| |
| |||||||
Log-Analyse und Auswertung: Windows 10: Defender meldet "Malware erkannt" Worm:Win32/Gamarue.IWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
23.04.2016, 08:37
| #1 |
| |  Windows 10: Defender meldet "Malware erkannt" Worm:Win32/Gamarue.I Hallo, seit drei Tagen meldet Windows Defender "Malware erkannt", sobald der PC eine Internetverbindung hat. Klicke ich diese Nachricht an, wird mir unter dem Punkt "Verlauf" bei "Alle erkannte Elemente" angezeigt, dass er Worm:Win32/Gamarue.I gefunden hat und dieser nun unter Quarantäne steht. Kaspersky Internet Security ist auf dem aktuellen Stand und findet beim kompletten Scan auch keine Auffälligkeiten. FRST: Code:
ATTFilter
Untersuchungsergebnis von Farbar Recovery Scan Tool (FRST) (x64) Version:18-04-2016
durchgeführt von Dennis**** (Administrator) auf Dennis****-NOTE (23-04-2016 09:11:28)
Gestartet von C:\Users\Dennis****\Downloads
Geladene Profile: Dennis**** (Verfügbare Profile: Dennis****)
Platform: Windows 10 Home (X64) Sprache: Deutsch (Deutschland)
Internet Explorer Version 11 (Standard-Browser: FF)
Start-Modus: Normal
Anleitung für Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Prozesse (Nicht auf der Ausnahmeliste) =================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Prozess geschlossen. Die Datei wird nicht verschoben.)
(AMD) C:\WINDOWS\System32\atiesrxx.exe
(Emsisoft Ltd) C:\Program Files (x86)\Emsisoft Anti-Malware\a2service.exe
() C:\Program Files\ShrewSoft\VPN Client\dtpd.exe
() C:\Program Files\ShrewSoft\VPN Client\ipsecd.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\avp.exe
(Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
() C:\Program Files\ShrewSoft\VPN Client\iked.exe
(Microsoft Corporation) C:\WINDOWS\System32\mqsvc.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Symantec Corporation) C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe
() C:\WINDOWS\SysWOW64\Rezip.exe
() C:\Program Files (x86)\Real\UpdateService\RealPlayerUpdateSvc.exe
(RealNetworks, Inc.) C:\Program Files (x86)\Real\RealPlayer\RPDS\Bin\rpdsvc.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Microsoft Corporation) C:\WINDOWS\System32\dllhost.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe
(AMD) C:\WINDOWS\System32\atieclxx.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\avpui.exe
(SAMSUNG Electronics) C:\Program Files (x86)\Samsung\Samsung Support Center\SSCKbdHk.exe
(SEC) C:\Program Files (x86)\Samsung\Samsung Recovery Solution 4\WCScheduler.exe
(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Easy Display Manager\dmhkcore.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
() C:\Users\Dennis****\AppData\Local\Amazon Music\Amazon Music Helper.exe
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.11.309\SSScheduler.exe
(Dropbox, Inc.) C:\Users\Dennis****\AppData\Roaming\Dropbox\bin\Dropbox.exe
(OPENLiMiT SignCubes GmbH) C:\Program Files (x86)\OPENLiMiT\siqSEMr.exe
(OPENLiMiT SignCubes GmbH) C:\Program Files (x86)\OPENLiMiT\siqTray.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe
(OPENLiMiT SignCubes GmbH) C:\Program Files (x86)\OPENLiMiT\siqSEMx.exe
() C:\WINDOWS\Samsung\PanelMgr\SSMMgr.exe
(Geek Software GmbH) C:\Program Files (x86)\PDF24\pdf24.exe
(RealNetworks, Inc.) C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
() C:\Program Files (x86)\RealNetworks\RealDownloader\downloader2.exe
() C:\WINDOWS\Samsung\PanelMgr\caller64.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(OPENLiMiT SignCubes GmbH) C:\Program Files (x86)\OPENLiMiT\siqCFGo.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\IPC\AdobeIPCBroker.exe
(Microsoft Corporation) C:\WINDOWS\System32\InstallAgent.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ADS\Adobe Desktop Service.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\HEX\Adobe CEF Helper.exe
() C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\CCXProcess.exe
(Node.js) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\libs\node.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCLibrary\CCLibrary.exe
(Node.js) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCLibrary\libs\node.exe
(Microsoft Corporation) C:\WINDOWS\System32\dllhost.exe
(Microsoft Corporation) C:\WINDOWS\System32\NetworkUXBroker.exe
(Microsoft Corporation) C:\Users\Dennis****\Downloads\Windows-KB890830-x64-V5.35.exe
(Microsoft Corporation) C:\WINDOWS\System32\MRT.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
==================== Registry (Nicht auf der Ausnahmeliste) ===========================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt. Die Datei wird nicht verschoben.)
HKLM\...\Run: [ETDWare] => C:\Program Files\Elantech\ETDCtrl.exe [2703752 2010-03-25] (ELAN Microelectronics Corp.)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [14040296 2015-11-26] (Realtek Semiconductor)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [508128 2016-03-22] (Adobe Systems Incorporated)
HKLM\...\Run: [emsisoft anti-malware] => c:\program files (x86)\emsisoft anti-malware\a2guard.exe [9404816 2016-04-19] (Emsisoft Ltd)
HKLM-x32\...\Run: [NortonOnlineBackup] => C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe [1112920 2010-03-05] (Symantec Corporation)
HKLM-x32\...\Run: [UCam_Menu] => C:\Program Files (x86)\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe [222504 2009-05-19] (CyberLink Corp.)
HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM-x32\...\Run: [SwitchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SCLicense] => ᣢꠀ郦w焀
HKLM-x32\...\Run: [SignCubes] => C:\Program Files (x86)\OPENLiMiT\siqSEMr.exe [258114 2008-10-14] (OPENLiMiT SignCubes GmbH)
HKLM-x32\...\Run: [AdobeCS6ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [1075296 2013-04-25] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe Creative Cloud] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2313408 2016-04-07] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Samsung PanelMgr] => C:\Windows\Samsung\PanelMgr\SSMMgr.exe /autorun
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [PDFPrint] => C:\Program Files (x86)\PDF24\pdf24.exe [220704 2015-09-14] (Geek Software GmbH)
HKLM-x32\...\Run: [TkBellExe] => c:\program files (x86)\real\realplayer\Update\realsched.exe [286960 2016-03-08] (RealNetworks, Inc.)
HKLM-x32\...\Run: [RealDownloader] => C:\Program Files (x86)\RealNetworks\RealDownloader\downloader2.exe [712432 2016-02-03] ()
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [596504 2016-04-01] (Oracle Corporation)
HKU\S-1-5-21-3457901039-3679683318-3372754741-1000\...\Run: [Amazon Music] => C:\Users\Dennis****\AppData\Local\Amazon Music\Amazon Music Helper.exe [5886784 2015-07-06] ()
HKU\S-1-5-21-3457901039-3679683318-3372754741-1000\...\Run: [Dropbox Update] => C:\Users\Dennis****\AppData\Local\Dropbox\Update\DropboxUpdate.exe [134512 2015-06-19] (Dropbox, Inc.)
HKU\S-1-5-21-3457901039-3679683318-3372754741-1000\...\RunOnce: [Uninstall C:\Users\Dennis****\AppData\Local\Microsoft\OneDrive\17.3.5892.0626\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Dennis****\AppData\Local\Microsoft\OneDrive\17.3.5892.0626\amd64"
HKU\S-1-5-21-3457901039-3679683318-3372754741-1000\...\RunOnce: [Uninstall C:\Users\Dennis****\AppData\Local\Microsoft\OneDrive\17.3.6201.1019\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Dennis****\AppData\Local\Microsoft\OneDrive\17.3.6201.1019\amd64"
HKU\S-1-5-21-3457901039-3679683318-3372754741-1000\...\RunOnce: [Uninstall C:\Users\Dennis****\AppData\Local\Microsoft\OneDrive\17.3.6281.1202\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Dennis****\AppData\Local\Microsoft\OneDrive\17.3.6281.1202\amd64"
HKU\S-1-5-21-3457901039-3679683318-3372754741-1000\...\RunOnce: [Uninstall C:\Users\Dennis****\AppData\Local\Microsoft\OneDrive\17.3.6301.0127\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Dennis****\AppData\Local\Microsoft\OneDrive\17.3.6301.0127\amd64"
ShellIconOverlayIdentifiers: [ AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2016-04-01] ()
ShellIconOverlayIdentifiers: [ AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2016-04-01] ()
ShellIconOverlayIdentifiers: [ AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2016-04-01] ()
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Dennis****\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll Keine Datei
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Dennis****\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll Keine Datei
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Dennis****\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll Keine Datei
ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Dennis****\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll Keine Datei
ShellIconOverlayIdentifiers: [SiQIconOverlay1] -> {4A6220DC-06E8-41d1-9553-AE7A1A2B8928} => C:\Program Files (x86)\OPENLiMiT\siqSHXn.dll [2008-06-04] (OPENLiMiT SignCubes GmbH)
ShellIconOverlayIdentifiers-x32: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Dennis****\AppData\Roaming\Dropbox\bin\DropboxExt.34.dll Keine Datei
ShellIconOverlayIdentifiers-x32: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Dennis****\AppData\Roaming\Dropbox\bin\DropboxExt.34.dll Keine Datei
ShellIconOverlayIdentifiers-x32: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Dennis****\AppData\Roaming\Dropbox\bin\DropboxExt.34.dll Keine Datei
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk [2016-04-08]
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.11.309\SSScheduler.exe (McAfee, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\RealTimes.lnk [2016-03-08]
ShortcutTarget: RealTimes.lnk -> C:\Program Files (x86)\Real\RealPlayer\RPDS\Bin\rpsystray.exe (RealNetworks, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\t@x aktuell.lnk [2012-03-04]
ShortcutTarget: t@x aktuell.lnk -> C:\Program Files (x86)\Buhl finance\tax Steuersoftware 2012\taxaktuell.exe ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\VPN Login Connect.lnk [2015-02-27]
ShortcutTarget: VPN Login Connect.lnk -> C:\Program Files\ShrewSoft\VPN Client\ipsecc.exe ()
Startup: C:\Users\Dennis****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2016-04-18]
ShortcutTarget: Dropbox.lnk -> C:\Users\Dennis****\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
==================== Internet (Nicht auf der Ausnahmeliste) ====================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Eintrag entfernt oder auf den Standardwert zurückgesetzt, wenn es sich um einen Registryeintrag handelt.)
Hosts: Es ist mehr als ein Eintrag in der Hosts Datei zu finden. Siehe Hosts-Bereich in Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
Tcpip\..\Interfaces\{6d876cdc-9183-4604-9869-7ab69ed5d4a6}: [DhcpNameServer] 192.168.2.1
Internet Explorer:
==================
HKU\S-1-5-21-3457901039-3679683318-3372754741-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkId=56626&homepage=hxxp://www.google.com/ig/redirectdomain?brand=smsn&bmod=smsn
HKU\S-1-5-21-3457901039-3679683318-3372754741-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=smsn&bmod=smsn
HKU\S-1-5-21-3457901039-3679683318-3372754741-1000\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.giga.de/androidnews/
SearchScopes: HKLM-x32 -> DefaultScope {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7SMSN
SearchScopes: HKLM-x32 -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7SMSN
SearchScopes: HKU\S-1-5-21-3457901039-3679683318-3372754741-1000 -> DefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
SearchScopes: HKU\S-1-5-21-3457901039-3679683318-3372754741-1000 -> {941D584F-77C8-4FAA-B35C-2805A13114C4} URL = hxxp://de.search.yahoo.com/search?fr=mcafee&p={SearchTerms}
BHO: RealNetworks Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\Program Files (x86)\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin64.dll [2016-02-03] (RealDownloader)
BHO: Virtual Keyboard Plugin -> {4A66AD60-A03D-4D01-86F0-5F0F7C0EF1AD} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\x64\IEExt\ie_plugin.dll [2016-03-22] (Kaspersky Lab ZAO)
BHO: Content Blocker Plugin -> {93BC2EA7-2F17-4729-948A-D2E03FFB2412} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\x64\IEExt\ie_plugin.dll [2016-03-22] (Kaspersky Lab ZAO)
BHO: Safe Money Plugin -> {AB379017-4C03-4E00-8EDF-E6D6AF7CCF82} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\x64\IEExt\ie_plugin.dll [2016-03-22] (Kaspersky Lab ZAO)
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2016-01-08] (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: RealNetworks Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\Program Files (x86)\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll [2016-02-03] (RealDownloader)
BHO-x32: Virtual Keyboard Plugin -> {4A66AD60-A03D-4D01-86F0-5F0F7C0EF1AD} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\IEExt\ie_plugin.dll [2016-03-22] (Kaspersky Lab ZAO)
BHO-x32: Kein Name -> {5C255C8A-E604-49b4-9D64-90988571CECB} -> Keine Datei
BHO-x32: Kein Name -> {5FF49FE8-B332-4CB9-B102-FB6951629E55} -> Keine Datei
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\ssv.dll [2016-04-20] (Oracle Corporation)
BHO-x32: Content Blocker Plugin -> {93BC2EA7-2F17-4729-948A-D2E03FFB2412} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\IEExt\ie_plugin.dll [2016-03-22] (Kaspersky Lab ZAO)
BHO-x32: Safe Money Plugin -> {AB379017-4C03-4E00-8EDF-E6D6AF7CCF82} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\IEExt\ie_plugin.dll [2016-03-22] (Kaspersky Lab ZAO)
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2016-01-08] (Microsoft Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\jp2ssv.dll [2016-04-20] (Oracle Corporation)
DPF: HKLM-x32 {0F2AAAE3-7E9E-4B64-AB5D-1CA24C6ACB9C} hxxps://intern.rdmh.de/dwa85W.cab
DPF: HKLM-x32 {17492023-C23A-453E-A040-C7C580BBF700} hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll [2009-07-26] (Microsoft Corporation)
Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll [2009-07-26] (Microsoft Corporation)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2016-01-08] (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2016-01-08] (Microsoft Corporation)
FireFox:
========
FF ProfilePath: C:\Users\Dennis****\AppData\Roaming\Mozilla\Firefox\Profiles\8uieid1u.default-1376030168845
FF Homepage: about:home
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_21_0_0_213.dll [2016-04-08] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-12] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll [2016-04-07] (Adobe Systems)
FF Plugin: adobe.com/AdobeExManDetect -> C:\Program Files (x86)\Adobe\Adobe Extension Manager CS6\Win64Plugin\npAdobeExManDetectX64.dll [2013-12-02] (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_21_0_0_213.dll [2016-04-08] ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2013-10-07] (Google)
FF Plugin-x32: @java.com/DTPlugin,version=11.91.2 -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\dtplugin\npDeployJava1.dll [2016-04-20] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.91.2 -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\plugin2\npjp2.dll [2016-04-20] (Oracle Corporation)
FF Plugin-x32: @kaspersky.com/content_blocker_663BE8 -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\FFExt\content_blocker@kaspersky.com [2016-03-22] ()
FF Plugin-x32: @kaspersky.com/online_banking_08806E -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\FFExt\online_banking@kaspersky.com [2016-03-22] ()
FF Plugin-x32: @kaspersky.com/virtual_keyboard_074028 -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\FFExt\virtual_keyboard@kaspersky.com [2016-03-22] ()
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-12] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll [2010-04-26] (Microsoft Corp.)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8081.0709 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2009-07-10] (Microsoft Corporation)
FF Plugin-x32: @real.com/nppl3260;version=18.1.3.100 -> c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll [2016-03-08] (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprpchromebrowserrecordext;version=15.0.6.14 -> C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll [2012-10-04] (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprphtml5videoshim;version=15.0.6.14 -> C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll [2012-10-04] (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprpplugin;version=18.1.3.100 -> c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll [2016-03-08] (RealPlayer)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-04] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-04] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-12-18] (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll [2016-04-07] (Adobe Systems)
FF Plugin-x32: adobe.com/AdobeExManDetect -> C:\Program Files (x86)\Adobe\Adobe Extension Manager CS6\npAdobeExManDetectX86.dll [2013-12-02] (Adobe Systems)
FF SearchPlugin: C:\Users\Dennis****\AppData\Roaming\Mozilla\Firefox\Profiles\8uieid1u.default-1376030168845\searchplugins\google-images.xml [2015-05-11]
FF SearchPlugin: C:\Users\Dennis****\AppData\Roaming\Mozilla\Firefox\Profiles\8uieid1u.default-1376030168845\searchplugins\google-maps.xml [2015-05-11]
FF Extension: Dangerous Websites Blocker - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\FFExt\content_blocker@kaspersky.com [2016-03-22]
FF Extension: Virtual Keyboard - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\FFExt\virtual_keyboard@kaspersky.com [2016-03-22]
FF Extension: Safe Money - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\FFExt\online_banking@kaspersky.com [2016-03-22]
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} [2016-04-13] [ist nicht signiert]
FF Extension: Skype - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2016-01-06]
FF HKLM-x32\...\Firefox\Extensions: [ff-bmboc@bytemobile.com] - C:\Program Files (x86)\Vodafone\Vodafone Mobile Broadband\Optimization Client\addon => nicht gefunden
FF HKLM-x32\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext => nicht gefunden
FF HKLM-x32\...\Firefox\Extensions: [content_blocker_663BE8@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\FFExt\content_blocker@kaspersky.com
FF HKLM-x32\...\Firefox\Extensions: [virtual_keyboard_074028@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\FFExt\virtual_keyboard@kaspersky.com
FF HKLM-x32\...\Firefox\Extensions: [online_banking_08806E@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\FFExt\online_banking@kaspersky.com
Chrome:
=======
CHR HKLM\...\Chrome\Extension: [dbhjdbfgekjfcfkkfjjmlmojhbllhbho] - hxxps://chrome.google.com/webstore/detail/dbhjdbfgekjfcfkkfjjmlmojhbllhbho
CHR HKLM-x32\...\Chrome\Extension: [dbhjdbfgekjfcfkkfjjmlmojhbllhbho] - hxxps://chrome.google.com/webstore/detail/dbhjdbfgekjfcfkkfjjmlmojhbllhbho
==================== Dienste (Nicht auf der Ausnahmeliste) ========================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
R2 a2AntiMalware; C:\Program Files (x86)\Emsisoft Anti-Malware\a2service.exe [11335312 2016-04-13] (Emsisoft Ltd)
R2 AdobeUpdateService; C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe [694464 2016-04-07] (Adobe Systems Incorporated)
R2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2021592 2016-04-05] (Adobe Systems, Incorporated)
R2 AVP15.0.2; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\avp.exe [194000 2015-06-23] (Kaspersky Lab ZAO)
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1433216 2016-01-08] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1773696 2016-01-08] (Microsoft Corporation)
R2 dtpd; C:\Program Files\ShrewSoft\VPN Client\dtpd.exe [57176 2013-07-01] ()
R2 iked; C:\Program Files\ShrewSoft\VPN Client\iked.exe [1127736 2013-07-01] ()
R2 ipsecd; C:\Program Files\ShrewSoft\VPN Client\ipsecd.exe [810808 2013-07-01] ()
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.11.309\McCHSvc.exe [293128 2016-03-11] (McAfee, Inc.)
S2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2009-05-14] (Hewlett-Packard) [Datei ist nicht signiert]
R2 NOBU; C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [2782552 2010-03-05] (Symantec Corporation)
S2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2009-05-14] (Hewlett-Packard) [Datei ist nicht signiert]
R2 RealPlayerUpdateSvc; C:\Program Files (x86)\Real\UpdateService\RealPlayerUpdateSvc.exe [32544 2016-02-03] ()
R2 RealTimes Desktop Service; c:\program files (x86)\real\realplayer\RPDS\Bin\rpdsvc.exe [1095440 2016-03-08] (RealNetworks, Inc.)
R2 Rezip; C:\Windows\SysWOW64\Rezip.exe [311296 2009-03-05] () [Datei ist nicht signiert]
S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [Datei ist nicht signiert]
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [362928 2015-07-10] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2015-07-10] (Microsoft Corporation)
===================== Treiber (Nicht auf der Ausnahmeliste) ==========================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
R0 cm_km_w; C:\Windows\System32\DRIVERS\cm_km_w.sys [247016 2015-06-23] (Kaspersky Lab UK Ltd)
R1 epp; C:\PROGRAM FILES (X86)\EMSISOFT ANTI-MALWARE\epp.sys [124080 2016-02-24] (Emsisoft Ltd)
R0 KL1; C:\Windows\System32\DRIVERS\kl1.sys [478392 2016-03-22] (Kaspersky Lab ZAO)
R2 kldisk; C:\Windows\system32\DRIVERS\kldisk.sys [64368 2015-06-23] (Kaspersky Lab ZAO)
S0 klelam; C:\Windows\System32\DRIVERS\klelam.sys [29616 2012-07-27] (Kaspersky Lab)
R3 klflt; C:\Windows\system32\DRIVERS\klflt.sys [159960 2015-06-23] (Kaspersky Lab ZAO)
R1 klhk; C:\Windows\system32\DRIVERS\klhk.sys [227512 2016-03-22] (AO Kaspersky Lab)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [838048 2016-03-22] (Kaspersky Lab ZAO)
R1 KLIM6; C:\Windows\system32\DRIVERS\klim6.sys [39792 2015-06-23] (Kaspersky Lab ZAO)
R3 klkbdflt; C:\Windows\system32\DRIVERS\klkbdflt.sys [49008 2016-03-22] (Kaspersky Lab ZAO)
R3 klmouflt; C:\Windows\system32\DRIVERS\klmouflt.sys [48504 2016-03-22] (Kaspersky Lab ZAO)
R1 klpd; C:\Windows\System32\DRIVERS\klpd.sys [24944 2015-06-23] (Kaspersky Lab ZAO)
R1 klwfp; C:\Windows\system32\DRIVERS\klwfp.sys [77680 2016-03-22] (Kaspersky Lab ZAO)
R1 Klwtp; C:\Windows\System32\DRIVERS\klwtp.sys [89272 2016-03-22] (Kaspersky Lab ZAO)
R1 kneps; C:\Windows\system32\DRIVERS\kneps.sys [190648 2015-10-07] (Kaspersky Lab ZAO)
S3 rtport; C:\Windows\SysWOW64\drivers\rtport.sys [15144 2010-09-28] (Windows (R) 2003 DDK 3790 provider)
S3 UdeCx; C:\Windows\System32\drivers\udecx.sys [44032 2015-07-10] ()
S0 WdBoot; C:\Windows\System32\drivers\WdBoot.sys [44568 2015-07-10] (Microsoft Corporation)
R0 WdFilter; C:\Windows\System32\drivers\WdFilter.sys [291680 2015-07-10] (Microsoft Corporation)
R2 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [119648 2015-07-10] (Microsoft Corporation)
R3 yukonw8; C:\Windows\System32\drivers\yk63x64.sys [295216 2015-07-10] (Marvell)
U3 idsvc; kein ImagePath
S3 wfpcapture; \SystemRoot\System32\drivers\wfpcapture.sys [X]
U3 wpcsvc; kein ImagePath
==================== NetSvcs (Nicht auf der Ausnahmeliste) ===================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
==================== Ein Monat: Erstellte Dateien und Ordner ========
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)
2016-04-23 09:11 - 2016-04-23 09:13 - 00029747 _____ C:\Users\Dennis****\Downloads\FRST.txt
2016-04-23 09:11 - 2016-04-23 09:11 - 00000000 ____D C:\FRST
2016-04-23 09:09 - 2016-04-23 09:10 - 02375680 _____ (Farbar) C:\Users\Dennis****\Downloads\FRST64.exe
2016-04-23 08:46 - 2016-04-23 08:46 - 00016148 _____ C:\WINDOWS\system32\Dennis****-NOTE_Dennis****_HistoryPrediction.bin
2016-04-23 06:23 - 2016-04-23 06:23 - 05198336 _____ (AVAST Software) C:\Users\Dennis****\Downloads\aswMBR.exe
2016-04-23 06:22 - 2016-04-23 06:25 - 47116504 _____ (Microsoft Corporation) C:\Users\Dennis****\Downloads\Windows-KB890830-x64-V5.35.exe
2016-04-20 19:41 - 2016-04-20 19:41 - 00003666 _____ C:\WINDOWS\System32\Tasks\CreateExplorerShellUnelevatedTask
2016-04-20 19:39 - 2016-04-20 19:41 - 00001027 _____ C:\DelFix.txt
2016-04-20 19:39 - 2016-04-20 19:39 - 00000000 ____D C:\WINDOWS\ERUNT
2016-04-20 12:07 - 2016-04-20 12:07 - 00000000 ____D C:\Program Files (x86)\ESET
2016-04-20 09:09 - 2016-04-21 09:03 - 00003602 _____ C:\WINDOWS\System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-3457901039-3679683318-3372754741-1000
2016-04-20 09:09 - 2016-04-21 09:03 - 00003542 _____ C:\WINDOWS\System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-3457901039-3679683318-3372754741-1000
2016-04-20 07:27 - 2016-04-20 07:27 - 00001175 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2016-04-20 07:26 - 2016-04-20 07:26 - 22851472 _____ (Malwarebytes ) C:\Users\Dennis****\Downloads\mbam-setup-2.2.1.1043.exe
2016-04-20 07:23 - 2016-04-20 07:23 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\Dennis****\Downloads\revosetup95.exe
2016-04-20 07:23 - 2016-04-20 07:23 - 00001341 _____ C:\Users\Dennis****\Desktop\Revo Uninstaller.lnk
2016-04-20 07:23 - 2016-04-20 07:23 - 00000000 ____D C:\Users\Dennis****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller
2016-04-20 07:23 - 2016-04-20 07:23 - 00000000 ____D C:\Program Files (x86)\VS Revo Group
2016-04-18 08:00 - 2016-04-18 08:00 - 00000000 ____D C:\Users\Dennis****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2016-04-14 14:04 - 2016-04-14 14:04 - 00030770 _____ C:\Users\Dennis****\Downloads\TB_DRK(78).csv
2016-04-13 12:25 - 2016-04-13 12:25 - 00137398 _____ C:\Users\Dennis****\Downloads\Stundenplan BZ Dozenten 2016.xlsx
2016-04-13 11:38 - 2016-03-25 09:38 - 24593408 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2016-04-13 11:38 - 2016-03-25 09:25 - 12505600 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2016-04-13 11:38 - 2016-03-25 09:14 - 07525376 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2016-04-13 11:38 - 2016-03-16 06:56 - 03467784 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSService.dll
2016-04-13 11:38 - 2016-03-16 06:55 - 02495768 _____ C:\WINDOWS\system32\CoreUIComponents.dll
2016-04-13 11:38 - 2016-03-16 06:47 - 22610328 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2016-04-13 11:38 - 2016-03-16 06:45 - 00140536 _____ (Microsoft Corporation) C:\WINDOWS\system32\AuthHost.exe
2016-04-13 11:38 - 2016-03-16 06:37 - 01010016 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\http.sys
2016-04-13 11:38 - 2016-03-16 06:21 - 01767000 _____ C:\WINDOWS\SysWOW64\CoreUIComponents.dll
2016-04-13 11:38 - 2016-03-16 06:11 - 21088728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2016-04-13 11:38 - 2016-03-16 06:00 - 21859840 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2016-04-13 11:38 - 2016-03-16 05:49 - 00850432 _____ (Microsoft Corporation) C:\WINDOWS\system32\samsrv.dll
2016-04-13 11:38 - 2016-03-16 05:40 - 00095232 _____ (Microsoft Corporation) C:\WINDOWS\system32\samlib.dll
2016-04-13 11:38 - 2016-03-16 05:39 - 03363328 _____ (Microsoft Corporation) C:\WINDOWS\system32\msi.dll
2016-04-13 11:38 - 2016-03-16 05:35 - 00607744 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxApplicabilityEngine.dll
2016-04-13 11:38 - 2016-03-16 05:21 - 18796544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2016-04-13 11:38 - 2016-03-16 05:17 - 03680256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msi.dll
2016-04-13 11:38 - 2016-03-16 05:17 - 00060928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\samlib.dll
2016-04-13 11:37 - 2016-03-29 08:40 - 03587584 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2016-04-13 11:37 - 2016-03-29 08:40 - 01381376 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2016-04-13 11:37 - 2016-03-25 09:13 - 19325440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2016-04-13 11:37 - 2016-03-25 08:55 - 11263488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2016-04-13 11:37 - 2016-03-25 08:54 - 05457408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2016-04-13 11:37 - 2016-03-16 06:56 - 01022664 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2016-04-13 11:37 - 2016-03-16 06:56 - 00861512 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
2016-04-13 11:37 - 2016-03-16 06:55 - 01951872 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
2016-04-13 11:37 - 2016-03-16 06:55 - 01299032 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2016-04-13 11:37 - 2016-03-16 06:55 - 01127024 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2016-04-13 11:37 - 2016-03-16 06:55 - 00601344 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2016-04-13 11:37 - 2016-03-16 06:54 - 00595016 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Shell.Broker.dll
2016-04-13 11:37 - 2016-03-16 06:47 - 03622272 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2016-04-13 11:37 - 2016-03-16 06:47 - 00801632 _____ (Microsoft Corporation) C:\WINDOWS\system32\WWAHost.exe
2016-04-13 11:37 - 2016-03-16 06:46 - 00658568 _____ (Microsoft Corporation) C:\WINDOWS\system32\ClipSVC.dll
2016-04-13 11:37 - 2016-03-16 06:41 - 00607416 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontdrvhost.exe
2016-04-13 11:37 - 2016-03-16 06:41 - 00208736 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxAllUserStore.dll
2016-04-13 11:37 - 2016-03-16 06:39 - 00983904 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecConfig.efi
2016-04-13 11:37 - 2016-03-16 06:21 - 01531888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll
2016-04-13 11:37 - 2016-03-16 06:11 - 02879024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2016-04-13 11:37 - 2016-03-16 06:11 - 00700256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WWAHost.exe
2016-04-13 11:37 - 2016-03-16 06:08 - 00151552 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotification.exe
2016-04-13 11:37 - 2016-03-16 06:06 - 00181088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppxAllUserStore.dll
2016-04-13 11:37 - 2016-03-16 06:05 - 00539728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontdrvhost.exe
2016-04-13 11:37 - 2016-03-16 06:03 - 00911360 _____ (Microsoft Corporation) C:\WINDOWS\system32\SharedStartModel.dll
2016-04-13 11:37 - 2016-03-16 06:03 - 00076800 _____ (Microsoft Corporation) C:\WINDOWS\system32\browserbroker.dll
2016-04-13 11:37 - 2016-03-16 05:56 - 00223232 _____ (Microsoft Corporation) C:\WINDOWS\system32\PhoneCallHistoryApis.dll
2016-04-13 11:37 - 2016-03-16 05:56 - 00194048 _____ (Microsoft Corporation) C:\WINDOWS\system32\SharedStartModelShim.dll
2016-04-13 11:37 - 2016-03-16 05:55 - 00257024 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDataAccountApis.dll
2016-04-13 11:37 - 2016-03-16 05:55 - 00243200 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatehandlers.dll
2016-04-13 11:37 - 2016-03-16 05:55 - 00183296 _____ (Microsoft Corporation) C:\WINDOWS\system32\fwbase.dll
2016-04-13 11:37 - 2016-03-16 05:55 - 00023552 _____ (Microsoft Corporation) C:\WINDOWS\system32\ExtrasXmlParser.dll
2016-04-13 11:37 - 2016-03-16 05:51 - 00348672 _____ (Microsoft Corporation) C:\WINDOWS\system32\usocore.dll
2016-04-13 11:37 - 2016-03-16 05:51 - 00334848 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusUpdateHandlers.dll
2016-04-13 11:37 - 2016-03-16 05:49 - 01416192 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2016-04-13 11:37 - 2016-03-16 05:47 - 00856576 _____ (Microsoft Corporation) C:\WINDOWS\system32\MPSSVC.dll
2016-04-13 11:37 - 2016-03-16 05:47 - 00511488 _____ (Microsoft Corporation) C:\WINDOWS\system32\FirewallAPI.dll
2016-04-13 11:37 - 2016-03-16 05:47 - 00025600 _____ (Microsoft Corporation) C:\WINDOWS\system32\wfapigp.dll
2016-04-13 11:37 - 2016-03-16 05:46 - 00196096 _____ (Microsoft Corporation) C:\WINDOWS\system32\fwpolicyiomgr.dll
2016-04-13 11:37 - 2016-03-16 05:44 - 01016832 _____ (Microsoft Corporation) C:\WINDOWS\system32\RDXService.dll
2016-04-13 11:37 - 2016-03-16 05:43 - 00573952 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Cortana.Desktop.dll
2016-04-13 11:37 - 2016-03-16 05:43 - 00147456 _____ (Microsoft Corporation) C:\WINDOWS\system32\mtxoci.dll
2016-04-13 11:37 - 2016-03-16 05:42 - 02180608 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2016-04-13 11:37 - 2016-03-16 05:42 - 01290240 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Shell.dll
2016-04-13 11:37 - 2016-03-16 05:42 - 00181760 _____ (Microsoft Corporation) C:\WINDOWS\system32\shutdownux.dll
2016-04-13 11:37 - 2016-03-16 05:41 - 00950272 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
2016-04-13 11:37 - 2016-03-16 05:40 - 00931840 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxPackaging.dll
2016-04-13 11:37 - 2016-03-16 05:40 - 00324096 _____ (Microsoft Corporation) C:\WINDOWS\system32\profsvc.dll
2016-04-13 11:37 - 2016-03-16 05:40 - 00322048 _____ (Microsoft Corporation) C:\WINDOWS\system32\vaultsvc.dll
2016-04-13 11:37 - 2016-03-16 05:40 - 00280576 _____ (Microsoft Corporation) C:\WINDOWS\system32\vaultcli.dll
2016-04-13 11:37 - 2016-03-16 05:40 - 00214528 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Scanners.dll
2016-04-13 11:37 - 2016-03-16 05:40 - 00158208 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxSip.dll
2016-04-13 11:37 - 2016-03-16 05:40 - 00135168 _____ (Microsoft Corporation) C:\WINDOWS\system32\AuthBroker.dll
2016-04-13 11:37 - 2016-03-16 05:39 - 00414208 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentClient.dll
2016-04-13 11:37 - 2016-03-16 05:39 - 00081920 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxSysprep.dll
2016-04-13 11:37 - 2016-03-16 05:38 - 01423872 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDataService.dll
2016-04-13 11:37 - 2016-03-16 05:37 - 01521664 _____ (Microsoft Corporation) C:\WINDOWS\system32\ActiveSyncProvider.dll
2016-04-13 11:37 - 2016-03-16 05:37 - 00856576 _____ (Microsoft Corporation) C:\WINDOWS\system32\ContactApis.dll
2016-04-13 11:37 - 2016-03-16 05:37 - 00752640 _____ (Microsoft Corporation) C:\WINDOWS\system32\ChatApis.dll
2016-04-13 11:37 - 2016-03-16 05:37 - 00685568 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppointmentApis.dll
2016-04-13 11:37 - 2016-03-16 05:37 - 00288256 _____ (Microsoft Corporation) C:\WINDOWS\system32\PimIndexMaintenance.dll
2016-04-13 11:37 - 2016-03-16 05:37 - 00114688 _____ (Microsoft Corporation) C:\WINDOWS\system32\FontProvider.dll
2016-04-13 11:37 - 2016-03-16 05:36 - 01205248 _____ (Microsoft Corporation) C:\WINDOWS\system32\Unistore.dll
2016-04-13 11:37 - 2016-03-16 05:36 - 00720896 _____ (Microsoft Corporation) C:\WINDOWS\system32\EmailApis.dll
2016-04-13 11:37 - 2016-03-16 05:36 - 00274944 _____ (Microsoft Corporation) C:\WINDOWS\system32\ExSMime.dll
2016-04-13 11:37 - 2016-03-16 05:36 - 00255488 _____ (Microsoft Corporation) C:\WINDOWS\system32\deviceaccess.dll
2016-04-13 11:37 - 2016-03-16 05:36 - 00244736 _____ (Microsoft Corporation) C:\WINDOWS\system32\cemapi.dll
2016-04-13 11:37 - 2016-03-16 05:36 - 00195072 _____ (Microsoft Corporation) C:\WINDOWS\system32\VCardParser.dll
2016-04-13 11:37 - 2016-03-16 05:36 - 00163840 _____ (Microsoft Corporation) C:\WINDOWS\system32\CallHistoryClient.dll
2016-04-13 11:37 - 2016-03-16 05:36 - 00115712 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDataTimeUtil.dll
2016-04-13 11:37 - 2016-03-16 05:36 - 00074752 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpninprc.dll
2016-04-13 11:37 - 2016-03-16 05:36 - 00070656 _____ (Microsoft Corporation) C:\WINDOWS\system32\POSyncServices.dll
2016-04-13 11:37 - 2016-03-16 05:36 - 00068608 _____ (Microsoft Corporation) C:\WINDOWS\system32\PimIndexMaintenanceClient.dll
2016-04-13 11:37 - 2016-03-16 05:36 - 00066560 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDataPlatformHelperUtil.dll
2016-04-13 11:37 - 2016-03-16 05:36 - 00045056 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDataTypeHelperUtil.dll
2016-04-13 11:37 - 2016-03-16 05:36 - 00045056 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDataLanguageUtil.dll
2016-04-13 11:37 - 2016-03-16 05:35 - 01794560 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.dll
2016-04-13 11:37 - 2016-03-16 05:35 - 00246272 _____ (Microsoft Corporation) C:\WINDOWS\system32\PackageStateRoaming.dll
2016-04-13 11:37 - 2016-03-16 05:35 - 00185344 _____ (Microsoft Corporation) C:\WINDOWS\system32\psmsrv.dll
2016-04-13 11:37 - 2016-03-16 05:35 - 00145408 _____ (Microsoft Corporation) C:\WINDOWS\system32\dssvc.dll
2016-04-13 11:37 - 2016-03-16 05:34 - 01871872 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml3.dll
2016-04-13 11:37 - 2016-03-16 05:33 - 00670208 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieproxy.dll
2016-04-13 11:37 - 2016-03-16 05:32 - 00065024 _____ (Microsoft Corporation) C:\WINDOWS\system32\basesrv.dll
2016-04-13 11:37 - 2016-03-16 05:31 - 00195584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserDataAccountApis.dll
2016-04-13 11:37 - 2016-03-16 05:31 - 00172032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PhoneCallHistoryApis.dll
2016-04-13 11:37 - 2016-03-16 05:31 - 00018944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ExtrasXmlParser.dll
2016-04-13 11:37 - 2016-03-16 05:28 - 00163328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fwbase.dll
2016-04-13 11:37 - 2016-03-16 05:27 - 00161792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msorcl32.dll
2016-04-13 11:37 - 2016-03-16 05:24 - 00365056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\FirewallAPI.dll
2016-04-13 11:37 - 2016-03-16 05:24 - 00163840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fwpolicyiomgr.dll
2016-04-13 11:37 - 2016-03-16 05:24 - 00019456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wfapigp.dll
2016-04-13 11:37 - 2016-03-16 05:20 - 00118272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mtxoci.dll
2016-04-13 11:37 - 2016-03-16 05:18 - 00768000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll
2016-04-13 11:37 - 2016-03-16 05:18 - 00104960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AuthBroker.dll
2016-04-13 11:37 - 2016-03-16 05:17 - 00842240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppxPackaging.dll
2016-04-13 11:37 - 2016-03-16 05:17 - 00203776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vaultcli.dll
2016-04-13 11:37 - 2016-03-16 05:17 - 00168448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.Scanners.dll
2016-04-13 11:37 - 2016-03-16 05:17 - 00133120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppxSip.dll
2016-04-13 11:37 - 2016-03-16 05:16 - 00311808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppXDeploymentClient.dll
2016-04-13 11:37 - 2016-03-16 05:14 - 00625152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ContactApis.dll
2016-04-13 11:37 - 2016-03-16 05:14 - 00579584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppointmentApis.dll
2016-04-13 11:37 - 2016-03-16 05:14 - 00557568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ChatApis.dll
2016-04-13 11:37 - 2016-03-16 05:13 - 00928256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Unistore.dll
2016-04-13 11:37 - 2016-03-16 05:13 - 00525312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\EmailApis.dll
2016-04-13 11:37 - 2016-03-16 05:13 - 00223744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ExSMime.dll
2016-04-13 11:37 - 2016-03-16 05:13 - 00202240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\deviceaccess.dll
2016-04-13 11:37 - 2016-03-16 05:13 - 00201216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cemapi.dll
2016-04-13 11:37 - 2016-03-16 05:13 - 00150528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\VCardParser.dll
2016-04-13 11:37 - 2016-03-16 05:13 - 00131072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CallHistoryClient.dll
2016-04-13 11:37 - 2016-03-16 05:13 - 00091648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserDataTimeUtil.dll
2016-04-13 11:37 - 2016-03-16 05:13 - 00056320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\POSyncServices.dll
2016-04-13 11:37 - 2016-03-16 05:13 - 00055808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserDataPlatformHelperUtil.dll
2016-04-13 11:37 - 2016-03-16 05:13 - 00052736 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PimIndexMaintenanceClient.dll
2016-04-13 11:37 - 2016-03-16 05:13 - 00037888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserDataTypeHelperUtil.dll
2016-04-13 11:37 - 2016-03-16 05:13 - 00037888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserDataLanguageUtil.dll
2016-04-13 11:37 - 2016-03-16 05:12 - 00195584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PackageStateRoaming.dll
2016-04-13 11:37 - 2016-03-16 05:11 - 01594368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml3.dll
2016-04-13 11:37 - 2016-03-16 05:10 - 00295424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieproxy.dll
2016-04-13 11:32 - 2016-04-17 03:37 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2016-04-10 12:45 - 2016-04-10 12:45 - 00494197 _____ C:\Users\Dennis****\Documents\Postkarte_Lea.pdf
2016-04-10 12:31 - 2016-04-10 12:49 - 53372928 _____ C:\Users\Dennis****\Documents\Postkarte_Lea.vsd
2016-04-09 12:00 - 2016-04-09 12:00 - 00036909 _____ C:\Users\Dennis****\Downloads\TB_DRK(77).csv
2016-04-09 11:58 - 2016-04-09 11:58 - 00000165 ____H C:\Users\Dennis****\Downloads\~$Stundenplan Ergänzungsprüfung 2016.xlsx
2016-04-09 11:57 - 2016-04-09 11:57 - 00024121 _____ C:\Users\Dennis****\Downloads\Stundenplan Ergänzungsprüfung 2016.xlsx
2016-04-08 08:39 - 2016-04-08 08:39 - 00002009 _____ C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk
2016-04-08 08:39 - 2016-04-08 08:39 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus
2016-04-05 09:10 - 2016-04-05 09:10 - 01499408 _____ (Microsoft Corporation) C:\WINDOWS\system32\WdfCoInstaller01007.dll
2016-04-05 09:10 - 2016-04-05 09:10 - 00716928 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinUSBCoInstaller.dll
2016-04-05 09:10 - 2016-04-05 09:10 - 00000000 ____H C:\WINDOWS\system32\Drivers\Msft_Kernel_WinUSB_01007.Wdf
2016-04-04 17:43 - 2016-04-04 17:43 - 00017681 _____ C:\Users\Dennis****\Downloads\2016.04.03 DRK.csv
2016-04-04 17:24 - 2016-04-04 17:24 - 00023370 _____ C:\Users\Dennis****\Downloads\TB_DRK(76).csv
2016-04-04 17:14 - 2016-04-04 17:14 - 00016839 _____ C:\Users\Dennis****\Downloads\2016.04.02 DRK.csv
2016-04-04 09:14 - 2016-04-04 09:14 - 00001170 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Content Viewer.lnk
2016-04-01 14:59 - 2016-04-01 14:59 - 00356094 _____ C:\Users\Dennis****\Downloads\Hospitationsplan April 2016(1).pdf
2016-04-01 09:28 - 2016-04-01 09:28 - 00032342 _____ C:\Users\Dennis****\Downloads\TB_DRK(75).csv
2016-04-01 09:22 - 2016-04-01 09:22 - 00036850 _____ C:\Users\Dennis****\Downloads\TB_DRK(74).csv
2016-04-01 08:31 - 2016-04-01 08:31 - 00013145 _____ C:\Users\Dennis****\Downloads\2016.03.29 DRK.csv
2016-04-01 08:30 - 2016-04-01 08:30 - 00016153 _____ C:\Users\Dennis****\Downloads\2016.03.30 DRK.csv
2016-04-01 08:25 - 2016-04-01 08:25 - 00018398 _____ C:\Users\Dennis****\Downloads\2016.03.31 DRK.csv
2016-04-01 07:48 - 2016-04-01 07:48 - 00466728 _____ (Microsoft Corporation) C:\WINDOWS\system32\coin99itp.dll
2016-04-01 07:48 - 2016-04-01 07:48 - 00466728 _____ (Microsoft Corporation) C:\WINDOWS\system32\coin99ip.dll
2016-03-30 10:41 - 2016-04-18 07:57 - 00001226 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Creative Cloud.lnk
2016-03-30 10:41 - 2016-04-18 07:57 - 00001214 _____ C:\Users\Public\Desktop\Adobe Creative Cloud.lnk
==================== Ein Monat: Geänderte Dateien und Ordner ========
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)
2016-04-23 09:00 - 2011-08-13 13:43 - 00000000 ____D C:\ProgramData\Kaspersky Lab
2016-04-23 08:57 - 2015-06-19 17:27 - 00001244 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskUserS-1-5-21-3457901039-3679683318-3372754741-1000UA.job
2016-04-23 08:48 - 2015-06-21 14:08 - 00000000 ____D C:\Program Files (x86)\Emsisoft Anti-Malware
2016-04-23 08:38 - 2012-10-28 09:23 - 00000884 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2016-04-23 08:16 - 2011-08-25 15:49 - 00001150 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2016-04-23 06:25 - 2011-08-11 21:27 - 135176864 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2016-04-23 06:09 - 2015-07-10 13:04 - 00000000 ____D C:\WINDOWS\AppReadiness
2016-04-23 06:01 - 2015-07-10 13:04 - 00000000 ___HD C:\Program Files\WindowsApps
2016-04-23 05:54 - 2011-08-08 21:04 - 00000000 ____D C:\Users\Dennis****\AppData\Local\Adobe
2016-04-23 05:50 - 2015-06-23 22:14 - 00000000 ___RD C:\Users\Dennis****\Creative Cloud Files
2016-04-23 05:49 - 2011-08-25 15:49 - 00001146 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2016-04-22 16:13 - 2013-09-20 17:21 - 18481152 _____ C:\Users\Dennis****\Documents\Projekt_FeedbackNachReanimation.accdb
2016-04-22 15:46 - 2015-11-13 14:32 - 08400479 _____ C:\Users\Dennis****\Documents\frmlqryReanimation2.pdf
2016-04-22 09:57 - 2011-08-13 14:00 - 00453288 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe
2016-04-21 18:11 - 2015-06-21 21:41 - 00000000 ____D C:\Program Files (x86)\corView2
2016-04-21 18:02 - 2015-11-26 13:43 - 02077126 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2016-04-21 18:02 - 2015-07-10 18:34 - 00884928 _____ C:\WINDOWS\system32\perfh007.dat
2016-04-21 18:02 - 2015-07-10 18:34 - 00196026 _____ C:\WINDOWS\system32\perfc007.dat
2016-04-21 18:02 - 2015-07-10 13:02 - 00000000 ____D C:\WINDOWS\INF
2016-04-21 11:30 - 2015-06-21 12:18 - 00192216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2016-04-21 10:57 - 2015-06-19 17:27 - 00001192 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskUserS-1-5-21-3457901039-3679683318-3372754741-1000Core.job
2016-04-20 19:51 - 2012-02-12 08:12 - 00000000 ____D C:\ProgramData\boost_interprocess
2016-04-20 19:47 - 2015-07-10 14:21 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2016-04-20 19:43 - 2015-07-10 11:05 - 00262144 ___SH C:\WINDOWS\system32\config\BBI
2016-04-20 19:42 - 2015-11-26 13:45 - 00000000 ____D C:\Users\Dennis****
2016-04-20 12:36 - 2012-10-31 17:29 - 00000000 ____D C:\Users\Dennis****\AppData\Local\ElevatedDiagnostics
2016-04-20 09:26 - 2015-06-22 07:17 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2016-04-20 09:26 - 2015-06-22 07:16 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java Development Kit
2016-04-20 09:26 - 2015-06-22 07:14 - 00000000 ____D C:\Program Files (x86)\Java
2016-04-20 09:26 - 2013-10-17 13:26 - 00000000 ____D C:\ProgramData\Oracle
2016-04-20 09:25 - 2015-08-28 15:37 - 00000000 ____D C:\Users\Dennis****\.oracle_jre_usage
2016-04-20 09:24 - 2015-06-22 07:18 - 00097856 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\WindowsAccessBridge-32.dll
2016-04-20 09:03 - 2015-07-10 14:20 - 00000000 ____D C:\WINDOWS\ServiceProfiles
2016-04-20 07:27 - 2015-06-21 12:18 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware
2016-04-20 07:27 - 2015-06-21 12:17 - 00000000 ____D C:\Program Files (x86)\ Malwarebytes Anti-Malware
2016-04-18 08:00 - 2013-08-22 19:33 - 00000000 ____D C:\Users\Dennis****\AppData\Roaming\Dropbox
2016-04-18 07:57 - 2011-08-26 19:02 - 00000000 ____D C:\Program Files (x86)\Adobe
2016-04-17 04:45 - 2015-07-10 13:04 - 00000000 ____D C:\WINDOWS\rescache
2016-04-17 03:41 - 2015-11-26 14:36 - 00000000 __RHD C:\Users\Public\AccountPictures
2016-04-17 03:37 - 2012-04-25 12:01 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2016-04-17 03:33 - 2015-07-10 11:05 - 00000000 ____D C:\WINDOWS\SysWOW64\Dism
2016-04-13 18:48 - 2015-11-26 14:36 - 00000000 ____D C:\Users\Dennis****\AppData\Local\Packages
2016-04-13 12:37 - 2013-08-11 10:20 - 00000000 ____D C:\WINDOWS\system32\MRT
2016-04-13 12:27 - 2015-07-10 12:55 - 00000000 ____D C:\WINDOWS\CbsTemp
2016-04-11 19:08 - 2011-08-08 21:20 - 00000000 ____D C:\Users\Dennis****\AppData\Local\VirtualStore
2016-04-08 08:38 - 2015-11-05 16:25 - 00000000 ____D C:\Program Files\McAfee Security Scan
2016-04-06 22:12 - 2016-02-29 19:05 - 00157184 ___SH C:\Users\Dennis****\Downloads\Thumbs.db
2016-04-06 20:32 - 2015-07-10 13:06 - 00829944 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2016-04-06 20:32 - 2015-07-10 13:06 - 00176632 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2016-04-05 08:52 - 2015-12-30 13:21 - 00214832 _____ (DEVGURU Co., LTD.(www.devguru.co.kr)) C:\WINDOWS\system32\Drivers\ssudmdm.sys
2016-04-05 08:50 - 2015-12-30 13:18 - 00122160 _____ (DEVGURU Co., LTD.(www.devguru.co.kr)) C:\WINDOWS\system32\Drivers\ssudbus.sys
2016-04-04 09:08 - 2011-09-30 09:08 - 00000000 ____D C:\Program Files\Common Files\Adobe
2016-03-30 10:42 - 2011-08-08 15:44 - 00000000 ____D C:\Users\Dennis****\AppData\Roaming\Adobe
==================== Dateien im Wurzelverzeichnis einiger Verzeichnisse =======
2012-12-04 17:20 - 2012-12-04 17:20 - 0000358 _____ () C:\Users\Dennis****\AppData\Roaming\dpdhl.versandhelfer_state.xml
2013-07-28 10:46 - 2013-07-28 10:46 - 0003584 _____ () C:\Users\Dennis****\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2011-08-13 13:46 - 2011-08-13 13:46 - 0017408 _____ () C:\Users\Dennis****\AppData\Local\WebpageIcons.db
2015-11-26 13:40 - 2015-11-26 13:40 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
2011-08-12 16:51 - 2011-08-12 16:51 - 0000056 ____H () C:\ProgramData\ezsidmv.dat
2011-08-08 21:05 - 2010-01-16 07:15 - 0131368 _____ () C:\ProgramData\FullRemove.exe
2012-10-31 17:30 - 2012-10-31 17:33 - 0000358 _____ () C:\ProgramData\hpzinstall.log
2015-02-27 21:58 - 2015-02-27 21:58 - 0000036 ___SH () C:\ProgramData\Shrew Soft VPN.dat
Dateien, die verschoben oder gelöscht werden sollten:
====================
C:\ProgramData\Shrew Soft VPN.dat
Einige Dateien in TEMP:
====================
C:\Users\Dennis****\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpsimnqu.dll
C:\Users\Dennis****\AppData\Local\Temp\jre-8u66-windows-au.exe
C:\Users\Dennis****\AppData\Local\Temp\jre-8u73-windows-au.exe
C:\Users\Dennis****\AppData\Local\Temp\jre-8u77-windows-au.exe
C:\Users\Dennis****\AppData\Local\Temp\jre-8u91-windows-au.exe
C:\Users\Dennis****\AppData\Local\Temp\libeay32.dll
C:\Users\Dennis****\AppData\Local\Temp\msvcr120.dll
C:\Users\Dennis****\AppData\Local\Temp\rnsetup0.exe
C:\Users\Dennis****\AppData\Local\Temp\sqlite-3.7.2-sqlitejdbc.dll
C:\Users\Dennis****\AppData\Local\Temp\sqlite3.dll
C:\Users\Dennis****\AppData\Local\Temp\stubhelper.dll
==================== Bamital & volsnap =================
(Es ist kein automatischer Fix für Dateien vorhanden, die an der Verifikation gescheitert sind.)
C:\WINDOWS\system32\winlogon.exe => Datei ist digital signiert
C:\WINDOWS\system32\wininit.exe => Datei ist digital signiert
C:\WINDOWS\explorer.exe => Datei ist digital signiert
C:\WINDOWS\SysWOW64\explorer.exe => Datei ist digital signiert
C:\WINDOWS\system32\svchost.exe => Datei ist digital signiert
C:\WINDOWS\SysWOW64\svchost.exe => Datei ist digital signiert
C:\WINDOWS\system32\services.exe => Datei ist digital signiert
C:\WINDOWS\system32\User32.dll => Datei ist digital signiert
C:\WINDOWS\SysWOW64\User32.dll => Datei ist digital signiert
C:\WINDOWS\system32\userinit.exe => Datei ist digital signiert
C:\WINDOWS\SysWOW64\userinit.exe => Datei ist digital signiert
C:\WINDOWS\system32\rpcss.dll => Datei ist digital signiert
C:\WINDOWS\system32\dnsapi.dll => Datei ist digital signiert
C:\WINDOWS\SysWOW64\dnsapi.dll => Datei ist digital signiert
C:\WINDOWS\system32\Drivers\volsnap.sys => Datei ist digital signiert
LastRegBack: 2016-04-18 13:12
==================== Ende von FRST.txt ============================
|
| Themen zu Windows 10: Defender meldet "Malware erkannt" Worm:Win32/Gamarue.I |
| .dll, adobe, avast, defender, desktop, dnsapi.dll, explorer, firefox, flash player, home, homepage, karte, malware, mozilla, node.js, prozesse, realtek, registry, scan, security, services.exe, software, svchost.exe, symantec, system, windows, winlogon.exe |
Baum-Darstellung