|
Plagegeister aller Art und deren Bekämpfung: Direkt nach dem Start erscheint "Modul nicht gefunden".Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
04.12.2015, 23:53 | #16 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Direkt nach dem Start erscheint "Modul nicht gefunden". Okay, dann Kontrollscans mit (1) MBAM, (2) ESET und (3) SecurityCheck bitte: 1. Schritt: MBAM Downloade Dir bitte Malwarebytes Anti-Malware
2. Schritt: ESET ESET Online Scanner
3. Schritt: SecurityCheck Downloade Dir bitte SecurityCheck und:
__________________ Logfiles bitte immer in CODE-Tags posten |
05.12.2015, 15:26 | #17 |
| Ergebniss Schritt 1Code:
ATTFilter Malwarebytes Anti-Malware www.malwarebytes.org Suchlaufdatum: 05.12.2015 Suchlaufzeit: 10:09 Protokolldatei: mbam.txt Administrator: Ja Version: 2.2.0.1024 Malware-Datenbank: v2015.12.05.02 Rootkit-Datenbank: v2015.11.26.01 Lizenz: Kostenlose Version Malware-Schutz: Deaktiviert Schutz vor bösartigen Websites: Deaktiviert Selbstschutz: Deaktiviert Betriebssystem: Windows 10 CPU: x64 Dateisystem: NTFS Benutzer: Andreas Suchlauftyp: Bedrohungssuchlauf Ergebnis: Abgeschlossen Durchsuchte Objekte: 349953 Abgelaufene Zeit: 19 Min., 37 Sek. Speicher: Aktiviert Start: Aktiviert Dateisystem: Aktiviert Archive: Aktiviert Rootkits: Deaktiviert Heuristik: Aktiviert PUP: Aktiviert PUM: Aktiviert Prozesse: 0 (keine bösartigen Elemente erkannt) Module: 0 (keine bösartigen Elemente erkannt) Registrierungsschlüssel: 0 (keine bösartigen Elemente erkannt) Registrierungswerte: 0 (keine bösartigen Elemente erkannt) Registrierungsdaten: 0 (keine bösartigen Elemente erkannt) Ordner: 0 (keine bösartigen Elemente erkannt) Dateien: 0 (keine bösartigen Elemente erkannt) Physische Sektoren: 0 (keine bösartigen Elemente erkannt) (end) Sind aber auch schon ne ganze Menge "Bedrohungen" gefunden worden! just for Information Code:
ATTFilter # product=EOS # version=8 # OnlineScannerApp.exe=1.0.0.1 # EOSSerial=43d08f63df5ca943be2784b973bda4b1 # end=init # utc_time=2015-11-29 01:41:49 # local_time=2015-11-29 02:41:49 (+0100, Mitteleuropäische Zeit) # country="Germany" # osver=6.2.9200 NT Update Init Update Download Update Finalize Updated modules version: 26958 # product=EOS # version=8 # OnlineScannerApp.exe=1.0.0.1 # EOSSerial=43d08f63df5ca943be2784b973bda4b1 # end=updated # utc_time=2015-11-29 01:58:56 # local_time=2015-11-29 02:58:56 (+0100, Mitteleuropäische Zeit) # country="Germany" # osver=6.2.9200 NT # product=EOS # version=8 # OnlineScannerApp.exe=1.0.0.1 # EOSSerial=43d08f63df5ca943be2784b973bda4b1 # end=restart # utc_time=2015-11-29 03:32:05 # local_time=2015-11-29 04:32:05 (+0100, Mitteleuropäische Zeit) # country="Germany" # osver=6.2.9200 NT # compatibility_mode_1='*McAfee*' # compatibility_mode=5131 16777214 100 97 338632 72296565 0 0 # compatibility_mode_1='' # compatibility_mode=5893 16776574 100 94 0 39057943 0 0 # scanned=26771 # found=1 # cleaned=0 # scan_time=5588 sh=0BFBEEEF80FC46A0D9647FDF797024CD16E8CD46 ft=0 fh=0000000000000000 vn="VBS/TrojanDownloader.Agent.NSW Trojaner" ac=I fn="C:\task.vbs" ESETSmartInstaller@High as downloader log: all ok # product=EOS # version=8 # OnlineScannerApp.exe=1.0.0.1 # EOSSerial=43d08f63df5ca943be2784b973bda4b1 # end=init # utc_time=2015-12-05 09:43:30 # local_time=2015-12-05 10:43:30 (+0100, Mitteleuropäische Zeit) # country="Germany" # osver=6.2.9200 NT Update Init Update Download esets_scanner_update returned -1 esets_gle=37126 Update Finalize Updated modules version: 26958 Update Init Update Download Update Finalize Updated modules version: 27056 # product=EOS # version=8 # OnlineScannerApp.exe=1.0.0.1 # EOSSerial=43d08f63df5ca943be2784b973bda4b1 # end=updated # utc_time=2015-12-05 10:15:37 # local_time=2015-12-05 11:15:37 (+0100, Mitteleuropäische Zeit) # country="Germany" # osver=6.2.9200 NT # product=EOS # version=8 # OnlineScannerApp.exe=1.0.0.1 # OnlineScanner.ocx=1.0.0.7777 # api_version=3.1.1 # EOSSerial=43d08f63df5ca943be2784b973bda4b1 # engine=27056 # end=finished # remove_checked=false # archives_checked=true # unwanted_checked=true # unsafe_checked=false # antistealth_checked=true # utc_time=2015-12-05 02:08:10 # local_time=2015-12-05 03:08:10 (+0100, Mitteleuropäische Zeit) # country="Germany" # lang=1031 # osver=6.2.9200 NT # compatibility_mode_1='*McAfee*' # compatibility_mode=5131 16777214 100 97 851997 72809930 0 0 # compatibility_mode_1='' # compatibility_mode=5893 16776574 100 94 273950 3138633 0 0 # scanned=374418 # found=131 # cleaned=0 # scan_time=13952 sh=0F74DDAF60FF5FF448E41CB56A79B405E0AEDD87 ft=1 fh=4010740e62568522 vn="Variante von Win32/Adware.ConvertAd.ACS Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\D2A8B3F8-1448129326-E411-A654-3863BB803291\rnslBC1C.exe.vir" sh=352D94006557FFE56D0B3D4A3D53A33E1EDAA13B ft=1 fh=9c2deb251acdf724 vn="Variante von Win32/Systweak.R evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\WinZip Driver Updater\winzipdu.exe.vir" sh=F7EEA567AA11B09999E5D5E17530FC256F78C35D ft=1 fh=dc8f87524714783e vn="Variante von MSIL/AdvancedSystemProtector.F evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\WinZip Malware Protector\AppManager.exe.vir" sh=865E3B7AA30FFBB4A7F7AFC4E8A52C2C308E91B9 ft=1 fh=d7736b14590dd9c3 vn="Variante von MSIL/AdvancedSystemProtector.F evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\WinZip Malware Protector\scandll.dll.vir" sh=53940EF17A55EC5C6AF35F7C56C4184557361B08 ft=1 fh=bcf9dd432072e7a8 vn="Variante von MSIL/AdvancedSystemProtector.F evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\WinZip Malware Protector\WinZipMalwareProtector.exe.vir" sh=53BE24D16D1B9F8F4F130415E0615CC16772D14C ft=1 fh=5646d7e9d4cedd21 vn="Variante von Win32/Systweak.Q evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\WinZip Malware Protector\WMPUninstall.exe.vir" sh=BDD6AE3D757FA87D71A8065624941C62E1E9070A ft=0 fh=0000000000000000 vn="JS/ExtenBro.Agent.BB Trojaner" ac=I fn="C:\Users\Andreas\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmamnhfbiackmckkaopokinkpmccdnki\1.3.1_0\js\content.js" sh=895BEF7849648DFDE9D7D0DDF6AA198739ECF100 ft=1 fh=e1ba8e9052919c91 vn="Variante von Win32/DownloadSponsor.C evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Andreas\Downloads\VLC media player 32 Bit - CHIP-Installer.exe" sh=A901074F923EFA09A7E4413D55EF30C8FCBD0322 ft=1 fh=eb841dc825cb1c22 vn="Variante von Win32/DownloadSponsor.C evtl. unerwünschte Anwendung" ac=I fn="C:\VTRoot\HarddiskVolume4\Users\Andreas\AppData\Local\Temp\DMR\dmr_72.exe" sh=A901074F923EFA09A7E4413D55EF30C8FCBD0322 ft=1 fh=eb841dc825cb1c22 vn="Variante von Win32/DownloadSponsor.C evtl. unerwünschte Anwendung" ac=I fn="C:\VTRoot\HarddiskVolume4\Users\Andreas\AppData\Local\Temp\DMR\dmr_81.exe" sh=A901074F923EFA09A7E4413D55EF30C8FCBD0322 ft=1 fh=eb841dc825cb1c22 vn="Variante von Win32/DownloadSponsor.C evtl. unerwünschte Anwendung" ac=I fn="C:\VTRoot\HarddiskVolume4\Users\Andreas\AppData\Local\Temp\DMR\dmr_84.exe" sh=7D16401FD701874AB313FB72524EDAAAEBF74113 ft=1 fh=08dbe2062cf24deb vn="Variante von Win32/InstallCore.ADV.gen evtl. unerwünschte Anwendung" ac=I fn="C:\Windows.old\Users\Andreas\AppData\Local\Temp\ICReinstall_FlashPlayer_Updater.exe" sh=17DAB0DBFA564B365BBB266ABAA1D62CB65D955A ft=1 fh=e9ed991e5ca350d7 vn="Variante von Win32/InstallCore.ADV.gen evtl. unerwünschte Anwendung" ac=I fn="C:\Windows.old\Users\Andreas\AppData\Local\Temp\ICReinstall_setup.exe" sh=190FE8088073B9277754714A9D2067B463245DE6 ft=1 fh=bd7fc65e11f7a043 vn="Variante von Win32/Toptools.D evtl. unerwünschte Anwendung" ac=I fn="C:\Windows.old\Users\Andreas\AppData\Local\Temp\InstallHelper.exe" sh=F1A11BCDA4A8E453AD3DB72E662636E939DFA72B ft=1 fh=ebadc6ca290356af vn="Variante von Win32/Adware.EoRezo.BD Anwendung" ac=I fn="C:\Windows.old\Users\Andreas\AppData\Local\Temp\nsd3E75.tmp" sh=408F8513116CAF853F9B58BFCF36D7554F184803 ft=1 fh=40a873033ef981ba vn="Variante von Win32/Adware.MaxDriver.A Anwendung" ac=I fn="C:\Windows.old\Users\Andreas\AppData\Local\Temp\nsd68A3.tmp" sh=EAFE66F18B061AD2F47726D7E93A381DDD15F673 ft=1 fh=eb65ea13568a82f7 vn="Win32/TrojanClicker.Agent.NXU Trojaner" ac=I fn="C:\Windows.old\Users\Andreas\AppData\Local\Temp\nsdE4CF.tmp" sh=533FBE9D68E96AC05265B28DD2315DD78EF72C12 ft=1 fh=c907685d07d50abb vn="Variante von Win32/Adware.EoRezo.BD Anwendung" ac=I fn="C:\Windows.old\Users\Andreas\AppData\Local\Temp\nse2355.tmp" sh=54B82DAECEBE4901986F80BC76FA651EAC803B00 ft=1 fh=069d44709705e3dc vn="Win32/Amonetize.MB evtl. unerwünschte Anwendung" ac=I fn="C:\Windows.old\Users\Andreas\AppData\Local\Temp\nsg6B1.tmp" sh=EAFE66F18B061AD2F47726D7E93A381DDD15F673 ft=1 fh=eb65ea13568a82f7 vn="Win32/TrojanClicker.Agent.NXU Trojaner" ac=I fn="C:\Windows.old\Users\Andreas\AppData\Local\Temp\nsiB450.tmp" sh=196FD364B16B948269F5FE45FD210586C0806C9A ft=1 fh=3d31e6fdbc9546d2 vn="Variante von Win32/Adware.EoRezo.BD Anwendung" ac=I fn="C:\Windows.old\Users\Andreas\AppData\Local\Temp\nsj9308.tmp" sh=95B219D5EC3FC13BD2F3CA1D169A4B81C45A2AD8 ft=1 fh=8fbfd5fb2d33e48a vn="Win32/Amonetize.MB evtl. unerwünschte Anwendung" ac=I fn="C:\Windows.old\Users\Andreas\AppData\Local\Temp\nsjDC74.tmp" sh=EAFE66F18B061AD2F47726D7E93A381DDD15F673 ft=1 fh=eb65ea13568a82f7 vn="Win32/TrojanClicker.Agent.NXU Trojaner" ac=I fn="C:\Windows.old\Users\Andreas\AppData\Local\Temp\nsm3650.tmp" sh=3A5CFDC82EF48A08FC0B6F9D4B51DDDF2E1B030D ft=1 fh=f19dd17f80b52547 vn="Variante von Win32/Adware.EoRezo.BD Anwendung" ac=I fn="C:\Windows.old\Users\Andreas\AppData\Local\Temp\nsn31C2.tmp" sh=196FD364B16B948269F5FE45FD210586C0806C9A ft=1 fh=3d31e6fdbc9546d2 vn="Variante von Win32/Adware.EoRezo.BD Anwendung" ac=I fn="C:\Windows.old\Users\Andreas\AppData\Local\Temp\nso94F4.tmp" sh=0F1E00E9129CD01893A9ECDBFF19ACC7EC26AC04 ft=1 fh=e4d7c45ee3bbf53f vn="Variante von Win32/Adware.ConvertAd.TI Anwendung" ac=I fn="C:\Windows.old\Users\Andreas\AppData\Local\Temp\nsqB011.tmp" sh=D2E97F4E207F66981D733D74A32B55A228FCCD04 ft=1 fh=40a87303c6a83ed2 vn="Variante von Win32/Adware.MaxDriver.A Anwendung" ac=I fn="C:\Windows.old\Users\Andreas\AppData\Local\Temp\nsrEA2E.tmp" sh=E0118A55956BB3448D5D6F45EF7E9BD43C8224D8 ft=1 fh=b450d75ff86965e7 vn="Variante von Win32/Adware.ConvertAd.XC.gen Anwendung" ac=I fn="C:\Windows.old\Users\Andreas\AppData\Local\Temp\nst525A.tmp" sh=E0118A55956BB3448D5D6F45EF7E9BD43C8224D8 ft=1 fh=b450d75ff86965e7 vn="Variante von Win32/Adware.ConvertAd.XC.gen Anwendung" ac=I fn="C:\Windows.old\Users\Andreas\AppData\Local\Temp\nsv454A.tmp" sh=EAFE66F18B061AD2F47726D7E93A381DDD15F673 ft=1 fh=eb65ea13568a82f7 vn="Win32/TrojanClicker.Agent.NXU Trojaner" ac=I fn="C:\Windows.old\Users\Andreas\AppData\Local\Temp\nsx39.tmp" sh=EAFE66F18B061AD2F47726D7E93A381DDD15F673 ft=1 fh=eb65ea13568a82f7 vn="Win32/TrojanClicker.Agent.NXU Trojaner" ac=I fn="C:\Windows.old\Users\Andreas\AppData\Local\Temp\nsxF45.tmp" sh=3A01301D7EE706B350A579058F1EABD41B7C68BE ft=1 fh=385c591f09648f99 vn="Variante von Win32/Adware.EoRezo.BD Anwendung" ac=I fn="C:\Windows.old\Users\Andreas\AppData\Local\Temp\nsxFB43.tmp" sh=B5C5739DC495990D006A5365403F6CA260585A94 ft=1 fh=c71c001136a4ac30 vn="Variante von Win32/SoftPulse.AK evtl. unerwünschte Anwendung" ac=I fn="C:\Windows.old\Users\Andreas\AppData\Local\Temp\ScoreSelector.dll" sh=3F3B4ABF9A399E6ECB40ACCFDA28E41618812880 ft=1 fh=1ee80afc92f53ac8 vn="Variante von MSIL/SoftPulse.A evtl. unerwünschte Anwendung" ac=I fn="C:\Windows.old\Users\Andreas\AppData\Local\Temp\Setup.exe" sh=0DED0E762A05643FC39DEE3CB1EE58828677DEE1 ft=1 fh=3ead1f88ebf7ecb9 vn="Mehrere Bedrohungen" ac=I fn="C:\Windows.old\Users\Andreas\AppData\Local\Temp\supoptsetup.exe" sh=FF944DEB4ABF9C1C1464B60773F0AB3A2843FD54 ft=1 fh=c4a7cd0f43d5b82e vn="Variante von Win32/SoftPulse.AK evtl. unerwünschte Anwendung" ac=I fn="C:\Windows.old\Users\Andreas\AppData\Local\Temp\Wizard.exe" sh=B2EB16E51A240B1D246A8197F6D6219317AD5A2E ft=1 fh=20d9cb15fc2c4b53 vn="Variante von Win32/ELEX.FK evtl. unerwünschte Anwendung" ac=I fn="C:\Windows.old\Users\Andreas\AppData\Local\Temp\_@CC3A.tmp" sh=ED6A8AB3B2C699FD2A3939892B3A3B0E62D4D34E ft=1 fh=ff87811bc40d30cf vn="Mehrere Bedrohungen" ac=I fn="C:\Windows.old\Users\Andreas\AppData\Local\Temp\19TKLP8FJW\newversion.exe" sh=892E814AE984AFEE0F8116AB9C3BA55BE8A67D55 ft=1 fh=490773a4c4b5f3dc vn="Win32/SpeedUpMyPC.A evtl. unerwünschte Anwendung" ac=I fn="C:\Windows.old\Users\Andreas\AppData\Local\Temp\3nrl5i52.qln\speedupmypc.exe" sh=ED6A8AB3B2C699FD2A3939892B3A3B0E62D4D34E ft=1 fh=ff87811bc40d30cf vn="Mehrere Bedrohungen" ac=I fn="C:\Windows.old\Users\Andreas\AppData\Local\Temp\41V8MMTHH0\newversion.exe" sh=93D69D2EBA261695AC28663A25CEDB5BF6D81535 ft=1 fh=65e7cb3faa7bf12f vn="Mehrere Bedrohungen" ac=I fn="C:\Windows.old\Users\Andreas\AppData\Local\Temp\616K3OT6RH\newversion.exe" sh=8D972729C4FA03DEF4858EC4B04395DB89ECB4DB ft=1 fh=65e7cb3f7bcb3f1e vn="Mehrere Bedrohungen" ac=I fn="C:\Windows.old\Users\Andreas\AppData\Local\Temp\9SCC4QCOWT\newversion.exe" sh=E0761938B20CBACDD10302FF990C49FFF278E631 ft=1 fh=fd26318b0144cc98 vn="Mehrere Bedrohungen" ac=I fn="C:\Windows.old\Users\Andreas\AppData\Local\Temp\9SCC4QCOWT\SVH.exe" sh=158CDAD62CE48DD750E4C611F1A9F1B8C0D8C9B1 ft=1 fh=a3def11bdf865332 vn="Mehrere Bedrohungen" ac=I fn="C:\Windows.old\Users\Andreas\AppData\Local\Temp\9ZA5O9SOHN\newversion.exe" sh=4BC08A12DC60EE385E107983E1C475BE12409D02 ft=1 fh=fd26318b88fcddfa vn="Mehrere Bedrohungen" ac=I fn="C:\Windows.old\Users\Andreas\AppData\Local\Temp\9ZA5O9SOHN\SVH.exe" sh=775C8060AA9882A381D0E57370FC912DB389CE20 ft=1 fh=220792e19a77396e vn="Variante von Win32/ELEX.FF evtl. unerwünschte Anwendung" ac=I fn="C:\Windows.old\Users\Andreas\AppData\Local\Temp\benz81\tmp\wpm_v20.0.0.2305.exe" sh=20EB84E32900032DF2D929B709439054B4C6C174 ft=1 fh=ca4769e0c0d817f4 vn="Mehrere Bedrohungen" ac=I fn="C:\Windows.old\Users\Andreas\AppData\Local\Temp\BIHYODWB1Z\newversion.exe" sh=7AC6DEE71380FF09EF2D251E6EFF15D6744D452D ft=1 fh=40a873034d9e7093 vn="Variante von Win32/Adware.MaxDriver.A Anwendung" ac=I fn="C:\Windows.old\Users\Andreas\AppData\Local\Temp\efifegu2.br1\spaceeplus.exe" sh=FC7A9B50208655E9E4996AC3FCB4F71FCD4DB22E ft=1 fh=babc611b4508a86d vn="Mehrere Bedrohungen" ac=I fn="C:\Windows.old\Users\Andreas\AppData\Local\Temp\I0CYYQU21W\newversion.exe" sh=7132B33F6A67D67D4614F90883E3D760D8403159 ft=1 fh=436deeec2d682792 vn="Variante von Win32/InstallCore.ADV.gen evtl. unerwünschte Anwendung" ac=I fn="C:\Windows.old\Users\Andreas\AppData\Local\Temp\ICSW1.17\ICSW1.17_0P1F1E1T0J1T1C1.17.exe" sh=95B87BA1408D46AD1E5226976CA796726B929727 ft=1 fh=578759b0ef83f352 vn="Variante von Win32/ELEX.GC evtl. unerwünschte Anwendung" ac=I fn="C:\Windows.old\Users\Andreas\AppData\Local\Temp\in0DF01217\16B9AAE9_stp\5087_cornl_sweet-page.exe" sh=6EFB59327A171BDAE665D55C4C5C6019057026DC ft=1 fh=9cd924a253a37f1e vn="Variante von Win32/ELEX.FK evtl. unerwünschte Anwendung" ac=I fn="C:\Windows.old\Users\Andreas\AppData\Local\Temp\in71CF9CF0\286D395A_stp\5126_cornl_istartpageing.exe" sh=95063E12CB76B37F855C4D66198391B12D17731D ft=1 fh=12d618c4ec7a28fe vn="Variante von Win32/Adware.EoRezo.AY Anwendung" ac=I fn="C:\Windows.old\Users\Andreas\AppData\Local\Temp\is-07TAK.tmp\600.exe" sh=9055D9ADE71074E174F218BCD46EEB2432E3B57B ft=1 fh=12d618c41f6e361a vn="Variante von Win32/Adware.EoRezo.AY Anwendung" ac=I fn="C:\Windows.old\Users\Andreas\AppData\Local\Temp\is-07TAK.tmp\663.exe" sh=F446A471E6CFAE88BD7545A7F8AA6EA523AB7359 ft=1 fh=12d618c4ee87a48c vn="Variante von Win32/Adware.EoRezo.AY Anwendung" ac=I fn="C:\Windows.old\Users\Andreas\AppData\Local\Temp\is-07TAK.tmp\package_bobrowser_installer_multilang.exe" sh=A2CC2A900E9D664AF09D5E16BC98EFCEC7ECCE81 ft=1 fh=fd26318b475f52fb vn="Mehrere Bedrohungen" ac=I fn="C:\Windows.old\Users\Andreas\AppData\Local\Temp\is-1KL5D.tmp\Z2VudGxlbWptcF9pZXU=.exe" sh=BD7A32478C78DB94B0EF7896EEC88B6738CC078E ft=1 fh=4d3314d4a6c9994d vn="Variante von Win32/Adware.EoRezo.AY Anwendung" ac=I fn="C:\Windows.old\Users\Andreas\AppData\Local\Temp\is-1OCF5.tmp\465.exe" sh=D638E42B5E2719439D33AE516B41DDB811588A4E ft=1 fh=4d3314d4b929630e vn="Variante von Win32/Adware.EoRezo.AY Anwendung" ac=I fn="C:\Windows.old\Users\Andreas\AppData\Local\Temp\is-1OCF5.tmp\697.exe" sh=44C6E06F6D59F55B0AB60958078741D0434B39A6 ft=1 fh=4d3314d4459d065a vn="Variante von Win32/Adware.EoRezo.AY Anwendung" ac=I fn="C:\Windows.old\Users\Andreas\AppData\Local\Temp\is-1OCF5.tmp\package_SByoutube_installer_multilang.exe" sh=6A930D10ADEDC340E4E5A5596DFF255E16C51666 ft=1 fh=fd26318be34255ed vn="Mehrere Bedrohungen" ac=I fn="C:\Windows.old\Users\Andreas\AppData\Local\Temp\is-1RCBN.tmp\gentlemjmp_ieu.exe" sh=B1F575F2B045B6140A4169CA7C1132D54D11FA77 ft=1 fh=d53df512aa5938f2 vn="Variante von Win32/Adware.EoRezo.AY Anwendung" ac=I fn="C:\Windows.old\Users\Andreas\AppData\Local\Temp\is-6S0HL.tmp\493.exe" sh=00278FC957FA6EC33FDB49F845FC73850C07397C ft=1 fh=d6f8a4ee8509009b vn="Variante von Win32/Adware.EoRezo.AY Anwendung" ac=I fn="C:\Windows.old\Users\Andreas\AppData\Local\Temp\is-716VK.tmp\692.exe" sh=B581FE5E489C350F75E0A92C6AE4A3F4832D458E ft=1 fh=d6f8a4eeb096d0d5 vn="Variante von Win32/Adware.EoRezo.AY Anwendung" ac=I fn="C:\Windows.old\Users\Andreas\AppData\Local\Temp\is-716VK.tmp\697.exe" sh=518E27BC2A16E1FF6D3D5D15934CBA2AB81BEB13 ft=1 fh=d6f8a4ee1558f92a vn="Variante von Win32/Adware.EoRezo.AY Anwendung" ac=I fn="C:\Windows.old\Users\Andreas\AppData\Local\Temp\is-716VK.tmp\package_SByoutube_installer_multilang.exe" sh=031EC207288D6C641A704014F841EBEAA244E443 ft=1 fh=fd26318bd710d3de vn="Mehrere Bedrohungen" ac=I fn="C:\Windows.old\Users\Andreas\AppData\Local\Temp\is-7FRDB.tmp\gentlemjmp_ieu.exe" sh=CACA8DE63D6C54C5FBFDA81146D6836D540F7A83 ft=1 fh=9aef1e84c166986e vn="Variante von Win32/Adware.EoRezo.AY Anwendung" ac=I fn="C:\Windows.old\Users\Andreas\AppData\Local\Temp\is-87GJT.tmp\493.exe" sh=997C5CA929E6C90363A8B13528B5DE300FECE93F ft=1 fh=8d7a8ee22162d997 vn="Variante von Win32/Adware.EoRezo.AY Anwendung" ac=I fn="C:\Windows.old\Users\Andreas\AppData\Local\Temp\is-9H8NG.tmp\465.exe" sh=A8F22BDF9369C13DA755FB50FECE6B031663E83F ft=1 fh=8d7a8ee2c86587bb vn="Variante von Win32/Adware.EoRezo.AY Anwendung" ac=I fn="C:\Windows.old\Users\Andreas\AppData\Local\Temp\is-9H8NG.tmp\697.exe" sh=B15016F57E19EB2580B2247F7572880D1264DE9A ft=1 fh=8d7a8ee20891859b vn="Variante von Win32/Adware.EoRezo.AY Anwendung" ac=I fn="C:\Windows.old\Users\Andreas\AppData\Local\Temp\is-9H8NG.tmp\package_SByoutube_installer_multilang.exe" sh=2635E5FD415D297CFDA01EAD90283B89C7AD6D21 ft=1 fh=fd26318be051c1e4 vn="Mehrere Bedrohungen" ac=I fn="C:\Windows.old\Users\Andreas\AppData\Local\Temp\is-9SHAN.tmp\Z2VudGxlbWptcF9pZXU=.exe" sh=A2CC2A900E9D664AF09D5E16BC98EFCEC7ECCE81 ft=1 fh=fd26318b475f52fb vn="Mehrere Bedrohungen" ac=I fn="C:\Windows.old\Users\Andreas\AppData\Local\Temp\is-AQECI.tmp\Z2VudGxlbWptcF9pZXU=.exe" sh=18C98E16D8A956098C6DB2AEF69C77334E341755 ft=1 fh=38604c8b924029b4 vn="Variante von Win32/Adware.EoRezo.AY Anwendung" ac=I fn="C:\Windows.old\Users\Andreas\AppData\Local\Temp\is-ARRUG.tmp\11.exe" sh=4CAD4EAFF0D1DD93B24418CF09AF9CDD7475A344 ft=1 fh=38604c8b65b1ed6c vn="Variante von Win32/Adware.EoRezo.AY Anwendung" ac=I fn="C:\Windows.old\Users\Andreas\AppData\Local\Temp\is-ARRUG.tmp\465.exe" sh=9B900C5A29260F4894684CAA3EC6BBDB124B9C08 ft=1 fh=38604c8b96a5f388 vn="Variante von Win32/Adware.EoRezo.AY Anwendung" ac=I fn="C:\Windows.old\Users\Andreas\AppData\Local\Temp\is-ARRUG.tmp\473.exe" sh=3EDCC3101D0BC33D94A804568DC160AF68562C96 ft=1 fh=38604c8b83ca601f vn="Variante von Win32/Adware.EoRezo.AY Anwendung" ac=I fn="C:\Windows.old\Users\Andreas\AppData\Local\Temp\is-ARRUG.tmp\493.exe" sh=008F8016ED9A34DC537111D8329852E0A2616967 ft=1 fh=38604c8be40dc7b2 vn="Variante von Win32/Adware.EoRezo.AY Anwendung" ac=I fn="C:\Windows.old\Users\Andreas\AppData\Local\Temp\is-ARRUG.tmp\600.exe" sh=26F4509899EF7AB56409FF2227CC6C21825C1F20 ft=1 fh=38604c8b8d734752 vn="Variante von Win32/Adware.EoRezo.AY Anwendung" ac=I fn="C:\Windows.old\Users\Andreas\AppData\Local\Temp\is-ARRUG.tmp\607.exe" sh=692D529BD6C7EAFBE493C85FEBEBCC2D0545C720 ft=1 fh=38604c8b16671f6f vn="Variante von Win32/Adware.EoRezo.AY Anwendung" ac=I fn="C:\Windows.old\Users\Andreas\AppData\Local\Temp\is-ARRUG.tmp\643.exe" sh=78126D851B45727FB5BC0E41056F05F7EB264B52 ft=1 fh=dd330a757c9277ab vn="Variante von Win32/Adware.EoRezo.AY Anwendung" ac=I fn="C:\Windows.old\Users\Andreas\AppData\Local\Temp\is-ARRUG.tmp\692.exe" sh=6DE0F214BAEFEF27CCF6D375F136E4D585190547 ft=1 fh=38604c8b4a864fc1 vn="Variante von Win32/Adware.EoRezo.AY Anwendung" ac=I fn="C:\Windows.old\Users\Andreas\AppData\Local\Temp\is-ARRUG.tmp\697.exe" sh=43C911CEC1E69BE4CF3642F680F1479CBC300E72 ft=1 fh=38604c8b5f8e4692 vn="Variante von Win32/Adware.EoRezo.AY Anwendung" ac=I fn="C:\Windows.old\Users\Andreas\AppData\Local\Temp\is-ARRUG.tmp\package_SByoutube_installer_multilang.exe" sh=DE5ABF1DABD166F93EFD3D8B8386C362373F1B7E ft=1 fh=38604c8b9d3b64ce vn="Variante von Win32/Adware.EoRezo.AY Anwendung" ac=I fn="C:\Windows.old\Users\Andreas\AppData\Local\Temp\is-ARRUG.tmp\package_vuupc_installer_multilang.exe" sh=2635E5FD415D297CFDA01EAD90283B89C7AD6D21 ft=1 fh=fd26318be051c1e4 vn="Mehrere Bedrohungen" ac=I fn="C:\Windows.old\Users\Andreas\AppData\Local\Temp\is-C625I.tmp\Z2VudGxlbWptcF9pZXU=.exe" sh=50B7C0260A362507BF7B7378B65F2B8D0CB7B886 ft=1 fh=3e44228ed5105704 vn="Variante von Win32/Adware.EoRezo.AY Anwendung" ac=I fn="C:\Windows.old\Users\Andreas\AppData\Local\Temp\is-CK7RM.tmp\577.exe" sh=7F9108FB025EE76193F517D4571AF2AF32D9CB3E ft=1 fh=3e44228e5a72c053 vn="Variante von Win32/Adware.EoRezo.AY Anwendung" ac=I fn="C:\Windows.old\Users\Andreas\AppData\Local\Temp\is-CK7RM.tmp\600.exe" sh=6DF0AE89963E3A7FBEC897867B61827532FAFAB2 ft=1 fh=3e44228e48c76fbd vn="Variante von Win32/Adware.EoRezo.AY Anwendung" ac=I fn="C:\Windows.old\Users\Andreas\AppData\Local\Temp\is-CK7RM.tmp\692.exe" sh=E31808A9B690054A6CE5BDA6B3D72D8250448192 ft=1 fh=3e44228e65d677a8 vn="Variante von Win32/Adware.EoRezo.AY Anwendung" ac=I fn="C:\Windows.old\Users\Andreas\AppData\Local\Temp\is-CK7RM.tmp\697.exe" sh=FBF69DAE51BA5A68F9C554D090F321DAE4CAD20D ft=1 fh=3e44228e330bde96 vn="Variante von Win32/Adware.EoRezo.AY Anwendung" ac=I fn="C:\Windows.old\Users\Andreas\AppData\Local\Temp\is-CK7RM.tmp\package_SByoutube_installer_multilang.exe" sh=A75243528F0D9159EC74F79A262E6BE104993AEA ft=1 fh=9aef1e8465b1ed6c vn="Variante von Win32/Adware.EoRezo.AY Anwendung" ac=I fn="C:\Windows.old\Users\Andreas\AppData\Local\Temp\is-CS3KF.tmp\465.exe" sh=2635E5FD415D297CFDA01EAD90283B89C7AD6D21 ft=1 fh=fd26318be051c1e4 vn="Mehrere Bedrohungen" ac=I fn="C:\Windows.old\Users\Andreas\AppData\Local\Temp\is-D1LQU.tmp\Z2VudGxlbWptcF9pZXU=.exe" sh=7CCDA027B8A6B3D72652E8E1B2D4EAE89E9DD3E9 ft=1 fh=8ce49964ec18b8d0 vn="Variante von Win32/Adware.EoRezo.AY Anwendung" ac=I fn="C:\Windows.old\Users\Andreas\AppData\Local\Temp\is-DLOG7.tmp\600.exe" sh=0CA6425715BAD3FA8E95C691F7868B15B9C0A305 ft=1 fh=8ce49964c4ecc0b5 vn="Variante von Win32/Adware.EoRezo.AY Anwendung" ac=I fn="C:\Windows.old\Users\Andreas\AppData\Local\Temp\is-DLOG7.tmp\package_bobrowser_installer_multilang.exe" sh=480305A343A9438444CB53734FA49A05C1CA23B1 ft=1 fh=fd26318bf1ff586c vn="Mehrere Bedrohungen" ac=I fn="C:\Windows.old\Users\Andreas\AppData\Local\Temp\is-DT1NC.tmp\Z2VudGxlbWptcF9pZXU=.exe" sh=5B51518F7D8D178159E8683FBD867EFCCDFBE860 ft=1 fh=4e45d379f37d26ce vn="Variante von Win32/Adware.CognosAds.C Anwendung" ac=I fn="C:\Windows.old\Users\Andreas\AppData\Local\Temp\is-G6SQU.tmp\437.exe" sh=508873D1026C0531F608F8278B6AF04F1A3C8CC6 ft=1 fh=fd26318ba144db69 vn="Mehrere Bedrohungen" ac=I fn="C:\Windows.old\Users\Andreas\AppData\Local\Temp\is-GI1JE.tmp\Z2VudGxlbWptcF9pZXU=.exe" sh=2635E5FD415D297CFDA01EAD90283B89C7AD6D21 ft=1 fh=fd26318be051c1e4 vn="Mehrere Bedrohungen" ac=I fn="C:\Windows.old\Users\Andreas\AppData\Local\Temp\is-H7QEM.tmp\Z2VudGxlbWptcF9pZXU=.exe" sh=7CCDA027B8A6B3D72652E8E1B2D4EAE89E9DD3E9 ft=1 fh=8ce49964ec18b8d0 vn="Variante von Win32/Adware.EoRezo.AY Anwendung" ac=I fn="C:\Windows.old\Users\Andreas\AppData\Local\Temp\is-HSL01.tmp\600.exe" sh=F8FF54C18F33E4E50C10EE8F98AAA24D790982AF ft=1 fh=8ce49964fb5191ff vn="Variante von Win32/Adware.EoRezo.AY Anwendung" ac=I fn="C:\Windows.old\Users\Andreas\AppData\Local\Temp\is-HSL01.tmp\package_SByoutube_installer_multilang.exe" sh=65015EA32B1F0A7F5392A651EA169C8B887DDA3A ft=1 fh=fd26318b3e73303a vn="Mehrere Bedrohungen" ac=I fn="C:\Windows.old\Users\Andreas\AppData\Local\Temp\is-IOG2A.tmp\gentlemjmp_ieu.exe" sh=C3CDE81A07A648F6240D1F3FAB2AE797718E75BC ft=1 fh=fd26318b7560fb08 vn="Mehrere Bedrohungen" ac=I fn="C:\Windows.old\Users\Andreas\AppData\Local\Temp\is-K6PU9.tmp\gentlemjmp_ieu.exe" sh=DA48000D817C232758F8C7866F0CAD9A801F3E65 ft=1 fh=1a99e41083ca601f vn="Variante von Win32/Adware.EoRezo.AY Anwendung" ac=I fn="C:\Windows.old\Users\Andreas\AppData\Local\Temp\is-KJMIN.tmp\493.exe" sh=B229ACBD84389E6BF7F7A2B38A5DE567B8933A98 ft=1 fh=7495cfa2526f1d5e vn="Variante von Win32/Adware.EoRezo.AY Anwendung" ac=I fn="C:\Windows.old\Users\Andreas\AppData\Local\Temp\is-L73B1.tmp\465.exe" sh=27984D28A5BEF0917B15A02CA5F36234B508D0A7 ft=1 fh=7495cfa2e8f5c083 vn="Variante von Win32/Adware.EoRezo.AY Anwendung" ac=I fn="C:\Windows.old\Users\Andreas\AppData\Local\Temp\is-L73B1.tmp\697.exe" sh=4C09DAA0BD75CA38ADFBD4F258AD6B7C174AC8ED ft=1 fh=7495cfa29a3a6e7d vn="Variante von Win32/Adware.EoRezo.AY Anwendung" ac=I fn="C:\Windows.old\Users\Andreas\AppData\Local\Temp\is-L73B1.tmp\package_SByoutube_installer_multilang.exe" sh=2635E5FD415D297CFDA01EAD90283B89C7AD6D21 ft=1 fh=fd26318be051c1e4 vn="Mehrere Bedrohungen" ac=I fn="C:\Windows.old\Users\Andreas\AppData\Local\Temp\is-MRC9A.tmp\Z2VudGxlbWptcF9pZXU=.exe" sh=A2CC2A900E9D664AF09D5E16BC98EFCEC7ECCE81 ft=1 fh=fd26318b475f52fb vn="Mehrere Bedrohungen" ac=I fn="C:\Windows.old\Users\Andreas\AppData\Local\Temp\is-N492B.tmp\Z2VudGxlbWptcF9pZXU=.exe" sh=8A7559B603441D127CF21E82911D97F61F609D00 ft=1 fh=366ff1da8509009b vn="Variante von Win32/Adware.EoRezo.AY Anwendung" ac=I fn="C:\Windows.old\Users\Andreas\AppData\Local\Temp\is-P4VMN.tmp\577.exe" sh=19FFE85EDE5C89C2E9F8F709F6C67DE4CC8FB7F6 ft=1 fh=366ff1dab2d7f0a9 vn="Variante von Win32/Adware.EoRezo.AY Anwendung" ac=I fn="C:\Windows.old\Users\Andreas\AppData\Local\Temp\is-P4VMN.tmp\600.exe" sh=6C84D584F1FAB3C68741C84F68B35974FA208FD9 ft=1 fh=366ff1da0a6b97cc vn="Variante von Win32/Adware.EoRezo.AY Anwendung" ac=I fn="C:\Windows.old\Users\Andreas\AppData\Local\Temp\is-P4VMN.tmp\692.exe" sh=A77476757087541A994F0C1532CC493B71C88ED0 ft=1 fh=366ff1da2d41e86c vn="Variante von Win32/Adware.EoRezo.AY Anwendung" ac=I fn="C:\Windows.old\Users\Andreas\AppData\Local\Temp\is-P4VMN.tmp\697.exe" sh=523B5BB067AAC08550FB7DE8E594610F552C6C8E ft=1 fh=366ff1da80f5865a vn="Variante von Win32/Adware.EoRezo.AY Anwendung" ac=I fn="C:\Windows.old\Users\Andreas\AppData\Local\Temp\is-P4VMN.tmp\package_SByoutube_installer_multilang.exe" sh=73A3F3E87A0B4CCC9077686A2A8DD0A2A086F255 ft=1 fh=fd26318b1f25a41c vn="Mehrere Bedrohungen" ac=I fn="C:\Windows.old\Users\Andreas\AppData\Local\Temp\is-Q6HRE.tmp\gentlemjmp_ieu.exe" sh=1D5BF4CAFC616BF1B4F5F8AF1E3E3B2FF74C9CCD ft=1 fh=fd26318b0d00c283 vn="Mehrere Bedrohungen" ac=I fn="C:\Windows.old\Users\Andreas\AppData\Local\Temp\is-R7T04.tmp\gentlemjmp_ieu.exe" sh=C1B89A5D3AAA26A91AE2C43D9AD5C25BB2F1017F ft=1 fh=fd26318bc29025c4 vn="Mehrere Bedrohungen" ac=I fn="C:\Windows.old\Users\Andreas\AppData\Local\Temp\is-RMN2P.tmp\gentlemjmp_ieu.exe" sh=EB8CD39B479EA3B269F06414E0FBDE8C633396B1 ft=1 fh=fd26318b7c710797 vn="Mehrere Bedrohungen" ac=I fn="C:\Windows.old\Users\Andreas\AppData\Local\Temp\is-S3LDK.tmp\Z2VudGxlbWptcF9pZXU=.exe" sh=3EDCC3101D0BC33D94A804568DC160AF68562C96 ft=1 fh=38604c8b83ca601f vn="Variante von Win32/Adware.EoRezo.AY Anwendung" ac=I fn="C:\Windows.old\Users\Andreas\AppData\Local\Temp\is-SGHKP.tmp\493.exe" sh=2635E5FD415D297CFDA01EAD90283B89C7AD6D21 ft=1 fh=fd26318be051c1e4 vn="Mehrere Bedrohungen" ac=I fn="C:\Windows.old\Users\Andreas\AppData\Local\Temp\is-SLIVJ.tmp\Z2VudGxlbWptcF9pZXU=.exe" sh=2635E5FD415D297CFDA01EAD90283B89C7AD6D21 ft=1 fh=fd26318be051c1e4 vn="Mehrere Bedrohungen" ac=I fn="C:\Windows.old\Users\Andreas\AppData\Local\Temp\is-TRLVB.tmp\Z2VudGxlbWptcF9pZXU=.exe" sh=E2E5647E3AFED35A4E8E662A6B85A0AD9BF2753D ft=1 fh=fd26318b564095bd vn="Mehrere Bedrohungen" ac=I fn="C:\Windows.old\Users\Andreas\AppData\Local\Temp\is-TSAII.tmp\Z2VudGxlbWptcF9pZXU=.exe" sh=3EDCC3101D0BC33D94A804568DC160AF68562C96 ft=1 fh=38604c8b83ca601f vn="Variante von Win32/Adware.EoRezo.AY Anwendung" ac=I fn="C:\Windows.old\Users\Andreas\AppData\Local\Temp\is-V72JT.tmp\493.exe" sh=5345FC1A39A5973940BC9F44D10CF1C87CEF45A1 ft=1 fh=fd26318bc695a63f vn="Mehrere Bedrohungen" ac=I fn="C:\Windows.old\Users\Andreas\AppData\Local\Temp\is-VSV4J.tmp\gentlemjmp_ieu.exe" sh=ED6A8AB3B2C699FD2A3939892B3A3B0E62D4D34E ft=1 fh=ff87811bc40d30cf vn="Mehrere Bedrohungen" ac=I fn="C:\Windows.old\Users\Andreas\AppData\Local\Temp\JJXEYSKQSH\newversion.exe" sh=55211CD3AC08A1AC7AF048915B3794883D41C845 ft=1 fh=c6af81cc096e9c55 vn="Variante von MSIL/WebBar.A evtl. unerwünschte Anwendung" ac=I fn="C:\Windows.old\Users\Andreas\AppData\Local\Temp\knjty03x.0z3\Web_Bar_Setup_is2.exe" sh=ED6A8AB3B2C699FD2A3939892B3A3B0E62D4D34E ft=1 fh=ff87811bc40d30cf vn="Mehrere Bedrohungen" ac=I fn="C:\Windows.old\Users\Andreas\AppData\Local\Temp\MCEA7ZZXTN\newversion.exe" sh=ED6A8AB3B2C699FD2A3939892B3A3B0E62D4D34E ft=1 fh=ff87811bc40d30cf vn="Mehrere Bedrohungen" ac=I fn="C:\Windows.old\Users\Andreas\AppData\Local\Temp\P1SCFDD17X\newversion.exe" sh=4E30422BB4B9522304BBCC0867C643E01A7BD2DF ft=1 fh=fd26318b13e9b01f vn="Variante von Win32/Adware.EoRezo.BD Anwendung" ac=I fn="C:\Windows.old\Users\Andreas\AppData\Local\Temp\pi5zx1ff.a0c\setup_mpck_en.exe" sh=F6D6BCCD270AE7510F18932CC73283FD1ECEC79D ft=1 fh=ca4769e0b1a0a006 vn="Mehrere Bedrohungen" ac=I fn="C:\Windows.old\Users\Andreas\AppData\Local\Temp\Q87MZ5ZBQZ\newversion.exe" sh=ED6A8AB3B2C699FD2A3939892B3A3B0E62D4D34E ft=1 fh=ff87811bc40d30cf vn="Mehrere Bedrohungen" ac=I fn="C:\Windows.old\Users\Andreas\AppData\Local\Temp\WCJ3PONSX7\newversion.exe" sh=E0761938B20CBACDD10302FF990C49FFF278E631 ft=1 fh=fd26318b0144cc98 vn="Mehrere Bedrohungen" ac=I fn="C:\Windows.old\Users\Andreas\AppData\Local\Temp\WCP7PA1MRH\SVH.exe" sh=643C432537765B34615B28D054E3FBBBD8D0F3E5 ft=1 fh=ec0d04ce84fb3f4f vn="Variante von Win32/ELEX.FK evtl. unerwünschte Anwendung" ac=I fn="C:\Windows.old\Users\Andreas\AppData\Local\Temp\wncszrnj.ve2\lly1_istartsurf.exe" sh=ED6A8AB3B2C699FD2A3939892B3A3B0E62D4D34E ft=1 fh=ff87811bc40d30cf vn="Mehrere Bedrohungen" ac=I fn="C:\Windows.old\Users\Andreas\AppData\Local\Temp\Y0U1BNZ208\newversion.exe" Code:
ATTFilter Results of screen317's Security Check version 1.013 --- 11/28/15 x64 (UAC is enabled) Internet Explorer 11 ``````````````Antivirus/Firewall Check:`````````````` Windows Defender McAfee Anti-Virus und Anti-Spyware WMI entry may not exist for antivirus; attempting automatic update. `````````Anti-malware/Other Utilities Check:````````` AVG PC TuneUp 2015 AVG PC TuneUp 2015 (de-DE) AVG PC TuneUp 2015 Google Chrome (46.0.2490.86) ````````Process Check: objlist.exe by Laurent```````` Malwarebytes Anti-Malware mbam.exe Malwarebytes Anti-Malware mbamscheduler.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C: % ````````````````````End of Log`````````````````````` |
05.12.2015, 23:00 | #18 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Direkt nach dem Start erscheint "Modul nicht gefunden". Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.
__________________Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument Code:
ATTFilter C:\task.vbs C:\Users\Andreas\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmamnhfbiackmckkaopokinkpmccdnki C:\Users\Andreas\Downloads\VLC media player 32 Bit - CHIP-Installer.exe C:\Windows.old emptytemp: Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
__________________ |
09.12.2015, 14:50 | #19 |
| Direkt nach dem Start erscheint "Modul nicht gefunden".Code:
ATTFilter Entferungsergebnis von Farbar Recovery Scan Tool (x64) Version:05-12-2015 durchgeführt von Andreas (2015-12-09 14:04:34) Run:3 Gestartet von C:\Users\Andreas\Desktop\F Geladene Profile: Andreas & (Verfügbare Profile: Andreas) Start-Modus: Normal ============================================== fixlist Inhalt: ***************** C:\task.vbs C:\Users\Andreas\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmamnhfbiackmckkaopokinkpmccdnki C:\Users\Andreas\Downloads\VLC media player 32 Bit - CHIP-Installer.exe C:\Windows.old emptytemp: ***************** "C:\task.vbs" => nicht gefunden. C:\Users\Andreas\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmamnhfbiackmckkaopokinkpmccdnki => erfolgreich verschoben C:\Users\Andreas\Downloads\VLC media player 32 Bit - CHIP-Installer.exe => erfolgreich verschoben C:\Windows.old => erfolgreich verschoben EmptyTemp: => 29.9 MB temporäre Dateien entfernt. Das System musste neu gestartet werden. ==== Ende von Fixlog 14:04:51 ==== poste den auch gleich nochmal mit: Code:
ATTFilter Malwarebytes Anti-Malware www.malwarebytes.org Update, 09.12.2015 13:51, SYSTEM, ANDREAS, Scheduler, IP Database, 2015.12.4.3, 2015.12.8.1, Update, 09.12.2015 13:51, SYSTEM, ANDREAS, Scheduler, Domain Database, 2015.12.7.2, 2015.12.8.7, Update, 09.12.2015 13:51, SYSTEM, ANDREAS, Scheduler, Malware Database, 2015.12.7.6, 2015.12.9.2, Error, 09.12.2015 14:06, SYSTEM, ANDREAS, Protection, IsLicensed, 13, Protection, 09.12.2015 14:06, SYSTEM, ANDREAS, Protection, Malware Protection, Stopping, Protection, 09.12.2015 14:06, SYSTEM, ANDREAS, Protection, Malware Protection, Stopped, Scan, 09.12.2015 14:38, SYSTEM, ANDREAS, Manual, Start: 09.12.2015 14:10, Dauer: 27 Min. 11 Sek., Bedrohungssuchlauf, Abgeschlossen, 0 Malware-Erkennung, 1 Nicht-Malware-Erkennung, (end) Code:
ATTFilter Malwarebytes Anti-Malware www.malwarebytes.org Suchlaufdatum: 09.12.2015 Suchlaufzeit: 14:10 Protokolldatei: Administrator: Ja Version: 2.2.0.1024 Malware-Datenbank: v2015.12.09.02 Rootkit-Datenbank: v2015.12.07.01 Lizenz: Kostenlose Version Malware-Schutz: Deaktiviert Schutz vor bösartigen Websites: Deaktiviert Selbstschutz: Deaktiviert Betriebssystem: Windows 10 CPU: x64 Dateisystem: NTFS Benutzer: Andreas Suchlauftyp: Bedrohungssuchlauf Ergebnis: Abgeschlossen Durchsuchte Objekte: 350148 Abgelaufene Zeit: 27 Min., 11 Sek. Speicher: Aktiviert Start: Aktiviert Dateisystem: Aktiviert Archive: Aktiviert Rootkits: Deaktiviert Heuristik: Aktiviert PUP: Aktiviert PUM: Aktiviert Prozesse: 0 (keine bösartigen Elemente erkannt) Module: 0 (keine bösartigen Elemente erkannt) Registrierungsschlüssel: 0 (keine bösartigen Elemente erkannt) Registrierungswerte: 1 PUP.Optional.WebBar, HKU\S-1-5-21-1884890629-360092094-2303528047-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN\FEATURECONTROL\FEATURE_BROWSER_EMULATION|wb.exe, 11000, In Quarantäne, [35d1b8eb93f839fdd16239c5cd368b75] Registrierungsdaten: 0 (keine bösartigen Elemente erkannt) Ordner: 0 (keine bösartigen Elemente erkannt) Dateien: 0 (keine bösartigen Elemente erkannt) Physische Sektoren: 0 (keine bösartigen Elemente erkannt) (end) |
09.12.2015, 21:33 | #20 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Direkt nach dem Start erscheint "Modul nicht gefunden". Sieht soweit ok aus Ist dein System nun wieder in Ordnung oder gibt's noch andere Funde oder Probleme?
__________________ Logfiles bitte immer in CODE-Tags posten |
10.12.2015, 17:40 | #21 |
| System zeigt weiterhin beim Start folgendes an ja eigentlich läuft mein System ganz ordentlich (zumindest die Geschwindigkeit ist okay) Aber das eigentliche Problem besteht weiterhin, beim Start ertönt nach der Eingabe des Passwortes gleich ein Geräusch mit dem anschließenden Hinweis: Problem beim Starten von C:\Users\Andreas\AppData\Local\Beach Comp\zBin\BeachComp.dll Das angegebene Modul wurde nicht gefunden |
10.12.2015, 23:30 | #22 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Direkt nach dem Start erscheint "Modul nicht gefunden". Dann zeig mal frische FRST Logs. Haken setzen bei addition.txt dann auf Untersuchen klicken
__________________ Logfiles bitte immer in CODE-Tags posten |
11.12.2015, 13:36 | #23 |
| Direkt nach dem Start erscheint "Modul nicht gefunden".Code:
ATTFilter Untersuchungsergebnis von Farbar Recovery Scan Tool (FRST) (x64) Version:09-12-2015 durchgeführt von Andreas (Administrator) auf ANDREAS (11-12-2015 13:26:39) Gestartet von C:\Users\Andreas\Downloads Geladene Profile: Andreas (Verfügbare Profile: Andreas) Platform: Windows 10 Home Version 1511 (X64) Sprache: Deutsch (Deutschland) Internet Explorer Version 11 (Standard-Browser: Edge) Start-Modus: Normal Anleitung für Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Prozesse (Nicht auf der Ausnahmeliste) ================= (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Prozess geschlossen. Die Datei wird nicht verschoben.) (Comodo Security Solutions, Inc.) C:\Program Files (x86)\Common Files\COMODO\launcher_service.exe (Intel Corporation) C:\Windows\SysWOW64\IntelCpHeciSvc.exe (Softex Inc.) C:\Program Files\Hewlett-Packard\SimplePass\OmniServ.exe (Intel Corporation) C:\Windows\System32\igfxCUIService.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Microsoft Corporation) C:\Windows\System32\wlanext.exe (Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe (Comodo) C:\Program Files (x86)\Comodo\Chromodo\chromodo_updater.exe (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe (Comodo Security Solutions, Inc.) C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe (Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPWMISVC.exe (Intel(R) Corporation) C:\Program Files\Intel\TXE Components\TCS\HeciServer.exe (McAfee, Inc.) C:\Windows\System32\mfevtps.exe (Malwarebytes) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe () C:\Program Files\CyberLink\Shared files\RichVideo64.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe (McAfee, Inc.) C:\Program Files\Common Files\mcafee\systemcore\mfemms.exe (McAfee, Inc.) C:\Program Files\Common Files\mcafee\systemcore\mfefire.exe (McAfee, Inc.) C:\Windows\System32\mfevtps.exe (McAfee, Inc.) C:\Program Files\Common Files\mcafee\AMCore\mcshield.exe (McAfee, Inc.) C:\Program Files\Common Files\mcafee\systemcore\mfefire.exe (McAfee, Inc.) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe (McAfee, Inc.) C:\Program Files\mcafee\msc\McAPExe.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe (McAfee, Inc.) C:\Program Files\Common Files\mcafee\CSP\1.6.1180.0\McCSPServiceHost.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe () C:\Program Files\WindowsApps\Microsoft.Messaging_1.11.19004.0_x86__8wekyb3d8bbwe\SkypeHost.exe (Intel Corporation) C:\Windows\System32\igfxEM.exe (Intel Corporation) C:\Windows\System32\igfxHK.exe (Intel Corporation) C:\Windows\System32\igfxTray.exe () C:\Program Files\Hewlett-Packard\SimplePass\opvapp.exe (Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Hewlett-Packard) C:\Program Files\Hewlett-Packard\SimplePass\ClientCore.exe (CyberLink Corp.) C:\Program Files (x86)\CyberLink\YouCam\YouCamService.exe (Hewlett-Packard) C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBroker.exe (Hewlett-Packard) C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBrokerDsktop.exe (Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPMSGSVC.exe (WildTangent) C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe (Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe (Comodo) C:\Program Files (x86)\Comodo\Chromodo\chromodo.exe (Comodo) C:\Program Files (x86)\Comodo\Chromodo\chromodo.exe (Comodo) C:\Program Files (x86)\Comodo\Chromodo\chromodo.exe (Comodo) C:\Program Files (x86)\Comodo\Chromodo\chromodo.exe (Comodo) C:\Program Files (x86)\Comodo\Chromodo\chromodo.exe (Comodo) C:\Program Files (x86)\Comodo\Chromodo\chromodo.exe (Comodo) C:\Program Files (x86)\Comodo\Chromodo\chromodo.exe (Comodo) C:\Program Files (x86)\Comodo\Chromodo\chromodo.exe (McAfee, Inc.) C:\Program Files\Common Files\mcafee\platform\McUICnt.exe (Comodo) C:\Program Files (x86)\Comodo\Chromodo\chromodo.exe ==================== Registry (Nicht auf der Ausnahmeliste) =========================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt. Die Datei wird nicht verschoben.) HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7634288 2014-06-24] (Realtek Semiconductor) HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1386712 2014-06-24] (Realtek Semiconductor) HKLM\...\Run: [SimplePass] => C:\Program Files\Hewlett-Packard\SimplePass\ClientCore.exe [3962936 2014-03-28] (Hewlett-Packard) HKLM\...\Run: [OPBHOBroker] => C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBroker.exe [415288 2014-03-28] (Hewlett-Packard) HKLM\...\Run: [OPBHOBrokerDesktop] => C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBrokerDsktop.exe [415288 2014-03-28] (Hewlett-Packard) HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [3944136 2015-07-17] (Synaptics Incorporated) HKLM-x32\...\Run: [HPMessageService] => C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPMSGSVC.exe [506680 2014-06-19] (Hewlett-Packard Development Company, L.P.) HKLM-x32\...\Run: [tvncontrol] => C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe [2327248 2015-01-30] (Comodo Security Solutions, Inc.) HKU\S-1-5-21-1884890629-360092094-2303528047-1001\...\RunOnce: [Uninstall C:\Users\Andreas\AppData\Local\Microsoft\OneDrive\17.3.5892.0626\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Andreas\AppData\Local\Microsoft\OneDrive\17.3.5892.0626\amd64" ==================== Internet (Nicht auf der Ausnahmeliste) ==================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Eintrag entfernt oder auf den Standardwert zurückgesetzt, wenn es sich um einen Registryeintrag handelt.) Tcpip\Parameters: [DhcpNameServer] 192.168.178.1 Tcpip\..\Interfaces\{f202c746-f929-4b93-b5b8-ecb6ea4ea064}: [DhcpNameServer] 192.168.178.1 Internet Explorer: ================== HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = www.google.com HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,First Home Page = hxxp://g.uk.msn.com/HPNOT14/4 HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPNOT14/4 BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll [2013-08-28] (Hewlett-Packard) BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2013-08-28] (Hewlett-Packard) Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\mcafee\msc\McSnIePl64.dll [2015-09-28] (McAfee, Inc.) Filter-x32: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\msc\McSnIePl.dll [2015-09-28] (McAfee, Inc.) FireFox: ======== FF Plugin: @mcafee.com/MSC,version=10 -> c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL [2015-09-28] () FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\windows\SysWOW64\Adobe\Director\np32dsw_1204144.dll [2013-09-05] (Adobe Systems, Inc.) FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/pdf -> C:\Program Files (x86)\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [2014-05-13] () FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/vnd.fdf -> C:\Program Files (x86)\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [2014-05-13] () FF Plugin-x32: @mcafee.com/MSC,version=10 -> c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL [2015-09-28] () FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-03] (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-03] (Google Inc.) FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll [2013-08-06] () FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK FF Extension: McAfee Anti-Spam Thunderbird Extension - C:\Program Files\McAfee\MSK [2015-11-23] [ist nicht signiert] Chrome: ======= CHR Profile: C:\Users\Andreas\AppData\Local\Google\Chrome\User Data\Default CHR Extension: (Google Slides) - C:\Users\Andreas\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-11-20] CHR Extension: (Google Docs) - C:\Users\Andreas\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-11-20] CHR Extension: (Google Drive) - C:\Users\Andreas\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-11-20] CHR Extension: (YouTube) - C:\Users\Andreas\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-11-20] CHR Extension: (Google Search) - C:\Users\Andreas\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-11-20] CHR Extension: (Google Sheets) - C:\Users\Andreas\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-11-20] CHR Extension: (Google Docs Offline) - C:\Users\Andreas\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-11-20] CHR Extension: (Chrome Web Store Payments) - C:\Users\Andreas\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-11-20] CHR Extension: (Gmail) - C:\Users\Andreas\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-11-20] ==================== Dienste (Nicht auf der Ausnahmeliste) ======================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.) R2 ChromodoUpdater; C:\Program Files (x86)\Comodo\Chromodo\chromodo_updater.exe [1984696 2015-11-13] (Comodo) R2 CLPSLauncher; C:\Program Files (x86)\Common Files\COMODO\launcher_service.exe [70872 2015-03-05] (Comodo Security Solutions, Inc.) R2 GamesAppIntegrationService; C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [227904 2014-04-24] (WildTangent) R2 GeekBuddyRSP; C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe [2327248 2015-01-30] (Comodo Security Solutions, Inc.) R2 HomeNetSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [368584 2015-09-01] (McAfee, Inc.) R2 HPWMISVC; C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPWMISVC.exe [475960 2014-06-19] (Hewlett-Packard Development Company, L.P.) R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [330136 2015-08-27] (Intel Corporation) R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\TXE Components\TCS\HeciServer.exe [733696 2013-07-01] (Intel(R) Corporation) [Datei ist nicht signiert] S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\TXE Components\TCS\SocketHeciServer.exe [822232 2013-07-01] (Intel(R) Corporation) R2 MBAMScheduler; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe [1513784 2015-10-05] (Malwarebytes) S2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [1135416 2015-10-05] (Malwarebytes) R2 McAPExe; C:\Program Files\McAfee\MSC\McAPExe.exe [783120 2015-09-28] (McAfee, Inc.) S3 McAWFwk; C:\Program Files\Common Files\mcafee\ActWiz\McAWFwk.exe [334608 2013-07-29] (McAfee, Inc.) R2 mccspsvc; C:\Program Files\Common Files\McAfee\CSP\1.6.1180.0\McCSPServiceHost.exe [1694152 2015-09-01] (McAfee, Inc.) R2 McMPFSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [368584 2015-09-01] (McAfee, Inc.) R2 McNaiAnn; C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe [368584 2015-09-01] (McAfee, Inc.) S3 McODS; C:\Program Files\mcafee\VirusScan\mcods.exe [639456 2015-08-11] (McAfee, Inc.) S4 McOobeSv2; C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe [368584 2015-09-01] (McAfee, Inc.) R2 mcpltsvc; C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe [368584 2015-09-01] (McAfee, Inc.) R2 McProxy; C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe [368584 2015-09-01] (McAfee, Inc.) R3 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [232656 2015-07-31] (McAfee, Inc.) R2 mfemms; C:\Program Files\Common Files\McAfee\SystemCore\\mfemms.exe [376264 2015-08-10] (McAfee, Inc.) R2 mfevtp; C:\Windows\system32\mfevtps.exe [254792 2015-07-31] (McAfee, Inc.) R2 MSK80Service; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [368584 2015-09-01] (McAfee, Inc.) R2 omniserv; C:\Program Files\Hewlett-Packard\SimplePass\OmniServ.exe [88064 2014-03-28] (Softex Inc.) [Datei ist nicht signiert] R2 RichVideo64; C:\Program Files\CyberLink\Shared files\RichVideo64.exe [389896 2014-04-14] () R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [290520 2014-06-24] (Realtek Semiconductor) R2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [246472 2015-07-17] (Synaptics Incorporated) S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [364464 2015-10-30] (Microsoft Corporation) S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2015-10-30] (Microsoft Corporation) ===================== Treiber (Nicht auf der Ausnahmeliste) ========================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.) R1 CFRMD; C:\Windows\System32\DRIVERS\CFRMD.sys [40224 2014-06-26] (Windows (R) Win 7 DDK provider) R3 cfwids; C:\Windows\System32\drivers\cfwids.sys [80768 2015-08-10] (McAfee, Inc.) R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [91912 2013-11-12] (CyberLink) R3 GPIO; C:\Windows\System32\drivers\iaiogpioe.sys [31232 2013-11-11] (Intel Corporation) S3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [207208 2015-05-19] (McAfee, Inc.) R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25816 2015-10-05] (Malwarebytes) S3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [64216 2015-10-05] (Malwarebytes Corporation) R0 MBI; C:\Windows\System32\drivers\MBI.sys [29464 2014-01-23] (Intel Corporation) R3 mfeaack; C:\Windows\System32\drivers\mfeaack.sys [413432 2015-08-10] (McAfee, Inc.) R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [349096 2015-08-10] (McAfee, Inc.) S0 mfeelamk; C:\Windows\System32\drivers\mfeelamk.sys [82072 2015-08-10] (McAfee, Inc.) R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [495856 2015-08-10] (McAfee, Inc.) R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [839376 2015-08-10] (McAfee, Inc.) R3 mfencbdc; C:\Windows\System32\DRIVERS\mfencbdc.sys [537408 2015-08-12] (McAfee, Inc.) S3 mfencrk; C:\Windows\System32\DRIVERS\mfencrk.sys [111256 2015-08-12] (McAfee, Inc.) R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [244024 2015-08-10] (McAfee, Inc.) R3 RSP2STOR; C:\Windows\system32\DRIVERS\RtsP2Stor.sys [310528 2015-06-05] (Realtek Semiconductor Corp.) R3 RtkBtFilter; C:\Windows\system32\DRIVERS\RtkBtfilter.sys [624424 2015-10-30] (Realtek Semiconductor Corporation) R3 RTWlanE; C:\Windows\system32\DRIVERS\rtwlane.sys [4629744 2015-08-28] (Realtek Semiconductor Corporation ) R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [42696 2015-07-17] (Synaptics Incorporated) R3 TXEIx64; C:\Windows\System32\drivers\TXEIx64.sys [88592 2014-01-15] (Intel Corporation) S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44568 2015-10-30] (Microsoft Corporation) S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [293216 2015-10-30] (Microsoft Corporation) S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [118112 2015-10-30] (Microsoft Corporation) R3 WirelessButtonDriver; C:\Windows\System32\drivers\WirelessButtonDriver64.sys [20800 2013-07-22] (Hewlett-Packard Development Company, L.P.) ==================== NetSvcs (Nicht auf der Ausnahmeliste) =================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.) ==================== Ein Monat: Erstellte Dateien und Ordner ======== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.) 2015-12-11 13:25 - 2015-12-11 13:25 - 00000000 ____D C:\Users\Andreas\Downloads\FRST-OlderVersion 2015-12-11 13:16 - 2015-12-11 13:16 - 00000000 ___HD C:\OneDriveTemp 2015-12-09 14:42 - 2015-12-01 08:12 - 02152800 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys 2015-12-09 14:42 - 2015-11-24 13:07 - 01817160 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll 2015-12-09 14:42 - 2015-11-24 12:07 - 03671896 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll 2015-12-09 14:42 - 2015-11-24 12:06 - 01540768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll 2015-12-09 14:42 - 2015-11-24 11:26 - 01399224 _____ (Microsoft Corporation) C:\WINDOWS\system32\user32.dll 2015-12-09 14:42 - 2015-11-24 11:03 - 02918808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll 2015-12-09 14:42 - 2015-11-24 10:26 - 01337240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\user32.dll 2015-12-09 14:42 - 2015-11-24 09:58 - 00604672 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll 2015-12-09 14:42 - 2015-11-24 09:55 - 01393664 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys 2015-12-09 14:42 - 2015-11-24 09:52 - 01717248 _____ (Microsoft Corporation) C:\WINDOWS\system32\GdiPlus.dll 2015-12-09 14:42 - 2015-11-24 09:49 - 01648640 _____ (Microsoft Corporation) C:\WINDOWS\system32\comsvcs.dll 2015-12-09 14:42 - 2015-11-24 09:27 - 03593216 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys 2015-12-09 14:42 - 2015-11-24 09:03 - 00503296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll 2015-12-09 14:42 - 2015-11-24 08:59 - 01467392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GdiPlus.dll 2015-12-09 14:42 - 2015-11-24 08:57 - 01328128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\comsvcs.dll 2015-12-09 14:42 - 2015-11-24 08:35 - 22393856 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll 2015-12-09 14:42 - 2015-11-24 08:29 - 02352128 _____ (Microsoft Corporation) C:\WINDOWS\system32\authui.dll 2015-12-09 14:42 - 2015-11-24 08:25 - 24601600 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll 2015-12-09 14:42 - 2015-11-24 08:23 - 13381120 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll 2015-12-09 14:42 - 2015-11-24 08:11 - 18678272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll 2015-12-09 14:42 - 2015-11-24 08:09 - 19338240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll 2015-12-09 14:42 - 2015-11-24 08:08 - 12125184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll 2015-12-09 14:42 - 2015-11-24 08:04 - 02155008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\authui.dll 2015-12-09 14:41 - 2015-11-24 11:01 - 02756096 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.tlb 2015-12-09 14:41 - 2015-11-24 10:54 - 00007680 _____ (Microsoft Corporation) C:\WINDOWS\system32\readingviewresources.dll 2015-12-09 14:41 - 2015-11-24 10:53 - 00115200 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys 2015-12-09 14:41 - 2015-11-24 10:45 - 00018944 _____ (Microsoft Corporation) C:\WINDOWS\system32\wshrm.dll 2015-12-09 14:41 - 2015-11-24 10:37 - 00147968 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rmcast.sys 2015-12-09 14:41 - 2015-11-24 10:19 - 00182784 _____ (Microsoft Corporation) C:\WINDOWS\system32\shutdownux.dll 2015-12-09 14:41 - 2015-11-24 10:12 - 00523776 _____ (Microsoft Corporation) C:\WINDOWS\system32\catsrvut.dll 2015-12-09 14:41 - 2015-11-24 09:54 - 02756096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.tlb 2015-12-09 14:41 - 2015-11-24 09:14 - 00415744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\catsrvut.dll 2015-12-05 11:21 - 2015-12-05 11:21 - 00852771 _____ C:\Users\Andreas\Downloads\SecurityCheck.exe 2015-12-05 11:07 - 2015-12-05 11:07 - 00001198 _____ C:\Users\Andreas\Documents\mbam.txt 2015-12-05 11:00 - 2015-12-05 11:00 - 00000000 ____D C:\Users\Andreas\Desktop\mbam.txt 2015-12-05 10:42 - 2015-12-05 10:43 - 02870984 _____ (ESET) C:\Users\Andreas\Downloads\esetsmartinstaller_deu (1).exe 2015-12-04 17:52 - 2015-12-09 14:04 - 00000000 ____D C:\Users\Andreas\Desktop\F 2015-12-04 17:47 - 2015-12-04 17:47 - 00000164 _____ C:\Users\Andreas\Downloads\fixlist.txt 2015-12-04 13:18 - 2015-12-04 13:18 - 01736704 _____ C:\Users\Andreas\Downloads\AdwCleaner_5.023 (1).exe 2015-12-03 16:27 - 2015-12-03 16:27 - 00000000 ____D C:\WINDOWS\system32\SleepStudy 2015-12-03 16:11 - 2015-12-03 16:11 - 00001236 _____ C:\Users\Andreas\Desktop\JRT.txt 2015-12-03 16:05 - 2015-12-03 16:05 - 01599336 _____ (Malwarebytes) C:\Users\Andreas\Downloads\JRT.exe 2015-12-03 15:51 - 2015-11-22 11:47 - 02653816 _____ C:\WINDOWS\system32\CoreUIComponents.dll 2015-12-03 15:51 - 2015-11-22 10:54 - 00138240 _____ (Microsoft Corporation) C:\WINDOWS\system32\ETWCoreUIComponentsResources.dll 2015-12-03 15:51 - 2015-11-22 10:52 - 16984576 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll 2015-12-03 15:51 - 2015-11-22 10:42 - 13017600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll 2015-12-03 15:51 - 2015-11-22 10:42 - 00138240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ETWCoreUIComponentsResources.dll 2015-12-03 15:51 - 2015-11-22 10:34 - 02843136 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdp.dll 2015-12-03 15:51 - 2015-11-22 10:30 - 02598400 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetworkMobileSettings.dll 2015-12-03 15:51 - 2015-11-22 10:27 - 03993600 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_nt.dll 2015-12-03 15:50 - 2015-11-22 11:47 - 07476576 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe 2015-12-03 15:50 - 2015-11-22 11:41 - 01859448 _____ C:\WINDOWS\SysWOW64\CoreUIComponents.dll 2015-12-03 15:50 - 2015-11-22 11:41 - 01284960 _____ (Microsoft Corporation) C:\WINDOWS\system32\LicenseManager.dll 2015-12-03 15:50 - 2015-11-22 11:41 - 00026408 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe 2015-12-03 15:50 - 2015-11-22 11:35 - 00538632 _____ (Microsoft Corporation) C:\WINDOWS\system32\WWanAPI.dll 2015-12-03 15:50 - 2015-11-22 11:34 - 00975200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LicenseManager.dll 2015-12-03 15:50 - 2015-11-22 11:34 - 00080600 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwapi.dll 2015-12-03 15:50 - 2015-11-22 11:33 - 00095072 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sdstor.sys 2015-12-03 15:50 - 2015-11-22 11:33 - 00058408 _____ (Microsoft Corporation) C:\WINDOWS\system32\SensorsNativeApi.dll 2015-12-03 15:50 - 2015-11-22 11:33 - 00051680 _____ (Microsoft Corporation) C:\WINDOWS\system32\SensorsUtilsV2.dll 2015-12-03 15:50 - 2015-11-22 11:30 - 00604928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys 2015-12-03 15:50 - 2015-11-22 11:30 - 00161632 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecpkg.sys 2015-12-03 15:50 - 2015-11-22 11:26 - 00431232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WWanAPI.dll 2015-12-03 15:50 - 2015-11-22 11:25 - 00063528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wwapi.dll 2015-12-03 15:50 - 2015-11-22 11:24 - 02772584 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d11.dll 2015-12-03 15:50 - 2015-11-22 11:20 - 00795840 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll 2015-12-03 15:50 - 2015-11-22 11:19 - 00440160 _____ (Microsoft Corporation) C:\WINDOWS\system32\services.exe 2015-12-03 15:50 - 2015-11-22 11:14 - 02185840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d11.dll 2015-12-03 15:50 - 2015-11-22 11:00 - 00089088 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsCSP.dll 2015-12-03 15:50 - 2015-11-22 11:00 - 00058368 _____ (Microsoft Corporation) C:\WINDOWS\system32\MosResource.dll 2015-12-03 15:50 - 2015-11-22 10:57 - 00110592 _____ (Microsoft Corporation) C:\WINDOWS\system32\Microsoft-Windows-MapControls.dll 2015-12-03 15:50 - 2015-11-22 10:57 - 00036352 _____ (Microsoft Corporation) C:\WINDOWS\system32\UIAutomationCoreRes.dll 2015-12-03 15:50 - 2015-11-22 10:57 - 00010240 _____ (Microsoft Corporation) C:\WINDOWS\system32\Microsoft-Windows-MosTrace.dll 2015-12-03 15:50 - 2015-11-22 10:57 - 00009728 _____ (Microsoft Corporation) C:\WINDOWS\system32\Microsoft-Windows-MosHost.dll 2015-12-03 15:50 - 2015-11-22 10:56 - 01268736 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.Resources.dll 2015-12-03 15:50 - 2015-11-22 10:56 - 00064000 _____ (Microsoft Corporation) C:\WINDOWS\system32\MosHostClient.dll 2015-12-03 15:50 - 2015-11-22 10:56 - 00064000 _____ (Microsoft Corporation) C:\WINDOWS\system32\ihvrilproxy.dll 2015-12-03 15:50 - 2015-11-22 10:56 - 00055808 _____ (Microsoft Corporation) C:\WINDOWS\system32\rilproxy.dll 2015-12-03 15:50 - 2015-11-22 10:55 - 00070656 _____ (Microsoft Corporation) C:\WINDOWS\system32\XblAuthManagerProxy.dll 2015-12-03 15:50 - 2015-11-22 10:55 - 00013312 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsBtSvcProxy.dll 2015-12-03 15:50 - 2015-11-22 10:54 - 00117248 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\capimg.sys 2015-12-03 15:50 - 2015-11-22 10:54 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\SensorsNativeApi.V2.dll 2015-12-03 15:50 - 2015-11-22 10:54 - 00075264 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwanprotdim.dll 2015-12-03 15:50 - 2015-11-22 10:54 - 00044032 _____ (Microsoft Corporation) C:\WINDOWS\system32\wsplib.dll 2015-12-03 15:50 - 2015-11-22 10:54 - 00032256 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups2.dll 2015-12-03 15:50 - 2015-11-22 10:54 - 00028672 _____ (Microsoft Corporation) C:\WINDOWS\system32\WordBreakers.dll 2015-12-03 15:50 - 2015-11-22 10:54 - 00028160 _____ (Microsoft Corporation) C:\WINDOWS\system32\nativemap.dll 2015-12-03 15:50 - 2015-11-22 10:54 - 00003072 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapControlStringsRes.dll 2015-12-03 15:50 - 2015-11-22 10:52 - 00069632 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininetlui.dll 2015-12-03 15:50 - 2015-11-22 10:52 - 00060928 _____ (Microsoft Corporation) C:\WINDOWS\system32\XblAuthTokenBrokerExt.dll 2015-12-03 15:50 - 2015-11-22 10:52 - 00052224 _____ (Microsoft Corporation) C:\WINDOWS\system32\jsproxy.dll 2015-12-03 15:50 - 2015-11-22 10:52 - 00028672 _____ (Microsoft Corporation) C:\WINDOWS\system32\mapsupdatetask.dll 2015-12-03 15:50 - 2015-11-22 10:51 - 00157184 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmcertinst.exe 2015-12-03 15:50 - 2015-11-22 10:51 - 00119808 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsBtSvc.dll 2015-12-03 15:50 - 2015-11-22 10:51 - 00072704 _____ (Microsoft Corporation) C:\WINDOWS\system32\MosStorage.dll 2015-12-03 15:50 - 2015-11-22 10:51 - 00042496 _____ (Microsoft Corporation) C:\WINDOWS\system32\mapstoasttask.dll 2015-12-03 15:50 - 2015-11-22 10:51 - 00034304 _____ (Microsoft Corporation) C:\WINDOWS\system32\iernonce.dll 2015-12-03 15:50 - 2015-11-22 10:50 - 00074240 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssign32.dll 2015-12-03 15:50 - 2015-11-22 10:49 - 00162304 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceCensus.exe 2015-12-03 15:50 - 2015-11-22 10:49 - 00066560 _____ (Microsoft Corporation) C:\WINDOWS\system32\moshost.dll 2015-12-03 15:50 - 2015-11-22 10:49 - 00066560 _____ (Microsoft Corporation) C:\WINDOWS\system32\iesetup.dll 2015-12-03 15:50 - 2015-11-22 10:49 - 00052224 _____ (Microsoft Corporation) C:\WINDOWS\system32\Wwanpref.dll 2015-12-03 15:50 - 2015-11-22 10:48 - 00058368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MosResource.dll 2015-12-03 15:50 - 2015-11-22 10:47 - 00269824 _____ (Microsoft Corporation) C:\WINDOWS\system32\moshostcore.dll 2015-12-03 15:50 - 2015-11-22 10:46 - 00248832 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserMgrProxy.dll 2015-12-03 15:50 - 2015-11-22 10:46 - 00209920 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcmcsp.dll 2015-12-03 15:50 - 2015-11-22 10:45 - 06572032 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwanmm.dll 2015-12-03 15:50 - 2015-11-22 10:45 - 00638464 _____ (Microsoft Corporation) C:\WINDOWS\system32\enterprisecsps.dll 2015-12-03 15:50 - 2015-11-22 10:45 - 00264192 _____ (Nokia) C:\WINDOWS\system32\NmaDirect.dll 2015-12-03 15:50 - 2015-11-22 10:45 - 00220672 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe 2015-12-03 15:50 - 2015-11-22 10:45 - 00110592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Microsoft-Windows-MapControls.dll 2015-12-03 15:50 - 2015-11-22 10:45 - 00073728 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwancfg.dll 2015-12-03 15:50 - 2015-11-22 10:45 - 00036352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UIAutomationCoreRes.dll 2015-12-03 15:50 - 2015-11-22 10:45 - 00010240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Microsoft-Windows-MosTrace.dll 2015-12-03 15:50 - 2015-11-22 10:45 - 00009728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Microsoft-Windows-MosHost.dll 2015-12-03 15:50 - 2015-11-22 10:44 - 01268736 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.Resources.dll 2015-12-03 15:50 - 2015-11-22 10:44 - 00558080 _____ (Microsoft Corporation) C:\WINDOWS\system32\MBMediaManager.dll 2015-12-03 15:50 - 2015-11-22 10:44 - 00048640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MosHostClient.dll 2015-12-03 15:50 - 2015-11-22 10:43 - 00704000 _____ (Microsoft Corporation) C:\WINDOWS\system32\CellularAPI.dll 2015-12-03 15:50 - 2015-11-22 10:43 - 00459776 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapConfiguration.dll 2015-12-03 15:50 - 2015-11-22 10:43 - 00382464 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll 2015-12-03 15:50 - 2015-11-22 10:43 - 00342016 _____ (Microsoft Corporation) C:\WINDOWS\system32\SensorService.dll 2015-12-03 15:50 - 2015-11-22 10:43 - 00041984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XblAuthManagerProxy.dll 2015-12-03 15:50 - 2015-11-22 10:42 - 07979008 _____ (Microsoft Corporation) C:\WINDOWS\system32\mos.dll 2015-12-03 15:50 - 2015-11-22 10:42 - 00589312 _____ (Microsoft Corporation) C:\WINDOWS\system32\MbaeApi.dll 2015-12-03 15:50 - 2015-11-22 10:42 - 00168960 _____ (Microsoft Corporation) C:\WINDOWS\system32\mdmmigrator.dll 2015-12-03 15:50 - 2015-11-22 10:42 - 00024064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WordBreakers.dll 2015-12-03 15:50 - 2015-11-22 10:42 - 00003072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapControlStringsRes.dll 2015-12-03 15:50 - 2015-11-22 10:41 - 01814528 _____ (Microsoft Corporation) C:\WINDOWS\system32\pnidui.dll 2015-12-03 15:50 - 2015-11-22 10:41 - 00948224 _____ (Microsoft Corporation) C:\WINDOWS\system32\XblAuthManager.dll 2015-12-03 15:50 - 2015-11-22 10:41 - 00607232 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcmsvc.dll 2015-12-03 15:50 - 2015-11-22 10:40 - 01056256 _____ (Microsoft Corporation) C:\WINDOWS\system32\JpMapControl.dll 2015-12-03 15:50 - 2015-11-22 10:40 - 00850432 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsStore.dll 2015-12-03 15:50 - 2015-11-22 10:40 - 00465920 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwanconn.dll 2015-12-03 15:50 - 2015-11-22 10:40 - 00065536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininetlui.dll 2015-12-03 15:50 - 2015-11-22 10:40 - 00049152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XblAuthTokenBrokerExt.dll 2015-12-03 15:50 - 2015-11-22 10:39 - 02126848 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl 2015-12-03 15:50 - 2015-11-22 10:39 - 01713664 _____ (Microsoft Corporation) C:\WINDOWS\system32\SRHInproc.dll 2015-12-03 15:50 - 2015-11-22 10:39 - 00988160 _____ (Microsoft Corporation) C:\WINDOWS\system32\NMAA.dll 2015-12-03 15:50 - 2015-11-22 10:39 - 00957440 _____ (Microsoft Corporation) C:\WINDOWS\system32\SRH.dll 2015-12-03 15:50 - 2015-11-22 10:39 - 00938496 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapControlCore.dll 2015-12-03 15:50 - 2015-11-22 10:39 - 00870400 _____ (Microsoft Corporation) C:\WINDOWS\system32\modernexecserver.dll 2015-12-03 15:50 - 2015-11-22 10:39 - 00783360 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll 2015-12-03 15:50 - 2015-11-22 10:39 - 00114688 _____ (Microsoft Corporation) C:\WINDOWS\system32\offlinelsa.dll 2015-12-03 15:50 - 2015-11-22 10:39 - 00086528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapsBtSvc.dll 2015-12-03 15:50 - 2015-11-22 10:39 - 00058368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MosStorage.dll 2015-12-03 15:50 - 2015-11-22 10:39 - 00045568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jsproxy.dll 2015-12-03 15:50 - 2015-11-22 10:38 - 01223168 _____ (Microsoft Corporation) C:\WINDOWS\system32\Unistore.dll 2015-12-03 15:50 - 2015-11-22 10:38 - 01212928 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwansvc.dll 2015-12-03 15:50 - 2015-11-22 10:38 - 00912384 _____ (Microsoft Corporation) C:\WINDOWS\system32\usermgr.dll 2015-12-03 15:50 - 2015-11-22 10:38 - 00320000 _____ (Microsoft Corporation) C:\WINDOWS\system32\cryptngc.dll 2015-12-03 15:50 - 2015-11-22 10:38 - 00060928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssign32.dll 2015-12-03 15:50 - 2015-11-22 10:37 - 02624512 _____ (Microsoft Corporation) C:\WINDOWS\system32\InputService.dll 2015-12-03 15:50 - 2015-11-22 10:37 - 01395200 _____ (Microsoft Corporation) C:\WINDOWS\system32\UIAutomationCore.dll 2015-12-03 15:50 - 2015-11-22 10:37 - 00515584 _____ (Microsoft Corporation) C:\WINDOWS\system32\LogonController.dll 2015-12-03 15:50 - 2015-11-22 10:36 - 01042432 _____ (Microsoft Corporation) C:\WINDOWS\system32\BingOnlineServices.dll 2015-12-03 15:50 - 2015-11-22 10:34 - 00345600 _____ (Microsoft Corporation) C:\WINDOWS\system32\TextInputFramework.dll 2015-12-03 15:50 - 2015-11-22 10:34 - 00175616 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Core.TextInput.dll 2015-12-03 15:50 - 2015-11-22 10:34 - 00166912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserMgrProxy.dll 2015-12-03 15:50 - 2015-11-22 10:34 - 00108544 _____ (Microsoft Corporation) C:\WINDOWS\system32\InputLocaleManager.dll 2015-12-03 15:50 - 2015-11-22 10:34 - 00075264 _____ (Microsoft Corporation) C:\WINDOWS\system32\EditBufferTestHook.dll 2015-12-03 15:50 - 2015-11-22 10:33 - 02587136 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFMediaEngine.dll 2015-12-03 15:50 - 2015-11-22 10:33 - 00205824 _____ (Nokia) C:\WINDOWS\SysWOW64\NmaDirect.dll 2015-12-03 15:50 - 2015-11-22 10:32 - 00346112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapConfiguration.dll 2015-12-03 15:50 - 2015-11-22 10:32 - 00340480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PlayToDevice.dll 2015-12-03 15:50 - 2015-11-22 10:32 - 00334848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll 2015-12-03 15:50 - 2015-11-22 10:31 - 07199232 _____ (Microsoft Corporation) C:\WINDOWS\system32\BingMaps.dll 2015-12-03 15:50 - 2015-11-22 10:31 - 00470528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MbaeApi.dll 2015-12-03 15:50 - 2015-11-22 10:31 - 00416768 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmenrollengine.dll 2015-12-03 15:50 - 2015-11-22 10:29 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\JpMapControl.dll 2015-12-03 15:50 - 2015-11-22 10:28 - 01734656 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll 2015-12-03 15:50 - 2015-11-22 10:28 - 01443328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SRHInproc.dll 2015-12-03 15:50 - 2015-11-22 10:28 - 01387008 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll 2015-12-03 15:50 - 2015-11-22 10:28 - 00948224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Unistore.dll 2015-12-03 15:50 - 2015-11-22 10:28 - 00870400 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpncore.dll 2015-12-03 15:50 - 2015-11-22 10:28 - 00793600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SRH.dll 2015-12-03 15:50 - 2015-11-22 10:28 - 00784896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NMAA.dll 2015-12-03 15:50 - 2015-11-22 10:28 - 00686592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll 2015-12-03 15:50 - 2015-11-22 10:28 - 00100864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\offlinelsa.dll 2015-12-03 15:50 - 2015-11-22 10:27 - 02049024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl 2015-12-03 15:50 - 2015-11-22 10:27 - 01944576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InputService.dll 2015-12-03 15:50 - 2015-11-22 10:27 - 00711680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapControlCore.dll 2015-12-03 15:50 - 2015-11-22 10:27 - 00241664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cryptngc.dll 2015-12-03 15:50 - 2015-11-22 10:27 - 00160768 _____ (Microsoft Corporation) C:\WINDOWS\system32\enrollmentapi.dll 2015-12-03 15:50 - 2015-11-22 10:26 - 03355136 _____ (Microsoft Corporation) C:\WINDOWS\system32\msftedit.dll 2015-12-03 15:50 - 2015-11-22 10:26 - 01139200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UIAutomationCore.dll 2015-12-03 15:50 - 2015-11-22 10:26 - 00709120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BingOnlineServices.dll 2015-12-03 15:50 - 2015-11-22 10:26 - 00421888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LogonController.dll 2015-12-03 15:50 - 2015-11-22 10:25 - 06297088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mos.dll 2015-12-03 15:50 - 2015-11-22 10:25 - 02280448 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll 2015-12-03 15:50 - 2015-11-22 10:25 - 00133632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Core.TextInput.dll 2015-12-03 15:50 - 2015-11-22 10:24 - 02647552 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll 2015-12-03 15:50 - 2015-11-22 10:24 - 01995264 _____ (Microsoft Corporation) C:\WINDOWS\system32\ActiveSyncProvider.dll 2015-12-03 15:50 - 2015-11-22 10:24 - 00245760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TextInputFramework.dll 2015-12-03 15:50 - 2015-11-22 10:24 - 00083456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InputLocaleManager.dll 2015-12-03 15:50 - 2015-11-22 10:24 - 00059904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\EditBufferTestHook.dll 2015-12-03 15:50 - 2015-11-22 10:23 - 05202944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BingMaps.dll 2015-12-03 15:50 - 2015-11-22 10:20 - 01860096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cdp.dll 2015-12-03 15:50 - 2015-11-22 10:19 - 02064384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFMediaEngine.dll 2015-12-03 15:50 - 2015-11-22 10:18 - 01505280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll 2015-12-03 15:50 - 2015-11-22 10:18 - 00697856 _____ (Microsoft Corporation) C:\WINDOWS\system32\PlayToManager.dll 2015-12-03 15:50 - 2015-11-22 10:18 - 00458752 _____ (Microsoft Corporation) C:\WINDOWS\system32\PlayToDevice.dll 2015-12-03 15:50 - 2015-11-22 10:17 - 02680320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msftedit.dll 2015-12-03 15:50 - 2015-11-22 10:17 - 02121216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll 2015-12-03 15:50 - 2015-11-22 10:16 - 01706496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ActiveSyncProvider.dll 2015-12-03 15:50 - 2015-11-22 10:11 - 00517632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PlayToManager.dll 2015-12-03 15:31 - 2015-12-04 13:24 - 00000000 ____D C:\AdwCleaner 2015-12-03 15:25 - 2015-12-03 15:25 - 01736704 _____ C:\Users\Andreas\Downloads\AdwCleaner_5.023.exe 2015-12-03 15:15 - 2015-12-03 15:15 - 00001198 _____ C:\mbam.txt 2015-12-03 14:55 - 2015-12-03 14:55 - 00000144 _____ C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat 2015-12-03 14:19 - 2015-12-10 22:22 - 00192216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys 2015-12-03 14:18 - 2015-12-03 14:57 - 00001178 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2015-12-03 14:18 - 2015-12-03 14:20 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 2015-12-03 14:18 - 2015-12-03 14:20 - 00000000 ____D C:\Program Files (x86)\ Malwarebytes Anti-Malware 2015-12-03 14:18 - 2015-12-03 14:18 - 00000000 ____D C:\ProgramData\Malwarebytes 2015-12-03 14:18 - 2015-10-05 09:50 - 00109272 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamchameleon.sys 2015-12-03 14:18 - 2015-10-05 09:50 - 00064216 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys 2015-12-03 14:18 - 2015-10-05 09:50 - 00025816 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys 2015-12-03 14:15 - 2015-12-03 14:15 - 00000000 ____D C:\Users\Andreas\AppData\Roaming\dlg 2015-12-03 14:13 - 2015-12-05 15:14 - 00000000 ____D C:\Users\Andreas\AppData\Local\MicrosoftEdge 2015-12-03 14:12 - 2015-12-03 14:12 - 00000000 ____D C:\Users\Andreas\AppData\Roaming\AVG 2015-12-03 14:12 - 2015-12-03 14:12 - 00000000 ____D C:\Program Files (x86)\AVG 2015-12-03 14:11 - 2015-12-03 14:11 - 00000000 ____D C:\Users\Andreas\AppData\Local\Avg 2015-12-03 14:10 - 2015-12-03 14:13 - 00000000 ____D C:\ProgramData\AVG 2015-12-03 14:09 - 2015-12-03 14:09 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight 2015-12-03 14:09 - 2015-12-03 14:09 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight 2015-12-03 11:06 - 2015-12-03 11:09 - 00037152 _____ C:\Users\Andreas\Downloads\Addition.txt 2015-12-03 11:03 - 2015-12-11 13:27 - 00017880 _____ C:\Users\Andreas\Downloads\FRST.txt 2015-12-03 11:03 - 2015-12-11 13:26 - 00000000 ____D C:\FRST 2015-12-03 11:01 - 2015-12-11 13:25 - 02369024 _____ (Farbar) C:\Users\Andreas\Downloads\FRST64.exe 2015-12-02 18:32 - 2015-12-02 18:32 - 00000000 ____D C:\Users\Andreas\AppData\Local\NetworkTiles 2015-12-02 16:39 - 2015-12-03 14:57 - 00002405 _____ C:\Users\Andreas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk 2015-12-02 16:27 - 2015-12-02 16:27 - 00000000 ____D C:\Users\Andreas\AppData\Local\Publishers 2015-12-02 16:20 - 2015-12-02 16:20 - 00000000 ____D C:\ProgramData\Microsoft OneDrive 2015-12-02 16:15 - 2015-12-02 16:15 - 00000000 ____D C:\Users\Andreas\AppData\Local\Comms 2015-12-02 16:12 - 2015-12-02 16:12 - 00000000 ____D C:\Users\Andreas\AppData\Local\ActiveSync 2015-12-02 16:11 - 2015-12-11 13:15 - 00000000 __SHD C:\Users\Andreas\IntelGraphicsProfiles 2015-12-02 16:11 - 2015-12-02 16:11 - 00000000 ____D C:\Users\Andreas\AppData\Local\TileDataLayer 2015-12-02 16:10 - 2015-12-03 10:41 - 00000451 _____ C:\WINDOWS\system32\{F33C3B9B-72AF-418A-B3FD-560646F7CDA2}.bat 2015-12-02 16:10 - 2015-12-02 16:10 - 00000020 ___SH C:\Users\Andreas\ntuser.ini 2015-12-02 16:09 - 2015-12-02 16:09 - 00000000 ____D C:\ProgramData\USOShared 2015-12-02 12:55 - 2015-12-02 12:55 - 00000000 _SHDL C:\Users\Default\Vorlagen 2015-12-02 12:55 - 2015-12-02 12:55 - 00000000 _SHDL C:\Users\Default\Startmenü 2015-12-02 12:55 - 2015-12-02 12:55 - 00000000 _SHDL C:\Users\Default\Netzwerkumgebung 2015-12-02 12:55 - 2015-12-02 12:55 - 00000000 _SHDL C:\Users\Default\Lokale Einstellungen 2015-12-02 12:55 - 2015-12-02 12:55 - 00000000 _SHDL C:\Users\Default\Eigene Dateien 2015-12-02 12:55 - 2015-12-02 12:55 - 00000000 _SHDL C:\Users\Default\Druckumgebung 2015-12-02 12:55 - 2015-12-02 12:55 - 00000000 _SHDL C:\Users\Default\Documents\Eigene Videos 2015-12-02 12:55 - 2015-12-02 12:55 - 00000000 _SHDL C:\Users\Default\Documents\Eigene Musik 2015-12-02 12:55 - 2015-12-02 12:55 - 00000000 _SHDL C:\Users\Default\Documents\Eigene Bilder 2015-12-02 12:55 - 2015-12-02 12:55 - 00000000 _SHDL C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programme 2015-12-02 12:55 - 2015-12-02 12:55 - 00000000 _SHDL C:\Users\Default\AppData\Local\Verlauf 2015-12-02 12:55 - 2015-12-02 12:55 - 00000000 _SHDL C:\Users\Default\AppData\Local\Anwendungsdaten 2015-12-02 12:55 - 2015-12-02 12:55 - 00000000 _SHDL C:\Users\Default\Anwendungsdaten 2015-12-02 12:55 - 2015-12-02 12:55 - 00000000 _SHDL C:\Users\Default User\Documents\Eigene Videos 2015-12-02 12:55 - 2015-12-02 12:55 - 00000000 _SHDL C:\Users\Default User\Documents\Eigene Musik 2015-12-02 12:55 - 2015-12-02 12:55 - 00000000 _SHDL C:\Users\Default User\Documents\Eigene Bilder 2015-12-02 12:55 - 2015-12-02 12:55 - 00000000 _SHDL C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programme 2015-12-02 12:55 - 2015-12-02 12:55 - 00000000 _SHDL C:\Users\Default User\AppData\Local\Verlauf 2015-12-02 12:55 - 2015-12-02 12:55 - 00000000 _SHDL C:\Users\Default User\AppData\Local\Anwendungsdaten 2015-12-02 12:52 - 2015-12-02 12:52 - 00022960 _____ C:\WINDOWS\system32\emptyregdb.dat 2015-12-02 12:51 - 2015-12-11 13:14 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT 2015-12-02 12:38 - 2015-12-02 12:38 - 00000000 ____D C:\Users\Public\Documents\Baidu 2015-12-02 12:34 - 2015-12-02 12:34 - 00000000 ____D C:\Users\Default\Documents\hp.system.package.metadata 2015-12-02 12:34 - 2015-12-02 12:34 - 00000000 ____D C:\Users\Default\Documents\hp.applications.package.appdata 2015-12-02 12:34 - 2015-12-02 12:34 - 00000000 ____D C:\Users\Default User\Documents\hp.system.package.metadata 2015-12-02 12:34 - 2015-12-02 12:34 - 00000000 ____D C:\Users\Default User\Documents\hp.applications.package.appdata 2015-12-02 12:33 - 2015-12-03 14:58 - 00001495 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk 2015-12-02 12:28 - 2015-12-02 12:28 - 00000000 ____D C:\WINDOWS\system32\config\bbimigrate 2015-12-02 12:26 - 2015-12-07 23:37 - 00000000 ____D C:\Users\Andreas 2015-12-02 12:26 - 2015-12-02 12:26 - 00000000 _SHDL C:\Users\Andreas\Vorlagen 2015-12-02 12:26 - 2015-12-02 12:26 - 00000000 _SHDL C:\Users\Andreas\Startmenü 2015-12-02 12:26 - 2015-12-02 12:26 - 00000000 _SHDL C:\Users\Andreas\Netzwerkumgebung 2015-12-02 12:26 - 2015-12-02 12:26 - 00000000 _SHDL C:\Users\Andreas\Lokale Einstellungen 2015-12-02 12:26 - 2015-12-02 12:26 - 00000000 _SHDL C:\Users\Andreas\Eigene Dateien 2015-12-02 12:26 - 2015-12-02 12:26 - 00000000 _SHDL C:\Users\Andreas\Druckumgebung 2015-12-02 12:26 - 2015-12-02 12:26 - 00000000 _SHDL C:\Users\Andreas\Documents\Eigene Videos 2015-12-02 12:26 - 2015-12-02 12:26 - 00000000 _SHDL C:\Users\Andreas\Documents\Eigene Musik 2015-12-02 12:26 - 2015-12-02 12:26 - 00000000 _SHDL C:\Users\Andreas\Documents\Eigene Bilder 2015-12-02 12:26 - 2015-12-02 12:26 - 00000000 _SHDL C:\Users\Andreas\AppData\Roaming\Microsoft\Windows\Start Menu\Programme 2015-12-02 12:26 - 2015-12-02 12:26 - 00000000 _SHDL C:\Users\Andreas\AppData\Local\Verlauf 2015-12-02 12:26 - 2015-12-02 12:26 - 00000000 _SHDL C:\Users\Andreas\AppData\Local\Anwendungsdaten 2015-12-02 12:26 - 2015-12-02 12:26 - 00000000 _SHDL C:\Users\Andreas\Anwendungsdaten 2015-12-02 12:25 - 2015-12-03 15:06 - 02003182 _____ C:\WINDOWS\system32\PerfStringBackup.INI 2015-12-02 12:25 - 2015-12-02 12:25 - 01909068 _____ C:\WINDOWS\SysWOW64\PerfStringBackup.INI 2015-12-02 12:22 - 2015-12-02 12:22 - 00000000 ____H C:\WINDOWS\system32\Drivers\Msft_Kernel_SynTP_01011.Wdf 2015-12-02 12:21 - 2015-12-02 12:36 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Music, Photos and Videos 2015-12-02 12:21 - 2015-12-02 12:28 - 00000000 ____D C:\Program Files\Intel 2015-12-02 12:21 - 2015-12-02 12:21 - 00000000 ____D C:\WINDOWS\SysWOW64\sda 2015-12-02 12:21 - 2015-12-02 12:21 - 00000000 ____D C:\WINDOWS\SysWOW64\RTCOM 2015-12-02 12:21 - 2015-12-02 12:21 - 00000000 ____D C:\WINDOWS\system32\SRSLabs 2015-12-02 12:21 - 2015-12-02 12:21 - 00000000 ____D C:\Program Files\Realtek 2015-12-02 12:21 - 2015-08-27 18:20 - 00072704 _____ (Khronos Group) C:\WINDOWS\system32\OpenCL.DLL 2015-12-02 12:21 - 2015-08-27 18:20 - 00069120 _____ (Khronos Group) C:\WINDOWS\SysWOW64\OpenCL.DLL 2015-12-02 12:20 - 2015-12-02 12:20 - 00000000 ____H C:\WINDOWS\system32\Drivers\Msft_Kernel_Smb_driver_Intel_01011.Wdf 2015-12-02 12:20 - 2015-12-02 12:20 - 00000000 ____D C:\Program Files\Synaptics 2015-12-02 12:18 - 2015-10-30 08:17 - 02718208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PrintConfig.dll 2015-12-02 12:15 - 2015-12-09 20:50 - 00279280 _____ C:\WINDOWS\system32\FNTCACHE.DAT 2015-12-02 12:13 - 2015-12-04 21:42 - 00000000 ___DC C:\WINDOWS\Panther 2015-12-02 12:06 - 2015-12-02 12:06 - 22572632 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll 2015-12-02 12:06 - 2015-12-02 12:06 - 21125408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll 2015-12-02 12:06 - 2015-12-02 12:06 - 11545088 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll 2015-12-02 12:06 - 2015-12-02 12:06 - 09918976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll 2015-12-02 12:06 - 2015-12-02 12:06 - 02544264 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll 2015-12-02 12:06 - 2015-12-02 12:06 - 02444288 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.appcore.dll 2015-12-02 12:06 - 2015-12-02 12:06 - 02179584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll 2015-12-02 12:06 - 2015-12-02 12:06 - 02001408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.appcore.dll 2015-12-02 12:06 - 2015-12-02 12:06 - 01063424 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll 2015-12-02 12:06 - 2015-12-02 12:06 - 00969728 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll 2015-12-02 12:06 - 2015-12-02 12:06 - 00911648 _____ (Microsoft Corporation) C:\WINDOWS\system32\dcomp.dll 2015-12-02 12:06 - 2015-12-02 12:06 - 00809312 _____ (Microsoft Corporation) C:\WINDOWS\system32\WWAHost.exe 2015-12-02 12:06 - 2015-12-02 12:06 - 00803840 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll 2015-12-02 12:06 - 2015-12-02 12:06 - 00791552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll 2015-12-02 12:06 - 2015-12-02 12:06 - 00704352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WWAHost.exe 2015-12-02 12:06 - 2015-12-02 12:06 - 00698208 _____ (Microsoft Corporation) C:\WINDOWS\system32\wimgapi.dll 2015-12-02 12:06 - 2015-12-02 12:06 - 00675064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dcomp.dll 2015-12-02 12:06 - 2015-12-02 12:06 - 00674816 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.dll 2015-12-02 12:06 - 2015-12-02 12:06 - 00647168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll 2015-12-02 12:06 - 2015-12-02 12:06 - 00630632 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontdrvhost.exe 2015-12-02 12:06 - 2015-12-02 12:06 - 00623616 _____ (Microsoft Corporation) C:\WINDOWS\system32\PhoneProviders.dll 2015-12-02 12:06 - 2015-12-02 12:06 - 00586208 _____ (Microsoft Corporation) C:\WINDOWS\system32\mf.dll 2015-12-02 12:06 - 2015-12-02 12:06 - 00586080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wimgapi.dll 2015-12-02 12:06 - 2015-12-02 12:06 - 00578912 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\afd.sys 2015-12-02 12:06 - 2015-12-02 12:06 - 00543232 _____ (Microsoft Corporation) C:\WINDOWS\system32\StoreAgent.dll 2015-12-02 12:06 - 2015-12-02 12:06 - 00540752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontdrvhost.exe 2015-12-02 12:06 - 2015-12-02 12:06 - 00536768 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSes.dll 2015-12-02 12:06 - 2015-12-02 12:06 - 00523616 _____ (Microsoft Corporation) C:\WINDOWS\system32\wimserv.exe 2015-12-02 12:06 - 2015-12-02 12:06 - 00517632 _____ (Microsoft Corporation) C:\WINDOWS\system32\winspool.drv 2015-12-02 12:06 - 2015-12-02 12:06 - 00516544 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEng.dll 2015-12-02 12:06 - 2015-12-02 12:06 - 00511320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mf.dll 2015-12-02 12:06 - 2015-12-02 12:06 - 00497664 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmkvsrcsnk.dll 2015-12-02 12:06 - 2015-12-02 12:06 - 00490496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.dll 2015-12-02 12:06 - 2015-12-02 12:06 - 00454056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioEng.dll 2015-12-02 12:06 - 2015-12-02 12:06 - 00450560 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Bluetooth.dll 2015-12-02 12:06 - 2015-12-02 12:06 - 00414720 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcastdvr.exe 2015-12-02 12:06 - 2015-12-02 12:06 - 00409088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\StoreAgent.dll 2015-12-02 12:06 - 2015-12-02 12:06 - 00408128 _____ (Microsoft Corporation) C:\WINDOWS\system32\AUDIOKSE.dll 2015-12-02 12:06 - 2015-12-02 12:06 - 00405048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioSes.dll 2015-12-02 12:06 - 2015-12-02 12:06 - 00400896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winspool.drv 2015-12-02 12:06 - 2015-12-02 12:06 - 00382464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmkvsrcsnk.dll 2015-12-02 12:06 - 2015-12-02 12:06 - 00369912 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiodg.exe 2015-12-02 12:06 - 2015-12-02 12:06 - 00366224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AUDIOKSE.dll 2015-12-02 12:06 - 2015-12-02 12:06 - 00365568 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\atmfd.dll 2015-12-02 12:06 - 2015-12-02 12:06 - 00334736 _____ (Microsoft Corporation) C:\WINDOWS\system32\policymanager.dll 2015-12-02 12:06 - 2015-12-02 12:06 - 00334336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\bcastdvr.exe 2015-12-02 12:06 - 2015-12-02 12:06 - 00315904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Internal.Bluetooth.dll 2015-12-02 12:06 - 2015-12-02 12:06 - 00303104 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\atmfd.dll 2015-12-02 12:06 - 2015-12-02 12:06 - 00296488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\policymanager.dll 2015-12-02 12:06 - 2015-12-02 12:06 - 00292352 _____ (Microsoft Corporation) C:\WINDOWS\system32\provengine.dll 2015-12-02 12:06 - 2015-12-02 12:06 - 00286720 _____ (Microsoft Corporation) C:\WINDOWS\system32\deviceaccess.dll 2015-12-02 12:06 - 2015-12-02 12:06 - 00286208 _____ (Microsoft Corporation) C:\WINDOWS\system32\provhandlers.dll 2015-12-02 12:06 - 2015-12-02 12:06 - 00275456 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll 2015-12-02 12:06 - 2015-12-02 12:06 - 00245848 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfps.dll 2015-12-02 12:06 - 2015-12-02 12:06 - 00231936 _____ (Microsoft Corporation) C:\WINDOWS\system32\KnobsCore.dll 2015-12-02 12:06 - 2015-12-02 12:06 - 00227840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\deviceaccess.dll 2015-12-02 12:06 - 2015-12-02 12:06 - 00204800 _____ (Microsoft Corporation) C:\WINDOWS\system32\Microsoft-Windows-AppModelExecEvents.dll 2015-12-02 12:06 - 2015-12-02 12:06 - 00198656 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallAgent.exe 2015-12-02 12:06 - 2015-12-02 12:06 - 00192000 _____ (Microsoft Corporation) C:\WINDOWS\system32\provisioningcsp.dll 2015-12-02 12:06 - 2015-12-02 12:06 - 00165376 _____ (Microsoft Corporation) C:\WINDOWS\system32\provdatastore.dll 2015-12-02 12:06 - 2015-12-02 12:06 - 00163328 _____ (Microsoft Corporation) C:\WINDOWS\system32\provops.dll 2015-12-02 12:06 - 2015-12-02 12:06 - 00162304 _____ (Microsoft Corporation) C:\WINDOWS\system32\tetheringservice.dll 2015-12-02 12:06 - 2015-12-02 12:06 - 00160768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallAgent.exe 2015-12-02 12:06 - 2015-12-02 12:06 - 00122368 _____ (Microsoft Corporation) C:\WINDOWS\system32\KnobsCsp.dll 2015-12-02 12:06 - 2015-12-02 12:06 - 00118624 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tdx.sys 2015-12-02 12:06 - 2015-12-02 12:06 - 00118272 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontsub.dll 2015-12-02 12:06 - 2015-12-02 12:06 - 00116728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfps.dll 2015-12-02 12:06 - 2015-12-02 12:06 - 00110032 _____ (Microsoft Corporation) C:\WINDOWS\system32\EncDump.dll 2015-12-02 12:06 - 2015-12-02 12:06 - 00093696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontsub.dll 2015-12-02 12:06 - 2015-12-02 12:06 - 00092352 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll 2015-12-02 12:06 - 2015-12-02 12:06 - 00089600 _____ (Microsoft Corporation) C:\WINDOWS\system32\NFCProvisioningPlugin.dll 2015-12-02 12:06 - 2015-12-02 12:06 - 00088392 _____ (Microsoft Corporation) C:\WINDOWS\system32\remoteaudioendpoint.dll 2015-12-02 12:06 - 2015-12-02 12:06 - 00087040 _____ (Microsoft Corporation) C:\WINDOWS\system32\tzautoupdate.dll 2015-12-02 12:06 - 2015-12-02 12:06 - 00086528 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppCapture.dll 2015-12-02 12:06 - 2015-12-02 12:06 - 00078336 _____ (Microsoft Corporation) C:\WINDOWS\system32\BarcodeProvisioningPlugin.dll 2015-12-02 12:06 - 2015-12-02 12:06 - 00077312 _____ (Microsoft Corporation) C:\WINDOWS\system32\ProvPluginEng.dll 2015-12-02 12:06 - 2015-12-02 12:06 - 00073360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\remoteaudioendpoint.dll 2015-12-02 12:06 - 2015-12-02 12:06 - 00070656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppCapture.dll 2015-12-02 12:06 - 2015-12-02 12:06 - 00056320 _____ (Microsoft Corporation) C:\WINDOWS\system32\provtool.exe 2015-12-02 12:06 - 2015-12-02 12:06 - 00052736 _____ (Microsoft Corporation) C:\WINDOWS\system32\tetheringclient.dll 2015-12-02 12:06 - 2015-12-02 12:06 - 00052736 _____ (Microsoft Corporation) C:\WINDOWS\system32\RemovableMediaProvisioningPlugin.dll 2015-12-02 12:06 - 2015-12-02 12:06 - 00045568 _____ (Adobe Systems) C:\WINDOWS\system32\atmlib.dll 2015-12-02 12:06 - 2015-12-02 12:06 - 00043520 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcastdvr.proxy.dll 2015-12-02 12:06 - 2015-12-02 12:06 - 00037376 _____ (Microsoft Corporation) C:\WINDOWS\system32\LaunchWinApp.exe 2015-12-02 12:06 - 2015-12-02 12:06 - 00037376 _____ (Adobe Systems) C:\WINDOWS\SysWOW64\atmlib.dll 2015-12-02 12:06 - 2015-12-02 12:06 - 00035680 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wimmount.sys 2015-12-02 12:06 - 2015-12-02 12:06 - 00035656 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfpmp.exe 2015-12-02 12:06 - 2015-12-02 12:06 - 00032040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfpmp.exe 2015-12-02 12:06 - 2015-12-02 12:06 - 00030720 _____ (Microsoft Corporation) C:\WINDOWS\system32\tetheringconfigsp.dll 2015-12-02 12:06 - 2015-12-02 12:06 - 00029696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LaunchWinApp.exe 2015-12-02 12:06 - 2015-12-02 12:06 - 00028160 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Management.Provisioning.ProxyStub.dll 2015-12-02 12:06 - 2015-12-02 12:06 - 00027136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\bcastdvr.proxy.dll 2015-12-02 12:06 - 2015-12-02 12:06 - 00017408 _____ (Microsoft Corporation) C:\WINDOWS\system32\IcsEntitlementHost.exe 2015-12-02 12:06 - 2015-12-02 12:06 - 00014336 _____ (Microsoft Corporation) C:\WINDOWS\system32\dciman32.dll 2015-12-02 12:06 - 2015-12-02 12:06 - 00011776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dciman32.dll 2015-12-02 12:06 - 2015-12-02 12:06 - 00003072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\lpk.dll 2015-12-02 12:06 - 2015-12-02 12:06 - 00003072 _____ (Microsoft Corporation) C:\WINDOWS\system32\lpk.dll 2015-12-02 11:52 - 2015-12-02 11:52 - 00008192 _____ C:\WINDOWS\system32\config\userdiff 2015-12-02 11:49 - 2015-12-02 11:49 - 00000000 ____D C:\WINDOWS\SysWOW64\XPSViewer 2015-12-02 11:49 - 2015-12-02 11:49 - 00000000 ____D C:\Program Files\Reference Assemblies 2015-12-02 11:49 - 2015-12-02 11:49 - 00000000 ____D C:\Program Files\MSBuild 2015-12-02 11:49 - 2015-12-02 11:49 - 00000000 ____D C:\Program Files (x86)\Reference Assemblies 2015-12-02 11:49 - 2015-12-02 11:49 - 00000000 ____D C:\Program Files (x86)\MSBuild 2015-12-02 11:49 - 2015-12-02 11:49 - 00000000 ____D C:\inetpub 2015-12-02 11:48 - 2015-10-23 17:47 - 00778936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PresentationNative_v0300.dll 2015-12-02 11:48 - 2015-10-23 17:47 - 00103120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PresentationCFFRasterizerNative_v0300.dll 2015-12-02 11:48 - 2015-10-23 17:47 - 00035480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TsWpfWrp.exe 2015-12-02 11:48 - 2015-10-23 17:46 - 01166520 _____ (Microsoft Corporation) C:\WINDOWS\system32\PresentationNative_v0300.dll 2015-12-02 11:48 - 2015-10-23 17:46 - 00035480 _____ (Microsoft Corporation) C:\WINDOWS\system32\TsWpfWrp.exe 2015-12-02 11:48 - 2015-10-23 17:45 - 00124624 _____ (Microsoft Corporation) C:\WINDOWS\system32\PresentationCFFRasterizerNative_v0300.dll 2015-12-02 11:25 - 2015-12-02 12:54 - 00009528 _____ C:\WINDOWS\diagwrn.xml 2015-12-02 11:25 - 2015-12-02 12:54 - 00009528 _____ C:\WINDOWS\diagerr.xml 2015-11-29 15:55 - 2015-11-29 15:58 - 29234869 _____ (AVG Technologies) C:\Users\Andreas\Downloads\AVG_Antivirus7161Free_x86_694.exe 2015-11-29 14:39 - 2015-11-29 14:39 - 02870984 _____ (ESET) C:\Users\Andreas\Downloads\esetsmartinstaller_deu.exe 2015-11-29 14:09 - 2015-11-29 14:09 - 07635472 _____ (Microsoft Corporation) C:\Users\Andreas\Downloads\GetWindows10-sds_____________.exe 2015-11-28 11:36 - 2015-11-28 11:36 - 00000000 ____D C:\Users\Andreas\AppData\Roaming\Ashampoo 2015-11-28 11:36 - 2015-11-28 11:36 - 00000000 ____D C:\Users\Andreas\AppData\Local\ashampoo 2015-11-28 11:35 - 2015-12-03 14:57 - 00001346 _____ C:\Users\Public\Desktop\Ashampoo Burning Studio 2015.lnk 2015-11-28 11:35 - 2015-12-02 12:28 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ashampoo 2015-11-28 11:31 - 2015-11-29 01:41 - 00000000 ____D C:\Program Files (x86)\Ashampoo 2015-11-28 11:31 - 2015-11-28 11:36 - 00000000 ____D C:\ProgramData\Ashampoo 2015-11-28 11:30 - 2015-11-29 01:52 - 00000000 ____D C:\Users\Andreas\AppData\Roaming\WinZip 2015-11-28 11:28 - 2015-11-29 16:24 - 29727656 _____ (Oracle Corporation) C:\Users\Andreas\Downloads\setup [1].exe 2015-11-25 19:53 - 2015-11-25 19:53 - 71087912 _____ C:\Users\Andreas\Downloads\c66739117ad9598e39c6418989440fb1.mp4 2015-11-24 18:29 - 2015-12-02 12:51 - 00002256 _____ C:\WINDOWS\System32\Tasks\Beach Comp 2015-11-23 21:40 - 2015-11-23 21:40 - 00000000 ____D C:\Program Files (x86)\Comodo 2015-11-23 18:15 - 2015-11-23 18:15 - 00000000 ___HD C:\VTRoot 2015-11-23 18:14 - 2015-11-23 21:37 - 00033462 _____ C:\WINDOWS\system32\Drivers\fvstore.dat 2015-11-23 18:08 - 2015-11-23 18:56 - 791547261 _____ C:\Users\Andreas\Downloads\video.mp4 2015-11-23 17:51 - 2015-11-23 17:51 - 00000000 ____D C:\WINDOWS\System32\Tasks\COMODO 2015-11-23 17:49 - 2015-11-23 21:37 - 00007520 _____ C:\WINDOWS\system32\Drivers\sfi.dat 2015-11-23 17:20 - 2015-11-23 17:20 - 00000000 ____D C:\ProgramData\Shared Space 2015-11-23 17:19 - 2015-12-02 12:28 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Comodo 2015-11-23 17:19 - 2015-11-23 21:38 - 00000000 ____D C:\Program Files\COMODO 2015-11-23 17:19 - 2015-11-23 17:19 - 00000000 ____D C:\Users\Andreas\AppData\Local\Comodo 2015-11-23 17:18 - 2015-11-23 17:18 - 00000000 ____D C:\ProgramData\Comodo Downloader 2015-11-23 17:11 - 2015-11-23 21:38 - 00000000 ____D C:\ProgramData\Comodo 2015-11-23 16:43 - 2015-11-23 17:08 - 225688096 _____ (COMODO) C:\Users\Andreas\Downloads\cispremium_installer_v8.2.0.4703.exe 2015-11-23 16:09 - 2015-08-22 14:42 - 00066400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-crt-private-l1-1-0.dll 2015-11-23 16:09 - 2015-08-22 14:42 - 00022368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-crt-math-l1-1-0.dll 2015-11-23 16:09 - 2015-08-22 14:42 - 00019808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-crt-multibyte-l1-1-0.dll 2015-11-23 16:09 - 2015-08-22 14:42 - 00017760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-crt-string-l1-1-0.dll 2015-11-23 16:09 - 2015-08-22 14:42 - 00017760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-crt-stdio-l1-1-0.dll 2015-11-23 16:09 - 2015-08-22 14:42 - 00016224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-crt-runtime-l1-1-0.dll 2015-11-23 16:09 - 2015-08-22 14:42 - 00015712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-crt-convert-l1-1-0.dll 2015-11-23 16:09 - 2015-08-22 14:42 - 00014176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-crt-time-l1-1-0.dll 2015-11-23 16:09 - 2015-08-22 14:42 - 00013664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-crt-filesystem-l1-1-0.dll 2015-11-23 16:09 - 2015-08-22 14:42 - 00012640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-crt-process-l1-1-0.dll 2015-11-23 16:09 - 2015-08-22 14:42 - 00012640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-crt-heap-l1-1-0.dll 2015-11-23 16:09 - 2015-08-22 14:42 - 00012640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-crt-conio-l1-1-0.dll 2015-11-23 16:09 - 2015-08-22 14:42 - 00012128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-crt-utility-l1-1-0.dll 2015-11-23 16:09 - 2015-08-22 14:42 - 00012128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-crt-locale-l1-1-0.dll 2015-11-23 16:09 - 2015-08-22 14:42 - 00012128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-crt-environment-l1-1-0.dll 2015-11-23 16:09 - 2015-08-22 14:35 - 00063840 _____ (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-crt-private-l1-1-0.dll 2015-11-23 16:09 - 2015-08-22 14:35 - 00020832 _____ (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-crt-math-l1-1-0.dll 2015-11-23 16:09 - 2015-08-22 14:35 - 00019808 _____ (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-crt-multibyte-l1-1-0.dll 2015-11-23 16:09 - 2015-08-22 14:35 - 00017760 _____ (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-crt-string-l1-1-0.dll 2015-11-23 16:09 - 2015-08-22 14:35 - 00017760 _____ (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-crt-stdio-l1-1-0.dll 2015-11-23 16:09 - 2015-08-22 14:35 - 00016224 _____ (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-crt-runtime-l1-1-0.dll 2015-11-23 16:09 - 2015-08-22 14:35 - 00015712 _____ (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-crt-convert-l1-1-0.dll 2015-11-23 16:09 - 2015-08-22 14:35 - 00014176 _____ (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-crt-time-l1-1-0.dll 2015-11-23 16:09 - 2015-08-22 14:35 - 00013664 _____ (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-crt-filesystem-l1-1-0.dll 2015-11-23 16:09 - 2015-08-22 14:35 - 00012640 _____ (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-crt-process-l1-1-0.dll 2015-11-23 16:09 - 2015-08-22 14:35 - 00012640 _____ (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-crt-heap-l1-1-0.dll 2015-11-23 16:09 - 2015-08-22 14:35 - 00012640 _____ (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-crt-conio-l1-1-0.dll 2015-11-23 16:09 - 2015-08-22 14:35 - 00012128 _____ (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-crt-utility-l1-1-0.dll 2015-11-23 16:09 - 2015-08-22 14:35 - 00012128 _____ (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-crt-locale-l1-1-0.dll 2015-11-23 16:09 - 2015-08-22 14:35 - 00012128 _____ (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-crt-environment-l1-1-0.dll 2015-11-22 23:12 - 2015-11-23 00:30 - 00000000 ____D C:\WINDOWS\system32\MRT 2015-11-22 23:12 - 2015-10-27 18:43 - 145617392 ____N (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe 2015-11-22 22:42 - 2015-11-22 22:42 - 00000000 ____H C:\WINDOWS\system32\Drivers\Msft_User_LocationProvider_01_11_00.Wdf 2015-11-22 20:21 - 2015-07-22 15:19 - 00041984 _____ (Microsoft Corporation) C:\WINDOWS\system32\UtcResources.dll 2015-11-22 20:20 - 2014-07-10 05:08 - 00321536 _____ (Microsoft Corporation) C:\WINDOWS\system32\lockscreencn.dll 2015-11-22 17:59 - 2014-10-31 04:23 - 00733696 _____ (Microsoft Corporation) C:\WINDOWS\system32\SkyDriveTelemetry.dll 2015-11-22 17:50 - 2014-10-29 02:54 - 00408576 _____ (Microsoft Corporation) C:\WINDOWS\system32\DfpCommon.dll 2015-11-22 17:48 - 2014-10-29 02:59 - 00032256 _____ (Microsoft Corporation) C:\WINDOWS\system32\dfp.exe 2015-11-22 16:56 - 2015-12-02 12:51 - 00002176 _____ C:\WINDOWS\System32\Tasks\{72B3C6E9-C316-429E-92A6-E973A08C5823} 2015-11-21 19:43 - 2015-11-23 16:37 - 00000000 ____D C:\Program Files (x86)\Opera 2015-11-21 19:09 - 2013-08-22 14:25 - 00000824 _____ C:\WINDOWS\system32\Drivers\etc\hp.bak 2015-11-21 19:04 - 2015-11-25 17:12 - 00000000 ____D C:\WINDOWS\System32\Tasks\McAfee 2015-11-20 17:35 - 2015-12-10 23:45 - 00001134 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA1d123b16d1b2c0c.job 2015-11-20 17:35 - 2015-12-03 21:40 - 00004222 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA1d123b16d1b2c0c 2015-11-20 17:31 - 2015-12-03 14:57 - 00001145 _____ C:\Users\Public\Desktop\Internet (Chromodo).lnk 2015-11-20 17:31 - 2015-12-02 12:36 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome 2015-11-20 17:30 - 2015-12-11 13:15 - 00001130 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job 2015-11-20 17:30 - 2015-12-10 23:40 - 00001134 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job 2015-11-20 17:30 - 2015-12-03 21:40 - 00003960 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore 2015-11-20 17:30 - 2015-12-02 12:51 - 00003502 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA 2015-11-20 17:30 - 2015-11-23 19:02 - 00000000 ____D C:\Users\Andreas\AppData\Local\Google 2015-11-20 17:30 - 2015-11-20 17:30 - 00000000 ____D C:\Program Files (x86)\Google 2015-11-20 17:26 - 2015-11-20 17:26 - 00000000 ____D C:\Program Files\Common Files\AV 2015-11-20 17:25 - 2015-11-24 18:31 - 00000000 __SHD C:\Users\Andreas\AppData\Local\EmieUserList 2015-11-20 17:25 - 2015-11-24 18:31 - 00000000 __SHD C:\Users\Andreas\AppData\Local\EmieSiteList 2015-11-20 17:25 - 2015-11-20 17:25 - 00000000 __SHD C:\Users\Andreas\AppData\LocalLow\EmieUserList 2015-11-20 17:22 - 2015-12-11 13:18 - 00004158 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{DD81F2A9-78EA-4C5F-837F-47B6F5DC573E} 2015-11-20 17:22 - 2015-11-20 17:25 - 00000000 __SHD C:\Users\Andreas\AppData\LocalLow\EmieSiteList 2015-11-20 14:22 - 2015-11-20 14:22 - 00000000 ____D C:\Users\Andreas\AppData\Local\GWX 2015-11-20 14:21 - 2015-12-11 13:16 - 00000000 __RDO C:\Users\Andreas\OneDrive 2015-11-20 14:21 - 2015-12-02 12:51 - 00002750 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1884890629-360092094-2303528047-1001 2015-11-20 14:20 - 2015-11-20 14:20 - 00000000 ____D C:\Users\Andreas\AppData\Roaming\Macromedia 2015-11-20 14:18 - 2015-12-11 13:18 - 00000000 ____D C:\Users\Andreas\Documents\Youcam 2015-11-20 14:18 - 2015-11-20 14:18 - 00000000 ____D C:\Users\Andreas\AppData\Roaming\Hewlett-Packard 2015-11-20 14:18 - 2015-11-20 14:18 - 00000000 ____D C:\Users\Andreas\AppData\Local\CyberLink 2015-11-20 14:17 - 2015-11-20 14:17 - 00000000 ____D C:\Users\Andreas\AppData\Roaming\hpqlog 2015-11-20 14:17 - 2015-11-20 14:17 - 00000000 ____D C:\Users\Andreas\AppData\Local\Hewlett-Packard 2015-11-20 14:16 - 2015-11-20 14:16 - 00000000 ____D C:\WINDOWS\System32\Tasks\WPD 2015-11-20 14:16 - 2015-11-20 14:16 - 00000000 ____D C:\Users\Andreas\AppData\Local\PackageStaging 2015-11-20 14:15 - 2015-12-03 14:57 - 00002125 _____ C:\Users\Public\Desktop\Snapfish Fotos.lnk 2015-11-20 14:15 - 2015-12-03 14:57 - 00001457 _____ C:\Users\Andreas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet-Explorer.lnk 2015-11-20 14:15 - 2015-12-03 14:57 - 00001322 _____ C:\Users\Public\Desktop\TripAdvisor.lnk 2015-11-20 14:15 - 2015-12-03 14:36 - 00000000 ____D C:\Users\Andreas\AppData\Local\VirtualStore 2015-11-20 14:15 - 2015-12-02 17:23 - 00000000 ____D C:\Users\Andreas\AppData\Local\Packages 2015-11-20 14:15 - 2015-11-20 14:15 - 00000186 _____ C:\WINDOWS\insFileSpec 2015-11-20 14:15 - 2015-11-20 14:15 - 00000000 ____D C:\Users\Andreas\AppData\Roaming\Adobe 2015-11-20 14:14 - 2015-11-20 14:14 - 00000000 ____D C:\Users\Andreas\AppData\Roaming\Synaptics 2015-11-20 14:12 - 2014-09-03 06:02 - 00000000 ___HD C:\Users\Andreas\Documents\hp.system.package.metadata 2015-11-20 14:12 - 2014-09-03 06:02 - 00000000 ___HD C:\Users\Andreas\Documents\hp.applications.package.appdata 2015-11-20 14:08 - 2015-03-14 02:51 - 00015360 _____ (Microsoft Corporation) C:\WINDOWS\system32\wu.upgrade.ps.dll 2015-11-20 09:44 - 2015-11-20 09:44 - 00000000 _____ C:\Recovery.txt 2015-11-20 05:41 - 2015-12-02 16:11 - 00000000 __RHD C:\Users\Public\AccountPictures 2015-11-20 00:51 - 2015-11-20 00:51 - 00000000 _SHDL C:\Users\Public\Documents\Eigene Videos 2015-11-20 00:51 - 2015-11-20 00:51 - 00000000 _SHDL C:\Users\Public\Documents\Eigene Musik 2015-11-20 00:51 - 2015-11-20 00:51 - 00000000 _SHDL C:\Users\Public\Documents\Eigene Bilder 2015-11-20 00:51 - 2015-11-20 00:51 - 00000000 _SHDL C:\Users\Default.migrated\Vorlagen 2015-11-20 00:51 - 2015-11-20 00:51 - 00000000 _SHDL C:\Users\Default.migrated\Startmenü 2015-11-20 00:51 - 2015-11-20 00:51 - 00000000 _SHDL C:\Users\Default.migrated\Netzwerkumgebung 2015-11-20 00:51 - 2015-11-20 00:51 - 00000000 _SHDL C:\Users\Default.migrated\Lokale Einstellungen 2015-11-20 00:51 - 2015-11-20 00:51 - 00000000 _SHDL C:\Users\Default.migrated\Eigene Dateien 2015-11-20 00:51 - 2015-11-20 00:51 - 00000000 _SHDL C:\Users\Default.migrated\Druckumgebung 2015-11-20 00:51 - 2015-11-20 00:51 - 00000000 _SHDL C:\Users\Default.migrated\Documents\Eigene Videos 2015-11-20 00:51 - 2015-11-20 00:51 - 00000000 _SHDL C:\Users\Default.migrated\Documents\Eigene Musik 2015-11-20 00:51 - 2015-11-20 00:51 - 00000000 _SHDL C:\Users\Default.migrated\Documents\Eigene Bilder 2015-11-20 00:51 - 2015-11-20 00:51 - 00000000 _SHDL C:\Users\Default.migrated\AppData\Roaming\Microsoft\Windows\Start Menu\Programme 2015-11-20 00:51 - 2015-11-20 00:51 - 00000000 _SHDL C:\Users\Default.migrated\AppData\Local\Verlauf 2015-11-20 00:51 - 2015-11-20 00:51 - 00000000 _SHDL C:\Users\Default.migrated\AppData\Local\Anwendungsdaten 2015-11-20 00:51 - 2015-11-20 00:51 - 00000000 _SHDL C:\Users\Default.migrated\Anwendungsdaten 2015-11-20 00:51 - 2015-11-20 00:51 - 00000000 _SHDL C:\Programme 2015-11-20 00:51 - 2015-11-20 00:51 - 00000000 _SHDL C:\ProgramData\Vorlagen 2015-11-20 00:51 - 2015-11-20 00:51 - 00000000 _SHDL C:\ProgramData\Startmenü 2015-11-20 00:51 - 2015-11-20 00:51 - 00000000 _SHDL C:\ProgramData\Microsoft\Windows\Start Menu\Programme 2015-11-20 00:51 - 2015-11-20 00:51 - 00000000 _SHDL C:\ProgramData\Dokumente 2015-11-20 00:51 - 2015-11-20 00:51 - 00000000 _SHDL C:\ProgramData\Anwendungsdaten 2015-11-20 00:51 - 2015-11-20 00:51 - 00000000 _SHDL C:\Program Files\Gemeinsame Dateien 2015-11-20 00:51 - 2015-11-20 00:51 - 00000000 _SHDL C:\Dokumente und Einstellungen 2015-11-20 00:46 - 2015-12-02 12:51 - 00002378 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1884890629-360092094-2303528047-500 ==================== Ein Monat: Geänderte Dateien und Ordner ======== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.) 2015-12-11 13:14 - 2015-10-30 07:28 - 00262144 ___SH C:\WINDOWS\system32\config\BBI 2015-12-10 17:35 - 2015-10-30 08:24 - 00000000 ___HD C:\Program Files\WindowsApps 2015-12-10 17:35 - 2015-10-30 08:24 - 00000000 ____D C:\WINDOWS\AppReadiness 2015-12-09 20:31 - 2015-10-30 08:24 - 00000000 ____D C:\WINDOWS\system32\oobe 2015-12-09 18:13 - 2015-10-30 19:36 - 00000000 ____D C:\WINDOWS\OCR 2015-12-09 18:13 - 2015-10-30 08:11 - 00000000 ____D C:\WINDOWS\CbsTemp 2015-12-09 13:58 - 2015-10-30 07:28 - 00008192 ___SH C:\WINDOWS\system32\config\ELAM 2015-12-07 19:34 - 2015-10-30 08:24 - 00000000 ____D C:\WINDOWS\rescache 2015-12-07 19:28 - 2015-10-30 19:35 - 00000000 ____D C:\WINDOWS\SysWOW64\winrm 2015-12-07 19:28 - 2015-10-30 19:35 - 00000000 ____D C:\WINDOWS\SysWOW64\WCN 2015-12-07 19:28 - 2015-10-30 19:35 - 00000000 ____D C:\WINDOWS\SysWOW64\slmgr 2015-12-07 19:28 - 2015-10-30 19:35 - 00000000 ____D C:\WINDOWS\SysWOW64\Printing_Admin_Scripts 2015-12-07 19:28 - 2015-10-30 19:35 - 00000000 ____D C:\WINDOWS\system32\winrm 2015-12-07 19:28 - 2015-10-30 19:35 - 00000000 ____D C:\WINDOWS\system32\WCN 2015-12-07 19:28 - 2015-10-30 19:35 - 00000000 ____D C:\WINDOWS\system32\slmgr 2015-12-07 19:28 - 2015-10-30 19:35 - 00000000 ____D C:\WINDOWS\system32\Printing_Admin_Scripts 2015-12-07 19:28 - 2015-10-30 08:24 - 00000000 ___SD C:\WINDOWS\SysWOW64\F12 2015-12-07 19:28 - 2015-10-30 08:24 - 00000000 ___SD C:\WINDOWS\SysWOW64\DiagSvcs 2015-12-07 19:28 - 2015-10-30 08:24 - 00000000 ___SD C:\WINDOWS\system32\F12 2015-12-07 19:28 - 2015-10-30 08:24 - 00000000 ___SD C:\WINDOWS\system32\dsc 2015-12-07 19:28 - 2015-10-30 08:24 - 00000000 ____D C:\WINDOWS\SysWOW64\oobe 2015-12-07 19:28 - 2015-10-30 08:24 - 00000000 ____D C:\WINDOWS\SysWOW64\en-GB 2015-12-07 19:28 - 2015-10-30 08:24 - 00000000 ____D C:\WINDOWS\system32\SystemResetPlatform 2015-12-07 19:28 - 2015-10-30 08:24 - 00000000 ____D C:\WINDOWS\system32\migwiz 2015-12-07 19:28 - 2015-10-30 08:24 - 00000000 ____D C:\WINDOWS\system32\en-GB 2015-12-07 19:27 - 2015-10-30 19:44 - 00000000 ____D C:\Program Files\Windows Journal 2015-12-07 19:27 - 2015-10-30 08:24 - 00000000 ___SD C:\WINDOWS\system32\DiagSvcs 2015-12-07 19:27 - 2015-10-30 08:24 - 00000000 ___RD C:\WINDOWS\PurchaseDialog 2015-12-07 19:27 - 2015-10-30 08:24 - 00000000 ___RD C:\WINDOWS\MiracastView 2015-12-07 19:27 - 2015-10-30 08:24 - 00000000 ___RD C:\WINDOWS\ImmersiveControlPanel 2015-12-07 19:27 - 2015-10-30 08:24 - 00000000 ___RD C:\WINDOWS\DevicesFlow 2015-12-07 19:27 - 2015-10-30 08:24 - 00000000 ____D C:\WINDOWS\PolicyDefinitions 2015-12-07 19:27 - 2015-10-30 08:24 - 00000000 ____D C:\WINDOWS\IME 2015-12-07 19:27 - 2015-10-30 08:24 - 00000000 ____D C:\WINDOWS\Help 2015-12-07 19:27 - 2015-10-30 08:24 - 00000000 ____D C:\Program Files\Windows Photo Viewer 2015-12-07 19:27 - 2015-10-30 08:24 - 00000000 ____D C:\Program Files\Windows Defender 2015-12-07 19:27 - 2015-10-30 08:24 - 00000000 ____D C:\Program Files\Common Files\System 2015-12-07 19:27 - 2015-10-30 08:24 - 00000000 ____D C:\Program Files (x86)\Windows Photo Viewer 2015-12-07 19:27 - 2015-10-30 08:24 - 00000000 ____D C:\Program Files (x86)\Windows Defender 2015-12-07 19:27 - 2015-10-30 07:28 - 00000000 ____D C:\WINDOWS\servicing 2015-12-07 19:27 - 2015-10-30 07:28 - 00000000 ____D C:\Windows 2015-12-04 21:42 - 2015-10-30 20:27 - 00000000 ___HD C:\$WINDOWS.~BT 2015-12-04 21:42 - 2015-10-30 08:21 - 00000000 ____D C:\WINDOWS\INF 2015-12-04 21:42 - 2014-10-31 17:20 - 00000000 ____D C:\ProgramData\Temp 2015-12-04 17:34 - 2014-10-31 17:22 - 00000000 ____D C:\ProgramData\CyberLink 2015-12-03 15:06 - 2015-10-30 19:35 - 00853752 _____ C:\WINDOWS\system32\perfh007.dat 2015-12-03 15:06 - 2015-10-30 19:35 - 00187942 _____ C:\WINDOWS\system32\perfc007.dat 2015-12-03 14:58 - 2014-09-03 06:09 - 00001986 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office.lnk 2015-12-03 14:57 - 2014-10-31 17:40 - 00002050 _____ C:\Users\Public\Desktop\Connected Photo.lnk 2015-12-03 14:57 - 2014-10-31 17:36 - 00001833 _____ C:\Users\Public\Desktop\McAfee LiveSafe - Internet Security.lnk 2015-12-03 14:57 - 2014-10-31 17:24 - 00002513 _____ C:\Users\Public\Desktop\WildTangent Games App - hp.lnk 2015-12-03 14:57 - 2014-10-31 17:20 - 00001987 _____ C:\Users\Public\Desktop\Connected Music.lnk 2015-12-03 10:43 - 2015-10-30 08:24 - 00000000 ____D C:\WINDOWS\appcompat 2015-12-02 16:25 - 2015-10-30 08:24 - 00000000 ___RD C:\WINDOWS\PrintDialog 2015-12-02 16:09 - 2015-10-30 08:24 - 00000000 ____D C:\ProgramData\USOPrivate 2015-12-02 12:55 - 2015-10-30 08:24 - 00000000 ____D C:\WINDOWS\system32\WinBioDatabase 2015-12-02 12:55 - 2015-10-30 08:24 - 00000000 ____D C:\Program Files\Windows NT 2015-12-02 12:53 - 2015-10-30 08:24 - 00000000 ____D C:\WINDOWS\Registration 2015-12-02 12:51 - 2014-10-31 17:23 - 00002346 _____ C:\WINDOWS\System32\Tasks\YCMServiceAgent 2015-12-02 12:41 - 2015-10-30 08:24 - 00000000 __RHD C:\Users\Public\Libraries 2015-12-02 12:36 - 2015-10-30 08:24 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft 2015-12-02 12:36 - 2014-10-31 17:24 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games 2015-12-02 12:36 - 2014-10-31 17:23 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Communication and Chat 2015-12-02 12:36 - 2014-09-03 06:21 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP Help and Support 2015-12-02 12:36 - 2014-09-03 06:07 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Security and Protection 2015-12-02 12:36 - 2014-09-03 06:06 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Productivity and Tools 2015-12-02 12:34 - 2013-08-22 14:36 - 00000000 ____D C:\Users\Default.migrated 2015-12-02 12:31 - 2015-10-30 08:24 - 00000000 ____D C:\WINDOWS\SysWOW64\lv-LV 2015-12-02 12:31 - 2015-10-30 08:24 - 00000000 ____D C:\WINDOWS\SysWOW64\lt-LT 2015-12-02 12:31 - 2015-10-30 08:24 - 00000000 ____D C:\WINDOWS\SysWOW64\et-EE 2015-12-02 12:31 - 2015-10-30 08:24 - 00000000 ____D C:\WINDOWS\system32\spool 2015-12-02 12:31 - 2014-09-03 06:17 - 00000000 ____D C:\WINDOWS\SysWOW64\Adobe 2015-12-02 12:31 - 2014-03-18 11:06 - 00000000 ____D C:\WINDOWS\SysWOW64\gl-es 2015-12-02 12:31 - 2014-03-18 11:06 - 00000000 ____D C:\WINDOWS\SysWOW64\eu-es 2015-12-02 12:31 - 2014-03-18 11:06 - 00000000 ____D C:\WINDOWS\SysWOW64\ca-es-valencia 2015-12-02 12:31 - 2014-03-18 11:06 - 00000000 ____D C:\WINDOWS\SysWOW64\ca-es 2015-12-02 12:31 - 2013-08-22 16:36 - 00000000 ____D C:\WINDOWS\system32\WindowsInternal.Inbox.Shared 2015-12-02 12:31 - 2013-08-22 16:36 - 00000000 ____D C:\WINDOWS\system32\WindowsInternal.Inbox.Media.Shared 2015-12-02 12:30 - 2015-10-30 08:24 - 00000000 ____D C:\WINDOWS\system32\NDF 2015-12-02 12:30 - 2015-10-30 08:24 - 00000000 ____D C:\WINDOWS\system32\lv-LV 2015-12-02 12:30 - 2015-10-30 08:24 - 00000000 ____D C:\WINDOWS\system32\lt-LT 2015-12-02 12:30 - 2015-10-30 08:24 - 00000000 ____D C:\WINDOWS\system32\InputMethod 2015-12-02 12:30 - 2015-10-30 08:24 - 00000000 ____D C:\WINDOWS\system32\et-EE 2015-12-02 12:30 - 2014-03-18 11:06 - 00000000 ____D C:\WINDOWS\system32\gl-es 2015-12-02 12:30 - 2014-03-18 11:06 - 00000000 ____D C:\WINDOWS\system32\eu-es 2015-12-02 12:29 - 2015-10-30 08:24 - 00000000 ___HD C:\WINDOWS\ELAMBKUP 2015-12-02 12:29 - 2015-10-30 08:24 - 00000000 ____D C:\WINDOWS\InputMethod 2015-12-02 12:29 - 2014-03-18 11:06 - 00000000 ____D C:\WINDOWS\system32\ca-es-valencia 2015-12-02 12:29 - 2014-03-18 11:06 - 00000000 ____D C:\WINDOWS\system32\ca-es 2015-12-02 12:29 - 2013-08-22 16:36 - 00000000 ____D C:\WINDOWS\MediaViewer 2015-12-02 12:29 - 2013-08-22 16:36 - 00000000 ____D C:\WINDOWS\ADFS 2015-12-02 12:28 - 2015-10-30 08:24 - 00000000 ____D C:\Program Files\Common Files\microsoft shared 2015-12-02 12:28 - 2014-09-03 06:02 - 00000000 ____D C:\Program Files (x86)\Hewlett-Packard 2015-12-02 12:25 - 2015-10-30 07:28 - 00000000 ____D C:\WINDOWS\system32\Sysprep 2015-12-02 12:15 - 2015-10-30 19:55 - 00000000 ____D C:\WINDOWS\ServiceProfiles 2015-12-02 12:13 - 2015-10-30 08:24 - 00028672 _____ C:\WINDOWS\system32\config\BCD-Template 2015-12-02 12:07 - 2015-10-30 08:24 - 00000000 ____D C:\WINDOWS\system32\appraiser 2015-12-02 12:07 - 2015-10-30 08:24 - 00000000 ____D C:\WINDOWS\Provisioning 2015-12-02 12:07 - 2015-10-30 07:28 - 00000000 ____D C:\WINDOWS\SysWOW64\Dism 2015-12-02 12:07 - 2015-10-30 07:28 - 00000000 ____D C:\WINDOWS\system32\Dism 2015-12-02 11:49 - 2015-10-30 08:24 - 00000000 ____D C:\WINDOWS\SysWOW64\MUI 2015-12-02 11:49 - 2015-10-30 08:24 - 00000000 ____D C:\WINDOWS\SysWOW64\inetsrv 2015-12-02 11:49 - 2015-10-30 08:24 - 00000000 ____D C:\WINDOWS\system32\MUI 2015-12-02 11:49 - 2015-10-30 08:24 - 00000000 ____D C:\WINDOWS\system32\inetsrv 2015-12-02 11:49 - 2015-10-30 08:19 - 00168960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iisRtl.dll 2015-12-02 11:49 - 2015-10-30 08:19 - 00051200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\admwprox.dll 2015-12-02 11:49 - 2015-10-30 08:19 - 00026112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ahadmin.dll 2015-12-02 11:49 - 2015-10-30 08:19 - 00017408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iisreset.exe 2015-12-02 11:49 - 2015-10-30 08:19 - 00011264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wamregps.dll 2015-12-02 11:49 - 2015-10-30 08:19 - 00010240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iisrstap.dll 2015-12-02 11:49 - 2015-10-30 08:18 - 00202240 _____ (Microsoft Corporation) C:\WINDOWS\system32\iisRtl.dll 2015-12-02 11:49 - 2015-10-30 08:18 - 00056320 _____ (Microsoft Corporation) C:\WINDOWS\system32\admwprox.dll 2015-12-02 11:49 - 2015-10-30 08:18 - 00053248 _____ (Microsoft Corporation) C:\WINDOWS\system32\ahadmin.dll 2015-12-02 11:49 - 2015-10-30 08:18 - 00019456 _____ (Microsoft Corporation) C:\WINDOWS\system32\iisreset.exe 2015-12-02 11:49 - 2015-10-30 08:18 - 00015360 _____ (Microsoft Corporation) C:\WINDOWS\system32\wamregps.dll 2015-12-02 11:49 - 2015-10-30 08:18 - 00013312 _____ (Microsoft Corporation) C:\WINDOWS\system32\iisrstap.dll 2015-12-01 01:33 - 2015-10-30 08:26 - 00826872 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe 2015-12-01 01:33 - 2015-10-30 08:26 - 00176632 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl 2015-11-29 01:52 - 2014-09-03 06:07 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information 2015-11-29 01:41 - 2014-10-31 17:03 - 00000000 ____D C:\Program Files (x86)\Realtek 2015-11-29 00:55 - 2014-10-31 17:10 - 00000000 ___HD C:\Program Files (x86)\Temp 2015-11-29 00:25 - 2014-09-03 06:02 - 00000000 ____D C:\Program Files\Hewlett-Packard 2015-11-25 19:28 - 2014-10-31 17:35 - 00000000 ____D C:\Program Files (x86)\McAfee 2015-11-25 17:16 - 2014-10-31 17:35 - 00000000 ____D C:\Program Files\Common Files\mcafee 2015-11-25 17:08 - 2014-10-31 17:34 - 00000000 ____D C:\ProgramData\McAfee 2015-11-24 02:36 - 2013-08-22 16:36 - 00000000 ___RD C:\WINDOWS\ToastData 2015-11-22 22:51 - 2014-09-03 06:20 - 00000000 ____D C:\ProgramData\Package Cache 2015-11-21 19:09 - 2014-10-31 17:33 - 00000000 ____D C:\Users\Public\CyberLink 2015-11-20 14:18 - 2014-09-03 06:21 - 00000000 ____D C:\ProgramData\Hewlett-Packard 2015-11-20 14:15 - 2014-04-05 00:45 - 00000000 ___HD C:\SYSTEM.SAV ==================== Bamital & volsnap ================= (Es ist kein automatischer Fix für Dateien vorhanden, die an der Verifikation gescheitert sind.) C:\WINDOWS\system32\winlogon.exe => Datei ist digital signiert C:\WINDOWS\system32\wininit.exe => Datei ist digital signiert C:\WINDOWS\explorer.exe => Datei ist digital signiert C:\WINDOWS\SysWOW64\explorer.exe => Datei ist digital signiert C:\WINDOWS\system32\svchost.exe => Datei ist digital signiert C:\WINDOWS\SysWOW64\svchost.exe => Datei ist digital signiert C:\WINDOWS\system32\services.exe => Datei ist digital signiert C:\WINDOWS\system32\User32.dll => Datei ist digital signiert C:\WINDOWS\SysWOW64\User32.dll => Datei ist digital signiert C:\WINDOWS\system32\userinit.exe => Datei ist digital signiert C:\WINDOWS\SysWOW64\userinit.exe => Datei ist digital signiert C:\WINDOWS\system32\rpcss.dll => Datei ist digital signiert C:\WINDOWS\system32\dnsapi.dll => Datei ist digital signiert C:\WINDOWS\SysWOW64\dnsapi.dll => Datei ist digital signiert C:\WINDOWS\system32\Drivers\volsnap.sys => Datei ist digital signiert LastRegBack: 2015-12-02 12:14 ==================== Ende von FRST.txt ============================ |
11.12.2015, 13:37 | #24 |
| Direkt nach dem Start erscheint "Modul nicht gefunden".Code:
ATTFilter Zusätzliches Untersuchungsergebnis von Farbar Recovery Scan Tool (x64) Version:09-12-2015 durchgeführt von Andreas (2015-12-11 13:29:05) Gestartet von C:\Users\Andreas\Downloads Windows 10 Home (X64) (2015-12-02 15:09:34) Start-Modus: Normal ========================================================== ==================== Konten: ============================= Administrator (S-1-5-21-1884890629-360092094-2303528047-500 - Administrator - Disabled) Andreas (S-1-5-21-1884890629-360092094-2303528047-1001 - Administrator - Enabled) => C:\Users\Andreas DefaultAccount (S-1-5-21-1884890629-360092094-2303528047-503 - Limited - Disabled) Gast (S-1-5-21-1884890629-360092094-2303528047-501 - Limited - Disabled) HomeGroupUser$ (S-1-5-21-1884890629-360092094-2303528047-1003 - Limited - Enabled) ==================== Sicherheits-Center ======================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er entfernt.) AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AV: McAfee Anti-Virus und Anti-Spyware (Enabled - Up to date) {DA9F8ED0-D0DE-39CC-F55A-51AB4CC1B556} AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: McAfee Anti-Virus und Anti-Spyware (Enabled - Up to date) {61FE6F34-F6E4-3642-CFEA-6AD93746FFEB} FW: McAfee Firewall (Enabled) {E2A40FF5-9AB1-3894-DE05-F89EB212F22D} ==================== Installierte Programme ====================== (Nur Adware-Programme mit dem Zusatz "Hidden" können in die Fixlist aufgenommen werden, um sie sichtbar zu machen. Die Adware-Programme sollten manuell deinstalliert werden.) Adobe Shockwave Player 12.0 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.0.4.144 - Adobe Systems, Inc.) Ashampoo Burning Studio 2015 v.1.15.0 (HKLM-x32\...\{91B33C97-21E3-DF34-9630-2EE80DDE1648}_is1) (Version: 1.15.0 - Ashampoo GmbH & Co. KG) Beach Comp (HKU\S-1-5-21-1884890629-360092094-2303528047-1001\...\{A6B7E7DC-4B07-0CD0-7EE6-78BF4681A8DA}) (Version: 1.1.3 - Download Experience corp) Bejeweled 3 (x32 Version: 3.0.2.59 - WildTangent) Hidden Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.) Build-a-lot (x32 Version: 2.2.0.98 - WildTangent) Hidden Building the Great Wall of China Collector's Edition (x32 Version: 3.0.2.48 - WildTangent) Hidden Chromodo (HKLM-x32\...\Chromodo) (Version: 45.7.11.387 - Comodo) Crazy Chicken Soccer (x32 Version: 2.2.0.110 - WildTangent) Hidden CyberLink Media Suite 10 (HKLM-x32\...\InstallShield_{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}) (Version: 10.0.7.4023 - CyberLink Corp.) Cyberlink PhotoDirector (HKLM-x32\...\InstallShield_{5A454EC5-217A-42a5-8CE1-2DDEC4E70E01}) (Version: 5.0.1.5406 - CyberLink Corp.) Cyberlink PhotoDirector (Version: 5.0.1.5406 - Ihr Firmenname) Hidden CyberLink Power2Go 8 (HKLM-x32\...\InstallShield_{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}) (Version: 8.0.7.4016 - CyberLink Corp.) CyberLink PowerDirector 12 (HKLM-x32\...\InstallShield_{E1646825-D391-42A0-93AA-27FA810DA093}) (Version: 12.0.1.3024 - CyberLink Corp.) CyberLink PowerDirector 12 (Version: 12.0.1.3024 - Ihr Firmenname) Hidden CyberLink PowerDVD 12 (HKLM-x32\...\InstallShield_{B46BEA36-0B71-4A4E-AE41-87241643FA0A}) (Version: 12.0.4.4223 - CyberLink Corp.) CyberLink YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 5.0.4.4218 - CyberLink Corp.) DisableMSDefender (Version: 1.0.0 - Hewlett-Packard Company) Hidden Farm Frenzy (x32 Version: 3.0.2.59 - WildTangent) Hidden Foxit PhantomPDF (HKLM-x32\...\{00CD7D62-056A-4F0F-9143-44522D44E6DD}) (Version: 6.0.32.507 - Foxit Corporation) GeekBuddy (HKLM\...\{266FA04F-F0FA-4F7A-AA1E-387A57F579F2}) (Version: 4.19.131 - Comodo Security Solutions Inc) Google Chrome (HKLM-x32\...\Google Chrome) (Version: 47.0.2526.80 - Google Inc.) Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden Google Update Helper (x32 Version: 1.3.29.1 - Google Inc.) Hidden Governor of Poker 2 Premium Edition (x32 Version: 3.0.2.59 - WildTangent) Hidden Hewlett-Packard ACLM.NET v1.2.2.3 (x32 Version: 1.00.0000 - Hewlett-Packard Company) Hidden HP Documentation (HKLM-x32\...\{90CE78B2-4F84-4BE8-B55C-ED85759C8445}) (Version: 1.2.0.0 - Hewlett-Packard) HP Registration Service (HKLM\...\{D1E8F2D7-7794-4245-B286-87ED86C1893C}) (Version: 1.2.7745.4851 - Hewlett-Packard) HP SimplePass (HKLM-x32\...\InstallShield_{314FAD12-F785-4471-BCE8-AB506642B9A1}) (Version: 8.01.11 - Hewlett-Packard) HP Support Assistant (HKLM-x32\...\{7FE016CC-DAA9-4E21-BD2F-98390D1E6F3F}) (Version: 7.6.23.8 - Hewlett-Packard Company) HP System Event Utility (HKLM-x32\...\{E20B0C89-ACCF-4EBB-909D-2E5BD4A9C024}) (Version: 1.1.11 - Hewlett-Packard Company) HP Utility Center (HKLM\...\{E8F2076D-1885-4A0F-83D8-77B1F9D384CE}) (Version: 2.5.2 - Hewlett-Packard Company) HP Wireless Button Driver (HKLM-x32\...\{30B2D1D8-0A07-4B71-9553-0710C5D31E35}) (Version: 1.1.2.1 - Hewlett-Packard Company) Inst5675 (Version: 8.01.11 - Softex Inc.) Hidden Inst5676 (Version: 8.01.11 - Softex Inc.) Hidden Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.4276 - Intel Corporation) Intel(R) Sideband Fabric Device Driver (HKLM-x32\...\C5A8BC6E-723A-4C0F-96E1-C426D1A4BCA9) (Version: 1.70.305.16316 - Intel Corporation) Intel(R) Trusted Execution Engine (HKLM\...\{176E2755-0A17-42C6-88E2-192AB2131278}) (Version: 1.0.0.1064 - Intel Corporation) Jewel Match 3 (x32 Version: 3.0.2.59 - WildTangent) Hidden Malwarebytes Anti-Malware Version 2.2.0.1024 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.0.1024 - Malwarebytes) McAfee LiveSafe - Internet Security (HKLM-x32\...\MSC) (Version: 14.0.5120 - McAfee, Inc.) Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation) Microsoft Silverlight (HKLM-x32\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Plants vs. Zombies - Game of the Year (x32 Version: 3.0.2.51 - WildTangent) Hidden Polar Bowler 1st Frame (x32 Version: 3.0.2.59 - WildTangent) Hidden Ranch Rush 2 - Premium Edition (x32 Version: 2.2.0.98 - WildTangent) Hidden Realtek Ethernet Controller All-In-One Windows Driver (HKLM-x32\...\{F7E7F0CB-AA41-4D5A-B6F2-8E6738EB063F}) (Version: 8.32.508.2014 - Realtek) Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7272 - Realtek Semiconductor Corp.) REALTEK Wireless LAN Driver (HKLM-x32\...\{A5107464-AA9B-4177-8129-5FF2F42DD322}) (Version: 1.0.0.33 - REALTEK Semiconductor Corp.) SearchModule (HKU\S-1-5-21-1884890629-360092094-2303528047-1001\...\{D2E9FE6A-7003-42A0-96F6-5569DFC2A3A8}_is1) (Version: 2.7.6.1776 - Goobzo LTD) <==== ACHTUNG swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 19.0.12.95 - Synaptics Incorporated) Trinklit Supreme (x32 Version: 2.2.0.98 - WildTangent) Hidden Update Installer for WildTangent Games App (x32 Version: - WildTangent) Hidden Virtual Families (x32 Version: 2.2.0.98 - WildTangent) Hidden Wedding Dash (x32 Version: 2.2.0.95 - WildTangent) Hidden WildTangent Games App für HP (x32 Version: 4.0.11.9 - WildTangent) Hidden WildTangent-Spiele (HKLM-x32\...\WildTangent wildgames Master Uninstall) (Version: 1.0.4.0 - WildTangent) Youda Jewel Shop (x32 Version: 3.0.2.51 - WildTangent) Hidden ==================== Benutzerdefinierte CLSID (Nicht auf der Ausnahmeliste): ========================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.) CustomCLSID: HKU\S-1-5-21-1884890629-360092094-2303528047-1001_Classes\CLSID\{71DCE5D6-4B57-496B-AC21-CD5B54EB93FD}\localserver32 -> C:\Users\Andreas\AppData\Local\Microsoft\OneDrive\17.3.6201.1019\FileCoAuth.exe (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-1884890629-360092094-2303528047-1001_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\WINDOWS\system32\igfxEM.exe (Intel Corporation) ==================== Wiederherstellungspunkte ========================= 02-12-2015 18:14:46 Windows Update 03-12-2015 16:06:17 JRT Pre-Junkware Removal 05-12-2015 18:16:39 AVG PC TuneUp 2015 wird entfernt 07-12-2015 19:24:38 Sprachpaketdeinstallation 09-12-2015 13:53:41 Windows Modules Installer ==================== Hosts Inhalt: =============================== (Wenn benötigt kann der Hosts: Schalter in die Fixlist aufgenommen werden um die Hosts Datei zurückzusetzen.) 2013-08-22 14:25 - 2013-08-22 14:25 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts ==================== Geplante Aufgaben (Nicht auf der Ausnahmeliste) ============= (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.) Task: {070DAEAC-8CFD-4E19-BB16-2CE8427F8B68} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> Keine Datei <==== ACHTUNG Task: {081F01E5-F47F-4EE3-AD48-357997E92032} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-11-20] (Google Inc.) Task: {0B2BF874-558F-4627-976D-7A51CD39DDC9} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> Keine Datei <==== ACHTUNG Task: {12A47C55-9EC9-4413-A7CC-C21DCF8D78A8} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> Keine Datei <==== ACHTUNG Task: {1F0B9FF1-A074-44E2-8FD2-B0B19C7822BF} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2014-06-03] (Hewlett-Packard Company) Task: {25243BD7-FE2D-4500-84D7-8DBF8F089C4D} - System32\Tasks\COMODO\COMODO Update {A6D52E4F-569B-4756-B3D8-DF217313DA85} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe Task: {2B2E3826-2EF4-44A1-BA89-CFCB65C76300} - System32\Tasks\McAfee\McAfee Auto Maintenance Task Agent Task: {38A55D5C-F367-40E7-8347-6ACCFF6B5883} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2014-06-03] (Hewlett-Packard Company) Task: {3AB9317A-7938-467C-B355-2DBA3AD8DFB3} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-11-20] (Google Inc.) Task: {41AAE44A-1548-45DD-B933-CCB29F111EC5} - System32\Tasks\COMODO\COMODO Scan {F140D794-60B6-4F00-9235-D6457AA25B22} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe Task: {4208FD2C-7D17-4D69-A873-5579341E4087} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> Keine Datei <==== ACHTUNG Task: {51AF312A-A1F4-4A05-861A-9F23F580A87A} - System32\Tasks\{72B3C6E9-C316-429E-92A6-E973A08C5823} => pcalua.exe -a "C:\Program Files (x86)\SpaceSondPro_v53.9414\SpaceSondPro_Service.exe" -d "C:\Program Files (x86)\SpaceSondPro_v53.9414\" Task: {57FFDA18-74E6-4B12-90D3-1CBE103340E7} - System32\Tasks\COMODO\COMODO Signature Update {B9D5C6F9-17D2-4917-8BD0-614BAA1C6A59} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe Task: {6B7E8466-0672-419A-8287-6D2CE1AE1070} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> Keine Datei <==== ACHTUNG Task: {6FD43B5D-7CED-4B68-AB04-C9817019D7DE} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> Keine Datei <==== ACHTUNG Task: {882AEA57-EE1F-4F8B-A2D4-F376DC73D0A7} - System32\Tasks\YCMServiceAgent => C:\Program Files (x86)\CyberLink\YouCam\YouCamService.exe [2014-06-18] (CyberLink Corp.) Task: {937027EF-458E-49EF-8289-B0DA4CA7817F} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2015-10-27] (Microsoft Corporation) Task: {95CE79F4-3084-4642-B196-053DBFDE7F5F} - System32\Tasks\Beach Comp => Rundll32.exe "C:\Users\Andreas\AppData\Local\Beach Comp\zBin\BeachComp.dll",#3 <==== ACHTUNG Task: {981145AB-9AE2-4BF0-B1F8-5FD25CB8D062} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> Keine Datei <==== ACHTUNG Task: {99B7D262-88DA-429A-AE13-A8595DDEB425} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> Keine Datei <==== ACHTUNG Task: {99CA7D23-A236-4965-B81E-F0464DC27B1F} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> Keine Datei <==== ACHTUNG Task: {A786DAD0-7B3B-47E5-93FF-A75013CC0A5A} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> Keine Datei <==== ACHTUNG Task: {ADE6F998-5CAF-4EE2-80D4-7FBF4C0994F6} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2015-11-24] (HP Inc.) Task: {B26799FB-4B94-4C5D-8BF2-23513EA08A64} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2015-11-24] (HP Inc.) Task: {B76CEF5C-0D92-440E-B8BE-7976BF75E315} - System32\Tasks\COMODO\COMODO Cache Builder {0FB77674-7905-4F34-A362-C5A9A26F8CF9} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe Task: {B9898D8E-2573-4DC1-AB92-D0AC43091506} - System32\Tasks\COMODO\COMODO Autostart {D5EFF3B3-E126-4AF6-BCE9-852A72129E10} => C:\Program Files\COMODO\COMODO Internet Security\cistray.exe Task: {E87E5EA4-C423-4141-9329-9C78C1720646} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> Keine Datei <==== ACHTUNG Task: {EF8678CF-2B41-4FCA-9FBC-A86A88BE7364} - System32\Tasks\GoogleUpdateTaskMachineUA1d123b16d1b2c0c => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-11-20] (Google Inc.) Task: {F160501F-631C-4CB2-90A4-2961784CA284} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe [2015-10-22] (Hewlett-Packard) (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Aufgabe verschoben. Die Datei, die durch die Aufgabe gestartet wird, wird nicht verschoben.) Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA1d123b16d1b2c0c.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe ==================== Verknüpfungen ============================= (Die Einträge können gelistet werden, um sie zurückzusetzen oder zu entfernen.) ==================== Geladene Module (Nicht auf der Ausnahmeliste) ============== 2015-10-30 08:18 - 2015-10-30 08:18 - 00185856 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll 2014-03-28 12:31 - 2014-03-28 12:31 - 02110464 _____ () C:\Program Files\Hewlett-Packard\SimplePass\autheng.dll 2014-03-28 12:27 - 2014-03-28 12:27 - 00021504 _____ () C:\Program Files\Hewlett-Packard\SimplePass\cryptodll.dll 2014-03-28 12:27 - 2014-03-28 12:27 - 00035328 _____ () C:\Program Files\Hewlett-Packard\SimplePass\ssplogon.dll 2014-03-28 12:27 - 2014-03-28 12:27 - 00055296 _____ () C:\Program Files\Hewlett-Packard\SimplePass\RandomPass.dll 2014-03-28 12:48 - 2014-03-28 12:48 - 00367504 _____ () C:\Program Files\Hewlett-Packard\SimplePass\mstrpwd.dll 2014-03-28 12:48 - 2014-03-28 12:48 - 00712080 _____ () C:\Program Files\Hewlett-Packard\SimplePass\GraphicalPwd.dll 2014-10-31 17:44 - 2014-04-14 18:59 - 00389896 _____ () C:\Program Files\CyberLink\Shared files\RichVideo64.exe 2015-12-03 15:51 - 2015-11-22 11:47 - 02653816 _____ () C:\WINDOWS\system32\CoreUIComponents.dll 2015-12-03 15:51 - 2015-11-22 11:47 - 02653816 _____ () C:\WINDOWS\System32\CoreUIComponents.dll 2015-12-02 17:38 - 2015-12-02 17:40 - 00144384 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_1.11.19004.0_x86__8wekyb3d8bbwe\SkypeHost.exe 2015-10-30 08:17 - 2015-10-30 08:17 - 00093696 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\Windows.UI.Shell.SharedUtilities.dll 2015-10-30 08:17 - 2015-10-30 08:17 - 00472064 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\QuickActions.dll 2015-12-03 15:50 - 2015-11-22 10:23 - 08005632 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll 2015-12-03 15:50 - 2015-11-22 10:18 - 00591360 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll 2015-12-03 15:51 - 2015-11-22 10:19 - 02483200 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll 2015-12-03 15:51 - 2015-11-22 10:21 - 04089856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll 2014-03-28 12:36 - 2014-03-28 12:36 - 00065024 _____ () C:\Program Files\Hewlett-Packard\SimplePass\opvapp.exe 2015-12-02 17:38 - 2015-12-02 17:40 - 00152064 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_1.11.19004.0_x86__8wekyb3d8bbwe\SkypeBackgroundTasks.dll 2015-12-02 17:38 - 2015-12-02 17:40 - 18906624 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_1.11.19004.0_x86__8wekyb3d8bbwe\SkyWrap.dll 2015-11-13 18:53 - 2015-11-13 18:53 - 01881784 _____ () C:\Program Files (x86)\Comodo\Chromodo\libglesv2.dll 2015-11-13 18:43 - 2015-11-13 18:43 - 00082104 _____ () C:\Program Files (x86)\Comodo\Chromodo\libegl.dll ==================== Alternate Data Streams (Nicht auf der Ausnahmeliste) ========= (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird nur der ADS entfernt.) AlternateDataStreams: C:\Program Files\Bonjour:Win32App_1 AlternateDataStreams: C:\Program Files\mcafee:Win32App_1 AlternateDataStreams: C:\Program Files (x86)\Bonjour:Win32App_1 AlternateDataStreams: C:\Program Files (x86)\Foxit PhantomPDF:Win32App_1 AlternateDataStreams: C:\Program Files (x86)\Hewlett-Packard:Win32App_1 AlternateDataStreams: C:\Program Files (x86)\ Malwarebytes Anti-Malware :Win32App_1 AlternateDataStreams: C:\Program Files (x86)\Microsoft Silverlight:Win32App_1 AlternateDataStreams: C:\Program Files (x86)\WildGames:Win32App_1 AlternateDataStreams: C:\WINDOWS\SysWOW64\Adobe:Win32App_1 AlternateDataStreams: C:\ProgramData\regid.1991-06.com.microsoft:Win32App_1 AlternateDataStreams: C:\Users\Andreas\Downloads\video.mp4:$CmdZnID ==================== Abgesicherter Modus (Nicht auf der Ausnahmeliste) =================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Der Wert "AlternateShell" wird wiederhergestellt.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeaack => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeaack.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeavfk => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeavfk.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefire => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfemms => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfetdi2k => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfetdi2k.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfevtp => ""="Service" ==================== EXE Verknüpfungen (Nicht auf der Ausnahmeliste) =============== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt.) ==================== Internet Explorer Vertrauenswürdig/Eingeschränkt =============== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt.) ==================== Andere Bereiche ============================ (Aktuell gibt es keinen automatisierten Fix für diesen Bereich.) HKU\S-1-5-21-1884890629-360092094-2303528047-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Andreas\AppData\Local\Microsoft\Windows\Themes\RoamedThemeFiles\DesktopBackground\dsc_0201.jpg DNS Servers: 192.168.178.1 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1) Windows Firewall ist aktiviert. ==================== MSCONFIG/TASK MANAGER Deaktivierte Einträge == (Aktuell gibt es keinen automatisierten Fix für diesen Bereich.) HKLM\...\StartupApproved\StartupFolder: => "Start GeekBuddy.lnk" HKLM\...\StartupApproved\Run: => "Sound+" HKLM\...\StartupApproved\Run32: => "rec_en_77" HKLM\...\StartupApproved\Run32: => "gmsd_de_005010156" HKLM\...\StartupApproved\Run32: => "tvncontrol" HKLM\...\StartupApproved\Run32: => "gmsd_de_005010155" HKU\S-1-5-21-1884890629-360092094-2303528047-1001\...\StartupApproved\Run: => "InetStat" ==================== Firewall Regeln (Nicht auf der Ausnahmeliste) =============== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.) FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139 FirewallRules: [{5B3D653B-6824-4C59-8416-C6900287AE57}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPDeviceDetection3.exe FirewallRules: [{8B9FC500-2960-467C-8542-2FF385F0D664}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe FirewallRules: [{9E65C981-215E-4DFE-BF86-84D37EB82C3B}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe FirewallRules: [{2D4008FA-077F-40F7-A0C9-46DCB187BBCF}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\Movie\PowerDVD.exe FirewallRules: [{8ACB7FA8-A197-4A43-9E42-306E6226C8DB}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12ML.exe FirewallRules: [{837AFD22-E6AC-4DFE-91B1-D91C6633D796}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe FirewallRules: [{1991B6AF-C9CD-441D-942E-F3ACE4CAE764}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12.exe FirewallRules: [{20F1F91E-3BDF-42BB-8F22-412D0434AC4B}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe FirewallRules: [{9BDABC1F-6A93-4CB1-AB7E-B16323EE1471}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe FirewallRules: [{35942880-1184-476E-B801-07E583A172AA}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe FirewallRules: [{B9EA844A-BC1B-4CDC-85F4-1686290278B9}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe FirewallRules: [{EC060B99-E85D-42FE-8498-E4D8C7BF5DDC}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe ==================== Fehlerhafte Geräte im Gerätemanager ============= ==================== Fehlereinträge in der Ereignisanzeige: ========================= Applikationsfehler: ================== Error: (12/10/2015 09:46:15 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledSPRetry 1531 Error: (12/10/2015 09:46:15 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledEvent 1531 Error: (12/10/2015 09:46:15 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: Continuously busy for more than a second Error: (12/10/2015 06:56:51 PM) (Source: Perflib) (EventID: 1008) (User: ) Description: BITSC:\Windows\System32\bitsperf.dll8 Error: (12/09/2015 08:15:14 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledSPRetry 2637500 Error: (12/09/2015 08:15:14 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledEvent 2637500 Error: (12/09/2015 08:15:14 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: Continuously busy for more than a second Error: (12/09/2015 07:31:17 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledSPRetry 1250 Error: (12/09/2015 07:31:17 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledEvent 1250 Error: (12/09/2015 07:31:17 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: Continuously busy for more than a second Systemfehler: ============= Error: (12/11/2015 12:29:30 AM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: Der Dienst "Benutzerdatenzugriff_726d55" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 10000 Millisekunden durchgeführt: Neustart des Diensts. Error: (12/11/2015 12:29:30 AM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: Der Dienst "Benutzerdatenspeicher _726d55" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 10000 Millisekunden durchgeführt: Neustart des Diensts. Error: (12/11/2015 12:29:30 AM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: Der Dienst "Kontaktdaten_726d55" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 10000 Millisekunden durchgeführt: Neustart des Diensts. Error: (12/11/2015 12:29:30 AM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: Der Dienst "Synchronisierungshost_726d55" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 10000 Millisekunden durchgeführt: Neustart des Diensts. Error: (12/11/2015 12:29:29 AM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT) Description: AnwendungsspezifischLokalAktivierung{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT-AUTORITÄTSYSTEMS-1-5-18LocalHost (unter Verwendung von LRPC)Nicht verfügbarNicht verfügbar Error: (12/10/2015 09:38:41 PM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT) Description: AnwendungsspezifischLokalAktivierung{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT-AUTORITÄTSYSTEMS-1-5-18LocalHost (unter Verwendung von LRPC)Nicht verfügbarNicht verfügbar Error: (12/10/2015 08:27:37 PM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT) Description: AnwendungsspezifischLokalAktivierung{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT-AUTORITÄTSYSTEMS-1-5-18LocalHost (unter Verwendung von LRPC)Nicht verfügbarNicht verfügbar Error: (12/10/2015 06:56:45 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT-AUTORITÄT) Description: Installationsfehler: Die Installation des folgenden Updates ist mit Fehler 0x80246013 fehlgeschlagen: Windows-Tool zum Entfernen bösartiger Software für Windows 8, 8.1, 10 und Windows Server 2012, 2012 R2 x64 Edition - Dezember 2015 (KB890830) Error: (12/10/2015 06:47:43 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 4003) (User: NT-AUTORITÄT) Description: Bei der automatischen WLAN-Konfiguration wurde eine eingeschränkte Konnektivität erkannt, "Reset/Recover.adapter" wird ausgeführt. Code: 8 0x0 0x0 Error: (12/10/2015 06:47:32 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 4003) (User: NT-AUTORITÄT) Description: Bei der automatischen WLAN-Konfiguration wurde eine eingeschränkte Konnektivität erkannt, "Reset/Recover.adapter" wird ausgeführt. Code: 2 0xdeaddeed 0xeeec CodeIntegrity: =================================== Date: 2015-12-09 20:51:50.272 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system. Date: 2015-12-09 14:40:51.511 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system. Date: 2015-12-09 13:59:48.694 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system. Date: 2015-12-04 13:15:29.440 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system. Date: 2015-12-03 14:15:22.115 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files (x86)\AVG\AVG PC TuneUp\avgdumpx.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2015-12-03 14:15:22.063 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files (x86)\AVG\AVG PC TuneUp\avgdumpx.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2015-12-03 14:15:21.974 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files (x86)\AVG\AVG PC TuneUp\avgdumpa.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2015-12-03 14:15:21.890 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files (x86)\AVG\AVG PC TuneUp\avgdumpa.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2015-12-03 10:45:35.958 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system. Date: 2015-12-02 12:42:15.782 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system. ==================== Speicherinformationen =========================== Prozessor: Intel(R) Celeron(R) CPU N2840 @ 2.16GHz Prozentuale Nutzung des RAM: 44% Installierter physikalischer RAM: 3984.27 MB Verfügbarer physikalischer RAM: 2216.99 MB Summe virtueller Speicher: 8336.27 MB Verfügbarer virtueller Speicher: 6468.14 MB ==================== Laufwerke ================================ Drive c: (Windows) (Fixed) (Total:442.2 GB) (Free:375.02 GB) NTFS Drive d: (RECOVERY) (Fixed) (Total:21.76 GB) (Free:2.44 GB) NTFS ==>[System mit Startkomponenten (eingeholt von Laufwerk)] ==================== MBR & Partitionstabelle ================== ======================================================== Disk: 0 (Size: 465.8 GB) (Disk ID: E6DC802C) Partition: GPT. ==================== Ende von Addition.txt ============================ |
11.12.2015, 14:07 | #25 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Direkt nach dem Start erscheint "Modul nicht gefunden". FRST-Fix Virenscanner jetzt bitte komplett deaktivieren, damit sichergestellt ist, dass der Fix sauber durchläuft! Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster. Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument Code:
ATTFilter Task: {51AF312A-A1F4-4A05-861A-9F23F580A87A} - System32\Tasks\{72B3C6E9-C316-429E-92A6-E973A08C5823} => pcalua.exe -a "C:\Program Files (x86)\SpaceSondPro_v53.9414\SpaceSondPro_Service.exe" -d "C:\Program Files (x86)\SpaceSondPro_v53.9414\" Task: {95CE79F4-3084-4642-B196-053DBFDE7F5F} - System32\Tasks\Beach Comp => Rundll32.exe "C:\Users\Andreas\AppData\Local\Beach Comp\zBin\BeachComp.dll",#3 <==== ACHTUNG cmd: type C:\WINDOWS\system32\{F33C3B9B-72AF-418A-B3FD-560646F7CDA2}.bat folder: C:\WINDOWS\system32\config\bbimigrate C:\WINDOWS\System32\Tasks\{72B3C6E9-C316-429E-92A6-E973A08C5823} C:\Program Files (x86)\SpaceSondPro_v53.9414 C:\Users\Andreas\AppData\Local\Beach Comp emptytemp: Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
__________________ Logfiles bitte immer in CODE-Tags posten |
11.12.2015, 15:27 | #26 |
| Direkt nach dem Start erscheint "Modul nicht gefunden".Code:
ATTFilter Entferungsergebnis von Farbar Recovery Scan Tool (x64) Version:09-12-2015 durchgeführt von Andreas (2015-12-11 15:17:24) Run:4 Gestartet von C:\Users\Andreas\Downloads Geladene Profile: Andreas (Verfügbare Profile: Andreas) Start-Modus: Normal ============================================== fixlist Inhalt: ***************** C:\Users\Andreas\Downloads\C750.tmp cmd: type C:\Users\Andreas\AppData\Roaming\ICSW_0P1F1E1T0J1T1CtJ1V0P1C1L1R1P0F1F2Y1G2Z1T1L1G1V0P0P0I.txt emptytemp: ***************** "C:\Users\Andreas\Downloads\C750.tmp" => nicht gefunden. ========= type C:\Users\Andreas\AppData\Roaming\ICSW_0P1F1E1T0J1T1CtJ1V0P1C1L1R1P0F1F2Y1G2Z1T1L1G1V0P0P0I.txt ========= Das System kann die angegebene Datei nicht finden. ========= Ende von CMD: ========= EmptyTemp: => 51.4 MB temporäre Dateien entfernt. Das System musste neu gestartet werden. ==== Ende von Fixlog 15:17:31 ==== |
11.12.2015, 15:50 | #27 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Direkt nach dem Start erscheint "Modul nicht gefunden". Du hast den Fix falsch gemacht. Weil nicht alles aus der CODE-Box in die Fixlist kopiert wurde.
__________________ Logfiles bitte immer in CODE-Tags posten |
12.12.2015, 16:43 | #28 |
| Direkt nach dem Start erscheint "Modul nicht gefunden". Okay, hab den fix dann jetzt nochmal gemacht und........Auch wenn ich nicht genau weiß, was da beim kopieren falsch laufen kann, wenn ich den blau markierten Text vor mir sehe... jetzt läuft mein System wieder völlig einwandfrei Keine Fehlermeldung mehr beim Start und an der Geschwindigkeit hatte ich ja sowieso nicht viel zu meckern! Poste dir/euch hier nochmal den Fixlog, aber der sollte dann jetzt wohl okay sein Vielen Dank an dich/euch/alle Beteiligten, ich werde euch weiterempfehlen :-)))))))) Code:
ATTFilter Entferungsergebnis von Farbar Recovery Scan Tool (x64) Version:12-12-2015 durchgeführt von Andreas (2015-12-12 16:28:07) Run:5 Gestartet von C:\Users\Andreas\Desktop\F Geladene Profile: Andreas (Verfügbare Profile: Andreas) Start-Modus: Normal ============================================== fixlist Inhalt: ***************** Task: {51AF312A-A1F4-4A05-861A-9F23F580A87A} - System32\Tasks\{72B3C6E9-C316-429E-92A6-E973A08C5823} => pcalua.exe -a "C:\Program Files (x86)\SpaceSondPro_v53.9414\SpaceSondPro_Service.exe" -d "C:\Program Files (x86)\SpaceSondPro_v53.9414\" Task: {95CE79F4-3084-4642-B196-053DBFDE7F5F} - System32\Tasks\Beach Comp => Rundll32.exe "C:\Users\Andreas\AppData\Local\Beach Comp\zBin\BeachComp.dll",#3 <==== ACHTUNG cmd: type C:\WINDOWS\system32\{F33C3B9B-72AF-418A-B3FD-560646F7CDA2}.bat folder: C:\WINDOWS\system32\config\bbimigrate C:\WINDOWS\System32\Tasks\{72B3C6E9-C316-429E-92A6-E973A08C5823} C:\Program Files (x86)\SpaceSondPro_v53.9414 C:\Users\Andreas\AppData\Local\Beach Comp emptytemp: ***************** "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{51AF312A-A1F4-4A05-861A-9F23F580A87A}" => Schlüssel erfolgreich entfernt "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{51AF312A-A1F4-4A05-861A-9F23F580A87A}" => Schlüssel erfolgreich entfernt C:\WINDOWS\System32\Tasks\{72B3C6E9-C316-429E-92A6-E973A08C5823} => erfolgreich verschoben "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{72B3C6E9-C316-429E-92A6-E973A08C5823}" => Schlüssel erfolgreich entfernt "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{95CE79F4-3084-4642-B196-053DBFDE7F5F}" => Schlüssel erfolgreich entfernt "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{95CE79F4-3084-4642-B196-053DBFDE7F5F}" => Schlüssel erfolgreich entfernt C:\WINDOWS\System32\Tasks\Beach Comp => erfolgreich verschoben "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Beach Comp" => Schlüssel erfolgreich entfernt ========= type C:\WINDOWS\system32\{F33C3B9B-72AF-418A-B3FD-560646F7CDA2}.bat ========= @echo off regsvr32 /s igfxDH.dll regsvr32 /s igfxDI.dll regsvr32 /s igfxLHM.dll regsvr32 /s igfxCPL.cpl regsvr32 /s igfxOSP.dll regsvr32 /s igfxDTCM.dll regsvr32 /s igfxexps.dll igfxext.exe /regserver igfxTray.exe /regserver igfxHK.exe /regserver start igfxEM.exe /RegServerPerUser GfxUIEx.exe /regserver attrib +R +H +S +A *.cui start igfxEM.exe start igfxTray.exe start igfxHK.exe del /Q {F33C3B9B-72AF-418A-B3FD-560646F7CDA2}.bat ========= Ende von CMD: ========= ========================= folder: C:\WINDOWS\system32\config\bbimigrate ======================== 2013-08-22 14:25 - 2015-12-02 12:37 - 0262144 ___SH () C:\WINDOWS\system32\config\bbimigrate\BBI 2013-08-22 14:25 - 2013-08-22 14:25 - 0000000 ___SH () C:\WINDOWS\system32\config\bbimigrate\BBI.LOG1 2013-08-22 14:25 - 2013-08-22 14:25 - 0065536 ___SH () C:\WINDOWS\system32\config\bbimigrate\BBI.LOG2 ====== Ende von Folder: ====== "C:\WINDOWS\System32\Tasks\{72B3C6E9-C316-429E-92A6-E973A08C5823}" => nicht gefunden. "C:\Program Files (x86)\SpaceSondPro_v53.9414" => nicht gefunden. "C:\Users\Andreas\AppData\Local\Beach Comp" => nicht gefunden. EmptyTemp: => 17.6 MB temporäre Dateien entfernt. Das System musste neu gestartet werden. ==== Ende von Fixlog 16:28:23 ==== |
13.12.2015, 01:13 | #29 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Direkt nach dem Start erscheint "Modul nicht gefunden". Noch Probleme offen?
__________________ Logfiles bitte immer in CODE-Tags posten |
Themen zu Direkt nach dem Start erscheint "Modul nicht gefunden". |
.dll, antivirus, avg, bonjour, defender, device driver, dnsapi.dll, explorer, frage, home, homepage, installation, malware, neustart, onedrive, problem, prozesse, realtek, registry, rundll, scan, security, services.exe, software, svchost.exe, system, windows, windowsapps, winlogon.exe, winzipdriverupdater |