![]() |
|
Log-Analyse und Auswertung: Windows 10/64bit: Windows Defender meldet trojandownloader:win32/esaprof!rfnWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
![]() | #1 |
![]() | ![]() Windows 10/64bit: Windows Defender meldet trojandownloader:win32/esaprof!rfn Guten Tag, ich habe das Problem, dass Windows Defender mehrmals täglich "trojandownloader:win32/esaprof!rfn" meldet. Habe hier schon einiges gelesen, wie das zu lösen ist, werde aber nicht so richtig schlau daraus. Was ich verstanden habe, ist, dass eine Lösung wohl sehr individuell aussieht. Daher traue ich mich auch nicht, ein Fixskript für FRST zu erstellen, ich habe gelesen, man sollte hier genau wissen, was man tut, aber ich kenne mich leider nicht so gut aus. Daher wäre ich für Hilfe sehr dankbar. Meine bisherigen Schritte: 1. Scan mit AVIRA Antivirus Pro, quarantaene.txt poste ich nachfolgend 2. Untersuchen mittels FRST - poste nachfolgend die frst.txt und addition.txt. Scanne gerade nochmal mit AVIRA, da es gestern Lizenzprobleme gab. Werde das Ergebnis posten, sobald der Scan durchgelaufen ist. Es wäre super, wenn sich jemand meines Problems annehmen würde - wie muss ich weiter vorgehen? Ich wäre äußerst dankbar für Tipps, Anleitung, wie ich diesen Virus loswerde... Hier sind die Skripte (ich hoffe, richtig verstanden zu haben, wie ich sie einfüge): Code:
ATTFilter frst.txt Untersuchungsergebnis von Farbar Recovery Scan Tool (FRST) (x64) Version:05-03-2016 01 durchgeführt von Beatrix (Administrator) auf CANDRA (12-03-2016 16:05:41) Gestartet von C:\Users\Beatrix\Desktop Geladene Profile: Beatrix (Verfügbare Profile: Beatrix) Platform: Windows 10 Home Version 1511 (X64) Sprache: Deutsch (Deutschland) Internet Explorer Version 11 (Standard-Browser: FF) Start-Modus: Normal Anleitung für Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Prozesse (Nicht auf der Ausnahmeliste) ================= (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Prozess geschlossen. Die Datei wird nicht verschoben.) () C:\Program Files (x86)\PHotkey\AsLdrSrv.exe () C:\Program Files (x86)\PHotkey\GFNEXSrv.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe (Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe (McAfee, Inc.) C:\Program Files (x86)\McAfee\SiteAdvisor\mcsacore.exe (Microsoft Corporation) C:\Windows\System32\mqsvc.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe () C:\Program Files (x86)\PHotkey\MsgTranAgt.exe () C:\Program Files (x86)\PHotkey\MsgTranAgt64.exe (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.29.5\GoogleCrashHandler.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe (CyberLink Corp.) C:\Program Files (x86)\CyberLink\YouCam\YouCamService.exe (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.29.5\GoogleCrashHandler64.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (Intel Corporation) C:\Windows\System32\igfxtray.exe (Intel Corporation) C:\Windows\System32\hkcmd.exe (Intel Corporation) C:\Windows\System32\igfxpers.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (CyberLink) C:\Program Files (x86)\CyberLink\PowerRecover\Reminder.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe (Dolby Laboratories Inc.) C:\Program Files (x86)\Dolby Advanced Audio v2\pcee4.exe (CyberLink) C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe (Geek Software GmbH) C:\Program Files (x86)\PDF24\pdf24.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Microsoft Corporation) C:\Program Files (x86)\Windows Live\Mail\wlmail.exe (Microsoft Corporation) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe () C:\Program Files\WindowsApps\Microsoft.Messaging_2.13.20000.0_x86__8wekyb3d8bbwe\SkypeHost.exe () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_16.302.8200.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe (Microsoft Corporation) C:\Windows\System32\WWAHost.exe (Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.Systray.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avcenter.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc7.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avcenter.exe ==================== Registry (Nicht auf der Ausnahmeliste) =========================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt. Die Datei wird nicht verschoben.) HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12446824 2012-01-31] (Realtek Semiconductor) HKLM\...\Run: [RtHDVBg_Dolby] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1156712 2011-11-15] (Realtek Semiconductor) HKLM\...\Run: [MedionReminder] => C:\Program Files (x86)\CyberLink\PowerRecover\Reminder.exe [443688 2011-05-26] (CyberLink) HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [3952800 2015-08-21] (Synaptics Incorporated) HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [284440 2011-11-30] (Intel Corporation) HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291608 2012-01-05] (Intel Corporation) HKLM-x32\...\Run: [Dolby Advanced Audio v2] => C:\Program Files (x86)\Dolby Advanced Audio v2\pcee4.exe [507744 2011-12-21] (Dolby Laboratories Inc.) HKLM-x32\...\Run: [CLMLServer] => C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe [107816 2010-08-04] (CyberLink) HKLM-x32\...\Run: [PDFPrint] => C:\Program Files (x86)\PDF24\pdf24.exe [193568 2014-11-28] (Geek Software GmbH) HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [807392 2016-03-12] (Avira Operations GmbH & Co. KG) HKLM-x32\...\Run: [Avira SystrayStartTrigger] => C:\Program Files (x86)\Avira\Launcher\Avira.SystrayStartTrigger.exe [66328 2016-01-27] (Avira Operations GmbH & Co. KG) Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation) HKU\S-1-5-21-2384618903-2837397961-1632789598-1000\...\Run: [AmazonMP3DownloaderHelper] => C:\Users\Beatrix\AppData\Local\Program Files\Amazon\MP3 Downloader\AmazonMP3DownloaderHelper.exe [400704 2013-05-22] () HKU\S-1-5-21-2384618903-2837397961-1632789598-1000\...\RunOnce: [Uninstall C:\Users\Beatrix\AppData\Local\Microsoft\OneDrive\17.3.6281.1202_1\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Beatrix\AppData\Local\Microsoft\OneDrive\17.3.6281.1202_1\amd64" HKU\S-1-5-21-2384618903-2837397961-1632789598-1000\...\RunOnce: [Uninstall C:\Users\Beatrix\AppData\Local\Microsoft\OneDrive\17.3.6301.0127\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Beatrix\AppData\Local\Microsoft\OneDrive\17.3.6301.0127\amd64" HKU\S-1-5-21-2384618903-2837397961-1632789598-1000\...\RunOnce: [Uninstall C:\Users\Beatrix\AppData\Local\Microsoft\OneDrive\17.3.6301.0127] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Beatrix\AppData\Local\Microsoft\OneDrive\17.3.6301.0127" Startup: C:\Users\Beatrix\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk [2013-03-08] ShortcutTarget: OpenOffice.org 3.4.1.lnk -> C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe () ==================== Internet (Nicht auf der Ausnahmeliste) ==================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Eintrag entfernt oder auf den Standardwert zurückgesetzt, wenn es sich um einen Registryeintrag handelt.) Tcpip\Parameters: [DhcpNameServer] 192.168.178.1 Tcpip\..\Interfaces\{7d39b7fa-2c9f-4a5b-9c9e-35ba3c14cb5d}: [DhcpNameServer] 192.168.178.1 Tcpip\..\Interfaces\{9738b9b3-f3e9-409c-8fdb-b38774a7f903}: [DhcpNameServer] 192.168.178.1 Internet Explorer: ================== HKU\S-1-5-21-2384618903-2837397961-1632789598-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/ HKU\S-1-5-21-2384618903-2837397961-1632789598-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=MDNF&bmod=MDNF URLSearchHook: HKU\S-1-5-21-2384618903-2837397961-1632789598-1000 - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.) URLSearchHook: HKU\S-1-5-21-2384618903-2837397961-1632789598-1000 - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.) BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll [2012-01-25] (Oracle Corporation) BHO: DVDVideoSoft IE Extension -> {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} -> C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns64.dll [2013-12-30] (DVDVideoSoft Ltd.) BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [2012-01-25] (Oracle Corporation) BHO-x32: DVDVideoSoft IE Extension -> {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} -> C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll [2013-12-30] (DVDVideoSoft Ltd.) Toolbar: HKU\S-1-5-21-2384618903-2837397961-1632789598-1000 -> Kein Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - Keine Datei Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll [2016-02-25] (McAfee, Inc.) Handler-x32: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll [2016-02-25] (McAfee, Inc.) Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll [2016-02-25] (McAfee, Inc.) Handler-x32: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll [2016-02-25] (McAfee, Inc.) FireFox: ======== FF ProfilePath: C:\Users\Beatrix\AppData\Roaming\Mozilla\Firefox\Profiles\1fclt1pj.default-1426021297044 FF Homepage: hxxps://www.google.de/ FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_20_0_0_306.dll [2016-02-10] () FF Plugin: @java.com/JavaPlugin -> C:\Program Files\Java\jre7\bin\new_plugin\npjp2.dll [2012-01-25] (Oracle Corporation) FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-11] ( Microsoft Corporation) FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_20_0_0_306.dll [2016-02-10] () FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2015-05-20] (Google) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.52 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2011-12-01] (Intel Corporation) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2011-12-01] (Intel Corporation) FF Plugin-x32: @java.com/JavaPlugin -> C:\Program Files (x86)\Java\jre7\bin\new_plugin\npjp2.dll [2012-01-25] (Oracle Corporation) FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-11] ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2011-05-13] (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2011-05-13] (Microsoft Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-04] (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-04] (Google Inc.) FF Plugin-x32: @videolan.org/vlc,version=2.1.0 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2013-09-23] (VideoLAN) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-09-27] (Adobe Systems Inc.) FF Plugin HKU\S-1-5-21-2384618903-2837397961-1632789598-1000: amazon.com/AmazonMP3DownloaderPlugin -> C:\Users\Beatrix\AppData\Local\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin10181.dll [2013-05-22] (Amazon.com, Inc.) FF SearchPlugin: C:\Users\Beatrix\AppData\Roaming\Mozilla\Firefox\Profiles\1fclt1pj.default-1426021297044\searchplugins\McSiteAdvisor.xml [2016-03-11] FF Extension: McAfee WebAdvisor - C:\Program Files (x86)\McAfee\SiteAdvisor\saffplg.xpi [2015-12-29] FF Extension: Adblock Plus - C:\Users\Beatrix\AppData\Roaming\Mozilla\Firefox\Profiles\1fclt1pj.default-1426021297044\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2016-02-24] FF HKLM\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor\saffplg.xpi FF HKLM-x32\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor\saffplg.xpi FF HKU\S-1-5-21-2384618903-2837397961-1632789598-1000\...\Firefox\Extensions: [{B64D9B05-48E1-4CEB-BF58-E0643994E900}] - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\ff FF Extension: Download videos and MP3s from YouTube - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\ff [2014-02-03] [ist nicht signiert] Chrome: ======= CHR Profile: C:\Users\Beatrix\AppData\Local\Google\Chrome\User Data\Default CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx [2016-03-02] CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx CHR HKU\S-1-5-21-2384618903-2837397961-1632789598-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [nikpibnbobmbdbheedjfogjlikpgpnhp] - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\DVDVideoSoftBrowserExtension.crx [2014-02-03] CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx [2016-03-02] CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx ==================== Dienste (Nicht auf der Ausnahmeliste) ======================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.) R2 AntiVirMailService; C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc7.exe [955736 2016-03-12] (Avira Operations GmbH & Co. KG) R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [466504 2016-03-12] (Avira Operations GmbH & Co. KG) R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [466504 2016-03-12] (Avira Operations GmbH & Co. KG) R2 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe [1424880 2016-03-12] (Avira Operations GmbH & Co. KG) R2 ASLDRService; C:\Program Files (x86)\PHotkey\ASLDRSrv.exe [104968 2009-12-19] () R2 Avira.ServiceHost; C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe [260456 2016-01-27] (Avira Operations GmbH & Co. KG) R2 GFNEXSrv; C:\Program Files (x86)\PHotkey\GFNEXSrv.exe [156672 2011-10-13] () [Datei ist nicht signiert] R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [161560 2011-12-16] (Intel Corporation) S2 MBAMScheduler; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation) S2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation) R2 McAfee SiteAdvisor Service; C:\Program Files (x86)\McAfee\SiteAdvisor\McSACore.exe [163592 2016-02-25] (McAfee, Inc.) R2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [247968 2015-08-21] (Synaptics Incorporated) S2 watchmi; C:\Program Files (x86)\watchmi\TvdService.exe [70144 2012-01-31] () [Datei ist nicht signiert] S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [364464 2015-10-30] (Microsoft Corporation) S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2015-10-30] (Microsoft Corporation) ===================== Treiber (Nicht auf der Ausnahmeliste) ========================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.) R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [128664 2016-03-12] (Avira Operations GmbH & Co. KG) R1 avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [137952 2016-03-12] (Avira Operations GmbH & Co. KG) R1 avkmgr; C:\Windows\system32\DRIVERS\avkmgr.sys [35488 2015-12-01] (Avira Operations GmbH & Co. KG) R2 avnetflt; C:\Windows\system32\DRIVERS\avnetflt.sys [68936 2016-03-12] (Avira Operations GmbH & Co. KG) R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-05-12] (Malwarebytes Corporation) S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-05-12] (Malwarebytes Corporation) R3 mfesapsn; C:\Program Files (x86)\McAfee\SiteAdvisor\x64\mfesapsn.sys [36968 2016-01-19] (McAfee, Inc.) R3 NETwNe64; C:\Windows\System32\drivers\NETwew01.sys [3343872 2015-10-30] (Intel Corporation) R2 PEGAGFN; C:\Program Files (x86)\PHotkey\PEGAGFN.sys [14344 2009-09-11] (PEGATRON) R3 rt640x64; C:\Windows\System32\drivers\rt640x64.sys [589824 2015-10-30] (Realtek ) R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [44192 2015-08-21] (Synaptics Incorporated) S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44568 2015-10-30] (Microsoft Corporation) S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [293216 2015-10-30] (Microsoft Corporation) S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [118112 2015-10-30] (Microsoft Corporation) U3 idsvc; kein ImagePath ==================== NetSvcs (Nicht auf der Ausnahmeliste) =================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.) ==================== Ein Monat: Erstellte Dateien und Ordner ======== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.) 2016-03-12 16:05 - 2016-03-12 16:06 - 00018816 _____ C:\Users\Beatrix\Desktop\FRST.txt 2016-03-12 16:05 - 2016-03-12 16:05 - 00000000 ____D C:\FRST 2016-03-12 16:04 - 2016-03-12 16:05 - 02374144 _____ (Farbar) C:\Users\Beatrix\Desktop\FRST64.exe 2016-03-12 07:28 - 2016-03-12 07:29 - 00000000 ____D C:\Users\Beatrix\AppData\Local\{A7C596B7-CFC5-49A1-9E63-BBE9EB356C95} 2016-03-11 18:32 - 2016-03-11 18:32 - 05404312 _____ (Avira Operations GmbH & Co. KG) C:\Users\Beatrix\Downloads\avira_de_aapd0_48230367_kv7dhsl7t9ifmw2jybzc_wd.exe 2016-03-11 13:53 - 2016-03-11 13:54 - 00000000 ____D C:\Users\Beatrix\AppData\Local\{5D88D746-412F-40B2-892B-44BFC37B4E37} 2016-03-10 18:48 - 2016-03-10 18:48 - 00000054 _____ C:\Users\Beatrix\Desktop\downloadtrojaner.txt 2016-03-10 10:07 - 2016-03-10 10:07 - 00000000 ____D C:\Users\Beatrix\AppData\Local\{0F39F9D0-19CE-4D13-96F4-E4F3BBC3A38A} 2016-03-09 20:23 - 2016-03-09 20:23 - 00000000 ____D C:\Users\Beatrix\AppData\Local\{178B916D-FD87-4842-9C6F-1BB2F504BA5E} 2016-03-09 10:17 - 2016-02-24 10:51 - 07474528 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe 2016-03-09 10:17 - 2016-02-24 10:28 - 03449168 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSService.dll 2016-03-09 10:17 - 2016-02-24 09:46 - 06607080 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll 2016-03-09 10:17 - 2016-02-24 09:06 - 05242496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll 2016-03-09 10:17 - 2016-02-24 07:43 - 00286720 _____ (Microsoft Corporation) C:\WINDOWS\system32\deviceaccess.dll 2016-03-09 10:17 - 2016-02-24 07:40 - 01224704 _____ (Microsoft Corporation) C:\WINDOWS\system32\Unistore.dll 2016-03-09 10:17 - 2016-02-24 07:11 - 03593216 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys 2016-03-09 10:17 - 2016-02-24 07:09 - 00228352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\deviceaccess.dll 2016-03-09 10:17 - 2016-02-24 07:07 - 00949248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Unistore.dll 2016-03-09 10:17 - 2016-02-24 07:00 - 02273792 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll 2016-03-09 10:17 - 2016-02-24 06:55 - 01996288 _____ (Microsoft Corporation) C:\WINDOWS\system32\ActiveSyncProvider.dll 2016-03-09 10:17 - 2016-02-24 06:34 - 01707520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ActiveSyncProvider.dll 2016-03-09 10:17 - 2016-02-24 06:20 - 22376960 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll 2016-03-09 10:17 - 2016-02-24 06:18 - 18677760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll 2016-03-09 10:17 - 2016-02-24 06:12 - 19339776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll 2016-03-09 10:17 - 2016-02-24 06:12 - 05321728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll 2016-03-09 10:17 - 2016-02-24 06:10 - 24600576 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll 2016-03-09 10:17 - 2016-02-24 06:09 - 06972416 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll 2016-03-09 10:17 - 2016-02-24 06:05 - 12586496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wmp.dll 2016-03-09 10:17 - 2016-02-24 06:03 - 14252544 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmp.dll 2016-03-09 10:17 - 2016-02-24 05:59 - 05661696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll 2016-03-09 10:17 - 2016-02-24 05:55 - 07835648 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll 2016-03-09 10:16 - 2016-03-01 06:31 - 00848168 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsvr.dll 2016-03-09 10:16 - 2016-03-01 06:22 - 00709688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfsvr.dll 2016-03-09 10:16 - 2016-02-24 10:52 - 01997328 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll 2016-03-09 10:16 - 2016-02-24 10:48 - 00713568 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll 2016-03-09 10:16 - 2016-02-24 10:47 - 01173344 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll 2016-03-09 10:16 - 2016-02-24 10:40 - 00513888 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll 2016-03-09 10:16 - 2016-02-24 10:34 - 01613664 _____ (Microsoft Corporation) C:\WINDOWS\system32\diagtrack.dll 2016-03-09 10:16 - 2016-02-24 10:15 - 01557768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll 2016-03-09 10:16 - 2016-02-24 09:58 - 00794888 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfds.dll 2016-03-09 10:16 - 2016-02-24 09:54 - 00127840 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBSTOR.SYS 2016-03-09 10:16 - 2016-02-24 09:51 - 01322248 _____ (Microsoft Corporation) C:\WINDOWS\system32\ole32.dll 2016-03-09 10:16 - 2016-02-24 09:50 - 00808800 _____ (Microsoft Corporation) C:\WINDOWS\system32\WWAHost.exe 2016-03-09 10:16 - 2016-02-24 09:43 - 00625000 _____ (Microsoft Corporation) C:\WINDOWS\system32\ClipSVC.dll 2016-03-09 10:16 - 2016-02-24 09:39 - 00358752 _____ (Microsoft Corporation) C:\WINDOWS\system32\msv1_0.dll 2016-03-09 10:16 - 2016-02-24 09:39 - 00141560 _____ (Microsoft Corporation) C:\WINDOWS\system32\AuthHost.exe 2016-03-09 10:16 - 2016-02-24 09:19 - 00670928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfds.dll 2016-03-09 10:16 - 2016-02-24 09:14 - 00216416 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxAllUserStore.dll 2016-03-09 10:16 - 2016-02-24 09:11 - 01997152 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys 2016-03-09 10:16 - 2016-02-24 09:11 - 00957608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ole32.dll 2016-03-09 10:16 - 2016-02-24 09:11 - 00703840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WWAHost.exe 2016-03-09 10:16 - 2016-02-24 09:11 - 00652392 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxgi.dll 2016-03-09 10:16 - 2016-02-24 09:11 - 00394080 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys 2016-03-09 10:16 - 2016-02-24 09:11 - 00258280 _____ (Microsoft Corporation) C:\WINDOWS\system32\sqmapi.dll 2016-03-09 10:16 - 2016-02-24 09:10 - 00630632 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontdrvhost.exe 2016-03-09 10:16 - 2016-02-24 09:10 - 00576864 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys 2016-03-09 10:16 - 2016-02-24 09:09 - 00640472 _____ (Microsoft Corporation) C:\WINDOWS\system32\wer.dll 2016-03-09 10:16 - 2016-02-24 09:09 - 00147808 _____ (Microsoft Corporation) C:\WINDOWS\system32\wermgr.exe 2016-03-09 10:16 - 2016-02-24 08:59 - 00294752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msv1_0.dll 2016-03-09 10:16 - 2016-02-24 08:39 - 00045568 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDataTypeHelperUtil.dll 2016-03-09 10:16 - 2016-02-24 08:39 - 00023552 _____ (Microsoft Corporation) C:\WINDOWS\system32\ExtrasXmlParser.dll 2016-03-09 10:16 - 2016-02-24 08:38 - 00187744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppxAllUserStore.dll 2016-03-09 10:16 - 2016-02-24 08:38 - 00111616 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDataTimeUtil.dll 2016-03-09 10:16 - 2016-02-24 08:37 - 00045056 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDataLanguageUtil.dll 2016-03-09 10:16 - 2016-02-24 08:36 - 00060416 _____ (Microsoft Corporation) C:\WINDOWS\system32\PimIndexMaintenanceClient.dll 2016-03-09 10:16 - 2016-02-24 08:35 - 00540752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontdrvhost.exe 2016-03-09 10:16 - 2016-02-24 08:35 - 00523752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxgi.dll 2016-03-09 10:16 - 2016-02-24 08:35 - 00220064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sqmapi.dll 2016-03-09 10:16 - 2016-02-24 08:35 - 00045568 _____ (Adobe Systems) C:\WINDOWS\system32\atmlib.dll 2016-03-09 10:16 - 2016-02-24 08:33 - 00538736 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wer.dll 2016-03-09 10:16 - 2016-02-24 08:33 - 00141664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wermgr.exe 2016-03-09 10:16 - 2016-02-24 08:31 - 00118272 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontsub.dll 2016-03-09 10:16 - 2016-02-24 08:30 - 00025600 _____ (Microsoft Corporation) C:\WINDOWS\system32\wfapigp.dll 2016-03-09 10:16 - 2016-02-24 08:28 - 00070656 _____ (Microsoft Corporation) C:\WINDOWS\system32\POSyncServices.dll 2016-03-09 10:16 - 2016-02-24 08:23 - 00091648 _____ (Microsoft Corporation) C:\WINDOWS\system32\asycfilt.dll 2016-03-09 10:16 - 2016-02-24 08:23 - 00068096 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDataPlatformHelperUtil.dll 2016-03-09 10:16 - 2016-02-24 08:22 - 00196608 _____ (Microsoft Corporation) C:\WINDOWS\system32\fwpolicyiomgr.dll 2016-03-09 10:16 - 2016-02-24 08:20 - 00195072 _____ (Microsoft Corporation) C:\WINDOWS\system32\VCardParser.dll 2016-03-09 10:16 - 2016-02-24 08:20 - 00167936 _____ (Microsoft Corporation) C:\WINDOWS\system32\dafBth.dll 2016-03-09 10:16 - 2016-02-24 08:20 - 00087552 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxSysprep.dll 2016-03-09 10:16 - 2016-02-24 08:19 - 00145408 _____ (Microsoft Corporation) C:\WINDOWS\system32\dssvc.dll 2016-03-09 10:16 - 2016-02-24 08:19 - 00031232 _____ (Microsoft Corporation) C:\WINDOWS\system32\seclogon.dll 2016-03-09 10:16 - 2016-02-24 08:15 - 00365568 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\atmfd.dll 2016-03-09 10:16 - 2016-02-24 08:14 - 00274944 _____ (Microsoft Corporation) C:\WINDOWS\system32\ExSMime.dll 2016-03-09 10:16 - 2016-02-24 08:13 - 00121856 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppointmentActivation.dll 2016-03-09 10:16 - 2016-02-24 08:12 - 00243712 _____ (Microsoft Corporation) C:\WINDOWS\system32\cemapi.dll 2016-03-09 10:16 - 2016-02-24 08:12 - 00221184 _____ (Microsoft Corporation) C:\WINDOWS\system32\PhoneCallHistoryApis.dll 2016-03-09 10:16 - 2016-02-24 08:10 - 00093184 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpninprc.dll 2016-03-09 10:16 - 2016-02-24 08:09 - 00258560 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDataAccountApis.dll 2016-03-09 10:16 - 2016-02-24 08:09 - 00161792 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxSip.dll 2016-03-09 10:16 - 2016-02-24 08:07 - 00252928 _____ (Microsoft Corporation) C:\WINDOWS\system32\PimIndexMaintenance.dll 2016-03-09 10:16 - 2016-02-24 08:05 - 00208896 _____ (Microsoft Corporation) C:\WINDOWS\system32\storewuauth.dll 2016-03-09 10:16 - 2016-02-24 08:03 - 00088576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\olepro32.dll 2016-03-09 10:16 - 2016-02-24 08:02 - 00161280 _____ (Microsoft Corporation) C:\WINDOWS\system32\CallHistoryClient.dll 2016-03-09 10:16 - 2016-02-24 08:01 - 00764928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll 2016-03-09 10:16 - 2016-02-24 08:01 - 00146432 _____ (Microsoft Corporation) C:\WINDOWS\system32\AuthBroker.dll 2016-03-09 10:16 - 2016-02-24 08:01 - 00067584 _____ (Microsoft Corporation) C:\WINDOWS\system32\profext.dll 2016-03-09 10:16 - 2016-02-24 08:00 - 00214528 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Scanners.dll 2016-03-09 10:16 - 2016-02-24 07:59 - 00450560 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Bluetooth.dll 2016-03-09 10:16 - 2016-02-24 07:59 - 00360448 _____ (Microsoft Corporation) C:\WINDOWS\system32\vaultsvc.dll 2016-03-09 10:16 - 2016-02-24 07:59 - 00318976 _____ (Microsoft Corporation) C:\WINDOWS\system32\domgmt.dll 2016-03-09 10:16 - 2016-02-24 07:58 - 00685568 _____ (Microsoft Corporation) C:\WINDOWS\system32\scapi.dll 2016-03-09 10:16 - 2016-02-24 07:55 - 00790528 _____ (Microsoft Corporation) C:\WINDOWS\system32\EmailApis.dll 2016-03-09 10:16 - 2016-02-24 07:55 - 00224256 _____ (Microsoft Corporation) C:\WINDOWS\system32\PackageStateRoaming.dll 2016-03-09 10:16 - 2016-02-24 07:55 - 00018944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ExtrasXmlParser.dll 2016-03-09 10:16 - 2016-02-24 07:54 - 00526336 _____ (Microsoft Corporation) C:\WINDOWS\system32\FirewallAPI.dll 2016-03-09 10:16 - 2016-02-24 07:54 - 00288768 _____ (Microsoft Corporation) C:\WINDOWS\system32\vaultcli.dll 2016-03-09 10:16 - 2016-02-24 07:54 - 00228352 _____ (Microsoft Corporation) C:\WINDOWS\system32\wsqmcons.exe 2016-03-09 10:16 - 2016-02-24 07:54 - 00037888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserDataTypeHelperUtil.dll 2016-03-09 10:16 - 2016-02-24 07:53 - 00089088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserDataTimeUtil.dll 2016-03-09 10:16 - 2016-02-24 07:53 - 00037888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserDataLanguageUtil.dll 2016-03-09 10:16 - 2016-02-24 07:52 - 00451584 _____ (Microsoft Corporation) C:\WINDOWS\system32\werui.dll 2016-03-09 10:16 - 2016-02-24 07:52 - 00048128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PimIndexMaintenanceClient.dll 2016-03-09 10:16 - 2016-02-24 07:51 - 00037376 _____ (Adobe Systems) C:\WINDOWS\SysWOW64\atmlib.dll 2016-03-09 10:16 - 2016-02-24 07:49 - 00726528 _____ (Microsoft Corporation) C:\WINDOWS\system32\ChatApis.dll 2016-03-09 10:16 - 2016-02-24 07:47 - 00093696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontsub.dll 2016-03-09 10:16 - 2016-02-24 07:46 - 00020480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wfapigp.dll 2016-03-09 10:16 - 2016-02-24 07:44 - 01713664 _____ (Microsoft Corporation) C:\WINDOWS\system32\SRHInproc.dll 2016-03-09 10:16 - 2016-02-24 07:44 - 00915456 _____ (Microsoft Corporation) C:\WINDOWS\system32\configurationclient.dll 2016-03-09 10:16 - 2016-02-24 07:44 - 00700416 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppointmentApis.dll 2016-03-09 10:16 - 2016-02-24 07:44 - 00056320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\POSyncServices.dll 2016-03-09 10:16 - 2016-02-24 07:43 - 00957952 _____ (Microsoft Corporation) C:\WINDOWS\system32\SRH.dll 2016-03-09 10:16 - 2016-02-24 07:42 - 00954368 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthport.sys 2016-03-09 10:16 - 2016-02-24 07:42 - 00084992 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\BTHUSB.SYS 2016-03-09 10:16 - 2016-02-24 07:41 - 00982016 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxPackaging.dll 2016-03-09 10:16 - 2016-02-24 07:41 - 00436736 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentClient.dll 2016-03-09 10:16 - 2016-02-24 07:40 - 00078848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\asycfilt.dll 2016-03-09 10:16 - 2016-02-24 07:40 - 00056320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserDataPlatformHelperUtil.dll 2016-03-09 10:16 - 2016-02-24 07:39 - 01390592 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys 2016-03-09 10:16 - 2016-02-24 07:39 - 00164864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fwpolicyiomgr.dll 2016-03-09 10:16 - 2016-02-24 07:38 - 00150528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\VCardParser.dll 2016-03-09 10:16 - 2016-02-24 07:36 - 01847808 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMPDMC.exe 2016-03-09 10:16 - 2016-02-24 07:34 - 00938496 _____ (Microsoft Corporation) C:\WINDOWS\system32\ContactApis.dll 2016-03-09 10:16 - 2016-02-24 07:34 - 00303104 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\atmfd.dll 2016-03-09 10:16 - 2016-02-24 07:32 - 00223744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ExSMime.dll 2016-03-09 10:16 - 2016-02-24 07:32 - 00098304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppointmentActivation.dll 2016-03-09 10:16 - 2016-02-24 07:31 - 00200704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cemapi.dll 2016-03-09 10:16 - 2016-02-24 07:31 - 00169984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PhoneCallHistoryApis.dll 2016-03-09 10:16 - 2016-02-24 07:28 - 00870912 _____ (Microsoft Corporation) C:\WINDOWS\system32\MPSSVC.dll 2016-03-09 10:16 - 2016-02-24 07:28 - 00196608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserDataAccountApis.dll 2016-03-09 10:16 - 2016-02-24 07:28 - 00135168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppxSip.dll 2016-03-09 10:16 - 2016-02-24 07:25 - 00401408 _____ (Microsoft Corporation) C:\WINDOWS\system32\sharemediacpl.dll 2016-03-09 10:16 - 2016-02-24 07:23 - 00129024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CallHistoryClient.dll 2016-03-09 10:16 - 2016-02-24 07:22 - 00053248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\profext.dll 2016-03-09 10:16 - 2016-02-24 07:21 - 00315904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Internal.Bluetooth.dll 2016-03-09 10:16 - 2016-02-24 07:21 - 00168448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.Scanners.dll 2016-03-09 10:16 - 2016-02-24 07:18 - 01490432 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDataService.dll 2016-03-09 10:16 - 2016-02-24 07:18 - 00575488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\EmailApis.dll 2016-03-09 10:16 - 2016-02-24 07:18 - 00184832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PackageStateRoaming.dll 2016-03-09 10:16 - 2016-02-24 07:17 - 00369664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\FirewallAPI.dll 2016-03-09 10:16 - 2016-02-24 07:16 - 00394752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\werui.dll 2016-03-09 10:16 - 2016-02-24 07:13 - 00540160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ChatApis.dll 2016-03-09 10:16 - 2016-02-24 07:09 - 01443328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SRHInproc.dll 2016-03-09 10:16 - 2016-02-24 07:09 - 00793600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SRH.dll 2016-03-09 10:16 - 2016-02-24 07:09 - 00552960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppointmentApis.dll 2016-03-09 10:16 - 2016-02-24 07:07 - 00890368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppxPackaging.dll 2016-03-09 10:16 - 2016-02-24 07:07 - 00342528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppXDeploymentClient.dll 2016-03-09 10:16 - 2016-02-24 07:04 - 01497088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMPDMC.exe 2016-03-09 10:16 - 2016-02-24 07:03 - 00769536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ContactApis.dll 2016-03-09 10:16 - 2016-02-24 07:01 - 01831936 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.dll 2016-03-09 10:16 - 2016-02-24 07:00 - 01098752 _____ (Microsoft Corporation) C:\WINDOWS\system32\dosvc.dll 2016-03-09 10:16 - 2016-02-24 06:57 - 02158592 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll 2016-03-09 10:16 - 2016-02-24 06:43 - 00184320 _____ (Microsoft Corporation) C:\WINDOWS\system32\fwbase.dll 2016-03-09 10:16 - 2016-02-24 06:22 - 00163328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fwbase.dll 2016-03-09 08:23 - 2016-03-09 08:23 - 00000000 ____D C:\Users\Beatrix\AppData\Local\{F813122E-F8A0-40C7-B112-D3A06CE322F9} 2016-03-08 13:37 - 2016-03-08 13:37 - 00000000 ____D C:\Users\Beatrix\AppData\Local\{874F3B82-C705-438B-9CD4-C6A4FE643210} 2016-03-07 19:55 - 2016-03-07 19:55 - 00000000 ____D C:\Users\Beatrix\AppData\Local\{0BABA8BB-6B7B-483D-B86A-C90B9DA5E3C7} 2016-03-07 07:55 - 2016-03-07 07:55 - 00000000 ____D C:\Users\Beatrix\AppData\Local\{B624DC56-265C-422F-B069-8DD580EF448C} 2016-03-06 13:01 - 2016-03-06 13:02 - 00000000 ____D C:\Users\Beatrix\AppData\Local\{0C5F82E3-074D-44EE-B1F3-91672A0758BB} 2016-03-06 10:20 - 2016-03-06 10:23 - 00000000 ____D C:\Users\Beatrix\Desktop\Thema Krankheit 2016-03-05 18:20 - 2016-03-05 18:20 - 00000000 ____D C:\Users\Beatrix\AppData\Local\{1D59F6C8-D714-44FE-A319-DB75F44E0AB8} 2016-03-04 19:44 - 2016-03-04 19:45 - 00000000 ____D C:\Users\Beatrix\AppData\Local\{D1816772-3CE7-4D99-B452-5095A0E44921} 2016-03-04 07:45 - 2016-03-04 07:45 - 05404312 _____ (Avira Operations GmbH & Co. KG) C:\Users\Beatrix\Downloads\avira_de_aapd0_48230367_nx7de4b0zlmruccxjdzb_wd.exe 2016-03-04 07:44 - 2016-03-04 07:44 - 00000000 ____D C:\Users\Beatrix\AppData\Local\{BFBFC8CA-CA2B-4E7F-A26A-E2B5C9E78498} 2016-03-03 14:09 - 2016-03-03 14:09 - 00000000 ____D C:\Users\Beatrix\AppData\Local\{57EDA35C-2621-463D-B5A3-8DE9B6CFEFC6} 2016-03-02 20:34 - 2016-03-02 20:34 - 00000000 ____D C:\Users\Beatrix\AppData\Local\{582E39A0-75FF-4E2D-989E-FEB39A7FA011} 2016-03-02 07:40 - 2016-03-02 07:40 - 00000000 ____D C:\Users\Beatrix\AppData\Local\{CAC6792F-B7E0-414B-B4B8-59715CDDC44D} 2016-03-02 07:27 - 2016-02-23 12:25 - 01818696 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll 2016-03-02 07:27 - 2016-02-23 11:34 - 01542816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll 2016-03-02 07:27 - 2016-02-23 11:32 - 08705672 _____ (Microsoft Corp.) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll 2016-03-02 07:27 - 2016-02-23 11:32 - 00369912 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiodg.exe 2016-03-02 07:27 - 2016-02-23 11:31 - 00536256 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSes.dll 2016-03-02 07:27 - 2016-02-23 10:38 - 06952088 _____ (Microsoft Corp.) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll 2016-03-02 07:27 - 2016-02-23 10:27 - 21124344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll 2016-03-02 07:27 - 2016-02-23 09:58 - 00069632 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininetlui.dll 2016-03-02 07:27 - 2016-02-23 09:28 - 00275456 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll 2016-03-02 07:27 - 2016-02-23 09:09 - 01054208 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll 2016-03-02 07:27 - 2016-02-23 09:06 - 00065536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininetlui.dll 2016-03-02 07:27 - 2016-02-23 09:06 - 00045568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jsproxy.dll 2016-03-02 07:27 - 2016-02-23 09:00 - 02624512 _____ (Microsoft Corporation) C:\WINDOWS\system32\InputService.dll 2016-03-02 07:27 - 2016-02-23 08:58 - 00345600 _____ (Microsoft Corporation) C:\WINDOWS\system32\TextInputFramework.dll 2016-03-02 07:27 - 2016-02-23 08:30 - 01731584 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll 2016-03-02 07:27 - 2016-02-23 08:24 - 02755584 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll 2016-03-02 07:27 - 2016-02-23 08:22 - 01944576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InputService.dll 2016-03-02 07:27 - 2016-02-23 08:21 - 00245760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TextInputFramework.dll 2016-03-02 07:27 - 2016-02-23 07:59 - 01500672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll 2016-03-02 07:27 - 2016-02-23 07:55 - 04894208 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll 2016-03-02 07:27 - 2016-02-23 07:55 - 02229760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll 2016-03-02 07:27 - 2016-02-23 07:52 - 11545600 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll 2016-03-02 07:27 - 2016-02-23 07:50 - 09919488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll 2016-03-02 07:27 - 2016-02-23 07:39 - 13382656 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll 2016-03-02 07:27 - 2016-02-23 07:36 - 12125696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll 2016-03-02 07:27 - 2016-02-23 07:36 - 03666432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll 2016-03-02 07:27 - 2016-02-09 04:24 - 00641536 _____ (Microsoft Corporation) C:\WINDOWS\system32\enterprisecsps.dll 2016-03-02 07:27 - 2016-02-09 04:07 - 01626624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmcore.dll 2016-03-02 07:27 - 2016-02-09 04:04 - 01946624 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll 2016-03-02 07:26 - 2016-02-23 11:21 - 22564328 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll 2016-03-02 07:26 - 2016-02-23 09:58 - 00052224 _____ (Microsoft Corporation) C:\WINDOWS\system32\jsproxy.dll 2016-03-02 07:26 - 2016-02-23 08:52 - 00456704 _____ (Microsoft Corporation) C:\WINDOWS\system32\ipnathlp.dll 2016-03-02 07:25 - 2016-02-23 10:45 - 02773096 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d11.dll 2016-03-02 07:25 - 2016-02-23 10:30 - 02919320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll 2016-03-02 07:25 - 2016-02-23 09:02 - 01318912 _____ (Microsoft Corporation) C:\WINDOWS\system32\wifinetworkmanager.dll 2016-03-02 07:25 - 2016-02-23 07:39 - 02581504 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFMediaEngine.dll 2016-03-02 07:25 - 2016-02-23 07:30 - 02061312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFMediaEngine.dll 2016-03-02 07:24 - 2016-02-23 12:27 - 02654872 _____ C:\WINDOWS\system32\CoreUIComponents.dll 2016-03-02 07:24 - 2016-02-23 12:25 - 02152288 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys 2016-03-02 07:24 - 2016-02-23 11:34 - 01859960 _____ C:\WINDOWS\SysWOW64\CoreUIComponents.dll 2016-03-02 07:24 - 2016-02-23 11:32 - 02544264 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll 2016-03-02 07:24 - 2016-02-23 11:32 - 01152328 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfasfsrcsnk.dll 2016-03-02 07:24 - 2016-02-23 11:32 - 01062480 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmp4srcsnk.dll 2016-03-02 07:24 - 2016-02-23 11:31 - 01017032 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsrcsnk.dll 2016-03-02 07:24 - 2016-02-23 11:31 - 00819648 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmpeg2srcsnk.dll 2016-03-02 07:24 - 2016-02-23 11:31 - 00408120 _____ (Microsoft Corporation) C:\WINDOWS\system32\AUDIOKSE.dll 2016-03-02 07:24 - 2016-02-23 11:25 - 03671888 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll 2016-03-02 07:24 - 2016-02-23 10:38 - 02180136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll 2016-03-02 07:24 - 2016-02-23 10:38 - 00980352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfasfsrcsnk.dll 2016-03-02 07:24 - 2016-02-23 10:38 - 00895080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfsrcsnk.dll 2016-03-02 07:24 - 2016-02-23 10:38 - 00882720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmp4srcsnk.dll 2016-03-02 07:24 - 2016-02-23 10:37 - 00713824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmpeg2srcsnk.dll 2016-03-02 07:24 - 2016-02-23 09:56 - 02186864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d11.dll 2016-03-02 07:24 - 2016-02-23 09:37 - 00617984 _____ (Microsoft Corporation) C:\WINDOWS\system32\StorSvc.dll 2016-03-02 07:24 - 2016-02-23 09:29 - 00591872 _____ (Microsoft Corporation) C:\WINDOWS\system32\SmsRouterSvc.dll 2016-03-02 07:24 - 2016-02-23 09:12 - 00852480 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.dll 2016-03-02 07:24 - 2016-02-23 09:06 - 01213440 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwansvc.dll 2016-03-02 07:24 - 2016-02-23 09:04 - 01131520 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Audio.dll 2016-03-02 07:24 - 2016-02-23 08:24 - 01105920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Audio.dll 2016-03-02 07:24 - 2016-02-23 08:17 - 02635264 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Logon.dll 2016-03-02 07:24 - 2016-02-23 07:41 - 02912256 _____ (Microsoft Corporation) C:\WINDOWS\system32\CertEnroll.dll 2016-03-02 07:23 - 2016-02-23 11:33 - 00696160 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupEngine.dll 2016-03-02 07:23 - 2016-02-23 11:32 - 00498448 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFCaptureEngine.dll 2016-03-02 07:23 - 2016-02-23 10:38 - 00450912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFCaptureEngine.dll 2016-03-02 07:23 - 2016-02-23 10:20 - 01139712 _____ (Microsoft Corporation) C:\WINDOWS\system32\XblGameSave.dll 2016-03-02 07:23 - 2016-02-23 09:37 - 00274944 _____ (Microsoft Corporation) C:\WINDOWS\system32\DisplayManager.dll 2016-03-02 07:23 - 2016-02-23 09:20 - 00606720 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcmsvc.dll 2016-03-02 07:23 - 2016-02-23 09:19 - 00948736 _____ (Microsoft Corporation) C:\WINDOWS\system32\XblAuthManager.dll 2016-03-02 07:23 - 2016-02-23 09:14 - 00828928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.AccountsControl.dll 2016-03-02 07:23 - 2016-02-23 09:10 - 00997376 _____ (Microsoft Corporation) C:\WINDOWS\system32\schedsvc.dll 2016-03-02 07:23 - 2016-02-23 09:09 - 00870400 _____ (Microsoft Corporation) C:\WINDOWS\system32\modernexecserver.dll 2016-03-02 07:23 - 2016-02-23 09:04 - 00673792 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.dll 2016-03-02 07:23 - 2016-02-23 08:58 - 00175616 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Core.TextInput.dll 2016-03-02 07:23 - 2016-02-23 08:49 - 00200704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DisplayManager.dll 2016-03-02 07:23 - 2016-02-23 08:30 - 00646656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.dll 2016-03-02 07:23 - 2016-02-23 08:24 - 00489984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.dll 2016-03-02 07:23 - 2016-02-23 08:11 - 01390080 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Shell.dll 2016-03-02 07:23 - 2016-02-23 07:53 - 01799168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Logon.dll 2016-03-02 07:23 - 2016-02-23 07:42 - 03425792 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.dll 2016-03-02 07:23 - 2016-02-23 07:35 - 07533568 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstscax.dll 2016-03-02 07:23 - 2016-02-23 07:28 - 06740992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstscax.dll 2016-03-02 07:22 - 2016-02-23 12:29 - 01030416 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi 2016-03-02 07:22 - 2016-02-23 12:29 - 00874968 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe 2016-03-02 07:22 - 2016-02-23 12:27 - 01317640 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi 2016-03-02 07:22 - 2016-02-23 12:27 - 01141504 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe 2016-03-02 07:22 - 2016-02-23 10:39 - 00502112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupEngine.dll 2016-03-02 07:22 - 2016-02-23 10:32 - 00791744 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll 2016-03-02 07:22 - 2016-02-23 10:27 - 00376536 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.MediaControl.dll 2016-03-02 07:22 - 2016-02-23 10:17 - 00649216 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngcsvc.dll 2016-03-02 07:22 - 2016-02-23 09:57 - 00199168 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallAgent.exe 2016-03-02 07:22 - 2016-02-23 09:53 - 00099328 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngckeyenum.dll 2016-03-02 07:22 - 2016-02-23 09:40 - 00074240 _____ (Microsoft Corporation) C:\WINDOWS\system32\SMSRouter.dll 2016-03-02 07:22 - 2016-02-23 09:38 - 00320000 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSFlacDecoder.dll 2016-03-02 07:22 - 2016-02-23 09:37 - 00204288 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupSvc.dll 2016-03-02 07:22 - 2016-02-23 09:36 - 00216576 _____ (Microsoft Corporation) C:\WINDOWS\system32\QuickActionsDataModel.dll 2016-03-02 07:22 - 2016-02-23 09:27 - 00307712 _____ (Microsoft Corporation) C:\WINDOWS\system32\usbmon.dll 2016-03-02 07:22 - 2016-02-23 09:26 - 00372224 _____ (Microsoft Corporation) C:\WINDOWS\system32\MDEServer.exe 2016-03-02 07:22 - 2016-02-23 09:20 - 00493568 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmkvsrcsnk.dll 2016-03-02 07:22 - 2016-02-23 09:19 - 00517632 _____ (Microsoft Corporation) C:\WINDOWS\system32\winspool.drv 2016-03-02 07:22 - 2016-02-23 09:10 - 00474624 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupShim.dll 2016-03-02 07:22 - 2016-02-23 09:09 - 00988160 _____ (Microsoft Corporation) C:\WINDOWS\system32\SharedStartModel.dll 2016-03-02 07:22 - 2016-02-23 09:05 - 00161280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallAgent.exe 2016-03-02 07:22 - 2016-02-23 08:58 - 00163840 _____ (Microsoft Corporation) C:\WINDOWS\system32\TimeBrokerServer.dll 2016-03-02 07:22 - 2016-02-23 08:50 - 00266752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSFlacDecoder.dll 2016-03-02 07:22 - 2016-02-23 08:37 - 00613376 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSync.dll 2016-03-02 07:22 - 2016-02-23 08:36 - 00379392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmkvsrcsnk.dll 2016-03-02 07:22 - 2016-02-23 08:35 - 00400896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winspool.drv 2016-03-02 07:22 - 2016-02-23 08:31 - 00585216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.AccountsControl.dll 2016-03-02 07:22 - 2016-02-23 08:24 - 04827136 _____ (Microsoft Corporation) C:\WINDOWS\system32\ExplorerFrame.dll 2016-03-02 07:22 - 2016-02-23 08:21 - 00133632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Core.TextInput.dll 2016-03-02 07:22 - 2016-02-23 08:14 - 00990720 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncCore.dll 2016-03-02 07:22 - 2016-02-23 08:01 - 02295808 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlansvc.dll 2016-03-02 07:22 - 2016-02-23 07:56 - 04412928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ExplorerFrame.dll 2016-03-02 07:22 - 2016-02-23 07:33 - 02604032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CertEnroll.dll 2016-03-02 07:22 - 2016-02-23 07:32 - 02793472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.dll 2016-03-02 07:22 - 2016-02-09 05:28 - 00277856 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sdbus.sys 2016-03-02 07:22 - 2016-02-09 04:07 - 00086016 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceEnroller.exe 2016-03-02 07:21 - 2016-02-23 12:25 - 00563552 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\acpi.sys 2016-03-02 07:21 - 2016-02-23 12:15 - 00779384 _____ (Microsoft Corporation) C:\WINDOWS\system32\taskschd.dll 2016-03-02 07:21 - 2016-02-23 12:08 - 00989536 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecConfig.efi 2016-03-02 07:21 - 2016-02-23 11:33 - 00389992 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlanapi.dll 2016-03-02 07:21 - 2016-02-23 11:31 - 00476728 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvproc.dll 2016-03-02 07:21 - 2016-02-23 11:22 - 00572272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\taskschd.dll 2016-03-02 07:21 - 2016-02-23 11:17 - 00146272 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\appid.sys 2016-03-02 07:21 - 2016-02-23 10:40 - 00430944 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb.sys 2016-03-02 07:21 - 2016-02-23 10:38 - 00420928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvproc.dll 2016-03-02 07:21 - 2016-02-23 10:20 - 00238592 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\xboxgip.sys 2016-03-02 07:21 - 2016-02-23 10:19 - 00029696 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\xinputhid.sys 2016-03-02 07:21 - 2016-02-23 10:06 - 00129536 _____ (Microsoft Corporation) C:\WINDOWS\system32\flvprophandler.dll 2016-03-02 07:21 - 2016-02-23 09:55 - 00114688 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bridge.sys 2016-03-02 07:21 - 2016-02-23 09:52 - 00087040 _____ (Microsoft Corporation) C:\WINDOWS\system32\MDMAppInstaller.exe 2016-03-02 07:21 - 2016-02-23 09:50 - 00159232 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceCensus.exe 2016-03-02 07:21 - 2016-02-23 09:38 - 00287712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.MediaControl.dll 2016-03-02 07:21 - 2016-02-23 09:34 - 00305664 _____ (Microsoft Corporation) C:\WINDOWS\system32\wifiprofilessettinghandler.dll 2016-03-02 07:21 - 2016-02-23 09:34 - 00189952 _____ (Microsoft Corporation) C:\WINDOWS\system32\WiFiDisplay.dll 2016-03-02 07:21 - 2016-02-23 09:22 - 00567808 _____ (Microsoft Corporation) C:\WINDOWS\system32\MCRecvSrc.dll 2016-03-02 07:21 - 2016-02-23 09:20 - 00847360 _____ (Microsoft Corporation) C:\WINDOWS\system32\netlogon.dll 2016-03-02 07:21 - 2016-02-23 09:18 - 00557056 _____ (Microsoft Corporation) C:\WINDOWS\system32\PsmServiceExtHost.dll 2016-03-02 07:21 - 2016-02-23 09:11 - 00587776 _____ (Microsoft Corporation) C:\WINDOWS\system32\bisrv.dll 2016-03-02 07:21 - 2016-02-23 09:04 - 00382464 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhext.dll 2016-03-02 07:21 - 2016-02-23 09:02 - 00755712 _____ (Microsoft Corporation) C:\WINDOWS\system32\spoolsv.exe 2016-03-02 07:21 - 2016-02-23 08:48 - 00838144 _____ (Microsoft Corporation) C:\WINDOWS\system32\uDWM.dll 2016-03-02 07:21 - 2016-02-23 08:47 - 00157184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WiFiDisplay.dll 2016-03-02 07:21 - 2016-02-23 08:38 - 00480256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MCRecvSrc.dll 2016-03-02 07:21 - 2016-02-23 08:37 - 01118208 _____ (Microsoft Corporation) C:\WINDOWS\system32\localspl.dll 2016-03-02 07:21 - 2016-02-23 08:36 - 00713728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\netlogon.dll 2016-03-02 07:21 - 2016-02-23 08:29 - 00349696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupShim.dll 2016-03-02 07:21 - 2016-02-23 08:28 - 00555520 _____ (Microsoft Corporation) C:\WINDOWS\system32\SyncController.dll 2016-03-02 07:21 - 2016-02-23 08:05 - 00503296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSync.dll 2016-03-02 07:21 - 2016-02-23 07:58 - 00450560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SyncController.dll 2016-03-02 07:21 - 2016-02-23 07:51 - 00754176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncCore.dll 2016-03-02 07:21 - 2016-02-09 05:13 - 00185184 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dumpsd.sys 2016-03-02 07:21 - 2016-02-09 04:18 - 00297472 _____ (Microsoft Corporation) C:\WINDOWS\system32\thumbcache.dll 2016-03-02 07:21 - 2016-02-09 04:18 - 00237056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\thumbcache.dll 2016-03-02 07:20 - 2016-02-23 10:25 - 00534368 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBHUB3.SYS 2016-03-02 07:20 - 2016-02-23 10:12 - 00077824 _____ (Microsoft Corporation) C:\WINDOWS\system32\provpackageapidll.dll 2016-03-02 07:20 - 2016-02-23 10:10 - 00027648 _____ (Microsoft Corporation) C:\WINDOWS\system32\WiFiConfigSP.dll 2016-03-02 07:20 - 2016-02-23 10:07 - 00037376 _____ (Microsoft Corporation) C:\WINDOWS\system32\LaunchWinApp.exe 2016-03-02 07:20 - 2016-02-23 10:07 - 00026112 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlansvcpal.dll 2016-03-02 07:20 - 2016-02-23 10:01 - 00104960 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rasl2tp.sys 2016-03-02 07:20 - 2016-02-23 10:00 - 00069632 _____ (Microsoft Corporation) C:\WINDOWS\system32\EnterpriseDesktopAppMgmtCSP.dll 2016-03-02 07:20 - 2016-02-23 10:00 - 00048640 _____ (Microsoft Corporation) C:\WINDOWS\system32\wfdprov.dll 2016-03-02 07:20 - 2016-02-23 09:58 - 00025088 _____ (Microsoft Corporation) C:\WINDOWS\system32\irmon.dll 2016-03-02 07:20 - 2016-02-23 09:53 - 00115712 _____ (Microsoft Corporation) C:\WINDOWS\system32\srpapi.dll 2016-03-02 07:20 - 2016-02-23 09:48 - 00086528 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppCapture.dll 2016-03-02 07:20 - 2016-02-23 09:48 - 00041984 _____ (Microsoft Corporation) C:\WINDOWS\system32\TimeBrokerClient.dll 2016-03-02 07:20 - 2016-02-23 09:39 - 00178176 _____ (Microsoft Corporation) C:\WINDOWS\system32\psmsrv.dll 2016-03-02 07:20 - 2016-02-23 09:33 - 00558080 _____ (Microsoft Corporation) C:\WINDOWS\system32\MBMediaManager.dll 2016-03-02 07:20 - 2016-02-23 09:32 - 00414720 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcastdvr.exe 2016-03-02 07:20 - 2016-02-23 09:31 - 00463360 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlansec.dll 2016-03-02 07:20 - 2016-02-23 09:23 - 00412672 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlanmsm.dll 2016-03-02 07:20 - 2016-02-23 09:20 - 00330240 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.TestingFramework.dll 2016-03-02 07:20 - 2016-02-23 09:14 - 00029696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LaunchWinApp.exe 2016-03-02 07:20 - 2016-02-23 09:02 - 00285696 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb10.sys 2016-03-02 07:20 - 2016-02-23 08:58 - 00108544 _____ (Microsoft Corporation) C:\WINDOWS\system32\InputLocaleManager.dll 2016-03-02 07:20 - 2016-02-23 08:57 - 00031744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TimeBrokerClient.dll 2016-03-02 07:20 - 2016-02-23 08:36 - 00250880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll 2016-03-02 07:20 - 2016-02-23 08:28 - 00256512 _____ (Microsoft Corporation) C:\WINDOWS\system32\accountaccessor.dll 2016-03-02 07:20 - 2016-02-23 08:20 - 00083456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InputLocaleManager.dll 2016-03-02 06:51 - 2016-03-02 06:57 - 00285292 _____ C:\WINDOWS\Minidump\030216-56125-01.dmp 2016-03-02 06:51 - 2016-03-02 06:51 - 00000000 ____D C:\WINDOWS\Minidump 2016-03-01 10:03 - 2016-03-07 18:40 - 00000000 ____D C:\Users\Beatrix\Documents\Geburtstag2016 2016-03-01 07:44 - 2016-03-01 07:45 - 00000000 ____D C:\Users\Beatrix\Documents\Osteoporose 2016-03-01 07:38 - 2016-03-01 07:38 - 00000000 ____D C:\Users\Beatrix\AppData\Local\{DC38E437-742D-42B1-9547-856B45C05BFC} 2016-02-28 08:28 - 2016-02-28 08:29 - 00000000 ____D C:\Users\Beatrix\AppData\Local\{AEF8D42A-9454-4A38-B23F-518496B1ADA1} 2016-02-27 16:37 - 2016-03-11 07:25 - 00034816 ___SH C:\Users\Beatrix\Desktop\Thumbs.db 2016-02-27 12:56 - 2016-02-27 12:56 - 00000000 ____D C:\Users\Beatrix\AppData\Roaming\CyberLink 2016-02-27 11:14 - 2016-02-27 11:14 - 00000000 ____D C:\Users\Beatrix\AppData\Local\{7DB0FAFA-8073-4334-ACE4-FC82533D20CE} 2016-02-26 20:03 - 2016-02-26 20:03 - 00000000 ____D C:\Users\Beatrix\AppData\Local\{FA78EA90-6666-49AD-9ED0-FB030128CA46} 2016-02-26 08:03 - 2016-02-26 08:03 - 00000000 ____D C:\Users\Beatrix\AppData\Local\{C60AD3C7-8906-4C40-BFC9-5A848FDC51C6} 2016-02-25 07:13 - 2016-02-25 07:13 - 00000000 ____D C:\Users\Beatrix\AppData\Local\{5BA4475D-A1C4-41C5-9E07-CD2C3D23AF6C} 2016-02-24 15:07 - 2016-02-24 15:08 - 00000000 ____D C:\Users\Beatrix\AppData\Local\{F983C8C2-00CC-491B-AFB0-C877DD66EF06} 2016-02-23 09:08 - 2016-02-23 09:08 - 00000000 ____D C:\Users\Beatrix\AppData\Local\{B82D2161-BFC6-430E-AC36-F0E9ACDF7376} 2016-02-22 11:57 - 2016-02-22 11:57 - 00000000 ____D C:\Users\Beatrix\AppData\Local\{87DBE1E2-5404-46C6-8C33-911E28F89BF1} 2016-02-20 12:28 - 2016-03-05 12:50 - 00000000 ____D C:\Users\Beatrix\Documents\Irmgard Walkman 2016-02-19 19:34 - 2016-02-19 19:34 - 00000000 ____D C:\Users\Beatrix\AppData\Local\{83F64F10-19EC-43E7-8568-8BBB86E65F76} 2016-02-18 16:21 - 2016-02-18 16:21 - 00000000 ____D C:\Users\Beatrix\AppData\Local\{52A2B875-A1FE-48C2-ACD6-E94976C18395} 2016-02-16 09:46 - 2016-02-16 09:46 - 00000000 ____D C:\Users\Beatrix\AppData\Local\{F4DFD0E0-D7EF-4792-8A5E-C1330305BE0E} 2016-02-15 14:54 - 2016-02-15 14:54 - 00000000 ____D C:\Users\Beatrix\AppData\Local\{DF0ABD1D-A558-4497-B90C-F1E4B1954E2A} 2016-02-13 21:49 - 2016-02-13 21:49 - 00000000 ____D C:\Users\Beatrix\AppData\Local\{C373C95E-3C43-4113-8133-05F625491910} 2016-02-13 15:57 - 2016-02-27 16:26 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox 2016-02-11 12:54 - 2016-02-11 12:54 - 00000000 ____D C:\Users\Beatrix\AppData\Local\{F2BF8ABA-393F-4CC8-90E3-689F24CF27D9} 2016-02-11 10:26 - 2016-02-11 10:26 - 00000000 ____D C:\Users\Beatrix\AppData\Local\{683C4BD7-70E1-4F47-9F8E-1CA69EAE6981} ==================== Ein Monat: Geänderte Dateien und Ordner ======== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.) 2016-03-12 11:14 - 2013-05-26 18:22 - 00000884 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job 2016-03-12 11:09 - 2013-03-08 16:55 - 00001132 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job 2016-03-12 09:06 - 2015-08-31 08:16 - 00001291 _____ C:\Users\Public\Desktop\Avira Launcher.lnk 2016-03-12 09:05 - 2015-03-10 19:08 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira 2016-03-12 07:58 - 2015-10-30 08:24 - 00000000 ____D C:\WINDOWS\AppReadiness 2016-03-12 07:55 - 2015-03-10 19:13 - 00137952 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avipbb.sys 2016-03-12 07:55 - 2015-03-10 19:13 - 00128664 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avgntflt.sys 2016-03-12 07:55 - 2015-03-10 19:13 - 00068936 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avnetflt.sys 2016-03-12 07:42 - 2015-10-30 08:11 - 00000000 ____D C:\WINDOWS\CbsTemp 2016-03-11 19:09 - 2013-03-08 16:55 - 00001128 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job 2016-03-11 18:43 - 2016-01-08 04:14 - 02086168 _____ C:\WINDOWS\system32\PerfStringBackup.INI 2016-03-11 18:43 - 2015-10-30 19:35 - 00889250 _____ C:\WINDOWS\system32\perfh007.dat 2016-03-11 18:43 - 2015-10-30 19:35 - 00197298 _____ C:\WINDOWS\system32\perfc007.dat 2016-03-11 18:43 - 2015-10-30 08:21 - 00000000 ____D C:\WINDOWS\INF 2016-03-11 18:41 - 2013-03-08 17:04 - 00000000 ____D C:\Users\Beatrix\Documents\Youcam 2016-03-11 18:40 - 2015-10-10 15:49 - 00002433 _____ C:\Users\Beatrix\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk 2016-03-11 18:40 - 2015-10-10 15:49 - 00000000 ___RD C:\Users\Beatrix\OneDrive 2016-03-11 18:36 - 2016-01-08 04:33 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT 2016-03-11 18:36 - 2015-10-30 07:28 - 00262144 ___SH C:\WINDOWS\system32\config\BBI 2016-03-11 07:30 - 2015-10-30 08:24 - 00000000 ___HD C:\Program Files\WindowsApps 2016-03-10 08:56 - 2016-01-08 04:15 - 00000000 ____D C:\Users\Beatrix 2016-03-10 08:53 - 2016-01-08 04:05 - 00226160 _____ C:\WINDOWS\system32\FNTCACHE.DAT 2016-03-10 08:50 - 2015-10-30 08:24 - 00000000 ____D C:\Program Files\Windows Portable Devices 2016-03-10 08:50 - 2015-10-30 08:24 - 00000000 ____D C:\Program Files\Windows Multimedia Platform 2016-03-10 08:50 - 2015-10-30 08:24 - 00000000 ____D C:\Program Files (x86)\Windows Portable Devices 2016-03-10 08:50 - 2015-10-30 08:24 - 00000000 ____D C:\Program Files (x86)\Windows Multimedia Platform 2016-03-08 08:12 - 2015-10-30 08:26 - 00829944 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe 2016-03-08 08:12 - 2015-10-30 08:26 - 00176632 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl 2016-03-05 15:56 - 2013-10-15 10:24 - 00000000 ____D C:\Users\Beatrix\AppData\Roaming\vlc 2016-03-04 07:46 - 2015-03-10 19:08 - 00000000 ____D C:\ProgramData\Package Cache 2016-03-03 13:54 - 2015-10-30 08:24 - 00000000 ____D C:\WINDOWS\rescache 2016-03-02 21:00 - 2015-09-10 06:37 - 00000000 __RHD C:\Users\Public\AccountPictures 2016-03-02 20:57 - 2013-04-27 09:35 - 00000000 ____D C:\Program Files (x86)\McAfee 2016-03-02 20:41 - 2015-10-30 08:24 - 00000000 ____D C:\WINDOWS\system32\WinBioPlugIns 2016-03-02 20:41 - 2015-10-30 08:24 - 00000000 ____D C:\WINDOWS\system32\SystemResetPlatform 2016-03-02 20:41 - 2015-10-30 08:24 - 00000000 ____D C:\WINDOWS\system32\appraiser 2016-03-02 20:41 - 2015-10-30 07:28 - 00000000 ____D C:\WINDOWS\SysWOW64\Dism 2016-03-02 20:41 - 2015-10-30 07:28 - 00000000 ____D C:\WINDOWS\system32\Dism 2016-03-02 20:40 - 2015-10-30 19:44 - 00000000 ____D C:\Program Files\Windows Journal 2016-03-02 20:40 - 2015-10-30 08:24 - 00000000 __RSD C:\WINDOWS\Media 2016-03-02 20:40 - 2015-10-30 08:24 - 00000000 ___RD C:\WINDOWS\PurchaseDialog 2016-03-02 20:40 - 2015-10-30 08:24 - 00000000 ____D C:\WINDOWS\bcastdvr 2016-03-02 06:51 - 2015-08-19 21:13 - 829565502 _____ C:\WINDOWS\MEMORY.DMP 2016-02-27 16:35 - 2015-10-30 07:28 - 00032768 ___SH C:\WINDOWS\system32\config\ELAM 2016-02-27 16:26 - 2013-03-10 06:47 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service 2016-02-27 12:56 - 2012-03-05 11:33 - 00000000 ____D C:\Users\Public\CyberLink 2016-02-27 12:56 - 2012-03-05 11:27 - 00000000 ____D C:\ProgramData\CyberLink 2016-02-22 14:51 - 2015-10-30 08:24 - 00000000 ____D C:\WINDOWS\system32\NDF 2016-02-20 13:12 - 2013-03-08 16:56 - 00002268 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk 2016-02-19 14:49 - 2013-09-19 20:33 - 00000000 ____D C:\Users\Beatrix\Documents\My Digital Editions 2016-02-11 14:33 - 2015-10-30 08:24 - 00000000 ____D C:\WINDOWS\LiveKernelReports ==================== Dateien im Wurzelverzeichnis einiger Verzeichnisse ======= 2013-06-04 17:25 - 2015-11-08 18:55 - 0014848 _____ () C:\Users\Beatrix\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini Einige Dateien in TEMP: ==================== C:\Users\Beatrix\AppData\Local\Temp\avgnt.exe ==================== Bamital & volsnap ================= (Es ist kein automatischer Fix für Dateien vorhanden, die an der Verifikation gescheitert sind.) C:\WINDOWS\system32\winlogon.exe => Datei ist digital signiert C:\WINDOWS\system32\wininit.exe => Datei ist digital signiert C:\WINDOWS\explorer.exe => Datei ist digital signiert C:\WINDOWS\SysWOW64\explorer.exe => Datei ist digital signiert C:\WINDOWS\system32\svchost.exe => Datei ist digital signiert C:\WINDOWS\SysWOW64\svchost.exe => Datei ist digital signiert C:\WINDOWS\system32\services.exe => Datei ist digital signiert C:\WINDOWS\system32\User32.dll => Datei ist digital signiert C:\WINDOWS\SysWOW64\User32.dll => Datei ist digital signiert C:\WINDOWS\system32\userinit.exe => Datei ist digital signiert C:\WINDOWS\SysWOW64\userinit.exe => Datei ist digital signiert C:\WINDOWS\system32\rpcss.dll => Datei ist digital signiert C:\WINDOWS\system32\dnsapi.dll => Datei ist digital signiert C:\WINDOWS\SysWOW64\dnsapi.dll => Datei ist digital signiert C:\WINDOWS\system32\Drivers\volsnap.sys => Datei ist digital signiert LastRegBack: 2016-03-07 09:06 ==================== Ende von FRST.txt ============================ Code:
ATTFilter additions.txt Zusätzliches Untersuchungsergebnis von Farbar Recovery Scan Tool (x64) Version:05-03-2016 01 durchgeführt von Beatrix (2016-03-12 16:08:02) Gestartet von C:\Users\Beatrix\Desktop Windows 10 Home Version 1511 (X64) (2016-01-08 03:38:08) Start-Modus: Normal ========================================================== ==================== Konten: ============================= Administrator (S-1-5-21-2384618903-2837397961-1632789598-500 - Administrator - Disabled) Beatrix (S-1-5-21-2384618903-2837397961-1632789598-1000 - Administrator - Enabled) => C:\Users\Beatrix DefaultAccount (S-1-5-21-2384618903-2837397961-1632789598-503 - Limited - Disabled) Gast (S-1-5-21-2384618903-2837397961-1632789598-501 - Limited - Disabled) HomeGroupUser$ (S-1-5-21-2384618903-2837397961-1632789598-1002 - Limited - Enabled) ==================== Sicherheits-Center ======================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er entfernt.) AV: Avira Antivirus (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859} AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: Avira Antivirus (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4} AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ==================== Installierte Programme ====================== (Nur Adware-Programme mit dem Zusatz "Hidden" können in die Fixlist aufgenommen werden, um sie sichtbar zu machen. Die Adware-Programme sollten manuell deinstalliert werden.) Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.1.0.4880 - Adobe Systems Incorporated) Adobe Digital Editions 2.0 (HKLM-x32\...\Adobe Digital Editions 2.0) (Version: 2.0.1 - Adobe Systems Incorporated) Adobe Flash Player 20 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 20.0.0.306 - Adobe Systems Incorporated) Adobe Reader XI (11.0.13) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.13 - Adobe Systems Incorporated) Albelli Fotobücher (HKU\S-1-5-21-2384618903-2837397961-1632789598-1000\...\{EE20E438-B675-4421-AB07-928F0EC9FB22}_is1) (Version: - Albelli) Amazon MP3-Downloader 1.0.18 (HKU\S-1-5-21-2384618903-2837397961-1632789598-1000\...\Amazon MP3-Downloader) (Version: 1.0.18 - Amazon Services LLC) Audacity 2.1.1 (HKLM-x32\...\Audacity®_is1) (Version: 2.1.1 - Audacity Team) Avira Antivirus (HKLM-x32\...\Avira Antivirus) (Version: 15.0.16.282 - Avira Operations GmbH & Co. KG) Avira Launcher (HKLM-x32\...\{3b87484e-d70b-4b4f-ad59-2ae89571e2cf}) (Version: 1.1.56.9119 - Avira Operations GmbH & Co. KG) Avira Launcher (x32 Version: 1.1.56.9119 - Avira Operations GmbH & Co. KG) Hidden Caesar 3 (HKLM-x32\...\Caesar 3) (Version: - ) Control ActiveX de Windows Live Mesh para conexiones remotas (HKLM-x32\...\{04668DF2-D32F-4555-9C7E-35523DCD6544}) (Version: 15.4.5722.2 - Microsoft Corporation) Contrôle ActiveX Windows Live Mesh pour connexions à distance (HKLM-x32\...\{55D003F4-9599-44BF-BA9E-95D060730DD3}) (Version: 15.4.5722.2 - Microsoft Corporation) Controlo ActiveX do Windows Live Mesh para Ligações Remotas (HKLM-x32\...\{E54EEB5D-41ED-40FE-B4A8-8565DB81469B}) (Version: 15.4.5722.2 - Microsoft Corporation) CyberLink LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.3624 - CyberLink Corp.) CyberLink Power2Go (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 7.0.0.1327 - CyberLink Corp.) CyberLink PowerDVD Copy (HKLM-x32\...\InstallShield_{E3D04529-6EDB-11D8-A372-0050BAE317E1}) (Version: 1.5.1306 - CyberLink Corp.) CyberLink PowerRecover (HKLM-x32\...\InstallShield_{44B2A0AB-412E-4F8C-B058-D1E8AECCDFF5}) (Version: 5.5.4125 - CyberLink Corp.) CyberLink YouCam 5 (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 5.0.1313 - CyberLink Corp.) D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden dm-Fotowelt (HKLM-x32\...\dm-Fotowelt) (Version: 6.1.1 - CEWE Stiftung u Co. KGaA) Dolby Advanced Audio v2 (HKLM-x32\...\{B9E70C7A-9F85-4A39-A4A3-BFA3C3BF7613}) (Version: 7.2.7000.11 - Dolby Laboratories Inc) foobar2000 v1.2.5 (HKLM-x32\...\foobar2000) (Version: 1.2.5 - Peter Pawlowski) Formant ActiveX programu Windows Live Mesh odpowiedzialny za obsługę połączeń zdalnych (HKLM-x32\...\{B04A0E2F-1E4C-4E61-B18E-3B2BD6779CA7}) (Version: 15.4.5722.2 - Microsoft Corporation) Fotogalerija Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Free YouTube to MP3 Converter version 3.12.20.1230 (HKLM-x32\...\Free YouTube to MP3 Converter_is1) (Version: 3.12.20.1230 - DVDVideoSoft Ltd.) Galeria de Fotografias do Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Galería fotográfica de Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Galeria fotografii usługi Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Galerie de photos Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Garmin BaseCamp (HKLM-x32\...\{B27D272F-2860-4363-9803-956C0A9FAFB9}) (Version: 4.1.2 - Garmin Ltd or its subsidiaries) Garmin MapSource (HKLM-x32\...\{AFBAB9A0-DDE8-49AE-8C17-A01B61BEE64B}) (Version: 6.16.3 - Garmin Ltd or its subsidiaries) Garmin USB Drivers (HKLM-x32\...\{510D2239-6C2E-457B-9590-485EC552D94D}) (Version: 2.3.0.0 - Garmin Ltd or its subsidiaries) Google Chrome (HKLM-x32\...\Google Chrome) (Version: 48.0.2564.116 - Google Inc.) Google Earth (HKLM-x32\...\{817750FA-EC6A-485D-9901-0683AE6FFDF1}) (Version: 7.1.5.1557 - Google) Google Update Helper (x32 Version: 1.3.29.5 - Google Inc.) Hidden GPSBabel 1.4.4 (HKLM-x32\...\{1B8FE958-A304-4902-BF7A-4E2F0F5B7017}_is1) (Version: - GPSBabel) Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.0.0.1351 - Intel Corporation) Intel(R) OpenCL CPU Runtime (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: - Intel Corporation) Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2618 - Intel Corporation) Intel(R) PROSet/Wireless Software for Bluetooth(R) Technology (HKLM\...\{F0932859-AA60-459E-B843-0BDECA34E2C7}) (Version: 2.0.0.0086 - Intel Corporation) Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.0.0.1032 - Intel Corporation) Intel(R) USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 1.0.1.209 - Intel Corporation) Intel(R) WiDi (HKLM-x32\...\{93F34C5C-ACAA-48F3-9B26-70359A117F12}) (Version: 3.0.12.0 - Intel Corporation) Intel(R) Wireless Display (HKLM\...\{28EF7372-9087-4AC3-9B9F-D9751FCDF830}) (Version: - ) Intel® PROSet/Wireless WiFi Software (HKLM\...\{DF7756DD-656A-45C3-BA71-74673E8259A9}) (Version: 15.00.0000.0708 - Intel Corporation) Intel® Trusted Connect Service Client (HKLM\...\{6199B534-A1B6-46ED-873B-97B0ECF8F81E}) (Version: 1.23.216.0 - Intel Corporation) IrfanView (remove only) (HKLM-x32\...\IrfanView) (Version: 4.35 - Irfan Skiljan) Java(TM) 7 Update 2 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86417002FF}) (Version: 7.0.20 - Oracle) Java(TM) 7 Update 2 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217002FF}) (Version: 7.0.20 - Oracle) Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Kontrolnik Windows Live Mesh ActiveX za oddaljene povezave (HKLM-x32\...\{CA227A9D-09BE-4BFB-9764-48FED2DA5454}) (Version: 15.4.5722.2 - Microsoft Corporation) Malwarebytes Anti-Malware Version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation) McAfee WebAdvisor (HKLM-x32\...\{35ED3F83-4BDC-4c44-8EC6-6A8301C7413A}) (Version: 4.0.173 - McAfee, Inc.) Medion Home Cinema (HKLM-x32\...\InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}) (Version: 8.0.3216 - CyberLink Corp.) Medion Home Cinema (x32 Version: 8.0.3216 - CyberLink Corp.) Hidden Memeo Instant Backup (HKLM-x32\...\{8E666407-AC41-46a2-9692-6C7BFCBFDD37}) (Version: 4.60.0.7943 - Memeo Inc.) Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation) Microsoft Office Word Viewer 2003 (HKLM-x32\...\{90850407-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation) Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.41212.0 - Microsoft Corporation) Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation) Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (HKLM\...\{B6E3757B-5E77-3915-866A-CCFC4B8D194C}) (Version: 8.0.50727.4053 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{6AFCA4E1-9B78-3640-8F72-A7BF33448200}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Mozilla Firefox 44.0.2 (x86 de) (HKLM-x32\...\Mozilla Firefox 44.0.2 (x86 de)) (Version: 44.0.2 - Mozilla) Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 44.0.2.5884 - Mozilla) Mp3tag v2.55 (HKLM-x32\...\Mp3tag) (Version: v2.55 - Florian Heidenreich) MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation) OpenOffice.org 3.4.1 (HKLM-x32\...\{2303AEEA-0FA8-4AFD-80A9-8F86BA4B44D2}) (Version: 3.41.9593 - Apache Software Foundation) PDF24 Creator 6.9.2 (HKLM-x32\...\{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1) (Version: - PDF24.org) PHotkey (HKLM-x32\...\{E50C224A-BBF2-428D-9DCF-DBF9DF85C40E}) (Version: 1.00.0055 - Pegatron Corporation) PlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation) Poczta usługi Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Podstawowe programy Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Pošta Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Raccolta foto di Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.48.823.2011 - Realtek) Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6559 - Realtek Semiconductor Corp.) Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.7600.30127 - Realtek Semiconductor Corp.) Sierra-Dienstprogramme (HKLM-x32\...\Sierra-Dienstprogramme) (Version: - ) Smart View 2.0 (HKLM-x32\...\{FBAAAFAE-08A8-4C63-87EA-4AEA9DEE53E1}) (Version: 1.0.0.0 - Samsung) Spelling Dictionaries Support For Adobe Reader X (HKLM-x32\...\{AC76BA86-7AD7-5464-3428-A00000000004}) (Version: 10.0.0 - Adobe Systems Incorporated) Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 19.0.19.1 - Synaptics Incorporated) Uzak Bağlantılar İçin Windows Live Mesh ActiveX Denetimi (HKLM-x32\...\{241E7104-937A-4366-AD57-8FDDDB003939}) (Version: 15.4.5722.2 - Microsoft Corporation) VLC media player 2.1.0 (HKLM-x32\...\VLC media player) (Version: 2.1.0 - VideoLAN) watchmi (HKLM-x32\...\{F0559C5E-7912-4391-B1A0-6B975F0E5064}) (Version: 3.0.0 - Axel Springer Digital TV Guide GmbH) Windows Driver Package - Garmin (grmnusb) GARMIN Devices (06/03/2009 2.3.0.0) (HKLM\...\49CF605F02C7954F4E139D18828DE298CD59217C) (Version: 06/03/2009 2.3.0.0 - Garmin) Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3538.0513 - Microsoft Corporation) Windows Live Mesh - ActiveX-besturingselement voor externe verbindingen (HKLM-x32\...\{C32CE55C-12BA-4951-8797-0967FDEF556F}) (Version: 15.4.5722.2 - Microsoft Corporation) Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation) Windows Live Mesh ActiveX control for remote connections (HKLM-x32\...\{C5398A89-516C-4DAF-BA07-EE7949090E56}) (Version: 15.4.5722.2 - Microsoft Corporation) Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{C63A1E60-B6A4-440B-89A5-1FC6E4AC1C94}) (Version: 15.4.5722.2 - Microsoft Corporation) Windows Live Mesh ActiveX-objekt til fjernforbindelser (HKLM-x32\...\{57220148-3B2B-412A-A2E0-82B9DF423696}) (Version: 15.4.5722.2 - Microsoft Corporation) Windows Live Mesh ActiveX-vezérlő távoli kapcsolatokhoz (HKLM-x32\...\{6E29C4F7-C2C2-4B18-A15C-E09B92065F15}) (Version: 15.4.5722.2 - Microsoft Corporation) Στοιχείο ελέγχου ActiveX του Windows Live Mesh για απομακρυσμένες συνδέσεις (HKLM-x32\...\{F665F3B8-01B4-46A9-8E47-FF8DC2208C9F}) (Version: 15.4.5722.2 - Microsoft Corporation) Συλλογή φωτογραφιών του Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden ==================== Benutzerdefinierte CLSID (Nicht auf der Ausnahmeliste): ========================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.) CustomCLSID: HKU\S-1-5-21-2384618903-2837397961-1632789598-1000_Classes\CLSID\{71DCE5D6-4B57-496B-AC21-CD5B54EB93FD}\localserver32 -> C:\Users\Beatrix\AppData\Local\Microsoft\OneDrive\17.3.6302.0225\FileCoAuth.exe (Microsoft Corporation) ==================== Geplante Aufgaben (Nicht auf der Ausnahmeliste) ============= (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.) Task: {097C36B8-81DC-4BEA-919A-FD1C4C233811} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW2 => C:\Windows\ehome\ehPrivJob.exe Task: {0C222B2C-DC64-486B-9583-6E6125F05032} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> Keine Datei <==== ACHTUNG Task: {198D9B8F-48BC-49CA-8AF6-55C76A2C5BCD} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> Keine Datei <==== ACHTUNG Task: {2355C731-6C76-4C92-B3DC-F639B5F3D1B4} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> Keine Datei <==== ACHTUNG Task: {2EEDF5C1-D242-4A99-B355-0192A079090D} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> Keine Datei <==== ACHTUNG Task: {35E0BC33-9A72-43FA-ACEB-6CB93B0A21B0} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-27] (Google Inc.) Task: {3B6A2309-D4C0-4A87-B670-CF5B8479F344} - System32\Tasks\Microsoft\Windows\Media Center\SqlLiteRecoveryTask => C:\Windows\ehome\mcupdate.exe Task: {3CD156C6-DFBA-4CB7-BF1B-DAC033CC0EC8} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-27] (Google Inc.) Task: {42A5C358-5BB4-4334-BD4C-D6E5FFB25E85} - System32\Tasks\Microsoft\Microsoft Antimalware\Microsoft Antimalware Scheduled Scan => C:\Program Files\Microsoft Security Client\MpCmdRun.exe Task: {45B409AD-034D-4F23-A99B-072DEF830C85} - System32\Tasks\Microsoft\Windows\Media Center\RegisterSearch => C:\Windows\ehome\ehPrivJob.exe Task: {518A8FF8-3A69-4617-A81E-E3BC74AD360A} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> Keine Datei <==== ACHTUNG Task: {582CE772-BC1A-4AAE-95A9-612E3F71F407} - System32\Tasks\Microsoft\Windows\Media Center\OCURActivate => C:\Windows\ehome\ehPrivJob.exe Task: {72BBEF92-3230-482B-BB2E-2D66919CAE87} - System32\Tasks\Microsoft\Windows\Media Center\ReindexSearchRoot => C:\Windows\ehome\ehPrivJob.exe Task: {77F5B80E-AF17-4BD9-8454-0BDC371A11CE} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> Keine Datei <==== ACHTUNG Task: {7B633E8E-FD12-41D5-90E4-6553C9824650} - System32\Tasks\{7704A5E5-F5BA-4F6B-B907-D3175679062F} => pcalua.exe -a C:\dell\drivers\R153052\Setup.exe -d C:\dell\drivers\R153052 Task: {803D698F-2E53-48EF-875C-2278DF667F47} - System32\Tasks\Microsoft\Windows\Media Center\PeriodicScanRetry => C:\Windows\ehome\MCUpdate.exe Task: {81C9863B-7FA7-4B5B-8724-6D0B80E88929} - System32\Tasks\Microsoft\Windows\Media Center\MediaCenterRecoveryTask => C:\Windows\ehome\mcupdate.exe Task: {847254FD-28E2-4448-8057-B552E5D0D78B} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2016-02-10] (Microsoft Corporation) Task: {8B06F82D-A2F9-4620-B1CD-9FE4061DC117} - System32\Tasks\Microsoft\Windows\Media Center\OCURDiscovery => C:\Windows\ehome\ehPrivJob.exe Task: {8DE30295-826F-4168-AD47-4F9D52839639} - System32\Tasks\YCMServiceAgent => C:\Program Files (x86)\CyberLink\YouCam\YouCamService.exe [2012-01-13] (CyberLink Corp.) Task: {9194065C-75CF-4E5D-90ED-6636D4121B42} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> Keine Datei <==== ACHTUNG Task: {9648AF3A-DADE-4097-B339-9C443048B6BB} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> Keine Datei <==== ACHTUNG Task: {98B90AFC-90ED-4693-963E-105AEAA957E8} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_ERROR_HB => C:\WINDOWS\system32\MRT.exe [2016-02-10] (Microsoft Corporation) Task: {A6D99E90-19F8-4BD5-BD23-06C801D52651} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-12-13] (Adobe Systems Incorporated) Task: {AD7FAB58-15DC-4E7D-A4E1-60EE5974B9B7} - System32\Tasks\Microsoft\Windows\Media Center\UpdateRecordPath => C:\Windows\ehome\ehPrivJob.exe Task: {AF420AC6-CA29-4854-8452-097F3807D77A} - System32\Tasks\Microsoft\Windows\Media Center\ObjectStoreRecoveryTask => C:\Windows\ehome\mcupdate.exe Task: {AF6968CB-3E21-41FA-B1A8-61C69C218954} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> Keine Datei <==== ACHTUNG Task: {B5F353CE-6293-49C1-8158-8E7C22EB387F} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate => C:\Windows\ehome\mcupdate.exe Task: {BD2B3A81-5556-404C-80F1-DD22E14AB662} - System32\Tasks\Microsoft\Windows\Media Center\ConfigureInternetTimeService => C:\Windows\ehome\ehPrivJob.exe Task: {BDBDC914-38F2-46FF-BD95-416907B1EE4B} - System32\Tasks\Microsoft\Windows\Media Center\InstallPlayReady => C:\Windows\ehome\ehPrivJob.exe Task: {C563629E-5497-4215-BC3B-DD04C07296C4} - System32\Tasks\Microsoft\Windows\Media Center\PvrScheduleTask => C:\Windows\ehome\mcupdate.exe Task: {CCD1963F-9C59-4686-AC1B-2DCDF36F512C} - System32\Tasks\Microsoft\Windows\Media Center\DispatchRecoveryTasks => C:\Windows\ehome\ehPrivJob.exe Task: {D24F4A6C-D68F-4228-A0D3-396DBF5E0385} - System32\Tasks\Microsoft\Windows\Media Center\ActivateWindowsSearch => C:\Windows\ehome\ehPrivJob.exe Task: {D6BDD73A-E61D-4BC5-A3B1-DDEA50ADEDA0} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscovery => C:\Windows\ehome\ehPrivJob.exe Task: {E02CD7CB-CDFE-4697-ADD4-F994838C1CC7} - System32\Tasks\Microsoft\Windows\Media Center\StartRecording => C:\Windows\ehome\ehrec.exe Task: {E0A2C520-6FE9-4E4E-95C8-33B4BE9805D0} - System32\Tasks\Microsoft\Windows\Media Center\RecordingRestart => C:\Windows\ehome\ehrec.exe Task: {E322C6CD-9F57-4B26-8521-F41673C27A8A} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> Keine Datei <==== ACHTUNG Task: {E6127866-8945-4453-B377-341872E47C62} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW1 => C:\Windows\ehome\ehPrivJob.exe Task: {EDCBC82A-6F80-4802-BADA-9E31595766CC} - System32\Tasks\Microsoft\Windows\Media Center\ehDRMInit => C:\Windows\ehome\ehPrivJob.exe Task: {F0A4E3D5-172A-4BF0-9BCB-F05BD39E75F2} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate_scheduled => C:\Windows\ehome\mcupdate.exe Task: {F0BD0592-FDCA-4385-84FC-E0BD7AFC8AA7} - System32\Tasks\Microsoft\Windows\Media Center\PvrRecoveryTask => C:\Windows\ehome\mcupdate.exe Task: {F1DA1220-BB63-44EE-A193-2C8D31E83878} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-02-10] (Adobe Systems Incorporated) Task: {F956FB20-C403-42FA-BE07-3C0854BE2176} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> Keine Datei <==== ACHTUNG (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Aufgabe verschoben. Die Datei, die durch die Aufgabe gestartet wird, wird nicht verschoben.) Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe ==================== Verknüpfungen ============================= (Die Einträge können gelistet werden, um sie zurückzusetzen oder zu entfernen.) ==================== Geladene Module (Nicht auf der Ausnahmeliste) ============== 2015-10-30 08:18 - 2015-10-30 08:18 - 00185856 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll 2012-03-05 18:17 - 2009-12-19 00:40 - 00104968 _____ () C:\Program Files (x86)\PHotkey\ASLDRSrv.exe 2012-03-05 18:17 - 2011-10-13 23:38 - 00156672 _____ () C:\Program Files (x86)\PHotkey\GFNEXSrv.exe 2016-03-02 07:24 - 2016-02-23 12:27 - 02654872 _____ () C:\WINDOWS\system32\CoreUIComponents.dll 2016-03-02 07:24 - 2016-02-23 12:27 - 02654872 _____ () C:\WINDOWS\System32\CoreUIComponents.dll 2012-03-05 18:17 - 2010-01-13 02:36 - 00117256 _____ () C:\Program Files (x86)\PHotkey\MsgTranAgt.exe 2012-03-05 18:17 - 2010-01-13 02:36 - 00121864 _____ () C:\Program Files (x86)\PHotkey\MsgTranAgt64.exe 2016-01-13 13:19 - 2016-01-05 02:29 - 07992832 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll 2016-01-13 13:19 - 2016-01-05 02:23 - 00591360 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll 2016-02-04 18:15 - 2016-01-16 06:10 - 02483200 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll 2016-02-04 18:15 - 2016-01-16 06:13 - 04089856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll 2016-01-13 13:19 - 2016-01-05 02:24 - 00936960 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Actions.dll 2015-06-01 20:00 - 2015-06-01 20:00 - 00102912 _____ () C:\Windows\System32\IccLibDll_x64.dll 2016-02-08 07:43 - 2016-02-08 07:44 - 00144384 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.13.20000.0_x86__8wekyb3d8bbwe\SkypeHost.exe 2016-03-04 07:17 - 2016-03-04 07:18 - 00016384 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_16.302.8200.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe 2016-03-04 07:17 - 2016-03-04 07:18 - 16062976 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_16.302.8200.0_x64__8wekyb3d8bbwe\Microsoft.Photos.dll 2016-03-04 07:17 - 2016-03-04 07:18 - 00291328 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_16.302.8200.0_x64__8wekyb3d8bbwe\StoreRatingPromotion.dll 2016-01-08 03:58 - 2016-01-08 03:58 - 00093696 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\Windows.UI.Shell.SharedUtilities.dll 2016-03-02 07:22 - 2016-02-23 09:36 - 00472064 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\QuickActions.dll 2010-08-04 00:39 - 2010-08-04 00:39 - 00619816 _____ () C:\Program Files (x86)\CyberLink\Power2Go\CLMediaLibrary.dll 2010-08-04 00:39 - 2010-08-04 00:39 - 00013096 _____ () C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvcPS.dll 2012-03-05 17:55 - 2011-11-30 05:00 - 00059392 _____ () C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IsdiInterop.dll 2012-03-05 17:47 - 2011-12-16 10:39 - 01198872 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\ACE.dll 2016-02-08 07:43 - 2016-02-08 07:44 - 00141312 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.13.20000.0_x86__8wekyb3d8bbwe\SkypeBackgroundTasks.dll 2016-02-08 07:43 - 2016-02-08 07:44 - 22330368 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.13.20000.0_x86__8wekyb3d8bbwe\SkyWrap.dll ==================== Alternate Data Streams (Nicht auf der Ausnahmeliste) ========= (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird nur der ADS entfernt.) ==================== Abgesicherter Modus (Nicht auf der Ausnahmeliste) =================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Der Wert "AlternateShell" wird wiederhergestellt.) ==================== EXE Verknüpfungen (Nicht auf der Ausnahmeliste) =============== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt.) ==================== Internet Explorer Vertrauenswürdig/Eingeschränkt =============== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt.) ==================== Hosts Inhalt: =============================== (Wenn benötigt kann der Hosts: Schalter in die Fixlist aufgenommen werden um die Hosts Datei zurückzusetzen.) 2009-07-14 03:34 - 2009-06-10 22:00 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts ==================== Andere Bereiche ============================ (Aktuell gibt es keinen automatisierten Fix für diesen Bereich.) HKU\S-1-5-21-2384618903-2837397961-1632789598-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Beatrix\Pictures\hintergruende\LumaLight.jpg DNS Servers: 192.168.178.1 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1) Windows Firewall ist aktiviert. ==================== MSCONFIG/TASK MANAGER Deaktivierte Einträge == (Aktuell gibt es keinen automatisierten Fix für diesen Bereich.) HKU\S-1-5-21-2384618903-2837397961-1632789598-1000\...\StartupApproved\StartupFolder: => "OpenOffice.org 3.4.1.lnk" HKU\S-1-5-21-2384618903-2837397961-1632789598-1000\...\StartupApproved\Run: => "AmazonMP3DownloaderHelper" ==================== Firewall Regeln (Nicht auf der Ausnahmeliste) =============== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.) FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139 FirewallRules: [MSMQ-In-TCP] => (Allow) %systemroot%\system32\mqsvc.exe FirewallRules: [MSMQ-Out-TCP] => (Allow) %systemroot%\system32\mqsvc.exe FirewallRules: [MSMQ-In-UDP] => (Allow) %systemroot%\system32\mqsvc.exe FirewallRules: [MSMQ-Out-UDP] => (Allow) %systemroot%\system32\mqsvc.exe FirewallRules: [WCF-NetTcpActivator-In-TCP-64bit] => (Allow) LPort=808 FirewallRules: [{03C5EEED-4A83-410F-AE45-3C35E60C351B}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe FirewallRules: [{7F74D0B7-6772-4D01-A8CD-FD6997ECF4F9}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe FirewallRules: [{4513AD9E-F60E-45D7-A568-DEC901FA5E59}] => (Allow) C:\Program Files (x86)\SmartView2\Smart View 2.0.exe FirewallRules: [{42AF4F2B-2ABD-44ED-86F1-C704A25E4C10}] => (Allow) C:\Program Files (x86)\SmartView2\Smart View 2.0.exe FirewallRules: [{FBCCCDA4-FC9C-44C4-A634-034AF4316ED0}] => (Allow) C:\Program Files (x86)\SmartView2\Smart View 2.0.exe FirewallRules: [{53276A64-6F87-4B60-BC52-81EB20708AAA}] => (Allow) C:\Program Files (x86)\SmartView2\Smart View 2.0.exe FirewallRules: [{85832019-5E10-4687-9BE8-ECC6260C4DFB}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe FirewallRules: [{3F0CB73A-4640-4B7B-A0AC-524E66E23823}] => (Allow) LPort=2869 FirewallRules: [{D63C74F5-9DCE-4F49-A501-D838905BB8A3}] => (Allow) LPort=1900 FirewallRules: [{CB2332EA-77AC-41DE-AD54-8B1B22BDC0F9}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe FirewallRules: [{C0B4056E-B896-435C-BBE5-FF8029F17959}] => (Allow) C:\Program Files (x86)\Windows Live\Mesh\MOE.exe FirewallRules: [{69200C4F-D42A-47A4-B6D5-E7A8B40E6C07}] => (Allow) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe FirewallRules: [{832F7398-70F5-41E4-9D12-62D9F0A1559E}] => (Allow) C:\Program Files (x86)\Intel Corporation\Intel WiDi\WiDiApp.exe FirewallRules: [{EBCC7445-8549-471F-9ECE-05D4B23676C6}] => (Allow) C:\Windows\SysWOW64\dlbfcoms.exe FirewallRules: [{89B341A4-5F7A-4DDE-BB17-4FAD68A08E64}] => (Allow) C:\Windows\SysWOW64\dlbfcoms.exe FirewallRules: [{7D9BD1A5-890F-43FE-B817-A8B608A870BF}] => (Allow) C:\Windows\System32\dlbfcoms.exe FirewallRules: [{573715A5-3FFE-411A-94DC-9E89EA26BD3C}] => (Allow) C:\Windows\System32\dlbfcoms.exe FirewallRules: [{7A8D01C4-CF6D-4923-801A-A0DEC8C27745}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe FirewallRules: [{534C661D-09FC-4FAA-91CB-D011A954A93A}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe FirewallRules: [TCP Query User{23B1ACE9-F455-442E-9B22-DD2E44AFC7E4}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe FirewallRules: [UDP Query User{02E53CE3-7901-420B-B006-BF3EEE589C3E}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe FirewallRules: [TCP Query User{01D2B674-F04C-4CB9-940D-1AFF8A046C30}C:\users\beatrix\appdata\local\temp\jivexviewer\jre\bin\jivex[dv] light] => (Block) C:\users\beatrix\appdata\local\temp\jivexviewer\jre\bin\jivex[dv] light FirewallRules: [UDP Query User{8EC7E8E3-24A4-4A9D-9FEB-CEA4CFC1EC44}C:\users\beatrix\appdata\local\temp\jivexviewer\jre\bin\jivex[dv] light] => (Block) C:\users\beatrix\appdata\local\temp\jivexviewer\jre\bin\jivex[dv] light FirewallRules: [{93DC9C3F-99AB-483C-AAB4-0EFEDEB841F7}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe ==================== Wiederherstellungspunkte ========================= ==================== Fehlerhafte Geräte im Gerätemanager ============= ==================== Fehlereinträge in der Ereignisanzeige: ========================= Applikationsfehler: ================== Error: (03/12/2016 08:18:25 AM) (Source: Perflib) (EventID: 1008) (User: ) Description: BITSC:\Windows\System32\bitsperf.dll8 Error: (03/12/2016 07:41:17 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: ) Description: Fehler beim Kryptografiedienst während der Verarbeitung des "OnIdentity()"-Aufrufobjekts "System Writer". Details: AddLegacyDriverFiles: Unable to back up image of binary Microsoft-Verbindungsschichterkennungsprotokoll. System Error: Zugriff verweigert . Error: (03/11/2016 06:38:40 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Name der fehlerhaften Anwendung: PHotkey.exe, Version: 1.0.0.56, Zeitstempel: 0x4f2f9e86 Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000 Ausnahmecode: 0xc0000005 Fehleroffset: 0x00000000 ID des fehlerhaften Prozesses: 0x117c Startzeit der fehlerhaften Anwendung: 0xPHotkey.exe0 Pfad der fehlerhaften Anwendung: PHotkey.exe1 Pfad des fehlerhaften Moduls: PHotkey.exe2 Berichtskennung: PHotkey.exe3 Vollständiger Name des fehlerhaften Pakets: PHotkey.exe4 Anwendungs-ID, die relativ zum fehlerhaften Paket ist: PHotkey.exe5 Error: (03/11/2016 06:37:30 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Name der fehlerhaften Anwendung: mbamscheduler.exe, Version: 3.0.2.0, Zeitstempel: 0x5339cec3 Name des fehlerhaften Moduls: MSVCR100.dll, Version: 10.0.40219.325, Zeitstempel: 0x4df2be1e Ausnahmecode: 0x40000015 Fehleroffset: 0x0008d6fd ID des fehlerhaften Prozesses: 0xb0c Startzeit der fehlerhaften Anwendung: 0xmbamscheduler.exe0 Pfad der fehlerhaften Anwendung: mbamscheduler.exe1 Pfad des fehlerhaften Moduls: mbamscheduler.exe2 Berichtskennung: mbamscheduler.exe3 Vollständiger Name des fehlerhaften Pakets: mbamscheduler.exe4 Anwendungs-ID, die relativ zum fehlerhaften Paket ist: mbamscheduler.exe5 Error: (03/11/2016 06:37:30 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Name der fehlerhaften Anwendung: mbamservice.exe, Version: 3.0.2.0, Zeitstempel: 0x5318d363 Name des fehlerhaften Moduls: mbamservice.exe, Version: 3.0.2.0, Zeitstempel: 0x5318d363 Ausnahmecode: 0x40000015 Fehleroffset: 0x0007da8a ID des fehlerhaften Prozesses: 0xc70 Startzeit der fehlerhaften Anwendung: 0xmbamservice.exe0 Pfad der fehlerhaften Anwendung: mbamservice.exe1 Pfad des fehlerhaften Moduls: mbamservice.exe2 Berichtskennung: mbamservice.exe3 Vollständiger Name des fehlerhaften Pakets: mbamservice.exe4 Anwendungs-ID, die relativ zum fehlerhaften Paket ist: mbamservice.exe5 Error: (03/10/2016 09:51:23 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: ) Description: Fehler beim Kryptografiedienst während der Verarbeitung des "OnIdentity()"-Aufrufobjekts "System Writer". Details: AddLegacyDriverFiles: Unable to back up image of binary Microsoft-Verbindungsschichterkennungsprotokoll. System Error: Zugriff verweigert . Error: (03/10/2016 08:56:44 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: Name der fehlerhaften Anwendung: PHotkey.exe, Version: 1.0.0.56, Zeitstempel: 0x4f2f9e86 Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000 Ausnahmecode: 0xc0000005 Fehleroffset: 0x00000000 ID des fehlerhaften Prozesses: 0x1088 Startzeit der fehlerhaften Anwendung: 0xPHotkey.exe0 Pfad der fehlerhaften Anwendung: PHotkey.exe1 Pfad des fehlerhaften Moduls: PHotkey.exe2 Berichtskennung: PHotkey.exe3 Vollständiger Name des fehlerhaften Pakets: PHotkey.exe4 Anwendungs-ID, die relativ zum fehlerhaften Paket ist: PHotkey.exe5 Error: (03/10/2016 08:54:33 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: Name der fehlerhaften Anwendung: mbamservice.exe, Version: 3.0.2.0, Zeitstempel: 0x5318d363 Name des fehlerhaften Moduls: mbamservice.exe, Version: 3.0.2.0, Zeitstempel: 0x5318d363 Ausnahmecode: 0x40000015 Fehleroffset: 0x0007da8a ID des fehlerhaften Prozesses: 0x9e0 Startzeit der fehlerhaften Anwendung: 0xmbamservice.exe0 Pfad der fehlerhaften Anwendung: mbamservice.exe1 Pfad des fehlerhaften Moduls: mbamservice.exe2 Berichtskennung: mbamservice.exe3 Vollständiger Name des fehlerhaften Pakets: mbamservice.exe4 Anwendungs-ID, die relativ zum fehlerhaften Paket ist: mbamservice.exe5 Error: (03/10/2016 08:54:33 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: Name der fehlerhaften Anwendung: mbamscheduler.exe, Version: 3.0.2.0, Zeitstempel: 0x5339cec3 Name des fehlerhaften Moduls: MSVCR100.dll, Version: 10.0.40219.325, Zeitstempel: 0x4df2be1e Ausnahmecode: 0x40000015 Fehleroffset: 0x0008d6fd ID des fehlerhaften Prozesses: 0xbac Startzeit der fehlerhaften Anwendung: 0xmbamscheduler.exe0 Pfad der fehlerhaften Anwendung: mbamscheduler.exe1 Pfad des fehlerhaften Moduls: mbamscheduler.exe2 Berichtskennung: mbamscheduler.exe3 Vollständiger Name des fehlerhaften Pakets: mbamscheduler.exe4 Anwendungs-ID, die relativ zum fehlerhaften Paket ist: mbamscheduler.exe5 Error: (03/10/2016 08:48:16 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: Name der fehlerhaften Anwendung: mbamservice.exe, Version: 3.0.2.0, Zeitstempel: 0x5318d363 Name des fehlerhaften Moduls: mbamservice.exe, Version: 3.0.2.0, Zeitstempel: 0x5318d363 Ausnahmecode: 0x40000015 Fehleroffset: 0x0007da8a ID des fehlerhaften Prozesses: 0xa90 Startzeit der fehlerhaften Anwendung: 0xmbamservice.exe0 Pfad der fehlerhaften Anwendung: mbamservice.exe1 Pfad des fehlerhaften Moduls: mbamservice.exe2 Berichtskennung: mbamservice.exe3 Vollständiger Name des fehlerhaften Pakets: mbamservice.exe4 Anwendungs-ID, die relativ zum fehlerhaften Paket ist: mbamservice.exe5 Systemfehler: ============= Error: (03/12/2016 09:28:19 AM) (Source: iaStor) (EventID: 9) (User: ) Description: Das Gerät \Device\Ide\iaStor0 hat innerhalb der Fehlerwartezeit nicht geantwortet. Error: (03/12/2016 09:28:19 AM) (Source: volsnap) (EventID: 14) (User: ) Description: Die Schattenkopien von Volume "C:" wurden aufgrund eines E/A-Fehlers auf Volume "C:" abgebrochen. Error: (03/12/2016 09:27:18 AM) (Source: iaStor) (EventID: 9) (User: ) Description: Das Gerät \Device\Ide\iaStor0 hat innerhalb der Fehlerwartezeit nicht geantwortet. Error: (03/12/2016 09:27:16 AM) (Source: Service Control Manager) (EventID: 7011) (User: ) Description: Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst Dnscache erreicht. Error: (03/12/2016 09:26:46 AM) (Source: Service Control Manager) (EventID: 7011) (User: ) Description: Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst Dnscache erreicht. Error: (03/12/2016 09:26:17 AM) (Source: iaStor) (EventID: 9) (User: ) Description: Das Gerät \Device\Ide\iaStor0 hat innerhalb der Fehlerwartezeit nicht geantwortet. Error: (03/12/2016 09:26:16 AM) (Source: Service Control Manager) (EventID: 7011) (User: ) Description: Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst Dnscache erreicht. Error: (03/12/2016 09:25:46 AM) (Source: Service Control Manager) (EventID: 7011) (User: ) Description: Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst Dnscache erreicht. Error: (03/12/2016 09:25:16 AM) (Source: Service Control Manager) (EventID: 7011) (User: ) Description: Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst Dnscache erreicht. Error: (03/12/2016 09:25:16 AM) (Source: iaStor) (EventID: 9) (User: ) Description: Das Gerät \Device\Ide\iaStor0 hat innerhalb der Fehlerwartezeit nicht geantwortet. CodeIntegrity: =================================== Date: 2016-03-12 09:15:42.516 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system. Date: 2016-03-11 16:00:07.304 Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2016-03-11 16:00:07.290 Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2016-03-11 16:00:07.275 Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2016-03-11 16:00:01.820 Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2016-03-11 16:00:01.802 Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2016-03-11 16:00:01.762 Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2016-03-11 15:59:35.053 Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2016-03-11 15:59:34.916 Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2016-03-11 15:53:37.351 Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements. ==================== Speicherinformationen =========================== Prozessor: Intel(R) Core(TM) i3-2350M CPU @ 2.30GHz Prozentuale Nutzung des RAM: 61% Installierter physikalischer RAM: 3990.46 MB Verfügbarer physikalischer RAM: 1523.21 MB Summe virtueller Speicher: 8086.46 MB Verfügbarer virtueller Speicher: 4456.76 MB ==================== Laufwerke ================================ Drive c: (Boot) (Fixed) (Total:647.54 GB) (Free:361.31 GB) NTFS Drive d: (Recover) (Fixed) (Total:50 GB) (Free:28.21 GB) NTFS ==================== MBR & Partitionstabelle ================== ======================================================== Disk: 0 (Size: 698.6 GB) (Disk ID: 5248D358) Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=647.5 GB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=50 GB) - (Type=07 NTFS) Partition 4: (Not Active) - (Size=1 GB) - (Type=12) ==================== Ende von Addition.txt =========================== Code:
ATTFilter ANTIVIR Type: File Source: C:\Users\Beatrix\AppData\Local\Microsoft\Windows Live Mail\Gmx (b_adam)\Junk E-mail\283065F5-00000053.eml Status: Infected Quarantine object: 4a61e8dd.qua Restored: NO Uploaded to Avira: NO Operating system: Windows XP/VISTA Workstation/Windows 7 Search engine: 8.03.36.44 Virus definition file: 8.12.67.122 Detection: HEUR/Macro.Downloader Date/Time: 11.03.2016, 07:27 Type: File Source: C:\Users\Beatrix\AppData\Local\Microsoft\Windows Live Mail\Gmx (b_adam)\Junk E-mail\557070C5-00000062.eml Status: Infected Quarantine object: 52fac765.qua Restored: NO Uploaded to Avira: NO Operating system: Windows XP/VISTA Workstation/Windows 7 Search engine: 8.03.36.44 Virus definition file: 8.12.67.122 Detection: WM/Agent.acj Date/Time: 11.03.2016, 07:27 Type: File Source: C:\Users\Beatrix\AppData\Local\Microsoft\Windows Live Mail\Gmx (******)\Junk E-mail\1EE23BE5-00000056.eml Status: Infected Quarantine object: 180cb23a.qua Restored: NO Uploaded to Avira: NO Operating system: Windows XP/VISTA Workstation/Windows 7 Search engine: 8.03.36.44 Virus definition file: 8.12.67.122 Detection: TR/Crypt.ZPACK.Gen4 Date/Time: 11.03.2016, 07:27 Type: File Source: C:\Program Files (x86)\DVDVideoSoft\Free YouTube to MP3 Converter\FreeYouTubeToMP3Converter.exe Status: Infected Quarantine object: 7f2d563e.qua Restored: NO Uploaded to Avira: NO Operating system: Windows XP/VISTA Workstation/Windows 7 Search engine: 8.03.34.82 Virus definition file: 8.12.32.46 Detection: PUA/OpenCandy Date/Time: 28.11.2015, 15:59 Type: File Source: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVDVideoSoft\Free YouTube to MP3 Converter.lnk Status: Infected Quarantine object: 191a1ee8.qua Restored: NO Uploaded to Avira: NO Operating system: Windows XP/VISTA Workstation/Windows 7 Search engine: 8.03.34.82 Virus definition file: 8.12.32.46 Detection: PUA/OpenCandy Date/Time: 28.11.2015, 15:59 Type: File Source: C:\WINDOWS\TEMP\0050821446866056mcinst.exe Status: Suspicious Quarantine object: 53e25092.qua Restored: NO Uploaded to Avira: NO Operating system: Windows XP/VISTA Workstation/Windows 7 Search engine: unknown Virus definition file: unknown Detection: Suspicious file Date/Time: 28.11.2015, 15:59 Type: File Source: C:\WINDOWS\TEMP\0222061447433224mcinst.exe Status: Suspicious Quarantine object: 4b707f37.qua Restored: NO Uploaded to Avira: NO Operating system: Windows XP/VISTA Workstation/Windows 7 Search engine: unknown Virus definition file: unknown Detection: Suspicious file Date/Time: 28.11.2015, 15:59 Type: File Source: C:\Users\Beatrix\AppData\Local\Temp\OCS\ocs_v71b.exe Status: Infected Quarantine object: 5349c92c.qua Restored: NO Uploaded to Avira: NO Operating system: Windows XP/VISTA Workstation/Windows 7 Search engine: 8.03.30.00 Virus definition file: 8.11.215.244 Detection: PUA/DownloadSponsor.Gen Date/Time: 11.03.2015, 17:19 Type: File Source: C:\Users\Beatrix\Downloads\MediathekView - CHIP-Installer.exe Status: Infected Quarantine object: 536aaf2e.qua Restored: NO Uploaded to Avira: NO Operating system: Windows XP/VISTA Workstation/Windows 7 Search engine: 8.03.30.00 Virus definition file: 8.11.215.244 Detection: PUA/DownloadSponsor.Gen Date/Time: 11.03.2015, 13:47 Type: File Source: C:\Users\Beatrix\Downloads\StreamTransport - CHIP-Downloader.exe Status: Infected Quarantine object: 5347ad47.qua Restored: NO Uploaded to Avira: NO Operating system: Windows XP/VISTA Workstation/Windows 7 Search engine: 8.03.30.00 Virus definition file: 8.11.215.244 Detection: PUA/DownloadSponsor.Gen Date/Time: 11.03.2015, 13:46 |
Themen zu Windows 10/64bit: Windows Defender meldet trojandownloader:win32/esaprof!rfn |
antivirus, avira, converter, cpu, device driver, dnsapi.dll, downloader, e-mail, error, firefox, flash player, google, home, homepage, mozilla, problem, prozesse, realtek, registry, scan, security, siteadvisor, software, super, svchost.exe, system, usb, webadvisor, win32/esaprof!rfn, windows, windowsapps |