Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung
Spyhunter - wie werde ich ihn wieder los

Spyhunter - wie werde ich ihn wieder los


Log-Analyse und Auswertung: Spyhunter - wie werde ich ihn wieder los

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML.

Antwort
Seite 1 von 2 1 2
Alt 27.05.2015, 07:00   #1
Sonnen
 
Spyhunter - wie werde ich ihn wieder los - Unglücklich

Spyhunter - wie werde ich ihn wieder los


Hallo zusammen, ich habe ein großes Problem. Ich habe bereits oft in eurem Forum mitgelesen und bei kleineren Probleme hier Hilfe gefunden. Jetzt benötige ich selbst dringend Hilfe. Mein Laptop ist verseucht und ich benötige dringend Hilfe. Nachdem ich einige Veränderungen auf meinem Laptop bemerkt habe und einige Funktionen nicht mehr möglich waren sowohl auf dem Laptop als auch bei der Arbeit im Internet, habe ich meine Antiviren Programme scannen lassen. Es wurden ein Trojaner gefunden und etliche Malware. In meiner Not habe ich SpyHunter noch zusätzlich geladen und jetzt ist alles noch schlimmer als vorher. Könnt ihr mir bitte helfen es ist dringend. Außerdem versucht ein Programm jetzt auch noch meine Daten im Internet umzuleiten.
Dankeschön im voraus. Lg Sonnen

Alt 27.05.2015, 07:05   #2
schrauber
/// the machine
/// TB-Ausbilder
 
Spyhunter - wie werde ich ihn wieder los - Standard

Spyhunter - wie werde ich ihn wieder los


Hi,

Logs bitte immer in den Thread posten. Zur Not aufteilen und mehrere Posts nutzen.
Ich kann auf Arbeit keine Anhänge öffnen, danke.

So funktioniert es:
Posten in CODE-Tags
Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert mir massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu gross für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
  • Markiere das gesamte Logfile (geht meist mit STRG+A) und kopiere es in die Zwischenablage mit STRG+C.
  • Klicke im Editor auf das #-Symbol. Es erscheinen zwei Klammerausdrücke [CODE] [/CODE].
  • Setze den Curser zwischen die CODE-Tags und drücke STRG+V.
  • Klicke auf Erweitert/Vorschau, um so prüfen, ob du es richtig gemacht hast. Wenn alles stimmt ... auf Antworten.



FRST.txt fehlt noch
__________________

__________________
Alt 27.05.2015, 07:54   #3
Sonnen
 
Spyhunter - wie werde ich ihn wieder los - Unglücklich

SpyHunter-wie werde ich ihn wieder los


Zitat:
Zitat von Sonnen Beitrag anzeigen
Hallo zusammen, ich habe ein großes Problem. Ich habe bereits oft in eurem Forum mitgelesen und bei kleineren Probleme hier Hilfe gefunden. Jetzt benötige ich selbst dringend Hilfe. Mein Laptop ist verseucht und ich benötige dringend Hilfe. Nachdem ich einige Veränderungen auf meinem Laptop bemerkt habe und einige Funktionen nicht mehr möglich waren sowohl auf dem Laptop als auch bei der Arbeit im Internet, habe ich meine Antiviren Programme scannen lassen. Es wurden ein Trojaner gefunden und etliche Malware. In meiner Not habe ich SpyHunter noch zusätzlich geladen und jetzt ist alles noch schlimmer als vorher. Könnt ihr mir bitte helfen es ist dringend. Außerdem versucht ein Programm jetzt auch noch meine Daten im Internet umzuleiten.
Dankeschön im voraus. Lg Sonnen
Hallo Schrauber,
vielen Dank für deine Hilfe. Leider hatte ich gerade wieder einen Absturz und musste eine erneute Systemwiederherstellung machen.
Hier kommen die Logdaten ich hoffe es hält bis ich sie eingestellt habe:

Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 26-05-2015
Ran by adriana (administrator) on SOFIA on 27-05-2015 08:43:30
Running from C:\Users\adriana\Downloads
Loaded Profiles: adriana (Available Profiles: adriana & Balou & DefaultAppPool)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Enigma Software Group USA, LLC.) C:\Program Files\Enigma Software Group\SpyHunter\SH4Service.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
(AMD) C:\Windows\System32\atieclxx.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSvc.exe
(ABBYY) C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(SEIKO EPSON CORPORATION) C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50STB.EXE
(SEIKO EPSON CORPORATION) C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE
(EasyBits Software AS) C:\Windows\SysWOW64\ezSharedSvcHost.exe
(Freemake) C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe
(Ellora Assets Corp.) C:\Program Files (x86)\Freemake\CaptureLib\CaptureLibService.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
() C:\ProgramData\DatacardService\HWDeviceService64.exe
(Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
() C:\ProgramData\Internet Manager\OnlineUpdate\ouc.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft SQL Server\MSSQL10.SERVEREXP2008\MSSQL\Binn\sqlservr.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Windows\System32\UI0Detect.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Microsoft Corporation) C:\Windows\System32\alg.exe
(Huawei Technologies Co., Ltd.) C:\ProgramData\DatacardService\DCSHelper.exe
(Microsoft Corporation) C:\Windows\System32\wbengine.exe
(CyberLink) C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(TomTom) C:\Program Files (x86)\MyDrive Connect\TomTom MyDrive Connect.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
(Microsoft Corporation) C:\Windows\System32\msfeedssync.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe
(Emsisoft Ltd) C:\Program Files (x86)\Emsisoft Internet Security\a2service.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
(Emsisoft Ltd) C:\Program Files (x86)\Emsisoft Internet Security\a2guard.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2799912 2011-06-10] (Synaptics Incorporated)
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1128448 2011-05-27] (IDT, Inc.)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1337000 2015-04-30] (Microsoft Corporation)
HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM-x32\...\Run: [EEventManager] => C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe [979328 2010-10-12] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [emsisoft anti-malware] => c:\program files (x86)\emsisoft internet security\a2guard.exe [4923832 2015-05-27] (Emsisoft Ltd)
HKLM\...\Policies\Explorer: [EnableShellExecuteHooks] 1
HKU\S-1-5-19\Control Panel\Desktop\\SCRNSAVE.EXE -> 
HKU\S-1-5-20\Control Panel\Desktop\\SCRNSAVE.EXE -> 
HKU\S-1-5-21-4246888475-3530032447-118406061-1002\...\Run: [Facebook Update] => "C:\Users\adriana\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
HKU\S-1-5-21-4246888475-3530032447-118406061-1002\...\Run: [Google+ Auto Backup] => C:\Users\adriana\AppData\Local\Programs\Google\Google+ Auto Backup\Google+ Auto Backup.exe [3619096 2014-01-06] (Google Inc.)
HKU\S-1-5-21-4246888475-3530032447-118406061-1002\...\Run: [MyDriveConnect.exe] => C:\Program Files (x86)\MyDrive Connect\TomTom MyDrive Connect.exe [1905032 2015-04-28] (TomTom)
HKU\S-1-5-21-4246888475-3530032447-118406061-1002\...\Run: [Spybot-S&D Cleaning] => "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe" /autoclean
HKU\S-1-5-21-4246888475-3530032447-118406061-1002\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [31682144 2015-03-25] (Skype Technologies S.A.)
HKU\S-1-5-21-4246888475-3530032447-118406061-1002\...\Policies\system: [DisableLockWorkstation] 0
HKU\S-1-5-21-4246888475-3530032447-118406061-1002\...\Policies\system: [DisableChangePassword] 0
HKU\S-1-5-21-4246888475-3530032447-118406061-1002\...\MountPoints2: G - G:\AutoRun.exe
HKU\S-1-5-21-4246888475-3530032447-118406061-1002\...\MountPoints2: {224255d9-225e-11e4-909f-80c16e5e636f} - I:\AutoRun.exe
HKU\S-1-5-21-4246888475-3530032447-118406061-1002\...\MountPoints2: {3b1a02c2-dfc1-11e1-9d3e-80c16e5e636f} - G:\AutoRun.exe
HKU\S-1-5-21-4246888475-3530032447-118406061-1002\...\MountPoints2: {3b1a02d2-dfc1-11e1-9d3e-80c16e5e636f} - G:\AutoRun.exe
HKU\S-1-5-21-4246888475-3530032447-118406061-1002\...\MountPoints2: {523774ac-254e-11e4-bc09-80c16e5e636f} - I:\AutoRun.exe
HKU\S-1-5-21-4246888475-3530032447-118406061-1002\...\MountPoints2: {523774bf-254e-11e4-bc09-80c16e5e636f} - I:\AutoRun.exe
HKU\S-1-5-21-4246888475-3530032447-118406061-1002\...\MountPoints2: {523774ce-254e-11e4-bc09-80c16e5e636f} - I:\AutoRun.exe
HKU\S-1-5-21-4246888475-3530032447-118406061-1002\...\MountPoints2: {58d203bd-ea05-11e1-8943-80c16e5e636f} - G:\AutoRun.exe
HKU\S-1-5-21-4246888475-3530032447-118406061-1002\...\MountPoints2: {8ce5efb7-25d8-11e4-81e2-80c16e5e636f} - I:\AutoRun.exe
HKU\S-1-5-21-4246888475-3530032447-118406061-1002\...\MountPoints2: {aa749cb7-e1e9-11e1-b427-80c16e5e636f} - G:\AutoRun.exe
HKU\S-1-5-21-4246888475-3530032447-118406061-1002\...\MountPoints2: {af6b4cbc-28c1-11e2-b557-80c16e5e636f} - G:\AutoRun.exe
HKU\S-1-5-21-4246888475-3530032447-118406061-1002\...\MountPoints2: {b125cb25-2507-11e4-bfbb-80c16e5e636f} - I:\AutoRun.exe
HKU\S-1-5-21-4246888475-3530032447-118406061-1002\...\MountPoints2: {b125cb3f-2507-11e4-bfbb-80c16e5e636f} - I:\AutoRun.exe
HKU\S-1-5-21-4246888475-3530032447-118406061-1002\...\MountPoints2: {b1318048-e54c-11e1-b5c1-80c16e5e636f} - G:\AutoRun.exe
HKU\S-1-5-21-4246888475-3530032447-118406061-1002\...\MountPoints2: {b1318059-e54c-11e1-b5c1-80c16e5e636f} - G:\AutoRun.exe
HKU\S-1-5-21-4246888475-3530032447-118406061-1002\...\MountPoints2: {b2a53646-dd88-11e1-801a-80c16e5e636f} - G:\AutoRun.exe
HKU\S-1-5-21-4246888475-3530032447-118406061-1002\...\MountPoints2: {b2a53650-dd88-11e1-801a-80c16e5e636f} - G:\AutoRun.exe
HKU\S-1-5-21-4246888475-3530032447-118406061-1002\...\MountPoints2: {b52e20ba-1bca-11e4-b312-80c16e5e636f} - I:\AutoRun.exe
HKU\S-1-5-21-4246888475-3530032447-118406061-1002\...\MountPoints2: {b52e20e6-1bca-11e4-b312-80c16e5e636f} - I:\AutoRun.exe
HKU\S-1-5-21-4246888475-3530032447-118406061-1002\...\MountPoints2: {c6cb37c9-ec27-11e1-b574-80c16e5e636f} - G:\AutoRun.exe
HKU\S-1-5-21-4246888475-3530032447-118406061-1002\Control Panel\Desktop\\SCRNSAVE.EXE -> 
HKU\S-1-5-18\Control Panel\Desktop\\SCRNSAVE.EXE -> 
Startup: C:\Users\adriana\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2015-05-19]
ShortcutTarget: Dropbox.lnk -> C:\Users\adriana\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\adriana\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk [2014-02-20]
ShortcutTarget: OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk -> C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-4246888475-3530032447-118406061-1002\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/?pc=SKY2&ocid=SKY2DHP&osmkt=de-de
HKU\S-1-5-21-4246888475-3530032447-118406061-1002\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPNOT/4
HKU\S-1-5-21-4246888475-3530032447-118406061-1002\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com/ie
SearchScopes: HKLM -> {C87395B5-70D9-4E25-AB1F-FF23936613EF} URL = hxxp://www.amazon.de/s/ref=azs_osd_ieade?ie=UTF-8&tag=hp-de2-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/707-111076-19270-3/4?mpre=hxxp://www.ebay.de/sch/i.html?_nkw={searchTerms}
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-4246888475-3530032447-118406061-1002 -> {C87395B5-70D9-4E25-AB1F-FF23936613EF} URL = 
SearchScopes: HKU\S-1-5-21-4246888475-3530032447-118406061-1002 -> ÛŸÆîZ§’2¹Þpv¨IÍá*X(Ž2s(ÛÎÀJºÔÓµ± vË°!×—(ä¼48иpatm6êo^Mp`Ëõ÷_i£w˜¾!„Áû†x¢8€ÙjÀÿþ*´Ñ;áa´[¦†8*º~RÙxœòÜ8'£-)x*ä* URL = 
BHO: SteadyVideoBHO Class -> {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} -> C:\Program Files\AMD\SteadyVideo\SteadyVideo.dll [2011-06-07] (Advanced Micro Devices)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_31\bin\ssv.dll [2015-01-22] (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.)
BHO: Easy Photo Print -> {9421DD08-935F-4701-A9CA-22DF90AC4EA6} -> C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll [2009-08-24] (SEIKO EPSON CORPORATION / CyCom Technology Corp.)
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2014-07-14] (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_31\bin\jp2ssv.dll [2015-01-22] (Oracle Corporation)
BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll [2013-08-28] (Hewlett-Packard)
BHO-x32: SteadyVideoBHO Class -> {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} -> C:\Program Files (x86)\amd\SteadyVideo\SteadyVideo.dll [2011-06-07] (Advanced Micro Devices)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\ssv.dll [2015-01-22] (Oracle Corporation)
BHO-x32: Windows Live ID-Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.)
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2014-07-14] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\jp2ssv.dll [2015-01-22] (Oracle Corporation)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2013-08-28] (Hewlett-Packard)
Toolbar: HKLM - Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll [2009-08-24] (SEIKO EPSON CORPORATION / CyCom Technology Corp.)
Toolbar: HKU\S-1-5-21-4246888475-3530032447-118406061-1002 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
DPF: HKLM-x32 {6E718D87-6909-4FCE-92D4-EDCB2F725727} hxxp://navigram.com/engine/v1140/Navigram.cab
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2014-05-02] (Skype Technologies)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2014-07-14] (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2014-07-14] (Microsoft Corporation)
Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll [2011-06-07] (Advanced Micro Devices)
Filter-x32: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll [2011-06-07] (Advanced Micro Devices)
Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll [2011-06-07] (Advanced Micro Devices)
Filter-x32: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll [2011-06-07] (Advanced Micro Devices)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
Tcpip\..\Interfaces\{5DDAC98E-5E73-4A5D-B5D9-C36969B42E00}: [NameServer] 195.29.166.120 195.29.166.121
Tcpip\..\Interfaces\{773EAF73-9F10-4FC6-B396-104EEF539DF6}: [NameServer] 10.48.65.24 10.48.65.25
Tcpip\..\Interfaces\{7839FE82-E019-40A6-9B1D-829DF931B9D2}: [NameServer] 195.29.166.120 195.29.166.121
Tcpip\..\Interfaces\{817537F5-6CFF-4F1F-941F-60C4FB7609DA}: [NameServer] 10.48.65.24 10.48.65.25

FireFox:
========
FF ProfilePath: C:\Users\adriana\AppData\Roaming\Mozilla\Firefox\Profiles\egj2scfg.default
FF Homepage: hxxp://www.griechischefellnasen.de/
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_17_0_0_169.dll [2015-05-10] ()
FF Plugin: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll [2015-01-22] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files\Java\jre1.8.0_31\bin\plugin2\npjp2.dll [2015-01-22] (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-16] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_169.dll [2015-05-10] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw.dll No File
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-10-30] ()
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll [2014-01-06] (Google, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=10.4.0 -> C:\Windows\SysWOW64\npDeployJava1.dll [2015-01-13] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\plugin2\npjp2.dll [2015-01-22] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-15] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll [2010-04-26] (Microsoft Corp.)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-15] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-15] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll No File
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-05-01] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-4246888475-3530032447-118406061-1002: @Skype Limited.com/Facebook Video Calling Plugin -> C:\Users\adriana\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll No File
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\np-mswmp.dll [2007-04-10] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2015-05-01] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll [2015-02-08] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll [2015-02-08] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll [2015-02-08] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll [2015-02-08] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll [2015-02-08] (Apple Inc.)
FF Extension: IE Tab 2 (FF 3.6+) - C:\Users\adriana\AppData\Roaming\Mozilla\Firefox\Profiles\egj2scfg.default\Extensions\{1BC9BA34-1EED-42ca-A505-6D2F1A935BBB} [2014-01-03]
FF Extension: Google Translator for Firefox - C:\Users\adriana\AppData\Roaming\Mozilla\Firefox\Profiles\egj2scfg.default\Extensions\translator@zoli.bod.xpi [2014-02-21]
FF Extension: ImTranslator - C:\Users\adriana\AppData\Roaming\Mozilla\Firefox\Profiles\egj2scfg.default\Extensions\{9AA46F4F-4DC7-4c06-97AF-5035170634FE}.xpi [2014-02-21]
FF Extension: DVDVideoSoft YouTube MP3 and Video Download - C:\Users\adriana\AppData\Roaming\Mozilla\Firefox\Profiles\egj2scfg.default\Extensions\{B64D9B05-48E1-4CEB-BF58-E0643994E900}.xpi [2015-01-06]
FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2015-05-15]
FF HKLM\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird
FF HKLM-x32\...\Firefox\Extensions: [ff-bmboc@bytemobile.com] - C:\Program Files\T-Mobile\InternetManager_H\OCx32\addon
FF HKLM-x32\...\Firefox\Extensions: [fmdownloader@gmail.com] - C:\Program Files (x86)\Freemake\Freemake Video Downloader\BrowserPlugin\Firefox\fmdownloader@gmail.com
FF HKLM-x32\...\Firefox\Extensions: [ytfmdownloader@gmail.com] - C:\Program Files (x86)\Freemake\Freemake Video Downloader\BrowserPlugin\Firefox\ytfmdownloader@gmail.com
FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK
FF HKLM-x32\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird
FF Extension: No Name - C:\Users\adriana\AppData\Roaming\Mozilla\Firefox\Profiles\egj2scfg.default\extensions\searchffv2@gmail.com [not found]
FF Extension: No Name - C:\Users\adriana\AppData\Roaming\Mozilla\Firefox\Profiles\egj2scfg.default\extensions\sweetsearch@gmail.com [not found]

Chrome: 
=======
CHR Profile: C:\Users\adriana\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Bookmark Manager) - C:\Users\adriana\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmlllbghnfkpflemihljekbapjopfjik [2015-05-19]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\adriana\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-04]
CHR Extension: (Skype Click to Call) - C:\Users\adriana\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2015-05-19]
CHR Extension: (Google Wallet) - C:\Users\adriana\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-02]
CHR HKLM-x32\...\Chrome\Extension: [bpegkgagfojjbcpkihigfmkojdmmimdf] - C:\Program Files (x86)\Freemake\Freemake Video Downloader\BrowserPlugin\Chrome\Freemake.Plugin.Chrome.crx [Not Found]
CHR HKLM-x32\...\Chrome\Extension: [ehgldbbpchgpcfagfpfjgoomddhccfgh] - C:\Program Files (x86)\Freemake\Freemake Video Downloader\BrowserPlugin\Chrome\ChromeYoutubePlugin.crx [Not Found]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2014-07-14]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 a2AntiMalware; C:\Program Files (x86)\Emsisoft Internet Security\a2service.exe [5155576 2015-05-27] (Emsisoft Ltd)
R2 ABBYY.Licensing.FineReader.Sprint.9.0; C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe [759048 2009-05-14] (ABBYY)
R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [361984 2011-09-28] (Advanced Micro Devices, Inc.) []
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77128 2015-01-20] (Apple Inc.)
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390176 2014-07-14] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1767520 2014-07-14] (Microsoft Corporation)
R2 DiagTrack; C:\Windows\system32\diagtrack.dll [1254400 2015-04-27] (Microsoft Corporation)
R2 EpsonBidirectionalService; C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSVC.exe [94208 2006-12-19] (SEIKO EPSON CORPORATION) []
R2 EPSON_EB_RPCV4_04; C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50STB.EXE [168448 2011-01-12] (SEIKO EPSON CORPORATION) []
R2 ezSharedSvc; C:\Windows\SysWOW64\ezSharedSvcHost.exe [514232 2010-04-23] (EasyBits Software AS) []
R2 Freemake Improver; C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe [108032 2014-07-15] (Freemake) []
R2 FreemakeVideoCapture; C:\Program Files (x86)\Freemake\CaptureLib\CaptureLibService.exe [9216 2014-07-15] (Ellora Assets Corp.) []
U2 HP Support Assistant Service; C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [92160 2013-11-04] (Hewlett-Packard Company) []
R2 HWDeviceService64.exe; C:\ProgramData\DatacardService\HWDeviceService64.exe [346976 2011-03-14] ()
R2 IconMan_R; C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2413056 2011-06-29] (Realsil Microelectronics Inc.) []
S2 Internet Manager. RunOuc; C:\Program Files (x86)\T-Mobile\InternetManager_H\UpdateDog\ouc.exe [671744 2013-02-05] () []
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23816 2015-04-30] (Microsoft Corporation)
R2 MSSQL$SERVEREXP2008; c:\Program Files (x86)\Microsoft SQL Server\MSSQL10.SERVEREXP2008\MSSQL\Binn\sqlservr.exe [43044512 2014-07-12] (Microsoft Corporation)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [366544 2015-04-30] (Microsoft Corporation)
R2 SpyHunter 4 Service; C:\Program Files\Enigma Software Group\SpyHunter\SH4Service.exe [1026432 2015-05-19] (Enigma Software Group USA, LLC.)
S4 SQLAgent$SERVEREXP2008; c:\Program Files (x86)\Microsoft SQL Server\MSSQL10.SERVEREXP2008\MSSQL\Binn\SQLAGENT.EXE [380064 2014-07-12] (Microsoft Corporation)
R2 W3SVC; C:\Windows\system32\inetsrv\iisw3adm.dll [453120 2010-11-21] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 cleanhlp; C:\EEK\bin\cleanhlp64.sys [57024 2015-03-04] (Emsisoft GmbH)
R1 epp64; C:\Windows\System32\DRIVERS\epp64.sys [135800 2015-03-24] (Emsisoft GmbH)
S3 esgiguard; C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [15920 2015-05-19] (Enigma Software Group USA, LLC.)
S3 EsgScanner; C:\Windows\System32\DRIVERS\EsgScanner.sys [22704 2015-05-19] ()
R3 fwndis; C:\Windows\System32\DRIVERS\fwndis64.sys [491632 2015-01-01] ()
R1 fwwfp; C:\Program Files (x86)\Emsisoft Internet Security\fwwfp764.sys [414936 2015-01-01] ()
S3 huawei_wwanecm; C:\Windows\System32\DRIVERS\ew_juwwanecm.sys [241152 2012-12-03] (Huawei Technologies Co., Ltd.)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [280376 2015-03-04] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [124568 2015-03-04] (Microsoft Corporation)
R3 SNP2UVC; C:\Windows\System32\DRIVERS\snp2uvc.sys [1863720 2012-06-01] ()
R0 sptd; C:\Windows\System32\Drivers\sptd.sys [386680 2014-04-27] (Duplex Secure Ltd.)
S3 cpuz134; \??\C:\Users\adriana\AppData\Local\Temp\cpuz134\cpuz134_x64.sys [X]
S3 HSPADataCardusbmdm; system32\DRIVERS\HSPADataCardusbmdm.sys [X]
S3 HSPADataCardusbnmea; system32\DRIVERS\HSPADataCardusbnmea.sys [X]
S3 HSPADataCardusbser; system32\DRIVERS\HSPADataCardusbser.sys [X]
S3 massfilter; system32\drivers\massfilter.sys [X]
S3 MBAMSwissArmy; \??\C:\Windows\system32\drivers\MBAMSwissArmy.sys [X]
S3 NPF; system32\drivers\NPF.sys [X]
S1 SASDIFSV; \??\C:\Users\adriana\AppData\Local\Temp\SAS_SelfExtract\SASDIFSV64.SYS [X]
S1 SASKUTIL; \??\C:\Users\adriana\AppData\Local\Temp\SAS_SelfExtract\SASKUTIL64.SYS [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-05-27 07:36 - 2015-05-27 07:54 - 00046935 _____ () C:\Users\adriana\Downloads\Addition.txt
2015-05-27 07:29 - 2015-05-27 08:43 - 00029011 _____ () C:\Users\adriana\Downloads\FRST.txt
2015-05-27 07:29 - 2015-05-27 07:29 - 02108928 _____ (Farbar) C:\Users\adriana\Downloads\FRST64.exe
2015-05-26 19:35 - 2015-05-26 19:35 - 00000000 ____D () C:\Users\Balou\AppData\Roaming\GMX
2015-05-26 15:17 - 2015-05-27 08:33 - 00000000 ____D () C:\ProgramData\SecTaskMan
2015-05-26 15:17 - 2015-05-27 08:33 - 00000000 ____D () C:\Program Files (x86)\Security Task Manager
2015-05-26 15:17 - 2015-05-26 15:17 - 00000000 ____D () C:\Users\Balou\AppData\Local\SecTaskMan
2015-05-26 14:52 - 2015-05-26 14:52 - 00034332 _____ () C:\Users\Balou\Documents\software Bedrohungen1.txt
2015-05-26 13:46 - 2015-05-27 08:33 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2015-05-26 13:46 - 2015-05-27 08:33 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2015-05-24 16:27 - 2015-05-24 16:27 - 00000000 ____D () C:\Users\Balou\AppData\Local\Apple
2015-05-24 15:31 - 2015-05-24 15:31 - 00003186 _____ () C:\Windows\System32\Tasks\HPCeeScheduleForBalou
2015-05-24 15:23 - 2015-05-24 15:23 - 00001092 _____ () C:\Users\Public\Desktop\Emsisoft Internet Security.lnk
2015-05-24 15:23 - 2015-05-24 15:23 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Emsisoft Internet Security
2015-05-24 15:21 - 2015-03-24 00:17 - 00135800 _____ (Emsisoft GmbH) C:\Windows\system32\Drivers\epp64.sys
2015-05-24 15:21 - 2015-01-01 22:36 - 00491632 _____ () C:\Windows\system32\Drivers\fwndis64.sys
2015-05-24 15:17 - 2015-05-24 15:18 - 162150608 _____ (Emsisoft Ltd. ) C:\Users\Balou\Downloads\EmsisoftInternetSecuritySetup.exe
2015-05-22 14:47 - 2015-05-27 08:34 - 00000000 ____D () C:\Users\Balou\AppData\Local\Hewlett-Packard
2015-05-22 14:47 - 2015-05-24 22:17 - 00000332 _____ () C:\Windows\Tasks\HPCeeScheduleForBalou.job
2015-05-22 00:30 - 2015-05-22 00:30 - 00000000 ____D () C:\ProgramData\Emsisoft
2015-05-22 00:20 - 2015-05-27 08:43 - 00000000 ____D () C:\Program Files (x86)\Emsisoft Internet Security
2015-05-21 20:31 - 2015-05-22 14:31 - 00000000 ____D () C:\ProgramData\Trend Micro
2015-05-21 20:31 - 2015-05-21 20:31 - 00000000 ____D () C:\Program Files\Trend Micro
2015-05-21 20:30 - 2015-05-21 20:30 - 00000036 _____ () C:\Users\Balou\AppData\Local\housecall.guid.cache
2015-05-21 20:21 - 2015-05-21 20:21 - 00000000 ____D () C:\Users\Balou\AppData\Local\Trend Micro
2015-05-21 19:47 - 2015-05-21 21:08 - 00000000 ____D () C:\Users\Balou\AppData\Roaming\Nico Mak Computing
2015-05-21 18:39 - 2015-05-22 14:31 - 00000000 ____D () C:\Users\Balou\AppData\Local\Tempcab4d6f15f2003ef405f2cdaac60c63f_
2015-05-21 18:39 - 2015-05-22 14:31 - 00000000 ____D () C:\Users\Balou\AppData\Local\Temp9d0804a4ffbc2018293c60258a7393e8_
2015-05-21 18:36 - 2015-05-22 14:31 - 00000000 ____D () C:\Users\Balou\AppData\Local\Tempcb5f031f2fcb0b6739359a4a41301da2
2015-05-21 18:36 - 2015-05-22 14:31 - 00000000 ____D () C:\Users\Balou\AppData\Local\Tempcab4d6f15f2003ef405f2cdaac60c63f
2015-05-21 18:36 - 2015-05-22 14:31 - 00000000 ____D () C:\Users\Balou\AppData\Local\Temp9d0804a4ffbc2018293c60258a7393e8
2015-05-21 18:36 - 2015-05-21 18:50 - 00000000 ____D () C:\Users\Balou\AppData\Local\CrashDumps
2015-05-19 23:30 - 2015-05-22 14:31 - 00000000 ____D () C:\Users\Balou\Downloads\GMX - flug_files
2015-05-19 23:30 - 2015-05-22 14:31 - 00000000 ____D () C:\Users\Balou\Downloads\athene_files
2015-05-19 23:30 - 2015-05-19 23:30 - 00000000 ____D () C:\Users\Balou\Downloads\Originals
2015-05-19 23:30 - 2015-05-19 23:30 - 00000000 ____D () C:\Users\Balou\Downloads\artmedic_advent
2015-05-19 23:30 - 2014-05-09 00:01 - 00123830 _____ () C:\Users\Balou\Downloads\01.05.14 - 1
2015-05-19 23:30 - 2014-05-09 00:01 - 00045659 _____ () C:\Users\Balou\Downloads\02.05.14 - 1
2015-05-19 23:30 - 2014-01-18 02:55 - 00030502 _____ () C:\Users\Balou\Downloads\athene.htm
2015-05-19 23:30 - 2013-12-12 10:35 - 00031723 _____ () C:\Users\Balou\Downloads\GMX - flug.htm
2015-05-19 23:30 - 2011-03-28 21:07 - 00000038 _____ () C:\Users\Balou\Downloads\!!!readfirst.txt
2015-05-19 23:20 - 2015-05-19 23:20 - 00000000 ____D () C:\Users\Balou\AppData\Local\Macromedia
2015-05-19 20:44 - 2015-05-19 20:44 - 00001048 _____ () C:\Users\Balou\Desktop\adriana - Verknüpfung.lnk
2015-05-19 20:39 - 2015-05-19 20:39 - 00000000 ____D () C:\Users\Balou\AppData\Local\Adobe
2015-05-19 20:33 - 2015-05-19 20:33 - 00000521 _____ () C:\Users\Balou\Desktop\Sichern und Wiederherstellen - Verknüpfung.lnk
2015-05-19 20:21 - 2015-05-19 20:22 - 00000000 ____D () C:\Users\Balou\AppData\Roaming\Mozilla
2015-05-19 20:21 - 2015-05-19 20:22 - 00000000 ____D () C:\Users\Balou\AppData\Local\Mozilla
2015-05-19 20:00 - 2014-11-22 01:55 - 00001859 _____ () C:\Users\Balou\Documents\Weihnachtsgeschichte_3.txt
2015-05-19 20:00 - 2014-08-18 11:05 - 00000894 _____ () C:\Users\Balou\Documents\Tierärte Pool Kastrationsflyer Xanthi.txt
2015-05-19 20:00 - 2013-11-12 18:08 - 00001287 _____ () C:\Users\Balou\Documents\umsatz verein november 2013.csv
2015-05-19 20:00 - 2012-07-16 17:13 - 00000068 _____ () C:\Users\Balou\Documents\userpatch.dat
2015-05-19 20:00 - 2012-07-16 17:13 - 00000003 _____ () C:\Users\Balou\Documents\temporary.iti
2015-05-19 20:00 - 2012-07-15 18:27 - 00002048 _____ () C:\Users\Balou\Documents\watchdogtrace.dat
2015-05-19 20:00 - 2012-04-01 23:03 - 00000023 _____ () C:\Users\Balou\Documents\start_mumble.bat
2015-05-19 20:00 - 2012-02-02 01:35 - 00023819 _____ () C:\Users\Balou\Documents\Tierschutzverein Vorlage Sofia.dotx
2015-05-19 20:00 - 2012-01-20 02:08 - 00001043 _____ () C:\Users\Balou\Documents\YouCam(Webcam).lnk
2015-05-19 20:00 - 2011-08-23 15:46 - 08225519 _____ () C:\Users\Balou\Documents\tables.dat
2015-05-19 20:00 - 2011-06-26 15:21 - 02932120 _____ () C:\Users\Balou\Documents\tmccodes.dat
2015-05-19 20:00 - 2011-06-26 15:21 - 00000088 _____ () C:\Users\Balou\Documents\traffic.dat
2015-05-19 20:00 - 2011-04-08 22:54 - 10741064 _____ () C:\Users\Balou\Documents\wz145gev.exe
2015-05-19 20:00 - 2011-03-20 21:47 - 106928002 _____ () C:\Users\Balou\Documents\Stick.wmv
2015-05-19 20:00 - 2011-03-20 21:44 - 00023310 _____ () C:\Users\Balou\Documents\Stick.mxf
2015-05-19 20:00 - 2011-02-17 19:34 - 00000000 _____ () C:\Users\Balou\Documents\unconfirmed 3480.crdownload
2015-05-19 20:00 - 2010-05-23 21:00 - 00000525 _____ () C:\Users\Balou\Documents\Tierschutz-und Pflegevertrag Athen.txt
2015-05-19 20:00 - 2009-12-15 15:59 - 00079404 _____ () C:\Users\Balou\Documents\voice.wav
2015-05-19 20:00 - 2009-12-06 14:09 - 00004270 _____ () C:\Users\Balou\Documents\winmail.dat
2015-05-19 20:00 - 2009-11-27 01:41 - 00000473 _____ () C:\Users\Balou\Documents\Stefan.vcf
2015-05-19 20:00 - 2009-11-27 01:41 - 00000397 _____ () C:\Users\Balou\Documents\Stefan.vde
2015-05-19 20:00 - 2009-10-08 12:04 - 00001451 _____ () C:\Users\Balou\Documents\sv7cli1455538443.xml
2015-05-19 20:00 - 2009-09-29 10:46 - 01167688 _____ (Microsoft Corporation) C:\Users\Balou\Documents\wlsetup-custom.exe
2015-05-19 20:00 - 2009-06-30 18:37 - 08815552 _____ (Microsoft Corporation) C:\Users\Balou\Documents\windows-kb890830-v2.11.exe
2015-05-19 20:00 - 2009-04-07 09:58 - 00400752 _____ () C:\Users\Balou\Documents\Untitled Page.mht
2015-05-19 20:00 - 2008-11-20 21:19 - 00000891 _____ () C:\Users\Balou\Documents\style.css
2015-05-19 20:00 - 2008-05-22 14:51 - 02404880 _____ (Microsoft Corporation) C:\Users\Balou\Documents\WLinstaller.exe
2015-05-19 20:00 - 2008-04-04 16:45 - 00000359 _____ () C:\Users\Balou\Documents\VolumeConfig.plist
2015-05-19 20:00 - 2008-01-31 20:31 - 02628776 _____ () C:\Users\Balou\Documents\Weitere hilfreiche Features.one
2015-05-19 20:00 - 2008-01-31 20:31 - 00113704 _____ () C:\Users\Balou\Documents\Verschiedenes.one
2015-05-19 20:00 - 2006-10-31 01:00 - 01659904 _____ () C:\Users\Balou\Documents\WordMUI.msi
2015-05-19 20:00 - 2006-10-31 01:00 - 00244936 _____ () C:\Users\Balou\Documents\word12.opa
2015-05-19 20:00 - 2006-10-31 01:00 - 00001799 _____ () C:\Users\Balou\Documents\WordMUI.xml
2015-05-19 19:59 - 2015-05-09 19:09 - 00038976 _____ () C:\Users\Balou\Documents\Selbstauskunft.odt
2015-05-19 19:59 - 2014-04-09 13:24 - 00000812 _____ () C:\Users\Balou\Documents\nestor1.txt
2015-05-19 19:59 - 2014-03-11 21:42 - 00006633 _____ () C:\Users\Balou\Documents\reise xanthi1.txt
2015-05-19 19:59 - 2013-11-11 22:48 - 03843072 _____ (Piriform Ltd) C:\Users\Balou\Documents\rcsetup148.exe
2015-05-19 19:59 - 2013-11-08 21:47 - 00000056 _____ () C:\Users\Balou\Documents\MyData.ini
2015-05-19 19:59 - 2013-10-01 01:55 - 00020992 _____ () C:\Users\Balou\Documents\spenden thaleia.xls
2015-05-19 19:59 - 2013-09-26 20:36 - 00026112 _____ () C:\Users\Balou\Documents\Spendenaufruf Alexandroupolis Futter ab 2011.xls
2015-05-19 19:59 - 2013-03-31 21:10 - 00023706 _____ () C:\Users\Balou\Documents\post von fb asutretung kostas e v.txt
2015-05-19 19:59 - 2012-10-23 02:10 - 00230912 _____ () C:\Users\Balou\Documents\Pflegestellengesuche.pub
2015-05-19 19:59 - 2012-07-17 00:36 - 00539752 _____ () C:\Users\Balou\Documents\ServerLineIndex.dat
2015-05-19 19:59 - 2012-07-17 00:36 - 00118936 _____ () C:\Users\Balou\Documents\ServerNameIndex.dat
2015-05-19 19:59 - 2012-07-17 00:36 - 00000091 _____ () C:\Users\Balou\Documents\PatchFilter.dat
2015-05-19 19:59 - 2012-07-16 17:13 - 00000965 _____ () C:\Users\Balou\Documents\settings.dat
2015-05-19 19:59 - 2012-05-12 20:39 - 00475136 _____ () C:\Users\Balou\Documents\mumble.sqlite
2015-05-19 19:59 - 2012-05-12 20:39 - 00007338 _____ () C:\Users\Balou\Documents\mumble.ini
2015-05-19 19:59 - 2012-05-12 19:51 - 00002385 _____ () C:\Users\Balou\Documents\MumbleAutomaticCertificateBackup.p12
2015-05-19 19:59 - 2012-04-01 23:03 - 04431328 _____ (Thorvald Natvig) C:\Users\Balou\Documents\mumble.exe
2015-05-19 19:59 - 2012-03-29 22:19 - 00001634 _____ () C:\Users\Balou\Documents\Read Me First.txt
2015-05-19 19:59 - 2012-03-29 22:19 - 00001127 _____ () C:\Users\Balou\Documents\release.nfo
2015-05-19 19:59 - 2012-03-29 22:18 - 00012235 _____ () C:\Users\Balou\Documents\signpost_li.txt
2015-05-19 19:59 - 2012-03-29 20:09 - 00000468 _____ () C:\Users\Balou\Documents\restart.dat
2015-05-19 19:59 - 2012-03-28 17:00 - 00121496 _____ () C:\Users\Balou\Documents\Planung.one
2015-05-19 19:59 - 2012-02-15 23:47 - 00004956 _____ () C:\Users\Balou\Documents\OKiTALK_Readme.txt
2015-05-19 19:59 - 2011-12-30 15:25 - 00000008 _____ () C:\Users\Balou\Documents\report.cam
2015-05-19 19:59 - 2011-10-31 18:30 - 00071099 _____ () C:\Users\Balou\Documents\NK Liste fortlaufend 2011 Stand 31.10.2011sofia.xlsx
2015-05-19 19:59 - 2011-09-15 20:35 - 06418238 _____ () C:\Users\Balou\Documents\SSA40032.AVI
2015-05-19 19:59 - 2011-07-22 01:37 - 02012318 _____ () C:\Users\Balou\Documents\nederland.postal
2015-05-19 19:59 - 2011-06-26 15:21 - 106676576 _____ () C:\Users\Balou\Documents\poi.dat
2015-05-19 19:59 - 2011-06-26 15:21 - 00028526 _____ () C:\Users\Balou\Documents\profiles.dat
2015-05-19 19:59 - 2011-05-16 17:23 - 12181425 _____ () C:\Users\Balou\Documents\MOV03740.MPG
2015-05-19 19:59 - 2011-05-16 17:23 - 12181425 _____ () C:\Users\Balou\Documents\MOV03740 (1).MPG
2015-05-19 19:59 - 2011-03-19 20:44 - 14271992 _____ (Google Inc.) C:\Users\Balou\Documents\picasa38-setup.exe
2015-05-19 19:59 - 2011-01-23 13:15 - 00004471 _____ () C:\Users\Balou\Documents\Schutzvertrag TSV ARGOS.txt
2015-05-19 19:59 - 2011-01-22 19:55 - 00938024 _____ () C:\Users\Balou\Documents\Nicht abgelegte Notizen.one
2015-05-19 19:59 - 2011-01-22 16:10 - 00010256 _____ () C:\Users\Balou\Documents\Re _Sofia.txt
2015-05-19 19:59 - 2010-12-19 23:12 - 03325446 _____ () C:\Users\Balou\Documents\MP3-and-WAV-Solutions-Setup.exe
2015-05-19 19:59 - 2010-12-19 18:51 - 00000038 _____ () C:\Users\Balou\Documents\playlist.txt
2015-05-19 19:59 - 2010-12-19 18:51 - 00000030 _____ () C:\Users\Balou\Documents\play.bat
2015-05-19 19:59 - 2010-12-12 21:25 - 00000000 _____ () C:\Users\Balou\Documents\Scannen0016.jpg.crdownload
2015-05-19 19:59 - 2010-09-16 01:26 - 02013568 _____ (Microsoft Corporation) C:\Users\Balou\Documents\PPTVIEW.EXE
2015-05-19 19:59 - 2010-09-05 20:30 - 53785488 _____ () C:\Users\Balou\Documents\setup_av_free_ger50594.exe
2015-05-19 19:59 - 2010-05-29 15:54 - 01959956 _____ () C:\Users\Balou\Documents\MOV02066.3GP
2015-05-19 19:59 - 2010-05-18 01:00 - 00002315 _____ () C:\Users\Balou\Documents\readme.txt
2015-05-19 19:59 - 2010-05-04 18:04 - 00001494 _____ () C:\Users\Balou\Documents\ogg-vorbis_(tremor-variable)_license.txt
2015-05-19 19:59 - 2010-03-04 20:35 - 00237712 _____ (NCH Software) C:\Users\Balou\Documents\prismsetup.exe
2015-05-19 19:59 - 2009-12-24 10:27 - 00026835 _____ () C:\Users\Balou\Documents\qt.txt
2015-05-19 19:59 - 2009-11-21 21:08 - 00836837 _____ () C:\Users\Balou\Documents\small.rar
2015-05-19 19:59 - 2009-10-08 12:04 - 00012162 _____ () C:\Users\Balou\Documents\MessageLog.xsl
2015-05-19 19:59 - 2009-07-04 22:27 - 00000497 _____ () C:\Users\Balou\Documents\server.met.gz
2015-05-19 19:59 - 2009-06-25 17:17 - 06205440 _____ () C:\Users\Balou\Documents\s7119dex.exe
2015-05-19 19:59 - 2009-06-23 12:20 - 21935408 _____ (Apple Inc.) C:\Users\Balou\Documents\QuickTimeInstaller762.exe
2015-05-19 19:59 - 2009-06-21 17:27 - 23710864 _____ (Microsoft Corporation) C:\Users\Balou\Documents\MSNOIE8_DEDE_VIS.EXE
2015-05-19 19:59 - 2009-06-06 21:01 - 01228320 _____ (Adobe Systems Incorporated) C:\Users\Balou\Documents\PRE7_TB_WWEFGJ.exe
2015-05-19 19:59 - 2009-03-22 08:08 - 00000028 _____ () C:\Users\Balou\Documents\qt.conf
2015-05-19 19:59 - 2009-03-12 14:15 - 00001774 _____ () C:\Users\Balou\Documents\speex.txt
2015-05-19 19:59 - 2008-02-13 20:57 - 05473872 _____ (Microsoft Corporation) C:\Users\Balou\Documents\msjavx86.exe
2015-05-19 19:59 - 2008-01-31 20:31 - 00198784 _____ () C:\Users\Balou\Documents\Reisen.one
2015-05-19 19:59 - 2008-01-31 20:31 - 00132496 _____ () C:\Users\Balou\Documents\Recherche.one
2015-05-19 19:59 - 2008-01-31 20:31 - 00112432 _____ () C:\Users\Balou\Documents\Projekt A.one
2015-05-19 19:59 - 2008-01-31 20:31 - 00108824 _____ () C:\Users\Balou\Documents\Projekt B.one
2015-05-19 19:59 - 2008-01-31 20:31 - 00089736 _____ () C:\Users\Balou\Documents\Persönliche Informationen.one
2015-05-19 19:59 - 2008-01-31 20:31 - 00022824 _____ () C:\Users\Balou\Documents\Shopping.one
2015-05-19 19:59 - 2008-01-31 20:31 - 00022608 _____ () C:\Users\Balou\Documents\Rezepte.one
2015-05-19 19:59 - 2006-10-31 01:00 - 02421760 _____ () C:\Users\Balou\Documents\OfficeMUI.msi
2015-05-19 19:59 - 2006-10-31 01:00 - 02030080 _____ () C:\Users\Balou\Documents\OutlookMUI.msi
2015-05-19 19:59 - 2006-10-31 01:00 - 01658880 _____ () C:\Users\Balou\Documents\PublisherMUI.msi
2015-05-19 19:59 - 2006-10-31 01:00 - 01648128 _____ () C:\Users\Balou\Documents\PowerPointMUI.msi
2015-05-19 19:59 - 2006-10-31 01:00 - 01647616 _____ () C:\Users\Balou\Documents\OneNoteMUI.msi
2015-05-19 19:59 - 2006-10-31 01:00 - 00847872 _____ () C:\Users\Balou\Documents\Office64WW.msi
2015-05-19 19:59 - 2006-10-31 01:00 - 00717386 _____ () C:\Users\Balou\Documents\office12.opa
2015-05-19 19:59 - 2006-10-31 01:00 - 00515072 _____ () C:\Users\Balou\Documents\Proof.msi
2015-05-19 19:59 - 2006-10-31 01:00 - 00508416 _____ () C:\Users\Balou\Documents\Office64MUI.msi
2015-05-19 19:59 - 2006-10-31 01:00 - 00506880 _____ () C:\Users\Balou\Documents\Proofing.msi
2015-05-19 19:59 - 2006-10-31 01:00 - 00497936 _____ () C:\Users\Balou\Documents\outlk12.opa
2015-05-19 19:59 - 2006-10-31 01:00 - 00463152 _____ (Microsoft Corporation) C:\Users\Balou\Documents\setup.exe
2015-05-19 19:59 - 2006-10-31 01:00 - 00202490 _____ () C:\Users\Balou\Documents\proj12.opa
2015-05-19 19:59 - 2006-10-31 01:00 - 00145184 _____ (Microsoft Corporation) C:\Users\Balou\Documents\ose.exe
2015-05-19 19:59 - 2006-10-31 01:00 - 00105546 _____ () C:\Users\Balou\Documents\ppt12.opa
2015-05-19 19:59 - 2006-10-31 01:00 - 00101428 _____ () C:\Users\Balou\Documents\onent12.opa
2015-05-19 19:59 - 2006-10-31 01:00 - 00068096 _____ () C:\Users\Balou\Documents\ShellUI.MST
2015-05-19 19:59 - 2006-10-31 01:00 - 00057249 _____ () C:\Users\Balou\Documents\oct.chm
2015-05-19 19:59 - 2006-10-31 01:00 - 00054295 _____ () C:\Users\Balou\Documents\setup.chm
2015-05-19 19:59 - 2006-10-31 01:00 - 00049152 _____ () C:\Users\Balou\Documents\RosebudMUI.msi
2015-05-19 19:59 - 2006-10-31 01:00 - 00032972 _____ () C:\Users\Balou\Documents\pub12.opa
2015-05-19 19:59 - 2006-10-31 01:00 - 00027439 _____ () C:\Users\Balou\Documents\pss10r.chm
2015-05-19 19:59 - 2006-10-31 01:00 - 00016130 _____ () C:\Users\Balou\Documents\spd12.opa
2015-05-19 19:59 - 2006-10-31 01:00 - 00005772 _____ () C:\Users\Balou\Documents\OfficeMUI.xml
2015-05-19 19:59 - 2006-10-31 01:00 - 00002947 _____ () C:\Users\Balou\Documents\OutlookMUI.xml
2015-05-19 19:59 - 2006-10-31 01:00 - 00002582 _____ () C:\Users\Balou\Documents\README.HTM
2015-05-19 19:59 - 2006-10-31 01:00 - 00002310 _____ () C:\Users\Balou\Documents\Office64WW.xml
2015-05-19 19:59 - 2006-10-31 01:00 - 00001780 _____ () C:\Users\Balou\Documents\setup.xml
2015-05-19 19:59 - 2006-10-31 01:00 - 00001554 _____ () C:\Users\Balou\Documents\PowerPointMUI.xml
2015-05-19 19:59 - 2006-10-31 01:00 - 00001470 _____ () C:\Users\Balou\Documents\PublisherMUI.xml
2015-05-19 19:59 - 2006-10-31 01:00 - 00001461 _____ () C:\Users\Balou\Documents\Proof.xml
2015-05-19 19:59 - 2006-10-31 01:00 - 00001360 _____ () C:\Users\Balou\Documents\OneNoteMUI.xml
2015-05-19 19:59 - 2006-10-31 01:00 - 00001027 _____ () C:\Users\Balou\Documents\Office64MUI.xml
2015-05-19 19:59 - 2006-10-31 01:00 - 00000811 _____ () C:\Users\Balou\Documents\RosebudMUI.xml
2015-05-19 19:59 - 2006-10-31 01:00 - 00000807 _____ () C:\Users\Balou\Documents\Proofing.xml
2015-05-19 19:59 - 2006-10-31 01:00 - 00000522 _____ () C:\Users\Balou\Documents\Microsoft.VC80.CRT.manifest
2015-05-19 19:59 - 2006-10-26 20:49 - 00000804 _____ () C:\Users\Balou\Documents\pptview.exe.manifest
2015-05-19 19:59 - 2006-10-05 10:52 - 00004566 _____ () C:\Users\Balou\Documents\PVREADME.HTM
2015-05-19 19:58 - 2014-05-04 20:28 - 00001646 _____ () C:\Users\Balou\Documents\ingDiba.txt
2015-05-19 19:58 - 2013-09-27 12:34 - 00019456 _____ () C:\Users\Balou\Documents\Kafetoulis spenden OP Kosten.xls
2015-05-19 19:58 - 2013-09-27 11:36 - 00021504 _____ () C:\Users\Balou\Documents\Katzen Kastrationen 2013 Spenden.xls
2015-05-19 19:58 - 2012-07-17 00:36 - 00457295 _____ () C:\Users\Balou\Documents\MapServerPatch.dat
2015-05-19 19:58 - 2012-07-17 00:35 - 00051228 _____ () C:\Users\Balou\Documents\lto.dat
2015-05-19 19:58 - 2012-07-15 18:35 - 00014286 _____ () C:\Users\Balou\Documents\mapsettings.cfg
2015-05-19 19:58 - 2012-03-29 22:19 - 00015397 _____ () C:\Users\Balou\Documents\GNU General Public License.txt
2015-05-19 19:58 - 2012-03-29 22:19 - 00000783 _____ () C:\Users\Balou\Documents\MD5_license.txt
2015-05-19 19:58 - 2012-03-29 22:19 - 00000200 _____ () C:\Users\Balou\Documents\GPL-offer.txt
2015-05-19 19:58 - 2012-03-29 22:18 - 00000212 _____ () C:\Users\Balou\Documents\mctx.dat
2015-05-19 19:58 - 2012-03-06 15:20 - 00010754 _____ () C:\Users\Balou\Documents\Logfile.odt
2015-05-19 19:58 - 2011-08-23 15:20 - 00034757 _____ () C:\Users\Balou\Documents\GQ.jar
2015-05-19 19:58 - 2011-08-23 15:20 - 00000142 _____ () C:\Users\Balou\Documents\GQ.ddf
2015-05-19 19:58 - 2011-06-26 15:21 - 00000062 _____ () C:\Users\Balou\Documents\mapinfo.dat
2015-05-19 19:58 - 2011-06-21 15:15 - 00003217 _____ () C:\Users\Balou\Documents\Kündigung Probe Homepage.txt
2015-05-19 19:58 - 2011-04-12 23:38 - 00038470 _____ () C:\Users\Balou\Documents\Kürzlich aktualisiert.mxf
2015-05-19 19:58 - 2011-04-08 23:35 - 00083966 _____ () C:\Users\Balou\Documents\getDoc.do
2015-05-19 19:58 - 2011-03-01 20:32 - 00204336 _____ () C:\Users\Balou\Documents\Max_M_ 04 2005 OK chiens et chats._jpg
2015-05-19 19:58 - 2011-01-12 00:42 - 02853988 _____ () C:\Users\Balou\Documents\GMX-11-01-2011.zip
2015-05-19 19:58 - 2010-12-19 15:13 - 11011656 _____ () C:\Users\Balou\Documents\GER_Version.zip
2015-05-19 19:58 - 2010-03-25 11:27 - 07710141 _____ () C:\Users\Balou\Documents\kynosofio dogs.zip
2015-05-19 19:58 - 2010-03-25 11:23 - 07710141 _____ () C:\Users\Balou\Documents\kynosofio+dogs.zip
2015-05-19 19:58 - 2010-03-09 16:10 - 00588532 _____ () C:\Users\Balou\Documents\Kastrationstransp.10
2015-05-19 19:58 - 2010-03-09 16:09 - 00630270 _____ () C:\Users\Balou\Documents\Kastrationstransp.9
2015-05-19 19:58 - 2010-03-09 16:09 - 00630270 _____ () C:\Users\Balou\Documents\Kastrationstransp.8
2015-05-19 19:58 - 2010-03-09 16:09 - 00597894 _____ () C:\Users\Balou\Documents\Kastrationstransp.7
2015-05-19 19:58 - 2010-03-09 16:08 - 00624584 _____ () C:\Users\Balou\Documents\Kastrationstransp.6
2015-05-19 19:58 - 2010-02-27 18:34 - 02110728 _____ (Facebook, Inc.) C:\Users\Balou\Documents\Install_Facebook_Plug-In_1.0.3.exe
2015-05-19 19:58 - 2009-11-27 01:41 - 00885890 _____ () C:\Users\Balou\Documents\LesGermanComp.txt
2015-05-19 19:58 - 2009-11-27 01:41 - 00306176 _____ () C:\Users\Balou\Documents\German.dbl
2015-05-19 19:58 - 2009-11-27 01:41 - 00004069 _____ () C:\Users\Balou\Documents\GermanTT.rex
2015-05-19 19:58 - 2009-11-27 01:41 - 00000475 _____ () C:\Users\Balou\Documents\Katrin.vcf
2015-05-19 19:58 - 2009-11-27 01:41 - 00000398 _____ () C:\Users\Balou\Documents\Katrin.vde
2015-05-19 19:58 - 2009-11-27 01:41 - 00000364 _____ () C:\Users\Balou\Documents\German.lde
2015-05-19 19:58 - 2009-11-27 01:41 - 00000193 _____ () C:\Users\Balou\Documents\German.lcf
2015-05-19 19:58 - 2009-11-27 01:41 - 00000043 _____ () C:\Users\Balou\Documents\LicenseCode7.txt
2015-05-19 19:58 - 2009-11-27 01:37 - 00348160 _____ () C:\Users\Balou\Documents\InstallTomTomHOME.exe
2015-05-19 19:58 - 2009-10-27 11:46 - 04745072 _____ (GMX GmbH) C:\Users\Balou\Documents\gmx_profifax.exe
2015-05-19 19:58 - 2009-10-02 14:12 - 00001024 _____ () C:\Users\Balou\Documents\hbedv.key
2015-05-19 19:58 - 2009-06-30 14:45 - 00207626 _____ () C:\Users\Balou\Documents\IE8-Windows6.0-KB968220-x86.msu
2015-05-19 19:58 - 2009-02-28 17:44 - 00018351 _____ () C:\Users\Balou\Documents\licence.txt
2015-05-19 19:58 - 2008-11-05 20:47 - 04486176 _____ (maxdome ) C:\Users\Balou\Documents\maxdome-setup.exe
2015-05-19 19:58 - 2008-06-19 16:26 - 00012796 _____ () C:\Users\Balou\Documents\index.php
2015-05-19 19:58 - 2008-02-12 19:00 - 01722816 _____ (1&1 Internet AG) C:\Users\Balou\Documents\gmx_sms_manager.exe
2015-05-19 19:58 - 2008-02-10 15:32 - 00382352 _____ (Sun Microsystems, Inc.) C:\Users\Balou\Documents\jre-6u3-windows-i586-p-iftw.exe
2015-05-19 19:58 - 2007-03-23 18:32 - 00022657 _____ () C:\Users\Balou\Documents\Installer.icns
2015-05-19 19:58 - 2007-03-23 18:32 - 00017546 _____ () C:\Users\Balou\Documents\Installer.data
2015-05-19 19:58 - 2007-03-23 18:32 - 00000873 _____ () C:\Users\Balou\Documents\Info.plist
2015-05-19 19:58 - 2006-11-15 08:46 - 00012576 _____ () C:\Users\Balou\Documents\hs.txt
2015-05-19 19:58 - 2006-10-31 01:00 - 02369024 _____ () C:\Users\Balou\Documents\InfoPathMUI.msi
2015-05-19 19:58 - 2006-10-31 01:00 - 01653248 _____ () C:\Users\Balou\Documents\GrooveMUI.msi
2015-05-19 19:58 - 2006-10-31 01:00 - 00132876 _____ () C:\Users\Balou\Documents\inf12.opa
2015-05-19 19:58 - 2006-10-31 01:00 - 00009172 _____ () C:\Users\Balou\Documents\ic12.opa
2015-05-19 19:58 - 2006-10-31 01:00 - 00004573 _____ () C:\Users\Balou\Documents\InfoPathMUI.xml
2015-05-19 19:58 - 2006-10-31 01:00 - 00003900 _____ () C:\Users\Balou\Documents\groove12.opa
2015-05-19 19:58 - 2006-10-31 01:00 - 00001646 _____ () C:\Users\Balou\Documents\ID_00030.DPC
2015-05-19 19:58 - 2006-10-31 01:00 - 00000914 _____ () C:\Users\Balou\Documents\GrooveMUI.xml
2015-05-19 19:58 - 2000-02-24 23:16 - 00000048 _____ () C:\Users\Balou\Documents\MapUserPatch.dat
2015-05-19 19:57 - 2013-11-07 00:40 - 00001085 _____ () C:\Users\Balou\Documents\CyberLink YouCam(Webcam).lnk
2015-05-19 19:57 - 2012-07-17 00:35 - 00000017 _____ () C:\Users\Balou\Documents\ee_meta.txt
2015-05-19 19:57 - 2012-07-15 19:27 - 00000032 _____ () C:\Users\Balou\Documents\currentmap.dat
2015-05-19 19:57 - 2012-05-12 20:37 - 00215862 _____ () C:\Users\Balou\Documents\Console.txt
2015-05-19 19:57 - 2012-04-19 20:20 - 00000669 _____ () C:\Users\Balou\Documents\derefer.htm
2015-05-19 19:57 - 2012-03-29 22:18 - 06645751 _____ () C:\Users\Balou\Documents\data.chk
2015-05-19 19:57 - 2012-03-29 22:18 - 05119621 _____ () C:\Users\Balou\Documents\data_lim.chk
2015-05-19 19:57 - 2012-03-29 22:18 - 03205205 _____ () C:\Users\Balou\Documents\data_lis.chk
2015-05-19 19:57 - 2012-03-29 22:18 - 01441978 _____ () C:\Users\Balou\Documents\data_im2.chk
2015-05-19 19:57 - 2012-03-29 22:18 - 01219120 _____ () C:\Users\Balou\Documents\data_is2.chk
2015-05-19 19:57 - 2012-03-29 22:18 - 00347596 _____ () C:\Users\Balou\Documents\data_ts.chk
2015-05-19 19:57 - 2012-03-29 22:18 - 00075601 _____ () C:\Users\Balou\Documents\data_ra.chk
2015-05-19 19:57 - 2012-03-29 22:18 - 00012251 _____ () C:\Users\Balou\Documents\data_sp.chk
2015-05-19 19:57 - 2011-12-30 19:04 - 00713368 _____ () C:\Users\Balou\Documents\DVSUninstall.exe
2015-05-19 19:57 - 2011-12-12 20:49 - 00000018 _____ () C:\Users\Balou\Documents\CurrentLocation.dat
2015-05-19 19:57 - 2011-10-22 21:06 - 00020531 _____ () C:\Users\Balou\Documents\Corona.qss
2015-05-19 19:57 - 2011-08-02 16:17 - 00019955 _____ () C:\Users\Balou\Documents\FreeYouTubeToMP3ConverterProfile.xml
2015-05-19 19:57 - 2011-06-26 15:21 - 30216690 _____ () C:\Users\Balou\Documents\cphoneme.dat
2015-05-19 19:57 - 2011-06-26 15:21 - 20264329 _____ () C:\Users\Balou\Documents\crpoi.dat
2015-05-19 19:57 - 2011-06-26 15:21 - 181637972 _____ () C:\Users\Balou\Documents\cnode.dat
2015-05-19 19:57 - 2011-06-26 15:21 - 165445440 _____ () C:\Users\Balou\Documents\faces.dat
2015-05-19 19:57 - 2011-06-26 15:21 - 115179727 _____ () C:\Users\Balou\Documents\cname.dat
2015-05-19 19:57 - 2011-06-26 15:21 - 00004376 _____ () C:\Users\Balou\Documents\faces.met
2015-05-19 19:57 - 2011-06-22 22:18 - 00032162 _____ () C:\Users\Balou\Documents\FreeDVDVideoConverter_setup.txt
2015-05-19 19:57 - 2011-06-12 18:33 - 05639886 _____ () C:\Users\Balou\Documents\dogs+helpe.rar
2015-05-19 19:57 - 2011-06-12 18:29 - 02037336 _____ () C:\Users\Balou\Documents\example.rar
2015-05-19 19:57 - 2011-06-11 19:32 - 05639886 _____ () C:\Users\Balou\Documents\dogs helpe.rar
2015-05-19 19:57 - 2011-02-15 18:38 - 00000000 _____ () C:\Users\Balou\Documents\fax (1).txt
2015-05-19 19:57 - 2011-02-13 16:59 - 15867904 _____ () C:\Users\Balou\Documents\EpsonStylusSX420W.exe
2015-05-19 19:57 - 2010-12-07 16:51 - 00836042 _____ () C:\Users\Balou\Documents\data02.chk
2015-05-19 19:57 - 2010-12-07 16:51 - 00829418 _____ () C:\Users\Balou\Documents\data01.chk
2015-05-19 19:57 - 2010-12-07 16:51 - 00000058 _____ () C:\Users\Balou\Documents\data01.vif
2015-05-19 19:57 - 2010-12-07 16:51 - 00000054 _____ () C:\Users\Balou\Documents\data02.vif
2015-05-19 19:57 - 2010-11-17 13:19 - 00005731 _____ () C:\Users\Balou\Documents\FreeVideoToMP3ConverterProfile.xml
2015-05-19 19:57 - 2010-05-04 18:05 - 00781411 _____ () C:\Users\Balou\Documents\data34.chk
2015-05-19 19:57 - 2010-05-04 18:05 - 00752633 _____ () C:\Users\Balou\Documents\data35.chk
2015-05-19 19:57 - 2010-05-04 18:05 - 00707939 _____ () C:\Users\Balou\Documents\data39.chk
2015-05-19 19:57 - 2010-05-04 18:05 - 00000067 _____ () C:\Users\Balou\Documents\data34.vif
2015-05-19 19:57 - 2010-05-04 18:05 - 00000061 _____ () C:\Users\Balou\Documents\data35.vif
2015-05-19 19:57 - 2010-05-04 18:05 - 00000059 _____ () C:\Users\Balou\Documents\data39.vif
2015-05-19 19:57 - 2009-12-05 18:43 - 01927168 _____ () C:\Users\Balou\Documents\FreeTranslatorSetup_1.94.msi
2015-05-19 19:57 - 2009-11-27 01:41 - 00000781 _____ () C:\Users\Balou\Documents\default7.session
2015-05-19 19:57 - 2008-04-04 16:45 - 00000258 _____ () C:\Users\Balou\Documents\Exclusions.plist
2015-05-19 19:57 - 2008-01-31 20:34 - 02546760 _____ () C:\Users\Balou\Documents\Erste Schritte mit OneNote.one
2015-05-19 19:57 - 2008-01-26 20:12 - 00287240 _____ (Microsoft Corporation) C:\Users\Balou\Documents\dxwebsetup.exe
2015-05-19 19:57 - 2008-01-26 19:52 - 67160149 _____ () C:\Users\Balou\Documents\directx_nov2007_redist.zip
2015-05-19 19:57 - 2006-10-31 01:00 - 18183680 _____ () C:\Users\Balou\Documents\EnterpriseWW.msi
2015-05-19 19:57 - 2006-10-31 01:00 - 01756160 _____ () C:\Users\Balou\Documents\ExcelMUI.msi
2015-05-19 19:57 - 2006-10-31 01:00 - 01323033 _____ () C:\Users\Balou\Documents\files12.cat
2015-05-19 19:57 - 2006-10-31 01:00 - 00813384 _____ (Microsoft Corporation) C:\Users\Balou\Documents\DW20.EXE
2015-05-19 19:57 - 2006-10-31 01:00 - 00434528 _____ (Microsoft Corporation) C:\Users\Balou\Documents\dwtrig20.exe
2015-05-19 19:57 - 2006-10-31 01:00 - 00152834 _____ () C:\Users\Balou\Documents\excel12.opa
2015-05-19 19:57 - 2006-10-31 01:00 - 00027276 _____ () C:\Users\Balou\Documents\cpao12.opa
2015-05-19 19:57 - 2006-10-31 01:00 - 00016711 _____ () C:\Users\Balou\Documents\EnterpriseWW.xml
2015-05-19 19:57 - 2006-10-31 01:00 - 00001921 _____ () C:\Users\Balou\Documents\ExcelMUI.xml
2015-05-19 19:57 - 2006-10-31 01:00 - 00000952 _____ () C:\Users\Balou\Documents\config.xml
2015-05-19 19:56 - 2015-05-19 19:56 - 00000000 ____D () C:\Users\Balou\Documents\Youcam
2015-05-19 19:56 - 2015-05-19 19:56 - 00000000 ____D () C:\Users\Balou\Documents\Wir gehen auf die Reise nach Alexandroupolis
2015-05-19 19:56 - 2015-05-19 19:56 - 00000000 ____D () C:\Users\Balou\Documents\Tierheim Alexandroupolis Hilfe
2015-05-19 19:56 - 2015-05-19 19:56 - 00000000 ____D () C:\Users\Balou\Documents\Picasa HTML Exports
2015-05-19 19:56 - 2015-05-19 19:56 - 00000000 ____D () C:\Users\Balou\Documents\Picasa
2015-05-19 19:56 - 2015-05-19 19:56 - 00000000 ____D () C:\Users\Balou\Documents\OneNote-Notizbücher
2015-05-19 19:56 - 2015-05-19 19:56 - 00000000 ____D () C:\Users\Balou\Documents\Office 2007
2015-05-19 19:56 - 2015-05-19 19:56 - 00000000 ____D () C:\Users\Balou\Documents\Neue Spenden heute
2015-05-19 19:56 - 2015-05-19 19:56 - 00000000 ____D () C:\Users\Balou\Documents\neue Pakete
2015-05-19 19:56 - 2015-05-19 19:56 - 00000000 ____D () C:\Users\Balou\Documents\My PSP Files
2015-05-19 19:56 - 2015-05-19 19:56 - 00000000 ____D () C:\Users\Balou\Documents\Meine empfangenen Dateien
2015-05-19 19:56 - 2015-05-19 19:56 - 00000000 ____D () C:\Users\Balou\Documents\Freemake
2015-05-19 19:56 - 2015-05-19 19:56 - 00000000 ____D () C:\Users\Balou\Documents\Fax
2015-05-19 19:56 - 2015-05-19 19:56 - 00000000 ____D () C:\Users\Balou\Documents\auswahl
2015-05-19 19:56 - 2015-05-19 19:56 - 00000000 ____D () C:\Users\Balou\Documents\2011-02-10
2015-05-19 19:56 - 2015-05-19 19:56 - 00000000 ____D () C:\Users\Balou\Documents\2011-01-24
2015-05-19 19:56 - 2015-02-22 16:05 - 00000124 _____ () C:\Users\Balou\Documents\.picasa.ini
2015-05-19 19:56 - 2014-10-07 21:07 - 00005711 _____ () C:\Users\Balou\Documents\~WRD0003.tmp
2015-05-19 19:56 - 2014-02-22 15:53 - 00000420 _____ () C:\Users\Balou\Documents\Bella Xanthi.txt
2015-05-19 19:56 - 2014-01-01 18:54 - 00004796 _____ () C:\Users\Balou\Documents\cc_20140101_175404.reg
2015-05-19 19:56 - 2013-12-11 01:53 - 00022616 _____ () C:\Users\Balou\Documents\cc_20131211_005018.reg
2015-05-19 19:56 - 2013-11-21 19:47 - 00000000 ____D () C:\Users\Balou\Documents\lt_NetrixLoadHtml_1aca60cad1b54647ba7bf39d0eaddb17_ln_src
2015-05-19 19:56 - 2012-07-17 00:37 - 00000149 _____ () C:\Users\Balou\Documents\Backup Info.ini
2015-05-19 19:56 - 2012-07-16 17:13 - 00000001 _____ () C:\Users\Balou\Documents\allowtrip.dat
2015-05-19 19:56 - 2012-07-15 19:29 - 00082264 _____ () C:\Users\Balou\Documents\cbee.cbee
2015-05-19 19:56 - 2012-06-02 21:46 - 00000081 _____ () C:\Users\Balou\Documents\a93c85dc1f57a8d92045ae622ccfdb03.tmp.meta
2015-05-19 19:56 - 2012-03-01 13:59 - 00065510 _____ () C:\Users\Balou\Documents\Alexandroupolis neu.wlmp
2015-05-19 19:56 - 2012-02-18 03:58 - 00017956 _____ () C:\Users\Balou\Documents\2_Sachzuwendungen-§-10b-§-5-Abs-1-Nr-9.odt
2015-05-19 19:56 - 2012-02-02 02:25 - 00021097 _____ () C:\Users\Balou\Documents\Annette Feldmann.dotx
2015-05-19 19:56 - 2011-07-27 14:59 - 00000051 _____ () C:\Users\Balou\Documents\bootloaderversion.txt
2015-05-19 19:56 - 2011-06-26 15:21 - 681154498 _____ () C:\Users\Balou\Documents\cline.dat
2015-05-19 19:56 - 2011-06-26 15:21 - 00364998 _____ () C:\Users\Balou\Documents\Central_Europe-386.meta
2015-05-19 19:56 - 2011-06-16 14:23 - 00065152 _____ () C:\Users\Balou\Documents\Arbeitserlaubnis GR.tif
2015-05-19 19:56 - 2011-05-26 17:11 - 00640420 _____ () C:\Users\Balou\Documents\Certificate 120 according EU directive 78-1027 from 18.12.1978.rar
2015-05-19 19:56 - 2011-05-26 17:11 - 00606978 _____ () C:\Users\Balou\Documents\Certificate 121 for good repute according EU directive 78-1027 from 18.12.1978.rar
2015-05-19 19:56 - 2011-05-26 17:11 - 00606978 _____ () C:\Users\Balou\Documents\Certificate 121 for good repute according EU directive 78-1027 from 18.12.1978 (1).rar
2015-05-19 19:56 - 2011-05-26 17:11 - 00409825 _____ () C:\Users\Balou\Documents\Certificate Member of Bulgarian veterinary union BG.pdf.rar
2015-05-19 19:56 - 2011-05-26 17:11 - 00110412 _____ () C:\Users\Balou\Documents\Certificate veterinary practice registration (1).rar
2015-05-19 19:56 - 2011-05-26 17:10 - 00110412 _____ () C:\Users\Balou\Documents\Certificate veterinary practice registration.rar
2015-05-19 19:56 - 2010-03-08 18:19 - 18491899 _____ () C:\Users\Balou\Documents\Alex.Kastr.2.rar
2015-05-19 19:56 - 2009-09-18 21:53 - 00020060 _____ () C:\Users\Balou\Documents\cc_20090918_215319.reg
2015-05-19 19:56 - 2009-06-08 20:49 - 26102774 _____ () C:\Users\Balou\Documents\ArbzWolf_bearbeitet-1.psd
2015-05-19 19:56 - 2009-06-08 20:48 - 26102696 _____ () C:\Users\Balou\Documents\AbschlBeruf_bearbeitet-1.psd
2015-05-19 19:56 - 2009-06-01 20:26 - 00146954 _____ () C:\Users\Balou\Documents\cc_20090601_202608.reg
2015-05-19 19:56 - 2008-01-31 20:38 - 00188520 _____ () C:\Users\Balou\Documents\Besprechungsnotizen.one
2015-05-19 19:56 - 2008-01-31 20:31 - 00025392 _____ () C:\Users\Balou\Documents\Bücher, Filme und Musik.one
2015-05-19 19:56 - 2008-01-31 20:31 - 00025056 _____ () C:\Users\Balou\Documents\Aufgabe.one
2015-05-19 19:56 - 2008-01-27 13:14 - 05146248 _____ () C:\Users\Balou\Documents\Card Reader TI Driver 2.0.0.6q.zip
2015-05-19 19:56 - 2008-01-26 15:42 - 02110176 _____ () C:\Users\Balou\Documents\Chipset_Intel_8.2.0.1012.zip
2015-05-19 19:56 - 2008-01-26 15:01 - 06434146 _____ () C:\Users\Balou\Documents\Card Reader TI Ver.2.0.0.8.zip
2015-05-19 19:56 - 2007-03-23 18:32 - 00000082 _____ () C:\Users\Balou\Documents\._PkgInfo
2015-05-19 19:56 - 2007-03-23 18:32 - 00000082 _____ () C:\Users\Balou\Documents\._Info.plist
2015-05-19 19:56 - 2006-10-31 01:00 - 01660416 _____ () C:\Users\Balou\Documents\AccessMUI.msi
2015-05-19 19:56 - 2006-10-31 01:00 - 00685452 _____ () C:\Users\Balou\Documents\branding.xml
2015-05-19 19:56 - 2006-10-31 01:00 - 00054216 _____ () C:\Users\Balou\Documents\access12.opa
2015-05-19 19:56 - 2006-10-31 01:00 - 00001345 _____ () C:\Users\Balou\Documents\AccessMUI.xml
2015-05-19 19:52 - 2015-05-19 19:52 - 00000000 ____D () C:\Users\Balou\AppData\Roaming\Hewlett-Packard
2015-05-19 19:50 - 2015-05-19 19:50 - 00000000 ____D () C:\Users\Balou\AppData\Roaming\ATI
2015-05-19 19:50 - 2015-05-19 19:50 - 00000000 ____D () C:\Users\Balou\AppData\Local\ATI
2015-05-19 19:50 - 2015-05-19 19:50 - 00000000 ____D () C:\Users\Balou\AppData\Local\AMD
2015-05-19 19:49 - 2015-05-26 19:13 - 00000000 ____D () C:\Users\Balou\AppData\Roaming\Apple Computer
2015-05-19 19:49 - 2015-05-24 15:28 - 00003918 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{9986F82E-611B-4248-B13F-93ECEC82A8FA}
2015-05-19 19:49 - 2015-05-19 20:39 - 00000000 ____D () C:\Users\Balou\AppData\Roaming\Adobe
2015-05-19 19:49 - 2015-05-19 19:49 - 00109296 _____ () C:\Users\Balou\AppData\Local\GDIPFONTCACHEV1.DAT
2015-05-19 19:49 - 2015-05-19 19:49 - 00001381 _____ () C:\Users\Balou\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-05-19 19:49 - 2015-05-19 19:49 - 00000000 ____D () C:\Users\Balou\AppData\Roaming\Synaptics
2015-05-19 19:49 - 2015-05-19 19:49 - 00000000 ____D () C:\Users\Balou\AppData\Roaming\hpqLog
2015-05-19 19:49 - 2015-05-19 19:49 - 00000000 ____D () C:\Users\Balou\AppData\Roaming\Epson
2015-05-19 19:48 - 2015-05-27 08:42 - 00000000 ____D () C:\Users\Balou
2015-05-19 19:48 - 2015-05-19 20:42 - 00000000 ____D () C:\Users\Balou\AppData\Local\Google
2015-05-19 19:48 - 2015-05-19 19:48 - 00000020 ___SH () C:\Users\Balou\ntuser.ini
2015-05-19 19:48 - 2015-05-19 19:48 - 00000000 _SHDL () C:\Users\Balou\Vorlagen
2015-05-19 19:48 - 2015-05-19 19:48 - 00000000 _SHDL () C:\Users\Balou\Startmenü
2015-05-19 19:48 - 2015-05-19 19:48 - 00000000 _SHDL () C:\Users\Balou\Netzwerkumgebung
2015-05-19 19:48 - 2015-05-19 19:48 - 00000000 _SHDL () C:\Users\Balou\Lokale Einstellungen
2015-05-19 19:48 - 2015-05-19 19:48 - 00000000 _SHDL () C:\Users\Balou\Eigene Dateien
2015-05-19 19:48 - 2015-05-19 19:48 - 00000000 _SHDL () C:\Users\Balou\Druckumgebung
2015-05-19 19:48 - 2015-05-19 19:48 - 00000000 _SHDL () C:\Users\Balou\Documents\Eigene Musik
2015-05-19 19:48 - 2015-05-19 19:48 - 00000000 _SHDL () C:\Users\Balou\Documents\Eigene Bilder
2015-05-19 19:48 - 2015-05-19 19:48 - 00000000 _SHDL () C:\Users\Balou\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2015-05-19 19:48 - 2015-05-19 19:48 - 00000000 _SHDL () C:\Users\Balou\AppData\Local\Verlauf
2015-05-19 19:48 - 2015-05-19 19:48 - 00000000 _SHDL () C:\Users\Balou\AppData\Local\Anwendungsdaten
2015-05-19 19:48 - 2015-05-19 19:48 - 00000000 _SHDL () C:\Users\Balou\Anwendungsdaten
2015-05-19 19:48 - 2015-05-19 19:48 - 00000000 ____D () C:\Users\Balou\AppData\Local\VirtualStore
2015-05-19 19:48 - 2013-09-02 20:32 - 00000000 ____D () C:\Users\Balou\AppData\Roaming\Macromedia
2015-05-19 19:48 - 2013-06-25 15:35 - 00000000 ____D () C:\Users\Balou\AppData\LocalGoogle
2015-05-19 19:48 - 2012-05-09 01:59 - 00000000 ____D () C:\Users\Balou\AppData\Local\Microsoft Help
2015-05-19 19:48 - 2009-07-14 06:54 - 00000000 ___RD () C:\Users\Balou\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2015-05-19 19:48 - 2009-07-14 06:49 - 00000000 ___RD () C:\Users\Balou\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2015-05-19 17:37 - 2015-05-19 17:37 - 21546080 _____ (Malwarebytes Corporation ) C:\Users\adriana\Downloads\mbam-setup-2.1.6.1022.exe
2015-05-19 17:23 - 2015-05-19 17:23 - 02209792 _____ () C:\Users\adriana\Downloads\AdwCleaner_4.204.exe
2015-05-19 17:12 - 2015-05-27 08:43 - 00000000 ____D () C:\FRST
2015-05-19 12:00 - 2015-05-19 12:00 - 00003328 _____ () C:\Windows\System32\Tasks\SpyHunter4Startup
2015-05-19 12:00 - 2015-05-19 12:00 - 00001047 _____ () C:\Users\adriana\Desktop\SpyHunter.lnk
2015-05-19 12:00 - 2015-05-19 12:00 - 00000000 ____D () C:\Users\adriana\AppData\Roaming\Enigma Software Group
2015-05-19 11:59 - 2015-05-19 11:59 - 00022704 _____ () C:\Windows\system32\Drivers\EsgScanner.sys
2015-05-18 17:11 - 2015-05-18 17:11 - 00604014 _____ () C:\Users\adriana\Downloads\Fragebogen Albeck 16.05.15_002(1).jpeg
2015-05-18 17:11 - 2015-05-18 17:11 - 00335211 _____ () C:\Users\adriana\Downloads\Fragebogen Albeck 16.05.15_003(1).jpeg
2015-05-18 17:10 - 2015-05-18 17:10 - 00622256 _____ () C:\Users\adriana\Downloads\Fragebogen Albeck 16.05.15_001(1).jpeg
2015-05-18 17:10 - 2015-05-18 17:10 - 00616423 _____ () C:\Users\adriana\Downloads\Fragebogen Albeck 16.05.15(1).jpeg
2015-05-17 18:46 - 2015-05-17 18:46 - 00604014 _____ () C:\Users\adriana\Downloads\Fragebogen Albeck 16.05.15_002.jpeg
2015-05-17 18:45 - 2015-05-17 18:45 - 00622256 _____ () C:\Users\adriana\Downloads\Fragebogen Albeck 16.05.15_001.jpeg
2015-05-17 18:45 - 2015-05-17 18:45 - 00616423 _____ () C:\Users\adriana\Downloads\Fragebogen Albeck 16.05.15.jpeg
2015-05-17 18:45 - 2015-05-17 18:45 - 00335211 _____ () C:\Users\adriana\Downloads\Fragebogen Albeck 16.05.15_003.jpeg
2015-05-16 13:07 - 2015-04-30 17:50 - 23308160 _____ (TomTom International B.V.) C:\Users\adriana\Downloads\InstallMyDriveConnect_4_0_2_2123.exe
2015-05-15 23:41 - 2015-05-15 23:41 - 00014573 _____ () C:\Users\adriana\Downloads\Brief Xanthi
2015-05-15 14:43 - 2015-05-27 08:33 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-05-13 13:08 - 2015-05-01 15:17 - 00124112 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
2015-05-13 13:08 - 2015-05-01 15:16 - 00102608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2015-05-13 09:25 - 2015-05-05 03:29 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-05-13 09:25 - 2015-05-05 03:12 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-05-13 09:25 - 2015-04-18 05:10 - 00460800 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2015-05-13 09:25 - 2015-04-18 04:56 - 00342016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2015-05-13 09:24 - 2015-04-27 21:28 - 05569984 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-05-13 09:24 - 2015-04-27 21:26 - 01728960 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2015-05-13 09:24 - 2015-04-27 21:23 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-05-13 09:24 - 2015-04-27 21:23 - 01254400 _____ (Microsoft Corporation) C:\Windows\system32\diagtrack.dll
2015-05-13 09:24 - 2015-04-27 21:23 - 01162752 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2015-05-13 09:24 - 2015-04-27 21:23 - 00879104 _____ (Microsoft Corporation) C:\Windows\system32\tdh.dll
2015-05-13 09:24 - 2015-04-27 21:23 - 00879104 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2015-05-13 09:24 - 2015-04-27 21:23 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2015-05-13 09:24 - 2015-04-27 21:23 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-05-13 09:24 - 2015-04-27 21:23 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2015-05-13 09:24 - 2015-04-27 21:22 - 00404992 _____ (Microsoft Corporation) C:\Windows\system32\tracerpt.exe
2015-05-13 09:24 - 2015-04-27 21:11 - 03989440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-05-13 09:24 - 2015-04-27 21:11 - 03934144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-05-13 09:24 - 2015-04-27 21:08 - 01310744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2015-05-13 09:24 - 2015-04-27 21:05 - 00635392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdh.dll
2015-05-13 09:24 - 2015-04-27 21:04 - 00641536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2015-05-13 09:24 - 2015-04-27 21:04 - 00364544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tracerpt.exe
2015-05-13 09:24 - 2015-04-27 21:03 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2015-05-13 09:24 - 2015-04-27 20:06 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\UtcResources.dll
2015-05-13 09:24 - 2015-04-22 04:28 - 00389840 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-05-13 09:24 - 2015-04-22 03:48 - 00342736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-05-13 09:24 - 2015-04-21 19:14 - 24971776 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-05-13 09:24 - 2015-04-21 19:08 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-05-13 09:24 - 2015-04-21 19:07 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-05-13 09:24 - 2015-04-21 18:51 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-05-13 09:24 - 2015-04-21 18:50 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-05-13 09:24 - 2015-04-21 18:50 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-05-13 09:24 - 2015-04-21 18:50 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-05-13 09:24 - 2015-04-21 18:49 - 02885120 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-05-13 09:24 - 2015-04-21 18:48 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-05-13 09:24 - 2015-04-21 18:41 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-05-13 09:24 - 2015-04-21 18:40 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-05-13 09:24 - 2015-04-21 18:37 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-05-13 09:24 - 2015-04-21 18:35 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-05-13 09:24 - 2015-04-21 18:35 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-05-13 09:24 - 2015-04-21 18:35 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-05-13 09:24 - 2015-04-21 18:34 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-05-13 09:24 - 2015-04-21 18:31 - 06025728 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-05-13 09:24 - 2015-04-21 18:26 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-05-13 09:24 - 2015-04-21 18:25 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-05-13 09:24 - 2015-04-21 18:24 - 19691008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-05-13 09:24 - 2015-04-21 18:22 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-05-13 09:24 - 2015-04-21 18:14 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-05-13 09:24 - 2015-04-21 18:11 - 00504320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-05-13 09:24 - 2015-04-21 18:11 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2015-05-13 09:24 - 2015-04-21 18:10 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2015-05-13 09:24 - 2015-04-21 18:09 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2015-05-13 09:24 - 2015-04-21 18:09 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-05-13 09:24 - 2015-04-21 18:08 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-05-13 09:24 - 2015-04-21 18:08 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-05-13 09:24 - 2015-04-21 18:05 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-05-13 09:24 - 2015-04-21 18:04 - 02278400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-05-13 09:24 - 2015-04-21 18:03 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-05-13 09:24 - 2015-04-21 18:02 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2015-05-13 09:24 - 2015-04-21 18:00 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-05-13 09:24 - 2015-04-21 17:58 - 00664576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2015-05-13 09:24 - 2015-04-21 17:58 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-05-13 09:24 - 2015-04-21 17:57 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2015-05-13 09:24 - 2015-04-21 17:49 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-05-13 09:24 - 2015-04-21 17:49 - 00720384 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-05-13 09:24 - 2015-04-21 17:48 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-05-13 09:24 - 2015-04-21 17:47 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-05-13 09:24 - 2015-04-21 17:46 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-05-13 09:24 - 2015-04-21 17:43 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-05-13 09:24 - 2015-04-21 17:40 - 14401536 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-05-13 09:24 - 2015-04-21 17:39 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2015-05-13 09:24 - 2015-04-21 17:38 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-05-13 09:24 - 2015-04-21 17:36 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-05-13 09:24 - 2015-04-21 17:31 - 04305920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-05-13 09:24 - 2015-04-21 17:27 - 02352128 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-05-13 09:24 - 2015-04-21 17:26 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-05-13 09:24 - 2015-04-21 17:25 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-05-13 09:24 - 2015-04-21 17:24 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2015-05-13 09:24 - 2015-04-21 17:17 - 12828672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-05-13 09:24 - 2015-04-21 17:15 - 01547264 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-05-13 09:24 - 2015-04-21 17:03 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-05-13 09:24 - 2015-04-21 17:02 - 01882112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-05-13 09:24 - 2015-04-21 16:58 - 01310208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-05-13 09:24 - 2015-04-21 16:56 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-05-13 09:24 - 2015-04-13 05:28 - 00328704 _____ (Microsoft Corporation) C:\Windows\system32\services.exe
2015-05-13 09:23 - 2015-04-27 21:28 - 00155584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-05-13 09:23 - 2015-04-27 21:28 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-05-13 09:23 - 2015-04-27 21:23 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-05-13 09:23 - 2015-04-27 21:23 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-05-13 09:23 - 2015-04-27 21:23 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2015-05-13 09:23 - 2015-04-27 21:23 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-05-13 09:23 - 2015-04-27 21:23 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2015-05-13 09:23 - 2015-04-27 21:23 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-05-13 09:23 - 2015-04-27 21:23 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-05-13 09:23 - 2015-04-27 21:23 - 00113664 _____ (Microsoft Corporation) C:\Windows\system32\sechost.dll
2015-05-13 09:23 - 2015-04-27 21:23 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-05-13 09:23 - 2015-04-27 21:23 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-05-13 09:23 - 2015-04-27 21:23 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2015-05-13 09:23 - 2015-04-27 21:23 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-05-13 09:23 - 2015-04-27 21:23 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-05-13 09:23 - 2015-04-27 21:23 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-05-13 09:23 - 2015-04-27 21:23 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2015-05-13 09:23 - 2015-04-27 21:23 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2015-05-13 09:23 - 2015-04-27 21:22 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2015-05-13 09:23 - 2015-04-27 21:22 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-05-13 09:23 - 2015-04-27 21:22 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2015-05-13 09:23 - 2015-04-27 21:22 - 00104448 _____ (Microsoft Corporation) C:\Windows\system32\logman.exe
2015-05-13 09:23 - 2015-04-27 21:22 - 00047104 _____ (Microsoft Corporation) C:\Windows\system32\typeperf.exe
2015-05-13 09:23 - 2015-04-27 21:22 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\relog.exe
2015-05-13 09:23 - 2015-04-27 21:22 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-05-13 09:23 - 2015-04-27 21:22 - 00019456 _____ (Microsoft Corporation) C:\Windows\system32\diskperf.exe
2015-05-13 09:23 - 2015-04-27 21:21 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-05-13 09:23 - 2015-04-27 21:18 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-05-13 09:23 - 2015-04-27 21:18 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-05-13 09:23 - 2015-04-27 21:16 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-05-13 09:23 - 2015-04-27 21:16 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2015-05-13 09:23 - 2015-04-27 21:16 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2015-05-13 09:23 - 2015-04-27 21:16 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2015-05-13 09:23 - 2015-04-27 21:16 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2015-05-13 09:23 - 2015-04-27 21:16 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2015-05-13 09:23 - 2015-04-27 21:16 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2015-05-13 09:23 - 2015-04-27 21:16 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2015-05-13 09:23 - 2015-04-27 21:16 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2015-05-13 09:23 - 2015-04-27 21:16 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2015-05-13 09:23 - 2015-04-27 21:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-05-13 09:23 - 2015-04-27 21:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2015-05-13 09:23 - 2015-04-27 21:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2015-05-13 09:23 - 2015-04-27 21:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2015-05-13 09:23 - 2015-04-27 21:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2015-05-13 09:23 - 2015-04-27 21:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2015-05-13 09:23 - 2015-04-27 21:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2015-05-13 09:23 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2015-05-13 09:23 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2015-05-13 09:23 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2015-05-13 09:23 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2015-05-13 09:23 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2015-05-13 09:23 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2015-05-13 09:23 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2015-05-13 09:23 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2015-05-13 09:23 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2015-05-13 09:23 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2015-05-13 09:23 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2015-05-13 09:23 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2015-05-13 09:23 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2015-05-13 09:23 - 2015-04-27 21:05 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2015-05-13 09:23 - 2015-04-27 21:05 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2015-05-13 09:23 - 2015-04-27 21:05 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2015-05-13 09:23 - 2015-04-27 21:05 - 00092160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sechost.dll
2015-05-13 09:23 - 2015-04-27 21:05 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2015-05-13 09:23 - 2015-04-27 21:05 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-05-13 09:23 - 2015-04-27 21:05 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2015-05-13 09:23 - 2015-04-27 21:05 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2015-05-13 09:23 - 2015-04-27 21:04 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-05-13 09:23 - 2015-04-27 21:04 - 00082944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\logman.exe
2015-05-13 09:23 - 2015-04-27 21:04 - 00040448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\typeperf.exe
2015-05-13 09:23 - 2015-04-27 21:04 - 00037888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\relog.exe
2015-05-13 09:23 - 2015-04-27 21:04 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2015-05-13 09:23 - 2015-04-27 21:04 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2015-05-13 09:23 - 2015-04-27 21:03 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2015-05-13 09:23 - 2015-04-27 21:03 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2015-05-13 09:23 - 2015-04-27 21:03 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2015-05-13 09:23 - 2015-04-27 21:03 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\diskperf.exe
2015-05-13 09:23 - 2015-04-27 21:03 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2015-05-13 09:23 - 2015-04-27 21:01 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2015-05-13 09:23 - 2015-04-27 21:01 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2015-05-13 09:23 - 2015-04-27 20:59 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2015-05-13 09:23 - 2015-04-27 20:59 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2015-05-13 09:23 - 2015-04-27 20:59 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2015-05-13 09:23 - 2015-04-27 20:59 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2015-05-13 09:23 - 2015-04-27 20:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2015-05-13 09:23 - 2015-04-27 20:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2015-05-13 09:23 - 2015-04-27 20:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2015-05-13 09:23 - 2015-04-27 20:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2015-05-13 09:23 - 2015-04-27 20:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2015-05-13 09:23 - 2015-04-27 20:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2015-05-13 09:23 - 2015-04-27 20:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2015-05-13 09:23 - 2015-04-27 20:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2015-05-13 09:23 - 2015-04-27 20:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2015-05-13 09:23 - 2015-04-27 20:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2015-05-13 09:23 - 2015-04-27 20:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2015-05-13 09:23 - 2015-04-27 20:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2015-05-13 09:23 - 2015-04-27 20:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-05-13 09:23 - 2015-04-27 20:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2015-05-13 09:23 - 2015-04-27 20:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2015-05-13 09:23 - 2015-04-27 20:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2015-05-13 09:23 - 2015-04-27 20:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2015-05-13 09:23 - 2015-04-27 20:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2015-05-13 09:23 - 2015-04-27 20:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2015-05-13 09:23 - 2015-04-27 20:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2015-05-13 09:23 - 2015-04-27 20:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2015-05-13 09:23 - 2015-04-27 20:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2015-05-13 09:23 - 2015-04-27 19:57 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2015-05-13 09:23 - 2015-04-27 19:57 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2015-05-13 09:23 - 2015-04-27 19:55 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2015-05-13 09:23 - 2015-04-27 19:55 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2015-05-13 09:23 - 2015-04-27 19:55 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2015-05-13 09:23 - 2015-04-27 19:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2015-05-13 09:23 - 2015-04-20 05:17 - 01647104 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2015-05-13 09:23 - 2015-04-20 05:17 - 01179136 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2015-05-13 09:23 - 2015-04-20 04:56 - 01250816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2015-05-13 09:23 - 2015-04-20 04:11 - 03204608 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-05-13 09:23 - 2015-04-08 05:29 - 00275456 _____ (Microsoft Corporation) C:\Windows\system32\InkEd.dll
2015-05-13 09:23 - 2015-04-08 05:14 - 00216064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\InkEd.dll
2015-05-13 09:23 - 2015-03-04 06:41 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\apphelp.dll
2015-05-13 09:23 - 2015-03-04 06:41 - 00072192 _____ (Microsoft Corporation) C:\Windows\system32\aelupsvc.dll
2015-05-13 09:23 - 2015-03-04 06:41 - 00023552 _____ (Microsoft Corporation) C:\Windows\system32\sdbinst.exe
2015-05-13 09:23 - 2015-03-04 06:41 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\shimeng.dll
2015-05-13 09:23 - 2015-03-04 06:11 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shimeng.dll
2015-05-13 09:23 - 2015-03-04 06:10 - 00295936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apphelp.dll
2015-05-13 09:23 - 2015-03-04 06:10 - 00020992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sdbinst.exe
2015-05-13 09:23 - 2015-02-18 09:06 - 00123904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\poqexec.exe
2015-05-13 09:23 - 2015-02-18 09:04 - 00142336 _____ (Microsoft Corporation) C:\Windows\system32\poqexec.exe
2015-05-13 09:23 - 2015-01-29 05:19 - 02543104 _____ (Microsoft Corporation) C:\Windows\system32\wpdshext.dll
2015-05-13 09:23 - 2015-01-29 05:02 - 02311168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wpdshext.dll
2015-05-13 02:09 - 2015-05-13 02:10 - 16938649 _____ () C:\Users\adriana\Downloads\11.05.2015 004.mp4
2015-05-12 23:49 - 2015-05-12 23:49 - 02007044 _____ () C:\Users\adriana\Downloads\MOV00372.MP4
2015-05-09 22:37 - 2015-05-09 22:37 - 00001119 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2015-05-09 22:22 - 2015-05-27 08:33 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2015-05-09 19:09 - 2015-05-09 19:09 - 00038976 _____ () C:\Users\adriana\Documents\Selbstauskunft.odt
2015-05-08 17:22 - 2015-05-24 15:29 - 00000340 _____ () C:\Windows\Tasks\HPCeeScheduleForadriana.job
2015-05-08 17:22 - 2015-05-19 15:29 - 00003198 _____ () C:\Windows\System32\Tasks\HPCeeScheduleForadriana
2015-05-07 23:46 - 2015-05-07 23:46 - 00000000 ____D () C:\Users\adriana\AppData\Local\{26A0D5C0-948E-4736-A3BB-883BB321C956}
2015-05-07 13:43 - 2015-05-07 13:43 - 00039944 _____ () C:\Users\adriana\Downloads\Pira.Fragebogen Albeck.odt
2015-05-05 14:11 - 2015-05-05 14:11 - 00026624 _____ () C:\Users\adriana\Downloads\XANTHI.xls
2015-05-01 00:44 - 2015-05-01 00:49 - 00073109 _____ () C:\Users\adriana\Downloads\runa.jpeg
2015-04-28 00:29 - 2015-04-28 00:29 - 00001385 _____ () C:\Users\adriana\frida mikis.txt

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-05-27 08:43 - 2012-08-22 12:32 - 00000000 ____D () C:\Users\adriana\AppData\Roaming\Skype
2015-05-27 08:42 - 2013-04-19 15:51 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-05-27 08:37 - 2013-11-10 19:24 - 00065536 _____ () C:\Windows\system32\Ikeext.etl
2015-05-27 08:37 - 2012-09-08 18:36 - 00000374 _____ () C:\Windows\system32\Drivers\etc\hosts.ics
2015-05-27 08:36 - 2013-08-14 10:13 - 00154460 _____ () C:\Windows\setupact.log
2015-05-27 08:36 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-05-27 08:35 - 2015-01-14 22:00 - 00000000 ____D () C:\NetxpVerein
2015-05-27 08:35 - 2013-10-01 17:08 - 00000000 ____D () C:\Users\DefaultAppPool
2015-05-27 08:35 - 2012-05-07 17:01 - 00000000 ____D () C:\Users\adriana
2015-05-27 08:34 - 2015-04-05 00:11 - 00000000 ___SD () C:\Windows\system32\GWX
2015-05-27 08:34 - 2015-02-08 14:51 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-05-27 08:32 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\registration
2015-05-27 08:30 - 2014-08-16 16:16 - 00000000 ____D () C:\Program Files (x86)\T-Mobile
2015-05-27 08:30 - 2012-05-08 19:33 - 00000000 ____D () C:\Users\adriana\AppData\Roaming\Mozilla
2015-05-27 08:18 - 2013-07-24 11:23 - 00000000 ____D () C:\Windows\Minidump
2015-05-27 07:56 - 2013-11-07 01:35 - 94548992 ___SH () C:\Users\adriana\Downloads\Thumbs.db
2015-05-27 07:20 - 2009-07-14 06:45 - 00032064 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-05-27 07:20 - 2009-07-14 06:45 - 00032064 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-05-26 17:05 - 2009-07-14 07:32 - 00000000 ____D () C:\Windows\system32\FxsTmp
2015-05-25 14:47 - 2013-04-19 15:51 - 00001110 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-05-25 14:34 - 2013-10-01 20:18 - 00000936 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-4246888475-3530032447-118406061-1002UA.job
2015-05-25 14:16 - 2012-05-09 11:14 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-05-25 13:37 - 2012-01-20 01:50 - 01233428 _____ () C:\Windows\WindowsUpdate.log
2015-05-24 20:34 - 2013-10-01 20:18 - 00000914 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-4246888475-3530032447-118406061-1002Core.job
2015-05-24 20:30 - 2012-01-20 01:56 - 01863344 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2015-05-24 20:30 - 2011-10-15 07:15 - 00800654 _____ () C:\Windows\system32\perfh007.dat
2015-05-24 20:30 - 2011-10-15 07:15 - 00184550 _____ () C:\Windows\system32\perfc007.dat
2015-05-24 20:30 - 2009-07-14 07:13 - 01863344 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-05-24 20:23 - 2015-04-05 00:11 - 00000000 ___SD () C:\Windows\SysWOW64\GWX
2015-05-24 15:56 - 2015-02-08 14:51 - 00002141 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2015-05-22 14:36 - 2014-07-13 23:06 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2
2015-05-22 14:34 - 2015-03-04 21:44 - 00000000 ____D () C:\EEK
2015-05-22 14:34 - 2015-02-17 22:38 - 00000000 ____D () C:\Program Files (x86)\Wondershare
2015-05-22 14:34 - 2014-07-13 17:14 - 00000000 ____D () C:\Program Files\Enigma Software Group
2015-05-22 14:34 - 2014-05-22 23:03 - 00000000 ____D () C:\Program Files\ESET
2015-05-22 14:34 - 2014-02-14 17:42 - 00000000 ____D () C:\Program Files\Microsoft Security Client
2015-05-22 14:34 - 2014-02-14 17:42 - 00000000 ____D () C:\Program Files (x86)\Microsoft Security Client
2015-05-22 14:34 - 2012-08-03 18:37 - 00000000 ____D () C:\Program Files (x86)\o.tel.o
2015-05-22 14:34 - 2012-01-20 11:40 - 00000000 ___RD () C:\Users\Public\Recorded TV
2015-05-21 18:50 - 2007-01-02 03:25 - 00000000 ____D () C:\Windows\Panther
2015-05-19 20:04 - 2013-09-03 10:46 - 01585986 _____ () C:\Windows\PFRO.log
2015-05-19 19:54 - 2014-01-01 20:53 - 00000723 _____ () C:\Windows\wininit.ini
2015-05-19 19:54 - 2014-01-01 20:44 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2015-05-19 17:36 - 2012-05-07 18:07 - 00003926 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{2F35951E-AA2B-48D6-AB7E-DAD60F473B9C}
2015-05-19 11:22 - 2015-02-17 22:38 - 00000000 ____D () C:\Users\adriana\AppData\Roaming\Wondershare
2015-05-19 11:22 - 2015-02-17 22:38 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wondershare
2015-05-19 11:22 - 2014-09-15 21:58 - 00000000 ___RD () C:\Program Files (x86)\Skype
2015-05-19 11:22 - 2012-07-02 17:30 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Epson Software
2015-05-19 11:22 - 2012-05-09 11:04 - 00000000 ____D () C:\Program Files (x86)\Epson Software
2015-05-19 11:22 - 2009-07-14 07:32 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2015-05-19 11:21 - 2012-05-08 00:52 - 00000000 ____D () C:\Program Files (x86)\Google
2015-05-19 11:21 - 2011-10-14 22:13 - 00000000 ____D () C:\ProgramData\Skype
2015-05-19 11:20 - 2012-05-07 18:16 - 00000000 __RHD () C:\MSOCache
2015-05-15 19:42 - 2013-04-19 15:51 - 00004106 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-05-15 19:42 - 2013-04-19 15:51 - 00003854 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2015-05-14 16:04 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\rescache
2015-05-13 15:06 - 2009-07-14 06:45 - 00409832 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-05-13 15:01 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\AdvancedInstallers
2015-05-13 14:57 - 2013-03-14 14:54 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2015-05-13 13:29 - 2014-02-14 17:42 - 00002077 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
2015-05-13 13:29 - 2013-11-23 20:48 - 00001912 _____ () C:\Windows\epplauncher.mif
2015-05-13 13:28 - 2012-05-07 18:16 - 00000000 ____D () C:\ProgramData\Microsoft Help
2015-05-13 13:27 - 2013-08-15 19:49 - 00000000 ____D () C:\Windows\system32\MRT
2015-05-13 13:14 - 2012-05-13 18:47 - 140425016 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-05-13 13:08 - 2013-03-14 14:58 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2015-05-13 13:07 - 2013-03-14 14:54 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2015-05-13 02:07 - 2013-09-02 20:30 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2015-05-12 17:41 - 2012-05-08 18:07 - 00000052 _____ () C:\Windows\SysWOW64\DOErrors.log
2015-05-11 18:21 - 2013-02-15 00:01 - 00000000 ____D () C:\Users\adriana\AppData\Local\Deployment
2015-05-11 18:21 - 2012-05-12 20:03 - 00000000 ____D () C:\Program Files (x86)\VideoLAN
2015-05-11 18:07 - 2012-12-02 18:21 - 00000336 _____ () C:\Windows\Tasks\HPCeeScheduleForSOFIA$.job
2015-05-11 18:07 - 2012-09-26 14:59 - 00003212 _____ () C:\Windows\System32\Tasks\HPCeeScheduleForSOFIA$
2015-05-10 23:08 - 2012-05-16 17:44 - 00035218 ____H () C:\Users\adriana\Downloads\.picasa.ini
2015-05-10 17:38 - 2013-09-26 22:23 - 00778416 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-05-10 17:38 - 2013-09-26 22:23 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-05-10 17:38 - 2012-05-09 11:14 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-05-08 22:42 - 2013-05-17 13:57 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
2015-05-06 16:51 - 2014-01-28 18:52 - 01945694 _____ () C:\Users\adriana\Downloads\kastrationen alex 2009 2.BMP

==================== Files in the root of some directories =======

2013-08-26 11:23 - 2011-09-12 11:55 - 0336047 _____ () C:\Program Files (x86)\Ivo Lupus Kroatien.jpg
2007-03-12 18:59 - 2007-03-12 18:59 - 0299008 _____ () C:\Program Files (x86)\navigram_register.exe
2012-09-09 15:27 - 2015-01-26 15:40 - 0006656 _____ () C:\Users\adriana\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2012-10-06 23:40 - 2012-10-06 23:40 - 0000852 _____ () C:\Users\adriana\AppData\Local\recently-used.xbel
2013-11-20 18:16 - 2013-11-20 18:16 - 0000017 _____ () C:\Users\adriana\AppData\Local\resmon.resmoncfg

Some files in TEMP:
====================
C:\Users\adriana\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpvuokqc.dll
C:\Users\adriana\AppData\Local\Temp\Quarantine.exe
C:\Users\adriana\AppData\Local\Temp\sqlite3.dll
C:\Users\Balou\AppData\Local\Temp\g1x2_b-b.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-05-24 19:32

==================== End of log ============================
__________________
Alt 27.05.2015, 18:19   #4
schrauber
/// the machine
/// TB-Ausbilder
 
Spyhunter - wie werde ich ihn wieder los - Standard

Spyhunter - wie werde ich ihn wieder los


Die Addition.txt fehlt noch, die haste ja im ersten Post angehängt, diese bitte noch in den Thread posten
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 27.05.2015, 20:51   #5
Sonnen
 
Spyhunter - wie werde ich ihn wieder los - Standard

Spyhunter - wie werde ich ihn wieder los


Guten Abend Schrauber,
tut mir leid, meine Laptop verabschiedet sich nonstop Danke für deine Hilfe. Lg


Additional scan result of Farbar Recovery Scan Tool (x64) Version: 26-05-2015
Ran by adriana at 2015-05-27 07:36:06
Running from C:\Users\adriana\Downloads
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-4246888475-3530032447-118406061-500 - Administrator - Disabled)
adriana (S-1-5-21-4246888475-3530032447-118406061-1002 - Administrator - Enabled) => C:\Users\adriana
Balou (S-1-5-21-4246888475-3530032447-118406061-1472 - Administrator - Enabled) => C:\Users\Balou
Gast (S-1-5-21-4246888475-3530032447-118406061-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-4246888475-3530032447-118406061-1003 - Limited - Enabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Microsoft Security Essentials (Enabled - Up to date) {B7ECF8CD-0188-6703-DBA4-AA65C6ACFB0A}
AV: Emsisoft Internet Security (Enabled - Up to date) {2F44E1F9-850B-1C7A-0E56-EB2E0A3E20C9}
AS: Microsoft Security Essentials (Enabled - Up to date) {0C8D1929-27B2-688D-E114-9117BD2BB1B7}
AS: Emsisoft Internet Security (Enabled - Up to date) {9425001D-A331-13F4-34E6-D05C71B96A74}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Emsisoft Internet Security (Enabled) {177F60DC-CF64-1D22-2509-421BF4ED67B2}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

ABBYY FineReader 9.0 Sprint (HKLM-x32\...\ABBYY FineReader 9.0 Sprint) (Version: 9.01.513.58212 - ABBYY)
ABBYY FineReader 9.0 Sprint (x32 Version: 9.01.513.58212 - ABBYY) Hidden
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.8.0.1280 - Adobe Systems Incorporated)
Adobe Flash Player 16 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 16.0.0.257 - Adobe Systems Incorporated)
Adobe Flash Player 17 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 17.0.0.169 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.11) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.11 - Adobe Systems Incorporated)
Adobe Shockwave Player 11.6 (HKLM-x32\...\Adobe Shockwave Player) (Version: 11.6.1.629 - Adobe Systems, Inc.)
AMD Catalyst Install Manager (HKLM\...\{ACD449FA-9DF3-779D-DA68-11D486963225}) (Version: 3.0.847.0 - Advanced Micro Devices, Inc.)
AMD System Monitor (HKLM-x32\...\{6EFD0C42-4CC1-4716-A0CA-21C1A062CF34}) (Version: 1.0.9 - Advanced Micro Devices, Inc.)
Apple Application Support (32-Bit) (HKLM-x32\...\{AFA1153A-F547-409B-B837-3A0D6C5A3FEC}) (Version: 3.1.3 - Apple Inc.)
Apple Application Support (64-Bit) (HKLM\...\{D7B824DE-DA32-4772-9E5E-39C5158136A7}) (Version: 3.1.3 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{C4123106-B685-48E6-B9BD-E4F911841EB4}) (Version: 8.1.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Benutzerhandbuch EPSON SX235 Series (HKLM-x32\...\EPSON SX235 Series Useg) (Version: - )
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM-x32\...\{51C7AD07-C3F6-4635-8E8A-231306D810FE}) (Version: 1.0.19 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM-x32\...\{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}) (Version: 1.1.6 - Cisco Systems, Inc.)
CyberLink YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 3.5.0.4528 - CyberLink Corp.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
DDBAC (HKLM-x32\...\{220DC8D0-3CC8-41A4-8C58-15A1D9FA0362}) (Version: 5.3.6 - DataDesign)
Dropbox (HKU\S-1-5-21-4246888475-3530032447-118406061-1002\...\Dropbox) (Version: 2.10.28 - Dropbox, Inc.)
Druckerdeinstallation für EPSON SX235 Series (HKLM\...\EPSON SX235 Series) (Version: - SEIKO EPSON Corporation)
Emsisoft Internet Security (HKLM-x32\...\{5502032C-88C1-4303-99FE-B5CBD7684CEA}_is1) (Version: 10.0 - Emsisoft Ltd.)
Epson Easy Photo Print 2 (HKLM-x32\...\{A02D7029-C4EF-44C1-9FD4-C0D3CA518113}) (Version: 2.2.4.0 - SEIKO EPSON CORPORATION)
Epson Easy Photo Print Plug-in for PMB(Picture Motion Browser) (HKLM-x32\...\{B2D55EB8-32C5-4B43-9006-9E97DECBA178}) (Version: 1.00.0000 - SEIKO EPSON CORPORATION)
Epson Event Manager (HKLM-x32\...\{8ED43F7E-A8F6-4898-AF11-B6158F2EDF94}) (Version: 2.50.0000 - SEIKO EPSON CORPORATION)
EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version: - Seiko Epson Corporation)
EpsonNet Print (HKLM-x32\...\{3E31400D-274E-4647-916C-2CACC3741799}) (Version: 2.5.00 - SEIKO EPSON CORPORATION)
ESU for Microsoft Windows 7 SP1 (HKLM-x32\...\{E96CAA2A-0244-4A2A-8403-0C3C9534778B}) (Version: 2.1.1 - Hewlett-Packard)
Evernote v. 4.2.3 (HKLM-x32\...\{F761359C-9CED-45AE-9A51-9D6605CD55C4}) (Version: 4.2.3.22 - Evernote Corp.)
Facebook Video Calling 2.0.0.447 (HKLM-x32\...\{8DF41A9F-FE13-43E8-A003-5F9B55A011EE}) (Version: 2.0.447 - Skype Limited)
FileZilla Client 3.2.7.1 (HKLM-x32\...\FileZilla Client) (Version: 3.2.7.1 - )
Free Video to Flash Converter version 5.0.44.623 (HKLM-x32\...\Free Video to Flash Converter_is1) (Version: 5.0.44.623 - DVDVideoSoft Ltd.)
Free WebM Video Converter version 5.0.54.1215 (HKLM-x32\...\Free WebM Video Converter_is1) (Version: 5.0.54.1215 - DVDVideoSoft Ltd.)
Free YouTube Download version 3.2.51.1215 (HKLM-x32\...\Free YouTube Download_is1) (Version: 3.2.51.1215 - DVDVideoSoft Ltd.)
Free YouTube to MP3 Converter version 3.12.35.514 (HKLM-x32\...\Free YouTube to MP3 Converter_is1) (Version: 3.12.35.514 - DVDVideoSoft Ltd.)
Freemake Video Downloader (HKLM-x32\...\Freemake Video Downloader_is1) (Version: 3.7.0 - Ellora Assets Corporation)
GDR 5520 für SQL Server 2008 (KB 2977321) (HKLM-x32\...\KB2977321) (Version: 10.3.5520.0 - Microsoft Corporation)
GMX ProfiFax (HKLM-x32\...\GMX ProfiFax) (Version: 2.00.236 - 1&1 Mail & Media GmbH)
GMX SMS-Manager (HKLM-x32\...\com.unitedinternet.ums.sms-mms-manager) (Version: 3.3 - 1 und 1 Internet AG)
GMX SMS-Manager (x32 Version: 3.3 - 1 und 1 Internet AG) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 43.0.2357.81 - Google Inc.)
Google Drive (HKLM-x32\...\{35574F09-89F9-4B16-B69B-64F3E25901B8}) (Version: 1.21.9226.6034 - Google, Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.27.5 - Google Inc.) Hidden
Google+ Auto Backup (HKLM-x32\...\{A50DE037-B5C0-4C8A-8049-B0C576B313D1}) (Version: 1.0.21.81 - Google)
Hewlett-Packard ACLM.NET v1.2.2.3 (x32 Version: 1.00.0000 - Hewlett-Packard Company) Hidden
HP Connection Manager (HKLM-x32\...\{B65FCAA5-F3A6-4B3F-ABEE-CBC2B085796B}) (Version: 4.1.25.1 - Hewlett-Packard Company)
HP Documentation (HKLM-x32\...\{BC6CB499-9F29-4B41-8B8B-FA7248525256}) (Version: 1.1.0.0 - Hewlett-Packard)
HP Launch Box (HKLM\...\{BF1E75D0-E7AF-4BEA-9FBC-567F0C54BDF9}) (Version: 1.0.12 - Hewlett-Packard Company)
HP On Screen Display (HKLM-x32\...\{ED1BD69A-07E3-418C-91F1-D856582581BF}) (Version: 1.3.5 - Hewlett-Packard Company)
HP Power Manager (HKLM-x32\...\{D8BCE5B9-67CF-4F3F-93AE-3ACC754C72EB}) (Version: 1.4.7 - Hewlett-Packard Company)
HP Quick Launch (HKLM-x32\...\{53B17A98-5BF0-40BC-AAFF-850A357975AC}) (Version: 2.7.2 - Hewlett-Packard Company)
HP QuickWeb (HKLM-x32\...\{BB4FC2AD-DF12-4EE1-8AA7-2C0A26B5E2FB}) (Version: 3.1.1.10197 - Hewlett-Packard Company)
HP Security Assistant (HKLM\...\{ED6CD3AC-616B-4B20-BCF3-6E637B92A5AD}) (Version: 3.0.4 - Hewlett-Packard Company)
HP Setup (HKLM-x32\...\{F5E7D9AF-60F6-4A30-87E3-4EA94D322CE1}) (Version: 9.0.15076.3891 - Hewlett-Packard Company)
HP Setup Manager (HKLM-x32\...\{AE856388-AFAD-4753-81DF-D96B19D0A17C}) (Version: 1.2.14901.3869 - Hewlett-Packard Company)
HP Software Framework (HKLM-x32\...\{D2462056-BA75-4B2C-8267-DFEA2B6AC4AE}) (Version: 4.6.10.1 - Hewlett-Packard Company)
HP Support Assistant (HKLM-x32\...\{E35A3B13-78CD-4967-8AC8-AA9FDA693EDE}) (Version: 7.4.45.4 - Hewlett-Packard Company)
Internet Manager (HKLM-x32\...\Internet Manager) (Version: 22.001.18.74.55 - Huawei Technologies Co.,Ltd)
iTunes (HKLM\...\{93F2A022-6C37-48B8-B241-FFABD9F60C30}) (Version: 12.1.2.27 - Apple Inc.)
Java 8 Update 31 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418031F0}) (Version: 8.0.310 - Oracle Corporation)
Java 8 Update 31 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218031F0}) (Version: 8.0.310 - Oracle Corporation)
JavaFX 2.1.1 (HKLM-x32\...\{1111706F-666A-4037-7777-211328764D10}) (Version: 2.1.1 - Oracle Corporation)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Malwarebytes Anti-Malware Version 2.1.6.1022 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.6.1022 - Malwarebytes Corporation)
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)
Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Live Add-in 1.5 (HKLM-x32\...\{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}) (Version: 2.0.4024.1 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.8.204.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40416.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft SQL Server 2008 (HKLM-x32\...\Microsoft SQL Server 10 Release) (Version: - Microsoft Corporation)
Microsoft SQL Server 2008 Browser (HKLM-x32\...\{4AF2248C-B3DF-46FB-9596-87F5DB193689}) (Version: 10.3.5500.0 - Microsoft Corporation)
Microsoft SQL Server 2008 Native Client (HKLM\...\{12FE6AA6-65D2-40EE-B925-62193128A0E6}) (Version: 10.3.5500.0 - Microsoft Corporation)
Microsoft SQL Server 2008 Setup Support Files (HKLM-x32\...\{5D60AB1A-2409-4829-83D4-0972856D885A}) (Version: 10.3.5520.0 - Microsoft Corporation)
Microsoft SQL Server VSS Writer (HKLM\...\{28D06854-572C-4A65-83E5-F8CAF26B9FDC}) (Version: 10.3.5500.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{A49F249F-0C91-497F-86DF-B2585E8E76B7}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{402ED4A1-8F5B-387A-8688-997ABF58B8F2}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Works 6-9 Converter (HKLM-x32\...\{95140000-0137-0407-0000-0000000FF1CE}) (Version: 14.0.6120.5002 - Microsoft Corporation)
Mozilla Firefox 38.0.1 (x86 de) (HKLM-x32\...\Mozilla Firefox 38.0.1 (x86 de)) (Version: 38.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 38.0.1 - Mozilla)
MyDriveConnect 4.0.2.2123 (HKLM-x32\...\MyDriveConnect) (Version: 4.0.2.2123 - TomTom)
Netzwerkhandbuch EPSON SX235 Series (HKLM-x32\...\EPSON SX235 Series Netg) (Version: - )
opensource (x32 Version: 1.0.14960.3876 - Your Company Name) Hidden
Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9 - Google, Inc.)
QuickTime 7 (HKLM-x32\...\{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}) (Version: 7.76.80.95 - Apple Inc.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.40.126.2011 - Realtek)
Realtek PCIE Card Reader (HKLM-x32\...\{C1594429-8296-4652-BF54-9DBE4932A44C}) (Version: 6.1.7601.83 - Realtek Semiconductor Corp.)
REALTEK Wireless LAN Driver (HKLM-x32\...\{9D3D8C60-A55F-4123-B2B9-173F09590E16}) (Version: 1.00.11.0706 - REALTEK Semiconductor Corp.)
Security Task Manager 2.0d (HKLM-x32\...\Security Task Manager) (Version: 2.0d - Neuber Software)
Service Pack 3 für SQL Server 2008 (KB2546951) (HKLM-x32\...\KB2546951) (Version: 10.3.5500.0 - Microsoft Corporation)
Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)
Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 7.3.16540.9015 - Microsoft Corporation)
Skype™ 7.3 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.3.101 - Skype Technologies S.A.)
Software Updater (HKLM-x32\...\{FA7EE274-7370-43B7-9A45-A39B17CCCDC5}) (Version: 4.3.3 - SEIKO EPSON CORPORATION)
SpyHunter 4 (HKLM-x32\...\SpyHunter) (Version: 4.19.13.4482 - Enigma Software Group, LLC)
Sql Server Customer Experience Improvement Program (x32 Version: 10.3.5500.0 - Microsoft Corporation) Hidden
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.3.11.0 - Synaptics Incorporated)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
Update für Microsoft Office Excel 2007 Help (KB963678) (HKLM-x32\...\{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{BEC163EC-7A83-48A1-BFB6-3BF47CC2F8CF}) (Version: - Microsoft)
Update für Microsoft Office Outlook 2007 Help (KB963677) (HKLM-x32\...\{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{F6828576-6F79-470D-AB50-69D1BBADBD30}) (Version: - Microsoft)
Update für Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM-x32\...\{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{EA160DA3-E9B5-4D03-A518-21D306665B96}) (Version: - Microsoft)
Update für Microsoft Office Word 2007 Help (KB963665) (HKLM-x32\...\{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{38472199-D7B6-4833-A949-10E4EE6365A1}) (Version: - Microsoft)
VC80CRTRedist - 8.0.50727.6195 (x32 Version: 1.2.0 - DivX, Inc) Hidden
Visual Studio C++ 10.0 Runtime (HKLM-x32\...\{4412F224-3849-4461-A3E9-DEEF8D252790}) (Version: 10.0.0 - TomTom International B.V.)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3555.0308 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Mesh ActiveX control for remote connections (HKLM-x32\...\{C5398A89-516C-4DAF-BA07-EE7949090E56}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Media Player Firefox Plugin (HKLM-x32\...\{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}) (Version: 1.0.0.8 - Microsoft Corp)
Wondershare PDF Converter (Build 4.0.1) (HKLM-x32\...\{A888A8D1-ACCB-4EBE-AAA8-903D2B8FB6A4}_is1) (Version: 4.0.1 - Wondershare Software)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-4246888475-3530032447-118406061-1002_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\adriana\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-4246888475-3530032447-118406061-1002_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\adriana\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-4246888475-3530032447-118406061-1002_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\adriana\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-4246888475-3530032447-118406061-1002_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\adriana\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-4246888475-3530032447-118406061-1002_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\adriana\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-4246888475-3530032447-118406061-1002_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\adriana\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-4246888475-3530032447-118406061-1002_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\adriana\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-4246888475-3530032447-118406061-1002_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\adriana\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-4246888475-3530032447-118406061-1002_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\adriana\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)

==================== Restore Points =========================

25-05-2015 14:49:52 Geplanter Prüfpunkt

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 04:34 - 2009-06-10 23:00 - 00000824 ____N C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {02B12AD7-3C77-41A5-9CE5-132E9B986970} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)
Task: {05700674-CDEB-4C34-9F38-BF2885205283} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-05-10] (Adobe Systems Incorporated)
Task: {173F1C39-2B17-445D-B2A0-DE09DEB44ECC} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-4246888475-3530032447-118406061-1002Core => C:\Users\adriana\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: {2A0845B7-F0C0-4CD9-B8FD-041DFA597FEC} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-11-04] (Hewlett-Packard Company)
Task: {2C2451EF-45B0-4726-95A9-11984D2B7EBD} - System32\Tasks\Java Update Scheduler => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2014-12-17] (Oracle Corporation)
Task: {2D5E02F3-C194-4D58-A59F-5732D941905B} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-04-19] (Google Inc.)
Task: {381EE2F5-00B3-4B8D-9E48-C86AB31B77E1} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {43CD746B-5F43-4C53-9581-BEACE2EC01FF} - System32\Tasks\{4DE0364C-DF0C-4BF5-9CEC-E2F4B81F4FF3} => C:\Windows\twain_32\escndv\escndv.exe [2009-01-24] (SEIKO EPSON CORP.)
Task: {45039B44-9A0A-4C16-BCE6-03DEE83A6050} - System32\Tasks\HPCeeScheduleForadriana => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2011-07-15] (Hewlett-Packard)
Task: {4F311976-4263-4F8A-B8A4-886C37512A83} - System32\Tasks\MirageAgent => C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe [2011-09-28] (CyberLink)
Task: {50D104B6-BCE3-4283-9111-A0293F696C5B} - System32\Tasks\Microsoft\Windows\Setup\gwx\launchtrayprocess => C:\Windows\system32\GWX\GWX.exe [2015-05-07] (Microsoft Corporation)
Task: {6A4C04C5-BE40-463C-A788-830A76E29B05} - System32\Tasks\{4A9D89A5-F20A-4E7D-AE35-300AB64D32E4} => C:\Program Files (x86)\Microsoft Office\Office12\WINWORD.EXE [2015-03-18] (Microsoft Corporation)
Task: {76030A58-4035-41D2-BF9E-4985FCF94798} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2015-04-14] (Hewlett-Packard)
Task: {764C4813-D5DF-485F-B941-96BB9069F1F3} - System32\Tasks\Adobe-Online-Aktualisierungsprogramm => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)
Task: {88F8446A-8A66-4F92-A1A3-2F189C831436} - System32\Tasks\SpyHunter4Startup => C:\Program Files\Enigma Software Group\SpyHunter\Spyhunter4.exe [2015-05-19] (Enigma Software Group USA, LLC.)
Task: {980DC651-7D91-4EE6-B024-1F700D0B175B} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe [2014-05-12] (Hewlett-Packard Company)
Task: {9CB00C45-1134-4D2A-B70E-3E32AD09D7AC} - System32\Tasks\{7B2576F8-19D1-4224-AE8D-82694AC96207} => pcalua.exe -a "C:\Program Files (x86)\o.tel.o\uninst.exe"
Task: {A32CCEE0-4C36-4BF6-B713-BDC7680D7E1D} - System32\Tasks\{E8ED73EC-8BEC-423A-A8CD-0B778CF8D605} => C:\Users\adriana\Downloads\vlc-2.0.1-win32.exe
Task: {A6D4269B-A4F7-4F8C-81BC-93B644206725} - System32\Tasks\{5604797B-B7BA-4A41-B8E3-4D2B67158A95} => C:\Windows\twain_32\escndv\escndv.exe [2009-01-24] (SEIKO EPSON CORP.)
Task: {AEAB3E8B-7B9A-421A-B4BC-64A4DC5F7F29} - System32\Tasks\{A2860E3E-E9F2-4AFF-881F-79453F19D3D2} => C:\Program Files (x86)\T-Mobile\InternetManager_H\Internet Manager.exe [2012-11-22] ()
Task: {B66C26BE-B6E0-4F07-8647-FB334A65F65B} - System32\Tasks\{F58373A8-1ACC-41A3-A540-9210BAE103CE} => C:\Program Files (x86)\DVDVideoSoft\Free YouTube to MP3 Converter\FreeYouTubeToMP3Converter.exe [2014-05-14] (DVDVideoSoft Ltd.)
Task: {C21639AE-4502-46D8-B0F3-1240D9B05662} - System32\Tasks\{1126E134-B7B0-474E-A964-2AD7A7ACAD0E} => C:\Program Files (x86)\T-Mobile\InternetManager_H\Internet Manager.exe [2012-11-22] ()
Task: {C6470A27-D1AE-4BE8-A006-D952BFA26D63} - System32\Tasks\HPCeeScheduleForBalou => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2011-07-15] (Hewlett-Packard)
Task: {D248ECFF-7409-42E0-AAB0-6DCDB59E8B99} - System32\Tasks\{635DBC63-82E3-412D-95A5-B96B4D581090} => C:\Program Files (x86)\DVDVideoSoft\Free YouTube to MP3 Converter\FreeYouTubeToMP3Converter.exe [2014-05-14] (DVDVideoSoft Ltd.)
Task: {D3CE5B59-9815-4CD3-88B5-A7F50086BE8B} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-4246888475-3530032447-118406061-1002UA => C:\Users\adriana\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: {D91A8A78-2980-4817-B7A0-3A58A6765986} - System32\Tasks\{62AE3A68-9633-46A7-B498-5D693688C701} => C:\Program Files (x86)\Microsoft Office\Office12\WINWORD.EXE [2015-03-18] (Microsoft Corporation)
Task: {DB71A9FF-68F8-43F5-B8F8-7A77D12AE999} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfig => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-05-07] (Microsoft Corporation)
Task: {E7F709C9-8ABC-453D-864E-8CA865A6121D} - System32\Tasks\{FF7DE629-CA72-414B-985A-A63816D3B7E9} => C:\Windows\twain_32\escndv\escndv.exe [2009-01-24] (SEIKO EPSON CORP.)
Task: {E8E40CB2-29CF-477D-89BD-9D367C3BCA3D} - System32\Tasks\HPCeeScheduleForSOFIA$ => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2011-07-15] (Hewlett-Packard)
Task: {EC4BAEA2-05FA-433B-BAB4-6BEC99056FE4} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-04-19] (Google Inc.)
Task: {FBEF525D-BBE9-4539-AED2-8573B5895C85} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-11-04] (Hewlett-Packard Company)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-4246888475-3530032447-118406061-1002Core.job => C:\Users\adriana\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-4246888475-3530032447-118406061-1002UA.job => C:\Users\adriana\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\HPCeeScheduleForadriana.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe
Task: C:\Windows\Tasks\HPCeeScheduleForBalou.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe
Task: C:\Windows\Tasks\HPCeeScheduleForSOFIA$.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe

==================== Loaded Modules (Whitelisted) ==============

2011-09-28 07:19 - 2011-09-28 07:19 - 00073728 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Container.Wlan.dll
2015-01-20 23:35 - 2015-01-20 23:35 - 00085832 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2015-01-20 23:35 - 2015-01-20 23:35 - 01346344 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2011-03-14 17:27 - 2011-03-14 17:27 - 00346976 _____ () C:\ProgramData\DatacardService\HWDeviceService64.exe
2014-08-16 16:19 - 2013-02-05 09:24 - 00671744 _____ () C:\ProgramData\Internet Manager\OnlineUpdate\ouc.exe
2014-05-01 21:29 - 2009-08-23 19:24 - 00098304 _____ () C:\Program Files (x86)\FileZilla FTP Client\fzshellext_64.dll
2014-08-16 16:19 - 2009-01-10 12:32 - 00011362 _____ () C:\ProgramData\Internet Manager\OnlineUpdate\mingwm10.dll
2014-08-16 16:19 - 2009-06-22 20:42 - 00043008 _____ () C:\ProgramData\Internet Manager\OnlineUpdate\libgcc_s_dw2-1.dll
2014-08-16 16:19 - 2012-10-31 11:11 - 02417152 _____ () C:\ProgramData\Internet Manager\OnlineUpdate\QtCore4.dll
2014-08-16 16:19 - 2012-10-31 11:14 - 01148416 _____ () C:\ProgramData\Internet Manager\OnlineUpdate\QtNetwork4.dll
2015-04-28 19:53 - 2015-04-28 19:53 - 00140288 _____ () C:\Program Files (x86)\MyDrive Connect\quazip.dll
2014-09-11 17:06 - 2014-09-11 17:06 - 00878592 _____ () C:\Program Files (x86)\MyDrive Connect\Plugins\platforms\qwindows.dll
2014-09-11 17:05 - 2014-09-11 17:05 - 00036352 _____ () C:\Program Files (x86)\MyDrive Connect\Plugins\bearer\qgenericbearer.dll
2014-09-11 17:06 - 2014-09-11 17:06 - 00038912 _____ () C:\Program Files (x86)\MyDrive Connect\Plugins\bearer\qnativerwifibearer.dll
2014-09-11 17:14 - 2014-09-11 17:14 - 00032256 _____ () C:\Program Files (x86)\MyDrive Connect\Plugins\imageformats\qdds.dll
2014-09-11 17:05 - 2014-09-11 17:05 - 00021504 _____ () C:\Program Files (x86)\MyDrive Connect\Plugins\imageformats\qgif.dll
2014-09-11 17:14 - 2014-09-11 17:14 - 00027648 _____ () C:\Program Files (x86)\MyDrive Connect\Plugins\imageformats\qicns.dll
2014-09-11 17:05 - 2014-09-11 17:05 - 00021504 _____ () C:\Program Files (x86)\MyDrive Connect\Plugins\imageformats\qico.dll
2014-09-11 17:14 - 2014-09-11 17:14 - 00381952 _____ () C:\Program Files (x86)\MyDrive Connect\Plugins\imageformats\qjp2.dll
2014-09-11 17:05 - 2014-09-11 17:05 - 00204800 _____ () C:\Program Files (x86)\MyDrive Connect\Plugins\imageformats\qjpeg.dll
2014-09-11 17:14 - 2014-09-11 17:14 - 00218112 _____ () C:\Program Files (x86)\MyDrive Connect\Plugins\imageformats\qmng.dll
2014-09-11 17:08 - 2014-09-11 17:08 - 00015872 _____ () C:\Program Files (x86)\MyDrive Connect\Plugins\imageformats\qsvg.dll
2014-09-11 17:14 - 2014-09-11 17:14 - 00015360 _____ () C:\Program Files (x86)\MyDrive Connect\Plugins\imageformats\qtga.dll
2014-09-11 17:15 - 2014-09-11 17:15 - 00307712 _____ () C:\Program Files (x86)\MyDrive Connect\Plugins\imageformats\qtiff.dll
2014-09-11 17:15 - 2014-09-11 17:15 - 00014848 _____ () C:\Program Files (x86)\MyDrive Connect\Plugins\imageformats\qwbmp.dll
2014-09-11 17:15 - 2014-09-11 17:15 - 00252928 _____ () C:\Program Files (x86)\MyDrive Connect\Plugins\imageformats\qwebp.dll
2014-01-06 22:53 - 2014-01-06 22:53 - 27379992 _____ () C:\Program Files (x86)\Google\Picasa3\Picasa3i18n.dll
2014-01-06 21:18 - 2014-01-06 21:18 - 00405504 _____ () C:\Program Files (x86)\Google\Picasa3\plugins\CDVDR\CDVDR.yti
2014-01-06 22:30 - 2014-01-06 22:30 - 00430080 _____ () C:\Program Files (x86)\Google\Picasa3\plugins\ytITivo.yti
2014-01-06 22:53 - 2014-01-06 22:53 - 00100632 _____ () C:\Program Files (x86)\Google\Picasa3\qtsupport.dll
2015-02-13 05:20 - 2015-02-13 05:20 - 01044776 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2014-01-06 20:46 - 2014-01-06 20:46 - 02351104 _____ () C:\Program Files (x86)\Google\Picasa3\plugins\Red.dll
2014-10-16 11:15 - 2009-08-23 19:58 - 00094208 _____ () C:\Program Files (x86)\FileZilla FTP Client\fzshellext.dll
2015-05-26 14:43 - 2015-05-22 22:22 - 01281864 _____ () C:\Program Files (x86)\Google\Chrome\Application\43.0.2357.81\libglesv2.dll
2015-05-26 14:43 - 2015-05-22 22:22 - 00080712 _____ () C:\Program Files (x86)\Google\Chrome\Application\43.0.2357.81\libegl.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\ProgramData\Temp:373E1720

==================== Safe Mode (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CleanHlp => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CleanHlp.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CleanHlp => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CleanHlp.sys => ""="Driver"

==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-4246888475-3530032447-118406061-1002\Control Panel\Desktop\\Wallpaper -> C:\Users\adriana\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.2.1

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: APSDaemon => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: DivXMediaServer => C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe
MSCONFIG\startupreg: HP Quick Launch => C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
MSCONFIG\startupreg: HPConnectionManager => C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\HPCMDelayStart.exe
MSCONFIG\startupreg: HPOSD => C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
MSCONFIG\startupreg: HPQuickWebProxy => "C:\Program Files (x86)\Hewlett-Packard\HP QuickWeb\hpqwutils.exe"
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: Logitech Download Assistant => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
MSCONFIG\startupreg: Magic Desktop for HP notification => "C:\ProgramData\Easybits Magic Desktop for HP\mdhpSUN.exe"
MSCONFIG\startupreg: QuickTime Task => "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
MSCONFIG\startupreg: SetDefault => C:\Program Files\Hewlett-Packard\HP LaunchBox\SetDefault.exe
MSCONFIG\startupreg: StartCCC => "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{2D642E3C-49EC-4D17-9734-4A8090701D82}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{A225A52F-3CB1-4A93-A064-0D764B472A17}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{EAE192CA-4575-489E-AB91-6A97283B0D14}] => (Allow) LPort=2869
FirewallRules: [{50CA8323-A57A-4C64-A5FD-249FDE4C7962}] => (Allow) LPort=1900
FirewallRules: [{621C2173-AD3C-4922-B7BC-A20411CAD281}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{F5837E98-ECAC-421A-8046-17412049A08E}] => (Allow) C:\Program Files (x86)\Windows Live\Mesh\MOE.exe
FirewallRules: [{17814D93-4463-4D25-B6C9-CB6D0BC3E449}] => (Allow) C:\Windows\system32\ezSharedSvcHost.exe
FirewallRules: [TCP Query User{3227570D-C9CC-47F6-B607-6A7A45BE1265}C:\program files (x86)\epson software\event manager\eeventmanager.exe] => (Allow) C:\program files (x86)\epson software\event manager\eeventmanager.exe
FirewallRules: [UDP Query User{C56A0E4F-288B-4DA1-AA12-4BF3FDFBD155}C:\program files (x86)\epson software\event manager\eeventmanager.exe] => (Allow) C:\program files (x86)\epson software\event manager\eeventmanager.exe
FirewallRules: [TCP Query User{0D366521-5EE2-4C96-AFF3-C12A68EB5972}C:\program files (x86)\epson software\event manager\eeventmanager.exe] => (Allow) C:\program files (x86)\epson software\event manager\eeventmanager.exe
FirewallRules: [UDP Query User{AAD94BFD-1294-4F3D-9E70-6A09097753B0}C:\program files (x86)\epson software\event manager\eeventmanager.exe] => (Allow) C:\program files (x86)\epson software\event manager\eeventmanager.exe
FirewallRules: [{3D44B4D3-7945-48CE-B47B-2259F5F00ECF}] => (Allow) F:\Network\EpsonNetSetup\ENEasyApp.exe
FirewallRules: [{755F986A-9E82-4AFC-B6E3-7CE0A5177183}] => (Allow) F:\Network\EpsonNetSetup\ENEasyApp.exe
FirewallRules: [{6348B70F-C5C2-46BD-ABA1-43C75624ACA9}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{88DFD182-89B1-4377-9970-0D1969666DC6}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{364CA28C-62C3-48BD-80D5-C8C0288194FB}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{F502E6F9-39AF-4480-9187-E976B9C30D81}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{672B2BC6-6CCC-4566-BDA2-6E7CA3C2431A}] => (Allow) C:\Users\adriana\AppData\Local\Facebook\Video\Skype\FacebookVideoCalling.exe
FirewallRules: [TCP Query User{790D02CB-FDE8-496B-BC23-BCE85C699465}C:\users\adriana\appdata\roaming\dropbox\bin\dropbox.exe] => (Allow) C:\users\adriana\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [UDP Query User{634C3F3E-13F5-456C-8F00-0C1D4A82B0D3}C:\users\adriana\appdata\roaming\dropbox\bin\dropbox.exe] => (Allow) C:\users\adriana\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [{B63BE8F4-D3CA-455C-8938-F7F5E091F3F5}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPDeviceDetection3.exe
FirewallRules: [{12134C69-50EA-45FD-A69E-B65BC427EE5B}] => (Allow) C:\Users\adriana\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{7D71D540-4C8B-45C1-A81F-1480FEA35602}] => (Allow) C:\Users\adriana\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{9DFF9064-1CEC-4A29-94CF-802A326CEA85}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [TCP Query User{ED200E6F-C444-4D3A-8247-2FAC9977636D}C:\program files (x86)\mozilla firefox\firefox.exe] => (Allow) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [UDP Query User{BAA3DE53-7DCC-4A19-A30F-66ED41E7C344}C:\program files (x86)\mozilla firefox\firefox.exe] => (Allow) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [{F049708D-13CE-45A6-BC88-2BC55C242124}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{C6E4F6FC-F3BA-45A7-BEB3-D14257C36FCE}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{3A94279D-CFEA-43D6-822F-CB8252E1B5BB}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Faulty Device Manager Devices =============

Name: Microsoft-Adapter für Miniports virtueller WiFis
Description: Microsoft-Adapter für Miniports virtueller WiFis
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: vwifimp
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: SASDIFSV
Description: SASDIFSV
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: SASDIFSV
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.

Name: SASKUTIL
Description: SASKUTIL
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: SASKUTIL
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.

Name: NetGroup Packet Filter Driver
Description: NetGroup Packet Filter Driver
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: npf
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.


==================== Event log errors: =========================

Application errors:
==================
Error: (05/27/2015 06:40:32 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/26/2015 10:08:30 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/26/2015 03:43:35 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/26/2015 01:35:07 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/26/2015 01:20:11 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/26/2015 01:06:21 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/26/2015 11:26:28 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/25/2015 05:58:45 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/25/2015 04:26:22 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/25/2015 00:43:57 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


System errors:
=============
Error: (05/27/2015 07:30:41 AM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT)
Description: AnwendungsspezifischLokalStart{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT-AUTORITÄTSYSTEMS-1-5-18LocalHost (unter Verwendung von LRPC)

Error: (05/27/2015 07:20:43 AM) (Source: ipnathlp) (EventID: 31004) (User: )
Description: 0

Error: (05/27/2015 07:20:41 AM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT)
Description: AnwendungsspezifischLokalStart{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT-AUTORITÄTSYSTEMS-1-5-18LocalHost (unter Verwendung von LRPC)

Error: (05/27/2015 07:10:41 AM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT)
Description: AnwendungsspezifischLokalStart{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT-AUTORITÄTSYSTEMS-1-5-18LocalHost (unter Verwendung von LRPC)

Error: (05/27/2015 07:00:41 AM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT)
Description: AnwendungsspezifischLokalStart{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT-AUTORITÄTSYSTEMS-1-5-18LocalHost (unter Verwendung von LRPC)

Error: (05/27/2015 06:50:41 AM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT)
Description: AnwendungsspezifischLokalStart{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT-AUTORITÄTSYSTEMS-1-5-18LocalHost (unter Verwendung von LRPC)

Error: (05/27/2015 06:40:41 AM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT)
Description: AnwendungsspezifischLokalStart{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT-AUTORITÄTSYSTEMS-1-5-18LocalHost (unter Verwendung von LRPC)

Error: (05/27/2015 06:40:04 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "WinPcap Packet Driver (NPF)" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2

Error: (05/27/2015 06:40:04 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "WinPcap Packet Driver (NPF)" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2

Error: (05/27/2015 06:40:04 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "WinPcap Packet Driver (NPF)" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2


Microsoft Office:
=========================
Error: (01/13/2013 05:11:53 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6668.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 14990 seconds with 3420 seconds of active time. This session ended with a crash.


==================== Memory info ===========================

Processor: AMD A8-3520M APU with Radeon(tm) HD Graphics
Percentage of memory in use: 63%
Total physical RAM: 5609.41 MB
Available physical RAM: 2021.36 MB
Total Pagefile: 11217.02 MB
Available Pagefile: 7007.4 MB
Total Virtual: 8192 MB
Available Virtual: 8191.81 MB

==================== Drives ================================

Drive c: (System) (Fixed) (Total:625.17 GB) (Free:514.67 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive d: (Recovery) (Fixed) (Total:20.48 GB) (Free:2.16 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive e: (HP_TOOLS) (Fixed) (Total:3.96 GB) (Free:1.08 GB) FAT32
Drive g: (SICHERUNG_HP_TOOLS) (Fixed) (Total:48.83 GB) (Free:44.76 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 698.6 GB) (Disk ID: 5095087B)
Partition 1: (Not Active) - (Size=993 KB) - (Type=42)
Partition 2: (Active) - (Size=199 MB) - (Type=42)
Partition 3: (Not Active) - (Size=625.2 GB) - (Type=42)
Partition 4: (Not Active) - (Size=73.3 GB) - (Type=42)

==================== End of log ============================


Alt 28.05.2015, 19:46   #6
schrauber
/// the machine
/// TB-Ausbilder
 
Spyhunter - wie werde ich ihn wieder los - Standard

Spyhunter - wie werde ich ihn wieder los


Lade Dir bitte von hier Revo Uninstaller Download Revo Uninstaller (alternativ portable Revo Uninstaller) herunter.
  • Installiere und starte das Programm. (Bebilderte Anleitung zu Revo Uninstaller)
  • Klicke auf Optionen und wähle als Sprache Deutsch.
  • Suche im Uninstallerfeld nach den Programmen:

    SpyHunter 4

  • Wähle die Programme nacheinander aus und klicke jedes Mal auf Uninstall.
  • Wähle anschließend den Modus "Moderat" aus.
  • Reste löschen:
    Klicke auf dann auf und dann auf .

 





Scan mit Combofix
WARNUNG an die MITLESER:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel: Link
  • WICHTIG: Speichere Combofix auf deinem Desktop.
  • Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören. Combofix meckert auch manchmal trotzdem noch, das kannst du dann ignorieren, mir aber bitte mitteilen.
  • Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.
  • Während Combofix läuft bitte nicht am Computer arbeiten, die Maus bewegen oder ins Combofixfenster klicken!
  • Wenn Combofix fertig ist, wird es ein Logfile erstellen.
  • Bitte poste die C:\Combofix.txt in deiner nächsten Antwort (möglichst in CODE-Tags).
Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.

__________________
--> Spyhunter - wie werde ich ihn wieder los

Alt 29.05.2015, 00:03   #7
Sonnen
 
Spyhunter - wie werde ich ihn wieder los - Standard

SpyHunter 4


Guten Abend Schrauber,
ich werde sofort die angegebenen Schritte ausführen und dir alles hier einstellen.
Vielen, vielen Dank im voraus. Lg

Code:
ATTFilter
ComboFix 15-05-28.01 - adriana 29.05.2015   0:14.2.4 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.49.1031.18.5609.3618 [GMT 2:00]
ausgeführt von:: c:\users\adriana\Downloads\ComboFix.exe
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\adriana\Documents\~WRD0003.tmp
c:\users\Balou\Documents\~WRD0003.tmp
c:\windows\SysWow64\Packet.dll
c:\windows\SysWow64\wpcap.dll
.
.
(((((((((((((((((((((((((((((((((((((((   Treiber/Dienste   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_ACEDRV11
-------\Legacy_NPF
-------\Service_NPF
.
.
(((((((((((((((((((((((   Dateien erstellt von 2015-04-28 bis 2015-05-28  ))))))))))))))))))))))))))))))
.
.
2015-05-28 22:27 . 2015-05-28 22:27	--------	d-----w-	c:\users\DefaultAppPool\AppData\Local\temp
2015-05-28 22:27 . 2015-05-28 22:27	--------	d-----w-	c:\users\Default\AppData\Local\temp
2015-05-28 21:43 . 2015-05-28 21:43	--------	d-----w-	c:\program files (x86)\Common Files\Java
2015-05-28 19:25 . 2015-05-28 19:25	--------	d-----w-	c:\program files (x86)\VS Revo Group
2015-05-27 19:55 . 2015-05-27 19:55	--------	d-----w-	C:\fe204145e4178e7dbab4700645d0aa
2015-05-27 10:23 . 2015-05-27 10:25	--------	d-----w-	C:\AdwCleaner
2015-05-26 13:17 . 2015-05-27 06:33	--------	d-----w-	c:\programdata\SecTaskMan
2015-05-26 13:17 . 2015-05-27 06:33	--------	d-----w-	c:\program files (x86)\Security Task Manager
2015-05-21 22:30 . 2015-05-21 22:30	--------	d-----w-	c:\programdata\Emsisoft
2015-05-21 18:31 . 2015-05-22 12:31	--------	d-----w-	c:\programdata\Trend Micro
2015-05-21 18:31 . 2015-05-21 18:31	--------	d-----w-	c:\program files\Trend Micro
2015-05-21 18:09 . 2015-05-21 22:05	--------	d-----w-	c:\programdata\Trend Micro Installer
2015-05-19 17:48 . 2015-05-28 19:18	--------	d-----w-	c:\users\Balou
2015-05-19 15:12 . 2015-05-27 19:35	--------	d-----w-	C:\FRST
2015-05-19 09:59 . 2015-05-19 09:59	22704	----a-w-	c:\windows\system32\drivers\EsgScanner.sys
2015-05-13 11:08 . 2015-05-01 13:17	124112	----a-w-	c:\windows\system32\PresentationCFFRasterizerNative_v0300.dll
2015-05-13 11:08 . 2015-05-01 13:16	102608	----a-w-	c:\windows\SysWow64\PresentationCFFRasterizerNative_v0300.dll
2015-05-13 07:25 . 2015-05-05 01:29	342016	----a-w-	c:\windows\system32\schannel.dll
2015-05-13 07:25 . 2015-05-05 01:12	248832	----a-w-	c:\windows\SysWow64\schannel.dll
2015-05-13 07:25 . 2015-04-18 03:10	460800	----a-w-	c:\windows\system32\certcli.dll
2015-05-13 07:25 . 2015-04-18 02:56	342016	----a-w-	c:\windows\SysWow64\certcli.dll
2015-05-13 07:23 . 2015-04-27 19:23	113664	----a-w-	c:\windows\system32\sechost.dll
2015-05-09 20:22 . 2015-05-28 22:29	--------	d-----w-	c:\program files (x86)\Mozilla Maintenance Service
2015-05-01 18:10 . 2015-05-01 18:10	229608	----a-w-	c:\program files (x86)\Internet Explorer\Plugins\nppdf32.dll
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2015-05-28 21:42 . 2015-01-22 20:57	97888	----a-w-	c:\windows\SysWow64\WindowsAccessBridge-32.dll
2015-05-13 11:14 . 2012-05-13 16:47	140425016	----a-w-	c:\windows\system32\MRT.exe
2015-05-10 15:38 . 2013-09-26 20:23	778416	----a-w-	c:\windows\SysWow64\FlashPlayerApp.exe
2015-05-10 15:38 . 2013-09-26 20:23	142512	----a-w-	c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2015-04-27 19:04 . 2015-05-13 07:23	44032	----a-w-	c:\windows\apppatch\acwow64.dll
2015-03-25 03:24 . 2015-04-15 10:24	98304	----a-w-	c:\windows\system32\wudriver.dll
2015-03-25 03:24 . 2015-04-15 10:24	37376	----a-w-	c:\windows\system32\wups2.dll
2015-03-25 03:24 . 2015-04-15 10:24	35328	----a-w-	c:\windows\system32\wups.dll
2015-03-25 03:24 . 2015-04-15 10:24	3298816	----a-w-	c:\windows\system32\wucltux.dll
2015-03-25 03:24 . 2015-04-15 10:24	2553856	----a-w-	c:\windows\system32\wuaueng.dll
2015-03-25 03:24 . 2015-04-15 10:24	191488	----a-w-	c:\windows\system32\wuwebv.dll
2015-03-25 03:24 . 2015-04-15 10:24	696320	----a-w-	c:\windows\system32\wuapi.dll
2015-03-25 03:24 . 2015-04-15 10:24	60416	----a-w-	c:\windows\system32\WinSetupUI.dll
2015-03-25 03:23 . 2015-04-15 10:24	12288	----a-w-	c:\windows\system32\wu.upgrade.ps.dll
2015-03-25 03:23 . 2015-04-15 10:24	36864	----a-w-	c:\windows\system32\wuapp.exe
2015-03-25 03:23 . 2015-04-15 10:24	135168	----a-w-	c:\windows\system32\wuauclt.exe
2015-03-25 03:00 . 2015-04-15 10:24	92672	----a-w-	c:\windows\SysWow64\wudriver.dll
2015-03-25 03:00 . 2015-04-15 10:24	566784	----a-w-	c:\windows\SysWow64\wuapi.dll
2015-03-25 03:00 . 2015-04-15 10:24	29696	----a-w-	c:\windows\SysWow64\wups.dll
2015-03-25 03:00 . 2015-04-15 10:24	173056	----a-w-	c:\windows\SysWow64\wuwebv.dll
2015-03-25 03:00 . 2015-04-15 10:24	33792	----a-w-	c:\windows\SysWow64\wuapp.exe
2015-03-23 03:25 . 2015-04-15 10:24	726528	----a-w-	c:\windows\system32\generaltel.dll
2015-03-23 03:25 . 2015-04-15 10:24	769536	----a-w-	c:\windows\system32\invagent.dll
2015-03-23 03:24 . 2015-04-15 10:24	419840	----a-w-	c:\windows\system32\devinv.dll
2015-03-23 03:24 . 2015-04-15 10:24	957952	----a-w-	c:\windows\system32\appraiser.dll
2015-03-23 03:24 . 2015-04-15 10:24	30720	----a-w-	c:\windows\system32\acmigration.dll
2015-03-23 03:24 . 2015-04-15 10:24	192000	----a-w-	c:\windows\system32\aepic.dll
2015-03-23 03:24 . 2015-04-15 10:24	227328	----a-w-	c:\windows\system32\aepdu.dll
2015-03-23 03:17 . 2015-04-15 10:24	1111552	----a-w-	c:\windows\system32\aeinv.dll
2015-03-10 03:25 . 2015-04-15 10:24	1882624	----a-w-	c:\windows\system32\msxml3.dll
2015-03-10 03:21 . 2015-04-15 10:24	2048	----a-w-	c:\windows\system32\msxml3r.dll
2015-03-10 03:08 . 2015-04-15 10:24	1237504	----a-w-	c:\windows\SysWow64\msxml3.dll
2015-03-10 03:05 . 2015-04-15 10:24	2048	----a-w-	c:\windows\SysWow64\msxml3r.dll
2015-03-05 05:12 . 2015-04-15 10:24	404480	----a-w-	c:\windows\system32\gdi32.dll
2015-03-05 04:05 . 2015-04-15 10:24	311808	----a-w-	c:\windows\SysWow64\gdi32.dll
2015-03-04 04:55 . 2015-04-15 10:18	367552	----a-w-	c:\windows\system32\clfs.sys
2015-03-04 04:41 . 2015-04-15 10:18	79360	----a-w-	c:\windows\system32\clfsw32.dll
2015-03-04 04:41 . 2015-05-13 07:23	103424	----a-w-	c:\windows\apppatch\AppPatch64\acspecfc.dll
2015-03-04 04:41 . 2015-05-13 07:23	309248	----a-w-	c:\windows\apppatch\AppPatch64\AcGenral.dll
2015-03-04 04:10 . 2015-04-15 10:18	58880	----a-w-	c:\windows\SysWow64\clfsw32.dll
2015-03-04 04:10 . 2015-05-13 07:23	470528	----a-w-	c:\windows\apppatch\AcSpecfc.dll
2015-03-04 04:10 . 2015-05-13 07:23	2178560	----a-w-	c:\windows\apppatch\AcGenral.dll
2015-03-04 04:06 . 2015-05-13 07:23	2560	----a-w-	c:\windows\apppatch\AcRes.dll
2015-03-03 13:17 . 2010-11-21 03:27	295552	----a-w-	c:\windows\system32\MpSigStub.exe
2007-03-12 16:59 . 2007-03-12 16:59	299008	----a-w-	c:\program files (x86)\navigram_register.exe
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt1"]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 21:08	131480	----a-w-	c:\users\adriana\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt2"]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 21:08	131480	----a-w-	c:\users\adriana\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt3"]
@="{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 21:08	131480	----a-w-	c:\users\adriana\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt4"]
@="{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 21:08	131480	----a-w-	c:\users\adriana\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt5"]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 21:08	131480	----a-w-	c:\users\adriana\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt6"]
@="{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 21:08	131480	----a-w-	c:\users\adriana\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt7"]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 21:08	131480	----a-w-	c:\users\adriana\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt8"]
@="{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 21:08	131480	----a-w-	c:\users\adriana\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Google+ Auto Backup"="c:\users\adriana\AppData\Local\Programs\Google\Google+ Auto Backup\Google+ Auto Backup.exe" [2014-01-06 3619096]
"MyDriveConnect.exe"="c:\program files (x86)\MyDrive Connect\TomTom MyDrive Connect.exe" [2015-04-28 1905032]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2015-03-25 31682144]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"EEventManager"="c:\program files (x86)\Epson Software\Event Manager\EEventManager.exe" [2010-10-12 979328]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2015-04-30 334896]
.
c:\users\adriana\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\adriana\AppData\Roaming\Dropbox\bin\Dropbox.exe /systemstartup [2015-3-29 36414752]
OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk - c:\program files (x86)\Microsoft Office\Office12\ONENOTEM.EXE /tsr [2009-2-26 97680]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"HideFastUserSwitching"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"EnableShellExecuteHooks"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe"
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe"
.
R1 SASDIFSV;SASDIFSV;c:\users\adriana\AppData\Local\Temp\SAS_SelfExtract\SASDIFSV64.SYS;c:\users\adriana\AppData\Local\Temp\SAS_SelfExtract\SASDIFSV64.SYS [x]
R1 SASKUTIL;SASKUTIL;c:\users\adriana\AppData\Local\Temp\SAS_SelfExtract\SASKUTIL64.SYS;c:\users\adriana\AppData\Local\Temp\SAS_SelfExtract\SASKUTIL64.SYS [x]
R2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [x]
R2 Internet Manager. RunOuc;Internet Manager. OUC;c:\program files (x86)\T-Mobile\InternetManager_H\UpdateDog\ouc.exe;c:\program files (x86)\T-Mobile\InternetManager_H\UpdateDog\ouc.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R2 SpyHunter 4 Service;SpyHunter 4 Service;c:\program files\Enigma Software Group\SpyHunter\SH4Service.exe;c:\program files\Enigma Software Group\SpyHunter\SH4Service.exe [x]
R3 cleanhlp;cleanhlp;c:\eek\bin\cleanhlp64.sys;c:\eek\bin\cleanhlp64.sys [x]
R3 cpuz134;cpuz134;c:\users\adriana\AppData\Local\Temp\cpuz134\cpuz134_x64.sys;c:\users\adriana\AppData\Local\Temp\cpuz134\cpuz134_x64.sys [x]
R3 esgiguard;esgiguard;c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys;c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys [x]
R3 EsgScanner;EsgScanner;c:\windows\system32\DRIVERS\EsgScanner.sys;c:\windows\SYSNATIVE\DRIVERS\EsgScanner.sys [x]
R3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;c:\windows\system32\DRIVERS\ew_hwusbdev.sys;c:\windows\SYSNATIVE\DRIVERS\ew_hwusbdev.sys [x]
R3 ew_usbenumfilter;huawei_CompositeFilter;c:\windows\system32\DRIVERS\ew_usbenumfilter.sys;c:\windows\SYSNATIVE\DRIVERS\ew_usbenumfilter.sys [x]
R3 hpCMSrv;HP Connection Manager 4 Service;c:\program files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe;c:\program files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe [x]
R3 HSPADataCardusbmdm;HSPADataCard Proprietary USB Driver;c:\windows\system32\DRIVERS\HSPADataCardusbmdm.sys;c:\windows\SYSNATIVE\DRIVERS\HSPADataCardusbmdm.sys [x]
R3 HSPADataCardusbnmea;HSPADataCard NMEA Port;c:\windows\system32\DRIVERS\HSPADataCardusbnmea.sys;c:\windows\SYSNATIVE\DRIVERS\HSPADataCardusbnmea.sys [x]
R3 HSPADataCardusbser;HSPADataCard Diagnostic Port;c:\windows\system32\DRIVERS\HSPADataCardusbser.sys;c:\windows\SYSNATIVE\DRIVERS\HSPADataCardusbser.sys [x]
R3 huawei_cdcacm;huawei_cdcacm;c:\windows\system32\DRIVERS\ew_jucdcacm.sys;c:\windows\SYSNATIVE\DRIVERS\ew_jucdcacm.sys [x]
R3 huawei_ext_ctrl;huawei_ext_ctrl;c:\windows\system32\DRIVERS\ew_juextctrl.sys;c:\windows\SYSNATIVE\DRIVERS\ew_juextctrl.sys [x]
R3 huawei_wwanecm;huawei_wwanecm;c:\windows\system32\DRIVERS\ew_juwwanecm.sys;c:\windows\SYSNATIVE\DRIVERS\ew_juwwanecm.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 massfilter;Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter.sys;c:\windows\SYSNATIVE\drivers\massfilter.sys [x]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\MBAMSwissArmy.sys;c:\windows\SYSNATIVE\drivers\MBAMSwissArmy.sys [x]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTAZL6.SYS [x]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTDPV6.SYS [x]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTCNXT6.SYS [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;%TsUsbGD.DeviceDesc.Generic%;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R3 WSDScan;WSD-Scanunterstützung durch UMB;c:\windows\system32\drivers\WSDScan.sys;c:\windows\SYSNATIVE\drivers\WSDScan.sys [x]
R4 MSSQLServerADHelper100;SQL Server Hilfsdienst für Active Directory;c:\program files (x86)\Microsoft SQL Server\100\Shared\SQLADHLP.EXE;c:\program files (x86)\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [x]
R4 SQLAgent$SERVEREXP2008;SQL Server-Agent (SERVEREXP2008);c:\program files (x86)\Microsoft SQL Server\MSSQL10.SERVEREXP2008\MSSQL\Binn\SQLAGENT.EXE;c:\program files (x86)\Microsoft SQL Server\MSSQL10.SERVEREXP2008\MSSQL\Binn\SQLAGENT.EXE [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]
S0 amd_sata;amd_sata;c:\windows\system32\DRIVERS\amd_sata.sys;c:\windows\SYSNATIVE\DRIVERS\amd_sata.sys [x]
S0 amd_xata;amd_xata;c:\windows\system32\DRIVERS\amd_xata.sys;c:\windows\SYSNATIVE\DRIVERS\amd_xata.sys [x]
S0 sptd;sptd;c:\windows\\SystemRoot\System32\Drivers\sptd.sys;c:\windows\\SystemRoot\System32\Drivers\sptd.sys [x]
S2 ABBYY.Licensing.FineReader.Sprint.9.0;ABBYY FineReader 9.0 Sprint Licensing Service;c:\program files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe;c:\program files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [x]
S2 Apple Mobile Device Service;Apple Mobile Device Service;c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe;c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [x]
S2 c2cautoupdatesvc;Skype Click to Call Updater;c:\program files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe;c:\program files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [x]
S2 c2cpnrsvc;Skype Click to Call PNR Service;c:\program files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe;c:\program files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [x]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
S2 DiagTrack;Diagnostics Tracking Service;c:\windows\System32\svchost.exe;c:\windows\SYSNATIVE\svchost.exe [x]
S2 EPSON_EB_RPCV4_04;EPSON V5 Service4(04);c:\program files\Common Files\EPSON\EPW!3 SSRP\E_S50STB.EXE;c:\program files\Common Files\EPSON\EPW!3 SSRP\E_S50STB.EXE [x]
S2 EPSON_PM_RPCV4_04;EPSON V3 Service4(04);c:\program files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE;c:\program files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE [x]
S2 ezSharedSvc;Easybits Services for Windows;c:\windows\System32\ezSharedSvcHost.exe;c:\windows\SYSNATIVE\ezSharedSvcHost.exe [x]
S2 Freemake Improver;Freemake Improver;c:\programdata\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe;c:\programdata\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe [x]
S2 FreemakeVideoCapture;FreemakeVideoCapture;c:\program files (x86)\Freemake\CaptureLib\CaptureLibService.exe;c:\program files (x86)\Freemake\CaptureLib\CaptureLibService.exe [x]
S2 HPClientSvc;HP Client Services;c:\program files\Hewlett-Packard\HP Client Services\HPClientServices.exe;c:\program files\Hewlett-Packard\HP Client Services\HPClientServices.exe [x]
S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [x]
S2 HPWMISVC;HPWMISVC;c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe;c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [x]
S2 HWDeviceService64.exe;HWDeviceService64.exe;c:\programdata\DatacardService\HWDeviceService64.exe;c:\programdata\DatacardService\HWDeviceService64.exe [x]
S2 IconMan_R;IconMan_R;c:\program files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe;c:\program files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [x]
S2 MSSQL$SERVEREXP2008;SQL Server (SERVEREXP2008);c:\program files (x86)\Microsoft SQL Server\MSSQL10.SERVEREXP2008\MSSQL\Binn\sqlservr.exe;c:\program files (x86)\Microsoft SQL Server\MSSQL10.SERVEREXP2008\MSSQL\Binn\sqlservr.exe [x]
S3 amdiox64;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox64.sys;c:\windows\SYSNATIVE\DRIVERS\amdiox64.sys [x]
S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys;c:\windows\SYSNATIVE\drivers\AtihdW76.sys [x]
S3 clwvd;CyberLink WebCam Virtual Driver;c:\windows\system32\DRIVERS\clwvd.sys;c:\windows\SYSNATIVE\DRIVERS\clwvd.sys [x]
S3 huawei_enumerator;huawei_enumerator;c:\windows\system32\DRIVERS\ew_jubusenum.sys;c:\windows\SYSNATIVE\DRIVERS\ew_jubusenum.sys [x]
S3 RSPCIESTOR;Realtek PCIE CardReader Driver;c:\windows\system32\DRIVERS\RtsPStor.sys;c:\windows\SYSNATIVE\DRIVERS\RtsPStor.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
S3 RTL8192Ce;Realtek Wireless LAN 802.11n PCI-E NIC Driver;c:\windows\system32\DRIVERS\rtl8192Ce.sys;c:\windows\SYSNATIVE\DRIVERS\rtl8192Ce.sys [x]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys;c:\windows\SYSNATIVE\DRIVERS\usbfilter.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
iissvcs	REG_MULTI_SZ   	w3svc was
apphost	REG_MULTI_SZ   	apphostsvc
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2015-05-28 19:50	986440	----a-w-	c:\program files (x86)\Google\Chrome\Application\43.0.2357.81\Installer\chrmstp.exe
.
Inhalt des "geplante Tasks" Ordners
.
2015-05-28 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-09-26 15:38]
.
2015-05-28 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-04-19 13:51]
.
2015-05-28 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-04-19 13:51]
.
2015-05-28 c:\windows\Tasks\HPCeeScheduleForadriana.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2011-07-15 02:43]
.
2015-05-28 c:\windows\Tasks\HPCeeScheduleForBalou.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2011-07-15 02:43]
.
2015-05-11 c:\windows\Tasks\HPCeeScheduleForSOFIA$.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2011-07-15 02:43]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt1"]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 21:08	164760	----a-w-	c:\users\adriana\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt2"]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 21:08	164760	----a-w-	c:\users\adriana\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt3"]
@="{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 21:08	164760	----a-w-	c:\users\adriana\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt4"]
@="{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 21:08	164760	----a-w-	c:\users\adriana\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt5"]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 21:08	164760	----a-w-	c:\users\adriana\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt6"]
@="{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 21:08	164760	----a-w-	c:\users\adriana\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt7"]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 21:08	164760	----a-w-	c:\users\adriana\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt8"]
@="{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 21:08	164760	----a-w-	c:\users\adriana\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveBlacklistedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]
2015-04-28 09:34	774984	----a-w-	c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedEditOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}]
2015-04-28 09:34	774984	----a-w-	c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedEditOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}]
2015-04-28 09:34	774984	----a-w-	c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedViewOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}]
2015-04-28 09:34	774984	----a-w-	c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}]
2015-04-28 09:34	774984	----a-w-	c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncingOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]
2015-04-28 09:34	774984	----a-w-	c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2011-05-27 1128448]
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uDefault_Search_URL = hxxp://www.google.com/ie
mLocal Page = c:\windows\SysWOW64\blank.htm
uSearchAssistant = www.google.com
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Free YouTube Download - c:\program files (x86)\Common Files\DVDVideoSoft\plugins\freeytvdownloader.htm
IE: Free YouTube to MP3 Converter - c:\users\adriana\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
IE: Nach Microsoft E&xel exportieren - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.2.1
TCP: Interfaces\{5DDAC98E-5E73-4A5D-B5D9-C36969B42E00}: NameServer = 195.29.166.120 195.29.166.121
TCP: Interfaces\{773EAF73-9F10-4FC6-B396-104EEF539DF6}: NameServer = 10.48.65.24 10.48.65.25
TCP: Interfaces\{7839FE82-E019-40A6-9B1D-829DF931B9D2}: NameServer = 195.29.166.120 195.29.166.121
TCP: Interfaces\{817537F5-6CFF-4F1F-941F-60C4FB7609DA}: NameServer = 10.48.65.24 10.48.65.25
FF - ProfilePath - c:\users\adriana\AppData\Roaming\Mozilla\Firefox\Profiles\egj2scfg.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.griechischefellnasen.de/
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Wow6432Node-HKCU-Run-Spybot-S&D Cleaning - c:\program files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe
SafeBoot-CleanHlp
SafeBoot-CleanHlp.sys
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
HKLM_Wow6432Node-ActiveSetup-{F5E7D9AF-60F6-4A30-87E3-4EA94D322CE1} - msiexec
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe
AddRemove-{E35A3B13-78CD-4967-8AC8-AA9FDA693EDE} - c:\program files (x86)\InstallShield Installation Information\{E35A3B13-78CD-4967-8AC8-AA9FDA693EDE}\setup.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_16_0_0_257_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_16_0_0_257_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_16_0_0_257_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_16_0_0_257_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_16_0_0_257.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.16"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_16_0_0_257.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_16_0_0_257.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_16_0_0_257.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
   00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Wondershare\Wondershare Helper Compact\1634887535\m Files (x86)*ProgramFiles(x86)=c:\program files (x86)*programw6432=c:\Program Files*PSModulePath=c:\windows\system32\WindowsPowerShell\v1.0\Modules\PUBLIC=c:\users\Public*SystemDrive=C:*SystemRoot=c:\windows*temp=c:\Users\adriana\AppData\Local\Temp*TMP=C]
"JoinUserExperience"=dword:00000001
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files (x86)\Common Files\EPSON\EBAPI\eEBSVC.exe
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\windows\SysWOW64\ezSharedSvcHost.exe
c:\programdata\Internet Manager\OnlineUpdate\ouc.exe
c:\program files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\program files (x86)\CyberLink\YouCam\YCMMirage.exe
c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2015-05-29  00:38:45 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2015-05-28 22:38
.
Vor Suchlauf: 19 Verzeichnis(se), 552.455.823.360 Bytes frei
Nach Suchlauf: 27 Verzeichnis(se), 551.688.585.216 Bytes frei
.
- - End Of File - - CBDD4323373A78B6DCF721CE47F39B18
A36C5E4F47E84449FF07ED3517B43A31
Guten Morgen Schrauber,
ich hoffe ich habe alles richtig gemacht. Danke und Lg

Alt 29.05.2015, 17:58   #8
schrauber
/// the machine
/// TB-Ausbilder
 
Spyhunter - wie werde ich ihn wieder los - Standard

Spyhunter - wie werde ich ihn wieder los


Downloade Dir bitte Malwarebytes Anti-Malware
  • Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
  • Starte Malwarebytes' Anti-Malware (MBAM).
  • Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
  • Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
  • Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
  • Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
  • Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
  • Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.


Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

  • Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
  • Drücke eine beliebige Taste, um das Tool zu starten.
  • Je nach System kann der Scan eine Weile dauern.
  • Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
  • Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.


und ein frisches FRST log bitte.
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 29.05.2015, 21:33   #9
Sonnen
 
Spyhunter - wie werde ich ihn wieder los - Standard

Spyhunter - wie werde ich ihn wieder los


Guten Abend Schrauber,
ich habe ein großes problem, die Lizenz ist abgelaufen schreibt mir das Malwarebytes Anti Maleware. Was nun ???

Malwarebytes Anti-Malware
Malwarebytes | Free Anti-Malware & Internet Security Software

Suchlauf Datum: 29.05.2015
Suchlauf-Zeit: 21:30:03
Logdatei: mbam.txt
Administrator: Ja

Version: 2.01.6.1022
Malware Datenbank: v2015.05.29.05
Rootkit Datenbank: v2015.05.24.01
Lizenz: Kostenlos
Malware Schutz: Deaktiviert
Bösartiger Webseiten Schutz: Deaktiviert
Selbstschutz: Deaktiviert

Betriebssystem: Windows 7 Service Pack 1
CPU: x64
Dateisystem: NTFS
Benutzer: adriana

Suchlauf-Art: Bedrohungs-Suchlauf
Ergebnis: Abgeschlossen
Durchsuchte Objekte: 500290
Verstrichene Zeit: 30 Min, 44 Sek

Speicher: Aktiviert
Autostart: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Deaktiviert
Heuristik: Aktiviert
PUP: Aktiviert
PUM: Aktiviert

Prozesse: 0
(Keine schädliche Elemente gefunden)

Module: 0
(Keine schädliche Elemente gefunden)

Registrierungsschlüssel: 0
(Keine schädliche Elemente gefunden)

Registrierungswerte: 0
(Keine schädliche Elemente gefunden)

Registrierungsdaten: 0
(Keine schädliche Elemente gefunden)

Ordner: 0
(Keine schädliche Elemente gefunden)

Dateien: 0
(Keine schädliche Elemente gefunden)

Physische Sektoren: 0
(Keine schädliche Elemente gefunden)


(end)

AdwCleaner Logfile:
Code:
ATTFilter
# AdwCleaner v4.205 - Bericht erstellt 29/05/2015 um 22:15:14
# Aktualisiert 21/05/2015 von Xplode
# Datenbank : 2015-05-25.3 [Server]
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (x64)
# Benutzername : adriana - SOFIA
# Gestarted von : C:\Users\adriana\Downloads\AdwCleaner_4.205.exe
# Option : Löschen

***** [ Dienste ] *****


***** [ Dateien / Ordner ] *****

Ordner Gelöscht : C:\ProgramData\SecTaskMan
Ordner Gelöscht : C:\Users\Balou\AppData\Local\SecTaskMan

***** [ Geplante Tasks ] *****


***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****

Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{7854F00C-DC77-477E-A10E-603F48442D3B}

***** [ Internetbrowser ] *****

-\\ Internet Explorer v11.0.9600.17801


-\\ Mozilla Firefox v38.0.1 (x86 de)


-\\ Google Chrome v43.0.2357.81


*************************

AdwCleaner[R3].txt - [1054 Bytes] - [29/05/2015 22:13:43]
AdwCleaner[S2].txt - [976 Bytes] - [29/05/2015 22:15:14]

########## EOF - C:\AdwCleaner\AdwCleaner[S2].txt - [1034  Bytes] ##########
--- --- ---JRT Logfile:
Code:
ATTFilter
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.8.4 (05.29.2015:1)
OS: Windows 7 Home Premium x64
Ran by adriana on 29.05.2015 at 22:23:03,76
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Tasks



~~~ Registry Values

Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Search\\SearchAssistant



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{11111111-1111-1111-1111-110011501160}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11111111-1111-1111-1111-110011501160}



~~~ Files

Successfully deleted: [File] C:\Windows\wininit.ini
Successfully deleted: [File] C:\Users\adriana\appdata\local\google\chrome\user data\default\local storage\https_static.olark.com_0.localstorage
Successfully deleted: [File] C:\Users\adriana\appdata\local\google\chrome\user data\default\local storage\https_static.olark.com_0.localstorage-journal



~~~ Folders

Successfully deleted: [Empty Folder] C:\Users\adriana\appdata\local\{039EEA7F-FAA1-4557-AC93-3189CCDBA682}
Successfully deleted: [Empty Folder] C:\Users\adriana\appdata\local\{075B94CA-CE5C-459E-8AAB-1699A7A3E0FE}
Successfully deleted: [Empty Folder] C:\Users\adriana\appdata\local\{0A993A3A-5D0C-436E-B593-70A7457D5356}
Successfully deleted: [Empty Folder] C:\Users\adriana\appdata\local\{0B5778B9-9A2F-4000-B2D4-2CC7FCC27E04}
Successfully deleted: [Empty Folder] C:\Users\adriana\appdata\local\{0CEB0355-57D7-440A-8BF9-99A266940FAC}
Successfully deleted: [Empty Folder] C:\Users\adriana\appdata\local\{0D6E8D43-667F-47A1-9358-A26DD3E70705}
Successfully deleted: [Empty Folder] C:\Users\adriana\appdata\local\{0E080477-EB01-49F0-8365-D3C0FD08D34E}
Successfully deleted: [Empty Folder] C:\Users\adriana\appdata\local\{0F7FCA50-92F8-480C-8515-A655C072E82C}
Successfully deleted: [Empty Folder] C:\Users\adriana\appdata\local\{11E0EB1D-A497-48AE-9B27-6A0694821AE9}
Successfully deleted: [Empty Folder] C:\Users\adriana\appdata\local\{12138149-2722-433E-B392-33496E509FA0}
Successfully deleted: [Empty Folder] C:\Users\adriana\appdata\local\{127FA9D0-52A7-47A9-A0EE-D7B3705FA808}
Successfully deleted: [Empty Folder] C:\Users\adriana\appdata\local\{12BA3E43-6AEC-427A-82E2-588143D7F2F0}
Successfully deleted: [Empty Folder] C:\Users\adriana\appdata\local\{13D6DB00-47AF-4DEB-BF0D-09232D5E5CEE}
Successfully deleted: [Empty Folder] C:\Users\adriana\appdata\local\{147E0F09-E4D5-4DD6-B41C-F728608B183E}
Successfully deleted: [Empty Folder] C:\Users\adriana\appdata\local\{16DDD14A-D6DA-4329-B053-3618DC231E3A}
Successfully deleted: [Empty Folder] C:\Users\adriana\appdata\local\{17DF0D3C-1ADA-474E-8C87-BB2AC290B08F}
Successfully deleted: [Empty Folder] C:\Users\adriana\appdata\local\{19F2E75E-A230-477D-8EED-66951BD6AF5A}
Successfully deleted: [Empty Folder] C:\Users\adriana\appdata\local\{1A1F3C1C-A506-4558-9A2E-B5623B75DBE5}
Successfully deleted: [Empty Folder] C:\Users\adriana\appdata\local\{1B7ACF9A-8D75-4556-8A6F-1FEB424B07AB}
Successfully deleted: [Empty Folder] C:\Users\adriana\appdata\local\{1D75300F-8068-4B49-8492-D9A84502A2EC}
Successfully deleted: [Empty Folder] C:\Users\adriana\appdata\local\{2037C72B-B9C1-45AA-A400-F7BC56378F69}
Successfully deleted: [Empty Folder] C:\Users\adriana\appdata\local\{203AFC86-6619-453B-9C33-B0F483ECD895}
Successfully deleted: [Empty Folder] C:\Users\adriana\appdata\local\{21130628-4769-4043-A518-9A969DA629EF}
Successfully deleted: [Empty Folder] C:\Users\adriana\appdata\local\{216FDF80-C2FC-4BB5-9C76-29BEC6CAAB89}
Successfully deleted: [Empty Folder] C:\Users\adriana\appdata\local\{21FDB147-161B-4206-A3CB-8D47D8AD6A04}
Successfully deleted: [Empty Folder] C:\Users\adriana\appdata\local\{220A61FD-6575-413D-BAF9-B15DBE24FBDF}
Successfully deleted: [Empty Folder] C:\Users\adriana\appdata\local\{237498E0-BCDE-488F-BE1B-7C2043B40436}
Successfully deleted: [Empty Folder] C:\Users\adriana\appdata\local\{23FE99F1-6408-4816-BE06-FA8C2D6ADD8A}
Successfully deleted: [Empty Folder] C:\Users\adriana\appdata\local\{2501B198-FDE7-4C85-8ED1-ED0315E463DA}
Successfully deleted: [Empty Folder] C:\Users\adriana\appdata\local\{2538A861-5804-4C26-BF08-78EA9C8527E1}
Successfully deleted: [Empty Folder] C:\Users\adriana\appdata\local\{26292E20-ADCD-4959-A3B3-CD7E471B8F5E}
Successfully deleted: [Empty Folder] C:\Users\adriana\appdata\local\{264331F6-40F1-413D-8927-42D577F5824A}
Successfully deleted: [Empty Folder] C:\Users\adriana\appdata\local\{26A0D5C0-948E-4736-A3BB-883BB321C956}
Successfully deleted: [Empty Folder] C:\Users\adriana\appdata\local\{2786178E-F645-4EF8-9540-F307AB696415}
Successfully deleted: [Empty Folder] C:\Users\adriana\appdata\local\{285CC256-7643-47DD-A1FD-7B5D9DFFE0CD}
Successfully deleted: [Empty Folder] C:\Users\adriana\appdata\local\{293F8A50-517E-41D8-B6A5-E2A7D06A5A05}
Successfully deleted: [Empty Folder] C:\Users\adriana\appdata\local\{2BF03F79-8A5B-4221-A666-4BEA98B6EBC1}
Successfully deleted: [Empty Folder] C:\Users\adriana\appdata\local\{2C4C17FA-5586-4EDE-9261-984A63B5D664}
Successfully deleted: [Empty Folder] C:\Users\adriana\appdata\local\{2E005A54-37C4-4F38-9C24-2F3B5DF7F660}
Successfully deleted: [Empty Folder] C:\Users\adriana\appdata\local\{2E09B535-9822-4AAB-98B1-625E2146E674}
Successfully deleted: [Empty Folder] C:\Users\adriana\appdata\local\{2E16DBEB-DB3C-4CE8-8948-B630E0B76040}
Successfully deleted: [Empty Folder] C:\Users\adriana\appdata\local\{2FE03295-F451-41C0-91D1-92BC21D6751B}
Successfully deleted: [Empty Folder] C:\Users\adriana\appdata\local\{301F8717-FAD9-46EB-8367-EE4DB9421720}
Successfully deleted: [Empty Folder] C:\Users\adriana\appdata\local\{318108FD-D295-4B05-AB63-DC2C3435E53C}
Successfully deleted: [Empty Folder] C:\Users\adriana\appdata\local\{3205959B-656D-4864-9879-492344AD0B4D}
Successfully deleted: [Empty Folder] C:\Users\adriana\appdata\local\{324C2869-5758-4D21-B4FD-54126C92C9C3}
Successfully deleted: [Empty Folder] C:\Users\adriana\appdata\local\{32680685-C755-4792-B75A-BD980933B3D4}
Successfully deleted: [Empty Folder] C:\Users\adriana\appdata\local\{39F476CB-382E-47F1-8873-4AF6FC6E2EB6}
Successfully deleted: [Empty Folder] C:\Users\adriana\appdata\local\{3AAF0FFD-5C45-4A0A-9502-94A67A60ECF2}
Successfully deleted: [Empty Folder] C:\Users\adriana\appdata\local\{3E2E49AE-9F45-418D-9494-62579EA05578}
Successfully deleted: [Empty Folder] C:\Users\adriana\appdata\local\{3EA3B87F-CD42-456C-9278-820695624A0A}
Successfully deleted: [Empty Folder] C:\Users\adriana\appdata\local\{3F3B8AE1-E93B-4D86-AB9B-A546516BAE9C}
Successfully deleted: [Empty Folder] C:\Users\adriana\appdata\local\{3F6A6B7F-6E5B-403C-AE4B-486E26B87CF0}
Successfully deleted: [Empty Folder] C:\Users\adriana\appdata\local\{40DF6B45-D603-4557-9800-58F2ADDC93A7}
Successfully deleted: [Empty Folder] C:\Users\adriana\appdata\local\{412398E4-FF43-433F-80F5-BDC35B0DED66}
Successfully deleted: [Empty Folder] C:\Users\adriana\appdata\local\{41D4F8B5-0040-4415-AC1D-677F3FF040A3}
Successfully deleted: [Empty Folder] C:\Users\adriana\appdata\local\{43C20ECF-9AB8-44D4-AD9D-0117B8E6B0DA}
Successfully deleted: [Empty Folder] C:\Users\adriana\appdata\local\{45241B34-505B-43B0-8E19-B3F6B365604F}
Successfully deleted: [Empty Folder] C:\Users\adriana\appdata\local\{46A8A4F4-232A-41F9-9829-7B6FD93E0536}
Successfully deleted: [Empty Folder] C:\Users\adriana\appdata\local\{477E683C-6483-4395-8DE7-05071B2C59E2}
Successfully deleted: [Empty Folder] C:\Users\adriana\appdata\local\{49C52509-D1F0-4721-9597-C2089AD9ADD5}
Successfully deleted: [Empty Folder] C:\Users\adriana\appdata\local\{4AC58B32-8A16-425C-A9AD-1E7F4EB673C9}
Successfully deleted: [Empty Folder] C:\Users\adriana\appdata\local\{4C3FC0B4-65F5-4E3F-A94A-610E59878D87}
Successfully deleted: [Empty Folder] C:\Users\adriana\appdata\local\{4CE87FF8-C5DF-49F1-91E4-92ECD681410F}
Successfully deleted: [Empty Folder] C:\Users\adriana\appdata\local\{4DA4FA4F-5642-49F9-A9D9-537201250EA6}
Successfully deleted: [Empty Folder] C:\Users\adriana\appdata\local\{4DEC8D3E-A8C3-44B2-A641-9F0BA7E53C13}
Successfully deleted: [Empty Folder] C:\Users\adriana\appdata\local\{4E83E0BC-1F32-4889-B860-D2C1025F2463}
Successfully deleted: [Empty Folder] C:\Users\adriana\appdata\local\{4F68C74F-235A-4874-8E4A-3972168FF12F}
Successfully deleted: [Empty Folder] C:\Users\adriana\appdata\local\{504A8FFA-50C0-41CB-ADE9-6C3CE3CBAEEF}
Successfully deleted: [Empty Folder] C:\Users\adriana\appdata\local\{50F86081-3F7B-4402-BE91-2528B9B4BF5C}
Successfully deleted: [Empty Folder] C:\Users\adriana\appdata\local\{54C28538-90B1-4C74-95A3-E0396BCC8729}
Successfully deleted: [Empty Folder] C:\Users\adriana\appdata\local\{555AEA5D-D69D-4E3E-8AFF-AEC6CDC7F161}
Successfully deleted: [Empty Folder] C:\Users\adriana\appdata\local\{55B7CB12-DA6B-4BE1-9E8A-A5A8F5FA5733}
Successfully deleted: [Empty Folder] C:\Users\adriana\appdata\local\{5649AFF2-CFCF-42B9-A4E4-12A3CB4C68E6}
Successfully deleted: [Empty Folder] C:\Users\adriana\appdata\local\{57A775D8-835A-481A-846D-3DC3C6DB2F33}
Successfully deleted: [Empty Folder] C:\Users\adriana\appdata\local\{58B2C268-F246-41FF-BD59-BAA2EB8FCF0A}
Successfully deleted: [Empty Folder] C:\Users\adriana\appdata\local\{59544C9C-CE14-41DE-BAA1-4A9E3541E8FD}
Successfully deleted: [Empty Folder] C:\Users\adriana\appdata\local\{59969E35-2BDD-4A71-8C60-EFC024ED7141}
Successfully deleted: [Empty Folder] C:\Users\adriana\appdata\local\{5A243BDD-9D0B-47F9-9537-0E7C30D1DA57}
Successfully deleted: [Empty Folder] C:\Users\adriana\appdata\local\{5B4C6FBC-18A1-4F22-97FD-BC84280A95F9}
Successfully deleted: [Empty Folder] C:\Users\adriana\appdata\local\{5C943F6D-13DA-4269-A35A-573F4F8F6B25}
Successfully deleted: [Empty Folder] C:\Users\adriana\appdata\local\{60A8AB72-E1F7-42C7-B34A-BC0B7C95FA46}
Successfully deleted: [Empty Folder] C:\Users\adriana\appdata\local\{61B44FC6-F599-4DA7-9DB2-DB09CAFE43D9}
Successfully deleted: [Empty Folder] C:\Users\adriana\appdata\local\{620E3DDE-DBA7-4277-B366-2E6756F48E85}
Successfully deleted: [Empty Folder] C:\Users\adriana\appdata\local\{6274DAB9-CD0C-4AF1-B086-5B0F517F04A8}
Successfully deleted: [Empty Folder] C:\Users\adriana\appdata\local\{639BBCF8-3779-4A1C-BB4D-ABA8DC96E5A6}
Successfully deleted: [Empty Folder] C:\Users\adriana\appdata\local\{6429B9A9-112C-47FB-ADEB-FA8C67837DC6}
Successfully deleted: [Empty Folder] C:\Users\adriana\appdata\local\{64BF3335-7D25-48A2-8EE5-6860C94524D5}
Successfully deleted: [Empty Folder] C:\Users\adriana\appdata\local\{65774351-BC5A-4946-B1BA-433358F722F8}
Successfully deleted: [Empty Folder] C:\Users\adriana\appdata\local\{65ACED78-4CFF-48AE-B73F-7A002C18AC56}
Successfully deleted: [Empty Folder] C:\Users\adriana\appdata\local\{6661157A-B2DF-4221-A740-E069EF73678D}
Successfully deleted: [Empty Folder] C:\Users\adriana\appdata\local\{66DDADAB-73C0-43D7-970F-872A6C25BD8F}
Successfully deleted: [Empty Folder] C:\Users\adriana\appdata\local\{677D94D5-8BDD-4011-98BB-BDA43673C3AE}
Successfully deleted: [Empty Folder] C:\Users\adriana\appdata\local\{6825E455-466F-441D-A1E1-0147CD295A70}
Successfully deleted: [Empty Folder] C:\Users\adriana\appdata\local\{685F3E25-F5B7-4866-A0E8-ED55973CDB09}
Successfully deleted: [Empty Folder] C:\Users\adriana\appdata\local\{6979C9EE-38D3-449E-A56C-77433A0A1EFA}
Successfully deleted: [Empty Folder] C:\Users\adriana\appdata\local\{6BA4FEF8-1CC7-4AB7-AB58-65B3FDFE3365}
Successfully deleted: [Empty Folder] C:\Users\adriana\appdata\local\{6BB5813E-3616-4B71-BE98-FCC84DA532C9}
Successfully deleted: [Empty Folder] C:\Users\adriana\appdata\local\{6C5603C6-65D7-471C-9783-0857A0C1E593}
Successfully deleted: [Empty Folder] C:\Users\adriana\appdata\local\{6F8C3A4F-9A95-4436-AAC2-F4A3B8057FAC}
Successfully deleted: [Empty Folder] C:\Users\adriana\appdata\local\{71021AD9-0541-4380-B414-40EC0BB0F995}
Successfully deleted: [Empty Folder] C:\Users\adriana\appdata\local\{71BC059F-F59E-4812-9127-6C3F4A0D0634}
Successfully deleted: [Empty Folder] C:\Users\adriana\appdata\local\{7260BFD1-94D0-4526-8414-4DE599D693EB}
Successfully deleted: [Empty Folder] C:\Users\adriana\appdata\local\{73AC5DC8-31C6-42FF-9D85-7E220B9C3A01}
Successfully deleted: [Empty Folder] C:\Users\adriana\appdata\local\{77BB07A1-D51D-41B8-8657-633432CCFE52}
Successfully deleted: [Empty Folder] C:\Users\adriana\appdata\local\{77ECA6D0-0402-4FEC-9F0E-1A4F9C63D5F0}
Successfully deleted: [Empty Folder] C:\Users\adriana\appdata\local\{789D9D96-8453-40DC-B04E-2E2535552F2F}
Successfully deleted: [Empty Folder] C:\Users\adriana\appdata\local\{798B9432-9CB3-4DF0-81FE-CEE2E02A00A6}
Successfully deleted: [Empty Folder] C:\Users\adriana\appdata\local\{7C4B0F4D-F86C-4E9B-9A4C-095FB7C465CC}
Successfully deleted: [Empty Folder] C:\Users\adriana\appdata\local\{7D6582EA-C565-4577-9DD6-74ECE5482A6C}
Successfully deleted: [Empty Folder] C:\Users\adriana\appdata\local\{7FF84744-2918-488C-9A03-376E743D012D}
Successfully deleted: [Empty Folder] C:\Users\adriana\appdata\local\{80C797C4-A8DE-4A30-A436-DCE4428382D6}
Successfully deleted: [Empty Folder] C:\Users\adriana\appdata\local\{812B0144-7E1B-46D7-A1B8-CB19346E4477}
Successfully deleted: [Empty Folder] C:\Users\adriana\appdata\local\{846869DE-5BB9-4BE2-9929-FB5DD389D53A}
Successfully deleted: [Empty Folder] C:\Users\adriana\appdata\local\{849596B3-7A9B-40EC-B077-9F620841A6FE}
Successfully deleted: [Empty Folder] C:\Users\adriana\appdata\local\{8537C22C-AA97-49D2-8B17-CAA858B4590F}
Successfully deleted: [Empty Folder] C:\Users\adriana\appdata\local\{865DE053-2EE3-4207-97F5-1717612F19C6}
Successfully deleted: [Empty Folder] C:\Users\adriana\appdata\local\{8768D30B-D475-4DAC-89E1-A24FE7182461}
Successfully deleted: [Empty Folder] C:\Users\adriana\appdata\local\{87BEDD75-5812-4A8F-BB54-39F697FAB05C}
Successfully deleted: [Empty Folder] C:\Users\adriana\appdata\local\{8867490E-6255-4F00-B5A4-5E2AD825076C}
Successfully deleted: [Empty Folder] C:\Users\adriana\appdata\local\{88D2FE81-55EE-4F9F-BBC5-AAD1F9F3450D}
Successfully deleted: [Empty Folder] C:\Users\adriana\appdata\local\{8AC29858-7FD7-40C7-BB30-B3D05AB423EC}
Successfully deleted: [Empty Folder] C:\Users\adriana\appdata\local\{8C21B38E-58D7-4E94-A349-07DEAA0D176F}
Successfully deleted: [Empty Folder] C:\Users\adriana\appdata\local\{8CBE2C6A-1FAF-458E-8A79-04AB0CA32984}
Successfully deleted: [Empty Folder] C:\Users\adriana\appdata\local\{8CBF5C5F-79C0-477C-9A35-99BA6793D176}
Successfully deleted: [Empty Folder] C:\Users\adriana\appdata\local\{8D9C209C-DB09-40E7-9DB5-60F67852836A}
Successfully deleted: [Empty Folder] C:\Users\adriana\appdata\local\{8EF0DF7D-6AA7-4304-8A88-DF0EDD2C22E4}
Successfully deleted: [Empty Folder] C:\Users\adriana\appdata\local\{8F8A4C9D-721F-41C2-9A85-B9192724F6E8}
Successfully deleted: [Empty Folder] C:\Users\adriana\appdata\local\{904F870E-9812-4807-9500-24445D3DEA03}
Successfully deleted: [Empty Folder] C:\Users\adriana\appdata\local\{90555405-093D-4C70-9B2F-252B872E8EA3}
Successfully deleted: [Empty Folder] C:\Users\adriana\appdata\local\{90FC8EB8-7D61-4826-9078-4282072FCDE4}
Successfully deleted: [Empty Folder] C:\Users\adriana\appdata\local\{916DEC9C-42F6-41EC-BED0-07878B4712B2}
Successfully deleted: [Empty Folder] C:\Users\adriana\appdata\local\{9240A853-E57C-4CAF-94BB-A84F6EFB83D9}
Successfully deleted: [Empty Folder] C:\Users\adriana\appdata\local\{938271F7-B36D-4789-A40D-C6CCC963DAE3}
Successfully deleted: [Empty Folder] C:\Users\adriana\appdata\local\{9383F855-D14E-4F5D-9F60-50D2401C069A}
Successfully deleted: [Empty Folder] C:\Users\adriana\appdata\local\{938A9B0B-A3A4-4A45-9776-ED664830C0A5}
Successfully deleted: [Empty Folder] C:\Users\adriana\appdata\local\{9410E5E7-B733-478C-8594-C37FD6789678}
Successfully deleted: [Empty Folder] C:\Users\adriana\appdata\local\{942F6EAF-04F5-4D27-B429-4F2BBF8E3DC8}
Successfully deleted: [Empty Folder] C:\Users\adriana\appdata\local\{94F5322D-E4D4-40C1-AF98-4C376EDC882F}
Successfully deleted: [Empty Folder] C:\Users\adriana\appdata\local\{968756E4-D369-492F-85A3-A5704A2CF8F9}
Successfully deleted: [Empty Folder] C:\Users\adriana\appdata\local\{9852B1FD-3600-4DCB-B3CD-F59877C22904}
Successfully deleted: [Empty Folder] C:\Users\adriana\appdata\local\{9AB7A12E-0A19-47A3-8FB8-44A074997BE6}
Successfully deleted: [Empty Folder] C:\Users\adriana\appdata\local\{9B13351D-733F-42E7-BB56-F85698C2DBC4}
Successfully deleted: [Empty Folder] C:\Users\adriana\appdata\local\{9C82D870-E118-4407-AC23-0DBED1DA3091}
Successfully deleted: [Empty Folder] C:\Users\adriana\appdata\local\{A3B679C3-A20D-4105-9980-F8B264D983AB}
Successfully deleted: [Empty Folder] C:\Users\adriana\appdata\local\{A3CA4FA9-54C0-4581-8915-8C982B50FA7C}
Successfully deleted: [Empty Folder] C:\Users\adriana\appdata\local\{A4D855E7-0854-4208-8E28-6714497457E4}
Successfully deleted: [Empty Folder] C:\Users\adriana\appdata\local\{A50A2799-7A74-4B3E-A2A9-F04B8585473B}
Successfully deleted: [Empty Folder] C:\Users\adriana\appdata\local\{A56E32CE-BDE9-4D94-A95D-E33B7DE83A3D}
Successfully deleted: [Empty Folder] C:\Users\adriana\appdata\local\{A7900825-0A4B-4015-BE13-E6A9196D636B}
Successfully deleted: [Empty Folder] C:\Users\adriana\appdata\local\{AC342D03-1A56-426F-B121-40E319F1194A}
Successfully deleted: [Empty Folder] C:\Users\adriana\appdata\local\{AF24308F-352E-4D66-A625-DB81318D4A27}
Successfully deleted: [Empty Folder] C:\Users\adriana\appdata\local\{AFAB3354-26BC-48FC-8FB0-630741E82AC9}
Successfully deleted: [Empty Folder] C:\Users\adriana\appdata\local\{AFC319CC-A1C4-4F86-9A63-0CE4DA9B8FE6}
Successfully deleted: [Empty Folder] C:\Users\adriana\appdata\local\{B3308719-12B0-418B-B492-2D24F191E69F}
Successfully deleted: [Empty Folder] C:\Users\adriana\appdata\local\{B3C79F1F-EF76-4FAE-81CB-4193DB8701E1}
Successfully deleted: [Empty Folder] C:\Users\adriana\appdata\local\{B482AF03-5A58-4591-B2BD-9443DBC4653D}
Successfully deleted: [Empty Folder] C:\Users\adriana\appdata\local\{B5A2A5EA-5A27-492C-B878-2B2C26F012A7}
Successfully deleted: [Empty Folder] C:\Users\adriana\appdata\local\{B6024374-E2D5-4A5E-85DF-A349CF0D7336}
Successfully deleted: [Empty Folder] C:\Users\adriana\appdata\local\{B62C36BD-491F-4D22-86BB-CF5C424AFFE1}
Successfully deleted: [Empty Folder] C:\Users\adriana\appdata\local\{B73CE9D4-6778-4725-B446-F9FCEEB819C4}
Successfully deleted: [Empty Folder] C:\Users\adriana\appdata\local\{B85ABEED-49D1-42EF-ACF1-682AFFA30B1D}
Successfully deleted: [Empty Folder] C:\Users\adriana\appdata\local\{BA4A0DE0-6E06-4134-8089-9DDC88E7589A}
Successfully deleted: [Empty Folder] C:\Users\adriana\appdata\local\{BCC647DD-7723-47E3-9434-7AFF459914B5}
Successfully deleted: [Empty Folder] C:\Users\adriana\appdata\local\{BE74A8EA-1545-4956-9BCF-A40BA9A2E447}
Successfully deleted: [Empty Folder] C:\Users\adriana\appdata\local\{BF48781B-E7B6-45D4-8B45-CE8B9801B4AC}
Successfully deleted: [Empty Folder] C:\Users\adriana\appdata\local\{C0704CB5-CE71-44F1-8596-7DBB6858614D}
Successfully deleted: [Empty Folder] C:\Users\adriana\appdata\local\{C180DF7C-8D53-4964-8CEF-F69BADD191ED}
Successfully deleted: [Empty Folder] C:\Users\adriana\appdata\local\{C2768CDC-75CC-48A1-BD13-B9F065B3240A}
Successfully deleted: [Empty Folder] C:\Users\adriana\appdata\local\{C46FF479-CC25-4295-A747-DDF5C0014EFD}
Successfully deleted: [Empty Folder] C:\Users\adriana\appdata\local\{C4C8867C-5D29-49ED-B032-2FD3F4529DC8}
Successfully deleted: [Empty Folder] C:\Users\adriana\appdata\local\{C66550BB-00AA-4E45-B88E-24E9B307D814}
Successfully deleted: [Empty Folder] C:\Users\adriana\appdata\local\{C76C131E-9192-4CFD-A5EB-0E7F75122377}
Successfully deleted: [Empty Folder] C:\Users\adriana\appdata\local\{CAF035AF-DC5E-4F06-A06C-03F8FD4892DD}
Successfully deleted: [Empty Folder] C:\Users\adriana\appdata\local\{CBEC5AA2-C005-464C-BF3B-8004C1ADE3F2}
Successfully deleted: [Empty Folder] C:\Users\adriana\appdata\local\{CC2D6E16-F571-4E71-A3A9-6AB321DFA117}
Successfully deleted: [Empty Folder] C:\Users\adriana\appdata\local\{CEEBA2D8-3EDB-4C5D-AE38-F3CC59AF8603}
Successfully deleted: [Empty Folder] C:\Users\adriana\appdata\local\{CF96D522-774B-4B49-9EDF-0D6039975B5E}
Successfully deleted: [Empty Folder] C:\Users\adriana\appdata\local\{CFAFE914-F9AB-411E-89E0-79E918562373}
Successfully deleted: [Empty Folder] C:\Users\adriana\appdata\local\{D76CD074-1A8F-4E97-B37A-1980889C37DB}
Successfully deleted: [Empty Folder] C:\Users\adriana\appdata\local\{D84F71A4-38ED-4190-A6BA-426831B4C9C4}
Successfully deleted: [Empty Folder] C:\Users\adriana\appdata\local\{DA7E7BAA-BB73-42A6-8564-347540F3BB6A}
Successfully deleted: [Empty Folder] C:\Users\adriana\appdata\local\{DEB0F12D-53CE-4395-839B-4AD2EEA383E1}
Successfully deleted: [Empty Folder] C:\Users\adriana\appdata\local\{DEE750A8-E3AC-479F-9FD2-E111783E1F0A}
Successfully deleted: [Empty Folder] C:\Users\adriana\appdata\local\{DF04DAE3-F4CA-4D24-BEB7-18C3E62E0470}
Successfully deleted: [Empty Folder] C:\Users\adriana\appdata\local\{E1BB0CC3-CC82-434F-BDF7-2A998994BB91}
Successfully deleted: [Empty Folder] C:\Users\adriana\appdata\local\{E1EB959C-BD68-4CC6-9E2F-5CA67950CA5D}
Successfully deleted: [Empty Folder] C:\Users\adriana\appdata\local\{E2C9FA24-3479-4168-B6E7-CD0E0D6ABCE2}
Successfully deleted: [Empty Folder] C:\Users\adriana\appdata\local\{E3C00894-FACE-41FF-9259-9B462779CFD5}
Successfully deleted: [Empty Folder] C:\Users\adriana\appdata\local\{E7301F21-8829-41E2-A703-29B85ADE1E34}
Successfully deleted: [Empty Folder] C:\Users\adriana\appdata\local\{E992466A-4ED5-430F-82D0-FE090F2A1EB8}
Successfully deleted: [Empty Folder] C:\Users\adriana\appdata\local\{EB9D9FDB-1A83-4641-BA7B-157D9885F18A}
Successfully deleted: [Empty Folder] C:\Users\adriana\appdata\local\{EDA79D58-11CB-45F5-9182-67081489EFC6}
Successfully deleted: [Empty Folder] C:\Users\adriana\appdata\local\{EE481770-3E09-4CA2-868F-A93FA0E8B7D8}
Successfully deleted: [Empty Folder] C:\Users\adriana\appdata\local\{F246114A-9B6B-4D3B-94EA-11EA7549131A}
Successfully deleted: [Empty Folder] C:\Users\adriana\appdata\local\{F782A0FD-83D6-4AC0-947C-0158774FD1FE}
Successfully deleted: [Empty Folder] C:\Users\adriana\appdata\local\{F8EE9F36-2329-4AE4-BECD-AB548452C950}
Successfully deleted: [Empty Folder] C:\Users\adriana\appdata\local\{FD3FFDD6-7117-459D-BCA7-2C1C57BDA233}
Successfully deleted: [Empty Folder] C:\Users\adriana\appdata\local\{FDC38B7E-0306-4501-925F-69E555C720A2}
Successfully deleted: [Empty Folder] C:\Users\adriana\appdata\local\{FECDF7F9-DAE7-43EE-B035-55F0D94DA24F}
Successfully deleted: [Folder] C:\Users\adriana\appdata\local\com
Successfully deleted: [Folder] C:\Users\adriana\appdata\locallow\company



~~~ FireFox

Successfully deleted: [File] C:\user.js
Successfully deleted: [Folder] C:\Users\adriana\AppData\Roaming\mozilla\firefox\profiles\egj2scfg.default\smartbar
Emptied folder: C:\Users\adriana\AppData\Roaming\mozilla\firefox\profiles\egj2scfg.default\minidumps [35 files]



~~~ Chrome

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Google\Chrome\Extensions\ehgldbbpchgpcfagfpfjgoomddhccfgh

[C:\Users\adriana\appdata\local\Google\Chrome\User Data\Default\Preferences] - default search provider reset

[C:\Users\adriana\appdata\local\Google\Chrome\User Data\Default\Preferences] - Extensions Deleted:

[C:\Users\adriana\appdata\local\Google\Chrome\User Data\Default\Secure Preferences] - default search provider reset

[C:\Users\adriana\appdata\local\Google\Chrome\User Data\Default\Secure Preferences] - Extensions Deleted:
[]





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 29.05.2015 at 22:27:51,09
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
--- --- ---
Alt 29.05.2015, 21:49   #10
Sonnen
 
Spyhunter - wie werde ich ihn wieder los - Standard

Spyhunter - wie werde ich ihn wieder los


Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 29-05-2015
Ran by adriana (administrator) on SOFIA on 29-05-2015 22:35:41
Running from C:\Users\adriana\Downloads
Loaded Profiles: adriana (Available Profiles: adriana & Balou & DefaultAppPool)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: FRST Tutorial - How to use Farbar Recovery Scan Tool - Geeks to Go Forum

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(SEIKO EPSON CORPORATION) C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50STB.EXE
(SEIKO EPSON CORPORATION) C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE
(EasyBits Software AS) C:\Windows\SysWOW64\ezSharedSvcHost.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Windows\System32\alg.exe
(TomTom) C:\Program Files (x86)\MyDrive Connect\TomTom MyDrive Connect.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE
(Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
(Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_17_0_0_169.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_17_0_0_169.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2799912 2011-06-10] (Synaptics Incorporated)
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1128448 2011-05-27] (IDT, Inc.)
HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM-x32\...\Run: [EEventManager] => C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe [979328 2010-10-12] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [334896 2015-04-30] (Oracle Corporation)
HKLM\...\Policies\Explorer: [EnableShellExecuteHooks] 1
HKU\S-1-5-19\Control Panel\Desktop\\SCRNSAVE.EXE ->
HKU\S-1-5-20\Control Panel\Desktop\\SCRNSAVE.EXE ->
HKU\S-1-5-21-4246888475-3530032447-118406061-1002\...\Run: [Google+ Auto Backup] => C:\Users\adriana\AppData\Local\Programs\Google\Google+ Auto Backup\Google+ Auto Backup.exe [3619096 2014-01-06] (Google Inc.)
HKU\S-1-5-21-4246888475-3530032447-118406061-1002\...\Run: [MyDriveConnect.exe] => C:\Program Files (x86)\MyDrive Connect\TomTom MyDrive Connect.exe [1905032 2015-04-28] (TomTom)
HKU\S-1-5-21-4246888475-3530032447-118406061-1002\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [31682144 2015-03-25] (Skype Technologies S.A.)
HKU\S-1-5-21-4246888475-3530032447-118406061-1002\...\Policies\system: [DisableLockWorkstation] 0
HKU\S-1-5-21-4246888475-3530032447-118406061-1002\...\Policies\system: [DisableChangePassword] 0
HKU\S-1-5-21-4246888475-3530032447-118406061-1002\Control Panel\Desktop\\SCRNSAVE.EXE ->
HKU\S-1-5-18\Control Panel\Desktop\\SCRNSAVE.EXE ->
Startup: C:\Users\adriana\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2015-05-19]
ShortcutTarget: Dropbox.lnk -> C:\Users\adriana\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\adriana\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk [2014-02-20]
ShortcutTarget: OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk -> C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-4246888475-3530032447-118406061-1002\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = MSN Deutschland ? mit Hotmail Nachfolger Outlook und Messenger Skype
HKU\S-1-5-21-4246888475-3530032447-118406061-1002\Software\Microsoft\Internet Explorer\Main,Start Page = MSN Deutschland ? mit Hotmail Nachfolger Outlook und Messenger Skype
HKU\S-1-5-21-4246888475-3530032447-118406061-1002\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-4246888475-3530032447-118406061-1002\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Upgrade to Google Chrome
SearchScopes: HKLM -> {C87395B5-70D9-4E25-AB1F-FF23936613EF} URL = hxxp://www.amazon.de/s/ref=azs_osd_ieade?ie=UTF-8&tag=hp-de2-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/707-111076-19270-3/4?mpre=hxxp://www.ebay.de/sch/i.html?_nkw={searchTerms}
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-4246888475-3530032447-118406061-1002 -> {C87395B5-70D9-4E25-AB1F-FF23936613EF} URL =
SearchScopes: HKU\S-1-5-21-4246888475-3530032447-118406061-1002 -> ÛŸÆîZ§’2¹Þpv¨IÍá*X(Ž2s(ÛÎÀJºÔÓµ± vË°!×—(ä¼48иpatm6êo^Mp`Ëõ÷_i£w˜¾!„Áû†x¢8€ÙjÀÿþ*´Ñ;áa´[¦†8*º~RÙxœòÜ8'£-)x*ä* URL =
BHO: SteadyVideoBHO Class -> {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} -> C:\Program Files\AMD\SteadyVideo\SteadyVideo.dll [2011-06-07] (Advanced Micro Devices)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.)
BHO: Easy Photo Print -> {9421DD08-935F-4701-A9CA-22DF90AC4EA6} -> C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll [2009-08-24] (SEIKO EPSON CORPORATION / CyCom Technology Corp.)
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2015-05-01] (Microsoft Corporation)
BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll [2013-08-28] (Hewlett-Packard)
BHO-x32: SteadyVideoBHO Class -> {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} -> C:\Program Files (x86)\amd\SteadyVideo\SteadyVideo.dll [2011-06-07] (Advanced Micro Devices)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\ssv.dll [2015-05-28] (Oracle Corporation)
BHO-x32: Windows Live ID-Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.)
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2015-05-01] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\jp2ssv.dll [2015-05-28] (Oracle Corporation)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2013-08-28] (Hewlett-Packard)
Toolbar: HKLM - Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll [2009-08-24] (SEIKO EPSON CORPORATION / CyCom Technology Corp.)
Toolbar: HKU\S-1-5-21-4246888475-3530032447-118406061-1002 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
DPF: HKLM-x32 {6E718D87-6909-4FCE-92D4-EDCB2F725727} hxxp://navigram.com/engine/v1140/Navigram.cab
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2014-05-02] (Skype Technologies)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2015-05-01] (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2015-05-01] (Microsoft Corporation)
Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll [2011-06-07] (Advanced Micro Devices)
Filter-x32: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll [2011-06-07] (Advanced Micro Devices)
Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll [2011-06-07] (Advanced Micro Devices)
Filter-x32: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll [2011-06-07] (Advanced Micro Devices)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
Tcpip\..\Interfaces\{5DDAC98E-5E73-4A5D-B5D9-C36969B42E00}: [NameServer] 195.29.166.120 195.29.166.121
Tcpip\..\Interfaces\{773EAF73-9F10-4FC6-B396-104EEF539DF6}: [NameServer] 10.48.65.24 10.48.65.25
Tcpip\..\Interfaces\{7839FE82-E019-40A6-9B1D-829DF931B9D2}: [NameServer] 195.29.166.120 195.29.166.121
Tcpip\..\Interfaces\{817537F5-6CFF-4F1F-941F-60C4FB7609DA}: [NameServer] 10.48.65.24 10.48.65.25

FireFox:
========
FF ProfilePath: C:\Users\adriana\AppData\Roaming\Mozilla\Firefox\Profiles\egj2scfg.default
FF Homepage: hxxp://www.griechischefellnasen.de/
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_17_0_0_169.dll [2015-05-10] ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-16] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_169.dll [2015-05-10] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw.dll No File
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-10-30] ()
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll [2014-01-06] (Google, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=11.45.2 -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\dtplugin\npDeployJava1.dll [2015-05-28] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.45.2 -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\plugin2\npjp2.dll [2015-05-28] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-15] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll [2010-04-26] (Microsoft Corp.)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-15] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-15] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll No File
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-05-01] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-4246888475-3530032447-118406061-1002: @Skype Limited.com/Facebook Video Calling Plugin -> C:\Users\adriana\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll No File
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\np-mswmp.dll [2007-04-10] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2015-05-01] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll [2015-02-08] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll [2015-02-08] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll [2015-02-08] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll [2015-02-08] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll [2015-02-08] (Apple Inc.)
FF Extension: IE Tab 2 (FF 3.6+) - C:\Users\adriana\AppData\Roaming\Mozilla\Firefox\Profiles\egj2scfg.default\Extensions\{1BC9BA34-1EED-42ca-A505-6D2F1A935BBB} [2015-05-29]
FF Extension: Google Translator for Firefox - C:\Users\adriana\AppData\Roaming\Mozilla\Firefox\Profiles\egj2scfg.default\Extensions\translator@zoli.bod.xpi [2014-02-21]
FF Extension: ImTranslator - C:\Users\adriana\AppData\Roaming\Mozilla\Firefox\Profiles\egj2scfg.default\Extensions\{9AA46F4F-4DC7-4c06-97AF-5035170634FE}.xpi [2014-02-21]
FF Extension: DVDVideoSoft YouTube MP3 and Video Download - C:\Users\adriana\AppData\Roaming\Mozilla\Firefox\Profiles\egj2scfg.default\Extensions\{B64D9B05-48E1-4CEB-BF58-E0643994E900}.xpi [2015-01-06]
FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2015-05-01]
FF HKLM\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird
FF HKLM-x32\...\Firefox\Extensions: [ff-bmboc@bytemobile.com] - C:\Program Files\T-Mobile\InternetManager_H\OCx32\addon
FF HKLM-x32\...\Firefox\Extensions: [fmdownloader@gmail.com] - C:\Program Files (x86)\Freemake\Freemake Video Downloader\BrowserPlugin\Firefox\fmdownloader@gmail.com
FF HKLM-x32\...\Firefox\Extensions: [ytfmdownloader@gmail.com] - C:\Program Files (x86)\Freemake\Freemake Video Downloader\BrowserPlugin\Firefox\ytfmdownloader@gmail.com
FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK
FF HKLM-x32\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird

Chrome:
=======
CHR Profile: C:\Users\adriana\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Bookmark Manager) - C:\Users\adriana\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmlllbghnfkpflemihljekbapjopfjik [2015-05-19]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\adriana\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-04]
CHR Extension: (Skype Click to Call) - C:\Users\adriana\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2015-05-19]
CHR Extension: (Google Wallet) - C:\Users\adriana\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-02]
CHR HKLM-x32\...\Chrome\Extension: [bpegkgagfojjbcpkihigfmkojdmmimdf] - C:\Program Files (x86)\Freemake\Freemake Video Downloader\BrowserPlugin\Chrome\Freemake.Plugin.Chrome.crx [Not Found]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2015-05-01]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S2 ABBYY.Licensing.FineReader.Sprint.9.0; C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe [759048 2009-05-14] (ABBYY)
S2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [361984 2011-09-28] (Advanced Micro Devices, Inc.) [File not signed]
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77128 2015-01-20] (Apple Inc.)
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1394816 2015-05-01] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1772672 2015-05-01] (Microsoft Corporation)
S2 EpsonBidirectionalService; C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSVC.exe [94208 2006-12-19] (SEIKO EPSON CORPORATION) [File not signed]
R2 EPSON_EB_RPCV4_04; C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50STB.EXE [168448 2011-01-12] (SEIKO EPSON CORPORATION) [File not signed]
R2 ezSharedSvc; C:\Windows\SysWOW64\ezSharedSvcHost.exe [514232 2010-04-23] (EasyBits Software AS) [File not signed]
S2 Freemake Improver; C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe [108032 2014-07-15] (Freemake) [File not signed]
S2 FreemakeVideoCapture; C:\Program Files (x86)\Freemake\CaptureLib\CaptureLibService.exe [9216 2014-07-15] (Ellora Assets Corp.) [File not signed]
R2 HP Support Assistant Service; C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [92160 2013-11-04] (Hewlett-Packard Company) [File not signed]
S2 HWDeviceService64.exe; C:\ProgramData\DatacardService\HWDeviceService64.exe [346976 2011-03-14] ()
S2 IconMan_R; C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2413056 2011-06-29] (Realsil Microelectronics Inc.) [File not signed]
S2 Internet Manager. RunOuc; C:\Program Files (x86)\T-Mobile\InternetManager_H\UpdateDog\ouc.exe [671744 2013-02-05] () [File not signed]
S2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [1080120 2015-04-14] (Malwarebytes Corporation)
S2 MSSQL$SERVEREXP2008; c:\Program Files (x86)\Microsoft SQL Server\MSSQL10.SERVEREXP2008\MSSQL\Binn\sqlservr.exe [43044512 2014-07-12] (Microsoft Corporation)
S4 SQLAgent$SERVEREXP2008; c:\Program Files (x86)\Microsoft SQL Server\MSSQL10.SERVEREXP2008\MSSQL\Binn\SQLAGENT.EXE [380064 2014-07-12] (Microsoft Corporation)
R2 W3SVC; C:\Windows\system32\inetsrv\iisw3adm.dll [453120 2010-11-21] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
S2 SpyHunter 4 Service; C:\Program Files\Enigma Software Group\SpyHunter\SH4Service.exe [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
S3 cleanhlp; C:\EEK\bin\cleanhlp64.sys [57024 2015-03-04] (Emsisoft GmbH)
S3 EsgScanner; C:\Windows\System32\DRIVERS\EsgScanner.sys [22704 2015-05-19] ()
S3 huawei_wwanecm; C:\Windows\System32\DRIVERS\ew_juwwanecm.sys [241152 2012-12-03] (Huawei Technologies Co., Ltd.)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-04-14] (Malwarebytes Corporation)
S3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [136408 2015-05-29] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-04-14] (Malwarebytes Corporation)
R3 SNP2UVC; C:\Windows\System32\DRIVERS\snp2uvc.sys [1863720 2012-06-01] ()
R0 sptd; C:\Windows\System32\Drivers\sptd.sys [386680 2014-04-27] (Duplex Secure Ltd.)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 cpuz134; \??\C:\Users\adriana\AppData\Local\Temp\cpuz134\cpuz134_x64.sys [X]
S3 esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [X]
S3 HSPADataCardusbmdm; system32\DRIVERS\HSPADataCardusbmdm.sys [X]
S3 HSPADataCardusbnmea; system32\DRIVERS\HSPADataCardusbnmea.sys [X]
S3 HSPADataCardusbser; system32\DRIVERS\HSPADataCardusbser.sys [X]
S3 massfilter; system32\drivers\massfilter.sys [X]
S1 SASDIFSV; \??\C:\Users\adriana\AppData\Local\Temp\SAS_SelfExtract\SASDIFSV64.SYS [X]
S1 SASKUTIL; \??\C:\Users\adriana\AppData\Local\Temp\SAS_SelfExtract\SASKUTIL64.SYS [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-05-29 22:35 - 2015-05-29 22:35 - 02108928 _____ (Farbar) C:\Users\adriana\Downloads\FRST64.exe
2015-05-29 22:27 - 2015-05-29 22:27 - 00024017 _____ () C:\Users\adriana\Desktop\JRT.txt
2015-05-29 22:23 - 2015-05-29 22:23 - 00000207 _____ () C:\Windows\tweaking.com-regbackup-SOFIA-Windows-7-Home-Premium-(64-bit).dat
2015-05-29 22:23 - 2015-05-29 22:23 - 00000000 ____D () C:\RegBackup
2015-05-29 22:22 - 2015-05-29 22:22 - 02948651 _____ (Thisisu) C:\Users\adriana\Downloads\JRT.exe
2015-05-29 22:11 - 2015-05-29 22:15 - 00000000 ____D () C:\AdwCleaner
2015-05-29 22:10 - 2015-05-29 22:10 - 02222592 _____ () C:\Users\adriana\Downloads\AdwCleaner_4.205.exe
2015-05-29 22:08 - 2015-05-29 22:08 - 00001213 _____ () C:\Users\adriana\Desktop\mbam.txt
2015-05-29 22:03 - 2015-05-29 22:03 - 00001237 _____ () C:\malewarebytes ergebnis heute.txt
2015-05-29 21:27 - 2015-05-29 21:28 - 00136408 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-05-29 21:27 - 2015-05-29 21:27 - 00001068 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2015-05-29 21:27 - 2015-05-29 21:27 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware
2015-05-29 21:27 - 2015-05-29 21:27 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware
2015-05-29 21:27 - 2015-04-14 09:37 - 00107736 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-05-29 21:27 - 2015-04-14 09:37 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-05-29 21:27 - 2015-04-14 09:37 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-05-29 21:26 - 2015-05-29 21:26 - 21546080 _____ (Malwarebytes Corporation ) C:\Users\adriana\Downloads\mbam-setup-2.1.6.1022.exe
2015-05-29 00:38 - 2015-05-29 00:38 - 00037299 _____ () C:\ComboFix.txt
2015-05-28 23:57 - 2015-05-28 23:57 - 01124544 _____ (Adobe Systems Incorporated) C:\Users\adriana\Downloads\flashplayer17_hd_install.exe
2015-05-28 23:40 - 2015-05-28 23:40 - 00561248 _____ (Oracle Corporation) C:\Users\adriana\Downloads\jxpiinstall.exe
2015-05-28 23:38 - 2015-05-28 23:38 - 01124072 _____ (Adobe Systems Incorporated) C:\Users\adriana\Downloads\readerdc_de_ha_install.exe
2015-05-28 23:37 - 2015-05-28 23:37 - 01124544 _____ (Adobe Systems Incorporated) C:\Users\adriana\Downloads\flashplayer17_ha_install.exe
2015-05-28 23:30 - 2015-05-28 23:30 - 00001113 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2015-05-28 23:29 - 2015-05-28 23:29 - 00243656 _____ () C:\Users\adriana\Downloads\Firefox Setup Stub 38.0.1.exe
2015-05-28 22:26 - 2011-06-26 08:45 - 00256000 _____ () C:\Windows\PEV.exe
2015-05-28 22:26 - 2010-11-07 19:20 - 00208896 _____ () C:\Windows\MBR.exe
2015-05-28 22:26 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2015-05-28 22:26 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2015-05-28 22:26 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2015-05-28 22:26 - 2000-08-31 02:00 - 00098816 _____ () C:\Windows\sed.exe
2015-05-28 22:26 - 2000-08-31 02:00 - 00080412 _____ () C:\Windows\grep.exe
2015-05-28 22:26 - 2000-08-31 02:00 - 00068096 _____ () C:\Windows\zip.exe
2015-05-28 21:52 - 2015-05-29 00:38 - 00000000 ____D () C:\Qoobox
2015-05-28 21:51 - 2015-05-29 00:36 - 00000000 ____D () C:\Windows\erdnt
2015-05-28 21:25 - 2015-05-28 21:25 - 00001230 _____ () C:\Users\adriana\Desktop\Revo Uninstaller.lnk
2015-05-28 21:25 - 2015-05-28 21:25 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group
2015-05-28 21:22 - 2015-05-28 21:23 - 05628678 ____R (Swearware) C:\Users\adriana\Downloads\ComboFix.exe
2015-05-28 21:21 - 2015-05-28 21:21 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\adriana\Downloads\revosetup95 (1).exe
2015-05-27 21:55 - 2015-05-27 21:55 - 00000000 ____D () C:\fe204145e4178e7dbab4700645d0aa
2015-05-27 21:49 - 2015-05-27 21:49 - 00046935 _____ () C:\Users\adriana\Downloads\Addition.txt
2015-05-27 12:21 - 2015-05-27 12:21 - 00105619 _____ () C:\Users\adriana\Downloads\neuer scan mittag.txt
2015-05-27 07:29 - 2015-05-29 22:35 - 00022802 _____ () C:\Users\adriana\Downloads\FRST.txt
2015-05-26 19:35 - 2015-05-26 19:35 - 00000000 ____D () C:\Users\Balou\AppData\Roaming\GMX
2015-05-26 15:17 - 2015-05-27 08:33 - 00000000 ____D () C:\Program Files (x86)\Security Task Manager
2015-05-26 14:52 - 2015-05-26 14:52 - 00034332 _____ () C:\Users\Balou\Documents\software Bedrohungen1.txt
2015-05-24 16:27 - 2015-05-24 16:27 - 00000000 ____D () C:\Users\Balou\AppData\Local\Apple
2015-05-24 15:31 - 2015-05-24 15:31 - 00003186 _____ () C:\Windows\System32\Tasks\HPCeeScheduleForBalou
2015-05-24 15:17 - 2015-05-24 15:18 - 162150608 _____ (Emsisoft Ltd. ) C:\Users\Balou\Downloads\EmsisoftInternetSecuritySetup.exe
2015-05-22 14:47 - 2015-05-29 21:31 - 00000332 _____ () C:\Windows\Tasks\HPCeeScheduleForBalou.job
2015-05-22 14:47 - 2015-05-27 21:39 - 00000000 ____D () C:\Users\Balou\AppData\Local\Hewlett-Packard
2015-05-22 00:30 - 2015-05-22 00:30 - 00000000 ____D () C:\ProgramData\Emsisoft
2015-05-21 20:31 - 2015-05-22 14:31 - 00000000 ____D () C:\ProgramData\Trend Micro
2015-05-21 20:31 - 2015-05-21 20:31 - 00000000 ____D () C:\Program Files\Trend Micro
2015-05-21 20:30 - 2015-05-21 20:30 - 00000036 _____ () C:\Users\Balou\AppData\Local\housecall.guid.cache
2015-05-21 20:21 - 2015-05-21 20:21 - 00000000 ____D () C:\Users\Balou\AppData\Local\Trend Micro
2015-05-21 19:47 - 2015-05-21 21:08 - 00000000 ____D () C:\Users\Balou\AppData\Roaming\Nico Mak Computing
2015-05-21 18:39 - 2015-05-22 14:31 - 00000000 ____D () C:\Users\Balou\AppData\Local\Tempcab4d6f15f2003ef405f2cdaac60c63f_
2015-05-21 18:39 - 2015-05-22 14:31 - 00000000 ____D () C:\Users\Balou\AppData\Local\Temp9d0804a4ffbc2018293c60258a7393e8_
2015-05-21 18:36 - 2015-05-22 14:31 - 00000000 ____D () C:\Users\Balou\AppData\Local\Tempcb5f031f2fcb0b6739359a4a41301da2
2015-05-21 18:36 - 2015-05-22 14:31 - 00000000 ____D () C:\Users\Balou\AppData\Local\Tempcab4d6f15f2003ef405f2cdaac60c63f
2015-05-21 18:36 - 2015-05-22 14:31 - 00000000 ____D () C:\Users\Balou\AppData\Local\Temp9d0804a4ffbc2018293c60258a7393e8
2015-05-21 18:36 - 2015-05-21 18:50 - 00000000 ____D () C:\Users\Balou\AppData\Local\CrashDumps
2015-05-19 23:30 - 2015-05-22 14:31 - 00000000 ____D () C:\Users\Balou\Downloads\GMX - flug_files
2015-05-19 23:30 - 2015-05-22 14:31 - 00000000 ____D () C:\Users\Balou\Downloads\athene_files
2015-05-19 23:30 - 2015-05-19 23:30 - 00000000 ____D () C:\Users\Balou\Downloads\Originals
2015-05-19 23:30 - 2015-05-19 23:30 - 00000000 ____D () C:\Users\Balou\Downloads\artmedic_advent
2015-05-19 23:30 - 2014-05-09 00:01 - 00123830 _____ () C:\Users\Balou\Downloads\01.05.14 - 1
2015-05-19 23:30 - 2014-05-09 00:01 - 00045659 _____ () C:\Users\Balou\Downloads\02.05.14 - 1
2015-05-19 23:30 - 2014-01-18 02:55 - 00030502 _____ () C:\Users\Balou\Downloads\athene.htm
2015-05-19 23:30 - 2013-12-12 10:35 - 00031723 _____ () C:\Users\Balou\Downloads\GMX - flug.htm
2015-05-19 23:30 - 2011-03-28 21:07 - 00000038 _____ () C:\Users\Balou\Downloads\!!!readfirst.txt
2015-05-19 23:20 - 2015-05-19 23:20 - 00000000 ____D () C:\Users\Balou\AppData\Local\Macromedia
2015-05-19 20:44 - 2015-05-19 20:44 - 00001048 _____ () C:\Users\Balou\Desktop\adriana - Verknüpfung.lnk
2015-05-19 20:39 - 2015-05-19 20:39 - 00000000 ____D () C:\Users\Balou\AppData\Local\Adobe
2015-05-19 20:33 - 2015-05-19 20:33 - 00000521 _____ () C:\Users\Balou\Desktop\Sichern und Wiederherstellen - Verknüpfung.lnk
2015-05-19 20:21 - 2015-05-19 20:22 - 00000000 ____D () C:\Users\Balou\AppData\Roaming\Mozilla
2015-05-19 20:21 - 2015-05-19 20:22 - 00000000 ____D () C:\Users\Balou\AppData\Local\Mozilla
2015-05-19 20:00 - 2014-11-22 01:55 - 00001859 _____ () C:\Users\Balou\Documents\Weihnachtsgeschichte_3.txt
2015-05-19 20:00 - 2014-08-18 11:05 - 00000894 _____ () C:\Users\Balou\Documents\Tierärte Pool Kastrationsflyer Xanthi.txt
2015-05-19 20:00 - 2013-11-12 18:08 - 00001287 _____ () C:\Users\Balou\Documents\umsatz verein november 2013.csv
2015-05-19 20:00 - 2012-07-16 17:13 - 00000068 _____ () C:\Users\Balou\Documents\userpatch.dat
2015-05-19 20:00 - 2012-07-16 17:13 - 00000003 _____ () C:\Users\Balou\Documents\temporary.iti
2015-05-19 20:00 - 2012-07-15 18:27 - 00002048 _____ () C:\Users\Balou\Documents\watchdogtrace.dat
2015-05-19 20:00 - 2012-04-01 23:03 - 00000023 _____ () C:\Users\Balou\Documents\start_mumble.bat
2015-05-19 20:00 - 2012-02-02 01:35 - 00023819 _____ () C:\Users\Balou\Documents\Tierschutzverein Vorlage Sofia.dotx
2015-05-19 20:00 - 2012-01-20 02:08 - 00001043 _____ () C:\Users\Balou\Documents\YouCam(Webcam).lnk
2015-05-19 20:00 - 2011-08-23 15:46 - 08225519 _____ () C:\Users\Balou\Documents\tables.dat
2015-05-19 20:00 - 2011-06-26 15:21 - 02932120 _____ () C:\Users\Balou\Documents\tmccodes.dat
2015-05-19 20:00 - 2011-06-26 15:21 - 00000088 _____ () C:\Users\Balou\Documents\traffic.dat
2015-05-19 20:00 - 2011-04-08 22:54 - 10741064 _____ () C:\Users\Balou\Documents\wz145gev.exe
2015-05-19 20:00 - 2011-03-20 21:47 - 106928002 _____ () C:\Users\Balou\Documents\Stick.wmv
2015-05-19 20:00 - 2011-03-20 21:44 - 00023310 _____ () C:\Users\Balou\Documents\Stick.mxf
2015-05-19 20:00 - 2011-02-17 19:34 - 00000000 _____ () C:\Users\Balou\Documents\unconfirmed 3480.crdownload
2015-05-19 20:00 - 2010-05-23 21:00 - 00000525 _____ () C:\Users\Balou\Documents\Tierschutz-und Pflegevertrag Athen.txt
2015-05-19 20:00 - 2009-12-15 15:59 - 00079404 _____ () C:\Users\Balou\Documents\voice.wav
2015-05-19 20:00 - 2009-12-06 14:09 - 00004270 _____ () C:\Users\Balou\Documents\winmail.dat
2015-05-19 20:00 - 2009-11-27 01:41 - 00000473 _____ () C:\Users\Balou\Documents\Stefan.vcf
2015-05-19 20:00 - 2009-11-27 01:41 - 00000397 _____ () C:\Users\Balou\Documents\Stefan.vde
2015-05-19 20:00 - 2009-10-08 12:04 - 00001451 _____ () C:\Users\Balou\Documents\sv7cli1455538443.xml
2015-05-19 20:00 - 2009-09-29 10:46 - 01167688 _____ (Microsoft Corporation) C:\Users\Balou\Documents\wlsetup-custom.exe
2015-05-19 20:00 - 2009-06-30 18:37 - 08815552 _____ (Microsoft Corporation) C:\Users\Balou\Documents\windows-kb890830-v2.11.exe
2015-05-19 20:00 - 2009-04-07 09:58 - 00400752 _____ () C:\Users\Balou\Documents\Untitled Page.mht
2015-05-19 20:00 - 2008-11-20 21:19 - 00000891 _____ () C:\Users\Balou\Documents\style.css
2015-05-19 20:00 - 2008-05-22 14:51 - 02404880 _____ (Microsoft Corporation) C:\Users\Balou\Documents\WLinstaller.exe
2015-05-19 20:00 - 2008-04-04 16:45 - 00000359 _____ () C:\Users\Balou\Documents\VolumeConfig.plist
2015-05-19 20:00 - 2008-01-31 20:31 - 02628776 _____ () C:\Users\Balou\Documents\Weitere hilfreiche Features.one
2015-05-19 20:00 - 2008-01-31 20:31 - 00113704 _____ () C:\Users\Balou\Documents\Verschiedenes.one
2015-05-19 20:00 - 2006-10-31 01:00 - 01659904 _____ () C:\Users\Balou\Documents\WordMUI.msi
2015-05-19 20:00 - 2006-10-31 01:00 - 00244936 _____ () C:\Users\Balou\Documents\word12.opa
2015-05-19 20:00 - 2006-10-31 01:00 - 00001799 _____ () C:\Users\Balou\Documents\WordMUI.xml
2015-05-19 19:59 - 2015-05-09 19:09 - 00038976 _____ () C:\Users\Balou\Documents\Selbstauskunft.odt
2015-05-19 19:59 - 2014-04-09 13:24 - 00000812 _____ () C:\Users\Balou\Documents\nestor1.txt
2015-05-19 19:59 - 2014-03-11 21:42 - 00006633 _____ () C:\Users\Balou\Documents\reise xanthi1.txt
2015-05-19 19:59 - 2013-11-11 22:48 - 03843072 _____ (Piriform Ltd) C:\Users\Balou\Documents\rcsetup148.exe
2015-05-19 19:59 - 2013-11-08 21:47 - 00000056 _____ () C:\Users\Balou\Documents\MyData.ini
2015-05-19 19:59 - 2013-10-01 01:55 - 00020992 _____ () C:\Users\Balou\Documents\spenden thaleia.xls
2015-05-19 19:59 - 2013-09-26 20:36 - 00026112 _____ () C:\Users\Balou\Documents\Spendenaufruf Alexandroupolis Futter ab 2011.xls
2015-05-19 19:59 - 2013-03-31 21:10 - 00023706 _____ () C:\Users\Balou\Documents\post von fb asutretung kostas e v.txt
2015-05-19 19:59 - 2012-10-23 02:10 - 00230912 _____ () C:\Users\Balou\Documents\Pflegestellengesuche.pub
2015-05-19 19:59 - 2012-07-17 00:36 - 00539752 _____ () C:\Users\Balou\Documents\ServerLineIndex.dat
2015-05-19 19:59 - 2012-07-17 00:36 - 00118936 _____ () C:\Users\Balou\Documents\ServerNameIndex.dat
2015-05-19 19:59 - 2012-07-17 00:36 - 00000091 _____ () C:\Users\Balou\Documents\PatchFilter.dat
2015-05-19 19:59 - 2012-07-16 17:13 - 00000965 _____ () C:\Users\Balou\Documents\settings.dat
2015-05-19 19:59 - 2012-05-12 20:39 - 00475136 _____ () C:\Users\Balou\Documents\mumble.sqlite
2015-05-19 19:59 - 2012-05-12 20:39 - 00007338 _____ () C:\Users\Balou\Documents\mumble.ini
2015-05-19 19:59 - 2012-05-12 19:51 - 00002385 _____ () C:\Users\Balou\Documents\MumbleAutomaticCertificateBackup.p12
2015-05-19 19:59 - 2012-04-01 23:03 - 04431328 _____ (Thorvald Natvig) C:\Users\Balou\Documents\mumble.exe
2015-05-19 19:59 - 2012-03-29 22:19 - 00001634 _____ () C:\Users\Balou\Documents\Read Me First.txt
2015-05-19 19:59 - 2012-03-29 22:19 - 00001127 _____ () C:\Users\Balou\Documents\release.nfo
2015-05-19 19:59 - 2012-03-29 22:18 - 00012235 _____ () C:\Users\Balou\Documents\signpost_li.txt
2015-05-19 19:59 - 2012-03-29 20:09 - 00000468 _____ () C:\Users\Balou\Documents\restart.dat
2015-05-19 19:59 - 2012-03-28 17:00 - 00121496 _____ () C:\Users\Balou\Documents\Planung.one
2015-05-19 19:59 - 2012-02-15 23:47 - 00004956 _____ () C:\Users\Balou\Documents\OKiTALK_Readme.txt
2015-05-19 19:59 - 2011-12-30 15:25 - 00000008 _____ () C:\Users\Balou\Documents\report.cam
2015-05-19 19:59 - 2011-10-31 18:30 - 00071099 _____ () C:\Users\Balou\Documents\NK Liste fortlaufend 2011 Stand 31.10.2011sofia.xlsx
2015-05-19 19:59 - 2011-09-15 20:35 - 06418238 _____ () C:\Users\Balou\Documents\SSA40032.AVI
2015-05-19 19:59 - 2011-07-22 01:37 - 02012318 _____ () C:\Users\Balou\Documents\nederland.postal
2015-05-19 19:59 - 2011-06-26 15:21 - 106676576 _____ () C:\Users\Balou\Documents\poi.dat
2015-05-19 19:59 - 2011-06-26 15:21 - 00028526 _____ () C:\Users\Balou\Documents\profiles.dat
2015-05-19 19:59 - 2011-05-16 17:23 - 12181425 _____ () C:\Users\Balou\Documents\MOV03740.MPG
2015-05-19 19:59 - 2011-05-16 17:23 - 12181425 _____ () C:\Users\Balou\Documents\MOV03740 (1).MPG
2015-05-19 19:59 - 2011-03-19 20:44 - 14271992 _____ (Google Inc.) C:\Users\Balou\Documents\picasa38-setup.exe
2015-05-19 19:59 - 2011-01-23 13:15 - 00004471 _____ () C:\Users\Balou\Documents\Schutzvertrag TSV ARGOS.txt
2015-05-19 19:59 - 2011-01-22 19:55 - 00938024 _____ () C:\Users\Balou\Documents\Nicht abgelegte Notizen.one
2015-05-19 19:59 - 2011-01-22 16:10 - 00010256 _____ () C:\Users\Balou\Documents\Re _Sofia.txt
2015-05-19 19:59 - 2010-12-19 23:12 - 03325446 _____ () C:\Users\Balou\Documents\MP3-and-WAV-Solutions-Setup.exe
2015-05-19 19:59 - 2010-12-19 18:51 - 00000038 _____ () C:\Users\Balou\Documents\playlist.txt
2015-05-19 19:59 - 2010-12-19 18:51 - 00000030 _____ () C:\Users\Balou\Documents\play.bat
2015-05-19 19:59 - 2010-12-12 21:25 - 00000000 _____ () C:\Users\Balou\Documents\Scannen0016.jpg.crdownload
2015-05-19 19:59 - 2010-09-16 01:26 - 02013568 _____ (Microsoft Corporation) C:\Users\Balou\Documents\PPTVIEW.EXE
2015-05-19 19:59 - 2010-09-05 20:30 - 53785488 _____ () C:\Users\Balou\Documents\setup_av_free_ger50594.exe
2015-05-19 19:59 - 2010-05-29 15:54 - 01959956 _____ () C:\Users\Balou\Documents\MOV02066.3GP
2015-05-19 19:59 - 2010-05-18 01:00 - 00002315 _____ () C:\Users\Balou\Documents\readme.txt
2015-05-19 19:59 - 2010-05-04 18:04 - 00001494 _____ () C:\Users\Balou\Documents\ogg-vorbis_(tremor-variable)_license.txt
2015-05-19 19:59 - 2010-03-04 20:35 - 00237712 _____ (NCH Software) C:\Users\Balou\Documents\prismsetup.exe
2015-05-19 19:59 - 2009-12-24 10:27 - 00026835 _____ () C:\Users\Balou\Documents\qt.txt
2015-05-19 19:59 - 2009-11-21 21:08 - 00836837 _____ () C:\Users\Balou\Documents\small.rar
2015-05-19 19:59 - 2009-10-08 12:04 - 00012162 _____ () C:\Users\Balou\Documents\MessageLog.xsl
2015-05-19 19:59 - 2009-07-04 22:27 - 00000497 _____ () C:\Users\Balou\Documents\server.met.gz
2015-05-19 19:59 - 2009-06-25 17:17 - 06205440 _____ () C:\Users\Balou\Documents\s7119dex.exe
2015-05-19 19:59 - 2009-06-23 12:20 - 21935408 _____ (Apple Inc.) C:\Users\Balou\Documents\QuickTimeInstaller762.exe
2015-05-19 19:59 - 2009-06-21 17:27 - 23710864 _____ (Microsoft Corporation) C:\Users\Balou\Documents\MSNOIE8_DEDE_VIS.EXE
2015-05-19 19:59 - 2009-06-06 21:01 - 01228320 _____ (Adobe Systems Incorporated) C:\Users\Balou\Documents\PRE7_TB_WWEFGJ.exe
2015-05-19 19:59 - 2009-03-22 08:08 - 00000028 _____ () C:\Users\Balou\Documents\qt.conf
2015-05-19 19:59 - 2009-03-12 14:15 - 00001774 _____ () C:\Users\Balou\Documents\speex.txt
2015-05-19 19:59 - 2008-02-13 20:57 - 05473872 _____ (Microsoft Corporation) C:\Users\Balou\Documents\msjavx86.exe
2015-05-19 19:59 - 2008-01-31 20:31 - 00198784 _____ () C:\Users\Balou\Documents\Reisen.one
2015-05-19 19:59 - 2008-01-31 20:31 - 00132496 _____ () C:\Users\Balou\Documents\Recherche.one
2015-05-19 19:59 - 2008-01-31 20:31 - 00112432 _____ () C:\Users\Balou\Documents\Projekt A.one
2015-05-19 19:59 - 2008-01-31 20:31 - 00108824 _____ () C:\Users\Balou\Documents\Projekt B.one
2015-05-19 19:59 - 2008-01-31 20:31 - 00089736 _____ () C:\Users\Balou\Documents\Persönliche Informationen.one
2015-05-19 19:59 - 2008-01-31 20:31 - 00022824 _____ () C:\Users\Balou\Documents\Shopping.one
2015-05-19 19:59 - 2008-01-31 20:31 - 00022608 _____ () C:\Users\Balou\Documents\Rezepte.one
2015-05-19 19:59 - 2006-10-31 01:00 - 02421760 _____ () C:\Users\Balou\Documents\OfficeMUI.msi
2015-05-19 19:59 - 2006-10-31 01:00 - 02030080 _____ () C:\Users\Balou\Documents\OutlookMUI.msi
2015-05-19 19:59 - 2006-10-31 01:00 - 01658880 _____ () C:\Users\Balou\Documents\PublisherMUI.msi
2015-05-19 19:59 - 2006-10-31 01:00 - 01648128 _____ () C:\Users\Balou\Documents\PowerPointMUI.msi
2015-05-19 19:59 - 2006-10-31 01:00 - 01647616 _____ () C:\Users\Balou\Documents\OneNoteMUI.msi
2015-05-19 19:59 - 2006-10-31 01:00 - 00847872 _____ () C:\Users\Balou\Documents\Office64WW.msi
2015-05-19 19:59 - 2006-10-31 01:00 - 00717386 _____ () C:\Users\Balou\Documents\office12.opa
2015-05-19 19:59 - 2006-10-31 01:00 - 00515072 _____ () C:\Users\Balou\Documents\Proof.msi
2015-05-19 19:59 - 2006-10-31 01:00 - 00508416 _____ () C:\Users\Balou\Documents\Office64MUI.msi
2015-05-19 19:59 - 2006-10-31 01:00 - 00506880 _____ () C:\Users\Balou\Documents\Proofing.msi
2015-05-19 19:59 - 2006-10-31 01:00 - 00497936 _____ () C:\Users\Balou\Documents\outlk12.opa
2015-05-19 19:59 - 2006-10-31 01:00 - 00463152 _____ (Microsoft Corporation) C:\Users\Balou\Documents\setup.exe
2015-05-19 19:59 - 2006-10-31 01:00 - 00202490 _____ () C:\Users\Balou\Documents\proj12.opa
2015-05-19 19:59 - 2006-10-31 01:00 - 00145184 _____ (Microsoft Corporation) C:\Users\Balou\Documents\ose.exe
2015-05-19 19:59 - 2006-10-31 01:00 - 00105546 _____ () C:\Users\Balou\Documents\ppt12.opa
2015-05-19 19:59 - 2006-10-31 01:00 - 00101428 _____ () C:\Users\Balou\Documents\onent12.opa
2015-05-19 19:59 - 2006-10-31 01:00 - 00068096 _____ () C:\Users\Balou\Documents\ShellUI.MST
2015-05-19 19:59 - 2006-10-31 01:00 - 00057249 _____ () C:\Users\Balou\Documents\oct.chm
2015-05-19 19:59 - 2006-10-31 01:00 - 00054295 _____ () C:\Users\Balou\Documents\setup.chm
2015-05-19 19:59 - 2006-10-31 01:00 - 00049152 _____ () C:\Users\Balou\Documents\RosebudMUI.msi
2015-05-19 19:59 - 2006-10-31 01:00 - 00032972 _____ () C:\Users\Balou\Documents\pub12.opa
2015-05-19 19:59 - 2006-10-31 01:00 - 00027439 _____ () C:\Users\Balou\Documents\pss10r.chm
2015-05-19 19:59 - 2006-10-31 01:00 - 00016130 _____ () C:\Users\Balou\Documents\spd12.opa
2015-05-19 19:59 - 2006-10-31 01:00 - 00005772 _____ () C:\Users\Balou\Documents\OfficeMUI.xml
2015-05-19 19:59 - 2006-10-31 01:00 - 00002947 _____ () C:\Users\Balou\Documents\OutlookMUI.xml
2015-05-19 19:59 - 2006-10-31 01:00 - 00002582 _____ () C:\Users\Balou\Documents\README.HTM
2015-05-19 19:59 - 2006-10-31 01:00 - 00002310 _____ () C:\Users\Balou\Documents\Office64WW.xml
2015-05-19 19:59 - 2006-10-31 01:00 - 00001780 _____ () C:\Users\Balou\Documents\setup.xml
2015-05-19 19:59 - 2006-10-31 01:00 - 00001554 _____ () C:\Users\Balou\Documents\PowerPointMUI.xml
2015-05-19 19:59 - 2006-10-31 01:00 - 00001470 _____ () C:\Users\Balou\Documents\PublisherMUI.xml
2015-05-19 19:59 - 2006-10-31 01:00 - 00001461 _____ () C:\Users\Balou\Documents\Proof.xml
2015-05-19 19:59 - 2006-10-31 01:00 - 00001360 _____ () C:\Users\Balou\Documents\OneNoteMUI.xml
2015-05-19 19:59 - 2006-10-31 01:00 - 00001027 _____ () C:\Users\Balou\Documents\Office64MUI.xml
2015-05-19 19:59 - 2006-10-31 01:00 - 00000811 _____ () C:\Users\Balou\Documents\RosebudMUI.xml
2015-05-19 19:59 - 2006-10-31 01:00 - 00000807 _____ () C:\Users\Balou\Documents\Proofing.xml
2015-05-19 19:59 - 2006-10-31 01:00 - 00000522 _____ () C:\Users\Balou\Documents\Microsoft.VC80.CRT.manifest
2015-05-19 19:59 - 2006-10-26 20:49 - 00000804 _____ () C:\Users\Balou\Documents\pptview.exe.manifest
2015-05-19 19:59 - 2006-10-05 10:52 - 00004566 _____ () C:\Users\Balou\Documents\PVREADME.HTM
2015-05-19 19:58 - 2014-05-04 20:28 - 00001646 _____ () C:\Users\Balou\Documents\ingDiba.txt
2015-05-19 19:58 - 2013-09-27 12:34 - 00019456 _____ () C:\Users\Balou\Documents\Kafetoulis spenden OP Kosten.xls
2015-05-19 19:58 - 2013-09-27 11:36 - 00021504 _____ () C:\Users\Balou\Documents\Katzen Kastrationen 2013 Spenden.xls
2015-05-19 19:58 - 2012-07-17 00:36 - 00457295 _____ () C:\Users\Balou\Documents\MapServerPatch.dat
2015-05-19 19:58 - 2012-07-17 00:35 - 00051228 _____ () C:\Users\Balou\Documents\lto.dat
2015-05-19 19:58 - 2012-07-15 18:35 - 00014286 _____ () C:\Users\Balou\Documents\mapsettings.cfg
2015-05-19 19:58 - 2012-03-29 22:19 - 00015397 _____ () C:\Users\Balou\Documents\GNU General Public License.txt
2015-05-19 19:58 - 2012-03-29 22:19 - 00000783 _____ () C:\Users\Balou\Documents\MD5_license.txt
2015-05-19 19:58 - 2012-03-29 22:19 - 00000200 _____ () C:\Users\Balou\Documents\GPL-offer.txt
2015-05-19 19:58 - 2012-03-29 22:18 - 00000212 _____ () C:\Users\Balou\Documents\mctx.dat
2015-05-19 19:58 - 2012-03-06 15:20 - 00010754 _____ () C:\Users\Balou\Documents\Logfile.odt
2015-05-19 19:58 - 2011-08-23 15:20 - 00034757 _____ () C:\Users\Balou\Documents\GQ.jar
2015-05-19 19:58 - 2011-08-23 15:20 - 00000142 _____ () C:\Users\Balou\Documents\GQ.ddf
2015-05-19 19:58 - 2011-06-26 15:21 - 00000062 _____ () C:\Users\Balou\Documents\mapinfo.dat
2015-05-19 19:58 - 2011-06-21 15:15 - 00003217 _____ () C:\Users\Balou\Documents\Kündigung Probe Homepage.txt
2015-05-19 19:58 - 2011-04-12 23:38 - 00038470 _____ () C:\Users\Balou\Documents\Kürzlich aktualisiert.mxf
2015-05-19 19:58 - 2011-04-08 23:35 - 00083966 _____ () C:\Users\Balou\Documents\getDoc.do
2015-05-19 19:58 - 2011-03-01 20:32 - 00204336 _____ () C:\Users\Balou\Documents\Max_M_ 04 2005 OK chiens et chats._jpg
2015-05-19 19:58 - 2011-01-12 00:42 - 02853988 _____ () C:\Users\Balou\Documents\GMX-11-01-2011.zip
2015-05-19 19:58 - 2010-12-19 15:13 - 11011656 _____ () C:\Users\Balou\Documents\GER_Version.zip
2015-05-19 19:58 - 2010-03-25 11:27 - 07710141 _____ () C:\Users\Balou\Documents\kynosofio dogs.zip
2015-05-19 19:58 - 2010-03-25 11:23 - 07710141 _____ () C:\Users\Balou\Documents\kynosofio+dogs.zip
2015-05-19 19:58 - 2010-03-09 16:10 - 00588532 _____ () C:\Users\Balou\Documents\Kastrationstransp.10
2015-05-19 19:58 - 2010-03-09 16:09 - 00630270 _____ () C:\Users\Balou\Documents\Kastrationstransp.9
2015-05-19 19:58 - 2010-03-09 16:09 - 00630270 _____ () C:\Users\Balou\Documents\Kastrationstransp.8
2015-05-19 19:58 - 2010-03-09 16:09 - 00597894 _____ () C:\Users\Balou\Documents\Kastrationstransp.7
2015-05-19 19:58 - 2010-03-09 16:08 - 00624584 _____ () C:\Users\Balou\Documents\Kastrationstransp.6
2015-05-19 19:58 - 2010-02-27 18:34 - 02110728 _____ (Facebook, Inc.) C:\Users\Balou\Documents\Install_Facebook_Plug-In_1.0.3.exe
2015-05-19 19:58 - 2009-11-27 01:41 - 00885890 _____ () C:\Users\Balou\Documents\LesGermanComp.txt
2015-05-19 19:58 - 2009-11-27 01:41 - 00306176 _____ () C:\Users\Balou\Documents\German.dbl
2015-05-19 19:58 - 2009-11-27 01:41 - 00004069 _____ () C:\Users\Balou\Documents\GermanTT.rex
2015-05-19 19:58 - 2009-11-27 01:41 - 00000475 _____ () C:\Users\Balou\Documents\Katrin.vcf
2015-05-19 19:58 - 2009-11-27 01:41 - 00000398 _____ () C:\Users\Balou\Documents\Katrin.vde
2015-05-19 19:58 - 2009-11-27 01:41 - 00000364 _____ () C:\Users\Balou\Documents\German.lde
2015-05-19 19:58 - 2009-11-27 01:41 - 00000193 _____ () C:\Users\Balou\Documents\German.lcf
2015-05-19 19:58 - 2009-11-27 01:41 - 00000043 _____ () C:\Users\Balou\Documents\LicenseCode7.txt
2015-05-19 19:58 - 2009-11-27 01:37 - 00348160 _____ () C:\Users\Balou\Documents\InstallTomTomHOME.exe
2015-05-19 19:58 - 2009-10-27 11:46 - 04745072 _____ (GMX GmbH) C:\Users\Balou\Documents\gmx_profifax.exe
2015-05-19 19:58 - 2009-10-02 14:12 - 00001024 _____ () C:\Users\Balou\Documents\hbedv.key
2015-05-19 19:58 - 2009-06-30 14:45 - 00207626 _____ () C:\Users\Balou\Documents\IE8-Windows6.0-KB968220-x86.msu
2015-05-19 19:58 - 2009-02-28 17:44 - 00018351 _____ () C:\Users\Balou\Documents\licence.txt
2015-05-19 19:58 - 2008-11-05 20:47 - 04486176 _____ (maxdome ) C:\Users\Balou\Documents\maxdome-setup.exe
2015-05-19 19:58 - 2008-06-19 16:26 - 00012796 _____ () C:\Users\Balou\Documents\index.php
2015-05-19 19:58 - 2008-02-12 19:00 - 01722816 _____ (1&1 Internet AG) C:\Users\Balou\Documents\gmx_sms_manager.exe
2015-05-19 19:58 - 2008-02-10 15:32 - 00382352 _____ (Sun Microsystems, Inc.) C:\Users\Balou\Documents\jre-6u3-windows-i586-p-iftw.exe
2015-05-19 19:58 - 2007-03-23 18:32 - 00022657 _____ () C:\Users\Balou\Documents\Installer.icns
2015-05-19 19:58 - 2007-03-23 18:32 - 00017546 _____ () C:\Users\Balou\Documents\Installer.data
2015-05-19 19:58 - 2007-03-23 18:32 - 00000873 _____ () C:\Users\Balou\Documents\Info.plist
2015-05-19 19:58 - 2006-11-15 08:46 - 00012576 _____ () C:\Users\Balou\Documents\hs.txt
2015-05-19 19:58 - 2006-10-31 01:00 - 02369024 _____ () C:\Users\Balou\Documents\InfoPathMUI.msi
2015-05-19 19:58 - 2006-10-31 01:00 - 01653248 _____ () C:\Users\Balou\Documents\GrooveMUI.msi
2015-05-19 19:58 - 2006-10-31 01:00 - 00132876 _____ () C:\Users\Balou\Documents\inf12.opa
2015-05-19 19:58 - 2006-10-31 01:00 - 00009172 _____ () C:\Users\Balou\Documents\ic12.opa
2015-05-19 19:58 - 2006-10-31 01:00 - 00004573 _____ () C:\Users\Balou\Documents\InfoPathMUI.xml
2015-05-19 19:58 - 2006-10-31 01:00 - 00003900 _____ () C:\Users\Balou\Documents\groove12.opa
2015-05-19 19:58 - 2006-10-31 01:00 - 00001646 _____ () C:\Users\Balou\Documents\ID_00030.DPC
2015-05-19 19:58 - 2006-10-31 01:00 - 00000914 _____ () C:\Users\Balou\Documents\GrooveMUI.xml
2015-05-19 19:58 - 2000-02-24 23:16 - 00000048 _____ () C:\Users\Balou\Documents\MapUserPatch.dat
2015-05-19 19:57 - 2013-11-07 00:40 - 00001085 _____ () C:\Users\Balou\Documents\CyberLink YouCam(Webcam).lnk
2015-05-19 19:57 - 2012-07-17 00:35 - 00000017 _____ () C:\Users\Balou\Documents\ee_meta.txt
2015-05-19 19:57 - 2012-07-15 19:27 - 00000032 _____ () C:\Users\Balou\Documents\currentmap.dat
2015-05-19 19:57 - 2012-05-12 20:37 - 00215862 _____ () C:\Users\Balou\Documents\Console.txt
2015-05-19 19:57 - 2012-04-19 20:20 - 00000669 _____ () C:\Users\Balou\Documents\derefer.htm
2015-05-19 19:57 - 2012-03-29 22:18 - 06645751 _____ () C:\Users\Balou\Documents\data.chk
2015-05-19 19:57 - 2012-03-29 22:18 - 05119621 _____ () C:\Users\Balou\Documents\data_lim.chk
2015-05-19 19:57 - 2012-03-29 22:18 - 03205205 _____ () C:\Users\Balou\Documents\data_lis.chk
2015-05-19 19:57 - 2012-03-29 22:18 - 01441978 _____ () C:\Users\Balou\Documents\data_im2.chk
2015-05-19 19:57 - 2012-03-29 22:18 - 01219120 _____ () C:\Users\Balou\Documents\data_is2.chk
2015-05-19 19:57 - 2012-03-29 22:18 - 00347596 _____ () C:\Users\Balou\Documents\data_ts.chk
2015-05-19 19:57 - 2012-03-29 22:18 - 00075601 _____ () C:\Users\Balou\Documents\data_ra.chk
2015-05-19 19:57 - 2012-03-29 22:18 - 00012251 _____ () C:\Users\Balou\Documents\data_sp.chk
2015-05-19 19:57 - 2011-12-30 19:04 - 00713368 _____ () C:\Users\Balou\Documents\DVSUninstall.exe
2015-05-19 19:57 - 2011-12-12 20:49 - 00000018 _____ () C:\Users\Balou\Documents\CurrentLocation.dat
2015-05-19 19:57 - 2011-10-22 21:06 - 00020531 _____ () C:\Users\Balou\Documents\Corona.qss
2015-05-19 19:57 - 2011-08-02 16:17 - 00019955 _____ () C:\Users\Balou\Documents\FreeYouTubeToMP3ConverterProfile.xml
2015-05-19 19:57 - 2011-06-26 15:21 - 30216690 _____ () C:\Users\Balou\Documents\cphoneme.dat
2015-05-19 19:57 - 2011-06-26 15:21 - 20264329 _____ () C:\Users\Balou\Documents\crpoi.dat
2015-05-19 19:57 - 2011-06-26 15:21 - 181637972 _____ () C:\Users\Balou\Documents\cnode.dat
2015-05-19 19:57 - 2011-06-26 15:21 - 165445440 _____ () C:\Users\Balou\Documents\faces.dat
2015-05-19 19:57 - 2011-06-26 15:21 - 115179727 _____ () C:\Users\Balou\Documents\cname.dat
2015-05-19 19:57 - 2011-06-26 15:21 - 00004376 _____ () C:\Users\Balou\Documents\faces.met
2015-05-19 19:57 - 2011-06-22 22:18 - 00032162 _____ () C:\Users\Balou\Documents\FreeDVDVideoConverter_setup.txt
2015-05-19 19:57 - 2011-06-12 18:33 - 05639886 _____ () C:\Users\Balou\Documents\dogs+helpe.rar
2015-05-19 19:57 - 2011-06-12 18:29 - 02037336 _____ () C:\Users\Balou\Documents\example.rar
2015-05-19 19:57 - 2011-06-11 19:32 - 05639886 _____ () C:\Users\Balou\Documents\dogs helpe.rar
2015-05-19 19:57 - 2011-02-15 18:38 - 00000000 _____ () C:\Users\Balou\Documents\fax (1).txt
2015-05-19 19:57 - 2011-02-13 16:59 - 15867904 _____ () C:\Users\Balou\Documents\EpsonStylusSX420W.exe
2015-05-19 19:57 - 2010-12-07 16:51 - 00836042 _____ () C:\Users\Balou\Documents\data02.chk
2015-05-19 19:57 - 2010-12-07 16:51 - 00829418 _____ () C:\Users\Balou\Documents\data01.chk
2015-05-19 19:57 - 2010-12-07 16:51 - 00000058 _____ () C:\Users\Balou\Documents\data01.vif
2015-05-19 19:57 - 2010-12-07 16:51 - 00000054 _____ () C:\Users\Balou\Documents\data02.vif
2015-05-19 19:57 - 2010-11-17 13:19 - 00005731 _____ () C:\Users\Balou\Documents\FreeVideoToMP3ConverterProfile.xml
2015-05-19 19:57 - 2010-05-04 18:05 - 00781411 _____ () C:\Users\Balou\Documents\data34.chk
2015-05-19 19:57 - 2010-05-04 18:05 - 00752633 _____ () C:\Users\Balou\Documents\data35.chk
2015-05-19 19:57 - 2010-05-04 18:05 - 00707939 _____ () C:\Users\Balou\Documents\data39.chk
2015-05-19 19:57 - 2010-05-04 18:05 - 00000067 _____ () C:\Users\Balou\Documents\data34.vif
2015-05-19 19:57 - 2010-05-04 18:05 - 00000061 _____ () C:\Users\Balou\Documents\data35.vif
2015-05-19 19:57 - 2010-05-04 18:05 - 00000059 _____ () C:\Users\Balou\Documents\data39.vif
2015-05-19 19:57 - 2009-12-05 18:43 - 01927168 _____ () C:\Users\Balou\Documents\FreeTranslatorSetup_1.94.msi
2015-05-19 19:57 - 2009-11-27 01:41 - 00000781 _____ () C:\Users\Balou\Documents\default7.session
2015-05-19 19:57 - 2008-04-04 16:45 - 00000258 _____ () C:\Users\Balou\Documents\Exclusions.plist
2015-05-19 19:57 - 2008-01-31 20:34 - 02546760 _____ () C:\Users\Balou\Documents\Erste Schritte mit OneNote.one
2015-05-19 19:57 - 2008-01-26 20:12 - 00287240 _____ (Microsoft Corporation) C:\Users\Balou\Documents\dxwebsetup.exe
2015-05-19 19:57 - 2008-01-26 19:52 - 67160149 _____ () C:\Users\Balou\Documents\directx_nov2007_redist.zip
2015-05-19 19:57 - 2006-10-31 01:00 - 18183680 _____ () C:\Users\Balou\Documents\EnterpriseWW.msi
2015-05-19 19:57 - 2006-10-31 01:00 - 01756160 _____ () C:\Users\Balou\Documents\ExcelMUI.msi
2015-05-19 19:57 - 2006-10-31 01:00 - 01323033 _____ () C:\Users\Balou\Documents\files12.cat
2015-05-19 19:57 - 2006-10-31 01:00 - 00813384 _____ (Microsoft Corporation) C:\Users\Balou\Documents\DW20.EXE
2015-05-19 19:57 - 2006-10-31 01:00 - 00434528 _____ (Microsoft Corporation) C:\Users\Balou\Documents\dwtrig20.exe
2015-05-19 19:57 - 2006-10-31 01:00 - 00152834 _____ () C:\Users\Balou\Documents\excel12.opa
2015-05-19 19:57 - 2006-10-31 01:00 - 00027276 _____ () C:\Users\Balou\Documents\cpao12.opa
2015-05-19 19:57 - 2006-10-31 01:00 - 00016711 _____ () C:\Users\Balou\Documents\EnterpriseWW.xml
2015-05-19 19:57 - 2006-10-31 01:00 - 00001921 _____ () C:\Users\Balou\Documents\ExcelMUI.xml
2015-05-19 19:57 - 2006-10-31 01:00 - 00000952 _____ () C:\Users\Balou\Documents\config.xml
2015-05-19 19:56 - 2015-05-19 19:56 - 00000000 ____D () C:\Users\Balou\Documents\Youcam
2015-05-19 19:56 - 2015-05-19 19:56 - 00000000 ____D () C:\Users\Balou\Documents\Wir gehen auf die Reise nach Alexandroupolis
2015-05-19 19:56 - 2015-05-19 19:56 - 00000000 ____D () C:\Users\Balou\Documents\Tierheim Alexandroupolis Hilfe
2015-05-19 19:56 - 2015-05-19 19:56 - 00000000 ____D () C:\Users\Balou\Documents\Picasa HTML Exports
2015-05-19 19:56 - 2015-05-19 19:56 - 00000000 ____D () C:\Users\Balou\Documents\Picasa
2015-05-19 19:56 - 2015-05-19 19:56 - 00000000 ____D () C:\Users\Balou\Documents\OneNote-Notizbücher
2015-05-19 19:56 - 2015-05-19 19:56 - 00000000 ____D () C:\Users\Balou\Documents\Office 2007
2015-05-19 19:56 - 2015-05-19 19:56 - 00000000 ____D () C:\Users\Balou\Documents\Neue Spenden heute
2015-05-19 19:56 - 2015-05-19 19:56 - 00000000 ____D () C:\Users\Balou\Documents\neue Pakete
2015-05-19 19:56 - 2015-05-19 19:56 - 00000000 ____D () C:\Users\Balou\Documents\My PSP Files
2015-05-19 19:56 - 2015-05-19 19:56 - 00000000 ____D () C:\Users\Balou\Documents\Meine empfangenen Dateien
2015-05-19 19:56 - 2015-05-19 19:56 - 00000000 ____D () C:\Users\Balou\Documents\Freemake
2015-05-19 19:56 - 2015-05-19 19:56 - 00000000 ____D () C:\Users\Balou\Documents\Fax
2015-05-19 19:56 - 2015-05-19 19:56 - 00000000 ____D () C:\Users\Balou\Documents\auswahl
2015-05-19 19:56 - 2015-05-19 19:56 - 00000000 ____D () C:\Users\Balou\Documents\2011-02-10
2015-05-19 19:56 - 2015-05-19 19:56 - 00000000 ____D () C:\Users\Balou\Documents\2011-01-24
2015-05-19 19:56 - 2015-02-22 16:05 - 00000124 _____ () C:\Users\Balou\Documents\.picasa.ini
2015-05-19 19:56 - 2014-02-22 15:53 - 00000420 _____ () C:\Users\Balou\Documents\Bella Xanthi.txt
2015-05-19 19:56 - 2014-01-01 18:54 - 00004796 _____ () C:\Users\Balou\Documents\cc_20140101_175404.reg
2015-05-19 19:56 - 2013-12-11 01:53 - 00022616 _____ () C:\Users\Balou\Documents\cc_20131211_005018.reg
2015-05-19 19:56 - 2013-11-21 19:47 - 00000000 ____D () C:\Users\Balou\Documents\lt_NetrixLoadHtml_1aca60cad1b54647ba7bf39d0eaddb17_ln_src
2015-05-19 19:56 - 2012-07-17 00:37 - 00000149 _____ () C:\Users\Balou\Documents\Backup Info.ini
2015-05-19 19:56 - 2012-07-16 17:13 - 00000001 _____ () C:\Users\Balou\Documents\allowtrip.dat
2015-05-19 19:56 - 2012-07-15 19:29 - 00082264 _____ () C:\Users\Balou\Documents\cbee.cbee
2015-05-19 19:56 - 2012-06-02 21:46 - 00000081 _____ () C:\Users\Balou\Documents\a93c85dc1f57a8d92045ae622ccfdb03.tmp.meta
2015-05-19 19:56 - 2012-03-01 13:59 - 00065510 _____ () C:\Users\Balou\Documents\Alexandroupolis neu.wlmp
2015-05-19 19:56 - 2012-02-18 03:58 - 00017956 _____ () C:\Users\Balou\Documents\2_Sachzuwendungen-§-10b-§-5-Abs-1-Nr-9.odt
2015-05-19 19:56 - 2012-02-02 02:25 - 00021097 _____ () C:\Users\Balou\Documents\Annette Feldmann.dotx
2015-05-19 19:56 - 2011-07-27 14:59 - 00000051 _____ () C:\Users\Balou\Documents\bootloaderversion.txt
2015-05-19 19:56 - 2011-06-26 15:21 - 681154498 _____ () C:\Users\Balou\Documents\cline.dat
2015-05-19 19:56 - 2011-06-26 15:21 - 00364998 _____ () C:\Users\Balou\Documents\Central_Europe-386.meta
2015-05-19 19:56 - 2011-06-16 14:23 - 00065152 _____ () C:\Users\Balou\Documents\Arbeitserlaubnis GR.tif
2015-05-19 19:56 - 2011-05-26 17:11 - 00640420 _____ () C:\Users\Balou\Documents\Certificate 120 according EU directive 78-1027 from 18.12.1978.rar
2015-05-19 19:56 - 2011-05-26 17:11 - 00606978 _____ () C:\Users\Balou\Documents\Certificate 121 for good repute according EU directive 78-1027 from 18.12.1978.rar
2015-05-19 19:56 - 2011-05-26 17:11 - 00606978 _____ () C:\Users\Balou\Documents\Certificate 121 for good repute according EU directive 78-1027 from 18.12.1978 (1).rar
2015-05-19 19:56 - 2011-05-26 17:11 - 00409825 _____ () C:\Users\Balou\Documents\Certificate Member of Bulgarian veterinary union BG.pdf.rar
2015-05-19 19:56 - 2011-05-26 17:11 - 00110412 _____ () C:\Users\Balou\Documents\Certificate veterinary practice registration (1).rar
2015-05-19 19:56 - 2011-05-26 17:10 - 00110412 _____ () C:\Users\Balou\Documents\Certificate veterinary practice registration.rar
2015-05-19 19:56 - 2010-03-08 18:19 - 18491899 _____ () C:\Users\Balou\Documents\Alex.Kastr.2.rar
2015-05-19 19:56 - 2009-09-18 21:53 - 00020060 _____ () C:\Users\Balou\Documents\cc_20090918_215319.reg
2015-05-19 19:56 - 2009-06-08 20:49 - 26102774 _____ () C:\Users\Balou\Documents\ArbzWolf_bearbeitet-1.psd
2015-05-19 19:56 - 2009-06-08 20:48 - 26102696 _____ () C:\Users\Balou\Documents\AbschlBeruf_bearbeitet-1.psd
2015-05-19 19:56 - 2009-06-01 20:26 - 00146954 _____ () C:\Users\Balou\Documents\cc_20090601_202608.reg
2015-05-19 19:56 - 2008-01-31 20:38 - 00188520 _____ () C:\Users\Balou\Documents\Besprechungsnotizen.one
2015-05-19 19:56 - 2008-01-31 20:31 - 00025392 _____ () C:\Users\Balou\Documents\Bücher, Filme und Musik.one
2015-05-19 19:56 - 2008-01-31 20:31 - 00025056 _____ () C:\Users\Balou\Documents\Aufgabe.one
2015-05-19 19:56 - 2008-01-27 13:14 - 05146248 _____ () C:\Users\Balou\Documents\Card Reader TI Driver 2.0.0.6q.zip
2015-05-19 19:56 - 2008-01-26 15:42 - 02110176 _____ () C:\Users\Balou\Documents\Chipset_Intel_8.2.0.1012.zip
2015-05-19 19:56 - 2008-01-26 15:01 - 06434146 _____ () C:\Users\Balou\Documents\Card Reader TI Ver.2.0.0.8.zip
2015-05-19 19:56 - 2007-03-23 18:32 - 00000082 _____ () C:\Users\Balou\Documents\._PkgInfo
2015-05-19 19:56 - 2007-03-23 18:32 - 00000082 _____ () C:\Users\Balou\Documents\._Info.plist
2015-05-19 19:56 - 2006-10-31 01:00 - 01660416 _____ () C:\Users\Balou\Documents\AccessMUI.msi
2015-05-19 19:56 - 2006-10-31 01:00 - 00685452 _____ () C:\Users\Balou\Documents\branding.xml
2015-05-19 19:56 - 2006-10-31 01:00 - 00054216 _____ () C:\Users\Balou\Documents\access12.opa
2015-05-19 19:56 - 2006-10-31 01:00 - 00001345 _____ () C:\Users\Balou\Documents\AccessMUI.xml
2015-05-19 19:52 - 2015-05-19 19:52 - 00000000 ____D () C:\Users\Balou\AppData\Roaming\Hewlett-Packard
2015-05-19 19:50 - 2015-05-19 19:50 - 00000000 ____D () C:\Users\Balou\AppData\Roaming\ATI
2015-05-19 19:50 - 2015-05-19 19:50 - 00000000 ____D () C:\Users\Balou\AppData\Local\ATI
2015-05-19 19:50 - 2015-05-19 19:50 - 00000000 ____D () C:\Users\Balou\AppData\Local\AMD
2015-05-19 19:49 - 2015-05-26 19:13 - 00000000 ____D () C:\Users\Balou\AppData\Roaming\Apple Computer
2015-05-19 19:49 - 2015-05-24 15:28 - 00003918 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{9986F82E-611B-4248-B13F-93ECEC82A8FA}
2015-05-19 19:49 - 2015-05-19 20:39 - 00000000 ____D () C:\Users\Balou\AppData\Roaming\Adobe
2015-05-19 19:49 - 2015-05-19 19:49 - 00109296 _____ () C:\Users\Balou\AppData\Local\GDIPFONTCACHEV1.DAT
2015-05-19 19:49 - 2015-05-19 19:49 - 00001381 _____ () C:\Users\Balou\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-05-19 19:49 - 2015-05-19 19:49 - 00000000 ____D () C:\Users\Balou\AppData\Roaming\Synaptics
2015-05-19 19:49 - 2015-05-19 19:49 - 00000000 ____D () C:\Users\Balou\AppData\Roaming\hpqLog
2015-05-19 19:49 - 2015-05-19 19:49 - 00000000 ____D () C:\Users\Balou\AppData\Roaming\Epson
2015-05-19 19:48 - 2015-05-28 21:18 - 00000000 ____D () C:\Users\Balou
2015-05-19 19:48 - 2015-05-19 20:42 - 00000000 ____D () C:\Users\Balou\AppData\Local\Google
2015-05-19 19:48 - 2015-05-19 19:48 - 00000020 ___SH () C:\Users\Balou\ntuser.ini
2015-05-19 19:48 - 2015-05-19 19:48 - 00000000 _SHDL () C:\Users\Balou\Vorlagen
2015-05-19 19:48 - 2015-05-19 19:48 - 00000000 _SHDL () C:\Users\Balou\Startmenü
2015-05-19 19:48 - 2015-05-19 19:48 - 00000000 _SHDL () C:\Users\Balou\Netzwerkumgebung
2015-05-19 19:48 - 2015-05-19 19:48 - 00000000 _SHDL () C:\Users\Balou\Lokale Einstellungen
2015-05-19 19:48 - 2015-05-19 19:48 - 00000000 _SHDL () C:\Users\Balou\Eigene Dateien
2015-05-19 19:48 - 2015-05-19 19:48 - 00000000 _SHDL () C:\Users\Balou\Druckumgebung
2015-05-19 19:48 - 2015-05-19 19:48 - 00000000 _SHDL () C:\Users\Balou\Documents\Eigene Musik
2015-05-19 19:48 - 2015-05-19 19:48 - 00000000 _SHDL () C:\Users\Balou\Documents\Eigene Bilder
2015-05-19 19:48 - 2015-05-19 19:48 - 00000000 _SHDL () C:\Users\Balou\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2015-05-19 19:48 - 2015-05-19 19:48 - 00000000 _SHDL () C:\Users\Balou\AppData\Local\Verlauf
2015-05-19 19:48 - 2015-05-19 19:48 - 00000000 _SHDL () C:\Users\Balou\AppData\Local\Anwendungsdaten
2015-05-19 19:48 - 2015-05-19 19:48 - 00000000 _SHDL () C:\Users\Balou\Anwendungsdaten
2015-05-19 19:48 - 2015-05-19 19:48 - 00000000 ____D () C:\Users\Balou\AppData\Local\VirtualStore
2015-05-19 19:48 - 2013-09-02 20:32 - 00000000 ____D () C:\Users\Balou\AppData\Roaming\Macromedia
2015-05-19 19:48 - 2013-06-25 15:35 - 00000000 ____D () C:\Users\Balou\AppData\LocalGoogle
2015-05-19 19:48 - 2012-05-09 01:59 - 00000000 ____D () C:\Users\Balou\AppData\Local\Microsoft Help
2015-05-19 19:48 - 2009-07-14 06:54 - 00000000 ___RD () C:\Users\Balou\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2015-05-19 19:48 - 2009-07-14 06:49 - 00000000 ___RD () C:\Users\Balou\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2015-05-19 17:12 - 2015-05-29 22:35 - 00000000 ____D () C:\FRST
2015-05-19 12:00 - 2015-05-19 12:00 - 00003328 _____ () C:\Windows\System32\Tasks\SpyHunter4Startup
2015-05-19 11:59 - 2015-05-19 11:59 - 00022704 _____ () C:\Windows\system32\Drivers\EsgScanner.sys
2015-05-18 17:11 - 2015-05-18 17:11 - 00604014 _____ () C:\Users\adriana\Downloads\Fragebogen Albeck 16.05.15_002(1).jpeg
2015-05-18 17:11 - 2015-05-18 17:11 - 00335211 _____ () C:\Users\adriana\Downloads\Fragebogen Albeck 16.05.15_003(1).jpeg
2015-05-18 17:10 - 2015-05-18 17:10 - 00622256 _____ () C:\Users\adriana\Downloads\Fragebogen Albeck 16.05.15_001(1).jpeg
2015-05-18 17:10 - 2015-05-18 17:10 - 00616423 _____ () C:\Users\adriana\Downloads\Fragebogen Albeck 16.05.15(1).jpeg
2015-05-17 18:46 - 2015-05-17 18:46 - 00604014 _____ () C:\Users\adriana\Downloads\Fragebogen Albeck 16.05.15_002.jpeg
2015-05-17 18:45 - 2015-05-17 18:45 - 00622256 _____ () C:\Users\adriana\Downloads\Fragebogen Albeck 16.05.15_001.jpeg
2015-05-17 18:45 - 2015-05-17 18:45 - 00616423 _____ () C:\Users\adriana\Downloads\Fragebogen Albeck 16.05.15.jpeg
2015-05-17 18:45 - 2015-05-17 18:45 - 00335211 _____ () C:\Users\adriana\Downloads\Fragebogen Albeck 16.05.15_003.jpeg
2015-05-16 13:07 - 2015-04-30 17:50 - 23308160 _____ (TomTom International B.V.) C:\Users\adriana\Downloads\InstallMyDriveConnect_4_0_2_2123.exe
2015-05-15 23:41 - 2015-05-15 23:41 - 00014573 _____ () C:\Users\adriana\Downloads\Brief Xanthi
2015-05-15 14:43 - 2015-05-28 23:30 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-05-13 13:08 - 2015-05-01 15:17 - 00124112 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
2015-05-13 13:08 - 2015-05-01 15:16 - 00102608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2015-05-13 09:25 - 2015-05-05 03:29 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-05-13 09:25 - 2015-05-05 03:12 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-05-13 09:25 - 2015-04-18 05:10 - 00460800 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2015-05-13 09:25 - 2015-04-18 04:56 - 00342016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2015-05-13 09:24 - 2015-04-27 21:28 - 05569984 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-05-13 09:24 - 2015-04-27 21:26 - 01728960 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2015-05-13 09:24 - 2015-04-27 21:23 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-05-13 09:24 - 2015-04-27 21:23 - 01254400 _____ (Microsoft Corporation) C:\Windows\system32\diagtrack.dll
2015-05-13 09:24 - 2015-04-27 21:23 - 01162752 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2015-05-13 09:24 - 2015-04-27 21:23 - 00879104 _____ (Microsoft Corporation) C:\Windows\system32\tdh.dll
2015-05-13 09:24 - 2015-04-27 21:23 - 00879104 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2015-05-13 09:24 - 2015-04-27 21:23 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2015-05-13 09:24 - 2015-04-27 21:23 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-05-13 09:24 - 2015-04-27 21:23 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2015-05-13 09:24 - 2015-04-27 21:22 - 00404992 _____ (Microsoft Corporation) C:\Windows\system32\tracerpt.exe
2015-05-13 09:24 - 2015-04-27 21:11 - 03989440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-05-13 09:24 - 2015-04-27 21:11 - 03934144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-05-13 09:24 - 2015-04-27 21:08 - 01310744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2015-05-13 09:24 - 2015-04-27 21:05 - 00635392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdh.dll
2015-05-13 09:24 - 2015-04-27 21:04 - 00641536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2015-05-13 09:24 - 2015-04-27 21:04 - 00364544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tracerpt.exe
2015-05-13 09:24 - 2015-04-27 21:03 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2015-05-13 09:24 - 2015-04-27 20:06 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\UtcResources.dll
2015-05-13 09:24 - 2015-04-22 04:28 - 00389840 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-05-13 09:24 - 2015-04-22 03:48 - 00342736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-05-13 09:24 - 2015-04-21 19:14 - 24971776 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-05-13 09:24 - 2015-04-21 19:08 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-05-13 09:24 - 2015-04-21 19:07 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-05-13 09:24 - 2015-04-21 18:51 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-05-13 09:24 - 2015-04-21 18:50 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-05-13 09:24 - 2015-04-21 18:50 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-05-13 09:24 - 2015-04-21 18:50 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-05-13 09:24 - 2015-04-21 18:49 - 02885120 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-05-13 09:24 - 2015-04-21 18:48 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-05-13 09:24 - 2015-04-21 18:41 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-05-13 09:24 - 2015-04-21 18:40 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-05-13 09:24 - 2015-04-21 18:37 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-05-13 09:24 - 2015-04-21 18:35 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-05-13 09:24 - 2015-04-21 18:35 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-05-13 09:24 - 2015-04-21 18:35 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-05-13 09:24 - 2015-04-21 18:34 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-05-13 09:24 - 2015-04-21 18:31 - 06025728 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-05-13 09:24 - 2015-04-21 18:26 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-05-13 09:24 - 2015-04-21 18:25 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-05-13 09:24 - 2015-04-21 18:24 - 19691008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-05-13 09:24 - 2015-04-21 18:22 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-05-13 09:24 - 2015-04-21 18:14 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-05-13 09:24 - 2015-04-21 18:11 - 00504320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-05-13 09:24 - 2015-04-21 18:11 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2015-05-13 09:24 - 2015-04-21 18:10 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2015-05-13 09:24 - 2015-04-21 18:09 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2015-05-13 09:24 - 2015-04-21 18:09 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-05-13 09:24 - 2015-04-21 18:08 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-05-13 09:24 - 2015-04-21 18:08 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-05-13 09:24 - 2015-04-21 18:05 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-05-13 09:24 - 2015-04-21 18:04 - 02278400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-05-13 09:24 - 2015-04-21 18:03 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-05-13 09:24 - 2015-04-21 18:02 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2015-05-13 09:24 - 2015-04-21 18:00 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-05-13 09:24 - 2015-04-21 17:58 - 00664576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2015-05-13 09:24 - 2015-04-21 17:58 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-05-13 09:24 - 2015-04-21 17:57 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2015-05-13 09:24 - 2015-04-21 17:49 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-05-13 09:24 - 2015-04-21 17:49 - 00720384 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-05-13 09:24 - 2015-04-21 17:48 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-05-13 09:24 - 2015-04-21 17:47 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-05-13 09:24 - 2015-04-21 17:46 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-05-13 09:24 - 2015-04-21 17:43 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-05-13 09:24 - 2015-04-21 17:40 - 14401536 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-05-13 09:24 - 2015-04-21 17:39 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2015-05-13 09:24 - 2015-04-21 17:38 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-05-13 09:24 - 2015-04-21 17:36 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-05-13 09:24 - 2015-04-21 17:31 - 04305920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-05-13 09:24 - 2015-04-21 17:27 - 02352128 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-05-13 09:24 - 2015-04-21 17:26 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-05-13 09:24 - 2015-04-21 17:25 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-05-13 09:24 - 2015-04-21 17:24 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2015-05-13 09:24 - 2015-04-21 17:17 - 12828672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-05-13 09:24 - 2015-04-21 17:15 - 01547264 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-05-13 09:24 - 2015-04-21 17:03 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-05-13 09:24 - 2015-04-21 17:02 - 01882112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-05-13 09:24 - 2015-04-21 16:58 - 01310208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-05-13 09:24 - 2015-04-21 16:56 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-05-13 09:24 - 2015-04-13 05:28 - 00328704 _____ (Microsoft Corporation) C:\Windows\system32\services.exe
2015-05-13 09:23 - 2015-04-27 21:28 - 00155584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-05-13 09:23 - 2015-04-27 21:28 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-05-13 09:23 - 2015-04-27 21:23 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-05-13 09:23 - 2015-04-27 21:23 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-05-13 09:23 - 2015-04-27 21:23 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2015-05-13 09:23 - 2015-04-27 21:23 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-05-13 09:23 - 2015-04-27 21:23 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2015-05-13 09:23 - 2015-04-27 21:23 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-05-13 09:23 - 2015-04-27 21:23 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-05-13 09:23 - 2015-04-27 21:23 - 00113664 _____ (Microsoft Corporation) C:\Windows\system32\sechost.dll
2015-05-13 09:23 - 2015-04-27 21:23 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-05-13 09:23 - 2015-04-27 21:23 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-05-13 09:23 - 2015-04-27 21:23 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2015-05-13 09:23 - 2015-04-27 21:23 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-05-13 09:23 - 2015-04-27 21:23 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-05-13 09:23 - 2015-04-27 21:23 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-05-13 09:23 - 2015-04-27 21:23 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2015-05-13 09:23 - 2015-04-27 21:23 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2015-05-13 09:23 - 2015-04-27 21:22 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2015-05-13 09:23 - 2015-04-27 21:22 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-05-13 09:23 - 2015-04-27 21:22 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2015-05-13 09:23 - 2015-04-27 21:22 - 00104448 _____ (Microsoft Corporation) C:\Windows\system32\logman.exe
2015-05-13 09:23 - 2015-04-27 21:22 - 00047104 _____ (Microsoft Corporation) C:\Windows\system32\typeperf.exe
2015-05-13 09:23 - 2015-04-27 21:22 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\relog.exe
2015-05-13 09:23 - 2015-04-27 21:22 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-05-13 09:23 - 2015-04-27 21:22 - 00019456 _____ (Microsoft Corporation) C:\Windows\system32\diskperf.exe
2015-05-13 09:23 - 2015-04-27 21:21 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-05-13 09:23 - 2015-04-27 21:18 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-05-13 09:23 - 2015-04-27 21:18 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-05-13 09:23 - 2015-04-27 21:16 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-05-13 09:23 - 2015-04-27 21:16 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2015-05-13 09:23 - 2015-04-27 21:16 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2015-05-13 09:23 - 2015-04-27 21:16 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2015-05-13 09:23 - 2015-04-27 21:16 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2015-05-13 09:23 - 2015-04-27 21:16 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2015-05-13 09:23 - 2015-04-27 21:16 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2015-05-13 09:23 - 2015-04-27 21:16 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2015-05-13 09:23 - 2015-04-27 21:16 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2015-05-13 09:23 - 2015-04-27 21:16 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2015-05-13 09:23 - 2015-04-27 21:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-05-13 09:23 - 2015-04-27 21:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2015-05-13 09:23 - 2015-04-27 21:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2015-05-13 09:23 - 2015-04-27 21:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2015-05-13 09:23 - 2015-04-27 21:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2015-05-13 09:23 - 2015-04-27 21:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2015-05-13 09:23 - 2015-04-27 21:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2015-05-13 09:23 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2015-05-13 09:23 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2015-05-13 09:23 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2015-05-13 09:23 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2015-05-13 09:23 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2015-05-13 09:23 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2015-05-13 09:23 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2015-05-13 09:23 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2015-05-13 09:23 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2015-05-13 09:23 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2015-05-13 09:23 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2015-05-13 09:23 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2015-05-13 09:23 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2015-05-13 09:23 - 2015-04-27 21:05 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2015-05-13 09:23 - 2015-04-27 21:05 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2015-05-13 09:23 - 2015-04-27 21:05 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2015-05-13 09:23 - 2015-04-27 21:05 - 00092160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sechost.dll
2015-05-13 09:23 - 2015-04-27 21:05 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2015-05-13 09:23 - 2015-04-27 21:05 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-05-13 09:23 - 2015-04-27 21:05 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2015-05-13 09:23 - 2015-04-27 21:05 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2015-05-13 09:23 - 2015-04-27 21:04 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-05-13 09:23 - 2015-04-27 21:04 - 00082944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\logman.exe
2015-05-13 09:23 - 2015-04-27 21:04 - 00040448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\typeperf.exe
2015-05-13 09:23 - 2015-04-27 21:04 - 00037888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\relog.exe
2015-05-13 09:23 - 2015-04-27 21:04 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2015-05-13 09:23 - 2015-04-27 21:04 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2015-05-13 09:23 - 2015-04-27 21:03 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2015-05-13 09:23 - 2015-04-27 21:03 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2015-05-13 09:23 - 2015-04-27 21:03 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2015-05-13 09:23 - 2015-04-27 21:03 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\diskperf.exe
2015-05-13 09:23 - 2015-04-27 21:03 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2015-05-13 09:23 - 2015-04-27 21:01 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2015-05-13 09:23 - 2015-04-27 21:01 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2015-05-13 09:23 - 2015-04-27 20:59 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2015-05-13 09:23 - 2015-04-27 20:59 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2015-05-13 09:23 - 2015-04-27 20:59 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2015-05-13 09:23 - 2015-04-27 20:59 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2015-05-13 09:23 - 2015-04-27 20:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2015-05-13 09:23 - 2015-04-27 20:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2015-05-13 09:23 - 2015-04-27 20:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2015-05-13 09:23 - 2015-04-27 20:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2015-05-13 09:23 - 2015-04-27 20:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2015-05-13 09:23 - 2015-04-27 20:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2015-05-13 09:23 - 2015-04-27 20:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2015-05-13 09:23 - 2015-04-27 20:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2015-05-13 09:23 - 2015-04-27 20:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2015-05-13 09:23 - 2015-04-27 20:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2015-05-13 09:23 - 2015-04-27 20:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2015-05-13 09:23 - 2015-04-27 20:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2015-05-13 09:23 - 2015-04-27 20:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-05-13 09:23 - 2015-04-27 20:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2015-05-13 09:23 - 2015-04-27 20:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2015-05-13 09:23 - 2015-04-27 20:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2015-05-13 09:23 - 2015-04-27 20:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2015-05-13 09:23 - 2015-04-27 20:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2015-05-13 09:23 - 2015-04-27 20:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2015-05-13 09:23 - 2015-04-27 20:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2015-05-13 09:23 - 2015-04-27 20:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2015-05-13 09:23 - 2015-04-27 20:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2015-05-13 09:23 - 2015-04-27 19:57 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2015-05-13 09:23 - 2015-04-27 19:57 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2015-05-13 09:23 - 2015-04-27 19:55 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2015-05-13 09:23 - 2015-04-27 19:55 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2015-05-13 09:23 - 2015-04-27 19:55 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2015-05-13 09:23 - 2015-04-27 19:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2015-05-13 09:23 - 2015-04-20 05:17 - 01647104 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2015-05-13 09:23 - 2015-04-20 05:17 - 01179136 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2015-05-13 09:23 - 2015-04-20 04:56 - 01250816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2015-05-13 09:23 - 2015-04-20 04:11 - 03204608 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-05-13 09:23 - 2015-04-08 05:29 - 00275456 _____ (Microsoft Corporation) C:\Windows\system32\InkEd.dll
2015-05-13 09:23 - 2015-04-08 05:14 - 00216064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\InkEd.dll
2015-05-13 09:23 - 2015-03-04 06:41 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\apphelp.dll
2015-05-13 09:23 - 2015-03-04 06:41 - 00072192 _____ (Microsoft Corporation) C:\Windows\system32\aelupsvc.dll
2015-05-13 09:23 - 2015-03-04 06:41 - 00023552 _____ (Microsoft Corporation) C:\Windows\system32\sdbinst.exe
2015-05-13 09:23 - 2015-03-04 06:41 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\shimeng.dll
2015-05-13 09:23 - 2015-03-04 06:11 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shimeng.dll
2015-05-13 09:23 - 2015-03-04 06:10 - 00295936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apphelp.dll
2015-05-13 09:23 - 2015-03-04 06:10 - 00020992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sdbinst.exe
2015-05-13 09:23 - 2015-02-18 09:06 - 00123904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\poqexec.exe
2015-05-13 09:23 - 2015-02-18 09:04 - 00142336 _____ (Microsoft Corporation) C:\Windows\system32\poqexec.exe
2015-05-13 09:23 - 2015-01-29 05:19 - 02543104 _____ (Microsoft Corporation) C:\Windows\system32\wpdshext.dll
2015-05-13 09:23 - 2015-01-29 05:02 - 02311168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wpdshext.dll
2015-05-13 02:09 - 2015-05-13 02:10 - 16938649 _____ () C:\Users\adriana\Downloads\11.05.2015 004.mp4
2015-05-12 23:49 - 2015-05-12 23:49 - 02007044 _____ () C:\Users\adriana\Downloads\MOV00372.MP4
2015-05-09 22:37 - 2015-05-28 23:30 - 00001125 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2015-05-09 22:22 - 2015-05-29 00:29 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2015-05-09 19:09 - 2015-05-09 19:09 - 00038976 _____ () C:\Users\adriana\Documents\Selbstauskunft.odt
2015-05-08 17:22 - 2015-05-29 00:30 - 00000340 _____ () C:\Windows\Tasks\HPCeeScheduleForadriana.job
2015-05-08 17:22 - 2015-05-28 23:26 - 00003198 _____ () C:\Windows\System32\Tasks\HPCeeScheduleForadriana
2015-05-07 13:43 - 2015-05-07 13:43 - 00039944 _____ () C:\Users\adriana\Downloads\Pira.Fragebogen Albeck.odt
2015-05-05 14:11 - 2015-05-05 14:11 - 00026624 _____ () C:\Users\adriana\Downloads\XANTHI.xls
2015-05-01 00:44 - 2015-05-01 00:49 - 00073109 _____ () C:\Users\adriana\Downloads\runa.jpeg

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-05-29 22:30 - 2009-07-14 06:45 - 00032064 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-05-29 22:30 - 2009-07-14 06:45 - 00032064 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-05-29 22:23 - 2012-05-09 11:07 - 00000000 ____D () C:\Users\adriana\AppData\Local\CrashDumps
2015-05-29 22:20 - 2012-08-22 12:32 - 00000000 ____D () C:\Users\adriana\AppData\Roaming\Skype
2015-05-29 22:17 - 2013-04-19 15:51 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-05-29 22:16 - 2013-11-10 19:24 - 00065536 _____ () C:\Windows\system32\Ikeext.etl
2015-05-29 22:16 - 2013-09-03 10:46 - 01593864 _____ () C:\Windows\PFRO.log
2015-05-29 22:16 - 2013-08-14 10:13 - 00154852 _____ () C:\Windows\setupact.log
2015-05-29 22:16 - 2012-09-08 18:36 - 00000374 _____ () C:\Windows\system32\Drivers\etc\hosts.ics
2015-05-29 22:16 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-05-29 22:15 - 2012-01-20 01:50 - 01401568 _____ () C:\Windows\WindowsUpdate.log
2015-05-29 22:05 - 2012-05-07 18:07 - 00003926 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{2F35951E-AA2B-48D6-AB7E-DAD60F473B9C}
2015-05-29 21:47 - 2013-04-19 15:51 - 00001110 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-05-29 21:16 - 2012-05-09 11:14 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-05-29 00:38 - 2009-07-14 05:20 - 00000000 __RHD () C:\Users\Default
2015-05-29 00:31 - 2009-07-14 04:34 - 00000215 _____ () C:\Windows\system.ini
2015-05-29 00:29 - 2009-07-14 04:34 - 95682560 _____ () C:\Windows\system32\config\software.bak
2015-05-29 00:29 - 2009-07-14 04:34 - 44302336 _____ () C:\Windows\system32\config\components.bak
2015-05-29 00:29 - 2009-07-14 04:34 - 20971520 _____ () C:\Windows\system32\config\system.bak
2015-05-29 00:29 - 2009-07-14 04:34 - 01048576 _____ () C:\Windows\system32\config\default.bak
2015-05-29 00:29 - 2009-07-14 04:34 - 00262144 _____ () C:\Windows\system32\config\security.bak
2015-05-29 00:29 - 2009-07-14 04:34 - 00262144 _____ () C:\Windows\system32\config\sam.bak
2015-05-29 00:09 - 2013-11-23 20:48 - 00001912 _____ () C:\Windows\epplauncher.mif
2015-05-28 23:57 - 2013-11-07 01:35 - 95078400 ___SH () C:\Users\adriana\Downloads\Thumbs.db
2015-05-28 23:56 - 2014-06-16 23:45 - 00000000 ____D () C:\Users\adriana\AppData\Local\Adobe
2015-05-28 23:46 - 2013-10-17 18:28 - 00000000 ____D () C:\ProgramData\Oracle
2015-05-28 23:42 - 2015-01-22 22:57 - 00097888 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2015-05-28 23:42 - 2013-06-24 17:06 - 00000000 ____D () C:\Program Files (x86)\Java
2015-05-28 23:15 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\NDF
2015-05-28 22:10 - 2014-05-22 23:03 - 00000000 ____D () C:\Program Files\ESET
2015-05-28 21:53 - 2015-02-08 14:51 - 00002141 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2015-05-27 21:47 - 2014-09-15 21:58 - 00000000 ___RD () C:\Program Files (x86)\Skype
2015-05-27 21:44 - 2014-08-23 15:49 - 00000000 ____D () C:\Users\adriana\AppData\Roaming\Dropbox
2015-05-27 21:39 - 2015-04-05 00:11 - 00000000 ___SD () C:\Windows\system32\GWX
2015-05-27 21:39 - 2015-02-08 14:51 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-05-27 21:39 - 2013-10-01 17:08 - 00000000 ____D () C:\Users\DefaultAppPool
2015-05-27 21:39 - 2012-05-08 01:27 - 00000000 ____D () C:\Users\adriana\Documents\Wir gehen auf die Reise nach Alexandroupolis
2015-05-27 21:39 - 2012-05-08 01:26 - 00000000 ____D () C:\Users\adriana\Documents\Neue Spenden heute
2015-05-27 21:39 - 2012-05-08 01:26 - 00000000 ____D () C:\Users\adriana\Documents\neue Pakete
2015-05-27 21:39 - 2012-05-07 17:04 - 00000000 ____D () C:\Users\adriana\AppData\Local\Hewlett-Packard
2015-05-27 21:39 - 2012-05-07 17:01 - 00000000 ____D () C:\Users\adriana
2015-05-27 21:38 - 2015-02-17 22:38 - 00000000 ____D () C:\Program Files (x86)\Wondershare
2015-05-27 21:38 - 2015-01-06 13:43 - 00000000 ____D () C:\Program Files (x86)\Free Codec Pack
2015-05-27 21:38 - 2011-10-14 22:04 - 00000000 ____D () C:\Program Files (x86)\HP Games
2015-05-27 21:37 - 2013-07-24 11:23 - 00000000 ____D () C:\Windows\Minidump
2015-05-27 21:37 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\registration
2015-05-27 21:36 - 2012-05-08 19:33 - 00000000 ____D () C:\Users\adriana\AppData\Roaming\Mozilla
2015-05-27 21:35 - 2014-08-16 16:16 - 00000000 ____D () C:\Program Files (x86)\T-Mobile
2015-05-27 21:35 - 2014-07-13 17:14 - 00000000 ____D () C:\Program Files\Enigma Software Group
2015-05-27 21:35 - 2012-05-07 18:16 - 00000000 __RHD () C:\MSOCache
2015-05-27 12:44 - 2009-07-14 07:32 - 00000000 ____D () C:\Windows\system32\FxsTmp
2015-05-24 20:30 - 2012-01-20 01:56 - 01863344 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2015-05-24 20:30 - 2011-10-15 07:15 - 00800654 _____ () C:\Windows\system32\perfh007.dat
2015-05-24 20:30 - 2011-10-15 07:15 - 00184550 _____ () C:\Windows\system32\perfc007.dat
2015-05-24 20:30 - 2009-07-14 07:13 - 01863344 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-05-24 20:23 - 2015-04-05 00:11 - 00000000 ___SD () C:\Windows\SysWOW64\GWX
2015-05-22 14:34 - 2015-03-04 21:44 - 00000000 ____D () C:\EEK
2015-05-22 14:34 - 2012-08-03 18:37 - 00000000 ____D () C:\Program Files (x86)\o.tel.o
2015-05-22 14:34 - 2012-01-20 11:40 - 00000000 ___RD () C:\Users\Public\Recorded TV
2015-05-21 18:50 - 2007-01-02 03:25 - 00000000 ____D () C:\Windows\Panther
2015-05-19 19:54 - 2014-01-01 20:44 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2015-05-19 11:22 - 2015-02-17 22:38 - 00000000 ____D () C:\Users\adriana\AppData\Roaming\Wondershare
2015-05-19 11:22 - 2012-07-02 17:30 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Epson Software
2015-05-19 11:22 - 2012-05-09 11:04 - 00000000 ____D () C:\Program Files (x86)\Epson Software
2015-05-19 11:22 - 2009-07-14 07:32 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2015-05-19 11:21 - 2012-05-08 00:52 - 00000000 ____D () C:\Program Files (x86)\Google
2015-05-19 11:21 - 2011-10-14 22:13 - 00000000 ____D () C:\ProgramData\Skype
2015-05-15 19:42 - 2013-04-19 15:51 - 00004106 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-05-15 19:42 - 2013-04-19 15:51 - 00003854 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2015-05-14 16:04 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\rescache
2015-05-13 15:06 - 2009-07-14 06:45 - 00409832 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-05-13 15:01 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\AdvancedInstallers
2015-05-13 14:57 - 2013-03-14 14:54 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2015-05-13 13:28 - 2012-05-07 18:16 - 00000000 ____D () C:\ProgramData\Microsoft Help
2015-05-13 13:27 - 2013-08-15 19:49 - 00000000 ____D () C:\Windows\system32\MRT
2015-05-13 13:14 - 2012-05-13 18:47 - 140425016 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-05-13 13:08 - 2013-03-14 14:58 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2015-05-13 13:07 - 2013-03-14 14:54 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2015-05-13 02:07 - 2013-09-02 20:30 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2015-05-12 17:41 - 2012-05-08 18:07 - 00000052 _____ () C:\Windows\SysWOW64\DOErrors.log
2015-05-11 18:21 - 2013-02-15 00:01 - 00000000 ____D () C:\Users\adriana\AppData\Local\Deployment
2015-05-11 18:21 - 2012-05-12 20:03 - 00000000 ____D () C:\Program Files (x86)\VideoLAN
2015-05-11 18:07 - 2012-12-02 18:21 - 00000336 _____ () C:\Windows\Tasks\HPCeeScheduleForSOFIA$.job
2015-05-11 18:07 - 2012-09-26 14:59 - 00003212 _____ () C:\Windows\System32\Tasks\HPCeeScheduleForSOFIA$
2015-05-10 23:08 - 2012-05-16 17:44 - 00035218 ____H () C:\Users\adriana\Downloads\.picasa.ini
2015-05-10 17:38 - 2013-09-26 22:23 - 00778416 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-05-10 17:38 - 2013-09-26 22:23 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-05-10 17:38 - 2012-05-09 11:14 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-05-08 22:42 - 2013-05-17 13:57 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
2015-05-06 16:51 - 2014-01-28 18:52 - 01945694 _____ () C:\Users\adriana\Downloads\kastrationen alex 2009 2.BMP

==================== Files in the root of some directories =======

2013-08-26 11:23 - 2011-09-12 11:55 - 0336047 _____ () C:\Program Files (x86)\Ivo Lupus Kroatien.jpg
2007-03-12 18:59 - 2007-03-12 18:59 - 0299008 _____ () C:\Program Files (x86)\navigram_register.exe
2012-09-09 15:27 - 2015-01-26 15:40 - 0006656 _____ () C:\Users\adriana\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2012-10-06 23:40 - 2012-10-06 23:40 - 0000852 _____ () C:\Users\adriana\AppData\Local\recently-used.xbel
2013-11-20 18:16 - 2013-11-20 18:16 - 0000017 _____ () C:\Users\adriana\AppData\Local\resmon.resmoncfg

Some files in TEMP:
====================
C:\Users\adriana\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpeyhgsm.dll
C:\Users\adriana\AppData\Local\Temp\Quarantine.exe
C:\Users\adriana\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-05-24 19:32

==================== End of log ============================

Guten Abend Schrauber, ich habe trotz der abgelaufenen Version de Scan laufen lassen. Alle Ergebnisse habe ich dir hier eingestellt. Ich hoffe es wird alle wieder wie es war, damit ich meinen Laptop wieder normal nutzen kann, ich brauche ihn sehr dringend. Lg

Alt 30.05.2015, 14:18   #11
schrauber
/// the machine
/// TB-Ausbilder
 
Spyhunter - wie werde ich ihn wieder los - Standard

Spyhunter - wie werde ich ihn wieder los


So funktioniert es:
Posten in CODE-Tags
Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert mir massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu gross für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
  • Markiere das gesamte Logfile (geht meist mit STRG+A) und kopiere es in die Zwischenablage mit STRG+C.
  • Klicke im Editor auf das #-Symbol. Es erscheinen zwei Klammerausdrücke [CODE] [/CODE].
  • Setze den Curser zwischen die CODE-Tags und drücke STRG+V.
  • Klicke auf Erweitert/Vorschau, um so prüfen, ob du es richtig gemacht hast. Wenn alles stimmt ... auf Antworten.



Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:
ATTFilter
Tcpip\..\Interfaces\{5DDAC98E-5E73-4A5D-B5D9-C36969B42E00}: [NameServer] 195.29.166.120 195.29.166.121
Tcpip\..\Interfaces\{773EAF73-9F10-4FC6-B396-104EEF539DF6}: [NameServer] 10.48.65.24 10.48.65.25
Tcpip\..\Interfaces\{7839FE82-E019-40A6-9B1D-829DF931B9D2}: [NameServer] 195.29.166.120 195.29.166.121
Tcpip\..\Interfaces\{817537F5-6CFF-4F1F-941F-60C4FB7609DA}: [NameServer] 10.48.65.24 10.48.65.25
S2 SpyHunter 4 Service; C:\Program Files\Enigma Software Group\SpyHunter\SH4Service.exe [X]
S3 EsgScanner; C:\Windows\System32\DRIVERS\EsgScanner.sys [22704 2015-05-19] ()
C:\Windows\System32\DRIVERS\EsgScanner.sys
S3 esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [X]
C:\Program Files\Enigma Software Group
Emptytemp:

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
  • Starte nun FRST erneut und klicke den Entfernen Button.
  • Das Tool erstellt eine Fixlog.txt.
  • Poste mir deren Inhalt.






ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset


Downloade Dir bitte SecurityCheck und:

  • Speichere es auf dem Desktop.
  • Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
  • Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.
Poste den Inhalt bitte hier.

und ein frisches FRST log bitte. Noch Probleme?
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 30.05.2015, 20:34   #12
Sonnen
 
Spyhunter - wie werde ich ihn wieder los - Standard

spyhunter-wie werde ich ihn wieder los


Hallo Schrauber,
also hier zunächst die FRST:

Fix result of Farbar Recovery Scan Tool (x64) Version: 29-05-2015
Ran by adriana at 2015-05-30 18:25:03 Run:1
Running from C:\Users\adriana\Desktop
Loaded Profiles: adriana & Balou & DefaultAppPool (Available Profiles: adriana & Balou & DefaultAppPool)
Boot Mode: Normal
==============================================

fixlist content:
*****************
Tcpip\..\Interfaces\{5DDAC98E-5E73-4A5D-B5D9-C36969B42E00}: [NameServer] 195.29.166.120 195.29.166.121
Tcpip\..\Interfaces\{773EAF73-9F10-4FC6-B396-104EEF539DF6}: [NameServer] 10.48.65.24 10.48.65.25
Tcpip\..\Interfaces\{7839FE82-E019-40A6-9B1D-829DF931B9D2}: [NameServer] 195.29.166.120 195.29.166.121
Tcpip\..\Interfaces\{817537F5-6CFF-4F1F-941F-60C4FB7609DA}: [NameServer] 10.48.65.24 10.48.65.25
S2 SpyHunter 4 Service; C:\Program Files\Enigma Software Group\SpyHunter\SH4Service.exe [X]
S3 EsgScanner; C:\Windows\System32\DRIVERS\EsgScanner.sys [22704 2015-05-19] ()
C:\Windows\System32\DRIVERS\EsgScanner.sys
S3 esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [X]
C:\Program Files\Enigma Software Group
Emptytemp:
*****************

HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{5DDAC98E-5E73-4A5D-B5D9-C36969B42E00}\\NameServer => value Removed successfully
HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{773EAF73-9F10-4FC6-B396-104EEF539DF6}\\NameServer => value Removed successfully
HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{7839FE82-E019-40A6-9B1D-829DF931B9D2}\\NameServer => value Removed successfully
HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{817537F5-6CFF-4F1F-941F-60C4FB7609DA}\\NameServer => value Removed successfully
SpyHunter 4 Service => Service Removed successfully
EsgScanner => Service Removed successfully
C:\Windows\System32\DRIVERS\EsgScanner.sys => Moved successfully.
esgiguard => Service Removed successfully
C:\Program Files\Enigma Software Group => Moved successfully.
EmptyTemp: => Removed 1.3 GB temporary data.


The system needed a reboot.

==== End of Fixlog 18:25:56 ====

ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=f5363e26d97ad742b5af860c8eb5edcb
# engine=24098
# end=stopped
# remove_checked=false
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2015-05-30 07:20:42
# local_time=2015-05-30 09:20:42 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1031
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode_1=''
# compatibility_mode=5893 16776573 100 94 82419 184643492 0 0
# scanned=206465
# found=0
# cleaned=0
# scan_time=9615

Results of screen317's Security Check version 1.002
Windows 7 Service Pack 1 x64 (UAC is enabled)
Internet Explorer 11
``````````````Antivirus/Firewall Check:``````````````
Emsisoft Anti-Malware
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
JavaFX 2.1.1
Java 8 Update 45
Adobe Flash Player 17.0.0.169
Adobe Reader XI
Mozilla Firefox (38.0.1)
Google Chrome (43.0.2357.65)
Google Chrome (43.0.2357.81)
````````Process Check: objlist.exe by Laurent````````
Emsisoft Anti-Malware a2service.exe
Internet Manager OnlineUpdate ouc.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C:
````````````````````End of Log``````````````````````

Guten Abend Schrauber, jetzt ist alles komplett. Danke und Lg

Alt 31.05.2015, 13:53   #13
schrauber
/// the machine
/// TB-Ausbilder
 
Spyhunter - wie werde ich ihn wieder los - Standard

Spyhunter - wie werde ich ihn wieder los


Das frische FRST log und die Antwort auf meine Frage fehlt noch. Und das mit den Logs in Codetags, bekommen wir das noch irgendwann hin?
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 31.05.2015, 14:54   #14
Sonnen
 
Spyhunter - wie werde ich ihn wieder los - Standard

Spyhunter - wie werde ich ihn wieder los


Hallo Schrauber, ja ich krieg das hin . Ich geb mein Bestes. Nue die Frage die ich beantworten sollte, habe ich sie übersehen? (Mädchen überlesen schnell etwas ). Tut mir leid, kannst du mir die Frage nochmals einstellen während die Überprüfungen mache und einstelle? Lg

Code:
ATTFilter
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 29-05-2015
Ran by adriana at 2015-05-31 15:43:41
Running from C:\Users\adriana\Desktop
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-4246888475-3530032447-118406061-500 - Administrator - Disabled)
adriana (S-1-5-21-4246888475-3530032447-118406061-1002 - Administrator - Enabled) => C:\Users\adriana
Balou (S-1-5-21-4246888475-3530032447-118406061-1472 - Administrator - Enabled) => C:\Users\Balou
Gast (S-1-5-21-4246888475-3530032447-118406061-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-4246888475-3530032447-118406061-1003 - Limited - Enabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Emsisoft Anti-Malware (Enabled - Up to date) {2F44E1F9-850B-1C7A-0E56-EB2E0A3E20C9}
AS: Emsisoft Anti-Malware (Enabled - Up to date) {9425001D-A331-13F4-34E6-D05C71B96A74}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

ABBYY FineReader 9.0 Sprint (HKLM-x32\...\ABBYY FineReader 9.0 Sprint) (Version: 9.01.513.58212 - ABBYY)
ABBYY FineReader 9.0 Sprint (x32 Version: 9.01.513.58212 - ABBYY) Hidden
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.8.0.1280 - Adobe Systems Incorporated)
Adobe Flash Player 16 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 16.0.0.257 - Adobe Systems Incorporated)
Adobe Flash Player 17 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 17.0.0.169 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.11) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.11 - Adobe Systems Incorporated)
Adobe Shockwave Player 11.6 (HKLM-x32\...\Adobe Shockwave Player) (Version: 11.6.1.629 - Adobe Systems, Inc.)
AMD Catalyst Install Manager (HKLM\...\{ACD449FA-9DF3-779D-DA68-11D486963225}) (Version: 3.0.847.0 - Advanced Micro Devices, Inc.)
AMD System Monitor (HKLM-x32\...\{6EFD0C42-4CC1-4716-A0CA-21C1A062CF34}) (Version: 1.0.9 - Advanced Micro Devices, Inc.)
Apple Application Support (32-Bit) (HKLM-x32\...\{AFA1153A-F547-409B-B837-3A0D6C5A3FEC}) (Version: 3.1.3 - Apple Inc.)
Apple Application Support (64-Bit) (HKLM\...\{D7B824DE-DA32-4772-9E5E-39C5158136A7}) (Version: 3.1.3 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{C4123106-B685-48E6-B9BD-E4F911841EB4}) (Version: 8.1.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Benutzerhandbuch EPSON SX235 Series (HKLM-x32\...\EPSON SX235 Series Useg) (Version:  - )
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM-x32\...\{51C7AD07-C3F6-4635-8E8A-231306D810FE}) (Version: 1.0.19 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM-x32\...\{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}) (Version: 1.1.6 - Cisco Systems, Inc.)
CyberLink YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 3.5.0.4528 - CyberLink Corp.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
DDBAC (HKLM-x32\...\{220DC8D0-3CC8-41A4-8C58-15A1D9FA0362}) (Version: 5.3.6 - DataDesign)
Dropbox (HKU\S-1-5-21-4246888475-3530032447-118406061-1002\...\Dropbox) (Version: 2.10.28 - Dropbox, Inc.)
Druckerdeinstallation für EPSON SX235 Series (HKLM\...\EPSON SX235 Series) (Version:  - SEIKO EPSON Corporation)
Emsisoft Anti-Malware (HKLM-x32\...\{5502032C-88C1-4303-99FE-B5CBD7684CEA}_is1) (Version: 10.0 - Emsisoft Ltd.)
Epson Easy Photo Print 2 (HKLM-x32\...\{A02D7029-C4EF-44C1-9FD4-C0D3CA518113}) (Version: 2.2.4.0 - SEIKO EPSON CORPORATION)
Epson Easy Photo Print Plug-in for PMB(Picture Motion Browser) (HKLM-x32\...\{B2D55EB8-32C5-4B43-9006-9E97DECBA178}) (Version: 1.00.0000 - SEIKO EPSON CORPORATION)
Epson Event Manager (HKLM-x32\...\{8ED43F7E-A8F6-4898-AF11-B6158F2EDF94}) (Version: 2.50.0000 - SEIKO EPSON CORPORATION)
EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version:  - Seiko Epson Corporation)
EpsonNet Print (HKLM-x32\...\{3E31400D-274E-4647-916C-2CACC3741799}) (Version: 2.5.00 - SEIKO EPSON CORPORATION)
ESU for Microsoft Windows 7 SP1 (HKLM-x32\...\{E96CAA2A-0244-4A2A-8403-0C3C9534778B}) (Version: 2.1.1 - Hewlett-Packard)
Evernote v. 4.2.3 (HKLM-x32\...\{F761359C-9CED-45AE-9A51-9D6605CD55C4}) (Version: 4.2.3.22 - Evernote Corp.)
Facebook Video Calling 2.0.0.447 (HKLM-x32\...\{8DF41A9F-FE13-43E8-A003-5F9B55A011EE}) (Version: 2.0.447 - Skype Limited)
FileZilla Client 3.2.7.1 (HKLM-x32\...\FileZilla Client) (Version: 3.2.7.1 - )
Free Video to Flash Converter version 5.0.44.623 (HKLM-x32\...\Free Video to Flash Converter_is1) (Version: 5.0.44.623 - DVDVideoSoft Ltd.)
Free WebM Video Converter version 5.0.54.1215 (HKLM-x32\...\Free WebM Video Converter_is1) (Version: 5.0.54.1215 - DVDVideoSoft Ltd.)
Free YouTube Download version 3.2.51.1215 (HKLM-x32\...\Free YouTube Download_is1) (Version: 3.2.51.1215 - DVDVideoSoft Ltd.)
Free YouTube to MP3 Converter version 3.12.35.514 (HKLM-x32\...\Free YouTube to MP3 Converter_is1) (Version: 3.12.35.514 - DVDVideoSoft Ltd.)
Freemake Video Downloader (HKLM-x32\...\Freemake Video Downloader_is1) (Version: 3.7.0 - Ellora Assets Corporation)
GDR 5520 für SQL Server 2008 (KB 2977321) (HKLM-x32\...\KB2977321) (Version: 10.3.5520.0 - Microsoft Corporation)
GMX ProfiFax (HKLM-x32\...\GMX ProfiFax) (Version: 2.00.236 - 1&1 Mail & Media GmbH)
GMX SMS-Manager (HKLM-x32\...\com.unitedinternet.ums.sms-mms-manager) (Version: 3.3 - 1 und 1 Internet AG)
GMX SMS-Manager (x32 Version: 3.3 - 1 und 1 Internet AG) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 43.0.2357.81 - Google Inc.)
Google Drive (HKLM-x32\...\{35574F09-89F9-4B16-B69B-64F3E25901B8}) (Version: 1.21.9226.6034 - Google, Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.27.5 - Google Inc.) Hidden
Google+ Auto Backup (HKLM-x32\...\{A50DE037-B5C0-4C8A-8049-B0C576B313D1}) (Version: 1.0.21.81 - Google)
Hewlett-Packard ACLM.NET v1.2.2.3 (x32 Version: 1.00.0000 - Hewlett-Packard Company) Hidden
HP Connection Manager (HKLM-x32\...\{B65FCAA5-F3A6-4B3F-ABEE-CBC2B085796B}) (Version: 4.1.25.1 - Hewlett-Packard Company)
HP Documentation (HKLM-x32\...\{BC6CB499-9F29-4B41-8B8B-FA7248525256}) (Version: 1.1.0.0 - Hewlett-Packard)
HP Launch Box (HKLM\...\{BF1E75D0-E7AF-4BEA-9FBC-567F0C54BDF9}) (Version: 1.0.12 - Hewlett-Packard Company)
HP On Screen Display (HKLM-x32\...\{ED1BD69A-07E3-418C-91F1-D856582581BF}) (Version: 1.3.5 - Hewlett-Packard Company)
HP Power Manager (HKLM-x32\...\{D8BCE5B9-67CF-4F3F-93AE-3ACC754C72EB}) (Version: 1.4.7 - Hewlett-Packard Company)
HP Quick Launch (HKLM-x32\...\{53B17A98-5BF0-40BC-AAFF-850A357975AC}) (Version: 2.7.2 - Hewlett-Packard Company)
HP QuickWeb (HKLM-x32\...\{BB4FC2AD-DF12-4EE1-8AA7-2C0A26B5E2FB}) (Version: 3.1.1.10197 - Hewlett-Packard Company)
HP Security Assistant (HKLM\...\{ED6CD3AC-616B-4B20-BCF3-6E637B92A5AD}) (Version: 3.0.4 - Hewlett-Packard Company)
HP Setup (HKLM-x32\...\{F5E7D9AF-60F6-4A30-87E3-4EA94D322CE1}) (Version: 9.0.15076.3891 - Hewlett-Packard Company)
HP Setup Manager (HKLM-x32\...\{AE856388-AFAD-4753-81DF-D96B19D0A17C}) (Version: 1.2.14901.3869 - Hewlett-Packard Company)
HP Software Framework (HKLM-x32\...\{D2462056-BA75-4B2C-8267-DFEA2B6AC4AE}) (Version: 4.6.10.1 - Hewlett-Packard Company)
HP Support Assistant (HKLM-x32\...\{E35A3B13-78CD-4967-8AC8-AA9FDA693EDE}) (Version: 7.4.45.4 - Hewlett-Packard Company)
Internet Manager (HKLM-x32\...\Internet Manager) (Version: 22.001.18.74.55 - Huawei Technologies Co.,Ltd)
iTunes (HKLM\...\{93F2A022-6C37-48B8-B241-FFABD9F60C30}) (Version: 12.1.2.27 - Apple Inc.)
Java 8 Update 45 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218045F0}) (Version: 8.0.450 - Oracle Corporation)
JavaFX 2.1.1 (HKLM-x32\...\{1111706F-666A-4037-7777-211328764D10}) (Version: 2.1.1 - Oracle Corporation)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Malwarebytes Anti-Malware Version 2.1.6.1022 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.6.1022 - Malwarebytes Corporation)
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Live Add-in 1.5 (HKLM-x32\...\{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}) (Version: 2.0.4024.1 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40416.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft SQL Server 2008 (HKLM-x32\...\Microsoft SQL Server 10 Release) (Version:  - Microsoft Corporation)
Microsoft SQL Server 2008 Browser (HKLM-x32\...\{4AF2248C-B3DF-46FB-9596-87F5DB193689}) (Version: 10.3.5500.0 - Microsoft Corporation)
Microsoft SQL Server 2008 Native Client (HKLM\...\{12FE6AA6-65D2-40EE-B925-62193128A0E6}) (Version: 10.3.5500.0 - Microsoft Corporation)
Microsoft SQL Server 2008 Setup Support Files  (HKLM-x32\...\{5D60AB1A-2409-4829-83D4-0972856D885A}) (Version: 10.3.5520.0 - Microsoft Corporation)
Microsoft SQL Server VSS Writer (HKLM\...\{28D06854-572C-4A65-83E5-F8CAF26B9FDC}) (Version: 10.3.5500.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{A49F249F-0C91-497F-86DF-B2585E8E76B7}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{402ED4A1-8F5B-387A-8688-997ABF58B8F2}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Works 6-9 Converter (HKLM-x32\...\{95140000-0137-0407-0000-0000000FF1CE}) (Version: 14.0.6120.5002 - Microsoft Corporation)
Mozilla Firefox 38.0.1 (x86 de) (HKLM-x32\...\Mozilla Firefox 38.0.1 (x86 de)) (Version: 38.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 38.0.1 - Mozilla)
MyDriveConnect 4.0.2.2123 (HKLM-x32\...\MyDriveConnect) (Version: 4.0.2.2123 - TomTom)
Netzwerkhandbuch EPSON SX235 Series (HKLM-x32\...\EPSON SX235 Series Netg) (Version:  - )
opensource (x32 Version: 1.0.14960.3876 - Your Company Name) Hidden
Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9 - Google, Inc.)
QuickTime 7 (HKLM-x32\...\{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}) (Version: 7.76.80.95 - Apple Inc.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.40.126.2011 - Realtek)
Realtek PCIE Card Reader (HKLM-x32\...\{C1594429-8296-4652-BF54-9DBE4932A44C}) (Version: 6.1.7601.83 - Realtek Semiconductor Corp.)
REALTEK Wireless LAN Driver (HKLM-x32\...\{9D3D8C60-A55F-4123-B2B9-173F09590E16}) (Version: 1.00.11.0706 - REALTEK Semiconductor Corp.)
Revo Uninstaller 1.95 (HKLM-x32\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
Service Pack 3 für SQL Server 2008 (KB2546951) (HKLM-x32\...\KB2546951) (Version: 10.3.5500.0 - Microsoft Corporation)
Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)
Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 7.4.0.9058 - Microsoft Corporation)
Skype™ 7.3 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.3.101 - Skype Technologies S.A.)
Software Updater (HKLM-x32\...\{FA7EE274-7370-43B7-9A45-A39B17CCCDC5}) (Version: 4.3.3 - SEIKO EPSON CORPORATION)
Sql Server Customer Experience Improvement Program (x32 Version: 10.3.5500.0 - Microsoft Corporation) Hidden
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.3.11.0 - Synaptics Incorporated)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Update für Microsoft Office Excel 2007 Help (KB963678) (HKLM-x32\...\{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{BEC163EC-7A83-48A1-BFB6-3BF47CC2F8CF}) (Version:  - Microsoft)
Update für Microsoft Office Outlook 2007 Help (KB963677) (HKLM-x32\...\{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{F6828576-6F79-470D-AB50-69D1BBADBD30}) (Version:  - Microsoft)
Update für Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM-x32\...\{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{EA160DA3-E9B5-4D03-A518-21D306665B96}) (Version:  - Microsoft)
Update für Microsoft Office Word 2007 Help (KB963665) (HKLM-x32\...\{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{38472199-D7B6-4833-A949-10E4EE6365A1}) (Version:  - Microsoft)
VC80CRTRedist - 8.0.50727.6195 (x32 Version: 1.2.0 - DivX, Inc) Hidden
Visual Studio C++ 10.0 Runtime (HKLM-x32\...\{4412F224-3849-4461-A3E9-DEEF8D252790}) (Version: 10.0.0 - TomTom International B.V.)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3555.0308 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Mesh ActiveX control for remote connections (HKLM-x32\...\{C5398A89-516C-4DAF-BA07-EE7949090E56}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Media Player Firefox Plugin (HKLM-x32\...\{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}) (Version: 1.0.0.8 - Microsoft Corp)
Wondershare PDF Converter (Build 4.0.1) (HKLM-x32\...\{A888A8D1-ACCB-4EBE-AAA8-903D2B8FB6A4}_is1) (Version: 4.0.1 - Wondershare Software)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-4246888475-3530032447-118406061-1002_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\adriana\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-4246888475-3530032447-118406061-1002_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\adriana\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-4246888475-3530032447-118406061-1002_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\adriana\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-4246888475-3530032447-118406061-1002_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\adriana\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-4246888475-3530032447-118406061-1002_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\adriana\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-4246888475-3530032447-118406061-1002_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\adriana\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-4246888475-3530032447-118406061-1002_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\adriana\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-4246888475-3530032447-118406061-1002_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\adriana\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-4246888475-3530032447-118406061-1002_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\adriana\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)

==================== Restore Points =========================

25-05-2015 14:49:52 Geplanter Prüfpunkt
28-05-2015 21:28:55 Revo Uninstaller's restore point - SpyHunter 4
29-05-2015 10:02:05 Windows Update

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 04:34 - 2015-05-29 00:30 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {02B12AD7-3C77-41A5-9CE5-132E9B986970} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)
Task: {05700674-CDEB-4C34-9F38-BF2885205283} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-05-10] (Adobe Systems Incorporated)
Task: {2A0845B7-F0C0-4CD9-B8FD-041DFA597FEC} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-11-04] (Hewlett-Packard Company)
Task: {2C2451EF-45B0-4726-95A9-11984D2B7EBD} - System32\Tasks\Java Update Scheduler => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2015-04-30] (Oracle Corporation)
Task: {2D5E02F3-C194-4D58-A59F-5732D941905B} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-04-19] (Google Inc.)
Task: {381EE2F5-00B3-4B8D-9E48-C86AB31B77E1} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {415D7E3D-1FC0-4523-BC70-D3DD2100736F} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B => schtasks
Task: {43CD746B-5F43-4C53-9581-BEACE2EC01FF} - System32\Tasks\{4DE0364C-DF0C-4BF5-9CEC-E2F4B81F4FF3} => C:\Windows\twain_32\escndv\escndv.exe [2009-01-24] (SEIKO EPSON CORP.)
Task: {4F311976-4263-4F8A-B8A4-886C37512A83} - System32\Tasks\MirageAgent => C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe [2011-09-28] (CyberLink)
Task: {4FF18831-1A69-4BEE-BB2D-7892C04837B9} - System32\Tasks\HPCeeScheduleForadriana => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2011-07-15] (Hewlett-Packard)
Task: {50D104B6-BCE3-4283-9111-A0293F696C5B} - System32\Tasks\Microsoft\Windows\Setup\gwx\launchtrayprocess => C:\Windows\system32\GWX\GWX.exe [2015-05-07] (Microsoft Corporation)
Task: {6A4C04C5-BE40-463C-A788-830A76E29B05} - System32\Tasks\{4A9D89A5-F20A-4E7D-AE35-300AB64D32E4} => C:\Program Files (x86)\Microsoft Office\Office12\WINWORD.EXE [2015-03-18] (Microsoft Corporation)
Task: {7143B56F-6413-4A80-B027-000696A7F8B9} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HPSFUpdaterRedux => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe [2014-05-12] (Hewlett-Packard Company)
Task: {76030A58-4035-41D2-BF9E-4985FCF94798} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2015-04-14] (Hewlett-Packard)
Task: {764C4813-D5DF-485F-B941-96BB9069F1F3} - System32\Tasks\Adobe-Online-Aktualisierungsprogramm => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)
Task: {88F8446A-8A66-4F92-A1A3-2F189C831436} - System32\Tasks\SpyHunter4Startup => C:\Program Files\Enigma Software Group\SpyHunter\Spyhunter4.exe
Task: {8924B2ED-B4C9-4173-878D-B811E0A82642} - System32\Tasks\HPCeeScheduleForBalou => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2011-07-15] (Hewlett-Packard)
Task: {980DC651-7D91-4EE6-B024-1F700D0B175B} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe [2014-05-12] (Hewlett-Packard Company)
Task: {9CB00C45-1134-4D2A-B70E-3E32AD09D7AC} - System32\Tasks\{7B2576F8-19D1-4224-AE8D-82694AC96207} => pcalua.exe -a "C:\Program Files (x86)\o.tel.o\uninst.exe"
Task: {A32CCEE0-4C36-4BF6-B713-BDC7680D7E1D} - System32\Tasks\{E8ED73EC-8BEC-423A-A8CD-0B778CF8D605} => C:\Users\adriana\Downloads\vlc-2.0.1-win32.exe
Task: {A6D4269B-A4F7-4F8C-81BC-93B644206725} - System32\Tasks\{5604797B-B7BA-4A41-B8E3-4D2B67158A95} => C:\Windows\twain_32\escndv\escndv.exe [2009-01-24] (SEIKO EPSON CORP.)
Task: {AEAB3E8B-7B9A-421A-B4BC-64A4DC5F7F29} - System32\Tasks\{A2860E3E-E9F2-4AFF-881F-79453F19D3D2} => C:\Program Files (x86)\T-Mobile\InternetManager_H\Internet Manager.exe [2012-11-22] ()
Task: {B66C26BE-B6E0-4F07-8647-FB334A65F65B} - System32\Tasks\{F58373A8-1ACC-41A3-A540-9210BAE103CE} => C:\Program Files (x86)\DVDVideoSoft\Free YouTube to MP3 Converter\FreeYouTubeToMP3Converter.exe [2014-05-14] (DVDVideoSoft Ltd.)
Task: {C21639AE-4502-46D8-B0F3-1240D9B05662} - System32\Tasks\{1126E134-B7B0-474E-A964-2AD7A7ACAD0E} => C:\Program Files (x86)\T-Mobile\InternetManager_H\Internet Manager.exe [2012-11-22] ()
Task: {D248ECFF-7409-42E0-AAB0-6DCDB59E8B99} - System32\Tasks\{635DBC63-82E3-412D-95A5-B96B4D581090} => C:\Program Files (x86)\DVDVideoSoft\Free YouTube to MP3 Converter\FreeYouTubeToMP3Converter.exe [2014-05-14] (DVDVideoSoft Ltd.)
Task: {D91A8A78-2980-4817-B7A0-3A58A6765986} - System32\Tasks\{62AE3A68-9633-46A7-B498-5D693688C701} => C:\Program Files (x86)\Microsoft Office\Office12\WINWORD.EXE [2015-03-18] (Microsoft Corporation)
Task: {DB71A9FF-68F8-43F5-B8F8-7A77D12AE999} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfig => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-05-07] (Microsoft Corporation)
Task: {E63865EA-8E49-48D7-95E7-1649D51B4A05} - System32\Tasks\Microsoft\Windows\Windows Activation Technologies\ValidationTask => C:\Windows\system32\Wat\WatAdminSvc.exe [2012-07-20] (Microsoft Corporation)
Task: {E7F709C9-8ABC-453D-864E-8CA865A6121D} - System32\Tasks\{FF7DE629-CA72-414B-985A-A63816D3B7E9} => C:\Windows\twain_32\escndv\escndv.exe [2009-01-24] (SEIKO EPSON CORP.)
Task: {E8E40CB2-29CF-477D-89BD-9D367C3BCA3D} - System32\Tasks\HPCeeScheduleForSOFIA$ => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2011-07-15] (Hewlett-Packard)
Task: {EC4BAEA2-05FA-433B-BAB4-6BEC99056FE4} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-04-19] (Google Inc.)
Task: {FBEF525D-BBE9-4539-AED2-8573B5895C85} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-11-04] (Hewlett-Packard Company)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\HPCeeScheduleForadriana.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe
Task: C:\Windows\Tasks\HPCeeScheduleForBalou.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe
Task: C:\Windows\Tasks\HPCeeScheduleForSOFIA$.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe

==================== Loaded Modules (Whitelisted) ==============

2011-09-28 07:19 - 2011-09-28 07:19 - 00073728 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Container.Wlan.dll
2015-01-20 23:35 - 2015-01-20 23:35 - 00085832 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2015-01-20 23:35 - 2015-01-20 23:35 - 01346344 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2011-03-14 17:27 - 2011-03-14 17:27 - 00346976 _____ () C:\ProgramData\DatacardService\HWDeviceService64.exe
2014-08-16 16:19 - 2013-02-05 09:24 - 00671744 _____ () C:\ProgramData\Internet Manager\OnlineUpdate\ouc.exe
2014-08-16 16:19 - 2009-01-10 12:32 - 00011362 _____ () C:\ProgramData\Internet Manager\OnlineUpdate\mingwm10.dll
2014-08-16 16:19 - 2009-06-22 20:42 - 00043008 _____ () C:\ProgramData\Internet Manager\OnlineUpdate\libgcc_s_dw2-1.dll
2014-08-16 16:19 - 2012-10-31 11:11 - 02417152 _____ () C:\ProgramData\Internet Manager\OnlineUpdate\QtCore4.dll
2014-08-16 16:19 - 2012-10-31 11:14 - 01148416 _____ () C:\ProgramData\Internet Manager\OnlineUpdate\QtNetwork4.dll
2015-04-28 19:53 - 2015-04-28 19:53 - 00140288 _____ () C:\Program Files (x86)\MyDrive Connect\quazip.dll
2014-09-11 17:06 - 2014-09-11 17:06 - 00878592 _____ () C:\Program Files (x86)\MyDrive Connect\Plugins\platforms\qwindows.dll
2014-09-11 17:05 - 2014-09-11 17:05 - 00036352 _____ () C:\Program Files (x86)\MyDrive Connect\Plugins\bearer\qgenericbearer.dll
2014-09-11 17:06 - 2014-09-11 17:06 - 00038912 _____ () C:\Program Files (x86)\MyDrive Connect\Plugins\bearer\qnativerwifibearer.dll
2014-09-11 17:14 - 2014-09-11 17:14 - 00032256 _____ () C:\Program Files (x86)\MyDrive Connect\Plugins\imageformats\qdds.dll
2014-09-11 17:05 - 2014-09-11 17:05 - 00021504 _____ () C:\Program Files (x86)\MyDrive Connect\Plugins\imageformats\qgif.dll
2014-09-11 17:14 - 2014-09-11 17:14 - 00027648 _____ () C:\Program Files (x86)\MyDrive Connect\Plugins\imageformats\qicns.dll
2014-09-11 17:05 - 2014-09-11 17:05 - 00021504 _____ () C:\Program Files (x86)\MyDrive Connect\Plugins\imageformats\qico.dll
2014-09-11 17:14 - 2014-09-11 17:14 - 00381952 _____ () C:\Program Files (x86)\MyDrive Connect\Plugins\imageformats\qjp2.dll
2014-09-11 17:05 - 2014-09-11 17:05 - 00204800 _____ () C:\Program Files (x86)\MyDrive Connect\Plugins\imageformats\qjpeg.dll
2014-09-11 17:14 - 2014-09-11 17:14 - 00218112 _____ () C:\Program Files (x86)\MyDrive Connect\Plugins\imageformats\qmng.dll
2014-09-11 17:08 - 2014-09-11 17:08 - 00015872 _____ () C:\Program Files (x86)\MyDrive Connect\Plugins\imageformats\qsvg.dll
2014-09-11 17:14 - 2014-09-11 17:14 - 00015360 _____ () C:\Program Files (x86)\MyDrive Connect\Plugins\imageformats\qtga.dll
2014-09-11 17:15 - 2014-09-11 17:15 - 00307712 _____ () C:\Program Files (x86)\MyDrive Connect\Plugins\imageformats\qtiff.dll
2014-09-11 17:15 - 2014-09-11 17:15 - 00014848 _____ () C:\Program Files (x86)\MyDrive Connect\Plugins\imageformats\qwbmp.dll
2014-09-11 17:15 - 2014-09-11 17:15 - 00252928 _____ () C:\Program Files (x86)\MyDrive Connect\Plugins\imageformats\qwebp.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\ProgramData\Temp:373E1720

==================== Safe Mode (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-4246888475-3530032447-118406061-1002\Control Panel\Desktop\\Wallpaper -> C:\Users\adriana\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.2.1

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: APSDaemon => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: DivXMediaServer => C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe
MSCONFIG\startupreg: HP Quick Launch => C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
MSCONFIG\startupreg: HPConnectionManager => C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\HPCMDelayStart.exe
MSCONFIG\startupreg: HPOSD => C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
MSCONFIG\startupreg: HPQuickWebProxy => "C:\Program Files (x86)\Hewlett-Packard\HP QuickWeb\hpqwutils.exe"
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: Logitech Download Assistant => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
MSCONFIG\startupreg: Magic Desktop for HP notification => "C:\ProgramData\Easybits Magic Desktop for HP\mdhpSUN.exe"
MSCONFIG\startupreg: QuickTime Task => "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
MSCONFIG\startupreg: SetDefault => C:\Program Files\Hewlett-Packard\HP LaunchBox\SetDefault.exe
MSCONFIG\startupreg: StartCCC => "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{2D642E3C-49EC-4D17-9734-4A8090701D82}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{A225A52F-3CB1-4A93-A064-0D764B472A17}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{EAE192CA-4575-489E-AB91-6A97283B0D14}] => (Allow) LPort=2869
FirewallRules: [{50CA8323-A57A-4C64-A5FD-249FDE4C7962}] => (Allow) LPort=1900
FirewallRules: [{621C2173-AD3C-4922-B7BC-A20411CAD281}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{F5837E98-ECAC-421A-8046-17412049A08E}] => (Allow) C:\Program Files (x86)\Windows Live\Mesh\MOE.exe
FirewallRules: [{17814D93-4463-4D25-B6C9-CB6D0BC3E449}] => (Allow) C:\Windows\system32\ezSharedSvcHost.exe
FirewallRules: [TCP Query User{3227570D-C9CC-47F6-B607-6A7A45BE1265}C:\program files (x86)\epson software\event manager\eeventmanager.exe] => (Allow) C:\program files (x86)\epson software\event manager\eeventmanager.exe
FirewallRules: [UDP Query User{C56A0E4F-288B-4DA1-AA12-4BF3FDFBD155}C:\program files (x86)\epson software\event manager\eeventmanager.exe] => (Allow) C:\program files (x86)\epson software\event manager\eeventmanager.exe
FirewallRules: [TCP Query User{0D366521-5EE2-4C96-AFF3-C12A68EB5972}C:\program files (x86)\epson software\event manager\eeventmanager.exe] => (Allow) C:\program files (x86)\epson software\event manager\eeventmanager.exe
FirewallRules: [UDP Query User{AAD94BFD-1294-4F3D-9E70-6A09097753B0}C:\program files (x86)\epson software\event manager\eeventmanager.exe] => (Allow) C:\program files (x86)\epson software\event manager\eeventmanager.exe
FirewallRules: [{3D44B4D3-7945-48CE-B47B-2259F5F00ECF}] => (Allow) F:\Network\EpsonNetSetup\ENEasyApp.exe
FirewallRules: [{755F986A-9E82-4AFC-B6E3-7CE0A5177183}] => (Allow) F:\Network\EpsonNetSetup\ENEasyApp.exe
FirewallRules: [{6348B70F-C5C2-46BD-ABA1-43C75624ACA9}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{88DFD182-89B1-4377-9970-0D1969666DC6}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{364CA28C-62C3-48BD-80D5-C8C0288194FB}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{F502E6F9-39AF-4480-9187-E976B9C30D81}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{672B2BC6-6CCC-4566-BDA2-6E7CA3C2431A}] => (Allow) C:\Users\adriana\AppData\Local\Facebook\Video\Skype\FacebookVideoCalling.exe
FirewallRules: [TCP Query User{790D02CB-FDE8-496B-BC23-BCE85C699465}C:\users\adriana\appdata\roaming\dropbox\bin\dropbox.exe] => (Allow) C:\users\adriana\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [UDP Query User{634C3F3E-13F5-456C-8F00-0C1D4A82B0D3}C:\users\adriana\appdata\roaming\dropbox\bin\dropbox.exe] => (Allow) C:\users\adriana\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [{B63BE8F4-D3CA-455C-8938-F7F5E091F3F5}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPDeviceDetection3.exe
FirewallRules: [{12134C69-50EA-45FD-A69E-B65BC427EE5B}] => (Allow) C:\Users\adriana\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{7D71D540-4C8B-45C1-A81F-1480FEA35602}] => (Allow) C:\Users\adriana\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{9DFF9064-1CEC-4A29-94CF-802A326CEA85}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [TCP Query User{ED200E6F-C444-4D3A-8247-2FAC9977636D}C:\program files (x86)\mozilla firefox\firefox.exe] => (Allow) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [UDP Query User{BAA3DE53-7DCC-4A19-A30F-66ED41E7C344}C:\program files (x86)\mozilla firefox\firefox.exe] => (Allow) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [{F049708D-13CE-45A6-BC88-2BC55C242124}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{C6E4F6FC-F3BA-45A7-BEB3-D14257C36FCE}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{B401F235-76DD-463B-BF4C-A0B77AB2FD2F}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Faulty Device Manager Devices =============

Name: SASDIFSV
Description: SASDIFSV
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer: 
Service: SASDIFSV
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.

Name: SASKUTIL
Description: SASKUTIL
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer: 
Service: SASKUTIL
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.

Name: Microsoft-Adapter für Miniports virtueller WiFis
Description: Microsoft-Adapter für Miniports virtueller WiFis
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: vwifimp
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================
Error: (05/31/2015 03:33:12 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/31/2015 03:13:03 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/30/2015 09:23:34 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18807_none_fa381d5f175bfb52.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18807_none_fa381d5f175bfb52.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18807_none_fa381d5f175bfb52.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18807_none_fa381d5f175bfb52.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18807_none_41e554362bd82458.manifest.

Error: (05/30/2015 08:23:57 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 5319

Error: (05/30/2015 08:23:57 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 5319

Error: (05/30/2015 08:23:57 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (05/30/2015 08:23:55 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 4071

Error: (05/30/2015 08:23:55 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 4071

Error: (05/30/2015 08:23:55 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (05/30/2015 08:23:54 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 3073


System errors:
=============
Error: (05/31/2015 03:43:32 PM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT)
Description: AnwendungsspezifischLokalStart{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT-AUTORITÄTSYSTEMS-1-5-18LocalHost (unter Verwendung von LRPC)

Error: (05/31/2015 03:33:32 PM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT)
Description: AnwendungsspezifischLokalStart{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT-AUTORITÄTSYSTEMS-1-5-18LocalHost (unter Verwendung von LRPC)

Error: (05/31/2015 03:32:34 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen: 
SASDIFSV
SASKUTIL

Error: (05/31/2015 03:31:45 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Internet Manager. OUC" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%1053

Error: (05/31/2015 03:31:45 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Internet Manager. OUC erreicht.

Error: (05/31/2015 03:31:41 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10000) (User: NT-AUTORITÄT)
Description: Das WLAN-Erweiterungsmodul konnte nicht gestartet werden.

Modulpfad: C:\Windows\system32\Rtlihvs.dll
Fehlercode: 126

Error: (05/31/2015 03:23:09 PM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT)
Description: AnwendungsspezifischLokalStart{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT-AUTORITÄTSYSTEMS-1-5-18LocalHost (unter Verwendung von LRPC)

Error: (05/31/2015 03:15:23 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {CC957078-B838-47C4-A7CF-626E7A82FC58}

Error: (05/31/2015 03:13:05 PM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT)
Description: AnwendungsspezifischLokalStart{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT-AUTORITÄTSYSTEMS-1-5-18LocalHost (unter Verwendung von LRPC)

Error: (05/31/2015 03:12:49 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen: 
SASDIFSV
SASKUTIL


Microsoft Office:
=========================
Error: (01/13/2013 05:11:53 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6668.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 14990 seconds with 3420 seconds of active time.  This session ended with a crash.


CodeIntegrity Errors:
===================================
  Date: 2015-05-29 00:27:04.644
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2015-05-29 00:27:04.604
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.


==================== Memory info =========================== 

Processor: AMD A8-3520M APU with Radeon(tm) HD Graphics
Percentage of memory in use: 32%
Total physical RAM: 5609.41 MB
Available physical RAM: 3766.38 MB
Total Pagefile: 11217.02 MB
Available Pagefile: 9073.46 MB
Total Virtual: 8192 MB
Available Virtual: 8191.83 MB

==================== Drives ================================

Drive c: (System) (Fixed) (Total:625.17 GB) (Free:513.42 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive d: (Recovery) (Fixed) (Total:20.48 GB) (Free:2.16 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive e: (HP_TOOLS) (Fixed) (Total:3.96 GB) (Free:1.08 GB) FAT32
Drive g: (SICHERUNG_HP_TOOLS) (Fixed) (Total:48.83 GB) (Free:44.76 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 698.6 GB) (Disk ID: 5095087B)
Partition 1: (Not Active) - (Size=993 KB) - (Type=42)
Partition 2: (Active) - (Size=199 MB) - (Type=42)
Partition 3: (Not Active) - (Size=625.2 GB) - (Type=42)
Partition 4: (Not Active) - (Size=73.3 GB) - (Type=42)

==================== End of log ============================
Der frische FST . Lg

Results of screen317's Security Check version 1.002
Windows 7 Service Pack 1 x64 (UAC is enabled)
Internet Explorer 11
``````````````Antivirus/Firewall Check:``````````````
Emsisoft Anti-Malware
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
JavaFX 2.1.1
Java 8 Update 45
Adobe Flash Player 17.0.0.169
Adobe Reader XI
Mozilla Firefox (38.0.1)
Google Chrome (43.0.2357.65)
Google Chrome (43.0.2357.81)
````````Process Check: objlist.exe by Laurent````````
Emsisoft Anti-Malware a2service.exe
Internet Manager OnlineUpdate ouc.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C:
````````````````````End of Log``````````````````````

Keine Probleme bis jetzt geht der Laptop wieder.

Alt 31.05.2015, 15:14   #15
Sonnen
 
Spyhunter - wie werde ich ihn wieder los - Lächeln

Spyhunter - wie werde ich ihn wieder los


Wenn du sagst ich kann ihn wieder benutzen wie früher dann sage ich an dieser Stelle schon mal ein ganz großes Dankeschön an dich. Denn das ist für mich Rettung in höchster Not. Ganz lg Sonnen

Antwort
Seite 1 von 2 1 2

Themen zu Spyhunter - wie werde ich ihn wieder los
antiviren, arbeit, benötige, daten, dringend, forum, funktionen, großes, hallo zusammen, interne, internet, laptop, nicht mehr, not, probleme, programme, rojaner gefunden, scan, scanne, scannen, sonne, spyhunter nicht löschbar, trojaner, verseucht, versucht, zusammen, zusätzlich


« Windows 7: Webseiten werden auf buydomains.com/... weitergeleitet | Telekom Abuse Team - generic Trojaner/Virus »


Ähnliche Themen: Spyhunter - wie werde ich ihn wieder los


  1. sm.de - Wie werde ich das wieder los?
    Lob, Kritik und Wünsche - 06.05.2015 (1)
  2. sm.de - wie werde ich das wieder los?
    Plagegeister aller Art und deren Bekämpfung - 05.05.2015 (36)
  3. Wie werde ich das Ding wieder los ?
    Plagegeister aller Art und deren Bekämpfung - 22.03.2015 (4)
  4. Spyhunter 4 entfernen - Mal wieder
    Plagegeister aller Art und deren Bekämpfung - 18.02.2015 (3)
  5. werde Spyhunter 4 und Offers by Context nicht mehr los :(
    Plagegeister aller Art und deren Bekämpfung - 28.12.2014 (3)
  6. SpyHunter 4 eingefangen - wie bekomme ich ihn wieder los?
    Plagegeister aller Art und deren Bekämpfung - 24.11.2014 (5)
  7. PROBLEME mit Spyhunter und mystart! Wie bekomme ich Spyhunter wieder weg?
    Plagegeister aller Art und deren Bekämpfung - 14.11.2014 (13)
  8. wie werde ich das Ding wieder los 2
    Log-Analyse und Auswertung - 22.09.2014 (41)
  9. Spyhunter 4 installiert - gescannt - vorm löschen wieder deinstalliert - Resteentfernung
    Plagegeister aller Art und deren Bekämpfung - 21.01.2014 (9)
  10. Mit Spyhunter 47 Bedrohungen gefunden, Spyhunter wurde aber wieder deinstalliert.
    Log-Analyse und Auswertung - 25.10.2013 (9)
  11. Spyhunter 4 wegen "System care Antivirus" runtergeladen wie werde ich es wieder los
    Plagegeister aller Art und deren Bekämpfung - 10.05.2013 (10)
  12. wieder mal: deltasearch / spyhunter 4
    Plagegeister aller Art und deren Bekämpfung - 19.04.2013 (10)
  13. Snap.do lange nicht bemerkt, was kann der anrichten? Und Spyhunter kam dann auch noch dazu, wie werde ich beide los?
    Plagegeister aller Art und deren Bekämpfung - 06.04.2013 (16)
  14. Spyhunter 4 immer malware, wenn ja wie kann ich es wieder los werden
    Plagegeister aller Art und deren Bekämpfung - 03.06.2012 (12)
  15. Wie werde ich den wieder los ?
    Log-Analyse und Auswertung - 03.09.2008 (27)
  16. Trojaner? Wie werde ich das wieder los?
    Plagegeister aller Art und deren Bekämpfung - 04.10.2007 (6)
  17. Wie werde ich die Seuche wieder los?
    Plagegeister aller Art und deren Bekämpfung - 06.01.2005 (9)
Anleitungen und Tipps

- Für alle Hilfesuchenden! Was beachten?

- Anleitung: MyStartSearch.com entfernen

- Anleitung: WebSearches löschen

- Hilfe: iStartSurf entfernen – so gehts!

- Anleitung: Omiga Plus richtig entfernen

- Browser Viren entfernen


Zum Thema Spyhunter - wie werde ich ihn wieder los - Hallo zusammen, ich habe ein großes Problem. Ich habe bereits oft in eurem Forum mitgelesen und bei kleineren Probleme hier Hilfe gefunden. Jetzt benötige ich selbst dringend Hilfe. Mein Laptop - Spyhunter - wie werde ich ihn wieder los...
Archiv
Du betrachtest: Spyhunter - wie werde ich ihn wieder los auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55