|
Plagegeister aller Art und deren Bekämpfung: "mytrustsearch"- was ist das?Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
10.07.2016, 09:45 | #1 |
| "mytrustsearch"- was ist das? Hallo liebe Nutzer, ich habe gestern die Dummheit begangen, zu versuchen auf einem bekannten Streaming-Portal einen Film zu streamen. Es öffnete sich eine Flut von Werbe-Pop-Ups, aus der ich nur schwer wieder herauskam, da einige sich nur durch ein eigenes Pop-Up schließen ließen. Eine der Seiten gab akustische Anweisungen dazu. Seitdem habe ich alle möglichen Norton-Scans durchgeführt, die alle nichts auffälliges fanden. Jedoch bin ich mir sicher, dass etwas nicht stimmt. Ich nutze Windows 10. Folgende Symptome hat mein PC nämlich noch: auf Chrome, den ich zum Zeitpunkt meiner vermeintlichen Infizierung benutzte, geistert eine komische Suchmaschine herum: "mytrustsearch". Bei jedem neues Tab dass ich öffne, läd sie sofort, überdeckt dabei nach ca. 1s die Chrome App-Leiste. Eine Google-Suche zu "mytrustsearch" ergab fast nichts. Öffne ich in Chrome eine beliebige Seite und nutze dann die Scroll-Leiste, öffnet sich ein weiteres Tab mit dieser Seite. Das Klicken auf beliebige Links lässt eine Art Werbeseite erscheinen, auf der mir ein "Support für Windows 10 Produkte", irgendein Repairtool angeboten wird. Vorhin hat die Seite mit mir gesprochen, ich hätte ein IPhone gewonnen usw... Es öffnen sich auch andere Werbeseite automatisch. Neben meinen Chrome-Symptomen lässt mich Facebook nicht einloggen, auch nicht mit anderem Browser. Facebook glaubt zu erkennen, dass ich von Malware befallen bin und bietet mir eine Anti-Virus-Software an, die das Problem fix beseitigen soll. Nach dem Download dieser tut sich jedoch nichts, außer ein Loading-Symbol. Nun bin ich also stark verunsichert, vor allem weil Norton blind dafür zu sein scheint. Hoffentlich weiß jemand von euch, was ich mir hier eingehandelt haben könnte. Vielen Dank schonmal fürs Lesen, melt123 |
10.07.2016, 10:02 | #2 |
/// TB-Ausbilder /// Anleitungs-Guru | "mytrustsearch"- was ist das?Mein Name ist Jürgen und ich werde Dir bei Deinem Problem behilflich sein. Zusammen schaffen wir das...
Hinweis: Ich kann Dir niemals eine Garantie geben, dass wir alle schädlichen Dateien finden werden. Eine Formatierung ist meist der schnellere und immer der sicherste Weg, aber auch nur bei wirklicher Malware empfehlenswert. Adware & Co. können wir sehr gut entfernen. Solltest Du Dich für eine Bereinigung entscheiden, arbeite solange mit, bis Du mein clean bekommst. Los geht's: Schritt 1 Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST 32-Bit | FRST 64-Bit (Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
Lesestoff Posten in CODE-Tags: So gehts... Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert uns massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu groß für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
__________________ |
10.07.2016, 10:23 | #3 |
| frst.txtCode:
ATTFilter Untersuchungsergebnis von Farbar Recovery Scan Tool (FRST) (x64) Version: 09-07-2016 durchgeführt von User (Administrator) auf ACER (10-07-2016 11:16:43) Gestartet von C:\Users\User\Desktop Geladene Profile: User (Verfügbare Profile: User) Platform: Windows 10 Home Version 1511 (X64) Sprache: Deutsch (Deutschland) Internet Explorer Version 11 (Standard-Browser: Edge) Start-Modus: Normal Anleitung für Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Prozesse (Nicht auf der Ausnahmeliste) ================= (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Prozess geschlossen. Die Datei wird nicht verschoben.) (Broadcom Corp.) C:\Program Files\Broadcom\MemoryCard\BrcmCardReader.exe (Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Acer Incorporated) C:\Program Files (x86)\Acer\Acer Cloud\CCDMonitorService.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe (APN LLC.) C:\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe (Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe (Dritek System Inc.) C:\Program Files (x86)\Launch Manager\dsiwmis.exe (Dritek System INC.) C:\Windows\RfBtnSvc64.exe (Symantec Corporation) C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe (NTI Corporation) C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe (TuneUp Software) C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesService64.exe (Symantec Corporation) C:\Program Files (x86)\Norton 360\Engine\22.7.0.76\n360.exe (TuneUp Software) C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesApp64.exe (Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LMutilps32.exe (Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LManager.exe (Microsoft Corporation) C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersServer.exe (Dritek System Inc.) C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe (Intel Corporation) C:\Windows\System32\igfxext.exe (Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerTray.exe (Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe (Intel Corporation) C:\Windows\System32\hkcmd.exe (Intel Corporation) C:\Windows\System32\igfxpers.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Microsoft Corporation) C:\Windows\System32\StikyNot.exe (FTweak) C:\Program Files (x86)\RAMRush\RAMRush.exe (Spotify Ltd) C:\Users\User\AppData\Roaming\Spotify\SpotifyWebHelper.exe (Spotify Ltd) C:\Users\User\AppData\Roaming\Spotify\Spotify.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe (Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe (NTI Corporation) C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe (CyberLink) C:\Program Files (x86)\CyberLink\MediaEspresso\DeviceDetector\DeviceDetector.exe (Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\office15\onenotem.exe (Dropbox, Inc.) C:\Users\User\AppData\Roaming\Dropbox\bin\Dropbox.exe (Symantec Corporation) C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe (Dritek System Inc.) C:\Program Files (x86)\RadioController\RfBtnHelper.exe (Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe (Symantec Corporation) C:\Program Files (x86)\Norton 360\Engine\22.7.0.76\n360.exe (APN) C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe (Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe (Spotify Ltd) C:\Users\User\AppData\Roaming\Spotify\Spotify.exe (Spotify Ltd) C:\Users\User\AppData\Roaming\Spotify\Spotify.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe (Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerEvent.exe (Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe (Microsoft Corporation) C:\Windows\System32\browser_broker.exe (Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe (Egis Technology Inc.) C:\Program Files\EgisTec IPS\PmmUpdate.exe (Egis Technology Inc.) C:\Program Files\EgisTec IPS\EgisUpdate.exe (Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe (Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe (Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil_ActiveX.exe (Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe ==================== Registry (Nicht auf der Ausnahmeliste) =========================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt. Die Datei wird nicht verschoben.) HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12503184 2012-06-11] (Realtek Semiconductor) HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [3008824 2012-11-29] (Synaptics Incorporated) HKLM-x32\...\Run: [LManager] => [X] HKLM-x32\...\Run: [RadioController] => C:\Program Files (x86)\RadioController\RfBtnHelper.exe [111216 2013-02-25] (Dritek System Inc.) HKLM-x32\...\Run: [Norton Online Backup] => C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe [2994880 2012-08-15] (Symantec Corporation) HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-02-21] (Apple Inc.) HKLM-x32\...\Run: [ApnTBMon] => C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe [1758280 2016-06-16] (APN) Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation) HKU\S-1-5-21-3611015324-1233358662-1118214824-1001\...\Run: [RESTART_STICKY_NOTES] => C:\Windows\System32\StikyNot.exe [465920 2015-10-30] (Microsoft Corporation) HKU\S-1-5-21-3611015324-1233358662-1118214824-1001\...\Run: [ftweak_RAMRush] => C:\Program Files (x86)\RAMRush\RAMRush.exe [670720 2009-09-17] (FTweak) HKU\S-1-5-21-3611015324-1233358662-1118214824-1001\...\Run: [Spotify Web Helper] => C:\Users\User\AppData\Roaming\Spotify\SpotifyWebHelper.exe [1553520 2016-07-09] (Spotify Ltd) HKU\S-1-5-21-3611015324-1233358662-1118214824-1001\...\Run: [Dropbox Update] => C:\Users\User\AppData\Local\Dropbox\Update\DropboxUpdate.exe [134512 2015-07-19] (Dropbox, Inc.) HKU\S-1-5-21-3611015324-1233358662-1118214824-1001\...\Run: [Spotify] => C:\Users\User\AppData\Roaming\Spotify\Spotify.exe [7003760 2016-07-09] (Spotify Ltd) HKU\S-1-5-21-3611015324-1233358662-1118214824-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [53123712 2016-05-17] (Skype Technologies S.A.) HKU\S-1-5-21-3611015324-1233358662-1118214824-1001\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\scrnsave.scr [31744 2015-10-30] (Microsoft Corporation) ShellIconOverlayIdentifiers: [ OverlayExcluded] -> {4433A54A-1AC8-432F-90FC-85F045CF383C} => C:\Program Files (x86)\Norton 360\Engine64\22.7.0.76\buShell.dll [2016-06-09] (Symantec Corporation) ShellIconOverlayIdentifiers: [ OverlayPending] -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} => C:\Program Files (x86)\Norton 360\Engine64\22.7.0.76\buShell.dll [2016-06-09] (Symantec Corporation) ShellIconOverlayIdentifiers: [ OverlayProtected] -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} => C:\Program Files (x86)\Norton 360\Engine64\22.7.0.76\buShell.dll [2016-06-09] (Symantec Corporation) ShellIconOverlayIdentifiers: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Users\User\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\amd64\FileSyncShell64.dll [2016-06-25] (Microsoft Corporation) ShellIconOverlayIdentifiers: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Users\User\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\amd64\FileSyncShell64.dll [2016-06-25] (Microsoft Corporation) ShellIconOverlayIdentifiers: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Users\User\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\amd64\FileSyncShell64.dll [2016-06-25] (Microsoft Corporation) ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\User\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll [2016-06-13] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\User\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll [2016-06-13] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\User\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll [2016-06-13] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\User\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll [2016-06-13] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Users\User\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\FileSyncShell.dll [2016-06-25] (Microsoft Corporation) ShellIconOverlayIdentifiers-x32: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Users\User\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\FileSyncShell.dll [2016-06-25] (Microsoft Corporation) ShellIconOverlayIdentifiers-x32: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Users\User\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\FileSyncShell.dll [2016-06-25] (Microsoft Corporation) ShellIconOverlayIdentifiers-x32: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\User\AppData\Roaming\Dropbox\bin\DropboxExt.34.dll [2016-06-13] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\User\AppData\Roaming\Dropbox\bin\DropboxExt.34.dll [2016-06-13] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\User\AppData\Roaming\Dropbox\bin\DropboxExt.34.dll [2016-06-13] (Dropbox, Inc.) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Acer Backup Manager Tray.lnk [2012-11-23] ShortcutTarget: Acer Backup Manager Tray.lnk -> C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe (NTI Corporation) Startup: C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\An OneNote senden.lnk [2015-03-29] ShortcutTarget: An OneNote senden.lnk -> C:\Program Files\Microsoft Office 15\root\office15\onenotem.exe (Microsoft Corporation) Startup: C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2016-04-17] ShortcutTarget: Dropbox.lnk -> C:\Users\User\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) ==================== Internet (Nicht auf der Ausnahmeliste) ==================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Eintrag entfernt oder auf den Standardwert zurückgesetzt, wenn es sich um einen Registryeintrag handelt.) Tcpip\Parameters: [DhcpNameServer] 192.168.2.1 192.168.2.1 Tcpip\..\Interfaces\{b4e57d4c-a4ec-438b-a34d-db51b489b7bb}: [DhcpNameServer] 192.168.2.1 192.168.2.1 Internet Explorer: ================== HKU\S-1-5-21-3611015324-1233358662-1118214824-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://acer13.msn.com HKU\S-1-5-21-3611015324-1233358662-1118214824-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://acer13.msn.com BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll [2014-03-11] (Microsoft Corporation) BHO: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton 360\Engine64\22.7.0.76\coIEPlg.dll [2016-05-31] (Symantec Corporation) BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL [2014-03-11] (Microsoft Corporation) BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [2014-03-11] (Microsoft Corporation) BHO: DVDVideoSoft IE Extension -> {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} -> C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns64.dll [2015-08-05] (DVDVideoSoft Ltd.) BHO-x32: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton 360\Engine\22.7.0.76\coIEPlg.dll [2016-05-31] (Symantec Corporation) BHO-x32: Norton Vulnerability Protection -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> C:\Program Files (x86)\Norton 360\Engine\20.6.0.27\IPS\IPSBHO.DLL => Keine Datei BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL [2014-03-11] (Microsoft Corporation) BHO-x32: DVDVideoSoft IE Extension -> {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} -> C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll [2015-08-05] (DVDVideoSoft Ltd.) Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine64\22.7.0.76\coIEPlg.dll [2016-05-31] (Symantec Corporation) Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine\22.7.0.76\coIEPlg.dll [2016-05-31] (Symantec Corporation) Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2014-03-11] (Microsoft Corporation) FireFox: ======== FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-02-20] () FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-06-07] (Intel Corporation) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-06-07] (Intel Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2014-03-11] (Microsoft Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-06-25] (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-06-25] (Google Inc.) FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll [2012-05-12] () FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2016-04-23] (Adobe Systems Inc.) FF HKLM\...\Firefox\Extensions: [{C1A2A613-35F1-4FCF-B27F-2840527B6556}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_22.5.2.15\coFFAddon FF Extension: Norton Identity Safe - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_22.5.2.15\coFFAddon [2016-07-09] FF HKLM-x32\...\Firefox\Extensions: [{C1A2A613-35F1-4FCF-B27F-2840527B6556}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_22.5.2.15\coFFAddon FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK => nicht gefunden Chrome: ======= CHR HomePage: Default -> hxxp://www.search.ask.com/?gct=hp CHR DefaultSearchURL: Default -> hxxp://www.search.ask.com/web?q={searchTerms} CHR DefaultSearchKeyword: Default -> search.ask.com CHR DefaultSuggestURL: Default -> hxxp://ssmsp.ask.com/query?sstype=prefix&li=ff&q={searchTerms} CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\51.0.2704.103\PepperFlash\pepflashplayer.dll () CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\51.0.2704.103\ppGoogleNaClPluginChrome.dll => Keine Datei CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\51.0.2704.103\pdf.dll => Keine Datei CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll => Keine Datei CHR Plugin: (Intel® Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation) CHR Plugin: (Intel® Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation) CHR Profile: C:\Users\User\AppData\Local\Google\Chrome\User Data\Default CHR Extension: (Google Drive) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-29] CHR Extension: (YouTube) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-25] CHR Extension: (Ecosia - Die Suchmaschine, die Bäume pflanzt) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\clellnciejhoedgepbdilbkdkaoecgpc [2015-10-17] CHR Extension: (Google-Suche) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-11-02] CHR Extension: (youTubeRate) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\flcfhacaaadijbnjaopcdijigenfpjjm [2016-07-09] CHR Extension: (Google Docs Offline) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-27] CHR Extension: (Norton Identity Safe) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\iikflkcanblccfahdhdonehdalibjnif [2014-12-16] CHR Extension: (Chrome Web Store-Zahlungen) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-05-06] CHR Extension: (Google Mail) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-29] CHR HKLM\...\Chrome\Extension: [aaaaaejaghnbcjilindpkgmcmdflpgjf] - hxxps://clients2.google.com/service/update2/crx CHR HKLM\...\Chrome\Extension: [aaaailpifkkekipiachodfkfmgmiapmp] - C:\ProgramData\AskPartnerNetwork\Toolbar\SGT-V7\CRX\ToolbarCR.crx [2016-06-21] CHR HKLM\...\Chrome\Extension: [cjabmdjcfcfdmffimndhafhblfmpjdpe] - C:\Program Files (x86)\Norton 360\Engine\22.7.0.76\Exts\Chrome.crx [2016-07-09] CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx CHR HKLM-x32\...\Chrome\Extension: [aaaaaejaghnbcjilindpkgmcmdflpgjf] - hxxps://clients2.google.com/service/update2/crx CHR HKLM-x32\...\Chrome\Extension: [aaaailpifkkekipiachodfkfmgmiapmp] - C:\ProgramData\AskPartnerNetwork\Toolbar\SGT-V7\CRX\ToolbarCR.crx [2016-06-21] CHR HKLM-x32\...\Chrome\Extension: [cjabmdjcfcfdmffimndhafhblfmpjdpe] - C:\Program Files (x86)\Norton 360\Engine\22.7.0.76\Exts\Chrome.crx [2016-07-09] CHR HKLM-x32\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx ==================== Dienste (Nicht auf der Ausnahmeliste) ======================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.) R2 APNMCP; C:\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe [198216 2016-06-16] (APN LLC.) R2 BrcmCardReader; C:\Program Files\Broadcom\MemoryCard\BrcmCardReader.exe [176640 2012-08-20] (Broadcom Corp.) [Datei ist nicht signiert] R2 CCDMonitorService; C:\Program Files (x86)\Acer\Acer Cloud\CCDMonitorService.exe [2449552 2012-10-25] (Acer Incorporated) R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2169016 2014-01-02] (Microsoft Corporation) S3 DeviceFastLaneService; C:\Program Files\Acer\Acer Device Fast-lane\DeviceFastLaneSvc.exe [469648 2012-11-17] (Acer Incorporated) R3 ePowerSvc; C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe [658064 2012-10-23] (Acer Incorporated) R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [165760 2012-07-18] (Intel Corporation) R2 N360; C:\Program Files (x86)\Norton 360\Engine\22.7.0.76\N360.exe [289080 2016-06-17] (Symantec Corporation) R2 NOBU; C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [3943104 2012-08-15] (Symantec Corporation) R2 NTI IScheduleSvc; C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe [259136 2012-11-03] (NTI Corporation) R2 RfButtonDriverService; C:\Windows\RfBtnSvc64.exe [96880 2013-02-25] (Dritek System INC.) R2 TuneUp.UtilitiesSvc; C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesService64.exe [2145080 2015-06-25] (TuneUp Software) S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [364464 2015-10-30] (Microsoft Corporation) S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2015-10-30] (Microsoft Corporation) ===================== Treiber (Nicht auf der Ausnahmeliste) ========================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.) R3 BCM43XX; C:\Windows\system32\DRIVERS\bcmwl63a.sys [7585280 2015-10-30] (Broadcom Corporation) R1 BHDrvx64; C:\Program Files (x86)\Norton 360\NortonData\22.5.2.15\Definitions\BASHDefs\20160705.001\BHDrvx64.sys [1832176 2016-05-12] (Symantec Corporation) R1 ccSet_N360; C:\Windows\system32\drivers\N360x64\1607000.04C\ccSetx64.sys [174328 2016-06-02] (Symantec Corporation) R1 ccSet_NARA; C:\Windows\system32\drivers\NARAx64\0401000.00E\ccSetx64.sys [168608 2012-05-26] (Symantec Corporation) R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [497392 2016-05-06] (Symantec Corporation) R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [156912 2016-06-25] (Symantec Corporation) R1 IDSVia64; C:\Program Files (x86)\Norton 360\NortonData\22.5.2.15\Definitions\IPSDefs\20160708.001\IDSvia64.sys [876760 2016-07-09] (Symantec Corporation) R3 Ps2Kb2Hid; C:\Windows\System32\drivers\aPs2Kb2Hid.sys [26736 2013-02-25] (Dritek System Inc.) S3 SipIMNDI; C:\Windows\system32\DRIVERS\SipIMNDI64.sys [28192 2009-10-15] (T-Systems International GmbH) R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [31032 2012-11-29] (Synaptics Incorporated) R1 SRTSP; C:\Windows\System32\Drivers\N360x64\1607000.04C\SRTSP64.SYS [773360 2016-07-02] (Symantec Corporation) R1 SRTSPX; C:\Windows\system32\drivers\N360x64\1607000.04C\SRTSPX64.SYS [48888 2016-06-02] (Symantec Corporation) R0 SymEFASI; C:\Windows\System32\drivers\N360x64\1607000.04C\SYMEFASI64.SYS [1627352 2016-06-02] (Symantec Corporation) S0 SymELAM; C:\Windows\System32\drivers\N360x64\1607000.04C\SymELAM.sys [24192 2015-07-11] (Symantec Corporation) R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [101112 2016-07-09] (Symantec Corporation) R1 SymIRON; C:\Windows\system32\drivers\N360x64\1607000.04C\Ironx64.SYS [291056 2016-06-02] (Symantec Corporation) R1 SymNetS; C:\Windows\System32\Drivers\N360x64\1607000.04C\SYMNETS.SYS [567536 2016-06-02] (Symantec Corporation) R3 TuneUpUtilitiesDrv; C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesDriver64.sys [31144 2015-06-04] (TuneUp Software) S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44568 2015-10-30] (Microsoft Corporation) S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [293216 2015-10-30] (Microsoft Corporation) S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [118112 2015-10-30] (Microsoft Corporation) S3 NAVENG; \??\C:\Program Files (x86)\Norton 360\NortonData\22.5.2.15\Definitions\SDSDefs\20160708.008\ENG64.SYS [X] S3 NAVEX15; \??\C:\Program Files (x86)\Norton 360\NortonData\22.5.2.15\Definitions\SDSDefs\20160708.008\EX64.SYS [X] ==================== NetSvcs (Nicht auf der Ausnahmeliste) =================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.) ==================== Ein Monat: Erstellte Dateien und Ordner ======== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.) 2016-07-10 11:16 - 2016-07-10 11:17 - 00025257 _____ C:\Users\User\Desktop\FRST.txt 2016-07-10 11:16 - 2016-07-10 11:16 - 00000000 ____D C:\FRST 2016-07-10 11:15 - 2016-07-10 11:15 - 01740288 _____ (Farbar) C:\Users\User\Downloads\FRST.exe 2016-07-10 11:13 - 2016-07-10 11:16 - 02390016 _____ (Farbar) C:\Users\User\Desktop\FRST64.exe 2016-07-10 10:08 - 2016-07-10 10:08 - 03618856 _____ (Facebook Inc.) C:\Users\User\Downloads\ESET_T1051715071531367T_.exe 2016-07-09 21:26 - 2016-07-10 10:57 - 00000000 ____D C:\WINDOWS\System32\Tasks\Norton 360 2016-07-09 21:20 - 2016-07-09 21:20 - 00003376 _____ C:\WINDOWS\System32\Tasks\Norton WSC Integration 2016-07-09 21:20 - 2016-07-09 21:20 - 00002318 _____ C:\Users\Public\Desktop\Norton 360.lnk 2016-07-09 21:10 - 2016-07-09 22:07 - 00000000 ____D C:\Users\User\AppData\Local\NPE 2016-07-09 20:58 - 2016-07-09 20:58 - 00079905 _____ C:\Users\User\Downloads\WiSe 2016-17 Zulassungsantrag Inländer.pdf 2016-07-09 20:28 - 2016-06-02 05:34 - 00773360 _____ (Symantec Corporation) C:\WINDOWS\SMSS-PFRO6774.tmp 2016-07-01 21:35 - 2016-07-01 21:35 - 00202602 _____ C:\Users\User\Documents\Eckardt_Lebenslauf.pdf 2016-07-01 21:34 - 2016-07-01 21:34 - 00088698 _____ C:\Users\User\Documents\Eckardt_Motivationsschreiben.pdf 2016-06-30 19:42 - 2016-06-30 19:43 - 00912480 _____ C:\Users\User\Documents\KATHRIN_Zeugnis_vollst..pdf 2016-06-30 19:27 - 2016-06-30 19:27 - 01098444 _____ C:\Users\User\Documents\KATHRIN_Bewertungsbogen.pdf 2016-06-30 19:27 - 2016-06-30 19:27 - 00643634 _____ C:\Users\User\Documents\KATHRIN_Zertifikat.pdf 2016-06-30 19:27 - 2016-06-30 19:27 - 00484845 _____ C:\Users\User\Documents\KATHRIN_Bescheinigung.pdf 2016-06-26 22:19 - 2016-05-28 08:13 - 01401024 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll 2016-06-26 22:19 - 2016-05-28 08:13 - 00046784 _____ (Microsoft Corporation) C:\WINDOWS\system32\CompatTelRunner.exe 2016-06-26 22:19 - 2016-05-28 07:06 - 22561256 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll 2016-06-26 22:19 - 2016-05-28 06:29 - 22379008 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll 2016-06-26 22:19 - 2016-05-28 06:19 - 24605696 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll 2016-06-26 22:19 - 2016-05-28 06:18 - 11545088 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll 2016-06-26 22:19 - 2016-05-28 06:18 - 07977472 _____ (Microsoft Corporation) C:\WINDOWS\system32\mos.dll 2016-06-26 22:19 - 2016-05-28 06:16 - 19344384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll 2016-06-26 22:19 - 2016-05-28 06:14 - 18674176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll 2016-06-26 22:19 - 2016-05-28 06:06 - 07200256 _____ (Microsoft Corporation) C:\WINDOWS\system32\BingMaps.dll 2016-06-26 22:19 - 2016-05-28 06:04 - 06973952 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll 2016-06-26 22:19 - 2016-05-28 06:00 - 02168320 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll 2016-06-26 22:19 - 2016-05-28 05:58 - 07832576 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll 2016-06-26 22:19 - 2016-04-23 07:09 - 21123320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll 2016-06-26 22:19 - 2016-04-23 07:09 - 05240960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll 2016-06-26 22:19 - 2016-04-23 07:08 - 06605504 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll 2016-06-26 22:19 - 2016-04-23 06:31 - 13018112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll 2016-06-26 22:19 - 2016-04-23 06:28 - 16984576 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll 2016-06-26 22:19 - 2016-04-23 06:05 - 05502976 _____ (Microsoft Corporation) C:\WINDOWS\system32\d2d1.dll 2016-06-26 22:19 - 2016-04-23 06:04 - 04759040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d2d1.dll 2016-06-26 22:19 - 2016-04-23 06:03 - 02000896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.appcore.dll 2016-06-26 22:19 - 2016-04-23 06:02 - 02444288 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.appcore.dll 2016-06-26 22:18 - 2016-05-28 08:13 - 01184960 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll 2016-06-26 22:18 - 2016-05-28 08:13 - 00514752 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll 2016-06-26 22:18 - 2016-05-28 08:13 - 00290496 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll 2016-06-26 22:18 - 2016-05-28 07:22 - 07474528 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe 2016-06-26 22:18 - 2016-05-28 07:09 - 00501600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupEngine.dll 2016-06-26 22:18 - 2016-05-28 07:08 - 00693600 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupEngine.dll 2016-06-26 22:18 - 2016-05-28 07:07 - 03675512 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll 2016-06-26 22:18 - 2016-05-28 07:07 - 02921880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll 2016-06-26 22:18 - 2016-05-28 07:07 - 01322248 _____ (Microsoft Corporation) C:\WINDOWS\system32\ole32.dll 2016-06-26 22:18 - 2016-05-28 07:07 - 00808288 _____ (Microsoft Corporation) C:\WINDOWS\system32\WWAHost.exe 2016-06-26 22:18 - 2016-05-28 07:06 - 04074160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\explorer.exe 2016-06-26 22:18 - 2016-05-28 07:06 - 00303216 _____ (Microsoft Corporation) C:\WINDOWS\system32\LockAppHost.exe 2016-06-26 22:18 - 2016-05-28 07:06 - 00254656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LockAppHost.exe 2016-06-26 22:18 - 2016-05-28 07:05 - 04515264 _____ (Microsoft Corporation) C:\WINDOWS\explorer.exe 2016-06-26 22:18 - 2016-05-28 06:58 - 01996640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys 2016-06-26 22:18 - 2016-05-28 06:58 - 00379232 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\atmfd.dll 2016-06-26 22:18 - 2016-05-28 06:57 - 02548944 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d10warp.dll 2016-06-26 22:18 - 2016-05-28 06:57 - 02195632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d10warp.dll 2016-06-26 22:18 - 2016-05-28 06:57 - 01594416 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32.dll 2016-06-26 22:18 - 2016-05-28 06:57 - 01372312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32.dll 2016-06-26 22:18 - 2016-05-28 06:57 - 00649792 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxgi.dll 2016-06-26 22:18 - 2016-05-28 06:57 - 00636304 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontdrvhost.exe 2016-06-26 22:18 - 2016-05-28 06:57 - 00577376 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys 2016-06-26 22:18 - 2016-05-28 06:57 - 00521664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxgi.dll 2016-06-26 22:18 - 2016-05-28 06:57 - 00316256 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\atmfd.dll 2016-06-26 22:18 - 2016-05-28 06:35 - 00123392 _____ (Microsoft Corporation) C:\WINDOWS\system32\tdlrecover.exe 2016-06-26 22:18 - 2016-05-28 06:31 - 00091648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tdlrecover.exe 2016-06-26 22:18 - 2016-05-28 06:19 - 00567808 _____ (Microsoft Corporation) C:\WINDOWS\system32\MBMediaManager.dll 2016-06-26 22:18 - 2016-05-28 06:18 - 00460800 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapConfiguration.dll 2016-06-26 22:18 - 2016-05-28 06:18 - 00380416 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemEventsBrokerServer.dll 2016-06-26 22:18 - 2016-05-28 06:17 - 09918976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll 2016-06-26 22:18 - 2016-05-28 06:17 - 00963072 _____ (Microsoft Corporation) C:\WINDOWS\system32\iphlpsvc.dll 2016-06-26 22:18 - 2016-05-28 06:16 - 00592896 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppContracts.dll 2016-06-26 22:18 - 2016-05-28 06:16 - 00503808 _____ (Microsoft Corporation) C:\WINDOWS\system32\tileobjserver.dll 2016-06-26 22:18 - 2016-05-28 06:15 - 00853504 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsStore.dll 2016-06-26 22:18 - 2016-05-28 06:15 - 00794624 _____ (Microsoft Corporation) C:\WINDOWS\system32\winhttp.dll 2016-06-26 22:18 - 2016-05-28 06:14 - 01716736 _____ (Microsoft Corporation) C:\WINDOWS\system32\SRHInproc.dll 2016-06-26 22:18 - 2016-05-28 06:14 - 00988160 _____ (Microsoft Corporation) C:\WINDOWS\system32\NMAA.dll 2016-06-26 22:18 - 2016-05-28 06:14 - 00606208 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll 2016-06-26 22:18 - 2016-05-28 06:13 - 01387520 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys 2016-06-26 22:18 - 2016-05-28 06:13 - 00990208 _____ (Microsoft Corporation) C:\WINDOWS\system32\SharedStartModel.dll 2016-06-26 22:18 - 2016-05-28 06:13 - 00939520 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapControlCore.dll 2016-06-26 22:18 - 2016-05-28 06:11 - 00504320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll 2016-06-26 22:18 - 2016-05-28 06:08 - 13385728 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll 2016-06-26 22:18 - 2016-05-28 06:08 - 06295552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mos.dll 2016-06-26 22:18 - 2016-05-28 06:06 - 12128256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll 2016-06-26 22:18 - 2016-05-28 06:06 - 01339904 _____ (Microsoft Corporation) C:\WINDOWS\system32\gpsvc.dll 2016-06-26 22:18 - 2016-05-28 06:05 - 03994624 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_nt.dll 2016-06-26 22:18 - 2016-05-28 06:05 - 03664896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll 2016-06-26 22:18 - 2016-05-28 06:05 - 02582016 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFMediaEngine.dll 2016-06-26 22:18 - 2016-05-28 06:05 - 01797120 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Immersive.dll 2016-06-26 22:18 - 2016-05-28 06:03 - 05323776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll 2016-06-26 22:18 - 2016-05-28 06:03 - 05205504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BingMaps.dll 2016-06-26 22:18 - 2016-05-28 06:03 - 02609664 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetworkMobileSettings.dll 2016-06-26 22:18 - 2016-05-28 06:03 - 01185280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LocationFramework.dll 2016-06-26 22:18 - 2016-05-28 06:02 - 03590144 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys 2016-06-26 22:18 - 2016-05-28 06:02 - 02061824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFMediaEngine.dll 2016-06-26 22:18 - 2016-05-28 06:02 - 01534464 _____ (Microsoft Corporation) C:\WINDOWS\system32\LocationFramework.dll 2016-06-26 22:18 - 2016-05-28 06:01 - 01799680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Logon.dll 2016-06-26 22:18 - 2016-05-28 06:01 - 01582080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Immersive.dll 2016-06-26 22:18 - 2016-05-28 06:00 - 05660160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll 2016-06-26 22:18 - 2016-05-28 06:00 - 03585536 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettingsThresholdAdminFlowUI.dll 2016-06-26 22:18 - 2016-05-28 06:00 - 02635776 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Logon.dll 2016-06-26 22:18 - 2016-05-28 06:00 - 01730560 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll 2016-06-26 22:18 - 2016-05-28 06:00 - 01707520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ActiveSyncProvider.dll 2016-06-26 22:18 - 2016-05-28 05:58 - 04896256 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll 2016-06-26 22:18 - 2016-05-28 05:58 - 02066432 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.dll 2016-06-26 22:18 - 2016-05-28 05:58 - 01996288 _____ (Microsoft Corporation) C:\WINDOWS\system32\ActiveSyncProvider.dll 2016-06-26 22:18 - 2016-05-28 05:57 - 02281472 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll 2016-06-26 22:18 - 2016-05-28 05:55 - 01390080 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Shell.dll 2016-06-26 22:18 - 2016-05-05 06:50 - 00215040 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepic.dll 2016-06-26 22:18 - 2016-04-23 08:12 - 00713920 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll 2016-06-26 22:18 - 2016-04-23 08:12 - 00190144 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceCensus.exe 2016-06-26 22:18 - 2016-04-23 07:28 - 01557768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll 2016-06-26 22:18 - 2016-04-23 07:28 - 01542816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll 2016-06-26 22:18 - 2016-04-23 07:24 - 01997328 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll 2016-06-26 22:18 - 2016-04-23 07:24 - 01819208 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll 2016-06-26 22:18 - 2016-04-23 07:24 - 00754664 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreMessaging.dll 2016-06-26 22:18 - 2016-04-23 07:22 - 01161120 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpcrt4.dll 2016-06-26 22:18 - 2016-04-23 07:12 - 00925064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfplat.dll 2016-06-26 22:18 - 2016-04-23 07:12 - 00451928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFCaptureEngine.dll 2016-06-26 22:18 - 2016-04-23 07:12 - 00413536 _____ (Microsoft Corporation) C:\WINDOWS\system32\wifitask.exe 2016-06-26 22:18 - 2016-04-23 07:11 - 01092464 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfplat.dll 2016-06-26 22:18 - 2016-04-23 07:11 - 00498960 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFCaptureEngine.dll 2016-06-26 22:18 - 2016-04-23 07:09 - 00569744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SHCore.dll 2016-06-26 22:18 - 2016-04-23 07:09 - 00565600 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncHost.exe 2016-06-26 22:18 - 2016-04-23 07:09 - 00465760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncHost.exe 2016-06-26 22:18 - 2016-04-23 07:08 - 00725776 _____ (Microsoft Corporation) C:\WINDOWS\system32\SHCore.dll 2016-06-26 22:18 - 2016-04-23 07:07 - 01848072 _____ (Microsoft Corporation) C:\WINDOWS\system32\crypt32.dll 2016-06-26 22:18 - 2016-04-23 07:07 - 01536088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\crypt32.dll 2016-06-26 22:18 - 2016-04-23 07:06 - 00291360 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininit.exe 2016-06-26 22:18 - 2016-04-23 07:02 - 00188256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppxAllUserStore.dll 2016-06-26 22:18 - 2016-04-23 07:01 - 00619296 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d10level9.dll 2016-06-26 22:18 - 2016-04-23 07:01 - 00513368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d10level9.dll 2016-06-26 22:18 - 2016-04-23 07:01 - 00393568 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys 2016-06-26 22:18 - 2016-04-23 07:00 - 01776768 _____ (Microsoft Corporation) C:\WINDOWS\system32\WindowsCodecs.dll 2016-06-26 22:18 - 2016-04-23 07:00 - 01522152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WindowsCodecs.dll 2016-06-26 22:18 - 2016-04-23 07:00 - 01399224 _____ (Microsoft Corporation) C:\WINDOWS\system32\user32.dll 2016-06-26 22:18 - 2016-04-23 07:00 - 00550656 _____ (Microsoft Corporation) C:\WINDOWS\system32\directmanipulation.dll 2016-06-26 22:18 - 2016-04-23 07:00 - 00453472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\directmanipulation.dll 2016-06-26 22:18 - 2016-04-23 06:56 - 00534872 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBHUB3.SYS 2016-06-26 22:18 - 2016-04-23 06:25 - 00630784 _____ (Microsoft Corporation) C:\WINDOWS\system32\PhoneProviders.dll 2016-06-26 22:18 - 2016-04-23 06:25 - 00210432 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcmcsp.dll 2016-06-26 22:18 - 2016-04-23 06:24 - 00689152 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieproxy.dll 2016-06-26 22:18 - 2016-04-23 06:24 - 00292864 _____ (Microsoft Corporation) C:\WINDOWS\system32\provengine.dll 2016-06-26 22:18 - 2016-04-23 06:24 - 00287232 _____ (Microsoft Corporation) C:\WINDOWS\system32\provhandlers.dll 2016-06-26 22:18 - 2016-04-23 06:24 - 00181248 _____ (Microsoft Corporation) C:\WINDOWS\system32\shacct.dll 2016-06-26 22:18 - 2016-04-23 06:21 - 00479232 _____ (Microsoft Corporation) C:\WINDOWS\system32\schannel.dll 2016-06-26 22:18 - 2016-04-23 06:20 - 00606720 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcmsvc.dll 2016-06-26 22:18 - 2016-04-23 06:20 - 00484352 _____ (Microsoft Corporation) C:\WINDOWS\system32\DataSenseHandlers.dll 2016-06-26 22:18 - 2016-04-23 06:20 - 00356864 _____ (Microsoft Corporation) C:\WINDOWS\system32\ActivationManager.dll 2016-06-26 22:18 - 2016-04-23 06:19 - 00970752 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll 2016-06-26 22:18 - 2016-04-23 06:19 - 00440320 _____ (Microsoft Corporation) C:\WINDOWS\system32\CredProvDataModel.dll 2016-06-26 22:18 - 2016-04-23 06:18 - 00870400 _____ (Microsoft Corporation) C:\WINDOWS\system32\modernexecserver.dll 2016-06-26 22:18 - 2016-04-23 06:18 - 00804352 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll 2016-06-26 22:18 - 2016-04-23 06:18 - 00585728 _____ (Microsoft Corporation) C:\WINDOWS\system32\winlogon.exe 2016-06-26 22:18 - 2016-04-23 06:18 - 00515072 _____ (Microsoft Corporation) C:\WINDOWS\system32\OneDriveSettingSyncProvider.dll 2016-06-26 22:18 - 2016-04-23 06:18 - 00471552 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupShim.dll 2016-06-26 22:18 - 2016-04-23 06:17 - 01213440 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwansvc.dll 2016-06-26 22:18 - 2016-04-23 06:17 - 00529920 _____ (Microsoft Corporation) C:\WINDOWS\system32\LogonController.dll 2016-06-26 22:18 - 2016-04-23 06:17 - 00388608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\schannel.dll 2016-06-26 22:18 - 2016-04-23 06:16 - 01319424 _____ (Microsoft Corporation) C:\WINDOWS\system32\wifinetworkmanager.dll 2016-06-26 22:18 - 2016-04-23 06:16 - 00848896 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll 2016-06-26 22:18 - 2016-04-23 06:15 - 00865792 _____ (Microsoft Corporation) C:\WINDOWS\system32\AzureSettingSyncProvider.dll 2016-06-26 22:18 - 2016-04-23 06:15 - 00792064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll 2016-06-26 22:18 - 2016-04-23 06:15 - 00673280 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.dll 2016-06-26 22:18 - 2016-04-23 06:15 - 00400896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\OneDriveSettingSyncProvider.dll 2016-06-26 22:18 - 2016-04-23 06:15 - 00348672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CredProvDataModel.dll 2016-06-26 22:18 - 2016-04-23 06:14 - 00870912 _____ (Microsoft Corporation) C:\WINDOWS\system32\MPSSVC.dll 2016-06-26 22:18 - 2016-04-23 06:14 - 00821760 _____ (Microsoft Corporation) C:\WINDOWS\system32\TokenBroker.dll 2016-06-26 22:18 - 2016-04-23 06:14 - 00647680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll 2016-06-26 22:18 - 2016-04-23 06:14 - 00354304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupShim.dll 2016-06-26 22:18 - 2016-04-23 06:13 - 00705536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll 2016-06-26 22:18 - 2016-04-23 06:13 - 00489984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.dll 2016-06-26 22:18 - 2016-04-23 06:13 - 00434688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LogonController.dll 2016-06-26 22:18 - 2016-04-23 06:12 - 00667648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AzureSettingSyncProvider.dll 2016-06-26 22:18 - 2016-04-23 06:10 - 00639488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TokenBroker.dll 2016-06-26 22:18 - 2016-04-23 06:05 - 01946112 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll 2016-06-26 22:18 - 2016-04-23 06:05 - 01626624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmcore.dll 2016-06-26 22:18 - 2016-04-23 06:05 - 00613376 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSync.dll 2016-06-26 22:18 - 2016-04-23 06:03 - 02193408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\actxprxy.dll 2016-06-26 22:18 - 2016-04-23 06:03 - 00754176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncCore.dll 2016-06-26 22:18 - 2016-04-23 06:03 - 00503296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSync.dll 2016-06-26 22:18 - 2016-04-23 06:01 - 04775424 _____ (Microsoft Corporation) C:\WINDOWS\system32\actxprxy.dll 2016-06-26 22:18 - 2016-04-23 06:00 - 00984576 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncCore.dll 2016-06-26 22:18 - 2016-04-23 05:45 - 00461824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CoreMessaging.dll 2016-06-26 22:17 - 2016-05-28 08:13 - 00092352 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll 2016-06-26 22:17 - 2016-05-28 07:25 - 04268880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\setupapi.dll 2016-06-26 22:17 - 2016-05-28 07:23 - 00388384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ws2_32.dll 2016-06-26 22:17 - 2016-05-28 07:23 - 00312160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mswsock.dll 2016-06-26 22:17 - 2016-05-28 07:22 - 04387680 _____ (Microsoft Corporation) C:\WINDOWS\system32\setupapi.dll 2016-06-26 22:17 - 2016-05-28 07:22 - 00428896 _____ (Microsoft Corporation) C:\WINDOWS\system32\hal.dll 2016-06-26 22:17 - 2016-05-28 07:22 - 00211296 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tpm.sys 2016-06-26 22:17 - 2016-05-28 07:22 - 00118624 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\partmgr.sys 2016-06-26 22:17 - 2016-05-28 07:20 - 00430312 _____ (Microsoft Corporation) C:\WINDOWS\system32\ws2_32.dll 2016-06-26 22:17 - 2016-05-28 07:18 - 00357216 _____ (Microsoft Corporation) C:\WINDOWS\system32\mswsock.dll 2016-06-26 22:17 - 2016-05-28 07:16 - 00026408 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe 2016-06-26 22:17 - 2016-05-28 07:09 - 00170848 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetworkUXBroker.exe 2016-06-26 22:17 - 2016-05-28 07:09 - 00084832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupApi.dll 2016-06-26 22:17 - 2016-05-28 07:08 - 00258912 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ufx01000.sys 2016-06-26 22:17 - 2016-05-28 07:08 - 00115040 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupApi.dll 2016-06-26 22:17 - 2016-05-28 07:07 - 00957608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ole32.dll 2016-06-26 22:17 - 2016-05-28 07:07 - 00703840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WWAHost.exe 2016-06-26 22:17 - 2016-05-28 07:07 - 00331616 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pci.sys 2016-06-26 22:17 - 2016-05-28 07:06 - 00730344 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Shell.Broker.dll 2016-06-26 22:17 - 2016-05-28 07:04 - 00604928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys 2016-06-26 22:17 - 2016-05-28 07:04 - 00431296 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcryptprimitives.dll 2016-06-26 22:17 - 2016-05-28 07:04 - 00360480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\bcryptprimitives.dll 2016-06-26 22:17 - 2016-05-28 07:04 - 00161632 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecpkg.sys 2016-06-26 22:17 - 2016-05-28 07:04 - 00111064 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncryptsslp.dll 2016-06-26 22:17 - 2016-05-28 07:04 - 00097096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ncryptsslp.dll 2016-06-26 22:17 - 2016-05-28 07:03 - 00131248 _____ (Microsoft Corporation) C:\WINDOWS\system32\gpapi.dll 2016-06-26 22:17 - 2016-05-28 06:57 - 00546456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontdrvhost.exe 2016-06-26 22:17 - 2016-05-28 06:35 - 00089088 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsCSP.dll 2016-06-26 22:17 - 2016-05-28 06:35 - 00031744 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dumpsdport.sys 2016-06-26 22:17 - 2016-05-28 06:31 - 00088576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\olepro32.dll 2016-06-26 22:17 - 2016-05-28 06:31 - 00066560 _____ (Microsoft Corporation) C:\WINDOWS\system32\MosHostClient.dll 2016-06-26 22:17 - 2016-05-28 06:29 - 00079360 _____ (Microsoft Corporation) C:\WINDOWS\system32\adhsvc.dll 2016-06-26 22:17 - 2016-05-28 06:29 - 00045568 _____ (Adobe Systems) C:\WINDOWS\system32\atmlib.dll 2016-06-26 22:17 - 2016-05-28 06:29 - 00019456 _____ (Microsoft Corporation) C:\WINDOWS\system32\httpprxp.dll 2016-06-26 22:17 - 2016-05-28 06:28 - 00166400 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotification.exe 2016-06-26 22:17 - 2016-05-28 06:28 - 00118272 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontsub.dll 2016-06-26 22:17 - 2016-05-28 06:28 - 00090112 _____ (Microsoft Corporation) C:\WINDOWS\system32\FwRemoteSvr.dll 2016-06-26 22:17 - 2016-05-28 06:27 - 00050176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MosHostClient.dll 2016-06-26 22:17 - 2016-05-28 06:27 - 00028672 _____ (Microsoft Corporation) C:\WINDOWS\system32\mapsupdatetask.dll 2016-06-26 22:17 - 2016-05-28 06:26 - 00199168 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallAgent.exe 2016-06-26 22:17 - 2016-05-28 06:26 - 00157184 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmcertinst.exe 2016-06-26 22:17 - 2016-05-28 06:26 - 00145920 _____ (Microsoft Corporation) C:\WINDOWS\system32\omadmclient.exe 2016-06-26 22:17 - 2016-05-28 06:26 - 00120320 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsBtSvc.dll 2016-06-26 22:17 - 2016-05-28 06:26 - 00074752 _____ (Microsoft Corporation) C:\WINDOWS\system32\MosStorage.dll 2016-06-26 22:17 - 2016-05-28 06:25 - 00037376 _____ (Adobe Systems) C:\WINDOWS\SysWOW64\atmlib.dll 2016-06-26 22:17 - 2016-05-28 06:24 - 00218624 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdd.dll 2016-06-26 22:17 - 2016-05-28 06:24 - 00124928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\Ndu.sys 2016-06-26 22:17 - 2016-05-28 06:24 - 00093696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontsub.dll 2016-06-26 22:17 - 2016-05-28 06:24 - 00091136 _____ (Microsoft Corporation) C:\WINDOWS\system32\browserbroker.dll 2016-06-26 22:17 - 2016-05-28 06:24 - 00086528 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppCapture.dll 2016-06-26 22:17 - 2016-05-28 06:24 - 00072704 _____ (Microsoft Corporation) C:\WINDOWS\system32\moshost.dll 2016-06-26 22:17 - 2016-05-28 06:24 - 00067072 _____ (Microsoft Corporation) C:\WINDOWS\system32\dhcpcsvc6.dll 2016-06-26 22:17 - 2016-05-28 06:24 - 00053760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\FwRemoteSvr.dll 2016-06-26 22:17 - 2016-05-28 06:23 - 00155136 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hidclass.sys 2016-06-26 22:17 - 2016-05-28 06:23 - 00086016 _____ (Microsoft Corporation) C:\WINDOWS\system32\dhcpcsvc.dll 2016-06-26 22:17 - 2016-05-28 06:22 - 00406528 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusUpdateHandlers.dll 2016-06-26 22:17 - 2016-05-28 06:22 - 00368640 _____ (Microsoft Corporation) C:\WINDOWS\system32\usocore.dll 2016-06-26 22:17 - 2016-05-28 06:22 - 00278528 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\netbt.sys 2016-06-26 22:17 - 2016-05-28 06:22 - 00269824 _____ (Microsoft Corporation) C:\WINDOWS\system32\moshostcore.dll 2016-06-26 22:17 - 2016-05-28 06:22 - 00163328 _____ (Microsoft Corporation) C:\WINDOWS\system32\tetheringservice.dll 2016-06-26 22:17 - 2016-05-28 06:22 - 00161280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallAgent.exe 2016-06-26 22:17 - 2016-05-28 06:22 - 00087040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapsBtSvc.dll 2016-06-26 22:17 - 2016-05-28 06:22 - 00079872 _____ (Microsoft Corporation) C:\WINDOWS\system32\cryptsvc.dll 2016-06-26 22:17 - 2016-05-28 06:22 - 00059904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MosStorage.dll 2016-06-26 22:17 - 2016-05-28 06:21 - 00550912 _____ (Microsoft Corporation) C:\WINDOWS\system32\StoreAgent.dll 2016-06-26 22:17 - 2016-05-28 06:21 - 00239104 _____ (Microsoft Corporation) C:\WINDOWS\system32\BrokerLib.dll 2016-06-26 22:17 - 2016-05-28 06:21 - 00207360 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupSvc.dll 2016-06-26 22:17 - 2016-05-28 06:21 - 00190464 _____ (Microsoft Corporation) C:\WINDOWS\system32\wscsvc.dll 2016-06-26 22:17 - 2016-05-28 06:20 - 00641536 _____ (Microsoft Corporation) C:\WINDOWS\system32\enterprisecsps.dll 2016-06-26 22:17 - 2016-05-28 06:20 - 00511488 _____ (Microsoft Corporation) C:\WINDOWS\system32\newdev.dll 2016-06-26 22:17 - 2016-05-28 06:20 - 00332288 _____ (Microsoft Corporation) C:\WINDOWS\system32\polstore.dll 2016-06-26 22:17 - 2016-05-28 06:20 - 00267264 _____ (Microsoft Corporation) C:\WINDOWS\system32\dhcpcore6.dll 2016-06-26 22:17 - 2016-05-28 06:20 - 00199168 _____ (Microsoft Corporation) C:\WINDOWS\system32\GnssAdapter.dll 2016-06-26 22:17 - 2016-05-28 06:20 - 00174080 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_Privacy.dll 2016-06-26 22:17 - 2016-05-28 06:20 - 00057344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dhcpcsvc6.dll 2016-06-26 22:17 - 2016-05-28 06:19 - 00764928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll 2016-06-26 22:17 - 2016-05-28 06:19 - 00414720 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcastdvr.exe 2016-06-26 22:17 - 2016-05-28 06:19 - 00355840 _____ (Microsoft Corporation) C:\WINDOWS\system32\dhcpcore.dll 2016-06-26 22:17 - 2016-05-28 06:19 - 00064000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dhcpcsvc.dll 2016-06-26 22:17 - 2016-05-28 06:18 - 00610816 _____ (Microsoft Corporation) C:\WINDOWS\system32\rastls.dll 2016-06-26 22:17 - 2016-05-28 06:18 - 00591360 _____ (Microsoft Corporation) C:\WINDOWS\system32\vpnike.dll 2016-06-26 22:17 - 2016-05-28 06:18 - 00392192 _____ (Microsoft Corporation) C:\WINDOWS\system32\IPSECSVC.DLL 2016-06-26 22:17 - 2016-05-28 06:18 - 00285184 _____ (Microsoft Corporation) C:\WINDOWS\system32\VEEventDispatcher.dll 2016-06-26 22:17 - 2016-05-28 06:17 - 00630784 _____ (Microsoft Corporation) C:\WINDOWS\system32\MessagingDataModel2.dll 2016-06-26 22:17 - 2016-05-28 06:17 - 00485888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\newdev.dll 2016-06-26 22:17 - 2016-05-28 06:17 - 00415232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\StoreAgent.dll 2016-06-26 22:17 - 2016-05-28 06:17 - 00315392 _____ (Microsoft Corporation) C:\WINDOWS\system32\RDXTaskFactory.dll 2016-06-26 22:17 - 2016-05-28 06:17 - 00278016 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Management.dll 2016-06-26 22:17 - 2016-05-28 06:17 - 00173056 _____ (Microsoft Corporation) C:\WINDOWS\system32\mdmmigrator.dll 2016-06-26 22:17 - 2016-05-28 06:16 - 00690176 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srv2.sys 2016-06-26 22:17 - 2016-05-28 06:16 - 00684544 _____ (Microsoft Corporation) C:\WINDOWS\system32\StructuredQuery.dll 2016-06-26 22:17 - 2016-05-28 06:16 - 00406528 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srv.sys 2016-06-26 22:17 - 2016-05-28 06:16 - 00291328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\polstore.dll 2016-06-26 22:17 - 2016-05-28 06:16 - 00230400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dhcpcore6.dll 2016-06-26 22:17 - 2016-05-28 06:15 - 01056256 _____ (Microsoft Corporation) C:\WINDOWS\system32\JpMapControl.dll 2016-06-26 22:17 - 2016-05-28 06:15 - 00535040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rastls.dll 2016-06-26 22:17 - 2016-05-28 06:15 - 00349696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapConfiguration.dll 2016-06-26 22:17 - 2016-05-28 06:15 - 00293888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dhcpcore.dll 2016-06-26 22:17 - 2016-05-28 06:15 - 00237056 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srvnet.sys 2016-06-26 22:17 - 2016-05-28 06:14 - 00965632 _____ (Microsoft Corporation) C:\WINDOWS\system32\SRH.dll 2016-06-26 22:17 - 2016-05-28 06:14 - 00784384 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll 2016-06-26 22:17 - 2016-05-28 06:14 - 00499712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MessagingDataModel2.dll 2016-06-26 22:17 - 2016-05-28 06:14 - 00219136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\VEEventDispatcher.dll 2016-06-26 22:17 - 2016-05-28 06:14 - 00200192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Internal.Management.dll 2016-06-26 22:17 - 2016-05-28 06:13 - 00982016 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxPackaging.dll 2016-06-26 22:17 - 2016-05-28 06:13 - 00587776 _____ (Microsoft Corporation) C:\WINDOWS\system32\bisrv.dll 2016-06-26 22:17 - 2016-05-28 06:13 - 00467456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppContracts.dll 2016-06-26 22:17 - 2016-05-28 06:12 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\JpMapControl.dll 2016-06-26 22:17 - 2016-05-28 06:12 - 00614400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winhttp.dll 2016-06-26 22:17 - 2016-05-28 06:12 - 00521728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\StructuredQuery.dll 2016-06-26 22:17 - 2016-05-28 06:11 - 01445888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SRHInproc.dll 2016-06-26 22:17 - 2016-05-28 06:11 - 00890368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppxPackaging.dll 2016-06-26 22:17 - 2016-05-28 06:11 - 00799744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SRH.dll 2016-06-26 22:17 - 2016-05-28 06:11 - 00784896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NMAA.dll 2016-06-26 22:17 - 2016-05-28 06:11 - 00711680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapControlCore.dll 2016-06-26 22:17 - 2016-05-28 06:11 - 00687616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll 2016-06-26 22:17 - 2016-05-28 06:11 - 00128512 _____ (Microsoft Corporation) C:\WINDOWS\system32\httpprxm.dll 2016-06-26 22:17 - 2016-05-28 06:09 - 01073152 _____ (Microsoft Corporation) C:\WINDOWS\system32\RDXService.dll 2016-06-26 22:17 - 2016-05-28 06:04 - 00555520 _____ (Microsoft Corporation) C:\WINDOWS\system32\SyncController.dll 2016-06-26 22:17 - 2016-05-28 06:04 - 00450560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SyncController.dll 2016-06-26 22:17 - 2016-05-28 06:03 - 00693760 _____ (Microsoft Corporation) C:\WINDOWS\system32\internetmail.dll 2016-06-26 22:17 - 2016-05-28 06:03 - 00417792 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmenrollengine.dll 2016-06-26 22:17 - 2016-05-28 06:02 - 00103424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\updatepolicy.dll 2016-06-26 22:17 - 2016-05-28 06:01 - 01500160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll 2016-06-26 22:17 - 2016-05-28 06:01 - 00111104 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatepolicy.dll 2016-06-26 22:17 - 2016-05-28 06:00 - 02230272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll 2016-06-26 22:17 - 2016-05-28 06:00 - 00162816 _____ (Microsoft Corporation) C:\WINDOWS\system32\enrollmentapi.dll 2016-06-26 22:17 - 2016-05-28 06:00 - 00151040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mdmregistration.dll 2016-06-26 22:17 - 2016-05-28 06:00 - 00090624 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceEnroller.exe 2016-06-26 22:17 - 2016-05-28 05:59 - 00176640 _____ (Microsoft Corporation) C:\WINDOWS\system32\mdmregistration.dll 2016-06-26 22:17 - 2016-05-28 05:58 - 02755584 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll 2016-06-26 22:17 - 2016-05-28 05:53 - 00076800 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngcpopkeysrv.dll 2016-06-26 22:17 - 2016-05-06 06:53 - 00095072 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sdport.sys 2016-06-26 22:17 - 2016-05-06 06:05 - 00241664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cryptngc.dll 2016-06-26 22:17 - 2016-05-06 06:03 - 00649216 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngcsvc.dll 2016-06-26 22:17 - 2016-05-06 05:53 - 00351232 _____ (Microsoft Corporation) C:\WINDOWS\system32\NgcCtnr.dll 2016-06-26 22:17 - 2016-05-06 05:49 - 00289792 _____ (Microsoft Corporation) C:\WINDOWS\system32\NgcCtnrSvc.dll 2016-06-26 22:17 - 2016-05-06 05:44 - 00582656 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngccredprov.dll 2016-06-26 22:17 - 2016-05-06 05:43 - 00320000 _____ (Microsoft Corporation) C:\WINDOWS\system32\cryptngc.dll 2016-06-26 22:17 - 2016-04-23 07:26 - 00707608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rpcrt4.dll 2016-06-26 22:17 - 2016-04-23 07:24 - 00638816 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\fvevol.sys 2016-06-26 22:17 - 2016-04-23 07:24 - 00335712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\fastfat.sys 2016-06-26 22:17 - 2016-04-23 07:24 - 00099680 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pdc.sys 2016-06-26 22:17 - 2016-04-23 07:13 - 00306832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wlanapi.dll 2016-06-26 22:17 - 2016-04-23 07:11 - 00390496 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlanapi.dll 2016-06-26 22:17 - 2016-04-23 07:11 - 00131424 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ufxsynopsys.sys 2016-06-26 22:17 - 2016-04-23 07:07 - 00204048 _____ (Microsoft Corporation) C:\WINDOWS\system32\rsaenh.dll 2016-06-26 22:17 - 2016-04-23 07:07 - 00183904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rsaenh.dll 2016-06-26 22:17 - 2016-04-23 07:01 - 00217440 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxAllUserStore.dll 2016-06-26 22:17 - 2016-04-23 07:00 - 01337240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\user32.dll 2016-06-26 22:17 - 2016-04-23 07:00 - 00058208 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwminit.dll 2016-06-26 22:17 - 2016-04-23 06:34 - 00067072 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbser.sys 2016-06-26 22:17 - 2016-04-23 06:34 - 00059392 _____ (Microsoft Corporation) C:\WINDOWS\system32\hmkd.dll 2016-06-26 22:17 - 2016-04-23 06:34 - 00048128 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups.dll 2016-06-26 22:17 - 2016-04-23 06:33 - 00089600 _____ (Microsoft Corporation) C:\WINDOWS\system32\NFCProvisioningPlugin.dll 2016-06-26 22:17 - 2016-04-23 06:33 - 00063488 _____ (Microsoft Corporation) C:\WINDOWS\system32\wshbth.dll 2016-06-26 22:17 - 2016-04-23 06:33 - 00063488 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\UcmCx.sys 2016-06-26 22:17 - 2016-04-23 06:33 - 00038400 _____ (Microsoft Corporation) C:\WINDOWS\system32\ByteCodeGenerator.exe 2016-06-26 22:17 - 2016-04-23 06:32 - 00134656 _____ (Microsoft Corporation) C:\WINDOWS\system32\wificonnapi.dll 2016-06-26 22:17 - 2016-04-23 06:32 - 00069632 _____ (Microsoft Corporation) C:\WINDOWS\system32\EnterpriseDesktopAppMgmtCSP.dll 2016-06-26 22:17 - 2016-04-23 06:29 - 00192000 _____ (Microsoft Corporation) C:\WINDOWS\system32\provisioningcsp.dll 2016-06-26 22:17 - 2016-04-23 06:29 - 00151040 _____ (Microsoft Corporation) C:\WINDOWS\system32\VEStoreEventHandlers.dll 2016-06-26 22:17 - 2016-04-23 06:29 - 00087552 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\filecrypt.sys 2016-06-26 22:17 - 2016-04-23 06:29 - 00087040 _____ (Microsoft Corporation) C:\WINDOWS\system32\MDMAppInstaller.exe 2016-06-26 22:17 - 2016-04-23 06:29 - 00047104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\hmkd.dll 2016-06-26 22:17 - 2016-04-23 06:29 - 00031232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ByteCodeGenerator.exe 2016-06-26 22:17 - 2016-04-23 06:29 - 00023552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wups.dll 2016-06-26 22:17 - 2016-04-23 06:28 - 00130560 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudDomainJoinDataModelServer.dll 2016-06-26 22:17 - 2016-04-23 06:28 - 00127488 _____ (Microsoft Corporation) C:\WINDOWS\system32\VEDataLayerHelpers.dll 2016-06-26 22:17 - 2016-04-23 06:28 - 00104448 _____ (Microsoft Corporation) C:\WINDOWS\system32\BluetoothApis.dll 2016-06-26 22:17 - 2016-04-23 06:28 - 00051712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wshbth.dll 2016-06-26 22:17 - 2016-04-23 06:27 - 00039424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wfdprov.dll 2016-06-26 22:17 - 2016-04-23 06:26 - 00086528 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpdbusenum.dll 2016-06-26 22:17 - 2016-04-23 06:25 - 00617984 _____ (Microsoft Corporation) C:\WINDOWS\system32\StorSvc.dll 2016-06-26 22:17 - 2016-04-23 06:24 - 00166400 _____ (Microsoft Corporation) C:\WINDOWS\system32\SubscriptionMgr.dll 2016-06-26 22:17 - 2016-04-23 06:24 - 00084480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\VEDataLayerHelpers.dll 2016-06-26 22:17 - 2016-04-23 06:23 - 00279040 _____ (Microsoft Corporation) C:\WINDOWS\system32\ListSvc.dll 2016-06-26 22:17 - 2016-04-23 06:23 - 00179712 _____ (Microsoft Corporation) C:\WINDOWS\system32\BrowserSettingSync.dll 2016-06-26 22:17 - 2016-04-23 06:23 - 00080896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BluetoothApis.dll 2016-06-26 22:17 - 2016-04-23 06:20 - 00307200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieproxy.dll 2016-06-26 22:17 - 2016-04-23 06:20 - 00137728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shacct.dll 2016-06-26 22:17 - 2016-04-23 06:19 - 00395264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wlansec.dll 2016-06-26 22:17 - 2016-04-23 06:19 - 00140800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BrowserSettingSync.dll 2016-06-26 22:17 - 2016-04-23 06:18 - 00436736 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentClient.dll 2016-06-26 22:17 - 2016-04-23 06:17 - 00337920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wlanmsm.dll 2016-06-26 22:17 - 2016-04-23 06:14 - 00342528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppXDeploymentClient.dll 2016-06-26 22:17 - 2016-04-23 06:07 - 00848896 _____ (Microsoft Corporation) C:\WINDOWS\system32\samsrv.dll 2016-06-26 22:16 - 2016-04-23 04:10 - 00002186 _____ C:\WINDOWS\system32\AppxProvisioning.xml 2016-06-26 22:16 - 2016-04-19 00:30 - 00002186 _____ C:\WINDOWS\SysWOW64\AppxProvisioning.xml 2016-06-25 19:13 - 2016-06-25 19:13 - 00000000 ____D C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox ==================== Ein Monat: Geänderte Dateien und Ordner ======== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.) 2016-07-10 11:08 - 2013-08-26 13:09 - 00001128 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job 2016-07-10 10:59 - 2015-07-19 15:48 - 00001230 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskUserS-1-5-21-3611015324-1233358662-1118214824-1001UA.job 2016-07-10 10:55 - 2013-10-13 16:28 - 00000000 ___RD C:\Users\User\Dropbox 2016-07-10 10:54 - 2014-07-30 11:40 - 00000000 ____D C:\Users\User\AppData\Local\Spotify 2016-07-10 10:54 - 2014-07-30 11:39 - 00000000 ____D C:\Users\User\AppData\Roaming\Spotify 2016-07-10 10:54 - 2013-08-26 22:03 - 00000000 ____D C:\Users\User\AppData\Roaming\Skype 2016-07-10 10:51 - 2015-12-19 20:16 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT 2016-07-10 10:50 - 2015-10-30 09:24 - 00000000 ___HD C:\WINDOWS\ELAMBKUP 2016-07-10 10:50 - 2015-10-30 08:28 - 00524288 ___SH C:\WINDOWS\system32\config\BBI 2016-07-10 10:24 - 2014-11-11 21:15 - 00004148 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{DCD59A3D-4FFF-4314-8D40-5076CE6C6899} 2016-07-09 21:31 - 2013-02-25 22:38 - 00000000 ____D C:\ProgramData\Norton 2016-07-09 21:29 - 2013-12-18 17:28 - 00000000 ____D C:\Users\User\AppData\Local\CrashDumps 2016-07-09 21:26 - 2015-12-19 20:10 - 01799166 _____ C:\WINDOWS\system32\PerfStringBackup.INI 2016-07-09 21:26 - 2015-10-30 20:35 - 00776766 _____ C:\WINDOWS\system32\perfh007.dat 2016-07-09 21:26 - 2015-10-30 20:35 - 00155544 _____ C:\WINDOWS\system32\perfc007.dat 2016-07-09 21:26 - 2015-10-30 09:21 - 00000000 ____D C:\WINDOWS\INF 2016-07-09 21:24 - 2016-05-06 17:00 - 00000000 ___RD C:\Program Files (x86)\Skype 2016-07-09 21:24 - 2013-08-26 22:02 - 00000000 ____D C:\ProgramData\Skype 2016-07-09 21:21 - 2013-08-23 23:09 - 00000000 __RHD C:\Users\Public\AccountPictures 2016-07-09 21:20 - 2015-08-25 10:23 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton 360 2016-07-09 21:20 - 2013-08-26 14:49 - 00000000 ____D C:\WINDOWS\system32\Drivers\N360x64 2016-07-09 21:19 - 2015-12-19 19:44 - 00265464 _____ C:\WINDOWS\system32\FNTCACHE.DAT 2016-07-09 21:14 - 2015-10-30 20:44 - 00000000 ____D C:\Program Files\Windows Journal 2016-07-09 21:14 - 2015-10-30 09:24 - 00000000 ___SD C:\WINDOWS\system32\DiagSvcs 2016-07-09 21:14 - 2015-10-30 09:24 - 00000000 ____D C:\WINDOWS\system32\SystemResetPlatform 2016-07-09 21:14 - 2015-10-30 09:24 - 00000000 ____D C:\WINDOWS\system32\oobe 2016-07-09 21:14 - 2015-10-30 09:24 - 00000000 ____D C:\WINDOWS\system32\appraiser 2016-07-09 21:14 - 2015-10-30 09:24 - 00000000 ____D C:\WINDOWS\Provisioning 2016-07-09 21:14 - 2015-10-30 09:24 - 00000000 ____D C:\WINDOWS\bcastdvr 2016-07-09 21:13 - 2015-10-30 09:24 - 00015703 _____ C:\WINDOWS\system32\OEMDefaultAssociations.xml 2016-07-09 20:30 - 2015-10-30 09:24 - 00000000 ____D C:\WINDOWS\AppReadiness 2016-07-09 20:29 - 2015-10-30 09:24 - 00000000 ___HD C:\Program Files\WindowsApps 2016-07-09 20:29 - 2015-10-30 08:28 - 00065536 ___SH C:\WINDOWS\system32\config\ELAM 2016-07-09 20:28 - 2013-08-26 14:49 - 00101112 _____ (Symantec Corporation) C:\WINDOWS\system32\Drivers\SYMEVENT64x86.SYS 2016-07-09 20:28 - 2013-08-26 14:49 - 00008270 _____ C:\WINDOWS\system32\Drivers\SYMEVENT64x86.CAT 2016-06-30 18:09 - 2015-10-30 09:11 - 00000000 ____D C:\WINDOWS\CbsTemp 2016-06-30 18:03 - 2013-08-26 15:50 - 00000000 ____D C:\WINDOWS\system32\MRT 2016-06-30 17:59 - 2015-09-08 17:53 - 00000000 ____D C:\Program Files\WebBar 2016-06-30 17:49 - 2013-08-26 15:50 - 142482544 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe 2016-06-29 09:48 - 2013-08-23 23:12 - 00000000 ____D C:\Users\User\AppData\Local\Packages 2016-06-28 01:13 - 2013-08-26 15:19 - 00002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk 2016-06-28 01:11 - 2016-02-28 13:53 - 00000000 ____D C:\Users\User\AppData\Local\Deployment 2016-06-27 21:53 - 2016-04-14 19:20 - 00005374 _____ C:\WINDOWS\System32\Tasks\Microsoft Office 15 Sync Maintenance for ACER-User Acer 2016-06-27 21:25 - 2015-07-19 15:47 - 00000000 ____D C:\Users\User\AppData\Local\Dropbox 2016-06-26 21:54 - 2013-08-26 13:12 - 00002268 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk 2016-06-26 21:54 - 2013-08-26 13:12 - 00002256 _____ C:\Users\Public\Desktop\Google Chrome.lnk 2016-06-25 19:15 - 2015-01-19 19:06 - 00003972 _____ C:\WINDOWS\System32\Tasks\Adobe Acrobat Update Task 2016-06-25 19:13 - 2013-10-13 16:25 - 00000000 ____D C:\Users\User\AppData\Roaming\Dropbox 2016-06-25 19:03 - 2013-08-26 13:09 - 00004186 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA 2016-06-25 19:03 - 2013-08-26 13:09 - 00003954 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore 2016-06-25 19:03 - 2013-08-26 13:09 - 00001124 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job 2016-06-25 18:58 - 2016-03-25 22:51 - 00000000 ____D C:\WINDOWS\System32\Tasks\Remediation 2016-06-25 18:58 - 2015-12-29 21:48 - 00002422 _____ C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk 2016-06-25 18:58 - 2014-10-27 10:48 - 00000000 ___RD C:\Users\User\OneDrive 2016-06-14 20:33 - 2015-10-30 09:26 - 00828408 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe 2016-06-14 20:33 - 2015-10-30 09:26 - 00176632 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl ==================== Bamital & volsnap ================= (Es ist kein automatischer Fix für Dateien vorhanden, die an der Verifikation gescheitert sind.) C:\WINDOWS\system32\winlogon.exe => Datei ist digital signiert C:\WINDOWS\system32\wininit.exe => Datei ist digital signiert C:\WINDOWS\explorer.exe => Datei ist digital signiert C:\WINDOWS\SysWOW64\explorer.exe => Datei ist digital signiert C:\WINDOWS\system32\svchost.exe => Datei ist digital signiert C:\WINDOWS\SysWOW64\svchost.exe => Datei ist digital signiert C:\WINDOWS\system32\services.exe => Datei ist digital signiert C:\WINDOWS\system32\User32.dll => Datei ist digital signiert C:\WINDOWS\SysWOW64\User32.dll => Datei ist digital signiert C:\WINDOWS\system32\userinit.exe => Datei ist digital signiert C:\WINDOWS\SysWOW64\userinit.exe => Datei ist digital signiert C:\WINDOWS\system32\rpcss.dll => Datei ist digital signiert C:\WINDOWS\system32\dnsapi.dll => Datei ist digital signiert C:\WINDOWS\SysWOW64\dnsapi.dll => Datei ist digital signiert C:\WINDOWS\system32\Drivers\volsnap.sys => Datei ist digital signiert LastRegBack: 2016-03-30 18:17 ==================== Ende von FRST.txt ============================ |
10.07.2016, 10:24 | #4 |
| addition.txtCode:
ATTFilter Zusätzliches Untersuchungsergebnis von Farbar Recovery Scan Tool (x64) Version: 09-07-2016 durchgeführt von User (2016-07-10 11:18:23) Gestartet von C:\Users\User\Desktop Windows 10 Home Version 1511 (X64) (2015-12-20 19:29:06) Start-Modus: Normal ========================================================== ==================== Konten: ============================= Administrator (S-1-5-21-3611015324-1233358662-1118214824-500 - Administrator - Disabled) DefaultAccount (S-1-5-21-3611015324-1233358662-1118214824-503 - Limited - Disabled) Gast (S-1-5-21-3611015324-1233358662-1118214824-501 - Limited - Disabled) HomeGroupUser$ (S-1-5-21-3611015324-1233358662-1118214824-1003 - Limited - Enabled) User (S-1-5-21-3611015324-1233358662-1118214824-1001 - Administrator - Enabled) => C:\Users\User ==================== Sicherheits-Center ======================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er entfernt.) AV: Norton 360 Online (Enabled - Up to date) {53C7D717-52E2-B95E-FA61-6F32ECC805DB} AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: Norton 360 Online (Enabled - Up to date) {E8A636F3-74D8-B6D0-C0D1-5440974F4F66} FW: Norton 360 Online (Enabled) {6BFC5632-188D-B806-D13E-C607121B42A0} ==================== Installierte Programme ====================== (Nur Adware-Programme mit dem Zusatz "Hidden" können in die Fixlist aufgenommen werden, um sie sichtbar zu machen. Die Adware-Programme sollten manuell deinstalliert werden.) Acer Backup Manager (HKLM-x32\...\InstallShield_{9DDDF20E-9FD1-4434-A43E-E7889DBC9420}) (Version: 4.0.0.0071 - NTI Corporation) Acer Device Fast-lane (HKLM\...\{3F62D2FD-13C1-49A2-8B5D-47623D9460D7}) (Version: 1.00.3011 - Acer Incorporated) Acer Power Management (HKLM\...\{91F52DE4-B789-42B0-9311-A349F10E5479}) (Version: 7.00.3011 - Acer Incorporated) Acer Recovery Management (HKLM\...\{07F2005A-8CAC-4A4B-83A2-DA98A722CA61}) (Version: 6.00.3015 - Acer Incorporated) AcerCloud (HKLM-x32\...\{A5AD0B17-F34D-49BE-A157-C8B3D52ACD13}) (Version: 2.01.3125 - Acer Incorporated) AcerCloud Docs (HKLM-x32\...\{CA4FE8B0-298C-4E5D-A486-F33B126D6A0A}) (Version: 1.00.3204 - Acer Incorporated) Adobe Reader XI (11.0.16) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.16 - Adobe Systems Incorporated) Agatha Christie - Death on the Nile (x32 Version: 2.2.0.98 - WildTangent) Hidden Aloha TriPeaks (x32 Version: 2.2.0.98 - WildTangent) Hidden Apple Application Support (HKLM-x32\...\{AAC5D43E-816D-4C2D-8E51-55FFF35BE301}) (Version: 3.0.1 - Apple Inc.) Apple Mobile Device Support (HKLM\...\{787136D2-F0F8-4625-AA3F-72D7795AC842}) (Version: 7.1.1.3 - Apple Inc.) Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.) Ask Toolbar (HKLM-x32\...\{5347542D-5637-006A-76A7-A758B70C2806}) (Version: 12.40.6.717 - APN, LLC) <==== ACHTUNG Backup Manager v4 (x32 Version: 4.0.0.0071 - NTI Corporation) Hidden Bejeweled 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.) Broadcom 802.11 Network Adapter (HKLM\...\Broadcom 802.11 Network Adapter) (Version: 6.30.59.96 - Broadcom Corporation) Broadcom Card Reader Driver Installer (HKLM\...\{F0A7DF2F-0BE0-470F-B137-D7A19F977189}) (Version: 15.4.7.1 - Broadcom Corporation) clear.fi Media (HKLM-x32\...\{E9AF1707-3F3A-49E2-8345-4F2D629D0876}) (Version: 2.01.3112 - Acer Incorporated) clear.fi Photo (HKLM-x32\...\{B5AD89F2-03D3-4206-8487-018298007DD0}) (Version: 2.01.3109 - Acer Incorporated) clear.fi SDK - Video 2 (x32 Version: 2.1.2128 - CyberLink Corp.) Hidden clear.fi SDK- Movie 2 (x32 Version: 2.1.2112 - CyberLink Corp.) Hidden CyberLink MediaEspresso 6.5 (HKLM-x32\...\InstallShield_{E3739848-5329-48E3-8D28-5BBD6E8BE384}) (Version: 6.5.3318_45364 - CyberLink Corp.) Delicious: Emily's True Love Premium Edition (x32 Version: 2.2.0.98 - WildTangent) Hidden Dritek Radio Controller (HKLM-x32\...\RadioController) (Version: 2.02.2001.0803 - Dritek System Inc.) Dropbox (HKU\S-1-5-21-3611015324-1233358662-1118214824-1001\...\Dropbox) (Version: 5.4.24 - Dropbox, Inc.) eBay Worldwide (HKLM-x32\...\{A694AF57-9891-4D62-824C-7E55A1361A14}) (Version: 2.3.0630 - OEM) Free YouTube to MP3 Converter version 3.12.61.805 (HKLM-x32\...\Free YouTube to MP3 Converter_is1) (Version: 3.12.61.805 - DVDVideoSoft Ltd.) Google Chrome (HKLM-x32\...\Google Chrome) (Version: 51.0.2704.103 - Google Inc.) Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden Google Update Helper (x32 Version: 1.3.30.3 - Google Inc.) Hidden Governor of Poker 2 Premium Edition (x32 Version: 2.2.0.110 - WildTangent) Hidden Identity Card (HKLM-x32\...\{3D9CB654-99AD-4301-89C6-0D12A790767C}) (Version: 2.00.3004 - Acer Incorporated) Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1252 - Intel Corporation) Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.4229 - Intel Corporation) Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.5.4.1001 - Intel Corporation) Intel(R) SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 2.0.0.37149 - Intel Corporation) Island Tribe (x32 Version: 2.2.0.98 - WildTangent) Hidden iTunes (HKLM\...\{B8BA155B-1E75-405F-9CB4-8A99615D09DC}) (Version: 11.1.5.5 - Apple Inc.) Jewel Match 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden John Deere Drive Green (x32 Version: 2.2.0.95 - WildTangent) Hidden Launch Manager (HKLM-x32\...\LManager) (Version: 7.0.10 - Acer Inc.) Live Updater (HKLM-x32\...\{EE26E302-876A-48D9-9058-3129E5B99999}) (Version: 2.00.3006 - Acer Incorporated) Magic Academy (x32 Version: 2.2.0.98 - WildTangent) Hidden Microsoft Office Home and Student 2013 - de-de (HKLM\...\HomeStudentRetail - de-de) (Version: 15.0.4420.1017 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) MyWinLocker (Version: 4.0.14.35 - Egis Technology Inc.) Hidden MyWinLocker 4 (x32 Version: 4.0.14.35 - Egis Technology Inc.) Hidden MyWinLocker Suite (HKLM-x32\...\InstallShield_{17DF9714-60C9-43C9-A9C2-32BCAED44CBE}) (Version: 4.0.14.24 - Egis Technology Inc.) MyWinLocker Suite (x32 Version: 4.0.14.24 - Egis Technology Inc.) Hidden Norton 360 Online (HKLM-x32\...\N360) (Version: 22.7.0.76 - Symantec Corporation) Norton Online Backup (HKLM-x32\...\{40A66DF6-22D3-44B5-A7D3-83B118A2C0DC}) (Version: 2.2.3.51r - Symantec Corporation) Norton Online Backup ARA (x32 Version: 4.1.0.14 - Symantec Corporation) Hidden NTI Media Maker 9 (HKLM-x32\...\InstallShield_{D3D5C4E8-040F-4C6F-8105-41D43CF94F44}) (Version: 9.0.2.9014 - NTI Corporation) NTI Media Maker 9 (x32 Version: 9.0.2.9014 - NTI Corporation) Hidden Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4420.1017 - Microsoft Corporation) Hidden Office 15 Click-to-Run Licensing Component (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4420.1017 - Microsoft Corporation) Hidden Office Addin (HKLM-x32\...\{6D2BBE1D-E600-4695-BA37-0B0E605542CC}) (Version: 2.01.3202 - Acer) Office Addin 2003 (HKLM-x32\...\{1FCC073B-CC01-4443-AD20-E559F66E6E83}) (Version: 2.01.3202 - Acer) OpenOffice 4.0.1 (HKLM-x32\...\{0AEC308E-7EB3-47F7-BB59-F2C9C6166B27}) (Version: 4.01.9714 - Apache Software Foundation) Penguins! (x32 Version: 2.2.0.98 - WildTangent) Hidden Plants vs. Zombies - Game of the Year (x32 Version: 2.2.0.98 - WildTangent) Hidden Polar Bowler (x32 Version: 2.2.0.97 - WildTangent) Hidden RAMRush 1.0.6.917 (HKLM-x32\...\RAMRush_is1) (Version: - FTweak, Inc.) Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6657 - Realtek Semiconductor Corp.) Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee) Shredder (Version: 2.0.8.9 - Egis Technology Inc.) Hidden Shredder (x32 Version: 2.0.8.9 - Egis Technology Inc.) Hidden Skype™ 7.24 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.24.104 - Skype Technologies S.A.) Spotify (HKU\S-1-5-21-3611015324-1233358662-1118214824-1001\...\Spotify) (Version: 1.0.32.96.g3c8a06e6 - Spotify AB) Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 16.3.4.0 - Synaptics Incorporated) Tales of Lagoona (x32 Version: 2.2.0.110 - WildTangent) Hidden TuneUp Utilities 2014 (de-DE) (x32 Version: 14.0.1000.353 - TuneUp Software) Hidden TuneUp Utilities 2014 (HKLM-x32\...\TuneUp Utilities) (Version: 14.0.1000.353 - TuneUp Software) TuneUp Utilities 2014 (x32 Version: 14.0.1000.353 - TuneUp Software) Hidden Update Installer for WildTangent Games App (x32 Version: - WildTangent) Hidden Visual Studio 2005 Tools for Office Second Edition Runtime (HKLM-x32\...\Microsoft Visual Studio 2005 Tools for Office Runtime) (Version: - Microsoft Corporation) Visual Studio Tools for the Office system 3.0 Runtime (HKLM-x32\...\Visual Studio Tools for the Office system 3.0 Runtime) (Version: - Microsoft Corporation) Visual Studio Tools for the Office system 3.0 Runtime Service Pack 1 (KB949258) (HKLM-x32\...\{8FB53850-246A-3507-8ADE-0060093FFEA6}.KB949258) (Version: 1 - Microsoft Corporation) Web Bar 2.0.5718.19210 (HKLM\...\{0BCE8B0A-1E76-44E5-9909-3CF804D92E4D}_is1) (Version: 2.0.5718.19210 - Web Bar Media) <==== ACHTUNG WildTangent Games (HKLM-x32\...\WildTangent wildgames Master Uninstall) (Version: 1.0.3.0 - WildTangent) WildTangent Games App (x32 Version: 4.0.9.3 - WildTangent) Hidden YTD Video Downloader 4.3 (HKLM-x32\...\{1a413f37-ed88-4fec-9666-5c48dc4b7bb7}) (Version: 4.3 - GreenTree Applications SRL) <==== ACHTUNG Zuma's Revenge (x32 Version: 2.2.0.98 - WildTangent) Hidden ==================== Benutzerdefinierte CLSID (Nicht auf der Ausnahmeliste): ========================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.) CustomCLSID: HKU\S-1-5-21-3611015324-1233358662-1118214824-1001_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\User\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-3611015324-1233358662-1118214824-1001_Classes\CLSID\{71DCE5D6-4B57-496B-AC21-CD5B54EB93FD}\localserver32 -> C:\Users\User\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\FileCoAuth.exe (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-3611015324-1233358662-1118214824-1001_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Users\User\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-3611015324-1233358662-1118214824-1001_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\User\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-3611015324-1233358662-1118214824-1001_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\User\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-3611015324-1233358662-1118214824-1001_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\User\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-3611015324-1233358662-1118214824-1001_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\User\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-3611015324-1233358662-1118214824-1001_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\User\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-3611015324-1233358662-1118214824-1001_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\User\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-3611015324-1233358662-1118214824-1001_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\User\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-3611015324-1233358662-1118214824-1001_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\User\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-3611015324-1233358662-1118214824-1001_Classes\CLSID\{FBC9D74C-AF55-4309-9FB2-C426E071637F}\InprocServer32 -> C:\Users\User\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll (Dropbox, Inc.) ==================== Geplante Aufgaben (Nicht auf der Ausnahmeliste) ============= (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.) Task: {046688CC-4B43-4D74-A451-D08700B74F2A} - System32\Tasks\TuneUpUtilities_Task_BkGndMaintenance2013 => C:\Program Files (x86)\TuneUp Utilities 2014\OneClick.exe [2015-06-25] (TuneUp Software) Task: {075E6464-D615-463B-B752-909788CEB392} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton 360\Engine\22.7.0.76\WSCStub.exe [2016-06-17] (Symantec Corporation) Task: {0FD08A35-DBF7-4105-A70C-43B4BA59181F} - System32\Tasks\WebBarLaunchTask => C:\Program Files\WebBar\wbsvc.exe <==== ACHTUNG Task: {19308366-9A9F-4801-A989-892562D67365} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-04-22] (Adobe Systems Incorporated) Task: {199EEFC3-9DFF-4DB5-8F25-ED13AD61B70C} - System32\Tasks\Remediation\AntimalwareMigrationTask => C:\Program Files\Common Files\AV\Norton 360 Online\Upgrade.exe [2016-02-26] (Symantec Corporation) Task: {1C328BFD-46E6-4C82-A91C-08C7482A3922} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> Keine Datei <==== ACHTUNG Task: {214FE432-9C57-4BFE-9B32-9131CA66F82F} - System32\Tasks\DeviceDetector => C:\Program Files (x86)\CyberLink\MediaEspresso\DeviceDetector\DeviceDetector.exe [2012-09-20] (CyberLink) Task: {27FCD29C-A8E5-473E-9092-2A1F5B4D9956} - System32\Tasks\Norton 360\Norton Autofix => C:\Program Files (x86)\Norton 360\Engine\22.7.0.76\SymErr.exe [2016-05-23] (Symantec Corporation) Task: {2BDC52DF-A2AD-49C7-B687-150222317393} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> Keine Datei <==== ACHTUNG Task: {31E215B9-C5F4-4DF1-9AC2-24EA592CAC46} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> Keine Datei <==== ACHTUNG Task: {35A208E0-97E8-4D64-AF25-6F56074AF25E} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> Keine Datei <==== ACHTUNG Task: {379165B1-6343-4F41-9BA9-1E70AD840E17} - System32\Tasks\CreateChoiceProcessTask => C:\Windows\BrowserChoice\browserchoice.exe Task: {4379264D-F433-46DD-A857-020CCC076024} - System32\Tasks\EgisUpdate => C:\Program Files\EgisTec IPS\EgisUpdate.exe [2012-07-12] (Egis Technology Inc.) Task: {4478FB8E-90F3-418F-946B-62602945B7C6} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> Keine Datei <==== ACHTUNG Task: {4CC312B7-6E38-48D7-968B-5A32EF6DE919} - System32\Tasks\ALUAgent => C:\Program Files (x86)\Acer\Live Updater\liveupdater_agent.exe [2012-06-21] () Task: {4D18E2D9-104F-472E-A673-8036D38BBC5A} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> Keine Datei <==== ACHTUNG Task: {4EA08CD1-86B7-4BE9-BFB3-31BCF54E8D7F} - System32\Tasks\Microsoft Office 15 Sync Maintenance for ACER-User Acer => C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe [2014-03-11] (Microsoft Corporation) Task: {5973892A-E570-48C2-942D-80BCF9A53397} - System32\Tasks\ALU => C:\Program Files (x86)\Acer\Live Updater\updater.exe [2012-11-06] () Task: {6C0E30EC-2666-4F80-81C0-D265C538D6FB} - System32\Tasks\Norton 360\Norton Error Processor => C:\Program Files (x86)\Norton 360\Engine\22.7.0.76\SymErr.exe [2016-05-23] (Symantec Corporation) Task: {9FFE074C-1021-4654-9DC0-E1255043070D} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.) Task: {A5F4E48E-0C60-4D0D-84BA-AEE156E06DB4} - System32\Tasks\Norton 360\Norton Error Analyzer => C:\Program Files (x86)\Norton 360\Engine\22.7.0.76\SymErr.exe [2016-05-23] (Symantec Corporation) Task: {A8A58F57-FD04-45DB-A916-5374CE3EF4CB} - System32\Tasks\Recovery Management\Notification => C:\Program Files\Acer\Acer Recovery Management\Notification\Notification.exe [2012-11-19] (Acer Incorporated) Task: {AB41A195-4680-426E-8D48-F4ACCB4B352B} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2016-06-30] (Microsoft Corporation) Task: {AF3FB1BB-CB83-46E7-835E-F2CB41BCF827} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-3611015324-1233358662-1118214824-1001Core => C:\Users\User\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2015-07-19] (Dropbox, Inc.) Task: {B1956237-1BFA-4329-9A37-100D9DF82601} - System32\Tasks\{F5118D15-6F7D-4D14-9828-FC6FA600303B} => Chrome.exe hxxp://ui.skype.com/ui/0/6.7.0.102/de/abandoninstall?source=lightinstaller&page=tsMain Task: {B48AB2E4-8436-434A-B6B8-1DF71CD741B4} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> Keine Datei <==== ACHTUNG Task: {BA8FED5C-8DA7-4BE8-B0B8-5C0C31F44BF1} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> Keine Datei <==== ACHTUNG Task: {BC739124-C819-4392-9388-122BEB7B05AA} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-3611015324-1233358662-1118214824-1001UA => C:\Users\User\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2015-07-19] (Dropbox, Inc.) Task: {C8BCA89D-2F1C-42BA-AB64-1B827FC84EF1} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-31] (Google Inc.) Task: {CC2ACB65-AA4F-4E60-AD80-89B74177035D} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> Keine Datei <==== ACHTUNG Task: {D2F1FDBE-B65E-4961-A069-7E6DBE6148BD} - System32\Tasks\Power Management => C:\Program Files\Acer\Acer Power Management\ePowerTray.exe [2012-10-23] (Acer Incorporated) Task: {DACCD18A-6C25-42C6-B946-959A8C0E6817} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> Keine Datei <==== ACHTUNG Task: {E0B223BD-1991-4785-AAFA-88408E24A80A} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2013-12-17] (Microsoft Corporation) Task: {E2F687D6-10CC-45DF-8FB5-AFE1D346B36C} - System32\Tasks\WebBarUpdateTask => C:\Program Files\WebBar\wbsvc.exe <==== ACHTUNG Task: {E41081EF-E4F4-4539-8EAC-F4267E0D8B04} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-31] (Google Inc.) Task: {E68DE6BF-A61B-40BA-9006-BC6326D1B81D} - System32\Tasks\PMMUpdate => C:\Program Files\EgisTec IPS\PMMUpdate.exe [2012-07-12] (Egis Technology Inc.) (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Aufgabe verschoben. Die Datei, die durch die Aufgabe gestartet wird, wird nicht verschoben.) Task: C:\WINDOWS\Tasks\DropboxUpdateTaskUserS-1-5-21-3611015324-1233358662-1118214824-1001Core.job => C:\Users\User\AppData\Local\Dropbox\Update\DropboxUpdate.exe Task: C:\WINDOWS\Tasks\DropboxUpdateTaskUserS-1-5-21-3611015324-1233358662-1118214824-1001UA.job => C:\Users\User\AppData\Local\Dropbox\Update\DropboxUpdate.exe Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\WINDOWS\Tasks\Synaptics TouchPad Enhancements.job => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe ==================== Verknüpfungen ============================= (Die Einträge können gelistet werden, um sie zurückzusetzen oder zu entfernen.) Shortcut: C:\Users\User\Favorites\Acer\Acer.lnk -> hxxp://www.acer.com/ (Keine Datei) Shortcut: C:\Users\Public\Desktop\Online kaufen.lnk -> hxxp://go.acer.com/?id=13400+C:\Program Files\Accessory Store\AStore.ico (Keine Datei) ==================== Geladene Module (Nicht auf der Ausnahmeliste) ============== 2015-10-30 09:18 - 2015-10-30 09:18 - 00185856 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll 2014-03-11 20:24 - 2013-10-31 18:13 - 00102568 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll 2014-03-11 20:15 - 2014-01-02 19:41 - 00621736 _____ () C:\Program Files\Microsoft Office 15\ClientX64\StreamServer.dll 2015-06-25 07:53 - 2015-06-25 07:53 - 00699704 _____ () C:\Program Files (x86)\TuneUp Utilities 2014\avgrepliba.dll 2016-04-14 18:06 - 2016-03-29 12:20 - 02656952 _____ () C:\WINDOWS\system32\CoreUIComponents.dll 2016-04-14 18:06 - 2016-03-29 12:20 - 02656952 _____ () C:\WINDOWS\System32\CoreUIComponents.dll 2016-06-25 18:57 - 2016-06-25 18:57 - 00959168 _____ () C:\Users\User\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\amd64\ClientTelemetry.dll 2016-06-26 22:17 - 2016-05-28 05:53 - 00591360 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll 2015-12-19 19:38 - 2015-12-19 19:38 - 00093696 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\Windows.UI.Shell.SharedUtilities.dll 2016-06-26 22:17 - 2016-04-23 06:25 - 00472064 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\QuickActions.dll 2016-06-26 22:18 - 2016-05-28 05:59 - 07992832 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll 2016-06-26 22:18 - 2016-05-28 05:54 - 02483200 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll 2016-06-26 22:19 - 2016-05-28 05:56 - 04089856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll 2016-06-26 22:17 - 2016-05-28 05:55 - 00936960 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Actions.dll 2015-06-01 22:00 - 2015-06-01 22:00 - 00102912 _____ () C:\Windows\System32\IccLibDll_x64.dll 2014-02-12 20:58 - 2014-02-12 20:58 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll 2014-02-12 20:58 - 2014-02-12 20:58 - 01044808 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll 2012-11-03 02:38 - 2012-11-03 02:38 - 00465384 _____ () C:\Program Files (x86)\NTI\Acer Backup Manager\sqlite3.dll 2012-11-03 02:37 - 2012-11-03 02:37 - 01081408 _____ () C:\Program Files (x86)\NTI\Acer Backup Manager\ACE.dll 2012-11-03 02:37 - 2012-11-03 02:37 - 00125504 _____ () C:\Program Files (x86)\NTI\Acer Backup Manager\MailConverter32.dll 2012-11-03 02:38 - 2012-11-03 02:38 - 00155712 _____ () C:\Program Files (x86)\NTI\Acer Backup Manager\VolumeSnapshot.dll 2012-11-03 02:37 - 2012-11-03 02:37 - 00118336 _____ () C:\Program Files (x86)\NTI\Acer Backup Manager\Online.dll 2012-11-03 02:37 - 2012-11-03 02:37 - 00052288 _____ () C:\Program Files (x86)\NTI\Acer Backup Manager\OsSettingPort.dll 2012-11-03 02:37 - 2012-11-03 02:37 - 00727616 _____ () C:\Program Files (x86)\NTI\Acer Backup Manager\OutlookShadow.dll 2015-03-15 12:14 - 2016-07-09 21:23 - 52042352 _____ () C:\Users\User\AppData\Roaming\Spotify\libcef.dll 2016-06-25 18:57 - 2016-06-25 18:57 - 00679624 _____ () C:\Users\User\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\ClientTelemetry.dll 2014-03-11 20:15 - 2014-03-11 20:15 - 00309376 _____ () C:\Program Files\Microsoft Office 15\root\office15\AppVIsvStream32.dll 2016-06-25 19:12 - 2016-05-25 19:03 - 00034768 _____ () C:\Users\User\AppData\Roaming\Dropbox\bin\_multiprocessing.pyd 2016-06-25 19:12 - 2016-05-25 19:03 - 00134088 _____ () C:\Users\User\AppData\Roaming\Dropbox\bin\pyexpat.pyd 2016-06-25 19:12 - 2016-05-25 19:04 - 00019408 _____ () C:\Users\User\AppData\Roaming\Dropbox\bin\faulthandler.pyd 2016-06-25 19:12 - 2016-05-25 19:03 - 00116688 _____ () C:\Users\User\AppData\Roaming\Dropbox\bin\pywintypes27.dll 2016-06-25 19:12 - 2016-05-25 19:03 - 00093640 _____ () C:\Users\User\AppData\Roaming\Dropbox\bin\_ctypes.pyd 2016-06-25 19:12 - 2016-05-25 19:03 - 00018376 _____ () C:\Users\User\AppData\Roaming\Dropbox\bin\select.pyd 2016-06-25 19:12 - 2016-06-13 22:13 - 00019760 _____ () C:\Users\User\AppData\Roaming\Dropbox\bin\tornado.speedups.pyd 2016-06-25 19:12 - 2016-05-25 19:05 - 00105928 _____ () C:\Users\User\AppData\Roaming\Dropbox\bin\win32api.pyd 2016-06-25 19:12 - 2016-05-25 19:03 - 00392144 _____ () C:\Users\User\AppData\Roaming\Dropbox\bin\pythoncom27.dll 2016-06-25 19:12 - 2016-06-13 22:13 - 00381752 _____ () C:\Users\User\AppData\Roaming\Dropbox\bin\win32com.shell.shell.pyd 2016-06-25 19:12 - 2016-05-25 19:03 - 00692688 _____ () C:\Users\User\AppData\Roaming\Dropbox\bin\unicodedata.pyd 2016-06-25 19:12 - 2016-06-13 22:13 - 00020816 _____ () C:\Users\User\AppData\Roaming\Dropbox\bin\cryptography.hazmat.bindings._constant_time.pyd 2016-06-25 19:12 - 2016-05-25 19:04 - 00123856 _____ () C:\Users\User\AppData\Roaming\Dropbox\bin\_cffi_backend.pyd 2016-06-25 19:12 - 2016-06-13 22:13 - 01682760 _____ () C:\Users\User\AppData\Roaming\Dropbox\bin\cryptography.hazmat.bindings._openssl.pyd 2016-06-25 19:12 - 2016-06-13 22:13 - 00020808 _____ () C:\Users\User\AppData\Roaming\Dropbox\bin\cryptography.hazmat.bindings._padding.pyd 2016-06-25 19:12 - 2016-06-13 22:13 - 00021840 _____ () C:\Users\User\AppData\Roaming\Dropbox\bin\_cffi_unicode_environ_win32_x8bf8e68bx9968e850.pyd 2016-06-25 19:12 - 2016-06-13 22:13 - 00052024 _____ () C:\Users\User\AppData\Roaming\Dropbox\bin\psutil._psutil_windows.pyd 2016-06-25 19:12 - 2016-06-13 22:13 - 00038696 _____ () C:\Users\User\AppData\Roaming\Dropbox\bin\fastpath.pyd 2016-06-25 19:12 - 2016-05-25 19:05 - 00020936 _____ () C:\Users\User\AppData\Roaming\Dropbox\bin\mmapfile.pyd 2016-06-25 19:12 - 2016-05-25 19:05 - 00024528 _____ () C:\Users\User\AppData\Roaming\Dropbox\bin\win32event.pyd 2016-06-25 19:12 - 2016-05-25 19:05 - 00114640 _____ () C:\Users\User\AppData\Roaming\Dropbox\bin\win32security.pyd 2016-06-25 19:12 - 2016-05-25 19:05 - 00124880 _____ () C:\Users\User\AppData\Roaming\Dropbox\bin\win32file.pyd 2016-06-25 19:12 - 2016-06-13 22:13 - 00021832 _____ () C:\Users\User\AppData\Roaming\Dropbox\bin\_cffi_pywin_kernel32_x64d8f881xc8c369be.pyd 2016-06-25 19:12 - 2016-05-25 19:05 - 00024016 _____ () C:\Users\User\AppData\Roaming\Dropbox\bin\win32clipboard.pyd 2016-06-25 19:12 - 2016-05-25 19:05 - 00175560 _____ () C:\Users\User\AppData\Roaming\Dropbox\bin\win32gui.pyd 2016-06-25 19:12 - 2016-05-25 19:05 - 00030160 _____ () C:\Users\User\AppData\Roaming\Dropbox\bin\win32pipe.pyd 2016-06-25 19:12 - 2016-05-25 19:05 - 00043472 _____ () C:\Users\User\AppData\Roaming\Dropbox\bin\win32process.pyd 2016-06-25 19:12 - 2016-05-25 19:05 - 00048592 _____ () C:\Users\User\AppData\Roaming\Dropbox\bin\win32service.pyd 2016-06-25 19:12 - 2016-06-13 22:13 - 00023872 _____ () C:\Users\User\AppData\Roaming\Dropbox\bin\winffi.kernel32._winffi_kernel32.pyd 2016-06-25 19:12 - 2016-06-13 22:13 - 00026456 _____ () C:\Users\User\AppData\Roaming\Dropbox\bin\dropbox.infinite.win.compiled._driverinstallation.pyd 2016-06-25 19:12 - 2016-05-25 19:05 - 00057808 _____ () C:\Users\User\AppData\Roaming\Dropbox\bin\win32evtlog.pyd 2016-06-25 19:12 - 2016-05-25 19:05 - 00024016 _____ () C:\Users\User\AppData\Roaming\Dropbox\bin\win32profile.pyd 2016-06-25 19:12 - 2016-06-13 22:13 - 00246592 _____ () C:\Users\User\AppData\Roaming\Dropbox\bin\breakpad.client.windows.handler.pyd 2016-06-25 19:12 - 2016-05-25 19:05 - 00028616 _____ () C:\Users\User\AppData\Roaming\Dropbox\bin\win32ts.pyd 2016-06-25 19:12 - 2016-06-13 22:13 - 00020800 _____ () C:\Users\User\AppData\Roaming\Dropbox\bin\winffi.iphlpapi._winffi_iphlpapi.pyd 2016-06-25 19:12 - 2016-06-13 22:13 - 00019776 _____ () C:\Users\User\AppData\Roaming\Dropbox\bin\winffi.winerror._winffi_winerror.pyd 2016-06-25 19:12 - 2016-06-13 22:13 - 00020800 _____ () C:\Users\User\AppData\Roaming\Dropbox\bin\winffi.wininet._winffi_wininet.pyd 2016-06-25 19:12 - 2016-05-25 19:03 - 00134608 _____ () C:\Users\User\AppData\Roaming\Dropbox\bin\_elementtree.pyd 2016-06-25 19:12 - 2016-05-25 19:04 - 00240584 _____ () C:\Users\User\AppData\Roaming\Dropbox\bin\jpegtran.pyd 2016-06-25 19:12 - 2016-06-13 22:13 - 00020280 _____ () C:\Users\User\AppData\Roaming\Dropbox\bin\cpuid.compiled._cpuid.pyd 2016-06-25 19:12 - 2016-06-13 22:13 - 00023376 _____ () C:\Users\User\AppData\Roaming\Dropbox\bin\winscreenshot.compiled._CaptureScreenshot.pyd 2016-06-25 19:12 - 2016-05-25 19:05 - 00350152 _____ () C:\Users\User\AppData\Roaming\Dropbox\bin\winxpgui.pyd 2016-06-25 19:12 - 2016-06-13 22:13 - 00022352 _____ () C:\Users\User\AppData\Roaming\Dropbox\bin\winverifysignature.compiled._VerifySignature.pyd 2016-06-25 19:12 - 2016-06-13 22:13 - 00024392 _____ () C:\Users\User\AppData\Roaming\Dropbox\bin\librsyncffi.compiled._librsyncffi.pyd 2016-06-25 19:12 - 2016-05-25 19:05 - 00036296 _____ () C:\Users\User\AppData\Roaming\Dropbox\bin\librsync.dll 2016-06-25 19:12 - 2016-06-13 22:13 - 00031568 _____ () C:\Users\User\AppData\Roaming\Dropbox\bin\enterprise_data.compiled._enterprise_data.pyd 2016-06-25 19:12 - 2016-03-12 02:46 - 00293392 _____ () C:\Users\User\AppData\Roaming\Dropbox\bin\EnterpriseDataAdapter.dll 2016-06-25 19:12 - 2016-06-13 22:13 - 00084280 _____ () C:\Users\User\AppData\Roaming\Dropbox\bin\dropbox_sqlite_ext.DLL 2016-06-25 19:12 - 2016-06-13 22:13 - 01826096 _____ () C:\Users\User\AppData\Roaming\Dropbox\bin\PyQt5.QtCore.pyd 2016-06-25 19:12 - 2016-05-25 19:04 - 00083912 _____ () C:\Users\User\AppData\Roaming\Dropbox\bin\sip.pyd 2016-06-25 19:12 - 2016-06-13 22:13 - 03928880 _____ () C:\Users\User\AppData\Roaming\Dropbox\bin\PyQt5.QtWidgets.pyd 2016-06-25 19:12 - 2016-06-13 22:13 - 01971504 _____ () C:\Users\User\AppData\Roaming\Dropbox\bin\PyQt5.QtGui.pyd 2016-06-25 19:12 - 2016-06-13 22:13 - 00531248 _____ () C:\Users\User\AppData\Roaming\Dropbox\bin\PyQt5.QtNetwork.pyd 2016-06-25 19:12 - 2016-06-13 22:13 - 00132912 _____ () C:\Users\User\AppData\Roaming\Dropbox\bin\PyQt5.QtWebKit.pyd 2016-06-25 19:12 - 2016-06-13 22:13 - 00223544 _____ () C:\Users\User\AppData\Roaming\Dropbox\bin\PyQt5.QtWebKitWidgets.pyd 2016-06-25 19:12 - 2016-06-13 22:13 - 00207672 _____ () C:\Users\User\AppData\Roaming\Dropbox\bin\PyQt5.QtPrintSupport.pyd 2016-06-25 19:12 - 2016-05-25 19:05 - 00060880 _____ () C:\Users\User\AppData\Roaming\Dropbox\bin\win32print.pyd 2016-06-25 19:12 - 2016-06-13 22:13 - 00025928 _____ () C:\Users\User\AppData\Roaming\Dropbox\bin\windisplaytoast.compiled._DisplayToast.pyd 2016-06-25 19:12 - 2016-06-13 22:13 - 00024904 _____ () C:\Users\User\AppData\Roaming\Dropbox\bin\_cffi_wpad_proxy_win_x752e3d61xdcfdcc84.pyd 2016-06-25 19:12 - 2016-06-13 22:13 - 00546096 _____ () C:\Users\User\AppData\Roaming\Dropbox\bin\PyQt5.QtQuick.pyd 2016-06-25 19:12 - 2016-06-13 22:13 - 00357680 _____ () C:\Users\User\AppData\Roaming\Dropbox\bin\PyQt5.QtQml.pyd 2015-03-15 12:14 - 2016-07-09 21:23 - 01741936 _____ () C:\Users\User\AppData\Roaming\Spotify\libglesv2.dll 2015-03-15 12:14 - 2016-07-09 21:23 - 00087664 _____ () C:\Users\User\AppData\Roaming\Spotify\libegl.dll 2013-02-25 22:16 - 2012-06-25 19:41 - 01198912 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\ACE.dll ==================== Alternate Data Streams (Nicht auf der Ausnahmeliste) ========= (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird nur der ADS entfernt.) AlternateDataStreams: C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Facebook.website:TASKICON_0news-1751121550 [2302] AlternateDataStreams: C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Facebook.website:TASKICON_1messages-431041656 [2302] AlternateDataStreams: C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Facebook.website:TASKICON_2events-250898981 [2302] AlternateDataStreams: C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Facebook.website:TASKICON_3friends-215113587 [2302] ==================== Abgesicherter Modus (Nicht auf der Ausnahmeliste) =================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Der Wert "AlternateShell" wird wiederhergestellt.) ==================== Verknüpfungen (Nicht auf der Ausnahmeliste) =============== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt.) ==================== Internet Explorer Vertrauenswürdig/Eingeschränkt =============== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt.) ==================== Hosts Inhalt: =============================== (Wenn benötigt kann der Hosts: Schalter in die Fixlist aufgenommen werden um die Hosts Datei zurückzusetzen.) 2013-08-22 15:25 - 2013-08-22 15:25 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts ==================== Andere Bereiche ============================ (Aktuell gibt es keinen automatisierten Fix für diesen Bereich.) HKU\S-1-5-21-3611015324-1233358662-1118214824-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\User\Pictures\Siebenbürgen 2015\IMG_02003.jpg DNS Servers: 192.168.2.1 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1) Windows Firewall ist aktiviert. ==================== MSCONFIG/TASK MANAGER Deaktivierte Einträge == (Aktuell gibt es keinen automatisierten Fix für diesen Bereich.) ==================== Firewall Regeln (Nicht auf der Ausnahmeliste) =============== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.) FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139 FirewallRules: [UDP Query User{9B1E7277-4BFD-4DD7-8303-962623CB6EB5}C:\users\user\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\user\appdata\roaming\spotify\spotify.exe FirewallRules: [TCP Query User{773F2A44-36C6-4417-94B5-5B1FC8F1C298}C:\users\user\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\user\appdata\roaming\spotify\spotify.exe FirewallRules: [{96C2283B-8374-437E-97F5-5050E9B84A97}] => (Allow) C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManager.exe FirewallRules: [{54EF1D26-1E67-4317-862F-5309CF19152C}] => (Allow) C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe FirewallRules: [{B59D6F63-526A-43F7-AC5A-68F2144DCFEA}] => (Allow) C:\Program Files (x86)\NTI\Acer Backup Manager\FileExplorer.exe FirewallRules: [{D5236F86-10B2-4DDA-8EDD-B023119EBE34}] => (Allow) C:\Program Files (x86)\Spotify\spotify.exe FirewallRules: [{11D9DA99-C805-4852-8BF2-B36C762B8F73}] => (Allow) C:\Program Files (x86)\Spotify\spotify.exe FirewallRules: [{FAF3A736-C37D-4C29-9548-227FF6C94287}] => (Allow) C:\Program Files (x86)\Spotify\Data\SpotifyWebHelper.exe FirewallRules: [{2B2B1051-4F4D-4DAC-850A-62F4098F5E98}] => (Allow) C:\Program Files (x86)\Spotify\Data\SpotifyWebHelper.exe FirewallRules: [{2771C4AE-B350-434C-89F3-F57EB05886C3}] => (Allow) C:\Program Files (x86)\Acer\clear.fi Media\DMCDaemon.exe FirewallRules: [{417E4361-F343-448F-BBEC-917DC1BAC4FB}] => (Allow) C:\Program Files (x86)\Acer\clear.fi Media\DMCDaemon.exe FirewallRules: [{76F5C8E9-38C6-41C8-8A5C-F4AB72C7D8B1}] => (Allow) C:\Program Files (x86)\Acer\clear.fi Media\WindowsUpnpMV.exe FirewallRules: [{EB75F31C-A31F-4BBF-A5F7-77D58F1D9B93}] => (Allow) C:\Program Files (x86)\Acer\clear.fi Media\WindowsUpnpMV.exe FirewallRules: [{AA866918-7B11-46F1-8488-97B4B5A0BE40}] => (Allow) C:\Program Files (x86)\Acer\clear.fi SDK21\Video\VideoPlayer.exe FirewallRules: [{144B3A14-2267-4B15-8BDB-AC560466B11F}] => (Allow) C:\Program Files (x86)\Acer\clear.fi SDK21\Video\MusicPlayer.exe FirewallRules: [{EA27E55B-F7C2-4E7A-8F5D-A0D909E6699D}] => (Allow) C:\Program Files (x86)\Acer\clear.fi SDK21\Movie\PlayMovie.exe FirewallRules: [{966DEE37-7559-47E6-BAFE-B4E475E4223C}] => (Allow) C:\Program Files (x86)\Acer\clear.fi Photo\DMCDaemon.exe FirewallRules: [{BDFAFE0F-D1F6-4F31-9E9A-FDC3DDBD636A}] => (Allow) C:\Program Files (x86)\Acer\clear.fi Photo\DMCDaemon.exe FirewallRules: [{DD15B78B-2A0C-4950-9E26-47BF70B7B234}] => (Allow) C:\Program Files (x86)\Acer\clear.fi Photo\WindowsUpnp.exe FirewallRules: [{8058F124-7909-4CD3-8759-4701CB4F8286}] => (Allow) C:\Program Files (x86)\Acer\clear.fi Photo\WindowsUpnp.exe FirewallRules: [{CCF4447E-405E-474F-8DD4-EACA156FEDA2}] => (Allow) C:\Program Files (x86)\Acer\Acer Cloud\ccd.exe FirewallRules: [{3C32AD3C-62FB-46AC-ADF3-E210035BFD9A}] => (Allow) C:\Program Files (x86)\Acer\Acer Cloud\ccd.exe FirewallRules: [{B6BE5BF4-5653-495F-BB1C-6902027DC6EE}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe FirewallRules: [{53437C13-1965-44C9-A358-4801611A8816}] => (Allow) C:\Users\User\AppData\Roaming\Dropbox\bin\Dropbox.exe FirewallRules: [{A43624FC-0DB3-4E38-9684-A6DD702E6050}] => (Allow) C:\Users\User\AppData\Roaming\Dropbox\bin\Dropbox.exe FirewallRules: [{3286A1A7-19C4-43C6-AA4E-BF999B5B1FCC}] => (Allow) C:\Users\User\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe FirewallRules: [{DDE47F77-69CF-4B3C-95D7-714CB37A7639}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe FirewallRules: [{02D1C326-A15D-437E-B8E1-CDDEDF6A8110}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe FirewallRules: [{ACC0EB37-4D0E-4AF9-90CF-9B01C9630E12}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe FirewallRules: [{E115DAD5-B26A-473A-A7EB-9AF9DA73C6F8}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe FirewallRules: [{824E169B-5919-4D82-90A2-B3F13887E35B}] => (Allow) C:\Program Files (x86)\iTunes\iTunes.exe FirewallRules: [{8870D4F0-FEF5-4832-9174-3149C493FEB3}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe FirewallRules: [TCP Query User{FDB90C13-0B30-4E36-8E9C-4C214CF4762E}C:\program files (x86)\symantec\norton online backup\nobuclient.exe] => (Allow) C:\program files (x86)\symantec\norton online backup\nobuclient.exe FirewallRules: [UDP Query User{062D87E8-1575-4EA9-BC3E-6A3C7325E376}C:\program files (x86)\symantec\norton online backup\nobuclient.exe] => (Allow) C:\program files (x86)\symantec\norton online backup\nobuclient.exe ==================== Wiederherstellungspunkte ========================= 29-03-2016 18:12:31 Windows Update 14-04-2016 21:32:51 Windows Update 14-04-2016 21:34:18 Windows Update 30-06-2016 17:47:47 Windows Update 30-06-2016 17:48:51 Windows Update ==================== Fehlerhafte Geräte im Gerätemanager ============= ==================== Fehlereinträge in der Ereignisanzeige: ========================= Applikationsfehler: ================== Error: (07/10/2016 10:06:07 AM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledSPRetry 29952516 Error: (07/10/2016 10:06:07 AM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledEvent 29952516 Error: (07/10/2016 10:06:07 AM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: Continuously busy for more than a second Error: (07/10/2016 10:06:06 AM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledSPRetry 29950953 Error: (07/10/2016 10:06:06 AM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledEvent 29950953 Error: (07/10/2016 10:06:06 AM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: Continuously busy for more than a second Error: (07/10/2016 10:06:04 AM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledSPRetry 29949547 Error: (07/10/2016 10:06:04 AM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledEvent 29949547 Error: (07/10/2016 10:06:04 AM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: Continuously busy for more than a second Error: (07/10/2016 10:06:03 AM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledSPRetry 29947937 Systemfehler: ============= Error: (07/10/2016 10:56:12 AM) (Source: Service Control Manager) (EventID: 7022) (User: ) Description: Der Dienst "Übermittlungsoptimierung" wurde nicht richtig gestartet. Error: (07/10/2016 10:55:24 AM) (Source: DCOM) (EventID: 10010) (User: NT-AUTORITÄT) Description: {784E29F4-5EBE-4279-9948-1E8FE941646D} Error: (07/10/2016 10:49:45 AM) (Source: DCOM) (EventID: 10010) (User: ACER) Description: {9BA05972-F6A8-11CF-A442-00A0C90A8F39} Error: (07/10/2016 10:49:43 AM) (Source: Service Control Manager) (EventID: 7009) (User: ) Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Synchronisierungshost_8941d erreicht. Error: (07/10/2016 10:49:43 AM) (Source: Service Control Manager) (EventID: 7009) (User: ) Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Benutzerdatenspeicher _8941d erreicht. Error: (07/10/2016 10:49:43 AM) (Source: Service Control Manager) (EventID: 7032) (User: ) Description: Der Versuch des Dienststeuerungs-Managers, nach dem unerwarteten Beenden des Dienstes "Benutzerdatenspeicher _8941d" Korrekturmaßnahmen (Neustart des Diensts) durchzuführen, ist fehlgeschlagen. Fehler: %%1056 = Es wird bereits eine Instanz des Dienstes ausgeführt. Error: (07/10/2016 10:49:34 AM) (Source: DCOM) (EventID: 10010) (User: ACER) Description: {0002DF02-0000-0000-C000-000000000046} Error: (07/10/2016 10:49:33 AM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: Der Dienst "Benutzerdatenzugriff_8941d" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 10000 Millisekunden durchgeführt: Neustart des Diensts. Error: (07/10/2016 10:49:33 AM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: Der Dienst "Benutzerdatenspeicher _8941d" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 10000 Millisekunden durchgeführt: Neustart des Diensts. Error: (07/10/2016 10:49:33 AM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: Der Dienst "Kontaktdaten_8941d" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 10000 Millisekunden durchgeführt: Neustart des Diensts. CodeIntegrity: =================================== Date: 2016-07-09 21:20:49.728 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system. Date: 2016-07-01 21:19:04.505 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system. Date: 2016-05-02 21:54:39.363 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system. Date: 2016-04-17 17:07:49.745 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system. Date: 2016-03-30 17:54:46.136 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system. Date: 2016-03-25 21:43:53.666 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system. Date: 2016-03-25 17:33:18.319 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system. Date: 2016-03-07 10:16:18.949 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system. Date: 2016-02-14 11:53:39.288 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system. Date: 2016-02-12 18:53:27.940 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system. ==================== Speicherinformationen =========================== Prozessor: Intel(R) Pentium(R) CPU B960 @ 2.20GHz Prozentuale Nutzung des RAM: 59% Installierter physikalischer RAM: 3909.28 MB Verfügbarer physikalischer RAM: 1580.81 MB Summe virtueller Speicher: 43909.28 MB Verfügbarer virtueller Speicher: 41478.05 MB ==================== Laufwerke ================================ Drive c: (Acer) (Fixed) (Total:445.75 GB) (Free:337.81 GB) NTFS Drive e: (USB DISK) (Removable) (Total:7.49 GB) (Free:2.61 GB) FAT32 Drive f: (CANON_DC) (Removable) (Total:14.83 GB) (Free:14.16 GB) FAT32 ==================== MBR & Partitionstabelle ================== ======================================================== Disk: 0 (Size: 465.8 GB) (Disk ID: 30487FA9) Partition: GPT. ======================================================== Disk: 1 (Size: 14.8 GB) (Disk ID: 00000000) Partition: GPT. ======================================================== Disk: 2 (MBR Code: Windows XP) (Size: 7.5 GB) (Disk ID: C3072E18) Partition 1: (Not Active) - (Size=7.5 GB) - (Type=0B) ==================== Ende von Addition.txt ============================ |
10.07.2016, 10:43 | #5 |
/// TB-Ausbilder /// Anleitungs-Guru | "mytrustsearch"- was ist das? Hi, Schritt 1 Bitte deinstalliere folgende Programme: Ask Toolbar Web Bar 2.0.5718.19210 YTD Video Downloader 4.3 Versuche es bei Windows 10 mit der Windowstaste + X über . Sollte das nicht gehen, lade Dir bitte Revo Uninstallerhier herunter. Entpacke die zip-Datei auf den Desktop. Anleitung
Wenn Du ein Programm nicht deinstallieren kannst, mach mit dem nächsten weiter. Auch wenn am Ende noch Programme übrig geblieben sind, führe den nächsten Schritt aus: Schritt 2 Downloade Dir bitte AdwCleaner auf deinen Desktop.
Schritt 3
Schritt 4 Bitte starte FRST erneut, markiere auch die checkbox und drücke auf Untersuchen. Bitte poste mir den Inhalt der beiden Logs die erstellt werden.
__________________ Gruß deeprybka Lob, Kritik, Wünsche? Spende fürs trojaner-board? _______________________________________________ „Neminem laede, immo omnes, quantum potes, iuva.“ Arthur Schopenhauer |
11.07.2016, 14:11 | #6 |
| AdwCleaner.txtCode:
ATTFilter # AdwCleaner v5.201 - Bericht erstellt am 11/07/2016 um 13:45:52 # Aktualisiert am 30/06/2016 von ToolsLib # Datenbank : 2016-07-10.3 [Server] # Betriebssystem : Windows 10 Home (X64) # Benutzername : User - ACER # Gestartet von : C:\Users\User\Desktop\AdwCleaner_5.201.exe # Option : Löschen # Unterstützung : https://toolslib.net/forum ***** [ Dienste ] ***** ***** [ Ordner ] ***** [-] Ordner gelöscht : C:\ProgramData\apn [-] Ordner gelöscht : C:\Users\User\AppData\Local\Temp\apn [-] Ordner gelöscht : C:\Users\User\AppData\Roaming\RPEng ***** [ Dateien ] ***** [-] Datei gelöscht : C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_cdncache-a.akamaihd.net_0.localstorage [-] Datei gelöscht : C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_cdncache-a.akamaihd.net_0.localstorage-journal [-] Datei gelöscht : C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_foxi69.tlscdn.com_0.localstorage [-] Datei gelöscht : C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_foxi69.tlscdn.com_0.localstorage-journal [-] Datei gelöscht : C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_static.pricepeep00.pricepeep.net_0.localstorage [-] Datei gelöscht : C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_static.pricepeep00.pricepeep.net_0.localstorage-journal [-] Datei gelöscht : C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_static.re-markit00.re-markit.co_0.localstorage [-] Datei gelöscht : C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_static.re-markit00.re-markit.co_0.localstorage-journal [-] Datei gelöscht : C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_deformerpro.softonic.de_0.localstorage [-] Datei gelöscht : C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_deformerpro.softonic.de_0.localstorage-journal [-] Datei gelöscht : C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_static.coupontime00.coupontime.co_0.localstorage [-] Datei gelöscht : C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_static.coupontime00.coupontime.co_0.localstorage-journal [-] Datei gelöscht : C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.azlyrics.com_0.localstorage [-] Datei gelöscht : C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.azlyrics.com_0.localstorage-journal [-] Datei gelöscht : C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.metrolyrics.com_0.localstorage [-] Datei gelöscht : C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.metrolyrics.com_0.localstorage-journal [-] Datei gelöscht : C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.softonic.de_0.localstorage [-] Datei gelöscht : C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.softonic.de_0.localstorage-journal ***** [ DLLs ] ***** ***** [ WMI ] ***** ***** [ Verknüpfungen ] ***** ***** [ Aufgabenplanung ] ***** [-] Geplante Aufgabe gelöscht : WebBarLaunchTask [-] Geplante Aufgabe gelöscht : WebBarUpdateTask ***** [ Registrierungsdatenbank ] ***** [-] Wert gelöscht : HKCU\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION [wb.exe] [#] Wert gelöscht : HKCU\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN\FEATURECONTROL\FEATURE_BROWSER_EMULATION [wb.exe] [-] Schlüssel gelöscht : HKLM\SOFTWARE\Google\Chrome\Extensions\aaaaaejaghnbcjilindpkgmcmdflpgjf [-] Schlüssel gelöscht : [x64] HKLM\SOFTWARE\Google\Chrome\Extensions\aaaaaejaghnbcjilindpkgmcmdflpgjf [-] Schlüssel gelöscht : HKLM\SOFTWARE\Classes\CLSID\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6} [-] Schlüssel gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6} [-] Schlüssel gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6} [-] Schlüssel gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6} [-] Schlüssel gelöscht : [x64] HKLM\SOFTWARE\WebBar [-] Schlüssel gelöscht : HKU\.DEFAULT\Software\AskPartnerNetwork [-] Wert gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run32 [ApnTBMon] [-] Schlüssel gelöscht : HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application\wbsvc ***** [ Internetbrowser ] ***** [-] [C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Extension] gelöscht : aaaaaejaghnbcjilindpkgmcmdflpgjf [-] [C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Extension] gelöscht : aaaailpifkkekipiachodfkfmgmiapmp ************************* :: "Tracing" Schlüssel gelöscht :: Proxy Einstellungen zurückgesetzt :: Winsock Einstellungen zurückgesetzt :: Internet Explorer Richtlinien gelöscht :: Chrome Richtlinien gelöscht ************************* C:\AdwCleaner\AdwCleaner[C1].txt - [5327 Bytes] - [11/07/2016 13:45:52] C:\AdwCleaner\AdwCleaner[S1].txt - [5145 Bytes] - [11/07/2016 13:42:31] ########## EOF - C:\AdwCleaner\AdwCleaner[C1].txt - [5473 Bytes] ########## Code:
ATTFilter Malwarebytes Anti-Malware www.malwarebytes.org Suchlaufdatum: 11.07.2016 Suchlaufzeit: 14:01 Protokolldatei: mbam.txt Administrator: Ja Version: 2.2.1.1043 Malware-Datenbank: v2016.07.11.04 Rootkit-Datenbank: v2016.05.27.01 Lizenz: Testversion Malware-Schutz: Aktiviert Schutz vor bösartigen Websites: Aktiviert Selbstschutz: Deaktiviert Betriebssystem: Windows 10 CPU: x64 Dateisystem: NTFS Benutzer: User Suchlauftyp: Bedrohungssuchlauf Ergebnis: Abgeschlossen Durchsuchte Objekte: 341466 Abgelaufene Zeit: 45 Min., 23 Sek. Speicher: Aktiviert Start: Aktiviert Dateisystem: Aktiviert Archive: Aktiviert Rootkits: Aktiviert Heuristik: Aktiviert PUP: Aktiviert PUM: Aktiviert Prozesse: 0 (keine bösartigen Elemente erkannt) Module: 0 (keine bösartigen Elemente erkannt) Registrierungsschlüssel: 0 (keine bösartigen Elemente erkannt) Registrierungswerte: 0 (keine bösartigen Elemente erkannt) Registrierungsdaten: 0 (keine bösartigen Elemente erkannt) Ordner: 0 (keine bösartigen Elemente erkannt) Dateien: 3 PUP.Optional.APNToolBar, C:\Users\User\Documents\ApnStub1.exe, In Quarantäne, [0ab6b66c0b8fee48e6edd15881803bc5], PUP.Optional.APNToolBar, C:\Users\User\Documents\ApnStub2.exe, In Quarantäne, [8040938f7c1e41f505ce84a5bb4602fe], PUP.Optional.Spigot, C:\Users\User\Downloads\YTD43Setup.exe, In Quarantäne, [853b2ef4e3b71026e642fd25bc44eb15], Physische Sektoren: 0 (keine bösartigen Elemente erkannt) (end) Code:
ATTFilter Untersuchungsergebnis von Farbar Recovery Scan Tool (FRST) (x64) Version: 10-07-2016 01 durchgeführt von User (Administrator) auf ACER (11-07-2016 15:07:22) Gestartet von C:\Users\User\Desktop Geladene Profile: User (Verfügbare Profile: User) Platform: Windows 10 Home Version 1511 (X64) Sprache: Deutsch (Deutschland) Internet Explorer Version 11 (Standard-Browser: Edge) Start-Modus: Normal Anleitung für Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Prozesse (Nicht auf der Ausnahmeliste) ================= (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Prozess geschlossen. Die Datei wird nicht verschoben.) (Broadcom Corp.) C:\Program Files\Broadcom\MemoryCard\BrcmCardReader.exe (Malwarebytes) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe (Malwarebytes) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe (Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Acer Incorporated) C:\Program Files (x86)\Acer\Acer Cloud\CCDMonitorService.exe (Dritek System Inc.) C:\Program Files (x86)\Launch Manager\dsiwmis.exe (Symantec Corporation) C:\Program Files (x86)\Norton 360\Engine\22.7.0.76\n360.exe (Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe (Dritek System INC.) C:\Windows\RfBtnSvc64.exe (NTI Corporation) C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe (Symantec Corporation) C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe (TuneUp Software) C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesService64.exe (Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LMutilps32.exe (Malwarebytes) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe (Microsoft Corporation) C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersServer.exe (Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LManager.exe (Symantec Corporation) C:\Program Files (x86)\Norton 360\Engine\22.7.0.76\n360.exe (TuneUp Software) C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesApp64.exe (Dritek System Inc.) C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe (Intel Corporation) C:\Windows\System32\igfxext.exe (Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerTray.exe (Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe (Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe (Intel Corporation) C:\Windows\System32\hkcmd.exe (Intel Corporation) C:\Windows\System32\igfxpers.exe (CyberLink) C:\Program Files (x86)\CyberLink\MediaEspresso\DeviceDetector\DeviceDetector.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (FTweak) C:\Program Files (x86)\RAMRush\RAMRush.exe (Spotify Ltd) C:\Users\User\AppData\Roaming\Spotify\SpotifyWebHelper.exe (Spotify Ltd) C:\Users\User\AppData\Roaming\Spotify\Spotify.exe (Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe (NTI Corporation) C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe (Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\office15\onenotem.exe (Dropbox, Inc.) C:\Users\User\AppData\Roaming\Dropbox\bin\Dropbox.exe (Symantec Corporation) C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe (Dritek System Inc.) C:\Program Files (x86)\RadioController\RfBtnHelper.exe (Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe (Spotify Ltd) C:\Users\User\AppData\Roaming\Spotify\SpotifyCrashService.exe (Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe (Spotify Ltd) C:\Users\User\AppData\Roaming\Spotify\Spotify.exe (Spotify Ltd) C:\Users\User\AppData\Roaming\Spotify\Spotify.exe (Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe (Microsoft Corporation) C:\Windows\System32\browser_broker.exe (Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe (Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe (Egis Technology Inc.) C:\Program Files\EgisTec IPS\PmmUpdate.exe (Egis Technology Inc.) C:\Program Files\EgisTec IPS\EgisUpdate.exe (Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe ==================== Registry (Nicht auf der Ausnahmeliste) =========================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt. Die Datei wird nicht verschoben.) HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12503184 2012-06-11] (Realtek Semiconductor) HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [3008824 2012-11-29] (Synaptics Incorporated) HKLM-x32\...\Run: [LManager] => [X] HKLM-x32\...\Run: [RadioController] => C:\Program Files (x86)\RadioController\RfBtnHelper.exe [111216 2013-02-25] (Dritek System Inc.) HKLM-x32\...\Run: [Norton Online Backup] => C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe [2994880 2012-08-15] (Symantec Corporation) HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-02-21] (Apple Inc.) Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation) HKU\S-1-5-21-3611015324-1233358662-1118214824-1001\...\Run: [ftweak_RAMRush] => C:\Program Files (x86)\RAMRush\RAMRush.exe [670720 2009-09-17] (FTweak) HKU\S-1-5-21-3611015324-1233358662-1118214824-1001\...\Run: [Spotify Web Helper] => C:\Users\User\AppData\Roaming\Spotify\SpotifyWebHelper.exe [1553520 2016-07-09] (Spotify Ltd) HKU\S-1-5-21-3611015324-1233358662-1118214824-1001\...\Run: [Dropbox Update] => C:\Users\User\AppData\Local\Dropbox\Update\DropboxUpdate.exe [134512 2015-07-19] (Dropbox, Inc.) HKU\S-1-5-21-3611015324-1233358662-1118214824-1001\...\Run: [Spotify] => C:\Users\User\AppData\Roaming\Spotify\Spotify.exe [7003760 2016-07-09] (Spotify Ltd) HKU\S-1-5-21-3611015324-1233358662-1118214824-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [53123712 2016-05-17] (Skype Technologies S.A.) HKU\S-1-5-21-3611015324-1233358662-1118214824-1001\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\scrnsave.scr [31744 2015-10-30] (Microsoft Corporation) ShellIconOverlayIdentifiers: [ OverlayExcluded] -> {4433A54A-1AC8-432F-90FC-85F045CF383C} => C:\Program Files (x86)\Norton 360\Engine64\22.7.0.76\buShell.dll [2016-06-09] (Symantec Corporation) ShellIconOverlayIdentifiers: [ OverlayPending] -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} => C:\Program Files (x86)\Norton 360\Engine64\22.7.0.76\buShell.dll [2016-06-09] (Symantec Corporation) ShellIconOverlayIdentifiers: [ OverlayProtected] -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} => C:\Program Files (x86)\Norton 360\Engine64\22.7.0.76\buShell.dll [2016-06-09] (Symantec Corporation) ShellIconOverlayIdentifiers: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Users\User\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\amd64\FileSyncShell64.dll [2016-06-25] (Microsoft Corporation) ShellIconOverlayIdentifiers: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Users\User\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\amd64\FileSyncShell64.dll [2016-06-25] (Microsoft Corporation) ShellIconOverlayIdentifiers: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Users\User\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\amd64\FileSyncShell64.dll [2016-06-25] (Microsoft Corporation) ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\User\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll [2016-06-13] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\User\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll [2016-06-13] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\User\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll [2016-06-13] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\User\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll [2016-06-13] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Users\User\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\FileSyncShell.dll [2016-06-25] (Microsoft Corporation) ShellIconOverlayIdentifiers-x32: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Users\User\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\FileSyncShell.dll [2016-06-25] (Microsoft Corporation) ShellIconOverlayIdentifiers-x32: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Users\User\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\FileSyncShell.dll [2016-06-25] (Microsoft Corporation) ShellIconOverlayIdentifiers-x32: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\User\AppData\Roaming\Dropbox\bin\DropboxExt.34.dll [2016-06-13] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\User\AppData\Roaming\Dropbox\bin\DropboxExt.34.dll [2016-06-13] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\User\AppData\Roaming\Dropbox\bin\DropboxExt.34.dll [2016-06-13] (Dropbox, Inc.) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Acer Backup Manager Tray.lnk [2012-11-23] ShortcutTarget: Acer Backup Manager Tray.lnk -> C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe (NTI Corporation) Startup: C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\An OneNote senden.lnk [2015-03-29] ShortcutTarget: An OneNote senden.lnk -> C:\Program Files\Microsoft Office 15\root\office15\onenotem.exe (Microsoft Corporation) Startup: C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2016-04-17] ShortcutTarget: Dropbox.lnk -> C:\Users\User\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) ==================== Internet (Nicht auf der Ausnahmeliste) ==================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Eintrag entfernt oder auf den Standardwert zurückgesetzt, wenn es sich um einen Registryeintrag handelt.) Tcpip\Parameters: [DhcpNameServer] 192.168.2.1 192.168.2.1 Tcpip\..\Interfaces\{b4e57d4c-a4ec-438b-a34d-db51b489b7bb}: [DhcpNameServer] 192.168.2.1 192.168.2.1 Internet Explorer: ================== HKU\S-1-5-21-3611015324-1233358662-1118214824-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://acer13.msn.com HKU\S-1-5-21-3611015324-1233358662-1118214824-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://acer13.msn.com BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll [2014-03-11] (Microsoft Corporation) BHO: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton 360\Engine64\22.7.0.76\coIEPlg.dll [2016-05-31] (Symantec Corporation) BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL [2014-03-11] (Microsoft Corporation) BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [2014-03-11] (Microsoft Corporation) BHO: DVDVideoSoft IE Extension -> {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} -> C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns64.dll [2015-08-05] (DVDVideoSoft Ltd.) BHO-x32: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton 360\Engine\22.7.0.76\coIEPlg.dll [2016-05-31] (Symantec Corporation) BHO-x32: Norton Vulnerability Protection -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> C:\Program Files (x86)\Norton 360\Engine\20.6.0.27\IPS\IPSBHO.DLL => Keine Datei BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL [2014-03-11] (Microsoft Corporation) Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine64\22.7.0.76\coIEPlg.dll [2016-05-31] (Symantec Corporation) Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine\22.7.0.76\coIEPlg.dll [2016-05-31] (Symantec Corporation) Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2014-03-11] (Microsoft Corporation) FireFox: ======== FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-02-20] () FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-06-07] (Intel Corporation) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-06-07] (Intel Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2014-03-11] (Microsoft Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-06-25] (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-06-25] (Google Inc.) FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll [2012-05-12] () FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2016-04-23] (Adobe Systems Inc.) FF HKLM\...\Firefox\Extensions: [{C1A2A613-35F1-4FCF-B27F-2840527B6556}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_22.5.2.15\coFFAddon FF Extension: Norton Identity Safe - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_22.5.2.15\coFFAddon [2016-07-09] FF HKLM-x32\...\Firefox\Extensions: [{C1A2A613-35F1-4FCF-B27F-2840527B6556}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_22.5.2.15\coFFAddon FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK => nicht gefunden Chrome: ======= CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\51.0.2704.103\PepperFlash\pepflashplayer.dll () CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\51.0.2704.103\ppGoogleNaClPluginChrome.dll => Keine Datei CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\51.0.2704.103\pdf.dll => Keine Datei CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll => Keine Datei CHR Plugin: (Intel® Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation) CHR Plugin: (Intel® Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation) CHR Profile: C:\Users\User\AppData\Local\Google\Chrome\User Data\Default CHR Extension: (Google Drive) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-29] CHR Extension: (YouTube) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-25] CHR Extension: (Ecosia - Die Suchmaschine, die Bäume pflanzt) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\clellnciejhoedgepbdilbkdkaoecgpc [2015-10-17] CHR Extension: (Google-Suche) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-11-02] CHR Extension: (youTubeRate) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\flcfhacaaadijbnjaopcdijigenfpjjm [2016-07-09] CHR Extension: (Google Docs Offline) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-27] CHR Extension: (Norton Identity Safe) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\iikflkcanblccfahdhdonehdalibjnif [2014-12-16] CHR Extension: (Chrome Web Store-Zahlungen) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-05-06] CHR Extension: (Google Mail) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-29] CHR HKLM\...\Chrome\Extension: [cjabmdjcfcfdmffimndhafhblfmpjdpe] - C:\Program Files (x86)\Norton 360\Engine\22.7.0.76\Exts\Chrome.crx [2016-07-09] CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx CHR HKLM-x32\...\Chrome\Extension: [cjabmdjcfcfdmffimndhafhblfmpjdpe] - C:\Program Files (x86)\Norton 360\Engine\22.7.0.76\Exts\Chrome.crx [2016-07-09] CHR HKLM-x32\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx ==================== Dienste (Nicht auf der Ausnahmeliste) ======================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.) R2 BrcmCardReader; C:\Program Files\Broadcom\MemoryCard\BrcmCardReader.exe [176640 2012-08-20] (Broadcom Corp.) [Datei ist nicht signiert] R2 CCDMonitorService; C:\Program Files (x86)\Acer\Acer Cloud\CCDMonitorService.exe [2449552 2012-10-25] (Acer Incorporated) R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2169016 2014-01-02] (Microsoft Corporation) S3 DeviceFastLaneService; C:\Program Files\Acer\Acer Device Fast-lane\DeviceFastLaneSvc.exe [469648 2012-11-17] (Acer Incorporated) R3 ePowerSvc; C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe [658064 2012-10-23] (Acer Incorporated) R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [165760 2012-07-18] (Intel Corporation) R2 MBAMScheduler; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe [1514464 2016-03-10] (Malwarebytes) R2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [1136608 2016-03-10] (Malwarebytes) R2 N360; C:\Program Files (x86)\Norton 360\Engine\22.7.0.76\N360.exe [289080 2016-06-17] (Symantec Corporation) R2 NOBU; C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [3943104 2012-08-15] (Symantec Corporation) R2 NTI IScheduleSvc; C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe [259136 2012-11-03] (NTI Corporation) R2 RfButtonDriverService; C:\Windows\RfBtnSvc64.exe [96880 2013-02-25] (Dritek System INC.) R2 TuneUp.UtilitiesSvc; C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesService64.exe [2145080 2015-06-25] (TuneUp Software) S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [364464 2015-10-30] (Microsoft Corporation) S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2015-10-30] (Microsoft Corporation) ===================== Treiber (Nicht auf der Ausnahmeliste) ========================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.) R3 BCM43XX; C:\Windows\system32\DRIVERS\bcmwl63a.sys [7585280 2015-10-30] (Broadcom Corporation) R1 BHDrvx64; C:\Program Files (x86)\Norton 360\NortonData\22.5.2.15\Definitions\BASHDefs\20160705.001\BHDrvx64.sys [1832176 2016-05-12] (Symantec Corporation) R1 ccSet_N360; C:\Windows\system32\drivers\N360x64\1607000.04C\ccSetx64.sys [174328 2016-06-02] (Symantec Corporation) R1 ccSet_NARA; C:\Windows\system32\drivers\NARAx64\0401000.00E\ccSetx64.sys [168608 2012-05-26] (Symantec Corporation) R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [497392 2016-05-06] (Symantec Corporation) R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [156912 2016-06-25] (Symantec Corporation) R1 IDSVia64; C:\Program Files (x86)\Norton 360\NortonData\22.5.2.15\Definitions\IPSDefs\20160708.001\IDSvia64.sys [876760 2016-07-09] (Symantec Corporation) R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [27008 2016-03-10] (Malwarebytes) R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [192216 2016-07-11] (Malwarebytes) R3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [65408 2016-03-10] (Malwarebytes Corporation) R3 Ps2Kb2Hid; C:\Windows\System32\drivers\aPs2Kb2Hid.sys [26736 2013-02-25] (Dritek System Inc.) S3 SipIMNDI; C:\Windows\system32\DRIVERS\SipIMNDI64.sys [28192 2009-10-15] (T-Systems International GmbH) R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [31032 2012-11-29] (Synaptics Incorporated) R1 SRTSP; C:\Windows\System32\Drivers\N360x64\1607000.04C\SRTSP64.SYS [773360 2016-07-02] (Symantec Corporation) R1 SRTSPX; C:\Windows\system32\drivers\N360x64\1607000.04C\SRTSPX64.SYS [48888 2016-06-02] (Symantec Corporation) R0 SymEFASI; C:\Windows\System32\drivers\N360x64\1607000.04C\SYMEFASI64.SYS [1627352 2016-06-02] (Symantec Corporation) S0 SymELAM; C:\Windows\System32\drivers\N360x64\1607000.04C\SymELAM.sys [24192 2015-07-11] (Symantec Corporation) R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [101112 2016-07-09] (Symantec Corporation) R1 SymIRON; C:\Windows\system32\drivers\N360x64\1607000.04C\Ironx64.SYS [291056 2016-06-02] (Symantec Corporation) R1 SymNetS; C:\Windows\System32\Drivers\N360x64\1607000.04C\SYMNETS.SYS [567536 2016-06-02] (Symantec Corporation) R3 TuneUpUtilitiesDrv; C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesDriver64.sys [31144 2015-06-04] (TuneUp Software) S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44568 2015-10-30] (Microsoft Corporation) S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [293216 2015-10-30] (Microsoft Corporation) S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [118112 2015-10-30] (Microsoft Corporation) S3 NAVENG; \??\C:\Program Files (x86)\Norton 360\NortonData\22.5.2.15\Definitions\SDSDefs\20160708.008\ENG64.SYS [X] S3 NAVEX15; \??\C:\Program Files (x86)\Norton 360\NortonData\22.5.2.15\Definitions\SDSDefs\20160708.008\EX64.SYS [X] ==================== NetSvcs (Nicht auf der Ausnahmeliste) =================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.) ==================== Ein Monat: Erstellte Dateien und Ordner ======== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.) 2016-07-11 15:05 - 2016-07-11 15:05 - 00000000 ____D C:\Users\User\Desktop\FRST-OlderVersion 2016-07-11 14:57 - 2016-07-11 14:57 - 00001491 _____ C:\Users\User\Desktop\mbam.txt 2016-07-11 13:59 - 2016-07-11 14:57 - 00192216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys 2016-07-11 13:59 - 2016-07-11 13:59 - 00001179 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2016-07-11 13:59 - 2016-07-11 13:59 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 2016-07-11 13:59 - 2016-07-11 13:59 - 00000000 ____D C:\ProgramData\Malwarebytes 2016-07-11 13:59 - 2016-07-11 13:59 - 00000000 ____D C:\Program Files (x86)\ Malwarebytes Anti-Malware 2016-07-11 13:59 - 2016-03-10 14:09 - 00065408 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys 2016-07-11 13:59 - 2016-03-10 14:08 - 00140672 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamchameleon.sys 2016-07-11 13:59 - 2016-03-10 14:08 - 00027008 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys 2016-07-11 13:55 - 2016-07-11 13:58 - 22851472 _____ (Malwarebytes ) C:\Users\User\Downloads\mbam-setup-2.2.1.1043.exe 2016-07-11 13:39 - 2016-07-11 13:45 - 00000000 ____D C:\AdwCleaner 2016-07-11 13:38 - 2016-07-11 13:39 - 03712064 _____ C:\Users\User\Desktop\AdwCleaner_5.201.exe 2016-07-10 11:18 - 2016-07-10 11:20 - 00047880 _____ C:\Users\User\Desktop\Addition.txt 2016-07-10 11:16 - 2016-07-11 15:08 - 00024874 _____ C:\Users\User\Desktop\FRST.txt 2016-07-10 11:16 - 2016-07-11 15:07 - 00000000 ____D C:\FRST 2016-07-10 11:15 - 2016-07-10 11:15 - 01740288 _____ (Farbar) C:\Users\User\Downloads\FRST.exe 2016-07-10 11:13 - 2016-07-11 15:05 - 02390528 _____ (Farbar) C:\Users\User\Desktop\FRST64.exe 2016-07-10 10:08 - 2016-07-10 10:08 - 03618856 _____ (Facebook Inc.) C:\Users\User\Downloads\ESET_T1051715071531367T_.exe 2016-07-09 21:26 - 2016-07-11 14:56 - 00000000 ____D C:\WINDOWS\System32\Tasks\Norton 360 2016-07-09 21:20 - 2016-07-09 21:20 - 00003376 _____ C:\WINDOWS\System32\Tasks\Norton WSC Integration 2016-07-09 21:20 - 2016-07-09 21:20 - 00002318 _____ C:\Users\Public\Desktop\Norton 360.lnk 2016-07-09 21:10 - 2016-07-09 22:07 - 00000000 ____D C:\Users\User\AppData\Local\NPE 2016-07-09 20:58 - 2016-07-09 20:58 - 00079905 _____ C:\Users\User\Downloads\WiSe 2016-17 Zulassungsantrag Inländer.pdf 2016-07-01 21:35 - 2016-07-01 21:35 - 00202602 _____ C:\Users\User\Documents\Eckardt_Lebenslauf.pdf 2016-07-01 21:34 - 2016-07-01 21:34 - 00088698 _____ C:\Users\User\Documents\Eckardt_Motivationsschreiben.pdf 2016-06-30 19:42 - 2016-06-30 19:43 - 00912480 _____ C:\Users\User\Documents\KATHRIN_Zeugnis_vollst..pdf 2016-06-30 19:27 - 2016-06-30 19:27 - 01098444 _____ C:\Users\User\Documents\KATHRIN_Bewertungsbogen.pdf 2016-06-30 19:27 - 2016-06-30 19:27 - 00643634 _____ C:\Users\User\Documents\KATHRIN_Zertifikat.pdf 2016-06-30 19:27 - 2016-06-30 19:27 - 00484845 _____ C:\Users\User\Documents\KATHRIN_Bescheinigung.pdf 2016-06-26 22:19 - 2016-05-28 08:13 - 01401024 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll 2016-06-26 22:19 - 2016-05-28 08:13 - 00046784 _____ (Microsoft Corporation) C:\WINDOWS\system32\CompatTelRunner.exe 2016-06-26 22:19 - 2016-05-28 07:06 - 22561256 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll 2016-06-26 22:19 - 2016-05-28 06:29 - 22379008 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll 2016-06-26 22:19 - 2016-05-28 06:19 - 24605696 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll 2016-06-26 22:19 - 2016-05-28 06:18 - 11545088 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll 2016-06-26 22:19 - 2016-05-28 06:18 - 07977472 _____ (Microsoft Corporation) C:\WINDOWS\system32\mos.dll 2016-06-26 22:19 - 2016-05-28 06:16 - 19344384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll 2016-06-26 22:19 - 2016-05-28 06:14 - 18674176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll 2016-06-26 22:19 - 2016-05-28 06:06 - 07200256 _____ (Microsoft Corporation) C:\WINDOWS\system32\BingMaps.dll 2016-06-26 22:19 - 2016-05-28 06:04 - 06973952 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll 2016-06-26 22:19 - 2016-05-28 06:00 - 02168320 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll 2016-06-26 22:19 - 2016-05-28 05:58 - 07832576 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll 2016-06-26 22:19 - 2016-04-23 07:09 - 21123320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll 2016-06-26 22:19 - 2016-04-23 07:09 - 05240960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll 2016-06-26 22:19 - 2016-04-23 07:08 - 06605504 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll 2016-06-26 22:19 - 2016-04-23 06:31 - 13018112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll 2016-06-26 22:19 - 2016-04-23 06:28 - 16984576 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll 2016-06-26 22:19 - 2016-04-23 06:05 - 05502976 _____ (Microsoft Corporation) C:\WINDOWS\system32\d2d1.dll 2016-06-26 22:19 - 2016-04-23 06:04 - 04759040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d2d1.dll 2016-06-26 22:19 - 2016-04-23 06:03 - 02000896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.appcore.dll 2016-06-26 22:19 - 2016-04-23 06:02 - 02444288 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.appcore.dll 2016-06-26 22:18 - 2016-05-28 08:13 - 01184960 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll 2016-06-26 22:18 - 2016-05-28 08:13 - 00514752 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll 2016-06-26 22:18 - 2016-05-28 08:13 - 00290496 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll 2016-06-26 22:18 - 2016-05-28 07:22 - 07474528 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe 2016-06-26 22:18 - 2016-05-28 07:09 - 00501600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupEngine.dll 2016-06-26 22:18 - 2016-05-28 07:08 - 00693600 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupEngine.dll 2016-06-26 22:18 - 2016-05-28 07:07 - 03675512 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll 2016-06-26 22:18 - 2016-05-28 07:07 - 02921880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll 2016-06-26 22:18 - 2016-05-28 07:07 - 01322248 _____ (Microsoft Corporation) C:\WINDOWS\system32\ole32.dll 2016-06-26 22:18 - 2016-05-28 07:07 - 00808288 _____ (Microsoft Corporation) C:\WINDOWS\system32\WWAHost.exe 2016-06-26 22:18 - 2016-05-28 07:06 - 04074160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\explorer.exe 2016-06-26 22:18 - 2016-05-28 07:06 - 00303216 _____ (Microsoft Corporation) C:\WINDOWS\system32\LockAppHost.exe 2016-06-26 22:18 - 2016-05-28 07:06 - 00254656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LockAppHost.exe 2016-06-26 22:18 - 2016-05-28 07:05 - 04515264 _____ (Microsoft Corporation) C:\WINDOWS\explorer.exe 2016-06-26 22:18 - 2016-05-28 06:58 - 01996640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys 2016-06-26 22:18 - 2016-05-28 06:58 - 00379232 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\atmfd.dll 2016-06-26 22:18 - 2016-05-28 06:57 - 02548944 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d10warp.dll 2016-06-26 22:18 - 2016-05-28 06:57 - 02195632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d10warp.dll 2016-06-26 22:18 - 2016-05-28 06:57 - 01594416 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32.dll 2016-06-26 22:18 - 2016-05-28 06:57 - 01372312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32.dll 2016-06-26 22:18 - 2016-05-28 06:57 - 00649792 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxgi.dll 2016-06-26 22:18 - 2016-05-28 06:57 - 00636304 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontdrvhost.exe 2016-06-26 22:18 - 2016-05-28 06:57 - 00577376 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys 2016-06-26 22:18 - 2016-05-28 06:57 - 00521664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxgi.dll 2016-06-26 22:18 - 2016-05-28 06:57 - 00316256 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\atmfd.dll 2016-06-26 22:18 - 2016-05-28 06:35 - 00123392 _____ (Microsoft Corporation) C:\WINDOWS\system32\tdlrecover.exe 2016-06-26 22:18 - 2016-05-28 06:31 - 00091648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tdlrecover.exe 2016-06-26 22:18 - 2016-05-28 06:19 - 00567808 _____ (Microsoft Corporation) C:\WINDOWS\system32\MBMediaManager.dll 2016-06-26 22:18 - 2016-05-28 06:18 - 00460800 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapConfiguration.dll 2016-06-26 22:18 - 2016-05-28 06:18 - 00380416 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemEventsBrokerServer.dll 2016-06-26 22:18 - 2016-05-28 06:17 - 09918976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll 2016-06-26 22:18 - 2016-05-28 06:17 - 00963072 _____ (Microsoft Corporation) C:\WINDOWS\system32\iphlpsvc.dll 2016-06-26 22:18 - 2016-05-28 06:16 - 00592896 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppContracts.dll 2016-06-26 22:18 - 2016-05-28 06:16 - 00503808 _____ (Microsoft Corporation) C:\WINDOWS\system32\tileobjserver.dll 2016-06-26 22:18 - 2016-05-28 06:15 - 00853504 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsStore.dll 2016-06-26 22:18 - 2016-05-28 06:15 - 00794624 _____ (Microsoft Corporation) C:\WINDOWS\system32\winhttp.dll 2016-06-26 22:18 - 2016-05-28 06:14 - 01716736 _____ (Microsoft Corporation) C:\WINDOWS\system32\SRHInproc.dll 2016-06-26 22:18 - 2016-05-28 06:14 - 00988160 _____ (Microsoft Corporation) C:\WINDOWS\system32\NMAA.dll 2016-06-26 22:18 - 2016-05-28 06:14 - 00606208 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll 2016-06-26 22:18 - 2016-05-28 06:13 - 01387520 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys 2016-06-26 22:18 - 2016-05-28 06:13 - 00990208 _____ (Microsoft Corporation) C:\WINDOWS\system32\SharedStartModel.dll 2016-06-26 22:18 - 2016-05-28 06:13 - 00939520 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapControlCore.dll 2016-06-26 22:18 - 2016-05-28 06:11 - 00504320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll 2016-06-26 22:18 - 2016-05-28 06:08 - 13385728 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll 2016-06-26 22:18 - 2016-05-28 06:08 - 06295552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mos.dll 2016-06-26 22:18 - 2016-05-28 06:06 - 12128256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll 2016-06-26 22:18 - 2016-05-28 06:06 - 01339904 _____ (Microsoft Corporation) C:\WINDOWS\system32\gpsvc.dll 2016-06-26 22:18 - 2016-05-28 06:05 - 03994624 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_nt.dll 2016-06-26 22:18 - 2016-05-28 06:05 - 03664896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll 2016-06-26 22:18 - 2016-05-28 06:05 - 02582016 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFMediaEngine.dll 2016-06-26 22:18 - 2016-05-28 06:05 - 01797120 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Immersive.dll 2016-06-26 22:18 - 2016-05-28 06:03 - 05323776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll 2016-06-26 22:18 - 2016-05-28 06:03 - 05205504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BingMaps.dll 2016-06-26 22:18 - 2016-05-28 06:03 - 02609664 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetworkMobileSettings.dll 2016-06-26 22:18 - 2016-05-28 06:03 - 01185280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LocationFramework.dll 2016-06-26 22:18 - 2016-05-28 06:02 - 03590144 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys 2016-06-26 22:18 - 2016-05-28 06:02 - 02061824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFMediaEngine.dll 2016-06-26 22:18 - 2016-05-28 06:02 - 01534464 _____ (Microsoft Corporation) C:\WINDOWS\system32\LocationFramework.dll 2016-06-26 22:18 - 2016-05-28 06:01 - 01799680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Logon.dll 2016-06-26 22:18 - 2016-05-28 06:01 - 01582080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Immersive.dll 2016-06-26 22:18 - 2016-05-28 06:00 - 05660160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll 2016-06-26 22:18 - 2016-05-28 06:00 - 03585536 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettingsThresholdAdminFlowUI.dll 2016-06-26 22:18 - 2016-05-28 06:00 - 02635776 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Logon.dll 2016-06-26 22:18 - 2016-05-28 06:00 - 01730560 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll 2016-06-26 22:18 - 2016-05-28 06:00 - 01707520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ActiveSyncProvider.dll 2016-06-26 22:18 - 2016-05-28 05:58 - 04896256 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll 2016-06-26 22:18 - 2016-05-28 05:58 - 02066432 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.dll 2016-06-26 22:18 - 2016-05-28 05:58 - 01996288 _____ (Microsoft Corporation) C:\WINDOWS\system32\ActiveSyncProvider.dll 2016-06-26 22:18 - 2016-05-28 05:57 - 02281472 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll 2016-06-26 22:18 - 2016-05-28 05:55 - 01390080 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Shell.dll 2016-06-26 22:18 - 2016-05-05 06:50 - 00215040 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepic.dll 2016-06-26 22:18 - 2016-04-23 08:12 - 00713920 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll 2016-06-26 22:18 - 2016-04-23 08:12 - 00190144 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceCensus.exe 2016-06-26 22:18 - 2016-04-23 07:28 - 01557768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll 2016-06-26 22:18 - 2016-04-23 07:28 - 01542816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll 2016-06-26 22:18 - 2016-04-23 07:24 - 01997328 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll 2016-06-26 22:18 - 2016-04-23 07:24 - 01819208 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll 2016-06-26 22:18 - 2016-04-23 07:24 - 00754664 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreMessaging.dll 2016-06-26 22:18 - 2016-04-23 07:22 - 01161120 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpcrt4.dll 2016-06-26 22:18 - 2016-04-23 07:12 - 00925064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfplat.dll 2016-06-26 22:18 - 2016-04-23 07:12 - 00451928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFCaptureEngine.dll 2016-06-26 22:18 - 2016-04-23 07:12 - 00413536 _____ (Microsoft Corporation) C:\WINDOWS\system32\wifitask.exe 2016-06-26 22:18 - 2016-04-23 07:11 - 01092464 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfplat.dll 2016-06-26 22:18 - 2016-04-23 07:11 - 00498960 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFCaptureEngine.dll 2016-06-26 22:18 - 2016-04-23 07:09 - 00569744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SHCore.dll 2016-06-26 22:18 - 2016-04-23 07:09 - 00565600 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncHost.exe 2016-06-26 22:18 - 2016-04-23 07:09 - 00465760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncHost.exe 2016-06-26 22:18 - 2016-04-23 07:08 - 00725776 _____ (Microsoft Corporation) C:\WINDOWS\system32\SHCore.dll 2016-06-26 22:18 - 2016-04-23 07:07 - 01848072 _____ (Microsoft Corporation) C:\WINDOWS\system32\crypt32.dll 2016-06-26 22:18 - 2016-04-23 07:07 - 01536088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\crypt32.dll 2016-06-26 22:18 - 2016-04-23 07:06 - 00291360 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininit.exe 2016-06-26 22:18 - 2016-04-23 07:02 - 00188256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppxAllUserStore.dll 2016-06-26 22:18 - 2016-04-23 07:01 - 00619296 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d10level9.dll 2016-06-26 22:18 - 2016-04-23 07:01 - 00513368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d10level9.dll 2016-06-26 22:18 - 2016-04-23 07:01 - 00393568 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys 2016-06-26 22:18 - 2016-04-23 07:00 - 01776768 _____ (Microsoft Corporation) C:\WINDOWS\system32\WindowsCodecs.dll 2016-06-26 22:18 - 2016-04-23 07:00 - 01522152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WindowsCodecs.dll 2016-06-26 22:18 - 2016-04-23 07:00 - 01399224 _____ (Microsoft Corporation) C:\WINDOWS\system32\user32.dll 2016-06-26 22:18 - 2016-04-23 07:00 - 00550656 _____ (Microsoft Corporation) C:\WINDOWS\system32\directmanipulation.dll 2016-06-26 22:18 - 2016-04-23 07:00 - 00453472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\directmanipulation.dll 2016-06-26 22:18 - 2016-04-23 06:56 - 00534872 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBHUB3.SYS 2016-06-26 22:18 - 2016-04-23 06:25 - 00630784 _____ (Microsoft Corporation) C:\WINDOWS\system32\PhoneProviders.dll 2016-06-26 22:18 - 2016-04-23 06:25 - 00210432 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcmcsp.dll 2016-06-26 22:18 - 2016-04-23 06:24 - 00689152 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieproxy.dll 2016-06-26 22:18 - 2016-04-23 06:24 - 00292864 _____ (Microsoft Corporation) C:\WINDOWS\system32\provengine.dll 2016-06-26 22:18 - 2016-04-23 06:24 - 00287232 _____ (Microsoft Corporation) C:\WINDOWS\system32\provhandlers.dll 2016-06-26 22:18 - 2016-04-23 06:24 - 00181248 _____ (Microsoft Corporation) C:\WINDOWS\system32\shacct.dll 2016-06-26 22:18 - 2016-04-23 06:21 - 00479232 _____ (Microsoft Corporation) C:\WINDOWS\system32\schannel.dll 2016-06-26 22:18 - 2016-04-23 06:20 - 00606720 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcmsvc.dll 2016-06-26 22:18 - 2016-04-23 06:20 - 00484352 _____ (Microsoft Corporation) C:\WINDOWS\system32\DataSenseHandlers.dll 2016-06-26 22:18 - 2016-04-23 06:20 - 00356864 _____ (Microsoft Corporation) C:\WINDOWS\system32\ActivationManager.dll 2016-06-26 22:18 - 2016-04-23 06:19 - 00970752 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll 2016-06-26 22:18 - 2016-04-23 06:19 - 00440320 _____ (Microsoft Corporation) C:\WINDOWS\system32\CredProvDataModel.dll 2016-06-26 22:18 - 2016-04-23 06:18 - 00870400 _____ (Microsoft Corporation) C:\WINDOWS\system32\modernexecserver.dll 2016-06-26 22:18 - 2016-04-23 06:18 - 00804352 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll 2016-06-26 22:18 - 2016-04-23 06:18 - 00585728 _____ (Microsoft Corporation) C:\WINDOWS\system32\winlogon.exe 2016-06-26 22:18 - 2016-04-23 06:18 - 00515072 _____ (Microsoft Corporation) C:\WINDOWS\system32\OneDriveSettingSyncProvider.dll 2016-06-26 22:18 - 2016-04-23 06:18 - 00471552 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupShim.dll 2016-06-26 22:18 - 2016-04-23 06:17 - 01213440 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwansvc.dll 2016-06-26 22:18 - 2016-04-23 06:17 - 00529920 _____ (Microsoft Corporation) C:\WINDOWS\system32\LogonController.dll 2016-06-26 22:18 - 2016-04-23 06:17 - 00388608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\schannel.dll 2016-06-26 22:18 - 2016-04-23 06:16 - 01319424 _____ (Microsoft Corporation) C:\WINDOWS\system32\wifinetworkmanager.dll 2016-06-26 22:18 - 2016-04-23 06:16 - 00848896 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll 2016-06-26 22:18 - 2016-04-23 06:15 - 00865792 _____ (Microsoft Corporation) C:\WINDOWS\system32\AzureSettingSyncProvider.dll 2016-06-26 22:18 - 2016-04-23 06:15 - 00792064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll 2016-06-26 22:18 - 2016-04-23 06:15 - 00673280 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.dll 2016-06-26 22:18 - 2016-04-23 06:15 - 00400896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\OneDriveSettingSyncProvider.dll 2016-06-26 22:18 - 2016-04-23 06:15 - 00348672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CredProvDataModel.dll 2016-06-26 22:18 - 2016-04-23 06:14 - 00870912 _____ (Microsoft Corporation) C:\WINDOWS\system32\MPSSVC.dll 2016-06-26 22:18 - 2016-04-23 06:14 - 00821760 _____ (Microsoft Corporation) C:\WINDOWS\system32\TokenBroker.dll 2016-06-26 22:18 - 2016-04-23 06:14 - 00647680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll 2016-06-26 22:18 - 2016-04-23 06:14 - 00354304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupShim.dll 2016-06-26 22:18 - 2016-04-23 06:13 - 00705536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll 2016-06-26 22:18 - 2016-04-23 06:13 - 00489984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.dll 2016-06-26 22:18 - 2016-04-23 06:13 - 00434688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LogonController.dll 2016-06-26 22:18 - 2016-04-23 06:12 - 00667648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AzureSettingSyncProvider.dll 2016-06-26 22:18 - 2016-04-23 06:10 - 00639488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TokenBroker.dll 2016-06-26 22:18 - 2016-04-23 06:05 - 01946112 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll 2016-06-26 22:18 - 2016-04-23 06:05 - 01626624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmcore.dll 2016-06-26 22:18 - 2016-04-23 06:05 - 00613376 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSync.dll 2016-06-26 22:18 - 2016-04-23 06:03 - 02193408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\actxprxy.dll 2016-06-26 22:18 - 2016-04-23 06:03 - 00754176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncCore.dll 2016-06-26 22:18 - 2016-04-23 06:03 - 00503296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSync.dll 2016-06-26 22:18 - 2016-04-23 06:01 - 04775424 _____ (Microsoft Corporation) C:\WINDOWS\system32\actxprxy.dll 2016-06-26 22:18 - 2016-04-23 06:00 - 00984576 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncCore.dll 2016-06-26 22:18 - 2016-04-23 05:45 - 00461824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CoreMessaging.dll 2016-06-26 22:17 - 2016-05-28 08:13 - 00092352 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll 2016-06-26 22:17 - 2016-05-28 07:25 - 04268880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\setupapi.dll 2016-06-26 22:17 - 2016-05-28 07:23 - 00388384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ws2_32.dll 2016-06-26 22:17 - 2016-05-28 07:23 - 00312160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mswsock.dll 2016-06-26 22:17 - 2016-05-28 07:22 - 04387680 _____ (Microsoft Corporation) C:\WINDOWS\system32\setupapi.dll 2016-06-26 22:17 - 2016-05-28 07:22 - 00428896 _____ (Microsoft Corporation) C:\WINDOWS\system32\hal.dll 2016-06-26 22:17 - 2016-05-28 07:22 - 00211296 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tpm.sys 2016-06-26 22:17 - 2016-05-28 07:22 - 00118624 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\partmgr.sys 2016-06-26 22:17 - 2016-05-28 07:20 - 00430312 _____ (Microsoft Corporation) C:\WINDOWS\system32\ws2_32.dll 2016-06-26 22:17 - 2016-05-28 07:18 - 00357216 _____ (Microsoft Corporation) C:\WINDOWS\system32\mswsock.dll 2016-06-26 22:17 - 2016-05-28 07:16 - 00026408 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe 2016-06-26 22:17 - 2016-05-28 07:09 - 00170848 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetworkUXBroker.exe 2016-06-26 22:17 - 2016-05-28 07:09 - 00084832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupApi.dll 2016-06-26 22:17 - 2016-05-28 07:08 - 00258912 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ufx01000.sys 2016-06-26 22:17 - 2016-05-28 07:08 - 00115040 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupApi.dll 2016-06-26 22:17 - 2016-05-28 07:07 - 00957608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ole32.dll 2016-06-26 22:17 - 2016-05-28 07:07 - 00703840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WWAHost.exe 2016-06-26 22:17 - 2016-05-28 07:07 - 00331616 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pci.sys 2016-06-26 22:17 - 2016-05-28 07:06 - 00730344 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Shell.Broker.dll 2016-06-26 22:17 - 2016-05-28 07:04 - 00604928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys 2016-06-26 22:17 - 2016-05-28 07:04 - 00431296 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcryptprimitives.dll 2016-06-26 22:17 - 2016-05-28 07:04 - 00360480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\bcryptprimitives.dll 2016-06-26 22:17 - 2016-05-28 07:04 - 00161632 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecpkg.sys 2016-06-26 22:17 - 2016-05-28 07:04 - 00111064 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncryptsslp.dll 2016-06-26 22:17 - 2016-05-28 07:04 - 00097096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ncryptsslp.dll 2016-06-26 22:17 - 2016-05-28 07:03 - 00131248 _____ (Microsoft Corporation) C:\WINDOWS\system32\gpapi.dll 2016-06-26 22:17 - 2016-05-28 06:57 - 00546456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontdrvhost.exe 2016-06-26 22:17 - 2016-05-28 06:35 - 00089088 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsCSP.dll 2016-06-26 22:17 - 2016-05-28 06:35 - 00031744 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dumpsdport.sys 2016-06-26 22:17 - 2016-05-28 06:31 - 00088576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\olepro32.dll 2016-06-26 22:17 - 2016-05-28 06:31 - 00066560 _____ (Microsoft Corporation) C:\WINDOWS\system32\MosHostClient.dll 2016-06-26 22:17 - 2016-05-28 06:29 - 00079360 _____ (Microsoft Corporation) C:\WINDOWS\system32\adhsvc.dll 2016-06-26 22:17 - 2016-05-28 06:29 - 00045568 _____ (Adobe Systems) C:\WINDOWS\system32\atmlib.dll 2016-06-26 22:17 - 2016-05-28 06:29 - 00019456 _____ (Microsoft Corporation) C:\WINDOWS\system32\httpprxp.dll 2016-06-26 22:17 - 2016-05-28 06:28 - 00166400 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotification.exe 2016-06-26 22:17 - 2016-05-28 06:28 - 00118272 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontsub.dll 2016-06-26 22:17 - 2016-05-28 06:28 - 00090112 _____ (Microsoft Corporation) C:\WINDOWS\system32\FwRemoteSvr.dll 2016-06-26 22:17 - 2016-05-28 06:27 - 00050176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MosHostClient.dll 2016-06-26 22:17 - 2016-05-28 06:27 - 00028672 _____ (Microsoft Corporation) C:\WINDOWS\system32\mapsupdatetask.dll 2016-06-26 22:17 - 2016-05-28 06:26 - 00199168 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallAgent.exe 2016-06-26 22:17 - 2016-05-28 06:26 - 00157184 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmcertinst.exe 2016-06-26 22:17 - 2016-05-28 06:26 - 00145920 _____ (Microsoft Corporation) C:\WINDOWS\system32\omadmclient.exe 2016-06-26 22:17 - 2016-05-28 06:26 - 00120320 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsBtSvc.dll 2016-06-26 22:17 - 2016-05-28 06:26 - 00074752 _____ (Microsoft Corporation) C:\WINDOWS\system32\MosStorage.dll 2016-06-26 22:17 - 2016-05-28 06:25 - 00037376 _____ (Adobe Systems) C:\WINDOWS\SysWOW64\atmlib.dll 2016-06-26 22:17 - 2016-05-28 06:24 - 00218624 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdd.dll 2016-06-26 22:17 - 2016-05-28 06:24 - 00124928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\Ndu.sys 2016-06-26 22:17 - 2016-05-28 06:24 - 00093696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontsub.dll 2016-06-26 22:17 - 2016-05-28 06:24 - 00091136 _____ (Microsoft Corporation) C:\WINDOWS\system32\browserbroker.dll 2016-06-26 22:17 - 2016-05-28 06:24 - 00086528 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppCapture.dll 2016-06-26 22:17 - 2016-05-28 06:24 - 00072704 _____ (Microsoft Corporation) C:\WINDOWS\system32\moshost.dll 2016-06-26 22:17 - 2016-05-28 06:24 - 00067072 _____ (Microsoft Corporation) C:\WINDOWS\system32\dhcpcsvc6.dll 2016-06-26 22:17 - 2016-05-28 06:24 - 00053760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\FwRemoteSvr.dll 2016-06-26 22:17 - 2016-05-28 06:23 - 00155136 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hidclass.sys 2016-06-26 22:17 - 2016-05-28 06:23 - 00086016 _____ (Microsoft Corporation) C:\WINDOWS\system32\dhcpcsvc.dll 2016-06-26 22:17 - 2016-05-28 06:22 - 00406528 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusUpdateHandlers.dll 2016-06-26 22:17 - 2016-05-28 06:22 - 00368640 _____ (Microsoft Corporation) C:\WINDOWS\system32\usocore.dll 2016-06-26 22:17 - 2016-05-28 06:22 - 00278528 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\netbt.sys 2016-06-26 22:17 - 2016-05-28 06:22 - 00269824 _____ (Microsoft Corporation) C:\WINDOWS\system32\moshostcore.dll 2016-06-26 22:17 - 2016-05-28 06:22 - 00163328 _____ (Microsoft Corporation) C:\WINDOWS\system32\tetheringservice.dll 2016-06-26 22:17 - 2016-05-28 06:22 - 00161280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallAgent.exe 2016-06-26 22:17 - 2016-05-28 06:22 - 00087040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapsBtSvc.dll 2016-06-26 22:17 - 2016-05-28 06:22 - 00079872 _____ (Microsoft Corporation) C:\WINDOWS\system32\cryptsvc.dll 2016-06-26 22:17 - 2016-05-28 06:22 - 00059904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MosStorage.dll 2016-06-26 22:17 - 2016-05-28 06:21 - 00550912 _____ (Microsoft Corporation) C:\WINDOWS\system32\StoreAgent.dll 2016-06-26 22:17 - 2016-05-28 06:21 - 00239104 _____ (Microsoft Corporation) C:\WINDOWS\system32\BrokerLib.dll 2016-06-26 22:17 - 2016-05-28 06:21 - 00207360 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupSvc.dll 2016-06-26 22:17 - 2016-05-28 06:21 - 00190464 _____ (Microsoft Corporation) C:\WINDOWS\system32\wscsvc.dll 2016-06-26 22:17 - 2016-05-28 06:20 - 00641536 _____ (Microsoft Corporation) C:\WINDOWS\system32\enterprisecsps.dll 2016-06-26 22:17 - 2016-05-28 06:20 - 00511488 _____ (Microsoft Corporation) C:\WINDOWS\system32\newdev.dll 2016-06-26 22:17 - 2016-05-28 06:20 - 00332288 _____ (Microsoft Corporation) C:\WINDOWS\system32\polstore.dll 2016-06-26 22:17 - 2016-05-28 06:20 - 00267264 _____ (Microsoft Corporation) C:\WINDOWS\system32\dhcpcore6.dll 2016-06-26 22:17 - 2016-05-28 06:20 - 00199168 _____ (Microsoft Corporation) C:\WINDOWS\system32\GnssAdapter.dll 2016-06-26 22:17 - 2016-05-28 06:20 - 00174080 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_Privacy.dll 2016-06-26 22:17 - 2016-05-28 06:20 - 00057344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dhcpcsvc6.dll 2016-06-26 22:17 - 2016-05-28 06:19 - 00764928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll 2016-06-26 22:17 - 2016-05-28 06:19 - 00414720 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcastdvr.exe 2016-06-26 22:17 - 2016-05-28 06:19 - 00355840 _____ (Microsoft Corporation) C:\WINDOWS\system32\dhcpcore.dll 2016-06-26 22:17 - 2016-05-28 06:19 - 00064000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dhcpcsvc.dll 2016-06-26 22:17 - 2016-05-28 06:18 - 00610816 _____ (Microsoft Corporation) C:\WINDOWS\system32\rastls.dll 2016-06-26 22:17 - 2016-05-28 06:18 - 00591360 _____ (Microsoft Corporation) C:\WINDOWS\system32\vpnike.dll 2016-06-26 22:17 - 2016-05-28 06:18 - 00392192 _____ (Microsoft Corporation) C:\WINDOWS\system32\IPSECSVC.DLL 2016-06-26 22:17 - 2016-05-28 06:18 - 00285184 _____ (Microsoft Corporation) C:\WINDOWS\system32\VEEventDispatcher.dll 2016-06-26 22:17 - 2016-05-28 06:17 - 00630784 _____ (Microsoft Corporation) C:\WINDOWS\system32\MessagingDataModel2.dll 2016-06-26 22:17 - 2016-05-28 06:17 - 00485888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\newdev.dll 2016-06-26 22:17 - 2016-05-28 06:17 - 00415232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\StoreAgent.dll 2016-06-26 22:17 - 2016-05-28 06:17 - 00315392 _____ (Microsoft Corporation) C:\WINDOWS\system32\RDXTaskFactory.dll 2016-06-26 22:17 - 2016-05-28 06:17 - 00278016 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Management.dll 2016-06-26 22:17 - 2016-05-28 06:17 - 00173056 _____ (Microsoft Corporation) C:\WINDOWS\system32\mdmmigrator.dll 2016-06-26 22:17 - 2016-05-28 06:16 - 00690176 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srv2.sys 2016-06-26 22:17 - 2016-05-28 06:16 - 00684544 _____ (Microsoft Corporation) C:\WINDOWS\system32\StructuredQuery.dll 2016-06-26 22:17 - 2016-05-28 06:16 - 00406528 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srv.sys 2016-06-26 22:17 - 2016-05-28 06:16 - 00291328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\polstore.dll 2016-06-26 22:17 - 2016-05-28 06:16 - 00230400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dhcpcore6.dll 2016-06-26 22:17 - 2016-05-28 06:15 - 01056256 _____ (Microsoft Corporation) C:\WINDOWS\system32\JpMapControl.dll 2016-06-26 22:17 - 2016-05-28 06:15 - 00535040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rastls.dll 2016-06-26 22:17 - 2016-05-28 06:15 - 00349696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapConfiguration.dll 2016-06-26 22:17 - 2016-05-28 06:15 - 00293888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dhcpcore.dll 2016-06-26 22:17 - 2016-05-28 06:15 - 00237056 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srvnet.sys 2016-06-26 22:17 - 2016-05-28 06:14 - 00965632 _____ (Microsoft Corporation) C:\WINDOWS\system32\SRH.dll 2016-06-26 22:17 - 2016-05-28 06:14 - 00784384 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll 2016-06-26 22:17 - 2016-05-28 06:14 - 00499712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MessagingDataModel2.dll 2016-06-26 22:17 - 2016-05-28 06:14 - 00219136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\VEEventDispatcher.dll 2016-06-26 22:17 - 2016-05-28 06:14 - 00200192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Internal.Management.dll 2016-06-26 22:17 - 2016-05-28 06:13 - 00982016 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxPackaging.dll 2016-06-26 22:17 - 2016-05-28 06:13 - 00587776 _____ (Microsoft Corporation) C:\WINDOWS\system32\bisrv.dll 2016-06-26 22:17 - 2016-05-28 06:13 - 00467456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppContracts.dll 2016-06-26 22:17 - 2016-05-28 06:12 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\JpMapControl.dll 2016-06-26 22:17 - 2016-05-28 06:12 - 00614400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winhttp.dll 2016-06-26 22:17 - 2016-05-28 06:12 - 00521728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\StructuredQuery.dll 2016-06-26 22:17 - 2016-05-28 06:11 - 01445888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SRHInproc.dll 2016-06-26 22:17 - 2016-05-28 06:11 - 00890368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppxPackaging.dll 2016-06-26 22:17 - 2016-05-28 06:11 - 00799744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SRH.dll 2016-06-26 22:17 - 2016-05-28 06:11 - 00784896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NMAA.dll 2016-06-26 22:17 - 2016-05-28 06:11 - 00711680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapControlCore.dll 2016-06-26 22:17 - 2016-05-28 06:11 - 00687616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll 2016-06-26 22:17 - 2016-05-28 06:11 - 00128512 _____ (Microsoft Corporation) C:\WINDOWS\system32\httpprxm.dll 2016-06-26 22:17 - 2016-05-28 06:09 - 01073152 _____ (Microsoft Corporation) C:\WINDOWS\system32\RDXService.dll 2016-06-26 22:17 - 2016-05-28 06:04 - 00555520 _____ (Microsoft Corporation) C:\WINDOWS\system32\SyncController.dll 2016-06-26 22:17 - 2016-05-28 06:04 - 00450560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SyncController.dll 2016-06-26 22:17 - 2016-05-28 06:03 - 00693760 _____ (Microsoft Corporation) C:\WINDOWS\system32\internetmail.dll 2016-06-26 22:17 - 2016-05-28 06:03 - 00417792 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmenrollengine.dll 2016-06-26 22:17 - 2016-05-28 06:02 - 00103424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\updatepolicy.dll 2016-06-26 22:17 - 2016-05-28 06:01 - 01500160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll 2016-06-26 22:17 - 2016-05-28 06:01 - 00111104 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatepolicy.dll 2016-06-26 22:17 - 2016-05-28 06:00 - 02230272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll 2016-06-26 22:17 - 2016-05-28 06:00 - 00162816 _____ (Microsoft Corporation) C:\WINDOWS\system32\enrollmentapi.dll 2016-06-26 22:17 - 2016-05-28 06:00 - 00151040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mdmregistration.dll 2016-06-26 22:17 - 2016-05-28 06:00 - 00090624 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceEnroller.exe 2016-06-26 22:17 - 2016-05-28 05:59 - 00176640 _____ (Microsoft Corporation) C:\WINDOWS\system32\mdmregistration.dll 2016-06-26 22:17 - 2016-05-28 05:58 - 02755584 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll 2016-06-26 22:17 - 2016-05-28 05:53 - 00076800 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngcpopkeysrv.dll 2016-06-26 22:17 - 2016-05-06 06:53 - 00095072 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sdport.sys 2016-06-26 22:17 - 2016-05-06 06:05 - 00241664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cryptngc.dll 2016-06-26 22:17 - 2016-05-06 06:03 - 00649216 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngcsvc.dll 2016-06-26 22:17 - 2016-05-06 05:53 - 00351232 _____ (Microsoft Corporation) C:\WINDOWS\system32\NgcCtnr.dll 2016-06-26 22:17 - 2016-05-06 05:49 - 00289792 _____ (Microsoft Corporation) C:\WINDOWS\system32\NgcCtnrSvc.dll 2016-06-26 22:17 - 2016-05-06 05:44 - 00582656 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngccredprov.dll 2016-06-26 22:17 - 2016-05-06 05:43 - 00320000 _____ (Microsoft Corporation) C:\WINDOWS\system32\cryptngc.dll 2016-06-26 22:17 - 2016-04-23 07:26 - 00707608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rpcrt4.dll 2016-06-26 22:17 - 2016-04-23 07:24 - 00638816 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\fvevol.sys 2016-06-26 22:17 - 2016-04-23 07:24 - 00335712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\fastfat.sys 2016-06-26 22:17 - 2016-04-23 07:24 - 00099680 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pdc.sys 2016-06-26 22:17 - 2016-04-23 07:13 - 00306832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wlanapi.dll 2016-06-26 22:17 - 2016-04-23 07:11 - 00390496 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlanapi.dll 2016-06-26 22:17 - 2016-04-23 07:11 - 00131424 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ufxsynopsys.sys 2016-06-26 22:17 - 2016-04-23 07:07 - 00204048 _____ (Microsoft Corporation) C:\WINDOWS\system32\rsaenh.dll 2016-06-26 22:17 - 2016-04-23 07:07 - 00183904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rsaenh.dll 2016-06-26 22:17 - 2016-04-23 07:01 - 00217440 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxAllUserStore.dll 2016-06-26 22:17 - 2016-04-23 07:00 - 01337240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\user32.dll 2016-06-26 22:17 - 2016-04-23 07:00 - 00058208 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwminit.dll 2016-06-26 22:17 - 2016-04-23 06:34 - 00067072 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbser.sys 2016-06-26 22:17 - 2016-04-23 06:34 - 00059392 _____ (Microsoft Corporation) C:\WINDOWS\system32\hmkd.dll 2016-06-26 22:17 - 2016-04-23 06:34 - 00048128 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups.dll 2016-06-26 22:17 - 2016-04-23 06:33 - 00089600 _____ (Microsoft Corporation) C:\WINDOWS\system32\NFCProvisioningPlugin.dll 2016-06-26 22:17 - 2016-04-23 06:33 - 00063488 _____ (Microsoft Corporation) C:\WINDOWS\system32\wshbth.dll 2016-06-26 22:17 - 2016-04-23 06:33 - 00063488 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\UcmCx.sys 2016-06-26 22:17 - 2016-04-23 06:33 - 00038400 _____ (Microsoft Corporation) C:\WINDOWS\system32\ByteCodeGenerator.exe 2016-06-26 22:17 - 2016-04-23 06:32 - 00134656 _____ (Microsoft Corporation) C:\WINDOWS\system32\wificonnapi.dll 2016-06-26 22:17 - 2016-04-23 06:32 - 00069632 _____ (Microsoft Corporation) C:\WINDOWS\system32\EnterpriseDesktopAppMgmtCSP.dll 2016-06-26 22:17 - 2016-04-23 06:29 - 00192000 _____ (Microsoft Corporation) C:\WINDOWS\system32\provisioningcsp.dll 2016-06-26 22:17 - 2016-04-23 06:29 - 00151040 _____ (Microsoft Corporation) C:\WINDOWS\system32\VEStoreEventHandlers.dll 2016-06-26 22:17 - 2016-04-23 06:29 - 00087552 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\filecrypt.sys 2016-06-26 22:17 - 2016-04-23 06:29 - 00087040 _____ (Microsoft Corporation) C:\WINDOWS\system32\MDMAppInstaller.exe 2016-06-26 22:17 - 2016-04-23 06:29 - 00047104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\hmkd.dll 2016-06-26 22:17 - 2016-04-23 06:29 - 00031232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ByteCodeGenerator.exe 2016-06-26 22:17 - 2016-04-23 06:29 - 00023552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wups.dll 2016-06-26 22:17 - 2016-04-23 06:28 - 00130560 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudDomainJoinDataModelServer.dll 2016-06-26 22:17 - 2016-04-23 06:28 - 00127488 _____ (Microsoft Corporation) C:\WINDOWS\system32\VEDataLayerHelpers.dll 2016-06-26 22:17 - 2016-04-23 06:28 - 00104448 _____ (Microsoft Corporation) C:\WINDOWS\system32\BluetoothApis.dll 2016-06-26 22:17 - 2016-04-23 06:28 - 00051712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wshbth.dll 2016-06-26 22:17 - 2016-04-23 06:27 - 00039424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wfdprov.dll 2016-06-26 22:17 - 2016-04-23 06:26 - 00086528 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpdbusenum.dll 2016-06-26 22:17 - 2016-04-23 06:25 - 00617984 _____ (Microsoft Corporation) C:\WINDOWS\system32\StorSvc.dll 2016-06-26 22:17 - 2016-04-23 06:24 - 00166400 _____ (Microsoft Corporation) C:\WINDOWS\system32\SubscriptionMgr.dll 2016-06-26 22:17 - 2016-04-23 06:24 - 00084480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\VEDataLayerHelpers.dll 2016-06-26 22:17 - 2016-04-23 06:23 - 00279040 _____ (Microsoft Corporation) C:\WINDOWS\system32\ListSvc.dll 2016-06-26 22:17 - 2016-04-23 06:23 - 00179712 _____ (Microsoft Corporation) C:\WINDOWS\system32\BrowserSettingSync.dll 2016-06-26 22:17 - 2016-04-23 06:23 - 00080896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BluetoothApis.dll 2016-06-26 22:17 - 2016-04-23 06:20 - 00307200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieproxy.dll 2016-06-26 22:17 - 2016-04-23 06:20 - 00137728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shacct.dll 2016-06-26 22:17 - 2016-04-23 06:19 - 00395264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wlansec.dll 2016-06-26 22:17 - 2016-04-23 06:19 - 00140800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BrowserSettingSync.dll 2016-06-26 22:17 - 2016-04-23 06:18 - 00436736 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentClient.dll 2016-06-26 22:17 - 2016-04-23 06:17 - 00337920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wlanmsm.dll 2016-06-26 22:17 - 2016-04-23 06:14 - 00342528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppXDeploymentClient.dll 2016-06-26 22:17 - 2016-04-23 06:07 - 00848896 _____ (Microsoft Corporation) C:\WINDOWS\system32\samsrv.dll 2016-06-26 22:16 - 2016-04-23 04:10 - 00002186 _____ C:\WINDOWS\system32\AppxProvisioning.xml 2016-06-26 22:16 - 2016-04-19 00:30 - 00002186 _____ C:\WINDOWS\SysWOW64\AppxProvisioning.xml 2016-06-25 19:13 - 2016-06-25 19:13 - 00000000 ____D C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox ==================== Ein Monat: Geänderte Dateien und Ordner ======== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.) 2016-07-11 15:08 - 2013-08-26 13:09 - 00001128 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job 2016-07-11 14:59 - 2015-07-19 15:48 - 00001230 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskUserS-1-5-21-3611015324-1233358662-1118214824-1001UA.job 2016-07-11 14:59 - 2015-07-19 15:47 - 00001178 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskUserS-1-5-21-3611015324-1233358662-1118214824-1001Core.job 2016-07-11 14:53 - 2014-07-30 11:40 - 00000000 ____D C:\Users\User\AppData\Local\Spotify 2016-07-11 14:53 - 2014-07-30 11:39 - 00000000 ____D C:\Users\User\AppData\Roaming\Spotify 2016-07-11 14:53 - 2013-10-13 16:28 - 00000000 ___RD C:\Users\User\Dropbox 2016-07-11 14:53 - 2013-08-26 22:03 - 00000000 ____D C:\Users\User\AppData\Roaming\Skype 2016-07-11 14:50 - 2015-12-19 20:16 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT 2016-07-11 14:49 - 2015-10-30 09:24 - 00000000 ___RD C:\WINDOWS\PurchaseDialog 2016-07-11 14:49 - 2015-10-30 08:28 - 00524288 ___SH C:\WINDOWS\system32\config\BBI 2016-07-11 13:38 - 2015-10-30 09:24 - 00000000 ___HD C:\Program Files\WindowsApps 2016-07-11 13:38 - 2015-10-30 09:24 - 00000000 ____D C:\WINDOWS\AppReadiness 2016-07-11 13:34 - 2014-11-11 21:15 - 00004148 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{DCD59A3D-4FFF-4314-8D40-5076CE6C6899} 2016-07-11 13:32 - 2015-01-19 19:06 - 00004562 _____ C:\WINDOWS\System32\Tasks\Adobe Acrobat Update Task 2016-07-10 11:38 - 2016-03-25 22:51 - 00000000 ____D C:\WINDOWS\System32\Tasks\Remediation 2016-07-10 10:50 - 2015-10-30 09:24 - 00000000 ___HD C:\WINDOWS\ELAMBKUP 2016-07-09 21:31 - 2013-02-25 22:38 - 00000000 ____D C:\ProgramData\Norton 2016-07-09 21:29 - 2013-12-18 17:28 - 00000000 ____D C:\Users\User\AppData\Local\CrashDumps 2016-07-09 21:26 - 2015-12-19 20:10 - 01799166 _____ C:\WINDOWS\system32\PerfStringBackup.INI 2016-07-09 21:26 - 2015-10-30 20:35 - 00776766 _____ C:\WINDOWS\system32\perfh007.dat 2016-07-09 21:26 - 2015-10-30 20:35 - 00155544 _____ C:\WINDOWS\system32\perfc007.dat 2016-07-09 21:26 - 2015-10-30 09:21 - 00000000 ____D C:\WINDOWS\INF 2016-07-09 21:24 - 2016-05-06 17:00 - 00000000 ___RD C:\Program Files (x86)\Skype 2016-07-09 21:24 - 2013-08-26 22:02 - 00000000 ____D C:\ProgramData\Skype 2016-07-09 21:21 - 2013-08-23 23:09 - 00000000 __RHD C:\Users\Public\AccountPictures 2016-07-09 21:20 - 2015-08-25 10:23 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton 360 2016-07-09 21:20 - 2013-08-26 14:49 - 00000000 ____D C:\WINDOWS\system32\Drivers\N360x64 2016-07-09 21:19 - 2015-12-19 19:44 - 00265464 _____ C:\WINDOWS\system32\FNTCACHE.DAT 2016-07-09 21:14 - 2015-10-30 20:44 - 00000000 ____D C:\Program Files\Windows Journal 2016-07-09 21:14 - 2015-10-30 09:24 - 00000000 ___SD C:\WINDOWS\system32\DiagSvcs 2016-07-09 21:14 - 2015-10-30 09:24 - 00000000 ____D C:\WINDOWS\system32\SystemResetPlatform 2016-07-09 21:14 - 2015-10-30 09:24 - 00000000 ____D C:\WINDOWS\system32\oobe 2016-07-09 21:14 - 2015-10-30 09:24 - 00000000 ____D C:\WINDOWS\system32\appraiser 2016-07-09 21:14 - 2015-10-30 09:24 - 00000000 ____D C:\WINDOWS\Provisioning 2016-07-09 21:14 - 2015-10-30 09:24 - 00000000 ____D C:\WINDOWS\bcastdvr 2016-07-09 21:13 - 2015-10-30 09:24 - 00015703 _____ C:\WINDOWS\system32\OEMDefaultAssociations.xml 2016-07-09 20:29 - 2015-10-30 08:28 - 00065536 ___SH C:\WINDOWS\system32\config\ELAM 2016-07-09 20:28 - 2013-08-26 14:49 - 00101112 _____ (Symantec Corporation) C:\WINDOWS\system32\Drivers\SYMEVENT64x86.SYS 2016-07-09 20:28 - 2013-08-26 14:49 - 00008270 _____ C:\WINDOWS\system32\Drivers\SYMEVENT64x86.CAT 2016-06-30 18:09 - 2015-10-30 09:11 - 00000000 ____D C:\WINDOWS\CbsTemp 2016-06-30 18:03 - 2013-08-26 15:50 - 00000000 ____D C:\WINDOWS\system32\MRT 2016-06-30 17:49 - 2013-08-26 15:50 - 142482544 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe 2016-06-29 09:48 - 2013-08-23 23:12 - 00000000 ____D C:\Users\User\AppData\Local\Packages 2016-06-28 01:13 - 2013-08-26 15:19 - 00002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk 2016-06-28 01:11 - 2016-02-28 13:53 - 00000000 ____D C:\Users\User\AppData\Local\Deployment 2016-06-27 21:53 - 2016-04-14 19:20 - 00005374 _____ C:\WINDOWS\System32\Tasks\Microsoft Office 15 Sync Maintenance for ACER-User Acer 2016-06-27 21:25 - 2015-07-19 15:47 - 00000000 ____D C:\Users\User\AppData\Local\Dropbox 2016-06-26 21:54 - 2013-08-26 13:12 - 00002268 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk 2016-06-26 21:54 - 2013-08-26 13:12 - 00002256 _____ C:\Users\Public\Desktop\Google Chrome.lnk 2016-06-25 19:13 - 2013-10-13 16:25 - 00000000 ____D C:\Users\User\AppData\Roaming\Dropbox 2016-06-25 19:03 - 2013-08-26 13:09 - 00004186 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA 2016-06-25 19:03 - 2013-08-26 13:09 - 00003954 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore 2016-06-25 19:03 - 2013-08-26 13:09 - 00001124 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job 2016-06-25 18:58 - 2015-12-29 21:48 - 00002422 _____ C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk 2016-06-25 18:58 - 2014-10-27 10:48 - 00000000 ___RD C:\Users\User\OneDrive 2016-06-14 20:33 - 2015-10-30 09:26 - 00828408 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe 2016-06-14 20:33 - 2015-10-30 09:26 - 00176632 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl Einige Dateien in TEMP: ==================== C:\Users\User\AppData\Local\Temp\libeay32.dll C:\Users\User\AppData\Local\Temp\msvcr120.dll C:\Users\User\AppData\Local\Temp\sqlite3.dll ==================== Bamital & volsnap ================= (Es ist kein automatischer Fix für Dateien vorhanden, die an der Verifikation gescheitert sind.) C:\WINDOWS\system32\winlogon.exe => Datei ist digital signiert C:\WINDOWS\system32\wininit.exe => Datei ist digital signiert C:\WINDOWS\explorer.exe => Datei ist digital signiert C:\WINDOWS\SysWOW64\explorer.exe => Datei ist digital signiert C:\WINDOWS\system32\svchost.exe => Datei ist digital signiert C:\WINDOWS\SysWOW64\svchost.exe => Datei ist digital signiert C:\WINDOWS\system32\services.exe => Datei ist digital signiert C:\WINDOWS\system32\User32.dll => Datei ist digital signiert C:\WINDOWS\SysWOW64\User32.dll => Datei ist digital signiert C:\WINDOWS\system32\userinit.exe => Datei ist digital signiert C:\WINDOWS\SysWOW64\userinit.exe => Datei ist digital signiert C:\WINDOWS\system32\rpcss.dll => Datei ist digital signiert C:\WINDOWS\system32\dnsapi.dll => Datei ist digital signiert C:\WINDOWS\SysWOW64\dnsapi.dll => Datei ist digital signiert C:\WINDOWS\system32\Drivers\volsnap.sys => Datei ist digital signiert LastRegBack: 2016-03-30 18:17 ==================== Ende von FRST.txt ============================ |
11.07.2016, 14:12 | #7 |
| 2.Code:
ATTFilter Zusätzliches Untersuchungsergebnis von Farbar Recovery Scan Tool (x64) Version: 10-07-2016 01 durchgeführt von User (2016-07-11 15:09:31) Gestartet von C:\Users\User\Desktop Windows 10 Home Version 1511 (X64) (2015-12-20 19:29:06) Start-Modus: Normal ========================================================== ==================== Konten: ============================= Administrator (S-1-5-21-3611015324-1233358662-1118214824-500 - Administrator - Disabled) DefaultAccount (S-1-5-21-3611015324-1233358662-1118214824-503 - Limited - Disabled) Gast (S-1-5-21-3611015324-1233358662-1118214824-501 - Limited - Disabled) HomeGroupUser$ (S-1-5-21-3611015324-1233358662-1118214824-1003 - Limited - Enabled) User (S-1-5-21-3611015324-1233358662-1118214824-1001 - Administrator - Enabled) => C:\Users\User ==================== Sicherheits-Center ======================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er entfernt.) AV: Norton 360 Online (Enabled - Up to date) {53C7D717-52E2-B95E-FA61-6F32ECC805DB} AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: Norton 360 Online (Enabled - Up to date) {E8A636F3-74D8-B6D0-C0D1-5440974F4F66} FW: Norton 360 Online (Enabled) {6BFC5632-188D-B806-D13E-C607121B42A0} ==================== Installierte Programme ====================== (Nur Adware-Programme mit dem Zusatz "Hidden" können in die Fixlist aufgenommen werden, um sie sichtbar zu machen. Die Adware-Programme sollten manuell deinstalliert werden.) Acer Backup Manager (HKLM-x32\...\InstallShield_{9DDDF20E-9FD1-4434-A43E-E7889DBC9420}) (Version: 4.0.0.0071 - NTI Corporation) Acer Device Fast-lane (HKLM\...\{3F62D2FD-13C1-49A2-8B5D-47623D9460D7}) (Version: 1.00.3011 - Acer Incorporated) Acer Power Management (HKLM\...\{91F52DE4-B789-42B0-9311-A349F10E5479}) (Version: 7.00.3011 - Acer Incorporated) Acer Recovery Management (HKLM\...\{07F2005A-8CAC-4A4B-83A2-DA98A722CA61}) (Version: 6.00.3015 - Acer Incorporated) AcerCloud (HKLM-x32\...\{A5AD0B17-F34D-49BE-A157-C8B3D52ACD13}) (Version: 2.01.3125 - Acer Incorporated) AcerCloud Docs (HKLM-x32\...\{CA4FE8B0-298C-4E5D-A486-F33B126D6A0A}) (Version: 1.00.3204 - Acer Incorporated) Adobe Reader XI (11.0.16) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.16 - Adobe Systems Incorporated) Agatha Christie - Death on the Nile (x32 Version: 2.2.0.98 - WildTangent) Hidden Aloha TriPeaks (x32 Version: 2.2.0.98 - WildTangent) Hidden Apple Application Support (HKLM-x32\...\{AAC5D43E-816D-4C2D-8E51-55FFF35BE301}) (Version: 3.0.1 - Apple Inc.) Apple Mobile Device Support (HKLM\...\{787136D2-F0F8-4625-AA3F-72D7795AC842}) (Version: 7.1.1.3 - Apple Inc.) Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.) Backup Manager v4 (x32 Version: 4.0.0.0071 - NTI Corporation) Hidden Bejeweled 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.) Broadcom 802.11 Network Adapter (HKLM\...\Broadcom 802.11 Network Adapter) (Version: 6.30.59.96 - Broadcom Corporation) Broadcom Card Reader Driver Installer (HKLM\...\{F0A7DF2F-0BE0-470F-B137-D7A19F977189}) (Version: 15.4.7.1 - Broadcom Corporation) clear.fi Media (HKLM-x32\...\{E9AF1707-3F3A-49E2-8345-4F2D629D0876}) (Version: 2.01.3112 - Acer Incorporated) clear.fi Photo (HKLM-x32\...\{B5AD89F2-03D3-4206-8487-018298007DD0}) (Version: 2.01.3109 - Acer Incorporated) clear.fi SDK - Video 2 (x32 Version: 2.1.2128 - CyberLink Corp.) Hidden clear.fi SDK- Movie 2 (x32 Version: 2.1.2112 - CyberLink Corp.) Hidden CyberLink MediaEspresso 6.5 (HKLM-x32\...\InstallShield_{E3739848-5329-48E3-8D28-5BBD6E8BE384}) (Version: 6.5.3318_45364 - CyberLink Corp.) Delicious: Emily's True Love Premium Edition (x32 Version: 2.2.0.98 - WildTangent) Hidden Dritek Radio Controller (HKLM-x32\...\RadioController) (Version: 2.02.2001.0803 - Dritek System Inc.) Dropbox (HKU\S-1-5-21-3611015324-1233358662-1118214824-1001\...\Dropbox) (Version: 5.4.24 - Dropbox, Inc.) eBay Worldwide (HKLM-x32\...\{A694AF57-9891-4D62-824C-7E55A1361A14}) (Version: 2.3.0630 - OEM) Free YouTube to MP3 Converter version 3.12.61.805 (HKLM-x32\...\Free YouTube to MP3 Converter_is1) (Version: 3.12.61.805 - DVDVideoSoft Ltd.) Google Chrome (HKLM-x32\...\Google Chrome) (Version: 51.0.2704.103 - Google Inc.) Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden Google Update Helper (x32 Version: 1.3.30.3 - Google Inc.) Hidden Governor of Poker 2 Premium Edition (x32 Version: 2.2.0.110 - WildTangent) Hidden Identity Card (HKLM-x32\...\{3D9CB654-99AD-4301-89C6-0D12A790767C}) (Version: 2.00.3004 - Acer Incorporated) Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1252 - Intel Corporation) Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.4229 - Intel Corporation) Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.5.4.1001 - Intel Corporation) Intel(R) SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 2.0.0.37149 - Intel Corporation) Island Tribe (x32 Version: 2.2.0.98 - WildTangent) Hidden iTunes (HKLM\...\{B8BA155B-1E75-405F-9CB4-8A99615D09DC}) (Version: 11.1.5.5 - Apple Inc.) Jewel Match 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden John Deere Drive Green (x32 Version: 2.2.0.95 - WildTangent) Hidden Launch Manager (HKLM-x32\...\LManager) (Version: 7.0.10 - Acer Inc.) Live Updater (HKLM-x32\...\{EE26E302-876A-48D9-9058-3129E5B99999}) (Version: 2.00.3006 - Acer Incorporated) Magic Academy (x32 Version: 2.2.0.98 - WildTangent) Hidden Malwarebytes Anti-Malware Version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes) Microsoft Office Home and Student 2013 - de-de (HKLM\...\HomeStudentRetail - de-de) (Version: 15.0.4420.1017 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) MyWinLocker (Version: 4.0.14.35 - Egis Technology Inc.) Hidden MyWinLocker 4 (x32 Version: 4.0.14.35 - Egis Technology Inc.) Hidden MyWinLocker Suite (HKLM-x32\...\InstallShield_{17DF9714-60C9-43C9-A9C2-32BCAED44CBE}) (Version: 4.0.14.24 - Egis Technology Inc.) MyWinLocker Suite (x32 Version: 4.0.14.24 - Egis Technology Inc.) Hidden Norton 360 Online (HKLM-x32\...\N360) (Version: 22.7.0.76 - Symantec Corporation) Norton Online Backup (HKLM-x32\...\{40A66DF6-22D3-44B5-A7D3-83B118A2C0DC}) (Version: 2.2.3.51r - Symantec Corporation) Norton Online Backup ARA (x32 Version: 4.1.0.14 - Symantec Corporation) Hidden NTI Media Maker 9 (HKLM-x32\...\InstallShield_{D3D5C4E8-040F-4C6F-8105-41D43CF94F44}) (Version: 9.0.2.9014 - NTI Corporation) NTI Media Maker 9 (x32 Version: 9.0.2.9014 - NTI Corporation) Hidden Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4420.1017 - Microsoft Corporation) Hidden Office 15 Click-to-Run Licensing Component (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4420.1017 - Microsoft Corporation) Hidden Office Addin (HKLM-x32\...\{6D2BBE1D-E600-4695-BA37-0B0E605542CC}) (Version: 2.01.3202 - Acer) Office Addin 2003 (HKLM-x32\...\{1FCC073B-CC01-4443-AD20-E559F66E6E83}) (Version: 2.01.3202 - Acer) OpenOffice 4.0.1 (HKLM-x32\...\{0AEC308E-7EB3-47F7-BB59-F2C9C6166B27}) (Version: 4.01.9714 - Apache Software Foundation) Penguins! (x32 Version: 2.2.0.98 - WildTangent) Hidden Plants vs. Zombies - Game of the Year (x32 Version: 2.2.0.98 - WildTangent) Hidden Polar Bowler (x32 Version: 2.2.0.97 - WildTangent) Hidden RAMRush 1.0.6.917 (HKLM-x32\...\RAMRush_is1) (Version: - FTweak, Inc.) Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6657 - Realtek Semiconductor Corp.) Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee) Shredder (Version: 2.0.8.9 - Egis Technology Inc.) Hidden Shredder (x32 Version: 2.0.8.9 - Egis Technology Inc.) Hidden Skype™ 7.24 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.24.104 - Skype Technologies S.A.) Spotify (HKU\S-1-5-21-3611015324-1233358662-1118214824-1001\...\Spotify) (Version: 1.0.32.96.g3c8a06e6 - Spotify AB) Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 16.3.4.0 - Synaptics Incorporated) Tales of Lagoona (x32 Version: 2.2.0.110 - WildTangent) Hidden TuneUp Utilities 2014 (de-DE) (x32 Version: 14.0.1000.353 - TuneUp Software) Hidden TuneUp Utilities 2014 (HKLM-x32\...\TuneUp Utilities) (Version: 14.0.1000.353 - TuneUp Software) TuneUp Utilities 2014 (x32 Version: 14.0.1000.353 - TuneUp Software) Hidden Update Installer for WildTangent Games App (x32 Version: - WildTangent) Hidden Visual Studio 2005 Tools for Office Second Edition Runtime (HKLM-x32\...\Microsoft Visual Studio 2005 Tools for Office Runtime) (Version: - Microsoft Corporation) Visual Studio Tools for the Office system 3.0 Runtime (HKLM-x32\...\Visual Studio Tools for the Office system 3.0 Runtime) (Version: - Microsoft Corporation) Visual Studio Tools for the Office system 3.0 Runtime Service Pack 1 (KB949258) (HKLM-x32\...\{8FB53850-246A-3507-8ADE-0060093FFEA6}.KB949258) (Version: 1 - Microsoft Corporation) WildTangent Games (HKLM-x32\...\WildTangent wildgames Master Uninstall) (Version: 1.0.3.0 - WildTangent) WildTangent Games App (x32 Version: 4.0.9.3 - WildTangent) Hidden Zuma's Revenge (x32 Version: 2.2.0.98 - WildTangent) Hidden ==================== Benutzerdefinierte CLSID (Nicht auf der Ausnahmeliste): ========================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.) CustomCLSID: HKU\S-1-5-21-3611015324-1233358662-1118214824-1001_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\User\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-3611015324-1233358662-1118214824-1001_Classes\CLSID\{71DCE5D6-4B57-496B-AC21-CD5B54EB93FD}\localserver32 -> C:\Users\User\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\FileCoAuth.exe (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-3611015324-1233358662-1118214824-1001_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Users\User\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-3611015324-1233358662-1118214824-1001_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\User\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-3611015324-1233358662-1118214824-1001_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\User\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-3611015324-1233358662-1118214824-1001_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\User\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-3611015324-1233358662-1118214824-1001_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\User\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-3611015324-1233358662-1118214824-1001_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\User\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-3611015324-1233358662-1118214824-1001_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\User\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-3611015324-1233358662-1118214824-1001_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\User\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-3611015324-1233358662-1118214824-1001_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\User\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-3611015324-1233358662-1118214824-1001_Classes\CLSID\{FBC9D74C-AF55-4309-9FB2-C426E071637F}\InprocServer32 -> C:\Users\User\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll (Dropbox, Inc.) ==================== Geplante Aufgaben (Nicht auf der Ausnahmeliste) ============= (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.) Task: {046688CC-4B43-4D74-A451-D08700B74F2A} - System32\Tasks\TuneUpUtilities_Task_BkGndMaintenance2013 => C:\Program Files (x86)\TuneUp Utilities 2014\OneClick.exe [2015-06-25] (TuneUp Software) Task: {075E6464-D615-463B-B752-909788CEB392} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton 360\Engine\22.7.0.76\WSCStub.exe [2016-06-17] (Symantec Corporation) Task: {1C328BFD-46E6-4C82-A91C-08C7482A3922} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> Keine Datei <==== ACHTUNG Task: {214FE432-9C57-4BFE-9B32-9131CA66F82F} - System32\Tasks\DeviceDetector => C:\Program Files (x86)\CyberLink\MediaEspresso\DeviceDetector\DeviceDetector.exe [2012-09-20] (CyberLink) Task: {2BDC52DF-A2AD-49C7-B687-150222317393} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> Keine Datei <==== ACHTUNG Task: {2CD232FE-4C98-46C7-86F6-3D8D66B96C47} - System32\Tasks\Remediation\AntimalwareMigrationTask => C:\Program Files\Common Files\AV\Norton 360 Online\Upgrade.exe [2016-06-17] (Symantec Corporation) Task: {31E215B9-C5F4-4DF1-9AC2-24EA592CAC46} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> Keine Datei <==== ACHTUNG Task: {35A208E0-97E8-4D64-AF25-6F56074AF25E} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> Keine Datei <==== ACHTUNG Task: {379165B1-6343-4F41-9BA9-1E70AD840E17} - System32\Tasks\CreateChoiceProcessTask => C:\Windows\BrowserChoice\browserchoice.exe Task: {4379264D-F433-46DD-A857-020CCC076024} - System32\Tasks\EgisUpdate => C:\Program Files\EgisTec IPS\EgisUpdate.exe [2012-07-12] (Egis Technology Inc.) Task: {4478FB8E-90F3-418F-946B-62602945B7C6} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> Keine Datei <==== ACHTUNG Task: {4CC312B7-6E38-48D7-968B-5A32EF6DE919} - System32\Tasks\ALUAgent => C:\Program Files (x86)\Acer\Live Updater\liveupdater_agent.exe [2012-06-21] () Task: {4D18E2D9-104F-472E-A673-8036D38BBC5A} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> Keine Datei <==== ACHTUNG Task: {4EA08CD1-86B7-4BE9-BFB3-31BCF54E8D7F} - System32\Tasks\Microsoft Office 15 Sync Maintenance for ACER-User Acer => C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe [2014-03-11] (Microsoft Corporation) Task: {5973892A-E570-48C2-942D-80BCF9A53397} - System32\Tasks\ALU => C:\Program Files (x86)\Acer\Live Updater\updater.exe [2012-11-06] () Task: {6766702A-C537-4579-BA54-D9B2D925D239} - System32\Tasks\Norton 360\Norton Autofix => C:\Program Files (x86)\Norton 360\Engine\22.7.0.76\SymErr.exe [2016-05-23] (Symantec Corporation) Task: {6C0E30EC-2666-4F80-81C0-D265C538D6FB} - System32\Tasks\Norton 360\Norton Error Processor => C:\Program Files (x86)\Norton 360\Engine\22.7.0.76\SymErr.exe [2016-05-23] (Symantec Corporation) Task: {71382CCE-3495-474A-8EA9-2BD716B079B6} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-06-25] (Adobe Systems Incorporated) Task: {9FFE074C-1021-4654-9DC0-E1255043070D} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.) Task: {A5F4E48E-0C60-4D0D-84BA-AEE156E06DB4} - System32\Tasks\Norton 360\Norton Error Analyzer => C:\Program Files (x86)\Norton 360\Engine\22.7.0.76\SymErr.exe [2016-05-23] (Symantec Corporation) Task: {A8A58F57-FD04-45DB-A916-5374CE3EF4CB} - System32\Tasks\Recovery Management\Notification => C:\Program Files\Acer\Acer Recovery Management\Notification\Notification.exe [2012-11-19] (Acer Incorporated) Task: {AB41A195-4680-426E-8D48-F4ACCB4B352B} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2016-06-30] (Microsoft Corporation) Task: {AF3FB1BB-CB83-46E7-835E-F2CB41BCF827} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-3611015324-1233358662-1118214824-1001Core => C:\Users\User\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2015-07-19] (Dropbox, Inc.) Task: {B1956237-1BFA-4329-9A37-100D9DF82601} - System32\Tasks\{F5118D15-6F7D-4D14-9828-FC6FA600303B} => Chrome.exe hxxp://ui.skype.com/ui/0/6.7.0.102/de/abandoninstall?source=lightinstaller&page=tsMain Task: {B48AB2E4-8436-434A-B6B8-1DF71CD741B4} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> Keine Datei <==== ACHTUNG Task: {BA8FED5C-8DA7-4BE8-B0B8-5C0C31F44BF1} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> Keine Datei <==== ACHTUNG Task: {BC739124-C819-4392-9388-122BEB7B05AA} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-3611015324-1233358662-1118214824-1001UA => C:\Users\User\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2015-07-19] (Dropbox, Inc.) Task: {C8BCA89D-2F1C-42BA-AB64-1B827FC84EF1} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-31] (Google Inc.) Task: {CC2ACB65-AA4F-4E60-AD80-89B74177035D} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> Keine Datei <==== ACHTUNG Task: {D2F1FDBE-B65E-4961-A069-7E6DBE6148BD} - System32\Tasks\Power Management => C:\Program Files\Acer\Acer Power Management\ePowerTray.exe [2012-10-23] (Acer Incorporated) Task: {DACCD18A-6C25-42C6-B946-959A8C0E6817} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> Keine Datei <==== ACHTUNG Task: {E0B223BD-1991-4785-AAFA-88408E24A80A} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2013-12-17] (Microsoft Corporation) Task: {E41081EF-E4F4-4539-8EAC-F4267E0D8B04} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-31] (Google Inc.) Task: {E68DE6BF-A61B-40BA-9006-BC6326D1B81D} - System32\Tasks\PMMUpdate => C:\Program Files\EgisTec IPS\PMMUpdate.exe [2012-07-12] (Egis Technology Inc.) (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Aufgabe verschoben. Die Datei, die durch die Aufgabe gestartet wird, wird nicht verschoben.) Task: C:\WINDOWS\Tasks\DropboxUpdateTaskUserS-1-5-21-3611015324-1233358662-1118214824-1001Core.job => C:\Users\User\AppData\Local\Dropbox\Update\DropboxUpdate.exe Task: C:\WINDOWS\Tasks\DropboxUpdateTaskUserS-1-5-21-3611015324-1233358662-1118214824-1001UA.job => C:\Users\User\AppData\Local\Dropbox\Update\DropboxUpdate.exe Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\WINDOWS\Tasks\Synaptics TouchPad Enhancements.job => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe ==================== Verknüpfungen ============================= (Die Einträge können gelistet werden, um sie zurückzusetzen oder zu entfernen.) Shortcut: C:\Users\User\Favorites\Acer\Acer.lnk -> hxxp://www.acer.com/ (Keine Datei) Shortcut: C:\Users\Public\Desktop\Online kaufen.lnk -> hxxp://go.acer.com/?id=13400+C:\Program Files\Accessory Store\AStore.ico (Keine Datei) ==================== Geladene Module (Nicht auf der Ausnahmeliste) ============== 2015-10-30 09:18 - 2015-10-30 09:18 - 00185856 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll 2014-03-11 20:24 - 2013-10-31 18:13 - 00102568 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll 2014-03-11 20:15 - 2014-01-02 19:41 - 00621736 _____ () C:\Program Files\Microsoft Office 15\ClientX64\StreamServer.dll 2015-06-25 07:53 - 2015-06-25 07:53 - 00699704 _____ () C:\Program Files (x86)\TuneUp Utilities 2014\avgrepliba.dll 2016-04-14 18:06 - 2016-03-29 12:20 - 02656952 _____ () C:\WINDOWS\system32\CoreUIComponents.dll 2016-04-14 18:06 - 2016-03-29 12:20 - 02656952 _____ () C:\WINDOWS\System32\CoreUIComponents.dll 2016-06-25 18:57 - 2016-06-25 18:57 - 00959168 _____ () C:\Users\User\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\amd64\ClientTelemetry.dll 2016-06-26 22:17 - 2016-05-28 05:53 - 00591360 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll 2015-12-19 19:38 - 2015-12-19 19:38 - 00093696 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\Windows.UI.Shell.SharedUtilities.dll 2016-06-26 22:17 - 2016-04-23 06:25 - 00472064 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\QuickActions.dll 2016-06-26 22:18 - 2016-05-28 05:59 - 07992832 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll 2016-06-26 22:18 - 2016-05-28 05:54 - 02483200 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll 2016-06-26 22:19 - 2016-05-28 05:56 - 04089856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll 2015-06-01 22:00 - 2015-06-01 22:00 - 00102912 _____ () C:\Windows\System32\IccLibDll_x64.dll 2014-02-12 20:58 - 2014-02-12 20:58 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll 2014-02-12 20:58 - 2014-02-12 20:58 - 01044808 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll 2012-11-03 02:38 - 2012-11-03 02:38 - 00465384 _____ () C:\Program Files (x86)\NTI\Acer Backup Manager\sqlite3.dll 2012-11-03 02:37 - 2012-11-03 02:37 - 00125504 _____ () C:\Program Files (x86)\NTI\Acer Backup Manager\MailConverter32.dll 2012-11-03 02:38 - 2012-11-03 02:38 - 00155712 _____ () C:\Program Files (x86)\NTI\Acer Backup Manager\VolumeSnapshot.dll 2012-11-03 02:37 - 2012-11-03 02:37 - 00118336 _____ () C:\Program Files (x86)\NTI\Acer Backup Manager\Online.dll 2012-11-03 02:37 - 2012-11-03 02:37 - 01081408 _____ () C:\Program Files (x86)\NTI\Acer Backup Manager\ACE.dll 2012-11-03 02:37 - 2012-11-03 02:37 - 00052288 _____ () C:\Program Files (x86)\NTI\Acer Backup Manager\OsSettingPort.dll 2012-11-03 02:37 - 2012-11-03 02:37 - 00727616 _____ () C:\Program Files (x86)\NTI\Acer Backup Manager\OutlookShadow.dll 2015-03-15 12:14 - 2016-07-09 21:23 - 52042352 _____ () C:\Users\User\AppData\Roaming\Spotify\libcef.dll 2016-06-25 18:57 - 2016-06-25 18:57 - 00679624 _____ () C:\Users\User\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\ClientTelemetry.dll 2014-03-11 20:15 - 2014-03-11 20:15 - 00309376 _____ () C:\Program Files\Microsoft Office 15\root\office15\AppVIsvStream32.dll 2016-06-25 19:12 - 2016-05-25 19:03 - 00034768 _____ () C:\Users\User\AppData\Roaming\Dropbox\bin\_multiprocessing.pyd 2016-06-25 19:12 - 2016-05-25 19:03 - 00134088 _____ () C:\Users\User\AppData\Roaming\Dropbox\bin\pyexpat.pyd 2016-06-25 19:12 - 2016-05-25 19:04 - 00019408 _____ () C:\Users\User\AppData\Roaming\Dropbox\bin\faulthandler.pyd 2016-06-25 19:12 - 2016-05-25 19:03 - 00116688 _____ () C:\Users\User\AppData\Roaming\Dropbox\bin\pywintypes27.dll 2016-06-25 19:12 - 2016-05-25 19:03 - 00093640 _____ () C:\Users\User\AppData\Roaming\Dropbox\bin\_ctypes.pyd 2016-06-25 19:12 - 2016-05-25 19:03 - 00018376 _____ () C:\Users\User\AppData\Roaming\Dropbox\bin\select.pyd 2016-06-25 19:12 - 2016-06-13 22:13 - 00019760 _____ () C:\Users\User\AppData\Roaming\Dropbox\bin\tornado.speedups.pyd 2016-06-25 19:12 - 2016-05-25 19:05 - 00105928 _____ () C:\Users\User\AppData\Roaming\Dropbox\bin\win32api.pyd 2016-06-25 19:12 - 2016-05-25 19:03 - 00392144 _____ () C:\Users\User\AppData\Roaming\Dropbox\bin\pythoncom27.dll 2016-06-25 19:12 - 2016-06-13 22:13 - 00381752 _____ () C:\Users\User\AppData\Roaming\Dropbox\bin\win32com.shell.shell.pyd 2016-06-25 19:12 - 2016-05-25 19:03 - 00692688 _____ () C:\Users\User\AppData\Roaming\Dropbox\bin\unicodedata.pyd 2016-06-25 19:12 - 2016-06-13 22:13 - 00020816 _____ () C:\Users\User\AppData\Roaming\Dropbox\bin\cryptography.hazmat.bindings._constant_time.pyd 2016-06-25 19:12 - 2016-05-25 19:04 - 00123856 _____ () C:\Users\User\AppData\Roaming\Dropbox\bin\_cffi_backend.pyd 2016-06-25 19:12 - 2016-06-13 22:13 - 01682760 _____ () C:\Users\User\AppData\Roaming\Dropbox\bin\cryptography.hazmat.bindings._openssl.pyd 2016-06-25 19:12 - 2016-06-13 22:13 - 00020808 _____ () C:\Users\User\AppData\Roaming\Dropbox\bin\cryptography.hazmat.bindings._padding.pyd 2016-06-25 19:12 - 2016-06-13 22:13 - 00021840 _____ () C:\Users\User\AppData\Roaming\Dropbox\bin\_cffi_unicode_environ_win32_x8bf8e68bx9968e850.pyd 2016-06-25 19:12 - 2016-06-13 22:13 - 00052024 _____ () C:\Users\User\AppData\Roaming\Dropbox\bin\psutil._psutil_windows.pyd 2016-06-25 19:12 - 2016-06-13 22:13 - 00038696 _____ () C:\Users\User\AppData\Roaming\Dropbox\bin\fastpath.pyd 2016-06-25 19:12 - 2016-05-25 19:05 - 00020936 _____ () C:\Users\User\AppData\Roaming\Dropbox\bin\mmapfile.pyd 2016-06-25 19:12 - 2016-05-25 19:05 - 00024528 _____ () C:\Users\User\AppData\Roaming\Dropbox\bin\win32event.pyd 2016-06-25 19:12 - 2016-05-25 19:05 - 00114640 _____ () C:\Users\User\AppData\Roaming\Dropbox\bin\win32security.pyd 2016-06-25 19:12 - 2016-05-25 19:05 - 00124880 _____ () C:\Users\User\AppData\Roaming\Dropbox\bin\win32file.pyd 2016-06-25 19:12 - 2016-06-13 22:13 - 00021832 _____ () C:\Users\User\AppData\Roaming\Dropbox\bin\_cffi_pywin_kernel32_x64d8f881xc8c369be.pyd 2016-06-25 19:12 - 2016-05-25 19:05 - 00024016 _____ () C:\Users\User\AppData\Roaming\Dropbox\bin\win32clipboard.pyd 2016-06-25 19:12 - 2016-05-25 19:05 - 00175560 _____ () C:\Users\User\AppData\Roaming\Dropbox\bin\win32gui.pyd 2016-06-25 19:12 - 2016-05-25 19:05 - 00030160 _____ () C:\Users\User\AppData\Roaming\Dropbox\bin\win32pipe.pyd 2016-06-25 19:12 - 2016-05-25 19:05 - 00043472 _____ () C:\Users\User\AppData\Roaming\Dropbox\bin\win32process.pyd 2016-06-25 19:12 - 2016-05-25 19:05 - 00048592 _____ () C:\Users\User\AppData\Roaming\Dropbox\bin\win32service.pyd 2016-06-25 19:12 - 2016-06-13 22:13 - 00023872 _____ () C:\Users\User\AppData\Roaming\Dropbox\bin\winffi.kernel32._winffi_kernel32.pyd 2016-06-25 19:12 - 2016-06-13 22:13 - 00026456 _____ () C:\Users\User\AppData\Roaming\Dropbox\bin\dropbox.infinite.win.compiled._driverinstallation.pyd 2016-06-25 19:12 - 2016-05-25 19:05 - 00057808 _____ () C:\Users\User\AppData\Roaming\Dropbox\bin\win32evtlog.pyd 2016-06-25 19:12 - 2016-05-25 19:05 - 00024016 _____ () C:\Users\User\AppData\Roaming\Dropbox\bin\win32profile.pyd 2016-06-25 19:12 - 2016-06-13 22:13 - 00246592 _____ () C:\Users\User\AppData\Roaming\Dropbox\bin\breakpad.client.windows.handler.pyd 2016-06-25 19:12 - 2016-05-25 19:05 - 00028616 _____ () C:\Users\User\AppData\Roaming\Dropbox\bin\win32ts.pyd 2016-06-25 19:12 - 2016-06-13 22:13 - 00020800 _____ () C:\Users\User\AppData\Roaming\Dropbox\bin\winffi.iphlpapi._winffi_iphlpapi.pyd 2016-06-25 19:12 - 2016-06-13 22:13 - 00019776 _____ () C:\Users\User\AppData\Roaming\Dropbox\bin\winffi.winerror._winffi_winerror.pyd 2016-06-25 19:12 - 2016-06-13 22:13 - 00020800 _____ () C:\Users\User\AppData\Roaming\Dropbox\bin\winffi.wininet._winffi_wininet.pyd 2016-06-25 19:12 - 2016-05-25 19:03 - 00134608 _____ () C:\Users\User\AppData\Roaming\Dropbox\bin\_elementtree.pyd 2016-06-25 19:12 - 2016-05-25 19:04 - 00240584 _____ () C:\Users\User\AppData\Roaming\Dropbox\bin\jpegtran.pyd 2016-06-25 19:12 - 2016-06-13 22:13 - 00020280 _____ () C:\Users\User\AppData\Roaming\Dropbox\bin\cpuid.compiled._cpuid.pyd 2016-06-25 19:12 - 2016-06-13 22:13 - 00023376 _____ () C:\Users\User\AppData\Roaming\Dropbox\bin\winscreenshot.compiled._CaptureScreenshot.pyd 2016-06-25 19:12 - 2016-05-25 19:05 - 00350152 _____ () C:\Users\User\AppData\Roaming\Dropbox\bin\winxpgui.pyd 2016-06-25 19:12 - 2016-06-13 22:13 - 00022352 _____ () C:\Users\User\AppData\Roaming\Dropbox\bin\winverifysignature.compiled._VerifySignature.pyd 2016-06-25 19:12 - 2016-06-13 22:13 - 00024392 _____ () C:\Users\User\AppData\Roaming\Dropbox\bin\librsyncffi.compiled._librsyncffi.pyd 2016-06-25 19:12 - 2016-05-25 19:05 - 00036296 _____ () C:\Users\User\AppData\Roaming\Dropbox\bin\librsync.dll 2016-06-25 19:12 - 2016-06-13 22:13 - 00031568 _____ () C:\Users\User\AppData\Roaming\Dropbox\bin\enterprise_data.compiled._enterprise_data.pyd 2016-06-25 19:12 - 2016-03-12 02:46 - 00293392 _____ () C:\Users\User\AppData\Roaming\Dropbox\bin\EnterpriseDataAdapter.dll 2016-06-25 19:12 - 2016-06-13 22:13 - 00084280 _____ () C:\Users\User\AppData\Roaming\Dropbox\bin\dropbox_sqlite_ext.DLL 2016-06-25 19:12 - 2016-06-13 22:13 - 01826096 _____ () C:\Users\User\AppData\Roaming\Dropbox\bin\PyQt5.QtCore.pyd 2016-06-25 19:12 - 2016-05-25 19:04 - 00083912 _____ () C:\Users\User\AppData\Roaming\Dropbox\bin\sip.pyd 2016-06-25 19:12 - 2016-06-13 22:13 - 03928880 _____ () C:\Users\User\AppData\Roaming\Dropbox\bin\PyQt5.QtWidgets.pyd 2016-06-25 19:12 - 2016-06-13 22:13 - 01971504 _____ () C:\Users\User\AppData\Roaming\Dropbox\bin\PyQt5.QtGui.pyd 2016-06-25 19:12 - 2016-06-13 22:13 - 00531248 _____ () C:\Users\User\AppData\Roaming\Dropbox\bin\PyQt5.QtNetwork.pyd 2016-06-25 19:12 - 2016-06-13 22:13 - 00132912 _____ () C:\Users\User\AppData\Roaming\Dropbox\bin\PyQt5.QtWebKit.pyd 2016-06-25 19:12 - 2016-06-13 22:13 - 00223544 _____ () C:\Users\User\AppData\Roaming\Dropbox\bin\PyQt5.QtWebKitWidgets.pyd 2016-06-25 19:12 - 2016-06-13 22:13 - 00207672 _____ () C:\Users\User\AppData\Roaming\Dropbox\bin\PyQt5.QtPrintSupport.pyd 2016-06-25 19:12 - 2016-05-25 19:05 - 00060880 _____ () C:\Users\User\AppData\Roaming\Dropbox\bin\win32print.pyd 2016-06-25 19:12 - 2016-06-13 22:13 - 00025928 _____ () C:\Users\User\AppData\Roaming\Dropbox\bin\windisplaytoast.compiled._DisplayToast.pyd 2016-06-25 19:12 - 2016-06-13 22:13 - 00024904 _____ () C:\Users\User\AppData\Roaming\Dropbox\bin\_cffi_wpad_proxy_win_x752e3d61xdcfdcc84.pyd 2016-06-25 19:12 - 2016-06-13 22:13 - 00546096 _____ () C:\Users\User\AppData\Roaming\Dropbox\bin\PyQt5.QtQuick.pyd 2016-06-25 19:12 - 2016-06-13 22:13 - 00357680 _____ () C:\Users\User\AppData\Roaming\Dropbox\bin\PyQt5.QtQml.pyd 2015-03-15 12:14 - 2016-07-09 21:23 - 01741936 _____ () C:\Users\User\AppData\Roaming\Spotify\libglesv2.dll 2015-03-15 12:14 - 2016-07-09 21:23 - 00087664 _____ () C:\Users\User\AppData\Roaming\Spotify\libegl.dll 2013-02-25 22:16 - 2012-06-25 19:41 - 01198912 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\ACE.dll 2016-06-26 21:54 - 2016-06-15 11:15 - 01745560 _____ () C:\Program Files (x86)\Google\Chrome\Application\51.0.2704.103\libglesv2.dll 2016-06-26 21:54 - 2016-06-15 11:15 - 00091288 _____ () C:\Program Files (x86)\Google\Chrome\Application\51.0.2704.103\libegl.dll ==================== Alternate Data Streams (Nicht auf der Ausnahmeliste) ========= (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird nur der ADS entfernt.) AlternateDataStreams: C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Facebook.website:TASKICON_0news-1751121550 [2302] AlternateDataStreams: C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Facebook.website:TASKICON_1messages-431041656 [2302] AlternateDataStreams: C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Facebook.website:TASKICON_2events-250898981 [2302] AlternateDataStreams: C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Facebook.website:TASKICON_3friends-215113587 [2302] ==================== Abgesicherter Modus (Nicht auf der Ausnahmeliste) =================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Der Wert "AlternateShell" wird wiederhergestellt.) ==================== Verknüpfungen (Nicht auf der Ausnahmeliste) =============== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt.) ==================== Internet Explorer Vertrauenswürdig/Eingeschränkt =============== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt.) ==================== Hosts Inhalt: =============================== (Wenn benötigt kann der Hosts: Schalter in die Fixlist aufgenommen werden um die Hosts Datei zurückzusetzen.) 2013-08-22 15:25 - 2013-08-22 15:25 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts ==================== Andere Bereiche ============================ (Aktuell gibt es keinen automatisierten Fix für diesen Bereich.) HKU\S-1-5-21-3611015324-1233358662-1118214824-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\User\Pictures\Siebenbürgen 2015\IMG_02003.jpg DNS Servers: 192.168.2.1 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1) Windows Firewall ist aktiviert. ==================== MSCONFIG/TASK MANAGER Deaktivierte Einträge == (Aktuell gibt es keinen automatisierten Fix für diesen Bereich.) ==================== Firewall Regeln (Nicht auf der Ausnahmeliste) =============== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.) FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139 FirewallRules: [UDP Query User{9B1E7277-4BFD-4DD7-8303-962623CB6EB5}C:\users\user\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\user\appdata\roaming\spotify\spotify.exe FirewallRules: [TCP Query User{773F2A44-36C6-4417-94B5-5B1FC8F1C298}C:\users\user\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\user\appdata\roaming\spotify\spotify.exe FirewallRules: [{96C2283B-8374-437E-97F5-5050E9B84A97}] => (Allow) C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManager.exe FirewallRules: [{54EF1D26-1E67-4317-862F-5309CF19152C}] => (Allow) C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe FirewallRules: [{B59D6F63-526A-43F7-AC5A-68F2144DCFEA}] => (Allow) C:\Program Files (x86)\NTI\Acer Backup Manager\FileExplorer.exe FirewallRules: [{D5236F86-10B2-4DDA-8EDD-B023119EBE34}] => (Allow) C:\Program Files (x86)\Spotify\spotify.exe FirewallRules: [{11D9DA99-C805-4852-8BF2-B36C762B8F73}] => (Allow) C:\Program Files (x86)\Spotify\spotify.exe FirewallRules: [{FAF3A736-C37D-4C29-9548-227FF6C94287}] => (Allow) C:\Program Files (x86)\Spotify\Data\SpotifyWebHelper.exe FirewallRules: [{2B2B1051-4F4D-4DAC-850A-62F4098F5E98}] => (Allow) C:\Program Files (x86)\Spotify\Data\SpotifyWebHelper.exe FirewallRules: [{2771C4AE-B350-434C-89F3-F57EB05886C3}] => (Allow) C:\Program Files (x86)\Acer\clear.fi Media\DMCDaemon.exe FirewallRules: [{417E4361-F343-448F-BBEC-917DC1BAC4FB}] => (Allow) C:\Program Files (x86)\Acer\clear.fi Media\DMCDaemon.exe FirewallRules: [{76F5C8E9-38C6-41C8-8A5C-F4AB72C7D8B1}] => (Allow) C:\Program Files (x86)\Acer\clear.fi Media\WindowsUpnpMV.exe FirewallRules: [{EB75F31C-A31F-4BBF-A5F7-77D58F1D9B93}] => (Allow) C:\Program Files (x86)\Acer\clear.fi Media\WindowsUpnpMV.exe FirewallRules: [{AA866918-7B11-46F1-8488-97B4B5A0BE40}] => (Allow) C:\Program Files (x86)\Acer\clear.fi SDK21\Video\VideoPlayer.exe FirewallRules: [{144B3A14-2267-4B15-8BDB-AC560466B11F}] => (Allow) C:\Program Files (x86)\Acer\clear.fi SDK21\Video\MusicPlayer.exe FirewallRules: [{EA27E55B-F7C2-4E7A-8F5D-A0D909E6699D}] => (Allow) C:\Program Files (x86)\Acer\clear.fi SDK21\Movie\PlayMovie.exe FirewallRules: [{966DEE37-7559-47E6-BAFE-B4E475E4223C}] => (Allow) C:\Program Files (x86)\Acer\clear.fi Photo\DMCDaemon.exe FirewallRules: [{BDFAFE0F-D1F6-4F31-9E9A-FDC3DDBD636A}] => (Allow) C:\Program Files (x86)\Acer\clear.fi Photo\DMCDaemon.exe FirewallRules: [{DD15B78B-2A0C-4950-9E26-47BF70B7B234}] => (Allow) C:\Program Files (x86)\Acer\clear.fi Photo\WindowsUpnp.exe FirewallRules: [{8058F124-7909-4CD3-8759-4701CB4F8286}] => (Allow) C:\Program Files (x86)\Acer\clear.fi Photo\WindowsUpnp.exe FirewallRules: [{CCF4447E-405E-474F-8DD4-EACA156FEDA2}] => (Allow) C:\Program Files (x86)\Acer\Acer Cloud\ccd.exe FirewallRules: [{3C32AD3C-62FB-46AC-ADF3-E210035BFD9A}] => (Allow) C:\Program Files (x86)\Acer\Acer Cloud\ccd.exe FirewallRules: [{B6BE5BF4-5653-495F-BB1C-6902027DC6EE}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe FirewallRules: [{53437C13-1965-44C9-A358-4801611A8816}] => (Allow) C:\Users\User\AppData\Roaming\Dropbox\bin\Dropbox.exe FirewallRules: [{A43624FC-0DB3-4E38-9684-A6DD702E6050}] => (Allow) C:\Users\User\AppData\Roaming\Dropbox\bin\Dropbox.exe FirewallRules: [{3286A1A7-19C4-43C6-AA4E-BF999B5B1FCC}] => (Allow) C:\Users\User\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe FirewallRules: [{DDE47F77-69CF-4B3C-95D7-714CB37A7639}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe FirewallRules: [{02D1C326-A15D-437E-B8E1-CDDEDF6A8110}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe FirewallRules: [{ACC0EB37-4D0E-4AF9-90CF-9B01C9630E12}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe FirewallRules: [{E115DAD5-B26A-473A-A7EB-9AF9DA73C6F8}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe FirewallRules: [{824E169B-5919-4D82-90A2-B3F13887E35B}] => (Allow) C:\Program Files (x86)\iTunes\iTunes.exe FirewallRules: [{8870D4F0-FEF5-4832-9174-3149C493FEB3}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe FirewallRules: [TCP Query User{FDB90C13-0B30-4E36-8E9C-4C214CF4762E}C:\program files (x86)\symantec\norton online backup\nobuclient.exe] => (Allow) C:\program files (x86)\symantec\norton online backup\nobuclient.exe FirewallRules: [UDP Query User{062D87E8-1575-4EA9-BC3E-6A3C7325E376}C:\program files (x86)\symantec\norton online backup\nobuclient.exe] => (Allow) C:\program files (x86)\symantec\norton online backup\nobuclient.exe ==================== Wiederherstellungspunkte ========================= 29-03-2016 18:12:31 Windows Update 14-04-2016 21:32:51 Windows Update 14-04-2016 21:34:18 Windows Update 30-06-2016 17:47:47 Windows Update 30-06-2016 17:48:51 Windows Update ==================== Fehlerhafte Geräte im Gerätemanager ============= ==================== Fehlereinträge in der Ereignisanzeige: ========================= Applikationsfehler: ================== Error: (07/11/2016 03:02:30 PM) (Source: Application Hang) (EventID: 1002) (User: ) Description: Programm FRST64.exe, Version 9.7.2016.0 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Systemsteuerung "Sicherheit und Wartung", um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: 2870 Startzeit: 01d1db7442d7f1ea Beendigungszeit: 45 Anwendungspfad: C:\Users\User\Desktop\FRST64.exe Berichts-ID: b77bb435-4767-11e6-beb9-208984614fb3 Vollständiger Name des fehlerhaften Pakets: Auf das fehlerhafte Paket bezogene Anwendungs-ID: Error: (07/11/2016 03:00:50 PM) (Source: Application Hang) (EventID: 1002) (User: ) Description: Programm FRST64.exe, Version 9.7.2016.0 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Systemsteuerung "Sicherheit und Wartung", um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: 149c Startzeit: 01d1db742172e1e1 Beendigungszeit: 27 Anwendungspfad: C:\Users\User\Desktop\FRST64.exe Berichts-ID: 7c3d5e05-4767-11e6-beb9-208984614fb3 Vollständiger Name des fehlerhaften Pakets: Auf das fehlerhafte Paket bezogene Anwendungs-ID: Error: (07/11/2016 01:30:21 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledSPRetry 89735235 Error: (07/11/2016 01:30:21 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledEvent 89735235 Error: (07/11/2016 01:30:21 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: Continuously busy for more than a second Error: (07/11/2016 01:30:19 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledSPRetry 89733954 Error: (07/11/2016 01:30:19 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledEvent 89733954 Error: (07/11/2016 01:30:19 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: Continuously busy for more than a second Error: (07/11/2016 01:30:18 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledSPRetry 89732313 Error: (07/11/2016 01:30:18 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledEvent 89732313 Systemfehler: ============= Error: (07/11/2016 02:54:53 PM) (Source: DCOM) (EventID: 10010) (User: NT-AUTORITÄT) Description: {784E29F4-5EBE-4279-9948-1E8FE941646D} Error: (07/11/2016 02:48:56 PM) (Source: Service Control Manager) (EventID: 7009) (User: ) Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Synchronisierungshost_48cd5 erreicht. Error: (07/11/2016 02:48:56 PM) (Source: Service Control Manager) (EventID: 7009) (User: ) Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Benutzerdatenspeicher _48cd5 erreicht. Error: (07/11/2016 02:48:56 PM) (Source: Service Control Manager) (EventID: 7032) (User: ) Description: Der Versuch des Dienststeuerungs-Managers, nach dem unerwarteten Beenden des Dienstes "Benutzerdatenspeicher _48cd5" Korrekturmaßnahmen (Neustart des Diensts) durchzuführen, ist fehlgeschlagen. Fehler: %%1056 = Es wird bereits eine Instanz des Dienstes ausgeführt. Error: (07/11/2016 02:48:48 PM) (Source: DCOM) (EventID: 10010) (User: ACER) Description: {0002DF02-0000-0000-C000-000000000046} Error: (07/11/2016 02:48:46 PM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: Der Dienst "Benutzerdatenzugriff_48cd5" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 10000 Millisekunden durchgeführt: Neustart des Diensts. Error: (07/11/2016 02:48:46 PM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: Der Dienst "Benutzerdatenspeicher _48cd5" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 10000 Millisekunden durchgeführt: Neustart des Diensts. Error: (07/11/2016 02:48:46 PM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: Der Dienst "Kontaktdaten_48cd5" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 10000 Millisekunden durchgeführt: Neustart des Diensts. Error: (07/11/2016 02:48:46 PM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: Der Dienst "Synchronisierungshost_48cd5" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 10000 Millisekunden durchgeführt: Neustart des Diensts. Error: (07/11/2016 02:48:44 PM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT) Description: AnwendungsspezifischLokalAktivierung{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT-AUTORITÄTSYSTEMS-1-5-18LocalHost (unter Verwendung von LRPC)Nicht verfügbarNicht verfügbar CodeIntegrity: =================================== Date: 2016-07-09 21:20:49.728 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system. Date: 2016-07-01 21:19:04.505 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system. Date: 2016-05-02 21:54:39.363 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system. Date: 2016-04-17 17:07:49.745 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system. Date: 2016-03-30 17:54:46.136 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system. Date: 2016-03-25 21:43:53.666 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system. Date: 2016-03-25 17:33:18.319 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system. Date: 2016-03-07 10:16:18.949 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system. Date: 2016-02-14 11:53:39.288 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system. Date: 2016-02-12 18:53:27.940 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system. ==================== Speicherinformationen =========================== Prozessor: Intel(R) Pentium(R) CPU B960 @ 2.20GHz Prozentuale Nutzung des RAM: 70% Installierter physikalischer RAM: 3909.28 MB Verfügbarer physikalischer RAM: 1159.35 MB Summe virtueller Speicher: 43909.28 MB Verfügbarer virtueller Speicher: 40858.43 MB ==================== Laufwerke ================================ Drive c: (Acer) (Fixed) (Total:445.75 GB) (Free:337.5 GB) NTFS Drive e: (USB DISK) (Removable) (Total:7.49 GB) (Free:2.61 GB) FAT32 Drive f: (CANON_DC) (Removable) (Total:14.83 GB) (Free:14.16 GB) FAT32 ==================== MBR & Partitionstabelle ================== ======================================================== Disk: 0 (Size: 465.8 GB) (Disk ID: 30487FA9) Partition: GPT. ======================================================== Disk: 1 (Size: 14.8 GB) (Disk ID: 00000000) Partition: GPT. ======================================================== Disk: 2 (MBR Code: Windows XP) (Size: 7.5 GB) (Disk ID: C3072E18) Partition 1: (Not Active) - (Size=7.5 GB) - (Type=0B) ==================== Ende von Addition.txt ============================ |
11.07.2016, 17:58 | #8 |
/// TB-Ausbilder /// Anleitungs-Guru | "mytrustsearch"- was ist das? Jetzt bitte Suchscan durchführen: Schritt 1 ESET Online Scanner
__________________ Gruß deeprybka Lob, Kritik, Wünsche? Spende fürs trojaner-board? _______________________________________________ „Neminem laede, immo omnes, quantum potes, iuva.“ Arthur Schopenhauer |
31.07.2016, 20:44 | #9 |
| log.txtCode:
ATTFilter ESETSmartInstaller@High as downloader log: all ok # product=EOS # version=8 # OnlineScannerApp.exe=1.0.0.1 # EOSSerial=287e982b6221fc4a958565c3959c3953 # end=init # utc_time=2016-07-18 07:59:00 # local_time=2016-07-18 09:59:00 (+0100, Mitteleuropäische Sommerzeit) # country="Germany" # osver=6.2.9200 NT Update Init Update Download Update Finalize Updated modules version: 30147 # product=EOS # version=8 # OnlineScannerApp.exe=1.0.0.1 # EOSSerial=287e982b6221fc4a958565c3959c3953 # end=updated # utc_time=2016-07-18 08:11:03 # local_time=2016-07-18 10:11:03 (+0100, Mitteleuropäische Sommerzeit) # country="Germany" # osver=6.2.9200 NT # product=EOS # version=8 # OnlineScannerApp.exe=1.0.0.1 # OnlineScanner.ocx=1.0.0.7777 # api_version=3.1.1 # EOSSerial=287e982b6221fc4a958565c3959c3953 # engine=30147 # end=finished # remove_checked=false # archives_checked=true # unwanted_checked=true # unsafe_checked=false # antistealth_checked=true # utc_time=2016-07-19 12:34:17 # local_time=2016-07-19 02:34:17 (+0100, Mitteleuropäische Sommerzeit) # country="Germany" # lang=1031 # osver=6.2.9200 NT # compatibility_mode_1='' # compatibility_mode=3589 16777213 100 57 747718 231485042 0 0 # compatibility_mode_1='' # compatibility_mode=5893 16776574 100 94 22661945 22702600 0 0 # scanned=267046 # found=3 # cleaned=0 # scan_time=15792 sh=0947B4319525051A9313D28468D550AEFA94A3FE ft=1 fh=4b441a6fb1fc6f64 vn="Variante von Win32/WebBar.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\FileQuarantine\C\Users\User\AppData\Roaming\RPEng\98C2B80BEE7E4EF1A94B3A5F8000F457\Web_Bar_Setup_2.0.5718.19210_3e16a056d.exe.vir" sh=29CDD17472E48F14AAF4E051027C28177E8CAD0A ft=0 fh=0000000000000000 vn="JS/Adware.InterYield.A Anwendung" ac=I fn="C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Cache\f_009854" sh=6CA18D8D116E0C0C20175DBD898166B7838F50EA ft=1 fh=c71c0011d61cf2a7 vn="Variante von Win32/WebBar.A evtl. unerwünschte Anwendung" ac=I fn="C:\Users\User\AppData\Local\Temp\isdkuaGxyt2J\ISightSDK.dll" |
01.08.2016, 19:59 | #10 |
/// TB-Ausbilder /// Anleitungs-Guru | "mytrustsearch"- was ist das? Gibt es jetzt noch Probleme mit dem PC? Wenn ja, welche? Schritt 1 Bitte starte FRST erneut, markiere auch die checkbox und drücke auf Untersuchen. Bitte poste mir den Inhalt der beiden Logs die erstellt werden.
__________________ Gruß deeprybka Lob, Kritik, Wünsche? Spende fürs trojaner-board? _______________________________________________ „Neminem laede, immo omnes, quantum potes, iuva.“ Arthur Schopenhauer |
02.08.2016, 20:24 | #11 |
| "mytrustsearch"- was ist das? Hallo, Chrome ist leider immer noch voller unerwünschter Werbetabs und mytrustsearch ist immer noch da. Norton meldet "großen ausgehenden Datenverkehr" und möchte den Norton Power Eraser anwenden. Das habe ich vor ein paar Wochen mal gemacht, hat aber nichts wirklich geändert. Code:
ATTFilter Untersuchungsergebnis von Farbar Recovery Scan Tool (FRST) (x64) Version: 27-07-2016 durchgeführt von User (Administrator) auf ACER (02-08-2016 21:17:08) Gestartet von C:\Users\User\Desktop Geladene Profile: User (Verfügbare Profile: User) Platform: Windows 10 Home Version 1511 (X64) Sprache: Deutsch (Deutschland) Internet Explorer Version 11 (Standard-Browser: Edge) Start-Modus: Normal Anleitung für Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Prozesse (Nicht auf der Ausnahmeliste) ================= (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Prozess geschlossen. Die Datei wird nicht verschoben.) (Broadcom Corp.) C:\Program Files\Broadcom\MemoryCard\BrcmCardReader.exe (Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Acer Incorporated) C:\Program Files (x86)\Acer\Acer Cloud\CCDMonitorService.exe (Dritek System Inc.) C:\Program Files (x86)\Launch Manager\dsiwmis.exe (Symantec Corporation) C:\Program Files (x86)\Norton 360\Engine\22.7.0.76\n360.exe (Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe (Dritek System INC.) C:\Windows\RfBtnSvc64.exe (NTI Corporation) C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe (Symantec Corporation) C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe (Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LMutilps32.exe (Malwarebytes) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe (Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LManager.exe (Symantec Corporation) C:\Program Files (x86)\Norton 360\Engine\22.7.0.76\n360.exe (Dritek System Inc.) C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe (Intel Corporation) C:\Windows\System32\igfxext.exe (Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerTray.exe (Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe (Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe (Intel Corporation) C:\Windows\System32\hkcmd.exe (Intel Corporation) C:\Windows\System32\igfxpers.exe (CyberLink) C:\Program Files (x86)\CyberLink\MediaEspresso\DeviceDetector\DeviceDetector.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (FTweak) C:\Program Files (x86)\RAMRush\RAMRush.exe (Spotify Ltd) C:\Users\User\AppData\Roaming\Spotify\SpotifyWebHelper.exe (Spotify Ltd) C:\Users\User\AppData\Roaming\Spotify\Spotify.exe (Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe (NTI Corporation) C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe (Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\office15\onenotem.exe (Symantec Corporation) C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe (Dritek System Inc.) C:\Program Files (x86)\RadioController\RfBtnHelper.exe (Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe (Spotify Ltd) C:\Users\User\AppData\Roaming\Spotify\SpotifyCrashService.exe (Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe (Spotify Ltd) C:\Users\User\AppData\Roaming\Spotify\Spotify.exe (Spotify Ltd) C:\Users\User\AppData\Roaming\Spotify\Spotify.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Egis Technology Inc.) C:\Program Files\EgisTec IPS\PmmUpdate.exe (Egis Technology Inc.) C:\Program Files\EgisTec IPS\EgisUpdate.exe (Dropbox, Inc.) C:\Users\User\AppData\Roaming\Dropbox\bin\Dropbox.exe (Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AcroRd32.exe (Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AcroRd32.exe (Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FLA2F41.tmp (Microsoft Corporation) C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersServer.exe (Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.6965.41051.0_x64__8wekyb3d8bbwe\HxTsr.exe (Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe (Microsoft Corporation) C:\Windows\System32\browser_broker.exe (Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe (Microsoft Corporation) C:\Windows\System32\CompatTelRunner.exe (Microsoft Corporation) C:\Windows\System32\CompatTelRunner.exe (Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe (Apple Inc.) C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe (Microsoft Corporation) C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.10586.486_none_7640e086266ea227\TiWorker.exe ==================== Registry (Nicht auf der Ausnahmeliste) =========================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt. Die Datei wird nicht verschoben.) HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12503184 2012-06-11] (Realtek Semiconductor) HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [3008824 2012-11-29] (Synaptics Incorporated) HKLM-x32\...\Run: [LManager] => [X] HKLM-x32\...\Run: [RadioController] => C:\Program Files (x86)\RadioController\RfBtnHelper.exe [111216 2013-02-25] (Dritek System Inc.) HKLM-x32\...\Run: [Norton Online Backup] => C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe [2994880 2012-08-15] (Symantec Corporation) HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-02-21] (Apple Inc.) Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation) HKU\S-1-5-21-3611015324-1233358662-1118214824-1001\...\Run: [ftweak_RAMRush] => C:\Program Files (x86)\RAMRush\RAMRush.exe [670720 2009-09-17] (FTweak) HKU\S-1-5-21-3611015324-1233358662-1118214824-1001\...\Run: [Spotify Web Helper] => C:\Users\User\AppData\Roaming\Spotify\SpotifyWebHelper.exe [1553520 2016-07-09] (Spotify Ltd) HKU\S-1-5-21-3611015324-1233358662-1118214824-1001\...\Run: [Dropbox Update] => C:\Users\User\AppData\Local\Dropbox\Update\DropboxUpdate.exe [134512 2015-07-19] (Dropbox, Inc.) HKU\S-1-5-21-3611015324-1233358662-1118214824-1001\...\Run: [Spotify] => C:\Users\User\AppData\Roaming\Spotify\Spotify.exe [7003760 2016-07-09] (Spotify Ltd) HKU\S-1-5-21-3611015324-1233358662-1118214824-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [53123712 2016-05-17] (Skype Technologies S.A.) HKU\S-1-5-21-3611015324-1233358662-1118214824-1001\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\scrnsave.scr [31744 2015-10-30] (Microsoft Corporation) ShellIconOverlayIdentifiers: [ OverlayExcluded] -> {4433A54A-1AC8-432F-90FC-85F045CF383C} => C:\Program Files (x86)\Norton 360\Engine64\22.7.0.76\buShell.dll [2016-06-09] (Symantec Corporation) ShellIconOverlayIdentifiers: [ OverlayPending] -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} => C:\Program Files (x86)\Norton 360\Engine64\22.7.0.76\buShell.dll [2016-06-09] (Symantec Corporation) ShellIconOverlayIdentifiers: [ OverlayProtected] -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} => C:\Program Files (x86)\Norton 360\Engine64\22.7.0.76\buShell.dll [2016-06-09] (Symantec Corporation) ShellIconOverlayIdentifiers: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Users\User\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\amd64\FileSyncShell64.dll [2016-06-25] (Microsoft Corporation) ShellIconOverlayIdentifiers: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Users\User\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\amd64\FileSyncShell64.dll [2016-06-25] (Microsoft Corporation) ShellIconOverlayIdentifiers: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Users\User\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\amd64\FileSyncShell64.dll [2016-06-25] (Microsoft Corporation) ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\User\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll [2016-07-05] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\User\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll [2016-07-05] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\User\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll [2016-07-05] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\User\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll [2016-07-05] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Users\User\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\FileSyncShell.dll [2016-06-25] (Microsoft Corporation) ShellIconOverlayIdentifiers-x32: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Users\User\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\FileSyncShell.dll [2016-06-25] (Microsoft Corporation) ShellIconOverlayIdentifiers-x32: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Users\User\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\FileSyncShell.dll [2016-06-25] (Microsoft Corporation) ShellIconOverlayIdentifiers-x32: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\User\AppData\Roaming\Dropbox\bin\DropboxExt.34.dll [2016-07-05] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\User\AppData\Roaming\Dropbox\bin\DropboxExt.34.dll [2016-07-05] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\User\AppData\Roaming\Dropbox\bin\DropboxExt.34.dll [2016-07-05] (Dropbox, Inc.) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Acer Backup Manager Tray.lnk [2012-11-23] ShortcutTarget: Acer Backup Manager Tray.lnk -> C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe (NTI Corporation) Startup: C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\An OneNote senden.lnk [2015-03-29] ShortcutTarget: An OneNote senden.lnk -> C:\Program Files\Microsoft Office 15\root\office15\onenotem.exe (Microsoft Corporation) Startup: C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2016-07-12] ShortcutTarget: Dropbox.lnk -> C:\Users\User\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) ==================== Internet (Nicht auf der Ausnahmeliste) ==================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Eintrag entfernt oder auf den Standardwert zurückgesetzt, wenn es sich um einen Registryeintrag handelt.) Tcpip\Parameters: [DhcpNameServer] 192.168.2.1 192.168.2.1 Tcpip\..\Interfaces\{b4e57d4c-a4ec-438b-a34d-db51b489b7bb}: [DhcpNameServer] 192.168.2.1 192.168.2.1 Internet Explorer: ================== HKU\S-1-5-21-3611015324-1233358662-1118214824-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://acer13.msn.com HKU\S-1-5-21-3611015324-1233358662-1118214824-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://acer13.msn.com BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll [2014-03-11] (Microsoft Corporation) BHO: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton 360\Engine64\22.7.0.76\coIEPlg.dll [2016-05-31] (Symantec Corporation) BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL [2014-03-11] (Microsoft Corporation) BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [2014-03-11] (Microsoft Corporation) BHO: DVDVideoSoft IE Extension -> {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} -> C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns64.dll [2015-08-05] (DVDVideoSoft Ltd.) BHO-x32: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton 360\Engine\22.7.0.76\coIEPlg.dll [2016-05-31] (Symantec Corporation) BHO-x32: Norton Vulnerability Protection -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> C:\Program Files (x86)\Norton 360\Engine\20.6.0.27\IPS\IPSBHO.DLL => Keine Datei BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL [2014-03-11] (Microsoft Corporation) Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine64\22.7.0.76\coIEPlg.dll [2016-05-31] (Symantec Corporation) Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine\22.7.0.76\coIEPlg.dll [2016-05-31] (Symantec Corporation) Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2014-03-11] (Microsoft Corporation) FireFox: ======== FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-02-20] () FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-06-07] (Intel Corporation) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-06-07] (Intel Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2014-03-11] (Microsoft Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-31] (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-31] (Google Inc.) FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll [2012-05-12] () FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2016-04-23] (Adobe Systems Inc.) FF HKLM\...\Firefox\Extensions: [{C1A2A613-35F1-4FCF-B27F-2840527B6556}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_22.5.2.15\coFFAddon FF Extension: Norton Identity Safe - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_22.5.2.15\coFFAddon [2016-07-09] FF HKLM-x32\...\Firefox\Extensions: [{C1A2A613-35F1-4FCF-B27F-2840527B6556}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_22.5.2.15\coFFAddon FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK => nicht gefunden Chrome: ======= CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\51.0.2704.103\PepperFlash\pepflashplayer.dll () CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\51.0.2704.103\ppGoogleNaClPluginChrome.dll => Keine Datei CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\51.0.2704.103\pdf.dll => Keine Datei CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll => Keine Datei CHR Plugin: (Intel® Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation) CHR Plugin: (Intel® Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation) CHR Profile: C:\Users\User\AppData\Local\Google\Chrome\User Data\Default CHR Extension: (Google Drive) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-29] CHR Extension: (YouTube) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-25] CHR Extension: (Ecosia - Die Suchmaschine, die Bäume pflanzt) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\clellnciejhoedgepbdilbkdkaoecgpc [2015-10-17] CHR Extension: (Google-Suche) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-11-02] CHR Extension: (youTubeRate) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\flcfhacaaadijbnjaopcdijigenfpjjm [2016-07-09] CHR Extension: (Google Docs Offline) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-27] CHR Extension: (Norton Identity Safe) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\iikflkcanblccfahdhdonehdalibjnif [2014-12-16] CHR Extension: (Chrome Web Store-Zahlungen) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-05-06] CHR Extension: (Google Mail) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-29] CHR HKLM\...\Chrome\Extension: [cjabmdjcfcfdmffimndhafhblfmpjdpe] - C:\Program Files (x86)\Norton 360\Engine\22.7.0.76\Exts\Chrome.crx [2016-07-09] CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx CHR HKLM-x32\...\Chrome\Extension: [cjabmdjcfcfdmffimndhafhblfmpjdpe] - C:\Program Files (x86)\Norton 360\Engine\22.7.0.76\Exts\Chrome.crx [2016-07-09] CHR HKLM-x32\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx ==================== Dienste (Nicht auf der Ausnahmeliste) ======================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.) R2 BrcmCardReader; C:\Program Files\Broadcom\MemoryCard\BrcmCardReader.exe [176640 2012-08-20] (Broadcom Corp.) [Datei ist nicht signiert] R2 CCDMonitorService; C:\Program Files (x86)\Acer\Acer Cloud\CCDMonitorService.exe [2449552 2012-10-25] (Acer Incorporated) R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2169016 2014-01-02] (Microsoft Corporation) S3 DeviceFastLaneService; C:\Program Files\Acer\Acer Device Fast-lane\DeviceFastLaneSvc.exe [469648 2012-11-17] (Acer Incorporated) R3 ePowerSvc; C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe [658064 2012-10-23] (Acer Incorporated) R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [165760 2012-07-18] (Intel Corporation) R2 N360; C:\Program Files (x86)\Norton 360\Engine\22.7.0.76\N360.exe [289080 2016-06-17] (Symantec Corporation) R2 NOBU; C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [3943104 2012-08-15] (Symantec Corporation) R2 NTI IScheduleSvc; C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe [259136 2012-11-03] (NTI Corporation) R2 RfButtonDriverService; C:\Windows\RfBtnSvc64.exe [96880 2013-02-25] (Dritek System INC.) S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [364464 2015-10-30] (Microsoft Corporation) S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2015-10-30] (Microsoft Corporation) ===================== Treiber (Nicht auf der Ausnahmeliste) ========================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.) R3 BCM43XX; C:\Windows\system32\DRIVERS\bcmwl63a.sys [7585280 2015-10-30] (Broadcom Corporation) R1 BHDrvx64; C:\Program Files (x86)\Norton 360\NortonData\22.5.2.15\Definitions\BASHDefs\20160718.001\BHDrvx64.sys [1832176 2016-05-12] (Symantec Corporation) R1 ccSet_N360; C:\Windows\system32\drivers\N360x64\1607000.04C\ccSetx64.sys [174328 2016-06-02] (Symantec Corporation) R1 ccSet_NARA; C:\Windows\system32\drivers\NARAx64\0401000.00E\ccSetx64.sys [168608 2012-05-26] (Symantec Corporation) R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [497392 2016-05-06] (Symantec Corporation) R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [156912 2016-06-25] (Symantec Corporation) R1 IDSVia64; C:\Program Files (x86)\Norton 360\NortonData\22.5.2.15\Definitions\IPSDefs\20160729.001\IDSvia64.sys [876760 2016-07-09] (Symantec Corporation) R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [192216 2016-07-20] (Malwarebytes) R3 Ps2Kb2Hid; C:\Windows\System32\drivers\aPs2Kb2Hid.sys [26736 2013-02-25] (Dritek System Inc.) S3 SipIMNDI; C:\Windows\system32\DRIVERS\SipIMNDI64.sys [28192 2009-10-15] (T-Systems International GmbH) R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [31032 2012-11-29] (Synaptics Incorporated) R1 SRTSP; C:\Windows\System32\Drivers\N360x64\1607000.04C\SRTSP64.SYS [773360 2016-07-02] (Symantec Corporation) R1 SRTSPX; C:\Windows\system32\drivers\N360x64\1607000.04C\SRTSPX64.SYS [48888 2016-06-02] (Symantec Corporation) R0 SymEFASI; C:\Windows\System32\drivers\N360x64\1607000.04C\SYMEFASI64.SYS [1627352 2016-06-02] (Symantec Corporation) S0 SymELAM; C:\Windows\System32\drivers\N360x64\1607000.04C\SymELAM.sys [24192 2015-07-11] (Symantec Corporation) R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [101112 2016-07-09] (Symantec Corporation) R1 SymIRON; C:\Windows\system32\drivers\N360x64\1607000.04C\Ironx64.SYS [291056 2016-06-02] (Symantec Corporation) R1 SymNetS; C:\Windows\System32\Drivers\N360x64\1607000.04C\SYMNETS.SYS [567536 2016-06-02] (Symantec Corporation) S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44568 2015-10-30] (Microsoft Corporation) S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [293216 2015-10-30] (Microsoft Corporation) S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [118112 2015-10-30] (Microsoft Corporation) S3 NAVENG; \??\C:\Program Files (x86)\Norton 360\NortonData\22.5.2.15\Definitions\SDSDefs\20160708.008\ENG64.SYS [X] S3 NAVEX15; \??\C:\Program Files (x86)\Norton 360\NortonData\22.5.2.15\Definitions\SDSDefs\20160708.008\EX64.SYS [X] ==================== NetSvcs (Nicht auf der Ausnahmeliste) =================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.) ==================== Ein Monat: Erstellte Dateien und Ordner ======== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.) 2016-08-02 21:17 - 2016-08-02 21:17 - 00023890 _____ C:\Users\User\Desktop\FRST.txt 2016-07-18 21:58 - 2016-07-18 21:58 - 00000000 ____D C:\Program Files (x86)\ESET 2016-07-18 21:55 - 2016-07-18 21:58 - 01768944 _____ C:\Users\User\Downloads\esetsmartinstaller_deu (1).exe.bxlm4ds.partial 2016-07-18 21:53 - 2016-07-18 21:55 - 02870984 _____ (ESET) C:\Users\User\Downloads\esetsmartinstaller_deu.exe 2016-07-12 10:07 - 2016-07-12 10:07 - 00000000 ____D C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox 2016-07-12 09:50 - 2016-07-12 09:50 - 02302063 _____ C:\Users\User\Documents\Kathrin_Eckardt_Reifezeugnis.pdf 2016-07-11 20:50 - 2016-07-11 20:50 - 00046129 _____ C:\Users\User\Downloads\Report88a9e64f-a6e1-4937-9285-22b4822389f3.pdf 2016-07-11 15:48 - 2016-07-11 15:48 - 00036548 _____ C:\Users\User\Downloads\Outlook.com.zip 2016-07-11 15:41 - 2016-07-11 15:41 - 00070114 _____ C:\Users\User\Documents\Antrag_Marburg.pdf 2016-07-11 15:38 - 2016-07-11 15:38 - 00070114 _____ C:\Users\User\Downloads\Antragsformular_20160711-153747_.pdf 2016-07-11 15:05 - 2016-08-02 21:16 - 00000000 ____D C:\Users\User\Desktop\FRST-OlderVersion 2016-07-11 14:57 - 2016-07-11 14:57 - 00001491 _____ C:\Users\User\Desktop\mbam.txt 2016-07-11 13:59 - 2016-07-20 17:11 - 00192216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys 2016-07-11 13:59 - 2016-07-11 13:59 - 00001179 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2016-07-11 13:59 - 2016-07-11 13:59 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 2016-07-11 13:59 - 2016-07-11 13:59 - 00000000 ____D C:\ProgramData\Malwarebytes 2016-07-11 13:59 - 2016-07-11 13:59 - 00000000 ____D C:\Program Files (x86)\ Malwarebytes Anti-Malware 2016-07-11 13:59 - 2016-03-10 14:09 - 00065408 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys 2016-07-11 13:59 - 2016-03-10 14:08 - 00140672 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamchameleon.sys 2016-07-11 13:59 - 2016-03-10 14:08 - 00027008 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys 2016-07-11 13:55 - 2016-07-11 13:58 - 22851472 _____ (Malwarebytes ) C:\Users\User\Downloads\mbam-setup-2.2.1.1043.exe 2016-07-11 13:39 - 2016-07-11 13:45 - 00000000 ____D C:\AdwCleaner 2016-07-11 13:38 - 2016-07-11 13:39 - 03712064 _____ C:\Users\User\Desktop\AdwCleaner_5.201.exe 2016-07-11 06:47 - 2016-07-11 15:49 - 00036396 _____ C:\Users\User\Documents\Uni_Bochum_Best,.pdf 2016-07-10 11:16 - 2016-08-02 21:17 - 00000000 ____D C:\FRST 2016-07-10 11:15 - 2016-07-10 11:15 - 01740288 _____ (Farbar) C:\Users\User\Downloads\FRST.exe 2016-07-10 11:13 - 2016-08-02 21:16 - 02394112 _____ (Farbar) C:\Users\User\Desktop\FRST64.exe 2016-07-10 10:08 - 2016-07-19 14:25 - 03618856 _____ (Facebook Inc.) C:\Users\User\Downloads\ESET_T1051715071531367T_.exe 2016-07-09 21:26 - 2016-07-19 12:31 - 00000000 ____D C:\WINDOWS\System32\Tasks\Norton 360 2016-07-09 21:20 - 2016-07-09 21:20 - 00003376 _____ C:\WINDOWS\System32\Tasks\Norton WSC Integration 2016-07-09 21:20 - 2016-07-09 21:20 - 00002318 _____ C:\Users\Public\Desktop\Norton 360.lnk 2016-07-09 21:10 - 2016-07-09 22:07 - 00000000 ____D C:\Users\User\AppData\Local\NPE 2016-07-09 20:58 - 2016-07-09 20:58 - 00079905 _____ C:\Users\User\Downloads\WiSe 2016-17 Zulassungsantrag Inländer.pdf ==================== Ein Monat: Geänderte Dateien und Ordner ======== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.) 2016-08-02 21:17 - 2014-07-30 11:39 - 00000000 ____D C:\Users\User\AppData\Roaming\Spotify 2016-08-02 21:16 - 2015-10-30 09:24 - 00000000 ____D C:\WINDOWS\AppReadiness 2016-08-02 21:16 - 2014-11-11 21:15 - 00004148 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{DCD59A3D-4FFF-4314-8D40-5076CE6C6899} 2016-08-02 21:14 - 2013-08-26 13:09 - 00001128 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job 2016-07-31 23:15 - 2015-10-30 09:24 - 00000000 ___HD C:\Program Files\WindowsApps 2016-07-31 22:59 - 2015-07-19 15:48 - 00001230 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskUserS-1-5-21-3611015324-1233358662-1118214824-1001UA.job 2016-07-31 22:29 - 2016-03-25 22:51 - 00000000 ____D C:\WINDOWS\System32\Tasks\Remediation 2016-07-31 22:14 - 2013-08-26 13:09 - 00001124 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job 2016-07-31 22:09 - 2013-08-26 13:09 - 00004186 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA 2016-07-31 22:09 - 2013-08-26 13:09 - 00003954 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore 2016-07-31 21:33 - 2014-07-30 11:40 - 00000000 ____D C:\Users\User\AppData\Local\Spotify 2016-07-31 21:33 - 2013-08-26 22:03 - 00000000 ____D C:\Users\User\AppData\Roaming\Skype 2016-07-19 14:59 - 2015-07-19 15:47 - 00001178 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskUserS-1-5-21-3611015324-1233358662-1118214824-1001Core.job 2016-07-19 03:54 - 2015-10-30 09:24 - 00000000 ____D C:\WINDOWS\rescache 2016-07-19 03:12 - 2013-12-18 17:28 - 00000000 ____D C:\Users\User\AppData\Local\CrashDumps 2016-07-18 22:45 - 2015-10-30 09:11 - 00000000 ____D C:\WINDOWS\CbsTemp 2016-07-18 22:45 - 2013-08-26 15:50 - 00000000 ____D C:\WINDOWS\system32\MRT 2016-07-18 22:25 - 2013-08-26 15:50 - 144749672 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe 2016-07-18 21:57 - 2014-11-11 21:16 - 00000000 __SHD C:\Users\User\AppData\LocalLow\EmieUserList 2016-07-18 21:57 - 2014-11-11 21:15 - 00000000 __SHD C:\Users\User\AppData\LocalLow\EmieSiteList 2016-07-12 10:08 - 2013-10-13 16:28 - 00000000 ___RD C:\Users\User\Dropbox 2016-07-12 10:07 - 2013-10-13 16:25 - 00000000 ____D C:\Users\User\AppData\Roaming\Dropbox 2016-07-11 14:50 - 2015-12-19 20:16 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT 2016-07-11 14:49 - 2015-10-30 09:24 - 00000000 ___RD C:\WINDOWS\PurchaseDialog 2016-07-11 14:49 - 2015-10-30 08:28 - 00524288 ___SH C:\WINDOWS\system32\config\BBI 2016-07-11 13:32 - 2015-01-19 19:06 - 00004562 _____ C:\WINDOWS\System32\Tasks\Adobe Acrobat Update Task 2016-07-10 10:50 - 2015-10-30 09:24 - 00000000 ___HD C:\WINDOWS\ELAMBKUP 2016-07-09 21:31 - 2013-02-25 22:38 - 00000000 ____D C:\ProgramData\Norton 2016-07-09 21:26 - 2015-12-19 20:10 - 01799166 _____ C:\WINDOWS\system32\PerfStringBackup.INI 2016-07-09 21:26 - 2015-10-30 20:35 - 00776766 _____ C:\WINDOWS\system32\perfh007.dat 2016-07-09 21:26 - 2015-10-30 20:35 - 00155544 _____ C:\WINDOWS\system32\perfc007.dat 2016-07-09 21:26 - 2015-10-30 09:21 - 00000000 ____D C:\WINDOWS\INF 2016-07-09 21:24 - 2016-05-06 17:00 - 00000000 ___RD C:\Program Files (x86)\Skype 2016-07-09 21:24 - 2013-08-26 22:02 - 00000000 ____D C:\ProgramData\Skype 2016-07-09 21:21 - 2013-08-23 23:09 - 00000000 __RHD C:\Users\Public\AccountPictures 2016-07-09 21:20 - 2015-08-25 10:23 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton 360 2016-07-09 21:20 - 2013-08-26 14:49 - 00000000 ____D C:\WINDOWS\system32\Drivers\N360x64 2016-07-09 21:19 - 2015-12-19 19:44 - 00265464 _____ C:\WINDOWS\system32\FNTCACHE.DAT 2016-07-09 21:14 - 2015-10-30 20:44 - 00000000 ____D C:\Program Files\Windows Journal 2016-07-09 21:14 - 2015-10-30 09:24 - 00000000 ___SD C:\WINDOWS\system32\DiagSvcs 2016-07-09 21:14 - 2015-10-30 09:24 - 00000000 ____D C:\WINDOWS\system32\SystemResetPlatform 2016-07-09 21:14 - 2015-10-30 09:24 - 00000000 ____D C:\WINDOWS\system32\oobe 2016-07-09 21:14 - 2015-10-30 09:24 - 00000000 ____D C:\WINDOWS\system32\appraiser 2016-07-09 21:14 - 2015-10-30 09:24 - 00000000 ____D C:\WINDOWS\Provisioning 2016-07-09 21:14 - 2015-10-30 09:24 - 00000000 ____D C:\WINDOWS\bcastdvr 2016-07-09 21:13 - 2015-10-30 09:24 - 00015703 _____ C:\WINDOWS\system32\OEMDefaultAssociations.xml 2016-07-09 20:29 - 2015-10-30 08:28 - 00065536 ___SH C:\WINDOWS\system32\config\ELAM 2016-07-09 20:28 - 2013-08-26 14:49 - 00101112 _____ (Symantec Corporation) C:\WINDOWS\system32\Drivers\SYMEVENT64x86.SYS 2016-07-09 20:28 - 2013-08-26 14:49 - 00008270 _____ C:\WINDOWS\system32\Drivers\SYMEVENT64x86.CAT Einige Dateien in TEMP: ==================== C:\Users\User\AppData\Local\Temp\DseShExt-x64.dll C:\Users\User\AppData\Local\Temp\DseShExt-x86.dll C:\Users\User\AppData\Local\Temp\libeay32.dll C:\Users\User\AppData\Local\Temp\msvcr120.dll C:\Users\User\AppData\Local\Temp\SDShelEx-win32.dll C:\Users\User\AppData\Local\Temp\SDShelEx-x64.dll C:\Users\User\AppData\Local\Temp\sqlite3.dll C:\Users\User\AppData\Local\Temp\TUUUninstallHelper.exe ==================== Bamital & volsnap ================= (Es ist kein automatischer Fix für Dateien vorhanden, die an der Verifikation gescheitert sind.) C:\WINDOWS\system32\winlogon.exe => Datei ist digital signiert C:\WINDOWS\system32\wininit.exe => Datei ist digital signiert C:\WINDOWS\explorer.exe => Datei ist digital signiert C:\WINDOWS\SysWOW64\explorer.exe => Datei ist digital signiert C:\WINDOWS\system32\svchost.exe => Datei ist digital signiert C:\WINDOWS\SysWOW64\svchost.exe => Datei ist digital signiert C:\WINDOWS\system32\services.exe => Datei ist digital signiert C:\WINDOWS\system32\User32.dll => Datei ist digital signiert C:\WINDOWS\SysWOW64\User32.dll => Datei ist digital signiert C:\WINDOWS\system32\userinit.exe => Datei ist digital signiert C:\WINDOWS\SysWOW64\userinit.exe => Datei ist digital signiert C:\WINDOWS\system32\rpcss.dll => Datei ist digital signiert C:\WINDOWS\system32\dnsapi.dll => Datei ist digital signiert C:\WINDOWS\SysWOW64\dnsapi.dll => Datei ist digital signiert C:\WINDOWS\system32\Drivers\volsnap.sys => Datei ist digital signiert LastRegBack: 2016-07-12 21:45 ==================== Ende von FRST.txt ============================ Code:
ATTFilter Zusätzliches Untersuchungsergebnis von Farbar Recovery Scan Tool (x64) Version: 27-07-2016 durchgeführt von User (2016-08-02 21:19:22) Gestartet von C:\Users\User\Desktop Windows 10 Home Version 1511 (X64) (2015-12-20 19:29:06) Start-Modus: Normal ========================================================== ==================== Konten: ============================= Administrator (S-1-5-21-3611015324-1233358662-1118214824-500 - Administrator - Disabled) DefaultAccount (S-1-5-21-3611015324-1233358662-1118214824-503 - Limited - Disabled) Gast (S-1-5-21-3611015324-1233358662-1118214824-501 - Limited - Disabled) HomeGroupUser$ (S-1-5-21-3611015324-1233358662-1118214824-1003 - Limited - Enabled) User (S-1-5-21-3611015324-1233358662-1118214824-1001 - Administrator - Enabled) => C:\Users\User ==================== Sicherheits-Center ======================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er entfernt.) AV: Norton 360 Online (Enabled - Up to date) {53C7D717-52E2-B95E-FA61-6F32ECC805DB} AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: Norton 360 Online (Enabled - Up to date) {E8A636F3-74D8-B6D0-C0D1-5440974F4F66} FW: Norton 360 Online (Enabled) {6BFC5632-188D-B806-D13E-C607121B42A0} ==================== Installierte Programme ====================== (Nur Adware-Programme mit dem Zusatz "Hidden" können in die Fixlist aufgenommen werden, um sie sichtbar zu machen. Die Adware-Programme sollten manuell deinstalliert werden.) Acer Backup Manager (HKLM-x32\...\InstallShield_{9DDDF20E-9FD1-4434-A43E-E7889DBC9420}) (Version: 4.0.0.0071 - NTI Corporation) Acer Device Fast-lane (HKLM\...\{3F62D2FD-13C1-49A2-8B5D-47623D9460D7}) (Version: 1.00.3011 - Acer Incorporated) Acer Power Management (HKLM\...\{91F52DE4-B789-42B0-9311-A349F10E5479}) (Version: 7.00.3011 - Acer Incorporated) Acer Recovery Management (HKLM\...\{07F2005A-8CAC-4A4B-83A2-DA98A722CA61}) (Version: 6.00.3015 - Acer Incorporated) AcerCloud (HKLM-x32\...\{A5AD0B17-F34D-49BE-A157-C8B3D52ACD13}) (Version: 2.01.3125 - Acer Incorporated) AcerCloud Docs (HKLM-x32\...\{CA4FE8B0-298C-4E5D-A486-F33B126D6A0A}) (Version: 1.00.3204 - Acer Incorporated) Adobe Reader XI (11.0.16) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.16 - Adobe Systems Incorporated) Agatha Christie - Death on the Nile (x32 Version: 2.2.0.98 - WildTangent) Hidden Aloha TriPeaks (x32 Version: 2.2.0.98 - WildTangent) Hidden Apple Application Support (HKLM-x32\...\{AAC5D43E-816D-4C2D-8E51-55FFF35BE301}) (Version: 3.0.1 - Apple Inc.) Apple Mobile Device Support (HKLM\...\{787136D2-F0F8-4625-AA3F-72D7795AC842}) (Version: 7.1.1.3 - Apple Inc.) Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.) Backup Manager v4 (x32 Version: 4.0.0.0071 - NTI Corporation) Hidden Bejeweled 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.) Broadcom 802.11 Network Adapter (HKLM\...\Broadcom 802.11 Network Adapter) (Version: 6.30.59.96 - Broadcom Corporation) Broadcom Card Reader Driver Installer (HKLM\...\{F0A7DF2F-0BE0-470F-B137-D7A19F977189}) (Version: 15.4.7.1 - Broadcom Corporation) clear.fi Media (HKLM-x32\...\{E9AF1707-3F3A-49E2-8345-4F2D629D0876}) (Version: 2.01.3112 - Acer Incorporated) clear.fi Photo (HKLM-x32\...\{B5AD89F2-03D3-4206-8487-018298007DD0}) (Version: 2.01.3109 - Acer Incorporated) clear.fi SDK - Video 2 (x32 Version: 2.1.2128 - CyberLink Corp.) Hidden clear.fi SDK- Movie 2 (x32 Version: 2.1.2112 - CyberLink Corp.) Hidden CyberLink MediaEspresso 6.5 (HKLM-x32\...\InstallShield_{E3739848-5329-48E3-8D28-5BBD6E8BE384}) (Version: 6.5.3318_45364 - CyberLink Corp.) Delicious: Emily's True Love Premium Edition (x32 Version: 2.2.0.98 - WildTangent) Hidden Dritek Radio Controller (HKLM-x32\...\RadioController) (Version: 2.02.2001.0803 - Dritek System Inc.) Dropbox (HKU\S-1-5-21-3611015324-1233358662-1118214824-1001\...\Dropbox) (Version: 6.4.14 - Dropbox, Inc.) eBay Worldwide (HKLM-x32\...\{A694AF57-9891-4D62-824C-7E55A1361A14}) (Version: 2.3.0630 - OEM) ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version: - ) Free YouTube to MP3 Converter version 3.12.61.805 (HKLM-x32\...\Free YouTube to MP3 Converter_is1) (Version: 3.12.61.805 - DVDVideoSoft Ltd.) Google Chrome (HKLM-x32\...\Google Chrome) (Version: 51.0.2704.103 - Google Inc.) Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden Google Update Helper (x32 Version: 1.3.31.5 - Google Inc.) Hidden Governor of Poker 2 Premium Edition (x32 Version: 2.2.0.110 - WildTangent) Hidden Identity Card (HKLM-x32\...\{3D9CB654-99AD-4301-89C6-0D12A790767C}) (Version: 2.00.3004 - Acer Incorporated) Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1252 - Intel Corporation) Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.4229 - Intel Corporation) Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.5.4.1001 - Intel Corporation) Intel(R) SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 2.0.0.37149 - Intel Corporation) Island Tribe (x32 Version: 2.2.0.98 - WildTangent) Hidden iTunes (HKLM\...\{B8BA155B-1E75-405F-9CB4-8A99615D09DC}) (Version: 11.1.5.5 - Apple Inc.) Jewel Match 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden John Deere Drive Green (x32 Version: 2.2.0.95 - WildTangent) Hidden Launch Manager (HKLM-x32\...\LManager) (Version: 7.0.10 - Acer Inc.) Live Updater (HKLM-x32\...\{EE26E302-876A-48D9-9058-3129E5B99999}) (Version: 2.00.3006 - Acer Incorporated) Magic Academy (x32 Version: 2.2.0.98 - WildTangent) Hidden Malwarebytes Anti-Malware Version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes) Microsoft Office Home and Student 2013 - de-de (HKLM\...\HomeStudentRetail - de-de) (Version: 15.0.4420.1017 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) MyWinLocker (Version: 4.0.14.35 - Egis Technology Inc.) Hidden MyWinLocker 4 (x32 Version: 4.0.14.35 - Egis Technology Inc.) Hidden MyWinLocker Suite (HKLM-x32\...\InstallShield_{17DF9714-60C9-43C9-A9C2-32BCAED44CBE}) (Version: 4.0.14.24 - Egis Technology Inc.) MyWinLocker Suite (x32 Version: 4.0.14.24 - Egis Technology Inc.) Hidden Norton 360 Online (HKLM-x32\...\N360) (Version: 22.7.0.76 - Symantec Corporation) Norton Online Backup (HKLM-x32\...\{40A66DF6-22D3-44B5-A7D3-83B118A2C0DC}) (Version: 2.2.3.51r - Symantec Corporation) Norton Online Backup ARA (x32 Version: 4.1.0.14 - Symantec Corporation) Hidden NTI Media Maker 9 (HKLM-x32\...\InstallShield_{D3D5C4E8-040F-4C6F-8105-41D43CF94F44}) (Version: 9.0.2.9014 - NTI Corporation) NTI Media Maker 9 (x32 Version: 9.0.2.9014 - NTI Corporation) Hidden Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4420.1017 - Microsoft Corporation) Hidden Office 15 Click-to-Run Licensing Component (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4420.1017 - Microsoft Corporation) Hidden Office Addin (HKLM-x32\...\{6D2BBE1D-E600-4695-BA37-0B0E605542CC}) (Version: 2.01.3202 - Acer) Office Addin 2003 (HKLM-x32\...\{1FCC073B-CC01-4443-AD20-E559F66E6E83}) (Version: 2.01.3202 - Acer) OpenOffice 4.0.1 (HKLM-x32\...\{0AEC308E-7EB3-47F7-BB59-F2C9C6166B27}) (Version: 4.01.9714 - Apache Software Foundation) Penguins! (x32 Version: 2.2.0.98 - WildTangent) Hidden Plants vs. Zombies - Game of the Year (x32 Version: 2.2.0.98 - WildTangent) Hidden Polar Bowler (x32 Version: 2.2.0.97 - WildTangent) Hidden RAMRush 1.0.6.917 (HKLM-x32\...\RAMRush_is1) (Version: - FTweak, Inc.) Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6657 - Realtek Semiconductor Corp.) Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee) Shredder (Version: 2.0.8.9 - Egis Technology Inc.) Hidden Shredder (x32 Version: 2.0.8.9 - Egis Technology Inc.) Hidden Skype™ 7.24 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.24.104 - Skype Technologies S.A.) Spotify (HKU\S-1-5-21-3611015324-1233358662-1118214824-1001\...\Spotify) (Version: 1.0.32.96.g3c8a06e6 - Spotify AB) Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 16.3.4.0 - Synaptics Incorporated) Tales of Lagoona (x32 Version: 2.2.0.110 - WildTangent) Hidden Update Installer for WildTangent Games App (x32 Version: - WildTangent) Hidden Visual Studio 2005 Tools for Office Second Edition Runtime (HKLM-x32\...\Microsoft Visual Studio 2005 Tools for Office Runtime) (Version: - Microsoft Corporation) Visual Studio Tools for the Office system 3.0 Runtime (HKLM-x32\...\Visual Studio Tools for the Office system 3.0 Runtime) (Version: - Microsoft Corporation) Visual Studio Tools for the Office system 3.0 Runtime Service Pack 1 (KB949258) (HKLM-x32\...\{8FB53850-246A-3507-8ADE-0060093FFEA6}.KB949258) (Version: 1 - Microsoft Corporation) WildTangent Games (HKLM-x32\...\WildTangent wildgames Master Uninstall) (Version: 1.0.3.0 - WildTangent) WildTangent Games App (x32 Version: 4.0.9.3 - WildTangent) Hidden Zuma's Revenge (x32 Version: 2.2.0.98 - WildTangent) Hidden ==================== Benutzerdefinierte CLSID (Nicht auf der Ausnahmeliste): ========================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.) CustomCLSID: HKU\S-1-5-21-3611015324-1233358662-1118214824-1001_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\User\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-3611015324-1233358662-1118214824-1001_Classes\CLSID\{71DCE5D6-4B57-496B-AC21-CD5B54EB93FD}\localserver32 -> C:\Users\User\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\FileCoAuth.exe (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-3611015324-1233358662-1118214824-1001_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Users\User\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-3611015324-1233358662-1118214824-1001_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\User\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-3611015324-1233358662-1118214824-1001_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\User\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-3611015324-1233358662-1118214824-1001_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\User\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-3611015324-1233358662-1118214824-1001_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\User\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-3611015324-1233358662-1118214824-1001_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\User\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-3611015324-1233358662-1118214824-1001_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\User\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-3611015324-1233358662-1118214824-1001_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\User\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-3611015324-1233358662-1118214824-1001_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\User\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-3611015324-1233358662-1118214824-1001_Classes\CLSID\{FBC9D74C-AF55-4309-9FB2-C426E071637F}\InprocServer32 -> C:\Users\User\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll (Dropbox, Inc.) ==================== Geplante Aufgaben (Nicht auf der Ausnahmeliste) ============= (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.) Task: {075E6464-D615-463B-B752-909788CEB392} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton 360\Engine\22.7.0.76\WSCStub.exe [2016-06-17] (Symantec Corporation) Task: {1C328BFD-46E6-4C82-A91C-08C7482A3922} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> Keine Datei <==== ACHTUNG Task: {214FE432-9C57-4BFE-9B32-9131CA66F82F} - System32\Tasks\DeviceDetector => C:\Program Files (x86)\CyberLink\MediaEspresso\DeviceDetector\DeviceDetector.exe [2012-09-20] (CyberLink) Task: {2BDC52DF-A2AD-49C7-B687-150222317393} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> Keine Datei <==== ACHTUNG Task: {31E215B9-C5F4-4DF1-9AC2-24EA592CAC46} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> Keine Datei <==== ACHTUNG Task: {35A208E0-97E8-4D64-AF25-6F56074AF25E} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> Keine Datei <==== ACHTUNG Task: {379165B1-6343-4F41-9BA9-1E70AD840E17} - System32\Tasks\CreateChoiceProcessTask => C:\Windows\BrowserChoice\browserchoice.exe Task: {4379264D-F433-46DD-A857-020CCC076024} - System32\Tasks\EgisUpdate => C:\Program Files\EgisTec IPS\EgisUpdate.exe [2012-07-12] (Egis Technology Inc.) Task: {4478FB8E-90F3-418F-946B-62602945B7C6} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> Keine Datei <==== ACHTUNG Task: {4CC312B7-6E38-48D7-968B-5A32EF6DE919} - System32\Tasks\ALUAgent => C:\Program Files (x86)\Acer\Live Updater\liveupdater_agent.exe [2012-06-21] () Task: {4D18E2D9-104F-472E-A673-8036D38BBC5A} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> Keine Datei <==== ACHTUNG Task: {4EA08CD1-86B7-4BE9-BFB3-31BCF54E8D7F} - System32\Tasks\Microsoft Office 15 Sync Maintenance for ACER-User Acer => C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe [2014-03-11] (Microsoft Corporation) Task: {5973892A-E570-48C2-942D-80BCF9A53397} - System32\Tasks\ALU => C:\Program Files (x86)\Acer\Live Updater\updater.exe [2012-11-06] () Task: {6924B7E6-2B40-4EAE-B067-DB7296D463D9} - System32\Tasks\Remediation\AntimalwareMigrationTask => C:\Program Files\Common Files\AV\Norton 360 Online\Upgrade.exe [2016-06-17] (Symantec Corporation) Task: {6C0E30EC-2666-4F80-81C0-D265C538D6FB} - System32\Tasks\Norton 360\Norton Error Processor => C:\Program Files (x86)\Norton 360\Engine\22.7.0.76\SymErr.exe [2016-05-23] (Symantec Corporation) Task: {71382CCE-3495-474A-8EA9-2BD716B079B6} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-06-25] (Adobe Systems Incorporated) Task: {9FFE074C-1021-4654-9DC0-E1255043070D} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.) Task: {A5F4E48E-0C60-4D0D-84BA-AEE156E06DB4} - System32\Tasks\Norton 360\Norton Error Analyzer => C:\Program Files (x86)\Norton 360\Engine\22.7.0.76\SymErr.exe [2016-05-23] (Symantec Corporation) Task: {A8A58F57-FD04-45DB-A916-5374CE3EF4CB} - System32\Tasks\Recovery Management\Notification => C:\Program Files\Acer\Acer Recovery Management\Notification\Notification.exe [2012-11-19] (Acer Incorporated) Task: {AB41A195-4680-426E-8D48-F4ACCB4B352B} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2016-07-18] (Microsoft Corporation) Task: {AF3FB1BB-CB83-46E7-835E-F2CB41BCF827} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-3611015324-1233358662-1118214824-1001Core => C:\Users\User\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2015-07-19] (Dropbox, Inc.) Task: {B1956237-1BFA-4329-9A37-100D9DF82601} - System32\Tasks\{F5118D15-6F7D-4D14-9828-FC6FA600303B} => Chrome.exe hxxp://ui.skype.com/ui/0/6.7.0.102/de/abandoninstall?source=lightinstaller&page=tsMain Task: {B48AB2E4-8436-434A-B6B8-1DF71CD741B4} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> Keine Datei <==== ACHTUNG Task: {BA8FED5C-8DA7-4BE8-B0B8-5C0C31F44BF1} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> Keine Datei <==== ACHTUNG Task: {BC739124-C819-4392-9388-122BEB7B05AA} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-3611015324-1233358662-1118214824-1001UA => C:\Users\User\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2015-07-19] (Dropbox, Inc.) Task: {C8BCA89D-2F1C-42BA-AB64-1B827FC84EF1} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-31] (Google Inc.) Task: {CC2ACB65-AA4F-4E60-AD80-89B74177035D} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> Keine Datei <==== ACHTUNG Task: {D2F1FDBE-B65E-4961-A069-7E6DBE6148BD} - System32\Tasks\Power Management => C:\Program Files\Acer\Acer Power Management\ePowerTray.exe [2012-10-23] (Acer Incorporated) Task: {D315BAA6-97C8-445C-8B53-CC5CED829756} - System32\Tasks\Norton 360\Norton Autofix => C:\Program Files (x86)\Norton 360\Engine\22.7.0.76\SymErr.exe [2016-05-23] (Symantec Corporation) Task: {DACCD18A-6C25-42C6-B946-959A8C0E6817} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> Keine Datei <==== ACHTUNG Task: {E0B223BD-1991-4785-AAFA-88408E24A80A} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2013-12-17] (Microsoft Corporation) Task: {E41081EF-E4F4-4539-8EAC-F4267E0D8B04} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-31] (Google Inc.) Task: {E68DE6BF-A61B-40BA-9006-BC6326D1B81D} - System32\Tasks\PMMUpdate => C:\Program Files\EgisTec IPS\PMMUpdate.exe [2012-07-12] (Egis Technology Inc.) (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Aufgabe verschoben. Die Datei, die durch die Aufgabe gestartet wird, wird nicht verschoben.) Task: C:\WINDOWS\Tasks\DropboxUpdateTaskUserS-1-5-21-3611015324-1233358662-1118214824-1001Core.job => C:\Users\User\AppData\Local\Dropbox\Update\DropboxUpdate.exe Task: C:\WINDOWS\Tasks\DropboxUpdateTaskUserS-1-5-21-3611015324-1233358662-1118214824-1001UA.job => C:\Users\User\AppData\Local\Dropbox\Update\DropboxUpdate.exe Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\WINDOWS\Tasks\Synaptics TouchPad Enhancements.job => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe ==================== Verknüpfungen ============================= (Die Einträge können gelistet werden, um sie zurückzusetzen oder zu entfernen.) Shortcut: C:\Users\User\Favorites\Acer\Acer.lnk -> hxxp://www.acer.com/ ==================== Geladene Module (Nicht auf der Ausnahmeliste) ============== 2015-10-30 09:18 - 2015-10-30 09:18 - 00185856 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll 2014-03-11 20:24 - 2013-10-31 18:13 - 00102568 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll 2014-03-11 20:15 - 2014-01-02 19:41 - 00621736 _____ () C:\Program Files\Microsoft Office 15\ClientX64\StreamServer.dll 2016-04-14 18:06 - 2016-03-29 12:20 - 02656952 _____ () C:\WINDOWS\system32\CoreUIComponents.dll 2016-04-14 18:06 - 2016-03-29 12:20 - 02656952 _____ () C:\Windows\System32\CoreUIComponents.dll 2016-04-14 18:06 - 2016-03-29 12:20 - 02656952 _____ () C:\WINDOWS\System32\CoreUIComponents.dll 2016-06-25 18:57 - 2016-06-25 18:57 - 00959168 _____ () C:\Users\User\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\amd64\ClientTelemetry.dll 2012-06-22 04:12 - 2012-06-22 04:12 - 01407568 _____ () C:\Program Files (x86)\EgisTec MyWinLocker\x64\LIBEAY32.dll 2015-12-19 19:38 - 2015-12-19 19:38 - 00093696 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\Windows.UI.Shell.SharedUtilities.dll 2016-06-26 22:17 - 2016-04-23 06:25 - 00472064 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\QuickActions.dll 2016-06-26 22:17 - 2016-04-23 06:25 - 00674816 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\MtcUvc.dll 2015-06-01 22:00 - 2015-06-01 22:00 - 00102912 _____ () C:\Windows\System32\IccLibDll_x64.dll 2016-06-26 22:17 - 2016-05-28 05:53 - 00591360 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll 2016-06-26 22:18 - 2016-05-28 05:54 - 02483200 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll 2016-06-26 22:18 - 2016-05-28 05:59 - 07992832 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll 2016-06-26 22:19 - 2016-05-28 05:56 - 04089856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll 2014-02-12 20:58 - 2014-02-12 20:58 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll 2014-02-12 20:58 - 2014-02-12 20:58 - 01044808 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll 2012-11-03 02:38 - 2012-11-03 02:38 - 00465384 _____ () C:\Program Files (x86)\NTI\Acer Backup Manager\sqlite3.dll 2012-11-03 02:37 - 2012-11-03 02:37 - 00125504 _____ () C:\Program Files (x86)\NTI\Acer Backup Manager\MailConverter32.dll 2012-11-03 02:38 - 2012-11-03 02:38 - 00155712 _____ () C:\Program Files (x86)\NTI\Acer Backup Manager\VolumeSnapshot.dll 2012-11-03 02:37 - 2012-11-03 02:37 - 00118336 _____ () C:\Program Files (x86)\NTI\Acer Backup Manager\Online.dll 2012-11-03 02:37 - 2012-11-03 02:37 - 01081408 _____ () C:\Program Files (x86)\NTI\Acer Backup Manager\ACE.dll 2012-11-03 02:37 - 2012-11-03 02:37 - 00052288 _____ () C:\Program Files (x86)\NTI\Acer Backup Manager\OsSettingPort.dll 2012-11-03 02:37 - 2012-11-03 02:37 - 00727616 _____ () C:\Program Files (x86)\NTI\Acer Backup Manager\OutlookShadow.dll 2015-03-15 12:14 - 2016-07-09 21:23 - 52042352 _____ () C:\Users\User\AppData\Roaming\Spotify\libcef.dll 2016-06-25 18:57 - 2016-06-25 18:57 - 00679624 _____ () C:\Users\User\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\ClientTelemetry.dll 2014-03-11 20:15 - 2014-03-11 20:15 - 00309376 _____ () C:\Program Files\Microsoft Office 15\root\office15\AppVIsvStream32.dll 2015-03-15 12:14 - 2016-07-09 21:23 - 01741936 _____ () C:\Users\User\AppData\Roaming\Spotify\libglesv2.dll 2015-03-15 12:14 - 2016-07-09 21:23 - 00087664 _____ () C:\Users\User\AppData\Roaming\Spotify\libegl.dll 2013-02-25 22:16 - 2012-06-25 19:41 - 01198912 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\ACE.dll 2016-07-12 10:06 - 2016-06-07 03:58 - 00034768 _____ () C:\Users\User\AppData\Roaming\Dropbox\bin\_multiprocessing.pyd 2016-07-12 10:06 - 2016-06-07 03:58 - 00134088 _____ () C:\Users\User\AppData\Roaming\Dropbox\bin\pyexpat.pyd 2016-07-12 10:06 - 2016-06-07 03:59 - 00019408 _____ () C:\Users\User\AppData\Roaming\Dropbox\bin\faulthandler.pyd 2016-07-12 10:06 - 2016-06-07 03:58 - 00116688 _____ () C:\Users\User\AppData\Roaming\Dropbox\bin\pywintypes27.dll 2016-07-12 10:06 - 2016-06-07 03:58 - 00093640 _____ () C:\Users\User\AppData\Roaming\Dropbox\bin\_ctypes.pyd 2016-07-12 10:06 - 2016-06-07 03:58 - 00018376 _____ () C:\Users\User\AppData\Roaming\Dropbox\bin\select.pyd 2016-07-12 10:06 - 2016-07-05 20:00 - 00019760 _____ () C:\Users\User\AppData\Roaming\Dropbox\bin\tornado.speedups.pyd 2016-07-12 10:06 - 2016-06-07 04:00 - 00105928 _____ () C:\Users\User\AppData\Roaming\Dropbox\bin\win32api.pyd 2016-07-12 10:06 - 2016-06-07 03:58 - 00392144 _____ () C:\Users\User\AppData\Roaming\Dropbox\bin\pythoncom27.dll 2016-07-12 10:06 - 2016-07-05 20:00 - 00381752 _____ () C:\Users\User\AppData\Roaming\Dropbox\bin\win32com.shell.shell.pyd 2016-07-12 10:06 - 2016-06-07 03:58 - 00692688 _____ () C:\Users\User\AppData\Roaming\Dropbox\bin\unicodedata.pyd 2016-07-12 10:06 - 2016-07-05 19:59 - 00020816 _____ () C:\Users\User\AppData\Roaming\Dropbox\bin\cryptography.hazmat.bindings._constant_time.pyd 2016-07-12 10:06 - 2016-06-07 03:59 - 00123856 _____ () C:\Users\User\AppData\Roaming\Dropbox\bin\_cffi_backend.pyd 2016-07-12 10:06 - 2016-07-05 19:59 - 01682760 _____ () C:\Users\User\AppData\Roaming\Dropbox\bin\cryptography.hazmat.bindings._openssl.pyd 2016-07-12 10:06 - 2016-07-05 19:59 - 00020808 _____ () C:\Users\User\AppData\Roaming\Dropbox\bin\cryptography.hazmat.bindings._padding.pyd 2016-07-12 10:06 - 2016-07-05 20:00 - 00021840 _____ () C:\Users\User\AppData\Roaming\Dropbox\bin\_cffi_unicode_environ_win32_x8bf8e68bx9968e850.pyd 2016-07-12 10:06 - 2016-07-05 20:00 - 00052024 _____ () C:\Users\User\AppData\Roaming\Dropbox\bin\psutil._psutil_windows.pyd 2016-07-12 10:06 - 2016-07-05 20:00 - 00038696 _____ () C:\Users\User\AppData\Roaming\Dropbox\bin\fastpath.pyd 2016-07-12 10:06 - 2016-06-07 04:00 - 00020936 _____ () C:\Users\User\AppData\Roaming\Dropbox\bin\mmapfile.pyd 2016-07-12 10:06 - 2016-06-07 04:00 - 00024528 _____ () C:\Users\User\AppData\Roaming\Dropbox\bin\win32event.pyd 2016-07-12 10:06 - 2016-06-07 04:00 - 00114640 _____ () C:\Users\User\AppData\Roaming\Dropbox\bin\win32security.pyd 2016-07-12 10:06 - 2016-06-07 04:00 - 00124880 _____ () C:\Users\User\AppData\Roaming\Dropbox\bin\win32file.pyd 2016-07-12 10:06 - 2016-07-05 20:00 - 00021832 _____ () C:\Users\User\AppData\Roaming\Dropbox\bin\_cffi_pywin_kernel32_x64d8f881xc8c369be.pyd 2016-07-12 10:06 - 2016-06-07 04:00 - 00024016 _____ () C:\Users\User\AppData\Roaming\Dropbox\bin\win32clipboard.pyd 2016-07-12 10:06 - 2016-06-07 04:00 - 00175560 _____ () C:\Users\User\AppData\Roaming\Dropbox\bin\win32gui.pyd 2016-07-12 10:06 - 2016-06-07 04:00 - 00030160 _____ () C:\Users\User\AppData\Roaming\Dropbox\bin\win32pipe.pyd 2016-07-12 10:06 - 2016-06-07 04:00 - 00043472 _____ () C:\Users\User\AppData\Roaming\Dropbox\bin\win32process.pyd 2016-07-12 10:06 - 2016-06-07 04:00 - 00048592 _____ () C:\Users\User\AppData\Roaming\Dropbox\bin\win32service.pyd 2016-07-12 10:06 - 2016-07-05 20:00 - 00023872 _____ () C:\Users\User\AppData\Roaming\Dropbox\bin\winffi.kernel32._winffi_kernel32.pyd 2016-07-12 10:06 - 2016-07-05 20:00 - 00026456 _____ () C:\Users\User\AppData\Roaming\Dropbox\bin\dropbox.infinite.win.compiled._driverinstallation.pyd 2016-07-12 10:06 - 2016-06-07 04:00 - 00057808 _____ () C:\Users\User\AppData\Roaming\Dropbox\bin\win32evtlog.pyd 2016-07-12 10:06 - 2016-06-07 04:00 - 00024016 _____ () C:\Users\User\AppData\Roaming\Dropbox\bin\win32profile.pyd 2016-07-12 10:06 - 2016-07-05 19:59 - 00246592 _____ () C:\Users\User\AppData\Roaming\Dropbox\bin\breakpad.client.windows.handler.pyd 2016-07-12 10:06 - 2016-06-07 04:00 - 00028616 _____ () C:\Users\User\AppData\Roaming\Dropbox\bin\win32ts.pyd 2016-07-12 10:06 - 2016-07-05 20:00 - 00020800 _____ () C:\Users\User\AppData\Roaming\Dropbox\bin\winffi.iphlpapi._winffi_iphlpapi.pyd 2016-07-12 10:06 - 2016-07-05 20:00 - 00019776 _____ () C:\Users\User\AppData\Roaming\Dropbox\bin\winffi.winerror._winffi_winerror.pyd 2016-07-12 10:06 - 2016-07-05 20:00 - 00020800 _____ () C:\Users\User\AppData\Roaming\Dropbox\bin\winffi.wininet._winffi_wininet.pyd 2016-07-12 10:06 - 2016-06-07 03:58 - 00134608 _____ () C:\Users\User\AppData\Roaming\Dropbox\bin\_elementtree.pyd 2016-07-12 10:06 - 2016-06-07 03:59 - 00240584 _____ () C:\Users\User\AppData\Roaming\Dropbox\bin\jpegtran.pyd 2016-07-12 10:06 - 2016-07-05 19:59 - 00020280 _____ () C:\Users\User\AppData\Roaming\Dropbox\bin\cpuid.compiled._cpuid.pyd 2016-07-12 10:06 - 2016-07-05 20:00 - 00023376 _____ () C:\Users\User\AppData\Roaming\Dropbox\bin\winscreenshot.compiled._CaptureScreenshot.pyd 2016-07-12 10:06 - 2016-06-07 04:00 - 00350152 _____ () C:\Users\User\AppData\Roaming\Dropbox\bin\winxpgui.pyd 2016-07-12 10:06 - 2016-07-05 20:00 - 00022352 _____ () C:\Users\User\AppData\Roaming\Dropbox\bin\winverifysignature.compiled._VerifySignature.pyd 2016-07-12 10:06 - 2016-07-05 20:00 - 00024392 _____ () C:\Users\User\AppData\Roaming\Dropbox\bin\librsyncffi.compiled._librsyncffi.pyd 2016-07-12 10:06 - 2016-06-07 04:01 - 00036296 _____ () C:\Users\User\AppData\Roaming\Dropbox\bin\librsync.dll 2016-07-12 10:06 - 2016-07-05 20:00 - 00031568 _____ () C:\Users\User\AppData\Roaming\Dropbox\bin\enterprise_data.compiled._enterprise_data.pyd 2016-07-12 10:06 - 2016-03-12 02:46 - 00293392 _____ () C:\Users\User\AppData\Roaming\Dropbox\bin\EnterpriseDataAdapter.dll 2016-07-12 10:06 - 2016-07-05 20:00 - 00084280 _____ () C:\Users\User\AppData\Roaming\Dropbox\bin\dropbox_sqlite_ext.DLL 2016-07-12 10:06 - 2016-07-05 20:00 - 01826096 _____ () C:\Users\User\AppData\Roaming\Dropbox\bin\PyQt5.QtCore.pyd 2016-07-12 10:06 - 2016-06-07 03:59 - 00083912 _____ () C:\Users\User\AppData\Roaming\Dropbox\bin\sip.pyd 2016-07-12 10:06 - 2016-07-05 20:00 - 03928880 _____ () C:\Users\User\AppData\Roaming\Dropbox\bin\PyQt5.QtWidgets.pyd 2016-07-12 10:06 - 2016-07-05 20:00 - 01971504 _____ () C:\Users\User\AppData\Roaming\Dropbox\bin\PyQt5.QtGui.pyd 2016-07-12 10:06 - 2016-07-05 20:00 - 00531248 _____ () C:\Users\User\AppData\Roaming\Dropbox\bin\PyQt5.QtNetwork.pyd 2016-07-12 10:06 - 2016-07-05 20:00 - 00132912 _____ () C:\Users\User\AppData\Roaming\Dropbox\bin\PyQt5.QtWebKit.pyd 2016-07-12 10:06 - 2016-07-05 20:00 - 00223544 _____ () C:\Users\User\AppData\Roaming\Dropbox\bin\PyQt5.QtWebKitWidgets.pyd 2016-07-12 10:06 - 2016-07-05 20:00 - 00207672 _____ () C:\Users\User\AppData\Roaming\Dropbox\bin\PyQt5.QtPrintSupport.pyd 2016-07-12 10:06 - 2016-06-07 04:00 - 00060880 _____ () C:\Users\User\AppData\Roaming\Dropbox\bin\win32print.pyd 2016-07-12 10:06 - 2016-07-05 20:00 - 00025928 _____ () C:\Users\User\AppData\Roaming\Dropbox\bin\windisplaytoast.compiled._DisplayToast.pyd 2016-07-12 10:06 - 2016-07-05 20:00 - 00024904 _____ () C:\Users\User\AppData\Roaming\Dropbox\bin\_cffi_wpad_proxy_win_x752e3d61xdcfdcc84.pyd 2016-07-12 10:06 - 2016-07-05 20:00 - 00546096 _____ () C:\Users\User\AppData\Roaming\Dropbox\bin\PyQt5.QtQuick.pyd 2016-07-12 10:06 - 2016-07-05 20:00 - 00357680 _____ () C:\Users\User\AppData\Roaming\Dropbox\bin\PyQt5.QtQml.pyd 2012-09-23 20:43 - 2012-09-23 20:43 - 00313992 _____ () C:\Program Files (x86)\Adobe\Reader 11.0\Reader\sqlite.dll 2013-05-11 12:37 - 2013-05-11 12:37 - 14588632 _____ () C:\Program Files (x86)\Adobe\Reader 11.0\Reader\NPSWF32.dll ==================== Alternate Data Streams (Nicht auf der Ausnahmeliste) ========= (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird nur der ADS entfernt.) AlternateDataStreams: C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Facebook.website:TASKICON_0news-1751121550 [2302] AlternateDataStreams: C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Facebook.website:TASKICON_1messages-431041656 [2302] AlternateDataStreams: C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Facebook.website:TASKICON_2events-250898981 [2302] AlternateDataStreams: C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Facebook.website:TASKICON_3friends-215113587 [2302] ==================== Abgesicherter Modus (Nicht auf der Ausnahmeliste) =================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Der Wert "AlternateShell" wird wiederhergestellt.) ==================== Verknüpfungen (Nicht auf der Ausnahmeliste) =============== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt.) ==================== Internet Explorer Vertrauenswürdig/Eingeschränkt =============== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt.) ==================== Hosts Inhalt: =============================== (Wenn benötigt kann der Hosts: Schalter in die Fixlist aufgenommen werden um die Hosts Datei zurückzusetzen.) 2013-08-22 15:25 - 2013-08-22 15:25 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts ==================== Andere Bereiche ============================ (Aktuell gibt es keinen automatisierten Fix für diesen Bereich.) HKU\S-1-5-21-3611015324-1233358662-1118214824-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\User\Pictures\Siebenbürgen 2015\IMG_02003.jpg DNS Servers: 192.168.2.1 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1) Windows Firewall ist aktiviert. ==================== MSCONFIG/TASK MANAGER Deaktivierte Einträge == (Aktuell gibt es keinen automatisierten Fix für diesen Bereich.) ==================== Firewall Regeln (Nicht auf der Ausnahmeliste) =============== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.) FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139 FirewallRules: [UDP Query User{9B1E7277-4BFD-4DD7-8303-962623CB6EB5}C:\users\user\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\user\appdata\roaming\spotify\spotify.exe FirewallRules: [TCP Query User{773F2A44-36C6-4417-94B5-5B1FC8F1C298}C:\users\user\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\user\appdata\roaming\spotify\spotify.exe FirewallRules: [{96C2283B-8374-437E-97F5-5050E9B84A97}] => (Allow) C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManager.exe FirewallRules: [{54EF1D26-1E67-4317-862F-5309CF19152C}] => (Allow) C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe FirewallRules: [{B59D6F63-526A-43F7-AC5A-68F2144DCFEA}] => (Allow) C:\Program Files (x86)\NTI\Acer Backup Manager\FileExplorer.exe FirewallRules: [{D5236F86-10B2-4DDA-8EDD-B023119EBE34}] => (Allow) C:\Program Files (x86)\Spotify\spotify.exe FirewallRules: [{11D9DA99-C805-4852-8BF2-B36C762B8F73}] => (Allow) C:\Program Files (x86)\Spotify\spotify.exe FirewallRules: [{FAF3A736-C37D-4C29-9548-227FF6C94287}] => (Allow) C:\Program Files (x86)\Spotify\Data\SpotifyWebHelper.exe FirewallRules: [{2B2B1051-4F4D-4DAC-850A-62F4098F5E98}] => (Allow) C:\Program Files (x86)\Spotify\Data\SpotifyWebHelper.exe FirewallRules: [{2771C4AE-B350-434C-89F3-F57EB05886C3}] => (Allow) C:\Program Files (x86)\Acer\clear.fi Media\DMCDaemon.exe FirewallRules: [{417E4361-F343-448F-BBEC-917DC1BAC4FB}] => (Allow) C:\Program Files (x86)\Acer\clear.fi Media\DMCDaemon.exe FirewallRules: [{76F5C8E9-38C6-41C8-8A5C-F4AB72C7D8B1}] => (Allow) C:\Program Files (x86)\Acer\clear.fi Media\WindowsUpnpMV.exe FirewallRules: [{EB75F31C-A31F-4BBF-A5F7-77D58F1D9B93}] => (Allow) C:\Program Files (x86)\Acer\clear.fi Media\WindowsUpnpMV.exe FirewallRules: [{AA866918-7B11-46F1-8488-97B4B5A0BE40}] => (Allow) C:\Program Files (x86)\Acer\clear.fi SDK21\Video\VideoPlayer.exe FirewallRules: [{144B3A14-2267-4B15-8BDB-AC560466B11F}] => (Allow) C:\Program Files (x86)\Acer\clear.fi SDK21\Video\MusicPlayer.exe FirewallRules: [{EA27E55B-F7C2-4E7A-8F5D-A0D909E6699D}] => (Allow) C:\Program Files (x86)\Acer\clear.fi SDK21\Movie\PlayMovie.exe FirewallRules: [{966DEE37-7559-47E6-BAFE-B4E475E4223C}] => (Allow) C:\Program Files (x86)\Acer\clear.fi Photo\DMCDaemon.exe FirewallRules: [{BDFAFE0F-D1F6-4F31-9E9A-FDC3DDBD636A}] => (Allow) C:\Program Files (x86)\Acer\clear.fi Photo\DMCDaemon.exe FirewallRules: [{DD15B78B-2A0C-4950-9E26-47BF70B7B234}] => (Allow) C:\Program Files (x86)\Acer\clear.fi Photo\WindowsUpnp.exe FirewallRules: [{8058F124-7909-4CD3-8759-4701CB4F8286}] => (Allow) C:\Program Files (x86)\Acer\clear.fi Photo\WindowsUpnp.exe FirewallRules: [{CCF4447E-405E-474F-8DD4-EACA156FEDA2}] => (Allow) C:\Program Files (x86)\Acer\Acer Cloud\ccd.exe FirewallRules: [{3C32AD3C-62FB-46AC-ADF3-E210035BFD9A}] => (Allow) C:\Program Files (x86)\Acer\Acer Cloud\ccd.exe FirewallRules: [{B6BE5BF4-5653-495F-BB1C-6902027DC6EE}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe FirewallRules: [{53437C13-1965-44C9-A358-4801611A8816}] => (Allow) C:\Users\User\AppData\Roaming\Dropbox\bin\Dropbox.exe FirewallRules: [{A43624FC-0DB3-4E38-9684-A6DD702E6050}] => (Allow) C:\Users\User\AppData\Roaming\Dropbox\bin\Dropbox.exe FirewallRules: [{3286A1A7-19C4-43C6-AA4E-BF999B5B1FCC}] => (Allow) C:\Users\User\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe FirewallRules: [{DDE47F77-69CF-4B3C-95D7-714CB37A7639}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe FirewallRules: [{02D1C326-A15D-437E-B8E1-CDDEDF6A8110}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe FirewallRules: [{ACC0EB37-4D0E-4AF9-90CF-9B01C9630E12}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe FirewallRules: [{E115DAD5-B26A-473A-A7EB-9AF9DA73C6F8}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe FirewallRules: [{824E169B-5919-4D82-90A2-B3F13887E35B}] => (Allow) C:\Program Files (x86)\iTunes\iTunes.exe FirewallRules: [{8870D4F0-FEF5-4832-9174-3149C493FEB3}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe FirewallRules: [TCP Query User{FDB90C13-0B30-4E36-8E9C-4C214CF4762E}C:\program files (x86)\symantec\norton online backup\nobuclient.exe] => (Allow) C:\program files (x86)\symantec\norton online backup\nobuclient.exe FirewallRules: [UDP Query User{062D87E8-1575-4EA9-BC3E-6A3C7325E376}C:\program files (x86)\symantec\norton online backup\nobuclient.exe] => (Allow) C:\program files (x86)\symantec\norton online backup\nobuclient.exe ==================== Wiederherstellungspunkte ========================= 30-06-2016 17:48:51 Windows Update 11-07-2016 21:40:37 TuneUp Utilities 2014 wird entfernt 18-07-2016 22:03:20 Windows Update ==================== Fehlerhafte Geräte im Gerätemanager ============= ==================== Fehlereinträge in der Ereignisanzeige: ========================= Applikationsfehler: ================== Error: (07/31/2016 11:39:39 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledSPRetry 18437 Error: (07/31/2016 11:39:39 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledEvent 18437 Error: (07/31/2016 11:39:39 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: Continuously busy for more than a second Error: (07/31/2016 11:39:38 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledSPRetry 17187 Error: (07/31/2016 11:39:38 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledEvent 17187 Error: (07/31/2016 11:39:38 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: Continuously busy for more than a second Error: (07/31/2016 11:39:36 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledSPRetry 15906 Error: (07/31/2016 11:39:36 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledEvent 15906 Error: (07/31/2016 11:39:36 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: Continuously busy for more than a second Error: (07/31/2016 11:39:35 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledSPRetry 14609 Systemfehler: ============= Error: (07/31/2016 11:39:11 PM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT) Description: AnwendungsspezifischLokalAktivierung{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT-AUTORITÄTSYSTEMS-1-5-18LocalHost (unter Verwendung von LRPC)Nicht verfügbarNicht verfügbar Error: (07/31/2016 11:09:39 PM) (Source: DCOM) (EventID: 10016) (User: ACER) Description: ComputerstandardLokalAktivierung{C2F03A33-21F5-47FA-B4BB-156362A2F239}{316CDED5-E4AE-4B15-9113-7055D84DCC97}AcerUserS-1-5-21-3611015324-1233358662-1118214824-1001LocalHost (unter Verwendung von LRPC)Microsoft.Windows.Cortana_1.6.1.52_neutral_neutral_cw5n1h2txyewyS-1-15-2-1861897761-1695161497-2927542615-642690995-327840285-2659745135-2630312742 Error: (07/31/2016 11:09:39 PM) (Source: DCOM) (EventID: 10016) (User: ACER) Description: ComputerstandardLokalAktivierung{C2F03A33-21F5-47FA-B4BB-156362A2F239}{316CDED5-E4AE-4B15-9113-7055D84DCC97}AcerUserS-1-5-21-3611015324-1233358662-1118214824-1001LocalHost (unter Verwendung von LRPC)Microsoft.Windows.Cortana_1.6.1.52_neutral_neutral_cw5n1h2txyewyS-1-15-2-1861897761-1695161497-2927542615-642690995-327840285-2659745135-2630312742 Error: (07/31/2016 11:09:29 PM) (Source: DCOM) (EventID: 10016) (User: ACER) Description: ComputerstandardLokalAktivierung{C2F03A33-21F5-47FA-B4BB-156362A2F239}{316CDED5-E4AE-4B15-9113-7055D84DCC97}AcerUserS-1-5-21-3611015324-1233358662-1118214824-1001LocalHost (unter Verwendung von LRPC)Microsoft.Windows.Cortana_1.6.1.52_neutral_neutral_cw5n1h2txyewyS-1-15-2-1861897761-1695161497-2927542615-642690995-327840285-2659745135-2630312742 Error: (07/31/2016 11:04:54 PM) (Source: DCOM) (EventID: 10016) (User: ACER) Description: ComputerstandardLokalAktivierung{C2F03A33-21F5-47FA-B4BB-156362A2F239}{316CDED5-E4AE-4B15-9113-7055D84DCC97}AcerUserS-1-5-21-3611015324-1233358662-1118214824-1001LocalHost (unter Verwendung von LRPC)Microsoft.Windows.Cortana_1.6.1.52_neutral_neutral_cw5n1h2txyewyS-1-15-2-1861897761-1695161497-2927542615-642690995-327840285-2659745135-2630312742 Error: (07/31/2016 11:04:54 PM) (Source: DCOM) (EventID: 10016) (User: ACER) Description: ComputerstandardLokalAktivierung{C2F03A33-21F5-47FA-B4BB-156362A2F239}{316CDED5-E4AE-4B15-9113-7055D84DCC97}AcerUserS-1-5-21-3611015324-1233358662-1118214824-1001LocalHost (unter Verwendung von LRPC)Microsoft.Windows.Cortana_1.6.1.52_neutral_neutral_cw5n1h2txyewyS-1-15-2-1861897761-1695161497-2927542615-642690995-327840285-2659745135-2630312742 Error: (07/31/2016 11:01:55 PM) (Source: DCOM) (EventID: 10016) (User: ACER) Description: ComputerstandardLokalAktivierung{C2F03A33-21F5-47FA-B4BB-156362A2F239}{316CDED5-E4AE-4B15-9113-7055D84DCC97}AcerUserS-1-5-21-3611015324-1233358662-1118214824-1001LocalHost (unter Verwendung von LRPC)Microsoft.Windows.Cortana_1.6.1.52_neutral_neutral_cw5n1h2txyewyS-1-15-2-1861897761-1695161497-2927542615-642690995-327840285-2659745135-2630312742 Error: (07/31/2016 09:34:05 PM) (Source: Service Control Manager) (EventID: 7011) (User: ) Description: Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst MBAMScheduler erreicht. Error: (07/20/2016 05:18:15 PM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT) Description: AnwendungsspezifischLokalAktivierung{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT-AUTORITÄTSYSTEMS-1-5-18LocalHost (unter Verwendung von LRPC)Nicht verfügbarNicht verfügbar Error: (07/19/2016 03:26:10 PM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT) Description: AnwendungsspezifischLokalAktivierung{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT-AUTORITÄTSYSTEMS-1-5-18LocalHost (unter Verwendung von LRPC)Nicht verfügbarNicht verfügbar CodeIntegrity: =================================== Date: 2016-07-19 01:05:16.541 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system. Date: 2016-07-09 21:20:49.728 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system. Date: 2016-07-01 21:19:04.505 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system. Date: 2016-05-02 21:54:39.363 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system. Date: 2016-04-17 17:07:49.745 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system. Date: 2016-03-30 17:54:46.136 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system. Date: 2016-03-25 21:43:53.666 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system. Date: 2016-03-25 17:33:18.319 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system. Date: 2016-03-07 10:16:18.949 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system. Date: 2016-02-14 11:53:39.288 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system. ==================== Speicherinformationen =========================== Prozessor: Intel(R) Pentium(R) CPU B960 @ 2.20GHz Prozentuale Nutzung des RAM: 66% Installierter physikalischer RAM: 3909.28 MB Verfügbarer physikalischer RAM: 1292.92 MB Summe virtueller Speicher: 43909.28 MB Verfügbarer virtueller Speicher: 40176.98 MB ==================== Laufwerke ================================ Drive c: (Acer) (Fixed) (Total:445.75 GB) (Free:338.41 GB) NTFS Drive f: (CANON_DC) (Removable) (Total:14.83 GB) (Free:14.16 GB) FAT32 ==================== MBR & Partitionstabelle ================== ======================================================== Disk: 0 (Size: 465.8 GB) (Disk ID: 30487FA9) Partition: GPT. ======================================================== Disk: 1 (Size: 14.8 GB) (Disk ID: 00000000) Partition: GPT. ==================== Ende von Addition.txt ============================ |
02.08.2016, 21:11 | #12 |
/// TB-Ausbilder /// Anleitungs-Guru | "mytrustsearch"- was ist das? Entferne bei chrome mal die Extension YoutubeRate. Wie wirkt sich das aus?
__________________ Gruß deeprybka Lob, Kritik, Wünsche? Spende fürs trojaner-board? _______________________________________________ „Neminem laede, immo omnes, quantum potes, iuva.“ Arthur Schopenhauer |
02.08.2016, 21:20 | #13 |
| "mytrustsearch"- was ist das? Das hat geholfen! Vielen, vielen Dank für deine Zeit und Mühe |
02.08.2016, 21:25 | #14 |
/// TB-Ausbilder /// Anleitungs-Guru | "mytrustsearch"- was ist das? Ich schaue mir die Logs dann morgen nochmal genau an und poste Dir letzte Anweisungen wenn das für Dich OK ist?
__________________ Gruß deeprybka Lob, Kritik, Wünsche? Spende fürs trojaner-board? _______________________________________________ „Neminem laede, immo omnes, quantum potes, iuva.“ Arthur Schopenhauer |
03.08.2016, 19:16 | #15 |
/// TB-Ausbilder /// Anleitungs-Guru | "mytrustsearch"- was ist das?Wir haben es geschafft! Die Logs sehen für mich im Moment sauber aus. Wenn Du möchtest, kannst Du hier sagen, ob Du mit mir und meiner Hilfe zufrieden warst...und/oder das Forum mit einer kleinen Spende unterstützen. Es bleibt mir nur noch, Dir unbeschwertes und sicheres Surfen zu wünschen und dass wir uns hier so bald nicht wiedersehen. Cleanup: (Die Reihenfolge ist hier entscheidend) Falls Defogger verwendet wurde: Erneut starten und auf Re-enable klicken. Falls Combofix verwendet wurde: Combofix deinstallieren
Alle Logs gepostet? Dann lade Dir bitte DelFix herunter.
Hinweis: DelFix entfernt u.a. alle verwendeten Programme, die Quarantäne unserer Scanner, den Java-Cache und löscht sich abschließend selbst. Starte Deinen Rechner abschließend neu. Sollten jetzt noch Programme aus unserer Bereinigung übrig sein, kannst Du diese bedenkenlos löschen. Absicherung: Beim Betriebsystem Windows die automatischen Updates aktivieren. Auch die sicherheitsrelevante Software sollte immer nur in der aktuellsten Version vorliegen: Browser Java Flash-Player PDF-Reader Sicherheitslücken (z.B. hier) in deren alten Versionen werden dazu ausgenutzt, um beim einfachen Besuch einer manipulierten Website per "Drive-by" Malware zu installieren. Ich empfehle z.B. die Verwendung von Mozilla Firefox statt des Internet Explorers. Zudem lassen sich mit dem Firefox auch PDF-Dokumente öffnen. Aktiviere eine Firewall. Die in Windows integrierte genügt im Normalfall völlig. Verwende ein Antivirusprogramm mit Echtzeitscanner und stets aktueller Signaturendatenbank. Meine Kauf-Empfehlung: Zusätzlich kannst Du Deinen PC regelmäßig mit Malwarebytes Anti-Malware scannen. Optional: NoScript verhindert das Ausführen von aktiven Inhalten (Java, JavaScript, Flash,...) für sämtliche Websites. Man kann aber nach dem Prinzip einer Whitelist festlegen, auf welchen Seiten Scripts erlaubt werden sollen. Malwarebytes Anti Exploit: Schützt die Anwendungen des Computers vor der Ausnutzung bekannter Schwachstellen. Lade Software von einem sauberen Portal wie . Wähle beim Installieren von Software immer die benutzerdefinierte Option und entferne den Haken bei allen optional angebotenen Toolbars oder sonstigen, fürs Programm, irrelevanten Ergänzungen. Um Adware wieder los zu werden, empfiehlt sich zunächst die Deinstallation sowie die anschließende Resteentfernung mit Adwcleaner . Abschließend noch ein paar grundsätzliche Bemerkungen: Ändere regelmäßig Deine wichtigen Online-Passwörter und erstelle regelmäßig Backups Deiner wichtigen Dateien oder des Systems. Der Nutzen von Registry-Cleanern, Optimizern usw. zur Performancesteigerung ist umstritten. Ich empfehle deshalb, die Finger von der Registry zu lassen und lieber die windowseigene Datenträgerbereinigung zu verwenden.
__________________ Gruß deeprybka Lob, Kritik, Wünsche? Spende fürs trojaner-board? _______________________________________________ „Neminem laede, immo omnes, quantum potes, iuva.“ Arthur Schopenhauer |
Themen zu "mytrustsearch"- was ist das? |
beseitigen, bietet, bli, download, einloggen, erkennen, film, fix, folge, gen, klicke, komische, links, malware, mytrustsearch, neues, nichts, problem, schließen, search, seite, seiten, suchmaschine, tab, windows, öffnen |