4 partmgr - ok
17:55:35.0952 0x22e4 PassThru Service - ok
17:55:35.0965 0x22e4 PcaSvc - ok
17:55:35.0976 0x22e4 pci - ok
17:55:35.0986 0x22e4 pciide - ok
17:55:35.0996 0x22e4 pcmcia - ok
17:55:36.0004 0x22e4 pcw - ok
17:55:36.0013 0x22e4 pdc - ok
17:55:36.0022 0x22e4 PDF Architect 2 - ok
17:55:36.0033 0x22e4 pdfforge CrashHandler - ok
17:55:36.0042 0x22e4 PEAUTH - ok
17:55:36.0051 0x22e4 PeerDistSvc - ok
17:55:36.0062 0x22e4 percsas2i - ok
17:55:36.0070 0x22e4 percsas3i - ok
17:55:36.0085 0x22e4 PerfHost - ok
17:55:36.0113 0x22e4 PhoneSvc - ok
17:55:36.0121 0x22e4 PimIndexMaintenanceSvc - ok
17:55:36.0139 0x22e4 pla - ok
17:55:36.0148 0x22e4 PlugPlay - ok
17:55:36.0155 0x22e4 PNRPAutoReg - ok
17:55:36.0166 0x22e4 PNRPsvc - ok
17:55:36.0174 0x22e4 PolicyAgent - ok
17:55:36.0190 0x22e4 Power - ok
17:55:36.0200 0x22e4 PptpMiniport - ok
17:55:36.0211 0x22e4 PrintNotify - ok
17:55:36.0222 0x22e4 Processor - ok
17:55:36.0234 0x22e4 ProfSvc - ok
17:55:36.0242 0x22e4 Psched - ok
17:55:36.0250 0x22e4 QWAVE - ok
17:55:36.0257 0x22e4 QWAVEdrv - ok
17:55:36.0265 0x22e4 RasAcd - ok
17:55:36.0274 0x22e4 RasAgileVpn - ok
17:55:36.0283 0x22e4 RasAuto - ok
17:55:36.0290 0x22e4 Rasl2tp - ok
17:55:36.0301 0x22e4 RasMan - ok
17:55:36.0310 0x22e4 RasPppoe - ok
17:55:36.0319 0x22e4 RasSstp - ok
17:55:36.0329 0x22e4 rdbss - ok
17:55:36.0342 0x22e4 rdpbus - ok
17:55:36.0352 0x22e4 RDPDR - ok
17:55:36.0373 0x22e4 RdpVideoMiniport - ok
17:55:36.0386 0x22e4 rdyboost - ok
17:55:36.0396 0x22e4 ReFSv1 - ok
17:55:36.0409 0x22e4 RemoteAccess - ok
17:55:36.0418 0x22e4 RemoteRegistry - ok
17:55:36.0427 0x22e4 RetailDemo - ok
17:55:36.0436 0x22e4 RFCOMM - ok
17:55:36.0445 0x22e4 RpcEptMapper - ok
17:55:36.0452 0x22e4 RpcLocator - ok
17:55:36.0461 0x22e4 RpcSs - ok
17:55:36.0470 0x22e4 rspndr - ok
17:55:36.0483 0x22e4 RSUSBSTOR - ok
17:55:36.0491 0x22e4 s3cap - ok
17:55:36.0500 0x22e4 SamSs - ok
17:55:36.0509 0x22e4 sbp2port - ok
17:55:36.0518 0x22e4 SCardSvr - ok
17:55:36.0525 0x22e4 ScDeviceEnum - ok
17:55:36.0533 0x22e4 scfilter - ok
17:55:36.0540 0x22e4 Schedule - ok
17:55:36.0547 0x22e4 SCL01164 - ok
17:55:36.0555 0x22e4 SCPolicySvc - ok
17:55:36.0563 0x22e4 sdbus - ok
17:55:36.0570 0x22e4 SDRSVC - ok
17:55:36.0576 0x22e4 sdstor - ok
17:55:36.0584 0x22e4 seclogon - ok
17:55:36.0591 0x22e4 SENS - ok
17:55:36.0604 0x22e4 SensorDataService - ok
17:55:36.0617 0x22e4 SensorService - ok
17:55:36.0623 0x22e4 SensorsHIDClassDriver - ok
17:55:36.0632 0x22e4 SensrSvc - ok
17:55:36.0639 0x22e4 SerCx - ok
17:55:36.0648 0x22e4 SerCx2 - ok
17:55:36.0655 0x22e4 Serenum - ok
17:55:36.0664 0x22e4 Serial - ok
17:55:36.0673 0x22e4 sermouse - ok
17:55:36.0697 0x22e4 SessionEnv - ok
17:55:36.0707 0x22e4 sfloppy - ok
17:55:36.0717 0x22e4 SharedAccess - ok
17:55:36.0726 0x22e4 ShellHWDetection - ok
17:55:36.0736 0x22e4 SiSRaid2 - ok
17:55:36.0747 0x22e4 SiSRaid4 - ok
17:55:36.0756 0x22e4 smphost - ok
17:55:36.0769 0x22e4 SmsRouter - ok
17:55:36.0788 0x22e4 SNMPTRAP - ok
17:55:36.0800 0x22e4 spaceport - ok
17:55:36.0811 0x22e4 SpbCx - ok
17:55:36.0820 0x22e4 Spooler - ok
17:55:36.0830 0x22e4 sppsvc - ok
17:55:36.0839 0x22e4 srv - ok
17:55:36.0855 0x22e4 srv2 - ok
17:55:36.0865 0x22e4 srvnet - ok
17:55:36.0875 0x22e4 SSDPSRV - ok
17:55:36.0888 0x22e4 SstpSvc - ok
17:55:36.0897 0x22e4 StateRepository - ok
17:55:36.0908 0x22e4 stexstor - ok
17:55:36.0920 0x22e4 stisvc - ok
17:55:36.0931 0x22e4 storahci - ok
17:55:36.0941 0x22e4 storflt - ok
17:55:36.0952 0x22e4 stornvme - ok
17:55:36.0963 0x22e4 storqosflt - ok
17:55:36.0974 0x22e4 StorSvc - ok
17:55:36.0985 0x22e4 storufs - ok
17:55:36.0998 0x22e4 storvsc - ok
17:55:37.0010 0x22e4 SurfaceAccessoryDevice - ok
17:55:37.0021 0x22e4 SurfaceCapacitiveHomeButton - ok
17:55:37.0031 0x22e4 SurfaceDisplayCalibration - ok
17:55:37.0041 0x22e4 SurfaceIntegrationDriver - ok
17:55:37.0054 0x22e4 SurfacePciController - ok
17:55:37.0064 0x22e4 SurfacePenDriver - ok
17:55:37.0073 0x22e4 SurfaceTypeCover - ok
17:55:37.0085 0x22e4 SurfaceTypeCoverV3Integration - ok
17:55:37.0095 0x22e4 svsvc - ok
17:55:37.0107 0x22e4 swenum - ok
17:55:37.0119 0x22e4 swprv - ok
17:55:37.0131 0x22e4 Synth3dVsc - ok
17:55:37.0143 0x22e4 SysMain - ok
17:55:37.0156 0x22e4 SystemEventsBroker - ok
17:55:37.0168 0x22e4 TabletInputService - ok
17:55:37.0182 0x22e4 TapiSrv - ok
17:55:37.0192 0x22e4 Tcpip - ok
17:55:37.0202 0x22e4 Tcpip6 - ok
17:55:37.0218 0x22e4 tcpipreg - ok
17:55:37.0235 0x22e4 tdx - ok
17:55:37.0247 0x22e4 terminpt - ok
17:55:37.0258 0x22e4 TermService - ok
17:55:37.0268 0x22e4 Themes - ok
17:55:37.0291 0x22e4 TieringEngineService - ok
17:55:37.0303 0x22e4 tiledatamodelsvc - ok
17:55:37.0317 0x22e4 TimeBroker - ok
17:55:37.0329 0x22e4 TPM - ok
17:55:37.0338 0x22e4 TrkWks - ok
17:55:37.0356 0x22e4 TrueColor - ok
17:55:37.0368 0x22e4 TrustedInstaller - ok
17:55:37.0387 0x22e4 tsusbflt - ok
17:55:37.0398 0x22e4 TsUsbGD - ok
17:55:37.0408 0x22e4 tunnel - ok
17:55:37.0419 0x22e4 tzautoupdate - ok
17:55:37.0431 0x22e4 uagp35 - ok
17:55:37.0442 0x22e4 UASPStor - ok
17:55:37.0452 0x22e4 UcmCx0101 - ok
17:55:37.0464 0x22e4 UcmUcsi - ok
17:55:37.0475 0x22e4 Ucx01000 - ok
17:55:37.0486 0x22e4 UdeCx - ok
17:55:37.0497 0x22e4 udfs - ok
17:55:37.0509 0x22e4 UEFI - ok
17:55:37.0519 0x22e4 Ufx01000 - ok
17:55:37.0531 0x22e4 UfxChipidea - ok
17:55:37.0541 0x22e4 ufxsynopsys - ok
17:55:37.0566 0x22e4 UI0Detect - ok
17:55:37.0576 0x22e4 uliagpkx - ok
17:55:37.0586 0x22e4 umbus - ok
17:55:37.0606 0x22e4 UmPass - ok
17:55:37.0619 0x22e4 UmRdpService - ok
17:55:37.0631 0x22e4 UnistoreSvc - ok
17:55:37.0653 0x22e4 upnphost - ok
17:55:37.0663 0x22e4 UrsChipidea - ok
17:55:37.0677 0x22e4 UrsCx01000 - ok
17:55:37.0688 0x22e4 UrsSynopsys - ok
17:55:37.0698 0x22e4 usbccgp - ok
17:55:37.0708 0x22e4 usbcir - ok
17:55:37.0721 0x22e4 usbehci - ok
17:55:37.0733 0x22e4 usbhub - ok
17:55:37.0743 0x22e4 USBHUB3 - ok
17:55:37.0758 0x22e4 usbohci - ok
17:55:37.0770 0x22e4 usbprint - ok
17:55:37.0781 0x22e4 usbscan - ok
17:55:37.0792 0x22e4 usbser - ok
17:55:37.0804 0x22e4 USBSTOR - ok
17:55:37.0815 0x22e4 usbuhci - ok
17:55:37.0823 0x22e4 usbvideo - ok
17:55:37.0831 0x22e4 USBXHCI - ok
17:55:37.0839 0x22e4 UserDataSvc - ok
17:55:37.0859 0x22e4 UserManager - ok
17:55:37.0868 0x22e4 UsoSvc - ok
17:55:37.0875 0x22e4 VaultSvc - ok
17:55:37.0882 0x22e4 vdrvroot - ok
17:55:37.0893 0x22e4 vds - ok
17:55:37.0904 0x22e4 VerifierExt - ok
17:55:37.0912 0x22e4 vhdmp - ok
17:55:37.0921 0x22e4 vhf - ok
17:55:37.0931 0x22e4 vmbus - ok
17:55:37.0940 0x22e4 VMBusHID - ok
17:55:37.0949 0x22e4 vmicguestinterface - ok
17:55:37.0956 0x22e4 vmicheartbeat - ok
17:55:37.0964 0x22e4 vmickvpexchange - ok
17:55:37.0972 0x22e4 vmicrdv - ok
17:55:37.0979 0x22e4 vmicshutdown - ok
17:55:37.0987 0x22e4 vmictimesync - ok
17:55:37.0999 0x22e4 vmicvmsession - ok
17:55:38.0008 0x22e4 vmicvss - ok
17:55:38.0017 0x22e4 volmgr - ok
17:55:38.0026 0x22e4 volmgrx - ok
17:55:38.0038 0x22e4 volsnap - ok
17:55:38.0049 0x22e4 vpci - ok
17:55:38.0059 0x22e4 vpnagent - ok
17:55:38.0069 0x22e4 vpnva - ok
17:55:38.0076 0x22e4 vsmraid - ok
17:55:38.0086 0x22e4 VSS - ok
17:55:38.0094 0x22e4 VSTXRAID - ok
17:55:38.0103 0x22e4 vwifibus - ok
17:55:38.0111 0x22e4 vwififlt - ok
17:55:38.0121 0x22e4 vwifimp - ok
17:55:38.0133 0x22e4 W32Time - ok
17:55:38.0140 0x22e4 WacomPen - ok
17:55:38.0150 0x22e4 WalletService - ok
17:55:38.0158 0x22e4 wanarp - ok
17:55:38.0167 0x22e4 wanarpv6 - ok
17:55:38.0177 0x22e4 wbengine - ok
17:55:38.0189 0x22e4 WbioSrvc - ok
17:55:38.0201 0x22e4 Wcmsvc - ok
17:55:38.0210 0x22e4 wcncsvc - ok
17:55:38.0220 0x22e4 WcsPlugInService - ok
17:55:38.0235 0x22e4 WdBoot - ok
17:55:38.0253 0x22e4 Wdf01000 - ok
17:55:38.0266 0x22e4 WdFilter - ok
17:55:38.0276 0x22e4 WdiServiceHost - ok
17:55:38.0290 0x22e4 WdiSystemHost - ok
17:55:38.0299 0x22e4 wdiwifi - ok
17:55:38.0309 0x22e4 WdNisDrv - ok
17:55:38.0321 0x22e4 WdNisSvc - ok
17:55:38.0331 0x22e4 WebClient - ok
17:55:38.0338 0x22e4 Wecsvc - ok
17:55:38.0348 0x22e4 WEPHOSTSVC - ok
17:55:38.0358 0x22e4 wercplsupport - ok
17:55:38.0368 0x22e4 WerSvc - ok
17:55:38.0376 0x22e4 WFPLWFS - ok
17:55:38.0386 0x22e4 WiaRpc - ok
17:55:38.0398 0x22e4 WIMMount - ok
17:55:38.0414 0x22e4 WinDefend - ok
17:55:38.0431 0x22e4 WindowsTrustedRT - ok
17:55:38.0438 0x22e4 WindowsTrustedRTProxy - ok
17:55:38.0447 0x22e4 WinHttpAutoProxySvc - ok
17:55:38.0455 0x22e4 WinMad - ok
17:55:38.0464 0x22e4 Winmgmt - ok
17:55:38.0473 0x22e4 WinRM - ok
17:55:38.0489 0x22e4 WINUSB - ok
17:55:38.0498 0x22e4 WinVerbs - ok
17:55:38.0505 0x22e4 WlanSvc - ok
17:55:38.0514 0x22e4 wlidsvc - ok
17:55:38.0523 0x22e4 WmiAcpi - ok
17:55:38.0538 0x22e4 wmiApSrv - ok
17:55:38.0548 0x22e4 WMPNetworkSvc - ok
17:55:38.0555 0x22e4 Wof - ok
17:55:38.0568 0x22e4 workfolderssvc - ok
17:55:38.0575 0x22e4 wpcfltr - ok
17:55:38.0583 0x22e4 WPDBusEnum - ok
17:55:38.0588 0x22e4 WpdUpFltr - ok
17:55:38.0597 0x22e4 WpnService - ok
17:55:38.0605 0x22e4 ws2ifsl - ok
17:55:38.0611 0x22e4 wscsvc - ok
17:55:38.0619 0x22e4 WSearch - ok
17:55:38.0629 0x22e4 WSService - ok
17:55:38.0636 0x22e4 wuauserv - ok
17:55:38.0642 0x22e4 WudfPf - ok
17:55:38.0649 0x22e4 WUDFRd - ok
17:55:38.0655 0x22e4 wudfsvc - ok
17:55:38.0663 0x22e4 WUDFWpdFs - ok
17:55:38.0672 0x22e4 WwanSvc - ok
17:55:38.0682 0x22e4 XblAuthManager - ok
17:55:38.0692 0x22e4 XblGameSave - ok
17:55:38.0701 0x22e4 xboxgip - ok
17:55:38.0709 0x22e4 XboxNetApiSvc - ok
17:55:38.0718 0x22e4 xinputhid - ok
17:55:38.0727 0x22e4 ================ Scan global ===============================
17:55:38.0729 0x22e4 [ Global ] - ok
17:55:38.0731 0x22e4 ================ Scan MBR ==================================
17:55:38.0762 0x22e4 [ 5FB38429D5D77768867C76DCBDB35194 ] \Device\Harddisk1\DR2
17:55:38.0938 0x22e4 \Device\Harddisk1\DR2 - ok
17:55:38.0943 0x22e4 [ 5FB38429D5D77768867C76DCBDB35194 ] \Device\Harddisk0\DR0
17:55:38.0983 0x22e4 \Device\Harddisk0\DR0 - ok
17:55:38.0993 0x22e4 [ 5FB38429D5D77768867C76DCBDB35194 ] \Device\Harddisk1\DR2
17:55:39.0120 0x22e4 \Device\Harddisk1\DR2 - ok
17:55:39.0121 0x22e4 ================ Scan VBR ==================================
17:55:39.0125 0x22e4 [ 4ECF9AF7A2EFAE4E16C5C5F4F2B002E3 ] \Device\Harddisk1\DR2\Partition1
17:55:39.0129 0x22e4 \Device\Harddisk1\DR2\Partition1 - ok
17:55:39.0135 0x22e4 [ C8B3374466260F0E27CCB0D3C2E0831E ] \Device\Harddisk0\DR0\Partition1
17:55:39.0138 0x22e4 \Device\Harddisk0\DR0\Partition1 - ok
17:55:39.0141 0x22e4 [ 224CAA9855E58E76B442131467A3A63C ] \Device\Harddisk0\DR0\Partition2
17:55:39.0142 0x22e4 \Device\Harddisk0\DR0\Partition2 - ok
17:55:39.0149 0x22e4 [ B1E27AA018409DE6BFD73F8AFB883A65 ] \Device\Harddisk0\DR0\Partition3
17:55:39.0149 0x22e4 \Device\Harddisk0\DR0\Partition3 - ok
17:55:39.0153 0x22e4 [ 7CDBC9181AE2D62EB783770B607FBFAF ] \Device\Harddisk0\DR0\Partition4
17:55:39.0154 0x22e4 \Device\Harddisk0\DR0\Partition4 - ok
17:55:39.0158 0x22e4 [ 82C99D0436855A4C69CC297E03AA7D26 ] \Device\Harddisk0\DR0\Partition5
17:55:39.0161 0x22e4 \Device\Harddisk0\DR0\Partition5 - ok
17:55:39.0168 0x22e4 [ FD9142BB63FDDA84582D555E7E969ABD ] \Device\Harddisk0\DR0\Partition6
17:55:39.0170 0x22e4 \Device\Harddisk0\DR0\Partition6 - ok
17:55:39.0175 0x22e4 [ 4ECF9AF7A2EFAE4E16C5C5F4F2B002E3 ] \Device\Harddisk1\DR2\Partition1
17:55:39.0180 0x22e4 \Device\Harddisk1\DR2\Partition1 - ok
17:55:39.0181 0x22e4 ================ Scan generic autorun ======================
17:55:39.0181 0x22e4 doubleTwist - ok
17:55:39.0184 0x22e4 Wondershare Helper Compact.exe - ok
17:55:39.0187 0x22e4 QuickTime Task - ok
17:55:39.0189 0x22e4 Avira SystrayStartTrigger - ok
17:55:39.0193 0x22e4 Cisco AnyConnect Secure Mobility Agent for Windows - ok
17:55:39.0198 0x22e4 SunJavaUpdateSched - ok
17:55:39.0200 0x22e4 avgnt - ok
17:55:39.0202 0x22e4 OneDriveSetup - ok
17:55:39.0206 0x22e4 OneDriveSetup - ok
17:55:39.0209 0x22e4 WEB.DE Application {sync-000021} - ok
17:55:39.0212 0x22e4 Spotify Web Helper - ok
17:55:39.0216 0x22e4 iCloudServices - ok
17:55:39.0219 0x22e4 ApplePhotoStreams - ok
17:55:39.0222 0x22e4 Dropbox Update - ok
17:55:39.0225 0x22e4 iCloudDrive - ok
17:55:39.0230 0x22e4 OneDrive - ok
17:55:39.0236 0x22e4 Akamai NetSession Interface - ok
17:55:39.0240 0x22e4 Autodesk Sync - ok
17:55:39.0242 0x22e4 RESTART_STICKY_NOTES - ok
17:55:39.0288 0x22e4 AV detected via SS2: Avira Antivirus, C:\Program Files (x86)\Avira\Antivirus\wsctool.exe ( 15.0.15.106 ), 0x41000 ( enabled : updated )
17:55:39.0291 0x22e4 AV detected via SS2: Windows Defender, C:\Program Files\Windows Defender\MSASCui.exe ( 4.9.10586.0 ), 0x62100 ( disabled : updated )
17:55:39.0298 0x22e4 Win FW state via NFP2: enabled ( trusted )
17:55:41.0776 0x22e4 ============================================================
17:55:41.0776 0x22e4 Scan finished
17:55:41.0776 0x22e4 ============================================================
17:55:41.0797 0x14c4 Detected object count: 0
17:55:41.0797 0x14c4 Actual detected object count: 0
17:57:30.0206 0x11e4 ============================================================
17:57:30.0206 0x11e4 Scan started
17:57:30.0206 0x11e4 Mode: Manual; SigCheck; TDLFS;
17:57:30.0206 0x11e4 ============================================================
17:57:30.0206 0x11e4 KSN ping started
17:57:32.0610 0x11e4 KSN ping finished: true
17:57:37.0540 0x11e4 ================ Scan system memory ========================
17:57:37.0540 0x11e4 System memory - ok
17:57:37.0541 0x11e4 ================ Scan services =============================
17:57:37.0567 0x11e4 1394ohci - ok
17:57:37.0575 0x11e4 3ware - ok
17:57:37.0583 0x11e4 ACPI - ok
17:57:37.0590 0x11e4 acpiex - ok
17:57:37.0599 0x11e4 acpipagr - ok
17:57:37.0607 0x11e4 AcpiPmi - ok
17:57:37.0618 0x11e4 acpitime - ok
17:57:37.0626 0x11e4 acsock - ok
17:57:37.0635 0x11e4 AdobeARMservice - ok
17:57:37.0644 0x11e4 AdobeFlashPlayerUpdateSvc - ok
17:57:37.0658 0x11e4 ADP80XX - ok
17:57:37.0674 0x11e4 AFD - ok
17:57:37.0686 0x11e4 agp440 - ok
17:57:37.0695 0x11e4 ahcache - ok
17:57:37.0704 0x11e4 AJRouter - ok
17:57:37.0713 0x11e4 ALG - ok
17:57:37.0721 0x11e4 AmdK8 - ok
17:57:37.0731 0x11e4 AmdPPM - ok
17:57:37.0741 0x11e4 amdsata - ok
17:57:37.0751 0x11e4 amdsbs - ok
17:57:37.0762 0x11e4 amdxata - ok
17:57:37.0770 0x11e4 AntiVirMailService - ok
17:57:37.0784 0x11e4 AntiVirSchedulerService - ok
17:57:37.0794 0x11e4 AntiVirService - ok
17:57:37.0804 0x11e4 AntiVirWebService - ok
17:57:37.0814 0x11e4 AppID - ok
17:57:37.0822 0x11e4 AppIDSvc - ok
17:57:37.0834 0x11e4 Appinfo - ok
17:57:37.0850 0x11e4 Apple Mobile Device Service - ok
17:57:37.0863 0x11e4 AppMgmt - ok
17:57:37.0872 0x11e4 AppReadiness - ok
17:57:37.0883 0x11e4 AppXSvc - ok
17:57:37.0893 0x11e4 arcsas - ok
17:57:37.0904 0x11e4 AsyncMac - ok
17:57:37.0915 0x11e4 atapi - ok
17:57:37.0925 0x11e4 AudioEndpointBuilder - ok
17:57:37.0935 0x11e4 Audiosrv - ok
17:57:37.0946 0x11e4 avgntflt - ok
17:57:37.0955 0x11e4 avipbb - ok
17:57:37.0968 0x11e4 Avira.ServiceHost - ok
17:57:37.0981 0x11e4 avkmgr - ok
17:57:37.0988 0x11e4 avnetflt - ok
17:57:37.0998 0x11e4 AxInstSV - ok
17:57:38.0006 0x11e4 b06bdrv - ok
17:57:38.0017 0x11e4 BasicDisplay - ok
17:57:38.0028 0x11e4 BasicRender - ok
17:57:38.0042 0x11e4 bcmfn - ok
17:57:38.0053 0x11e4 bcmfn2 - ok
17:57:38.0064 0x11e4 BDESVC - ok
17:57:38.0073 0x11e4 Beep - ok
17:57:38.0084 0x11e4 BFE - ok
17:57:38.0097 0x11e4 BITS - ok
17:57:38.0109 0x11e4 Bonjour Service - ok
17:57:38.0121 0x11e4 bowser - ok
17:57:38.0131 0x11e4 BrokerInfrastructure - ok
17:57:38.0139 0x11e4 Browser - ok
17:57:38.0150 0x11e4 BthA2DP - ok
17:57:38.0161 0x11e4 BthAvrcpTg - ok
17:57:38.0172 0x11e4 BthEnum - ok
17:57:38.0181 0x11e4 BthHFAud - ok
17:57:38.0189 0x11e4 BthHFEnum - ok
17:57:38.0197 0x11e4 bthhfhid - ok
17:57:38.0206 0x11e4 BthHFSrv - ok
17:57:38.0214 0x11e4 BthLEEnum - ok
17:57:38.0224 0x11e4 BTHMODEM - ok
17:57:38.0238 0x11e4 BthPan - ok
17:57:38.0248 0x11e4 BTHPORT - ok
17:57:38.0255 0x11e4 bthserv - ok
17:57:38.0265 0x11e4 BTHUSB - ok
17:57:38.0273 0x11e4 buttonconverter - ok
17:57:38.0282 0x11e4 CapImg - ok
17:57:38.0290 0x11e4 cdfs - ok
17:57:38.0300 0x11e4 CDPSvc - ok
17:57:38.0309 0x11e4 cdrom - ok
17:57:38.0317 0x11e4 CertPropSvc - ok
17:57:38.0325 0x11e4 circlass - ok
17:57:38.0334 0x11e4 CLFS - ok
17:57:38.0341 0x11e4 ClickToRunSvc - ok
17:57:38.0351 0x11e4 ClipSVC - ok
17:57:38.0379 0x11e4 CmBatt - ok
17:57:38.0388 0x11e4 CNG - ok
17:57:38.0397 0x11e4 cnghwassist - ok
17:57:38.0403 0x11e4 CompositeBus - ok
17:57:38.0410 0x11e4 COMSysApp - ok
17:57:38.0419 0x11e4 condrv - ok
17:57:38.0427 0x11e4 CoreMessagingRegistrar - ok
17:57:38.0439 0x11e4 cphs - ok
17:57:38.0451 0x11e4 CryptSvc - ok
17:57:38.0458 0x11e4 CSC - ok
17:57:38.0466 0x11e4 CscService - ok
17:57:38.0473 0x11e4 dam - ok
17:57:38.0484 0x11e4 DcomLaunch - ok
17:57:38.0491 0x11e4 DcpSvc - ok
17:57:38.0498 0x11e4 defragsvc - ok
17:57:38.0505 0x11e4 DeviceAssociationService - ok
17:57:38.0518 0x11e4 DeviceInstall - ok
17:57:38.0526 0x11e4 DevoloNetworkService - ok
17:57:38.0534 0x11e4 DevQueryBroker - ok
17:57:38.0540 0x11e4 Dfsc - ok
17:57:38.0549 0x11e4 dg_ssudbus - ok
17:57:38.0556 0x11e4 Dhcp - ok
17:57:38.0564 0x11e4 diagnosticshub.standardcollector.service - ok
17:57:38.0572 0x11e4 DiagTrack - ok
17:57:38.0579 0x11e4 disk - ok
17:57:38.0585 0x11e4 DmEnrollmentSvc - ok
17:57:38.0590 0x11e4 dmvsc - ok
17:57:38.0598 0x11e4 dmwappushservice - ok
17:57:38.0605 0x11e4 Dnscache - ok
17:57:38.0615 0x11e4 dot3svc - ok
17:57:38.0620 0x11e4 DPS - ok
17:57:38.0628 0x11e4 drmkaud - ok
17:57:38.0635 0x11e4 DsmSvc - ok
17:57:38.0640 0x11e4 DsSvc - ok
17:57:38.0650 0x11e4 DXGKrnl - ok
17:57:38.0658 0x11e4 Eaphost - ok
17:57:38.0667 0x11e4 ebdrv - ok
17:57:38.0676 0x11e4 EFS - ok
17:57:38.0686 0x11e4 EhStorClass - ok
17:57:38.0693 0x11e4 EhStorTcgDrv - ok
17:57:38.0702 0x11e4 embeddedmode - ok
17:57:38.0707 0x11e4 EntAppSvc - ok
17:57:38.0715 0x11e4 ErrDev - ok
17:57:38.0730 0x11e4 EventSystem - ok
17:57:38.0738 0x11e4 exfat - ok
17:57:38.0747 0x11e4 fastfat - ok
17:57:38.0755 0x11e4 Fax - ok
17:57:38.0762 0x11e4 fdc - ok
17:57:38.0770 0x11e4 fdPHost - ok
17:57:38.0777 0x11e4 FDResPub - ok
17:57:38.0786 0x11e4 fhsvc - ok
17:57:38.0793 0x11e4 FileCrypt - ok
17:57:38.0801 0x11e4 FileInfo - ok
17:57:38.0807 0x11e4 Filetrace - ok
17:57:38.0818 0x11e4 FlexNet Licensing Service 64 - ok
17:57:38.0826 0x11e4 flpydisk - ok
17:57:38.0833 0x11e4 FltMgr - ok
17:57:38.0840 0x11e4 FontCache - ok
17:57:38.0851 0x11e4 FontCache3.0.0.0 - ok
17:57:38.0860 0x11e4 FsDepends - ok
17:57:38.0868 0x11e4 Fs_Rec - ok
17:57:38.0875 0x11e4 fvevol - ok
17:57:38.0884 0x11e4 gagp30kx - ok
17:57:38.0891 0x11e4 GEARAspiWDM - ok
17:57:38.0898 0x11e4 gencounter - ok
17:57:38.0905 0x11e4 genericusbfn - ok
17:57:38.0914 0x11e4 GPIOClx0101 - ok
17:57:38.0921 0x11e4 gpsvc - ok
17:57:38.0929 0x11e4 GpuEnergyDrv - ok
17:57:38.0937 0x11e4 gupdate - ok
17:57:38.0943 0x11e4 gupdatem - ok
17:57:38.0954 0x11e4 HDAudBus - ok
17:57:38.0961 0x11e4 HidBatt - ok
17:57:38.0969 0x11e4 HidBth - ok
17:57:38.0975 0x11e4 hidi2c - ok
17:57:38.0983 0x11e4 hidinterrupt - ok
17:57:38.0989 0x11e4 HidIr - ok
17:57:38.0999 0x11e4 hidserv - ok
17:57:39.0007 0x11e4 HidUsb - ok
17:57:39.0017 0x11e4 HomeGroupListener - ok
17:57:39.0024 0x11e4 HomeGroupProvider - ok
17:57:39.0033 0x11e4 HpSAMD - ok
17:57:39.0041 0x11e4 HtcVCom32 - ok
17:57:39.0052 0x11e4 HTTP - ok
17:57:39.0062 0x11e4 hwpolicy - ok
17:57:39.0069 0x11e4 hyperkbd - ok
17:57:39.0076 0x11e4 i8042prt - ok
17:57:39.0085 0x11e4 iai2c - ok
17:57:39.0093 0x11e4 iaLPSS2i_I2C - ok
17:57:39.0103 0x11e4 iaLPSSi_GPIO - ok
17:57:39.0115 0x11e4 iaLPSSi_I2C - ok
17:57:39.0122 0x11e4 iaLPSS_GPIO - ok
17:57:39.0130 0x11e4 iaLPSS_I2C - ok
17:57:39.0137 0x11e4 iaStorAV - ok
17:57:39.0144 0x11e4 iaStorV - ok
17:57:39.0155 0x11e4 ibbus - ok
17:57:39.0165 0x11e4 icssvc - ok
17:57:39.0174 0x11e4 IEEtwCollectorService - ok
17:57:39.0184 0x11e4 igfx - ok
17:57:39.0193 0x11e4 IKEEXT - ok
17:57:39.0207 0x11e4 intaud_WaveExtensible - ok
17:57:39.0217 0x11e4 IntcAzAudAddService - ok
17:57:39.0230 0x11e4 IntcDAud - ok
17:57:39.0240 0x11e4 intelide - ok
17:57:39.0252 0x11e4 intelpep - ok
17:57:39.0258 0x11e4 intelppm - ok
17:57:39.0268 0x11e4 IoQos - ok
17:57:39.0274 0x11e4 IpFilterDriver - ok
17:57:39.0284 0x11e4 iphlpsvc - ok
17:57:39.0292 0x11e4 IPMIDRV - ok
17:57:39.0303 0x11e4 IPNAT - ok
17:57:39.0313 0x11e4 IRENUM - ok
17:57:39.0322 0x11e4 isapnp - ok
17:57:39.0332 0x11e4 iScsiPrt - ok
17:57:39.0341 0x11e4 iwdbus - ok
17:57:39.0351 0x11e4 kbdclass - ok
17:57:39.0360 0x11e4 kbdhid - ok
17:57:39.0370 0x11e4 kdnic - ok
17:57:39.0377 0x11e4 KeyIso - ok
17:57:39.0385 0x11e4 KSecDD - ok
17:57:39.0391 0x11e4 KSecPkg - ok
17:57:39.0400 0x11e4 ksthunk - ok
17:57:39.0407 0x11e4 KtmRm - ok
17:57:39.0416 0x11e4 LanmanServer - ok
17:57:39.0422 0x11e4 LanmanWorkstation - ok
17:57:39.0435 0x11e4 lfsvc - ok
17:57:39.0443 0x11e4 LicenseManager - ok
17:57:39.0452 0x11e4 lltdio - ok
17:57:39.0464 0x11e4 lltdsvc - ok
17:57:39.0477 0x11e4 lmhosts - ok
17:57:39.0488 0x11e4 LSI_SAS - ok
17:57:39.0496 0x11e4 LSI_SAS2i - ok
17:57:39.0504 0x11e4 LSI_SAS3i - ok
17:57:39.0513 0x11e4 LSI_SSS - ok
17:57:39.0521 0x11e4 LSM - ok
17:57:39.0530 0x11e4 luafv - ok
17:57:39.0537 0x11e4 MapsBroker - ok
17:57:39.0546 0x11e4 megasas - ok
17:57:39.0552 0x11e4 megasr - ok
17:57:39.0559 0x11e4 MEIx64 - ok
17:57:39.0568 0x11e4 MessagingService - ok
17:57:39.0585 0x11e4 mitsijm2014 - ok
17:57:39.0595 0x11e4 mlx4_bus - ok
17:57:39.0606 0x11e4 MMCSS - ok
17:57:39.0615 0x11e4 Modem - ok
17:57:39.0624 0x11e4 monitor - ok
17:57:39.0635 0x11e4 mouclass - ok
17:57:39.0641 0x11e4 mouhid - ok
17:57:39.0650 0x11e4 mountmgr - ok
17:57:39.0658 0x11e4 MozillaMaintenance - ok
17:57:39.0671 0x11e4 mpsdrv - ok
17:57:39.0682 0x11e4 MpsSvc - ok
17:57:39.0691 0x11e4 mrvlpcie8897 - ok
17:57:39.0699 0x11e4 MRxDAV - ok
17:57:39.0707 0x11e4 mrxsmb - ok
17:57:39.0717 0x11e4 mrxsmb10 - ok
17:57:39.0727 0x11e4 mrxsmb20 - ok
17:57:39.0737 0x11e4 MsBridge - ok
17:57:39.0748 0x11e4 MSDTC - ok
17:57:39.0764 0x11e4 Msfs - ok
17:57:39.0772 0x11e4 msgpiowin32 - ok
17:57:39.0780 0x11e4 mshidkmdf - ok
17:57:39.0787 0x11e4 mshidumdf - ok
17:57:39.0799 0x11e4 msisadrv - ok
17:57:39.0806 0x11e4 MSiSCSI - ok
17:57:39.0814 0x11e4 msiserver - ok
17:57:39.0824 0x11e4 MSKSSRV - ok
17:57:39.0831 0x11e4 MsLldp - ok
17:57:39.0839 0x11e4 MSPCLOCK - ok
17:57:39.0849 0x11e4 MSPQM - ok
17:57:39.0858 0x11e4 MsRPC - ok
17:57:39.0872 0x11e4 mssmbios - ok
17:57:39.0883 0x11e4 MSTEE - ok
17:57:39.0892 0x11e4 MTConfig - ok
17:57:39.0901 0x11e4 Mup - ok
17:57:39.0909 0x11e4 mvumis - ok
17:57:39.0921 0x11e4 NativeWifiP - ok
17:57:39.0931 0x11e4 NcaSvc - ok
17:57:39.0937 0x11e4 NcbService - ok
17:57:39.0944 0x11e4 NcdAutoSetup - ok
17:57:39.0955 0x11e4 ndfltr - ok
17:57:39.0964 0x11e4 NDIS - ok
17:57:39.0972 0x11e4 NdisCap - ok
17:57:39.0979 0x11e4 NdisImPlatform - ok
17:57:39.0987 0x11e4 NdisTapi - ok
17:57:39.0997 0x11e4 Ndisuio - ok
17:57:40.0006 0x11e4 NdisVirtualBus - ok
17:57:40.0015 0x11e4 NdisWan - ok
17:57:40.0024 0x11e4 ndiswanlegacy - ok
17:57:40.0035 0x11e4 ndproxy - ok
17:57:40.0042 0x11e4 Ndu - ok
17:57:40.0051 0x11e4 NetBIOS - ok
17:57:40.0064 0x11e4 NetBT - ok
17:57:40.0072 0x11e4 Netlogon - ok
17:57:40.0078 0x11e4 Netman - ok
17:57:40.0086 0x11e4 netprofm - ok
17:57:40.0094 0x11e4 NetSetupSvc - ok
17:57:40.0104 0x11e4 NetTcpPortSharing - ok
17:57:40.0120 0x11e4 NgcCtnrSvc - ok
17:57:40.0130 0x11e4 NgcSvc - ok
17:57:40.0138 0x11e4 NlaSvc - ok
17:57:40.0147 0x11e4 Npfs - ok
17:57:40.0157 0x11e4 NPF_devolo - ok
17:57:40.0169 0x11e4 npsvctrig - ok
17:57:40.0176 0x11e4 nsi - ok
17:57:40.0184 0x11e4 nsiproxy - ok
17:57:40.0194 0x11e4 NTFS - ok
17:57:40.0202 0x11e4 Null - ok
17:57:40.0211 0x11e4 nvraid - ok
17:57:40.0219 0x11e4 nvstor - ok
17:57:40.0226 0x11e4 nv_agp - ok
17:57:40.0235 0x11e4 OneSyncSvc - ok
17:57:40.0252 0x11e4 ose - ok
17:57:40.0264 0x11e4 p2pimsvc - ok
17:57:40.0274 0x11e4 p2psvc - ok
17:57:40.0292 0x11e4 Parport - ok
17:57:40.0301 0x11e4 partmgr - ok
17:57:40.0310 0x11e4 PassThru Service - ok
17:57:40.0321 0x11e4 PcaSvc - ok
17:57:40.0328 0x11e4 pci - ok
17:57:40.0336 0x11e4 pciide - ok
17:57:40.0342 0x11e4 pcmcia - ok
17:57:40.0353 0x11e4 pcw - ok
17:57:40.0362 0x11e4 pdc - ok
17:57:40.0372 0x11e4 PDF Architect 2 - ok
17:57:40.0378 0x11e4 pdfforge CrashHandler - ok
17:57:40.0387 0x11e4 PEAUTH - ok
17:57:40.0395 0x11e4 PeerDistSvc - ok
17:57:40.0404 0x11e4 percsas2i - ok
17:57:40.0411 0x11e4 percsas3i - ok
17:57:40.0425 0x11e4 PerfHost - ok
17:57:40.0450 0x11e4 PhoneSvc - ok
17:57:40.0461 0x11e4 PimIndexMaintenanceSvc - ok
17:57:40.0479 0x11e4 pla - ok
17:57:40.0487 0x11e4 PlugPlay - ok
17:57:40.0494 0x11e4 PNRPAutoReg - ok
17:57:40.0502 0x11e4 PNRPsvc - ok
17:57:40.0512 0x11e4 PolicyAgent - ok
17:57:40.0525 0x11e4 Power - ok
17:57:40.0534 0x11e4 PptpMiniport - ok
17:57:40.0541 0x11e4 PrintNotify - ok
17:57:40.0550 0x11e4 Processor - ok
17:57:40.0557 0x11e4 ProfSvc - ok
17:57:40.0566 0x11e4 Psched - ok
17:57:40.0574 0x11e4 QWAVE - ok
17:57:40.0583 0x11e4 QWAVEdrv - ok
17:57:40.0598 0x11e4 RasAcd - ok
17:57:40.0609 0x11e4 RasAgileVpn - ok
17:57:40.0618 0x11e4 RasAuto - ok
17:57:40.0626 0x11e4 Rasl2tp - ok
17:57:40.0634 0x11e4 RasMan - ok
17:57:40.0640 0x11e4 RasPppoe - ok
17:57:40.0648 0x11e4 RasSstp - ok
17:57:40.0656 0x11e4 rdbss - ok
17:57:40.0670 0x11e4 rdpbus - ok
17:57:40.0679 0x11e4 RDPDR - ok
17:57:40.0695 0x11e4 RdpVideoMiniport - ok
17:57:40.0705 0x11e4 rdyboost - ok
17:57:40.0718 0x11e4 ReFSv1 - ok
17:57:40.0734 0x11e4 RemoteAccess - ok
17:57:40.0742 0x11e4 RemoteRegistry - ok
17:57:40.0752 0x11e4 RetailDemo - ok
17:57:40.0760 0x11e4 RFCOMM - ok
17:57:40.0771 0x11e4 RpcEptMapper - ok
17:57:40.0777 0x11e4 RpcLocator - ok
17:57:40.0786 0x11e4 RpcSs - ok
17:57:40.0795 0x11e4 rspndr - ok
17:57:40.0804 0x11e4 RSUSBSTOR - ok
17:57:40.0811 0x11e4 s3cap - ok
17:57:40.0820 0x11e4 SamSs - ok
17:57:40.0827 0x11e4 sbp2port - ok
17:57:40.0836 0x11e4 SCardSvr - ok
17:57:40.0844 0x11e4 ScDeviceEnum - ok
17:57:40.0855 0x11e4 scfilter - ok
17:57:40.0868 0x11e4 Schedule - ok
17:57:40.0878 0x11e4 SCL01164 - ok
17:57:40.0887 0x11e4 SCPolicySvc - ok
17:57:40.0894 0x11e4 sdbus - ok
17:57:40.0904 0x11e4 SDRSVC - ok
17:57:40.0911 0x11e4 sdstor - ok
17:57:40.0921 0x11e4 seclogon - ok
17:57:40.0928 0x11e4 SENS - ok
17:57:40.0937 0x11e4 SensorDataService - ok
17:57:40.0945 0x11e4 SensorService - ok
17:57:40.0953 0x11e4 SensorsHIDClassDriver - ok
17:57:40.0961 0x11e4 SensrSvc - ok
17:57:40.0970 0x11e4 SerCx - ok
17:57:40.0979 0x11e4 SerCx2 - ok
17:57:40.0989 0x11e4 Serenum - ok
17:57:40.0998 0x11e4 Serial - ok
17:57:41.0007 0x11e4 sermouse - ok
17:57:41.0032 0x11e4 SessionEnv - ok
17:57:41.0041 0x11e4 sfloppy - ok
17:57:41.0053 0x11e4 SharedAccess - ok
17:57:41.0064 0x11e4 ShellHWDetection - ok
17:57:41.0074 0x11e4 SiSRaid2 - ok
17:57:41.0084 0x11e4 SiSRaid4 - ok
17:57:41.0095 0x11e4 smphost - ok
17:57:41.0111 0x11e4 SmsRouter - ok
17:57:41.0132 0x11e4 SNMPTRAP - ok
17:57:41.0143 0x11e4 spaceport - ok
17:57:41.0153 0x11e4 SpbCx - ok
17:57:41.0168 0x11e4 Spooler - ok
17:57:41.0178 0x11e4 sppsvc - ok
17:57:41.0188 0x11e4 srv - ok
17:57:41.0199 0x11e4 srv2 - ok
17:57:41.0209 0x11e4 srvnet - ok
17:57:41.0223 0x11e4 SSDPSRV - ok
17:57:41.0233 0x11e4 SstpSvc - ok
17:57:41.0245 0x11e4 StateRepository - ok
17:57:41.0256 0x11e4 stexstor - ok
17:57:41.0267 0x11e4 stisvc - ok
17:57:41.0278 0x11e4 storahci - ok
17:57:41.0288 0x11e4 storflt - ok
17:57:41.0296 0x11e4 stornvme - ok
17:57:41.0306 0x11e4 storqosflt - ok
17:57:41.0318 0x11e4 StorSvc - ok
17:57:41.0328 0x11e4 storufs - ok
17:57:41.0338 0x11e4 storvsc - ok
17:57:41.0351 0x11e4 SurfaceAccessoryDevice - ok
17:57:41.0364 0x11e4 SurfaceCapacitiveHomeButton - ok
17:57:41.0374 0x11e4 SurfaceDisplayCalibration - ok
17:57:41.0386 0x11e4 SurfaceIntegrationDriver - ok
17:57:41.0396 0x11e4 SurfacePciController - ok
17:57:41.0408 0x11e4 SurfacePenDriver - ok
17:57:41.0418 0x11e4 SurfaceTypeCover - ok
17:57:41.0428 0x11e4 SurfaceTypeCoverV3Integration - ok
17:57:41.0438 0x11e4 svsvc - ok
17:57:41.0449 0x11e4 swenum - ok
17:57:41.0460 0x11e4 swprv - ok
17:57:41.0470 0x11e4 Synth3dVsc - ok
17:57:41.0481 0x11e4 SysMain - ok
17:57:41.0491 0x11e4 SystemEventsBroker - ok
17:57:41.0503 0x11e4 TabletInputService - ok
17:57:41.0513 0x11e4 TapiSrv - ok
17:57:41.0524 0x11e4 Tcpip - ok
17:57:41.0535 0x11e4 Tcpip6 - ok
17:57:41.0550 0x11e4 tcpipreg - ok
17:57:41.0564 0x11e4 tdx - ok
17:57:41.0575 0x11e4 terminpt - ok
17:57:41.0586 0x11e4 TermService - ok
17:57:41.0597 0x11e4 Themes - ok
17:57:41.0608 0x11e4 TieringEngineService - ok
17:57:41.0619 0x11e4 tiledatamodelsvc - ok
17:57:41.0628 0x11e4 TimeBroker - ok
17:57:41.0643 0x11e4 TPM - ok
17:57:41.0656 0x11e4 TrkWks - ok
17:57:41.0668 0x11e4 TrueColor - ok
17:57:41.0678 0x11e4 TrustedInstaller - ok
17:57:41.0694 0x11e4 tsusbflt - ok
17:57:41.0704 0x11e4 TsUsbGD - ok
17:57:41.0717 0x11e4 tunnel - ok
17:57:41.0728 0x11e4 tzautoupdate - ok
17:57:41.0739 0x11e4 uagp35 - ok
17:57:41.0750 0x11e4 UASPStor - ok
17:57:41.0759 0x11e4 UcmCx0101 - ok
17:57:41.0769 0x11e4 UcmUcsi - ok
17:57:41.0786 0x11e4 Ucx01000 - ok
17:57:41.0797 0x11e4 UdeCx - ok
17:57:41.0805 0x11e4 udfs - ok
17:57:41.0815 0x11e4 UEFI - ok
17:57:41.0827 0x11e4 Ufx01000 - ok
17:57:41.0836 0x11e4 UfxChipidea - ok
17:57:41.0845 0x11e4 ufxsynopsys - ok
17:57:41.0866 0x11e4 UI0Detect - ok
17:57:41.0877 0x11e4 uliagpkx - ok
17:57:41.0886 0x11e4 umbus - ok
17:57:41.0899 0x11e4 UmPass - ok
17:57:41.0909 0x11e4 UmRdpService - ok
17:57:41.0921 0x11e4 UnistoreSvc - ok
17:57:41.0940 0x11e4 upnphost - ok
17:57:41.0950 0x11e4 UrsChipidea - ok
17:57:41.0959 0x11e4 UrsCx01000 - ok
17:57:41.0967 0x11e4 UrsSynopsys - ok
17:57:41.0975 0x11e4 usbccgp - ok
17:57:41.0983 0x11e4 usbcir - ok
17:57:41.0992 0x11e4 usbehci - ok
17:57:42.0001 0x11e4 usbhub - ok
17:57:42.0008 0x11e4 USBHUB3 - ok
17:57:42.0017 0x11e4 usbohci - ok
17:57:42.0025 0x11e4 usbprint - ok
17:57:42.0034 0x11e4 usbscan - ok
17:57:42.0043 0x11e4 usbser - ok
17:57:42.0053 0x11e4 USBSTOR - ok
17:57:42.0059 0x11e4 usbuhci - ok
17:57:42.0065 0x11e4 usbvideo - ok
17:57:42.0072 0x11e4 USBXHCI - ok
17:57:42.0078 0x11e4 UserDataSvc - ok
17:57:42.0092 0x11e4 UserManager - ok
17:57:42.0099 0x11e4 UsoSvc - ok
17:57:42.0107 0x11e4 VaultSvc - ok
17:57:42.0113 0x11e4 vdrvroot - ok
17:57:42.0120 0x11e4 vds - ok
17:57:42.0125 0x11e4 VerifierExt - ok
17:57:42.0132 0x11e4 vhdmp - ok
17:57:42.0138 0x11e4 vhf - ok
17:57:42.0145 0x11e4 vmbus - ok
17:57:42.0152 0x11e4 VMBusHID - ok
17:57:42.0157 0x11e4 vmicguestinterface - ok
17:57:42.0163 0x11e4 vmicheartbeat - ok
17:57:42.0171 0x11e4 vmickvpexchange - ok
17:57:42.0176 0x11e4 vmicrdv - ok
17:57:42.0180 0x11e4 vmicshutdown - ok
17:57:42.0188 0x11e4 vmictimesync - ok
17:57:42.0194 0x11e4 vmicvmsession - ok
17:57:42.0203 0x11e4 vmicvss - ok
17:57:42.0208 0x11e4 volmgr - ok
17:57:42.0214 0x11e4 volmgrx - ok
17:57:42.0220 0x11e4 volsnap - ok
17:57:42.0225 0x11e4 vpci - ok
17:57:42.0234 0x11e4 vpnagent - ok
17:57:42.0240 0x11e4 vpnva - ok
17:57:42.0245 0x11e4 vsmraid - ok
17:57:42.0251 0x11e4 VSS - ok
17:57:42.0257 0x11e4 VSTXRAID - ok
17:57:42.0262 0x11e4 vwifibus - ok
17:57:42.0268 0x11e4 vwififlt - ok
17:57:42.0275 0x11e4 vwifimp - ok
17:57:42.0283 0x11e4 W32Time - ok
17:57:42.0288 0x11e4 WacomPen - ok
17:57:42.0296 0x11e4 WalletService - ok
17:57:42.0304 0x11e4 wanarp - ok
17:57:42.0314 0x11e4 wanarpv6 - ok
17:57:42.0323 0x11e4 wbengine - ok
17:57:42.0330 0x11e4 WbioSrvc - ok
17:57:42.0340 0x11e4 Wcmsvc - ok
17:57:42.0350 0x11e4 wcncsvc - ok
17:57:42.0360 0x11e4 WcsPlugInService - ok
17:57:42.0369 0x11e4 WdBoot - ok
17:57:42.0376 0x11e4 Wdf01000 - ok
17:57:42.0385 0x11e4 WdFilter - ok
17:57:42.0394 0x11e4 WdiServiceHost - ok
17:57:42.0402 0x11e4 WdiSystemHost - ok
17:57:42.0409 0x11e4 wdiwifi - ok
17:57:42.0418 0x11e4 WdNisDrv - ok
17:57:42.0426 0x11e4 WdNisSvc - ok
17:57:42.0435 0x11e4 WebClient - ok
17:57:42.0443 0x11e4 Wecsvc - ok
17:57:42.0456 0x11e4 WEPHOSTSVC - ok
17:57:42.0465 0x11e4 wercplsupport - ok
17:57:42.0474 0x11e4 WerSvc - ok
17:57:42.0484 0x11e4 WFPLWFS - ok
17:57:42.0492 0x11e4 WiaRpc - ok
17:57:42.0500 0x11e4 WIMMount - ok
17:57:42.0509 0x11e4 WinDefend - ok
17:57:42.0525 0x11e4 WindowsTrustedRT - ok
17:57:42.0534 0x11e4 WindowsTrustedRTProxy - ok
17:57:42.0542 0x11e4 WinHttpAutoProxySvc - ok
17:57:42.0550 0x11e4 WinMad - ok
17:57:42.0559 0x11e4 Winmgmt - ok
17:57:42.0569 0x11e4 WinRM - ok
17:57:42.0586 0x11e4 WINUSB - ok
17:57:42.0595 0x11e4 WinVerbs - ok
17:57:42.0605 0x11e4 WlanSvc - ok
17:57:42.0614 0x11e4 wlidsvc - ok
17:57:42.0622 0x11e4 WmiAcpi - ok
17:57:42.0635 0x11e4 wmiApSrv - ok
17:57:42.0643 0x11e4 WMPNetworkSvc - ok
17:57:42.0652 0x11e4 Wof - ok
17:57:42.0665 0x11e4 workfolderssvc - ok
17:57:42.0675 0x11e4 wpcfltr - ok
17:57:42.0685 0x11e4 WPDBusEnum - ok
17:57:42.0694 0x11e4 WpdUpFltr - ok
17:57:42.0704 0x11e4 WpnService - ok
17:57:42.0714 0x11e4 ws2ifsl - ok
17:57:42.0725 0x11e4 wscsvc - ok
17:57:42.0734 0x11e4 WSearch - ok
17:57:42.0746 0x11e4 WSService - ok
17:57:42.0755 0x11e4 wuauserv - ok
17:57:42.0762 0x11e4 WudfPf - ok
17:57:42.0772 0x11e4 WUDFRd - ok
17:57:42.0780 0x11e4 wudfsvc - ok
17:57:42.0791 0x11e4 WUDFWpdFs - ok
17:57:42.0800 0x11e4 WwanSvc - ok
17:57:42.0809 0x11e4 XblAuthManager - ok
17:57:42.0817 0x11e4 XblGameSave - ok
17:57:42.0826 0x11e4 xboxgip - ok
17:57:42.0836 0x11e4 XboxNetApiSvc - ok
17:57:42.0845 0x11e4 xinputhid - ok
17:57:42.0855 0x11e4 ================ Scan global ===============================
17:57:42.0858 0x11e4 [ Global ] - ok
17:57:42.0860 0x11e4 ================ Scan MBR ==================================
17:57:42.0894 0x11e4 [ 5FB38429D5D77768867C76DCBDB35194 ] \Device\Harddisk1\DR2
17:57:43.0049 0x11e4 \Device\Harddisk1\DR2 - ok
17:57:43.0055 0x11e4 [ 5FB38429D5D77768867C76DCBDB35194 ] \Device\Harddisk0\DR0
17:57:43.0099 0x11e4 \Device\Harddisk0\DR0 - ok
17:57:43.0113 0x11e4 [ 5FB38429D5D77768867C76DCBDB35194 ] \Device\Harddisk1\DR2
17:57:43.0230 0x11e4 \Device\Harddisk1\DR2 - ok
17:57:43.0231 0x11e4 ================ Scan VBR ==================================
17:57:43.0236 0x11e4 [ 4ECF9AF7A2EFAE4E16C5C5F4F2B002E3 ] \Device\Harddisk1\DR2\Partition1
17:57:43.0240 0x11e4 \Device\Harddisk1\DR2\Partition1 - ok
17:57:43.0245 0x11e4 [ C8B3374466260F0E27CCB0D3C2E0831E ] \Device\Harddisk0\DR0\Partition1
17:57:43.0249 0x11e4 \Device\Harddisk0\DR0\Partition1 - ok
17:57:43.0255 0x11e4 [ 224CAA9855E58E76B442131467A3A63C ] \Device\Harddisk0\DR0\Partition2
17:57:43.0256 0x11e4 \Device\Harddisk0\DR0\Partition2 - ok
17:57:43.0262 0x11e4 [ B1E27AA018409DE6BFD73F8AFB883A65 ] \Device\Harddisk0\DR0\Partition3
17:57:43.0262 0x11e4 \Device\Harddisk0\DR0\Partition3 - ok
17:57:43.0269 0x11e4 [ 7CDBC9181AE2D62EB783770B607FBFAF ] \Device\Harddisk0\DR0\Partition4
17:57:43.0271 0x11e4 \Device\Harddisk0\DR0\Partition4 - ok
17:57:43.0275 0x11e4 [ 82C99D0436855A4C69CC297E03AA7D26 ] \Device\Harddisk0\DR0\Partition5
17:57:43.0278 0x11e4 \Device\Harddisk0\DR0\Partition5 - ok
17:57:43.0282 0x11e4 [ FD9142BB63FDDA84582D555E7E969ABD ] \Device\Harddisk0\DR0\Partition6
17:57:43.0286 0x11e4 \Device\Harddisk0\DR0\Partition6 - ok
17:57:43.0291 0x11e4 [ 4ECF9AF7A2EFAE4E16C5C5F4F2B002E3 ] \Device\Harddisk1\DR2\Partition1
17:57:43.0295 0x11e4 \Device\Harddisk1\DR2\Partition1 - ok
17:57:43.0296 0x11e4 ================ Scan generic autorun ======================
17:57:43.0296 0x11e4 doubleTwist - ok
17:57:43.0300 0x11e4 Wondershare Helper Compact.exe - ok
17:57:43.0302 0x11e4 QuickTime Task - ok
17:57:43.0305 0x11e4 Avira SystrayStartTrigger - ok
17:57:43.0308 0x11e4 Cisco AnyConnect Secure Mobility Agent for Windows - ok
17:57:43.0311 0x11e4 SunJavaUpdateSched - ok
17:57:43.0314 0x11e4 avgnt - ok
17:57:43.0317 0x11e4 OneDriveSetup - ok
17:57:43.0321 0x11e4 OneDriveSetup - ok
17:57:43.0324 0x11e4 WEB.DE Application {sync-000021} - ok
17:57:43.0327 0x11e4 Spotify Web Helper - ok
17:57:43.0329 0x11e4 iCloudServices - ok
17:57:43.0333 0x11e4 ApplePhotoStreams - ok
17:57:43.0337 0x11e4 Dropbox Update - ok
17:57:43.0340 0x11e4 iCloudDrive - ok
17:57:43.0342 0x11e4 OneDrive - ok
17:57:43.0345 0x11e4 Akamai NetSession Interface - ok
17:57:43.0348 0x11e4 Autodesk Sync - ok
17:57:43.0353 0x11e4 RESTART_STICKY_NOTES - ok
17:57:43.0371 0x11e4 AV detected via SS2: Avira Antivirus, C:\Program Files (x86)\Avira\Antivirus\wsctool.exe ( 15.0.15.106 ), 0x41000 ( enabled : updated )
17:57:43.0372 0x11e4 AV detected via SS2: Windows Defender, C:\Program Files\Windows Defender\MSASCui.exe ( 4.9.10586.0 ), 0x62100 ( disabled : updated )
17:57:43.0377 0x11e4 Win FW state via NFP2: enabled ( trusted )
17:57:45.0811 0x11e4 ============================================================
17:57:45.0811 0x11e4 Scan finished
17:57:45.0811 0x11e4 ============================================================
17:57:45.0824 0x1590 Detected object count: 0
17:57:45.0824 0x1590 Actual detected object count: 0
|
|
05.12.2015, 22:08
| #6 |
| /// the machine /// TB-Ausbilder | Trojaner eBay&email Hack vom PC entfernen Downloade Dir bitte  Malwarebytes Anti-Malware
Downloade Dir bitte  AdwCleaner auf deinen Desktop.
Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
und ein frisches FRST log bitte.
__________________ --> Trojaner eBay&email Hack vom PC entfernen |
|
06.12.2015, 09:43
| #7 |
| | Trojaner eBay&email Hack vom PC entfernen Ich habe die Schritte nacheinandern durchgeführt. mbam.txt Code:
ATTFilter Malwarebytes Anti-Malware www.malwarebytes.org Suchlaufdatum: 05.12.2015 Suchlaufzeit: 23:40 Protokolldatei: mbam.txt Administrator: Ja Version: 2.2.0.1024 Malware-Datenbank: v2015.12.05.05 Rootkit-Datenbank: v2015.11.26.01 Lizenz: Testversion Malware-Schutz: Aktiviert Schutz vor bösartigen Websites: Aktiviert Selbstschutz: Deaktiviert Betriebssystem: Windows 10 CPU: x64 Dateisystem: NTFS Benutzer: Lorenz Suchlauftyp: Bedrohungssuchlauf Ergebnis: Abgeschlossen Durchsuchte Objekte: 380154 Abgelaufene Zeit: 8 Min., 9 Sek. Speicher: Aktiviert Start: Aktiviert Dateisystem: Aktiviert Archive: Aktiviert Rootkits: Deaktiviert Heuristik: Aktiviert PUP: Aktiviert PUM: Aktiviert Prozesse: 0 (keine bösartigen Elemente erkannt) Module: 0 (keine bösartigen Elemente erkannt) Registrierungsschlüssel: 0 (keine bösartigen Elemente erkannt) Registrierungswerte: 0 (keine bösartigen Elemente erkannt) Registrierungsdaten: 1 PUP.Optional.WebSearch, HKU\S-1-5-21-2261460588-3622448717-587553582-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Start Page, hxxp://istart.webssearches.com/?type=hp&ts=1414232571&from=exp&uid=ST3500320AS_6QM0WA8AXXXX6QM0WA8A, Gut: (www.google.com), Schlecht: (hxxp://istart.webssearches.com/?type=hp&ts=1414232571&from=exp&uid=ST3500320AS_6QM0WA8AXXXX6QM0WA8A),Ersetzt,[3b3ecdd41c6f44f266ed3143c73db947] Ordner: 0 (keine bösartigen Elemente erkannt) Dateien: 0 (keine bösartigen Elemente erkannt) Physische Sektoren: 0 (keine bösartigen Elemente erkannt) (end) Code:
ATTFilter # AdwCleaner v5.023 - Bericht erstellt am 06/12/2015 um 08:53:12
# Aktualisiert am 30/11/2015 von Xplode
# Datenbank : 2015-12-03.1 [Server]
# Betriebssystem : Windows 10 Pro (x64)
# Benutzername : Lorenz - LOLLOSURFACE
# Gestartet von : C:\Users\Lorenz\Downloads\AdwCleaner_5.023.exe
# Option : Löschen
# Unterstützung : hxxp://toolslib.net/forum
***** [ Dienste ] *****
***** [ Ordner ] *****
***** [ Dateien ] *****
[-] Datei Gelöscht : C:\Users\Lorenz\AppData\Roaming\Mozilla\Firefox\Profiles\e2xmbe04.default\Extensions\{b64d9b05-48e1-4ceb-bf58-e0643994e900}.xpi
[-] Datei Gelöscht : C:\Users\Lorenz\AppData\Roaming\Mozilla\Firefox\Profiles\e2xmbe04.default\searchplugins\avira-safesearch.xml
***** [ DLLs ] *****
***** [ Verknüpfungen ] *****
***** [ Aufgabenplanung ] *****
***** [ Registrierungsdatenbank ] *****
[-] Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{00B11DA2-75ED-4364-ABA5-9A95B1F5E946}
[-] Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{6E993643-8FBC-44FE-BC85-D318495C4D96}
[-] Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{A43DE495-3D00-47D4-9D2C-303115707939}
[-] Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
[-] Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
[-] Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
[-] Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
[-] Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
[-] Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
[-] Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
[-] Schlüssel Gelöscht : HKCU\Software\OCS
[-] Schlüssel Gelöscht : HKU\S-1-5-21-2261460588-3622448717-587553582-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\OCS
[-] Schlüssel Gelöscht : HKU\S-1-5-21-2261460588-3622448717-587553582-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\Software\OCS
[-] Daten Wiederhergestellt : HKU\S-1-5-21-2261460588-3622448717-587553582-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main [Start Page]
[-] Daten Wiederhergestellt : HKU\S-1-5-21-2261460588-3622448717-587553582-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\Software\Microsoft\Internet Explorer\Main [Start Page]
***** [ Internetbrowser ] *****
[-] [C:\Users\Lorenz\AppData\Roaming\Mozilla\Firefox\Profiles\e2xmbe04.default\prefs.js] [Preference] Gelöscht : user_pref("browser.uiCustomization.state", "{\"placements\":{\"PanelUI-contents\":[\"edit-controls\",\"zoom-controls\",\"new-window-button\",\"privatebrowsing-button\",\"save-page-button\",\"print-but[...]
[-] [C:\Users\Lorenz\AppData\Roaming\Mozilla\Firefox\Profiles\e2xmbe04.default\prefs.js] [Preference] Gelöscht : user_pref("extensions.safesearch.MP_DISTINCT_ID", "\"149157c45f6225-04b1b017d7fd498-4a594337-0-149157c45f72e9\"");
[-] [C:\Users\Lorenz\AppData\Roaming\Mozilla\Firefox\Profiles\e2xmbe04.default\prefs.js] [Preference] Gelöscht : user_pref("extensions.safesearch.SAUTH_expires_at", "1432534616");
[-] [C:\Users\Lorenz\AppData\Roaming\Mozilla\Firefox\Profiles\e2xmbe04.default\prefs.js] [Preference] Gelöscht : user_pref("extensions.safesearch.SAUTH_rndsnr", "\"edc20cb8d241da54b91469ab092e7db8288394c0\"");
[-] [C:\Users\Lorenz\AppData\Roaming\Mozilla\Firefox\Profiles\e2xmbe04.default\prefs.js] [Preference] Gelöscht : user_pref("extensions.safesearch.SAUTH_userid", "5628240980");
[-] [C:\Users\Lorenz\AppData\Roaming\Mozilla\Firefox\Profiles\e2xmbe04.default\prefs.js] [Preference] Gelöscht : user_pref("extensions.safesearch.SAUTH_utoken", "\"be881be336be872e75d7d77629918a78dfa8ef8d\"");
[-] [C:\Users\Lorenz\AppData\Roaming\Mozilla\Firefox\Profiles\e2xmbe04.default\prefs.js] [Preference] Gelöscht : user_pref("extensions.safesearch.install", "1413404706300");
[-] [C:\Users\Lorenz\AppData\Roaming\Mozilla\Firefox\Profiles\e2xmbe04.default\prefs.js] [Preference] Gelöscht : user_pref("extensions.safesearch.search_offer_disabled", "true");
[-] [C:\Users\Lorenz\AppData\Roaming\Mozilla\Firefox\Profiles\e2xmbe04.default\prefs.js] [Preference] Gelöscht : user_pref("extensions.safesearch@avira.com.install-event-fired", true);
*************************
:: "Tracing" Schlüssel gelöscht
:: Proxy Einstellungen zurückgesetzt
:: Winsock Einstellungen zurückgesetzt
:: Chrome Richtlinien gelöscht
########## EOF - C:\AdwCleaner\AdwCleaner[C1].txt - [4773 Bytes] ##########
Code:
ATTFilter ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.0.1 (11.24.2015)
Operating System: Windows 10 Pro x64
Ran by Lorenz (Administrator) on 06.12.2015 at 9:29:17,30
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
File System: 2
Successfully deleted: C:\Users\Lorenz\AppData\Roaming\Mozilla\Firefox\Profiles\e2xmbe04.default\extensions\mailcheck@web.de\searchplugins\mailcom-search.xml (File)
Successfully deleted: C:\Users\Lorenz\AppData\Roaming\pdfforge (Folder)
Registry: 0
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 06.12.2015 at 9:31:03,48
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
|
|
07.12.2015, 16:02
| #8 |
| /// the machine /// TB-Ausbilder | Trojaner eBay&email Hack vom PC entfernen Avira komplett aus, dann nochmal FRST.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
07.12.2015, 17:30
| #9 |
| | Trojaner eBay&email Hack vom PC entfernen Hat geklappt. Danke Code:
ATTFilter Untersuchungsergebnis von Farbar Recovery Scan Tool (FRST) (x64) Version:01-12-2015 durchgeführt von Lorenz (Administrator) auf LOLLOSURFACE (07-12-2015 17:27:43) Gestartet von C:\Users\Lorenz\Downloads Geladene Profile: Lorenz (Verfügbare Profile: Lorenz) Platform: Windows 10 Pro Version 1511 (X64) Sprache: Deutsch (Deutschland) Internet Explorer Version 11 (Standard-Browser: FF) Start-Modus: Normal Anleitung für Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Prozesse (Nicht auf der Ausnahmeliste) ================= (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Prozess geschlossen. Die Datei wird nicht verschoben.) (Intel Corporation) C:\Windows\SysWOW64\IntelCpHeciSvc.exe (Cisco Systems, Inc.) C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\sched.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avguard.exe (Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe (devolo AG) C:\Program Files (x86)\devolo\dlan\devolonetsvc.exe (Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe (Malwarebytes) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe (Autodesk, Inc.) C:\Program Files\Autodesk\Inventor 2014\Moldflow\bin\mitsijm.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe (Malwarebytes) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe () C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avshadow.exe (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.29.1\GoogleCrashHandler.exe (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.29.1\GoogleCrashHandler64.exe (Malwarebytes) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe (Microsoft Corporation) C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersServer.exe (1&1 Mail & Media GmbH) C:\Users\Lorenz\AppData\Local\WEB.DE Application {sync-000021}\webde_onlinespeicher.exe (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe (Akamai Technologies, Inc.) C:\Users\Lorenz\AppData\Local\Akamai\netsession_win.exe (Autodesk, Inc.) C:\Program Files\Autodesk\Autodesk Sync\AdSync.exe (Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\office15\onenotem.exe (Akamai Technologies, Inc.) C:\Users\Lorenz\AppData\Local\Akamai\netsession_win.exe (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Dropbox, Inc.) C:\Users\Lorenz\AppData\Roaming\Dropbox\bin\Dropbox.exe (Cisco Systems, Inc.) C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.Systray.exe (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avgnt.exe () C:\Program Files\WindowsApps\Microsoft.Messaging_1.11.19004.0_x86__8wekyb3d8bbwe\SkypeHost.exe (Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe (Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\office15\winword.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\csisyncclient.exe (Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\office15\msosync.exe (Microsoft Corporation) C:\Windows\System32\WWAHost.exe (Microsoft Corporation) C:\Windows\System32\NetworkUXBroker.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avcenter.exe ==================== Registry (Nicht auf der Ausnahmeliste) =========================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt. Die Datei wird nicht verschoben.) HKLM-x32\...\Run: [doubleTwist] => C:\Program Files (x86)\doubleTwist\doubleTwist.Light.exe HKLM-x32\...\Run: [Wondershare Helper Compact.exe] => C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe [2072928 2014-10-31] (Wondershare) HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2015-06-16] (Apple Inc.) HKLM-x32\...\Run: [Avira SystrayStartTrigger] => C:\Program Files (x86)\Avira\Launcher\Avira.SystrayStartTrigger.exe [66320 2015-11-03] (Avira Operations GmbH & Co. KG) HKLM-x32\...\Run: [Cisco AnyConnect Secure Mobility Agent for Windows] => C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe [708496 2015-09-23] (Cisco Systems, Inc.) HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [597040 2015-10-06] (Oracle Corporation) HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\Antivirus\avgnt.exe [803200 2015-12-01] (Avira Operations GmbH & Co. KG) Winlogon\Notify\ScCertProp: wlnotify.dll [X] HKU\S-1-5-21-2261460588-3622448717-587553582-1001\...\Run: [WEB.DE Application {sync-000021}] => C:\Users\Lorenz\AppData\Local\WEB.DE Application {sync-000021}\webde_onlinespeicher.exe [794112 2015-10-29] (1&1 Mail & Media GmbH) HKU\S-1-5-21-2261460588-3622448717-587553582-1001\...\Run: [Spotify Web Helper] => C:\Users\Lorenz\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1676344 2015-02-08] (Spotify Ltd) HKU\S-1-5-21-2261460588-3622448717-587553582-1001\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [60688 2015-10-21] (Apple Inc.) HKU\S-1-5-21-2261460588-3622448717-587553582-1001\...\Run: [ApplePhotoStreams] => C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [61200 2015-10-21] (Apple Inc.) HKU\S-1-5-21-2261460588-3622448717-587553582-1001\...\Run: [Dropbox Update] => C:\Users\Lorenz\AppData\Local\Dropbox\Update\DropboxUpdate.exe [134512 2015-06-17] (Dropbox, Inc.) HKU\S-1-5-21-2261460588-3622448717-587553582-1001\...\Run: [iCloudDrive] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe [103696 2015-10-21] (Apple Inc.) HKU\S-1-5-21-2261460588-3622448717-587553582-1001\...\Run: [Akamai NetSession Interface] => C:\Users\Lorenz\AppData\Local\Akamai\netsession_win.exe [4691384 2015-09-10] (Akamai Technologies, Inc.) HKU\S-1-5-21-2261460588-3622448717-587553582-1001\...\Run: [Autodesk Sync] => C:\Program Files\Autodesk\Autodesk Sync\AdSync.exe [1081224 2013-02-05] (Autodesk, Inc.) HKU\S-1-5-21-2261460588-3622448717-587553582-1001\...\MountPoints2: {0f81c5e2-0dbb-11e5-828e-6002927b1294} - "D:\HTC_Sync_Manager_PC.exe" HKU\S-1-5-21-2261460588-3622448717-587553582-1001\...\MountPoints2: {0f81c616-0dbb-11e5-828e-6002927b1294} - "D:\HTC_Sync_Manager_PC.exe" ShellIconOverlayIdentifiers: [ 1&1 Sync Overlay 1] -> {02B2B772-B8A8-4DA4-9B18-42551A54A1A8} => C:\Program Files\Common Files\1&1 Sync\1&1SyncShellExtension64_1_0_0_3_20151009105810302.dll [2015-08-21] (1&1 Mail & Media GmbH) ShellIconOverlayIdentifiers: [ 1&1 Sync Overlay 2] -> {0575AB16-E932-4160-8936-4DBE195BDBD7} => C:\Program Files\Common Files\1&1 Sync\1&1SyncShellExtension64_1_0_0_3_20151009105810302.dll [2015-08-21] (1&1 Mail & Media GmbH) ShellIconOverlayIdentifiers: [ 1&1 Sync Overlay 3] -> {0E9EF89A-96D3-4DE6-B2F8-E9548AA5321E} => C:\Program Files\Common Files\1&1 Sync\1&1SyncShellExtension64_1_0_0_3_20151009105810302.dll [2015-08-21] (1&1 Mail & Media GmbH) ShellIconOverlayIdentifiers: [ 1&1 Sync Overlay 4] -> {1A4AFFE1-B2F9-483D-B627-D9A339DBFD34} => C:\Program Files\Common Files\1&1 Sync\1&1SyncShellExtension64_1_0_0_3_20151009105810302.dll [2015-08-21] (1&1 Mail & Media GmbH) ShellIconOverlayIdentifiers: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Lorenz\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll [2015-11-05] (Dropbox, Inc.) ShellIconOverlayIdentifiers: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Lorenz\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll [2015-11-05] (Dropbox, Inc.) ShellIconOverlayIdentifiers: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Lorenz\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll [2015-11-05] (Dropbox, Inc.) ShellIconOverlayIdentifiers: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Lorenz\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll [2015-11-05] (Dropbox, Inc.) ShellIconOverlayIdentifiers: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Lorenz\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll [2015-11-05] (Dropbox, Inc.) ShellIconOverlayIdentifiers: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Lorenz\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll [2015-11-05] (Dropbox, Inc.) ShellIconOverlayIdentifiers: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Lorenz\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll [2015-11-05] (Dropbox, Inc.) ShellIconOverlayIdentifiers: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Lorenz\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll [2015-11-05] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [AutoCAD Digital Signatures Icon Overlay Handler] -> {36A21736-36C2-4C11-8ACB-D4136F2B57BD} => C:\WINDOWS\system32\AcSignIcon.dll [2013-02-08] (Autodesk, Inc.) ShellIconOverlayIdentifiers-x32: [ 1&1 Sync Overlay 1] -> {02B2B772-B8A8-4DA4-9B18-42551A54A1A8} => C:\Program Files (x86)\Common Files\1&1 Sync\1&1SyncShellExtension_1_0_0_3_20151009105810302.dll [2015-08-21] (1&1 Mail & Media GmbH) ShellIconOverlayIdentifiers-x32: [ 1&1 Sync Overlay 2] -> {0575AB16-E932-4160-8936-4DBE195BDBD7} => C:\Program Files (x86)\Common Files\1&1 Sync\1&1SyncShellExtension_1_0_0_3_20151009105810302.dll [2015-08-21] (1&1 Mail & Media GmbH) ShellIconOverlayIdentifiers-x32: [ 1&1 Sync Overlay 3] -> {0E9EF89A-96D3-4DE6-B2F8-E9548AA5321E} => C:\Program Files (x86)\Common Files\1&1 Sync\1&1SyncShellExtension_1_0_0_3_20151009105810302.dll [2015-08-21] (1&1 Mail & Media GmbH) ShellIconOverlayIdentifiers-x32: [ 1&1 Sync Overlay 4] -> {1A4AFFE1-B2F9-483D-B627-D9A339DBFD34} => C:\Program Files (x86)\Common Files\1&1 Sync\1&1SyncShellExtension_1_0_0_3_20151009105810302.dll [2015-08-21] (1&1 Mail & Media GmbH) ShellIconOverlayIdentifiers-x32: [ SkyDrivePro1 (ErrorConflict)] -> {8BA85C75-763B-4103-94EB-9470F12FE0F7} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2015-10-13] (Microsoft Corporation) ShellIconOverlayIdentifiers-x32: [ SkyDrivePro2 (SyncInProgress)] -> {CD55129A-B1A1-438E-A425-CEBC7DC684EE} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2015-10-13] (Microsoft Corporation) ShellIconOverlayIdentifiers-x32: [ SkyDrivePro3 (InSync)] -> {E768CD3B-BDDC-436D-9C13-E1B39CA257B1} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2015-10-13] (Microsoft Corporation) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\phase-6 Reminder.lnk [2015-10-20] ShortcutTarget: phase-6 Reminder.lnk -> C:\Program Files (x86)\phase-6\phase-6\reminder\reminder.exe (phase-6) Startup: C:\Users\Lorenz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\An OneNote senden.lnk [2015-12-06] ShortcutTarget: An OneNote senden.lnk -> C:\Program Files\Microsoft Office 15\root\office15\onenotem.exe (Microsoft Corporation) Startup: C:\Users\Lorenz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2015-11-12] ShortcutTarget: Dropbox.lnk -> C:\Users\Lorenz\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) ==================== Internet (Nicht auf der Ausnahmeliste) ==================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Eintrag entfernt oder auf den Standardwert zurückgesetzt, wenn es sich um einen Registryeintrag handelt.) Tcpip\Parameters: [DhcpNameServer] 10.156.33.53 129.187.5.1 Tcpip\..\Interfaces\{524448cb-31f1-4839-9c46-203aa2eaab44}: [DhcpNameServer] 10.156.33.53 129.187.5.1 Internet Explorer: ================== BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll [2015-10-13] (Microsoft Corporation) BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_65\bin\ssv.dll [2015-11-13] (Oracle Corporation) BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [2015-10-13] (Microsoft Corporation) BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_65\bin\jp2ssv.dll [2015-11-13] (Oracle Corporation) BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\Office15\OCHelper.dll [2015-10-13] (Microsoft Corporation) BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2015-10-13] (Microsoft Corporation) Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2015-02-03] (Microsoft Corporation) FireFox: ======== FF ProfilePath: C:\Users\Lorenz\AppData\Roaming\Mozilla\Firefox\Profiles\e2xmbe04.default FF Homepage: hxxp://go.web.de/tb/mff_startpage FF Session Restore: -> ist aktiviert. FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_19_0_0_245.dll [2015-11-11] () FF Plugin: @java.com/DTPlugin,version=11.65.2 -> C:\Program Files\Java\jre1.8.0_65\bin\dtplugin\npDeployJava1.dll [2015-11-13] (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=11.65.2 -> C:\Program Files\Java\jre1.8.0_65\bin\plugin2\npjp2.dll [2015-11-13] (Oracle Corporation) FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation) FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_19_0_0_245.dll [2015-11-11] () FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2015-01-12] (Foxit Corporation) FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2015-01-12] (Foxit Corporation) FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xdp -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2015-01-12] (Foxit Corporation) FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xfdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2015-01-12] (Foxit Corporation) FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2015-02-17] (Microsoft Corporation) FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2014-10-14] (Microsoft Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-02] (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-02] (Google Inc.) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-09-30] (Adobe Systems Inc.) FF Plugin-x32: PDF Architect 2 -> C:\Program Files (x86)\PDF Architect 2\np-previewer.dll [2014-10-10] (pdfforge GmbH) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2015-09-30] (Adobe Systems Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npPDFXCviewNPPlugin.dll [2014-10-28] (Tracker Software Products (Canada) Ltd.) FF SearchPlugin: C:\Users\Lorenz\AppData\Roaming\Mozilla\Firefox\Profiles\e2xmbe04.default\searchplugins\google-images.xml [2014-10-14] FF SearchPlugin: C:\Users\Lorenz\AppData\Roaming\Mozilla\Firefox\Profiles\e2xmbe04.default\searchplugins\google-maps.xml [2014-10-14] FF SearchPlugin: C:\Users\Lorenz\AppData\Roaming\Mozilla\Firefox\Profiles\e2xmbe04.default\searchplugins\youtube.xml [2015-10-28] FF Extension: WOT - C:\Users\Lorenz\AppData\Roaming\Mozilla\Firefox\Profiles\e2xmbe04.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} [2015-11-28] FF Extension: Avira Browser Safety - C:\Users\Lorenz\AppData\Roaming\Mozilla\Firefox\Profiles\e2xmbe04.default\Extensions\abs@avira.com [2015-10-23] [ist nicht signiert] FF Extension: Cliqz - C:\Users\Lorenz\AppData\Roaming\Mozilla\Firefox\Profiles\e2xmbe04.default\Extensions\cliqz@cliqz.com.xpi [2015-11-09] [ist nicht signiert] FF Extension: YouTube to MP3 Free Converter - C:\Users\Lorenz\AppData\Roaming\Mozilla\Firefox\Profiles\e2xmbe04.default\Extensions\extension@321youtube.com.xpi [2015-05-29] FF Extension: MEGA - C:\Users\Lorenz\AppData\Roaming\Mozilla\Firefox\Profiles\e2xmbe04.default\Extensions\firefox@mega.co.nz.xpi [2015-11-10] [ist nicht signiert] FF Extension: WEB.DE MailCheck - C:\Users\Lorenz\AppData\Roaming\Mozilla\Firefox\Profiles\e2xmbe04.default\Extensions\mailcheck@web.de [2015-11-09] FF Extension: SoundCloud Downloader - Technowise - C:\Users\Lorenz\AppData\Roaming\Mozilla\Firefox\Profiles\e2xmbe04.default\Extensions\{c8d3bc80-0810-4d21-a2c2-be5f2b2832ac}.xpi [2015-09-30] FF Extension: Adblock Plus - C:\Users\Lorenz\AppData\Roaming\Mozilla\Firefox\Profiles\e2xmbe04.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2015-11-26] FF HKU\S-1-5-21-2261460588-3622448717-587553582-1001\...\Firefox\Extensions: [cliqz@cliqz.com] - C:\Users\Lorenz\AppData\Roaming\Mozilla\Firefox\Profiles\e2xmbe04.default\extensions\cliqz@cliqz.com => nicht gefunden Chrome: ======= CHR Profile: C:\Users\Lorenz\AppData\Local\Google\Chrome\User Data\Default CHR Extension: (Google Präsentationen) - C:\Users\Lorenz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-02-10] CHR Extension: (Google Docs) - C:\Users\Lorenz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-02-10] CHR Extension: (Google Drive) - C:\Users\Lorenz\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-24] CHR Extension: (YouTube) - C:\Users\Lorenz\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-10-22] CHR Extension: (Google-Suche) - C:\Users\Lorenz\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-28] CHR Extension: (Google Tabellen) - C:\Users\Lorenz\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-02-10] CHR Extension: (Avira Browserschutz) - C:\Users\Lorenz\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk [2015-10-22] CHR Extension: (Google Docs Offline) - C:\Users\Lorenz\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-11-20] CHR Extension: (Chrome Web Store-Zahlungen) - C:\Users\Lorenz\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-07-25] CHR Extension: (Google Mail) - C:\Users\Lorenz\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-04-16] CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx ==================== Dienste (Nicht auf der Ausnahmeliste) ======================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.) S2 AntiVirMailService; C:\Program Files (x86)\Avira\Antivirus\avmailc7.exe [948392 2015-12-01] (Avira Operations GmbH & Co. KG) R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\Antivirus\sched.exe [466408 2015-12-01] (Avira Operations GmbH & Co. KG) R2 AntiVirService; C:\Program Files (x86)\Avira\Antivirus\avguard.exe [466408 2015-12-01] (Avira Operations GmbH & Co. KG) S2 AntiVirWebService; C:\Program Files (x86)\Avira\Antivirus\avwebg7.exe [1418560 2015-12-01] (Avira Operations GmbH & Co. KG) R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77104 2015-09-02] (Apple Inc.) R2 Avira.ServiceHost; C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe [250136 2015-11-03] (Avira Operations GmbH & Co. KG) R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2797752 2015-10-13] (Microsoft Corporation) R2 DevoloNetworkService; C:\Program Files (x86)\devolo\dlan\devolonetsvc.exe [3755976 2015-07-01] (devolo AG) R2 MBAMScheduler; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe [1513784 2015-10-05] (Malwarebytes) R2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [1135416 2015-10-05] (Malwarebytes) R2 mitsijm2014; C:\Program Files\Autodesk\Inventor 2014\Moldflow\bin\mitsijm.exe [952608 2013-01-25] (Autodesk, Inc.) R2 PassThru Service; C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [167424 2012-12-07] () [Datei ist nicht signiert] S3 PDF Architect 2; C:\Program Files (x86)\PDF Architect 2\ws.exe [1771560 2014-10-10] (pdfforge GmbH) S3 pdfforge CrashHandler; C:\Program Files (x86)\PDF Architect 2\crash-handler-ws.exe [861736 2014-10-10] (pdfforge GmbH) S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [364464 2015-10-30] (Microsoft Corporation) S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2015-10-30] (Microsoft Corporation) ===================== Treiber (Nicht auf der Ausnahmeliste) ========================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.) R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [135880 2015-12-01] (Avira Operations GmbH & Co. KG) R1 avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [146696 2015-12-01] (Avira Operations GmbH & Co. KG) R1 avkmgr; C:\Windows\system32\DRIVERS\avkmgr.sys [35488 2015-12-01] (Avira Operations GmbH & Co. KG) R2 avnetflt; C:\Windows\system32\DRIVERS\avnetflt.sys [73032 2015-12-01] (Avira Operations GmbH & Co. KG) R3 BthA2DP; C:\Windows\system32\drivers\BthA2DP.sys [165376 2015-10-30] (Microsoft Corporation) R3 BthHFAud; C:\Windows\system32\DRIVERS\BthHfAud.sys [36864 2015-10-30] (Microsoft Corporation) R3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [245248 2015-10-30] (Microsoft Corporation) S3 HtcVCom32; C:\Windows\system32\DRIVERS\HtcVComV64.sys [121800 2010-03-09] (QUALCOMM Incorporated) S3 iaLPSS_GPIO; C:\Windows\System32\drivers\iaLPSS_GPIO.sys [24568 2013-10-07] (Intel Corporation) S3 iaLPSS_I2C; C:\Windows\System32\drivers\iaLPSS_I2C.sys [99320 2013-10-07] (Intel Corporation) R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25816 2015-10-05] (Malwarebytes) R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [192216 2015-12-07] (Malwarebytes) R3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [64216 2015-10-05] (Malwarebytes Corporation) R3 MEIx64; C:\Windows\System32\drivers\TeeDriverW8x64.sys [193336 2015-09-30] (Intel Corporation) R3 mrvlpcie8897; C:\Windows\System32\drivers\mrvlpcie8897.sys [1037824 2015-10-30] (Marvell Semiconductors Inc.) R2 NPF_devolo; C:\Windows\sysWOW64\drivers\npf_devolo.sys [34048 2015-07-01] (CACE Technologies) S3 SCL01164; C:\Windows\system32\DRIVERS\SCL01164.sys [72320 2010-05-07] (SCM Microsystems Inc.) R3 SurfaceAccessoryDevice; C:\Windows\System32\drivers\SurfaceAccessoryDevice.sys [51856 2014-05-30] (Microsoft Corporation) R3 SurfaceCapacitiveHomeButton; C:\Windows\System32\drivers\SurfaceCapacitiveHomeButton.sys [44152 2014-11-27] (Microsoft Corporation) R3 SurfaceDisplayCalibration; C:\Windows\System32\drivers\SurfaceDisplayCalibration.sys [41616 2014-05-02] (Microsoft Corporation) R3 SurfaceIntegrationDriver; C:\Windows\System32\drivers\SurfaceIntegrationDriver.sys [63000 2015-09-30] (Microsoft Corporation) R0 SurfacePciController; C:\Windows\System32\drivers\SurfacePciController.sys [35440 2014-10-08] (Microsoft Corporation) R3 SurfacePenDriver; C:\Windows\System32\drivers\SurfacePenDriver.sys [76424 2015-03-31] (Microsoft Corporation) S3 SurfaceTypeCover; C:\Windows\System32\drivers\SurfaceTypeCover.sys [67592 2015-10-27] (Microsoft Corporation) S3 SurfaceTypeCoverV3Integration; C:\Windows\System32\drivers\SurfaceTypeCoverV3Integration.sys [52760 2015-10-27] (Microsoft Corporation) R3 TrueColor; C:\Windows\system32\DRIVERS\TrueColor.sys [35952 2014-07-07] () S3 vpnva; C:\Windows\System32\drivers\vpnva64-6.sys [52592 2015-09-23] (Cisco Systems, Inc.) S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44568 2015-10-30] (Microsoft Corporation) S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [293216 2015-10-30] (Microsoft Corporation) S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [118112 2015-10-30] (Microsoft Corporation) ==================== NetSvcs (Nicht auf der Ausnahmeliste) =================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.) ==================== Ein Monat: Erstellte Dateien und Ordner ======== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.) 2015-12-07 14:56 - 2015-12-07 14:56 - 00000000 ___HD C:\OneDriveTemp 2015-12-06 22:04 - 2015-12-06 22:04 - 00284108 _____ C:\WINDOWS\Minidump\120615-8703-01.dmp 2015-12-06 22:04 - 2015-12-06 22:04 - 00000000 ____D C:\WINDOWS\Minidump 2015-12-06 10:00 - 2015-12-06 22:04 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox 2015-12-06 09:31 - 2015-12-06 09:47 - 00000547 _____ C:\Users\Lorenz\Desktop\JRT.txt 2015-12-06 09:27 - 2015-12-06 09:27 - 01599336 _____ (Malwarebytes) C:\Users\Lorenz\Downloads\JRT.exe 2015-12-06 08:53 - 2015-12-06 08:53 - 00000000 ____D C:\Users\Lorenz\AppData\Local\TempTaskUpdateDetection89B89E90-6C05-44F5-9DF9-4A713580C0C8 2015-12-06 08:41 - 2015-12-06 08:53 - 00000000 ____D C:\AdwCleaner 2015-12-05 23:50 - 2015-12-05 23:50 - 00001555 _____ C:\Users\Lorenz\Downloads\mbam.txt 2015-12-05 23:39 - 2015-12-06 08:39 - 01736704 _____ C:\Users\Lorenz\Downloads\AdwCleaner_5.023.exe 2015-12-05 23:39 - 2015-12-05 23:39 - 00001178 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2015-12-05 23:39 - 2015-12-05 23:39 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 2015-12-05 23:39 - 2015-12-05 23:39 - 00000000 ____D C:\Program Files (x86)\ Malwarebytes Anti-Malware 2015-12-05 23:39 - 2015-10-05 09:50 - 00064216 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys 2015-12-05 23:39 - 2015-10-05 09:50 - 00025816 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys 2015-12-05 23:38 - 2015-12-05 23:39 - 22908888 _____ (Malwarebytes ) C:\Users\Lorenz\Downloads\mbam-setup-2.2.0.1024.exe 2015-12-04 17:54 - 2015-12-04 18:05 - 00108800 _____ C:\TDSSKiller.3.1.0.7_04.12.2015_17.54.28_log.txt 2015-12-04 17:34 - 2015-12-07 16:27 - 00192216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys 2015-12-04 17:34 - 2015-12-05 23:39 - 00000000 ____D C:\ProgramData\Malwarebytes 2015-12-04 17:34 - 2015-12-04 17:53 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable) 2015-12-04 17:33 - 2015-10-05 09:50 - 00109272 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamchameleon.sys 2015-12-04 17:32 - 2015-12-04 17:53 - 00000000 ____D C:\Users\Lorenz\Desktop\mbar 2015-12-04 17:31 - 2015-12-04 17:54 - 04398264 _____ (Kaspersky Lab ZAO) C:\Users\Lorenz\Downloads\tdsskiller.exe 2015-12-04 17:31 - 2015-12-04 17:32 - 16563352 _____ (Malwarebytes Corp.) C:\Users\Lorenz\Downloads\mbar-1.09.3.1001.exe 2015-12-03 17:02 - 2015-11-22 10:56 - 22394880 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll 2015-12-03 17:02 - 2015-11-22 10:52 - 16984576 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll 2015-12-03 17:02 - 2015-11-22 10:43 - 24604672 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll 2015-12-03 17:02 - 2015-11-22 10:34 - 02843136 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdp.dll 2015-12-03 17:02 - 2015-11-22 10:30 - 19340800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll 2015-12-03 17:01 - 2015-11-22 11:47 - 07476576 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe 2015-12-03 17:01 - 2015-11-22 11:47 - 02653816 _____ C:\WINDOWS\system32\CoreUIComponents.dll 2015-12-03 17:01 - 2015-11-22 11:41 - 01859448 _____ C:\WINDOWS\SysWOW64\CoreUIComponents.dll 2015-12-03 17:01 - 2015-11-22 11:41 - 01284960 _____ (Microsoft Corporation) C:\WINDOWS\system32\LicenseManager.dll 2015-12-03 17:01 - 2015-11-22 11:41 - 00026408 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe 2015-12-03 17:01 - 2015-11-22 11:35 - 00538632 _____ (Microsoft Corporation) C:\WINDOWS\system32\WWanAPI.dll 2015-12-03 17:01 - 2015-11-22 11:34 - 00975200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LicenseManager.dll 2015-12-03 17:01 - 2015-11-22 11:34 - 00080600 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwapi.dll 2015-12-03 17:01 - 2015-11-22 11:33 - 00095072 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sdstor.sys 2015-12-03 17:01 - 2015-11-22 11:33 - 00058408 _____ (Microsoft Corporation) C:\WINDOWS\system32\SensorsNativeApi.dll 2015-12-03 17:01 - 2015-11-22 11:33 - 00051680 _____ (Microsoft Corporation) C:\WINDOWS\system32\SensorsUtilsV2.dll 2015-12-03 17:01 - 2015-11-22 11:30 - 00604928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys 2015-12-03 17:01 - 2015-11-22 11:30 - 00161632 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecpkg.sys 2015-12-03 17:01 - 2015-11-22 11:26 - 00431232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WWanAPI.dll 2015-12-03 17:01 - 2015-11-22 11:25 - 00063528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wwapi.dll 2015-12-03 17:01 - 2015-11-22 11:24 - 02772584 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d11.dll 2015-12-03 17:01 - 2015-11-22 11:20 - 00795840 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll 2015-12-03 17:01 - 2015-11-22 11:19 - 00440160 _____ (Microsoft Corporation) C:\WINDOWS\system32\services.exe 2015-12-03 17:01 - 2015-11-22 11:14 - 02185840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d11.dll 2015-12-03 17:01 - 2015-11-22 10:55 - 00070656 _____ (Microsoft Corporation) C:\WINDOWS\system32\XblAuthManagerProxy.dll 2015-12-03 17:01 - 2015-11-22 10:54 - 00138240 _____ (Microsoft Corporation) C:\WINDOWS\system32\ETWCoreUIComponentsResources.dll 2015-12-03 17:01 - 2015-11-22 10:54 - 00117248 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\capimg.sys 2015-12-03 17:01 - 2015-11-22 10:52 - 00052224 _____ (Microsoft Corporation) C:\WINDOWS\system32\jsproxy.dll 2015-12-03 17:01 - 2015-11-22 10:51 - 00157184 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmcertinst.exe 2015-12-03 17:01 - 2015-11-22 10:51 - 00034304 _____ (Microsoft Corporation) C:\WINDOWS\system32\iernonce.dll 2015-12-03 17:01 - 2015-11-22 10:50 - 00074240 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssign32.dll 2015-12-03 17:01 - 2015-11-22 10:49 - 00162304 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceCensus.exe 2015-12-03 17:01 - 2015-11-22 10:49 - 00066560 _____ (Microsoft Corporation) C:\WINDOWS\system32\iesetup.dll 2015-12-03 17:01 - 2015-11-22 10:45 - 06572032 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwanmm.dll 2015-12-03 17:01 - 2015-11-22 10:45 - 02756096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.tlb 2015-12-03 17:01 - 2015-11-22 10:45 - 00638464 _____ (Microsoft Corporation) C:\WINDOWS\system32\enterprisecsps.dll 2015-12-03 17:01 - 2015-11-22 10:45 - 00220672 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe 2015-12-03 17:01 - 2015-11-22 10:45 - 00073728 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwancfg.dll 2015-12-03 17:01 - 2015-11-22 10:44 - 00558080 _____ (Microsoft Corporation) C:\WINDOWS\system32\MBMediaManager.dll 2015-12-03 17:01 - 2015-11-22 10:43 - 00704000 _____ (Microsoft Corporation) C:\WINDOWS\system32\CellularAPI.dll 2015-12-03 17:01 - 2015-11-22 10:43 - 00382464 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll 2015-12-03 17:01 - 2015-11-22 10:43 - 00342016 _____ (Microsoft Corporation) C:\WINDOWS\system32\SensorService.dll 2015-12-03 17:01 - 2015-11-22 10:43 - 00041984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XblAuthManagerProxy.dll 2015-12-03 17:01 - 2015-11-22 10:42 - 13017600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll 2015-12-03 17:01 - 2015-11-22 10:42 - 07979008 _____ (Microsoft Corporation) C:\WINDOWS\system32\mos.dll 2015-12-03 17:01 - 2015-11-22 10:42 - 00589312 _____ (Microsoft Corporation) C:\WINDOWS\system32\MbaeApi.dll 2015-12-03 17:01 - 2015-11-22 10:42 - 00168960 _____ (Microsoft Corporation) C:\WINDOWS\system32\mdmmigrator.dll 2015-12-03 17:01 - 2015-11-22 10:42 - 00138240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ETWCoreUIComponentsResources.dll 2015-12-03 17:01 - 2015-11-22 10:41 - 01814528 _____ (Microsoft Corporation) C:\WINDOWS\system32\pnidui.dll 2015-12-03 17:01 - 2015-11-22 10:41 - 00948224 _____ (Microsoft Corporation) C:\WINDOWS\system32\XblAuthManager.dll 2015-12-03 17:01 - 2015-11-22 10:41 - 00607232 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcmsvc.dll 2015-12-03 17:01 - 2015-11-22 10:40 - 01056256 _____ (Microsoft Corporation) C:\WINDOWS\system32\JpMapControl.dll 2015-12-03 17:01 - 2015-11-22 10:40 - 00465920 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwanconn.dll 2015-12-03 17:01 - 2015-11-22 10:39 - 02126848 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl 2015-12-03 17:01 - 2015-11-22 10:39 - 01713664 _____ (Microsoft Corporation) C:\WINDOWS\system32\SRHInproc.dll 2015-12-03 17:01 - 2015-11-22 10:39 - 00957440 _____ (Microsoft Corporation) C:\WINDOWS\system32\SRH.dll 2015-12-03 17:01 - 2015-11-22 10:39 - 00938496 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapControlCore.dll 2015-12-03 17:01 - 2015-11-22 10:39 - 00870400 _____ (Microsoft Corporation) C:\WINDOWS\system32\modernexecserver.dll 2015-12-03 17:01 - 2015-11-22 10:39 - 00783360 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll 2015-12-03 17:01 - 2015-11-22 10:39 - 00045568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jsproxy.dll 2015-12-03 17:01 - 2015-11-22 10:38 - 01223168 _____ (Microsoft Corporation) C:\WINDOWS\system32\Unistore.dll 2015-12-03 17:01 - 2015-11-22 10:38 - 01212928 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwansvc.dll 2015-12-03 17:01 - 2015-11-22 10:38 - 00912384 _____ (Microsoft Corporation) C:\WINDOWS\system32\usermgr.dll 2015-12-03 17:01 - 2015-11-22 10:38 - 00320000 _____ (Microsoft Corporation) C:\WINDOWS\system32\cryptngc.dll 2015-12-03 17:01 - 2015-11-22 10:38 - 00060928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssign32.dll 2015-12-03 17:01 - 2015-11-22 10:37 - 02624512 _____ (Microsoft Corporation) C:\WINDOWS\system32\InputService.dll 2015-12-03 17:01 - 2015-11-22 10:37 - 01395200 _____ (Microsoft Corporation) C:\WINDOWS\system32\UIAutomationCore.dll 2015-12-03 17:01 - 2015-11-22 10:37 - 00515584 _____ (Microsoft Corporation) C:\WINDOWS\system32\LogonController.dll 2015-12-03 17:01 - 2015-11-22 10:36 - 01042432 _____ (Microsoft Corporation) C:\WINDOWS\system32\BingOnlineServices.dll 2015-12-03 17:01 - 2015-11-22 10:34 - 00345600 _____ (Microsoft Corporation) C:\WINDOWS\system32\TextInputFramework.dll 2015-12-03 17:01 - 2015-11-22 10:33 - 18677760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll 2015-12-03 17:01 - 2015-11-22 10:33 - 13380608 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll 2015-12-03 17:01 - 2015-11-22 10:33 - 02587136 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFMediaEngine.dll 2015-12-03 17:01 - 2015-11-22 10:32 - 00340480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PlayToDevice.dll 2015-12-03 17:01 - 2015-11-22 10:32 - 00334848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll 2015-12-03 17:01 - 2015-11-22 10:31 - 07199232 _____ (Microsoft Corporation) C:\WINDOWS\system32\BingMaps.dll 2015-12-03 17:01 - 2015-11-22 10:31 - 00470528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MbaeApi.dll 2015-12-03 17:01 - 2015-11-22 10:31 - 00416768 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmenrollengine.dll 2015-12-03 17:01 - 2015-11-22 10:30 - 02598400 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetworkMobileSettings.dll 2015-12-03 17:01 - 2015-11-22 10:29 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\JpMapControl.dll 2015-12-03 17:01 - 2015-11-22 10:28 - 01734656 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll 2015-12-03 17:01 - 2015-11-22 10:28 - 01443328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SRHInproc.dll 2015-12-03 17:01 - 2015-11-22 10:28 - 01387008 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll 2015-12-03 17:01 - 2015-11-22 10:28 - 00948224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Unistore.dll 2015-12-03 17:01 - 2015-11-22 10:28 - 00870400 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpncore.dll 2015-12-03 17:01 - 2015-11-22 10:28 - 00793600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SRH.dll 2015-12-03 17:01 - 2015-11-22 10:28 - 00686592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll 2015-12-03 17:01 - 2015-11-22 10:27 - 03993600 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_nt.dll 2015-12-03 17:01 - 2015-11-22 10:27 - 02049024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl 2015-12-03 17:01 - 2015-11-22 10:27 - 01944576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InputService.dll 2015-12-03 17:01 - 2015-11-22 10:27 - 00711680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapControlCore.dll 2015-12-03 17:01 - 2015-11-22 10:27 - 00241664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cryptngc.dll 2015-12-03 17:01 - 2015-11-22 10:26 - 03355136 _____ (Microsoft Corporation) C:\WINDOWS\system32\msftedit.dll 2015-12-03 17:01 - 2015-11-22 10:26 - 01139200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UIAutomationCore.dll 2015-12-03 17:01 - 2015-11-22 10:26 - 00709120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BingOnlineServices.dll 2015-12-03 17:01 - 2015-11-22 10:26 - 00421888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LogonController.dll 2015-12-03 17:01 - 2015-11-22 10:25 - 06297088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mos.dll 2015-12-03 17:01 - 2015-11-22 10:25 - 02280448 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll 2015-12-03 17:01 - 2015-11-22 10:24 - 12124672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll 2015-12-03 17:01 - 2015-11-22 10:24 - 02647552 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll 2015-12-03 17:01 - 2015-11-22 10:24 - 01995264 _____ (Microsoft Corporation) C:\WINDOWS\system32\ActiveSyncProvider.dll 2015-12-03 17:01 - 2015-11-22 10:24 - 00245760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TextInputFramework.dll 2015-12-03 17:01 - 2015-11-22 10:23 - 05202944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BingMaps.dll 2015-12-03 17:01 - 2015-11-22 10:20 - 01860096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cdp.dll 2015-12-03 17:01 - 2015-11-22 10:19 - 02064384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFMediaEngine.dll 2015-12-03 17:01 - 2015-11-22 10:18 - 01505280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll 2015-12-03 17:01 - 2015-11-22 10:18 - 00697856 _____ (Microsoft Corporation) C:\WINDOWS\system32\PlayToManager.dll 2015-12-03 17:01 - 2015-11-22 10:18 - 00458752 _____ (Microsoft Corporation) C:\WINDOWS\system32\PlayToDevice.dll 2015-12-03 17:01 - 2015-11-22 10:17 - 02680320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msftedit.dll 2015-12-03 17:01 - 2015-11-22 10:17 - 02121216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll 2015-12-03 17:01 - 2015-11-22 10:16 - 01706496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ActiveSyncProvider.dll 2015-12-03 17:01 - 2015-11-22 10:11 - 00517632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PlayToManager.dll 2015-12-03 17:00 - 2015-11-22 11:00 - 00089088 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsCSP.dll 2015-12-03 17:00 - 2015-11-22 11:00 - 00058368 _____ (Microsoft Corporation) C:\WINDOWS\system32\MosResource.dll 2015-12-03 17:00 - 2015-11-22 10:57 - 02756096 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.tlb 2015-12-03 17:00 - 2015-11-22 10:57 - 00110592 _____ (Microsoft Corporation) C:\WINDOWS\system32\Microsoft-Windows-MapControls.dll 2015-12-03 17:00 - 2015-11-22 10:57 - 00036352 _____ (Microsoft Corporation) C:\WINDOWS\system32\UIAutomationCoreRes.dll 2015-12-03 17:00 - 2015-11-22 10:57 - 00010240 _____ (Microsoft Corporation) C:\WINDOWS\system32\Microsoft-Windows-MosTrace.dll 2015-12-03 17:00 - 2015-11-22 10:57 - 00009728 _____ (Microsoft Corporation) C:\WINDOWS\system32\Microsoft-Windows-MosHost.dll 2015-12-03 17:00 - 2015-11-22 10:56 - 01268736 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.Resources.dll 2015-12-03 17:00 - 2015-11-22 10:56 - 00064000 _____ (Microsoft Corporation) C:\WINDOWS\system32\MosHostClient.dll 2015-12-03 17:00 - 2015-11-22 10:56 - 00064000 _____ (Microsoft Corporation) C:\WINDOWS\system32\ihvrilproxy.dll 2015-12-03 17:00 - 2015-11-22 10:56 - 00055808 _____ (Microsoft Corporation) C:\WINDOWS\system32\rilproxy.dll 2015-12-03 17:00 - 2015-11-22 10:55 - 00013312 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsBtSvcProxy.dll 2015-12-03 17:00 - 2015-11-22 10:55 - 00007680 _____ (Microsoft Corporation) C:\WINDOWS\system32\readingviewresources.dll 2015-12-03 17:00 - 2015-11-22 10:54 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\SensorsNativeApi.V2.dll 2015-12-03 17:00 - 2015-11-22 10:54 - 00075264 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwanprotdim.dll 2015-12-03 17:00 - 2015-11-22 10:54 - 00044032 _____ (Microsoft Corporation) C:\WINDOWS\system32\wsplib.dll 2015-12-03 17:00 - 2015-11-22 10:54 - 00032256 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups2.dll 2015-12-03 17:00 - 2015-11-22 10:54 - 00028672 _____ (Microsoft Corporation) C:\WINDOWS\system32\WordBreakers.dll 2015-12-03 17:00 - 2015-11-22 10:54 - 00028160 _____ (Microsoft Corporation) C:\WINDOWS\system32\nativemap.dll 2015-12-03 17:00 - 2015-11-22 10:54 - 00003072 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapControlStringsRes.dll 2015-12-03 17:00 - 2015-11-22 10:52 - 00069632 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininetlui.dll 2015-12-03 17:00 - 2015-11-22 10:52 - 00060928 _____ (Microsoft Corporation) C:\WINDOWS\system32\XblAuthTokenBrokerExt.dll 2015-12-03 17:00 - 2015-11-22 10:52 - 00028672 _____ (Microsoft Corporation) C:\WINDOWS\system32\mapsupdatetask.dll 2015-12-03 17:00 - 2015-11-22 10:51 - 00119808 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsBtSvc.dll 2015-12-03 17:00 - 2015-11-22 10:51 - 00072704 _____ (Microsoft Corporation) C:\WINDOWS\system32\MosStorage.dll 2015-12-03 17:00 - 2015-11-22 10:51 - 00042496 _____ (Microsoft Corporation) C:\WINDOWS\system32\mapstoasttask.dll 2015-12-03 17:00 - 2015-11-22 10:49 - 00066560 _____ (Microsoft Corporation) C:\WINDOWS\system32\moshost.dll 2015-12-03 17:00 - 2015-11-22 10:49 - 00052224 _____ (Microsoft Corporation) C:\WINDOWS\system32\Wwanpref.dll 2015-12-03 17:00 - 2015-11-22 10:48 - 00058368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MosResource.dll 2015-12-03 17:00 - 2015-11-22 10:47 - 00269824 _____ (Microsoft Corporation) C:\WINDOWS\system32\moshostcore.dll 2015-12-03 17:00 - 2015-11-22 10:46 - 00248832 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserMgrProxy.dll 2015-12-03 17:00 - 2015-11-22 10:46 - 00209920 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcmcsp.dll 2015-12-03 17:00 - 2015-11-22 10:45 - 00264192 _____ (Nokia) C:\WINDOWS\system32\NmaDirect.dll 2015-12-03 17:00 - 2015-11-22 10:45 - 00110592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Microsoft-Windows-MapControls.dll 2015-12-03 17:00 - 2015-11-22 10:45 - 00036352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UIAutomationCoreRes.dll 2015-12-03 17:00 - 2015-11-22 10:45 - 00010240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Microsoft-Windows-MosTrace.dll 2015-12-03 17:00 - 2015-11-22 10:45 - 00009728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Microsoft-Windows-MosHost.dll 2015-12-03 17:00 - 2015-11-22 10:44 - 01268736 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.Resources.dll 2015-12-03 17:00 - 2015-11-22 10:44 - 00048640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MosHostClient.dll 2015-12-03 17:00 - 2015-11-22 10:43 - 00459776 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapConfiguration.dll 2015-12-03 17:00 - 2015-11-22 10:42 - 00024064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WordBreakers.dll 2015-12-03 17:00 - 2015-11-22 10:42 - 00003072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapControlStringsRes.dll 2015-12-03 17:00 - 2015-11-22 10:40 - 00850432 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsStore.dll 2015-12-03 17:00 - 2015-11-22 10:40 - 00065536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininetlui.dll 2015-12-03 17:00 - 2015-11-22 10:40 - 00049152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XblAuthTokenBrokerExt.dll 2015-12-03 17:00 - 2015-11-22 10:39 - 00988160 _____ (Microsoft Corporation) C:\WINDOWS\system32\NMAA.dll 2015-12-03 17:00 - 2015-11-22 10:39 - 00114688 _____ (Microsoft Corporation) C:\WINDOWS\system32\offlinelsa.dll 2015-12-03 17:00 - 2015-11-22 10:39 - 00086528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapsBtSvc.dll 2015-12-03 17:00 - 2015-11-22 10:39 - 00058368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MosStorage.dll 2015-12-03 17:00 - 2015-11-22 10:34 - 00175616 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Core.TextInput.dll 2015-12-03 17:00 - 2015-11-22 10:34 - 00166912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserMgrProxy.dll 2015-12-03 17:00 - 2015-11-22 10:34 - 00108544 _____ (Microsoft Corporation) C:\WINDOWS\system32\InputLocaleManager.dll 2015-12-03 17:00 - 2015-11-22 10:34 - 00075264 _____ (Microsoft Corporation) C:\WINDOWS\system32\EditBufferTestHook.dll 2015-12-03 17:00 - 2015-11-22 10:33 - 00205824 _____ (Nokia) C:\WINDOWS\SysWOW64\NmaDirect.dll 2015-12-03 17:00 - 2015-11-22 10:32 - 00346112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapConfiguration.dll 2015-12-03 17:00 - 2015-11-22 10:28 - 00784896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NMAA.dll 2015-12-03 17:00 - 2015-11-22 10:28 - 00100864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\offlinelsa.dll 2015-12-03 17:00 - 2015-11-22 10:27 - 00160768 _____ (Microsoft Corporation) C:\WINDOWS\system32\enrollmentapi.dll 2015-12-03 17:00 - 2015-11-22 10:25 - 00133632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Core.TextInput.dll 2015-12-03 17:00 - 2015-11-22 10:24 - 00083456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InputLocaleManager.dll 2015-12-03 17:00 - 2015-11-22 10:24 - 00059904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\EditBufferTestHook.dll 2015-12-03 09:23 - 2015-12-03 09:24 - 00075288 _____ C:\Users\Lorenz\Downloads\Addition.txt 2015-12-03 09:22 - 2015-12-07 17:27 - 00026830 _____ C:\Users\Lorenz\Downloads\FRST.txt 2015-12-03 09:22 - 2015-12-07 17:27 - 00000000 ____D C:\FRST 2015-12-03 09:17 - 2015-12-03 09:19 - 02350080 _____ (Farbar) C:\Users\Lorenz\Downloads\FRST64.exe 2015-12-03 09:15 - 2015-12-03 09:15 - 00000000 _____ C:\Users\Lorenz\defogger_reenable 2015-12-03 09:14 - 2015-12-03 09:21 - 00380416 _____ C:\Users\Lorenz\Downloads\Gmer-19357.exe 2015-12-03 09:14 - 2015-12-03 09:15 - 00050477 _____ C:\Users\Lorenz\Downloads\Defogger.exe 2015-12-02 11:41 - 2015-12-02 11:41 - 00000000 ____D C:\Users\Lorenz\AppData\Local\ActiveSync 2015-12-02 11:33 - 2015-12-02 11:33 - 00000020 ___SH C:\Users\Lorenz\ntuser.ini 2015-12-02 11:33 - 2015-12-02 11:33 - 00000000 _SHDL C:\Users\Default\Vorlagen 2015-12-02 11:33 - 2015-12-02 11:33 - 00000000 _SHDL C:\Users\Default\Startmenü 2015-12-02 11:33 - 2015-12-02 11:33 - 00000000 _SHDL C:\Users\Default\Netzwerkumgebung 2015-12-02 11:33 - 2015-12-02 11:33 - 00000000 _SHDL C:\Users\Default\Lokale Einstellungen 2015-12-02 11:33 - 2015-12-02 11:33 - 00000000 _SHDL C:\Users\Default\Eigene Dateien 2015-12-02 11:33 - 2015-12-02 11:33 - 00000000 _SHDL C:\Users\Default\Druckumgebung 2015-12-02 11:33 - 2015-12-02 11:33 - 00000000 _SHDL C:\Users\Default\Documents\Eigene Videos 2015-12-02 11:33 - 2015-12-02 11:33 - 00000000 _SHDL C:\Users\Default\Documents\Eigene Musik 2015-12-02 11:33 - 2015-12-02 11:33 - 00000000 _SHDL C:\Users\Default\Documents\Eigene Bilder 2015-12-02 11:33 - 2015-12-02 11:33 - 00000000 _SHDL C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programme 2015-12-02 11:33 - 2015-12-02 11:33 - 00000000 _SHDL C:\Users\Default\AppData\Local\Verlauf 2015-12-02 11:33 - 2015-12-02 11:33 - 00000000 _SHDL C:\Users\Default\AppData\Local\Anwendungsdaten 2015-12-02 11:33 - 2015-12-02 11:33 - 00000000 _SHDL C:\Users\Default\Anwendungsdaten 2015-12-02 11:33 - 2015-12-02 11:33 - 00000000 _SHDL C:\Users\Default User\Documents\Eigene Videos 2015-12-02 11:33 - 2015-12-02 11:33 - 00000000 _SHDL C:\Users\Default User\Documents\Eigene Musik 2015-12-02 11:33 - 2015-12-02 11:33 - 00000000 _SHDL C:\Users\Default User\Documents\Eigene Bilder 2015-12-02 11:33 - 2015-12-02 11:33 - 00000000 _SHDL C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programme 2015-12-02 11:33 - 2015-12-02 11:33 - 00000000 _SHDL C:\Users\Default User\AppData\Local\Verlauf 2015-12-02 11:33 - 2015-12-02 11:33 - 00000000 _SHDL C:\Users\Default User\AppData\Local\Anwendungsdaten 2015-12-02 11:30 - 2015-12-07 09:09 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT 2015-12-02 11:26 - 2015-12-02 11:26 - 00001576 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk 2015-12-02 11:21 - 2015-12-02 11:27 - 00000000 ____D C:\WINDOWS\system32\config\bbimigrate 2015-12-02 11:20 - 2015-12-07 14:36 - 00000000 ____D C:\Users\Lorenz 2015-12-02 11:20 - 2015-12-02 11:20 - 00000000 _SHDL C:\Users\Lorenz\Vorlagen 2015-12-02 11:20 - 2015-12-02 11:20 - 00000000 _SHDL C:\Users\Lorenz\Startmenü 2015-12-02 11:20 - 2015-12-02 11:20 - 00000000 _SHDL C:\Users\Lorenz\Netzwerkumgebung 2015-12-02 11:20 - 2015-12-02 11:20 - 00000000 _SHDL C:\Users\Lorenz\Lokale Einstellungen 2015-12-02 11:20 - 2015-12-02 11:20 - 00000000 _SHDL C:\Users\Lorenz\Eigene Dateien 2015-12-02 11:20 - 2015-12-02 11:20 - 00000000 _SHDL C:\Users\Lorenz\Druckumgebung 2015-12-02 11:20 - 2015-12-02 11:20 - 00000000 _SHDL C:\Users\Lorenz\Documents\Eigene Videos 2015-12-02 11:20 - 2015-12-02 11:20 - 00000000 _SHDL C:\Users\Lorenz\Documents\Eigene Musik 2015-12-02 11:20 - 2015-12-02 11:20 - 00000000 _SHDL C:\Users\Lorenz\Documents\Eigene Bilder 2015-12-02 11:20 - 2015-12-02 11:20 - 00000000 _SHDL C:\Users\Lorenz\AppData\Roaming\Microsoft\Windows\Start Menu\Programme 2015-12-02 11:20 - 2015-12-02 11:20 - 00000000 _SHDL C:\Users\Lorenz\AppData\Local\Verlauf 2015-12-02 11:20 - 2015-12-02 11:20 - 00000000 _SHDL C:\Users\Lorenz\AppData\Local\Anwendungsdaten 2015-12-02 11:20 - 2015-12-02 11:20 - 00000000 _SHDL C:\Users\Lorenz\Anwendungsdaten 2015-12-02 11:19 - 2015-12-02 11:19 - 00000000 ____H C:\WINDOWS\system32\Drivers\Msft_User_SensorsHid_02_15_00.Wdf 2015-12-02 11:19 - 2015-12-02 11:19 - 00000000 ____H C:\WINDOWS\system32\Drivers\Msft_Kernel_TrueColor_01011.Wdf 2015-12-02 11:19 - 2015-12-02 11:19 - 00000000 ____H C:\WINDOWS\system32\Drivers\Msft_Kernel_SurfacePenDriver_01011.Wdf 2015-12-02 11:19 - 2015-12-02 11:19 - 00000000 ____D C:\WINDOWS\SysWOW64\TrueColor5.2 2015-12-02 11:19 - 2015-12-02 11:19 - 00000000 ____D C:\WINDOWS\system32\TrueColor5.2 2015-12-02 11:19 - 2015-10-30 08:17 - 02718208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PrintConfig.dll 2015-12-02 11:19 - 2015-09-06 12:12 - 00099856 _____ (Khronos Group) C:\WINDOWS\system32\OpenCL.DLL 2015-12-02 11:18 - 2015-12-02 11:18 - 00000000 ____H C:\ProgramData\DP45977C.lfl 2015-12-02 11:18 - 2015-12-02 11:18 - 00000000 ____D C:\WINDOWS\Firmware 2015-12-02 11:18 - 2015-12-02 11:18 - 00000000 ____D C:\Program Files\Intel 2015-12-02 11:17 - 2015-12-07 13:19 - 00000000 ____D C:\WINDOWS\system32\SleepStudy 2015-12-02 11:17 - 2015-12-02 12:00 - 00000000 ___DC C:\WINDOWS\Panther 2015-12-02 11:17 - 2015-12-02 11:39 - 00442840 _____ C:\WINDOWS\system32\FNTCACHE.DAT 2015-12-02 11:15 - 2015-12-02 11:15 - 22572632 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll 2015-12-02 11:15 - 2015-12-02 11:15 - 21125408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll 2015-12-02 11:15 - 2015-12-02 11:15 - 11545088 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll 2015-12-02 11:15 - 2015-12-02 11:15 - 09918976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll 2015-12-02 11:15 - 2015-12-02 11:15 - 03670832 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll 2015-12-02 11:15 - 2015-12-02 11:15 - 03592704 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys 2015-12-02 11:15 - 2015-12-02 11:15 - 02918808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll 2015-12-02 11:15 - 2015-12-02 11:15 - 02544264 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll 2015-12-02 11:15 - 2015-12-02 11:15 - 02444288 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.appcore.dll 2015-12-02 11:15 - 2015-12-02 11:15 - 02179584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll 2015-12-02 11:15 - 2015-12-02 11:15 - 02001408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.appcore.dll 2015-12-02 11:15 - 2015-12-02 11:15 - 01393664 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys 2015-12-02 11:15 - 2015-12-02 11:15 - 01063424 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll 2015-12-02 11:15 - 2015-12-02 11:15 - 00969728 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll 2015-12-02 11:15 - 2015-12-02 11:15 - 00911648 _____ (Microsoft Corporation) C:\WINDOWS\system32\dcomp.dll 2015-12-02 11:15 - 2015-12-02 11:15 - 00809312 _____ (Microsoft Corporation) C:\WINDOWS\system32\WWAHost.exe 2015-12-02 11:15 - 2015-12-02 11:15 - 00803840 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll 2015-12-02 11:15 - 2015-12-02 11:15 - 00791552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll 2015-12-02 11:15 - 2015-12-02 11:15 - 00704352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WWAHost.exe 2015-12-02 11:15 - 2015-12-02 11:15 - 00698208 _____ (Microsoft Corporation) C:\WINDOWS\system32\wimgapi.dll 2015-12-02 11:15 - 2015-12-02 11:15 - 00675064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dcomp.dll 2015-12-02 11:15 - 2015-12-02 11:15 - 00674816 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.dll 2015-12-02 11:15 - 2015-12-02 11:15 - 00647168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll 2015-12-02 11:15 - 2015-12-02 11:15 - 00630632 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontdrvhost.exe 2015-12-02 11:15 - 2015-12-02 11:15 - 00623616 _____ (Microsoft Corporation) C:\WINDOWS\system32\PhoneProviders.dll 2015-12-02 11:15 - 2015-12-02 11:15 - 00586208 _____ (Microsoft Corporation) C:\WINDOWS\system32\mf.dll 2015-12-02 11:15 - 2015-12-02 11:15 - 00586080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wimgapi.dll 2015-12-02 11:15 - 2015-12-02 11:15 - 00578912 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\afd.sys 2015-12-02 11:15 - 2015-12-02 11:15 - 00543232 _____ (Microsoft Corporation) C:\WINDOWS\system32\StoreAgent.dll 2015-12-02 11:15 - 2015-12-02 11:15 - 00540752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontdrvhost.exe 2015-12-02 11:15 - 2015-12-02 11:15 - 00536768 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSes.dll 2015-12-02 11:15 - 2015-12-02 11:15 - 00523616 _____ (Microsoft Corporation) C:\WINDOWS\system32\wimserv.exe 2015-12-02 11:15 - 2015-12-02 11:15 - 00517632 _____ (Microsoft Corporation) C:\WINDOWS\system32\winspool.drv 2015-12-02 11:15 - 2015-12-02 11:15 - 00516544 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEng.dll 2015-12-02 11:15 - 2015-12-02 11:15 - 00511320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mf.dll 2015-12-02 11:15 - 2015-12-02 11:15 - 00497664 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmkvsrcsnk.dll 2015-12-02 11:15 - 2015-12-02 11:15 - 00490496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.dll 2015-12-02 11:15 - 2015-12-02 11:15 - 00454056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioEng.dll 2015-12-02 11:15 - 2015-12-02 11:15 - 00450560 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Bluetooth.dll 2015-12-02 11:15 - 2015-12-02 11:15 - 00414720 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcastdvr.exe 2015-12-02 11:15 - 2015-12-02 11:15 - 00409088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\StoreAgent.dll 2015-12-02 11:15 - 2015-12-02 11:15 - 00408128 _____ (Microsoft Corporation) C:\WINDOWS\system32\AUDIOKSE.dll 2015-12-02 11:15 - 2015-12-02 11:15 - 00405048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioSes.dll 2015-12-02 11:15 - 2015-12-02 11:15 - 00400896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winspool.drv 2015-12-02 11:15 - 2015-12-02 11:15 - 00382464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmkvsrcsnk.dll 2015-12-02 11:15 - 2015-12-02 11:15 - 00369912 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiodg.exe 2015-12-02 11:15 - 2015-12-02 11:15 - 00366224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AUDIOKSE.dll 2015-12-02 11:15 - 2015-12-02 11:15 - 00365568 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\atmfd.dll 2015-12-02 11:15 - 2015-12-02 11:15 - 00334736 _____ (Microsoft Corporation) C:\WINDOWS\system32\policymanager.dll 2015-12-02 11:15 - 2015-12-02 11:15 - 00334336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\bcastdvr.exe 2015-12-02 11:15 - 2015-12-02 11:15 - 00315904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Internal.Bluetooth.dll 2015-12-02 11:15 - 2015-12-02 11:15 - 00303104 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\atmfd.dll 2015-12-02 11:15 - 2015-12-02 11:15 - 00296488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\policymanager.dll 2015-12-02 11:15 - 2015-12-02 11:15 - 00292352 _____ (Microsoft Corporation) C:\WINDOWS\system32\provengine.dll 2015-12-02 11:15 - 2015-12-02 11:15 - 00286720 _____ (Microsoft Corporation) C:\WINDOWS\system32\deviceaccess.dll 2015-12-02 11:15 - 2015-12-02 11:15 - 00286208 _____ (Microsoft Corporation) C:\WINDOWS\system32\provhandlers.dll 2015-12-02 11:15 - 2015-12-02 11:15 - 00275456 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll 2015-12-02 11:15 - 2015-12-02 11:15 - 00245848 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfps.dll 2015-12-02 11:15 - 2015-12-02 11:15 - 00231936 _____ (Microsoft Corporation) C:\WINDOWS\system32\KnobsCore.dll 2015-12-02 11:15 - 2015-12-02 11:15 - 00227840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\deviceaccess.dll 2015-12-02 11:15 - 2015-12-02 11:15 - 00204800 _____ (Microsoft Corporation) C:\WINDOWS\system32\Microsoft-Windows-AppModelExecEvents.dll 2015-12-02 11:15 - 2015-12-02 11:15 - 00198656 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallAgent.exe 2015-12-02 11:15 - 2015-12-02 11:15 - 00192000 _____ (Microsoft Corporation) C:\WINDOWS\system32\provisioningcsp.dll 2015-12-02 11:15 - 2015-12-02 11:15 - 00165376 _____ (Microsoft Corporation) C:\WINDOWS\system32\provdatastore.dll 2015-12-02 11:15 - 2015-12-02 11:15 - 00163328 _____ (Microsoft Corporation) C:\WINDOWS\system32\provops.dll 2015-12-02 11:15 - 2015-12-02 11:15 - 00162304 _____ (Microsoft Corporation) C:\WINDOWS\system32\tetheringservice.dll 2015-12-02 11:15 - 2015-12-02 11:15 - 00160768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallAgent.exe 2015-12-02 11:15 - 2015-12-02 11:15 - 00122368 _____ (Microsoft Corporation) C:\WINDOWS\system32\KnobsCsp.dll 2015-12-02 11:15 - 2015-12-02 11:15 - 00118624 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tdx.sys 2015-12-02 11:15 - 2015-12-02 11:15 - 00118272 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontsub.dll 2015-12-02 11:15 - 2015-12-02 11:15 - 00116728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfps.dll 2015-12-02 11:15 - 2015-12-02 11:15 - 00115200 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys 2015-12-02 11:15 - 2015-12-02 11:15 - 00110032 _____ (Microsoft Corporation) C:\WINDOWS\system32\EncDump.dll 2015-12-02 11:15 - 2015-12-02 11:15 - 00093696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontsub.dll 2015-12-02 11:15 - 2015-12-02 11:15 - 00092352 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll 2015-12-02 11:15 - 2015-12-02 11:15 - 00089600 _____ (Microsoft Corporation) C:\WINDOWS\system32\NFCProvisioningPlugin.dll 2015-12-02 11:15 - 2015-12-02 11:15 - 00088392 _____ (Microsoft Corporation) C:\WINDOWS\system32\remoteaudioendpoint.dll 2015-12-02 11:15 - 2015-12-02 11:15 - 00087040 _____ (Microsoft Corporation) C:\WINDOWS\system32\tzautoupdate.dll 2015-12-02 11:15 - 2015-12-02 11:15 - 00086528 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppCapture.dll 2015-12-02 11:15 - 2015-12-02 11:15 - 00078336 _____ (Microsoft Corporation) C:\WINDOWS\system32\BarcodeProvisioningPlugin.dll 2015-12-02 11:15 - 2015-12-02 11:15 - 00077312 _____ (Microsoft Corporation) C:\WINDOWS\system32\ProvPluginEng.dll 2015-12-02 11:15 - 2015-12-02 11:15 - 00073360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\remoteaudioendpoint.dll 2015-12-02 11:15 - 2015-12-02 11:15 - 00070656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppCapture.dll 2015-12-02 11:15 - 2015-12-02 11:15 - 00056320 _____ (Microsoft Corporation) C:\WINDOWS\system32\provtool.exe 2015-12-02 11:15 - 2015-12-02 11:15 - 00052736 _____ (Microsoft Corporation) C:\WINDOWS\system32\tetheringclient.dll 2015-12-02 11:15 - 2015-12-02 11:15 - 00052736 _____ (Microsoft Corporation) C:\WINDOWS\system32\RemovableMediaProvisioningPlugin.dll 2015-12-02 11:15 - 2015-12-02 11:15 - 00045568 _____ (Adobe Systems) C:\WINDOWS\system32\atmlib.dll 2015-12-02 11:15 - 2015-12-02 11:15 - 00043520 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcastdvr.proxy.dll 2015-12-02 11:15 - 2015-12-02 11:15 - 00037376 _____ (Microsoft Corporation) C:\WINDOWS\system32\LaunchWinApp.exe 2015-12-02 11:15 - 2015-12-02 11:15 - 00037376 _____ (Adobe Systems) C:\WINDOWS\SysWOW64\atmlib.dll 2015-12-02 11:15 - 2015-12-02 11:15 - 00035680 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wimmount.sys 2015-12-02 11:15 - 2015-12-02 11:15 - 00035656 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfpmp.exe 2015-12-02 11:15 - 2015-12-02 11:15 - 00032040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfpmp.exe 2015-12-02 11:15 - 2015-12-02 11:15 - 00030720 _____ (Microsoft Corporation) C:\WINDOWS\system32\tetheringconfigsp.dll 2015-12-02 11:15 - 2015-12-02 11:15 - 00029696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LaunchWinApp.exe 2015-12-02 11:15 - 2015-12-02 11:15 - 00028160 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Management.Provisioning.ProxyStub.dll 2015-12-02 11:15 - 2015-12-02 11:15 - 00027136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\bcastdvr.proxy.dll 2015-12-02 11:15 - 2015-12-02 11:15 - 00017408 _____ (Microsoft Corporation) C:\WINDOWS\system32\IcsEntitlementHost.exe 2015-12-02 11:15 - 2015-12-02 11:15 - 00014336 _____ (Microsoft Corporation) C:\WINDOWS\system32\dciman32.dll 2015-12-02 11:15 - 2015-12-02 11:15 - 00011776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dciman32.dll 2015-12-02 11:15 - 2015-12-02 11:15 - 00003072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\lpk.dll 2015-12-02 11:15 - 2015-12-02 11:15 - 00003072 _____ (Microsoft Corporation) C:\WINDOWS\system32\lpk.dll 2015-12-02 11:15 - 2015-12-02 11:15 - 00000000 ____D C:\Windows.old 2015-12-02 11:13 - 2015-12-02 11:13 - 00008192 _____ C:\WINDOWS\system32\config\userdiff 2015-12-02 11:11 - 2015-12-02 11:11 - 00000000 ____D C:\WINDOWS\SysWOW64\XPSViewer 2015-12-02 11:11 - 2015-12-02 11:11 - 00000000 ____D C:\Program Files\Reference Assemblies 2015-12-02 11:11 - 2015-12-02 11:11 - 00000000 ____D C:\Program Files\MSBuild 2015-12-02 11:11 - 2015-12-02 11:11 - 00000000 ____D C:\Program Files (x86)\Reference Assemblies 2015-12-02 11:11 - 2015-12-02 11:11 - 00000000 ____D C:\Program Files (x86)\MSBuild 2015-12-02 11:11 - 2015-10-23 17:47 - 00778936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PresentationNative_v0300.dll 2015-12-02 11:11 - 2015-10-23 17:47 - 00103120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PresentationCFFRasterizerNative_v0300.dll 2015-12-02 11:11 - 2015-10-23 17:47 - 00035480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TsWpfWrp.exe 2015-12-02 11:11 - 2015-10-23 17:46 - 01166520 _____ (Microsoft Corporation) C:\WINDOWS\system32\PresentationNative_v0300.dll 2015-12-02 11:11 - 2015-10-23 17:46 - 00035480 _____ (Microsoft Corporation) C:\WINDOWS\system32\TsWpfWrp.exe 2015-12-02 11:11 - 2015-10-23 17:45 - 00124624 _____ (Microsoft Corporation) C:\WINDOWS\system32\PresentationCFFRasterizerNative_v0300.dll 2015-11-27 21:54 - 2015-11-27 21:54 - 05359935 _____ C:\Users\Lorenz\Downloads\kinox_app_1.0.5.apk 2015-11-23 17:35 - 2015-11-23 17:35 - 00000000 ____D C:\Users\Lorenz\AppData\Roaming\Avira 2015-11-23 16:34 - 2015-12-01 14:13 - 00146696 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avipbb.sys 2015-11-23 16:34 - 2015-12-01 14:13 - 00135880 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avgntflt.sys 2015-11-23 16:34 - 2015-12-01 14:13 - 00073032 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avnetflt.sys 2015-11-23 16:34 - 2015-12-01 14:13 - 00035488 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avkmgr.sys 2015-11-23 16:32 - 2015-11-23 16:32 - 04584344 _____ (Avira Operations GmbH & Co. KG) C:\Users\Lorenz\Downloads\avira_de_av_5655784164__ws.exe 2015-11-23 16:31 - 2015-07-05 11:08 - 00300704 _____ (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe 2015-11-23 16:28 - 2015-11-23 16:29 - 00000000 ____D C:\escw_103_sa 2015-11-23 16:17 - 2015-11-23 16:18 - 152989672 _____ C:\Users\Lorenz\Downloads\escw_103_sa_sfx.exe 2015-11-20 08:13 - 2015-11-20 10:36 - 00000000 ____D C:\Users\Lorenz\AppData\Local\ABBF10EB-058A-4174-AE2A-78C7323AAD12.aplzod 2015-11-19 11:50 - 2015-12-02 11:27 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iCloud 2015-11-14 23:13 - 2015-11-28 18:39 - 00000000 ____D C:\Users\Lorenz\AppData\Local\Foxit Reader 2015-11-13 13:19 - 2015-11-13 13:19 - 00000000 ____D C:\Users\Lorenz\.tooling 2015-11-13 13:12 - 2015-12-07 13:21 - 00000000 ____D C:\Users\Lorenz\AppData\Local\Eclipse 2015-11-13 13:10 - 2015-11-13 13:10 - 00001126 _____ C:\Users\Lorenz\Desktop\Eclipse Java Mars.lnk 2015-11-13 13:10 - 2015-11-13 13:10 - 00000000 ____D C:\Users\Lorenz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Eclipse 2015-11-13 13:03 - 2015-11-13 13:03 - 00000000 ____D C:\Users\Lorenz\eclipse 2015-11-13 13:03 - 2015-11-13 13:03 - 00000000 ____D C:\Users\Lorenz\AppData\Roaming\Sun 2015-11-13 13:03 - 2015-11-13 13:03 - 00000000 ____D C:\Users\Lorenz\AppData\LocalLow\Sun 2015-11-13 13:02 - 2015-12-07 13:21 - 00000000 ____D C:\Users\Lorenz\.p2 2015-11-13 13:02 - 2015-12-02 11:27 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java 2015-11-13 13:02 - 2015-11-13 13:02 - 00110176 _____ (Oracle Corporation) C:\WINDOWS\system32\WindowsAccessBridge-64.dll 2015-11-13 13:01 - 2015-11-13 13:04 - 00000000 ____D C:\ProgramData\Oracle 2015-11-13 13:01 - 2015-11-13 13:03 - 00000000 ____D C:\Users\Lorenz\.oracle_jre_usage 2015-11-13 13:01 - 2015-11-13 13:01 - 46355176 _____ C:\Users\Lorenz\Downloads\eclipse-inst-win64.exe 2015-11-13 12:58 - 2015-12-02 11:27 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java Development Kit 2015-11-13 12:58 - 2015-11-13 13:01 - 00000000 ____D C:\Program Files\Java 2015-11-13 12:57 - 2015-11-13 12:57 - 00000000 ____D C:\Users\Lorenz\AppData\LocalLow\Oracle 2015-11-13 12:55 - 2015-11-13 12:57 - 195629144 _____ (Oracle Corporation) C:\Users\Lorenz\Downloads\jdk-8u65-windows-x64.exe 2015-11-12 16:17 - 2015-12-02 11:27 - 00000000 ____D C:\Users\Lorenz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox ==================== Ein Monat: Geänderte Dateien und Ordner ======== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.) 2015-12-07 16:25 - 2015-01-22 15:44 - 00001144 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job 2015-12-07 16:10 - 2015-06-17 07:00 - 00001254 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskUserS-1-5-21-2261460588-3622448717-587553582-1001UA.job 2015-12-07 15:59 - 2014-10-14 19:24 - 00004166 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{CA419BB4-6605-47F9-9529-DB8D2C018ECF} 2015-12-07 15:48 - 2014-10-16 15:30 - 00000884 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job 2015-12-07 15:10 - 2015-06-17 07:00 - 00001202 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskUserS-1-5-21-2261460588-3622448717-587553582-1001Core.job 2015-12-07 14:57 - 2014-10-15 21:30 - 00000000 ___RD C:\Users\Lorenz\Dropbox 2015-12-07 14:57 - 2014-10-15 21:28 - 00000000 ____D C:\Users\Lorenz\AppData\Roaming\Dropbox 2015-12-07 14:56 - 2014-10-14 19:20 - 00000000 __RDO C:\Users\Lorenz\OneDrive 2015-12-07 14:50 - 2015-08-01 11:37 - 00000000 ___RD C:\Users\Lorenz\iCloudDrive 2015-12-07 14:49 - 2015-01-22 15:44 - 00001140 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job 2015-12-07 09:51 - 2015-10-30 19:35 - 00776766 _____ C:\WINDOWS\system32\perfh007.dat 2015-12-07 09:51 - 2015-10-30 19:35 - 00155544 _____ C:\WINDOWS\system32\perfc007.dat 2015-12-07 09:51 - 2015-10-30 08:21 - 00000000 ____D C:\WINDOWS\INF 2015-12-07 09:51 - 2015-08-03 23:45 - 01799166 _____ C:\WINDOWS\system32\PerfStringBackup.INI 2015-12-06 22:04 - 2015-10-30 07:28 - 00000000 ____D C:\Windows 2015-12-06 22:04 - 2014-10-14 20:34 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service 2015-12-06 17:26 - 2015-10-30 07:28 - 00524288 ___SH C:\WINDOWS\system32\config\BBI 2015-12-06 09:05 - 2015-10-30 08:11 - 00000000 ____D C:\WINDOWS\CbsTemp 2015-12-05 20:19 - 2015-10-30 08:24 - 00000000 ____D C:\WINDOWS\rescache 2015-12-05 09:59 - 2015-10-30 08:24 - 00000000 ____D C:\WINDOWS\AppReadiness 2015-12-04 18:18 - 2015-10-30 08:24 - 00000000 ____D C:\WINDOWS\LiveKernelReports 2015-12-04 08:40 - 2015-10-30 08:24 - 00000000 ___HD C:\Program Files\WindowsApps 2015-12-03 22:51 - 2015-10-30 08:24 - 00000000 ____D C:\WINDOWS\system32\SystemResetPlatform 2015-12-03 20:28 - 2015-01-22 15:44 - 00002259 _____ C:\Users\Public\Desktop\Google Chrome.lnk 2015-12-03 20:27 - 2015-07-16 10:33 - 00000000 ____D C:\Users\Lorenz\.eclipse 2015-12-03 08:42 - 2015-10-30 08:24 - 00000000 ____D C:\WINDOWS\appcompat 2015-12-02 13:20 - 2015-01-22 15:44 - 00004202 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA 2015-12-02 13:20 - 2015-01-22 15:44 - 00003970 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore 2015-12-02 11:46 - 2014-10-14 19:17 - 00000000 ____D C:\Users\Lorenz\AppData\Local\Packages 2015-12-02 11:41 - 2015-08-04 08:20 - 00002407 _____ C:\Users\Lorenz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk 2015-12-02 11:40 - 2015-10-30 08:24 - 00000000 ___RD C:\WINDOWS\DevicesFlow 2015-12-02 11:34 - 2015-10-30 08:24 - 00000000 ___RD C:\WINDOWS\PrintDialog 2015-12-02 11:34 - 2015-10-30 08:24 - 00000000 ___RD C:\WINDOWS\MiracastView 2015-12-02 11:33 - 2015-10-30 08:24 - 00000000 ___RD C:\WINDOWS\ImmersiveControlPanel 2015-12-02 11:33 - 2015-10-30 08:24 - 00000000 ____D C:\Program Files\Windows NT 2015-12-02 11:33 - 2014-08-06 14:02 - 00000000 __RHD C:\Users\Public\AccountPictures 2015-12-02 11:32 - 2015-10-30 08:24 - 00000000 ____D C:\WINDOWS\Registration 2015-12-02 11:32 - 2015-08-01 23:13 - 00020958 _____ C:\WINDOWS\diagwrn.xml 2015-12-02 11:32 - 2015-08-01 23:13 - 00020958 _____ C:\WINDOWS\diagerr.xml 2015-12-02 11:31 - 2015-10-30 08:24 - 00000000 ____D C:\WINDOWS\system32\WinBioDatabase 2015-12-02 11:30 - 2015-10-30 08:24 - 00000000 __RSD C:\WINDOWS\Media 2015-12-02 11:30 - 2015-10-30 08:24 - 00000000 __RHD C:\Users\Public\Libraries 2015-12-02 11:30 - 2015-08-03 23:43 - 00023056 _____ C:\WINDOWS\system32\emptyregdb.dat 2015-12-02 11:30 - 2015-07-22 13:00 - 00002954 _____ C:\WINDOWS\System32\Tasks\Adobe Acrobat Update Task 2015-12-02 11:30 - 2015-06-17 07:00 - 00003868 _____ C:\WINDOWS\System32\Tasks\DropboxUpdateTaskUserS-1-5-21-2261460588-3622448717-587553582-1001UA 2015-12-02 11:30 - 2015-06-17 07:00 - 00003596 _____ C:\WINDOWS\System32\Tasks\DropboxUpdateTaskUserS-1-5-21-2261460588-3622448717-587553582-1001Core 2015-12-02 11:30 - 2014-10-16 15:30 - 00003098 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater 2015-12-02 11:30 - 2014-10-14 19:24 - 00002878 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2261460588-3622448717-587553582-1001 2015-12-02 11:27 - 2015-10-30 08:24 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft 2015-12-02 11:27 - 2015-10-30 07:28 - 00008192 ___SH C:\WINDOWS\system32\config\ELAM 2015-12-02 11:27 - 2015-10-29 08:46 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight 2015-12-02 11:27 - 2015-10-25 12:15 - 00000000 ____D C:\Users\Lorenz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Autodesk 2015-12-02 11:27 - 2015-10-25 12:07 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Autodesk Inventor 2014 2015-12-02 11:27 - 2015-10-25 12:04 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DWG TrueView 2014 2015-12-02 11:27 - 2015-10-25 12:02 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Autodesk 2015-12-02 11:27 - 2015-10-20 09:11 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\phase-6 2015-12-02 11:27 - 2015-08-04 09:15 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013 2015-12-02 11:27 - 2015-07-10 10:05 - 00000000 ____D C:\Users\Default.migrated 2015-12-02 11:27 - 2015-07-08 11:19 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime 2015-12-02 11:27 - 2015-07-04 08:27 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\devolo 2015-12-02 11:27 - 2015-04-14 20:47 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RStudio 2015-12-02 11:27 - 2015-04-14 17:04 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\R 2015-12-02 11:27 - 2015-03-24 17:11 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ElsterFormular 2015-12-02 11:27 - 2015-01-22 15:44 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome 2015-12-02 11:27 - 2014-11-20 15:15 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDFCreator 2015-12-02 11:27 - 2014-11-20 15:15 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDF Architect 2 2015-12-02 11:27 - 2014-11-15 21:19 - 00000000 ____D C:\Users\Lorenz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR 2015-12-02 11:27 - 2014-11-15 21:19 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR 2015-12-02 11:27 - 2014-11-13 19:56 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon MP630 series 2015-12-02 11:27 - 2014-11-06 20:48 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVDVideoSoft 2015-12-02 11:27 - 2014-10-22 22:50 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PhotoScape 2015-12-02 11:27 - 2014-10-16 15:37 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MatheGrafix 2015-12-02 11:27 - 2014-10-15 21:19 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira 2015-12-02 11:23 - 2015-10-30 08:24 - 00000000 ___SD C:\WINDOWS\Downloaded Program Files 2015-12-02 11:23 - 2015-10-30 08:24 - 00000000 ___RD C:\WINDOWS\PurchaseDialog 2015-12-02 11:23 - 2015-10-30 08:24 - 00000000 ____D C:\WINDOWS\system32\spool 2015-12-02 11:23 - 2015-10-30 08:24 - 00000000 ____D C:\WINDOWS\system32\oobe 2015-12-02 11:23 - 2015-10-30 08:24 - 00000000 ____D C:\WINDOWS\system32\NDF 2015-12-02 11:23 - 2015-10-30 08:24 - 00000000 ____D C:\WINDOWS\system32\InputMethod 2015-12-02 11:23 - 2015-10-30 08:24 - 00000000 ____D C:\WINDOWS\PolicyDefinitions 2015-12-02 11:23 - 2015-10-30 08:24 - 00000000 ____D C:\WINDOWS\InputMethod 2015-12-02 11:23 - 2015-10-30 08:24 - 00000000 ____D C:\ProgramData\USOPrivate 2015-12-02 11:23 - 2015-10-30 08:24 - 00000000 ____D C:\Program Files\Common Files\microsoft shared 2015-12-02 11:23 - 2015-10-22 19:56 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cisco 2015-12-02 11:23 - 2015-05-26 14:55 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Texmaker 2015-12-02 11:23 - 2014-11-15 21:03 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HTC 2015-12-02 11:23 - 2014-11-13 19:56 - 00000000 ___HD C:\WINDOWS\system32\CanonIJ Uninstaller Information 2015-12-02 11:23 - 2014-10-30 21:22 - 00000000 ____D C:\WINDOWS\system32\appmgmt 2015-12-02 11:23 - 2014-10-30 20:35 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SCM Microsystems 2015-12-02 11:23 - 2014-10-20 17:58 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon Utilities 2015-12-02 11:23 - 2013-08-22 16:36 - 00000000 ____D C:\WINDOWS\system32\WindowsInternal.Inbox.Shared 2015-12-02 11:23 - 2013-08-22 16:36 - 00000000 ____D C:\WINDOWS\system32\WindowsInternal.Inbox.Media.Shared 2015-12-02 11:23 - 2013-08-22 16:36 - 00000000 ____D C:\WINDOWS\ADFS 2015-12-02 11:20 - 2015-10-30 07:28 - 00000000 ____D C:\WINDOWS\system32\Sysprep 2015-12-02 11:17 - 2015-10-30 19:58 - 00000000 ____D C:\WINDOWS\ServiceProfiles 2015-12-02 11:17 - 2015-10-30 08:24 - 00028672 _____ C:\WINDOWS\system32\config\BCD-Template 2015-12-02 11:15 - 2015-10-30 08:24 - 00000000 ____D C:\WINDOWS\system32\appraiser 2015-12-02 11:15 - 2015-10-30 08:24 - 00000000 ____D C:\WINDOWS\Provisioning 2015-12-02 11:15 - 2015-10-30 07:28 - 00000000 ____D C:\WINDOWS\SysWOW64\Dism 2015-12-02 11:15 - 2015-10-30 07:28 - 00000000 ____D C:\WINDOWS\system32\Dism 2015-12-02 11:11 - 2015-10-30 08:24 - 00000000 ____D C:\WINDOWS\SysWOW64\MUI 2015-12-02 11:11 - 2015-10-30 08:24 - 00000000 ____D C:\WINDOWS\system32\MUI 2015-12-02 10:57 - 2015-10-30 20:28 - 00000000 ___HD C:\$WINDOWS.~BT 2015-11-27 16:13 - 2015-11-02 15:55 - 00000000 ____D C:\Users\Lorenz\AppData\Roaming\Foxit Software 2015-11-26 10:27 - 2015-10-22 21:57 - 00000000 ____D C:\Users\Lorenz\Documents\inventor 2015-11-26 08:05 - 2014-10-14 23:54 - 00000000 ____D C:\Program Files\Microsoft Office 15 2015-11-26 08:02 - 2015-07-22 13:00 - 00002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk 2015-11-23 16:34 - 2014-10-15 21:19 - 00000000 ____D C:\ProgramData\Avira 2015-11-23 16:34 - 2014-10-15 21:19 - 00000000 ____D C:\Program Files (x86)\Avira 2015-11-23 16:32 - 2014-05-08 23:25 - 00000000 ____D C:\ProgramData\Package Cache 2015-11-22 10:18 - 2014-10-17 08:38 - 00000000 ____D C:\WINDOWS\system32\MRT 2015-11-22 10:15 - 2014-10-17 08:38 - 145617392 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe 2015-11-20 10:39 - 2015-07-06 08:40 - 00000000 ____D C:\Users\Lorenz\Documents\Outlook-Dateien 2015-11-19 11:50 - 2015-04-14 12:15 - 00000000 ____D C:\Users\Lorenz\AppData\Local\Apple Inc 2015-11-19 11:49 - 2014-10-25 18:09 - 00000000 ____D C:\Program Files\Common Files\Apple 2015-11-13 18:30 - 2015-10-23 08:54 - 00000000 ____D C:\ProgramData\boost_interprocess 2015-11-11 08:08 - 2014-12-03 19:22 - 00000000 ____D C:\Users\Lorenz\AppData\Local\WEB.DE Application {sync-000021} ==================== Dateien im Wurzelverzeichnis einiger Verzeichnisse ======= 2015-10-09 18:04 - 2015-10-09 18:04 - 0000833 _____ () C:\Users\Lorenz\AppData\Local\recently-used.xbel 2015-12-02 11:18 - 2015-12-02 11:18 - 0000000 ____H () C:\ProgramData\DP45977C.lfl Einige Dateien in TEMP: ==================== C:\Users\Lorenz\AppData\Local\Temp\avgnt.exe C:\Users\Lorenz\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmprmbf_f.dll C:\Users\Lorenz\AppData\Local\Temp\sqlite3.dll ==================== Bamital & volsnap ================= (Es ist kein automatischer Fix für Dateien vorhanden, die an der Verifikation gescheitert sind.) C:\WINDOWS\system32\winlogon.exe => Datei ist digital signiert C:\WINDOWS\system32\wininit.exe => Datei ist digital signiert C:\WINDOWS\explorer.exe => Datei ist digital signiert C:\WINDOWS\SysWOW64\explorer.exe => Datei ist digital signiert C:\WINDOWS\system32\svchost.exe => Datei ist digital signiert C:\WINDOWS\SysWOW64\svchost.exe => Datei ist digital signiert C:\WINDOWS\system32\services.exe => Datei ist digital signiert C:\WINDOWS\system32\User32.dll => Datei ist digital signiert C:\WINDOWS\SysWOW64\User32.dll => Datei ist digital signiert C:\WINDOWS\system32\userinit.exe => Datei ist digital signiert C:\WINDOWS\SysWOW64\userinit.exe => Datei ist digital signiert C:\WINDOWS\system32\rpcss.dll => Datei ist digital signiert C:\WINDOWS\system32\dnsapi.dll => Datei ist digital signiert C:\WINDOWS\SysWOW64\dnsapi.dll => Datei ist digital signiert C:\WINDOWS\system32\Drivers\volsnap.sys => Datei ist digital signiert LastRegBack: 2015-12-02 11:17 ==================== Ende von FRST.txt ============================ |
|
08.12.2015, 20:10
| #10 |
| /// the machine /// TB-Ausbilder | Trojaner eBay&email Hack vom PC entfernenESET Online Scanner
Downloade Dir bitte  SecurityCheck und:
und ein frisches FRST log bitte. Noch Probleme? 
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
09.12.2015, 17:22
| #11 |
| | Trojaner eBay&email Hack vom PC entfernen ESET ist zweimal abgebrochen und hat dabei nur eine kurze log.txt zurück gegeben. Als es durchgelaufen ist hat es zwei Sachen gefunden, welche ich deinstalliert habe. Ein log-File wurde dabei aber leider nicht ausgegeben. Soll ich es nochmal installieren? Hier das log von Security Check [CODE] Results of screen317's Security Check version 1.009 x64 (UAC is enabled) Internet Explorer 11 ``````````````Antivirus/Firewall Check:`````````````` Avira Antivirus Windows Defender Antivirus up to date! `````````Anti-malware/Other Utilities Check:````````` Java version 32-bit out of Date! Adobe Flash Player 19.0.0.245 Mozilla Firefox (43.0) Google Chrome (46.0.2490.86) Google Chrome (47.0.2526.73) ````````Process Check: objlist.exe by Laurent```````` Malwarebytes Anti-Malware mbamservice.exe Malwarebytes Anti-Malware mbam.exe Avira Antivir avgnt.exe Avira Antivir avguard.exe Avira Antivirus sched.exe Avira Antivirus avshadow.exe Malwarebytes Anti-Malware mbamscheduler.exe Lorenz AppData Local WEB.DE Application {sync-000021}\webde_onlinespeicher.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C: % ````````````````````End of Log`````````````````````` [CODE] FRST log Code:
ATTFilter Untersuchungsergebnis von Farbar Recovery Scan Tool (FRST) (x64) Version:01-12-2015 durchgeführt von Lorenz (Administrator) auf LOLLOSURFACE (09-12-2015 17:20:07) Gestartet von C:\Users\Lorenz\Downloads Geladene Profile: Lorenz (Verfügbare Profile: Lorenz) Platform: Windows 10 Pro Version 1511 (X64) Sprache: Deutsch (Deutschland) Internet Explorer Version 11 (Standard-Browser: FF) Start-Modus: Normal Anleitung für Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Prozesse (Nicht auf der Ausnahmeliste) ================= (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Prozess geschlossen. Die Datei wird nicht verschoben.) (Cisco Systems, Inc.) C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe (Intel Corporation) C:\Windows\SysWOW64\IntelCpHeciSvc.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\sched.exe (Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe (Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avguard.exe (Malwarebytes) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe (Malwarebytes) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe (devolo AG) C:\Program Files (x86)\devolo\dlan\devolonetsvc.exe (Autodesk, Inc.) C:\Program Files\Autodesk\Inventor 2014\Moldflow\bin\mitsijm.exe () C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avshadow.exe (Microsoft Corporation) C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersServer.exe () C:\Program Files\WindowsApps\Microsoft.Messaging_1.11.19004.0_x86__8wekyb3d8bbwe\SkypeHost.exe (Malwarebytes) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.29.1\GoogleCrashHandler.exe (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.29.1\GoogleCrashHandler64.exe (1&1 Mail & Media GmbH) C:\Users\Lorenz\AppData\Local\WEB.DE Application {sync-000021}\webde_onlinespeicher.exe (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Akamai Technologies, Inc.) C:\Users\Lorenz\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc.) C:\Users\Lorenz\AppData\Local\Akamai\netsession_win.exe (Autodesk, Inc.) C:\Program Files\Autodesk\Autodesk Sync\AdSync.exe (Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\office15\onenotem.exe (Dropbox, Inc.) C:\Users\Lorenz\AppData\Roaming\Dropbox\bin\Dropbox.exe (Cisco Systems, Inc.) C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.Systray.exe (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avgnt.exe (Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\csisyncclient.exe (Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe (Microsoft Corporation) C:\Windows\System32\WWAHost.exe () C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1512.34020.0_x64__8wekyb3d8bbwe\Calculator.exe (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (Microsoft Corporation) C:\Windows\System32\NetworkUXBroker.exe (Drawboard) C:\Program Files\WindowsApps\Drawboard.DrawboardPDF_4.4.1.0_x64__gqbn7fs4pywxm\Drawboard.exe (Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\office15\ONENOTE.EXE (Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\AppVShNotify.exe (Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\office15\winword.exe (Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\office15\winword.exe (Foxit Software Inc.) C:\Program Files (x86)\Foxit Software\Foxit Reader\FoxitReader.exe (Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\office15\msosync.exe () C:\Users\Lorenz\Downloads\SecurityCheck.exe (Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe (Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avcenter.exe ==================== Registry (Nicht auf der Ausnahmeliste) =========================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt. Die Datei wird nicht verschoben.) HKLM-x32\...\Run: [doubleTwist] => C:\Program Files (x86)\doubleTwist\doubleTwist.Light.exe HKLM-x32\...\Run: [Wondershare Helper Compact.exe] => C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe [2072928 2014-10-31] (Wondershare) HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2015-06-16] (Apple Inc.) HKLM-x32\...\Run: [Avira SystrayStartTrigger] => C:\Program Files (x86)\Avira\Launcher\Avira.SystrayStartTrigger.exe [66320 2015-11-03] (Avira Operations GmbH & Co. KG) HKLM-x32\...\Run: [Cisco AnyConnect Secure Mobility Agent for Windows] => C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe [708496 2015-09-23] (Cisco Systems, Inc.) HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [597040 2015-10-06] (Oracle Corporation) HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\Antivirus\avgnt.exe [803200 2015-12-01] (Avira Operations GmbH & Co. KG) Winlogon\Notify\ScCertProp: wlnotify.dll [X] HKU\S-1-5-21-2261460588-3622448717-587553582-1001\...\Run: [WEB.DE Application {sync-000021}] => C:\Users\Lorenz\AppData\Local\WEB.DE Application {sync-000021}\webde_onlinespeicher.exe [794112 2015-10-29] (1&1 Mail & Media GmbH) HKU\S-1-5-21-2261460588-3622448717-587553582-1001\...\Run: [Spotify Web Helper] => C:\Users\Lorenz\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1676344 2015-02-08] (Spotify Ltd) HKU\S-1-5-21-2261460588-3622448717-587553582-1001\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [60688 2015-10-21] (Apple Inc.) HKU\S-1-5-21-2261460588-3622448717-587553582-1001\...\Run: [ApplePhotoStreams] => C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [61200 2015-10-21] (Apple Inc.) HKU\S-1-5-21-2261460588-3622448717-587553582-1001\...\Run: [Dropbox Update] => C:\Users\Lorenz\AppData\Local\Dropbox\Update\DropboxUpdate.exe [134512 2015-06-17] (Dropbox, Inc.) HKU\S-1-5-21-2261460588-3622448717-587553582-1001\...\Run: [iCloudDrive] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe [103696 2015-10-21] (Apple Inc.) HKU\S-1-5-21-2261460588-3622448717-587553582-1001\...\Run: [Akamai NetSession Interface] => C:\Users\Lorenz\AppData\Local\Akamai\netsession_win.exe [4691384 2015-09-10] (Akamai Technologies, Inc.) HKU\S-1-5-21-2261460588-3622448717-587553582-1001\...\Run: [Autodesk Sync] => C:\Program Files\Autodesk\Autodesk Sync\AdSync.exe [1081224 2013-02-05] (Autodesk, Inc.) HKU\S-1-5-21-2261460588-3622448717-587553582-1001\...\MountPoints2: {0f81c5e2-0dbb-11e5-828e-6002927b1294} - "D:\HTC_Sync_Manager_PC.exe" HKU\S-1-5-21-2261460588-3622448717-587553582-1001\...\MountPoints2: {0f81c616-0dbb-11e5-828e-6002927b1294} - "D:\HTC_Sync_Manager_PC.exe" ShellIconOverlayIdentifiers: [ 1&1 Sync Overlay 1] -> {02B2B772-B8A8-4DA4-9B18-42551A54A1A8} => C:\Program Files\Common Files\1&1 Sync\1&1SyncShellExtension64_1_0_0_3_20151009105810302.dll [2015-08-21] (1&1 Mail & Media GmbH) ShellIconOverlayIdentifiers: [ 1&1 Sync Overlay 2] -> {0575AB16-E932-4160-8936-4DBE195BDBD7} => C:\Program Files\Common Files\1&1 Sync\1&1SyncShellExtension64_1_0_0_3_20151009105810302.dll [2015-08-21] (1&1 Mail & Media GmbH) ShellIconOverlayIdentifiers: [ 1&1 Sync Overlay 3] -> {0E9EF89A-96D3-4DE6-B2F8-E9548AA5321E} => C:\Program Files\Common Files\1&1 Sync\1&1SyncShellExtension64_1_0_0_3_20151009105810302.dll [2015-08-21] (1&1 Mail & Media GmbH) ShellIconOverlayIdentifiers: [ 1&1 Sync Overlay 4] -> {1A4AFFE1-B2F9-483D-B627-D9A339DBFD34} => C:\Program Files\Common Files\1&1 Sync\1&1SyncShellExtension64_1_0_0_3_20151009105810302.dll [2015-08-21] (1&1 Mail & Media GmbH) ShellIconOverlayIdentifiers: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Lorenz\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll [2015-11-05] (Dropbox, Inc.) ShellIconOverlayIdentifiers: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Lorenz\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll [2015-11-05] (Dropbox, Inc.) ShellIconOverlayIdentifiers: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Lorenz\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll [2015-11-05] (Dropbox, Inc.) ShellIconOverlayIdentifiers: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Lorenz\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll [2015-11-05] (Dropbox, Inc.) ShellIconOverlayIdentifiers: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Lorenz\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll [2015-11-05] (Dropbox, Inc.) ShellIconOverlayIdentifiers: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Lorenz\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll [2015-11-05] (Dropbox, Inc.) ShellIconOverlayIdentifiers: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Lorenz\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll [2015-11-05] (Dropbox, Inc.) ShellIconOverlayIdentifiers: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Lorenz\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll [2015-11-05] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [AutoCAD Digital Signatures Icon Overlay Handler] -> {36A21736-36C2-4C11-8ACB-D4136F2B57BD} => C:\WINDOWS\system32\AcSignIcon.dll [2013-02-08] (Autodesk, Inc.) ShellIconOverlayIdentifiers-x32: [ 1&1 Sync Overlay 1] -> {02B2B772-B8A8-4DA4-9B18-42551A54A1A8} => C:\Program Files (x86)\Common Files\1&1 Sync\1&1SyncShellExtension_1_0_0_3_20151009105810302.dll [2015-08-21] (1&1 Mail & Media GmbH) ShellIconOverlayIdentifiers-x32: [ 1&1 Sync Overlay 2] -> {0575AB16-E932-4160-8936-4DBE195BDBD7} => C:\Program Files (x86)\Common Files\1&1 Sync\1&1SyncShellExtension_1_0_0_3_20151009105810302.dll [2015-08-21] (1&1 Mail & Media GmbH) ShellIconOverlayIdentifiers-x32: [ 1&1 Sync Overlay 3] -> {0E9EF89A-96D3-4DE6-B2F8-E9548AA5321E} => C:\Program Files (x86)\Common Files\1&1 Sync\1&1SyncShellExtension_1_0_0_3_20151009105810302.dll [2015-08-21] (1&1 Mail & Media GmbH) ShellIconOverlayIdentifiers-x32: [ 1&1 Sync Overlay 4] -> {1A4AFFE1-B2F9-483D-B627-D9A339DBFD34} => C:\Program Files (x86)\Common Files\1&1 Sync\1&1SyncShellExtension_1_0_0_3_20151009105810302.dll [2015-08-21] (1&1 Mail & Media GmbH) ShellIconOverlayIdentifiers-x32: [ SkyDrivePro1 (ErrorConflict)] -> {8BA85C75-763B-4103-94EB-9470F12FE0F7} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2015-10-13] (Microsoft Corporation) ShellIconOverlayIdentifiers-x32: [ SkyDrivePro2 (SyncInProgress)] -> {CD55129A-B1A1-438E-A425-CEBC7DC684EE} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2015-10-13] (Microsoft Corporation) ShellIconOverlayIdentifiers-x32: [ SkyDrivePro3 (InSync)] -> {E768CD3B-BDDC-436D-9C13-E1B39CA257B1} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2015-10-13] (Microsoft Corporation) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\phase-6 Reminder.lnk [2015-10-20] ShortcutTarget: phase-6 Reminder.lnk -> C:\Program Files (x86)\phase-6\phase-6\reminder\reminder.exe (phase-6) Startup: C:\Users\Lorenz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\An OneNote senden.lnk [2015-12-09] ShortcutTarget: An OneNote senden.lnk -> C:\Program Files\Microsoft Office 15\root\office15\onenotem.exe (Microsoft Corporation) Startup: C:\Users\Lorenz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2015-11-12] ShortcutTarget: Dropbox.lnk -> C:\Users\Lorenz\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) ==================== Internet (Nicht auf der Ausnahmeliste) ==================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Eintrag entfernt oder auf den Standardwert zurückgesetzt, wenn es sich um einen Registryeintrag handelt.) Tcpip\Parameters: [DhcpNameServer] 10.156.33.53 129.187.5.1 Tcpip\..\Interfaces\{524448cb-31f1-4839-9c46-203aa2eaab44}: [DhcpNameServer] 10.156.33.53 129.187.5.1 Internet Explorer: ================== BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll [2015-10-13] (Microsoft Corporation) BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_65\bin\ssv.dll [2015-11-13] (Oracle Corporation) BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [2015-10-13] (Microsoft Corporation) BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_65\bin\jp2ssv.dll [2015-11-13] (Oracle Corporation) BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\Office15\OCHelper.dll [2015-10-13] (Microsoft Corporation) BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2015-10-13] (Microsoft Corporation) Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2015-02-03] (Microsoft Corporation) FireFox: ======== FF ProfilePath: C:\Users\Lorenz\AppData\Roaming\Mozilla\Firefox\Profiles\e2xmbe04.default FF Homepage: hxxp://go.web.de/tb/mff_startpage FF Session Restore: -> ist aktiviert. FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_19_0_0_245.dll [2015-11-11] () FF Plugin: @java.com/DTPlugin,version=11.65.2 -> C:\Program Files\Java\jre1.8.0_65\bin\dtplugin\npDeployJava1.dll [2015-11-13] (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=11.65.2 -> C:\Program Files\Java\jre1.8.0_65\bin\plugin2\npjp2.dll [2015-11-13] (Oracle Corporation) FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.41105.0\npctrl.dll [2015-11-04] ( Microsoft Corporation) FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_19_0_0_245.dll [2015-11-11] () FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2015-01-12] (Foxit Corporation) FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2015-01-12] (Foxit Corporation) FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xdp -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2015-01-12] (Foxit Corporation) FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xfdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2015-01-12] (Foxit Corporation) FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2015-02-17] (Microsoft Corporation) FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.41105.0\npctrl.dll [2015-11-04] ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2014-10-14] (Microsoft Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-02] (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-02] (Google Inc.) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-09-30] (Adobe Systems Inc.) FF Plugin-x32: PDF Architect 2 -> C:\Program Files (x86)\PDF Architect 2\np-previewer.dll [2014-10-10] (pdfforge GmbH) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2015-09-30] (Adobe Systems Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npPDFXCviewNPPlugin.dll [2014-10-28] (Tracker Software Products (Canada) Ltd.) FF SearchPlugin: C:\Users\Lorenz\AppData\Roaming\Mozilla\Firefox\Profiles\e2xmbe04.default\searchplugins\google-images.xml [2014-10-14] FF SearchPlugin: C:\Users\Lorenz\AppData\Roaming\Mozilla\Firefox\Profiles\e2xmbe04.default\searchplugins\google-maps.xml [2014-10-14] FF SearchPlugin: C:\Users\Lorenz\AppData\Roaming\Mozilla\Firefox\Profiles\e2xmbe04.default\searchplugins\youtube.xml [2015-10-28] FF Extension: WOT - C:\Users\Lorenz\AppData\Roaming\Mozilla\Firefox\Profiles\e2xmbe04.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} [2015-11-28] FF Extension: Avira Browser Safety - C:\Users\Lorenz\AppData\Roaming\Mozilla\Firefox\Profiles\e2xmbe04.default\Extensions\abs@avira.com [2015-10-23] [ist nicht signiert] FF Extension: Cliqz - C:\Users\Lorenz\AppData\Roaming\Mozilla\Firefox\Profiles\e2xmbe04.default\Extensions\cliqz@cliqz.com.xpi [2015-11-09] [ist nicht signiert] FF Extension: YouTube to MP3 Free Converter - C:\Users\Lorenz\AppData\Roaming\Mozilla\Firefox\Profiles\e2xmbe04.default\Extensions\extension@321youtube.com.xpi [2015-05-29] FF Extension: MEGA - C:\Users\Lorenz\AppData\Roaming\Mozilla\Firefox\Profiles\e2xmbe04.default\Extensions\firefox@mega.co.nz.xpi [2015-11-10] [ist nicht signiert] FF Extension: WEB.DE MailCheck - C:\Users\Lorenz\AppData\Roaming\Mozilla\Firefox\Profiles\e2xmbe04.default\Extensions\mailcheck@web.de [2015-11-09] FF Extension: SoundCloud Downloader - Technowise - C:\Users\Lorenz\AppData\Roaming\Mozilla\Firefox\Profiles\e2xmbe04.default\Extensions\{c8d3bc80-0810-4d21-a2c2-be5f2b2832ac}.xpi [2015-12-08] FF Extension: Adblock Plus - C:\Users\Lorenz\AppData\Roaming\Mozilla\Firefox\Profiles\e2xmbe04.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2015-11-26] FF HKU\S-1-5-21-2261460588-3622448717-587553582-1001\...\Firefox\Extensions: [cliqz@cliqz.com] - C:\Users\Lorenz\AppData\Roaming\Mozilla\Firefox\Profiles\e2xmbe04.default\extensions\cliqz@cliqz.com => nicht gefunden Chrome: ======= CHR Profile: C:\Users\Lorenz\AppData\Local\Google\Chrome\User Data\Default CHR Extension: (Google Präsentationen) - C:\Users\Lorenz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-02-10] CHR Extension: (Google Docs) - C:\Users\Lorenz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-02-10] CHR Extension: (Google Drive) - C:\Users\Lorenz\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-24] CHR Extension: (YouTube) - C:\Users\Lorenz\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-10-22] CHR Extension: (Google-Suche) - C:\Users\Lorenz\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-28] CHR Extension: (Google Tabellen) - C:\Users\Lorenz\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-02-10] CHR Extension: (Avira Browserschutz) - C:\Users\Lorenz\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk [2015-10-22] CHR Extension: (Google Docs Offline) - C:\Users\Lorenz\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-11-20] CHR Extension: (Chrome Web Store-Zahlungen) - C:\Users\Lorenz\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-07-25] CHR Extension: (Google Mail) - C:\Users\Lorenz\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-04-16] CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx ==================== Dienste (Nicht auf der Ausnahmeliste) ======================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.) S2 AntiVirMailService; C:\Program Files (x86)\Avira\Antivirus\avmailc7.exe [948392 2015-12-01] (Avira Operations GmbH & Co. KG) R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\Antivirus\sched.exe [466408 2015-12-01] (Avira Operations GmbH & Co. KG) R2 AntiVirService; C:\Program Files (x86)\Avira\Antivirus\avguard.exe [466408 2015-12-01] (Avira Operations GmbH & Co. KG) S2 AntiVirWebService; C:\Program Files (x86)\Avira\Antivirus\avwebg7.exe [1418560 2015-12-01] (Avira Operations GmbH & Co. KG) R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77104 2015-09-02] (Apple Inc.) R2 Avira.ServiceHost; C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe [250136 2015-11-03] (Avira Operations GmbH & Co. KG) R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2797752 2015-10-13] (Microsoft Corporation) R2 DevoloNetworkService; C:\Program Files (x86)\devolo\dlan\devolonetsvc.exe [3755976 2015-07-01] (devolo AG) R2 MBAMScheduler; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe [1513784 2015-10-05] (Malwarebytes) R2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [1135416 2015-10-05] (Malwarebytes) R2 mitsijm2014; C:\Program Files\Autodesk\Inventor 2014\Moldflow\bin\mitsijm.exe [952608 2013-01-25] (Autodesk, Inc.) R2 PassThru Service; C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [167424 2012-12-07] () [Datei ist nicht signiert] S3 PDF Architect 2; C:\Program Files (x86)\PDF Architect 2\ws.exe [1771560 2014-10-10] (pdfforge GmbH) S3 pdfforge CrashHandler; C:\Program Files (x86)\PDF Architect 2\crash-handler-ws.exe [861736 2014-10-10] (pdfforge GmbH) S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [364464 2015-10-30] (Microsoft Corporation) S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2015-10-30] (Microsoft Corporation) ===================== Treiber (Nicht auf der Ausnahmeliste) ========================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.) R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [135880 2015-12-01] (Avira Operations GmbH & Co. KG) R1 avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [146696 2015-12-01] (Avira Operations GmbH & Co. KG) R1 avkmgr; C:\Windows\system32\DRIVERS\avkmgr.sys [35488 2015-12-01] (Avira Operations GmbH & Co. KG) R2 avnetflt; C:\Windows\system32\DRIVERS\avnetflt.sys [73032 2015-12-01] (Avira Operations GmbH & Co. KG) S3 BthA2DP; C:\Windows\system32\drivers\BthA2DP.sys [165376 2015-10-30] (Microsoft Corporation) S3 BthHFAud; C:\Windows\system32\DRIVERS\BthHfAud.sys [36864 2015-10-30] (Microsoft Corporation) S3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [245248 2015-10-30] (Microsoft Corporation) S3 HtcVCom32; C:\Windows\system32\DRIVERS\HtcVComV64.sys [121800 2010-03-09] (QUALCOMM Incorporated) S3 iaLPSS_GPIO; C:\Windows\System32\drivers\iaLPSS_GPIO.sys [24568 2013-10-07] (Intel Corporation) S3 iaLPSS_I2C; C:\Windows\System32\drivers\iaLPSS_I2C.sys [99320 2013-10-07] (Intel Corporation) R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25816 2015-10-05] (Malwarebytes) R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [192216 2015-12-09] (Malwarebytes) R3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [64216 2015-10-05] (Malwarebytes Corporation) R3 MEIx64; C:\Windows\System32\drivers\TeeDriverW8x64.sys [193336 2015-09-30] (Intel Corporation) R3 mrvlpcie8897; C:\Windows\System32\drivers\mrvlpcie8897.sys [1037824 2015-10-30] (Marvell Semiconductors Inc.) R2 NPF_devolo; C:\Windows\sysWOW64\drivers\npf_devolo.sys [34048 2015-07-01] (CACE Technologies) S3 SCL01164; C:\Windows\system32\DRIVERS\SCL01164.sys [72320 2010-05-07] (SCM Microsystems Inc.) R3 SurfaceAccessoryDevice; C:\Windows\System32\drivers\SurfaceAccessoryDevice.sys [51856 2014-05-30] (Microsoft Corporation) R3 SurfaceCapacitiveHomeButton; C:\Windows\System32\drivers\SurfaceCapacitiveHomeButton.sys [44152 2014-11-27] (Microsoft Corporation) R3 SurfaceDisplayCalibration; C:\Windows\System32\drivers\SurfaceDisplayCalibration.sys [41616 2014-05-02] (Microsoft Corporation) R3 SurfaceIntegrationDriver; C:\Windows\System32\drivers\SurfaceIntegrationDriver.sys [63000 2015-09-30] (Microsoft Corporation) R0 SurfacePciController; C:\Windows\System32\drivers\SurfacePciController.sys [35440 2014-10-08] (Microsoft Corporation) R3 SurfacePenDriver; C:\Windows\System32\drivers\SurfacePenDriver.sys [76424 2015-03-31] (Microsoft Corporation) S3 SurfaceTypeCover; C:\Windows\System32\drivers\SurfaceTypeCover.sys [67592 2015-10-27] (Microsoft Corporation) S3 SurfaceTypeCoverV3Integration; C:\Windows\System32\drivers\SurfaceTypeCoverV3Integration.sys [52760 2015-10-27] (Microsoft Corporation) R3 TrueColor; C:\Windows\system32\DRIVERS\TrueColor.sys [35952 2014-07-07] () S3 vpnva; C:\Windows\System32\drivers\vpnva64-6.sys [52592 2015-09-23] (Cisco Systems, Inc.) S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44568 2015-10-30] (Microsoft Corporation) S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [293216 2015-10-30] (Microsoft Corporation) S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [118112 2015-10-30] (Microsoft Corporation) ==================== NetSvcs (Nicht auf der Ausnahmeliste) =================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.) ==================== Ein Monat: Erstellte Dateien und Ordner ======== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.) 2015-12-09 06:39 - 2015-12-09 06:39 - 00000000 ___HD C:\OneDriveTemp 2015-12-08 23:36 - 2015-12-01 08:12 - 02152800 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys 2015-12-08 23:36 - 2015-11-24 13:07 - 01817160 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll 2015-12-08 23:36 - 2015-11-24 12:07 - 03671896 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll 2015-12-08 23:36 - 2015-11-24 12:06 - 01540768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll 2015-12-08 23:36 - 2015-11-24 11:26 - 01399224 _____ (Microsoft Corporation) C:\WINDOWS\system32\user32.dll 2015-12-08 23:36 - 2015-11-24 11:03 - 02918808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll 2015-12-08 23:36 - 2015-11-24 11:01 - 02756096 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.tlb 2015-12-08 23:36 - 2015-11-24 10:54 - 00007680 _____ (Microsoft Corporation) C:\WINDOWS\system32\readingviewresources.dll 2015-12-08 23:36 - 2015-11-24 10:53 - 00115200 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys 2015-12-08 23:36 - 2015-11-24 10:45 - 00018944 _____ (Microsoft Corporation) C:\WINDOWS\system32\wshrm.dll 2015-12-08 23:36 - 2015-11-24 10:37 - 00147968 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rmcast.sys 2015-12-08 23:36 - 2015-11-24 10:26 - 01337240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\user32.dll 2015-12-08 23:36 - 2015-11-24 10:19 - 00182784 _____ (Microsoft Corporation) C:\WINDOWS\system32\shutdownux.dll 2015-12-08 23:36 - 2015-11-24 10:12 - 00523776 _____ (Microsoft Corporation) C:\WINDOWS\system32\catsrvut.dll 2015-12-08 23:36 - 2015-11-24 09:58 - 00604672 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll 2015-12-08 23:36 - 2015-11-24 09:55 - 01393664 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys 2015-12-08 23:36 - 2015-11-24 09:54 - 02756096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.tlb 2015-12-08 23:36 - 2015-11-24 09:52 - 01717248 _____ (Microsoft Corporation) C:\WINDOWS\system32\GdiPlus.dll 2015-12-08 23:36 - 2015-11-24 09:49 - 01648640 _____ (Microsoft Corporation) C:\WINDOWS\system32\comsvcs.dll 2015-12-08 23:36 - 2015-11-24 09:27 - 03593216 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys 2015-12-08 23:36 - 2015-11-24 09:14 - 00415744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\catsrvut.dll 2015-12-08 23:36 - 2015-11-24 09:03 - 00503296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll 2015-12-08 23:36 - 2015-11-24 08:59 - 01467392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GdiPlus.dll 2015-12-08 23:36 - 2015-11-24 08:57 - 01328128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\comsvcs.dll 2015-12-08 23:36 - 2015-11-24 08:35 - 22393856 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll 2015-12-08 23:36 - 2015-11-24 08:29 - 02352128 _____ (Microsoft Corporation) C:\WINDOWS\system32\authui.dll 2015-12-08 23:36 - 2015-11-24 08:25 - 24601600 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll 2015-12-08 23:36 - 2015-11-24 08:23 - 13381120 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll 2015-12-08 23:36 - 2015-11-24 08:11 - 18678272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll 2015-12-08 23:36 - 2015-11-24 08:09 - 19338240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll 2015-12-08 23:36 - 2015-11-24 08:08 - 12125184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll 2015-12-08 23:36 - 2015-11-24 08:04 - 02155008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\authui.dll 2015-12-08 21:29 - 2015-12-08 21:29 - 00281684 _____ C:\WINDOWS\Minidump\120815-8421-01.dmp 2015-12-08 21:19 - 2015-12-08 21:19 - 00000000 ____D C:\Program Files (x86)\ESET 2015-12-08 21:18 - 2015-12-09 15:17 - 00852720 _____ C:\Users\Lorenz\Downloads\SecurityCheck.exe 2015-12-08 21:18 - 2015-12-08 21:18 - 02870984 _____ (ESET) C:\Users\Lorenz\Downloads\esetsmartinstaller_deu.exe 2015-12-06 22:04 - 2015-12-08 21:29 - 00000000 ____D C:\WINDOWS\Minidump 2015-12-06 22:04 - 2015-12-06 22:04 - 00284108 _____ C:\WINDOWS\Minidump\120615-8703-01.dmp 2015-12-06 10:00 - 2015-12-06 22:04 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox 2015-12-06 09:31 - 2015-12-06 09:47 - 00000547 _____ C:\Users\Lorenz\Desktop\JRT.txt 2015-12-06 09:27 - 2015-12-06 09:27 - 01599336 _____ (Malwarebytes) C:\Users\Lorenz\Downloads\JRT.exe 2015-12-06 08:53 - 2015-12-06 08:53 - 00000000 ____D C:\Users\Lorenz\AppData\Local\TempTaskUpdateDetection89B89E90-6C05-44F5-9DF9-4A713580C0C8 2015-12-06 08:41 - 2015-12-06 08:53 - 00000000 ____D C:\AdwCleaner 2015-12-05 23:50 - 2015-12-05 23:50 - 00001555 _____ C:\Users\Lorenz\Downloads\mbam.txt 2015-12-05 23:39 - 2015-12-06 08:39 - 01736704 _____ C:\Users\Lorenz\Downloads\AdwCleaner_5.023.exe 2015-12-05 23:39 - 2015-12-05 23:39 - 00001178 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2015-12-05 23:39 - 2015-12-05 23:39 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 2015-12-05 23:39 - 2015-12-05 23:39 - 00000000 ____D C:\Program Files (x86)\ Malwarebytes Anti-Malware 2015-12-05 23:39 - 2015-10-05 09:50 - 00064216 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys 2015-12-05 23:39 - 2015-10-05 09:50 - 00025816 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys 2015-12-05 23:38 - 2015-12-05 23:39 - 22908888 _____ (Malwarebytes ) C:\Users\Lorenz\Downloads\mbam-setup-2.2.0.1024.exe 2015-12-04 17:54 - 2015-12-04 18:05 - 00108800 _____ C:\TDSSKiller.3.1.0.7_04.12.2015_17.54.28_log.txt 2015-12-04 17:34 - 2015-12-09 16:35 - 00192216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys 2015-12-04 17:34 - 2015-12-05 23:39 - 00000000 ____D C:\ProgramData\Malwarebytes 2015-12-04 17:34 - 2015-12-04 17:53 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable) 2015-12-04 17:33 - 2015-10-05 09:50 - 00109272 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamchameleon.sys 2015-12-04 17:32 - 2015-12-04 17:53 - 00000000 ____D C:\Users\Lorenz\Desktop\mbar 2015-12-04 17:31 - 2015-12-04 17:54 - 04398264 _____ (Kaspersky Lab ZAO) C:\Users\Lorenz\Downloads\tdsskiller.exe 2015-12-04 17:31 - 2015-12-04 17:32 - 16563352 _____ (Malwarebytes Corp.) C:\Users\Lorenz\Downloads\mbar-1.09.3.1001.exe 2015-12-03 17:02 - 2015-11-22 10:52 - 16984576 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll 2015-12-03 17:02 - 2015-11-22 10:34 - 02843136 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdp.dll 2015-12-03 17:01 - 2015-11-22 11:47 - 07476576 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe 2015-12-03 17:01 - 2015-11-22 11:47 - 02653816 _____ C:\WINDOWS\system32\CoreUIComponents.dll 2015-12-03 17:01 - 2015-11-22 11:41 - 01859448 _____ C:\WINDOWS\SysWOW64\CoreUIComponents.dll 2015-12-03 17:01 - 2015-11-22 11:41 - 01284960 _____ (Microsoft Corporation) C:\WINDOWS\system32\LicenseManager.dll 2015-12-03 17:01 - 2015-11-22 11:41 - 00026408 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe 2015-12-03 17:01 - 2015-11-22 11:35 - 00538632 _____ (Microsoft Corporation) C:\WINDOWS\system32\WWanAPI.dll 2015-12-03 17:01 - 2015-11-22 11:34 - 00975200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LicenseManager.dll 2015-12-03 17:01 - 2015-11-22 11:34 - 00080600 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwapi.dll 2015-12-03 17:01 - 2015-11-22 11:33 - 00095072 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sdstor.sys 2015-12-03 17:01 - 2015-11-22 11:33 - 00058408 _____ (Microsoft Corporation) C:\WINDOWS\system32\SensorsNativeApi.dll 2015-12-03 17:01 - 2015-11-22 11:33 - 00051680 _____ (Microsoft Corporation) C:\WINDOWS\system32\SensorsUtilsV2.dll 2015-12-03 17:01 - 2015-11-22 11:30 - 00604928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys 2015-12-03 17:01 - 2015-11-22 11:30 - 00161632 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecpkg.sys 2015-12-03 17:01 - 2015-11-22 11:26 - 00431232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WWanAPI.dll 2015-12-03 17:01 - 2015-11-22 11:25 - 00063528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wwapi.dll 2015-12-03 17:01 - 2015-11-22 11:24 - 02772584 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d11.dll 2015-12-03 17:01 - 2015-11-22 11:20 - 00795840 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll 2015-12-03 17:01 - 2015-11-22 11:19 - 00440160 _____ (Microsoft Corporation) C:\WINDOWS\system32\services.exe 2015-12-03 17:01 - 2015-11-22 11:14 - 02185840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d11.dll 2015-12-03 17:01 - 2015-11-22 10:55 - 00070656 _____ (Microsoft Corporation) C:\WINDOWS\system32\XblAuthManagerProxy.dll 2015-12-03 17:01 - 2015-11-22 10:54 - 00138240 _____ (Microsoft Corporation) C:\WINDOWS\system32\ETWCoreUIComponentsResources.dll 2015-12-03 17:01 - 2015-11-22 10:54 - 00117248 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\capimg.sys 2015-12-03 17:01 - 2015-11-22 10:52 - 00052224 _____ (Microsoft Corporation) C:\WINDOWS\system32\jsproxy.dll 2015-12-03 17:01 - 2015-11-22 10:51 - 00157184 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmcertinst.exe 2015-12-03 17:01 - 2015-11-22 10:51 - 00034304 _____ (Microsoft Corporation) C:\WINDOWS\system32\iernonce.dll 2015-12-03 17:01 - 2015-11-22 10:50 - 00074240 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssign32.dll 2015-12-03 17:01 - 2015-11-22 10:49 - 00162304 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceCensus.exe 2015-12-03 17:01 - 2015-11-22 10:49 - 00066560 _____ (Microsoft Corporation) C:\WINDOWS\system32\iesetup.dll 2015-12-03 17:01 - 2015-11-22 10:45 - 06572032 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwanmm.dll 2015-12-03 17:01 - 2015-11-22 10:45 - 00638464 _____ (Microsoft Corporation) C:\WINDOWS\system32\enterprisecsps.dll 2015-12-03 17:01 - 2015-11-22 10:45 - 00220672 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe 2015-12-03 17:01 - 2015-11-22 10:45 - 00073728 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwancfg.dll 2015-12-03 17:01 - 2015-11-22 10:44 - 00558080 _____ (Microsoft Corporation) C:\WINDOWS\system32\MBMediaManager.dll 2015-12-03 17:01 - 2015-11-22 10:43 - 00704000 _____ (Microsoft Corporation) C:\WINDOWS\system32\CellularAPI.dll 2015-12-03 17:01 - 2015-11-22 10:43 - 00382464 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll 2015-12-03 17:01 - 2015-11-22 10:43 - 00342016 _____ (Microsoft Corporation) C:\WINDOWS\system32\SensorService.dll 2015-12-03 17:01 - 2015-11-22 10:43 - 00041984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XblAuthManagerProxy.dll 2015-12-03 17:01 - 2015-11-22 10:42 - 13017600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll 2015-12-03 17:01 - 2015-11-22 10:42 - 07979008 _____ (Microsoft Corporation) C:\WINDOWS\system32\mos.dll 2015-12-03 17:01 - 2015-11-22 10:42 - 00589312 _____ (Microsoft Corporation) C:\WINDOWS\system32\MbaeApi.dll 2015-12-03 17:01 - 2015-11-22 10:42 - 00168960 _____ (Microsoft Corporation) C:\WINDOWS\system32\mdmmigrator.dll 2015-12-03 17:01 - 2015-11-22 10:42 - 00138240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ETWCoreUIComponentsResources.dll 2015-12-03 17:01 - 2015-11-22 10:41 - 01814528 _____ (Microsoft Corporation) C:\WINDOWS\system32\pnidui.dll 2015-12-03 17:01 - 2015-11-22 10:41 - 00948224 _____ (Microsoft Corporation) C:\WINDOWS\system32\XblAuthManager.dll 2015-12-03 17:01 - 2015-11-22 10:41 - 00607232 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcmsvc.dll 2015-12-03 17:01 - 2015-11-22 10:40 - 01056256 _____ (Microsoft Corporation) C:\WINDOWS\system32\JpMapControl.dll 2015-12-03 17:01 - 2015-11-22 10:40 - 00465920 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwanconn.dll 2015-12-03 17:01 - 2015-11-22 10:39 - 02126848 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl 2015-12-03 17:01 - 2015-11-22 10:39 - 01713664 _____ (Microsoft Corporation) C:\WINDOWS\system32\SRHInproc.dll 2015-12-03 17:01 - 2015-11-22 10:39 - 00957440 _____ (Microsoft Corporation) C:\WINDOWS\system32\SRH.dll 2015-12-03 17:01 - 2015-11-22 10:39 - 00938496 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapControlCore.dll 2015-12-03 17:01 - 2015-11-22 10:39 - 00870400 _____ (Microsoft Corporation) C:\WINDOWS\system32\modernexecserver.dll 2015-12-03 17:01 - 2015-11-22 10:39 - 00783360 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll 2015-12-03 17:01 - 2015-11-22 10:39 - 00045568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jsproxy.dll 2015-12-03 17:01 - 2015-11-22 10:38 - 01223168 _____ (Microsoft Corporation) C:\WINDOWS\system32\Unistore.dll 2015-12-03 17:01 - 2015-11-22 10:38 - 01212928 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwansvc.dll 2015-12-03 17:01 - 2015-11-22 10:38 - 00912384 _____ (Microsoft Corporation) C:\WINDOWS\system32\usermgr.dll 2015-12-03 17:01 - 2015-11-22 10:38 - 00320000 _____ (Microsoft Corporation) C:\WINDOWS\system32\cryptngc.dll 2015-12-03 17:01 - 2015-11-22 10:38 - 00060928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssign32.dll 2015-12-03 17:01 - 2015-11-22 10:37 - 02624512 _____ (Microsoft Corporation) C:\WINDOWS\system32\InputService.dll 2015-12-03 17:01 - 2015-11-22 10:37 - 01395200 _____ (Microsoft Corporation) C:\WINDOWS\system32\UIAutomationCore.dll 2015-12-03 17:01 - 2015-11-22 10:37 - 00515584 _____ (Microsoft Corporation) C:\WINDOWS\system32\LogonController.dll 2015-12-03 17:01 - 2015-11-22 10:36 - 01042432 _____ (Microsoft Corporation) C:\WINDOWS\system32\BingOnlineServices.dll 2015-12-03 17:01 - 2015-11-22 10:34 - 00345600 _____ (Microsoft Corporation) C:\WINDOWS\system32\TextInputFramework.dll 2015-12-03 17:01 - 2015-11-22 10:33 - 02587136 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFMediaEngine.dll 2015-12-03 17:01 - 2015-11-22 10:32 - 00340480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PlayToDevice.dll 2015-12-03 17:01 - 2015-11-22 10:32 - 00334848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll 2015-12-03 17:01 - 2015-11-22 10:31 - 07199232 _____ (Microsoft Corporation) C:\WINDOWS\system32\BingMaps.dll 2015-12-03 17:01 - 2015-11-22 10:31 - 00470528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MbaeApi.dll 2015-12-03 17:01 - 2015-11-22 10:31 - 00416768 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmenrollengine.dll 2015-12-03 17:01 - 2015-11-22 10:30 - 02598400 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetworkMobileSettings.dll 2015-12-03 17:01 - 2015-11-22 10:29 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\JpMapControl.dll 2015-12-03 17:01 - 2015-11-22 10:28 - 01734656 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll 2015-12-03 17:01 - 2015-11-22 10:28 - 01443328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SRHInproc.dll 2015-12-03 17:01 - 2015-11-22 10:28 - 01387008 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll 2015-12-03 17:01 - 2015-11-22 10:28 - 00948224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Unistore.dll 2015-12-03 17:01 - 2015-11-22 10:28 - 00870400 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpncore.dll 2015-12-03 17:01 - 2015-11-22 10:28 - 00793600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SRH.dll 2015-12-03 17:01 - 2015-11-22 10:28 - 00686592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll 2015-12-03 17:01 - 2015-11-22 10:27 - 03993600 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_nt.dll 2015-12-03 17:01 - 2015-11-22 10:27 - 02049024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl 2015-12-03 17:01 - 2015-11-22 10:27 - 01944576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InputService.dll 2015-12-03 17:01 - 2015-11-22 10:27 - 00711680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapControlCore.dll 2015-12-03 17:01 - 2015-11-22 10:27 - 00241664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cryptngc.dll 2015-12-03 17:01 - 2015-11-22 10:26 - 03355136 _____ (Microsoft Corporation) C:\WINDOWS\system32\msftedit.dll 2015-12-03 17:01 - 2015-11-22 10:26 - 01139200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UIAutomationCore.dll 2015-12-03 17:01 - 2015-11-22 10:26 - 00709120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BingOnlineServices.dll 2015-12-03 17:01 - 2015-11-22 10:26 - 00421888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LogonController.dll 2015-12-03 17:01 - 2015-11-22 10:25 - 06297088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mos.dll 2015-12-03 17:01 - 2015-11-22 10:25 - 02280448 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll 2015-12-03 17:01 - 2015-11-22 10:24 - 02647552 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll 2015-12-03 17:01 - 2015-11-22 10:24 - 01995264 _____ (Microsoft Corporation) C:\WINDOWS\system32\ActiveSyncProvider.dll 2015-12-03 17:01 - 2015-11-22 10:24 - 00245760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TextInputFramework.dll 2015-12-03 17:01 - 2015-11-22 10:23 - 05202944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BingMaps.dll 2015-12-03 17:01 - 2015-11-22 10:20 - 01860096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cdp.dll 2015-12-03 17:01 - 2015-11-22 10:19 - 02064384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFMediaEngine.dll 2015-12-03 17:01 - 2015-11-22 10:18 - 01505280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll 2015-12-03 17:01 - 2015-11-22 10:18 - 00697856 _____ (Microsoft Corporation) C:\WINDOWS\system32\PlayToManager.dll 2015-12-03 17:01 - 2015-11-22 10:18 - 00458752 _____ (Microsoft Corporation) C:\WINDOWS\system32\PlayToDevice.dll 2015-12-03 17:01 - 2015-11-22 10:17 - 02680320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msftedit.dll 2015-12-03 17:01 - 2015-11-22 10:17 - 02121216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll 2015-12-03 17:01 - 2015-11-22 10:16 - 01706496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ActiveSyncProvider.dll 2015-12-03 17:01 - 2015-11-22 10:11 - 00517632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PlayToManager.dll 2015-12-03 17:00 - 2015-11-22 11:00 - 00089088 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsCSP.dll 2015-12-03 17:00 - 2015-11-22 11:00 - 00058368 _____ (Microsoft Corporation) C:\WINDOWS\system32\MosResource.dll 2015-12-03 17:00 - 2015-11-22 10:57 - 00110592 _____ (Microsoft Corporation) C:\WINDOWS\system32\Microsoft-Windows-MapControls.dll 2015-12-03 17:00 - 2015-11-22 10:57 - 00036352 _____ (Microsoft Corporation) C:\WINDOWS\system32\UIAutomationCoreRes.dll 2015-12-03 17:00 - 2015-11-22 10:57 - 00010240 _____ (Microsoft Corporation) C:\WINDOWS\system32\Microsoft-Windows-MosTrace.dll 2015-12-03 17:00 - 2015-11-22 10:57 - 00009728 _____ (Microsoft Corporation) C:\WINDOWS\system32\Microsoft-Windows-MosHost.dll 2015-12-03 17:00 - 2015-11-22 10:56 - 01268736 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.Resources.dll 2015-12-03 17:00 - 2015-11-22 10:56 - 00064000 _____ (Microsoft Corporation) C:\WINDOWS\system32\MosHostClient.dll 2015-12-03 17:00 - 2015-11-22 10:56 - 00064000 _____ (Microsoft Corporation) C:\WINDOWS\system32\ihvrilproxy.dll 2015-12-03 17:00 - 2015-11-22 10:56 - 00055808 _____ (Microsoft Corporation) C:\WINDOWS\system32\rilproxy.dll 2015-12-03 17:00 - 2015-11-22 10:55 - 00013312 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsBtSvcProxy.dll 2015-12-03 17:00 - 2015-11-22 10:54 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\SensorsNativeApi.V2.dll 2015-12-03 17:00 - 2015-11-22 10:54 - 00075264 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwanprotdim.dll 2015-12-03 17:00 - 2015-11-22 10:54 - 00044032 _____ (Microsoft Corporation) C:\WINDOWS\system32\wsplib.dll 2015-12-03 17:00 - 2015-11-22 10:54 - 00032256 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups2.dll 2015-12-03 17:00 - 2015-11-22 10:54 - 00028672 _____ (Microsoft Corporation) C:\WINDOWS\system32\WordBreakers.dll 2015-12-03 17:00 - 2015-11-22 10:54 - 00028160 _____ (Microsoft Corporation) C:\WINDOWS\system32\nativemap.dll 2015-12-03 17:00 - 2015-11-22 10:54 - 00003072 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapControlStringsRes.dll 2015-12-03 17:00 - 2015-11-22 10:52 - 00069632 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininetlui.dll 2015-12-03 17:00 - 2015-11-22 10:52 - 00060928 _____ (Microsoft Corporation) C:\WINDOWS\system32\XblAuthTokenBrokerExt.dll 2015-12-03 17:00 - 2015-11-22 10:52 - 00028672 _____ (Microsoft Corporation) C:\WINDOWS\system32\mapsupdatetask.dll 2015-12-03 17:00 - 2015-11-22 10:51 - 00119808 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsBtSvc.dll 2015-12-03 17:00 - 2015-11-22 10:51 - 00072704 _____ (Microsoft Corporation) C:\WINDOWS\system32\MosStorage.dll 2015-12-03 17:00 - 2015-11-22 10:51 - 00042496 _____ (Microsoft Corporation) C:\WINDOWS\system32\mapstoasttask.dll 2015-12-03 17:00 - 2015-11-22 10:49 - 00066560 _____ (Microsoft Corporation) C:\WINDOWS\system32\moshost.dll 2015-12-03 17:00 - 2015-11-22 10:49 - 00052224 _____ (Microsoft Corporation) C:\WINDOWS\system32\Wwanpref.dll 2015-12-03 17:00 - 2015-11-22 10:48 - 00058368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MosResource.dll 2015-12-03 17:00 - 2015-11-22 10:47 - 00269824 _____ (Microsoft Corporation) C:\WINDOWS\system32\moshostcore.dll 2015-12-03 17:00 - 2015-11-22 10:46 - 00248832 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserMgrProxy.dll 2015-12-03 17:00 - 2015-11-22 10:46 - 00209920 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcmcsp.dll 2015-12-03 17:00 - 2015-11-22 10:45 - 00264192 _____ (Nokia) C:\WINDOWS\system32\NmaDirect.dll 2015-12-03 17:00 - 2015-11-22 10:45 - 00110592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Microsoft-Windows-MapControls.dll 2015-12-03 17:00 - 2015-11-22 10:45 - 00036352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UIAutomationCoreRes.dll 2015-12-03 17:00 - 2015-11-22 10:45 - 00010240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Microsoft-Windows-MosTrace.dll 2015-12-03 17:00 - 2015-11-22 10:45 - 00009728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Microsoft-Windows-MosHost.dll 2015-12-03 17:00 - 2015-11-22 10:44 - 01268736 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.Resources.dll 2015-12-03 17:00 - 2015-11-22 10:44 - 00048640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MosHostClient.dll 2015-12-03 17:00 - 2015-11-22 10:43 - 00459776 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapConfiguration.dll 2015-12-03 17:00 - 2015-11-22 10:42 - 00024064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WordBreakers.dll 2015-12-03 17:00 - 2015-11-22 10:42 - 00003072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapControlStringsRes.dll 2015-12-03 17:00 - 2015-11-22 10:40 - 00850432 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsStore.dll 2015-12-03 17:00 - 2015-11-22 10:40 - 00065536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininetlui.dll 2015-12-03 17:00 - 2015-11-22 10:40 - 00049152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XblAuthTokenBrokerExt.dll 2015-12-03 17:00 - 2015-11-22 10:39 - 00988160 _____ (Microsoft Corporation) C:\WINDOWS\system32\NMAA.dll 2015-12-03 17:00 - 2015-11-22 10:39 - 00114688 _____ (Microsoft Corporation) C:\WINDOWS\system32\offlinelsa.dll 2015-12-03 17:00 - 2015-11-22 10:39 - 00086528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapsBtSvc.dll 2015-12-03 17:00 - 2015-11-22 10:39 - 00058368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MosStorage.dll 2015-12-03 17:00 - 2015-11-22 10:34 - 00175616 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Core.TextInput.dll 2015-12-03 17:00 - 2015-11-22 10:34 - 00166912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserMgrProxy.dll 2015-12-03 17:00 - 2015-11-22 10:34 - 00108544 _____ (Microsoft Corporation) C:\WINDOWS\system32\InputLocaleManager.dll 2015-12-03 17:00 - 2015-11-22 10:34 - 00075264 _____ (Microsoft Corporation) C:\WINDOWS\system32\EditBufferTestHook.dll 2015-12-03 17:00 - 2015-11-22 10:33 - 00205824 _____ (Nokia) C:\WINDOWS\SysWOW64\NmaDirect.dll 2015-12-03 17:00 - 2015-11-22 10:32 - 00346112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapConfiguration.dll 2015-12-03 17:00 - 2015-11-22 10:28 - 00784896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NMAA.dll 2015-12-03 17:00 - 2015-11-22 10:28 - 00100864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\offlinelsa.dll 2015-12-03 17:00 - 2015-11-22 10:27 - 00160768 _____ (Microsoft Corporation) C:\WINDOWS\system32\enrollmentapi.dll 2015-12-03 17:00 - 2015-11-22 10:25 - 00133632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Core.TextInput.dll 2015-12-03 17:00 - 2015-11-22 10:24 - 00083456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InputLocaleManager.dll 2015-12-03 17:00 - 2015-11-22 10:24 - 00059904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\EditBufferTestHook.dll 2015-12-03 09:23 - 2015-12-03 09:24 - 00075288 _____ C:\Users\Lorenz\Downloads\Addition.txt 2015-12-03 09:22 - 2015-12-09 17:20 - 00027647 _____ C:\Users\Lorenz\Downloads\FRST.txt 2015-12-03 09:22 - 2015-12-09 17:20 - 00000000 ____D C:\FRST 2015-12-03 09:17 - 2015-12-03 09:19 - 02350080 _____ (Farbar) C:\Users\Lorenz\Downloads\FRST64.exe 2015-12-03 09:15 - 2015-12-03 09:15 - 00000000 _____ C:\Users\Lorenz\defogger_reenable 2015-12-03 09:14 - 2015-12-03 09:21 - 00380416 _____ C:\Users\Lorenz\Downloads\Gmer-19357.exe 2015-12-03 09:14 - 2015-12-03 09:15 - 00050477 _____ C:\Users\Lorenz\Downloads\Defogger.exe 2015-12-02 11:41 - 2015-12-02 11:41 - 00000000 ____D C:\Users\Lorenz\AppData\Local\ActiveSync 2015-12-02 11:33 - 2015-12-02 11:33 - 00000020 ___SH C:\Users\Lorenz\ntuser.ini 2015-12-02 11:33 - 2015-12-02 11:33 - 00000000 _SHDL C:\Users\Default\Vorlagen 2015-12-02 11:33 - 2015-12-02 11:33 - 00000000 _SHDL C:\Users\Default\Startmenü 2015-12-02 11:33 - 2015-12-02 11:33 - 00000000 _SHDL C:\Users\Default\Netzwerkumgebung 2015-12-02 11:33 - 2015-12-02 11:33 - 00000000 _SHDL C:\Users\Default\Lokale Einstellungen 2015-12-02 11:33 - 2015-12-02 11:33 - 00000000 _SHDL C:\Users\Default\Eigene Dateien 2015-12-02 11:33 - 2015-12-02 11:33 - 00000000 _SHDL C:\Users\Default\Druckumgebung 2015-12-02 11:33 - 2015-12-02 11:33 - 00000000 _SHDL C:\Users\Default\Documents\Eigene Videos 2015-12-02 11:33 - 2015-12-02 11:33 - 00000000 _SHDL C:\Users\Default\Documents\Eigene Musik 2015-12-02 11:33 - 2015-12-02 11:33 - 00000000 _SHDL C:\Users\Default\Documents\Eigene Bilder 2015-12-02 11:33 - 2015-12-02 11:33 - 00000000 _SHDL C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programme 2015-12-02 11:33 - 2015-12-02 11:33 - 00000000 _SHDL C:\Users\Default\AppData\Local\Verlauf 2015-12-02 11:33 - 2015-12-02 11:33 - 00000000 _SHDL C:\Users\Default\AppData\Local\Anwendungsdaten 2015-12-02 11:33 - 2015-12-02 11:33 - 00000000 _SHDL C:\Users\Default\Anwendungsdaten 2015-12-02 11:33 - 2015-12-02 11:33 - 00000000 _SHDL C:\Users\Default User\Documents\Eigene Videos 2015-12-02 11:33 - 2015-12-02 11:33 - 00000000 _SHDL C:\Users\Default User\Documents\Eigene Musik 2015-12-02 11:33 - 2015-12-02 11:33 - 00000000 _SHDL C:\Users\Default User\Documents\Eigene Bilder 2015-12-02 11:33 - 2015-12-02 11:33 - 00000000 _SHDL C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programme 2015-12-02 11:33 - 2015-12-02 11:33 - 00000000 _SHDL C:\Users\Default User\AppData\Local\Verlauf 2015-12-02 11:33 - 2015-12-02 11:33 - 00000000 _SHDL C:\Users\Default User\AppData\Local\Anwendungsdaten 2015-12-02 11:30 - 2015-12-09 06:38 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT 2015-12-02 11:26 - 2015-12-02 11:26 - 00001576 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk 2015-12-02 11:21 - 2015-12-02 11:27 - 00000000 ____D C:\WINDOWS\system32\config\bbimigrate 2015-12-02 11:20 - 2015-12-09 03:31 - 00000000 ____D C:\Users\Lorenz 2015-12-02 11:20 - 2015-12-02 11:20 - 00000000 _SHDL C:\Users\Lorenz\Vorlagen 2015-12-02 11:20 - 2015-12-02 11:20 - 00000000 _SHDL C:\Users\Lorenz\Startmenü 2015-12-02 11:20 - 2015-12-02 11:20 - 00000000 _SHDL C:\Users\Lorenz\Netzwerkumgebung 2015-12-02 11:20 - 2015-12-02 11:20 - 00000000 _SHDL C:\Users\Lorenz\Lokale Einstellungen 2015-12-02 11:20 - 2015-12-02 11:20 - 00000000 _SHDL C:\Users\Lorenz\Eigene Dateien 2015-12-02 11:20 - 2015-12-02 11:20 - 00000000 _SHDL C:\Users\Lorenz\Druckumgebung 2015-12-02 11:20 - 2015-12-02 11:20 - 00000000 _SHDL C:\Users\Lorenz\Documents\Eigene Videos 2015-12-02 11:20 - 2015-12-02 11:20 - 00000000 _SHDL C:\Users\Lorenz\Documents\Eigene Musik 2015-12-02 11:20 - 2015-12-02 11:20 - 00000000 _SHDL C:\Users\Lorenz\Documents\Eigene Bilder 2015-12-02 11:20 - 2015-12-02 11:20 - 00000000 _SHDL C:\Users\Lorenz\AppData\Roaming\Microsoft\Windows\Start Menu\Programme 2015-12-02 11:20 - 2015-12-02 11:20 - 00000000 _SHDL C:\Users\Lorenz\AppData\Local\Verlauf 2015-12-02 11:20 - 2015-12-02 11:20 - 00000000 _SHDL C:\Users\Lorenz\AppData\Local\Anwendungsdaten 2015-12-02 11:20 - 2015-12-02 11:20 - 00000000 _SHDL C:\Users\Lorenz\Anwendungsdaten 2015-12-02 11:19 - 2015-12-02 11:19 - 00000000 ____H C:\WINDOWS\system32\Drivers\Msft_User_SensorsHid_02_15_00.Wdf 2015-12-02 11:19 - 2015-12-02 11:19 - 00000000 ____H C:\WINDOWS\system32\Drivers\Msft_Kernel_TrueColor_01011.Wdf 2015-12-02 11:19 - 2015-12-02 11:19 - 00000000 ____H C:\WINDOWS\system32\Drivers\Msft_Kernel_SurfacePenDriver_01011.Wdf 2015-12-02 11:19 - 2015-12-02 11:19 - 00000000 ____D C:\WINDOWS\SysWOW64\TrueColor5.2 2015-12-02 11:19 - 2015-12-02 11:19 - 00000000 ____D C:\WINDOWS\system32\TrueColor5.2 2015-12-02 11:19 - 2015-10-30 08:17 - 02718208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PrintConfig.dll 2015-12-02 11:19 - 2015-09-06 12:12 - 00099856 _____ (Khronos Group) C:\WINDOWS\system32\OpenCL.DLL 2015-12-02 11:18 - 2015-12-02 11:18 - 00000000 ____H C:\ProgramData\DP45977C.lfl 2015-12-02 11:18 - 2015-12-02 11:18 - 00000000 ____D C:\WINDOWS\Firmware 2015-12-02 11:18 - 2015-12-02 11:18 - 00000000 ____D C:\Program Files\Intel 2015-12-02 11:17 - 2015-12-09 15:13 - 00000000 ____D C:\WINDOWS\system32\SleepStudy 2015-12-02 11:17 - 2015-12-09 06:38 - 00442840 _____ C:\WINDOWS\system32\FNTCACHE.DAT 2015-12-02 11:17 - 2015-12-02 12:00 - 00000000 ___DC C:\WINDOWS\Panther 2015-12-02 11:15 - 2015-12-02 11:15 - 22572632 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll 2015-12-02 11:15 - 2015-12-02 11:15 - 21125408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll 2015-12-02 11:15 - 2015-12-02 11:15 - 11545088 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll 2015-12-02 11:15 - 2015-12-02 11:15 - 09918976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll 2015-12-02 11:15 - 2015-12-02 11:15 - 02544264 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll 2015-12-02 11:15 - 2015-12-02 11:15 - 02444288 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.appcore.dll 2015-12-02 11:15 - 2015-12-02 11:15 - 02179584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll 2015-12-02 11:15 - 2015-12-02 11:15 - 02001408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.appcore.dll 2015-12-02 11:15 - 2015-12-02 11:15 - 01063424 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll 2015-12-02 11:15 - 2015-12-02 11:15 - 00969728 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll 2015-12-02 11:15 - 2015-12-02 11:15 - 00911648 _____ (Microsoft Corporation) C:\WINDOWS\system32\dcomp.dll 2015-12-02 11:15 - 2015-12-02 11:15 - 00809312 _____ (Microsoft Corporation) C:\WINDOWS\system32\WWAHost.exe 2015-12-02 11:15 - 2015-12-02 11:15 - 00803840 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll 2015-12-02 11:15 - 2015-12-02 11:15 - 00791552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll 2015-12-02 11:15 - 2015-12-02 11:15 - 00704352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WWAHost.exe 2015-12-02 11:15 - 2015-12-02 11:15 - 00698208 _____ (Microsoft Corporation) C:\WINDOWS\system32\wimgapi.dll 2015-12-02 11:15 - 2015-12-02 11:15 - 00675064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dcomp.dll 2015-12-02 11:15 - 2015-12-02 11:15 - 00674816 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.dll 2015-12-02 11:15 - 2015-12-02 11:15 - 00647168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll 2015-12-02 11:15 - 2015-12-02 11:15 - 00630632 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontdrvhost.exe 2015-12-02 11:15 - 2015-12-02 11:15 - 00623616 _____ (Microsoft Corporation) C:\WINDOWS\system32\PhoneProviders.dll 2015-12-02 11:15 - 2015-12-02 11:15 - 00586208 _____ (Microsoft Corporation) C:\WINDOWS\system32\mf.dll 2015-12-02 11:15 - 2015-12-02 11:15 - 00586080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wimgapi.dll 2015-12-02 11:15 - 2015-12-02 11:15 - 00578912 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\afd.sys 2015-12-02 11:15 - 2015-12-02 11:15 - 00543232 _____ (Microsoft Corporation) C:\WINDOWS\system32\StoreAgent.dll 2015-12-02 11:15 - 2015-12-02 11:15 - 00540752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontdrvhost.exe 2015-12-02 11:15 - 2015-12-02 11:15 - 00536768 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSes.dll 2015-12-02 11:15 - 2015-12-02 11:15 - 00523616 _____ (Microsoft Corporation) C:\WINDOWS\system32\wimserv.exe 2015-12-02 11:15 - 2015-12-02 11:15 - 00517632 _____ (Microsoft Corporation) C:\WINDOWS\system32\winspool.drv 2015-12-02 11:15 - 2015-12-02 11:15 - 00516544 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEng.dll 2015-12-02 11:15 - 2015-12-02 11:15 - 00511320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mf.dll 2015-12-02 11:15 - 2015-12-02 11:15 - 00497664 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmkvsrcsnk.dll 2015-12-02 11:15 - 2015-12-02 11:15 - 00490496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.dll 2015-12-02 11:15 - 2015-12-02 11:15 - 00454056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioEng.dll 2015-12-02 11:15 - 2015-12-02 11:15 - 00450560 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Bluetooth.dll 2015-12-02 11:15 - 2015-12-02 11:15 - 00414720 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcastdvr.exe 2015-12-02 11:15 - 2015-12-02 11:15 - 00409088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\StoreAgent.dll 2015-12-02 11:15 - 2015-12-02 11:15 - 00408128 _____ (Microsoft Corporation) C:\WINDOWS\system32\AUDIOKSE.dll 2015-12-02 11:15 - 2015-12-02 11:15 - 00405048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioSes.dll 2015-12-02 11:15 - 2015-12-02 11:15 - 00400896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winspool.drv 2015-12-02 11:15 - 2015-12-02 11:15 - 00382464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmkvsrcsnk.dll 2015-12-02 11:15 - 2015-12-02 11:15 - 00369912 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiodg.exe 2015-12-02 11:15 - 2015-12-02 11:15 - 00366224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AUDIOKSE.dll 2015-12-02 11:15 - 2015-12-02 11:15 - 00365568 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\atmfd.dll 2015-12-02 11:15 - 2015-12-02 11:15 - 00334736 _____ (Microsoft Corporation) C:\WINDOWS\system32\policymanager.dll 2015-12-02 11:15 - 2015-12-02 11:15 - 00334336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\bcastdvr.exe 2015-12-02 11:15 - 2015-12-02 11:15 - 00315904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Internal.Bluetooth.dll 2015-12-02 11:15 - 2015-12-02 11:15 - 00303104 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\atmfd.dll 2015-12-02 11:15 - 2015-12-02 11:15 - 00296488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\policymanager.dll 2015-12-02 11:15 - 2015-12-02 11:15 - 00292352 _____ (Microsoft Corporation) C:\WINDOWS\system32\provengine.dll 2015-12-02 11:15 - 2015-12-02 11:15 - 00286720 _____ (Microsoft Corporation) C:\WINDOWS\system32\deviceaccess.dll 2015-12-02 11:15 - 2015-12-02 11:15 - 00286208 _____ (Microsoft Corporation) C:\WINDOWS\system32\provhandlers.dll 2015-12-02 11:15 - 2015-12-02 11:15 - 00275456 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll 2015-12-02 11:15 - 2015-12-02 11:15 - 00245848 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfps.dll 2015-12-02 11:15 - 2015-12-02 11:15 - 00231936 _____ (Microsoft Corporation) C:\WINDOWS\system32\KnobsCore.dll 2015-12-02 11:15 - 2015-12-02 11:15 - 00227840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\deviceaccess.dll 2015-12-02 11:15 - 2015-12-02 11:15 - 00204800 _____ (Microsoft Corporation) C:\WINDOWS\system32\Microsoft-Windows-AppModelExecEvents.dll 2015-12-02 11:15 - 2015-12-02 11:15 - 00198656 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallAgent.exe 2015-12-02 11:15 - 2015-12-02 11:15 - 00192000 _____ (Microsoft Corporation) C:\WINDOWS\system32\provisioningcsp.dll 2015-12-02 11:15 - 2015-12-02 11:15 - 00165376 _____ (Microsoft Corporation) C:\WINDOWS\system32\provdatastore.dll 2015-12-02 11:15 - 2015-12-02 11:15 - 00163328 _____ (Microsoft Corporation) C:\WINDOWS\system32\provops.dll 2015-12-02 11:15 - 2015-12-02 11:15 - 00162304 _____ (Microsoft Corporation) C:\WINDOWS\system32\tetheringservice.dll 2015-12-02 11:15 - 2015-12-02 11:15 - 00160768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallAgent.exe 2015-12-02 11:15 - 2015-12-02 11:15 - 00122368 _____ (Microsoft Corporation) C:\WINDOWS\system32\KnobsCsp.dll 2015-12-02 11:15 - 2015-12-02 11:15 - 00118624 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tdx.sys 2015-12-02 11:15 - 2015-12-02 11:15 - 00118272 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontsub.dll 2015-12-02 11:15 - 2015-12-02 11:15 - 00116728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfps.dll 2015-12-02 11:15 - 2015-12-02 11:15 - 00110032 _____ (Microsoft Corporation) C:\WINDOWS\system32\EncDump.dll 2015-12-02 11:15 - 2015-12-02 11:15 - 00093696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontsub.dll 2015-12-02 11:15 - 2015-12-02 11:15 - 00092352 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll 2015-12-02 11:15 - 2015-12-02 11:15 - 00089600 _____ (Microsoft Corporation) C:\WINDOWS\system32\NFCProvisioningPlugin.dll 2015-12-02 11:15 - 2015-12-02 11:15 - 00088392 _____ (Microsoft Corporation) C:\WINDOWS\system32\remoteaudioendpoint.dll 2015-12-02 11:15 - 2015-12-02 11:15 - 00087040 _____ (Microsoft Corporation) C:\WINDOWS\system32\tzautoupdate.dll 2015-12-02 11:15 - 2015-12-02 11:15 - 00086528 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppCapture.dll 2015-12-02 11:15 - 2015-12-02 11:15 - 00078336 _____ (Microsoft Corporation) C:\WINDOWS\system32\BarcodeProvisioningPlugin.dll 2015-12-02 11:15 - 2015-12-02 11:15 - 00077312 _____ (Microsoft Corporation) C:\WINDOWS\system32\ProvPluginEng.dll 2015-12-02 11:15 - 2015-12-02 11:15 - 00073360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\remoteaudioendpoint.dll 2015-12-02 11:15 - 2015-12-02 11:15 - 00070656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppCapture.dll 2015-12-02 11:15 - 2015-12-02 11:15 - 00056320 _____ (Microsoft Corporation) C:\WINDOWS\system32\provtool.exe 2015-12-02 11:15 - 2015-12-02 11:15 - 00052736 _____ (Microsoft Corporation) C:\WINDOWS\system32\tetheringclient.dll 2015-12-02 11:15 - 2015-12-02 11:15 - 00052736 _____ (Microsoft Corporation) C:\WINDOWS\system32\RemovableMediaProvisioningPlugin.dll 2015-12-02 11:15 - 2015-12-02 11:15 - 00045568 _____ (Adobe Systems) C:\WINDOWS\system32\atmlib.dll 2015-12-02 11:15 - 2015-12-02 11:15 - 00043520 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcastdvr.proxy.dll 2015-12-02 11:15 - 2015-12-02 11:15 - 00037376 _____ (Microsoft Corporation) C:\WINDOWS\system32\LaunchWinApp.exe 2015-12-02 11:15 - 2015-12-02 11:15 - 00037376 _____ (Adobe Systems) C:\WINDOWS\SysWOW64\atmlib.dll 2015-12-02 11:15 - 2015-12-02 11:15 - 00035680 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wimmount.sys 2015-12-02 11:15 - 2015-12-02 11:15 - 00035656 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfpmp.exe 2015-12-02 11:15 - 2015-12-02 11:15 - 00032040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfpmp.exe 2015-12-02 11:15 - 2015-12-02 11:15 - 00030720 _____ (Microsoft Corporation) C:\WINDOWS\system32\tetheringconfigsp.dll 2015-12-02 11:15 - 2015-12-02 11:15 - 00029696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LaunchWinApp.exe 2015-12-02 11:15 - 2015-12-02 11:15 - 00028160 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Management.Provisioning.ProxyStub.dll 2015-12-02 11:15 - 2015-12-02 11:15 - 00027136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\bcastdvr.proxy.dll 2015-12-02 11:15 - 2015-12-02 11:15 - 00017408 _____ (Microsoft Corporation) C:\WINDOWS\system32\IcsEntitlementHost.exe 2015-12-02 11:15 - 2015-12-02 11:15 - 00014336 _____ (Microsoft Corporation) C:\WINDOWS\system32\dciman32.dll 2015-12-02 11:15 - 2015-12-02 11:15 - 00011776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dciman32.dll 2015-12-02 11:15 - 2015-12-02 11:15 - 00003072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\lpk.dll 2015-12-02 11:15 - 2015-12-02 11:15 - 00003072 _____ (Microsoft Corporation) C:\WINDOWS\system32\lpk.dll 2015-12-02 11:15 - 2015-12-02 11:15 - 00000000 ____D C:\Windows.old 2015-12-02 11:13 - 2015-12-02 11:13 - 00008192 _____ C:\WINDOWS\system32\config\userdiff 2015-12-02 11:11 - 2015-12-02 11:11 - 00000000 ____D C:\WINDOWS\SysWOW64\XPSViewer 2015-12-02 11:11 - 2015-12-02 11:11 - 00000000 ____D C:\Program Files\Reference Assemblies 2015-12-02 11:11 - 2015-12-02 11:11 - 00000000 ____D C:\Program Files\MSBuild 2015-12-02 11:11 - 2015-12-02 11:11 - 00000000 ____D C:\Program Files (x86)\Reference Assemblies 2015-12-02 11:11 - 2015-12-02 11:11 - 00000000 ____D C:\Program Files (x86)\MSBuild 2015-12-02 11:11 - 2015-10-23 17:47 - 00778936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PresentationNative_v0300.dll 2015-12-02 11:11 - 2015-10-23 17:47 - 00103120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PresentationCFFRasterizerNative_v0300.dll 2015-12-02 11:11 - 2015-10-23 17:47 - 00035480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TsWpfWrp.exe 2015-12-02 11:11 - 2015-10-23 17:46 - 01166520 _____ (Microsoft Corporation) C:\WINDOWS\system32\PresentationNative_v0300.dll 2015-12-02 11:11 - 2015-10-23 17:46 - 00035480 _____ (Microsoft Corporation) C:\WINDOWS\system32\TsWpfWrp.exe 2015-12-02 11:11 - 2015-10-23 17:45 - 00124624 _____ (Microsoft Corporation) C:\WINDOWS\system32\PresentationCFFRasterizerNative_v0300.dll 2015-11-27 21:54 - 2015-11-27 21:54 - 05359935 _____ C:\Users\Lorenz\Downloads\kinox_app_1.0.5.apk 2015-11-23 17:35 - 2015-11-23 17:35 - 00000000 ____D C:\Users\Lorenz\AppData\Roaming\Avira 2015-11-23 16:34 - 2015-12-01 14:13 - 00146696 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avipbb.sys 2015-11-23 16:34 - 2015-12-01 14:13 - 00135880 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avgntflt.sys 2015-11-23 16:34 - 2015-12-01 14:13 - 00073032 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avnetflt.sys 2015-11-23 16:34 - 2015-12-01 14:13 - 00035488 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avkmgr.sys 2015-11-23 16:32 - 2015-11-23 16:32 - 04584344 _____ (Avira Operations GmbH & Co. KG) C:\Users\Lorenz\Downloads\avira_de_av_5655784164__ws.exe 2015-11-23 16:31 - 2015-07-05 11:08 - 00300704 _____ (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe 2015-11-23 16:28 - 2015-11-23 16:29 - 00000000 ____D C:\escw_103_sa 2015-11-23 16:17 - 2015-11-23 16:18 - 152989672 _____ C:\Users\Lorenz\Downloads\escw_103_sa_sfx.exe 2015-11-20 08:13 - 2015-11-20 10:36 - 00000000 ____D C:\Users\Lorenz\AppData\Local\ABBF10EB-058A-4174-AE2A-78C7323AAD12.aplzod 2015-11-19 11:50 - 2015-12-02 11:27 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iCloud 2015-11-14 23:13 - 2015-11-28 18:39 - 00000000 ____D C:\Users\Lorenz\AppData\Local\Foxit Reader 2015-11-13 13:19 - 2015-11-13 13:19 - 00000000 ____D C:\Users\Lorenz\.tooling 2015-11-13 13:12 - 2015-12-07 13:21 - 00000000 ____D C:\Users\Lorenz\AppData\Local\Eclipse 2015-11-13 13:10 - 2015-11-13 13:10 - 00001126 _____ C:\Users\Lorenz\Desktop\Eclipse Java Mars.lnk 2015-11-13 13:10 - 2015-11-13 13:10 - 00000000 ____D C:\Users\Lorenz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Eclipse 2015-11-13 13:03 - 2015-11-13 13:03 - 00000000 ____D C:\Users\Lorenz\eclipse 2015-11-13 13:03 - 2015-11-13 13:03 - 00000000 ____D C:\Users\Lorenz\AppData\Roaming\Sun 2015-11-13 13:03 - 2015-11-13 13:03 - 00000000 ____D C:\Users\Lorenz\AppData\LocalLow\Sun 2015-11-13 13:02 - 2015-12-07 13:21 - 00000000 ____D C:\Users\Lorenz\.p2 2015-11-13 13:02 - 2015-12-02 11:27 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java 2015-11-13 13:02 - 2015-11-13 13:02 - 00110176 _____ (Oracle Corporation) C:\WINDOWS\system32\WindowsAccessBridge-64.dll 2015-11-13 13:01 - 2015-11-13 13:04 - 00000000 ____D C:\ProgramData\Oracle 2015-11-13 13:01 - 2015-11-13 13:03 - 00000000 ____D C:\Users\Lorenz\.oracle_jre_usage 2015-11-13 13:01 - 2015-11-13 13:01 - 46355176 _____ C:\Users\Lorenz\Downloads\eclipse-inst-win64.exe 2015-11-13 12:58 - 2015-12-02 11:27 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java Development Kit 2015-11-13 12:58 - 2015-11-13 13:01 - 00000000 ____D C:\Program Files\Java 2015-11-13 12:57 - 2015-11-13 12:57 - 00000000 ____D C:\Users\Lorenz\AppData\LocalLow\Oracle 2015-11-13 12:55 - 2015-11-13 12:57 - 195629144 _____ (Oracle Corporation) C:\Users\Lorenz\Downloads\jdk-8u65-windows-x64.exe 2015-11-12 16:17 - 2015-12-02 11:27 - 00000000 ____D C:\Users\Lorenz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox ==================== Ein Monat: Geänderte Dateien und Ordner ======== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.) 2015-12-09 17:10 - 2015-06-17 07:00 - 00001254 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskUserS-1-5-21-2261460588-3622448717-587553582-1001UA.job 2015-12-09 16:48 - 2014-10-16 15:30 - 00000884 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job 2015-12-09 16:44 - 2014-10-14 19:24 - 00004166 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{CA419BB4-6605-47F9-9529-DB8D2C018ECF} 2015-12-09 16:25 - 2015-01-22 15:44 - 00001144 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job 2015-12-09 15:13 - 2015-06-17 07:00 - 00001202 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskUserS-1-5-21-2261460588-3622448717-587553582-1001Core.job 2015-12-09 13:49 - 2015-08-04 09:15 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013 2015-12-09 13:49 - 2015-07-06 08:40 - 00000000 ____D C:\Users\Lorenz\Documents\Outlook-Dateien 2015-12-09 13:25 - 2015-01-22 15:44 - 00001140 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job 2015-12-09 12:00 - 2015-10-30 08:24 - 00000000 ____D C:\WINDOWS\AppReadiness 2015-12-09 12:00 - 2015-10-30 08:11 - 00000000 ____D C:\WINDOWS\CbsTemp 2015-12-09 06:45 - 2015-10-30 19:35 - 00776766 _____ C:\WINDOWS\system32\perfh007.dat 2015-12-09 06:45 - 2015-10-30 19:35 - 00155544 _____ C:\WINDOWS\system32\perfc007.dat 2015-12-09 06:45 - 2015-10-30 08:21 - 00000000 ____D C:\WINDOWS\INF 2015-12-09 06:45 - 2015-08-03 23:45 - 01799166 _____ C:\WINDOWS\system32\PerfStringBackup.INI 2015-12-09 06:43 - 2015-10-30 08:24 - 00000000 ___HD C:\Program Files\WindowsApps 2015-12-09 06:39 - 2015-08-01 11:37 - 00000000 ___RD C:\Users\Lorenz\iCloudDrive 2015-12-09 06:39 - 2014-10-15 21:30 - 00000000 ___RD C:\Users\Lorenz\Dropbox 2015-12-09 06:39 - 2014-10-15 21:28 - 00000000 ____D C:\Users\Lorenz\AppData\Roaming\Dropbox 2015-12-09 06:39 - 2014-10-14 19:20 - 00000000 __RDO C:\Users\Lorenz\OneDrive 2015-12-09 06:38 - 2015-10-30 07:28 - 00524288 ___SH C:\WINDOWS\system32\config\BBI 2015-12-09 06:38 - 2015-10-29 08:45 - 00000000 ____D C:\Program Files\Microsoft Silverlight 2015-12-09 06:38 - 2015-10-29 08:45 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight 2015-12-09 06:22 - 2015-10-30 08:24 - 00000000 ____D C:\WINDOWS\system32\oobe 2015-12-08 23:39 - 2015-10-29 08:46 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight 2015-12-08 21:44 - 2014-10-14 19:17 - 00000000 ____D C:\Users\Lorenz\AppData\Local\VirtualStore 2015-12-08 21:32 - 2015-10-30 08:24 - 00000000 ____D C:\WINDOWS\LiveKernelReports 2015-12-08 21:29 - 2015-10-30 07:28 - 00000000 ____D C:\Windows 2015-12-06 22:04 - 2014-10-14 20:34 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service 2015-12-05 20:19 - 2015-10-30 08:24 - 00000000 ____D C:\WINDOWS\rescache 2015-12-03 22:51 - 2015-10-30 08:24 - 00000000 ____D C:\WINDOWS\system32\SystemResetPlatform 2015-12-03 20:28 - 2015-01-22 15:44 - 00002259 _____ C:\Users\Public\Desktop\Google Chrome.lnk 2015-12-03 20:27 - 2015-07-16 10:33 - 00000000 ____D C:\Users\Lorenz\.eclipse 2015-12-03 08:42 - 2015-10-30 08:24 - 00000000 ____D C:\WINDOWS\appcompat 2015-12-02 13:20 - 2015-01-22 15:44 - 00004202 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA 2015-12-02 13:20 - 2015-01-22 15:44 - 00003970 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore 2015-12-02 11:46 - 2014-10-14 19:17 - 00000000 ____D C:\Users\Lorenz\AppData\Local\Packages 2015-12-02 11:41 - 2015-08-04 08:20 - 00002407 _____ C:\Users\Lorenz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk 2015-12-02 11:40 - 2015-10-30 08:24 - 00000000 ___RD C:\WINDOWS\DevicesFlow 2015-12-02 11:34 - 2015-10-30 08:24 - 00000000 ___RD C:\WINDOWS\PrintDialog 2015-12-02 11:34 - 2015-10-30 08:24 - 00000000 ___RD C:\WINDOWS\MiracastView 2015-12-02 11:33 - 2015-10-30 08:24 - 00000000 ___RD C:\WINDOWS\ImmersiveControlPanel 2015-12-02 11:33 - 2015-10-30 08:24 - 00000000 ____D C:\Program Files\Windows NT 2015-12-02 11:33 - 2014-08-06 14:02 - 00000000 __RHD C:\Users\Public\AccountPictures 2015-12-02 11:32 - 2015-10-30 08:24 - 00000000 ____D C:\WINDOWS\Registration 2015-12-02 11:32 - 2015-08-01 23:13 - 00020958 _____ C:\WINDOWS\diagwrn.xml 2015-12-02 11:32 - 2015-08-01 23:13 - 00020958 _____ C:\WINDOWS\diagerr.xml 2015-12-02 11:31 - 2015-10-30 08:24 - 00000000 ____D C:\WINDOWS\system32\WinBioDatabase 2015-12-02 11:30 - 2015-10-30 08:24 - 00000000 __RSD C:\WINDOWS\Media 2015-12-02 11:30 - 2015-10-30 08:24 - 00000000 __RHD C:\Users\Public\Libraries 2015-12-02 11:30 - 2015-08-03 23:43 - 00023056 _____ C:\WINDOWS\system32\emptyregdb.dat 2015-12-02 11:30 - 2015-07-22 13:00 - 00002954 _____ C:\WINDOWS\System32\Tasks\Adobe Acrobat Update Task 2015-12-02 11:30 - 2015-06-17 07:00 - 00003868 _____ C:\WINDOWS\System32\Tasks\DropboxUpdateTaskUserS-1-5-21-2261460588-3622448717-587553582-1001UA 2015-12-02 11:30 - 2015-06-17 07:00 - 00003596 _____ C:\WINDOWS\System32\Tasks\DropboxUpdateTaskUserS-1-5-21-2261460588-3622448717-587553582-1001Core 2015-12-02 11:30 - 2014-10-16 15:30 - 00003098 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater 2015-12-02 11:30 - 2014-10-14 19:24 - 00002878 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2261460588-3622448717-587553582-1001 2015-12-02 11:27 - 2015-10-30 08:24 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft 2015-12-02 11:27 - 2015-10-30 07:28 - 00008192 ___SH C:\WINDOWS\system32\config\ELAM 2015-12-02 11:27 - 2015-10-25 12:15 - 00000000 ____D C:\Users\Lorenz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Autodesk 2015-12-02 11:27 - 2015-10-25 12:07 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Autodesk Inventor 2014 2015-12-02 11:27 - 2015-10-25 12:04 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DWG TrueView 2014 2015-12-02 11:27 - 2015-10-25 12:02 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Autodesk 2015-12-02 11:27 - 2015-10-20 09:11 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\phase-6 2015-12-02 11:27 - 2015-07-10 10:05 - 00000000 ____D C:\Users\Default.migrated 2015-12-02 11:27 - 2015-07-08 11:19 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime 2015-12-02 11:27 - 2015-07-04 08:27 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\devolo 2015-12-02 11:27 - 2015-04-14 20:47 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RStudio 2015-12-02 11:27 - 2015-04-14 17:04 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\R 2015-12-02 11:27 - 2015-03-24 17:11 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ElsterFormular 2015-12-02 11:27 - 2015-01-22 15:44 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome 2015-12-02 11:27 - 2014-11-20 15:15 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDFCreator 2015-12-02 11:27 - 2014-11-20 15:15 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDF Architect 2 2015-12-02 11:27 - 2014-11-15 21:19 - 00000000 ____D C:\Users\Lorenz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR 2015-12-02 11:27 - 2014-11-15 21:19 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR 2015-12-02 11:27 - 2014-11-13 19:56 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon MP630 series 2015-12-02 11:27 - 2014-11-06 20:48 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVDVideoSoft 2015-12-02 11:27 - 2014-10-22 22:50 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PhotoScape 2015-12-02 11:27 - 2014-10-16 15:37 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MatheGrafix 2015-12-02 11:27 - 2014-10-15 21:19 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira 2015-12-02 11:23 - 2015-10-30 08:24 - 00000000 ___SD C:\WINDOWS\Downloaded Program Files 2015-12-02 11:23 - 2015-10-30 08:24 - 00000000 ___RD C:\WINDOWS\PurchaseDialog 2015-12-02 11:23 - 2015-10-30 08:24 - 00000000 ____D C:\WINDOWS\system32\spool 2015-12-02 11:23 - 2015-10-30 08:24 - 00000000 ____D C:\WINDOWS\system32\NDF 2015-12-02 11:23 - 2015-10-30 08:24 - 00000000 ____D C:\WINDOWS\system32\InputMethod 2015-12-02 11:23 - 2015-10-30 08:24 - 00000000 ____D C:\WINDOWS\PolicyDefinitions 2015-12-02 11:23 - 2015-10-30 08:24 - 00000000 ____D C:\WINDOWS\InputMethod 2015-12-02 11:23 - 2015-10-30 08:24 - 00000000 ____D C:\ProgramData\USOPrivate 2015-12-02 11:23 - 2015-10-30 08:24 - 00000000 ____D C:\Program Files\Common Files\microsoft shared 2015-12-02 11:23 - 2015-10-22 19:56 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cisco 2015-12-02 11:23 - 2015-05-26 14:55 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Texmaker 2015-12-02 11:23 - 2014-11-15 21:03 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HTC 2015-12-02 11:23 - 2014-11-13 19:56 - 00000000 ___HD C:\WINDOWS\system32\CanonIJ Uninstaller Information 2015-12-02 11:23 - 2014-10-30 21:22 - 00000000 ____D C:\WINDOWS\system32\appmgmt 2015-12-02 11:23 - 2014-10-30 20:35 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SCM Microsystems 2015-12-02 11:23 - 2014-10-20 17:58 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon Utilities 2015-12-02 11:23 - 2013-08-22 16:36 - 00000000 ____D C:\WINDOWS\system32\WindowsInternal.Inbox.Shared 2015-12-02 11:23 - 2013-08-22 16:36 - 00000000 ____D C:\WINDOWS\system32\WindowsInternal.Inbox.Media.Shared 2015-12-02 11:23 - 2013-08-22 16:36 - 00000000 ____D C:\WINDOWS\ADFS 2015-12-02 11:20 - 2015-10-30 07:28 - 00000000 ____D C:\WINDOWS\system32\Sysprep 2015-12-02 11:17 - 2015-10-30 19:58 - 00000000 ____D C:\WINDOWS\ServiceProfiles 2015-12-02 11:17 - 2015-10-30 08:24 - 00028672 _____ C:\WINDOWS\system32\config\BCD-Template 2015-12-02 11:15 - 2015-10-30 08:24 - 00000000 ____D C:\WINDOWS\system32\appraiser 2015-12-02 11:15 - 2015-10-30 08:24 - 00000000 ____D C:\WINDOWS\Provisioning 2015-12-02 11:15 - 2015-10-30 07:28 - 00000000 ____D C:\WINDOWS\SysWOW64\Dism 2015-12-02 11:15 - 2015-10-30 07:28 - 00000000 ____D C:\WINDOWS\system32\Dism 2015-12-02 11:11 - 2015-10-30 08:24 - 00000000 ____D C:\WINDOWS\SysWOW64\MUI 2015-12-02 11:11 - 2015-10-30 08:24 - 00000000 ____D C:\WINDOWS\system32\MUI 2015-12-02 10:57 - 2015-10-30 20:28 - 00000000 ___HD C:\$WINDOWS.~BT 2015-12-01 01:33 - 2015-10-30 08:26 - 00826872 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe 2015-12-01 01:33 - 2015-10-30 08:26 - 00176632 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl 2015-11-27 16:13 - 2015-11-02 15:55 - 00000000 ____D C:\Users\Lorenz\AppData\Roaming\Foxit Software 2015-11-26 10:27 - 2015-10-22 21:57 - 00000000 ____D C:\Users\Lorenz\Documents\inventor 2015-11-26 08:05 - 2014-10-14 23:54 - 00000000 ____D C:\Program Files\Microsoft Office 15 2015-11-26 08:02 - 2015-07-22 13:00 - 00002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk 2015-11-23 16:34 - 2014-10-15 21:19 - 00000000 ____D C:\ProgramData\Avira 2015-11-23 16:34 - 2014-10-15 21:19 - 00000000 ____D C:\Program Files (x86)\Avira 2015-11-23 16:32 - 2014-05-08 23:25 - 00000000 ____D C:\ProgramData\Package Cache 2015-11-22 10:18 - 2014-10-17 08:38 - 00000000 ____D C:\WINDOWS\system32\MRT 2015-11-22 10:15 - 2014-10-17 08:38 - 145617392 ____N (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe 2015-11-19 11:50 - 2015-04-14 12:15 - 00000000 ____D C:\Users\Lorenz\AppData\Local\Apple Inc 2015-11-19 11:49 - 2014-10-25 18:09 - 00000000 ____D C:\Program Files\Common Files\Apple 2015-11-13 18:30 - 2015-10-23 08:54 - 00000000 ____D C:\ProgramData\boost_interprocess 2015-11-11 08:08 - 2014-12-03 19:22 - 00000000 ____D C:\Users\Lorenz\AppData\Local\WEB.DE Application {sync-000021} ==================== Dateien im Wurzelverzeichnis einiger Verzeichnisse ======= 2015-10-09 18:04 - 2015-10-09 18:04 - 0000833 _____ () C:\Users\Lorenz\AppData\Local\recently-used.xbel 2015-12-02 11:18 - 2015-12-02 11:18 - 0000000 ____H () C:\ProgramData\DP45977C.lfl Einige Dateien in TEMP: ==================== C:\Users\Lorenz\AppData\Local\Temp\avgnt.exe C:\Users\Lorenz\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpv8h_f2.dll C:\Users\Lorenz\AppData\Local\Temp\sqlite3.dll ==================== Bamital & volsnap ================= (Es ist kein automatischer Fix für Dateien vorhanden, die an der Verifikation gescheitert sind.) C:\WINDOWS\system32\winlogon.exe => Datei ist digital signiert C:\WINDOWS\system32\wininit.exe => Datei ist digital signiert C:\WINDOWS\explorer.exe => Datei ist digital signiert C:\WINDOWS\SysWOW64\explorer.exe => Datei ist digital signiert C:\WINDOWS\system32\svchost.exe => Datei ist digital signiert C:\WINDOWS\SysWOW64\svchost.exe => Datei ist digital signiert C:\WINDOWS\system32\services.exe => Datei ist digital signiert C:\WINDOWS\system32\User32.dll => Datei ist digital signiert C:\WINDOWS\SysWOW64\User32.dll => Datei ist digital signiert C:\WINDOWS\system32\userinit.exe => Datei ist digital signiert C:\WINDOWS\SysWOW64\userinit.exe => Datei ist digital signiert C:\WINDOWS\system32\rpcss.dll => Datei ist digital signiert C:\WINDOWS\system32\dnsapi.dll => Datei ist digital signiert C:\WINDOWS\SysWOW64\dnsapi.dll => Datei ist digital signiert C:\WINDOWS\system32\Drivers\volsnap.sys => Datei ist digital signiert LastRegBack: 2015-12-02 11:17 ==================== Ende von FRST.txt ============================ |
|
10.12.2015, 15:38
| #12 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Trojaner eBay&email Hack vom PC entfernen schrauber ist verhindert. Ich spring hiermal für ihn ein. Starte bitte deinen Rechner neu, lade ESET neu runter und probier es nochmal.
__________________ Logfiles bitte immer in CODE-Tags posten |
|
11.12.2015, 11:31
| #13 |
| | Trojaner eBay&email Hack vom PC entfernen Hier das ESET log nacht dem erneuten Scan. Diesmal ohne Fund. Code:
ATTFilter ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# EOSSerial=e552569682e6b64f9ab038daea575f9b
# end=init
# utc_time=2015-12-11 07:31:17
# local_time=2015-12-11 08:31:17 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# osver=6.2.9200 NT
Update Init
Update Download
Update Finalize
Updated modules version: 27146
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# EOSSerial=e552569682e6b64f9ab038daea575f9b
# end=updated
# utc_time=2015-12-11 07:33:03
# local_time=2015-12-11 08:33:03 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# osver=6.2.9200 NT
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7777
# api_version=3.1.1
# EOSSerial=e552569682e6b64f9ab038daea575f9b
# engine=27146
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2015-12-11 09:37:54
# local_time=2015-12-11 10:37:54 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1031
# osver=6.2.9200 NT
# compatibility_mode_1=''
# compatibility_mode=5893 16776574 100 94 1537554 3751742 0 0
# scanned=420740
# found=0
# cleaned=0
# scan_time=7490
|
|
11.12.2015, 12:21
| #14 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Trojaner eBay&email Hack vom PC entfernenZitat:
__________________ Logfiles bitte immer in CODE-Tags posten |
|
11.12.2015, 12:31
| #15 |
| | Trojaner eBay&email Hack vom PC entfernen Da bin ich ehrlich gesagt überfragt. Die habe ich nicht bewusst gedownloadet. Soll ich auf 42.0 downgraden? |
|
| Themen zu Trojaner eBay&email Hack vom PC entfernen |
| akamai, antivirus, avira, bonjour, canon, converter, desktop, dnsapi.dll, downloader, e-mail, ebay, email, entfernen, festplatte, firefox, flash player, google, helper, homepage, hängt, mp3, onedrive, scan, software, starten, svchost.exe, trojaner, windows, windows 10 pro, windowsapps |
Linear-Darstellung
