| |
| |||||||
Log-Analyse und Auswertung: Kein Internet-Zugriff nach Adware-Säuberung!Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
24.07.2014, 21:34
| #1 |
| |  Kein Internet-Zugriff nach Adware-Säuberung! Gut, dann nochmal im passenden Unterforum... Hallo zusammen, ich habe seit heute ein großes Problem auf meinem Notebook. Beim Installieren von Freeware sind mir wohl einige unerwünschte Programme, hauptsächlich Adware, untergekommen (RocketTab, Omiga-Plus, Vi-View...) Außer, dass ich bei jeder Google-Suche nervige Werbungen hatte, hatte ich kinerlei Probleme. Dennoch habe ich mich dazu entschlossen, heute mal aufzuräumen. Zuerst habe ich es manuell versucht, über Systemsteuereung -> Programme deinstallieren. Einiges auch noch per Hand im Explorer gesucht und gelöscht. Daraufhin hatte ich im Firefox Probleme, viele Websites zu öffnen, es kam immer die Meldung, dass dem Sicherheitszertifikat nicht getraut wird. Also die Sache richtig angegangen, mit Sophos, und dann auch Anti-Malwarebytes drüber gegangen. Besonders letzteres hat viele Dinge entfernt... Nach dem Neustart dann das Problem: Ich kann, trotz bestehender Internetverbindung, kann ich nicht mehr aufs Internet zugreifen. Egal, ob Firefox oder IE. Firefox sagt: "Die verbindung zum Server wurde zurückgesetzt, während die Seite geladen wurde." Keine Chance...an der FIrewall liegts wohl nich, da hab ich nix geändert, und Firefox steht auch drin, dass es natürlich aufs Internet zugreifen darf... Pingtest zeigt: Keine Probleme, kann eigentlich aufs INet zugreifen...kanns irgendwie an der rausgeschmissenen Adware liegen? Ich bin überfragt :/ Code:
ATTFilter ****************** Sophos Anti-Virus Protokoll - 24.07.2014 20:16:58 **************
...
20140724 135131 Scan 'Computer scannen' gestartet.
20140724 135305 Datei "C:\Program Files (x86)\Browsersafeguard\uninstall.BrowserSafeguard.exe" gehört zu Adware/PUA 'Generic PUA ML' (Typ Andere).
20140724 135305 Datei "C:\Windows\System32\Tasks\BrowserSafeguard Update Task" gehört zu Adware/PUA 'Generic PUA ML' (Typ Andere).
20140724 140236 Datei "C:\Program Files (x86)\Browsersafeguard\uninstall.BrowserSafeguard.exe" gehört zu Adware/PUA 'Generic PUA ML' (Typ Andere).
20140724 140236 Datei "C:\Windows\System32\Tasks\BrowserSafeguard Update Task" gehört zu Adware/PUA 'Generic PUA ML' (Typ Andere).
20140724 140238 Datei "C:\Windows\System32\Tasks\BrowserSafeguard Update Task" wurde bereinigt.
20140724 140239 Datei "C:\Program Files (x86)\Browsersafeguard\uninstall.BrowserSafeguard.exe" wurde bereinigt.
20140724 140239 Adware/PUA 'Generic PUA ML' wurde entfernt.
20140724 140542 Datei "C:\Users\fkrohn\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\MTZ3GMPV\rtinstaller[1].exe" gehört zu Adware/PUA 'Generic PUA ML' (Typ Andere).
20140724 140546 Datei "C:\Users\fkrohn\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SWNPN98J\ssupsetup_binstall3[1].exe" gehört zu Adware/PUA 'Generic PUA OM' (Typ Andere).
20140724 140617 Adware/PUA 'Generic PUA ML' wurde erkannt.
20140724 140617 Adware/PUA 'Generic PUA OM' wurde erkannt.
20140724 140617 Scan 'Computer scannen' abgeschlossen.
20140724 140617 Ergebniszusammenfassung für Scan 'Computer scannen':
Gescannte Objekte: 199333
Fehler: 0
Objekte in Quarantäne: 2
Behandelte Objekte: 0
...
(18 Objekte)
Code:
ATTFilter Malwarebytes Anti-Malware www.malwarebytes.org Scan Date: 24.07.2014 Scan Time: 16:31:42 Logfile: Log.txt Administrator: Yes Version: 2.00.2.1012 Malware Database: v2014.07.24.04 Rootkit Database: v2014.07.17.01 License: Trial Malware Protection: Enabled Malicious Website Protection: Enabled Self-protection: Disabled OS: Windows 7 Service Pack 1 CPU: x64 File System: NTFS User: fkrohn Scan Type: Threat Scan Result: Completed Objects Scanned: 330262 Time Elapsed: 5 min, 5 sec Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Disabled Heuristics: Enabled PUP: Enabled PUM: Enabled Processes: 3 PUP.Optional.IePluginService.A, C:\ProgramData\IePluginServices\PluginService.exe, 2256, Delete-on-Reboot, [d3810b98f6853204a64ce27c61a04db3] PUP.Optional.WPM.A, C:\ProgramData\WindowsProtectManger\wprotectmanager.exe, 2300, Delete-on-Reboot, [2a2abde61e5dea4c8268e2af11f0926e] PUP.Optional.RocketTab.A, C:\Program Files (x86)\Browsersafeguard\BrowserSafeguard.exe, 3828, Delete-on-Reboot, [6de74f545e1db185719054f6758b8779] Modules: 1 PUP.Optional.Skytech.A, C:\Program Files (x86)\SupTab\DpInterface32.dll, Delete-on-Reboot, [193b8d162b50211574caf8965aa75aa6], Registry Keys: 21 PUP.Optional.IePluginService.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\IePluginServices, Quarantined, [d3810b98f6853204a64ce27c61a04db3], PUP.Optional.WPM.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\WindowsProtectManger, Quarantined, [2a2abde61e5dea4c8268e2af11f0926e], PUP.Optional.WPM.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\WindowsProtectManger, Quarantined, [2a2abde61e5dea4c8268e2af11f0926e], PUP.Optional.SupTab.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}, Quarantined, [ef65544fa2d953e3358f58068c76f60a], PUP.Optional.SupTab.A, HKLM\SOFTWARE\CLASSES\TYPELIB\{968EDCE0-C10A-47BB-B3B6-FDF09F2A417D}, Quarantined, [ef65544fa2d953e3358f58068c76f60a], PUP.Optional.SupTab.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{917CAAE9-DD47-4025-936E-1414F07DF5B8}, Quarantined, [ef65544fa2d953e3358f58068c76f60a], PUP.Optional.SupTab.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{917CAAE9-DD47-4025-936E-1414F07DF5B8}, Quarantined, [ef65544fa2d953e3358f58068c76f60a], PUP.Optional.SupTab.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{968EDCE0-C10A-47BB-B3B6-FDF09F2A417D}, Quarantined, [ef65544fa2d953e3358f58068c76f60a], PUP.Optional.SupTab.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}, Quarantined, [ef65544fa2d953e3358f58068c76f60a], PUP.Optional.SupTab.A, HKU\S-1-5-21-556708241-424655353-3447792364-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}, Quarantined, [ef65544fa2d953e3358f58068c76f60a], PUP.Optional.SupTab.A, HKU\S-1-5-21-556708241-424655353-3447792364-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}, Quarantined, [ef65544fa2d953e3358f58068c76f60a], PUP.Optional.SupraSavings, HKLM\SOFTWARE\suprasavings, Quarantined, [193b5d462556c57173222d99ab57e41c], PUP.Optional.Qone8, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{33BB0A4E-99AF-4226-BDF6-49120163DE86}, Quarantined, [9bb9584bea91fa3cc3d2928039cb7888], PUP.Optional.SupraSavings.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\suprasavings, Quarantined, [fa5a3d66a3d857df152903dd08fad62a], PUP.Optional.ISearch.A, HKLM\SOFTWARE\WOW6432NODE\omiga-plusSoftware, Quarantined, [c98bf0b3136850e67293a976b450ca36], PUP.Optional.WindowsProtectManger.A, HKLM\SOFTWARE\WOW6432NODE\supWindowsProtectManger, Quarantined, [193b8122b5c6979f3b0e418bd72b3ac6], PUP.Optional.BrowserSafeGuard.A, HKLM\SOFTWARE\WOW6432NODE\BROWSERSAFEGUARD, Quarantined, [f1636e354d2ed26415e3ce3e9371ab55], PUP.Optional.Qone8, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{33BB0A4E-99AF-4226-BDF6-49120163DE86}, Quarantined, [85cf6b38cfacd95d2e674bc707fd0af6], PUP.Optional.BrowserSafeGuard.A, HKU\S-1-5-21-556708241-424655353-3447792364-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\BrowserSafeguardInstalled, Quarantined, [ed67950e46354aec86d7814c41c148b8], PUP.Optional.SupraSavings.A, HKU\S-1-5-21-556708241-424655353-3447792364-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\suprasavings, Quarantined, [ed67a102037837ff1ec45b87c33f58a8], PUP.Optional.Qone8, HKU\S-1-5-21-556708241-424655353-3447792364-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{33BB0A4E-99AF-4226-BDF6-49120163DE86}, Quarantined, [ec6803a089f20333355fec26bc48946c], Registry Values: 5 PUP.Optional.RocketTab.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|BrowserSafeguard, "C:\Program Files (x86)\Browsersafeguard\BrowserSafeguard.exe", Quarantined, [6de74f545e1db185719054f6758b8779] PUP.Optional.BrowserSafeGuard.A, HKLM\SOFTWARE\WOW6432NODE\BROWSERSAFEGUARD|sourceid, google_mp3download-songs.com|google_groovestream-display-DE-300x250-mp3download-songs-33339486203, Quarantined, [f1636e354d2ed26415e3ce3e9371ab55] PUP.Optional.FastStart.A, HKLM\SOFTWARE\WOW6432NODE\MOZILLA\FIREFOX\EXTENSIONS|faststartff@gmail.com, C:\Users\fkrohn\AppData\Roaming\Mozilla\Firefox\Profiles\hnzi79s9.default\extensions\faststartff@gmail.com, Quarantined, [5ff5d1d2fd7ee6509e90d056a36131cf] PUP.Optional.WPM.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\WINDOWSPROTECTMANGER|ImagePath, C:\ProgramData\WindowsProtectManger\wprotectmanager.exe -service, Quarantined, [98bc970c3546f5419307e7e8fd05936d] PUP.Optional.FastStart.A, HKU\S-1-5-21-556708241-424655353-3447792364-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MOZILLA\EXTENDS|appid, faststartff@gmail.com, Quarantined, [bd97f5ae2952033383c85577f60c4bb5] Registry Data: 16 PUP.Optional.Skytech.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINDOWS|AppInit_DLLs, C:\PROGRA~2\SupTab\SEARCH~2.DLL, Good: (), Bad: (C:\PROGRA~2\SupTab\SEARCH~2.DLL),Replaced,[a7ad3d66fb80d85e102e5e30ac55f20e] PUP.Optional.Skytech.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINDOWS|AppInit_DLLs, C:\PROGRA~2\SupTab\SEARCH~1.DLL, Good: (), Bad: (C:\PROGRA~2\SupTab\SEARCH~1.DLL),Replaced,[e371376cb1ca43f3ba84266823de6e92] PUP.Optional.ISearch.A, HKLM\SOFTWARE\CLIENTS\STARTMENUINTERNET\IEXPLORE.EXE\SHELL\OPEN\COMMAND, C:\Program Files\Internet Explorer\iexplore.exe hxxp://isearch.omiga-plus.com/?type=sc&ts=1403870062&from=adks&uid=SKXhynixXSH920XmSATAX256GB_EI44N201310404Q30, Good: (iexplore.exe), Bad: (C:\Program Files\Internet Explorer\iexplore.exe hxxp://isearch.omiga-plus.com/?type=sc&ts=1403870062&from=adks&uid=SKXhynixXSH920XmSATAX256GB_EI44N201310404Q30),Replaced,[85cfe0c3225951e5a117703643c1a45c] PUP.Optional.ISearch.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Default_Search_URL, hxxp://isearch.omiga-plus.com/web/?type=ds&ts=1403870062&from=adks&uid=SKXhynixXSH920XmSATAX256GB_EI44N201310404Q30&q={searchTerms}, Good: (www.google.com), Bad: (hxxp://isearch.omiga-plus.com/web/?type=ds&ts=1403870062&from=adks&uid=SKXhynixXSH920XmSATAX256GB_EI44N201310404Q30&q={searchTerms}),Replaced,[3b19c5de641743f3c5f54363df25946c] PUP.Optional.ISearch.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Default_Page_URL, hxxp://isearch.omiga-plus.com/?type=hp&ts=1403870062&from=adks&uid=SKXhynixXSH920XmSATAX256GB_EI44N201310404Q30, Good: (www.google.com), Bad: (hxxp://isearch.omiga-plus.com/?type=hp&ts=1403870062&from=adks&uid=SKXhynixXSH920XmSATAX256GB_EI44N201310404Q30),Replaced,[e074198aa9d2ab8b9029dcca10f4e917] PUP.Optional.ISearch.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Start Page, hxxp://isearch.omiga-plus.com/?type=hp&ts=1403870062&from=adks&uid=SKXhynixXSH920XmSATAX256GB_EI44N201310404Q30, Good: (www.google.com), Bad: (hxxp://isearch.omiga-plus.com/?type=hp&ts=1403870062&from=adks&uid=SKXhynixXSH920XmSATAX256GB_EI44N201310404Q30),Replaced,[44103d667902a98d6d4e7135c73dae52] PUP.Optional.ISearch.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Search Page, hxxp://isearch.omiga-plus.com/web/?type=ds&ts=1403870062&from=adks&uid=SKXhynixXSH920XmSATAX256GB_EI44N201310404Q30&q={searchTerms}, Good: (www.google.com), Bad: (hxxp://isearch.omiga-plus.com/web/?type=ds&ts=1403870062&from=adks&uid=SKXhynixXSH920XmSATAX256GB_EI44N201310404Q30&q={searchTerms}),Replaced,[193b7f247b00b38313abe1c5887c6997] PUP.Optional.Qone8, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES|DefaultScope, {33BB0A4E-99AF-4226-BDF6-49120163DE86}, Good: ({0633EE93-D776-472f-A0FF-E1416B8B2E3A}), Bad: ({33BB0A4E-99AF-4226-BDF6-49120163DE86}),Replaced,[2133c3e0f784171fadba48698e7630d0] PUP.Optional.ISearch.A, HKLM\SOFTWARE\WOW6432NODE\CLIENTS\STARTMENUINTERNET\IEXPLORE.EXE\SHELL\OPEN\COMMAND, C:\Program Files\Internet Explorer\iexplore.exe hxxp://isearch.omiga-plus.com/?type=sc&ts=1403870062&from=adks&uid=SKXhynixXSH920XmSATAX256GB_EI44N201310404Q30, Good: (iexplore.exe), Bad: (C:\Program Files\Internet Explorer\iexplore.exe hxxp://isearch.omiga-plus.com/?type=sc&ts=1403870062&from=adks&uid=SKXhynixXSH920XmSATAX256GB_EI44N201310404Q30),Replaced,[9fb5f1b2b4c7ef476652693d3acaa759] PUP.Optional.ISearch.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\MAIN|Default_Search_URL, hxxp://isearch.omiga-plus.com/web/?type=ds&ts=1403870062&from=adks&uid=SKXhynixXSH920XmSATAX256GB_EI44N201310404Q30&q={searchTerms}, Good: (www.google.com), Bad: (hxxp://isearch.omiga-plus.com/web/?type=ds&ts=1403870062&from=adks&uid=SKXhynixXSH920XmSATAX256GB_EI44N201310404Q30&q={searchTerms}),Replaced,[7adad6cd8af102341aa03e68669e2fd1] PUP.Optional.ISearch.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\MAIN|Default_Page_URL, hxxp://isearch.omiga-plus.com/?type=hp&ts=1403870062&from=adks&uid=SKXhynixXSH920XmSATAX256GB_EI44N201310404Q30, Good: (www.google.com), Bad: (hxxp://isearch.omiga-plus.com/?type=hp&ts=1403870062&from=adks&uid=SKXhynixXSH920XmSATAX256GB_EI44N201310404Q30),Replaced,[cf859013cab1340246734e5846be3dc3] PUP.Optional.ISearch.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\MAIN|Start Page, hxxp://isearch.omiga-plus.com/?type=hp&ts=1403870062&from=adks&uid=SKXhynixXSH920XmSATAX256GB_EI44N201310404Q30, Good: (www.google.com), Bad: (hxxp://isearch.omiga-plus.com/?type=hp&ts=1403870062&from=adks&uid=SKXhynixXSH920XmSATAX256GB_EI44N201310404Q30),Replaced,[d97b2e7594e7cf6757641d89c0440df3] PUP.Optional.ISearch.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\MAIN|Search Page, hxxp://isearch.omiga-plus.com/web/?type=ds&ts=1403870062&from=adks&uid=SKXhynixXSH920XmSATAX256GB_EI44N201310404Q30&q={searchTerms}, Good: (www.google.com), Bad: (hxxp://isearch.omiga-plus.com/web/?type=ds&ts=1403870062&from=adks&uid=SKXhynixXSH920XmSATAX256GB_EI44N201310404Q30&q={searchTerms}),Replaced,[b3a1673cf18add59546a505643c1867a] PUP.Optional.Qone8, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES|DefaultScope, {33BB0A4E-99AF-4226-BDF6-49120163DE86}, Good: ({0633EE93-D776-472f-A0FF-E1416B8B2E3A}), Bad: ({33BB0A4E-99AF-4226-BDF6-49120163DE86}),Replaced,[afa53a695328ac8ac3a4545dde2604fc] PUP.Optional.ISearch.A, HKU\S-1-5-21-556708241-424655353-3447792364-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Start Page, hxxp://isearch.omiga-plus.com/?type=hp&ts=1403870062&from=adks&uid=SKXhynixXSH920XmSATAX256GB_EI44N201310404Q30, Good: (www.google.com), Bad: (hxxp://isearch.omiga-plus.com/?type=hp&ts=1403870062&from=adks&uid=SKXhynixXSH920XmSATAX256GB_EI44N201310404Q30),Replaced,[fb599d0607743006e7cfdacc9371a55b] PUP.Optional.ISearch.A, HKU\S-1-5-21-556708241-424655353-3447792364-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Default_Page_URL, hxxp://isearch.omiga-plus.com/?type=hp&ts=1403870062&from=adks&uid=SKXhynixXSH920XmSATAX256GB_EI44N201310404Q30, Good: (www.google.com), Bad: (hxxp://isearch.omiga-plus.com/?type=hp&ts=1403870062&from=adks&uid=SKXhynixXSH920XmSATAX256GB_EI44N201310404Q30),Replaced,[9cb8a4fffc7f7db9583e3175d03408f8] Folders: 37 PUP.Optional.BrowserSafeGuard.A, C:\Program Files (x86)\Browsersafeguard, Delete-on-Reboot, [db790e957308072ff7ffa567cc386799], PUP.Optional.BrowserSafeGuard.A, C:\Program Files (x86)\Browsersafeguard\Resources, Quarantined, [db790e957308072ff7ffa567cc386799], PUP.Optional.OpenCandy, C:\Users\fkrohn\AppData\Roaming\OpenCandy, Quarantined, [98bcabf82c4f15210bec90167989c937], PUP.Optional.OpenCandy, C:\Users\fkrohn\AppData\Roaming\OpenCandy\10DC4C0CFD5D442FA97A7B8DDC2B3C36, Quarantined, [98bcabf82c4f15210bec90167989c937], PUP.Optional.SupraSavings.A, C:\Program Files\suprasavings, Quarantined, [2430e4bf58236cca5429258982806898], PUP.Optional.IePluginServices.A, C:\ProgramData\IePluginServices, Delete-on-Reboot, [b3a17e253c3f191df2db5a62e81a639d], PUP.Optional.IePluginServices.A, C:\ProgramData\IePluginServices\update, Quarantined, [b3a17e253c3f191df2db5a62e81a639d], PUP.Optional.WPM.A, C:\ProgramData\WindowsProtectManger, Delete-on-Reboot, [ce86f3b03b400d292d475f5e55adb050], PUP.Optional.WPM.A, C:\ProgramData\WindowsProtectManger\log, Quarantined, [ce86f3b03b400d292d475f5e55adb050], PUP.Optional.WPM.A, C:\ProgramData\WindowsProtectManger\update, Quarantined, [ce86f3b03b400d292d475f5e55adb050], PUP.Optional.SystemSpeedup, C:\Users\fkrohn\AppData\Roaming\systweak\ssd, Quarantined, [88ccd5cebfbc68ce39abae1110f2e11f], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab, Delete-on-Reboot, [6aea129126550d29b7b1e9dc19e925db], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web, Quarantined, [6aea129126550d29b7b1e9dc19e925db], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\img, Quarantined, [6aea129126550d29b7b1e9dc19e925db], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\img\weather, Quarantined, [6aea129126550d29b7b1e9dc19e925db], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\js, Quarantined, [6aea129126550d29b7b1e9dc19e925db], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales, Quarantined, [6aea129126550d29b7b1e9dc19e925db], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\en-US, Quarantined, [6aea129126550d29b7b1e9dc19e925db], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\es-419, Quarantined, [6aea129126550d29b7b1e9dc19e925db], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\es-ES, Quarantined, [6aea129126550d29b7b1e9dc19e925db], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\fr-BE, Quarantined, [6aea129126550d29b7b1e9dc19e925db], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\fr-CA, Quarantined, [6aea129126550d29b7b1e9dc19e925db], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\fr-CH, Quarantined, [6aea129126550d29b7b1e9dc19e925db], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\fr-FR, Quarantined, [6aea129126550d29b7b1e9dc19e925db], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\fr-LU, Quarantined, [6aea129126550d29b7b1e9dc19e925db], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\it-CH, Quarantined, [6aea129126550d29b7b1e9dc19e925db], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\it-IT, Quarantined, [6aea129126550d29b7b1e9dc19e925db], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\pl, Quarantined, [6aea129126550d29b7b1e9dc19e925db], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\pt, Quarantined, [6aea129126550d29b7b1e9dc19e925db], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\pt-BR, Quarantined, [6aea129126550d29b7b1e9dc19e925db], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\ru, Quarantined, [6aea129126550d29b7b1e9dc19e925db], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\ru-MO, Quarantined, [6aea129126550d29b7b1e9dc19e925db], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\tr-TR, Quarantined, [6aea129126550d29b7b1e9dc19e925db], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\vi-VI, Quarantined, [6aea129126550d29b7b1e9dc19e925db], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\zh-CN, Quarantined, [6aea129126550d29b7b1e9dc19e925db], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\zh-TW, Quarantined, [6aea129126550d29b7b1e9dc19e925db], PUP.Optional.SupTab.A, C:\Users\fkrohn\AppData\Roaming\SupTab, Quarantined, [f95bfba8bfbc2a0c81e853727e84b14f], Files: 78 PUP.Optional.IePluginService.A, C:\ProgramData\IePluginServices\PluginService.exe, Delete-on-Reboot, [d3810b98f6853204a64ce27c61a04db3], PUP.Optional.Skytech.A, C:\Program Files (x86)\SupTab\DpInterface32.dll, Delete-on-Reboot, [193b8d162b50211574caf8965aa75aa6], PUP.Optional.WPM.A, C:\ProgramData\WindowsProtectManger\wprotectmanager.exe, Delete-on-Reboot, [2a2abde61e5dea4c8268e2af11f0926e], PUP.Optional.RocketTab.A, C:\Program Files (x86)\Browsersafeguard\BrowserSafeguard.exe, Delete-on-Reboot, [6de74f545e1db185719054f6758b8779], PUP.Optional.Skytech.A, C:\Program Files (x86)\SupTab\SearchProtect64.dll, Quarantined, [a7ad3d66fb80d85e102e5e30ac55f20e], PUP.Optional.Skytech.A, C:\Program Files (x86)\SupTab\SearchProtect32.dll, Quarantined, [e371376cb1ca43f3ba84266823de6e92], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\SupTab.dll, Quarantined, [ef65544fa2d953e3358f58068c76f60a], PUP.Optional.BrowserSafeGuard.A, C:\Program Files (x86)\Browsersafeguard\ewebstorewrapper.dll, Quarantined, [db790e957308072ff7ffa567cc386799], PUP.Optional.BrowserSafeGuard.A, C:\Program Files (x86)\Browsersafeguard\config.dat, Quarantined, [db790e957308072ff7ffa567cc386799], PUP.Optional.BrowserSafeGuard.A, C:\Program Files (x86)\Browsersafeguard\makecert.exe, Quarantined, [db790e957308072ff7ffa567cc386799], PUP.Optional.BrowserSafeGuard.A, C:\Program Files (x86)\Browsersafeguard\TrustedRoot.cer, Quarantined, [db790e957308072ff7ffa567cc386799], PUP.Optional.BrowserSafeGuard.A, C:\Program Files (x86)\Browsersafeguard\Resources\certutil.exe, Quarantined, [db790e957308072ff7ffa567cc386799], PUP.Optional.BrowserSafeGuard.A, C:\Program Files (x86)\Browsersafeguard\Resources\libnspr4.dll, Quarantined, [db790e957308072ff7ffa567cc386799], PUP.Optional.BrowserSafeGuard.A, C:\Program Files (x86)\Browsersafeguard\Resources\libplc4.dll, Quarantined, [db790e957308072ff7ffa567cc386799], PUP.Optional.BrowserSafeGuard.A, C:\Program Files (x86)\Browsersafeguard\Resources\libplds4.dll, Quarantined, [db790e957308072ff7ffa567cc386799], PUP.Optional.BrowserSafeGuard.A, C:\Program Files (x86)\Browsersafeguard\Resources\nss3.dll, Quarantined, [db790e957308072ff7ffa567cc386799], PUP.Optional.BrowserSafeGuard.A, C:\Program Files (x86)\Browsersafeguard\Resources\smime3.dll, Quarantined, [db790e957308072ff7ffa567cc386799], PUP.Optional.BrowserSafeGuard.A, C:\Program Files (x86)\Browsersafeguard\Resources\softokn3.dll, Quarantined, [db790e957308072ff7ffa567cc386799], PUP.Optional.OpenCandy, C:\Users\fkrohn\AppData\Roaming\OpenCandy\10DC4C0CFD5D442FA97A7B8DDC2B3C36\zafwSetupWeb_131_211_000.exe, Quarantined, [98bcabf82c4f15210bec90167989c937], PUP.Optional.SupraSavings.A, C:\Program Files\suprasavings\uninstaller.exe, Quarantined, [2430e4bf58236cca5429258982806898], PUP.Optional.IePluginServices.A, C:\ProgramData\IePluginServices\update\conf, Quarantined, [b3a17e253c3f191df2db5a62e81a639d], PUP.Optional.WPM.A, C:\ProgramData\WindowsProtectManger\log\wprotectmanager_2014-06-27[13-54-43-623].log, Quarantined, [ce86f3b03b400d292d475f5e55adb050], PUP.Optional.SystemSpeedup, C:\Users\fkrohn\AppData\Roaming\systweak\ssd\SSDPTstub.exe, Quarantined, [88ccd5cebfbc68ce39abae1110f2e11f], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\DpInterface64.dll, Quarantined, [6aea129126550d29b7b1e9dc19e925db], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\DpInterfacef32.dll, Quarantined, [6aea129126550d29b7b1e9dc19e925db], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\ient.json, Quarantined, [6aea129126550d29b7b1e9dc19e925db], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\install.data, Quarantined, [6aea129126550d29b7b1e9dc19e925db], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\RSHP.exe, Quarantined, [6aea129126550d29b7b1e9dc19e925db], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\SpAPPSv32.dll, Quarantined, [6aea129126550d29b7b1e9dc19e925db], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\SpAPPSv64.dll, Quarantined, [6aea129126550d29b7b1e9dc19e925db], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\uninstall.exe, Quarantined, [6aea129126550d29b7b1e9dc19e925db], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\WebDataJs, Quarantined, [6aea129126550d29b7b1e9dc19e925db], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\data.html, Quarantined, [6aea129126550d29b7b1e9dc19e925db], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\indexIE.html, Quarantined, [6aea129126550d29b7b1e9dc19e925db], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\indexIE8.html, Quarantined, [6aea129126550d29b7b1e9dc19e925db], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\main.css, Quarantined, [6aea129126550d29b7b1e9dc19e925db], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\ver.txt, Quarantined, [6aea129126550d29b7b1e9dc19e925db], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\img\arrow.png, Quarantined, [6aea129126550d29b7b1e9dc19e925db], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\img\default_add_logo.png, Quarantined, [6aea129126550d29b7b1e9dc19e925db], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\img\default_add_logo_hover.png, Quarantined, [6aea129126550d29b7b1e9dc19e925db], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\img\default_logo.png, Quarantined, [6aea129126550d29b7b1e9dc19e925db], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\img\googlelogo.png, Quarantined, [6aea129126550d29b7b1e9dc19e925db], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\img\googlelogo2.png, Quarantined, [6aea129126550d29b7b1e9dc19e925db], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\img\google_trends.png, Quarantined, [6aea129126550d29b7b1e9dc19e925db], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\img\icon128.png, Quarantined, [6aea129126550d29b7b1e9dc19e925db], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\img\icon16.png, Quarantined, [6aea129126550d29b7b1e9dc19e925db], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\img\icon48.png, Quarantined, [6aea129126550d29b7b1e9dc19e925db], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\img\loading.gif, Quarantined, [6aea129126550d29b7b1e9dc19e925db], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\img\logo32.ico, Quarantined, [6aea129126550d29b7b1e9dc19e925db], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\img\weather\0.png, Quarantined, [6aea129126550d29b7b1e9dc19e925db], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\js\common.js, Quarantined, [6aea129126550d29b7b1e9dc19e925db], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\js\ga.js, Quarantined, [6aea129126550d29b7b1e9dc19e925db], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\js\ie8.js, Quarantined, [6aea129126550d29b7b1e9dc19e925db], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\js\jquery-1.11.0.min.js, Quarantined, [6aea129126550d29b7b1e9dc19e925db], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\js\jquery.autocomplete.js, Quarantined, [6aea129126550d29b7b1e9dc19e925db], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\js\js.js, Quarantined, [6aea129126550d29b7b1e9dc19e925db], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\js\library.js, Quarantined, [6aea129126550d29b7b1e9dc19e925db], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\js\xagainit.js, Quarantined, [6aea129126550d29b7b1e9dc19e925db], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\en-US\messages.json, Quarantined, [6aea129126550d29b7b1e9dc19e925db], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\es-419\messages.json, Quarantined, [6aea129126550d29b7b1e9dc19e925db], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\es-ES\messages.json, Quarantined, [6aea129126550d29b7b1e9dc19e925db], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\fr-BE\messages.json, Quarantined, [6aea129126550d29b7b1e9dc19e925db], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\fr-CA\messages.json, Quarantined, [6aea129126550d29b7b1e9dc19e925db], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\fr-CH\messages.json, Quarantined, [6aea129126550d29b7b1e9dc19e925db], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\fr-FR\messages.json, Quarantined, [6aea129126550d29b7b1e9dc19e925db], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\fr-LU\messages.json, Quarantined, [6aea129126550d29b7b1e9dc19e925db], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\it-CH\messages.json, Quarantined, [6aea129126550d29b7b1e9dc19e925db], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\it-IT\messages.json, Quarantined, [6aea129126550d29b7b1e9dc19e925db], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\pl\messages.json, Quarantined, [6aea129126550d29b7b1e9dc19e925db], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\pt\messages.json, Quarantined, [6aea129126550d29b7b1e9dc19e925db], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\pt-BR\messages.json, Quarantined, [6aea129126550d29b7b1e9dc19e925db], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\ru\messages.json, Quarantined, [6aea129126550d29b7b1e9dc19e925db], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\ru-MO\messages.json, Quarantined, [6aea129126550d29b7b1e9dc19e925db], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\tr-TR\messages.json, Quarantined, [6aea129126550d29b7b1e9dc19e925db], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\vi-VI\messages.json, Quarantined, [6aea129126550d29b7b1e9dc19e925db], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\zh-CN\messages.json, Quarantined, [6aea129126550d29b7b1e9dc19e925db], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\zh-TW\messages.json, Quarantined, [6aea129126550d29b7b1e9dc19e925db], PUP.Optional.ISearch.A, C:\Users\fkrohn\AppData\Roaming\Mozilla\Firefox\Profiles\pefkyspb.default-1406209110676\prefs.js, Good: (), Bad: (user_pref("browser.startup.homepage", "hxxp://isearch.omiga-plus.com/?type=hppp&ts=1406211344&from=adks&uid=SKXhynixXSH920XmSATAX256GB_EI44N201310404Q30");), Replaced,[2232505345363ef86eff8e53bb49a759] Physical Sectors: 0 (No malicious items detected) (end) |
|
24.07.2014, 22:29
| #2 |
| /// the machine /// TB-Ausbilder    | Kein Internet-Zugriff nach Adware-Säuberung! hi,
__________________Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop:  FRST 32-Bit | FRST 64-Bit(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
__________________ |
|
24.07.2014, 22:56
| #3 |
| | Kein Internet-Zugriff nach Adware-Säuberung! FRST:
__________________FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 24-07-2014 01 Ran by fkrohn (administrator) on FKROHN-PC on 24-07-2014 23:50:26 Running from C:\Users\fkrohn\Desktop Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: Deutsch (Deutschland) Internet Explorer Version 11 Boot Mode: Normal ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe (Sophos Limited) C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SavService.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Check Point Software Technologies Ltd.) C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe (Microsoft Corporation) C:\Windows\System32\wlanext.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe (Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe (Alps Electric Co., Ltd.) C:\Program Files\DellTPad\Apoint.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Waves Audio Ltd.) C:\Program Files\Realtek\Audio\HDA\WavesSvc64.exe (Intel Corporation) C:\Windows\System32\IPROSetMonitor.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Intel Corporation) C:\Windows\System32\igfxtray.exe (Intel Corporation) C:\Windows\System32\hkcmd.exe (Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe (Intel Corporation) C:\Windows\System32\igfxpers.exe (Intel Corporation) C:\Windows\System32\igfxsrvc.exe (Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe (Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\BleServicesCtrl.exe (Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe (Microsoft Corporation) C:\Windows\System32\rundll32.exe (Global Graphics Software Ltd.) C:\Program Files (x86)\Corel\Corel PDF Fusion\CorelCreatorClient.exe (Nitro PDF Software) C:\Program Files\Common Files\Nitro\Reader\3.0\NitroPDFReaderDriverService3x64.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe (Creative Technology Ltd) C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe (arvato digital services llc) C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe (Elaborate Bytes AG) C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe (Sophos Limited) C:\Program Files (x86)\Sophos\AutoUpdate\ALMon.exe (Check Point Software Technologies Ltd.) C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe (Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe (arvato digital services llc) C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe (Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe (Sophos Limited) C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SAVAdminService.exe (Sophos Limited) C:\Program Files (x86)\Sophos\AutoUpdate\ALsvc.exe (Sophos Limited) C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe (Check Point Software Technologies, Ltd.) C:\Program Files (x86)\CheckPoint\ZoneAlarm\ZAPrivacyService.exe (Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (Global Graphics Software Ltd) C:\Windows\System32\CorelCreatorMessages.exe (Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe (Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe (Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe (Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\btplayerctrl.exe (Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApMsgFwd.exe (Alps Electric Co., Ltd.) C:\Program Files\DellTPad\hidfind.exe (Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApntEx.exe (Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation) C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe (Intel(R) Corporation) C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe (Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (O2Micro International) C:\Windows\System32\drivers\o2flash.exe (SoftThinks SAS) C:\Program Files (x86)\Dell Backup and Recovery\SftService.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [Apoint] => C:\Program Files\DellTPad\Apoint.exe [698712 2013-05-02] (Alps Electric Co., Ltd.) HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7191768 2013-06-28] (Realtek Semiconductor) HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1291848 2013-03-23] (Realtek Semiconductor) HKLM\...\Run: [WavesSvc] => C:\Program Files\Realtek\Audio\HDA\WavesSvc64.exe [114944 2013-04-18] (Waves Audio Ltd.) HKLM\...\Run: [RtHDVBg_PushButton] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1291848 2013-03-23] (Realtek Semiconductor) HKLM\...\Run: [IntelPROSet] => C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe [4791024 2013-08-02] (Intel(R) Corporation) HKLM\...\Run: [BLEServicesCtrl] => C:\Program Files (x86)\Intel\Bluetooth\BleServicesCtrl.exe [184112 2012-09-17] (Intel Corporation) HKLM\...\Run: [BTMTrayAgent] => rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshellex.dll",TrayApp HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIconLaunch.exe [36352 2013-05-29] (Intel Corporation) HKLM\...\Run: [CorelCreatorClient] => C:\Program Files (x86)\Corel\Corel PDF Fusion\CorelCreatorClient.exe [779776 2012-04-25] (Global Graphics Software Ltd.) HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [292848 2013-04-26] (Intel Corporation) HKLM-x32\...\Run: [Dell Webcam Central] => C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe [462974 2011-12-16] (Creative Technology Ltd) HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [926896 2012-09-24] (Adobe Systems Incorporated) HKLM-x32\...\Run: [VirtualCloneDrive] => C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe [88984 2013-03-10] (Elaborate Bytes AG) HKLM-x32\...\Run: [Sophos AutoUpdate Monitor] => C:\Program Files (x86)\Sophos\AutoUpdate\almon.exe [929272 2013-01-11] (Sophos Limited) HKLM-x32\...\Run: [ZoneAlarm] => C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe [137352 2014-04-25] (Check Point Software Technologies Ltd.) Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation) HKU\S-1-5-19\...\RunOnce: [mctadmin] => C:\Windows\System32\mctadmin.exe [97280 2009-07-14] (Microsoft Corporation) HKU\S-1-5-20\...\RunOnce: [mctadmin] => C:\Windows\System32\mctadmin.exe [97280 2009-07-14] (Microsoft Corporation) HKU\S-1-5-21-556708241-424655353-3447792364-1000\...\MountPoints2: {b7dc70b1-fded-11e3-a075-ecf4bb3508b0} - D:\autorun.exe ShellIconOverlayIdentifiers: SkyDrivePro1 (ErrorConflict) -> {8BA85C75-763B-4103-94EB-9470F12FE0F7} => C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation) ShellIconOverlayIdentifiers: SkyDrivePro2 (SyncInProgress) -> {CD55129A-B1A1-438E-A425-CEBC7DC684EE} => C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation) ShellIconOverlayIdentifiers: SkyDrivePro3 (InSync) -> {E768CD3B-BDDC-436D-9C13-E1B39CA257B1} => C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation) ShellIconOverlayIdentifiers: DBARFileBackuped -> {831cebdd-6baf-4432-be76-9e0989c14aef} => C:\Windows\system32\mscoree.dll (Microsoft Corporation) ShellIconOverlayIdentifiers: DBARFileNotBackuped -> {275e4fd7-21ef-45cf-a836-832e5d2cc1b3} => C:\Windows\system32\mscoree.dll (Microsoft Corporation) ShellIconOverlayIdentifiers-x32: SkyDrivePro1 (ErrorConflict) -> {8BA85C75-763B-4103-94EB-9470F12FE0F7} => C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation) ShellIconOverlayIdentifiers-x32: SkyDrivePro2 (SyncInProgress) -> {CD55129A-B1A1-438E-A425-CEBC7DC684EE} => C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation) ShellIconOverlayIdentifiers-x32: SkyDrivePro3 (InSync) -> {E768CD3B-BDDC-436D-9C13-E1B39CA257B1} => C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) ProxyEnable: Internet Explorer proxy is enabled. ProxyServer: http=127.0.0.1:49158;https=127.0.0.1:49158 HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = www.google.com StartMenuInternet: IEXPLORE.EXE - iexplore.exe SearchScopes: HKLM - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKLM - {45F556A8-2D90-4D38-84F4-0D7388B01107} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE11TR&src=IE11TR&pc=DCJB SearchScopes: HKLM-x32 - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKLM-x32 - {45F556A8-2D90-4D38-84F4-0D7388B01107} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE11TR&src=IE11TR&pc=DCJB SearchScopes: HKCU - DefaultScope {45F556A8-2D90-4D38-84F4-0D7388B01107} URL = SearchScopes: HKCU - {45F556A8-2D90-4D38-84F4-0D7388B01107} URL = BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation) BHO: Citavi Picker -> {609D670F-B735-4da7-AC6D-F3BD358E325E} -> C:\Windows\system32\mscoree.dll (Microsoft Corporation) BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation) BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation) BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated) BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation) BHO-x32: Citavi Picker -> {609D670F-B735-4da7-AC6D-F3BD358E325E} -> C:\Windows\SysWOW64\mscoree.dll (Microsoft Corporation) BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation) BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation) Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL (Microsoft Corporation) Winsock: Catalog9 01 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [88128] (Sophos Limited) Winsock: Catalog9 02 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [88128] (Sophos Limited) Winsock: Catalog9 03 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [88128] (Sophos Limited) Winsock: Catalog9 04 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [88128] (Sophos Limited) Winsock: Catalog9 05 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [88128] (Sophos Limited) Winsock: Catalog9 06 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [88128] (Sophos Limited) Winsock: Catalog9 07 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [88128] (Sophos Limited) Winsock: Catalog9 08 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [88128] (Sophos Limited) Winsock: Catalog9 20 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [88128] (Sophos Limited) Winsock: Catalog9-x64 01 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll [132088] (Sophos Limited) Winsock: Catalog9-x64 02 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll [132088] (Sophos Limited) Winsock: Catalog9-x64 03 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll [132088] (Sophos Limited) Winsock: Catalog9-x64 04 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll [132088] (Sophos Limited) Winsock: Catalog9-x64 05 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll [132088] (Sophos Limited) Winsock: Catalog9-x64 06 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll [132088] (Sophos Limited) Winsock: Catalog9-x64 07 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll [132088] (Sophos Limited) Winsock: Catalog9-x64 08 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll [132088] (Sophos Limited) Winsock: Catalog9-x64 20 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll [132088] (Sophos Limited) Tcpip\Parameters: [DhcpNameServer] 192.168.178.1 Tcpip\..\Interfaces\{30316708-162F-4183-8A56-388B2851086F}: [NameServer]132.180.17.1,132.180.17.129 FireFox: ======== FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_14_0_0_145.dll () FF Plugin: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~1\MICROS~1\Office15\NPSPWRAP.DLL (Microsoft Corporation) FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_145.dll () FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation) FF Plugin-x32: @microsoft.com/Lync,version=15.0 - C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll (Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL (Microsoft Corporation) FF Plugin-x32: @nitropdf.com/NitroPDF - C:\Program Files (x86)\Nitro\Reader 3\npnitromozilla.dll (Nitro PDF) FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll (Microsoft Corporation) FF HKLM-x32\...\Firefox\Extensions: [{8AA36F4F-6DC7-4c06-77AF-5035170634FE}] - C:\ProgramData\Swiss Academic Software\Citavi Picker\Firefox FF Extension: Citavi Picker - C:\ProgramData\Swiss Academic Software\Citavi Picker\Firefox [2014-06-27] ==================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R3 CorelCreatorMessages; C:\Windows\system32\CorelCreatorMessages.exe [105984 2012-04-25] (Global Graphics Software Ltd) [File not signed] R2 Dell.PowerManager.Service; C:\Windows\system32\dllhost.exe [9728 2009-07-14] (Microsoft Corporation) R2 Dell.PowerManager.Service; C:\Windows\SysWOW64\dllhost.exe [7168 2009-07-14] (Microsoft Corporation) R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [15344 2013-05-29] (Intel Corporation) R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [747520 2013-08-27] (Intel(R) Corporation) [File not signed] S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [828376 2013-08-27] (Intel(R) Corporation) S3 InvProtectSvc; C:\Program Files (x86)\Invincea\Enterprise\X64\InvProtectSvc64.exe [2947856 2013-07-30] (Invincea, Inc.) R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-11-13] (Intel Corporation) R2 MBAMScheduler; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation) R2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation) S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [273136 2013-08-02] () R2 NitroReaderDriverReadSpool3; C:\Program Files\Common Files\Nitro\Reader\3.0\NitroPDFReaderDriverService3x64.exe [230416 2013-07-26] (Nitro PDF Software) R2 PSI_SVC_2; C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe [277360 2014-04-30] (arvato digital services llc) R2 PSI_SVC_2_x64; c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe [337776 2013-09-13] (arvato digital services llc) R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [223816 2013-01-10] (Realtek Semiconductor) R2 SAVAdminService; C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SAVAdminService.exe [217592 2013-01-11] (Sophos Limited) R2 SAVService; C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SavService.exe [159296 2012-09-21] (Sophos Limited) S3 SboxSvc; C:\Program Files (x86)\Invincea\Enterprise\Sandbox\SboxSvc.exe [124616 2013-07-30] () R2 SftService; C:\Program Files (x86)\Dell Backup and Recovery\SftService.exe [1915920 2013-11-22] (SoftThinks SAS) R2 Sophos AutoUpdate Service; C:\Program Files (x86)\Sophos\AutoUpdate\ALsvc.exe [237048 2013-01-11] (Sophos Limited) R2 swi_service; C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe [2890232 2013-02-04] (Sophos Limited) S2 swi_update_64; C:\ProgramData\Sophos\Web Intelligence\swi_update_64.exe [2010688 2012-11-12] (Sophos Limited) R2 vsmon; C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe [3592120 2014-04-25] (Check Point Software Technologies Ltd.) R2 ZAPrivacyService; C:\Program Files (x86)\CheckPoint\ZoneAlarm\ZAPrivacyService.exe [92176 2014-04-09] (Check Point Software Technologies, Ltd.) R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3378416 2013-08-02] (Intel® Corporation) ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R3 btmaux; C:\Windows\System32\DRIVERS\btmaux.sys [132920 2013-04-23] (Motorola Solutions, Inc.) R3 btmhsf; C:\Windows\System32\DRIVERS\btmhsf.sys [1385272 2013-08-08] (Motorola Solutions, Inc.) R3 e1dexpress; C:\Windows\System32\DRIVERS\e1d62x64.sys [495888 2013-05-07] (Intel Corporation) R0 iaStorF; C:\Windows\System32\drivers\iaStorF.sys [28656 2013-05-20] (Intel Corporation) R3 ibtusb; C:\Windows\System32\DRIVERS\ibtusb.sys [114632 2013-08-28] (Intel Corporation) R3 IntcAzAudAddService; C:\Windows\System32\drivers\RTDVHD64.sys [2161752 2013-06-29] (Realtek Semiconductor Corp.) S3 InvProtectDrv; C:\Program Files (x86)\Invincea\Enterprise\X64\InvProtectDrv64.sys [34824 2013-07-30] () R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-05-12] (Malwarebytes Corporation) R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [122584 2014-07-24] (Malwarebytes Corporation) R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-05-12] (Malwarebytes Corporation) R3 MEIx64; C:\Windows\System32\DRIVERS\TeeDriverx64.sys [99288 2013-11-13] (Intel Corporation) R3 NETwNs64; C:\Windows\System32\DRIVERS\NETwsw02.sys [3584992 2013-08-01] (Intel Corporation) R3 O2FJ2RDR; C:\Windows\System32\DRIVERS\O2FJ2w7x64.sys [185760 2013-05-07] (O2Micro ) R1 SAVOnAccess; C:\Windows\System32\DRIVERS\savonaccess.sys [154952 2012-09-21] (Sophos Limited) S3 SboxDrv; C:\Program Files (x86)\Invincea\Enterprise\Sandbox\SboxDrv.sys [202248 2013-07-30] () S4 SophosBootDriver; C:\Windows\System32\DRIVERS\SophosBootDriver.sys [25608 2012-08-14] (Sophos Plc) R3 ST_Accel; C:\Windows\System32\DRIVERS\ST_Accel.sys [75976 2013-08-06] (STMicroelectronics) R3 usb3Hub; C:\Windows\System32\DRIVERS\usb3Hub.sys [206744 2013-06-21] (Windows (R) Win 7 DDK provider) R1 Vsdatant; C:\Windows\System32\DRIVERS\vsdatant.sys [450968 2014-04-24] (Check Point Software Technologies Ltd.) ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2014-07-24 23:50 - 2014-07-24 23:50 - 00022092 _____ () C:\Users\fkrohn\Desktop\FRST.txt 2014-07-24 23:50 - 2014-07-24 23:50 - 00000000 ____D () C:\FRST 2014-07-24 23:49 - 2014-07-24 23:50 - 02093568 _____ (Farbar) C:\Users\fkrohn\Desktop\FRST64.exe 2014-07-24 16:30 - 2014-07-24 23:48 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2014-07-24 16:30 - 2014-07-24 17:20 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 2014-07-24 16:30 - 2014-07-24 17:20 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 2014-07-24 16:30 - 2014-07-24 16:30 - 00000000 ____D () C:\ProgramData\Malwarebytes 2014-07-24 16:30 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys 2014-07-24 16:30 - 2014-05-12 07:26 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys 2014-07-24 16:30 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys 2014-07-24 16:29 - 2014-07-24 16:30 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\fkrohn\Downloads\mbam-setup-2.0.2.1012.exe 2014-07-24 16:12 - 2014-07-24 16:12 - 00000000 ____D () C:\Users\fkrohn\AppData\Local\BrowserSafeguard 2014-07-24 15:47 - 2014-07-24 15:47 - 00000000 ____D () C:\Users\fkrohn\AppData\Local\Sophos 2014-07-24 15:45 - 2014-07-24 15:45 - 00000000 __SHD () C:\Users\fkrohn\AppData\Local\EmieUserList 2014-07-24 15:45 - 2014-07-24 15:45 - 00000000 __SHD () C:\Users\fkrohn\AppData\Local\EmieSiteList 2014-07-21 16:44 - 2014-07-21 16:44 - 730739540 _____ () C:\Windows\MEMORY.DMP 2014-07-21 16:44 - 2014-07-21 16:44 - 01067744 _____ () C:\Windows\Minidump\072114-6349-01.dmp 2014-07-21 16:44 - 2014-07-21 16:44 - 00000000 ____D () C:\Windows\Minidump 2014-07-17 16:48 - 2014-07-22 16:01 - 00000000 ____D () C:\Users\fkrohn\AppData\Local\CrashDumps 2014-07-17 10:11 - 2014-07-17 10:11 - 00001355 _____ () C:\Users\fkrohn\Desktop\Masterarbeit.lnk 2014-07-16 15:59 - 2014-07-16 15:59 - 00000000 ____D () C:\ProgramData\Protexis 2014-07-16 09:23 - 2014-07-16 09:23 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\Intel Corporation 2014-07-16 09:22 - 2014-07-16 09:22 - 00149336 _____ () C:\Users\Administrator\AppData\Local\GDIPFONTCACHEV1.DAT 2014-07-16 09:22 - 2014-07-16 09:22 - 00001419 _____ () C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk 2014-07-16 09:22 - 2014-07-16 09:22 - 00000020 ___SH () C:\Users\Administrator\ntuser.ini 2014-07-16 09:22 - 2014-07-16 09:22 - 00000000 _SHDL () C:\Users\Administrator\Vorlagen 2014-07-16 09:22 - 2014-07-16 09:22 - 00000000 _SHDL () C:\Users\Administrator\Startmenü 2014-07-16 09:22 - 2014-07-16 09:22 - 00000000 _SHDL () C:\Users\Administrator\Netzwerkumgebung 2014-07-16 09:22 - 2014-07-16 09:22 - 00000000 _SHDL () C:\Users\Administrator\Lokale Einstellungen 2014-07-16 09:22 - 2014-07-16 09:22 - 00000000 _SHDL () C:\Users\Administrator\Eigene Dateien 2014-07-16 09:22 - 2014-07-16 09:22 - 00000000 _SHDL () C:\Users\Administrator\Druckumgebung 2014-07-16 09:22 - 2014-07-16 09:22 - 00000000 _SHDL () C:\Users\Administrator\Documents\Eigene Musik 2014-07-16 09:22 - 2014-07-16 09:22 - 00000000 _SHDL () C:\Users\Administrator\Documents\Eigene Bilder 2014-07-16 09:22 - 2014-07-16 09:22 - 00000000 _SHDL () C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programme 2014-07-16 09:22 - 2014-07-16 09:22 - 00000000 _SHDL () C:\Users\Administrator\AppData\Local\Verlauf 2014-07-16 09:22 - 2014-07-16 09:22 - 00000000 _SHDL () C:\Users\Administrator\AppData\Local\Anwendungsdaten 2014-07-16 09:22 - 2014-07-16 09:22 - 00000000 _SHDL () C:\Users\Administrator\Anwendungsdaten 2014-07-16 09:22 - 2014-07-16 09:22 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\Intel 2014-07-16 09:22 - 2014-07-16 09:22 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\Creative 2014-07-16 09:22 - 2014-07-16 09:22 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\Adobe 2014-07-16 09:22 - 2014-07-16 09:22 - 00000000 ____D () C:\Users\Administrator 2014-07-16 09:22 - 2014-07-07 12:44 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Microsoft Help 2014-07-16 09:22 - 2009-07-14 06:54 - 00000000 ___RD () C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories 2014-07-16 09:22 - 2009-07-14 06:49 - 00000000 ___RD () C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance 2014-07-15 13:47 - 2014-07-15 13:47 - 00000000 ____D () C:\Users\fkrohn\Documents\My Palettes 2014-07-15 13:44 - 2014-07-16 17:23 - 00000000 ____D () C:\Users\fkrohn\Documents\Corel 2014-07-15 11:00 - 2014-07-15 11:00 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Corel PDF Fusion 2014-07-15 10:57 - 2014-07-15 10:57 - 00000563 _____ () C:\Windows\wmsetup.log 2014-07-15 10:57 - 2014-07-15 10:57 - 00000000 ___HD () C:\Windows\msdownld.tmp 2014-07-15 10:57 - 2014-07-15 10:57 - 00000000 ____D () C:\Windows\RegisteredPackages 2014-07-15 10:57 - 2014-07-15 10:57 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media 2014-07-15 10:57 - 2014-07-15 10:57 - 00000000 ____D () C:\ProgramData\InterVideo 2014-07-15 10:56 - 2014-07-15 10:57 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Corel VideoStudio X6 2014-07-15 10:54 - 2014-07-15 10:54 - 00010047 _____ () C:\Windows\DirectX.log 2014-07-15 10:54 - 2010-06-02 04:55 - 00527192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_7.dll 2014-07-15 10:54 - 2010-06-02 04:55 - 00518488 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_7.dll 2014-07-15 10:54 - 2010-06-02 04:55 - 00239960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_7.dll 2014-07-15 10:54 - 2010-06-02 04:55 - 00176984 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_7.dll 2014-07-15 10:54 - 2010-06-02 04:55 - 00077656 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_5.dll 2014-07-15 10:54 - 2010-06-02 04:55 - 00074072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_5.dll 2014-07-15 10:54 - 2010-05-26 11:41 - 02526056 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_43.dll 2014-07-15 10:54 - 2010-05-26 11:41 - 02401112 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_43.dll 2014-07-15 10:54 - 2010-05-26 11:41 - 02106216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_43.dll 2014-07-15 10:54 - 2010-05-26 11:41 - 01998168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_43.dll 2014-07-15 10:54 - 2010-05-26 11:41 - 01907552 _____ (Microsoft Corporation) C:\Windows\system32\d3dcsx_43.dll 2014-07-15 10:54 - 2010-05-26 11:41 - 01868128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dcsx_43.dll 2014-07-15 10:54 - 2010-05-26 11:41 - 00511328 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_43.dll 2014-07-15 10:54 - 2010-05-26 11:41 - 00470880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_43.dll 2014-07-15 10:54 - 2010-05-26 11:41 - 00276832 _____ (Microsoft Corporation) C:\Windows\system32\d3dx11_43.dll 2014-07-15 10:54 - 2010-05-26 11:41 - 00248672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx11_43.dll 2014-07-15 10:54 - 2010-02-04 10:01 - 00530776 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_6.dll 2014-07-15 10:54 - 2010-02-04 10:01 - 00528216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_6.dll 2014-07-15 10:54 - 2010-02-04 10:01 - 00238936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_6.dll 2014-07-15 10:54 - 2010-02-04 10:01 - 00176984 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_6.dll 2014-07-15 10:54 - 2010-02-04 10:01 - 00078680 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_4.dll 2014-07-15 10:54 - 2010-02-04 10:01 - 00074072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_4.dll 2014-07-15 10:54 - 2010-02-04 10:01 - 00024920 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_7.dll 2014-07-15 10:54 - 2010-02-04 10:01 - 00022360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_7.dll 2014-07-15 10:54 - 2009-09-04 17:44 - 00517960 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_5.dll 2014-07-15 10:54 - 2009-09-04 17:44 - 00515416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_5.dll 2014-07-15 10:54 - 2009-09-04 17:44 - 00238936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_5.dll 2014-07-15 10:54 - 2009-09-04 17:44 - 00176968 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_5.dll 2014-07-15 10:54 - 2009-09-04 17:44 - 00073544 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_3.dll 2014-07-15 10:54 - 2009-09-04 17:44 - 00069464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_3.dll 2014-07-15 10:54 - 2009-09-04 17:29 - 05554512 _____ (Microsoft Corporation) C:\Windows\system32\d3dcsx_42.dll 2014-07-15 10:54 - 2009-09-04 17:29 - 05501792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dcsx_42.dll 2014-07-15 10:54 - 2009-09-04 17:29 - 02582888 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_42.dll 2014-07-15 10:54 - 2009-09-04 17:29 - 02475352 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_42.dll 2014-07-15 10:54 - 2009-09-04 17:29 - 01974616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_42.dll 2014-07-15 10:54 - 2009-09-04 17:29 - 01892184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_42.dll 2014-07-15 10:54 - 2009-09-04 17:29 - 00523088 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_42.dll 2014-07-15 10:54 - 2009-09-04 17:29 - 00453456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_42.dll 2014-07-15 10:54 - 2009-09-04 17:29 - 00285024 _____ (Microsoft Corporation) C:\Windows\system32\d3dx11_42.dll 2014-07-15 10:54 - 2009-09-04 17:29 - 00235344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx11_42.dll 2014-07-15 10:54 - 2009-03-16 14:18 - 00521560 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_4.dll 2014-07-15 10:54 - 2009-03-16 14:18 - 00517448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_4.dll 2014-07-15 10:54 - 2009-03-16 14:18 - 00235352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_4.dll 2014-07-15 10:54 - 2009-03-16 14:18 - 00174936 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_4.dll 2014-07-15 10:54 - 2009-03-16 14:18 - 00024920 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_6.dll 2014-07-15 10:54 - 2009-03-16 14:18 - 00022360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_6.dll 2014-07-15 10:54 - 2009-03-09 15:27 - 05425496 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_41.dll 2014-07-15 10:54 - 2009-03-09 15:27 - 04178264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_41.dll 2014-07-15 10:54 - 2009-03-09 15:27 - 02430312 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_41.dll 2014-07-15 10:54 - 2009-03-09 15:27 - 01846632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_41.dll 2014-07-15 10:54 - 2009-03-09 15:27 - 00520544 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_41.dll 2014-07-15 10:54 - 2009-03-09 15:27 - 00453456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_41.dll 2014-07-15 10:54 - 2008-10-27 10:04 - 00518480 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_3.dll 2014-07-15 10:54 - 2008-10-27 10:04 - 00514384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_3.dll 2014-07-15 10:54 - 2008-10-27 10:04 - 00235856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_3.dll 2014-07-15 10:54 - 2008-10-27 10:04 - 00175440 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_3.dll 2014-07-15 10:54 - 2008-10-27 10:04 - 00074576 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_2.dll 2014-07-15 10:54 - 2008-10-27 10:04 - 00070992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_2.dll 2014-07-15 10:54 - 2008-10-27 10:04 - 00025936 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_5.dll 2014-07-15 10:54 - 2008-10-27 10:04 - 00023376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_5.dll 2014-07-15 10:54 - 2008-10-15 06:22 - 05631312 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_40.dll 2014-07-15 10:54 - 2008-10-15 06:22 - 04379984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_40.dll 2014-07-15 10:54 - 2008-10-15 06:22 - 02605920 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_40.dll 2014-07-15 10:54 - 2008-10-15 06:22 - 02036576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_40.dll 2014-07-15 10:54 - 2008-10-15 06:22 - 00519000 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_40.dll 2014-07-15 10:54 - 2008-10-15 06:22 - 00452440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_40.dll 2014-07-15 10:54 - 2008-07-31 10:41 - 00238088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_2.dll 2014-07-15 10:54 - 2008-07-31 10:41 - 00177672 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_2.dll 2014-07-15 10:54 - 2008-07-31 10:41 - 00072200 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_1.dll 2014-07-15 10:54 - 2008-07-31 10:41 - 00068616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_1.dll 2014-07-15 10:54 - 2008-07-31 10:40 - 00513544 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_2.dll 2014-07-15 10:54 - 2008-07-31 10:40 - 00509448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_2.dll 2014-07-15 10:54 - 2008-07-10 11:01 - 00467984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_39.dll 2014-07-15 10:54 - 2008-07-10 11:00 - 04992520 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_39.dll 2014-07-15 10:54 - 2008-07-10 11:00 - 03851784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_39.dll 2014-07-15 10:54 - 2008-07-10 11:00 - 01942552 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_39.dll 2014-07-15 10:54 - 2008-07-10 11:00 - 01493528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_39.dll 2014-07-15 10:54 - 2008-07-10 11:00 - 00540688 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_39.dll 2014-07-15 10:54 - 2008-05-30 14:19 - 00511496 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_1.dll 2014-07-15 10:54 - 2008-05-30 14:19 - 00507400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_1.dll 2014-07-15 10:54 - 2008-05-30 14:18 - 00238088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_1.dll 2014-07-15 10:54 - 2008-05-30 14:18 - 00177672 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_1.dll 2014-07-15 10:54 - 2008-05-30 14:17 - 00068104 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_0.dll 2014-07-15 10:54 - 2008-05-30 14:17 - 00065032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_0.dll 2014-07-15 10:54 - 2008-05-30 14:17 - 00025608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_4.dll 2014-07-15 10:54 - 2008-05-30 14:16 - 00028168 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_4.dll 2014-07-15 10:54 - 2008-05-30 14:11 - 04991496 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_38.dll 2014-07-15 10:54 - 2008-05-30 14:11 - 03850760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_38.dll 2014-07-15 10:54 - 2008-05-30 14:11 - 01941528 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_38.dll 2014-07-15 10:54 - 2008-05-30 14:11 - 01491992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_38.dll 2014-07-15 10:54 - 2008-05-30 14:11 - 00540688 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_38.dll 2014-07-15 10:54 - 2008-05-30 14:11 - 00467984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_38.dll 2014-07-15 10:54 - 2008-03-05 16:04 - 00489480 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_0.dll 2014-07-15 10:54 - 2008-03-05 16:03 - 00479752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_0.dll 2014-07-15 10:54 - 2008-03-05 16:03 - 00238088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_0.dll 2014-07-15 10:54 - 2008-03-05 16:03 - 00177672 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_0.dll 2014-07-15 10:54 - 2008-03-05 16:00 - 00028168 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_3.dll 2014-07-15 10:54 - 2008-03-05 16:00 - 00025608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_3.dll 2014-07-15 10:54 - 2008-03-05 15:56 - 04910088 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_37.dll 2014-07-15 10:54 - 2008-03-05 15:56 - 03786760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_37.dll 2014-07-15 10:54 - 2008-03-05 15:56 - 01860120 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_37.dll 2014-07-15 10:54 - 2008-03-05 15:56 - 01420824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_37.dll 2014-07-15 10:54 - 2008-02-05 23:07 - 00529424 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_37.dll 2014-07-15 10:54 - 2008-02-05 23:07 - 00462864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_37.dll 2014-07-15 10:54 - 2007-10-22 03:40 - 00411656 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_10.dll 2014-07-15 10:54 - 2007-10-22 03:39 - 00267272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_10.dll 2014-07-15 10:54 - 2007-10-22 03:37 - 00021000 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_2.dll 2014-07-15 10:54 - 2007-10-22 03:37 - 00017928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_2.dll 2014-07-15 10:54 - 2007-10-12 15:14 - 05081608 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_36.dll 2014-07-15 10:54 - 2007-10-12 15:14 - 03734536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_36.dll 2014-07-15 10:54 - 2007-10-12 15:14 - 02006552 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_36.dll 2014-07-15 10:54 - 2007-10-12 15:14 - 01374232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_36.dll 2014-07-15 10:54 - 2007-10-02 09:56 - 00508264 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_36.dll 2014-07-15 10:54 - 2007-10-02 09:56 - 00444776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_36.dll 2014-07-15 10:54 - 2007-07-20 00:57 - 00411496 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_9.dll 2014-07-15 10:54 - 2007-07-20 00:57 - 00267112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_9.dll 2014-07-15 10:54 - 2007-07-19 18:14 - 05073256 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_35.dll 2014-07-15 10:54 - 2007-07-19 18:14 - 03727720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_35.dll 2014-07-15 10:54 - 2007-07-19 18:14 - 01985904 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_35.dll 2014-07-15 10:54 - 2007-07-19 18:14 - 01358192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_35.dll 2014-07-15 10:54 - 2007-07-19 18:14 - 00508264 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_35.dll 2014-07-15 10:54 - 2007-07-19 18:14 - 00444776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_35.dll 2014-07-15 10:54 - 2007-06-20 20:49 - 00409960 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_8.dll 2014-07-15 10:54 - 2007-06-20 20:46 - 00266088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_8.dll 2014-07-15 10:54 - 2007-05-16 16:45 - 04496232 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_34.dll 2014-07-15 10:54 - 2007-05-16 16:45 - 03497832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_34.dll 2014-07-15 10:54 - 2007-05-16 16:45 - 01401200 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_34.dll 2014-07-15 10:54 - 2007-05-16 16:45 - 01124720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_34.dll 2014-07-15 10:54 - 2007-05-16 16:45 - 00506728 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_34.dll 2014-07-15 10:54 - 2007-05-16 16:45 - 00443752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_34.dll 2014-07-15 10:54 - 2007-04-04 18:55 - 00403304 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_7.dll 2014-07-15 10:54 - 2007-04-04 18:55 - 00261480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_7.dll 2014-07-15 10:54 - 2007-04-04 18:54 - 00107368 _____ (Microsoft Corporation) C:\Windows\system32\xinput1_3.dll 2014-07-15 10:54 - 2007-04-04 18:53 - 00081768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xinput1_3.dll 2014-07-15 10:54 - 2007-03-15 16:57 - 00506728 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_33.dll 2014-07-15 10:54 - 2007-03-15 16:57 - 00443752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_33.dll 2014-07-15 10:54 - 2007-03-12 16:42 - 04494184 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_33.dll 2014-07-15 10:54 - 2007-03-12 16:42 - 03495784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_33.dll 2014-07-15 10:54 - 2007-03-12 16:42 - 01400176 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_33.dll 2014-07-15 10:54 - 2007-03-12 16:42 - 01123696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_33.dll 2014-07-15 10:54 - 2007-03-05 12:42 - 00017688 _____ (Microsoft Corporation) C:\Windows\system32\x3daudio1_1.dll 2014-07-15 10:54 - 2007-03-05 12:42 - 00015128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\x3daudio1_1.dll 2014-07-15 10:54 - 2007-01-24 15:27 - 00393576 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_6.dll 2014-07-15 10:54 - 2007-01-24 15:27 - 00255848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_6.dll 2014-07-15 10:54 - 2006-12-08 12:02 - 00251672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_5.dll 2014-07-15 10:54 - 2006-12-08 12:00 - 00390424 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_5.dll 2014-07-15 10:54 - 2006-11-29 13:06 - 04398360 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_32.dll 2014-07-15 10:54 - 2006-11-29 13:06 - 03426072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_32.dll 2014-07-15 10:54 - 2006-11-29 13:06 - 00469264 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10.dll 2014-07-15 10:54 - 2006-11-29 13:06 - 00440080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10.dll 2014-07-15 10:54 - 2006-09-28 16:05 - 03977496 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_31.dll 2014-07-15 10:54 - 2006-09-28 16:05 - 02414360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_31.dll 2014-07-15 10:54 - 2006-09-28 16:05 - 00237848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_4.dll 2014-07-15 10:54 - 2006-09-28 16:04 - 00364824 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_4.dll 2014-07-15 10:54 - 2006-07-28 09:31 - 00083736 _____ (Microsoft Corporation) C:\Windows\system32\xinput1_2.dll 2014-07-15 10:54 - 2006-07-28 09:30 - 00363288 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_3.dll 2014-07-15 10:54 - 2006-07-28 09:30 - 00236824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_3.dll 2014-07-15 10:54 - 2006-07-28 09:30 - 00062744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xinput1_2.dll 2014-07-15 10:54 - 2006-05-31 07:24 - 00230168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_2.dll 2014-07-15 10:54 - 2006-05-31 07:22 - 00354072 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_2.dll 2014-07-15 10:54 - 2006-03-31 12:41 - 03927248 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_30.dll 2014-07-15 10:54 - 2006-03-31 12:40 - 02388176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_30.dll 2014-07-15 10:54 - 2006-03-31 12:40 - 00352464 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_1.dll 2014-07-15 10:54 - 2006-03-31 12:39 - 00229584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_1.dll 2014-07-15 10:54 - 2006-03-31 12:39 - 00083664 _____ (Microsoft Corporation) C:\Windows\system32\xinput1_1.dll 2014-07-15 10:54 - 2006-03-31 12:39 - 00062672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xinput1_1.dll 2014-07-15 10:54 - 2006-02-03 08:43 - 03830992 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_29.dll 2014-07-15 10:54 - 2006-02-03 08:43 - 02332368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_29.dll 2014-07-15 10:54 - 2006-02-03 08:42 - 00355536 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_0.dll 2014-07-15 10:54 - 2006-02-03 08:42 - 00230096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_0.dll 2014-07-15 10:54 - 2006-02-03 08:41 - 00016592 _____ (Microsoft Corporation) C:\Windows\system32\x3daudio1_0.dll 2014-07-15 10:54 - 2006-02-03 08:41 - 00014032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\x3daudio1_0.dll 2014-07-15 10:54 - 2005-12-05 18:09 - 03815120 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_28.dll 2014-07-15 10:54 - 2005-12-05 18:09 - 02323664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_28.dll 2014-07-15 10:54 - 2005-07-22 19:59 - 03807440 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_27.dll 2014-07-15 10:54 - 2005-07-22 19:59 - 02319568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_27.dll 2014-07-15 10:54 - 2005-05-26 15:34 - 03767504 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_26.dll 2014-07-15 10:54 - 2005-05-26 15:34 - 02297552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_26.dll 2014-07-15 10:54 - 2005-03-18 17:19 - 03823312 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_25.dll 2014-07-15 10:54 - 2005-03-18 17:19 - 02337488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_25.dll 2014-07-15 10:54 - 2005-02-05 19:45 - 03544272 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_24.dll 2014-07-15 10:54 - 2005-02-05 19:45 - 02222800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_24.dll 2014-07-15 10:51 - 2014-07-15 10:51 - 00000000 ____D () C:\ProgramData\Protexis64 2014-07-15 10:50 - 2014-07-15 10:50 - 00001992 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Corel Painter X3.lnk 2014-07-15 10:46 - 2014-07-15 13:42 - 00000000 ____D () C:\Users\fkrohn\AppData\Roaming\Corel 2014-07-15 10:46 - 2014-07-15 10:46 - 00000000 ____D () C:\Users\fkrohn\Documents\Corel PaintShop Pro 2014-07-15 10:46 - 2014-07-15 10:46 - 00000000 ____D () C:\Users\fkrohn\AppData\Roaming\Ulead Systems 2014-07-15 10:46 - 2014-07-15 10:46 - 00000000 ____D () C:\Users\fkrohn\AppData\Local\Corel PaintShop Pro 2014-07-15 10:44 - 2014-07-15 11:00 - 00000000 ____D () C:\Program Files (x86)\Corel 2014-07-15 10:44 - 2014-07-15 10:45 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Corel PaintShop Pro X6 2014-07-15 10:38 - 2014-07-15 10:38 - 00000000 ____D () C:\Program Files\Common Files\Protexis 2014-07-15 10:38 - 2014-07-15 10:38 - 00000000 ____D () C:\Program Files\Common Files\Corel 2014-07-15 10:37 - 2014-07-17 09:14 - 00000000 ____D () C:\ProgramData\Corel 2014-07-15 10:37 - 2014-07-15 10:48 - 00000000 ____D () C:\Program Files\Corel 2014-07-15 10:37 - 2014-07-15 10:38 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CorelDRAW Graphics Suite X7 (64-bit) 2014-07-15 10:37 - 2014-07-15 10:37 - 00000000 ____D () C:\Users\Public\Documents\Corel 2014-07-14 13:32 - 2014-07-14 13:32 - 00001892 _____ () C:\Users\fkrohn\Desktop\IrfanView Thumbnails.lnk 2014-07-14 13:32 - 2014-07-14 13:32 - 00001000 _____ () C:\Users\fkrohn\Desktop\IrfanView.lnk 2014-07-14 13:32 - 2014-07-14 13:32 - 00000000 ____D () C:\Users\fkrohn\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\IrfanView 2014-07-14 13:32 - 2014-07-14 13:32 - 00000000 ____D () C:\Users\fkrohn\AppData\Roaming\IrfanView 2014-07-14 13:32 - 2014-07-14 13:32 - 00000000 ____D () C:\Program Files (x86)\IrfanView 2014-07-10 13:56 - 2014-06-20 22:14 - 00266424 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll 2014-07-10 13:56 - 2014-06-20 21:39 - 00240824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll 2014-07-10 13:56 - 2014-06-19 03:39 - 23464448 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2014-07-10 13:56 - 2014-06-19 03:06 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2014-07-10 13:56 - 2014-06-19 03:06 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll 2014-07-10 13:56 - 2014-06-19 02:48 - 02768384 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2014-07-10 13:56 - 2014-06-19 02:42 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll 2014-07-10 13:56 - 2014-06-19 02:42 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll 2014-07-10 13:56 - 2014-06-19 02:41 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll 2014-07-10 13:56 - 2014-06-19 02:41 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll 2014-07-10 13:56 - 2014-06-19 02:32 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2014-07-10 13:56 - 2014-06-19 02:31 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll 2014-07-10 13:56 - 2014-06-19 02:26 - 00598016 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2014-07-10 13:56 - 2014-06-19 02:24 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe 2014-07-10 13:56 - 2014-06-19 02:24 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe 2014-07-10 13:56 - 2014-06-19 02:23 - 00752640 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll 2014-07-10 13:56 - 2014-06-19 02:16 - 17276416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2014-07-10 13:56 - 2014-06-19 02:14 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe 2014-07-10 13:56 - 2014-06-19 02:09 - 00452608 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll 2014-07-10 13:56 - 2014-06-19 01:59 - 00038400 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll 2014-07-10 13:56 - 2014-06-19 01:56 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2014-07-10 13:56 - 2014-06-19 01:53 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll 2014-07-10 13:56 - 2014-06-19 01:51 - 05721088 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2014-07-10 13:56 - 2014-06-19 01:50 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2014-07-10 13:56 - 2014-06-19 01:48 - 00292864 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll 2014-07-10 13:56 - 2014-06-19 01:39 - 00608768 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2014-07-10 13:56 - 2014-06-19 01:38 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll 2014-07-10 13:56 - 2014-06-19 01:37 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll 2014-07-10 13:56 - 2014-06-19 01:36 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll 2014-07-10 13:56 - 2014-06-19 01:35 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll 2014-07-10 13:56 - 2014-06-19 01:33 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2014-07-10 13:56 - 2014-06-19 01:32 - 02179072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2014-07-10 13:56 - 2014-06-19 01:28 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2014-07-10 13:56 - 2014-06-19 01:28 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll 2014-07-10 13:56 - 2014-06-19 01:27 - 02040832 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2014-07-10 13:56 - 2014-06-19 01:27 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll 2014-07-10 13:56 - 2014-06-19 01:25 - 00442368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2014-07-10 13:56 - 2014-06-19 01:23 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe 2014-07-10 13:56 - 2014-06-19 01:22 - 00592896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll 2014-07-10 13:56 - 2014-06-19 01:12 - 00367616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll 2014-07-10 13:56 - 2014-06-19 01:06 - 00032256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll 2014-07-10 13:56 - 2014-06-19 01:01 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll 2014-07-10 13:56 - 2014-06-19 00:59 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll 2014-07-10 13:56 - 2014-06-19 00:58 - 02266112 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2014-07-10 13:56 - 2014-06-19 00:58 - 00239616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll 2014-07-10 13:56 - 2014-06-19 00:52 - 04254720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2014-07-10 13:56 - 2014-06-19 00:51 - 13527040 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2014-07-10 13:56 - 2014-06-19 00:49 - 00526336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2014-07-10 13:56 - 2014-06-19 00:46 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll 2014-07-10 13:56 - 2014-06-19 00:45 - 01964544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl 2014-07-10 13:56 - 2014-06-19 00:35 - 11742208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2014-07-10 13:56 - 2014-06-19 00:34 - 01393664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2014-07-10 13:56 - 2014-06-19 00:15 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll 2014-07-10 13:56 - 2014-06-19 00:13 - 01791488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2014-07-10 13:56 - 2014-06-19 00:09 - 01139200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2014-07-10 13:56 - 2014-06-19 00:07 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll 2014-07-10 13:50 - 2014-06-30 04:09 - 00519168 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll 2014-07-10 13:50 - 2014-06-30 04:04 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll 2014-07-10 13:49 - 2014-06-18 04:18 - 00692736 _____ (Microsoft Corporation) C:\Windows\system32\osk.exe 2014-07-10 13:49 - 2014-06-18 03:51 - 00646144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\osk.exe 2014-07-10 13:49 - 2014-06-18 03:10 - 03157504 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys 2014-07-10 13:49 - 2014-06-06 12:10 - 00624128 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll 2014-07-10 13:49 - 2014-06-06 11:44 - 00509440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll 2014-07-10 13:49 - 2014-05-30 08:45 - 00497152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys 2014-07-10 13:48 - 2014-05-30 10:08 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll 2014-07-10 13:48 - 2014-05-30 10:08 - 00340992 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll 2014-07-10 13:48 - 2014-05-30 10:08 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll 2014-07-10 13:48 - 2014-05-30 10:08 - 00307200 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll 2014-07-10 13:48 - 2014-05-30 10:08 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll 2014-07-10 13:48 - 2014-05-30 10:08 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll 2014-07-10 13:48 - 2014-05-30 10:08 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll 2014-07-10 13:48 - 2014-05-30 09:52 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll 2014-07-10 13:48 - 2014-05-30 09:52 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll 2014-07-10 13:48 - 2014-05-30 09:52 - 00247808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll 2014-07-10 13:48 - 2014-05-30 09:52 - 00220160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll 2014-07-10 13:48 - 2014-05-30 09:52 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll 2014-07-10 13:48 - 2014-05-30 09:52 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll 2014-07-10 13:48 - 2014-05-30 09:52 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll 2014-07-10 13:43 - 2014-06-05 16:45 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll 2014-07-10 13:43 - 2014-06-05 16:26 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll 2014-07-10 13:43 - 2014-06-05 16:25 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll 2014-07-08 10:34 - 2014-07-08 10:34 - 00000000 ____D () C:\Users\fkrohn\Documents\OriginLab 2014-07-08 10:34 - 2014-07-08 10:34 - 00000000 ____D () C:\Users\fkrohn\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OriginLab 2014-07-08 10:34 - 2014-07-08 10:34 - 00000000 ____D () C:\Users\fkrohn\AppData\Local\OriginLab 2014-07-08 10:34 - 2014-07-08 10:34 - 00000000 ____D () C:\Users\fkrohn\AppData\Local\CrashRpt 2014-07-08 10:34 - 2014-07-08 10:34 - 00000000 ____D () C:\ProgramData\OriginLab 2014-07-08 10:33 - 2014-07-08 10:33 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OriginLab 2014-07-08 10:32 - 2014-07-08 10:32 - 00000000 ____D () C:\Program Files\OriginLab 2014-07-07 16:21 - 2014-07-07 16:21 - 00000000 ____D () C:\Users\fkrohn\Documents\Benutzerdefinierte Office-Vorlagen 2014-07-07 16:10 - 2014-07-07 16:23 - 00000000 ____D () C:\Users\fkrohn\AppData\Roaming\FreeFileSync 2014-07-07 16:06 - 2014-07-23 16:09 - 00000000 ____D () C:\Users\fkrohn\Documents\Masterarbeit 2014-07-07 14:56 - 2014-07-11 03:03 - 96441528 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe 2014-07-07 14:56 - 2014-07-11 03:03 - 00000000 ____D () C:\Windows\system32\MRT 2014-07-07 14:54 - 2014-07-07 14:54 - 00000000 ____D () C:\ProgramData\Gibraltar 2014-07-07 14:42 - 2014-07-24 10:04 - 00000000 ____D () C:\Users\fkrohn\Documents\Literatur 2014-07-07 14:42 - 2014-07-24 09:50 - 00000000 ____D () C:\Users\fkrohn\Documents\Citavi 4 2014-07-07 14:42 - 2014-07-07 14:54 - 00000000 ____D () C:\Users\fkrohn\AppData\Roaming\Swiss Academic Software 2014-07-07 14:42 - 2014-07-07 14:42 - 00000000 ____D () C:\Users\fkrohn\AppData\Local\Swiss Academic Software 2014-07-07 14:40 - 2014-07-07 14:40 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_User_WpdFs_01_09_00.Wdf 2014-07-07 12:44 - 2014-07-07 12:44 - 00000000 ____D () C:\Users\Default\AppData\Local\Microsoft Help 2014-07-07 12:44 - 2014-07-07 12:44 - 00000000 ____D () C:\Users\Default User\AppData\Local\Microsoft Help 2014-07-07 12:40 - 2014-07-07 12:41 - 00431135 _____ () C:\Windows\system32\Drivers\vsconfig.xml 2014-07-07 12:40 - 2014-07-07 12:40 - 00000762 _____ () C:\Users\Public\Desktop\ZoneAlarm Security.lnk 2014-07-07 12:40 - 2014-07-07 12:40 - 00000000 ____D () C:\Users\fkrohn\AppData\Roaming\Check Point Software Technologies LTD 2014-07-07 12:40 - 2014-07-07 12:40 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Check Point 2014-07-07 12:40 - 2014-07-07 12:40 - 00000000 ____D () C:\Program Files (x86)\Check Point Software Technologies LTD 2014-07-07 12:39 - 2014-07-07 12:40 - 00000000 ____D () C:\Program Files (x86)\CheckPoint 2014-07-07 12:39 - 2014-07-07 12:39 - 00000000 ____D () C:\ProgramData\CheckPoint 2014-07-07 12:38 - 2014-07-07 12:38 - 00001141 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FreeFileSync.lnk 2014-07-07 12:38 - 2014-07-07 12:38 - 00001131 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RealtimeSync.lnk 2014-07-07 12:38 - 2014-07-07 12:38 - 00000000 ____D () C:\Program Files (x86)\FreeFileSync 2014-07-07 12:34 - 2014-07-24 09:34 - 00000000 ____D () C:\Users\fkrohn\AppData\Roaming\Nitro PDF 2014-07-07 12:34 - 2014-07-07 12:34 - 00000000 ____D () C:\Users\fkrohn\AppData\Roaming\JAM Software 2014-07-07 12:34 - 2014-07-07 12:34 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TreeSize Free 2014-07-07 12:34 - 2014-07-07 12:34 - 00000000 ____D () C:\Program Files (x86)\JAM Software 2014-07-07 12:33 - 2014-07-07 12:33 - 00000000 ____D () C:\Users\fkrohn\AppData\Roaming\FileZilla 2014-07-07 12:32 - 2014-07-07 12:32 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FileZilla FTP Client 2014-07-07 12:32 - 2014-07-07 12:32 - 00000000 ____D () C:\Program Files (x86)\FileZilla FTP Client 2014-07-07 12:28 - 2014-07-07 12:28 - 00000000 ____D () C:\Users\fkrohn\AppData\Roaming\TeamViewer 2014-07-07 10:44 - 2014-07-14 18:29 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013 2014-07-07 10:44 - 2014-07-07 10:44 - 00000000 ____D () C:\Program Files\Common Files\DESIGNER 2014-07-07 10:44 - 2014-07-07 10:44 - 00000000 ____D () C:\Program Files (x86)\Microsoft SQL Server 2014-07-07 10:42 - 2014-07-07 10:44 - 00000000 ____D () C:\Program Files\Microsoft SQL Server 2014-07-07 10:42 - 2014-07-07 10:42 - 00000000 ____D () C:\Windows\PCHEALTH 2014-07-07 10:41 - 2014-07-07 10:42 - 00000000 ____D () C:\Program Files\Microsoft Office 2014-07-07 10:41 - 2014-07-07 10:41 - 00000000 ____D () C:\Program Files\Microsoft Analysis Services 2014-07-07 10:41 - 2014-07-07 10:41 - 00000000 ____D () C:\Program Files (x86)\Microsoft Analysis Services 2014-07-07 10:40 - 2014-07-07 10:40 - 00000000 __RHD () C:\MSOCache 2014-07-07 10:23 - 2014-07-24 17:20 - 00000000 ____D () C:\Windows\System32\Tasks\OfficeSoftwareProtectionPlatform 2014-07-07 10:23 - 2014-07-14 18:29 - 00000000 ____D () C:\ProgramData\Microsoft Help 2014-07-07 10:23 - 2014-07-07 10:23 - 00000000 ____D () C:\Users\fkrohn\AppData\Local\Microsoft Help 2014-07-07 10:00 - 2014-07-11 03:20 - 00000000 ___SD () C:\Windows\system32\CompatTel 2014-06-27 14:26 - 2010-02-23 10:16 - 00294912 _____ (Microsoft Corporation) C:\Windows\system32\browserchoice.exe 2014-06-27 14:21 - 2012-07-26 05:08 - 00744448 _____ (Microsoft Corporation) C:\Windows\system32\WUDFx.dll 2014-06-27 14:21 - 2012-07-26 05:08 - 00229888 _____ (Microsoft Corporation) C:\Windows\system32\WUDFHost.exe 2014-06-27 14:21 - 2012-07-26 05:08 - 00194048 _____ (Microsoft Corporation) C:\Windows\system32\WUDFPlatform.dll 2014-06-27 14:21 - 2012-07-26 05:08 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\WUDFSvc.dll 2014-06-27 14:21 - 2012-07-26 05:08 - 00045056 _____ (Microsoft Corporation) C:\Windows\system32\WUDFCoinstaller.dll 2014-06-27 14:21 - 2012-07-26 04:26 - 00198656 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WUDFRd.sys 2014-06-27 14:21 - 2012-07-26 04:26 - 00087040 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WUDFPf.sys 2014-06-27 14:21 - 2012-06-02 16:57 - 00000003 _____ () C:\Windows\system32\Drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf 2014-06-27 14:14 - 2014-06-27 14:14 - 00001610 _____ () C:\Users\fkrohn\Desktop\BTCRR1_PC-PS - Verknüpfung.lnk 2014-06-27 14:12 - 2014-06-27 14:12 - 00000000 ____D () C:\Users\fkrohn\AppData\Local\Macromedia 2014-06-27 14:07 - 2014-06-27 14:07 - 00001951 _____ () C:\Users\Public\Desktop\Citavi 4.lnk 2014-06-27 14:07 - 2014-06-27 14:07 - 00000000 ____D () C:\ProgramData\Swiss Academic Software 2014-06-27 14:07 - 2014-06-27 14:07 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Citavi 4 2014-06-27 14:06 - 2014-06-27 14:07 - 00000000 ____D () C:\Program Files (x86)\Citavi 4 2014-06-27 14:05 - 2014-06-27 14:05 - 00000000 ____D () C:\Users\fkrohn\AppData\Local\Downloaded Installations 2014-06-27 14:04 - 2014-06-27 14:04 - 00000000 ____D () C:\ProgramData\Sophos 2014-06-27 14:04 - 2014-06-27 14:04 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sophos 2014-06-27 14:04 - 2014-06-27 14:04 - 00000000 ____D () C:\Program Files (x86)\Sophos 2014-06-27 14:04 - 2012-09-21 13:13 - 00037440 _____ (Sophos Limited) C:\Windows\system32\sophosboottasks.exe 2014-06-27 14:02 - 2014-06-27 14:02 - 00000000 ____D () C:\Sophos AntiVirus 2014-06-27 14:02 - 2012-09-21 13:13 - 00154952 _____ (Sophos Limited) C:\Windows\system32\Drivers\savonaccess.sys 2014-06-27 14:02 - 2012-08-14 19:07 - 00025608 _____ (Sophos Plc) C:\Windows\system32\Drivers\SophosBootDriver.sys 2014-06-27 14:00 - 2014-06-27 14:00 - 00001107 _____ () C:\Users\Public\Desktop\FastStone Image Viewer.lnk 2014-06-27 14:00 - 2014-06-27 14:00 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FastStone Image Viewer 2014-06-27 14:00 - 2014-06-27 14:00 - 00000000 ____D () C:\Program Files (x86)\FastStone Image Viewer 2014-06-27 13:56 - 2014-07-24 16:37 - 00000000 ____D () C:\Users\fkrohn\AppData\Roaming\systweak 2014-06-27 13:56 - 2013-12-13 17:53 - 00019544 _____ (System Speedup) C:\Windows\system32\roboot64.exe 2014-06-27 13:55 - 2014-06-27 13:55 - 00000000 ____D () C:\Program Files\003 2014-06-27 13:51 - 2014-06-27 13:51 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Elaborate Bytes 2014-06-27 13:51 - 2014-06-27 13:51 - 00000000 ____D () C:\Program Files (x86)\Elaborate Bytes 2014-06-27 13:49 - 2014-06-27 13:49 - 00000000 ____D () C:\Users\fkrohn\AppData\Roaming\Nitro 2014-06-27 13:49 - 2014-06-27 13:49 - 00000000 ____D () C:\Users\fkrohn\AppData\Roaming\FileOpen 2014-06-27 13:49 - 2014-06-27 13:49 - 00000000 ____D () C:\ProgramData\FileOpen 2014-06-27 13:48 - 2014-06-27 13:48 - 00002499 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nitro Reader 3.lnk 2014-06-27 13:48 - 2014-06-27 13:48 - 00002005 _____ () C:\Users\Public\Desktop\Nitro Reader.lnk 2014-06-27 13:48 - 2014-06-27 13:48 - 00000000 ____D () C:\ProgramData\Nitro 2014-06-27 13:48 - 2014-06-27 13:48 - 00000000 ____D () C:\Program Files\Common Files\Nitro 2014-06-27 13:48 - 2014-06-27 13:48 - 00000000 ____D () C:\Program Files (x86)\Nitro 2014-06-27 13:48 - 2013-07-26 06:48 - 00029712 _____ (Nitro PDF Software) C:\Windows\system32\nitrolocalmon2.dll 2014-06-27 13:48 - 2013-07-26 06:48 - 00017936 _____ (Nitro PDF Software) C:\Windows\system32\nitrolocalui2.dll 2014-06-27 13:45 - 2014-06-27 13:45 - 00000000 ____D () C:\Users\fkrohn\AppData\Roaming\Downloaded Installations 2014-06-27 13:42 - 2014-06-27 13:44 - 654123008 _____ () C:\Users\fkrohn\Downloads\SW_DVD5_Office_2013_W32_German_MLF_X18-53910.ISO 2014-06-27 13:37 - 2014-07-24 22:27 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox 2014-06-27 13:37 - 2014-07-24 22:26 - 00000000 ____D () C:\Users\fkrohn\AppData\Roaming\Mozilla 2014-06-27 13:37 - 2014-06-27 13:37 - 00000000 ____D () C:\Users\fkrohn\AppData\Local\Mozilla 2014-06-27 13:37 - 2014-06-27 13:37 - 00000000 ____D () C:\ProgramData\Mozilla 2014-06-27 13:34 - 2014-04-25 04:34 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\usp10.dll 2014-06-27 13:34 - 2014-04-25 04:06 - 00626688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\usp10.dll 2014-06-27 13:34 - 2014-04-12 04:22 - 00155072 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys 2014-06-27 13:34 - 2014-04-12 04:22 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys 2014-06-27 13:34 - 2014-04-12 04:19 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll 2014-06-27 13:34 - 2014-04-12 04:19 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe 2014-06-27 13:34 - 2014-04-12 04:19 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll 2014-06-27 13:34 - 2014-04-12 04:19 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll 2014-06-27 13:34 - 2014-04-05 04:47 - 01903552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys 2014-06-27 13:34 - 2014-04-05 04:47 - 00288192 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\FWPKCLNT.SYS 2014-06-27 13:34 - 2014-03-26 16:44 - 02002432 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll 2014-06-27 13:34 - 2014-03-26 16:44 - 01882112 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll 2014-06-27 13:34 - 2014-03-26 16:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml6r.dll 2014-06-27 13:34 - 2014-03-26 16:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll 2014-06-27 13:34 - 2014-03-26 16:27 - 01389056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll 2014-06-27 13:34 - 2014-03-26 16:27 - 01237504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll 2014-06-27 13:34 - 2014-03-26 16:25 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6r.dll 2014-06-27 13:34 - 2014-03-26 16:25 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll 2014-06-27 13:34 - 2014-03-25 04:43 - 14175744 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll 2014-06-27 13:34 - 2014-03-25 04:09 - 12874240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll 2014-06-27 13:34 - 2014-03-04 11:47 - 05550016 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe 2014-06-27 13:34 - 2014-03-04 11:44 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll 2014-06-27 13:34 - 2014-03-04 11:44 - 00722944 _____ (Microsoft Corporation) C:\Windows\system32\objsel.dll 2014-06-27 13:34 - 2014-03-04 11:44 - 00424960 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll 2014-06-27 13:34 - 2014-03-04 11:44 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll 2014-06-27 13:34 - 2014-03-04 11:44 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll 2014-06-27 13:34 - 2014-03-04 11:44 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\wincredprovider.dll 2014-06-27 13:34 - 2014-03-04 11:44 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll 2014-06-27 13:34 - 2014-03-04 11:44 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll 2014-06-27 13:34 - 2014-03-04 11:43 - 00455168 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe 2014-06-27 13:34 - 2014-03-04 11:43 - 00057344 _____ (Microsoft Corporation) C:\Windows\system32\cngprovider.dll 2014-06-27 13:34 - 2014-03-04 11:43 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\adprovider.dll 2014-06-27 13:34 - 2014-03-04 11:43 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\capiprovider.dll 2014-06-27 13:34 - 2014-03-04 11:43 - 00052736 _____ (Microsoft Corporation) C:\Windows\system32\dpapiprovider.dll 2014-06-27 13:34 - 2014-03-04 11:43 - 00044544 _____ (Microsoft Corporation) C:\Windows\system32\dimsroam.dll 2014-06-27 13:34 - 2014-03-04 11:20 - 03969984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe 2014-06-27 13:34 - 2014-03-04 11:20 - 03914176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe 2014-06-27 13:34 - 2014-03-04 11:17 - 00538112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\objsel.dll 2014-06-27 13:34 - 2014-03-04 11:17 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cngprovider.dll 2014-06-27 13:34 - 2014-03-04 11:17 - 00049664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adprovider.dll 2014-06-27 13:34 - 2014-03-04 11:17 - 00048128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\capiprovider.dll 2014-06-27 13:34 - 2014-03-04 11:17 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dpapiprovider.dll 2014-06-27 13:34 - 2014-03-04 11:17 - 00036864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dimsroam.dll 2014-06-27 13:34 - 2014-03-04 11:17 - 00035328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wincredprovider.dll 2014-06-27 13:34 - 2014-03-04 11:17 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll 2014-06-27 13:34 - 2014-03-04 11:16 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll 2014-06-27 13:34 - 2014-03-04 11:16 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll 2014-06-27 13:34 - 2014-03-04 11:16 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe 2014-06-27 13:34 - 2014-03-04 11:16 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll 2014-06-27 13:34 - 2014-03-04 10:09 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe 2014-06-27 13:34 - 2014-03-04 10:09 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe 2014-06-27 13:34 - 2014-02-04 04:37 - 00027584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Diskdump.sys 2014-06-27 13:34 - 2014-02-04 04:35 - 00274880 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\msiscsi.sys 2014-06-27 13:34 - 2014-02-04 04:35 - 00190912 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\storport.sys 2014-06-27 13:34 - 2014-02-04 04:32 - 01424384 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll 2014-06-27 13:34 - 2014-02-04 04:28 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\iologmsg.dll 2014-06-27 13:34 - 2014-02-04 04:04 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll 2014-06-27 13:34 - 2014-02-04 04:00 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iologmsg.dll 2014-06-27 13:34 - 2014-01-29 04:32 - 00484864 _____ (Microsoft Corporation) C:\Windows\system32\wer.dll 2014-06-27 13:34 - 2014-01-29 04:06 - 00381440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wer.dll 2014-06-27 13:34 - 2014-01-28 04:32 - 00228864 _____ (Microsoft Corporation) C:\Windows\system32\wwansvc.dll 2014-06-27 13:34 - 2014-01-24 04:37 - 01684928 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ntfs.sys 2014-06-27 13:34 - 2013-11-23 20:26 - 00417792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMPhoto.dll 2014-06-27 13:34 - 2013-11-23 19:47 - 00465920 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll 2014-06-27 13:34 - 2013-07-20 12:33 - 00124112 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll 2014-06-27 13:34 - 2013-07-20 12:33 - 00102608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll 2014-06-27 13:34 - 2011-04-09 08:58 - 00142336 _____ (Microsoft Corporation) C:\Windows\system32\poqexec.exe 2014-06-27 13:34 - 2011-04-09 07:56 - 00123904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\poqexec.exe 2014-06-27 13:34 - 2011-02-18 12:51 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\prevhost.exe 2014-06-27 13:34 - 2011-02-18 07:39 - 00031232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\prevhost.exe 2014-06-27 13:29 - 2014-06-27 13:29 - 00000000 ____D () C:\Program Files (x86)\Dell Digital Delivery 2014-06-27 13:28 - 2014-06-27 13:28 - 00000000 ____D () C:\Users\fkrohn\AppData\Roaming\Macromedia 2014-06-27 13:28 - 2012-06-03 00:19 - 02428952 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll 2014-06-27 13:28 - 2012-06-03 00:19 - 00701976 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll 2014-06-27 13:28 - 2012-06-03 00:19 - 00057880 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe 2014-06-27 13:28 - 2012-06-03 00:19 - 00044056 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll 2014-06-27 13:28 - 2012-06-03 00:19 - 00038424 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll 2014-06-27 13:28 - 2012-06-03 00:15 - 02622464 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll 2014-06-27 13:28 - 2012-06-03 00:15 - 00099840 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll 2014-06-27 13:28 - 2012-06-02 15:19 - 00186752 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll 2014-06-27 13:28 - 2012-06-02 15:15 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2014-07-24 23:50 - 2014-07-24 23:50 - 00022092 _____ () C:\Users\fkrohn\Desktop\FRST.txt 2014-07-24 23:50 - 2014-07-24 23:50 - 00000000 ____D () C:\FRST 2014-07-24 23:50 - 2014-07-24 23:49 - 02093568 _____ (Farbar) C:\Users\fkrohn\Desktop\FRST64.exe 2014-07-24 23:50 - 2014-05-15 20:13 - 00000000 ____D () C:\Program Files (x86)\Dell Backup and Recovery 2014-07-24 23:48 - 2014-07-24 16:30 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2014-07-24 23:47 - 2010-11-21 05:47 - 00229714 _____ () C:\Windows\PFRO.log 2014-07-24 23:47 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2014-07-24 23:47 - 2009-07-14 06:51 - 00042155 _____ () C:\Windows\setupact.log 2014-07-24 23:47 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\registration 2014-07-24 23:24 - 2014-05-15 19:54 - 02006269 _____ () C:\Windows\WindowsUpdate.log 2014-07-24 23:23 - 2014-05-15 19:54 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job 2014-07-24 22:50 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\NDF 2014-07-24 22:27 - 2014-06-27 13:37 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox 2014-07-24 22:26 - 2014-06-27 13:37 - 00000000 ____D () C:\Users\fkrohn\AppData\Roaming\Mozilla 2014-07-24 22:18 - 2010-11-21 08:50 - 00715172 _____ () C:\Windows\system32\perfh007.dat 2014-07-24 22:18 - 2010-11-21 08:50 - 00154722 _____ () C:\Windows\system32\perfc007.dat 2014-07-24 22:18 - 2009-07-14 07:13 - 01651686 _____ () C:\Windows\system32\PerfStringBackup.INI 2014-07-24 21:54 - 2009-07-14 06:45 - 00021088 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2014-07-24 21:54 - 2009-07-14 06:45 - 00021088 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2014-07-24 17:57 - 2014-05-15 20:13 - 00000000 ____D () C:\Temp 2014-07-24 17:29 - 2014-06-11 14:24 - 00000000 ____D () C:\Users\fkrohn 2014-07-24 17:20 - 2014-07-24 16:30 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 2014-07-24 17:20 - 2014-07-24 16:30 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 2014-07-24 17:20 - 2014-07-07 10:23 - 00000000 ____D () C:\Windows\System32\Tasks\OfficeSoftwareProtectionPlatform 2014-07-24 17:20 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\Msdtc 2014-07-24 16:38 - 2009-07-14 05:20 - 00000000 __RSD () C:\Windows\Media 2014-07-24 16:37 - 2014-06-27 13:56 - 00000000 ____D () C:\Users\fkrohn\AppData\Roaming\systweak 2014-07-24 16:30 - 2014-07-24 16:30 - 00000000 ____D () C:\ProgramData\Malwarebytes 2014-07-24 16:30 - 2014-07-24 16:29 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\fkrohn\Downloads\mbam-setup-2.0.2.1012.exe 2014-07-24 16:12 - 2014-07-24 16:12 - 00000000 ____D () C:\Users\fkrohn\AppData\Local\BrowserSafeguard 2014-07-24 15:47 - 2014-07-24 15:47 - 00000000 ____D () C:\Users\fkrohn\AppData\Local\Sophos 2014-07-24 15:45 - 2014-07-24 15:45 - 00000000 __SHD () C:\Users\fkrohn\AppData\Local\EmieUserList 2014-07-24 15:45 - 2014-07-24 15:45 - 00000000 __SHD () C:\Users\fkrohn\AppData\Local\EmieSiteList 2014-07-24 15:39 - 2014-06-11 14:26 - 00001423 _____ () C:\Users\fkrohn\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk 2014-07-24 10:04 - 2014-07-07 14:42 - 00000000 ____D () C:\Users\fkrohn\Documents\Literatur 2014-07-24 09:50 - 2014-07-07 14:42 - 00000000 ____D () C:\Users\fkrohn\Documents\Citavi 4 2014-07-24 09:34 - 2014-07-07 12:34 - 00000000 ____D () C:\Users\fkrohn\AppData\Roaming\Nitro PDF 2014-07-23 16:09 - 2014-07-07 16:06 - 00000000 ____D () C:\Users\fkrohn\Documents\Masterarbeit 2014-07-22 16:01 - 2014-07-17 16:48 - 00000000 ____D () C:\Users\fkrohn\AppData\Local\CrashDumps 2014-07-21 16:44 - 2014-07-21 16:44 - 730739540 _____ () C:\Windows\MEMORY.DMP 2014-07-21 16:44 - 2014-07-21 16:44 - 01067744 _____ () C:\Windows\Minidump\072114-6349-01.dmp 2014-07-21 16:44 - 2014-07-21 16:44 - 00000000 ____D () C:\Windows\Minidump 2014-07-17 10:11 - 2014-07-17 10:11 - 00001355 _____ () C:\Users\fkrohn\Desktop\Masterarbeit.lnk 2014-07-17 09:14 - 2014-07-15 10:37 - 00000000 ____D () C:\ProgramData\Corel 2014-07-16 17:23 - 2014-07-15 13:44 - 00000000 ____D () C:\Users\fkrohn\Documents\Corel 2014-07-16 15:59 - 2014-07-16 15:59 - 00000000 ____D () C:\ProgramData\Protexis 2014-07-16 09:23 - 2014-07-16 09:23 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\Intel Corporation 2014-07-16 09:22 - 2014-07-16 09:22 - 00149336 _____ () C:\Users\Administrator\AppData\Local\GDIPFONTCACHEV1.DAT 2014-07-16 09:22 - 2014-07-16 09:22 - 00001419 _____ () C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk 2014-07-16 09:22 - 2014-07-16 09:22 - 00000020 ___SH () C:\Users\Administrator\ntuser.ini 2014-07-16 09:22 - 2014-07-16 09:22 - 00000000 _SHDL () C:\Users\Administrator\Vorlagen 2014-07-16 09:22 - 2014-07-16 09:22 - 00000000 _SHDL () C:\Users\Administrator\Startmenü 2014-07-16 09:22 - 2014-07-16 09:22 - 00000000 _SHDL () C:\Users\Administrator\Netzwerkumgebung 2014-07-16 09:22 - 2014-07-16 09:22 - 00000000 _SHDL () C:\Users\Administrator\Lokale Einstellungen 2014-07-16 09:22 - 2014-07-16 09:22 - 00000000 _SHDL () C:\Users\Administrator\Eigene Dateien 2014-07-16 09:22 - 2014-07-16 09:22 - 00000000 _SHDL () C:\Users\Administrator\Druckumgebung 2014-07-16 09:22 - 2014-07-16 09:22 - 00000000 _SHDL () C:\Users\Administrator\Documents\Eigene Musik 2014-07-16 09:22 - 2014-07-16 09:22 - 00000000 _SHDL () C:\Users\Administrator\Documents\Eigene Bilder 2014-07-16 09:22 - 2014-07-16 09:22 - 00000000 _SHDL () C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programme 2014-07-16 09:22 - 2014-07-16 09:22 - 00000000 _SHDL () C:\Users\Administrator\AppData\Local\Verlauf 2014-07-16 09:22 - 2014-07-16 09:22 - 00000000 _SHDL () C:\Users\Administrator\AppData\Local\Anwendungsdaten 2014-07-16 09:22 - 2014-07-16 09:22 - 00000000 _SHDL () C:\Users\Administrator\Anwendungsdaten 2014-07-16 09:22 - 2014-07-16 09:22 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\Intel 2014-07-16 09:22 - 2014-07-16 09:22 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\Creative 2014-07-16 09:22 - 2014-07-16 09:22 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\Adobe 2014-07-16 09:22 - 2014-07-16 09:22 - 00000000 ____D () C:\Users\Administrator 2014-07-16 09:22 - 2009-07-14 06:57 - 00001547 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk 2014-07-15 15:32 - 2009-07-14 06:45 - 00539976 _____ () C:\Windows\system32\FNTCACHE.DAT 2014-07-15 13:47 - 2014-07-15 13:47 - 00000000 ____D () C:\Users\fkrohn\Documents\My Palettes 2014-07-15 13:42 - 2014-07-15 10:46 - 00000000 ____D () C:\Users\fkrohn\AppData\Roaming\Corel 2014-07-15 13:41 - 2014-06-11 14:27 - 00149336 _____ () C:\Users\fkrohn\AppData\Local\GDIPFONTCACHEV1.DAT 2014-07-15 11:00 - 2014-07-15 11:00 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Corel PDF Fusion 2014-07-15 11:00 - 2014-07-15 10:44 - 00000000 ____D () C:\Program Files (x86)\Corel 2014-07-15 10:57 - 2014-07-15 10:57 - 00000563 _____ () C:\Windows\wmsetup.log 2014-07-15 10:57 - 2014-07-15 10:57 - 00000000 ___HD () C:\Windows\msdownld.tmp 2014-07-15 10:57 - 2014-07-15 10:57 - 00000000 ____D () C:\Windows\RegisteredPackages 2014-07-15 10:57 - 2014-07-15 10:57 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media 2014-07-15 10:57 - 2014-07-15 10:57 - 00000000 ____D () C:\ProgramData\InterVideo 2014-07-15 10:57 - 2014-07-15 10:56 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Corel VideoStudio X6 2014-07-15 10:57 - 2014-05-15 19:56 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information 2014-07-15 10:54 - 2014-07-15 10:54 - 00010047 _____ () C:\Windows\DirectX.log 2014-07-15 10:51 - 2014-07-15 10:51 - 00000000 ____D () C:\ProgramData\Protexis64 2014-07-15 10:50 - 2014-07-15 10:50 - 00001992 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Corel Painter X3.lnk 2014-07-15 10:48 - 2014-07-15 10:37 - 00000000 ____D () C:\Program Files\Corel 2014-07-15 10:46 - 2014-07-15 10:46 - 00000000 ____D () C:\Users\fkrohn\Documents\Corel PaintShop Pro 2014-07-15 10:46 - 2014-07-15 10:46 - 00000000 ____D () C:\Users\fkrohn\AppData\Roaming\Ulead Systems 2014-07-15 10:46 - 2014-07-15 10:46 - 00000000 ____D () C:\Users\fkrohn\AppData\Local\Corel PaintShop Pro 2014-07-15 10:45 - 2014-07-15 10:44 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Corel PaintShop Pro X6 2014-07-15 10:39 - 2014-05-15 20:02 - 00000000 ____D () C:\ProgramData\Package Cache 2014-07-15 10:39 - 2009-07-14 05:20 - 00000000 ____D () C:\Program Files\Common Files\Microsoft Shared 2014-07-15 10:38 - 2014-07-15 10:38 - 00000000 ____D () C:\Program Files\Common Files\Protexis 2014-07-15 10:38 - 2014-07-15 10:38 - 00000000 ____D () C:\Program Files\Common Files\Corel 2014-07-15 10:38 - 2014-07-15 10:37 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CorelDRAW Graphics Suite X7 (64-bit) 2014-07-15 10:37 - 2014-07-15 10:37 - 00000000 ____D () C:\Users\Public\Documents\Corel 2014-07-14 18:29 - 2014-07-07 10:44 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013 2014-07-14 18:29 - 2014-07-07 10:23 - 00000000 ____D () C:\ProgramData\Microsoft Help 2014-07-14 13:55 - 2014-06-11 14:26 - 00000000 ____D () C:\Users\fkrohn\AppData\Local\VirtualStore 2014-07-14 13:32 - 2014-07-14 13:32 - 00001892 _____ () C:\Users\fkrohn\Desktop\IrfanView Thumbnails.lnk 2014-07-14 13:32 - 2014-07-14 13:32 - 00001000 _____ () C:\Users\fkrohn\Desktop\IrfanView.lnk 2014-07-14 13:32 - 2014-07-14 13:32 - 00000000 ____D () C:\Users\fkrohn\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\IrfanView 2014-07-14 13:32 - 2014-07-14 13:32 - 00000000 ____D () C:\Users\fkrohn\AppData\Roaming\IrfanView 2014-07-14 13:32 - 2014-07-14 13:32 - 00000000 ____D () C:\Program Files (x86)\IrfanView 2014-07-11 03:20 - 2014-07-07 10:00 - 00000000 ___SD () C:\Windows\system32\CompatTel 2014-07-11 03:20 - 2010-11-21 09:01 - 00000000 ____D () C:\Program Files\Windows Journal 2014-07-11 03:20 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\SysWOW64\Dism 2014-07-11 03:20 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\Dism 2014-07-11 03:03 - 2014-07-07 14:56 - 96441528 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe 2014-07-11 03:03 - 2014-07-07 14:56 - 00000000 ____D () C:\Windows\system32\MRT 2014-07-10 15:10 - 2014-05-15 19:54 - 00699056 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2014-07-10 15:10 - 2014-05-15 19:54 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2014-07-10 15:10 - 2014-05-15 19:54 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater 2014-07-08 10:34 - 2014-07-08 10:34 - 00000000 ____D () C:\Users\fkrohn\Documents\OriginLab 2014-07-08 10:34 - 2014-07-08 10:34 - 00000000 ____D () C:\Users\fkrohn\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OriginLab 2014-07-08 10:34 - 2014-07-08 10:34 - 00000000 ____D () C:\Users\fkrohn\AppData\Local\OriginLab 2014-07-08 10:34 - 2014-07-08 10:34 - 00000000 ____D () C:\Users\fkrohn\AppData\Local\CrashRpt 2014-07-08 10:34 - 2014-07-08 10:34 - 00000000 ____D () C:\ProgramData\OriginLab 2014-07-08 10:33 - 2014-07-08 10:33 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OriginLab 2014-07-08 10:32 - 2014-07-08 10:32 - 00000000 ____D () C:\Program Files\OriginLab 2014-07-07 16:23 - 2014-07-07 16:10 - 00000000 ____D () C:\Users\fkrohn\AppData\Roaming\FreeFileSync 2014-07-07 16:21 - 2014-07-07 16:21 - 00000000 ____D () C:\Users\fkrohn\Documents\Benutzerdefinierte Office-Vorlagen 2014-07-07 14:54 - 2014-07-07 14:54 - 00000000 ____D () C:\ProgramData\Gibraltar 2014-07-07 14:54 - 2014-07-07 14:42 - 00000000 ____D () C:\Users\fkrohn\AppData\Roaming\Swiss Academic Software 2014-07-07 14:42 - 2014-07-07 14:42 - 00000000 ____D () C:\Users\fkrohn\AppData\Local\Swiss Academic Software 2014-07-07 14:40 - 2014-07-07 14:40 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_User_WpdFs_01_09_00.Wdf 2014-07-07 13:00 - 2009-07-14 05:20 - 00000000 ____D () C:\Program Files\Common Files\System 2014-07-07 13:00 - 2009-07-14 04:34 - 00000478 _____ () C:\Windows\win.ini 2014-07-07 12:48 - 2011-02-11 19:45 - 01625966 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI 2014-07-07 12:44 - 2014-07-16 09:22 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Microsoft Help 2014-07-07 12:44 - 2014-07-07 12:44 - 00000000 ____D () C:\Users\Default\AppData\Local\Microsoft Help 2014-07-07 12:44 - 2014-07-07 12:44 - 00000000 ____D () C:\Users\Default User\AppData\Local\Microsoft Help 2014-07-07 12:41 - 2014-07-07 12:40 - 00431135 _____ () C:\Windows\system32\Drivers\vsconfig.xml 2014-07-07 12:40 - 2014-07-07 12:40 - 00000762 _____ () C:\Users\Public\Desktop\ZoneAlarm Security.lnk 2014-07-07 12:40 - 2014-07-07 12:40 - 00000000 ____D () C:\Users\fkrohn\AppData\Roaming\Check Point Software Technologies LTD 2014-07-07 12:40 - 2014-07-07 12:40 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Check Point 2014-07-07 12:40 - 2014-07-07 12:40 - 00000000 ____D () C:\Program Files (x86)\Check Point Software Technologies LTD 2014-07-07 12:40 - 2014-07-07 12:39 - 00000000 ____D () C:\Program Files (x86)\CheckPoint 2014-07-07 12:39 - 2014-07-07 12:39 - 00000000 ____D () C:\ProgramData\CheckPoint 2014-07-07 12:38 - 2014-07-07 12:38 - 00001141 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FreeFileSync.lnk 2014-07-07 12:38 - 2014-07-07 12:38 - 00001131 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RealtimeSync.lnk 2014-07-07 12:38 - 2014-07-07 12:38 - 00000000 ____D () C:\Program Files (x86)\FreeFileSync 2014-07-07 12:34 - 2014-07-07 12:34 - 00000000 ____D () C:\Users\fkrohn\AppData\Roaming\JAM Software 2014-07-07 12:34 - 2014-07-07 12:34 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TreeSize Free 2014-07-07 12:34 - 2014-07-07 12:34 - 00000000 ____D () C:\Program Files (x86)\JAM Software 2014-07-07 12:33 - 2014-07-07 12:33 - 00000000 ____D () C:\Users\fkrohn\AppData\Roaming\FileZilla 2014-07-07 12:32 - 2014-07-07 12:32 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FileZilla FTP Client 2014-07-07 12:32 - 2014-07-07 12:32 - 00000000 ____D () C:\Program Files (x86)\FileZilla FTP Client 2014-07-07 12:28 - 2014-07-07 12:28 - 00000000 ____D () C:\Users\fkrohn\AppData\Roaming\TeamViewer 2014-07-07 10:44 - 2014-07-07 10:44 - 00000000 ____D () C:\Program Files\Common Files\DESIGNER 2014-07-07 10:44 - 2014-07-07 10:44 - 00000000 ____D () C:\Program Files (x86)\Microsoft SQL Server 2014-07-07 10:44 - 2014-07-07 10:42 - 00000000 ____D () C:\Program Files\Microsoft SQL Server 2014-07-07 10:44 - 2010-11-21 09:00 - 00000000 ____D () C:\Windows\ShellNew 2014-07-07 10:42 - 2014-07-07 10:42 - 00000000 ____D () C:\Windows\PCHEALTH 2014-07-07 10:42 - 2014-07-07 10:41 - 00000000 ____D () C:\Program Files\Microsoft Office 2014-07-07 10:41 - 2014-07-07 10:41 - 00000000 ____D () C:\Program Files\Microsoft Analysis Services 2014-07-07 10:41 - 2014-07-07 10:41 - 00000000 ____D () C:\Program Files (x86)\Microsoft Analysis Services 2014-07-07 10:40 - 2014-07-07 10:40 - 00000000 __RHD () C:\MSOCache 2014-07-07 10:34 - 2014-05-15 20:11 - 00000000 ____D () C:\Program Files (x86)\Microsoft Office 2014-07-07 10:23 - 2014-07-07 10:23 - 00000000 ____D () C:\Users\fkrohn\AppData\Local\Microsoft Help 2014-07-07 10:00 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\PolicyDefinitions 2014-06-30 04:09 - 2014-07-10 13:50 - 00519168 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll 2014-06-30 04:04 - 2014-07-10 13:50 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll 2014-06-27 14:14 - 2014-06-27 14:14 - 00001610 _____ () C:\Users\fkrohn\Desktop\BTCRR1_PC-PS - Verknüpfung.lnk 2014-06-27 14:12 - 2014-06-27 14:12 - 00000000 ____D () C:\Users\fkrohn\AppData\Local\Macromedia 2014-06-27 14:07 - 2014-06-27 14:07 - 00001951 _____ () C:\Users\Public\Desktop\Citavi 4.lnk 2014-06-27 14:07 - 2014-06-27 14:07 - 00000000 ____D () C:\ProgramData\Swiss Academic Software 2014-06-27 14:07 - 2014-06-27 14:07 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Citavi 4 2014-06-27 14:07 - 2014-06-27 14:06 - 00000000 ____D () C:\Program Files (x86)\Citavi 4 2014-06-27 14:05 - 2014-06-27 14:05 - 00000000 ____D () C:\Users\fkrohn\AppData\Local\Downloaded Installations 2014-06-27 14:04 - 2014-06-27 14:04 - 00000000 ____D () C:\ProgramData\Sophos 2014-06-27 14:04 - 2014-06-27 14:04 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sophos 2014-06-27 14:04 - 2014-06-27 14:04 - 00000000 ____D () C:\Program Files (x86)\Sophos 2014-06-27 14:02 - 2014-06-27 14:02 - 00000000 ____D () C:\Sophos AntiVirus 2014-06-27 14:00 - 2014-06-27 14:00 - 00001107 _____ () C:\Users\Public\Desktop\FastStone Image Viewer.lnk 2014-06-27 14:00 - 2014-06-27 14:00 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FastStone Image Viewer 2014-06-27 14:00 - 2014-06-27 14:00 - 00000000 ____D () C:\Program Files (x86)\FastStone Image Viewer 2014-06-27 13:55 - 2014-06-27 13:55 - 00000000 ____D () C:\Program Files\003 2014-06-27 13:51 - 2014-06-27 13:51 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Elaborate Bytes 2014-06-27 13:51 - 2014-06-27 13:51 - 00000000 ____D () C:\Program Files (x86)\Elaborate Bytes 2014-06-27 13:49 - 2014-06-27 13:49 - 00000000 ____D () C:\Users\fkrohn\AppData\Roaming\Nitro 2014-06-27 13:49 - 2014-06-27 13:49 - 00000000 ____D () C:\Users\fkrohn\AppData\Roaming\FileOpen 2014-06-27 13:49 - 2014-06-27 13:49 - 00000000 ____D () C:\ProgramData\FileOpen 2014-06-27 13:48 - 2014-06-27 13:48 - 00002499 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nitro Reader 3.lnk 2014-06-27 13:48 - 2014-06-27 13:48 - 00002005 _____ () C:\Users\Public\Desktop\Nitro Reader.lnk 2014-06-27 13:48 - 2014-06-27 13:48 - 00000000 ____D () C:\ProgramData\Nitro 2014-06-27 13:48 - 2014-06-27 13:48 - 00000000 ____D () C:\Program Files\Common Files\Nitro 2014-06-27 13:48 - 2014-06-27 13:48 - 00000000 ____D () C:\Program Files (x86)\Nitro 2014-06-27 13:45 - 2014-06-27 13:45 - 00000000 ____D () C:\Users\fkrohn\AppData\Roaming\Downloaded Installations 2014-06-27 13:44 - 2014-06-27 13:42 - 654123008 _____ () C:\Users\fkrohn\Downloads\SW_DVD5_Office_2013_W32_German_MLF_X18-53910.ISO 2014-06-27 13:37 - 2014-06-27 13:37 - 00000000 ____D () C:\Users\fkrohn\AppData\Local\Mozilla 2014-06-27 13:37 - 2014-06-27 13:37 - 00000000 ____D () C:\ProgramData\Mozilla 2014-06-27 13:29 - 2014-06-27 13:29 - 00000000 ____D () C:\Program Files (x86)\Dell Digital Delivery 2014-06-27 13:29 - 2014-05-15 20:00 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dell 2014-06-27 13:28 - 2014-06-27 13:28 - 00000000 ____D () C:\Users\fkrohn\AppData\Roaming\Macromedia Some content of TEMP: ==================== C:\Users\fkrohn\AppData\Local\Temp\nitro_reader3_64.exe C:\Users\fkrohn\AppData\Local\Temp\ose00000.exe C:\Users\fkrohn\AppData\Local\Temp\ose00001.exe C:\Users\fkrohn\AppData\Local\Temp\ose00002.exe C:\Users\fkrohn\AppData\Local\Temp\System.Data.SQLite.dll C:\Users\fkrohn\AppData\Local\Temp\System.Data.SQLite10319.dll C:\Users\fkrohn\AppData\Local\Temp\System.Data.SQLite10321.dll C:\Users\fkrohn\AppData\Local\Temp\System.Data.SQLite10466.dll C:\Users\fkrohn\AppData\Local\Temp\System.Data.SQLite20604.dll C:\Users\fkrohn\AppData\Local\Temp\System.Data.SQLite29419.dll C:\Users\fkrohn\AppData\Local\Temp\System.Data.SQLite34044.dll C:\Users\fkrohn\AppData\Local\Temp\System.Data.SQLite35530.dll C:\Users\fkrohn\AppData\Local\Temp\System.Data.SQLite39944.dll C:\Users\fkrohn\AppData\Local\Temp\System.Data.SQLite43475.dll C:\Users\fkrohn\AppData\Local\Temp\System.Data.SQLite45246.dll C:\Users\fkrohn\AppData\Local\Temp\System.Data.SQLite46690.dll C:\Users\fkrohn\AppData\Local\Temp\System.Data.SQLite52704.dll C:\Users\fkrohn\AppData\Local\Temp\System.Data.SQLite56321.dll C:\Users\fkrohn\AppData\Local\Temp\System.Data.SQLite56574.dll C:\Users\fkrohn\AppData\Local\Temp\System.Data.SQLite59517.dll C:\Users\fkrohn\AppData\Local\Temp\System.Data.SQLite64111.dll C:\Users\fkrohn\AppData\Local\Temp\System.Data.SQLite67525.dll C:\Users\fkrohn\AppData\Local\Temp\System.Data.SQLite78779.dll C:\Users\fkrohn\AppData\Local\Temp\System.Data.SQLite79382.dll C:\Users\fkrohn\AppData\Local\Temp\System.Data.SQLite80182.dll C:\Users\fkrohn\AppData\Local\Temp\System.Data.SQLite82417.dll C:\Users\fkrohn\AppData\Local\Temp\System.Data.SQLite85872.dll C:\Users\fkrohn\AppData\Local\Temp\System.Data.SQLite88019.dll C:\Users\fkrohn\AppData\Local\Temp\System.Data.SQLite89505.dll C:\Users\fkrohn\AppData\Local\Temp\System.Data.SQLite89802.dll C:\Users\fkrohn\AppData\Local\Temp\System.Data.SQLite90516.dll ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe => File is digitally signed C:\Windows\System32\wininit.exe => File is digitally signed C:\Windows\SysWOW64\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\System32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\System32\services.exe => File is digitally signed C:\Windows\System32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\System32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\System32\rpcss.dll => File is digitally signed C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2014-07-24 22:15 ==================== End Of Log ============================ |
|
25.07.2014, 09:30
| #4 |
| | Kein Internet-Zugriff nach Adware-Säuberung! Addition: Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 24-07-2014 01
Ran by fkrohn at 2014-07-24 23:50:51
Running from C:\Users\fkrohn\Desktop
Boot Mode: Normal
==========================================================
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Sophos Anti-Virus (Enabled - Out of date) {65FBD860-96D8-75EF-C7ED-7BE27E6C498A}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Sophos Anti-Virus (Enabled - Out of date) {DE9A3984-B0E2-7A61-FD5D-409005EB0337}
FW: ZoneAlarm Free Firewall Firewall (Enabled) {E6380B7E-D4B2-19F1-083E-56486607704B}
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
Adobe Flash Player 14 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 14.0.0.145 - Adobe Systems Incorporated)
Adobe Flash Player 14 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 14.0.0.145 - Adobe Systems Incorporated)
Adobe Reader XI MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-AB0000000001}) (Version: 11.0.00 - Adobe Systems Incorporated)
CGS17_Setup_x64 (Version: 17.0 - Corel Corporation) Hidden
Citavi 4 (HKLM-x32\...\{CC0A85B2-734A-45B3-B678-05F6A6499AC7}) (Version: 4.3.0.15 - Swiss Academic Software)
Contents (x32 Version: 16.0.1.43 - Corel Corporation) Hidden
Corel Graphics - Windows Shell Extension (HKLM\...\_{4AB916EE-ABA8-4079-9889-745798B6D809}) (Version: 17.0.0.491 - Corel Corporation)
Corel Graphics - Windows Shell Extension (Version: 17.0.491 - Corel Corporation) Hidden
Corel Graphics - Windows Shell Extension 32 Bit (Version: 17.0.491 - Corel Corporation) Hidden
Corel Painter 13 - IPM (Version: 13.1 - Corel Corporation) Hidden
Corel Painter 13 - IPM Content (Version: 13.1 - Corel Corporation) Hidden
Corel Painter X3 (HKLM\...\_{EF449371-6B69-49C8-B789-76A0B0E3446B}) (Version: 13.0.1.920 - Corel Corporation)
Corel PaintShop Pro X6 (HKLM-x32\...\_{166D1CB6-DD8A-40DD-9E25-4D31D2D6DE4D}) (Version: 16.1.0.48 - Corel Corporation)
Corel PaintShop Pro X6 (x32 Version: 16.1.0.48 - Corel Corporation) Hidden
Corel PDF Fusion (HKLM\...\{7D93C785-B8CD-4B29-BBAA-8D28E30A5910}) (Version: 1.11.0000 - Corel Corporation)
Corel VideoStudio X6 (HKLM-x32\...\_{6688A246-F6E8-48AD-9806-8D5832E9F15D}) (Version: 16.0.1.43 - Corel Corporation)
CorelDRAW Graphics Suite X7 - BR (x64) (Version: 17.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X7 - Capture (x64) (Version: 17.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X7 - Common (x64) (Version: 17.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X7 - Connect (x64) (Version: 17.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X7 - CS (x64) (Version: 17.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X7 - CT (x64) (Version: 17.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X7 - Custom Data (x64) (Version: 17.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X7 - CZ (x64) (Version: 17.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X7 - DE (x64) (Version: 17.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X7 - Draw (x64) (Version: 17.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X7 - EN (x64) (Version: 17.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X7 - ES (x64) (Version: 17.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X7 - Filters (x64) (Version: 17.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X7 - FontNav (x64) (Version: 17.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X7 - FR (x64) (Version: 17.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X7 - IPM (x64) (Version: 17.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X7 - IPM Content (x64) (Version: 17.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X7 - IT (x64) (Version: 17.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X7 - JP (x64) (Version: 17.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X7 - NL (x64) (Version: 17.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X7 - PHOTO-PAINT (x64) (Version: 17.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X7 - Photozoom Plugin (x64) (Version: 17.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X7 - PL (x64) (Version: 17.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X7 - Redist (x64) (Version: 17.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X7 - RU (x64) (Version: 17.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X7 - Setup Files (x64) (Version: 17.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X7 - VBA (x64) (Version: 17.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X7 - VideoBrowser (x64) (Version: 17.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X7 - Writing Tools (x64) (Version: 17.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X7 (64-Bit) (HKLM\...\_{5CB73140-806C-42C6-A05A-1AFD0E92DEB5}) (Version: 17.0.0.491 - Corel Corporation)
Definition Update for Microsoft Office 2013 (KB2760587) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{D1C35197-B856-45E2-BA67-5ABB6B0CA9C2}) (Version: - Microsoft)
Dell Backup and Recovery - Support Software (HKLM-x32\...\{A9668246-FB70-4103-A1E3-66C9BC2EFB49}) (Version: 1.6.2.0 - Dell Inc.)
Dell Backup and Recovery (HKLM-x32\...\{0ED7EE95-6A97-47AA-AD73-152C08A15B04}) (Version: 1.6.2.0 - Dell Inc.)
Dell Client System Update (HKLM-x32\...\{04566294-A6B6-4462-9721-031073EB3694}) (Version: 1.3.0 - Dell Inc.)
Dell Custom Help (Version: 16.01.3000.0254 - Intel Corporation) Hidden
Dell Digital Delivery (HKLM-x32\...\{D850CB7E-72BC-4510-BA4F-48932BFAB295}) (Version: 2.9.901.0 - Dell Products, LP)
Dell Edoc Viewer (HKLM\...\{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}) (Version: 1.0.0 - Dell Inc)
Dell Power Manager (HKLM\...\{E45D7941-F3F0-4E8E-AD55-DCE2FE0AE6D8}) (Version: 1.1.0 - Dell Inc.)
Dell Protected Workspace (HKLM-x32\...\{E2CAA395-66B3-4772-85E3-6134DBAB244E}) (Version: 2.3.15835 - Invincea, Inc.)
Dell Touchpad (HKLM\...\{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}) (Version: 8.1200.101.129 - ALPS ELECTRIC CO., LTD.)
Dell Webcam Central (HKLM-x32\...\Dell Webcam Central) (Version: 1.40.54 - Creative Technology Ltd)
FastStone Image Viewer 5.1 (HKLM-x32\...\FastStone Image Viewer) (Version: 5.1 - FastStone Soft)
FileZilla Client 3.8.1 (HKLM-x32\...\FileZilla Client) (Version: 3.8.1 - Tim Kosse)
FreeFileSync 6.7 (HKLM-x32\...\FreeFileSync) (Version: 6.7 - Zenju)
ICA (x32 Version: 16.0.1.43 - Corel Corporation) Hidden
ICA (x32 Version: 16.1.0.48 - Corel Corporation) Hidden
IconHandler 64 bit (Version: 2.0 - Corel Corporation) Hidden
Intel(R) C++ Redistributables for Windows* on Intel(R) 64 (HKLM-x32\...\{D2437C5C-2D8C-40D2-8059-689AD7239FA3}) (Version: 11.1.048 - Intel Corporation)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.15.1730 - Intel Corporation)
Intel(R) Network Connections 18.1.59.00 (HKLM\...\PROSetDX) (Version: 18.1.59.00 - Intel)
Intel(R) Network Connections 18.1.59.00 (Version: 18.1.59.00 - Intel) Hidden
Intel(R) PRO/Wireless Driver (Version: 16.01.3000.0512 - Intel Corporation) Hidden
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.18.10.3220 - Intel Corporation)
Intel(R) PROSet/Wireless for Bluetooth(R) + High Speed (Version: 16.1.1.0084 - Intel Corporation) Hidden
Intel(R) PROSet/Wireless Software for Bluetooth(R) Technology(patch version 3.0.1335.3) (HKLM\...\{302600C1-6BDF-4FD1-1307-148929CC1385}) (Version: 3.1.1307.0366 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.6.2.1000 - Intel Corporation)
Intel(R) Rapid Storage Technology (Version: 12.6.2.1000 - Intel Corporation) Hidden
Intel(R) SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 3.0.0.66956 - Intel Corporation)
Intel(R) Update Manager (x32 Version: 1.6.0.56 - Intel Corporation) Hidden
Intel(R) USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 2.5.0.19 - Intel Corporation)
Intel(R) WiDi (HKLM\...\{24A36A7A-108C-4846-BE1F-2CD05497B998}) (Version: 4.2.15.0 - Intel Corporation)
Intel® PROSet/Wireless Software (HKLM-x32\...\{8361f8a3-b0a1-4278-a12e-5ee41e61ec4a}) (Version: 16.1.3 - Intel Corporation)
Intel® PROSet/Wireless WiFi Software (Version: 16.01.3000.0254 - Intel Corporation) Hidden
Intel® Trusted Connect Service Client (Version: 1.31.8.1 - Intel Corporation) Hidden
IPM_PSP_COM (x32 Version: 16.1.0.48 - Corel Corporation) Hidden
IPM_PSP_COM64 (Version: 16.1.0.48 - Corel Corporation) Hidden
IPM_VS_Pro (x32 Version: 16.0 - Corel Corporation) Hidden
IrfanView (remove only) (HKLM-x32\...\IrfanView) (Version: 4.38 - Irfan Skiljan)
LicensingService (x32 Version: 1.00.0000 - Corel Corporation) Hidden
Malwarebytes Anti-Malware Version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Access MUI (German) 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft DCF MUI (German) 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Excel MUI (German) 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Groove MUI (German) 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft InfoPath MUI (German) 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Lync MUI (German) 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Office 32-bit Components 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Office Korrekturhilfen 2013 - Deutsch (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Office OSM MUI (German) 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Office OSM UX MUI (German) 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Office Professional Plus 2013 (HKLM\...\Office15.PROPLUS) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft Office Professional Plus 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Office Proofing (German) 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Office Proofing Tools 2013 - English (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Office Proofing Tools 2013 - Italiano (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Office Shared 32-bit MUI (German) 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (German) 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft OneNote MUI (German) 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Outlook MUI (German) 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft PowerPoint MUI (German) 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Publisher MUI (German) 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Visual Basic for Applications 7.1 (x64) (Version: 7.1.00.00 - Microsoft Corporation) Hidden
Microsoft Visual Basic for Applications 7.1 (x64) English (Version: 7.1.0.0 - Microsoft Corporation) Hidden
Microsoft Visual Basic for Applications 7.1 (x64) German (Version: 7.1.0.0 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.51106 (HKLM-x32\...\{6e8f74e0-43bd-4dce-8477-6ff6828acc07}) (Version: 11.0.51106.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.51106 (Version: 11.0.51106 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.51106 (Version: 11.0.51106 - Microsoft Corporation) Hidden
Microsoft Visual Studio Tools for Applications 2012 (HKLM-x32\...\{89ca2a32-2b52-4595-8dfd-6fe4757958d0}) (Version: 11.0.51108 - Microsoft Corporation)
Microsoft Visual Studio Tools for Applications 2012 Finalizer (x32 Version: 11.0.51108 - Microsoft Corporation) Hidden
Microsoft Visual Studio Tools for Applications 2012 x64 Hosting Support - Module linguistique Français (Version: 11.0.51108 - Microsoft Corporation) Hidden
Microsoft Visual Studio Tools for Applications 2012 x64 Hosting Support - DEU-Sprachpaket (Version: 11.0.51108 - Microsoft Corporation) Hidden
Microsoft Visual Studio Tools for Applications 2012 x64 Hosting Support - Language Pack ITA (Version: 11.0.51108 - Microsoft Corporation) Hidden
Microsoft Visual Studio Tools for Applications 2012 x64 Hosting Support - Paquete de idioma ESN (Version: 11.0.51108 - Microsoft Corporation) Hidden
Microsoft Visual Studio Tools for Applications 2012 x64 Hosting Support - 한국어 언어 팩 (Version: 11.0.51108 - Microsoft Corporation) Hidden
Microsoft Visual Studio Tools for Applications 2012 x64 Hosting Support - 日本語 Language Pack (Version: 11.0.51108 - Microsoft Corporation) Hidden
Microsoft Visual Studio Tools for Applications 2012 x64 Hosting Support (Version: 11.0.51108 - Microsoft Corporation) Hidden
Microsoft Visual Studio Tools for Applications 2012 x64 主控支援 - 繁體中文語言套件 (Version: 11.0.51108 - Microsoft Corporation) Hidden
Microsoft Visual Studio Tools for Applications 2012 x64 托管支持 - 简体中文语言包 (Version: 11.0.51108 - Microsoft Corporation) Hidden
Microsoft Visual Studio Tools for Applications 2012 x86 Hosting Support - DEU-Sprachpaket (x32 Version: 11.0.51108 - Microsoft Corporation) Hidden
Microsoft Visual Studio Tools for Applications 2012 x86 Hosting Support - Language Pack ITA (x32 Version: 11.0.51108 - Microsoft Corporation) Hidden
Microsoft Visual Studio Tools for Applications 2012 x86 Hosting Support - Module linguistique Français (x32 Version: 11.0.51108 - Microsoft Corporation) Hidden
Microsoft Visual Studio Tools for Applications 2012 x86 Hosting Support - Paquete de idioma ESN (x32 Version: 11.0.51108 - Microsoft Corporation) Hidden
Microsoft Visual Studio Tools for Applications 2012 x86 Hosting Support - 한국어 언어 팩 (x32 Version: 11.0.51108 - Microsoft Corporation) Hidden
Microsoft Visual Studio Tools for Applications 2012 x86 Hosting Support - 日本語 Language Pack (x32 Version: 11.0.51108 - Microsoft Corporation) Hidden
Microsoft Visual Studio Tools for Applications 2012 x86 Hosting Support (x32 Version: 11.0.51108 - Microsoft Corporation) Hidden
Microsoft Visual Studio Tools for Applications 2012 x86 主控支援 - 繁體中文語言套件 (x32 Version: 11.0.51108 - Microsoft Corporation) Hidden
Microsoft Visual Studio Tools for Applications 2012 x86 托管支持 - 简体中文语言包 (x32 Version: 11.0.51108 - Microsoft Corporation) Hidden
Microsoft Word MUI (German) 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Nitro Reader 3 (HKLM\...\{9EA981E5-EE67-4662-86F1-58937D31FE07}) (Version: 3.5.6.5 - Nitro)
Origin91 (HKLM-x32\...\{ADC55813-F4DD-47AA-94F3-CA35E1447E26}) (Version: 9.10.00 - OriginLab Corporation)
Outils de vérification linguistique 2013 de Microsoft Office*- Français (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Pacote de Idiomas do Microsoft Visual Studio Tools for Applications 2012 x64 Hosting Support - PTB (Version: 11.0.51108 - Microsoft Corporation) Hidden
Pacote de Idiomas do Microsoft Visual Studio Tools for Applications 2012 x86 Hosting Support - PTB (x32 Version: 11.0.51108 - Microsoft Corporation) Hidden
Painter 13 - Contentx64 (Version: 13.1 - Corel Corporation) Hidden
Painter 13 - Core (Version: 13.1 - Corel Corporation) Hidden
Painter 13 - Corex64 (Version: 13.0 - Corel Corporation) Hidden
Painter 13 - CS (Version: 13.1 - Corel Corporation) Hidden
Painter 13 - CT (Version: 13.1 - Corel Corporation) Hidden
Painter 13 - DE (Version: 13.1 - Corel Corporation) Hidden
Painter 13 - EN (Version: 13.1 - Corel Corporation) Hidden
Painter 13 - FR (Version: 13.1 - Corel Corporation) Hidden
Painter 13 - JP (Version: 13.1 - Corel Corporation) Hidden
Painter 13 - Setup Files (Version: 13.1 - Corel Corporation) Hidden
PSPPContent (x32 Version: 16.1.0.48 - Corel Corporation) Hidden
PSPPHelp (x32 Version: 16.1.0.48 - Corel Corporation) Hidden
PSPPro64 (Version: 16.1.0.48 - Corel Corporation) Hidden
Realtek Audio COM Components (HKLM-x32\...\{2355B503-9B11-4449-861D-1C1748B26320}) (Version: 1.0.2 - Realtek Semiconductor Corp.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5975 - Realtek Semiconductor Corp.)
Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{D82063A8-7C8C-4C3B-A9BB-95138CA55D26}) (Version: - Microsoft)
Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (Version: - Microsoft) Hidden
Setup (x32 Version: 16.0.1.43 - Corel Corporation) Hidden
Setup (x32 Version: 16.1.0.48 - Ihr Firmenname) Hidden
Share (x32 Version: 16.0.1.43 - Corel Corporation) Hidden
Share64 (Version: 16.0.1.43 - Corel Corporation) Hidden
Sophos Anti-Virus (HKLM-x32\...\{9ACB414D-9347-40B6-A453-5EFB2DB59DFA}) (Version: 10.2.8 - Sophos Limited)
Sophos AutoUpdate (HKLM-x32\...\{15C418EB-7675-42be-B2B3-281952DA014D}) (Version: 2.9.0.344 - Sophos Limited)
ST Microelectronics 3 Axis Digital Accelerometer Solution (HKLM-x32\...\{9C24F411-9CA7-4A8A-91F3-F08A4A38EB31}) (Version: 4.10.0051 - ST Microelectronics)
TreeSize Free V3.0.1 (HKLM-x32\...\TreeSize Free_is1) (Version: 3.0.1 - JAM Software)
Update for Microsoft Excel 2013 (KB2881085) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{58D92858-3C94-4C2F-A8E4-AEFF9304C3CF}) (Version: - Microsoft)
Update for Microsoft Excel 2013 (KB2881085) 64-Bit Edition (HKLM\...\{90150000-0016-0407-1000-0000000FF1CE}_Office15.PROPLUS_{58D92858-3C94-4C2F-A8E4-AEFF9304C3CF}) (Version: - Microsoft)
Update for Microsoft Excel 2013 (KB2881085) 64-Bit Edition (HKLM\...\{90150000-0018-0407-1000-0000000FF1CE}_Office15.PROPLUS_{58D92858-3C94-4C2F-A8E4-AEFF9304C3CF}) (Version: - Microsoft)
Update for Microsoft Excel 2013 (KB2881085) 64-Bit Edition (HKLM\...\{90150000-001B-0407-1000-0000000FF1CE}_Office15.PROPLUS_{58D92858-3C94-4C2F-A8E4-AEFF9304C3CF}) (Version: - Microsoft)
Update for Microsoft Excel 2013 (KB2881085) 64-Bit Edition (HKLM\...\{90150000-00C1-0407-1000-0000000FF1CE}_Office15.PROPLUS_{58D92858-3C94-4C2F-A8E4-AEFF9304C3CF}) (Version: - Microsoft)
Update for Microsoft Lync 2013 (KB2850074) 64-Bit Edition (HKLM\...\{90150000-012B-0407-1000-0000000FF1CE}_Office15.PROPLUS_{CE9A9D7C-B6FB-4F6C-8BDE-9A1ADBBAC1EE}) (Version: - Microsoft)
Update for Microsoft Office 2013 (KB2760344) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{EF77B4A6-DFEC-4010-A87D-9B6BF87FABEC}) (Version: - Microsoft)
Update for Microsoft Office 2013 (KB2760544) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{62857CDD-2985-4939-91BA-19ED0B0031A5}) (Version: - Microsoft)
Update for Microsoft Office 2013 (KB2768012) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{0814662C-FD28-4DE0-ACE5-EE50D1D6C8FB}) (Version: - Microsoft)
Update for Microsoft Office 2013 (KB2817302) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{E79EFFDB-192A-4D9E-A2DB-C0F774E6EC32}) (Version: - Microsoft)
Update for Microsoft Office 2013 (KB2817302) 64-Bit Edition (HKLM\...\{90150000-0016-0407-1000-0000000FF1CE}_Office15.PROPLUS_{E79EFFDB-192A-4D9E-A2DB-C0F774E6EC32}) (Version: - Microsoft)
Update for Microsoft Office 2013 (KB2826040) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{C4AEA56A-0759-4D08-9FAB-31A92137D0B8}) (Version: - Microsoft)
Update for Microsoft Office 2013 (KB2837644) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{D692E9FF-84BF-4F44-A0EA-D58ECE0D538E}) (Version: - Microsoft)
Update for Microsoft Office 2013 (KB2863843) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{290D80DE-03AB-47EC-9402-108AF4CE4F66}) (Version: - Microsoft)
Update for Microsoft Office 2013 (KB2880457) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{EC2AF602-2730-4B05-9438-06CDE43153F2}) (Version: - Microsoft)
Update for Microsoft Office 2013 (KB2880462) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{24584DD4-C680-4FEB-A464-D760C7A5B041}) (Version: - Microsoft)
Update for Microsoft Office 2013 (KB2880462) 64-Bit Edition (HKLM\...\{90150000-006E-0407-1000-0000000FF1CE}_Office15.PROPLUS_{24584DD4-C680-4FEB-A464-D760C7A5B041}) (Version: - Microsoft)
Update for Microsoft Office 2013 (KB2880462) 64-Bit Edition (HKLM\...\{90150000-00C1-0000-1000-0000000FF1CE}_Office15.PROPLUS_{24584DD4-C680-4FEB-A464-D760C7A5B041}) (Version: - Microsoft)
Update for Microsoft Office 2013 (KB2880464) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{88B29AA5-71EE-4692-91E2-E89407F0B783}) (Version: - Microsoft)
Update for Microsoft Office 2013 (KB2880478) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{8116ED50-F1E7-49E1-9D8D-421497D34B0F}) (Version: - Microsoft)
Update for Microsoft Office 2013 (KB2880987) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{6F540E80-4BB2-413F-9648-52031AA237B7}) (Version: - Microsoft)
Update for Microsoft Office 2013 (KB2880987) 64-Bit Edition (HKLM\...\{90150000-006E-0407-1000-0000000FF1CE}_Office15.PROPLUS_{6F540E80-4BB2-413F-9648-52031AA237B7}) (Version: - Microsoft)
Update for Microsoft Office 2013 (KB2880987) 64-Bit Edition (HKLM\...\{90150000-00C1-0000-1000-0000000FF1CE}_Office15.PROPLUS_{6F540E80-4BB2-413F-9648-52031AA237B7}) (Version: - Microsoft)
Update for Microsoft Office 2013 (KB2881035) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{885C981B-F1E3-430A-A099-31CA9D28C251}) (Version: - Microsoft)
Update for Microsoft Office 2013 (KB2881035) 64-Bit Edition (HKLM\...\{90150000-0016-0407-1000-0000000FF1CE}_Office15.PROPLUS_{885C981B-F1E3-430A-A099-31CA9D28C251}) (Version: - Microsoft)
Update for Microsoft Office 2013 (KB2881035) 64-Bit Edition (HKLM\...\{90150000-0090-0407-1000-0000000FF1CE}_Office15.PROPLUS_{885C981B-F1E3-430A-A099-31CA9D28C251}) (Version: - Microsoft)
Update for Microsoft Office 2013 (KB2881074) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{9A479F9C-C1EC-4833-A115-A8B7A60480BD}) (Version: - Microsoft)
Update for Microsoft Office 2013 (KB2881084) 64-Bit Edition (HKLM\...\{90150000-001F-0407-1000-0000000FF1CE}_Office15.PROPLUS_{00BBBFFE-8889-4953-956A-77DDE975A947}) (Version: - Microsoft)
Update for Microsoft Office 2013 (KB2881084) 64-Bit Edition (HKLM\...\{90150000-001F-0409-1000-0000000FF1CE}_Office15.PROPLUS_{3A12DFA2-3FF5-450E-BDB1-A742551A5D1A}) (Version: - Microsoft)
Update for Microsoft Office 2013 (KB2881084) 64-Bit Edition (HKLM\...\{90150000-001F-040C-1000-0000000FF1CE}_Office15.PROPLUS_{EA8072E8-E3CF-46DF-A5DE-9F5975344327}) (Version: - Microsoft)
Update for Microsoft Office 2013 (KB2881084) 64-Bit Edition (HKLM\...\{90150000-001F-0410-1000-0000000FF1CE}_Office15.PROPLUS_{BF0D921F-E77E-4E03-BE71-46D9D2C7A36A}) (Version: - Microsoft)
Update for Microsoft Office 2013 (KB2881086) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{ED3A8E98-FDD4-493F-A0EC-141821573EC2}) (Version: - Microsoft)
Update for Microsoft Office 2013 (KB2881086) 64-Bit Edition (HKLM\...\{90150000-00C1-0000-1000-0000000FF1CE}_Office15.PROPLUS_{ED3A8E98-FDD4-493F-A0EC-141821573EC2}) (Version: - Microsoft)
Update for Microsoft OneDrive for Business (KB2881087) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{3C6F4768-FB23-4ECF-8328-5C47E0664B65}) (Version: - Microsoft)
Update for Microsoft OneDrive for Business (KB2881087) 64-Bit Edition (HKLM\...\{90150000-00BA-0407-1000-0000000FF1CE}_Office15.PROPLUS_{3C6F4768-FB23-4ECF-8328-5C47E0664B65}) (Version: - Microsoft)
Update for Microsoft OneDrive for Business (KB2881087) 64-Bit Edition (HKLM\...\{90150000-00C1-0000-1000-0000000FF1CE}_Office15.PROPLUS_{3C6F4768-FB23-4ECF-8328-5C47E0664B65}) (Version: - Microsoft)
Update for Microsoft OneDrive for Business (KB2881087) 64-Bit Edition (HKLM\...\{90150000-00C1-0407-1000-0000000FF1CE}_Office15.PROPLUS_{3C6F4768-FB23-4ECF-8328-5C47E0664B65}) (Version: - Microsoft)
Update for Microsoft OneNote 2013 (KB2881082) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{BFD66A5D-F608-441E-9282-41E13F5E7412}) (Version: - Microsoft)
Update for Microsoft OneNote 2013 (KB2881082) 64-Bit Edition (HKLM\...\{90150000-00A1-0407-1000-0000000FF1CE}_Office15.PROPLUS_{BFD66A5D-F608-441E-9282-41E13F5E7412}) (Version: - Microsoft)
Update for Microsoft OneNote 2013 (KB2881082) 64-Bit Edition (HKLM\...\{90150000-00C1-0000-1000-0000000FF1CE}_Office15.PROPLUS_{BFD66A5D-F608-441E-9282-41E13F5E7412}) (Version: - Microsoft)
Update for Microsoft Outlook 2013 (KB2880470) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{34A169EC-990A-4DAE-AC65-9F981158B7DB}) (Version: - Microsoft)
Update for Microsoft Outlook 2013 (KB2880470) 64-Bit Edition (HKLM\...\{90150000-001A-0407-1000-0000000FF1CE}_Office15.PROPLUS_{34A169EC-990A-4DAE-AC65-9F981158B7DB}) (Version: - Microsoft)
Update for Microsoft PowerPoint 2013 (KB2881075) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{C8955821-EDAC-4E65-BEF3-C9C0A049517A}) (Version: - Microsoft)
Update for Microsoft PowerPoint 2013 (KB2881075) 64-Bit Edition (HKLM\...\{90150000-0018-0407-1000-0000000FF1CE}_Office15.PROPLUS_{C8955821-EDAC-4E65-BEF3-C9C0A049517A}) (Version: - Microsoft)
Update for Microsoft Publisher 2013 (KB2880999) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{C07147B9-CC0B-4CC1-A107-A705889A54F2}) (Version: - Microsoft)
Update for Microsoft Publisher 2013 (KB2880999) 64-Bit Edition (HKLM\...\{90150000-0019-0407-1000-0000000FF1CE}_Office15.PROPLUS_{C07147B9-CC0B-4CC1-A107-A705889A54F2}) (Version: - Microsoft)
Update for Microsoft Visio Viewer 2013 (KB2817301) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{8E5CD68A-CDF8-4930-88DF-B7778B1871A9}) (Version: - Microsoft)
Update for Microsoft Visio Viewer 2013 (KB2817301) 64-Bit Edition (HKLM\...\{90150000-006E-0407-1000-0000000FF1CE}_Office15.PROPLUS_{8E5CD68A-CDF8-4930-88DF-B7778B1871A9}) (Version: - Microsoft)
Update for Microsoft Word 2013 (KB2878319) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{BC51FE30-3A56-4802-8D9E-E9BC05B56B49}) (Version: - Microsoft)
Update for Microsoft Word 2013 (KB2881080) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{F96FE9BB-CD90-472B-852E-156342618C54}) (Version: - Microsoft)
Update for Microsoft Word 2013 (KB2881080) 64-Bit Edition (HKLM\...\{90150000-001A-0407-1000-0000000FF1CE}_Office15.PROPLUS_{F96FE9BB-CD90-472B-852E-156342618C54}) (Version: - Microsoft)
Update for Microsoft Word 2013 (KB2881080) 64-Bit Edition (HKLM\...\{90150000-001B-0407-1000-0000000FF1CE}_Office15.PROPLUS_{F96FE9BB-CD90-472B-852E-156342618C54}) (Version: - Microsoft)
Update for Microsoft Word 2013 (KB2881080) 64-Bit Edition (HKLM\...\{90150000-012B-0407-1000-0000000FF1CE}_Office15.PROPLUS_{F96FE9BB-CD90-472B-852E-156342618C54}) (Version: - Microsoft)
VC_CRT_x64 (Version: 1.02.0000 - Intel Corporation) Hidden
VirtualCloneDrive (HKLM-x32\...\VirtualCloneDrive) (Version: 5.4.7.0 - Elaborate Bytes)
VSClassic (x32 Version: 16.0.1.43 - Corel Corporation) Hidden
VSHelp (x32 Version: 16.0.1.43 - Corel Corporation) Hidden
VSPro (x32 Version: 16.0.1.43 - Corel Corporation) Hidden
Windows Media Encoder 9 Series (HKLM-x32\...\Windows Media Encoder 9) (Version: - )
Windows Media Encoder 9 Series (x32 Version: 9.00.2980 - Microsoft Corporation) Hidden
ZoneAlarm Firewall (x32 Version: 13.1.211.000 - Check Point Software Technologies Ltd.) Hidden
ZoneAlarm Free Firewall (HKLM-x32\...\ZoneAlarm Free Firewall) (Version: 13.1.211.000 - Check Point)
ZoneAlarm Security (x32 Version: 13.1.211.000 - Check Point Software Technologies Ltd.) Hidden
ZoneAlarm Security Toolbar (HKCU\...\zonealarm) (Version: 1.8.29.17 - Check Point Software Technologies LTD)
ZoneAlarm Security Toolbar (HKLM-x32\...\zonealarm) (Version: 1.8.29.17 - Check Point Software Technologies LTD)
Языковой пакет для поддержки размещения набора средств Microsoft Visual Studio Tools для работы с приложениями 2012 (x64) - RUS (Version: 11.0.51108 - Microsoft Corporation) Hidden
Языковой пакет для поддержки размещения набора средств Microsoft Visual Studio Tools для работы с приложениями 2012 (x86) - RUS (x32 Version: 11.0.51108 - Microsoft Corporation) Hidden
==================== Custom CLSID (selected items): ==========================
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
==================== Restore Points =========================
08-07-2014 08:33:43 Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.51106
08-07-2014 15:45:54 Windows Update
11-07-2014 01:00:51 Windows Update
14-07-2014 10:15:58 Windows Update
14-07-2014 16:29:05 Windows Update
15-07-2014 08:38:59 Microsoft Visual Studio Tools for Applications 2012
15-07-2014 08:54:00 DirectX wurde installiert
15-07-2014 08:57:32 Installed InterVideo AVControlSDK
15-07-2014 08:59:55 Installed Corel PDF Fusion.
15-07-2014 09:00:24 Gerätetreiber-Paketinstallation: Corel Drucker
16-07-2014 15:24:35 Windows Update
22-07-2014 07:12:31 Windows Update
24-07-2014 15:20:03 Wiederherstellungsvorgang
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2009-07-14 04:34 - 2009-06-10 23:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
==================== Scheduled Tasks (whitelisted) =============
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
Task: {4DBA0131-DA15-47FA-9DD1-5317BABF1B47} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation)
Task: {51E9C042-9374-4A0B-8FA1-B43E38A3AF8D} - System32\Tasks\ISM-UpdateService-e57b59e7-5862-4250-9ce0-76fb411dc0d2 => C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\Bootstrap.exe [2013-03-08] (Intel Corporation)
Task: {910F3D30-61E8-4D83-9999-09FF7AEBB51D} - \BrowserSafeguard Update Task No Task File <==== ATTENTION
Task: {A1EB2BAC-3A71-497B-A545-4F6E3EDE96B5} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-07-10] (Adobe Systems Incorporated)
Task: {CF819F44-6492-49BB-B246-42BA4932FE01} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation)
Task: {D12995B8-AFF5-43F4-A702-48F992E73CAA} - System32\Tasks\ISM-UpdateService-e57b59e7-5862-4250-9ce0-76fb411dc0d2-Logon => C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\Bootstrap.exe [2013-03-08] (Intel Corporation)
Task: {EADA2791-07CA-4EC3-A41D-7806AECEFBB8} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe [2014-01-23] (Microsoft Corporation)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
==================== Loaded Modules (whitelisted) =============
2014-05-15 20:13 - 2013-08-19 16:21 - 00020256 _____ () C:\Program Files (x86)\Dell Backup and Recovery\Components\Shell\DBROverlayIcon.dll
2014-05-15 20:13 - 2013-08-19 16:21 - 00019232 _____ () C:\Program Files (x86)\Dell Backup and Recovery\Components\Shell\DBROverlayNotBackuped.dll
2014-05-01 21:29 - 2014-05-01 21:29 - 00098304 _____ () C:\Program Files (x86)\FileZilla FTP Client\fzshellext_64.dll
2012-04-25 10:48 - 2012-04-25 10:48 - 00146432 _____ () C:\Windows\System32\corelcreatorpm.dll
2014-05-15 19:58 - 2013-11-13 23:23 - 01242584 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll
==================== Alternate Data Streams (whitelisted) =========
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
AlternateDataStreams: C:\Windows\SysWOW64\MSIHANDLE:3229
AlternateDataStreams: C:\Windows\SysWOW64\MSIHANDLE:3280
AlternateDataStreams: C:\Windows\SysWOW64\MSIHANDLE:3381
==================== Safe Mode (whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SAVService => ""="service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SAVService => ""="service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\vsmon => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"
==================== EXE Association (whitelisted) =============
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
==================== MSCONFIG/TASK MANAGER disabled items =========
(Currently there is no automatic fix for this section.)
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (07/24/2014 11:47:56 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (07/24/2014 05:56:50 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (07/24/2014 05:29:54 PM) (Source: System Restore) (EventID: 8210) (User: )
Description: Unbekannter Fehler bei der Systemwiederherstellung: (Wiederherstellungsvorgang). Zusätzliche Informationen: 0x80070005.
Error: (07/24/2014 05:29:52 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (07/24/2014 05:21:25 PM) (Source: System Restore) (EventID: 8210) (User: )
Description: Unbekannter Fehler bei der Systemwiederherstellung: (Windows Update). Zusätzliche Informationen: 0x80070005.
Error: (07/24/2014 05:21:24 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (07/24/2014 05:15:12 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (07/24/2014 04:51:43 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (07/24/2014 04:39:11 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (07/24/2014 04:15:40 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
System errors:
=============
Error: (07/24/2014 10:31:29 PM) (Source: BROWSER) (EventID: 8032) (User: )
Description: Das Einlesen der Sicherungsliste durch den Suchdienst schlug auf Transport "\Device\NetBT_Tcpip_{6932F439-2F53-4607-990A-486685B753BB}" zu oft fehl.
Der Sicherungssuchdienst wird beendet.
Error: (07/24/2014 10:00:12 PM) (Source: bowser) (EventID: 8003) (User: )
Description: Der Hauptsuchdienst erhielt eine Serverankündigung vom Computer "NELLUS",
der der Hauptsuchdienst der Domäne für den NetBT_Tcpip_{6932F439-2F53-4607-990A-486685B753BB}-Transport zu sein scheint.
Der Hauptsuchdienst wurde beendet oder es wird eine Auswahl erzwungen.
Error: (07/24/2014 05:28:45 PM) (Source: VDS Basic Provider) (EventID: 1) (User: )
Description: Unerwarteter Fehler. Fehlercode: 490@01010004
Error: (07/24/2014 05:19:34 PM) (Source: VDS Basic Provider) (EventID: 1) (User: )
Description: Unerwarteter Fehler. Fehlercode: 490@01010004
Error: (07/24/2014 04:22:39 PM) (Source: Schannel) (EventID: 4119) (User: NT-AUTORITÄT)
Description: Es wurde eine schwerwiegende Warnung empfangen: 48.
Error: (07/24/2014 04:22:09 PM) (Source: Schannel) (EventID: 4119) (User: NT-AUTORITÄT)
Description: Es wurde eine schwerwiegende Warnung empfangen: 48.
Error: (07/24/2014 04:21:39 PM) (Source: Schannel) (EventID: 4119) (User: NT-AUTORITÄT)
Description: Es wurde eine schwerwiegende Warnung empfangen: 48.
Error: (07/24/2014 04:21:09 PM) (Source: Schannel) (EventID: 4119) (User: NT-AUTORITÄT)
Description: Es wurde eine schwerwiegende Warnung empfangen: 48.
Error: (07/24/2014 04:20:39 PM) (Source: Schannel) (EventID: 4119) (User: NT-AUTORITÄT)
Description: Es wurde eine schwerwiegende Warnung empfangen: 48.
Error: (07/24/2014 03:58:21 PM) (Source: Schannel) (EventID: 4119) (User: NT-AUTORITÄT)
Description: Es wurde eine schwerwiegende Warnung empfangen: 48.
Microsoft Office Sessions:
=========================
Error: (07/24/2014 11:47:56 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (07/24/2014 05:56:50 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (07/24/2014 05:29:54 PM) (Source: System Restore) (EventID: 8210) (User: )
Description: Wiederherstellungsvorgang0x80070005
Error: (07/24/2014 05:29:52 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (07/24/2014 05:21:25 PM) (Source: System Restore) (EventID: 8210) (User: )
Description: Windows Update0x80070005
Error: (07/24/2014 05:21:24 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (07/24/2014 05:15:12 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (07/24/2014 04:51:43 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (07/24/2014 04:39:11 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (07/24/2014 04:15:40 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
==================== Memory info ===========================
Percentage of memory in use: 31%
Total physical RAM: 8097.48 MB
Available physical RAM: 5515.57 MB
Total Pagefile: 16193.15 MB
Available Pagefile: 13565.47 MB
Total Virtual: 8192 MB
Available Virtual: 8191.84 MB
==================== Drives ================================
Drive c: (OS) (Fixed) (Total:226.67 GB) (Free:163.81 GB) NTFS
Drive e: () (Removable) (Total:29.8 GB) (Free:27.1 GB) FAT32
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 238 GB) (Disk ID: F75CE2D5)
Partition 1: (Not Active) - (Size=39 MB) - (Type=DE)
Partition 2: (Active) - (Size=12 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=227 GB) - (Type=07 NTFS)
========================================================
Disk: 1 (Size: 30 GB) (Disk ID: 00000000)
Partition: GPT Partition Type.
==================== End Of Log ============================
hatte ganz vergessen, dass das Notebook ja ein Uni-eigenes ist. Problem wird dementsprechend auch im Rechenzentrum bei uns behoben. Danke aber für die bis hierhin geleistete Hilfe! |
|
26.07.2014, 07:59
| #5 |
| /// the machine /// TB-Ausbilder | Kein Internet-Zugriff nach Adware-Säuberung! Also brauchst Du keine Hilfe? Das Ding ist immer noch verseucht.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
26.07.2014, 09:44
| #6 |
| | Kein Internet-Zugriff nach Adware-Säuberung! Ich hab da am Montag nen Termin, damit das behoben wird. Und wenn das von unserem Rechenzentrum eh gemacht wird, möchte ich a) nicht selber so viel dran rumfriemeln b) nicht deine Zeit konsumieren für etwas, was dann eh von anderen gelöst wird. Ich kann mich ja einfach Montag nochmal melden, und wenns dann immernoch verseucht ist, schauen wir weiter. Bis dahin stehts eh ausgeschaltet in meinem Büro, und ich seh es erst Montag früh wieder  |
|
26.07.2014, 18:45
| #7 |
| /// the machine /// TB-Ausbilder | Kein Internet-Zugriff nach Adware-Säuberung! ok 
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
Linear-Darstellung
