Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: Gelbes "i"-Icon" mitten auf dem Desktop

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML.

Antwort
Alt 07.12.2015, 17:44   #1
droliver
 
Gelbes "i"-Icon" mitten auf dem Desktop - Standard

Gelbes "i"-Icon" mitten auf dem Desktop



Hallo zusammen,

habe folgendes Problem,

schon bei Windows 8.1 hatte ich auf einmal mitten auf dem Desktop ein gelbes Icon mit einen "i", was sich aber nicht anklicken ließ (einfach nur ein Bild"). Auch wurden zum Teil die Fraben beim Desktop in ein Grüngelb verändert. Weiß jemand, wie sich das beseitigen lässt? Hatte schon Norton und Malwarebytes ohne Erfolg laufen lassen.
Vielen Dank für die Hilfe schon jetzt einmal...


Code:
ATTFilter

FRST
Platform: Windows 10 Pro Version 1511 (X64) Sprache: Deutsch (Deutschland)
Internet Explorer Version 11 (Standard-Browser: FF)
Start-Modus: Normal
Anleitung für Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Prozesse (Nicht auf der Ausnahmeliste) =================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Prozess geschlossen. Die Datei wird nicht verschoben.)

(AMD) C:\Windows\System32\atiesrxx.exe
(Malwarebytes) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe
(Atheros Commnucations) C:\Windows\System32\AdminService.exe
(Malwarebytes) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe
(AVM Berlin) C:\Program Files (x86)\avmwlanstick\WLanNetService.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Security\Engine\22.5.5.15\ns.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(pdfforge GmbH) C:\Program Files (x86)\PDF Architect 3\creator-ws.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(WIBU-SYSTEMS AG) C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Malwarebytes) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Security\Engine\22.5.5.15\ns.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
() C:\Windows\SysWOW64\UMonit64.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe
(AVM Berlin) C:\Program Files (x86)\avmwlanstick\WLanGUI.exe
(EIZO Corporation) C:\Program Files (x86)\EIZO\ScreenManager Pro for LCD (DDCCI)\LcdctrlDdcci.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
(Dropbox, Inc.) C:\Users\Olli\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Security\Engine\22.5.5.15\conathst.exe
(Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe
(Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Wargaming.net) C:\Games\World_of_Tanks\WorldOfTanks.exe


==================== Registry (Nicht auf der Ausnahmeliste) ===========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt. Die Datei wird nicht verschoben.)

HKLM\...\Run: [UMonit] => C:\WINDOWS\SysWOW64\UMonit64.exe [53832 2015-07-09] ()
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [170256 2015-08-13] (Apple Inc.)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [767176 2015-08-21] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [AVMWlanClient] => C:\Program Files (x86)\avmwlanstick\wlangui.exe [1904640 2009-03-20] (AVM Berlin)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [60712 2015-05-15] (Apple Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [597552 2015-08-04] (Oracle Corporation)
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKU\S-1-5-21-2064884263-2734367825-3749686348-1001\...\Run: [Dropbox Update] => C:\Users\Olli\AppData\Local\Dropbox\Update\DropboxUpdate.exe [134512 2015-06-22] (Dropbox, Inc.)
HKU\S-1-5-21-2064884263-2734367825-3749686348-1001\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [43816 2015-04-26] (Apple Inc.)
HKU\S-1-5-21-2064884263-2734367825-3749686348-1001\...\Run: [ApplePhotoStreams] => C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [43816 2015-04-26] (Apple Inc.)
HKU\S-1-5-21-2064884263-2734367825-3749686348-1001\...\Run: [iCloudDrive] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe [43816 2015-04-26] (Apple Inc.)
ShellIconOverlayIdentifiers: [  OverlayExcluded] -> {4433A54A-1AC8-432F-90FC-85F045CF383C} => C:\Program Files (x86)\Norton Security\Engine64\22.5.5.15\buShell.dll [2015-11-05] (Symantec Corporation)
ShellIconOverlayIdentifiers: [  OverlayPending] -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} => C:\Program Files (x86)\Norton Security\Engine64\22.5.5.15\buShell.dll [2015-11-05] (Symantec Corporation)
ShellIconOverlayIdentifiers: [  OverlayProtected] -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} => C:\Program Files (x86)\Norton Security\Engine64\22.5.5.15\buShell.dll [2015-11-05] (Symantec Corporation)
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Olli\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll [2015-11-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Olli\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll [2015-11-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Olli\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll [2015-11-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Olli\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll [2015-11-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Olli\AppData\Roaming\Dropbox\bin\DropboxExt.28.dll [2015-11-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Olli\AppData\Roaming\Dropbox\bin\DropboxExt.28.dll [2015-11-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Olli\AppData\Roaming\Dropbox\bin\DropboxExt.28.dll [2015-11-05] (Dropbox, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\ScreenManager Pro for LCD (DDCCI) Ver.2.4.0.lnk [2014-01-19]
ShortcutTarget: ScreenManager Pro for LCD (DDCCI) Ver.2.4.0.lnk -> C:\Windows\Installer\{DAB265AD-27B2-4651-B8D8-F4F3A8ECC705}\LcdctrlDdcci.exe1_A2457035AC9A449AAFF91D310EF3707A.exe (Macrovision Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\WISO Mein Steuer-Sparbuch heute.lnk [2014-01-08]
ShortcutTarget: WISO Mein Steuer-Sparbuch heute.lnk -> C:\Program Files (x86)\WISO\Steuersoftware 2014\mshaktuell.exe ()
Startup: C:\Users\Olli\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2015-11-13]
ShortcutTarget: Dropbox.lnk -> C:\Users\Olli\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)

==================== Internet (Nicht auf der Ausnahmeliste) ====================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Eintrag entfernt oder auf den Standardwert zurückgesetzt, wenn es sich um einen Registryeintrag handelt.)

Winsock: Catalog9-x64 01 C:\Windows\system32\LavasoftTcpService64.dll [422400 2015-07-23] (Lavasoft Limited)
Winsock: Catalog9-x64 02 C:\Windows\system32\LavasoftTcpService64.dll [422400 2015-07-23] (Lavasoft Limited)
Winsock: Catalog9-x64 03 C:\Windows\system32\LavasoftTcpService64.dll [422400 2015-07-23] (Lavasoft Limited)
Winsock: Catalog9-x64 04 C:\Windows\system32\LavasoftTcpService64.dll [422400 2015-07-23] (Lavasoft Limited)
Winsock: Catalog9-x64 05 C:\Windows\system32\LavasoftTcpService64.dll [422400 2015-07-23] (Lavasoft Limited)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
Tcpip\..\Interfaces\{4829b226-f5aa-4e6e-8bf4-d07a8575fa1d}: [DhcpNameServer] 192.168.178.1
Tcpip\..\Interfaces\{6A41BC24-9121-4FE3-8C72-32D18F496606}: [DhcpNameServer] 192.168.178.1

Internet Explorer:
==================
HKU\S-1-5-21-2064884263-2734367825-3749686348-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://t.de.msn.com/
SearchScopes: HKLM-x32 -> DefaultScope Wert fehlt
SearchScopes: HKU\S-1-5-21-2064884263-2734367825-3749686348-1001 -> DefaultScope {B21B4164-A234-4450-8F50-3D8D20B7B7D7} URL = 
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll [2015-10-13] (Microsoft Corporation)
BHO: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Security\Engine64\22.5.5.15\coIEPlg.dll [2015-11-05] (Symantec Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [2015-10-13] (Microsoft Corporation)
BHO-x32: PDF Architect 3 Helper -> {06E08260-0695-4EC1-A74B-1310D8899D93} -> C:\Program Files (x86)\PDF Architect 3\creator-ie-helper.dll [2015-04-24] (pdfforge GmbH)
BHO-x32: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Security\Engine\22.5.5.15\coIEPlg.dll [2015-11-05] (Symantec Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_60\bin\ssv.dll [2015-08-20] (Oracle Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_60\bin\jp2ssv.dll [2015-08-20] (Oracle Corporation)
Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security\Engine64\22.5.5.15\coIEPlg.dll [2015-11-05] (Symantec Corporation)
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security\Engine\22.5.5.15\coIEPlg.dll [2015-11-05] (Symantec Corporation)
Toolbar: HKLM-x32 - PDF Architect 3 Toolbar - {2DFF3579-5AA7-45B9-9328-1D38EA230861} - C:\Program Files (x86)\PDF Architect 3\creator-ie-plugin.dll [2015-04-24] (pdfforge GmbH)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2015-02-03] (Microsoft Corporation)

FireFox:
========
FF ProfilePath: C:\Users\Olli\AppData\Roaming\Mozilla\Firefox\Profiles\i1rfvxwa.default
FF NewTab: www.google.de
FF DefaultSearchEngine: Google Default
FF SelectedSearchEngine: Bing
FF Homepage: about:home
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_19_0_0_245.dll [2015-11-11] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.1.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2014-02-28] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.4 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2014-02-28] (VideoLAN)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_19_0_0_245.dll [2015-11-11] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1211151.dll [2014-04-15] (Adobe Systems, Inc.)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2015-07-30] ()
FF Plugin-x32: @java.com/DTPlugin,version=11.60.2 -> C:\Program Files (x86)\Java\jre1.8.0_60\bin\dtplugin\npDeployJava1.dll [2015-08-20] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.60.2 -> C:\Program Files (x86)\Java\jre1.8.0_60\bin\plugin2\npjp2.dll [2015-08-20] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2013-11-15] (Microsoft Corporation)
FF Plugin-x32: @Nero.com/KM -> C:\PROGRA~2\COMMON~1\Nero\BROWSE~1\NPBROW~1.DLL [2015-04-10] (Nero AG)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-09-27] (Adobe Systems Inc.)
FF Plugin-x32: PDF Architect 3 -> C:\Program Files (x86)\PDF Architect 3\np-previewer.dll [2015-04-24] (pdfforge GmbH)
FF SearchPlugin: C:\Users\Olli\AppData\Roaming\Mozilla\Firefox\Profiles\i1rfvxwa.default\searchplugins\google-default.xml [2015-07-28]
FF SearchPlugin: C:\Users\Olli\AppData\Roaming\Mozilla\Firefox\Profiles\i1rfvxwa.default\searchplugins\norton-safe-search.xml [2015-11-18]
FF Extension: PDF Architect 3 Creator - C:\Program Files (x86)\PDF Architect 3\resources\pdfarchitect3firefoxextension [2015-08-11] [ist nicht signiert]
FF Extension: NoScript - C:\Users\Olli\AppData\Roaming\Mozilla\Firefox\Profiles\i1rfvxwa.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2015-12-01]
FF Extension: Kein Name - C:\Users\Olli\AppData\Roaming\Mozilla\Firefox\Profiles\i1rfvxwa.default\Extensions\ClassicThemeRestorer@ArisT2Noia4dev.xpi [2015-12-04] [ist nicht signiert]
FF Extension: iCloud Bookmarks - C:\Users\Olli\AppData\Roaming\Mozilla\Firefox\Profiles\i1rfvxwa.default\Extensions\firefoxdav@icloud.com [2015-11-29]
FF Extension: YouTube Unblocker - C:\Users\Olli\AppData\Roaming\Mozilla\Firefox\Profiles\i1rfvxwa.default\Extensions\youtubeunblocker@unblocker.yt [2015-12-03]
FF Extension: BugMeNot Plugin - C:\Users\Olli\AppData\Roaming\Mozilla\Firefox\Profiles\i1rfvxwa.default\Extensions\{987311C6-B504-4aa2-90BF-60CC49808D42}.xpi [2015-05-29]
FF Extension: Video DownloadHelper - C:\Users\Olli\AppData\Roaming\Mozilla\Firefox\Profiles\i1rfvxwa.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}.xpi [2015-10-31]
FF Extension: Tab Plugin - C:\Users\Olli\AppData\Roaming\Mozilla\Firefox\Profiles\i1rfvxwa.default\Extensions\{d81af7c1-6441-496a-9c0a-13dd5539ce7e}.xpi [2015-08-26] [ist nicht signiert]
FF Extension: Download Helper Free - C:\Users\Olli\AppData\Roaming\Mozilla\Firefox\Profiles\i1rfvxwa.default\Extensions\{ee9dcf2a-0c31-4de7-910d-0d5f77aabb47}.xpi [2015-12-06] [ist nicht signiert]
FF HKLM\...\Firefox\Extensions: [{C1A2A613-35F1-4FCF-B27F-2840527B6556}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NS_22.1.0.9\coFFAddon
FF Extension: Norton Identity Safe - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NS_22.1.0.9\coFFAddon [2015-12-02] [ist nicht signiert]
FF HKLM-x32\...\Firefox\Extensions: [pdf_architect_3_conv@pdfarchitect.org] - C:\Program Files (x86)\PDF Architect 3\resources\pdfarchitect3firefoxextension
FF HKLM-x32\...\Firefox\Extensions: [{C1A2A613-35F1-4FCF-B27F-2840527B6556}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NS_22.1.0.9\coFFAddon

Chrome: 
=======
CHR Profile: C:\Users\Olli\AppData\Local\Google\Chrome\User Data\default
CHR HKLM\...\Chrome\Extension: [cjabmdjcfcfdmffimndhafhblfmpjdpe] - C:\Program Files (x86)\Norton Security\Engine\22.5.5.15\Exts\Chrome.crx [2015-11-28]
CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [cjabmdjcfcfdmffimndhafhblfmpjdpe] - C:\Program Files (x86)\Norton Security\Engine\22.5.5.15\Exts\Chrome.crx [2015-11-28]
CHR HKLM-x32\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx

==================== Dienste (Nicht auf der Ausnahmeliste) ========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77128 2015-05-29] (Apple Inc.)
R2 AtherosSvc; C:\Windows\system32\AdminService.exe [208384 2012-08-29] (Atheros Commnucations) [Datei ist nicht signiert]
R2 AVM WLAN Connection Service; C:\Program Files (x86)\avmwlanstick\WlanNetService.exe [368640 2009-03-20] (AVM Berlin) [Datei ist nicht signiert]
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2797752 2015-10-13] (Microsoft Corporation)
R2 MBAMScheduler; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe [1513784 2015-10-05] (Malwarebytes)
R2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [1135416 2015-10-05] (Malwarebytes)
R2 NS; C:\Program Files (x86)\Norton Security\Engine\22.5.5.15\NS.exe [282016 2015-11-20] (Symantec Corporation)
S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [1997168 2015-06-24] (Electronic Arts)
S3 PDF Architect 3; C:\Program Files (x86)\PDF Architect 3\ws.exe [2244312 2015-04-24] (pdfforge GmbH)
S3 PDF Architect 3 CrashHandler; C:\Program Files (x86)\PDF Architect 3\crash-handler-ws.exe [901336 2015-04-24] (pdfforge GmbH)
R2 PDF Architect 3 Creator; C:\Program Files (x86)\PDF Architect 3\creator-ws.exe [740568 2015-04-24] (pdfforge GmbH)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [364464 2015-10-30] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2015-10-30] (Microsoft Corporation)

===================== Treiber (Nicht auf der Ausnahmeliste) ==========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

R0 amdkmafd; C:\Windows\System32\drivers\amdkmafd.sys [21160 2012-09-23] (Advanced Micro Devices, Inc.)
R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdWB6.sys [102912 2015-07-15] (Advanced Micro Devices)
S3 avmeject; C:\Windows\System32\drivers\avmeject.sys [14120 2009-03-20] (AVM Berlin)
R1 BHDrvx64; C:\Program Files (x86)\Norton Security\NortonData\22.1.0.9\Definitions\BASHDefs\20151113.001\BHDrvx64.sys [1665608 2015-10-08] (Symantec Corporation)
R1 ccSet_NS; C:\Windows\system32\drivers\NSx64\1605050.00F\ccSetx64.sys [173808 2015-07-11] (Symantec Corporation)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [498512 2015-11-18] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [157520 2015-11-18] (Symantec Corporation)
R3 fwlanusbn; C:\Windows\system32\DRIVERS\fwlanusbn.sys [552704 2009-03-20] (AVM GmbH)
R3 GeneStor; C:\Windows\system32\DRIVERS\GeneStor.sys [115704 2015-07-09] (GenesysLogic)
R1 IDSVia64; C:\Program Files (x86)\Norton Security\NortonData\22.1.0.9\Definitions\IPSDefs\20151204.001\IDSvia64.sys [767224 2015-10-20] (Symantec Corporation)
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25816 2015-10-05] (Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [192216 2015-12-07] (Malwarebytes)
R3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [64216 2015-10-05] (Malwarebytes Corporation)
R3 NAVENG; C:\Program Files (x86)\Norton Security\NortonData\22.1.0.9\Definitions\VirusDefs\20151206.024\ENG64.SYS [138488 2015-10-27] (Symantec Corporation)
R3 NAVEX15; C:\Program Files (x86)\Norton Security\NortonData\22.1.0.9\Definitions\VirusDefs\20151206.024\EX64.SYS [2148080 2015-10-27] (Symantec Corporation)
R3 rt640x64; C:\Windows\System32\drivers\rt640x64.sys [589824 2015-10-30] (Realtek                                            )
R3 SRTSP; C:\Windows\System32\Drivers\NSx64\1605050.00F\SRTSP64.SYS [928496 2015-11-12] (Symantec Corporation)
R1 SRTSPX; C:\Windows\system32\drivers\NSx64\1605050.00F\SRTSPX64.SYS [50936 2015-07-11] (Symantec Corporation)
R0 SymEFASI; C:\Windows\System32\drivers\NSx64\1605050.00F\SYMEFASI64.SYS [1621232 2015-11-12] (Symantec Corporation)
S0 SymELAM; C:\Windows\System32\drivers\NSx64\1605050.00F\SymELAM.sys [24192 2015-07-11] (Symantec Corporation)
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [111344 2015-07-27] (Symantec Corporation)
R1 SymIRON; C:\Windows\system32\drivers\NSx64\1605050.00F\Ironx64.SYS [297720 2015-07-11] (Symantec Corporation)
R1 SymNetS; C:\Windows\System32\Drivers\NSx64\1605050.00F\SYMNETS.SYS [577768 2015-11-12] (Symantec Corporation)
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44568 2015-10-30] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [293216 2015-10-30] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [118112 2015-10-30] (Microsoft Corporation)

==================== NetSvcs (Nicht auf der Ausnahmeliste) ===================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)


==================== Ein Monat: Erstellte Dateien und Ordner ========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)

2015-12-07 12:52 - 2015-12-07 12:52 - 00021759 _____ C:\Users\Olli\Downloads\FRST.txt
2015-12-07 12:52 - 2015-12-07 12:52 - 00000000 ____D C:\FRST
2015-12-07 12:51 - 2015-12-07 12:51 - 02369024 _____ (Farbar) C:\Users\Olli\Downloads\FRST64.exe
2015-12-07 11:01 - 2015-12-07 11:01 - 00000000 ____H C:\ProgramData\cm-lock
2015-12-06 13:31 - 2015-12-07 11:16 - 00192216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2015-12-06 13:30 - 2015-12-06 13:30 - 00001175 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2015-12-06 13:30 - 2015-12-06 13:30 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2015-12-06 13:30 - 2015-12-06 13:30 - 00000000 ____D C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2015-12-06 13:30 - 2015-10-05 09:50 - 00109272 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2015-12-06 13:30 - 2015-10-05 09:50 - 00064216 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys
2015-12-06 13:30 - 2015-10-05 09:50 - 00025816 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2015-12-06 13:29 - 2015-12-06 13:30 - 22908888 _____ (Malwarebytes ) C:\Users\Olli\Downloads\mbam-setup-2.2.0.1024.exe
2015-12-06 13:06 - 2015-11-22 11:47 - 07476576 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2015-12-06 13:06 - 2015-11-22 11:47 - 02653816 _____ C:\WINDOWS\system32\CoreUIComponents.dll
2015-12-06 13:06 - 2015-11-22 11:41 - 01859448 _____ C:\WINDOWS\SysWOW64\CoreUIComponents.dll
2015-12-06 13:06 - 2015-11-22 11:41 - 01284960 _____ (Microsoft Corporation) C:\WINDOWS\system32\LicenseManager.dll
2015-12-06 13:06 - 2015-11-22 11:41 - 00026408 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
2015-12-06 13:06 - 2015-11-22 11:35 - 00538632 _____ (Microsoft Corporation) C:\WINDOWS\system32\WWanAPI.dll
2015-12-06 13:06 - 2015-11-22 11:34 - 00975200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LicenseManager.dll
2015-12-06 13:06 - 2015-11-22 11:34 - 00080600 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwapi.dll
2015-12-06 13:06 - 2015-11-22 11:33 - 00095072 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sdstor.sys
2015-12-06 13:06 - 2015-11-22 11:33 - 00058408 _____ (Microsoft Corporation) C:\WINDOWS\system32\SensorsNativeApi.dll
2015-12-06 13:06 - 2015-11-22 11:33 - 00051680 _____ (Microsoft Corporation) C:\WINDOWS\system32\SensorsUtilsV2.dll
2015-12-06 13:06 - 2015-11-22 11:30 - 00604928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2015-12-06 13:06 - 2015-11-22 11:30 - 00161632 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecpkg.sys
2015-12-06 13:06 - 2015-11-22 11:26 - 00431232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WWanAPI.dll
2015-12-06 13:06 - 2015-11-22 11:25 - 00063528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wwapi.dll
2015-12-06 13:06 - 2015-11-22 11:24 - 02772584 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d11.dll
2015-12-06 13:06 - 2015-11-22 11:20 - 00795840 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
2015-12-06 13:06 - 2015-11-22 11:19 - 00440160 _____ (Microsoft Corporation) C:\WINDOWS\system32\services.exe
2015-12-06 13:06 - 2015-11-22 11:14 - 02185840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d11.dll
2015-12-06 13:06 - 2015-11-22 11:00 - 00089088 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsCSP.dll
2015-12-06 13:06 - 2015-11-22 11:00 - 00058368 _____ (Microsoft Corporation) C:\WINDOWS\system32\MosResource.dll
2015-12-06 13:06 - 2015-11-22 10:57 - 02756096 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.tlb
2015-12-06 13:06 - 2015-11-22 10:57 - 00110592 _____ (Microsoft Corporation) C:\WINDOWS\system32\Microsoft-Windows-MapControls.dll
2015-12-06 13:06 - 2015-11-22 10:57 - 00036352 _____ (Microsoft Corporation) C:\WINDOWS\system32\UIAutomationCoreRes.dll
2015-12-06 13:06 - 2015-11-22 10:57 - 00010240 _____ (Microsoft Corporation) C:\WINDOWS\system32\Microsoft-Windows-MosTrace.dll
2015-12-06 13:06 - 2015-11-22 10:57 - 00009728 _____ (Microsoft Corporation) C:\WINDOWS\system32\Microsoft-Windows-MosHost.dll
2015-12-06 13:06 - 2015-11-22 10:56 - 22394880 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2015-12-06 13:06 - 2015-11-22 10:56 - 01268736 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.Resources.dll
2015-12-06 13:06 - 2015-11-22 10:56 - 00064000 _____ (Microsoft Corporation) C:\WINDOWS\system32\MosHostClient.dll
2015-12-06 13:06 - 2015-11-22 10:56 - 00064000 _____ (Microsoft Corporation) C:\WINDOWS\system32\ihvrilproxy.dll
2015-12-06 13:06 - 2015-11-22 10:56 - 00055808 _____ (Microsoft Corporation) C:\WINDOWS\system32\rilproxy.dll
2015-12-06 13:06 - 2015-11-22 10:55 - 00070656 _____ (Microsoft Corporation) C:\WINDOWS\system32\XblAuthManagerProxy.dll
2015-12-06 13:06 - 2015-11-22 10:55 - 00013312 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsBtSvcProxy.dll
2015-12-06 13:06 - 2015-11-22 10:55 - 00007680 _____ (Microsoft Corporation) C:\WINDOWS\system32\readingviewresources.dll
2015-12-06 13:06 - 2015-11-22 10:54 - 00138240 _____ (Microsoft Corporation) C:\WINDOWS\system32\ETWCoreUIComponentsResources.dll
2015-12-06 13:06 - 2015-11-22 10:54 - 00117248 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\capimg.sys
2015-12-06 13:06 - 2015-11-22 10:54 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\SensorsNativeApi.V2.dll
2015-12-06 13:06 - 2015-11-22 10:54 - 00075264 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwanprotdim.dll
2015-12-06 13:06 - 2015-11-22 10:54 - 00044032 _____ (Microsoft Corporation) C:\WINDOWS\system32\wsplib.dll
2015-12-06 13:06 - 2015-11-22 10:54 - 00032256 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups2.dll
2015-12-06 13:06 - 2015-11-22 10:54 - 00028672 _____ (Microsoft Corporation) C:\WINDOWS\system32\WordBreakers.dll
2015-12-06 13:06 - 2015-11-22 10:54 - 00028160 _____ (Microsoft Corporation) C:\WINDOWS\system32\nativemap.dll
2015-12-06 13:06 - 2015-11-22 10:54 - 00003072 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapControlStringsRes.dll
2015-12-06 13:06 - 2015-11-22 10:52 - 16984576 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2015-12-06 13:06 - 2015-11-22 10:52 - 00069632 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininetlui.dll
2015-12-06 13:06 - 2015-11-22 10:52 - 00060928 _____ (Microsoft Corporation) C:\WINDOWS\system32\XblAuthTokenBrokerExt.dll
2015-12-06 13:06 - 2015-11-22 10:52 - 00052224 _____ (Microsoft Corporation) C:\WINDOWS\system32\jsproxy.dll
2015-12-06 13:06 - 2015-11-22 10:52 - 00028672 _____ (Microsoft Corporation) C:\WINDOWS\system32\mapsupdatetask.dll
2015-12-06 13:06 - 2015-11-22 10:51 - 00157184 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmcertinst.exe
2015-12-06 13:06 - 2015-11-22 10:51 - 00119808 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsBtSvc.dll
2015-12-06 13:06 - 2015-11-22 10:51 - 00072704 _____ (Microsoft Corporation) C:\WINDOWS\system32\MosStorage.dll
2015-12-06 13:06 - 2015-11-22 10:51 - 00042496 _____ (Microsoft Corporation) C:\WINDOWS\system32\mapstoasttask.dll
2015-12-06 13:06 - 2015-11-22 10:51 - 00034304 _____ (Microsoft Corporation) C:\WINDOWS\system32\iernonce.dll
2015-12-06 13:06 - 2015-11-22 10:50 - 00074240 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssign32.dll
2015-12-06 13:06 - 2015-11-22 10:49 - 00162304 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceCensus.exe
2015-12-06 13:06 - 2015-11-22 10:49 - 00066560 _____ (Microsoft Corporation) C:\WINDOWS\system32\moshost.dll
2015-12-06 13:06 - 2015-11-22 10:49 - 00066560 _____ (Microsoft Corporation) C:\WINDOWS\system32\iesetup.dll
2015-12-06 13:06 - 2015-11-22 10:49 - 00052224 _____ (Microsoft Corporation) C:\WINDOWS\system32\Wwanpref.dll
2015-12-06 13:06 - 2015-11-22 10:48 - 00058368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MosResource.dll
2015-12-06 13:06 - 2015-11-22 10:47 - 00269824 _____ (Microsoft Corporation) C:\WINDOWS\system32\moshostcore.dll
2015-12-06 13:06 - 2015-11-22 10:46 - 00248832 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserMgrProxy.dll
2015-12-06 13:06 - 2015-11-22 10:46 - 00209920 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcmcsp.dll
2015-12-06 13:06 - 2015-11-22 10:45 - 06572032 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwanmm.dll
2015-12-06 13:06 - 2015-11-22 10:45 - 02756096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.tlb
2015-12-06 13:06 - 2015-11-22 10:45 - 00638464 _____ (Microsoft Corporation) C:\WINDOWS\system32\enterprisecsps.dll
2015-12-06 13:06 - 2015-11-22 10:45 - 00264192 _____ (Nokia) C:\WINDOWS\system32\NmaDirect.dll
2015-12-06 13:06 - 2015-11-22 10:45 - 00220672 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2015-12-06 13:06 - 2015-11-22 10:45 - 00110592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Microsoft-Windows-MapControls.dll
2015-12-06 13:06 - 2015-11-22 10:45 - 00073728 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwancfg.dll
2015-12-06 13:06 - 2015-11-22 10:45 - 00036352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UIAutomationCoreRes.dll
2015-12-06 13:06 - 2015-11-22 10:45 - 00010240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Microsoft-Windows-MosTrace.dll
2015-12-06 13:06 - 2015-11-22 10:45 - 00009728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Microsoft-Windows-MosHost.dll
2015-12-06 13:06 - 2015-11-22 10:44 - 01268736 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.Resources.dll
2015-12-06 13:06 - 2015-11-22 10:44 - 00558080 _____ (Microsoft Corporation) C:\WINDOWS\system32\MBMediaManager.dll
2015-12-06 13:06 - 2015-11-22 10:44 - 00048640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MosHostClient.dll
2015-12-06 13:06 - 2015-11-22 10:43 - 24604672 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2015-12-06 13:06 - 2015-11-22 10:43 - 00704000 _____ (Microsoft Corporation) C:\WINDOWS\system32\CellularAPI.dll
2015-12-06 13:06 - 2015-11-22 10:43 - 00459776 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapConfiguration.dll
2015-12-06 13:06 - 2015-11-22 10:43 - 00382464 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2015-12-06 13:06 - 2015-11-22 10:43 - 00342016 _____ (Microsoft Corporation) C:\WINDOWS\system32\SensorService.dll
2015-12-06 13:06 - 2015-11-22 10:43 - 00041984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XblAuthManagerProxy.dll
2015-12-06 13:06 - 2015-11-22 10:42 - 13017600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2015-12-06 13:06 - 2015-11-22 10:42 - 07979008 _____ (Microsoft Corporation) C:\WINDOWS\system32\mos.dll
2015-12-06 13:06 - 2015-11-22 10:42 - 00589312 _____ (Microsoft Corporation) C:\WINDOWS\system32\MbaeApi.dll
2015-12-06 13:06 - 2015-11-22 10:42 - 00168960 _____ (Microsoft Corporation) C:\WINDOWS\system32\mdmmigrator.dll
2015-12-06 13:06 - 2015-11-22 10:42 - 00138240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ETWCoreUIComponentsResources.dll
2015-12-06 13:06 - 2015-11-22 10:42 - 00024064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WordBreakers.dll
2015-12-06 13:06 - 2015-11-22 10:42 - 00003072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapControlStringsRes.dll
2015-12-06 13:06 - 2015-11-22 10:41 - 01814528 _____ (Microsoft Corporation) C:\WINDOWS\system32\pnidui.dll
2015-12-06 13:06 - 2015-11-22 10:41 - 00948224 _____ (Microsoft Corporation) C:\WINDOWS\system32\XblAuthManager.dll
2015-12-06 13:06 - 2015-11-22 10:41 - 00607232 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcmsvc.dll
2015-12-06 13:06 - 2015-11-22 10:40 - 01056256 _____ (Microsoft Corporation) C:\WINDOWS\system32\JpMapControl.dll
2015-12-06 13:06 - 2015-11-22 10:40 - 00850432 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsStore.dll
2015-12-06 13:06 - 2015-11-22 10:40 - 00465920 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwanconn.dll
2015-12-06 13:06 - 2015-11-22 10:40 - 00065536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininetlui.dll
2015-12-06 13:06 - 2015-11-22 10:40 - 00049152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XblAuthTokenBrokerExt.dll
2015-12-06 13:06 - 2015-11-22 10:39 - 02126848 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2015-12-06 13:06 - 2015-11-22 10:39 - 01713664 _____ (Microsoft Corporation) C:\WINDOWS\system32\SRHInproc.dll
2015-12-06 13:06 - 2015-11-22 10:39 - 00988160 _____ (Microsoft Corporation) C:\WINDOWS\system32\NMAA.dll
2015-12-06 13:06 - 2015-11-22 10:39 - 00957440 _____ (Microsoft Corporation) C:\WINDOWS\system32\SRH.dll
2015-12-06 13:06 - 2015-11-22 10:39 - 00938496 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapControlCore.dll
2015-12-06 13:06 - 2015-11-22 10:39 - 00870400 _____ (Microsoft Corporation) C:\WINDOWS\system32\modernexecserver.dll
2015-12-06 13:06 - 2015-11-22 10:39 - 00783360 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2015-12-06 13:06 - 2015-11-22 10:39 - 00114688 _____ (Microsoft Corporation) C:\WINDOWS\system32\offlinelsa.dll
2015-12-06 13:06 - 2015-11-22 10:39 - 00086528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapsBtSvc.dll
2015-12-06 13:06 - 2015-11-22 10:39 - 00058368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MosStorage.dll
2015-12-06 13:06 - 2015-11-22 10:39 - 00045568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jsproxy.dll
2015-12-06 13:06 - 2015-11-22 10:38 - 01223168 _____ (Microsoft Corporation) C:\WINDOWS\system32\Unistore.dll
2015-12-06 13:06 - 2015-11-22 10:38 - 01212928 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwansvc.dll
2015-12-06 13:06 - 2015-11-22 10:38 - 00912384 _____ (Microsoft Corporation) C:\WINDOWS\system32\usermgr.dll
2015-12-06 13:06 - 2015-11-22 10:38 - 00320000 _____ (Microsoft Corporation) C:\WINDOWS\system32\cryptngc.dll
2015-12-06 13:06 - 2015-11-22 10:38 - 00060928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssign32.dll
2015-12-06 13:06 - 2015-11-22 10:37 - 02624512 _____ (Microsoft Corporation) C:\WINDOWS\system32\InputService.dll
2015-12-06 13:06 - 2015-11-22 10:37 - 01395200 _____ (Microsoft Corporation) C:\WINDOWS\system32\UIAutomationCore.dll
2015-12-06 13:06 - 2015-11-22 10:37 - 00515584 _____ (Microsoft Corporation) C:\WINDOWS\system32\LogonController.dll
2015-12-06 13:06 - 2015-11-22 10:36 - 01042432 _____ (Microsoft Corporation) C:\WINDOWS\system32\BingOnlineServices.dll
2015-12-06 13:06 - 2015-11-22 10:34 - 02843136 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdp.dll
2015-12-06 13:06 - 2015-11-22 10:34 - 00345600 _____ (Microsoft Corporation) C:\WINDOWS\system32\TextInputFramework.dll
2015-12-06 13:06 - 2015-11-22 10:34 - 00175616 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Core.TextInput.dll
2015-12-06 13:06 - 2015-11-22 10:34 - 00166912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserMgrProxy.dll
2015-12-06 13:06 - 2015-11-22 10:34 - 00108544 _____ (Microsoft Corporation) C:\WINDOWS\system32\InputLocaleManager.dll
2015-12-06 13:06 - 2015-11-22 10:34 - 00075264 _____ (Microsoft Corporation) C:\WINDOWS\system32\EditBufferTestHook.dll
2015-12-06 13:06 - 2015-11-22 10:33 - 18677760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2015-12-06 13:06 - 2015-11-22 10:33 - 13380608 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2015-12-06 13:06 - 2015-11-22 10:33 - 02587136 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFMediaEngine.dll
2015-12-06 13:06 - 2015-11-22 10:33 - 00205824 _____ (Nokia) C:\WINDOWS\SysWOW64\NmaDirect.dll
2015-12-06 13:06 - 2015-11-22 10:32 - 00346112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapConfiguration.dll
2015-12-06 13:06 - 2015-11-22 10:32 - 00340480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PlayToDevice.dll
2015-12-06 13:06 - 2015-11-22 10:32 - 00334848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2015-12-06 13:06 - 2015-11-22 10:31 - 07199232 _____ (Microsoft Corporation) C:\WINDOWS\system32\BingMaps.dll
2015-12-06 13:06 - 2015-11-22 10:31 - 00470528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MbaeApi.dll
2015-12-06 13:06 - 2015-11-22 10:31 - 00416768 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmenrollengine.dll
2015-12-06 13:06 - 2015-11-22 10:30 - 19340800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2015-12-06 13:06 - 2015-11-22 10:30 - 02598400 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetworkMobileSettings.dll
2015-12-06 13:06 - 2015-11-22 10:29 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\JpMapControl.dll
2015-12-06 13:06 - 2015-11-22 10:28 - 01734656 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2015-12-06 13:06 - 2015-11-22 10:28 - 01443328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SRHInproc.dll
2015-12-06 13:06 - 2015-11-22 10:28 - 01387008 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2015-12-06 13:06 - 2015-11-22 10:28 - 00948224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Unistore.dll
2015-12-06 13:06 - 2015-11-22 10:28 - 00870400 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpncore.dll
2015-12-06 13:06 - 2015-11-22 10:28 - 00793600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SRH.dll
2015-12-06 13:06 - 2015-11-22 10:28 - 00784896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NMAA.dll
2015-12-06 13:06 - 2015-11-22 10:28 - 00686592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2015-12-06 13:06 - 2015-11-22 10:28 - 00100864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\offlinelsa.dll
2015-12-06 13:06 - 2015-11-22 10:27 - 03993600 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_nt.dll
2015-12-06 13:06 - 2015-11-22 10:27 - 02049024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2015-12-06 13:06 - 2015-11-22 10:27 - 01944576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InputService.dll
2015-12-06 13:06 - 2015-11-22 10:27 - 00711680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapControlCore.dll
2015-12-06 13:06 - 2015-11-22 10:27 - 00241664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cryptngc.dll
2015-12-06 13:06 - 2015-11-22 10:27 - 00160768 _____ (Microsoft Corporation) C:\WINDOWS\system32\enrollmentapi.dll
2015-12-06 13:06 - 2015-11-22 10:26 - 03355136 _____ (Microsoft Corporation) C:\WINDOWS\system32\msftedit.dll
2015-12-06 13:06 - 2015-11-22 10:26 - 01139200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UIAutomationCore.dll
2015-12-06 13:06 - 2015-11-22 10:26 - 00709120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BingOnlineServices.dll
2015-12-06 13:06 - 2015-11-22 10:26 - 00421888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LogonController.dll
2015-12-06 13:06 - 2015-11-22 10:25 - 06297088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mos.dll
2015-12-06 13:06 - 2015-11-22 10:25 - 02280448 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2015-12-06 13:06 - 2015-11-22 10:25 - 00133632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Core.TextInput.dll
2015-12-06 13:06 - 2015-11-22 10:24 - 12124672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2015-12-06 13:06 - 2015-11-22 10:24 - 02647552 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2015-12-06 13:06 - 2015-11-22 10:24 - 01995264 _____ (Microsoft Corporation) C:\WINDOWS\system32\ActiveSyncProvider.dll
2015-12-06 13:06 - 2015-11-22 10:24 - 00245760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TextInputFramework.dll
2015-12-06 13:06 - 2015-11-22 10:24 - 00083456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InputLocaleManager.dll
2015-12-06 13:06 - 2015-11-22 10:24 - 00059904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\EditBufferTestHook.dll
2015-12-06 13:06 - 2015-11-22 10:23 - 05202944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BingMaps.dll
2015-12-06 13:06 - 2015-11-22 10:20 - 01860096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cdp.dll
2015-12-06 13:06 - 2015-11-22 10:19 - 02064384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFMediaEngine.dll
2015-12-06 13:06 - 2015-11-22 10:18 - 01505280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2015-12-06 13:06 - 2015-11-22 10:18 - 00697856 _____ (Microsoft Corporation) C:\WINDOWS\system32\PlayToManager.dll
2015-12-06 13:06 - 2015-11-22 10:18 - 00458752 _____ (Microsoft Corporation) C:\WINDOWS\system32\PlayToDevice.dll
2015-12-06 13:06 - 2015-11-22 10:17 - 02680320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msftedit.dll
2015-12-06 13:06 - 2015-11-22 10:17 - 02121216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2015-12-06 13:06 - 2015-11-22 10:16 - 01706496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ActiveSyncProvider.dll
2015-12-06 13:06 - 2015-11-22 10:11 - 00517632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PlayToManager.dll
2015-12-04 09:36 - 2015-12-04 09:36 - 04377145 _____ C:\Users\Olli\Downloads\Unbenannte_Nachricht.zip
2015-12-04 09:27 - 2015-12-04 09:36 - 00000000 ____D C:\Users\Olli\Documents\ebay
2015-12-02 03:39 - 2015-12-07 11:29 - 00000000 ____D C:\WINDOWS\System32\Tasks\Norton Security
2015-12-02 03:33 - 2015-12-02 03:33 - 00003386 _____ C:\WINDOWS\System32\Tasks\Norton WSC Integration
2015-12-01 08:48 - 2015-11-21 07:21 - 00809312 _____ (Microsoft Corporation) C:\WINDOWS\system32\WWAHost.exe
2015-12-01 08:48 - 2015-11-21 07:02 - 00704352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WWAHost.exe
2015-12-01 08:48 - 2015-11-21 06:44 - 00204800 _____ (Microsoft Corporation) C:\WINDOWS\system32\Microsoft-Windows-AppModelExecEvents.dll
2015-12-01 08:48 - 2015-11-21 06:29 - 00286720 _____ (Microsoft Corporation) C:\WINDOWS\system32\deviceaccess.dll
2015-12-01 08:48 - 2015-11-21 06:07 - 00227840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\deviceaccess.dll
2015-11-29 14:05 - 2015-11-29 14:05 - 00065296 _____ C:\Users\Olli\Documents\schroeder_3.pdf
2015-11-29 14:05 - 2015-11-29 14:05 - 00065296 _____ C:\Users\Olli\Documents\Scan_20151129 (4).pdf
2015-11-29 14:04 - 2015-11-29 14:04 - 00032483 _____ C:\Users\Olli\Documents\schroeder_2.pdf
2015-11-29 14:04 - 2015-11-29 14:04 - 00032483 _____ C:\Users\Olli\Documents\Scan_20151129 (3).pdf
2015-11-29 14:03 - 2015-11-29 14:03 - 00039627 _____ C:\Users\Olli\Documents\schroeder_1.pdf
2015-11-29 14:03 - 2015-11-29 14:03 - 00039627 _____ C:\Users\Olli\Documents\Scan_20151129 (2).pdf
2015-11-29 14:01 - 2015-11-29 14:01 - 00048665 _____ C:\Users\Olli\Documents\VG_Kosten.pdf
2015-11-29 14:00 - 2015-11-29 14:00 - 00048665 _____ C:\Users\Olli\Documents\Scan_20151129.pdf
2015-11-29 08:17 - 2015-12-07 11:03 - 00000000 ___RD C:\Users\Olli\iCloudDrive
2015-11-29 08:17 - 2015-11-29 08:17 - 00000000 ____D C:\Users\Olli\AppData\Local\Apple Inc
2015-11-29 08:16 - 2015-12-01 08:42 - 00003496 _____ C:\WINDOWS\System32\Tasks\Apple Diagnostics
2015-11-27 12:23 - 2015-11-27 12:23 - 00030246 _____ C:\Users\Olli\Documents\Scan_Wnf.pdf
2015-11-27 12:22 - 2015-11-27 12:22 - 00030246 _____ C:\Users\Olli\Documents\Scan_20151127.pdf
2015-11-23 10:48 - 2015-11-23 10:48 - 00000000 ____D C:\WINDOWS\system32\SleepStudy
2015-11-23 10:31 - 2015-11-23 10:31 - 00000000 ____D C:\Users\Olli\AppData\Local\PeerDistRepub
2015-11-22 11:27 - 2015-11-22 11:27 - 00000000 ____D C:\Users\Olli\AppData\Local\MicrosoftEdge
2015-11-22 09:15 - 2015-11-22 09:16 - 00002355 _____ C:\Users\Olli\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2015-11-22 09:15 - 2015-11-22 09:16 - 00000000 ___RD C:\Users\Olli\OneDrive
2015-11-22 09:14 - 2015-11-22 09:14 - 00000000 ____D C:\ProgramData\Microsoft OneDrive
2015-11-22 09:13 - 2015-11-22 09:13 - 00000000 ____D C:\Users\Olli\AppData\Local\Publishers
2015-11-22 09:12 - 2015-11-22 09:12 - 00000000 ____D C:\Users\Olli\AppData\Local\ActiveSync
2015-11-22 09:11 - 2015-11-22 09:11 - 00000000 ____D C:\Users\Olli\AppData\Local\Comms
2015-11-22 09:10 - 2015-11-22 09:10 - 00000000 ____D C:\Users\Olli\AppData\Local\TileDataLayer
2015-11-22 09:09 - 2015-11-22 09:09 - 00000020 ___SH C:\Users\Olli\ntuser.ini
2015-11-22 08:21 - 2015-11-22 08:21 - 00000000 _SHDL C:\Users\Default\Vorlagen
2015-11-22 08:21 - 2015-11-22 08:21 - 00000000 _SHDL C:\Users\Default\Startmenü
2015-11-22 08:21 - 2015-11-22 08:21 - 00000000 _SHDL C:\Users\Default\Netzwerkumgebung
2015-11-22 08:21 - 2015-11-22 08:21 - 00000000 _SHDL C:\Users\Default\Lokale Einstellungen
2015-11-22 08:21 - 2015-11-22 08:21 - 00000000 _SHDL C:\Users\Default\Eigene Dateien
2015-11-22 08:21 - 2015-11-22 08:21 - 00000000 _SHDL C:\Users\Default\Druckumgebung
2015-11-22 08:21 - 2015-11-22 08:21 - 00000000 _SHDL C:\Users\Default\Documents\Eigene Videos
2015-11-22 08:21 - 2015-11-22 08:21 - 00000000 _SHDL C:\Users\Default\Documents\Eigene Musik
2015-11-22 08:21 - 2015-11-22 08:21 - 00000000 _SHDL C:\Users\Default\Documents\Eigene Bilder
2015-11-22 08:21 - 2015-11-22 08:21 - 00000000 _SHDL C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2015-11-22 08:21 - 2015-11-22 08:21 - 00000000 _SHDL C:\Users\Default\AppData\Local\Verlauf
2015-11-22 08:21 - 2015-11-22 08:21 - 00000000 _SHDL C:\Users\Default\AppData\Local\Anwendungsdaten
2015-11-22 08:21 - 2015-11-22 08:21 - 00000000 _SHDL C:\Users\Default\Anwendungsdaten
2015-11-22 08:21 - 2015-11-22 08:21 - 00000000 _SHDL C:\Users\Default User\Documents\Eigene Videos
2015-11-22 08:21 - 2015-11-22 08:21 - 00000000 _SHDL C:\Users\Default User\Documents\Eigene Musik
2015-11-22 08:21 - 2015-11-22 08:21 - 00000000 _SHDL C:\Users\Default User\Documents\Eigene Bilder
2015-11-22 08:21 - 2015-11-22 08:21 - 00000000 _SHDL C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2015-11-22 08:21 - 2015-11-22 08:21 - 00000000 _SHDL C:\Users\Default User\AppData\Local\Verlauf
2015-11-22 08:21 - 2015-11-22 08:21 - 00000000 _SHDL C:\Users\Default User\AppData\Local\Anwendungsdaten
2015-11-22 08:21 - 2015-11-22 08:21 - 00000000 ____D C:\ProgramData\USOShared
2015-11-22 08:19 - 2015-11-22 08:19 - 00022960 _____ C:\WINDOWS\system32\emptyregdb.dat
2015-11-22 08:18 - 2015-12-07 11:01 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2015-11-22 08:13 - 2015-12-07 11:08 - 01799166 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2015-11-22 08:04 - 2015-11-22 08:04 - 00001576 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2015-11-22 08:04 - 2015-11-22 08:04 - 00000000 ____D C:\Users\Default\AppData\Roaming\ATI
2015-11-22 08:04 - 2015-11-22 08:04 - 00000000 ____D C:\Users\Default\AppData\Local\ATI
2015-11-22 08:04 - 2015-11-22 08:04 - 00000000 ____D C:\Users\Default User\AppData\Roaming\ATI
2015-11-22 08:04 - 2015-11-22 08:04 - 00000000 ____D C:\Users\Default User\AppData\Local\ATI
2015-11-22 07:59 - 2015-11-22 07:59 - 00000000 ____D C:\WINDOWS\system32\config\bbimigrate
2015-11-22 07:58 - 2015-12-02 03:32 - 00000000 ____D C:\Users\Olli
2015-11-22 07:58 - 2015-11-22 07:58 - 00000000 _SHDL C:\Users\Olli\Vorlagen
2015-11-22 07:58 - 2015-11-22 07:58 - 00000000 _SHDL C:\Users\Olli\Startmenü
2015-11-22 07:58 - 2015-11-22 07:58 - 00000000 _SHDL C:\Users\Olli\Netzwerkumgebung
2015-11-22 07:58 - 2015-11-22 07:58 - 00000000 _SHDL C:\Users\Olli\Lokale Einstellungen
2015-11-22 07:58 - 2015-11-22 07:58 - 00000000 _SHDL C:\Users\Olli\Eigene Dateien
2015-11-22 07:58 - 2015-11-22 07:58 - 00000000 _SHDL C:\Users\Olli\Druckumgebung
2015-11-22 07:58 - 2015-11-22 07:58 - 00000000 _SHDL C:\Users\Olli\Documents\Eigene Videos
2015-11-22 07:58 - 2015-11-22 07:58 - 00000000 _SHDL C:\Users\Olli\Documents\Eigene Musik
2015-11-22 07:58 - 2015-11-22 07:58 - 00000000 _SHDL C:\Users\Olli\Documents\Eigene Bilder
2015-11-22 07:58 - 2015-11-22 07:58 - 00000000 _SHDL C:\Users\Olli\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2015-11-22 07:58 - 2015-11-22 07:58 - 00000000 _SHDL C:\Users\Olli\AppData\Local\Verlauf
2015-11-22 07:58 - 2015-11-22 07:58 - 00000000 _SHDL C:\Users\Olli\AppData\Local\Anwendungsdaten
2015-11-22 07:58 - 2015-11-22 07:58 - 00000000 _SHDL C:\Users\Olli\Anwendungsdaten
2015-11-22 07:55 - 2015-11-22 08:00 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD Catalyst Control Center
2015-11-22 07:55 - 2015-11-22 07:55 - 00000000 ____D C:\Program Files\ATI Technologies
2015-11-22 07:54 - 2015-11-22 08:01 - 00000000 ____D C:\WINDOWS\SysWOW64\sda
2015-11-22 07:54 - 2015-11-22 08:00 - 00000000 ____D C:\ProgramData\Package Cache
2015-11-22 07:54 - 2015-11-22 07:55 - 00000000 ____D C:\Program Files (x86)\ATI Technologies
2015-11-22 07:54 - 2015-11-22 07:54 - 00000000 ____D C:\Program Files\Common Files\ATI Technologies
2015-11-22 07:54 - 2015-11-22 07:54 - 00000000 ____D C:\Program Files\Common Files\Atheros
2015-11-22 07:54 - 2015-11-22 07:54 - 00000000 ____D C:\Program Files (x86)\Genesyslogic
2015-11-22 07:54 - 2015-11-22 07:54 - 00000000 _____ C:\WINDOWS\ativpsrm.bin
2015-11-22 07:53 - 2015-11-22 08:00 - 00000000 ____D C:\Program Files\AMD
2015-11-22 07:53 - 2015-10-30 08:17 - 02718208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PrintConfig.dll
2015-11-22 07:51 - 2015-11-22 07:51 - 00000000 ____H C:\WINDOWS\system32\Drivers\Msft_User_WpdFs_01_11_00.Wdf
2015-11-22 07:50 - 2015-11-22 08:07 - 00244680 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2015-11-22 07:49 - 2015-11-22 12:00 - 00000000 ___DC C:\WINDOWS\Panther
2015-11-22 07:46 - 2015-11-22 07:46 - 22572632 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2015-11-22 07:46 - 2015-11-22 07:46 - 21125408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2015-11-22 07:46 - 2015-11-22 07:46 - 11545088 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2015-11-22 07:46 - 2015-11-22 07:46 - 09918976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2015-11-22 07:46 - 2015-11-22 07:46 - 03670832 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2015-11-22 07:46 - 2015-11-22 07:46 - 03592704 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2015-11-22 07:46 - 2015-11-22 07:46 - 02918808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2015-11-22 07:46 - 2015-11-22 07:46 - 02544264 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
2015-11-22 07:46 - 2015-11-22 07:46 - 02444288 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.appcore.dll
2015-11-22 07:46 - 2015-11-22 07:46 - 02179584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll
2015-11-22 07:46 - 2015-11-22 07:46 - 02001408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.appcore.dll
2015-11-22 07:46 - 2015-11-22 07:46 - 01393664 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2015-11-22 07:46 - 2015-11-22 07:46 - 01063424 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2015-11-22 07:46 - 2015-11-22 07:46 - 00969728 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
2015-11-22 07:46 - 2015-11-22 07:46 - 00911648 _____ (Microsoft Corporation) C:\WINDOWS\system32\dcomp.dll
2015-11-22 07:46 - 2015-11-22 07:46 - 00803840 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2015-11-22 07:46 - 2015-11-22 07:46 - 00791552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll
2015-11-22 07:46 - 2015-11-22 07:46 - 00698208 _____ (Microsoft Corporation) C:\WINDOWS\system32\wimgapi.dll
2015-11-22 07:46 - 2015-11-22 07:46 - 00675064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dcomp.dll
2015-11-22 07:46 - 2015-11-22 07:46 - 00674816 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.dll
2015-11-22 07:46 - 2015-11-22 07:46 - 00647168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2015-11-22 07:46 - 2015-11-22 07:46 - 00630632 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontdrvhost.exe
2015-11-22 07:46 - 2015-11-22 07:46 - 00623616 _____ (Microsoft Corporation) C:\WINDOWS\system32\PhoneProviders.dll
2015-11-22 07:46 - 2015-11-22 07:46 - 00586208 _____ (Microsoft Corporation) C:\WINDOWS\system32\mf.dll
2015-11-22 07:46 - 2015-11-22 07:46 - 00586080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wimgapi.dll
2015-11-22 07:46 - 2015-11-22 07:46 - 00578912 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\afd.sys
2015-11-22 07:46 - 2015-11-22 07:46 - 00543232 _____ (Microsoft Corporation) C:\WINDOWS\system32\StoreAgent.dll
2015-11-22 07:46 - 2015-11-22 07:46 - 00540752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontdrvhost.exe
2015-11-22 07:46 - 2015-11-22 07:46 - 00536768 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSes.dll
2015-11-22 07:46 - 2015-11-22 07:46 - 00523616 _____ (Microsoft Corporation) C:\WINDOWS\system32\wimserv.exe
2015-11-22 07:46 - 2015-11-22 07:46 - 00517632 _____ (Microsoft Corporation) C:\WINDOWS\system32\winspool.drv
2015-11-22 07:46 - 2015-11-22 07:46 - 00516544 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEng.dll
2015-11-22 07:46 - 2015-11-22 07:46 - 00511320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mf.dll
2015-11-22 07:46 - 2015-11-22 07:46 - 00497664 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmkvsrcsnk.dll
2015-11-22 07:46 - 2015-11-22 07:46 - 00490496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.dll
2015-11-22 07:46 - 2015-11-22 07:46 - 00454056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioEng.dll
2015-11-22 07:46 - 2015-11-22 07:46 - 00450560 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Bluetooth.dll
2015-11-22 07:46 - 2015-11-22 07:46 - 00414720 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcastdvr.exe
2015-11-22 07:46 - 2015-11-22 07:46 - 00409088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\StoreAgent.dll
2015-11-22 07:46 - 2015-11-22 07:46 - 00408128 _____ (Microsoft Corporation) C:\WINDOWS\system32\AUDIOKSE.dll
2015-11-22 07:46 - 2015-11-22 07:46 - 00405048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioSes.dll
2015-11-22 07:46 - 2015-11-22 07:46 - 00400896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winspool.drv
2015-11-22 07:46 - 2015-11-22 07:46 - 00382464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmkvsrcsnk.dll
2015-11-22 07:46 - 2015-11-22 07:46 - 00369912 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiodg.exe
2015-11-22 07:46 - 2015-11-22 07:46 - 00366224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AUDIOKSE.dll
2015-11-22 07:46 - 2015-11-22 07:46 - 00365568 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\atmfd.dll
2015-11-22 07:46 - 2015-11-22 07:46 - 00334736 _____ (Microsoft Corporation) C:\WINDOWS\system32\policymanager.dll
2015-11-22 07:46 - 2015-11-22 07:46 - 00334336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\bcastdvr.exe
2015-11-22 07:46 - 2015-11-22 07:46 - 00315904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Internal.Bluetooth.dll
2015-11-22 07:46 - 2015-11-22 07:46 - 00303104 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\atmfd.dll
2015-11-22 07:46 - 2015-11-22 07:46 - 00296488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\policymanager.dll
2015-11-22 07:46 - 2015-11-22 07:46 - 00292352 _____ (Microsoft Corporation) C:\WINDOWS\system32\provengine.dll
2015-11-22 07:46 - 2015-11-22 07:46 - 00286208 _____ (Microsoft Corporation) C:\WINDOWS\system32\provhandlers.dll
2015-11-22 07:46 - 2015-11-22 07:46 - 00275456 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll
2015-11-22 07:46 - 2015-11-22 07:46 - 00245848 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfps.dll
2015-11-22 07:46 - 2015-11-22 07:46 - 00231936 _____ (Microsoft Corporation) C:\WINDOWS\system32\KnobsCore.dll
2015-11-22 07:46 - 2015-11-22 07:46 - 00198656 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallAgent.exe
2015-11-22 07:46 - 2015-11-22 07:46 - 00192000 _____ (Microsoft Corporation) C:\WINDOWS\system32\provisioningcsp.dll
2015-11-22 07:46 - 2015-11-22 07:46 - 00165376 _____ (Microsoft Corporation) C:\WINDOWS\system32\provdatastore.dll
2015-11-22 07:46 - 2015-11-22 07:46 - 00163328 _____ (Microsoft Corporation) C:\WINDOWS\system32\provops.dll
2015-11-22 07:46 - 2015-11-22 07:46 - 00162304 _____ (Microsoft Corporation) C:\WINDOWS\system32\tetheringservice.dll
2015-11-22 07:46 - 2015-11-22 07:46 - 00160768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallAgent.exe
2015-11-22 07:46 - 2015-11-22 07:46 - 00122368 _____ (Microsoft Corporation) C:\WINDOWS\system32\KnobsCsp.dll
2015-11-22 07:46 - 2015-11-22 07:46 - 00118624 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tdx.sys
2015-11-22 07:46 - 2015-11-22 07:46 - 00118272 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontsub.dll
2015-11-22 07:46 - 2015-11-22 07:46 - 00116728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfps.dll
2015-11-22 07:46 - 2015-11-22 07:46 - 00115200 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2015-11-22 07:46 - 2015-11-22 07:46 - 00110032 _____ (Microsoft Corporation) C:\WINDOWS\system32\EncDump.dll
2015-11-22 07:46 - 2015-11-22 07:46 - 00093696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontsub.dll
2015-11-22 07:46 - 2015-11-22 07:46 - 00092352 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2015-11-22 07:46 - 2015-11-22 07:46 - 00089600 _____ (Microsoft Corporation) C:\WINDOWS\system32\NFCProvisioningPlugin.dll
2015-11-22 07:46 - 2015-11-22 07:46 - 00088392 _____ (Microsoft Corporation) C:\WINDOWS\system32\remoteaudioendpoint.dll
2015-11-22 07:46 - 2015-11-22 07:46 - 00087040 _____ (Microsoft Corporation) C:\WINDOWS\system32\tzautoupdate.dll
2015-11-22 07:46 - 2015-11-22 07:46 - 00086528 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppCapture.dll
2015-11-22 07:46 - 2015-11-22 07:46 - 00078336 _____ (Microsoft Corporation) C:\WINDOWS\system32\BarcodeProvisioningPlugin.dll
2015-11-22 07:46 - 2015-11-22 07:46 - 00077312 _____ (Microsoft Corporation) C:\WINDOWS\system32\ProvPluginEng.dll
2015-11-22 07:46 - 2015-11-22 07:46 - 00073360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\remoteaudioendpoint.dll
2015-11-22 07:46 - 2015-11-22 07:46 - 00070656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppCapture.dll
2015-11-22 07:46 - 2015-11-22 07:46 - 00056320 _____ (Microsoft Corporation) C:\WINDOWS\system32\provtool.exe
2015-11-22 07:46 - 2015-11-22 07:46 - 00052736 _____ (Microsoft Corporation) C:\WINDOWS\system32\tetheringclient.dll
2015-11-22 07:46 - 2015-11-22 07:46 - 00052736 _____ (Microsoft Corporation) C:\WINDOWS\system32\RemovableMediaProvisioningPlugin.dll
2015-11-22 07:46 - 2015-11-22 07:46 - 00045568 _____ (Adobe Systems) C:\WINDOWS\system32\atmlib.dll
2015-11-22 07:46 - 2015-11-22 07:46 - 00043520 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcastdvr.proxy.dll
2015-11-22 07:46 - 2015-11-22 07:46 - 00037376 _____ (Microsoft Corporation) C:\WINDOWS\system32\LaunchWinApp.exe
2015-11-22 07:46 - 2015-11-22 07:46 - 00037376 _____ (Adobe Systems) C:\WINDOWS\SysWOW64\atmlib.dll
2015-11-22 07:46 - 2015-11-22 07:46 - 00035680 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wimmount.sys
2015-11-22 07:46 - 2015-11-22 07:46 - 00035656 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfpmp.exe
2015-11-22 07:46 - 2015-11-22 07:46 - 00032040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfpmp.exe
2015-11-22 07:46 - 2015-11-22 07:46 - 00030720 _____ (Microsoft Corporation) C:\WINDOWS\system32\tetheringconfigsp.dll
2015-11-22 07:46 - 2015-11-22 07:46 - 00029696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LaunchWinApp.exe
2015-11-22 07:46 - 2015-11-22 07:46 - 00028160 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Management.Provisioning.ProxyStub.dll
2015-11-22 07:46 - 2015-11-22 07:46 - 00027136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\bcastdvr.proxy.dll
2015-11-22 07:46 - 2015-11-22 07:46 - 00017408 _____ (Microsoft Corporation) C:\WINDOWS\system32\IcsEntitlementHost.exe
2015-11-22 07:46 - 2015-11-22 07:46 - 00014336 _____ (Microsoft Corporation) C:\WINDOWS\system32\dciman32.dll
2015-11-22 07:46 - 2015-11-22 07:46 - 00011776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dciman32.dll
2015-11-22 07:46 - 2015-11-22 07:46 - 00003072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\lpk.dll
2015-11-22 07:46 - 2015-11-22 07:46 - 00003072 _____ (Microsoft Corporation) C:\WINDOWS\system32\lpk.dll
2015-11-22 07:46 - 2015-11-22 07:46 - 00000000 ____D C:\Windows.old
2015-11-22 07:44 - 2015-11-22 07:44 - 00008192 _____ C:\WINDOWS\system32\config\userdiff
2015-11-22 07:42 - 2015-11-22 07:42 - 00000000 ____D C:\WINDOWS\SysWOW64\XPSViewer
2015-11-22 07:42 - 2015-11-22 07:42 - 00000000 ____D C:\Program Files\Reference Assemblies
2015-11-22 07:42 - 2015-11-22 07:42 - 00000000 ____D C:\Program Files\MSBuild
2015-11-22 07:42 - 2015-11-22 07:42 - 00000000 ____D C:\Program Files (x86)\Reference Assemblies
2015-11-22 07:42 - 2015-11-22 07:42 - 00000000 ____D C:\Program Files (x86)\MSBuild
2015-11-22 07:42 - 2015-10-23 17:47 - 00778936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PresentationNative_v0300.dll
2015-11-22 07:42 - 2015-10-23 17:47 - 00103120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2015-11-22 07:42 - 2015-10-23 17:47 - 00035480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TsWpfWrp.exe
2015-11-22 07:42 - 2015-10-23 17:46 - 01166520 _____ (Microsoft Corporation) C:\WINDOWS\system32\PresentationNative_v0300.dll
2015-11-22 07:42 - 2015-10-23 17:46 - 00035480 _____ (Microsoft Corporation) C:\WINDOWS\system32\TsWpfWrp.exe
2015-11-22 07:42 - 2015-10-23 17:45 - 00124624 _____ (Microsoft Corporation) C:\WINDOWS\system32\PresentationCFFRasterizerNative_v0300.dll
2015-11-22 07:27 - 2015-11-22 08:20 - 00009528 _____ C:\WINDOWS\diagwrn.xml
2015-11-22 07:27 - 2015-11-22 08:20 - 00009528 _____ C:\WINDOWS\diagerr.xml
2015-11-16 14:08 - 2015-11-16 14:08 - 00000517 _____ C:\Users\Olli\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FalloutLauncher.lnk
2015-11-14 18:30 - 2015-11-14 18:30 - 00178800 _____ (Sony DADC Austria AG.) C:\WINDOWS\SysWOW64\CmdLineExt_x64.dll
2015-11-14 18:30 - 2015-11-14 18:30 - 00000000 ____D C:\Users\Olli\Documents\My Games
2015-11-14 18:30 - 2015-11-14 18:30 - 00000000 ____D C:\Users\Olli\AppData\Local\Fallout3
2015-11-14 18:20 - 2015-11-14 18:20 - 00000000 ____D C:\Program Files (x86)\Bethesda Softworks
2015-11-14 18:03 - 2015-11-22 08:02 - 00000000 ____D C:\WINDOWS\SysWOW64\xlive
2015-11-13 10:04 - 2015-11-22 08:04 - 00000000 ____D C:\Users\Olli\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox

==================== Ein Monat: Geänderte Dateien und Ordner ========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)

2015-12-07 12:52 - 2015-10-30 07:28 - 00000000 ____D C:\Windows
2015-12-07 11:26 - 2015-08-11 12:37 - 00000000 ____D C:\Program Files (x86)\PDF Architect 3
2015-12-07 11:26 - 2015-06-03 08:01 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2015-12-07 11:22 - 2013-11-22 10:50 - 00000884 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2015-12-07 11:15 - 2015-10-30 08:24 - 00000000 ____D C:\WINDOWS\rescache
2015-12-07 11:08 - 2015-10-30 19:35 - 00775524 _____ C:\WINDOWS\system32\perfh007.dat
2015-12-07 11:08 - 2015-10-30 19:35 - 00155338 _____ C:\WINDOWS\system32\perfc007.dat
2015-12-07 11:08 - 2015-10-30 08:21 - 00000000 ____D C:\WINDOWS\INF
2015-12-07 11:04 - 2014-06-16 10:49 - 00000000 ___RD C:\Users\Olli\Dropbox
2015-12-07 11:04 - 2014-06-16 10:46 - 00000000 ____D C:\Users\Olli\AppData\Roaming\Dropbox
2015-12-07 11:01 - 2015-10-30 08:24 - 00000000 ____D C:\WINDOWS\TAPI
2015-12-07 11:00 - 2015-10-30 07:28 - 00524288 ___SH C:\WINDOWS\system32\config\BBI
2015-12-07 10:59 - 2015-10-30 08:24 - 00000000 ____D C:\WINDOWS\system32\SystemResetPlatform
2015-12-06 14:08 - 2015-10-30 08:11 - 00000000 ____D C:\WINDOWS\CbsTemp
2015-12-06 13:57 - 2015-06-22 11:46 - 00001246 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskUserS-1-5-21-2064884263-2734367825-3749686348-1001UA.job
2015-12-06 12:46 - 2014-12-27 17:46 - 00000000 ____D C:\Program Files (x86)\Steam
2015-12-06 12:46 - 2014-02-26 09:13 - 00000000 ____D C:\Users\Olli\AppData\Local\CrashDumps
2015-12-06 11:31 - 2013-11-15 09:39 - 00004164 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{38DC09B8-B1AF-4E73-8090-2527DDB7D131}
2015-12-05 12:31 - 2015-10-30 08:24 - 00000000 ____D C:\WINDOWS\AppReadiness
2015-12-04 19:57 - 2015-06-22 11:46 - 00001194 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskUserS-1-5-21-2064884263-2734367825-3749686348-1001Core.job
2015-12-04 11:29 - 2014-01-13 10:42 - 00000000 ____D C:\Users\Olli\AppData\Roaming\vlc
2015-12-04 11:22 - 2014-04-06 14:36 - 00000000 ____D C:\Users\Olli\dwhelper
2015-12-04 08:05 - 2015-10-30 08:24 - 00000000 ___HD C:\Program Files\WindowsApps
2015-12-02 03:34 - 2015-10-30 07:28 - 00032768 ___SH C:\WINDOWS\system32\config\ELAM
2015-12-02 03:33 - 2015-05-25 11:35 - 00002381 _____ C:\Users\Public\Desktop\Norton Security.LNK
2015-12-02 03:33 - 2015-05-25 11:31 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Security
2015-12-02 03:33 - 2015-05-25 11:31 - 00000000 ____D C:\WINDOWS\system32\Drivers\NSx64
2015-11-30 10:00 - 2013-11-16 16:40 - 00000000 ____D C:\Users\Olli\AppData\Roaming\Apple Computer
2015-11-29 08:17 - 2013-11-16 16:39 - 00000000 ____D C:\Users\Olli\AppData\Local\Apple
2015-11-29 08:16 - 2013-11-16 16:40 - 00000000 ____D C:\Users\Olli\AppData\Local\Apple Computer
2015-11-27 12:07 - 2014-03-01 12:11 - 00000000 ___RD C:\Users\Olli\Documents\Scanned Documents
2015-11-27 08:33 - 2015-10-30 08:24 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2015-11-27 08:32 - 2013-11-15 10:25 - 00000000 ____D C:\Program Files\Microsoft Office 15
2015-11-23 08:36 - 2015-10-30 08:24 - 00000000 ____D C:\WINDOWS\appcompat
2015-11-22 19:12 - 2015-10-30 08:24 - 00000000 ____D C:\WINDOWS\system32\NDF
2015-11-22 09:30 - 2013-11-15 09:35 - 00000000 ____D C:\Users\Olli\AppData\Local\Packages
2015-11-22 09:29 - 2015-10-30 08:24 - 00000000 ___RD C:\WINDOWS\DevicesFlow
2015-11-22 09:11 - 2015-10-30 08:24 - 00000000 ___RD C:\WINDOWS\PurchaseDialog
2015-11-22 09:11 - 2015-10-30 08:24 - 00000000 ___RD C:\WINDOWS\PrintDialog
2015-11-22 09:11 - 2015-10-30 08:24 - 00000000 ___RD C:\WINDOWS\MiracastView
2015-11-22 09:11 - 2015-10-30 08:24 - 00000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2015-11-22 09:10 - 2013-11-20 11:40 - 00000000 __RHD C:\Users\Public\AccountPictures
2015-11-22 08:21 - 2015-10-30 08:24 - 00000000 ____D C:\WINDOWS\system32\WinBioDatabase
2015-11-22 08:21 - 2015-10-30 08:24 - 00000000 ____D C:\ProgramData\USOPrivate
2015-11-22 08:21 - 2015-10-30 08:24 - 00000000 ____D C:\Program Files\Windows NT
2015-11-22 08:19 - 2015-10-30 08:24 - 00000000 ____D C:\WINDOWS\Registration
2015-11-22 08:18 - 2015-06-22 11:46 - 00003694 _____ C:\WINDOWS\System32\Tasks\DropboxUpdateTaskUserS-1-5-21-2064884263-2734367825-3749686348-1001UA
2015-11-22 08:18 - 2015-06-22 11:46 - 00003422 _____ C:\WINDOWS\System32\Tasks\DropboxUpdateTaskUserS-1-5-21-2064884263-2734367825-3749686348-1001Core
2015-11-22 08:18 - 2015-04-22 20:34 - 00002052 _____ C:\WINDOWS\System32\Tasks\{1316A33A-0917-4EF1-8048-BCC5D925C46C}
2015-11-22 08:18 - 2014-12-24 12:11 - 00002764 _____ C:\WINDOWS\System32\Tasks\Adobe Acrobat Update Task
2015-11-22 08:18 - 2014-10-17 18:35 - 00002378 _____ C:\WINDOWS\System32\Tasks\dd
2015-11-22 08:18 - 2013-11-22 10:50 - 00002952 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2015-11-22 08:18 - 2013-11-15 09:40 - 00002812 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2064884263-2734367825-3749686348-1001
2015-11-22 08:16 - 2015-10-30 08:24 - 00000000 __RHD C:\Users\Public\Libraries
2015-11-22 08:04 - 2015-09-17 07:40 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\World of Warships
2015-11-22 08:04 - 2015-09-16 15:42 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2015-11-22 08:04 - 2015-08-20 12:11 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nero
2015-11-22 08:04 - 2015-08-11 12:38 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDF Architect 3
2015-11-22 08:04 - 2015-08-11 12:36 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDFCreator
2015-11-22 08:04 - 2015-08-08 09:48 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CDex
2015-11-22 08:04 - 2015-07-23 12:10 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVDVideoSoft
2015-11-22 08:04 - 2015-05-12 16:53 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iCloud
2015-11-22 08:04 - 2015-01-13 13:54 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WISO Steuer-Sparbuch 2015
2015-11-22 08:04 - 2014-12-29 12:58 - 00000000 ____D C:\Users\Olli\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2015-11-22 08:04 - 2014-12-27 17:46 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam
2015-11-22 08:04 - 2014-11-25 17:24 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2015-11-22 08:04 - 2014-11-05 11:02 - 00000000 ____D C:\Users\Olli\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\World of Tanks
2015-11-22 08:04 - 2014-10-01 15:04 - 00000000 ____D C:\Users\Olli\AppData\Roaming\Microsoft\Windows\Start Menu\OMC ModPack Client
2015-11-22 08:04 - 2014-09-02 07:46 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
2015-11-22 08:04 - 2014-08-08 18:21 - 00000000 ____D C:\Users\Olli\AppData\Roaming\Microsoft\Windows\Start Menu\OMC ModPack
2015-11-22 08:04 - 2014-07-25 11:10 - 00000000 ____D C:\Users\Olli\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\GameShadow
2015-11-22 08:04 - 2014-06-17 12:17 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2015-11-22 08:04 - 2014-01-13 10:42 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
2015-11-22 08:04 - 2014-01-08 12:10 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WISO Steuer-Sparbuch 2014
2015-11-22 08:04 - 2013-12-20 21:37 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Crysis 3
2015-11-22 08:04 - 2013-12-20 16:51 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Origin
2015-11-22 08:04 - 2013-11-30 15:43 - 00000000 ____D C:\Users\Olli\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinUAE
2015-11-22 08:04 - 2013-11-21 09:18 - 00000000 ____D C:\Users\Olli\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\C. H. Beck
2015-11-22 08:04 - 2013-11-15 10:26 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
2015-11-22 08:04 - 2013-11-15 09:44 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FRITZ!WLAN
2015-11-22 08:04 - 2013-08-22 14:36 - 00000000 ____D C:\Users\Default.migrated
2015-11-22 08:01 - 2015-10-30 08:24 - 00000000 ____D C:\WINDOWS\SysWOW64\Macromed
2015-11-22 08:01 - 2015-10-30 08:24 - 00000000 ____D C:\WINDOWS\system32\spool
2015-11-22 08:01 - 2015-10-30 08:24 - 00000000 ____D C:\WINDOWS\system32\oobe
2015-11-22 08:01 - 2015-10-30 08:24 - 00000000 ____D C:\WINDOWS\system32\InputMethod
2015-11-22 08:01 - 2014-05-28 15:39 - 00000000 ____D C:\WINDOWS\SysWOW64\Adobe
2015-11-22 08:01 - 2013-08-22 16:36 - 00000000 ____D C:\WINDOWS\system32\WindowsInternal.Inbox.Shared
2015-11-22 08:01 - 2013-08-22 16:36 - 00000000 ____D C:\WINDOWS\system32\WindowsInternal.Inbox.Media.Shared
2015-11-22 08:00 - 2015-10-30 08:24 - 00000000 ___HD C:\WINDOWS\ELAMBKUP
2015-11-22 08:00 - 2015-10-30 08:24 - 00000000 ____D C:\WINDOWS\LiveKernelReports
2015-11-22 08:00 - 2015-10-30 08:24 - 00000000 ____D C:\WINDOWS\InputMethod
2015-11-22 08:00 - 2015-10-30 08:24 - 00000000 ____D C:\WINDOWS\Cursors
2015-11-22 08:00 - 2015-10-30 08:24 - 00000000 ____D C:\Program Files\Common Files\microsoft shared
2015-11-22 08:00 - 2014-01-19 23:01 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EIZO
2015-11-22 08:00 - 2013-12-08 16:46 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Games
2015-11-22 08:00 - 2013-11-16 17:21 - 00000000 ____D C:\WINDOWS\system32\appmgmt
2015-11-22 08:00 - 2013-08-22 16:36 - 00000000 ____D C:\WINDOWS\MediaViewer
2015-11-22 08:00 - 2013-08-22 16:36 - 00000000 ____D C:\WINDOWS\ADFS
2015-11-22 07:57 - 2015-10-30 07:28 - 00000000 ____D C:\WINDOWS\system32\Sysprep
2015-11-22 07:54 - 2013-11-15 18:56 - 00000000 ____D C:\AMD
2015-11-22 07:50 - 2015-10-30 19:58 - 00000000 ____D C:\WINDOWS\ServiceProfiles
2015-11-22 07:49 - 2015-10-30 08:24 - 00028672 _____ C:\WINDOWS\system32\config\BCD-Template
2015-11-22 07:46 - 2015-10-30 08:24 - 00000000 ____D C:\WINDOWS\system32\appraiser
2015-11-22 07:46 - 2015-10-30 08:24 - 00000000 ____D C:\WINDOWS\Provisioning
2015-11-22 07:46 - 2015-10-30 07:28 - 00000000 ____D C:\WINDOWS\SysWOW64\Dism
2015-11-22 07:46 - 2015-10-30 07:28 - 00000000 ____D C:\WINDOWS\system32\Dism
2015-11-22 07:42 - 2015-10-30 08:24 - 00000000 ____D C:\WINDOWS\SysWOW64\MUI
2015-11-22 07:42 - 2015-10-30 08:24 - 00000000 ____D C:\WINDOWS\system32\MUI
2015-11-22 07:42 - 2015-10-30 08:17 - 00480256 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpnet.dll
2015-11-22 07:42 - 2015-10-30 08:17 - 00395264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dpnet.dll
2015-11-22 07:42 - 2015-10-30 08:17 - 00220160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dplayx.dll
2015-11-22 07:42 - 2015-10-30 08:17 - 00069120 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpnathlp.dll
2015-11-22 07:42 - 2015-10-30 08:17 - 00061952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dpnathlp.dll
2015-11-22 07:42 - 2015-10-30 08:17 - 00047104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dpwsockx.dll
2015-11-22 07:42 - 2015-10-30 08:17 - 00027648 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpnsvr.exe
2015-11-22 07:42 - 2015-10-30 08:17 - 00025088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dpmodemx.dll
2015-11-22 07:42 - 2015-10-30 08:17 - 00023040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dpnsvr.exe
2015-11-22 07:42 - 2015-10-30 08:17 - 00020992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dplaysvr.exe
2015-11-22 07:42 - 2015-10-30 08:17 - 00010240 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpnhupnp.dll
2015-11-22 07:42 - 2015-10-30 08:17 - 00010240 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpnhpast.dll
2015-11-22 07:42 - 2015-10-30 08:17 - 00008704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dpnhupnp.dll
2015-11-22 07:42 - 2015-10-30 08:17 - 00008704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dpnhpast.dll
2015-11-22 07:42 - 2015-10-30 08:17 - 00005632 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpnlobby.dll
2015-11-22 07:42 - 2015-10-30 08:17 - 00005632 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpnaddr.dll
2015-11-22 07:42 - 2015-10-30 08:17 - 00004608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dpnlobby.dll
2015-11-22 07:42 - 2015-10-30 08:17 - 00004608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dpnaddr.dll
2015-11-22 07:27 - 2015-10-30 20:28 - 00000000 ___HD C:\$WINDOWS.~BT
2015-11-20 10:26 - 2015-10-12 13:15 - 00000000 ____D C:\Users\Olli\Documents\38b
2015-11-20 10:24 - 2015-10-10 10:49 - 00000000 ____D C:\Users\Olli\Documents\38a
2015-11-20 10:23 - 2015-10-14 09:51 - 00000000 ____D C:\Users\Olli\Documents\39a
2015-11-20 09:25 - 2013-11-21 09:20 - 00000000 ____D C:\Users\Olli\AppData\Local\xMedia
2015-11-15 04:53 - 2013-11-17 09:37 - 00000000 ____D C:\WINDOWS\system32\MRT
2015-11-15 04:43 - 2013-11-17 09:37 - 145617392 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2015-11-14 18:20 - 2014-01-08 12:08 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2015-11-14 18:06 - 2013-08-22 16:36 - 00000000 ___RD C:\WINDOWS\ToastData
2015-11-11 20:22 - 2015-06-10 07:22 - 05286088 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerInstaller.exe
2015-11-09 09:00 - 2013-11-21 17:42 - 00000000 ____D C:\Users\Olli\Documents\FH

==================== Dateien im Wurzelverzeichnis einiger Verzeichnisse =======

2014-01-19 22:55 - 2014-01-19 22:55 - 0000017 _____ () C:\Users\Olli\AppData\Local\resmon.resmoncfg
2015-12-07 11:01 - 2015-12-07 11:01 - 0000000 ____H () C:\ProgramData\cm-lock

Einige Dateien in TEMP:
====================
C:\Users\Olli\AppData\Local\Temp\drm_dyndata_7380006.dll
C:\Users\Olli\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpknkdkd.dll
C:\Users\Olli\AppData\Local\Temp\kernel32.dll
C:\Users\Olli\AppData\Local\Temp\vlc-2.1.5-win64.exe


==================== Bamital & volsnap =================

(Es ist kein automatischer Fix für Dateien vorhanden, die an der Verifikation gescheitert sind.)

C:\WINDOWS\system32\winlogon.exe => Datei ist digital signiert
C:\WINDOWS\system32\wininit.exe => Datei ist digital signiert
C:\WINDOWS\explorer.exe => Datei ist digital signiert
C:\WINDOWS\SysWOW64\explorer.exe => Datei ist digital signiert
C:\WINDOWS\system32\svchost.exe => Datei ist digital signiert
C:\WINDOWS\SysWOW64\svchost.exe => Datei ist digital signiert
C:\WINDOWS\system32\services.exe => Datei ist digital signiert
C:\WINDOWS\system32\User32.dll => Datei ist digital signiert
C:\WINDOWS\SysWOW64\User32.dll => Datei ist digital signiert
C:\WINDOWS\system32\userinit.exe => Datei ist digital signiert
C:\WINDOWS\SysWOW64\userinit.exe => Datei ist digital signiert
C:\WINDOWS\system32\rpcss.dll => Datei ist digital signiert
C:\WINDOWS\system32\dnsapi.dll => Datei ist digital signiert
C:\WINDOWS\SysWOW64\dnsapi.dll => Datei ist digital signiert
C:\WINDOWS\system32\Drivers\volsnap.sys => Datei ist digital signiert


LastRegBack: 2015-12-02 10:21

==================== Ende von FRST.txt ============================
         

Alt 07.12.2015, 19:07   #2
schrauber
/// the machine
/// TB-Ausbilder
 

Gelbes "i"-Icon" mitten auf dem Desktop - Standard

Gelbes "i"-Icon" mitten auf dem Desktop



So funktioniert es:
Posten in CODE-Tags
Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert mir massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu gross für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
  • Markiere das gesamte Logfile (geht meist mit STRG+A) und kopiere es in die Zwischenablage mit STRG+C.
  • Klicke im Editor auf das #-Symbol. Es erscheinen zwei Klammerausdrücke [CODE] [/CODE].
  • Setze den Curser zwischen die CODE-Tags und drücke STRG+V.
  • Klicke auf Erweitert/Vorschau, um so prüfen, ob du es richtig gemacht hast. Wenn alles stimmt ... auf Antworten.


Addition.txt fehlt noch.
__________________

__________________

Alt 07.12.2015, 20:08   #3
droliver
 
Gelbes "i"-Icon" mitten auf dem Desktop - Standard

Gelbes "i"-Icon" mitten auf dem Desktop



FRST Additions Logfile:
Code:
ATTFilter
Zusätzliches Untersuchungsergebnis von Farbar Recovery Scan Tool (x64) Version:05-12-2015
durchgeführt von Olli (2015-12-07 12:53:20)
Gestartet von C:\Users\Olli\Downloads
Windows 10 Pro (X64) (2015-11-22 08:09:01)
Start-Modus: Normal
==========================================================


==================== Konten: =============================

Administrator (S-1-5-21-2064884263-2734367825-3749686348-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-2064884263-2734367825-3749686348-503 - Limited - Disabled)
Gast (S-1-5-21-2064884263-2734367825-3749686348-501 - Limited - Disabled)
Olli (S-1-5-21-2064884263-2734367825-3749686348-1001 - Administrator - Enabled) => C:\Users\Olli

==================== Sicherheits-Center ========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er entfernt.)

AV: Norton Security (Enabled - Up to date) {53C7D717-52E2-B95E-FA61-6F32ECC805DB}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Norton Security (Enabled - Up to date) {E8A636F3-74D8-B6D0-C0D1-5440974F4F66}
FW: Norton Security (Enabled) {6BFC5632-188D-B806-D13E-C607121B42A0}

==================== Installierte Programme ======================

(Nur Adware-Programme mit dem Zusatz "Hidden" können in die Fixlist aufgenommen werden, um sie sichtbar zu machen. Die Adware-Programme sollten manuell deinstalliert werden.)

7-Zip 9.22 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0922-000001000000}) (Version: 9.22.00.0 - Igor Pavlov)
Adobe Flash Player 19 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 19.0.0.245 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.13) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.13 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.1 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.1.1.151 - Adobe Systems, Inc.)
AMD Catalyst Control Center (HKLM-x32\...\WUCCCApp) (Version: 1.00.0000 - AMD)
AMD Catalyst Install Manager (HKLM\...\{529C5283-F484-94CA-8D10-3A69FD0776D3}) (Version: 8.0.916.0 - Advanced Micro Devices, Inc.)
Apple Application Support (32-Bit) (HKLM-x32\...\{7FE25256-B7C1-480D-B736-10A67A833AEA}) (Version: 3.2 - Apple Inc.)
Apple Application Support (64-Bit) (HKLM\...\{B255D495-4734-4E9B-B4F5-96702FD4A7B9}) (Version: 3.2 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{5D61F006-168C-4B8B-B7FD-F113C10AE0E4}) (Version: 8.2.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Audacity 2.0.3 (HKLM-x32\...\Audacity_is1) (Version: 2.0.3 - Audacity Team)
AVM FRITZ!WLAN (HKLM-x32\...\AVMWLANCLI) (Version:  - AVM Berlin)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
CDex - Open Source Digital Audio CD Extractor (HKLM-x32\...\CDex) (Version: 1.79.0.2015 - Georgy Berdyshev)
Crysis®3 (HKLM-x32\...\{4198AE83-A3C6-4C41-85C8-EC63E990696E}) (Version: 1.0.0.0 - Electronic Arts)
Dead Space (HKLM-x32\...\{025A585C-0C66-413D-80D2-4C05CB699771}) (Version: 1.0.0.222 - Electronic Arts)
Dropbox (HKU\S-1-5-21-2064884263-2734367825-3749686348-1001\...\Dropbox) (Version: 3.10.11 - Dropbox, Inc.)
Fallout 3 (HKLM-x32\...\{974C4B12-4D02-4879-85E0-61C95CC63E9E}) (Version: 1.00.0000 - Bethesda Softworks)
flowBooks (HKU\S-1-5-21-2064884263-2734367825-3749686348-1001\...\c6697dc0670d4f07) (Version: 2.1.5.0 - C. H. Beck)
Free Audio Converter version 5.0.60.713 (HKLM-x32\...\Free Audio Converter_is1) (Version: 5.0.60.713 - DVDVideoSoft Ltd.)
GameShadow (HKLM-x32\...\{B2390904-74BD-48AA-B2CC-6612F8D46379}) (Version: 2.03.0000 - GameShadow Ltd)
iCloud (HKLM\...\{709A2D23-C25E-47B5-9268-CB6FEE648504}) (Version: 4.1.1.53 - Apple Inc.)
iTunes (HKLM\...\{BFEAB774-C7DC-4032-B05A-DA5F7CB7B365}) (Version: 12.2.2.25 - Apple Inc.)
Java 8 Update 60 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218060F0}) (Version: 8.0.600.27 - Oracle Corporation)
Malwarebytes Anti-Malware Version 2.2.0.1024 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.0.1024 - Malwarebytes)
Microsoft Age of Empires II (HKLM-x32\...\Age of Empires 2.0) (Version:  - )
Microsoft Age of Empires II: The Conquerors Expansion (HKLM-x32\...\Age of Empires II: The Conquerors Expansion 1.0) (Version:  - )
Microsoft Games for Windows - LIVE Redistributable (HKLM-x32\...\{929CE49F-1CA7-4CF3-A9A1-6D757443C63F}) (Version: 1.2.0241 - Microsoft Corporation)
Microsoft Office Home and Student 2013 - de-de (HKLM\...\HomeStudentRetail - de-de) (Version: 15.0.4771.1004 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40728.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Visual Studio 2010-Tools für Office-Laufzeit (x64) Language Pack - DEU (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - DEU) (Version: 10.0.50903 - Microsoft Corporation)
Mozilla Firefox 38.0.5 (x86 de) (HKLM-x32\...\Mozilla Firefox 38.0.5 (x86 de)) (Version: 38.0.5 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0 - Mozilla)
Nero 2015 (HKLM-x32\...\{EF09AC51-1657-4A06-9449-B2BF1C4FB608}) (Version: 16.0.05500 - Nero AG)
Nero Info (HKLM-x32\...\{F030BFE8-8476-4C08-A553-233DE80A2BE1}) (Version: 16.0.2000 - Nero AG)
Norton Security (HKLM-x32\...\NS) (Version: 22.5.5.15 - Symantec Corporation)
Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4771.1004 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (Version: 15.0.4771.1004 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4771.1004 - Microsoft Corporation) Hidden
OMC ModPack Client Version 1.1.3.19 (HKLM-x32\...\{E2F3187C-2B94-486F-8914-E69211487FB6}_is1) (Version: 1.1.3.19 - Odem Mortis)
Origin (HKLM-x32\...\Origin) (Version: 9.3.11.2762 - Electronic Arts, Inc.)
paint.net (HKLM\...\{DF3A46D9-67B3-44B2-9D01-25C8BA772C8A}) (Version: 4.0.6 - dotPDN LLC)
PDF Architect 3 (HKLM-x32\...\PDF Architect 3) (Version: 3.0.45.22485 - pdfforge GmbH)
PDF Architect 3 Create Module (x32 Version: 3.0.13.22993 - pdfforge GmbH) Hidden
PDF Architect 3 Edit Module (x32 Version: 3.0.13.22993 - pdfforge GmbH) Hidden
PDF Architect 3 View Module (x32 Version: 3.0.13.22993 - pdfforge GmbH) Hidden
PDFCreator (HKLM\...\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}) (Version: 2.1.2 - pdfforge)
Prerequisite installer (x32 Version: 16.0.0004 - Nero AG) Hidden
ScreenManager Pro for LCD (DDC/CI) (HKLM-x32\...\{DAB265AD-27B2-4651-B8D8-F4F3A8ECC705}) (Version: 2.4.0 - EIZO Corporation)
Silent Hunter 4 Wolves of the Pacific (HKLM-x32\...\{0D005F09-A5F4-473B-A901-5735C6AF5628}) (Version: 1.05.0000 - Ubisoft)
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.3.39 - Safer-Networking Ltd.)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
VLC media player 2.1.4 (HKLM\...\VLC media player) (Version: 2.1.4 - VideoLAN)
WinUAE 2.6.1 (HKLM-x32\...\WinUAE) (Version: 2.6.1 - Arabuusimiehet)
WISO Steuer-Sparbuch 2014 (HKLM-x32\...\{38F30616-667D-492C-85D0-AF2B63B8180D}) (Version: 21.00.8480 - Buhl Data Service GmbH)
WISO Steuer-Sparbuch 2015 (HKLM-x32\...\{1019C534-6DC9-4350-A0C6-91D337E7FA7A}) (Version: 22.00.8811 - Buhl Data Service GmbH)
Wolfenstein: The New Order German Edition (HKLM-x32\...\Steam App 288570) (Version:  - MachineGames)
World of Tanks (HKU\S-1-5-21-2064884263-2734367825-3749686348-1001\...\{1EAC1D02-C6AC-4FA6-9A44-96258C37C812EU}_is1) (Version:  - Wargaming.net)
World of Warships (HKU\S-1-5-21-2064884263-2734367825-3749686348-1001\...\{1EAC1D02-C6AC-4FA6-9A44-96258C37C814eu}_is1) (Version:  - Wargaming.net)

==================== Benutzerdefinierte CLSID (Nicht auf der Ausnahmeliste): ==========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

CustomCLSID: HKU\S-1-5-21-2064884263-2734367825-3749686348-1001_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Olli\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2064884263-2734367825-3749686348-1001_Classes\CLSID\{71DCE5D6-4B57-496B-AC21-CD5B54EB93FD}\localserver32 -> C:\Users\Olli\AppData\Local\Microsoft\OneDrive\17.3.6201.1019\FileCoAuth.exe (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2064884263-2734367825-3749686348-1001_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Users\Olli\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2064884263-2734367825-3749686348-1001_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Olli\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2064884263-2734367825-3749686348-1001_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Olli\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2064884263-2734367825-3749686348-1001_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Olli\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2064884263-2734367825-3749686348-1001_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Olli\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2064884263-2734367825-3749686348-1001_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Olli\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2064884263-2734367825-3749686348-1001_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Olli\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2064884263-2734367825-3749686348-1001_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Olli\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2064884263-2734367825-3749686348-1001_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Olli\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2064884263-2734367825-3749686348-1001_Classes\CLSID\{FBC9D74C-AF55-4309-9FB2-C426E071637F}\InprocServer32 -> C:\Users\Olli\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll (Dropbox, Inc.)

==================== Wiederherstellungspunkte =========================

22-11-2015 11:11:29 Windows Update
29-11-2015 08:21:07 Windows Modules Installer
06-12-2015 14:05:48 Windows Update

==================== Hosts Inhalt: ===============================

(Wenn benötigt kann der Hosts: Schalter in die Fixlist aufgenommen werden um die Hosts Datei zurückzusetzen.)

2013-08-22 14:25 - 2013-08-22 14:25 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts


==================== Geplante Aufgaben (Nicht auf der Ausnahmeliste) =============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

Task: {048021EE-8CA9-4339-8ECC-F3682C5776DD} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> Keine Datei <==== ACHTUNG
Task: {08652755-3FA4-419D-853F-95EA353824C8} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-2064884263-2734367825-3749686348-1001Core => C:\Users\Olli\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2015-06-22] (Dropbox, Inc.)
Task: {0946A34C-A3FC-4FCD-B75A-E165467DB162} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> Keine Datei <==== ACHTUNG
Task: {11ADFAF1-6369-4996-A410-AAA4121CE926} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> Keine Datei <==== ACHTUNG
Task: {133BC20C-E27A-4DB7-9149-7A997BBFEB1C} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> Keine Datei <==== ACHTUNG
Task: {14348900-713A-4EAC-8E0D-B227F91426E4} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2015-10-13] (Microsoft Corporation)
Task: {23ECF6AB-F9BD-428F-B199-F630333EC045} - System32\Tasks\dd => J:\SH4Autorun.exe
Task: {247AA18D-3238-45F9-8758-B7B67801C6A1} - \Safer-Networking\Spybot - Search and Destroy\Check for updates -> Keine Datei <==== ACHTUNG
Task: {28B9DAC2-A815-42A1-8706-83815AFEF41D} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {31C31276-377D-4989-8924-7CABC2C6EE9A} - System32\Tasks\Apple Diagnostics => C:\Program Files (x86)\Common Files\Apple\Internet Services\EReporter.exe [2015-04-26] (Apple Inc.)
Task: {35DB3230-28B8-46C8-A60D-1C938893AAF7} - System32\Tasks\Norton Security\Norton Error Analyzer => C:\Program Files (x86)\Norton Security\Engine\22.5.5.15\SymErr.exe [2015-11-05] (Symantec Corporation)
Task: {363D35A5-7261-4788-A876-2542AD70AFEB} - \Safer-Networking\Spybot - Search and Destroy\Refresh immunization -> Keine Datei <==== ACHTUNG
Task: {415C0AB6-8F65-4C0E-BCC6-ABC58D92F5A9} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-2064884263-2734367825-3749686348-1001UA => C:\Users\Olli\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2015-06-22] (Dropbox, Inc.)
Task: {50364BDC-7B63-4446-AAC7-55DCA542D68F} - \Safer-Networking\Spybot - Search and Destroy\Scan the system -> Keine Datei <==== ACHTUNG
Task: {5102BEEE-1C07-4C37-B2D1-232ABF976A16} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton Security\Engine\22.5.5.15\WSCStub.exe [2015-11-20] (Symantec Corporation)
Task: {6A37C7A9-7EF9-4171-86C0-7283CD145D94} - System32\Tasks\{1316A33A-0917-4EF1-8048-BCC5D925C46C} => Firefox.exe hxxp://ui.skype.com/ui/0/7.0.0.102/de/abandoninstall?page=tsMain
Task: {7443760C-6823-4AF2-99CB-2A0A53BAB759} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> Keine Datei <==== ACHTUNG
Task: {74C2D86D-B2BD-4FD7-85D1-DAC48A5507FD} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> Keine Datei <==== ACHTUNG
Task: {8C1EB619-4DFD-4F6B-9FBF-0ADF7CBBFC4C} - System32\Tasks\Norton Security\Norton Error Processor => C:\Program Files (x86)\Norton Security\Engine\22.5.5.15\SymErr.exe [2015-11-05] (Symantec Corporation)
Task: {90323E98-37B5-46F6-83D4-64B381F3D853} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> Keine Datei <==== ACHTUNG
Task: {904B5FFF-8AC1-4A63-AB57-5E627749B3A3} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-11-11] (Adobe Systems Incorporated)
Task: {A0C03E89-E474-4E4F-8AFB-E66867D7768B} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> Keine Datei <==== ACHTUNG
Task: {AD05B460-CC94-42C1-9A2D-BCA504D9BB37} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-10-28] (Adobe Systems Incorporated)
Task: {B7B0D55A-D0E2-43E5-9746-E22102DC878D} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> Keine Datei <==== ACHTUNG
Task: {DC57AC50-E358-46C9-A7D7-02E2DF201D8F} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> Keine Datei <==== ACHTUNG
Task: {DF911263-3CAD-4935-831C-3C3F9F5562D9} - System32\Tasks\Norton Security\Norton Autofix => C:\Program Files (x86)\Norton Security\Engine\22.5.5.15\SymErr.exe [2015-11-05] (Symantec Corporation)
Task: {E14F4547-B724-4D0D-955F-CE531D56F74B} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\Windows\system32\MRT.exe [2015-11-15] (Microsoft Corporation)
Task: {EC16CBB2-D3F5-4609-ADB2-4299309D887F} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> Keine Datei <==== ACHTUNG
Task: {FA3D2A98-BD04-4CFD-80F0-EAFE9E9BBF56} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2015-10-13] (Microsoft Corporation)
Task: {FF2D38D8-CD35-4CDA-85B4-A93360D70AC5} - System32\Tasks\Nero\Nero Info => C:\Program Files (x86)\Common Files\Nero\Nero Info\NeroInfo.exe [2015-06-04] (Nero AG)

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Aufgabe verschoben. Die Datei, die durch die Aufgabe gestartet wird, wird nicht verschoben.)

Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskUserS-1-5-21-2064884263-2734367825-3749686348-1001Core.job => C:\Users\Olli\AppData\Local\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskUserS-1-5-21-2064884263-2734367825-3749686348-1001UA.job => C:\Users\Olli\AppData\Local\Dropbox\Update\DropboxUpdate.exe

==================== Verknüpfungen =============================

(Die Einträge können gelistet werden, um sie zurückzusetzen oder zu entfernen.)

==================== Geladene Module (Nicht auf der Ausnahmeliste) ==============

2015-10-30 08:18 - 2015-10-30 08:18 - 00185856 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll
2015-01-20 22:35 - 2015-01-20 22:35 - 00085832 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2015-05-15 15:26 - 2015-05-15 15:26 - 01346344 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2014-03-19 11:03 - 2015-10-13 04:34 - 00105640 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll
2015-12-06 13:06 - 2015-11-22 11:47 - 02653816 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
2015-12-06 13:06 - 2015-11-22 11:47 - 02653816 _____ () C:\WINDOWS\System32\CoreUIComponents.dll
2015-10-30 08:17 - 2015-10-30 08:17 - 00093696 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\Windows.UI.Shell.SharedUtilities.dll
2015-10-30 08:17 - 2015-10-30 08:17 - 00472064 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\QuickActions.dll
2015-12-06 13:06 - 2015-11-22 10:23 - 08005632 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2015-12-06 13:06 - 2015-11-22 10:18 - 00591360 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2015-12-06 13:06 - 2015-11-22 10:19 - 02483200 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2015-12-06 13:06 - 2015-11-22 10:21 - 04089856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2015-08-13 18:40 - 2015-07-09 07:47 - 00053832 _____ () C:\Windows\SysWOW64\UMonit64.exe
2015-05-15 15:27 - 2015-05-15 15:27 - 01044776 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2015-10-01 08:34 - 2015-11-05 00:44 - 00166416 _____ () C:\Users\Olli\AppData\Roaming\Dropbox\bin\EnterpriseDataAdapter.dll
2015-12-07 11:03 - 2015-12-07 11:03 - 00071168 _____ () c:\users\olli\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpknkdkd.dll
2015-03-04 22:45 - 2015-09-03 01:11 - 00012800 _____ () C:\Users\Olli\AppData\Roaming\Dropbox\bin\QtQuick.2\qtquick2plugin.dll
2015-03-04 22:45 - 2015-09-03 01:11 - 00779776 _____ () C:\Users\Olli\AppData\Roaming\Dropbox\bin\QtQuick\Controls\qtquickcontrolsplugin.dll
2015-08-01 14:30 - 2015-09-03 01:11 - 00056320 _____ () C:\Users\Olli\AppData\Roaming\Dropbox\bin\QtQuick\Layouts\qquicklayoutsplugin.dll
2015-03-04 22:45 - 2015-09-03 01:11 - 00012288 _____ () C:\Users\Olli\AppData\Roaming\Dropbox\bin\QtQuick\Window.2\windowplugin.dll
2015-11-18 18:14 - 2015-09-16 14:25 - 00043520 _____ () C:\Games\World_of_Tanks\voip.dll
2014-11-05 12:31 - 2014-10-29 15:57 - 00323568 _____ () C:\Games\World_of_Tanks\ortp.dll
2014-11-05 12:31 - 2014-10-29 15:57 - 20656128 _____ () C:\Games\World_of_Tanks\res\awesomium\awesomium.dll

==================== Alternate Data Streams (Nicht auf der Ausnahmeliste) =========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird nur der ADS entfernt.)

AlternateDataStreams: C:\Program Files\ATI Technologies:Win32App_1
AlternateDataStreams: C:\Program Files\Bonjour:Win32App_1
AlternateDataStreams: C:\Program Files\iTunes:Win32App_1
AlternateDataStreams: C:\Program Files\Microsoft Office 15:Win32App_1
AlternateDataStreams: C:\Program Files\Microsoft Silverlight:Win32App_1
AlternateDataStreams: C:\Program Files (x86)\AMD:Win32App_1
AlternateDataStreams: C:\Program Files (x86)\Apple Software Update:Win32App_1
AlternateDataStreams: C:\Program Files (x86)\ATI Technologies:Win32App_1
AlternateDataStreams: C:\Program Files (x86)\Audacity:Win32App_1
AlternateDataStreams: C:\Program Files (x86)\Bonjour:Win32App_1
AlternateDataStreams: C:\Program Files (x86)\DVDVideoSoft:Win32App_1
AlternateDataStreams: C:\Program Files (x86)\Mozilla Firefox:Win32App_1
AlternateDataStreams: C:\Program Files (x86)\Nero:Win32App_1
AlternateDataStreams: C:\Program Files (x86)\Norton Security:Win32App_1
AlternateDataStreams: C:\Program Files (x86)\OMC ModPack Client:Win32App_1
AlternateDataStreams: C:\Program Files (x86)\Origin:Win32App_1
AlternateDataStreams: C:\Program Files (x86)\PDF Architect 3:Win32App_1
AlternateDataStreams: C:\WINDOWS\SysWOW64\Adobe:Win32App_1
AlternateDataStreams: C:\ProgramData\Nero:Win32App_1
AlternateDataStreams: C:\ProgramData\regid.1991-06.com.microsoft:Win32App_1
AlternateDataStreams: C:\Users\Olli\Documents\GameShadow:Win32App_1
AlternateDataStreams: C:\Users\Olli\Documents\Pass.jpg:3or4kl4x13tuuug3Byamue2s4b
AlternateDataStreams: C:\Users\Olli\Documents\Pass.jpg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}

==================== Abgesicherter Modus (Nicht auf der Ausnahmeliste) ===================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Der Wert "AlternateShell" wird wiederhergestellt.)


==================== EXE Verknüpfungen (Nicht auf der Ausnahmeliste) ===============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt.)


==================== Internet Explorer Vertrauenswürdig/Eingeschränkt ===============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt.)

IE trusted site: HKU\S-1-5-21-2064884263-2734367825-3749686348-1001\...\localhost -> localhost
IE trusted site: HKU\S-1-5-21-2064884263-2734367825-3749686348-1001\...\webcompanion.com -> hxxp://webcompanion.com

==================== Andere Bereiche ============================

(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)

HKU\S-1-5-21-2064884263-2734367825-3749686348-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Olli\AppData\Roaming\Mozilla\Firefox\Desktop-Hintergrund.bmp
DNS Servers: 192.168.178.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall ist aktiviert.

==================== MSCONFIG/TASK MANAGER Deaktivierte Einträge ==

(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)

HKLM\...\StartupApproved\StartupFolder: => "WISO Mein Steuer-Sparbuch heute.lnk"

==================== Firewall Regeln (Nicht auf der Ausnahmeliste) ===============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{20066768-E390-4E2F-B900-2F55D7FA5F82}] => (Allow) C:\Games\World_of_Warships\WorldofWarships.exe
FirewallRules: [{45B7BC43-9C35-40E5-8089-8F40A90133EE}] => (Allow) C:\Games\World_of_Warships\WoWSLauncher.exe
FirewallRules: [{77F83601-5134-43B2-97AB-ECF3297C462D}] => (Allow) C:\Games\World_of_Warships\WorldofWarships.exe
FirewallRules: [{E548713B-9CB9-45B6-A129-962D30FCD3FE}] => (Allow) C:\Games\World_of_Warships\WoWSLauncher.exe
FirewallRules: [{AA90EF25-EF32-486A-98BB-6269BA7D7318}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{D39489A3-BBCE-4CB7-B805-7B170C1CAA98}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{A83B5F2C-B57C-43CD-9C03-1F6E2F00A88D}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{3827EAFE-869C-470C-86BD-775AE6ADCCA3}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{3C82C72A-8C87-48C5-BEE3-80E3C5E0B65C}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{9EF06A25-8083-411F-86FC-521ECBBE1DC8}] => (Allow) C:\Program Files (x86)\Nero\Nero 2015\Nero Burning ROM\nero.exe
FirewallRules: [{B75D6D3B-61E0-4792-96C4-918612071A3C}] => (Allow) C:\Program Files (x86)\Nero\KM\NMDllHost.exe
FirewallRules: [{3F4A1856-10E5-4B52-8448-D381AEB09589}] => (Allow) C:\Program Files (x86)\Nero\Nero 2015\Nero Burning ROM\StartNBR.exe
FirewallRules: [{F1B4E685-F782-418E-8D24-7EF468D2B4CD}] => (Allow) C:\Program Files (x86)\Nero\Nero Blu-ray Player\Blu-rayPlayer.exe
FirewallRules: [{47E00029-EE7A-403B-BEFF-D6DD6801D8CC}] => (Allow) C:\Program Files (x86)\Nero\Nero Blu-ray Player\Blu-rayPlayer.exe
FirewallRules: [{6F96B644-31F6-415F-9933-8C1420B9B4B5}] => (Allow) C:\Program Files (x86)\Raptr\raptr_im.exe
FirewallRules: [{42D5247B-B90F-49CA-8F54-CA3DD3D16683}] => (Allow) C:\Program Files (x86)\Raptr\raptr_im.exe
FirewallRules: [{B241BDFC-BB94-4B98-8D95-381B93667D05}] => (Allow) C:\Program Files (x86)\Raptr\raptr.exe
FirewallRules: [{545E370D-D2E8-4A6D-A1B2-D45F8C994742}] => (Allow) C:\Program Files (x86)\Raptr\raptr.exe
FirewallRules: [{7EB0765F-69FB-45F9-92CA-1247AEDAF75B}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{9AE74AF9-EE47-47B9-9073-1378BE3502B6}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{BBCEDAE0-AAF3-4921-B59A-70E6E9A94F34}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Wolfenstein.The.New.Order.DE\WolfNewOrder_x64.exe
FirewallRules: [{AF995768-BBE7-4319-9ABC-9520899FE615}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Wolfenstein.The.New.Order.DE\WolfNewOrder_x64.exe
FirewallRules: [{88D32A88-7CD0-4418-B84B-97E7B447978D}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{021B0E64-FACF-4604-AC47-136739595B84}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{816D4BC6-D967-4A5A-AC53-42087567BA9D}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{25B06855-F487-411F-BC31-D21C7A6CFE7F}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{C4E21FE7-BE32-4B8E-BE28-BEDD97C03D29}] => (Allow) C:\Program Files (x86)\OMC ModPack Client\OMC ModPack Client.exe
FirewallRules: [{5B77FB8D-E65A-4AEC-8A5D-89BF77151D7B}] => (Allow) C:\Users\Olli\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{DD9E75C9-E93B-42A8-946F-381971A35093}] => (Allow) C:\Users\Olli\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{F7217FA6-F8D3-40EA-961A-B2BE7A9FF062}] => (Allow) C:\Program Files (x86)\Origin Games\Dead Space\Dead Space.exe
FirewallRules: [{D52755E6-D2FB-4CDC-908A-7D545FF098F0}] => (Allow) C:\Program Files (x86)\Origin Games\Dead Space\Dead Space.exe
FirewallRules: [UDP Query User{923D5072-E22E-4EF3-894D-6438BDC7FF68}C:\games\world_of_tanks\worldoftanks.exe] => (Allow) C:\games\world_of_tanks\worldoftanks.exe
FirewallRules: [TCP Query User{49536261-873B-411D-BF36-6C9A82040BF5}C:\games\world_of_tanks\worldoftanks.exe] => (Allow) C:\games\world_of_tanks\worldoftanks.exe
FirewallRules: [{13411610-A8B0-416D-8A2C-25270C409C19}] => (Allow) C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe
FirewallRules: [{F7755706-1555-40A4-A034-E3D4CDCAD3C3}] => (Allow) C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe
FirewallRules: [{F762CA9F-1800-4B7B-89AC-46B967D3F7A6}] => (Allow) C:\Program Files (x86)\Origin Games\Crysis 3\Bin32\Crysis3.exe
FirewallRules: [{91563244-F5DA-44CB-8829-5BD81393F4CC}] => (Allow) C:\Program Files (x86)\Origin Games\Crysis 3\Bin32\Crysis3.exe
FirewallRules: [{9485E974-6A15-4243-B5B2-BEACFA751D78}] => (Allow) C:\Users\Olli\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe] => Enabled:Spybot - Search & Destroy tray access
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe] => Enabled:Spybot-S&D 2 Scanner Service
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe] => Enabled:Spybot-S&D 2 Updater
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe] => Enabled:Spybot-S&D 2 Background update service

==================== Fehlerhafte Geräte im Gerätemanager =============


==================== Fehlereinträge in der Ereignisanzeige: =========================

Applikationsfehler:
==================
Error: (12/06/2015 02:46:31 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 3687

Error: (12/06/2015 02:46:31 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 3687

Error: (12/06/2015 02:46:31 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (12/06/2015 02:46:30 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 2484

Error: (12/06/2015 02:46:30 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 2484

Error: (12/06/2015 02:46:30 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (12/06/2015 02:46:29 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 1234

Error: (12/06/2015 02:46:29 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 1234

Error: (12/06/2015 02:46:29 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (12/06/2015 02:06:29 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Fehler beim Kryptografiedienst während der Verarbeitung des "OnIdentity()"-Aufrufobjekts "System Writer".

Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft-Verbindungsschichterkennungsprotokoll.

System Error:
Zugriff verweigert
.


Systemfehler:
=============
Error: (12/07/2015 11:50:24 AM) (Source: Microsoft-Windows-Kernel-Power) (EventID: 137) (User: )
Description: 4

Error: (12/07/2015 11:14:38 AM) (Source: DCOM) (EventID: 10010) (User: NT-AUTORITÄT)
Description: {F3B4E234-7A68-4E43-B813-E4BA55A065F6}

Error: (12/07/2015 10:58:47 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Benutzerdatenzugriff_30b58" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 10000 Millisekunden durchgeführt: Neustart des Diensts.

Error: (12/07/2015 10:58:47 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Benutzerdatenspeicher _30b58" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 10000 Millisekunden durchgeführt: Neustart des Diensts.

Error: (12/07/2015 10:58:47 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Kontaktdaten_30b58" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 10000 Millisekunden durchgeführt: Neustart des Diensts.

Error: (12/07/2015 10:58:47 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Synchronisierungshost_30b58" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 10000 Millisekunden durchgeführt: Neustart des Diensts.

Error: (12/07/2015 10:58:45 AM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT)
Description: AnwendungsspezifischLokalAktivierung{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT-AUTORITÄTSYSTEMS-1-5-18LocalHost (unter Verwendung von LRPC)Nicht verfügbarNicht verfügbar

Error: (12/07/2015 03:50:21 AM) (Source: Microsoft-Windows-Kernel-Power) (EventID: 137) (User: )
Description: 4

Error: (12/06/2015 02:46:33 PM) (Source: Microsoft-Windows-Kernel-Power) (EventID: 137) (User: )
Description: 4

Error: (12/06/2015 02:07:12 PM) (Source: DCOM) (EventID: 10010) (User: NT-AUTORITÄT)
Description: {F3B4E234-7A68-4E43-B813-E4BA55A065F6}


CodeIntegrity:
===================================
  Date: 2015-12-07 11:02:29.322
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

  Date: 2015-12-02 03:35:49.192
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

  Date: 2015-11-30 07:48:11.050
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

  Date: 2015-11-22 19:22:56.235
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

  Date: 2015-11-22 08:31:47.093
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-11-22 08:31:47.053
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-11-22 08:19:10.872
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

  Date: 2015-11-22 08:17:44.435
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

  Date: 2015-11-22 07:51:52.481
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.


==================== Speicherinformationen =========================== 

Prozessor: Intel(R) Core(TM) i5-2400 CPU @ 3.10GHz
Prozentuale Nutzung des RAM: 49%
Installierter physikalischer RAM: 6120.88 MB
Verfügbarer physikalischer RAM: 3078.75 MB
Summe virtueller Speicher: 7144.88 MB
Verfügbarer virtueller Speicher: 3295.67 MB

==================== Laufwerke ================================

Drive c: () (Fixed) (Total:930.73 GB) (Free:643.54 GB) NTFS
Drive j: (Fallout 3) (CDROM) (Total:5.6 GB) (Free:0 GB) UDF

==================== MBR & Partitionstabelle ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 3DA520A8)
Partition 1: (Active) - (Size=350 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=930.7 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=450 MB) - (Type=27)

==================== Ende von Addition.txt ============================
         
--- --- ---
__________________

Alt 08.12.2015, 20:28   #4
schrauber
/// the machine
/// TB-Ausbilder
 

Gelbes "i"-Icon" mitten auf dem Desktop - Standard

Gelbes "i"-Icon" mitten auf dem Desktop



hi,

Downloade dir bitte Malwarebytes Anti-Rootkit Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.
  • Starte bitte die mbar.exe.
  • Folge den Anweisungen auf deinem Bildschirm gemäß Anleitung zu Malwarebytes Anti-Rootkit
  • Aktualisiere unbedingt die Datenbank und erlaube dem Tool, dein System zu scannen.
  • Klicke auf den CleanUp Button und erlaube den Neustart.
  • Während dem Neustart wird MBAR die gefundenen Objekte entfernen, also bleib geduldig.
  • Nach dem Neustart starte die mbar.exe erneut.
  • Sollte nochmal was gefunden werden, wiederhole den CleanUp Prozess.
Das Tool wird im erstellten Ordner eine Logfile ( mbar-log-<Jahr-Monat-Tag>.txt ) erzeugen. Bitte poste diese hier.

Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers

Downloade dir bitte TDSSKiller TDSSKiller.exe und speichere diese Datei auf dem Desktop
  • Starte die TDSSKiller.exe - Einstellen wie in der Anleitung zu TDSSKiller beschrieben.
  • Drücke Start Scan
  • Sollten infizierte Objekte gefunden werden, wähle keinesfalls Cure. Wähle Skip und klicke auf Continue.
    TDSSKiller wird eine Logfile auf deinem Systemlaufwerk speichern (Meistens C:\)
    Als Beispiel: C:\TDSSKiller.<Version_Datum_Uhrzeit>log.txt
Poste den Inhalt bitte in jedem Fall hier in deinen Thread.
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 09.12.2015, 20:07   #5
droliver
 
Gelbes "i"-Icon" mitten auf dem Desktop - Standard

Hier sind beide Logfiles, nichts gefunden...



Malwarebytes Anti-Rootkit BETA 1.9.3.1001
www.malwarebytes.org

Database version:
main: v2015.12.09.01
rootkit: v2015.12.07.01

Windows 10 x64 NTFS
Internet Explorer 11.11.10586.0
Olli :: OLLISDESKTOP [administrator]

09.12.2015 08:25:45
mbar-log-2015-12-09 (08-25-45).txt

Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled:
Objects scanned: 405550
Time elapsed: 23 minute(s), 23 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

Physical Sectors Detected: 0
(No malicious items detected)

(end)








19:44:17.0396 0x320c TDSS rootkit removing tool 3.1.0.7 Nov 29 2015 22:37:04
19:44:22.0122 0x320c ============================================================
19:44:22.0122 0x320c Current date / time: 2015/12/09 19:44:22.0122
19:44:22.0122 0x320c SystemInfo:
19:44:22.0122 0x320c
19:44:22.0123 0x320c OS Version: 10.0.10586 ServicePack: 0.0
19:44:22.0123 0x320c Product type: Workstation
19:44:22.0123 0x320c ComputerName: OLLISDESKTOP
19:44:22.0123 0x320c UserName: Olli
19:44:22.0123 0x320c Windows directory: C:\WINDOWS
19:44:22.0123 0x320c System windows directory: C:\WINDOWS
19:44:22.0123 0x320c Running under WOW64
19:44:22.0123 0x320c Processor architecture: Intel x64
19:44:22.0123 0x320c Number of processors: 4
19:44:22.0123 0x320c Page size: 0x1000
19:44:22.0123 0x320c Boot type: Normal boot
19:44:22.0123 0x320c ============================================================
19:44:22.0634 0x320c KLMD registered as C:\WINDOWS\system32\drivers\28315856.sys
19:44:22.0907 0x320c System UUID: {E5FDFDE2-CE7A-A914-26E7-1E66E39E5CF8}
19:44:23.0312 0x320c Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 ( 931.51 Gb ), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
19:44:23.0315 0x320c ============================================================
19:44:23.0315 0x320c \Device\Harddisk0\DR0:
19:44:23.0315 0x320c MBR partitions:
19:44:23.0315 0x320c \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0xAF000
19:44:23.0315 0x320c \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0xAF800, BlocksNum 0x74575800
19:44:23.0315 0x320c ============================================================
19:44:23.0341 0x320c C: <-> \Device\Harddisk0\DR0\Partition2
19:44:23.0341 0x320c ============================================================
19:44:23.0342 0x320c Initialize success
19:44:23.0342 0x320c ============================================================
19:44:51.0031 0x2f64 ============================================================
19:44:51.0031 0x2f64 Scan started
19:44:51.0031 0x2f64 Mode: Manual; SigCheck; TDLFS;
19:44:51.0031 0x2f64 ============================================================
19:44:51.0031 0x2f64 KSN ping started
19:44:53.0484 0x2f64 KSN ping finished: true
19:44:55.0346 0x2f64 ================ Scan system memory ========================
19:44:55.0346 0x2f64 System memory - ok
19:44:55.0347 0x2f64 ================ Scan services =============================
19:44:55.0536 0x2f64 1394ohci - ok
19:44:55.0540 0x2f64 3ware - ok
19:44:55.0544 0x2f64 ACPI - ok
19:44:55.0547 0x2f64 acpiex - ok
19:44:55.0550 0x2f64 acpipagr - ok
19:44:55.0563 0x2f64 AcpiPmi - ok
19:44:55.0566 0x2f64 acpitime - ok
19:44:55.0627 0x2f64 [ 5DB2C6B908C50767E2EDAA294A7566B5, 13AE4879D679BB0C6B2A5A5B13910359815A9D2E569BC1DE740B5A387A78CF33 ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
19:44:55.0669 0x2f64 AdobeARMservice - ok
19:44:55.0831 0x2f64 [ F54564025D2284AE498E51D7C139F971, AAA48F38B81DB894854E8C84DB2E1F5C8447AA982D27C0BB78FF2786D9F80F83 ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
19:44:55.0842 0x2f64 AdobeFlashPlayerUpdateSvc - ok
19:44:55.0853 0x2f64 ADP80XX - ok
19:44:55.0864 0x2f64 AFD - ok
19:44:55.0876 0x2f64 agp440 - ok
19:44:55.0879 0x2f64 ahcache - ok
19:44:55.0900 0x2f64 AJRouter - ok
19:44:55.0930 0x2f64 ALG - ok
19:44:55.0964 0x2f64 [ 8F312E43E6BFED69705881D49B2A01B4, 7B8CB068ABD091E6F4764D6CF27C3318792C88064ECB5A7E5283AF74892FC3B4 ] AMD External Events Utility C:\WINDOWS\system32\atiesrxx.exe
19:44:55.0982 0x2f64 AMD External Events Utility - ok
19:44:55.0985 0x2f64 AmdK8 - ok
19:44:56.0013 0x2f64 [ F2FF8C1B41B3784EDBD5C6D5397F403C, 104873700D2BDF4812DC48200B4609F46A63E7A50594A0599100EF1438863708 ] amdkmafd C:\WINDOWS\system32\drivers\amdkmafd.sys
19:44:56.0026 0x2f64 amdkmafd - ok
19:44:56.0031 0x2f64 amdkmdag - ok
19:44:56.0078 0x2f64 [ 67A95F4B9F3C1E09F29017231E857F71, 984DA2D2264678EA001158939D2DA0F8A6D89362DCCEFFC1FFF00AEBF670B827 ] amdkmdap C:\WINDOWS\system32\DRIVERS\atikmpag.sys
19:44:56.0106 0x2f64 amdkmdap - ok
19:44:56.0109 0x2f64 AmdPPM - ok
19:44:56.0112 0x2f64 amdsata - ok
19:44:56.0114 0x2f64 amdsbs - ok
19:44:56.0116 0x2f64 amdxata - ok
19:44:56.0118 0x2f64 AppID - ok
19:44:56.0121 0x2f64 AppIDSvc - ok
19:44:56.0123 0x2f64 Appinfo - ok
19:44:56.0207 0x2f64 [ 2D564BB1C4559A517B390A031955714D, 3048C187FD107C958D43DD8B954AB55FDD1BC538D3E0066CBFCB428C7A8A87E1 ] Apple Mobile Device Service C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
19:44:56.0221 0x2f64 Apple Mobile Device Service - ok
19:44:56.0227 0x2f64 AppMgmt - ok
19:44:56.0233 0x2f64 AppReadiness - ok
19:44:56.0238 0x2f64 AppXSvc - ok
19:44:56.0242 0x2f64 arcsas - ok
19:44:56.0245 0x2f64 AsyncMac - ok
19:44:56.0248 0x2f64 atapi - ok
19:44:56.0277 0x2f64 [ 51B7849747A0582096A41A366454E88E, 0FB44320A676C0C67A47D1F70BD29EC6EA27B07D2BB60C8A172DD8D96A0722E6 ] AtherosSvc C:\Windows\system32\AdminService.exe
19:44:56.0363 0x2f64 AtherosSvc - detected UnsignedFile.Multi.Generic ( 1 )
19:44:58.0893 0x2f64 Detect skipped due to KSN trusted
19:44:58.0893 0x2f64 AtherosSvc - ok
19:44:58.0947 0x2f64 [ AF6DD5993D46AF2492C19E1FF6D9A04C, 720F27791FF5D486AD07A447A4BC44D137AA245B91CE1D624E40B1DA78B6CACF ] AtiHDAudioService C:\WINDOWS\system32\drivers\AtihdWB6.sys
19:44:59.0013 0x2f64 AtiHDAudioService - ok
19:44:59.0016 0x2f64 AudioEndpointBuilder - ok
19:44:59.0018 0x2f64 Audiosrv - ok
19:44:59.0056 0x2f64 [ D1A9AE485FFF7C72CA50D8949B2210B9, 937E02439519E3837DBEFE3D17123104BA5B1636E7AC322B634DC135B3024B50 ] AVM WLAN Connection Service C:\Program Files (x86)\avmwlanstick\WlanNetService.exe
19:44:59.0094 0x2f64 AVM WLAN Connection Service - detected UnsignedFile.Multi.Generic ( 1 )
19:45:01.0586 0x2f64 Detect skipped due to KSN trusted
19:45:01.0586 0x2f64 AVM WLAN Connection Service - ok
19:45:01.0597 0x2f64 [ 1DC2F715792CF33428AD7993ACBD224D, 129FBD517E016914CD61C35894C0B9B2074E680F1EB21201597E5C13CAF4529F ] avmeject C:\WINDOWS\system32\drivers\avmeject.sys
19:45:01.0609 0x2f64 avmeject - ok
19:45:01.0626 0x2f64 AxInstSV - ok
19:45:01.0631 0x2f64 b06bdrv - ok
19:45:01.0636 0x2f64 BasicDisplay - ok
19:45:01.0641 0x2f64 BasicRender - ok
19:45:01.0648 0x2f64 bcmfn - ok
19:45:01.0653 0x2f64 bcmfn2 - ok
19:45:01.0658 0x2f64 BDESVC - ok
19:45:01.0671 0x2f64 Beep - ok
19:45:01.0683 0x2f64 BFE - ok
19:45:01.0858 0x2f64 [ 9CF4428D09C73B6F633AF9E58B835689, 173D1A8A3E1B1CA6D0E4773B048B8B6549A8124E87942992BDE30211BEFFBE20 ] BHDrvx64 C:\Program Files (x86)\Norton Security\NortonData\22.1.0.9\Definitions\BASHDefs\20151113.001\BHDrvx64.sys
19:45:01.0894 0x2f64 BHDrvx64 - ok
19:45:01.0905 0x2f64 BITS - ok
19:45:01.0982 0x2f64 [ B5C2F92EE1106DFE7BB1CCE4D35B6037, E399C390687589194D8AAD385055F0CFA7D52AD9E837D8FF95008B8EB2B34E50 ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
19:45:02.0005 0x2f64 Bonjour Service - ok
19:45:02.0008 0x2f64 bowser - ok
19:45:02.0010 0x2f64 BrokerInfrastructure - ok
19:45:02.0013 0x2f64 Browser - ok
19:45:02.0050 0x2f64 [ 239A81CC18170F3369D389DA65E74342, 5E26976176A6651B149784B1ED86ECCA133B7755EBB8B04361A8DDB705767AA3 ] BtFilter C:\WINDOWS\system32\DRIVERS\btfilter.sys
19:45:02.0069 0x2f64 BtFilter - ok
19:45:02.0082 0x2f64 BthAvrcpTg - ok
19:45:02.0084 0x2f64 BthEnum - ok
19:45:02.0087 0x2f64 BthHFEnum - ok
19:45:02.0089 0x2f64 bthhfhid - ok
19:45:02.0092 0x2f64 BthHFSrv - ok
19:45:02.0095 0x2f64 BTHMODEM - ok
19:45:02.0098 0x2f64 BthPan - ok
19:45:02.0100 0x2f64 BTHPORT - ok
19:45:02.0102 0x2f64 bthserv - ok
19:45:02.0105 0x2f64 BTHUSB - ok
19:45:02.0107 0x2f64 buttonconverter - ok
19:45:02.0117 0x2f64 CapImg - ok
19:45:02.0197 0x2f64 [ 5A1C7DBDDB001BC6F1D1720E655445E2, 07A766C804D0709936FF18A2F67C49D6499BEF9CEEB1EF69F654A35268A11027 ] ccSet_NS C:\WINDOWS\system32\drivers\NSx64\1605050.00F\ccSetx64.sys
19:45:02.0212 0x2f64 ccSet_NS - ok
19:45:02.0215 0x2f64 cdfs - ok
19:45:02.0218 0x2f64 CDPSvc - ok
19:45:02.0220 0x2f64 cdrom - ok
19:45:02.0222 0x2f64 CertPropSvc - ok
19:45:02.0225 0x2f64 circlass - ok
19:45:02.0228 0x2f64 CLFS - ok
19:45:02.0356 0x2f64 [ 92547C9A6C5E9A3BEC689486C4885C4B, AB56F0BB2CBAB9AA6EA2E12F04F192271762DEBD7F6FBFB8CFAB6BA23121C295 ] ClickToRunSvc C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe
19:45:02.0416 0x2f64 ClickToRunSvc - ok
19:45:02.0421 0x2f64 ClipSVC - ok
19:45:02.0428 0x2f64 CmBatt - ok
19:45:02.0431 0x2f64 CNG - ok
19:45:02.0433 0x2f64 cnghwassist - ok
19:45:02.0533 0x2f64 [ 6FACA9C62024E14251C7ED33A8E8B660, F6E6810BBBF22600596D2F113009CF6246B0317159DA079DC491F51430F178E8 ] CodeMeter.exe C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe
19:45:02.0586 0x2f64 CodeMeter.exe - ok
19:45:02.0643 0x2f64 CompositeBus - ok
19:45:02.0646 0x2f64 COMSysApp - ok
19:45:02.0649 0x2f64 condrv - ok
19:45:02.0651 0x2f64 CoreMessagingRegistrar - ok
19:45:02.0655 0x2f64 CryptSvc - ok
19:45:02.0658 0x2f64 CSC - ok
19:45:02.0660 0x2f64 CscService - ok
19:45:02.0662 0x2f64 dam - ok
19:45:02.0674 0x2f64 DcomLaunch - ok
19:45:02.0676 0x2f64 DcpSvc - ok
19:45:02.0684 0x2f64 defragsvc - ok
19:45:02.0686 0x2f64 DeviceAssociationService - ok
19:45:02.0688 0x2f64 DeviceInstall - ok
19:45:02.0690 0x2f64 DevQueryBroker - ok
19:45:02.0692 0x2f64 Dfsc - ok
19:45:02.0708 0x2f64 Dhcp - ok
19:45:02.0749 0x2f64 diagnosticshub.standardcollector.service - ok
19:45:02.0752 0x2f64 DiagTrack - ok
19:45:02.0755 0x2f64 disk - ok
19:45:02.0772 0x2f64 DmEnrollmentSvc - ok
19:45:02.0775 0x2f64 dmvsc - ok
19:45:02.0779 0x2f64 dmwappushservice - ok
19:45:02.0781 0x2f64 Dnscache - ok
19:45:02.0794 0x2f64 dot3svc - ok
19:45:02.0800 0x2f64 DPS - ok
19:45:02.0806 0x2f64 drmkaud - ok
19:45:02.0815 0x2f64 DsmSvc - ok
19:45:02.0818 0x2f64 DsSvc - ok
19:45:02.0822 0x2f64 DXGKrnl - ok
19:45:02.0825 0x2f64 Eaphost - ok
19:45:02.0828 0x2f64 ebdrv - ok
19:45:02.0883 0x2f64 [ DB817375F4D6D3F2556DE7777775D885, 6DC5CC936E26CBB468ACDD008F6F8B30F8D9D1EC631BCDDF7E692814C9A54D7D ] eeCtrl C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys
19:45:02.0901 0x2f64 eeCtrl - ok
19:45:02.0904 0x2f64 EFS - ok
19:45:02.0907 0x2f64 EhStorClass - ok
19:45:02.0910 0x2f64 EhStorTcgDrv - ok
19:45:02.0912 0x2f64 embeddedmode - ok
19:45:02.0914 0x2f64 EntAppSvc - ok
19:45:02.0935 0x2f64 [ A47F76D4AAFD6193AAC5E049C560213D, 2B6E4EB31394C4D8D2444A197FFCC3C702BC17B0F7BDF0D6FF87DF5C14016FC1 ] EraserUtilRebootDrv C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
19:45:02.0986 0x2f64 EraserUtilRebootDrv - ok
19:45:02.0988 0x2f64 ErrDev - ok
19:45:03.0059 0x2f64 EventSystem - ok
19:45:03.0084 0x2f64 exfat - ok
19:45:03.0088 0x2f64 fastfat - ok
19:45:03.0100 0x2f64 Fax - ok
19:45:03.0104 0x2f64 fdc - ok
19:45:03.0126 0x2f64 fdPHost - ok
19:45:03.0129 0x2f64 FDResPub - ok
19:45:03.0131 0x2f64 fhsvc - ok
19:45:03.0134 0x2f64 FileCrypt - ok
19:45:03.0136 0x2f64 FileInfo - ok
19:45:03.0139 0x2f64 Filetrace - ok
19:45:03.0141 0x2f64 flpydisk - ok
19:45:03.0145 0x2f64 FltMgr - ok
19:45:03.0148 0x2f64 FontCache - ok
19:45:03.0237 0x2f64 FontCache3.0.0.0 - ok
19:45:03.0242 0x2f64 FsDepends - ok
19:45:03.0247 0x2f64 Fs_Rec - ok
19:45:03.0251 0x2f64 fvevol - ok
19:45:03.0285 0x2f64 [ 630CB27253EA63BB0990C40C72BFCFE1, 311859973C622EC480206B5A95BE5ECCC49C10F3548C4811C403D1552C56E322 ] fwlanusbn C:\WINDOWS\system32\DRIVERS\fwlanusbn.sys
19:45:03.0377 0x2f64 fwlanusbn - ok
19:45:03.0383 0x2f64 gagp30kx - ok
19:45:03.0404 0x2f64 [ 8E98D21EE06192492A5671A6144D092F, B8F656B34D361EA5AFB47F3A67AB2221580DADA59C8CD0CB83181E4AD8B562B4 ] GEARAspiWDM C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
19:45:03.0415 0x2f64 GEARAspiWDM - ok
19:45:03.0420 0x2f64 gencounter - ok
19:45:03.0425 0x2f64 genericusbfn - ok
19:45:03.0440 0x2f64 [ 85A0D872535123FCD9F7E4C42732EBDC, F879B370FCA109D492EFA1287DF5C1B34B1535228F7D790351A0994E9C1764CE ] GeneStor C:\WINDOWS\system32\DRIVERS\GeneStor.sys
19:45:03.0451 0x2f64 GeneStor - ok
19:45:03.0454 0x2f64 GPIOClx0101 - ok
19:45:03.0456 0x2f64 gpsvc - ok
19:45:03.0459 0x2f64 GpuEnergyDrv - ok
19:45:03.0462 0x2f64 HdAudAddService - ok
19:45:03.0465 0x2f64 HDAudBus - ok
19:45:03.0468 0x2f64 HidBatt - ok
19:45:03.0471 0x2f64 HidBth - ok
19:45:03.0473 0x2f64 hidi2c - ok
19:45:03.0476 0x2f64 hidinterrupt - ok
19:45:03.0478 0x2f64 HidIr - ok
19:45:03.0481 0x2f64 hidserv - ok
19:45:03.0484 0x2f64 HidUsb - ok
19:45:03.0493 0x2f64 HomeGroupListener - ok
19:45:03.0505 0x2f64 HomeGroupProvider - ok
19:45:03.0506 0x2f64 HpSAMD - ok
19:45:03.0509 0x2f64 HTTP - ok
19:45:03.0511 0x2f64 hwpolicy - ok
19:45:03.0513 0x2f64 hyperkbd - ok
19:45:03.0520 0x2f64 i8042prt - ok
19:45:03.0522 0x2f64 iai2c - ok
19:45:03.0527 0x2f64 iaLPSS2i_I2C - ok
19:45:03.0531 0x2f64 iaLPSSi_GPIO - ok
19:45:03.0533 0x2f64 iaLPSSi_I2C - ok
19:45:03.0535 0x2f64 iaStorAV - ok
19:45:03.0538 0x2f64 iaStorV - ok
19:45:03.0540 0x2f64 ibbus - ok
19:45:03.0551 0x2f64 icssvc - ok
19:45:03.0699 0x2f64 [ 3448DB2B812AA873ED6E5D609B1DB067, E0F9B35FE59713C09BD838FAD5305DF5FDF24DF1D88F8849F7F88466CF93A7F7 ] IDSVia64 C:\Program Files (x86)\Norton Security\NortonData\22.1.0.9\Definitions\IPSDefs\20151205.001\IDSvia64.sys
19:45:03.0724 0x2f64 IDSVia64 - ok
19:45:03.0728 0x2f64 IEEtwCollectorService - ok
19:45:03.0730 0x2f64 IKEEXT - ok
19:45:03.0733 0x2f64 intelide - ok
19:45:03.0736 0x2f64 intelpep - ok
19:45:03.0738 0x2f64 intelppm - ok
19:45:03.0740 0x2f64 IoQos - ok
19:45:03.0743 0x2f64 IpFilterDriver - ok
19:45:03.0745 0x2f64 iphlpsvc - ok
19:45:03.0747 0x2f64 IPMIDRV - ok
19:45:03.0749 0x2f64 IPNAT - ok
19:45:03.0818 0x2f64 [ 043A93A498B3C4A88CACA3BCBC9B54C7, C08C5A03940806C6CB75ADDCBE6183145AD2AFE84D77BC85E620E7C1542F0893 ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
19:45:03.0841 0x2f64 iPod Service - ok
19:45:03.0844 0x2f64 IRENUM - ok
19:45:03.0847 0x2f64 isapnp - ok
19:45:03.0850 0x2f64 iScsiPrt - ok
19:45:03.0852 0x2f64 kbdclass - ok
19:45:03.0854 0x2f64 kbdhid - ok
19:45:03.0856 0x2f64 kdnic - ok
19:45:03.0859 0x2f64 KeyIso - ok
19:45:03.0862 0x2f64 KSecDD - ok
19:45:03.0864 0x2f64 KSecPkg - ok
19:45:03.0867 0x2f64 ksthunk - ok
19:45:03.0878 0x2f64 KtmRm - ok
19:45:03.0881 0x2f64 LanmanServer - ok
19:45:03.0883 0x2f64 LanmanWorkstation - ok
19:45:03.0894 0x2f64 lfsvc - ok
19:45:03.0898 0x2f64 LicenseManager - ok
19:45:03.0902 0x2f64 lltdio - ok
19:45:03.0904 0x2f64 lltdsvc - ok
19:45:03.0909 0x2f64 lmhosts - ok
19:45:03.0912 0x2f64 LSI_SAS - ok
19:45:03.0915 0x2f64 LSI_SAS2i - ok
19:45:03.0917 0x2f64 LSI_SAS3i - ok
19:45:03.0919 0x2f64 LSI_SSS - ok
19:45:03.0922 0x2f64 LSM - ok
19:45:03.0924 0x2f64 luafv - ok
19:45:03.0932 0x2f64 MapsBroker - ok
19:45:03.0987 0x2f64 [ CFBC6C6D8A492697CABD1D353EE64933, DDAA844908324740C891EB8F08E2A8BB00457063B31C4A762745C1C2415FC12D ] MBAMProtector C:\WINDOWS\system32\drivers\mbam.sys
19:45:03.0999 0x2f64 MBAMProtector - ok
19:45:04.0080 0x2f64 [ AB176B9E59C0435499D83047D84EDD59, 85B826A3972CE9AD885313B69B9C60328B850257667D0EB65DDE890D0BB06361 ] MBAMScheduler C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe
19:45:04.0112 0x2f64 MBAMScheduler - ok
19:45:04.0157 0x2f64 [ 40C126CB15FAB7D6C66490DCA9C1AED2, B32CEE2D2409232C245427D5E9647FDF59AF1D8AB5E8A98EE2D1F1314599FD14 ] MBAMService C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe
19:45:04.0183 0x2f64 MBAMService - ok
19:45:04.0210 0x2f64 [ 78488AF2AB2111D67B3C4044707A519B, 7AA71B9C4C7949A1A21F60EF7CCEDE0079794990696B60557B5DC86F4D47223A ] MBAMSwissArmy C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys
19:45:04.0219 0x2f64 MBAMSwissArmy - ok
19:45:04.0227 0x2f64 [ 08DECFCB9BA97786165A69AB1015BC30, EDC8C8447B57BD412E2DEBCA9B5B1B58C19D40105DC7CE9520DE214081696B05 ] MBAMWebAccessControl C:\WINDOWS\system32\drivers\mwac.sys
19:45:04.0233 0x2f64 MBAMWebAccessControl - ok
19:45:04.0237 0x2f64 megasas - ok
19:45:04.0239 0x2f64 megasr - ok
19:45:04.0262 0x2f64 [ A6518DCC42F7A6E999BB3BEA8FD87567, 8A9AE992F93F37E0723761EA271A7E1AA8172702C471041A17324474FC96B9BC ] MEIx64 C:\WINDOWS\System32\drivers\HECIx64.sys
19:45:04.0269 0x2f64 MEIx64 - ok
19:45:04.0272 0x2f64 MessagingService - ok
19:45:04.0275 0x2f64 mlx4_bus - ok
19:45:04.0278 0x2f64 MMCSS - ok
19:45:04.0280 0x2f64 Modem - ok
19:45:04.0283 0x2f64 monitor - ok
19:45:04.0285 0x2f64 mouclass - ok
19:45:04.0288 0x2f64 mouhid - ok
19:45:04.0290 0x2f64 mountmgr - ok
19:45:04.0350 0x2f64 [ 9FC679D10A7377BB04ECC3D0E2E26B53, 24ACD4EC1618A052C29E4463138B28F62C8B78D442DB82F4925E64FC5849A096 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
19:45:04.0370 0x2f64 MozillaMaintenance - ok
19:45:04.0375 0x2f64 mpsdrv - ok
19:45:04.0380 0x2f64 MpsSvc - ok
19:45:04.0384 0x2f64 MRxDAV - ok
19:45:04.0389 0x2f64 mrxsmb - ok
19:45:04.0393 0x2f64 mrxsmb10 - ok
19:45:04.0398 0x2f64 mrxsmb20 - ok
19:45:04.0402 0x2f64 MsBridge - ok
19:45:04.0404 0x2f64 MSDTC - ok
19:45:04.0408 0x2f64 Msfs - ok
19:45:04.0411 0x2f64 msgpiowin32 - ok
19:45:04.0413 0x2f64 mshidkmdf - ok
19:45:04.0416 0x2f64 mshidumdf - ok
19:45:04.0418 0x2f64 msisadrv - ok
19:45:04.0421 0x2f64 MSiSCSI - ok
19:45:04.0426 0x2f64 msiserver - ok
19:45:04.0428 0x2f64 MSKSSRV - ok
19:45:04.0430 0x2f64 MsLldp - ok
19:45:04.0433 0x2f64 MSPCLOCK - ok
19:45:04.0435 0x2f64 MSPQM - ok
19:45:04.0437 0x2f64 MsRPC - ok
19:45:04.0440 0x2f64 mssmbios - ok
19:45:04.0443 0x2f64 MSTEE - ok
19:45:04.0446 0x2f64 MTConfig - ok
19:45:04.0448 0x2f64 Mup - ok
19:45:04.0450 0x2f64 mvumis - ok
19:45:04.0454 0x2f64 NativeWifiP - ok
19:45:04.0545 0x2f64 [ 988CDC4DAE2186F3A5ED6EE7D3E6B5CA, DB40F7705F0475FF774452E365152EBEDDC77D8ACE48419DABE02DD385C6B725 ] NAUpdate C:\Program Files (x86)\Nero\Update\NASvc.exe
19:45:04.0575 0x2f64 NAUpdate - ok
19:45:04.0632 0x2f64 [ FE7B38240E86075E6BC5953496B5C2F1, 13CBDCFD5E63A49D6E66D9EBA701037F014EEED9BBFE8588CE2968A35FF2E16E ] NAVENG C:\Program Files (x86)\Norton Security\NortonData\22.1.0.9\Definitions\VirusDefs\20151206.024\ENG64.SYS
19:45:04.0648 0x2f64 NAVENG - ok
19:45:04.0720 0x2f64 [ C002FA84570CA35F704ACF0AC4A5EAB0, E4246631E5D7AFD31CE642157A9102CB0DDE5B5051D08C3A5EA736CB3C99C6D9 ] NAVEX15 C:\Program Files (x86)\Norton Security\NortonData\22.1.0.9\Definitions\VirusDefs\20151206.024\EX64.SYS
19:45:04.0804 0x2f64 NAVEX15 - ok
19:45:04.0810 0x2f64 NcaSvc - ok
19:45:04.0812 0x2f64 NcbService - ok
19:45:04.0814 0x2f64 NcdAutoSetup - ok
19:45:04.0816 0x2f64 ndfltr - ok
19:45:04.0819 0x2f64 NDIS - ok
19:45:04.0821 0x2f64 NdisCap - ok
19:45:04.0823 0x2f64 NdisImPlatform - ok
19:45:04.0825 0x2f64 NdisTapi - ok
19:45:04.0828 0x2f64 Ndisuio - ok
19:45:04.0830 0x2f64 NdisVirtualBus - ok
19:45:04.0833 0x2f64 NdisWan - ok
19:45:04.0836 0x2f64 ndiswanlegacy - ok
19:45:04.0838 0x2f64 ndproxy - ok
19:45:04.0840 0x2f64 Ndu - ok
19:45:04.0843 0x2f64 NetBIOS - ok
19:45:04.0846 0x2f64 NetBT - ok
19:45:04.0848 0x2f64 Netlogon - ok
19:45:04.0851 0x2f64 Netman - ok
19:45:04.0853 0x2f64 netprofm - ok
19:45:04.0856 0x2f64 NetSetupSvc - ok
19:45:04.0886 0x2f64 NetTcpPortSharing - ok
19:45:04.0890 0x2f64 NgcCtnrSvc - ok
19:45:04.0892 0x2f64 NgcSvc - ok
19:45:04.0895 0x2f64 NlaSvc - ok
19:45:04.0897 0x2f64 Npfs - ok
19:45:04.0899 0x2f64 npsvctrig - ok
19:45:05.0052 0x2f64 [ AC11ABBEFC5EBA3116D5D15AE41B108C, 60222331169042DE4F783BD3661F99F6D15CB3A0E835E4588E50BD0E3C09EAD6 ] NS C:\Program Files (x86)\Norton Security\Engine\22.5.5.15\NS.exe
19:45:05.0073 0x2f64 NS - ok
19:45:05.0079 0x2f64 nsi - ok
19:45:05.0083 0x2f64 nsiproxy - ok
19:45:05.0090 0x2f64 NTFS - ok
19:45:05.0095 0x2f64 Null - ok
19:45:05.0100 0x2f64 nvraid - ok
19:45:05.0104 0x2f64 nvstor - ok
19:45:05.0109 0x2f64 nv_agp - ok
19:45:05.0132 0x2f64 OneSyncSvc - ok
19:45:05.0225 0x2f64 [ FCE83ABDE761C87D17EA65960455F0E5, E59C13E26845FE0537AEBF0E4A9DC0AF3E6DF55C7A54247FC8078AC5DE666AD4 ] Origin Client Service C:\Program Files (x86)\Origin\OriginClientService.exe
19:45:05.0300 0x2f64 Origin Client Service - ok
19:45:05.0364 0x2f64 [ 30B5F9FB0C35AE6B4A0851D24CE2EE8B, 0340E77E8EC2ADC21B8DDD9C9CC95B3F4BCAFD54618A333C72D7D9587D593B83 ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
19:45:05.0385 0x2f64 ose - ok
19:45:05.0391 0x2f64 p2pimsvc - ok
19:45:05.0393 0x2f64 p2psvc - ok
19:45:05.0395 0x2f64 Parport - ok
19:45:05.0398 0x2f64 partmgr - ok
19:45:05.0400 0x2f64 PcaSvc - ok
19:45:05.0402 0x2f64 pci - ok
19:45:05.0405 0x2f64 pciide - ok
19:45:05.0407 0x2f64 pcmcia - ok
19:45:05.0409 0x2f64 pcw - ok
19:45:05.0412 0x2f64 pdc - ok
19:45:05.0506 0x2f64 [ 501015A7570DA3E2B159B6191B37B347, C202C053ED78E956C00EDB8F265CED53344BD90D3A614FBFF789B98B0C4D7A90 ] PDF Architect 3 C:\Program Files (x86)\PDF Architect 3\ws.exe
19:45:05.0611 0x2f64 PDF Architect 3 - ok
19:45:05.0658 0x2f64 [ 07DA9CEDFC7441AE061DFA7E2BD825F6, 35A8060EA0E2E34EBB1EB25F40BB72A6D3B83CBA8BD8CD4BF9E427A777D42D28 ] PDF Architect 3 CrashHandler C:\Program Files (x86)\PDF Architect 3\crash-handler-ws.exe
19:45:05.0695 0x2f64 PDF Architect 3 CrashHandler - ok
19:45:05.0739 0x2f64 [ 1234BB5F8C7EC1E52F32A3EBF65F52EA, AEE529A96C6F21D27B3F5AEF6AADF42129C676584DEE550C8F42815D1C913B0C ] PDF Architect 3 Creator C:\Program Files (x86)\PDF Architect 3\creator-ws.exe
19:45:05.0758 0x2f64 PDF Architect 3 Creator - ok
19:45:05.0761 0x2f64 PEAUTH - ok
19:45:05.0763 0x2f64 PeerDistSvc - ok
19:45:05.0766 0x2f64 percsas2i - ok
19:45:05.0768 0x2f64 percsas3i - ok
19:45:05.0825 0x2f64 PerfHost - ok
19:45:05.0831 0x2f64 PhoneSvc - ok
19:45:05.0833 0x2f64 PimIndexMaintenanceSvc - ok
19:45:05.0844 0x2f64 pla - ok
19:45:05.0858 0x2f64 PlugPlay - ok
19:45:05.0860 0x2f64 PNRPAutoReg - ok
19:45:05.0862 0x2f64 PNRPsvc - ok
19:45:05.0865 0x2f64 PolicyAgent - ok
19:45:05.0868 0x2f64 Power - ok
19:45:05.0870 0x2f64 PptpMiniport - ok
19:45:06.0018 0x2f64 [ 959F94AD1255BC749884EDDD14EC29C4, 2CD6DA9778EA36FA0B4080F6DB1C634712238E014E47546403CD3CDB35A1DCA8 ] PrintNotify C:\WINDOWS\system32\spool\drivers\x64\3\PrintConfig.dll
19:45:06.0223 0x2f64 PrintNotify - ok
19:45:06.0232 0x2f64 Processor - ok
19:45:06.0249 0x2f64 ProfSvc - ok
19:45:06.0251 0x2f64 Psched - ok
19:45:06.0255 0x2f64 QWAVE - ok
19:45:06.0257 0x2f64 QWAVEdrv - ok
19:45:06.0260 0x2f64 RasAcd - ok
19:45:06.0262 0x2f64 RasAgileVpn - ok
19:45:06.0265 0x2f64 RasAuto - ok
19:45:06.0267 0x2f64 Rasl2tp - ok
19:45:06.0269 0x2f64 RasMan - ok
19:45:06.0271 0x2f64 RasPppoe - ok
19:45:06.0274 0x2f64 RasSstp - ok
19:45:06.0276 0x2f64 rdbss - ok
19:45:06.0279 0x2f64 rdpbus - ok
19:45:06.0282 0x2f64 RDPDR - ok
19:45:06.0286 0x2f64 RdpVideoMiniport - ok
19:45:06.0288 0x2f64 rdyboost - ok
19:45:06.0291 0x2f64 ReFSv1 - ok
19:45:06.0302 0x2f64 RemoteAccess - ok
19:45:06.0304 0x2f64 RemoteRegistry - ok
19:45:06.0306 0x2f64 RetailDemo - ok
19:45:06.0308 0x2f64 RFCOMM - ok
19:45:06.0311 0x2f64 RpcEptMapper - ok
19:45:06.0313 0x2f64 RpcLocator - ok
19:45:06.0318 0x2f64 RpcSs - ok
19:45:06.0320 0x2f64 rspndr - ok
19:45:06.0322 0x2f64 rt640x64 - ok
19:45:06.0325 0x2f64 s3cap - ok
19:45:06.0327 0x2f64 SamSs - ok
19:45:06.0330 0x2f64 sbp2port - ok
19:45:06.0332 0x2f64 SCardSvr - ok
19:45:06.0334 0x2f64 ScDeviceEnum - ok
19:45:06.0339 0x2f64 scfilter - ok
19:45:06.0341 0x2f64 Schedule - ok
19:45:06.0352 0x2f64 SCPolicySvc - ok
19:45:06.0354 0x2f64 sdbus - ok
19:45:06.0356 0x2f64 SDRSVC - ok
19:45:06.0367 0x2f64 sdstor - ok
19:45:06.0369 0x2f64 seclogon - ok
19:45:06.0371 0x2f64 SENS - ok
19:45:06.0373 0x2f64 SensorDataService - ok
19:45:06.0381 0x2f64 SensorService - ok
19:45:06.0383 0x2f64 SensrSvc - ok
19:45:06.0385 0x2f64 SerCx - ok
19:45:06.0388 0x2f64 SerCx2 - ok
19:45:06.0390 0x2f64 Serenum - ok
19:45:06.0392 0x2f64 Serial - ok
19:45:06.0395 0x2f64 sermouse - ok
19:45:06.0400 0x2f64 SessionEnv - ok
19:45:06.0402 0x2f64 sfloppy - ok
19:45:06.0407 0x2f64 SharedAccess - ok
19:45:06.0425 0x2f64 ShellHWDetection - ok
19:45:06.0427 0x2f64 SiSRaid2 - ok
19:45:06.0430 0x2f64 SiSRaid4 - ok
19:45:06.0432 0x2f64 smphost - ok
19:45:06.0435 0x2f64 SmsRouter - ok
19:45:06.0439 0x2f64 SNMPTRAP - ok
19:45:06.0441 0x2f64 spaceport - ok
19:45:06.0444 0x2f64 SpbCx - ok
19:45:06.0446 0x2f64 Spooler - ok
19:45:06.0448 0x2f64 sppsvc - ok
19:45:06.0504 0x2f64 [ AB3558A087FA03861162F8DE9B681AE8, ACEBE679C31BD9238D1836C38F2433C47FF1C7E8B4F8248404F5D14DE5014A37 ] SRTSP C:\WINDOWS\System32\Drivers\NSx64\1605050.00F\SRTSP64.SYS
19:45:06.0553 0x2f64 SRTSP - ok
19:45:06.0581 0x2f64 [ BA2ABBEA69BD1866C973DE11CB0CE9F8, 7A04BC2F4DA9A69A996911CC429064D24CF51F4046A2EE688D4326B44C9EDAFB ] SRTSPX C:\WINDOWS\system32\drivers\NSx64\1605050.00F\SRTSPX64.SYS
19:45:06.0588 0x2f64 SRTSPX - ok
19:45:06.0589 0x2f64 srv - ok
19:45:06.0592 0x2f64 srv2 - ok
19:45:06.0595 0x2f64 srvnet - ok
19:45:06.0598 0x2f64 SSDPSRV - ok
19:45:06.0600 0x2f64 SstpSvc - ok
19:45:06.0617 0x2f64 StateRepository - ok
19:45:06.0679 0x2f64 [ 0A3544D7E9AF7D8C991C904339157EDC, 1E1DE4D808AE1174B0CB37E93EBADFC98FEBCD70D612CFE393DDA513581CD123 ] Steam Client Service C:\Program Files (x86)\Common Files\Steam\SteamService.exe
19:45:06.0710 0x2f64 Steam Client Service - ok
19:45:06.0714 0x2f64 stexstor - ok
19:45:06.0723 0x2f64 stisvc - ok
19:45:06.0724 0x2f64 storahci - ok
19:45:06.0728 0x2f64 storflt - ok
19:45:06.0730 0x2f64 stornvme - ok
19:45:06.0732 0x2f64 storqosflt - ok
19:45:06.0735 0x2f64 StorSvc - ok
19:45:06.0737 0x2f64 storufs - ok
19:45:06.0739 0x2f64 storvsc - ok
19:45:06.0742 0x2f64 svsvc - ok
19:45:06.0744 0x2f64 swenum - ok
19:45:06.0746 0x2f64 swprv - ok
19:45:06.0798 0x2f64 [ 6F227CF9E64364578E2DABD1EF6E51A4, D5223B441A319D4C57FDBEA9BFBB8E5C95CA6F7B6AE6F4029BCE84A5CCE51B33 ] SymEFASI C:\WINDOWS\system32\drivers\NSx64\1605050.00F\SYMEFASI64.SYS
19:45:06.0852 0x2f64 SymEFASI - ok
19:45:06.0872 0x2f64 [ 1DE0CBF15AC67AE0E5B456ADEFB89493, C764815313BB4332279730AA02531A448A1D32F5B6D5689FF04549406A5B5212 ] SymELAM C:\WINDOWS\system32\drivers\NSx64\1605050.00F\SymELAM.sys
19:45:06.0883 0x2f64 SymELAM - ok
19:45:06.0918 0x2f64 [ 6DF8F618B93C821630C9BAA8DA3FAAAF, 553972D63F3347291EC8370AB910F741EF1DA61BC74FBA4192EF6E1DF567FB99 ] SymEvent C:\Windows\system32\Drivers\SYMEVENT64x86.SYS
19:45:06.0927 0x2f64 SymEvent - ok
19:45:06.0959 0x2f64 [ 0891E59A27208B9B727BAB863B853E80, 7BBDD53CB7AB003DF803D6D596A2B5216425DCC7FA8D3F311AE5BD4EC19FBB0A ] SymIRON C:\WINDOWS\system32\drivers\NSx64\1605050.00F\Ironx64.SYS
19:45:06.0971 0x2f64 SymIRON - ok
19:45:07.0009 0x2f64 [ 751C968945EFD42469FE52D6CE384196, 3386681036909F60A249951009822190EFB1C390D2F46E7EFE44893F28D0F31C ] SymNetS C:\WINDOWS\System32\Drivers\NSx64\1605050.00F\SYMNETS.SYS
19:45:07.0028 0x2f64 SymNetS - ok
19:45:07.0041 0x2f64 Synth3dVsc - ok
19:45:07.0043 0x2f64 SysMain - ok
19:45:07.0055 0x2f64 SystemEventsBroker - ok
19:45:07.0057 0x2f64 TabletInputService - ok
19:45:07.0059 0x2f64 TapiSrv - ok
19:45:07.0062 0x2f64 Tcpip - ok
19:45:07.0064 0x2f64 Tcpip6 - ok
19:45:07.0067 0x2f64 tcpipreg - ok
19:45:07.0080 0x2f64 tdx - ok
19:45:07.0082 0x2f64 terminpt - ok
19:45:07.0084 0x2f64 TermService - ok
19:45:07.0086 0x2f64 Themes - ok
19:45:07.0089 0x2f64 TieringEngineService - ok
19:45:07.0091 0x2f64 tiledatamodelsvc - ok
19:45:07.0094 0x2f64 TimeBroker - ok
19:45:07.0096 0x2f64 TPM - ok
19:45:07.0098 0x2f64 TrkWks - ok
19:45:07.0124 0x2f64 TrustedInstaller - ok
19:45:07.0127 0x2f64 tsusbflt - ok
19:45:07.0129 0x2f64 TsUsbGD - ok
19:45:07.0132 0x2f64 tunnel - ok
19:45:07.0143 0x2f64 tzautoupdate - ok
19:45:07.0145 0x2f64 uagp35 - ok
19:45:07.0147 0x2f64 UASPStor - ok
19:45:07.0150 0x2f64 UcmCx0101 - ok
19:45:07.0153 0x2f64 UcmUcsi - ok
19:45:07.0155 0x2f64 Ucx01000 - ok
19:45:07.0158 0x2f64 UdeCx - ok
19:45:07.0160 0x2f64 udfs - ok
19:45:07.0162 0x2f64 UEFI - ok
19:45:07.0165 0x2f64 Ufx01000 - ok
19:45:07.0167 0x2f64 UfxChipidea - ok
19:45:07.0170 0x2f64 ufxsynopsys - ok
19:45:07.0174 0x2f64 UI0Detect - ok
19:45:07.0177 0x2f64 uliagpkx - ok
19:45:07.0179 0x2f64 umbus - ok
19:45:07.0181 0x2f64 UmPass - ok
19:45:07.0184 0x2f64 UmRdpService - ok
19:45:07.0186 0x2f64 UnistoreSvc - ok
19:45:07.0189 0x2f64 upnphost - ok
19:45:07.0192 0x2f64 UrsChipidea - ok
19:45:07.0195 0x2f64 UrsCx01000 - ok
19:45:07.0197 0x2f64 UrsSynopsys - ok
19:45:07.0218 0x2f64 [ F957092C63CD71D85903CA0D8370F473, 4DEC2FC20329F248135DA24CB6694FD972DCCE8B1BBEA8D872FDE41939E96AAF ] USBAAPL64 C:\WINDOWS\System32\Drivers\usbaapl64.sys
19:45:07.0254 0x2f64 USBAAPL64 - detected UnsignedFile.Multi.Generic ( 1 )
19:45:09.0745 0x2f64 Detect skipped due to KSN trusted
19:45:09.0745 0x2f64 USBAAPL64 - ok
19:45:09.0749 0x2f64 usbccgp - ok
19:45:09.0755 0x2f64 usbcir - ok
19:45:09.0759 0x2f64 usbehci - ok
19:45:09.0764 0x2f64 usbhub - ok
19:45:09.0769 0x2f64 USBHUB3 - ok
19:45:09.0772 0x2f64 usbohci - ok
19:45:09.0774 0x2f64 usbprint - ok
19:45:09.0797 0x2f64 [ D67B6A4A6FB99D29444C2DBA2B636799, 62BC778D60593B2AB0DA13C4DB3EA5971895AE09DA06E8AB2D03973C940C890C ] usbscan C:\WINDOWS\system32\DRIVERS\usbscan.sys
19:45:09.0826 0x2f64 usbscan - ok
19:45:09.0829 0x2f64 usbser - ok
19:45:09.0831 0x2f64 USBSTOR - ok
19:45:09.0834 0x2f64 usbuhci - ok
19:45:09.0836 0x2f64 USBXHCI - ok
19:45:09.0838 0x2f64 UserDataSvc - ok
19:45:09.0848 0x2f64 UserManager - ok
19:45:09.0851 0x2f64 UsoSvc - ok
19:45:09.0853 0x2f64 VaultSvc - ok
19:45:09.0855 0x2f64 vdrvroot - ok
19:45:09.0860 0x2f64 vds - ok
19:45:09.0862 0x2f64 VerifierExt - ok
19:45:09.0865 0x2f64 vhdmp - ok
19:45:09.0867 0x2f64 vhf - ok
19:45:09.0870 0x2f64 vmbus - ok
19:45:09.0872 0x2f64 VMBusHID - ok
19:45:09.0889 0x2f64 vmicguestinterface - ok
19:45:09.0891 0x2f64 vmicheartbeat - ok
19:45:09.0893 0x2f64 vmickvpexchange - ok
19:45:09.0897 0x2f64 vmicrdv - ok
19:45:09.0900 0x2f64 vmicshutdown - ok
19:45:09.0902 0x2f64 vmictimesync - ok
19:45:09.0905 0x2f64 vmicvmsession - ok
19:45:09.0907 0x2f64 vmicvss - ok
19:45:09.0909 0x2f64 volmgr - ok
19:45:09.0912 0x2f64 volmgrx - ok
19:45:09.0914 0x2f64 volsnap - ok
19:45:09.0916 0x2f64 vpci - ok
19:45:09.0921 0x2f64 vsmraid - ok
19:45:09.0923 0x2f64 VSS - ok
19:45:09.0926 0x2f64 VSTXRAID - ok
19:45:09.0928 0x2f64 vwifibus - ok
19:45:09.0931 0x2f64 vwififlt - ok
19:45:09.0933 0x2f64 W32Time - ok
19:45:09.0936 0x2f64 WacomPen - ok
19:45:09.0939 0x2f64 WalletService - ok
19:45:09.0941 0x2f64 wanarp - ok
19:45:09.0944 0x2f64 wanarpv6 - ok
19:45:09.0946 0x2f64 wbengine - ok
19:45:09.0956 0x2f64 WbioSrvc - ok
19:45:09.0957 0x2f64 Wcmsvc - ok
19:45:09.0960 0x2f64 wcncsvc - ok
19:45:09.0962 0x2f64 WcsPlugInService - ok
19:45:09.0965 0x2f64 WdBoot - ok
19:45:09.0968 0x2f64 Wdf01000 - ok
19:45:09.0970 0x2f64 WdFilter - ok
19:45:09.0973 0x2f64 WdiServiceHost - ok
19:45:09.0975 0x2f64 WdiSystemHost - ok
19:45:09.0978 0x2f64 wdiwifi - ok
19:45:09.0980 0x2f64 WdNisDrv - ok
19:45:09.0996 0x2f64 WdNisSvc - ok
19:45:09.0998 0x2f64 WebClient - ok
19:45:10.0001 0x2f64 Wecsvc - ok
19:45:10.0003 0x2f64 WEPHOSTSVC - ok
19:45:10.0005 0x2f64 wercplsupport - ok
19:45:10.0008 0x2f64 WerSvc - ok
19:45:10.0010 0x2f64 WFPLWFS - ok
19:45:10.0013 0x2f64 WiaRpc - ok
19:45:10.0018 0x2f64 WIMMount - ok
19:45:10.0019 0x2f64 WinDefend - ok
19:45:10.0024 0x2f64 WindowsTrustedRT - ok
19:45:10.0027 0x2f64 WindowsTrustedRTProxy - ok
19:45:10.0030 0x2f64 WinHttpAutoProxySvc - ok
19:45:10.0032 0x2f64 WinMad - ok
19:45:10.0068 0x2f64 Winmgmt - ok
19:45:10.0070 0x2f64 WinRM - ok
19:45:10.0074 0x2f64 WINUSB - ok
19:45:10.0077 0x2f64 WinVerbs - ok
19:45:10.0080 0x2f64 WlanSvc - ok
19:45:10.0082 0x2f64 wlidsvc - ok
19:45:10.0084 0x2f64 WmiAcpi - ok
19:45:10.0088 0x2f64 wmiApSrv - ok
19:45:10.0096 0x2f64 WMPNetworkSvc - ok
19:45:10.0107 0x2f64 [ 2A9650FCC696DB28E45EA8B33B99B8E6, FBEBC6C05D50F578C6EEE0A7285EBE1DEADB08DD21FA3232630FD8D5A68FC3FB ] Wof C:\WINDOWS\system32\drivers\Wof.sys
19:45:10.0122 0x2f64 Wof - ok
19:45:10.0126 0x2f64 workfolderssvc - ok
19:45:10.0129 0x2f64 wpcfltr - ok
19:45:10.0131 0x2f64 WPDBusEnum - ok
19:45:10.0135 0x2f64 WpdUpFltr - ok
19:45:10.0137 0x2f64 WpnService - ok
19:45:10.0139 0x2f64 ws2ifsl - ok
19:45:10.0142 0x2f64 wscsvc - ok
19:45:10.0144 0x2f64 WSearch - ok
19:45:10.0148 0x2f64 WSService - ok
19:45:10.0150 0x2f64 wuauserv - ok
19:45:10.0155 0x2f64 WudfPf - ok
19:45:10.0157 0x2f64 WUDFRd - ok
19:45:10.0159 0x2f64 wudfsvc - ok
19:45:10.0162 0x2f64 WUDFWpdFs - ok
19:45:10.0164 0x2f64 WUDFWpdMtp - ok
19:45:10.0167 0x2f64 WwanSvc - ok
19:45:10.0180 0x2f64 XblAuthManager - ok
19:45:10.0183 0x2f64 XblGameSave - ok
19:45:10.0186 0x2f64 xboxgip - ok
19:45:10.0188 0x2f64 XboxNetApiSvc - ok
19:45:10.0190 0x2f64 xinputhid - ok
19:45:10.0192 0x2f64 ================ Scan global ===============================
19:45:10.0220 0x2f64 [ Global ] - ok
19:45:10.0220 0x2f64 ================ Scan MBR ==================================
19:45:10.0236 0x2f64 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
19:45:10.0529 0x2f64 \Device\Harddisk0\DR0 - ok
19:45:10.0529 0x2f64 ================ Scan VBR ==================================
19:45:10.0531 0x2f64 [ 46DFE52F84553E8AB1DF9927ED7281F5 ] \Device\Harddisk0\DR0\Partition1
19:45:10.0562 0x2f64 \Device\Harddisk0\DR0\Partition1 - ok
19:45:10.0563 0x2f64 [ B2B1639B9C093B3D56BAE5983D41C2AB ] \Device\Harddisk0\DR0\Partition2
19:45:10.0602 0x2f64 \Device\Harddisk0\DR0\Partition2 - ok
19:45:10.0602 0x2f64 ================ Scan generic autorun ======================
19:45:10.0689 0x2f64 [ 69B43CBECDEEF3F8F2A96FA7B335E9A7, 2AA57756ABD1E25354E087FDE47C38F74A63021D7B57CDCBBCA0CADAD8DFCA7F ] C:\WINDOWS\SysWOW64\UMonit64.exe
19:45:10.0712 0x2f64 UMonit - ok
19:45:10.0795 0x2f64 [ 1BF113E377E570DB915EE7D228E594D6, FF4D198D412CA21C49E0A3E6FE52EAD69786B305429095B5BD25CB4FAFD33B51 ] C:\Program Files\iTunes\iTunesHelper.exe
19:45:10.0811 0x2f64 iTunesHelper - ok
19:45:10.0901 0x2f64 [ EA4F9B19B3614349C79CC97DCA4C23A8, EC330F2E4F002FE450CDC1FC84AC0122C21C7912A483A99143450822004795E3 ] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe
19:45:10.0932 0x2f64 StartCCC - ok
19:45:10.0987 0x2f64 [ 851383DAEF93961E9868A1474AFFEEBD, 6262E7FF3D356FA4FC9523D941A0D9B09E7450AA466EA6063A0C264F1B99F1AE ] C:\Program Files (x86)\avmwlanstick\wlangui.exe
19:45:11.0078 0x2f64 AVMWlanClient - detected UnsignedFile.Multi.Generic ( 1 )
19:45:12.0197 0x0934 Object required for P2P: [ 92547C9A6C5E9A3BEC689486C4885C4B ] ClickToRunSvc
19:45:13.0667 0x2f64 Detect skipped due to KSN trusted
19:45:13.0667 0x2f64 AVMWlanClient - ok
19:45:13.0719 0x2f64 [ 9F3B239443E7AF5840454D8D3A0772CF, 82E135AA844B3170D030CE27259BF7BACBA1FA18670C10B74BD3F402CA9AD29E ] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
19:45:13.0731 0x2f64 APSDaemon - ok
19:45:13.0782 0x2f64 [ F916BA0DA28A4B4F7B1ADE76EB42F088, FB3C91D44709D039E959B275F6ECE26AF9307D272FE3E25CC41EAC259AA3B596 ] C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
19:45:13.0820 0x2f64 SunJavaUpdateSched - ok
19:45:13.0834 0x2f64 OneDriveSetup - ok
19:45:13.0835 0x2f64 OneDriveSetup - ok
19:45:13.0921 0x2f64 [ 7C6D524C78A1722AD987B9E47AC1FEE2, FFDC6C92ABB547D0DCD2621EC423C755A78079B061A41FA1751A56799D1A79A5 ] C:\Users\Olli\AppData\Local\Dropbox\Update\DropboxUpdate.exe
19:45:13.0937 0x2f64 Dropbox Update - ok
19:45:14.0012 0x2f64 [ 9F2ECA252720B25E8FEC1CAB2984B98D, 476EE2929901CD43F15869B763376393AA0942A3B934532055E037C6DCE3CD2D ] C:\Users\Olli\AppData\Local\Microsoft\OneDrive\OneDrive.exe
19:45:14.0041 0x2f64 OneDrive - ok
19:45:14.0097 0x2f64 [ 5D47E37C1E1F03C1E7E8DCEDD4A4BCDF, 72F9675AEA8ED5ACF19161E8FDD481460BE158A65EF2B998AE4E93A7804B2172 ] C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
19:45:14.0104 0x2f64 iCloudServices - ok
19:45:14.0126 0x2f64 [ BB9217E339B1DE7EB08E2ED0CD89F988, ED488890DD801506C0E6144C6CF7CD878B1E436E4F2B5C5A7C5DA4994532082F ] C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
19:45:14.0139 0x2f64 ApplePhotoStreams - ok
19:45:14.0165 0x2f64 [ 8C5A712AA2C4A0F106965D199D8B73B8, AED43CD6E85CC92AD72AE344842F47E39E288BEC78168CBF8BB6A6B9105FBFB8 ] C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe
19:45:14.0179 0x2f64 iCloudDrive - ok
19:45:14.0180 0x2f64 Waiting for KSN requests completion. In queue: 46
19:45:14.0700 0x0934 Object send P2P result: true
19:45:14.0704 0x0934 Object required for P2P: [ AC11ABBEFC5EBA3116D5D15AE41B108C ] NS
19:45:15.0181 0x2f64 Waiting for KSN requests completion. In queue: 27
19:45:16.0182 0x2f64 Waiting for KSN requests completion. In queue: 27
19:45:17.0156 0x0934 Object send P2P result: true
19:45:17.0218 0x2f64 AV detected via SS2: Norton Security, C:\Program Files (x86)\Norton Security\Engine\22.5.5.15\WSCStub.exe ( 22.5.0.0 ), 0x51000 ( enabled : updated )
19:45:17.0235 0x2f64 AV detected via SS2: Windows Defender, C:\Program Files\Windows Defender\MSASCui.exe ( 4.9.10586.0 ), 0x60100 ( disabled : updated )
19:45:17.0243 0x2f64 FW detected via SS2: Norton Security, C:\Program Files (x86)\Norton Security\Engine\22.5.5.15\WSCStub.exe ( 22.5.0.0 ), 0x51010 ( enabled )
19:45:19.0646 0x2f64 ============================================================
19:45:19.0646 0x2f64 Scan finished
19:45:19.0646 0x2f64 ============================================================
19:45:19.0659 0x2424 Detected object count: 0
19:45:19.0659 0x2424 Actual detected object count: 0
19:58:18.0324 0x158c Deinitialize success


Alt 11.12.2015, 01:18   #6
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Gelbes "i"-Icon" mitten auf dem Desktop - Standard

Gelbes "i"-Icon" mitten auf dem Desktop



Hi,

da schrauber momentan keine Zeit hat spring ich ein.

Zitat:
AV: Norton Security (Enabled - Up to date) {53C7D717-52E2-B95E-FA61-6F32ECC805DB}
Kann ich nur von dringend abraten. Der Windows Defender bietet dir bereits guten Schutz. Deinstalliere Norton. Gib Bescheid wenn da erledigt ist.
__________________
--> Gelbes "i"-Icon" mitten auf dem Desktop

Alt 11.12.2015, 08:08   #7
droliver
 
Gelbes "i"-Icon" mitten auf dem Desktop - Standard

Gelbes "i"-Icon" mitten auf dem Desktop



erledigt

Sind mit dem norton irgendwelche Nachteile verbunden? Kann doch nicht sein, dass ein teures Kaufprogramm schlechter ist als das Windowsprogramm?

Alt 11.12.2015, 09:54   #8
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Gelbes "i"-Icon" mitten auf dem Desktop - Standard

Gelbes "i"-Icon" mitten auf dem Desktop



Es war schon immer so, dass die Qualität nicht unbedingt etwas mit der Höhe des Preise zu tun hat.


Adware/Junkware/Toolbars entfernen

Alte Versionen von adwCleaner und falls vorhanden JRT vorher löschen, danach neu runterladen auf den Desktop!
Virenscanner jetzt vor dem Einsatz dieser Tools bitte komplett deaktivieren!


1. Schritt: adwCleaner

Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).




2. Schritt: JRT - Junkware Removal Tool

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

  • Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
  • Drücke eine beliebige Taste, um das Tool zu starten.
  • Je nach System kann der Scan eine Weile dauern.
  • Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
  • Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.




3. Schritt: Frisches Log mit FRST

Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST Download FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
  • Starte jetzt FRST.
  • Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
  • Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
  • Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)





Lesestoff:
Posten in CODE-Tags
Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR oder 7Z-Archiv zu packen erschwert mir massiv die Arbeit.
Auch wenn die Logs für einen Beitrag zu groß sein sollten, bitte ich dich die Logs direkt und notfalls über mehrere Beiträge verteilt zu posten.
Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
  • Markiere das gesamte Logfile (geht meist mit STRG+A) und kopiere es in die Zwischenablage mit STRG+C.
  • Klicke im Editor auf das #-Symbol. Es erscheinen zwei Klammerausdrücke [CODE] [/CODE].
  • Setze den Curser zwischen die CODE-Tags und drücke STRG+V.
  • Klicke auf Erweitert/Vorschau, um so prüfen, ob du es richtig gemacht hast. Wenn alles stimmt ... auf Antworten.
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 11.12.2015, 11:54   #9
droliver
 
Gelbes "i"-Icon" mitten auf dem Desktop - Standard

adwcleaner/ jrt/ frst. Hinweis: addition-log wurde nicht erstellt!?



AdwCleaner Logfile:
Code:
ATTFilter
# AdwCleaner v5.024 - Bericht erstellt am 11/12/2015 um 11:25:32
# Aktualisiert am 07/12/2015 von Xplode
# Datenbank : 2015-12-07.3 [Server]
# Betriebssystem : Windows 10 Pro  (x64)
# Benutzername : Olli - OLLISDESKTOP
# Gestartet von : C:\Users\Olli\Downloads\AdwCleaner_5.024.exe
# Option : Löschen
# Unterstützung : hxxp://toolslib.net/forum

***** [ Dienste ] *****


***** [ Ordner ] *****

[-] Ordner Gelöscht : C:\Users\Olli\AppData\Roaming\RPEng

***** [ Dateien ] *****


***** [ DLLs ] *****


***** [ Verknüpfungen ] *****


***** [ Aufgabenplanung ] *****


***** [ Registrierungsdatenbank ] *****

[-] Schlüssel Gelöscht : HKCU\Software\OCS
[-] Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\search.softonic.com
[-] Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\softonic.com

***** [ Internetbrowser ] *****

[-] [C:\Users\Olli\AppData\Roaming\Mozilla\Firefox\Profiles\i1rfvxwa.default\prefs.js] [Preference] Gelöscht : user_pref("coupons.url", "hxxp://i.spigotjs.info/spig/javascript.js?hid=40&channel=FF");
[-] [C:\Users\Olli\AppData\Roaming\Mozilla\Firefox\Profiles\i1rfvxwa.default\prefs.js] [Preference] Gelöscht : user_pref("coupons.urls", "hxxps://i_spigotjs_info.tlscdn.com/spig/javascript.js?hid=40&channel=FF");
[-] [C:\Users\Olli\AppData\Roaming\Mozilla\Firefox\Profiles\i1rfvxwa.default\prefs.js] [Preference] Gelöscht : user_pref("startpage.ntsearch_url", "hxxps://de.search.yahoo.com/search?fr=spigot-nt-ff&ei=utf-8&ilc=12&type=937811&p={searchTerms}");

*************************

:: "Tracing" Schlüssel gelöscht
:: Proxy Einstellungen zurückgesetzt
:: Winsock Einstellungen zurückgesetzt
:: Chrome Richtlinien gelöscht

########## EOF - C:\AdwCleaner\AdwCleaner[C2].txt - [1791 Bytes] ##########
         
--- --- ---


[/CODE]





Code:
ATTFilter

File System: 2 

Successfully deleted: C:\Users\Olli\AppData\Roaming\Mozilla\Firefox\Profiles\i1rfvxwa.default\searchplugins\norton-safe-search.xml (File) 
Successfully deleted: C:\Users\Olli\AppData\Roaming\pdfforge (Folder) 



Registry: 2 

Successfully deleted: HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06E08260-0695-4EC1-A74B-1310D8899D93} (Registry Key)
Successfully deleted: HKLM\Software\Microsoft\Internet Explorer\Toolbar\\{2DFF3579-5AA7-45B9-9328-1D38EA230861} (Registry Value)
         



FRST Logfile:
Code:
ATTFilter
Untersuchungsergebnis von Farbar Recovery Scan Tool (FRST) (x64) Version:09-12-2015
durchgeführt von Olli (Administrator) auf OLLISDESKTOP (11-12-2015 11:38:16)
Gestartet von C:\Users\Olli\Downloads
Geladene Profile: Olli (Verfügbare Profile: Olli)
Platform: Windows 10 Pro Version 1511 (X64) Sprache: Deutsch (Deutschland)
Internet Explorer Version 11 (Standard-Browser: FF)
Start-Modus: Normal
Anleitung für Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Prozesse (Nicht auf der Ausnahmeliste) =================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Prozess geschlossen. Die Datei wird nicht verschoben.)

(AMD) C:\Windows\System32\atiesrxx.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(Malwarebytes) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe
(Malwarebytes) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe
(pdfforge GmbH) C:\Program Files (x86)\PDF Architect 3\creator-ws.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Atheros Commnucations) C:\Windows\System32\AdminService.exe
(AVM Berlin) C:\Program Files (x86)\avmwlanstick\WLanNetService.exe
(WIBU-SYSTEMS AG) C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe
(Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Identity Safe\Engine\2014.7.11.42\NST.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Identity Safe\Engine\2014.7.11.42\NST.exe
(Farbar) C:\Users\Olli\Downloads\FRST64(1).exe


==================== Registry (Nicht auf der Ausnahmeliste) ===========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt. Die Datei wird nicht verschoben.)

HKLM\...\Run: [UMonit] => C:\WINDOWS\SysWOW64\UMonit64.exe [53832 2015-07-09] ()
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [170256 2015-10-16] (Apple Inc.)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [767176 2015-08-21] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [AVMWlanClient] => C:\Program Files (x86)\avmwlanstick\wlangui.exe [1904640 2009-03-20] (AVM Berlin)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [60688 2015-10-13] (Apple Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [597552 2015-08-04] (Oracle Corporation)
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKU\S-1-5-21-2064884263-2734367825-3749686348-1001\...\Run: [Dropbox Update] => C:\Users\Olli\AppData\Local\Dropbox\Update\DropboxUpdate.exe [134512 2015-06-22] (Dropbox, Inc.)
HKU\S-1-5-21-2064884263-2734367825-3749686348-1001\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [60688 2015-11-30] (Apple Inc.)
HKU\S-1-5-21-2064884263-2734367825-3749686348-1001\...\Run: [ApplePhotoStreams] => C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [61200 2015-11-30] (Apple Inc.)
HKU\S-1-5-21-2064884263-2734367825-3749686348-1001\...\Run: [iCloudDrive] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe [103696 2015-11-30] (Apple Inc.)
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Olli\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll [2015-11-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Olli\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll [2015-11-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Olli\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll [2015-11-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Olli\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll [2015-11-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Olli\AppData\Roaming\Dropbox\bin\DropboxExt.28.dll [2015-11-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Olli\AppData\Roaming\Dropbox\bin\DropboxExt.28.dll [2015-11-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Olli\AppData\Roaming\Dropbox\bin\DropboxExt.28.dll [2015-11-05] (Dropbox, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\ScreenManager Pro for LCD (DDCCI) Ver.2.4.0.lnk [2014-01-19]
ShortcutTarget: ScreenManager Pro for LCD (DDCCI) Ver.2.4.0.lnk -> C:\Windows\Installer\{DAB265AD-27B2-4651-B8D8-F4F3A8ECC705}\LcdctrlDdcci.exe1_A2457035AC9A449AAFF91D310EF3707A.exe (Macrovision Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\WISO Mein Steuer-Sparbuch heute.lnk [2014-01-08]
ShortcutTarget: WISO Mein Steuer-Sparbuch heute.lnk -> C:\Program Files (x86)\WISO\Steuersoftware 2014\mshaktuell.exe ()
Startup: C:\Users\Olli\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2015-11-13]
ShortcutTarget: Dropbox.lnk -> C:\Users\Olli\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)

==================== Internet (Nicht auf der Ausnahmeliste) ====================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Eintrag entfernt oder auf den Standardwert zurückgesetzt, wenn es sich um einen Registryeintrag handelt.)

Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
Tcpip\..\Interfaces\{4829b226-f5aa-4e6e-8bf4-d07a8575fa1d}: [DhcpNameServer] 192.168.178.1
Tcpip\..\Interfaces\{6A41BC24-9121-4FE3-8C72-32D18F496606}: [DhcpNameServer] 192.168.178.1

Internet Explorer:
==================
HKU\S-1-5-21-2064884263-2734367825-3749686348-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://t.de.msn.com/
SearchScopes: HKLM-x32 -> DefaultScope Wert fehlt
SearchScopes: HKU\S-1-5-21-2064884263-2734367825-3749686348-1001 -> DefaultScope {B21B4164-A234-4450-8F50-3D8D20B7B7D7} URL = 
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll [2015-10-13] (Microsoft Corporation)
BHO: Norton Identity Protection -> {AB4C7833-A6EC-433f-B9FE-6B14B1A2F836} -> C:\Program Files (x86)\Norton Identity Safe\Engine64\2014.7.11.42\coIEPlg.dll [2015-03-05] (Symantec Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [2015-10-13] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_60\bin\ssv.dll [2015-08-20] (Oracle Corporation)
BHO-x32: Norton Identity Protection -> {AB4C7833-A6EC-433f-B9FE-6B14B1A2F836} -> C:\Program Files (x86)\Norton Identity Safe\Engine\2014.7.11.42\coIEPlg.dll [2015-03-05] (Symantec Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_60\bin\jp2ssv.dll [2015-08-20] (Oracle Corporation)
Toolbar: HKLM - Norton Identity Safe Toolbar - {A13C2648-91D4-4bf3-BC6D-0079707C4389} - C:\Program Files (x86)\Norton Identity Safe\Engine64\2014.7.11.42\coIEPlg.dll [2015-03-05] (Symantec Corporation)
Toolbar: HKLM-x32 - Kein Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  Keine Datei
Toolbar: HKLM-x32 - Norton Identity Safe Toolbar - {A13C2648-91D4-4bf3-BC6D-0079707C4389} - C:\Program Files (x86)\Norton Identity Safe\Engine\2014.7.11.42\coIEPlg.dll [2015-03-05] (Symantec Corporation)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2015-02-03] (Microsoft Corporation)

FireFox:
========
FF ProfilePath: C:\Users\Olli\AppData\Roaming\Mozilla\Firefox\Profiles\i1rfvxwa.default
FF NewTab: www.google.de
FF DefaultSearchEngine: Google Default
FF SelectedSearchEngine: Bing
FF Homepage: about:home
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_20_0_0_235.dll [2015-12-09] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.41105.0\npctrl.dll [2015-11-04] ( Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.1.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2014-02-28] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.4 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2014-02-28] (VideoLAN)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_20_0_0_235.dll [2015-12-09] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1211151.dll [2014-04-15] (Adobe Systems, Inc.)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2015-10-08] ()
FF Plugin-x32: @java.com/DTPlugin,version=11.60.2 -> C:\Program Files (x86)\Java\jre1.8.0_60\bin\dtplugin\npDeployJava1.dll [2015-08-20] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.60.2 -> C:\Program Files (x86)\Java\jre1.8.0_60\bin\plugin2\npjp2.dll [2015-08-20] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.41105.0\npctrl.dll [2015-11-04] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2013-11-15] (Microsoft Corporation)
FF Plugin-x32: @Nero.com/KM -> C:\PROGRA~2\COMMON~1\Nero\BROWSE~1\NPBROW~1.DLL [2015-04-10] (Nero AG)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-09-30] (Adobe Systems Inc.)
FF Plugin-x32: PDF Architect 3 -> C:\Program Files (x86)\PDF Architect 3\np-previewer.dll [2015-04-24] (pdfforge GmbH)
FF SearchPlugin: C:\Users\Olli\AppData\Roaming\Mozilla\Firefox\Profiles\i1rfvxwa.default\searchplugins\google-default.xml [2015-07-28]
FF Extension: PDF Architect 3 Creator - C:\Program Files (x86)\PDF Architect 3\resources\pdfarchitect3firefoxextension [2015-08-11] [ist nicht signiert]
FF Extension: NoScript - C:\Users\Olli\AppData\Roaming\Mozilla\Firefox\Profiles\i1rfvxwa.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2015-12-01]
FF Extension: Kein Name - C:\Users\Olli\AppData\Roaming\Mozilla\Firefox\Profiles\i1rfvxwa.default\Extensions\ClassicThemeRestorer@ArisT2Noia4dev.xpi [2015-12-04] [ist nicht signiert]
FF Extension: iCloud Bookmarks - C:\Users\Olli\AppData\Roaming\Mozilla\Firefox\Profiles\i1rfvxwa.default\Extensions\firefoxdav@icloud.com [2015-11-29]
FF Extension: YouTube Unblocker - C:\Users\Olli\AppData\Roaming\Mozilla\Firefox\Profiles\i1rfvxwa.default\Extensions\youtubeunblocker@unblocker.yt [2015-12-03]
FF Extension: BugMeNot Plugin - C:\Users\Olli\AppData\Roaming\Mozilla\Firefox\Profiles\i1rfvxwa.default\Extensions\{987311C6-B504-4aa2-90BF-60CC49808D42}.xpi [2015-05-29]
FF Extension: Video DownloadHelper - C:\Users\Olli\AppData\Roaming\Mozilla\Firefox\Profiles\i1rfvxwa.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}.xpi [2015-10-31]
FF Extension: Tab Plugin - C:\Users\Olli\AppData\Roaming\Mozilla\Firefox\Profiles\i1rfvxwa.default\Extensions\{d81af7c1-6441-496a-9c0a-13dd5539ce7e}.xpi [2015-08-26] [ist nicht signiert]
FF Extension: Download Helper Free - C:\Users\Olli\AppData\Roaming\Mozilla\Firefox\Profiles\i1rfvxwa.default\Extensions\{ee9dcf2a-0c31-4de7-910d-0d5f77aabb47}.xpi [2015-12-06] [ist nicht signiert]
FF HKLM-x32\...\Firefox\Extensions: [pdf_architect_3_conv@pdfarchitect.org] - C:\Program Files (x86)\PDF Architect 3\resources\pdfarchitect3firefoxextension
FF HKLM-x32\...\Firefox\Extensions: [{F04D2D30-776C-4d02-8627-8E4385ECA58D}] - C:\ProgramData\Norton\{92622AAD-05E8-4459-B256-765CE1E929FB}\NST_2014.7.11.42\coFFPlgn
FF Extension: Norton Identity Safe Toolbar - C:\ProgramData\Norton\{92622AAD-05E8-4459-B256-765CE1E929FB}\NST_2014.7.11.42\coFFPlgn [2015-12-11] [ist nicht signiert]

Chrome: 
=======
CHR Profile: C:\Users\Olli\AppData\Local\Google\Chrome\User Data\default
CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM\...\Chrome\Extension: [nppllibpnmahfaklnpggkibhkapjkeob] - C:\Program Files (x86)\Norton Identity Safe\Engine\2014.7.11.42\Exts\Chrome.crx [2015-12-11]
CHR HKLM-x32\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [nppllibpnmahfaklnpggkibhkapjkeob] - C:\Program Files (x86)\Norton Identity Safe\Engine\2014.7.11.42\Exts\Chrome.crx [2015-12-11]

==================== Dienste (Nicht auf der Ausnahmeliste) ========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77104 2015-10-07] (Apple Inc.)
R2 AtherosSvc; C:\Windows\system32\AdminService.exe [208384 2012-08-29] (Atheros Commnucations) [Datei ist nicht signiert]
R2 AVM WLAN Connection Service; C:\Program Files (x86)\avmwlanstick\WlanNetService.exe [368640 2009-03-20] (AVM Berlin) [Datei ist nicht signiert]
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2797752 2015-10-13] (Microsoft Corporation)
R2 MBAMScheduler; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe [1513784 2015-10-05] (Malwarebytes)
R2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [1135416 2015-10-05] (Malwarebytes)
R2 NCO; C:\Program Files (x86)\Norton Identity Safe\Engine\2014.7.11.42\NST.exe [131144 2015-03-05] (Symantec Corporation)
S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [1997168 2015-06-24] (Electronic Arts)
S3 PDF Architect 3; C:\Program Files (x86)\PDF Architect 3\ws.exe [2244312 2015-04-24] (pdfforge GmbH)
S3 PDF Architect 3 CrashHandler; C:\Program Files (x86)\PDF Architect 3\crash-handler-ws.exe [901336 2015-04-24] (pdfforge GmbH)
R2 PDF Architect 3 Creator; C:\Program Files (x86)\PDF Architect 3\creator-ws.exe [740568 2015-04-24] (pdfforge GmbH)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [364464 2015-10-30] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2015-10-30] (Microsoft Corporation)

===================== Treiber (Nicht auf der Ausnahmeliste) ==========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

R0 amdkmafd; C:\Windows\System32\drivers\amdkmafd.sys [21160 2012-09-23] (Advanced Micro Devices, Inc.)
R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdWB6.sys [102912 2015-07-15] (Advanced Micro Devices)
S3 avmeject; C:\Windows\System32\drivers\avmeject.sys [14120 2009-03-20] (AVM Berlin)
R1 ccSet_NST; C:\Windows\system32\drivers\NSTx64\7DE070B0.02A\ccSetx64.sys [162392 2013-09-27] (Symantec Corporation)
R3 fwlanusbn; C:\Windows\system32\DRIVERS\fwlanusbn.sys [552704 2009-03-20] (AVM GmbH)
R3 GeneStor; C:\Windows\system32\DRIVERS\GeneStor.sys [115704 2015-07-09] (GenesysLogic)
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25816 2015-10-05] (Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [192216 2015-12-11] (Malwarebytes)
R3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [64216 2015-10-05] (Malwarebytes Corporation)
R3 rt640x64; C:\Windows\System32\drivers\rt640x64.sys [589824 2015-10-30] (Realtek                                            )
S3 USBAAPL64; C:\Windows\System32\Drivers\usbaapl64.sys [54784 2015-06-10] (Apple, Inc.) [Datei ist nicht signiert]
S0 WdBoot; C:\Windows\System32\drivers\WdBoot.sys [44568 2015-10-30] (Microsoft Corporation)
R0 WdFilter; C:\Windows\System32\drivers\WdFilter.sys [293216 2015-10-30] (Microsoft Corporation)
R3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [118112 2015-10-30] (Microsoft Corporation)

==================== NetSvcs (Nicht auf der Ausnahmeliste) ===================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)


==================== Ein Monat: Erstellte Dateien und Ordner ========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)

2015-12-11 11:37 - 2015-12-11 11:37 - 02369024 _____ (Farbar) C:\Users\Olli\Downloads\FRST64(1).exe
2015-12-11 11:33 - 2015-12-11 11:33 - 00001044 _____ C:\Users\Olli\Desktop\JRT.txt
2015-12-11 11:30 - 2015-12-11 11:30 - 01599336 _____ (Malwarebytes) C:\Users\Olli\Downloads\JRT(1).exe
2015-12-11 11:27 - 2015-12-11 11:27 - 00000000 ____H C:\ProgramData\cm-lock
2015-12-11 11:23 - 2015-12-09 04:39 - 00301728 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe
2015-12-11 10:58 - 2015-12-11 10:58 - 00002615 _____ C:\Users\Public\Desktop\Norton Identity Safe.LNK
2015-12-11 10:58 - 2015-12-11 10:58 - 00000000 ____D C:\WINDOWS\system32\Drivers\NSTx64
2015-12-11 10:58 - 2015-12-11 10:58 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Identity Safe
2015-12-11 10:58 - 2015-12-11 10:58 - 00000000 ____D C:\Program Files (x86)\Norton Identity Safe
2015-12-11 10:57 - 2015-12-11 11:20 - 01738240 _____ C:\Users\Olli\Downloads\AdwCleaner_5.024.exe
2015-12-10 16:32 - 2015-12-10 16:32 - 02870984 _____ (ESET) C:\Users\Olli\Downloads\esetsmartinstaller_deu(1).exe
2015-12-10 07:55 - 2015-12-10 07:56 - 00002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2015-12-10 07:55 - 2015-12-10 07:55 - 00002124 _____ C:\Users\Public\Desktop\Acrobat Reader DC.lnk
2015-12-10 07:55 - 2015-12-10 07:55 - 00000000 ____D C:\Program Files (x86)\Adobe
2015-12-09 19:58 - 2015-12-01 08:12 - 02152800 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys
2015-12-09 19:58 - 2015-11-24 13:07 - 01817160 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2015-12-09 19:58 - 2015-11-24 12:07 - 03671896 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2015-12-09 19:58 - 2015-11-24 12:06 - 01540768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2015-12-09 19:58 - 2015-11-24 11:26 - 01399224 _____ (Microsoft Corporation) C:\WINDOWS\system32\user32.dll
2015-12-09 19:58 - 2015-11-24 11:03 - 02918808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2015-12-09 19:58 - 2015-11-24 11:01 - 02756096 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.tlb
2015-12-09 19:58 - 2015-11-24 10:54 - 00007680 _____ (Microsoft Corporation) C:\WINDOWS\system32\readingviewresources.dll
2015-12-09 19:58 - 2015-11-24 10:53 - 00115200 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2015-12-09 19:58 - 2015-11-24 10:45 - 00018944 _____ (Microsoft Corporation) C:\WINDOWS\system32\wshrm.dll
2015-12-09 19:58 - 2015-11-24 10:37 - 00147968 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rmcast.sys
2015-12-09 19:58 - 2015-11-24 10:26 - 01337240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\user32.dll
2015-12-09 19:58 - 2015-11-24 10:19 - 00182784 _____ (Microsoft Corporation) C:\WINDOWS\system32\shutdownux.dll
2015-12-09 19:58 - 2015-11-24 10:12 - 00523776 _____ (Microsoft Corporation) C:\WINDOWS\system32\catsrvut.dll
2015-12-09 19:58 - 2015-11-24 09:58 - 00604672 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2015-12-09 19:58 - 2015-11-24 09:55 - 01393664 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2015-12-09 19:58 - 2015-11-24 09:54 - 02756096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.tlb
2015-12-09 19:58 - 2015-11-24 09:52 - 01717248 _____ (Microsoft Corporation) C:\WINDOWS\system32\GdiPlus.dll
2015-12-09 19:58 - 2015-11-24 09:49 - 01648640 _____ (Microsoft Corporation) C:\WINDOWS\system32\comsvcs.dll
2015-12-09 19:58 - 2015-11-24 09:27 - 03593216 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2015-12-09 19:58 - 2015-11-24 09:14 - 00415744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\catsrvut.dll
2015-12-09 19:58 - 2015-11-24 09:03 - 00503296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2015-12-09 19:58 - 2015-11-24 08:59 - 01467392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GdiPlus.dll
2015-12-09 19:58 - 2015-11-24 08:57 - 01328128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\comsvcs.dll
2015-12-09 19:58 - 2015-11-24 08:35 - 22393856 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2015-12-09 19:58 - 2015-11-24 08:29 - 02352128 _____ (Microsoft Corporation) C:\WINDOWS\system32\authui.dll
2015-12-09 19:58 - 2015-11-24 08:25 - 24601600 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2015-12-09 19:58 - 2015-11-24 08:23 - 13381120 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2015-12-09 19:58 - 2015-11-24 08:11 - 18678272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2015-12-09 19:58 - 2015-11-24 08:09 - 19338240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2015-12-09 19:58 - 2015-11-24 08:08 - 12125184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2015-12-09 19:58 - 2015-11-24 08:04 - 02155008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\authui.dll
2015-12-09 19:44 - 2015-12-09 19:58 - 00077738 _____ C:\TDSSKiller.3.1.0.7_09.12.2015_19.44.17_log.txt
2015-12-09 08:24 - 2015-12-09 19:43 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2015-12-09 08:23 - 2015-12-09 19:44 - 04398264 _____ (Kaspersky Lab ZAO) C:\Users\Olli\Downloads\tdsskiller.exe
2015-12-09 08:23 - 2015-12-09 19:43 - 00000000 ____D C:\Users\Olli\Desktop\mbar
2015-12-09 08:22 - 2015-12-09 08:23 - 16563352 _____ (Malwarebytes Corp.) C:\Users\Olli\Downloads\mbar-1.09.3.1001.exe
2015-12-08 10:49 - 2015-12-08 19:07 - 00000000 ____D C:\Users\Olli\Documents\§46
2015-12-08 09:02 - 2015-12-08 09:02 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iCloud
2015-12-08 09:01 - 2015-12-08 09:01 - 00001822 _____ C:\Users\Public\Desktop\iTunes.lnk
2015-12-08 09:01 - 2015-12-08 09:01 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2015-12-08 09:00 - 2015-12-08 09:00 - 00000000 ____D C:\Program Files\iTunes
2015-12-08 09:00 - 2015-12-08 09:00 - 00000000 ____D C:\Program Files\iPod
2015-12-08 09:00 - 2015-12-08 09:00 - 00000000 ____D C:\Program Files (x86)\iTunes
2015-12-08 08:58 - 2015-12-08 08:58 - 00000000 ____D C:\Program Files\Bonjour
2015-12-08 08:58 - 2015-12-08 08:58 - 00000000 ____D C:\Program Files (x86)\Bonjour
2015-12-08 08:56 - 2015-12-08 08:56 - 00000000 ____D C:\WINDOWS\System32\Tasks\Apple
2015-12-08 08:56 - 2015-12-08 08:56 - 00000000 ____D C:\Program Files (x86)\Apple Software Update
2015-12-07 13:00 - 2015-12-11 11:34 - 00000000 ____D C:\Users\Olli\Documents\trojaner
2015-12-07 12:58 - 2015-12-07 12:58 - 00000000 ____D C:\Users\Olli\Documents\Neuer Ordner
2015-12-07 12:53 - 2015-12-07 13:00 - 00380416 _____ C:\Users\Olli\Downloads\Gmer-19357.exe
2015-12-07 12:53 - 2015-12-07 12:54 - 00038605 _____ C:\Users\Olli\Downloads\Addition.txt
2015-12-07 12:52 - 2015-12-11 11:38 - 00017676 _____ C:\Users\Olli\Downloads\FRST.txt
2015-12-07 12:52 - 2015-12-11 11:37 - 00000000 ____D C:\FRST
2015-12-07 12:51 - 2015-12-07 12:51 - 02369024 _____ (Farbar) C:\Users\Olli\Downloads\FRST64.exe
2015-12-06 13:31 - 2015-12-11 11:27 - 00192216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2015-12-06 13:30 - 2015-12-11 08:25 - 00000000 ____D C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2015-12-06 13:30 - 2015-12-09 08:23 - 00109272 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2015-12-06 13:30 - 2015-12-06 13:30 - 00001175 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2015-12-06 13:30 - 2015-12-06 13:30 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2015-12-06 13:30 - 2015-10-05 09:50 - 00064216 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys
2015-12-06 13:30 - 2015-10-05 09:50 - 00025816 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2015-12-06 13:29 - 2015-12-06 13:30 - 22908888 _____ (Malwarebytes ) C:\Users\Olli\Downloads\mbam-setup-2.2.0.1024.exe
2015-12-06 13:06 - 2015-11-22 11:47 - 07476576 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2015-12-06 13:06 - 2015-11-22 11:47 - 02653816 _____ C:\WINDOWS\system32\CoreUIComponents.dll
2015-12-06 13:06 - 2015-11-22 11:41 - 01859448 _____ C:\WINDOWS\SysWOW64\CoreUIComponents.dll
2015-12-06 13:06 - 2015-11-22 11:41 - 01284960 _____ (Microsoft Corporation) C:\WINDOWS\system32\LicenseManager.dll
2015-12-06 13:06 - 2015-11-22 11:41 - 00026408 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
2015-12-06 13:06 - 2015-11-22 11:35 - 00538632 _____ (Microsoft Corporation) C:\WINDOWS\system32\WWanAPI.dll
2015-12-06 13:06 - 2015-11-22 11:34 - 00975200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LicenseManager.dll
2015-12-06 13:06 - 2015-11-22 11:34 - 00080600 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwapi.dll
2015-12-06 13:06 - 2015-11-22 11:33 - 00095072 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sdstor.sys
2015-12-06 13:06 - 2015-11-22 11:33 - 00058408 _____ (Microsoft Corporation) C:\WINDOWS\system32\SensorsNativeApi.dll
2015-12-06 13:06 - 2015-11-22 11:33 - 00051680 _____ (Microsoft Corporation) C:\WINDOWS\system32\SensorsUtilsV2.dll
2015-12-06 13:06 - 2015-11-22 11:30 - 00604928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2015-12-06 13:06 - 2015-11-22 11:30 - 00161632 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecpkg.sys
2015-12-06 13:06 - 2015-11-22 11:26 - 00431232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WWanAPI.dll
2015-12-06 13:06 - 2015-11-22 11:25 - 00063528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wwapi.dll
2015-12-06 13:06 - 2015-11-22 11:24 - 02772584 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d11.dll
2015-12-06 13:06 - 2015-11-22 11:20 - 00795840 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
2015-12-06 13:06 - 2015-11-22 11:19 - 00440160 _____ (Microsoft Corporation) C:\WINDOWS\system32\services.exe
2015-12-06 13:06 - 2015-11-22 11:14 - 02185840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d11.dll
2015-12-06 13:06 - 2015-11-22 11:00 - 00089088 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsCSP.dll
2015-12-06 13:06 - 2015-11-22 11:00 - 00058368 _____ (Microsoft Corporation) C:\WINDOWS\system32\MosResource.dll
2015-12-06 13:06 - 2015-11-22 10:57 - 00110592 _____ (Microsoft Corporation) C:\WINDOWS\system32\Microsoft-Windows-MapControls.dll
2015-12-06 13:06 - 2015-11-22 10:57 - 00036352 _____ (Microsoft Corporation) C:\WINDOWS\system32\UIAutomationCoreRes.dll
2015-12-06 13:06 - 2015-11-22 10:57 - 00010240 _____ (Microsoft Corporation) C:\WINDOWS\system32\Microsoft-Windows-MosTrace.dll
2015-12-06 13:06 - 2015-11-22 10:57 - 00009728 _____ (Microsoft Corporation) C:\WINDOWS\system32\Microsoft-Windows-MosHost.dll
2015-12-06 13:06 - 2015-11-22 10:56 - 01268736 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.Resources.dll
2015-12-06 13:06 - 2015-11-22 10:56 - 00064000 _____ (Microsoft Corporation) C:\WINDOWS\system32\MosHostClient.dll
2015-12-06 13:06 - 2015-11-22 10:56 - 00064000 _____ (Microsoft Corporation) C:\WINDOWS\system32\ihvrilproxy.dll
2015-12-06 13:06 - 2015-11-22 10:56 - 00055808 _____ (Microsoft Corporation) C:\WINDOWS\system32\rilproxy.dll
2015-12-06 13:06 - 2015-11-22 10:55 - 00070656 _____ (Microsoft Corporation) C:\WINDOWS\system32\XblAuthManagerProxy.dll
2015-12-06 13:06 - 2015-11-22 10:55 - 00013312 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsBtSvcProxy.dll
2015-12-06 13:06 - 2015-11-22 10:54 - 00138240 _____ (Microsoft Corporation) C:\WINDOWS\system32\ETWCoreUIComponentsResources.dll
2015-12-06 13:06 - 2015-11-22 10:54 - 00117248 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\capimg.sys
2015-12-06 13:06 - 2015-11-22 10:54 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\SensorsNativeApi.V2.dll
2015-12-06 13:06 - 2015-11-22 10:54 - 00075264 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwanprotdim.dll
2015-12-06 13:06 - 2015-11-22 10:54 - 00044032 _____ (Microsoft Corporation) C:\WINDOWS\system32\wsplib.dll
2015-12-06 13:06 - 2015-11-22 10:54 - 00032256 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups2.dll
2015-12-06 13:06 - 2015-11-22 10:54 - 00028672 _____ (Microsoft Corporation) C:\WINDOWS\system32\WordBreakers.dll
2015-12-06 13:06 - 2015-11-22 10:54 - 00028160 _____ (Microsoft Corporation) C:\WINDOWS\system32\nativemap.dll
2015-12-06 13:06 - 2015-11-22 10:54 - 00003072 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapControlStringsRes.dll
2015-12-06 13:06 - 2015-11-22 10:52 - 16984576 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2015-12-06 13:06 - 2015-11-22 10:52 - 00069632 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininetlui.dll
2015-12-06 13:06 - 2015-11-22 10:52 - 00060928 _____ (Microsoft Corporation) C:\WINDOWS\system32\XblAuthTokenBrokerExt.dll
2015-12-06 13:06 - 2015-11-22 10:52 - 00052224 _____ (Microsoft Corporation) C:\WINDOWS\system32\jsproxy.dll
2015-12-06 13:06 - 2015-11-22 10:52 - 00028672 _____ (Microsoft Corporation) C:\WINDOWS\system32\mapsupdatetask.dll
2015-12-06 13:06 - 2015-11-22 10:51 - 00157184 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmcertinst.exe
2015-12-06 13:06 - 2015-11-22 10:51 - 00119808 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsBtSvc.dll
2015-12-06 13:06 - 2015-11-22 10:51 - 00072704 _____ (Microsoft Corporation) C:\WINDOWS\system32\MosStorage.dll
2015-12-06 13:06 - 2015-11-22 10:51 - 00042496 _____ (Microsoft Corporation) C:\WINDOWS\system32\mapstoasttask.dll
2015-12-06 13:06 - 2015-11-22 10:51 - 00034304 _____ (Microsoft Corporation) C:\WINDOWS\system32\iernonce.dll
2015-12-06 13:06 - 2015-11-22 10:50 - 00074240 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssign32.dll
2015-12-06 13:06 - 2015-11-22 10:49 - 00162304 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceCensus.exe
2015-12-06 13:06 - 2015-11-22 10:49 - 00066560 _____ (Microsoft Corporation) C:\WINDOWS\system32\moshost.dll
2015-12-06 13:06 - 2015-11-22 10:49 - 00066560 _____ (Microsoft Corporation) C:\WINDOWS\system32\iesetup.dll
2015-12-06 13:06 - 2015-11-22 10:49 - 00052224 _____ (Microsoft Corporation) C:\WINDOWS\system32\Wwanpref.dll
2015-12-06 13:06 - 2015-11-22 10:48 - 00058368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MosResource.dll
2015-12-06 13:06 - 2015-11-22 10:47 - 00269824 _____ (Microsoft Corporation) C:\WINDOWS\system32\moshostcore.dll
2015-12-06 13:06 - 2015-11-22 10:46 - 00248832 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserMgrProxy.dll
2015-12-06 13:06 - 2015-11-22 10:46 - 00209920 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcmcsp.dll
2015-12-06 13:06 - 2015-11-22 10:45 - 06572032 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwanmm.dll
2015-12-06 13:06 - 2015-11-22 10:45 - 00638464 _____ (Microsoft Corporation) C:\WINDOWS\system32\enterprisecsps.dll
2015-12-06 13:06 - 2015-11-22 10:45 - 00264192 _____ (Nokia) C:\WINDOWS\system32\NmaDirect.dll
2015-12-06 13:06 - 2015-11-22 10:45 - 00220672 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2015-12-06 13:06 - 2015-11-22 10:45 - 00110592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Microsoft-Windows-MapControls.dll
2015-12-06 13:06 - 2015-11-22 10:45 - 00073728 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwancfg.dll
2015-12-06 13:06 - 2015-11-22 10:45 - 00036352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UIAutomationCoreRes.dll
2015-12-06 13:06 - 2015-11-22 10:45 - 00010240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Microsoft-Windows-MosTrace.dll
2015-12-06 13:06 - 2015-11-22 10:45 - 00009728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Microsoft-Windows-MosHost.dll
2015-12-06 13:06 - 2015-11-22 10:44 - 01268736 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.Resources.dll
2015-12-06 13:06 - 2015-11-22 10:44 - 00558080 _____ (Microsoft Corporation) C:\WINDOWS\system32\MBMediaManager.dll
2015-12-06 13:06 - 2015-11-22 10:44 - 00048640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MosHostClient.dll
2015-12-06 13:06 - 2015-11-22 10:43 - 00704000 _____ (Microsoft Corporation) C:\WINDOWS\system32\CellularAPI.dll
2015-12-06 13:06 - 2015-11-22 10:43 - 00459776 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapConfiguration.dll
2015-12-06 13:06 - 2015-11-22 10:43 - 00382464 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2015-12-06 13:06 - 2015-11-22 10:43 - 00342016 _____ (Microsoft Corporation) C:\WINDOWS\system32\SensorService.dll
2015-12-06 13:06 - 2015-11-22 10:43 - 00041984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XblAuthManagerProxy.dll
2015-12-06 13:06 - 2015-11-22 10:42 - 13017600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2015-12-06 13:06 - 2015-11-22 10:42 - 07979008 _____ (Microsoft Corporation) C:\WINDOWS\system32\mos.dll
2015-12-06 13:06 - 2015-11-22 10:42 - 00589312 _____ (Microsoft Corporation) C:\WINDOWS\system32\MbaeApi.dll
2015-12-06 13:06 - 2015-11-22 10:42 - 00168960 _____ (Microsoft Corporation) C:\WINDOWS\system32\mdmmigrator.dll
2015-12-06 13:06 - 2015-11-22 10:42 - 00138240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ETWCoreUIComponentsResources.dll
2015-12-06 13:06 - 2015-11-22 10:42 - 00024064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WordBreakers.dll
2015-12-06 13:06 - 2015-11-22 10:42 - 00003072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapControlStringsRes.dll
2015-12-06 13:06 - 2015-11-22 10:41 - 01814528 _____ (Microsoft Corporation) C:\WINDOWS\system32\pnidui.dll
2015-12-06 13:06 - 2015-11-22 10:41 - 00948224 _____ (Microsoft Corporation) C:\WINDOWS\system32\XblAuthManager.dll
2015-12-06 13:06 - 2015-11-22 10:41 - 00607232 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcmsvc.dll
2015-12-06 13:06 - 2015-11-22 10:40 - 01056256 _____ (Microsoft Corporation) C:\WINDOWS\system32\JpMapControl.dll
2015-12-06 13:06 - 2015-11-22 10:40 - 00850432 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsStore.dll
2015-12-06 13:06 - 2015-11-22 10:40 - 00465920 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwanconn.dll
2015-12-06 13:06 - 2015-11-22 10:40 - 00065536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininetlui.dll
2015-12-06 13:06 - 2015-11-22 10:40 - 00049152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XblAuthTokenBrokerExt.dll
2015-12-06 13:06 - 2015-11-22 10:39 - 02126848 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2015-12-06 13:06 - 2015-11-22 10:39 - 01713664 _____ (Microsoft Corporation) C:\WINDOWS\system32\SRHInproc.dll
2015-12-06 13:06 - 2015-11-22 10:39 - 00988160 _____ (Microsoft Corporation) C:\WINDOWS\system32\NMAA.dll
2015-12-06 13:06 - 2015-11-22 10:39 - 00957440 _____ (Microsoft Corporation) C:\WINDOWS\system32\SRH.dll
2015-12-06 13:06 - 2015-11-22 10:39 - 00938496 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapControlCore.dll
2015-12-06 13:06 - 2015-11-22 10:39 - 00870400 _____ (Microsoft Corporation) C:\WINDOWS\system32\modernexecserver.dll
2015-12-06 13:06 - 2015-11-22 10:39 - 00783360 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2015-12-06 13:06 - 2015-11-22 10:39 - 00114688 _____ (Microsoft Corporation) C:\WINDOWS\system32\offlinelsa.dll
2015-12-06 13:06 - 2015-11-22 10:39 - 00086528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapsBtSvc.dll
2015-12-06 13:06 - 2015-11-22 10:39 - 00058368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MosStorage.dll
2015-12-06 13:06 - 2015-11-22 10:39 - 00045568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jsproxy.dll
2015-12-06 13:06 - 2015-11-22 10:38 - 01223168 _____ (Microsoft Corporation) C:\WINDOWS\system32\Unistore.dll
2015-12-06 13:06 - 2015-11-22 10:38 - 01212928 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwansvc.dll
2015-12-06 13:06 - 2015-11-22 10:38 - 00912384 _____ (Microsoft Corporation) C:\WINDOWS\system32\usermgr.dll
2015-12-06 13:06 - 2015-11-22 10:38 - 00320000 _____ (Microsoft Corporation) C:\WINDOWS\system32\cryptngc.dll
2015-12-06 13:06 - 2015-11-22 10:38 - 00060928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssign32.dll
2015-12-06 13:06 - 2015-11-22 10:37 - 02624512 _____ (Microsoft Corporation) C:\WINDOWS\system32\InputService.dll
2015-12-06 13:06 - 2015-11-22 10:37 - 01395200 _____ (Microsoft Corporation) C:\WINDOWS\system32\UIAutomationCore.dll
2015-12-06 13:06 - 2015-11-22 10:37 - 00515584 _____ (Microsoft Corporation) C:\WINDOWS\system32\LogonController.dll
2015-12-06 13:06 - 2015-11-22 10:36 - 01042432 _____ (Microsoft Corporation) C:\WINDOWS\system32\BingOnlineServices.dll
2015-12-06 13:06 - 2015-11-22 10:34 - 02843136 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdp.dll
2015-12-06 13:06 - 2015-11-22 10:34 - 00345600 _____ (Microsoft Corporation) C:\WINDOWS\system32\TextInputFramework.dll
2015-12-06 13:06 - 2015-11-22 10:34 - 00175616 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Core.TextInput.dll
2015-12-06 13:06 - 2015-11-22 10:34 - 00166912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserMgrProxy.dll
2015-12-06 13:06 - 2015-11-22 10:34 - 00108544 _____ (Microsoft Corporation) C:\WINDOWS\system32\InputLocaleManager.dll
2015-12-06 13:06 - 2015-11-22 10:34 - 00075264 _____ (Microsoft Corporation) C:\WINDOWS\system32\EditBufferTestHook.dll
2015-12-06 13:06 - 2015-11-22 10:33 - 02587136 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFMediaEngine.dll
2015-12-06 13:06 - 2015-11-22 10:33 - 00205824 _____ (Nokia) C:\WINDOWS\SysWOW64\NmaDirect.dll
2015-12-06 13:06 - 2015-11-22 10:32 - 00346112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapConfiguration.dll
2015-12-06 13:06 - 2015-11-22 10:32 - 00340480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PlayToDevice.dll
2015-12-06 13:06 - 2015-11-22 10:32 - 00334848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2015-12-06 13:06 - 2015-11-22 10:31 - 07199232 _____ (Microsoft Corporation) C:\WINDOWS\system32\BingMaps.dll
2015-12-06 13:06 - 2015-11-22 10:31 - 00470528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MbaeApi.dll
2015-12-06 13:06 - 2015-11-22 10:31 - 00416768 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmenrollengine.dll
2015-12-06 13:06 - 2015-11-22 10:30 - 02598400 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetworkMobileSettings.dll
2015-12-06 13:06 - 2015-11-22 10:29 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\JpMapControl.dll
2015-12-06 13:06 - 2015-11-22 10:28 - 01734656 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2015-12-06 13:06 - 2015-11-22 10:28 - 01443328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SRHInproc.dll
2015-12-06 13:06 - 2015-11-22 10:28 - 01387008 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2015-12-06 13:06 - 2015-11-22 10:28 - 00948224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Unistore.dll
2015-12-06 13:06 - 2015-11-22 10:28 - 00870400 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpncore.dll
2015-12-06 13:06 - 2015-11-22 10:28 - 00793600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SRH.dll
2015-12-06 13:06 - 2015-11-22 10:28 - 00784896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NMAA.dll
2015-12-06 13:06 - 2015-11-22 10:28 - 00686592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2015-12-06 13:06 - 2015-11-22 10:28 - 00100864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\offlinelsa.dll
2015-12-06 13:06 - 2015-11-22 10:27 - 03993600 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_nt.dll
2015-12-06 13:06 - 2015-11-22 10:27 - 02049024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2015-12-06 13:06 - 2015-11-22 10:27 - 01944576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InputService.dll
2015-12-06 13:06 - 2015-11-22 10:27 - 00711680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapControlCore.dll
2015-12-06 13:06 - 2015-11-22 10:27 - 00241664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cryptngc.dll
2015-12-06 13:06 - 2015-11-22 10:27 - 00160768 _____ (Microsoft Corporation) C:\WINDOWS\system32\enrollmentapi.dll
2015-12-06 13:06 - 2015-11-22 10:26 - 03355136 _____ (Microsoft Corporation) C:\WINDOWS\system32\msftedit.dll
2015-12-06 13:06 - 2015-11-22 10:26 - 01139200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UIAutomationCore.dll
2015-12-06 13:06 - 2015-11-22 10:26 - 00709120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BingOnlineServices.dll
2015-12-06 13:06 - 2015-11-22 10:26 - 00421888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LogonController.dll
2015-12-06 13:06 - 2015-11-22 10:25 - 06297088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mos.dll
2015-12-06 13:06 - 2015-11-22 10:25 - 02280448 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2015-12-06 13:06 - 2015-11-22 10:25 - 00133632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Core.TextInput.dll
2015-12-06 13:06 - 2015-11-22 10:24 - 02647552 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2015-12-06 13:06 - 2015-11-22 10:24 - 01995264 _____ (Microsoft Corporation) C:\WINDOWS\system32\ActiveSyncProvider.dll
2015-12-06 13:06 - 2015-11-22 10:24 - 00245760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TextInputFramework.dll
2015-12-06 13:06 - 2015-11-22 10:24 - 00083456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InputLocaleManager.dll
2015-12-06 13:06 - 2015-11-22 10:24 - 00059904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\EditBufferTestHook.dll
2015-12-06 13:06 - 2015-11-22 10:23 - 05202944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BingMaps.dll
2015-12-06 13:06 - 2015-11-22 10:20 - 01860096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cdp.dll
2015-12-06 13:06 - 2015-11-22 10:19 - 02064384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFMediaEngine.dll
2015-12-06 13:06 - 2015-11-22 10:18 - 01505280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2015-12-06 13:06 - 2015-11-22 10:18 - 00697856 _____ (Microsoft Corporation) C:\WINDOWS\system32\PlayToManager.dll
2015-12-06 13:06 - 2015-11-22 10:18 - 00458752 _____ (Microsoft Corporation) C:\WINDOWS\system32\PlayToDevice.dll
2015-12-06 13:06 - 2015-11-22 10:17 - 02680320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msftedit.dll
2015-12-06 13:06 - 2015-11-22 10:17 - 02121216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2015-12-06 13:06 - 2015-11-22 10:16 - 01706496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ActiveSyncProvider.dll
2015-12-06 13:06 - 2015-11-22 10:11 - 00517632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PlayToManager.dll
2015-12-04 09:36 - 2015-12-04 09:36 - 04377145 _____ C:\Users\Olli\Downloads\Unbenannte_Nachricht.zip
2015-12-04 09:27 - 2015-12-04 09:36 - 00000000 ____D C:\Users\Olli\Documents\ebay
2015-12-01 08:48 - 2015-11-21 07:21 - 00809312 _____ (Microsoft Corporation) C:\WINDOWS\system32\WWAHost.exe
2015-12-01 08:48 - 2015-11-21 07:02 - 00704352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WWAHost.exe
2015-12-01 08:48 - 2015-11-21 06:44 - 00204800 _____ (Microsoft Corporation) C:\WINDOWS\system32\Microsoft-Windows-AppModelExecEvents.dll
2015-12-01 08:48 - 2015-11-21 06:29 - 00286720 _____ (Microsoft Corporation) C:\WINDOWS\system32\deviceaccess.dll
2015-12-01 08:48 - 2015-11-21 06:07 - 00227840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\deviceaccess.dll
2015-11-29 14:05 - 2015-11-29 14:05 - 00065296 _____ C:\Users\Olli\Documents\schroeder_3.pdf
2015-11-29 14:05 - 2015-11-29 14:05 - 00065296 _____ C:\Users\Olli\Documents\Scan_20151129 (4).pdf
2015-11-29 14:04 - 2015-11-29 14:04 - 00032483 _____ C:\Users\Olli\Documents\schroeder_2.pdf
2015-11-29 14:04 - 2015-11-29 14:04 - 00032483 _____ C:\Users\Olli\Documents\Scan_20151129 (3).pdf
2015-11-29 14:03 - 2015-11-29 14:03 - 00039627 _____ C:\Users\Olli\Documents\schroeder_1.pdf
2015-11-29 14:03 - 2015-11-29 14:03 - 00039627 _____ C:\Users\Olli\Documents\Scan_20151129 (2).pdf
2015-11-29 14:01 - 2015-11-29 14:01 - 00048665 _____ C:\Users\Olli\Documents\VG_Kosten.pdf
2015-11-29 14:00 - 2015-11-29 14:00 - 00048665 _____ C:\Users\Olli\Documents\Scan_20151129.pdf
2015-11-29 08:17 - 2015-12-11 11:28 - 00000000 ___RD C:\Users\Olli\iCloudDrive
2015-11-29 08:17 - 2015-12-08 09:02 - 00000000 ____D C:\Users\Olli\AppData\Local\Apple Inc
2015-11-29 08:16 - 2015-12-08 08:10 - 00003496 _____ C:\WINDOWS\System32\Tasks\Apple Diagnostics
2015-11-27 12:23 - 2015-11-27 12:23 - 00030246 _____ C:\Users\Olli\Documents\Scan_Wnf.pdf
2015-11-27 12:22 - 2015-11-27 12:22 - 00030246 _____ C:\Users\Olli\Documents\Scan_20151127.pdf
2015-11-23 10:48 - 2015-11-23 10:48 - 00000000 ____D C:\WINDOWS\system32\SleepStudy
2015-11-23 10:31 - 2015-11-23 10:31 - 00000000 ____D C:\Users\Olli\AppData\Local\PeerDistRepub
2015-11-22 11:27 - 2015-11-22 11:27 - 00000000 ____D C:\Users\Olli\AppData\Local\MicrosoftEdge
2015-11-22 09:15 - 2015-11-22 09:16 - 00002355 _____ C:\Users\Olli\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2015-11-22 09:15 - 2015-11-22 09:16 - 00000000 ___RD C:\Users\Olli\OneDrive
2015-11-22 09:14 - 2015-11-22 09:14 - 00000000 ____D C:\ProgramData\Microsoft OneDrive
2015-11-22 09:13 - 2015-11-22 09:13 - 00000000 ____D C:\Users\Olli\AppData\Local\Publishers
2015-11-22 09:12 - 2015-11-22 09:12 - 00000000 ____D C:\Users\Olli\AppData\Local\ActiveSync
2015-11-22 09:11 - 2015-11-22 09:11 - 00000000 ____D C:\Users\Olli\AppData\Local\Comms
2015-11-22 09:10 - 2015-11-22 09:10 - 00000000 ____D C:\Users\Olli\AppData\Local\TileDataLayer
2015-11-22 09:09 - 2015-11-22 09:09 - 00000020 ___SH C:\Users\Olli\ntuser.ini
2015-11-22 08:21 - 2015-11-22 08:21 - 00000000 _SHDL C:\Users\Default\Vorlagen
2015-11-22 08:21 - 2015-11-22 08:21 - 00000000 _SHDL C:\Users\Default\Startmenü
2015-11-22 08:21 - 2015-11-22 08:21 - 00000000 _SHDL C:\Users\Default\Netzwerkumgebung
2015-11-22 08:21 - 2015-11-22 08:21 - 00000000 _SHDL C:\Users\Default\Lokale Einstellungen
2015-11-22 08:21 - 2015-11-22 08:21 - 00000000 _SHDL C:\Users\Default\Eigene Dateien
2015-11-22 08:21 - 2015-11-22 08:21 - 00000000 _SHDL C:\Users\Default\Druckumgebung
2015-11-22 08:21 - 2015-11-22 08:21 - 00000000 _SHDL C:\Users\Default\Documents\Eigene Videos
2015-11-22 08:21 - 2015-11-22 08:21 - 00000000 _SHDL C:\Users\Default\Documents\Eigene Musik
2015-11-22 08:21 - 2015-11-22 08:21 - 00000000 _SHDL C:\Users\Default\Documents\Eigene Bilder
2015-11-22 08:21 - 2015-11-22 08:21 - 00000000 _SHDL C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2015-11-22 08:21 - 2015-11-22 08:21 - 00000000 _SHDL C:\Users\Default\AppData\Local\Verlauf
2015-11-22 08:21 - 2015-11-22 08:21 - 00000000 _SHDL C:\Users\Default\AppData\Local\Anwendungsdaten
2015-11-22 08:21 - 2015-11-22 08:21 - 00000000 _SHDL C:\Users\Default\Anwendungsdaten
2015-11-22 08:21 - 2015-11-22 08:21 - 00000000 _SHDL C:\Users\Default User\Documents\Eigene Videos
2015-11-22 08:21 - 2015-11-22 08:21 - 00000000 _SHDL C:\Users\Default User\Documents\Eigene Musik
2015-11-22 08:21 - 2015-11-22 08:21 - 00000000 _SHDL C:\Users\Default User\Documents\Eigene Bilder
2015-11-22 08:21 - 2015-11-22 08:21 - 00000000 _SHDL C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2015-11-22 08:21 - 2015-11-22 08:21 - 00000000 _SHDL C:\Users\Default User\AppData\Local\Verlauf
2015-11-22 08:21 - 2015-11-22 08:21 - 00000000 _SHDL C:\Users\Default User\AppData\Local\Anwendungsdaten
2015-11-22 08:21 - 2015-11-22 08:21 - 00000000 ____D C:\ProgramData\USOShared
2015-11-22 08:19 - 2015-11-22 08:19 - 00022960 _____ C:\WINDOWS\system32\emptyregdb.dat
2015-11-22 08:18 - 2015-12-11 11:26 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2015-11-22 08:13 - 2015-12-11 11:33 - 01799166 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2015-11-22 08:04 - 2015-11-22 08:04 - 00001576 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2015-11-22 08:04 - 2015-11-22 08:04 - 00000000 ____D C:\Users\Default\AppData\Roaming\ATI
2015-11-22 08:04 - 2015-11-22 08:04 - 00000000 ____D C:\Users\Default\AppData\Local\ATI
2015-11-22 08:04 - 2015-11-22 08:04 - 00000000 ____D C:\Users\Default User\AppData\Roaming\ATI
2015-11-22 08:04 - 2015-11-22 08:04 - 00000000 ____D C:\Users\Default User\AppData\Local\ATI
2015-11-22 07:59 - 2015-11-22 07:59 - 00000000 ____D C:\WINDOWS\system32\config\bbimigrate
2015-11-22 07:58 - 2015-12-02 03:32 - 00000000 ____D C:\Users\Olli
2015-11-22 07:58 - 2015-11-22 07:58 - 00000000 _SHDL C:\Users\Olli\Vorlagen
2015-11-22 07:58 - 2015-11-22 07:58 - 00000000 _SHDL C:\Users\Olli\Startmenü
2015-11-22 07:58 - 2015-11-22 07:58 - 00000000 _SHDL C:\Users\Olli\Netzwerkumgebung
2015-11-22 07:58 - 2015-11-22 07:58 - 00000000 _SHDL C:\Users\Olli\Lokale Einstellungen
2015-11-22 07:58 - 2015-11-22 07:58 - 00000000 _SHDL C:\Users\Olli\Eigene Dateien
2015-11-22 07:58 - 2015-11-22 07:58 - 00000000 _SHDL C:\Users\Olli\Druckumgebung
2015-11-22 07:58 - 2015-11-22 07:58 - 00000000 _SHDL C:\Users\Olli\Documents\Eigene Videos
2015-11-22 07:58 - 2015-11-22 07:58 - 00000000 _SHDL C:\Users\Olli\Documents\Eigene Musik
2015-11-22 07:58 - 2015-11-22 07:58 - 00000000 _SHDL C:\Users\Olli\Documents\Eigene Bilder
2015-11-22 07:58 - 2015-11-22 07:58 - 00000000 _SHDL C:\Users\Olli\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2015-11-22 07:58 - 2015-11-22 07:58 - 00000000 _SHDL C:\Users\Olli\AppData\Local\Verlauf
2015-11-22 07:58 - 2015-11-22 07:58 - 00000000 _SHDL C:\Users\Olli\AppData\Local\Anwendungsdaten
2015-11-22 07:58 - 2015-11-22 07:58 - 00000000 _SHDL C:\Users\Olli\Anwendungsdaten
2015-11-22 07:55 - 2015-11-22 08:00 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD Catalyst Control Center
2015-11-22 07:55 - 2015-11-22 07:55 - 00000000 ____D C:\Program Files\ATI Technologies
2015-11-22 07:54 - 2015-11-22 08:01 - 00000000 ____D C:\WINDOWS\SysWOW64\sda
2015-11-22 07:54 - 2015-11-22 08:00 - 00000000 ____D C:\ProgramData\Package Cache
2015-11-22 07:54 - 2015-11-22 07:55 - 00000000 ____D C:\Program Files (x86)\ATI Technologies
2015-11-22 07:54 - 2015-11-22 07:54 - 00000000 ____D C:\Program Files\Common Files\ATI Technologies
2015-11-22 07:54 - 2015-11-22 07:54 - 00000000 ____D C:\Program Files\Common Files\Atheros
2015-11-22 07:54 - 2015-11-22 07:54 - 00000000 ____D C:\Program Files (x86)\Genesyslogic
2015-11-22 07:54 - 2015-11-22 07:54 - 00000000 _____ C:\WINDOWS\ativpsrm.bin
2015-11-22 07:53 - 2015-11-22 08:00 - 00000000 ____D C:\Program Files\AMD
2015-11-22 07:53 - 2015-10-30 08:17 - 02718208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PrintConfig.dll
2015-11-22 07:51 - 2015-11-22 07:51 - 00000000 ____H C:\WINDOWS\system32\Drivers\Msft_User_WpdFs_01_11_00.Wdf
2015-11-22 07:50 - 2015-12-10 03:34 - 00244680 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2015-11-22 07:49 - 2015-11-22 12:00 - 00000000 ___DC C:\WINDOWS\Panther
2015-11-22 07:46 - 2015-11-22 07:46 - 22572632 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2015-11-22 07:46 - 2015-11-22 07:46 - 21125408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2015-11-22 07:46 - 2015-11-22 07:46 - 11545088 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2015-11-22 07:46 - 2015-11-22 07:46 - 09918976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2015-11-22 07:46 - 2015-11-22 07:46 - 02544264 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
2015-11-22 07:46 - 2015-11-22 07:46 - 02444288 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.appcore.dll
2015-11-22 07:46 - 2015-11-22 07:46 - 02179584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll
2015-11-22 07:46 - 2015-11-22 07:46 - 02001408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.appcore.dll
2015-11-22 07:46 - 2015-11-22 07:46 - 01063424 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2015-11-22 07:46 - 2015-11-22 07:46 - 00969728 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
2015-11-22 07:46 - 2015-11-22 07:46 - 00911648 _____ (Microsoft Corporation) C:\WINDOWS\system32\dcomp.dll
2015-11-22 07:46 - 2015-11-22 07:46 - 00803840 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2015-11-22 07:46 - 2015-11-22 07:46 - 00791552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll
2015-11-22 07:46 - 2015-11-22 07:46 - 00698208 _____ (Microsoft Corporation) C:\WINDOWS\system32\wimgapi.dll
2015-11-22 07:46 - 2015-11-22 07:46 - 00675064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dcomp.dll
2015-11-22 07:46 - 2015-11-22 07:46 - 00674816 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.dll
2015-11-22 07:46 - 2015-11-22 07:46 - 00647168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2015-11-22 07:46 - 2015-11-22 07:46 - 00630632 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontdrvhost.exe
2015-11-22 07:46 - 2015-11-22 07:46 - 00623616 _____ (Microsoft Corporation) C:\WINDOWS\system32\PhoneProviders.dll
2015-11-22 07:46 - 2015-11-22 07:46 - 00586208 _____ (Microsoft Corporation) C:\WINDOWS\system32\mf.dll
2015-11-22 07:46 - 2015-11-22 07:46 - 00586080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wimgapi.dll
2015-11-22 07:46 - 2015-11-22 07:46 - 00578912 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\afd.sys
2015-11-22 07:46 - 2015-11-22 07:46 - 00543232 _____ (Microsoft Corporation) C:\WINDOWS\system32\StoreAgent.dll
2015-11-22 07:46 - 2015-11-22 07:46 - 00540752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontdrvhost.exe
2015-11-22 07:46 - 2015-11-22 07:46 - 00536768 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSes.dll
2015-11-22 07:46 - 2015-11-22 07:46 - 00523616 _____ (Microsoft Corporation) C:\WINDOWS\system32\wimserv.exe
2015-11-22 07:46 - 2015-11-22 07:46 - 00517632 _____ (Microsoft Corporation) C:\WINDOWS\system32\winspool.drv
2015-11-22 07:46 - 2015-11-22 07:46 - 00516544 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEng.dll
2015-11-22 07:46 - 2015-11-22 07:46 - 00511320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mf.dll
2015-11-22 07:46 - 2015-11-22 07:46 - 00497664 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmkvsrcsnk.dll
2015-11-22 07:46 - 2015-11-22 07:46 - 00490496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.dll
2015-11-22 07:46 - 2015-11-22 07:46 - 00454056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioEng.dll
2015-11-22 07:46 - 2015-11-22 07:46 - 00450560 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Bluetooth.dll
2015-11-22 07:46 - 2015-11-22 07:46 - 00414720 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcastdvr.exe
2015-11-22 07:46 - 2015-11-22 07:46 - 00409088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\StoreAgent.dll
2015-11-22 07:46 - 2015-11-22 07:46 - 00408128 _____ (Microsoft Corporation) C:\WINDOWS\system32\AUDIOKSE.dll
2015-11-22 07:46 - 2015-11-22 07:46 - 00405048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioSes.dll
2015-11-22 07:46 - 2015-11-22 07:46 - 00400896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winspool.drv
2015-11-22 07:46 - 2015-11-22 07:46 - 00382464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmkvsrcsnk.dll
2015-11-22 07:46 - 2015-11-22 07:46 - 00369912 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiodg.exe
2015-11-22 07:46 - 2015-11-22 07:46 - 00366224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AUDIOKSE.dll
2015-11-22 07:46 - 2015-11-22 07:46 - 00365568 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\atmfd.dll
2015-11-22 07:46 - 2015-11-22 07:46 - 00334736 _____ (Microsoft Corporation) C:\WINDOWS\system32\policymanager.dll
2015-11-22 07:46 - 2015-11-22 07:46 - 00334336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\bcastdvr.exe
2015-11-22 07:46 - 2015-11-22 07:46 - 00315904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Internal.Bluetooth.dll
2015-11-22 07:46 - 2015-11-22 07:46 - 00303104 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\atmfd.dll
2015-11-22 07:46 - 2015-11-22 07:46 - 00296488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\policymanager.dll
2015-11-22 07:46 - 2015-11-22 07:46 - 00292352 _____ (Microsoft Corporation) C:\WINDOWS\system32\provengine.dll
2015-11-22 07:46 - 2015-11-22 07:46 - 00286208 _____ (Microsoft Corporation) C:\WINDOWS\system32\provhandlers.dll
2015-11-22 07:46 - 2015-11-22 07:46 - 00275456 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll
2015-11-22 07:46 - 2015-11-22 07:46 - 00245848 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfps.dll
2015-11-22 07:46 - 2015-11-22 07:46 - 00231936 _____ (Microsoft Corporation) C:\WINDOWS\system32\KnobsCore.dll
2015-11-22 07:46 - 2015-11-22 07:46 - 00198656 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallAgent.exe
2015-11-22 07:46 - 2015-11-22 07:46 - 00192000 _____ (Microsoft Corporation) C:\WINDOWS\system32\provisioningcsp.dll
2015-11-22 07:46 - 2015-11-22 07:46 - 00165376 _____ (Microsoft Corporation) C:\WINDOWS\system32\provdatastore.dll
2015-11-22 07:46 - 2015-11-22 07:46 - 00163328 _____ (Microsoft Corporation) C:\WINDOWS\system32\provops.dll
2015-11-22 07:46 - 2015-11-22 07:46 - 00162304 _____ (Microsoft Corporation) C:\WINDOWS\system32\tetheringservice.dll
2015-11-22 07:46 - 2015-11-22 07:46 - 00160768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallAgent.exe
2015-11-22 07:46 - 2015-11-22 07:46 - 00122368 _____ (Microsoft Corporation) C:\WINDOWS\system32\KnobsCsp.dll
2015-11-22 07:46 - 2015-11-22 07:46 - 00118624 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tdx.sys
2015-11-22 07:46 - 2015-11-22 07:46 - 00118272 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontsub.dll
2015-11-22 07:46 - 2015-11-22 07:46 - 00116728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfps.dll
2015-11-22 07:46 - 2015-11-22 07:46 - 00110032 _____ (Microsoft Corporation) C:\WINDOWS\system32\EncDump.dll
2015-11-22 07:46 - 2015-11-22 07:46 - 00093696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontsub.dll
2015-11-22 07:46 - 2015-11-22 07:46 - 00092352 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2015-11-22 07:46 - 2015-11-22 07:46 - 00089600 _____ (Microsoft Corporation) C:\WINDOWS\system32\NFCProvisioningPlugin.dll
2015-11-22 07:46 - 2015-11-22 07:46 - 00088392 _____ (Microsoft Corporation) C:\WINDOWS\system32\remoteaudioendpoint.dll
2015-11-22 07:46 - 2015-11-22 07:46 - 00087040 _____ (Microsoft Corporation) C:\WINDOWS\system32\tzautoupdate.dll
2015-11-22 07:46 - 2015-11-22 07:46 - 00086528 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppCapture.dll
2015-11-22 07:46 - 2015-11-22 07:46 - 00078336 _____ (Microsoft Corporation) C:\WINDOWS\system32\BarcodeProvisioningPlugin.dll
2015-11-22 07:46 - 2015-11-22 07:46 - 00077312 _____ (Microsoft Corporation) C:\WINDOWS\system32\ProvPluginEng.dll
2015-11-22 07:46 - 2015-11-22 07:46 - 00073360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\remoteaudioendpoint.dll
2015-11-22 07:46 - 2015-11-22 07:46 - 00070656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppCapture.dll
2015-11-22 07:46 - 2015-11-22 07:46 - 00056320 _____ (Microsoft Corporation) C:\WINDOWS\system32\provtool.exe
2015-11-22 07:46 - 2015-11-22 07:46 - 00052736 _____ (Microsoft Corporation) C:\WINDOWS\system32\tetheringclient.dll
2015-11-22 07:46 - 2015-11-22 07:46 - 00052736 _____ (Microsoft Corporation) C:\WINDOWS\system32\RemovableMediaProvisioningPlugin.dll
2015-11-22 07:46 - 2015-11-22 07:46 - 00045568 _____ (Adobe Systems) C:\WINDOWS\system32\atmlib.dll
2015-11-22 07:46 - 2015-11-22 07:46 - 00043520 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcastdvr.proxy.dll
2015-11-22 07:46 - 2015-11-22 07:46 - 00037376 _____ (Microsoft Corporation) C:\WINDOWS\system32\LaunchWinApp.exe
2015-11-22 07:46 - 2015-11-22 07:46 - 00037376 _____ (Adobe Systems) C:\WINDOWS\SysWOW64\atmlib.dll
2015-11-22 07:46 - 2015-11-22 07:46 - 00035680 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wimmount.sys
2015-11-22 07:46 - 2015-11-22 07:46 - 00035656 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfpmp.exe
2015-11-22 07:46 - 2015-11-22 07:46 - 00032040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfpmp.exe
2015-11-22 07:46 - 2015-11-22 07:46 - 00030720 _____ (Microsoft Corporation) C:\WINDOWS\system32\tetheringconfigsp.dll
2015-11-22 07:46 - 2015-11-22 07:46 - 00029696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LaunchWinApp.exe
2015-11-22 07:46 - 2015-11-22 07:46 - 00028160 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Management.Provisioning.ProxyStub.dll
2015-11-22 07:46 - 2015-11-22 07:46 - 00027136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\bcastdvr.proxy.dll
2015-11-22 07:46 - 2015-11-22 07:46 - 00017408 _____ (Microsoft Corporation) C:\WINDOWS\system32\IcsEntitlementHost.exe
2015-11-22 07:46 - 2015-11-22 07:46 - 00014336 _____ (Microsoft Corporation) C:\WINDOWS\system32\dciman32.dll
2015-11-22 07:46 - 2015-11-22 07:46 - 00011776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dciman32.dll
2015-11-22 07:46 - 2015-11-22 07:46 - 00003072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\lpk.dll
2015-11-22 07:46 - 2015-11-22 07:46 - 00003072 _____ (Microsoft Corporation) C:\WINDOWS\system32\lpk.dll
2015-11-22 07:46 - 2015-11-22 07:46 - 00000000 ____D C:\Windows.old
2015-11-22 07:44 - 2015-11-22 07:44 - 00008192 _____ C:\WINDOWS\system32\config\userdiff
2015-11-22 07:42 - 2015-11-22 07:42 - 00000000 ____D C:\WINDOWS\SysWOW64\XPSViewer
2015-11-22 07:42 - 2015-11-22 07:42 - 00000000 ____D C:\Program Files\Reference Assemblies
2015-11-22 07:42 - 2015-11-22 07:42 - 00000000 ____D C:\Program Files\MSBuild
2015-11-22 07:42 - 2015-11-22 07:42 - 00000000 ____D C:\Program Files (x86)\Reference Assemblies
2015-11-22 07:42 - 2015-11-22 07:42 - 00000000 ____D C:\Program Files (x86)\MSBuild
2015-11-22 07:42 - 2015-10-23 17:47 - 00778936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PresentationNative_v0300.dll
2015-11-22 07:42 - 2015-10-23 17:47 - 00103120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2015-11-22 07:42 - 2015-10-23 17:47 - 00035480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TsWpfWrp.exe
2015-11-22 07:42 - 2015-10-23 17:46 - 01166520 _____ (Microsoft Corporation) C:\WINDOWS\system32\PresentationNative_v0300.dll
2015-11-22 07:42 - 2015-10-23 17:46 - 00035480 _____ (Microsoft Corporation) C:\WINDOWS\system32\TsWpfWrp.exe
2015-11-22 07:42 - 2015-10-23 17:45 - 00124624 _____ (Microsoft Corporation) C:\WINDOWS\system32\PresentationCFFRasterizerNative_v0300.dll
2015-11-22 07:27 - 2015-11-22 08:20 - 00009528 _____ C:\WINDOWS\diagwrn.xml
2015-11-22 07:27 - 2015-11-22 08:20 - 00009528 _____ C:\WINDOWS\diagerr.xml
2015-11-16 14:08 - 2015-11-16 14:08 - 00000517 _____ C:\Users\Olli\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FalloutLauncher.lnk
2015-11-14 18:30 - 2015-11-14 18:30 - 00178800 _____ (Sony DADC Austria AG.) C:\WINDOWS\SysWOW64\CmdLineExt_x64.dll
2015-11-14 18:30 - 2015-11-14 18:30 - 00000000 ____D C:\Users\Olli\Documents\My Games
2015-11-14 18:30 - 2015-11-14 18:30 - 00000000 ____D C:\Users\Olli\AppData\Local\Fallout3
2015-11-14 18:20 - 2015-11-14 18:20 - 00000000 ____D C:\Program Files (x86)\Bethesda Softworks
2015-11-14 18:03 - 2015-11-22 08:02 - 00000000 ____D C:\WINDOWS\SysWOW64\xlive
2015-11-13 10:04 - 2015-11-22 08:04 - 00000000 ____D C:\Users\Olli\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox

==================== Ein Monat: Geänderte Dateien und Ordner ========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)

2015-12-11 11:33 - 2015-10-30 19:35 - 00775524 _____ C:\WINDOWS\system32\perfh007.dat
2015-12-11 11:33 - 2015-10-30 19:35 - 00155338 _____ C:\WINDOWS\system32\perfc007.dat
2015-12-11 11:33 - 2015-10-30 08:21 - 00000000 ____D C:\WINDOWS\INF
2015-12-11 11:28 - 2014-06-16 10:49 - 00000000 ___RD C:\Users\Olli\Dropbox
2015-12-11 11:28 - 2014-06-16 10:46 - 00000000 ____D C:\Users\Olli\AppData\Roaming\Dropbox
2015-12-11 11:26 - 2015-10-30 07:28 - 00524288 ___SH C:\WINDOWS\system32\config\BBI
2015-12-11 11:25 - 2014-06-19 12:34 - 00000000 ____D C:\AdwCleaner
2015-12-11 11:24 - 2015-10-30 08:24 - 00000000 ___HD C:\Program Files\WindowsApps
2015-12-11 11:24 - 2015-10-30 08:24 - 00000000 ____D C:\WINDOWS\AppReadiness
2015-12-11 11:22 - 2013-11-22 10:50 - 00000884 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2015-12-11 11:17 - 2013-11-15 10:44 - 00000000 ____D C:\ProgramData\Norton
2015-12-11 11:17 - 2013-11-15 10:41 - 00000000 ____D C:\Program Files (x86)\NortonInstaller
2015-12-11 11:02 - 2015-10-30 08:24 - 00000000 ___HD C:\WINDOWS\ELAMBKUP
2015-12-11 11:02 - 2015-10-30 07:28 - 00032768 ___SH C:\WINDOWS\system32\config\ELAM
2015-12-11 10:57 - 2015-06-22 11:46 - 00001246 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskUserS-1-5-21-2064884263-2734367825-3749686348-1001UA.job
2015-12-11 08:25 - 2015-06-03 08:01 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2015-12-11 08:24 - 2015-08-11 12:37 - 00000000 ____D C:\Program Files (x86)\PDF Architect 3
2015-12-10 20:27 - 2013-11-15 09:39 - 00004164 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{38DC09B8-B1AF-4E73-8090-2527DDB7D131}
2015-12-10 19:57 - 2015-06-22 11:46 - 00001194 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskUserS-1-5-21-2064884263-2734367825-3749686348-1001Core.job
2015-12-10 07:56 - 2014-12-24 12:11 - 00003972 _____ C:\WINDOWS\System32\Tasks\Adobe Acrobat Update Task
2015-12-10 07:54 - 2013-12-06 13:11 - 00000000 ____D C:\ProgramData\Adobe
2015-12-10 03:47 - 2015-10-30 08:11 - 00000000 ____D C:\WINDOWS\CbsTemp
2015-12-10 03:41 - 2014-02-26 09:13 - 00000000 ____D C:\Users\Olli\AppData\Local\CrashDumps
2015-12-10 03:31 - 2015-10-30 08:24 - 00000000 ____D C:\WINDOWS\system32\oobe
2015-12-10 03:31 - 2014-06-17 12:17 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2015-12-09 20:15 - 2014-06-17 12:17 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2015-12-09 20:14 - 2014-06-17 12:17 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2015-12-09 08:22 - 2013-11-22 10:50 - 00003870 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2015-12-09 08:19 - 2013-11-16 16:40 - 00000000 ____D C:\Users\Olli\AppData\Local\Apple Computer
2015-12-08 15:08 - 2015-10-12 13:15 - 00000000 ____D C:\Users\Olli\Documents\38b
2015-12-08 15:07 - 2015-10-10 10:49 - 00000000 ____D C:\Users\Olli\Documents\38a
2015-12-08 09:02 - 2013-11-16 16:40 - 00000000 ____D C:\Users\Olli\AppData\Roaming\Apple Computer
2015-12-08 09:00 - 2013-11-16 16:39 - 00000000 ____D C:\Program Files\Common Files\Apple
2015-12-08 08:56 - 2013-11-16 16:39 - 00002535 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
2015-12-07 12:54 - 2015-10-30 07:28 - 00000000 ____D C:\Windows
2015-12-07 11:15 - 2015-10-30 08:24 - 00000000 ____D C:\WINDOWS\rescache
2015-12-07 11:01 - 2015-10-30 08:24 - 00000000 ____D C:\WINDOWS\TAPI
2015-12-07 10:59 - 2015-10-30 08:24 - 00000000 ____D C:\WINDOWS\system32\SystemResetPlatform
2015-12-06 12:46 - 2014-12-27 17:46 - 00000000 ____D C:\Program Files (x86)\Steam
2015-12-04 11:29 - 2014-01-13 10:42 - 00000000 ____D C:\Users\Olli\AppData\Roaming\vlc
2015-12-04 11:22 - 2014-04-06 14:36 - 00000000 ____D C:\Users\Olli\dwhelper
2015-12-01 01:33 - 2015-10-30 08:26 - 00826872 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2015-12-01 01:33 - 2015-10-30 08:26 - 00176632 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2015-11-29 08:17 - 2013-11-16 16:39 - 00000000 ____D C:\Users\Olli\AppData\Local\Apple
2015-11-27 12:07 - 2014-03-01 12:11 - 00000000 ___RD C:\Users\Olli\Documents\Scanned Documents
2015-11-27 08:33 - 2015-10-30 08:24 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2015-11-27 08:32 - 2013-11-15 10:25 - 00000000 ____D C:\Program Files\Microsoft Office 15
2015-11-23 08:36 - 2015-10-30 08:24 - 00000000 ____D C:\WINDOWS\appcompat
2015-11-22 19:12 - 2015-10-30 08:24 - 00000000 ____D C:\WINDOWS\system32\NDF
2015-11-22 09:30 - 2013-11-15 09:35 - 00000000 ____D C:\Users\Olli\AppData\Local\Packages
2015-11-22 09:29 - 2015-10-30 08:24 - 00000000 ___RD C:\WINDOWS\DevicesFlow
2015-11-22 09:11 - 2015-10-30 08:24 - 00000000 ___RD C:\WINDOWS\PurchaseDialog
2015-11-22 09:11 - 2015-10-30 08:24 - 00000000 ___RD C:\WINDOWS\PrintDialog
2015-11-22 09:11 - 2015-10-30 08:24 - 00000000 ___RD C:\WINDOWS\MiracastView
2015-11-22 09:11 - 2015-10-30 08:24 - 00000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2015-11-22 09:10 - 2013-11-20 11:40 - 00000000 __RHD C:\Users\Public\AccountPictures
2015-11-22 08:21 - 2015-10-30 08:24 - 00000000 ____D C:\WINDOWS\system32\WinBioDatabase
2015-11-22 08:21 - 2015-10-30 08:24 - 00000000 ____D C:\ProgramData\USOPrivate
2015-11-22 08:21 - 2015-10-30 08:24 - 00000000 ____D C:\Program Files\Windows NT
2015-11-22 08:19 - 2015-10-30 08:24 - 00000000 ____D C:\WINDOWS\Registration
2015-11-22 08:18 - 2015-06-22 11:46 - 00003694 _____ C:\WINDOWS\System32\Tasks\DropboxUpdateTaskUserS-1-5-21-2064884263-2734367825-3749686348-1001UA
2015-11-22 08:18 - 2015-06-22 11:46 - 00003422 _____ C:\WINDOWS\System32\Tasks\DropboxUpdateTaskUserS-1-5-21-2064884263-2734367825-3749686348-1001Core
2015-11-22 08:18 - 2015-04-22 20:34 - 00002052 _____ C:\WINDOWS\System32\Tasks\{1316A33A-0917-4EF1-8048-BCC5D925C46C}
2015-11-22 08:18 - 2014-10-17 18:35 - 00002378 _____ C:\WINDOWS\System32\Tasks\dd
2015-11-22 08:18 - 2013-11-15 09:40 - 00002812 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2064884263-2734367825-3749686348-1001
2015-11-22 08:16 - 2015-10-30 08:24 - 00000000 __RHD C:\Users\Public\Libraries
2015-11-22 08:04 - 2015-09-17 07:40 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\World of Warships
2015-11-22 08:04 - 2015-08-20 12:11 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nero
2015-11-22 08:04 - 2015-08-11 12:38 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDF Architect 3
2015-11-22 08:04 - 2015-08-11 12:36 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDFCreator
2015-11-22 08:04 - 2015-08-08 09:48 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CDex
2015-11-22 08:04 - 2015-07-23 12:10 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVDVideoSoft
2015-11-22 08:04 - 2015-01-13 13:54 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WISO Steuer-Sparbuch 2015
2015-11-22 08:04 - 2014-12-29 12:58 - 00000000 ____D C:\Users\Olli\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2015-11-22 08:04 - 2014-12-27 17:46 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam
2015-11-22 08:04 - 2014-11-25 17:24 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2015-11-22 08:04 - 2014-11-05 11:02 - 00000000 ____D C:\Users\Olli\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\World of Tanks
2015-11-22 08:04 - 2014-10-01 15:04 - 00000000 ____D C:\Users\Olli\AppData\Roaming\Microsoft\Windows\Start Menu\OMC ModPack Client
2015-11-22 08:04 - 2014-09-02 07:46 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
2015-11-22 08:04 - 2014-08-08 18:21 - 00000000 ____D C:\Users\Olli\AppData\Roaming\Microsoft\Windows\Start Menu\OMC ModPack
2015-11-22 08:04 - 2014-07-25 11:10 - 00000000 ____D C:\Users\Olli\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\GameShadow
2015-11-22 08:04 - 2014-01-13 10:42 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
2015-11-22 08:04 - 2014-01-08 12:10 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WISO Steuer-Sparbuch 2014
2015-11-22 08:04 - 2013-12-20 21:37 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Crysis 3
2015-11-22 08:04 - 2013-12-20 16:51 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Origin
2015-11-22 08:04 - 2013-11-30 15:43 - 00000000 ____D C:\Users\Olli\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinUAE
2015-11-22 08:04 - 2013-11-21 09:18 - 00000000 ____D C:\Users\Olli\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\C. H. Beck
2015-11-22 08:04 - 2013-11-15 10:26 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
2015-11-22 08:04 - 2013-11-15 09:44 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FRITZ!WLAN
2015-11-22 08:04 - 2013-08-22 14:36 - 00000000 ____D C:\Users\Default.migrated
2015-11-22 08:01 - 2015-10-30 08:24 - 00000000 ____D C:\WINDOWS\SysWOW64\Macromed
2015-11-22 08:01 - 2015-10-30 08:24 - 00000000 ____D C:\WINDOWS\system32\spool
2015-11-22 08:01 - 2015-10-30 08:24 - 00000000 ____D C:\WINDOWS\system32\InputMethod
2015-11-22 08:01 - 2014-05-28 15:39 - 00000000 ____D C:\WINDOWS\SysWOW64\Adobe
2015-11-22 08:01 - 2013-08-22 16:36 - 00000000 ____D C:\WINDOWS\system32\WindowsInternal.Inbox.Shared
2015-11-22 08:01 - 2013-08-22 16:36 - 00000000 ____D C:\WINDOWS\system32\WindowsInternal.Inbox.Media.Shared
2015-11-22 08:00 - 2015-10-30 08:24 - 00000000 ____D C:\WINDOWS\LiveKernelReports
2015-11-22 08:00 - 2015-10-30 08:24 - 00000000 ____D C:\WINDOWS\InputMethod
2015-11-22 08:00 - 2015-10-30 08:24 - 00000000 ____D C:\WINDOWS\Cursors
2015-11-22 08:00 - 2015-10-30 08:24 - 00000000 ____D C:\Program Files\Common Files\microsoft shared
2015-11-22 08:00 - 2014-01-19 23:01 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EIZO
2015-11-22 08:00 - 2013-12-08 16:46 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Games
2015-11-22 08:00 - 2013-11-16 17:21 - 00000000 ____D C:\WINDOWS\system32\appmgmt
2015-11-22 08:00 - 2013-08-22 16:36 - 00000000 ____D C:\WINDOWS\MediaViewer
2015-11-22 08:00 - 2013-08-22 16:36 - 00000000 ____D C:\WINDOWS\ADFS
2015-11-22 07:57 - 2015-10-30 07:28 - 00000000 ____D C:\WINDOWS\system32\Sysprep
2015-11-22 07:54 - 2013-11-15 18:56 - 00000000 ____D C:\AMD
2015-11-22 07:50 - 2015-10-30 19:58 - 00000000 ____D C:\WINDOWS\ServiceProfiles
2015-11-22 07:49 - 2015-10-30 08:24 - 00028672 _____ C:\WINDOWS\system32\config\BCD-Template
2015-11-22 07:46 - 2015-10-30 08:24 - 00000000 ____D C:\WINDOWS\system32\appraiser
2015-11-22 07:46 - 2015-10-30 08:24 - 00000000 ____D C:\WINDOWS\Provisioning
2015-11-22 07:46 - 2015-10-30 07:28 - 00000000 ____D C:\WINDOWS\SysWOW64\Dism
2015-11-22 07:46 - 2015-10-30 07:28 - 00000000 ____D C:\WINDOWS\system32\Dism
2015-11-22 07:42 - 2015-10-30 08:24 - 00000000 ____D C:\WINDOWS\SysWOW64\MUI
2015-11-22 07:42 - 2015-10-30 08:24 - 00000000 ____D C:\WINDOWS\system32\MUI
2015-11-22 07:42 - 2015-10-30 08:17 - 00480256 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpnet.dll
2015-11-22 07:42 - 2015-10-30 08:17 - 00395264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dpnet.dll
2015-11-22 07:42 - 2015-10-30 08:17 - 00220160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dplayx.dll
2015-11-22 07:42 - 2015-10-30 08:17 - 00069120 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpnathlp.dll
2015-11-22 07:42 - 2015-10-30 08:17 - 00061952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dpnathlp.dll
2015-11-22 07:42 - 2015-10-30 08:17 - 00047104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dpwsockx.dll
2015-11-22 07:42 - 2015-10-30 08:17 - 00027648 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpnsvr.exe
2015-11-22 07:42 - 2015-10-30 08:17 - 00025088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dpmodemx.dll
2015-11-22 07:42 - 2015-10-30 08:17 - 00023040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dpnsvr.exe
2015-11-22 07:42 - 2015-10-30 08:17 - 00020992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dplaysvr.exe
2015-11-22 07:42 - 2015-10-30 08:17 - 00010240 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpnhupnp.dll
2015-11-22 07:42 - 2015-10-30 08:17 - 00010240 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpnhpast.dll
2015-11-22 07:42 - 2015-10-30 08:17 - 00008704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dpnhupnp.dll
2015-11-22 07:42 - 2015-10-30 08:17 - 00008704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dpnhpast.dll
2015-11-22 07:42 - 2015-10-30 08:17 - 00005632 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpnlobby.dll
2015-11-22 07:42 - 2015-10-30 08:17 - 00005632 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpnaddr.dll
2015-11-22 07:42 - 2015-10-30 08:17 - 00004608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dpnlobby.dll
2015-11-22 07:42 - 2015-10-30 08:17 - 00004608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dpnaddr.dll
2015-11-22 07:27 - 2015-10-30 20:28 - 00000000 ___HD C:\$WINDOWS.~BT
2015-11-20 10:23 - 2015-10-14 09:51 - 00000000 ____D C:\Users\Olli\Documents\39a
2015-11-20 09:25 - 2013-11-21 09:20 - 00000000 ____D C:\Users\Olli\AppData\Local\xMedia
2015-11-15 04:53 - 2013-11-17 09:37 - 00000000 ____D C:\WINDOWS\system32\MRT
2015-11-15 04:43 - 2013-11-17 09:37 - 145617392 ____N (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2015-11-14 18:20 - 2014-01-08 12:08 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2015-11-14 18:06 - 2013-08-22 16:36 - 00000000 ___RD C:\WINDOWS\ToastData

==================== Dateien im Wurzelverzeichnis einiger Verzeichnisse =======

2014-01-19 22:55 - 2014-01-19 22:55 - 0000017 _____ () C:\Users\Olli\AppData\Local\resmon.resmoncfg
2015-12-11 11:27 - 2015-12-11 11:27 - 0000000 ____H () C:\ProgramData\cm-lock

Einige Dateien in TEMP:
====================
C:\Users\Olli\AppData\Local\Temp\drm_dyndata_7380006.dll
C:\Users\Olli\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpnr8dxs.dll
C:\Users\Olli\AppData\Local\Temp\kernel32.dll
C:\Users\Olli\AppData\Local\Temp\sqlite3.dll
C:\Users\Olli\AppData\Local\Temp\vlc-2.1.5-win64.exe


==================== Bamital & volsnap =================

(Es ist kein automatischer Fix für Dateien vorhanden, die an der Verifikation gescheitert sind.)

C:\WINDOWS\system32\winlogon.exe => Datei ist digital signiert
C:\WINDOWS\system32\wininit.exe => Datei ist digital signiert
C:\WINDOWS\explorer.exe => Datei ist digital signiert
C:\WINDOWS\SysWOW64\explorer.exe => Datei ist digital signiert
C:\WINDOWS\system32\svchost.exe => Datei ist digital signiert
C:\WINDOWS\SysWOW64\svchost.exe => Datei ist digital signiert
C:\WINDOWS\system32\services.exe => Datei ist digital signiert
C:\WINDOWS\system32\User32.dll => Datei ist digital signiert
C:\WINDOWS\SysWOW64\User32.dll => Datei ist digital signiert
C:\WINDOWS\system32\userinit.exe => Datei ist digital signiert
C:\WINDOWS\SysWOW64\userinit.exe => Datei ist digital signiert
C:\WINDOWS\system32\rpcss.dll => Datei ist digital signiert
C:\WINDOWS\system32\dnsapi.dll => Datei ist digital signiert
C:\WINDOWS\SysWOW64\dnsapi.dll => Datei ist digital signiert
C:\WINDOWS\system32\Drivers\volsnap.sys => Datei ist digital signiert


LastRegBack: 2015-12-10 17:02

==================== Ende von FRST.txt ============================
         
--- --- ---


[/CODE]

Alt 11.12.2015, 12:24   #10
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Gelbes "i"-Icon" mitten auf dem Desktop - Standard

Gelbes "i"-Icon" mitten auf dem Desktop



Logs IMMER vollständig posten. Das von JRT ist nicht vollständig.
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 11.12.2015, 13:06   #11
droliver
 
Gelbes "i"-Icon" mitten auf dem Desktop - Standard

jrt nochmal



Code:
ATTFilter
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.0.1 (11.24.2015)
Operating System: Windows 10 Pro x64 
Ran by Olli (Administrator) on 11.12.2015 at 11:30:45,71
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




File System: 2 

Successfully deleted: C:\Users\Olli\AppData\Roaming\Mozilla\Firefox\Profiles\i1rfvxwa.default\searchplugins\norton-safe-search.xml (File) 
Successfully deleted: C:\Users\Olli\AppData\Roaming\pdfforge (Folder) 



Registry: 2 

Successfully deleted: HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06E08260-0695-4EC1-A74B-1310D8899D93} (Registry Key)
Successfully deleted: HKLM\Software\Microsoft\Internet Explorer\Toolbar\\{2DFF3579-5AA7-45B9-9328-1D38EA230861} (Registry Value) 




~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 11.12.2015 at 11:33:56,38
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
         

Alt 11.12.2015, 14:02   #12
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Gelbes "i"-Icon" mitten auf dem Desktop - Standard

Gelbes "i"-Icon" mitten auf dem Desktop



Bitte auch ne neue Addition.txt erstellen, dazu FRST starten und einen Haken setzen bei Addition.txt, dann auf Untersuchen klicken.

__________________
Logfiles bitte immer in CODE-Tags posten

Alt 11.12.2015, 17:12   #13
droliver
 
Gelbes "i"-Icon" mitten auf dem Desktop - Standard

additio.txt



Code:
ATTFilter
Zusätzliches Untersuchungsergebnis von Farbar Recovery Scan Tool (x64) Version:09-12-2015
durchgeführt von Olli (2015-12-11 17:09:26)
Gestartet von C:\Users\Olli\Downloads
Windows 10 Pro (X64) (2015-11-22 08:09:01)
Start-Modus: Normal
==========================================================


==================== Konten: =============================

Administrator (S-1-5-21-2064884263-2734367825-3749686348-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-2064884263-2734367825-3749686348-503 - Limited - Disabled)
Gast (S-1-5-21-2064884263-2734367825-3749686348-501 - Limited - Disabled)
Olli (S-1-5-21-2064884263-2734367825-3749686348-1001 - Administrator - Enabled) => C:\Users\Olli

==================== Sicherheits-Center ========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er entfernt.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installierte Programme ======================

(Nur Adware-Programme mit dem Zusatz "Hidden" können in die Fixlist aufgenommen werden, um sie sichtbar zu machen. Die Adware-Programme sollten manuell deinstalliert werden.)

7-Zip 9.22 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0922-000001000000}) (Version: 9.22.00.0 - Igor Pavlov)
Adobe Acrobat Reader DC - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AC0F074E4100}) (Version: 15.009.20069 - Adobe Systems Incorporated)
Adobe Flash Player 20 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 20.0.0.235 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.1 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.1.1.151 - Adobe Systems, Inc.)
AMD Catalyst Control Center (HKLM-x32\...\WUCCCApp) (Version: 1.00.0000 - AMD)
AMD Catalyst Install Manager (HKLM\...\{529C5283-F484-94CA-8D10-3A69FD0776D3}) (Version: 8.0.916.0 - Advanced Micro Devices, Inc.)
Apple Application Support (32-Bit) (HKLM-x32\...\{649A1FD9-5892-46AD-8DF0-C4A43FF61CB7}) (Version: 4.1 - Apple Inc.)
Apple Application Support (64-Bit) (HKLM\...\{0DE0A178-AC7B-4650-806C-CF226DE03766}) (Version: 4.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{3540181E-340A-4E7A-B409-31663472B2F7}) (Version: 9.1.0.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{FFD1F7F1-1AC9-4BC4-A908-0686D635ABAF}) (Version: 2.1.4.131 - Apple Inc.)
Audacity 2.0.3 (HKLM-x32\...\Audacity_is1) (Version: 2.0.3 - Audacity Team)
AVM FRITZ!WLAN (HKLM-x32\...\AVMWLANCLI) (Version:  - AVM Berlin)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
CDex - Open Source Digital Audio CD Extractor (HKLM-x32\...\CDex) (Version: 1.79.0.2015 - Georgy Berdyshev)
Crysis®3 (HKLM-x32\...\{4198AE83-A3C6-4C41-85C8-EC63E990696E}) (Version: 1.0.0.0 - Electronic Arts)
Dead Space (HKLM-x32\...\{025A585C-0C66-413D-80D2-4C05CB699771}) (Version: 1.0.0.222 - Electronic Arts)
Dropbox (HKU\S-1-5-21-2064884263-2734367825-3749686348-1001\...\Dropbox) (Version: 3.10.11 - Dropbox, Inc.)
Fallout 3 (HKLM-x32\...\{974C4B12-4D02-4879-85E0-61C95CC63E9E}) (Version: 1.00.0000 - Bethesda Softworks)
flowBooks (HKU\S-1-5-21-2064884263-2734367825-3749686348-1001\...\c6697dc0670d4f07) (Version: 2.1.5.0 - C. H. Beck)
Free Audio Converter version 5.0.60.713 (HKLM-x32\...\Free Audio Converter_is1) (Version: 5.0.60.713 - DVDVideoSoft Ltd.)
GameShadow (HKLM-x32\...\{B2390904-74BD-48AA-B2CC-6612F8D46379}) (Version: 2.03.0000 - GameShadow Ltd)
iCloud (HKLM\...\{4B48E22A-2FB0-4EFA-B99E-954B1E50CD69}) (Version: 5.1.0.34 - Apple Inc.)
iTunes (HKLM\...\{E690A491-702F-4DEC-9977-C015D1DBB57C}) (Version: 12.3.1.23 - Apple Inc.)
Java 8 Update 60 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218060F0}) (Version: 8.0.600.27 - Oracle Corporation)
Malwarebytes Anti-Malware Version 2.2.0.1024 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.0.1024 - Malwarebytes)
Microsoft Age of Empires II (HKLM-x32\...\Age of Empires 2.0) (Version:  - )
Microsoft Age of Empires II: The Conquerors Expansion (HKLM-x32\...\Age of Empires II: The Conquerors Expansion 1.0) (Version:  - )
Microsoft Games for Windows - LIVE Redistributable (HKLM-x32\...\{929CE49F-1CA7-4CF3-A9A1-6D757443C63F}) (Version: 1.2.0241 - Microsoft Corporation)
Microsoft Office Home and Student 2013 - de-de (HKLM\...\HomeStudentRetail - de-de) (Version: 15.0.4771.1004 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.41105.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Visual Studio 2010-Tools für Office-Laufzeit (x64) Language Pack - DEU (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - DEU) (Version: 10.0.50903 - Microsoft Corporation)
Mozilla Firefox 38.0.5 (x86 de) (HKLM-x32\...\Mozilla Firefox 38.0.5 (x86 de)) (Version: 38.0.5 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0 - Mozilla)
Nero 2015 (HKLM-x32\...\{EF09AC51-1657-4A06-9449-B2BF1C4FB608}) (Version: 16.0.05500 - Nero AG)
Nero Info (HKLM-x32\...\{F030BFE8-8476-4C08-A553-233DE80A2BE1}) (Version: 16.0.2000 - Nero AG)
Norton Identity Safe (HKLM-x32\...\NST) (Version: 2014.7.11.42 - Symantec Corporation)
Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4771.1004 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (Version: 15.0.4771.1004 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4771.1004 - Microsoft Corporation) Hidden
OMC ModPack Client Version 1.1.3.19 (HKLM-x32\...\{E2F3187C-2B94-486F-8914-E69211487FB6}_is1) (Version: 1.1.3.19 - Odem Mortis)
Origin (HKLM-x32\...\Origin) (Version: 9.3.11.2762 - Electronic Arts, Inc.)
paint.net (HKLM\...\{DF3A46D9-67B3-44B2-9D01-25C8BA772C8A}) (Version: 4.0.6 - dotPDN LLC)
PDF Architect 3 (HKLM-x32\...\PDF Architect 3) (Version: 3.0.45.22485 - pdfforge GmbH)
PDF Architect 3 Create Module (x32 Version: 3.0.13.22993 - pdfforge GmbH) Hidden
PDF Architect 3 Edit Module (x32 Version: 3.0.13.22993 - pdfforge GmbH) Hidden
PDF Architect 3 View Module (x32 Version: 3.0.13.22993 - pdfforge GmbH) Hidden
PDFCreator (HKLM\...\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}) (Version: 2.1.2 - pdfforge)
Prerequisite installer (x32 Version: 16.0.0004 - Nero AG) Hidden
ScreenManager Pro for LCD (DDC/CI) (HKLM-x32\...\{DAB265AD-27B2-4651-B8D8-F4F3A8ECC705}) (Version: 2.4.0 - EIZO Corporation)
Silent Hunter 4 Wolves of the Pacific (HKLM-x32\...\{0D005F09-A5F4-473B-A901-5735C6AF5628}) (Version: 1.05.0000 - Ubisoft)
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.3.39 - Safer-Networking Ltd.)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
VLC media player 2.1.4 (HKLM\...\VLC media player) (Version: 2.1.4 - VideoLAN)
WinUAE 2.6.1 (HKLM-x32\...\WinUAE) (Version: 2.6.1 - Arabuusimiehet)
WISO Steuer-Sparbuch 2014 (HKLM-x32\...\{38F30616-667D-492C-85D0-AF2B63B8180D}) (Version: 21.00.8480 - Buhl Data Service GmbH)
WISO Steuer-Sparbuch 2015 (HKLM-x32\...\{1019C534-6DC9-4350-A0C6-91D337E7FA7A}) (Version: 22.00.8811 - Buhl Data Service GmbH)
Wolfenstein: The New Order German Edition (HKLM-x32\...\Steam App 288570) (Version:  - MachineGames)
World of Tanks (HKU\S-1-5-21-2064884263-2734367825-3749686348-1001\...\{1EAC1D02-C6AC-4FA6-9A44-96258C37C812EU}_is1) (Version:  - Wargaming.net)
World of Warships (HKU\S-1-5-21-2064884263-2734367825-3749686348-1001\...\{1EAC1D02-C6AC-4FA6-9A44-96258C37C814eu}_is1) (Version:  - Wargaming.net)

==================== Benutzerdefinierte CLSID (Nicht auf der Ausnahmeliste): ==========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

CustomCLSID: HKU\S-1-5-21-2064884263-2734367825-3749686348-1001_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Olli\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2064884263-2734367825-3749686348-1001_Classes\CLSID\{71DCE5D6-4B57-496B-AC21-CD5B54EB93FD}\localserver32 -> C:\Users\Olli\AppData\Local\Microsoft\OneDrive\17.3.6201.1019\FileCoAuth.exe (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2064884263-2734367825-3749686348-1001_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Users\Olli\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2064884263-2734367825-3749686348-1001_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Olli\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2064884263-2734367825-3749686348-1001_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Olli\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2064884263-2734367825-3749686348-1001_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Olli\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2064884263-2734367825-3749686348-1001_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Olli\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2064884263-2734367825-3749686348-1001_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Olli\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2064884263-2734367825-3749686348-1001_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Olli\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2064884263-2734367825-3749686348-1001_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Olli\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2064884263-2734367825-3749686348-1001_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Olli\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2064884263-2734367825-3749686348-1001_Classes\CLSID\{FBC9D74C-AF55-4309-9FB2-C426E071637F}\InprocServer32 -> C:\Users\Olli\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll (Dropbox, Inc.)

==================== Wiederherstellungspunkte =========================

22-11-2015 11:11:29 Windows Update
29-11-2015 08:21:07 Windows Modules Installer
06-12-2015 14:05:48 Windows Update
09-12-2015 20:12:04 Windows Update
09-12-2015 20:13:02 Windows Update
11-12-2015 11:30:53 JRT Pre-Junkware Removal

==================== Hosts Inhalt: ===============================

(Wenn benötigt kann der Hosts: Schalter in die Fixlist aufgenommen werden um die Hosts Datei zurückzusetzen.)

2013-08-22 14:25 - 2013-08-22 14:25 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts


==================== Geplante Aufgaben (Nicht auf der Ausnahmeliste) =============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

Task: {048021EE-8CA9-4339-8ECC-F3682C5776DD} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> Keine Datei <==== ACHTUNG
Task: {08652755-3FA4-419D-853F-95EA353824C8} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-2064884263-2734367825-3749686348-1001Core => C:\Users\Olli\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2015-06-22] (Dropbox, Inc.)
Task: {0946A34C-A3FC-4FCD-B75A-E165467DB162} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> Keine Datei <==== ACHTUNG
Task: {11ADFAF1-6369-4996-A410-AAA4121CE926} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> Keine Datei <==== ACHTUNG
Task: {133BC20C-E27A-4DB7-9149-7A997BBFEB1C} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> Keine Datei <==== ACHTUNG
Task: {14348900-713A-4EAC-8E0D-B227F91426E4} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2015-10-13] (Microsoft Corporation)
Task: {23ECF6AB-F9BD-428F-B199-F630333EC045} - System32\Tasks\dd => J:\SH4Autorun.exe
Task: {247AA18D-3238-45F9-8758-B7B67801C6A1} - \Safer-Networking\Spybot - Search and Destroy\Check for updates -> Keine Datei <==== ACHTUNG
Task: {2D37CF0D-34E8-4EA5-9032-65038DD0A5E8} - System32\Tasks\Norton Identity Safe\Norton Error Processor => C:\Program Files (x86)\Norton Identity Safe\Engine\2014.7.11.42\SymErr.exe [2014-01-30] (Symantec Corporation)
Task: {31C31276-377D-4989-8924-7CABC2C6EE9A} - System32\Tasks\Apple Diagnostics => C:\Program Files (x86)\Common Files\Apple\Internet Services\EReporter.exe [2015-12-01] (Apple Inc.)
Task: {363D35A5-7261-4788-A876-2542AD70AFEB} - \Safer-Networking\Spybot - Search and Destroy\Refresh immunization -> Keine Datei <==== ACHTUNG
Task: {415C0AB6-8F65-4C0E-BCC6-ABC58D92F5A9} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-2064884263-2734367825-3749686348-1001UA => C:\Users\Olli\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2015-06-22] (Dropbox, Inc.)
Task: {50364BDC-7B63-4446-AAC7-55DCA542D68F} - \Safer-Networking\Spybot - Search and Destroy\Scan the system -> Keine Datei <==== ACHTUNG
Task: {699F48C3-18B4-4880-806D-9B42EBE18020} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\Windows\system32\MRT.exe [2015-11-15] (Microsoft Corporation)
Task: {6A37C7A9-7EF9-4171-86C0-7283CD145D94} - System32\Tasks\{1316A33A-0917-4EF1-8048-BCC5D925C46C} => Firefox.exe hxxp://ui.skype.com/ui/0/7.0.0.102/de/abandoninstall?page=tsMain
Task: {6FDBC4E5-BB1D-46C4-AE53-1F0BA6064ED7} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-10-28] (Adobe Systems Incorporated)
Task: {7443760C-6823-4AF2-99CB-2A0A53BAB759} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> Keine Datei <==== ACHTUNG
Task: {74C2D86D-B2BD-4FD7-85D1-DAC48A5507FD} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> Keine Datei <==== ACHTUNG
Task: {90323E98-37B5-46F6-83D4-64B381F3D853} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> Keine Datei <==== ACHTUNG
Task: {904B5FFF-8AC1-4A63-AB57-5E627749B3A3} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-12-09] (Adobe Systems Incorporated)
Task: {9F5270E2-2F29-4924-9901-DCE15B229893} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2015-08-27] (Apple Inc.)
Task: {A0C03E89-E474-4E4F-8AFB-E66867D7768B} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> Keine Datei <==== ACHTUNG
Task: {B7B0D55A-D0E2-43E5-9746-E22102DC878D} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> Keine Datei <==== ACHTUNG
Task: {DC57AC50-E358-46C9-A7D7-02E2DF201D8F} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> Keine Datei <==== ACHTUNG
Task: {EC16CBB2-D3F5-4609-ADB2-4299309D887F} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> Keine Datei <==== ACHTUNG
Task: {FA3D2A98-BD04-4CFD-80F0-EAFE9E9BBF56} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2015-10-13] (Microsoft Corporation)
Task: {FF2D38D8-CD35-4CDA-85B4-A93360D70AC5} - System32\Tasks\Nero\Nero Info => C:\Program Files (x86)\Common Files\Nero\Nero Info\NeroInfo.exe [2015-06-04] (Nero AG)

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Aufgabe verschoben. Die Datei, die durch die Aufgabe gestartet wird, wird nicht verschoben.)

Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskUserS-1-5-21-2064884263-2734367825-3749686348-1001Core.job => C:\Users\Olli\AppData\Local\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskUserS-1-5-21-2064884263-2734367825-3749686348-1001UA.job => C:\Users\Olli\AppData\Local\Dropbox\Update\DropboxUpdate.exe

==================== Verknüpfungen =============================

(Die Einträge können gelistet werden, um sie zurückzusetzen oder zu entfernen.)

==================== Geladene Module (Nicht auf der Ausnahmeliste) ==============

2015-10-30 08:18 - 2015-10-30 08:18 - 00185856 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll
2014-03-19 11:03 - 2015-10-13 04:34 - 00105640 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll
2015-01-20 22:35 - 2015-01-20 22:35 - 00085832 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2015-10-13 05:45 - 2015-10-13 05:45 - 01328912 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2015-12-06 13:06 - 2015-11-22 11:47 - 02653816 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
2015-12-06 13:06 - 2015-11-22 11:47 - 02653816 _____ () C:\WINDOWS\System32\CoreUIComponents.dll
2015-10-30 08:17 - 2015-10-30 08:17 - 00093696 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\Windows.UI.Shell.SharedUtilities.dll
2015-10-30 08:17 - 2015-10-30 08:17 - 00472064 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\QuickActions.dll
2015-12-06 13:06 - 2015-11-22 10:23 - 08005632 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2015-12-06 13:06 - 2015-11-22 10:18 - 00591360 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2015-12-06 13:06 - 2015-11-22 10:19 - 02483200 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2015-12-06 13:06 - 2015-11-22 10:21 - 04089856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2014-01-20 13:17 - 2014-01-20 13:17 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2015-10-13 05:45 - 2015-10-13 05:45 - 00237328 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxslt.dll
2015-10-13 05:46 - 2015-10-13 05:46 - 01040144 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2015-11-18 18:14 - 2015-09-16 14:25 - 00043520 _____ () C:\Games\World_of_Tanks\voip.dll
2014-11-05 12:31 - 2014-10-29 15:57 - 00323568 _____ () C:\Games\World_of_Tanks\ortp.dll
2014-11-05 12:31 - 2014-10-29 15:57 - 20656128 _____ () C:\Games\World_of_Tanks\res\awesomium\awesomium.dll

==================== Alternate Data Streams (Nicht auf der Ausnahmeliste) =========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird nur der ADS entfernt.)

AlternateDataStreams: C:\Program Files\ATI Technologies:Win32App_1
AlternateDataStreams: C:\Program Files\Bonjour:Win32App_1
AlternateDataStreams: C:\Program Files\iTunes:Win32App_1
AlternateDataStreams: C:\Program Files\Microsoft Office 15:Win32App_1
AlternateDataStreams: C:\Program Files\Microsoft Silverlight:Win32App_1
AlternateDataStreams: C:\Program Files (x86)\AMD:Win32App_1
AlternateDataStreams: C:\Program Files (x86)\Apple Software Update:Win32App_1
AlternateDataStreams: C:\Program Files (x86)\ATI Technologies:Win32App_1
AlternateDataStreams: C:\Program Files (x86)\Audacity:Win32App_1
AlternateDataStreams: C:\Program Files (x86)\Bonjour:Win32App_1
AlternateDataStreams: C:\Program Files (x86)\DVDVideoSoft:Win32App_1
AlternateDataStreams: C:\Program Files (x86)\ Malwarebytes Anti-Malware :Win32App_1
AlternateDataStreams: C:\Program Files (x86)\Mozilla Firefox:Win32App_1
AlternateDataStreams: C:\Program Files (x86)\Nero:Win32App_1
AlternateDataStreams: C:\Program Files (x86)\Norton Identity Safe:Win32App_1
AlternateDataStreams: C:\Program Files (x86)\OMC ModPack Client:Win32App_1
AlternateDataStreams: C:\Program Files (x86)\Origin:Win32App_1
AlternateDataStreams: C:\Program Files (x86)\PDF Architect 3:Win32App_1
AlternateDataStreams: C:\WINDOWS\SysWOW64\Adobe:Win32App_1
AlternateDataStreams: C:\ProgramData\Nero:Win32App_1
AlternateDataStreams: C:\ProgramData\regid.1991-06.com.microsoft:Win32App_1
AlternateDataStreams: C:\Users\Olli\Documents\GameShadow:Win32App_1
AlternateDataStreams: C:\Users\Olli\Documents\Pass.jpg:3or4kl4x13tuuug3Byamue2s4b
AlternateDataStreams: C:\Users\Olli\Documents\Pass.jpg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}

==================== Abgesicherter Modus (Nicht auf der Ausnahmeliste) ===================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Der Wert "AlternateShell" wird wiederhergestellt.)


==================== EXE Verknüpfungen (Nicht auf der Ausnahmeliste) ===============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt.)


==================== Internet Explorer Vertrauenswürdig/Eingeschränkt ===============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt.)

IE trusted site: HKU\S-1-5-21-2064884263-2734367825-3749686348-1001\...\localhost -> localhost
IE trusted site: HKU\S-1-5-21-2064884263-2734367825-3749686348-1001\...\webcompanion.com -> hxxp://webcompanion.com

==================== Andere Bereiche ============================

(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)

HKU\S-1-5-21-2064884263-2734367825-3749686348-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Olli\AppData\Roaming\Mozilla\Firefox\Desktop-Hintergrund.bmp
DNS Servers: 192.168.178.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall ist aktiviert.

==================== MSCONFIG/TASK MANAGER Deaktivierte Einträge ==

(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)

HKLM\...\StartupApproved\StartupFolder: => "WISO Mein Steuer-Sparbuch heute.lnk"

==================== Firewall Regeln (Nicht auf der Ausnahmeliste) ===============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{20066768-E390-4E2F-B900-2F55D7FA5F82}] => (Allow) C:\Games\World_of_Warships\WorldofWarships.exe
FirewallRules: [{45B7BC43-9C35-40E5-8089-8F40A90133EE}] => (Allow) C:\Games\World_of_Warships\WoWSLauncher.exe
FirewallRules: [{77F83601-5134-43B2-97AB-ECF3297C462D}] => (Allow) C:\Games\World_of_Warships\WorldofWarships.exe
FirewallRules: [{E548713B-9CB9-45B6-A129-962D30FCD3FE}] => (Allow) C:\Games\World_of_Warships\WoWSLauncher.exe
FirewallRules: [{9EF06A25-8083-411F-86FC-521ECBBE1DC8}] => (Allow) C:\Program Files (x86)\Nero\Nero 2015\Nero Burning ROM\nero.exe
FirewallRules: [{B75D6D3B-61E0-4792-96C4-918612071A3C}] => (Allow) C:\Program Files (x86)\Nero\KM\NMDllHost.exe
FirewallRules: [{3F4A1856-10E5-4B52-8448-D381AEB09589}] => (Allow) C:\Program Files (x86)\Nero\Nero 2015\Nero Burning ROM\StartNBR.exe
FirewallRules: [{F1B4E685-F782-418E-8D24-7EF468D2B4CD}] => (Allow) C:\Program Files (x86)\Nero\Nero Blu-ray Player\Blu-rayPlayer.exe
FirewallRules: [{47E00029-EE7A-403B-BEFF-D6DD6801D8CC}] => (Allow) C:\Program Files (x86)\Nero\Nero Blu-ray Player\Blu-rayPlayer.exe
FirewallRules: [{6F96B644-31F6-415F-9933-8C1420B9B4B5}] => (Allow) C:\Program Files (x86)\Raptr\raptr_im.exe
FirewallRules: [{42D5247B-B90F-49CA-8F54-CA3DD3D16683}] => (Allow) C:\Program Files (x86)\Raptr\raptr_im.exe
FirewallRules: [{B241BDFC-BB94-4B98-8D95-381B93667D05}] => (Allow) C:\Program Files (x86)\Raptr\raptr.exe
FirewallRules: [{545E370D-D2E8-4A6D-A1B2-D45F8C994742}] => (Allow) C:\Program Files (x86)\Raptr\raptr.exe
FirewallRules: [{7EB0765F-69FB-45F9-92CA-1247AEDAF75B}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{9AE74AF9-EE47-47B9-9073-1378BE3502B6}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{BBCEDAE0-AAF3-4921-B59A-70E6E9A94F34}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Wolfenstein.The.New.Order.DE\WolfNewOrder_x64.exe
FirewallRules: [{AF995768-BBE7-4319-9ABC-9520899FE615}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Wolfenstein.The.New.Order.DE\WolfNewOrder_x64.exe
FirewallRules: [{88D32A88-7CD0-4418-B84B-97E7B447978D}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{021B0E64-FACF-4604-AC47-136739595B84}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{816D4BC6-D967-4A5A-AC53-42087567BA9D}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{25B06855-F487-411F-BC31-D21C7A6CFE7F}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{C4E21FE7-BE32-4B8E-BE28-BEDD97C03D29}] => (Allow) C:\Program Files (x86)\OMC ModPack Client\OMC ModPack Client.exe
FirewallRules: [{5B77FB8D-E65A-4AEC-8A5D-89BF77151D7B}] => (Allow) C:\Users\Olli\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{DD9E75C9-E93B-42A8-946F-381971A35093}] => (Allow) C:\Users\Olli\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{F7217FA6-F8D3-40EA-961A-B2BE7A9FF062}] => (Allow) C:\Program Files (x86)\Origin Games\Dead Space\Dead Space.exe
FirewallRules: [{D52755E6-D2FB-4CDC-908A-7D545FF098F0}] => (Allow) C:\Program Files (x86)\Origin Games\Dead Space\Dead Space.exe
FirewallRules: [UDP Query User{923D5072-E22E-4EF3-894D-6438BDC7FF68}C:\games\world_of_tanks\worldoftanks.exe] => (Allow) C:\games\world_of_tanks\worldoftanks.exe
FirewallRules: [TCP Query User{49536261-873B-411D-BF36-6C9A82040BF5}C:\games\world_of_tanks\worldoftanks.exe] => (Allow) C:\games\world_of_tanks\worldoftanks.exe
FirewallRules: [{13411610-A8B0-416D-8A2C-25270C409C19}] => (Allow) C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe
FirewallRules: [{F7755706-1555-40A4-A034-E3D4CDCAD3C3}] => (Allow) C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe
FirewallRules: [{F762CA9F-1800-4B7B-89AC-46B967D3F7A6}] => (Allow) C:\Program Files (x86)\Origin Games\Crysis 3\Bin32\Crysis3.exe
FirewallRules: [{91563244-F5DA-44CB-8829-5BD81393F4CC}] => (Allow) C:\Program Files (x86)\Origin Games\Crysis 3\Bin32\Crysis3.exe
FirewallRules: [{9485E974-6A15-4243-B5B2-BEACFA751D78}] => (Allow) C:\Users\Olli\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe
FirewallRules: [{769E697C-6EFE-4B8D-8D6C-C4BB7956AEF3}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{766DBFDA-AC48-4119-8922-5A55B0155454}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{C9CF26A4-6084-490D-ABA5-2F332FD14A92}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{BFD1C057-467C-4169-AA05-036A2FEC28F3}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{41054C10-436D-4858-98E4-090A7A395A76}] => (Allow) C:\Program Files\iTunes\iTunes.exe
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe] => Enabled:Spybot - Search & Destroy tray access
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe] => Enabled:Spybot-S&D 2 Scanner Service
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe] => Enabled:Spybot-S&D 2 Updater
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe] => Enabled:Spybot-S&D 2 Background update service

==================== Fehlerhafte Geräte im Gerätemanager =============


==================== Fehlereinträge in der Ereignisanzeige: =========================

Applikationsfehler:
==================
Error: (12/11/2015 11:31:34 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Fehler beim Kryptografiedienst während der Verarbeitung des "OnIdentity()"-Aufrufobjekts "System Writer".

Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft-Verbindungsschichterkennungsprotokoll.

System Error:
Zugriff verweigert
.

Error: (12/11/2015 11:29:12 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.0_none_8c15ae12515e1c22.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.0_none_8c15ae12515e1c22.manifest2" in Zeile C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.0_none_8c15ae12515e1c22.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.0_none_8c15ae12515e1c22.manifest.
Komponente 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.0_none_d3c2e4e965da4528.manifest.

Error: (12/11/2015 08:04:10 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 7271500

Error: (12/11/2015 08:04:10 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 7271500

Error: (12/11/2015 08:04:10 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (12/11/2015 08:04:08 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 7270125

Error: (12/11/2015 08:04:08 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 7270125

Error: (12/11/2015 08:04:08 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (12/11/2015 08:04:07 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 7268828

Error: (12/11/2015 08:04:07 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 7268828


Systemfehler:
=============
Error: (12/11/2015 12:40:18 PM) (Source: DCOM) (EventID: 10010) (User: NT-AUTORITÄT)
Description: {F3B4E234-7A68-4E43-B813-E4BA55A065F6}

Error: (12/11/2015 11:58:06 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT-AUTORITÄT)
Description: Installationsfehler: Die Installation des folgenden Updates ist mit Fehler 0x80246013 fehlgeschlagen: Windows-Tool zum Entfernen bösartiger Software für Windows 8, 8.1, 10 und Windows Server 2012, 2012 R2 x64 Edition - Dezember 2015 (KB890830)

Error: (12/11/2015 11:32:02 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Norton Identity Safe" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 120000 Millisekunden durchgeführt: Neustart des Diensts.

Error: (12/11/2015 11:26:02 AM) (Source: DCOM) (EventID: 10010) (User: OllisDesktop)
Description: {9E175B6D-F52A-11D8-B9A5-505054503030}

Error: (12/11/2015 11:25:57 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Synchronisierungshost_2bab3" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 10000 Millisekunden durchgeführt: Neustart des Diensts.

Error: (12/11/2015 11:25:57 AM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT)
Description: AnwendungsspezifischLokalAktivierung{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT-AUTORITÄTSYSTEMS-1-5-18LocalHost (unter Verwendung von LRPC)Nicht verfügbarNicht verfügbar

Error: (12/11/2015 11:25:48 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "PDF Architect 3 Creator" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (12/11/2015 11:25:48 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Nero Update" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (12/11/2015 11:25:48 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "iPod-Dienst" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (12/11/2015 11:25:48 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Windows Search" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 30000 Millisekunden durchgeführt: Neustart des Diensts.


CodeIntegrity:
===================================
  Date: 2015-12-11 13:50:31.868
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-12-11 13:50:31.837
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-12-11 13:50:31.829
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-12-11 13:50:31.790
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-12-11 13:50:31.780
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-12-11 13:50:31.683
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-12-11 13:50:31.674
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-12-11 13:50:31.614
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-12-11 13:50:31.579
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-12-11 13:50:31.571
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.


==================== Speicherinformationen =========================== 

Prozessor: Intel(R) Core(TM) i5-2400 CPU @ 3.10GHz
Prozentuale Nutzung des RAM: 55%
Installierter physikalischer RAM: 6120.88 MB
Verfügbarer physikalischer RAM: 2714.35 MB
Summe virtueller Speicher: 7144.88 MB
Verfügbarer virtueller Speicher: 3148.15 MB

==================== Laufwerke ================================

Drive c: () (Fixed) (Total:930.73 GB) (Free:641.66 GB) NTFS
Drive i: (USB DISK) (Removable) (Total:14.73 GB) (Free:13.68 GB) FAT32
Drive j: (Fallout 3) (CDROM) (Total:5.6 GB) (Free:0 GB) UDF

==================== MBR & Partitionstabelle ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 3DA520A8)
Partition 1: (Active) - (Size=350 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=930.7 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=450 MB) - (Type=27)

========================================================
Disk: 1 (MBR Code: Windows XP) (Size: 14.7 GB) (Disk ID: C3072E18)
Partition 1: (Not Active) - (Size=14.7 GB) - (Type=0C)

==================== Ende von Addition.txt ============================
         

Alt 11.12.2015, 23:12   #14
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Gelbes "i"-Icon" mitten auf dem Desktop - Standard

Gelbes "i"-Icon" mitten auf dem Desktop



FRST-Fix

Virenscanner jetzt bitte komplett deaktivieren, damit sichergestellt ist, dass der Fix sauber durchläuft!


Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:
ATTFilter
SearchScopes: HKLM-x32 -> DefaultScope Wert fehlt
SearchScopes: HKU\S-1-5-21-2064884263-2734367825-3749686348-1001 -> DefaultScope {B21B4164-A234-4450-8F50-3D8D20B7B7D7} URL = 
Task: {048021EE-8CA9-4339-8ECC-F3682C5776DD} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> Keine Datei <==== ACHTUNG
Task: {0946A34C-A3FC-4FCD-B75A-E165467DB162} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> Keine Datei <==== ACHTUNG
Task: {11ADFAF1-6369-4996-A410-AAA4121CE926} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> Keine Datei <==== ACHTUNG
Task: {133BC20C-E27A-4DB7-9149-7A997BBFEB1C} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> Keine Datei <==== ACHTUNG
Task: {247AA18D-3238-45F9-8758-B7B67801C6A1} - \Safer-Networking\Spybot - Search and Destroy\Check for updates -> Keine Datei <==== ACHTUNG
Task: {363D35A5-7261-4788-A876-2542AD70AFEB} - \Safer-Networking\Spybot - Search and Destroy\Refresh immunization -> Keine Datei <==== ACHTUNG
Task: {50364BDC-7B63-4446-AAC7-55DCA542D68F} - \Safer-Networking\Spybot - Search and Destroy\Scan the system -> Keine Datei <==== ACHTUNG
Task: {7443760C-6823-4AF2-99CB-2A0A53BAB759} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> Keine Datei <==== ACHTUNG
Task: {74C2D86D-B2BD-4FD7-85D1-DAC48A5507FD} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> Keine Datei <==== ACHTUNG
Task: {90323E98-37B5-46F6-83D4-64B381F3D853} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> Keine Datei <==== ACHTUNG
Task: {A0C03E89-E474-4E4F-8AFB-E66867D7768B} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> Keine Datei <==== ACHTUNG
Task: {B7B0D55A-D0E2-43E5-9746-E22102DC878D} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> Keine Datei <==== ACHTUNG
Task: {DC57AC50-E358-46C9-A7D7-02E2DF201D8F} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> Keine Datei <==== ACHTUNG
Task: {EC16CBB2-D3F5-4609-ADB2-4299309D887F} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> Keine Datei <==== ACHTUNG
AlternateDataStreams: C:\Program Files\ATI Technologies:Win32App_1
AlternateDataStreams: C:\Program Files\Bonjour:Win32App_1
AlternateDataStreams: C:\Program Files\iTunes:Win32App_1
AlternateDataStreams: C:\Program Files\Microsoft Office 15:Win32App_1
AlternateDataStreams: C:\Program Files\Microsoft Silverlight:Win32App_1
AlternateDataStreams: C:\Program Files (x86)\AMD:Win32App_1
AlternateDataStreams: C:\Program Files (x86)\Apple Software Update:Win32App_1
AlternateDataStreams: C:\Program Files (x86)\ATI Technologies:Win32App_1
AlternateDataStreams: C:\Program Files (x86)\Audacity:Win32App_1
AlternateDataStreams: C:\Program Files (x86)\Bonjour:Win32App_1
AlternateDataStreams: C:\Program Files (x86)\DVDVideoSoft:Win32App_1
AlternateDataStreams: C:\Program Files (x86)\  Malwarebytes Anti-Malware  :Win32App_1
AlternateDataStreams: C:\Program Files (x86)\Mozilla Firefox:Win32App_1
AlternateDataStreams: C:\Program Files (x86)\Nero:Win32App_1
AlternateDataStreams: C:\Program Files (x86)\Norton Identity Safe:Win32App_1
AlternateDataStreams: C:\Program Files (x86)\OMC ModPack Client:Win32App_1
AlternateDataStreams: C:\Program Files (x86)\Origin:Win32App_1
AlternateDataStreams: C:\Program Files (x86)\PDF Architect 3:Win32App_1
AlternateDataStreams: C:\WINDOWS\SysWOW64\Adobe:Win32App_1
AlternateDataStreams: C:\ProgramData\Nero:Win32App_1
AlternateDataStreams: C:\ProgramData\regid.1991-06.com.microsoft:Win32App_1
AlternateDataStreams: C:\Users\Olli\Documents\GameShadow:Win32App_1
AlternateDataStreams: C:\Users\Olli\Documents\Pass.jpg:3or4kl4x13tuuug3Byamue2s4b
AlternateDataStreams: C:\Users\Olli\Documents\Pass.jpg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
C:\ProgramData\cm-lock
C:\Windows.old
emptytemp:
         

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
  • Starte nun FRST erneut und klicke den Entfernen Button.
  • Das Tool erstellt eine Fixlog.txt.
  • Poste mir deren Inhalt.

__________________
Logfiles bitte immer in CODE-Tags posten

Alt 12.12.2015, 07:29   #15
droliver
 
Gelbes "i"-Icon" mitten auf dem Desktop - Standard

Gelbes "i"-Icon" mitten auf dem Desktop



Code:
ATTFilter
Entferungsergebnis von Farbar Recovery Scan Tool (x64) Version:09-12-2015
durchgeführt von Olli (2015-12-12 07:20:07) Run:1
Gestartet von C:\Users\Olli\Downloads
Geladene Profile: Olli (Verfügbare Profile: Olli)
Start-Modus: Normal
==============================================

fixlist Inhalt:
*****************
SearchScopes: HKLM-x32 -> DefaultScope Wert fehlt
SearchScopes: HKU\S-1-5-21-2064884263-2734367825-3749686348-1001 -> DefaultScope {B21B4164-A234-4450-8F50-3D8D20B7B7D7} URL = 
Task: {048021EE-8CA9-4339-8ECC-F3682C5776DD} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> Keine Datei <==== ACHTUNG
Task: {0946A34C-A3FC-4FCD-B75A-E165467DB162} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> Keine Datei <==== ACHTUNG
Task: {11ADFAF1-6369-4996-A410-AAA4121CE926} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> Keine Datei <==== ACHTUNG
Task: {133BC20C-E27A-4DB7-9149-7A997BBFEB1C} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> Keine Datei <==== ACHTUNG
Task: {247AA18D-3238-45F9-8758-B7B67801C6A1} - \Safer-Networking\Spybot - Search and Destroy\Check for updates -> Keine Datei <==== ACHTUNG
Task: {363D35A5-7261-4788-A876-2542AD70AFEB} - \Safer-Networking\Spybot - Search and Destroy\Refresh immunization -> Keine Datei <==== ACHTUNG
Task: {50364BDC-7B63-4446-AAC7-55DCA542D68F} - \Safer-Networking\Spybot - Search and Destroy\Scan the system -> Keine Datei <==== ACHTUNG
Task: {7443760C-6823-4AF2-99CB-2A0A53BAB759} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> Keine Datei <==== ACHTUNG
Task: {74C2D86D-B2BD-4FD7-85D1-DAC48A5507FD} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> Keine Datei <==== ACHTUNG
Task: {90323E98-37B5-46F6-83D4-64B381F3D853} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> Keine Datei <==== ACHTUNG
Task: {A0C03E89-E474-4E4F-8AFB-E66867D7768B} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> Keine Datei <==== ACHTUNG
Task: {B7B0D55A-D0E2-43E5-9746-E22102DC878D} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> Keine Datei <==== ACHTUNG
Task: {DC57AC50-E358-46C9-A7D7-02E2DF201D8F} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> Keine Datei <==== ACHTUNG
Task: {EC16CBB2-D3F5-4609-ADB2-4299309D887F} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> Keine Datei <==== ACHTUNG
AlternateDataStreams: C:\Program Files\ATI Technologies:Win32App_1
AlternateDataStreams: C:\Program Files\Bonjour:Win32App_1
AlternateDataStreams: C:\Program Files\iTunes:Win32App_1
AlternateDataStreams: C:\Program Files\Microsoft Office 15:Win32App_1
AlternateDataStreams: C:\Program Files\Microsoft Silverlight:Win32App_1
AlternateDataStreams: C:\Program Files (x86)\AMD:Win32App_1
AlternateDataStreams: C:\Program Files (x86)\Apple Software Update:Win32App_1
AlternateDataStreams: C:\Program Files (x86)\ATI Technologies:Win32App_1
AlternateDataStreams: C:\Program Files (x86)\Audacity:Win32App_1
AlternateDataStreams: C:\Program Files (x86)\Bonjour:Win32App_1
AlternateDataStreams: C:\Program Files (x86)\DVDVideoSoft:Win32App_1
AlternateDataStreams: C:\Program Files (x86)\   Malwarebytes Anti-Malware   :Win32App_1
AlternateDataStreams: C:\Program Files (x86)\Mozilla Firefox:Win32App_1
AlternateDataStreams: C:\Program Files (x86)\Nero:Win32App_1
AlternateDataStreams: C:\Program Files (x86)\Norton Identity Safe:Win32App_1
AlternateDataStreams: C:\Program Files (x86)\OMC ModPack Client:Win32App_1
AlternateDataStreams: C:\Program Files (x86)\Origin:Win32App_1
AlternateDataStreams: C:\Program Files (x86)\PDF Architect 3:Win32App_1
AlternateDataStreams: C:\WINDOWS\SysWOW64\Adobe:Win32App_1
AlternateDataStreams: C:\ProgramData\Nero:Win32App_1
AlternateDataStreams: C:\ProgramData\regid.1991-06.com.microsoft:Win32App_1
AlternateDataStreams: C:\Users\Olli\Documents\GameShadow:Win32App_1
AlternateDataStreams: C:\Users\Olli\Documents\Pass.jpg:3or4kl4x13tuuug3Byamue2s4b
AlternateDataStreams: C:\Users\Olli\Documents\Pass.jpg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
C:\ProgramData\cm-lock
C:\Windows.old
emptytemp:
*****************

HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Wert erfolgreich wiederhergestellt
HKU\S-1-5-21-2064884263-2734367825-3749686348-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Wert erfolgreich entfernt
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{048021EE-8CA9-4339-8ECC-F3682C5776DD}" => Schlüssel erfolgreich entfernt
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{048021EE-8CA9-4339-8ECC-F3682C5776DD}" => Schlüssel erfolgreich entfernt
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d" => Schlüssel erfolgreich entfernt
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{0946A34C-A3FC-4FCD-B75A-E165467DB162}" => Schlüssel erfolgreich entfernt
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0946A34C-A3FC-4FCD-B75A-E165467DB162}" => Schlüssel erfolgreich entfernt
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d" => Schlüssel erfolgreich entfernt
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{11ADFAF1-6369-4996-A410-AAA4121CE926}" => Schlüssel erfolgreich entfernt
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{11ADFAF1-6369-4996-A410-AAA4121CE926}" => Schlüssel erfolgreich entfernt
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent" => Schlüssel erfolgreich entfernt
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{133BC20C-E27A-4DB7-9149-7A997BBFEB1C}" => Schlüssel erfolgreich entfernt
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{133BC20C-E27A-4DB7-9149-7A997BBFEB1C}" => Schlüssel erfolgreich entfernt
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxcontent" => Schlüssel erfolgreich entfernt
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{247AA18D-3238-45F9-8758-B7B67801C6A1}" => Schlüssel erfolgreich entfernt
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{247AA18D-3238-45F9-8758-B7B67801C6A1}" => Schlüssel erfolgreich entfernt
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Safer-Networking\Spybot - Search and Destroy\Check for updates => Schlüssel nicht gefunden. 
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{363D35A5-7261-4788-A876-2542AD70AFEB}" => Schlüssel erfolgreich entfernt
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{363D35A5-7261-4788-A876-2542AD70AFEB}" => Schlüssel erfolgreich entfernt
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => Schlüssel nicht gefunden. 
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{50364BDC-7B63-4446-AAC7-55DCA542D68F}" => Schlüssel erfolgreich entfernt
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{50364BDC-7B63-4446-AAC7-55DCA542D68F}" => Schlüssel erfolgreich entfernt
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Safer-Networking\Spybot - Search and Destroy\Scan the system => Schlüssel nicht gefunden. 
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{7443760C-6823-4AF2-99CB-2A0A53BAB759}" => Schlüssel erfolgreich entfernt
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7443760C-6823-4AF2-99CB-2A0A53BAB759}" => Schlüssel erfolgreich entfernt
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Time-5d" => Schlüssel erfolgreich entfernt
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{74C2D86D-B2BD-4FD7-85D1-DAC48A5507FD}" => Schlüssel erfolgreich entfernt
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{74C2D86D-B2BD-4FD7-85D1-DAC48A5507FD}" => Schlüssel erfolgreich entfernt
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\launchtrayprocess" => Schlüssel erfolgreich entfernt
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{90323E98-37B5-46F6-83D4-64B381F3D853}" => Schlüssel erfolgreich entfernt
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{90323E98-37B5-46F6-83D4-64B381F3D853}" => Schlüssel erfolgreich entfernt
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd" => Schlüssel erfolgreich entfernt
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{A0C03E89-E474-4E4F-8AFB-E66867D7768B}" => Schlüssel erfolgreich entfernt
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A0C03E89-E474-4E4F-8AFB-E66867D7768B}" => Schlüssel erfolgreich entfernt
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Logon-5d" => Schlüssel erfolgreich entfernt
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{B7B0D55A-D0E2-43E5-9746-E22102DC878D}" => Schlüssel erfolgreich entfernt
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B7B0D55A-D0E2-43E5-9746-E22102DC878D}" => Schlüssel erfolgreich entfernt
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d" => Schlüssel erfolgreich entfernt
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{DC57AC50-E358-46C9-A7D7-02E2DF201D8F}" => Schlüssel erfolgreich entfernt
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{DC57AC50-E358-46C9-A7D7-02E2DF201D8F}" => Schlüssel erfolgreich entfernt
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B" => Schlüssel erfolgreich entfernt
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{EC16CBB2-D3F5-4609-ADB2-4299309D887F}" => Schlüssel erfolgreich entfernt
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{EC16CBB2-D3F5-4609-ADB2-4299309D887F}" => Schlüssel erfolgreich entfernt
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfig" => Schlüssel erfolgreich entfernt
C:\Program Files\ATI Technologies => ":Win32App_1" ADS erfolgreich entfernt.
C:\Program Files\Bonjour => ":Win32App_1" ADS erfolgreich entfernt.
C:\Program Files\iTunes => ":Win32App_1" ADS erfolgreich entfernt.
C:\Program Files\Microsoft Office 15 => ":Win32App_1" ADS erfolgreich entfernt.
C:\Program Files\Microsoft Silverlight => ":Win32App_1" ADS erfolgreich entfernt.
C:\Program Files (x86)\AMD => ":Win32App_1" ADS erfolgreich entfernt.
C:\Program Files (x86)\Apple Software Update => ":Win32App_1" ADS erfolgreich entfernt.
C:\Program Files (x86)\ATI Technologies => ":Win32App_1" ADS erfolgreich entfernt.
C:\Program Files (x86)\Audacity => ":Win32App_1" ADS erfolgreich entfernt.
C:\Program Files (x86)\Bonjour => ":Win32App_1" ADS erfolgreich entfernt.
C:\Program Files (x86)\DVDVideoSoft => ":Win32App_1" ADS erfolgreich entfernt.
"C:\Program Files (x86)\   Malwarebytes Anti-Malware   " => ":Win32App_1" ADS nicht gefunden.
C:\Program Files (x86)\Mozilla Firefox => ":Win32App_1" ADS erfolgreich entfernt.
C:\Program Files (x86)\Nero => ":Win32App_1" ADS erfolgreich entfernt.
C:\Program Files (x86)\Norton Identity Safe => ":Win32App_1" ADS erfolgreich entfernt.
C:\Program Files (x86)\OMC ModPack Client => ":Win32App_1" ADS erfolgreich entfernt.
C:\Program Files (x86)\Origin => ":Win32App_1" ADS erfolgreich entfernt.
C:\Program Files (x86)\PDF Architect 3 => ":Win32App_1" ADS erfolgreich entfernt.
C:\WINDOWS\SysWOW64\Adobe => ":Win32App_1" ADS erfolgreich entfernt.
C:\ProgramData\Nero => ":Win32App_1" ADS erfolgreich entfernt.
C:\ProgramData\regid.1991-06.com.microsoft => ":Win32App_1" ADS erfolgreich entfernt.
C:\Users\Olli\Documents\GameShadow => ":Win32App_1" ADS erfolgreich entfernt.
"C:\Users\Olli\Documents\Pass.jpg" => ":3or4kl4x13tuuug3Byamue2s4b" ADS nicht gefunden.
C:\Users\Olli\Documents\Pass.jpg => ":{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}" ADS erfolgreich entfernt.
Konnte nicht verschoben werden "C:\ProgramData\cm-lock" => ist geplant bei Neustart verschoben zu werden.
C:\Windows.old => erfolgreich verschoben
EmptyTemp: => 3.9 GB temporäre Dateien entfernt.

Ergebnis der geplanten Datei-Verschiebungen (Start-Modus: Normal) (Datum&Uhrzeit: 2015-12-12 07:26:21)

"C:\ProgramData\cm-lock" => Konnte nicht verschoben werden

==== Ende von Fixlog 07:26:25 ====
         

Antwort

Themen zu Gelbes "i"-Icon" mitten auf dem Desktop
.dll, adobe, bonjour, defender, desktop, dnsapi.dll, explorer, firefox, flash player, gelbes icon, homepage, installation, lavasofttcpservice64.dll, mozilla, problem, prozesse, realtek, registry, scan, security, stick, svchost.exe, symantec, system, usb, windows, windows 10 pro, winlogon.exe, wiso




Ähnliche Themen: Gelbes "i"-Icon" mitten auf dem Desktop


  1. Diverse Malware ("CoolSaleCoupon", "ddownlloaditkeep", "omiga-plus", "SaveSense", "SaleItCoupon"); lahmer PC & viel Werbung!
    Plagegeister aller Art und deren Bekämpfung - 11.01.2015 (16)
  2. "monstermarketplace.com" Infektion und ihre Folgen; "Anti-Virus-Blocker"," unsichtbare Toolbars" + "Browser-Hijacker" von selbst installiert
    Log-Analyse und Auswertung - 16.11.2013 (21)
  3. "Antiviren Werbung" "Langsamer PC" "PC stürzt ab" Banner und Popups beim surfen
    Plagegeister aller Art und deren Bekämpfung - 05.11.2013 (28)
  4. da warens nur noch 3: "assembly\GAC_32(64)\Desktop.ini" & "Fehlercode 0x80070424"
    Plagegeister aller Art und deren Bekämpfung - 02.10.2013 (17)
  5. "Deutsche Post(eMail-Anhang)" Alle "EXE(Programme)" werden blockiert "WIN 7 Defender"
    Plagegeister aller Art und deren Bekämpfung - 27.12.2012 (3)
  6. "The document has moved. Redirecting"+"Popup unten rechts"+"Nicht alle Links anklickbar"
    Plagegeister aller Art und deren Bekämpfung - 24.10.2012 (38)
  7. Trojaner "Es besteht keine Internetverbindung" - "REATOGO X-PE Desktop" wird nicht angezeigt
    Plagegeister aller Art und deren Bekämpfung - 05.02.2012 (19)
  8. Fehlermeldung "cannot create shell notification icon"
    Log-Analyse und Auswertung - 07.09.2011 (1)
  9. Öffentliches Netzwerk: Opera sendet/empfängt Daten an/von "Dani-PC", "Anne-PC", "PAULA-HP"...
    Netzwerk und Hardware - 02.05.2011 (14)
  10. Netzwerk: Opera sendet/empfängt Daten an/von "Dani-PC", "Anne-PC", "PAULA-HP"...
    Alles rund um Windows - 16.04.2011 (0)
  11. "Tierchen" als Icon im Windows Explorer / Eigene Dateien
    Plagegeister aller Art und deren Bekämpfung - 05.12.2008 (0)
  12. "Adware.Virtumonde"/"Downloader.MisleadApp"/"TR/VB.agt.4"/"NewDotNet.A.1350"/"Fakerec
    Plagegeister aller Art und deren Bekämpfung - 22.08.2008 (6)
  13. Gelbes Dreieck " Security Alert "
    Log-Analyse und Auswertung - 17.10.2007 (1)
  14. Beheben des Problems "kein Internet"/"rsvp32_2.dll"/"Can't load library from memory"
    Plagegeister aller Art und deren Bekämpfung - 25.03.2007 (22)
  15. ">"">><meta http-equiv="Refresh" content="0;url=http://askimizsonsuza.com/code/">"">
    Plagegeister aller Art und deren Bekämpfung - 04.09.2006 (4)
  16. Zlob Downloader und "Virus Alert" Icon in der Taskleiste
    Plagegeister aller Art und deren Bekämpfung - 18.06.2006 (3)
  17. Icon "Microsoft Office" im Autostart-Menü
    Alles rund um Windows - 28.03.2005 (3)

Zum Thema Gelbes "i"-Icon" mitten auf dem Desktop - Hallo zusammen, habe folgendes Problem, schon bei Windows 8.1 hatte ich auf einmal mitten auf dem Desktop ein gelbes Icon mit einen "i", was sich aber nicht anklicken ließ (einfach - Gelbes "i"-Icon" mitten auf dem Desktop...
Archiv
Du betrachtest: Gelbes "i"-Icon" mitten auf dem Desktop auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.