| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Virus hängt an alle Dateien .vvvWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
01.12.2015, 00:31
| #1 |
| |  Virus hängt an alle Dateien .vvv Hallo, mich - meinen Rechner - hat ein Virus erwischt. An alle Word-, Excel- und PDF-Dateien wurde ein .vvv angehängt. Betroffene Dateien sind nicht mehr zu öffnen. jpg- und mp3-Dateien - auf der gleichen Platte, aber eine andere Partition - sind nicht betroffen. Beim Start von zum Beispiel Excel kommt ein englischer Text:All of your files were protected by a strong encryption with RSA-2048. Alle Dateien habe ich auf einer externen Festplatte gesichert, die nach der Sicherung vom System getrennt wurde. Insofern bin ich erst einmal beruhigt. Wäre aber blöd, alles neu aufsetzen zu müssen, da die zwischenzeitlich erstellten Dateien meiner Finanzsoftware (Wiso Mein Geld) weg wären. Ich habe defogger laufen lassen. Es wurde kein Neustart gefordert. Systemscan mit FRST habe ich durchgeführt FRST.txt: Code:
ATTFilter Untersuchungsergebnis von Farbar Recovery Scan Tool (FRST) (x64) Version:30-11-2015
durchgeführt von Ulla & Christian (Administrator) auf PC (01-12-2015 00:13:46)
Gestartet von C:\Users\Ulla & Christian\Downloads
Geladene Profile: Ulla & Christian & (Verfügbare Profile: Ulla & Christian & Jan)
Platform: Windows 8.1 (X64) Sprache: Deutsch (Deutschland)
Internet Explorer Version 11 (Standard-Browser: FF)
Start-Modus: Normal
Anleitung für Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Prozesse (Nicht auf der Ausnahmeliste) =================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Prozess geschlossen. Die Datei wird nicht verschoben.)
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Sicherheit-Ordnung\Avira\AntiVir Desktop\sched.exe
(ArcSoft Inc.) C:\Program Files (x86)\Common Files\ArcSoft\esinter\Bin\eservutil.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Sicherheit-Ordnung\Avira\AntiVir Desktop\avguard.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(The OpenVPN Project) C:\Program Files (x86)\Sophos\Sophos SSL VPN Client\bin\openvpnserv.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(DEVGURU Co., LTD.) C:\Program Files (x86)\Samsung\USB Drivers\25_escape\conn\ss_conn_service.exe
() C:\Program Files (x86)\Synology\Assistant\UsbClientService.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Sicherheit-Ordnung\Avira\AntiVir Desktop\avshadow.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.11.226\SSScheduler.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Sicherheit-Ordnung\Avira\AntiVir Desktop\avgnt.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
() C:\Program Files (x86)\Sophos\Sophos SSL VPN Client\bin\openvpn-gui.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\concentr.exe
(Logitech Inc.) C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe
() C:\Program Files (x86)\Logitech\LWS\Webcam Software\CameraHelperShell.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Sicherheit-Ordnung\Avira\AntiVir Desktop\avcenter.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Connected Remote\HPConnectedRemoteService.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Connected Remote\HPConnectedRemoteUser.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
==================== Registry (Nicht auf der Ausnahmeliste) ===========================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt. Die Datei wird nicht verschoben.)
HKLM\...\Run: [BeatsOSDApp] => C:\Program Files\IDT\WDM\beats64.exe [41664 2013-11-20] (Hewlett-Packard )
HKLM\...\Run: [Ocs_SM] => C:\Users\Ulla & Christian\AppData\Roaming\OCS\SM\SearchAnonymizer.exe [106496 2013-06-17] (OCS)
HKLM\...\Run: [KiesTrayAgent] => C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe [311616 2015-07-27] (Samsung Electronics Co., Ltd.)
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1703424 2013-11-20] (IDT, Inc.)
HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Sicherheit-Ordnung\Avira\AntiVir Desktop\avgnt.exe [788176 2015-11-10] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1021128 2014-11-20] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [openvpn-gui] => C:\Program Files (x86)\Sophos\Sophos SSL VPN Client\bin\openvpn-gui.exe [436776 2013-06-14] ()
HKLM-x32\...\Run: [ConnectionCenter] => C:\Program Files (x86)\Citrix\ICA Client\concentr.exe [304568 2010-10-12] (Citrix Systems, Inc.)
HKLM-x32\...\Run: [LWS] => C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe [204136 2012-09-12] (Logitech Inc.)
HKLM-x32\...\Run: [KiesTrayAgent] => C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe [311616 2015-07-27] (Samsung Electronics Co., Ltd.)
HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKU\S-1-5-21-3876800203-89553269-3656360523-1001\...\Run: [CCleaner Monitoring] => C:\Program Files (x86)\Sicherheit-Ordnung\CCleaner64.exe [8455960 2015-08-20] (Piriform Ltd)
HKU\S-1-5-21-3876800203-89553269-3656360523-1001\...\Run: [Spybot-S&D Cleaning] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe [4566952 2014-06-24] (Safer-Networking Ltd.)
HKU\S-1-5-21-3876800203-89553269-3656360523-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [CCleaner Monitoring] => C:\Program Files (x86)\Sicherheit-Ordnung\CCleaner64.exe [8455960 2015-08-20] (Piriform Ltd)
HKU\S-1-5-21-3876800203-89553269-3656360523-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [Spybot-S&D Cleaning] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe [4566952 2014-06-24] (Safer-Networking Ltd.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk [2015-11-15]
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.11.226\SSScheduler.exe (McAfee, Inc.)
Startup: C:\Users\Ulla & Christian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\how_recover+yer.html [2015-11-29] ()
Startup: C:\Users\Ulla & Christian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\how_recover+yer.txt [2015-11-29] ()
GroupPolicyUsers\S-1-5-21-3876800203-89553269-3656360523-1003\User: Beschränkung <======= ACHTUNG
==================== Internet (Nicht auf der Ausnahmeliste) ====================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Eintrag entfernt oder auf den Standardwert zurückgesetzt, wenn es sich um einen Registryeintrag handelt.)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
Tcpip\..\Interfaces\{82DFC5A4-518D-445C-A2B1-591A6747A3D5}: [DhcpNameServer] 192.168.103.1 192.168.103.20
Tcpip\..\Interfaces\{B56279DC-0CCA-4C4C-8F65-B5B765D59070}: [DhcpNameServer] 192.168.2.1
Internet Explorer:
==================
HKU\S-1-5-21-3876800203-89553269-3656360523-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPDSK13/4
HKU\S-1-5-21-3876800203-89553269-3656360523-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.bing.com
HKU\S-1-5-21-3876800203-89553269-3656360523-1001\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.bing.com
HKU\S-1-5-21-3876800203-89553269-3656360523-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPDSK13/4
HKU\S-1-5-21-3876800203-89553269-3656360523-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.bing.com
HKU\S-1-5-21-3876800203-89553269-3656360523-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.bing.com
HKU\S-1-5-21-3876800203-89553269-3656360523-1003-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.uk.msn.com/HPDSK13/4
HKU\S-1-5-21-3876800203-89553269-3656360523-1003-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0\Software\Microsoft\Internet Explorer\Main,First Home Page = hxxp://g.uk.msn.com/HPDSK13/4
HKU\S-1-5-21-3876800203-89553269-3656360523-1003-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPDSK13/4
URLSearchHook: [S-1-5-21-3876800203-89553269-3656360523-1003-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0] ACHTUNG => Standard URLSearchHook fehlt
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM -> {471E55EA-5870-4D06-85B1-087E723116A4} URL = hxxp://www.amazon.de/s/ref=azs_osd_ieade?ie=UTF-8&tag=hp-de1-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/707-154345-12128-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> {471E55EA-5870-4D06-85B1-087E723116A4} URL = hxxp://www.amazon.de/s/ref=azs_osd_ieade?ie=UTF-8&tag=hp-de1-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM-x32 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/707-154345-12128-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
SearchScopes: HKU\S-1-5-21-3876800203-89553269-3656360523-1001 -> {0376A5AC-5698-4CFB-BF5B-1A12FE88CE17} URL = hxxp://de.wikipedia.org.anonymize-me.de/?to=64652E77696B6970656469612E6F7267&st={searchTerms}&clid=8106a2b4-3f40-4652-b50f-5ed672b28841&pid=fotofreeware&mode=bounce&k=0
SearchScopes: HKU\S-1-5-21-3876800203-89553269-3656360523-1001 -> {2B9277F9-9AFF-4BE1-8D9F-5C47ACDE8AF9} URL = hxxp://www.pricerunner.de.anonymize-me.de/?to=707269636572756E6E65722E6465&st={searchTerms}&clid=8106a2b4-3f40-4652-b50f-5ed672b28841&pid=fotofreeware&mode=bounce&k=0
SearchScopes: HKU\S-1-5-21-3876800203-89553269-3656360523-1001 -> {471E55EA-5870-4D06-85B1-087E723116A4} URL = hxxp://www.amazon.de.anonymize-me.de/?anonymto=687474703A2F2F7777772E616D617A6F6E2E64652F732F7265663D617A735F6F73645F69656164653F69653D5554462D38267461673D68702D6465312D7673622D3231266C696E6B253546636F64653D717326696E6465783D617073266669656C642D6B6579776F7264733D7B7365617263685465726D737D&st={searchTerms}&clid=8106a2b4-3f40-4652-b50f-5ed672b28841&pid=fotofreeware&k=0
SearchScopes: HKU\S-1-5-21-3876800203-89553269-3656360523-1001 -> {68DA0295-7A32-4CC5-A929-A2513D7186F0} URL = hxxp://www.otto.de.anonymize-me.de/?to=6F74746F2E6465&st={searchTerms}&clid=8106a2b4-3f40-4652-b50f-5ed672b28841&pid=fotofreeware&mode=bounce&k=0
SearchScopes: HKU\S-1-5-21-3876800203-89553269-3656360523-1001 -> {B52B0020-6410-4905-8380-4EED9883BE80} URL = hxxp://www.myvideo.de.anonymize-me.de/?to=6D79766964656F2E6465&st={searchTerms}&clid=8106a2b4-3f40-4652-b50f-5ed672b28841&pid=fotofreeware&mode=bounce&k=0
SearchScopes: HKU\S-1-5-21-3876800203-89553269-3656360523-1001 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com.anonymize-me.de/?anonymto=687474703A2F2F726F7665722E656261792E636F6D2F726F7665722F312F3730372D3135343334352D31323132382D322F34203F6D7072653D687474702533412532462532467777772E656261792E636F6D2532467363682532462533465F6E6B772533447B7365617263685465726D737D266B6579776F72643D7B7365617263685465726D737D&st={searchTerms}&clid=8106a2b4-3f40-4652-b50f-5ed672b28841&pid=fotofreeware&k=0
SearchScopes: HKU\S-1-5-21-3876800203-89553269-3656360523-1001 -> {F2109080-1672-4F41-BDB0-B480859F3699} URL = hxxp://www.google.de/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-3876800203-89553269-3656360523-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {0376A5AC-5698-4CFB-BF5B-1A12FE88CE17} URL = hxxp://de.wikipedia.org.anonymize-me.de/?to=64652E77696B6970656469612E6F7267&st={searchTerms}&clid=8106a2b4-3f40-4652-b50f-5ed672b28841&pid=fotofreeware&mode=bounce&k=0
SearchScopes: HKU\S-1-5-21-3876800203-89553269-3656360523-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {2B9277F9-9AFF-4BE1-8D9F-5C47ACDE8AF9} URL = hxxp://www.pricerunner.de.anonymize-me.de/?to=707269636572756E6E65722E6465&st={searchTerms}&clid=8106a2b4-3f40-4652-b50f-5ed672b28841&pid=fotofreeware&mode=bounce&k=0
SearchScopes: HKU\S-1-5-21-3876800203-89553269-3656360523-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {471E55EA-5870-4D06-85B1-087E723116A4} URL = hxxp://www.amazon.de.anonymize-me.de/?anonymto=687474703A2F2F7777772E616D617A6F6E2E64652F732F7265663D617A735F6F73645F69656164653F69653D5554462D38267461673D68702D6465312D7673622D3231266C696E6B253546636F64653D717326696E6465783D617073266669656C642D6B6579776F7264733D7B7365617263685465726D737D&st={searchTerms}&clid=8106a2b4-3f40-4652-b50f-5ed672b28841&pid=fotofreeware&k=0
SearchScopes: HKU\S-1-5-21-3876800203-89553269-3656360523-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {68DA0295-7A32-4CC5-A929-A2513D7186F0} URL = hxxp://www.otto.de.anonymize-me.de/?to=6F74746F2E6465&st={searchTerms}&clid=8106a2b4-3f40-4652-b50f-5ed672b28841&pid=fotofreeware&mode=bounce&k=0
SearchScopes: HKU\S-1-5-21-3876800203-89553269-3656360523-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {B52B0020-6410-4905-8380-4EED9883BE80} URL = hxxp://www.myvideo.de.anonymize-me.de/?to=6D79766964656F2E6465&st={searchTerms}&clid=8106a2b4-3f40-4652-b50f-5ed672b28841&pid=fotofreeware&mode=bounce&k=0
SearchScopes: HKU\S-1-5-21-3876800203-89553269-3656360523-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com.anonymize-me.de/?anonymto=687474703A2F2F726F7665722E656261792E636F6D2F726F7665722F312F3730372D3135343334352D31323132382D322F34203F6D7072653D687474702533412532462532467777772E656261792E636F6D2532467363682532462533465F6E6B772533447B7365617263685465726D737D266B6579776F72643D7B7365617263685465726D737D&st={searchTerms}&clid=8106a2b4-3f40-4652-b50f-5ed672b28841&pid=fotofreeware&k=0
SearchScopes: HKU\S-1-5-21-3876800203-89553269-3656360523-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {F2109080-1672-4F41-BDB0-B480859F3699} URL = hxxp://www.google.de/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-3876800203-89553269-3656360523-1003-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0 -> {471E55EA-5870-4D06-85B1-087E723116A4} URL = hxxp://www.amazon.de/s/ref=azs_osd_ieade?ie=UTF-8&tag=hp-de1-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKU\S-1-5-21-3876800203-89553269-3656360523-1003-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/707-154345-12128-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\ssv.dll [2015-01-28] (Oracle Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\jp2ssv.dll [2015-01-28] (Oracle Corporation)
Toolbar: HKU\S-1-5-21-3876800203-89553269-3656360523-1001 -> Kein Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - Keine Datei
Toolbar: HKU\S-1-5-21-3876800203-89553269-3656360523-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> Kein Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - Keine Datei
Handler-x32: http - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL [1999-02-03] (Microsoft Corporation)
Handler-x32: http - {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL [1999-02-03] (Microsoft Corporation)
Handler-x32: https - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL [1999-02-03] (Microsoft Corporation)
Handler-x32: https - {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL [1999-02-03] (Microsoft Corporation)
Handler-x32: ipp - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL [1999-02-03] (Microsoft Corporation)
Handler-x32: msdaipp - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL [1999-02-03] (Microsoft Corporation)
Handler-x32: msdaipp - {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL [1999-02-03] (Microsoft Corporation)
Filter-x32: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2010-10-12] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2010-10-12] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2010-10-12] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2010-10-12] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2010-10-12] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2010-10-12] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2010-10-12] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2010-10-12] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2010-10-12] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2010-10-12] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2010-10-12] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2010-10-12] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2010-10-12] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2010-10-12] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2010-10-12] (Citrix Systems, Inc.)
Filter-x32: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2010-10-12] (Citrix Systems, Inc.)
FireFox:
========
FF ProfilePath: C:\Users\Ulla & Christian\AppData\Roaming\Mozilla\Firefox\Profiles\7shvkqc1.default
FF SelectedSearchEngine: Bing
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_19_0_0_245.dll [2015-11-10] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.0.2 -> C:\Program Files (x86)\Filme - Video\VLC\npvlc.dll [2012-06-28] (VideoLAN)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_19_0_0_245.dll [2015-11-10] ()
FF Plugin-x32: @ei.UtilityChest_49.com/Plugin -> C:\Program Files (x86)\UtilityChest_49EI\Installr\1.bin\NP49EISB.dll [2013-07-02] (Utility Chest)
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Bilder\Picasa3\npPicasa3.dll [2014-01-06] (Google, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll [2015-01-28] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\plugin2\npjp2.dll [2015-01-28] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll [2010-04-26] (Microsoft Corp.)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3503.0728 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-07-28] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2013-08-29] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2013-08-29] (NVIDIA Corporation)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2013-12-21] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-3876800203-89553269-3656360523-1001: amazon.com/AmazonMP3DownloaderPlugin -> C:\Users\Ulla & Christian\AppData\Local\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin10181.dll [2013-05-22] (Amazon.com, Inc.)
FF Plugin HKU\S-1-5-21-3876800203-89553269-3656360523-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0: amazon.com/AmazonMP3DownloaderPlugin -> C:\Users\Ulla & Christian\AppData\Local\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin10181.dll [2013-05-22] (Amazon.com, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\CCMSDK.dll [2010-10-12] (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\cgpcfg.dll [2010-10-12] (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\CgpCore.dll [2010-10-12] (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\confmgr.dll [2010-10-12] (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\ctxlogging.dll [2010-10-12] (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\ctxmui.dll [2010-10-12] (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\icafile.dll [2010-10-12] (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\icalogon.dll [2010-10-12] (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npicaN.dll [2010-10-12] ()
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2013-12-21] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\sslsdk_b.dll [2010-07-14] (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\TcpPServ.dll [2010-10-12] (Citrix Systems, Inc.)
FF SearchPlugin: C:\Users\Ulla & Christian\AppData\Roaming\Mozilla\Firefox\Profiles\7shvkqc1.default\searchplugins\how_recover+yer.html [2015-11-29]
FF SearchPlugin: C:\Users\Ulla & Christian\AppData\Roaming\Mozilla\Firefox\Profiles\7shvkqc1.default\searchplugins\how_recover+yer.txt [2015-11-29]
FF Extension: Shrunked Image Resizer - C:\Users\Ulla & Christian\AppData\Roaming\Mozilla\Firefox\Profiles\7shvkqc1.default\extensions\shrunked@darktrojan.net.xpi [2015-09-14]
FF Extension: Avira Browser Safety - C:\Users\Ulla & Christian\AppData\Roaming\Mozilla\Firefox\Profiles\7shvkqc1.default\Extensions\abs@avira.com [2015-11-29] [ist nicht signiert]
Chrome:
=======
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
==================== Dienste (Nicht auf der Ausnahmeliste) ========================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
R2 ADExchange; C:\Program Files (x86)\Common Files\ArcSoft\esinter\Bin\eservutil.exe [43112 2012-02-16] (ArcSoft Inc.)
S2 AntiVirMailService; C:\Program Files (x86)\Sicherheit-Ordnung\Avira\AntiVir Desktop\avmailc7.exe [936544 2015-11-10] (Avira Operations GmbH & Co. KG)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Sicherheit-Ordnung\Avira\AntiVir Desktop\sched.exe [466408 2015-11-10] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Sicherheit-Ordnung\Avira\AntiVir Desktop\avguard.exe [466408 2015-11-10] (Avira Operations GmbH & Co. KG)
S2 AntiVirWebService; C:\Program Files (x86)\Sicherheit-Ordnung\Avira\AntiVir Desktop\avwebg7.exe [1105952 2015-11-10] (Avira Operations GmbH & Co. KG)
S3 DfSdkS; C:\Program Files (x86)\Ashampoo\Ashampoo WinOptimizer 2015\DfsdkS64.exe [544768 2009-08-24] (mst software GmbH, Germany) [Datei ist nicht signiert]
R2 HP Support Assistant Service; C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [92160 2013-11-04] (Hewlett-Packard Company) [Datei ist nicht signiert]
R2 HPConnectedRemote; c:\Program Files (x86)\Hewlett-Packard\HP Connected Remote\HPConnectedRemoteService.exe [35744 2012-10-12] (Hewlett-Packard)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.11.226\McCHSvc.exe [289256 2015-10-30] (McAfee, Inc.)
S3 OpenVPNService; C:\Program Files (x86)\Sophos\Sophos SSL VPN Client\bin\openvpnserv.exe [59432 2013-06-14] (The OpenVPN Project)
R2 OpenVPNServiceInteractive; C:\Program Files (x86)\Sophos\Sophos SSL VPN Client\bin\openvpnserv.exe [59432 2013-06-14] (The OpenVPN Project)
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)
R2 ss_conn_service; C:\Program Files (x86)\Samsung\USB Drivers\25_escape\conn\ss_conn_service.exe [743688 2015-05-21] (DEVGURU Co., LTD.)
R2 STacSV; C:\Program Files\IDT\WDM\STacSV64.exe [339456 2013-11-20] (IDT, Inc.) [Datei ist nicht signiert]
R2 UsbClientService; C:\Program Files (x86)\Synology\Assistant\UsbClientService.exe [248736 2014-12-17] ()
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366552 2015-07-07] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2015-07-07] (Microsoft Corporation)
===================== Treiber (Nicht auf der Ausnahmeliste) ==========================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
R0 ambakdrv; C:\Windows\System32\ambakdrv.sys [30648 2013-04-27] () [Datei ist nicht signiert]
R2 ammntdrv; C:\windows\system32\ammntdrv.sys [151480 2013-04-27] () [Datei ist nicht signiert]
R2 amwrtdrv; C:\windows\system32\amwrtdrv.sys [17848 2013-02-06] () [Datei ist nicht signiert]
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [137800 2015-09-23] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [148632 2015-08-04] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\system32\DRIVERS\avkmgr.sys [28600 2013-11-26] (Avira Operations GmbH & Co. KG)
R2 avnetflt; C:\Windows\system32\DRIVERS\avnetflt.sys [74440 2015-09-23] (Avira Operations GmbH & Co. KG)
R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [92536 2012-06-25] (CyberLink)
S0 ebdrv; C:\Windows\System32\drivers\evbda.sys [3357024 2013-08-22] (Broadcom Corporation)
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44560 2015-07-07] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [270168 2015-07-07] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114520 2015-07-07] (Microsoft Corporation)
==================== NetSvcs (Nicht auf der Ausnahmeliste) ===================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
==================== Ein Monat: Erstellte Dateien und Ordner ========
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)
2015-12-01 00:11 - 2015-12-01 00:11 - 00000000 _____ C:\Users\Ulla & Christian\defogger_reenable
2015-12-01 00:10 - 2015-12-01 00:10 - 00050477 _____ C:\Users\Ulla & Christian\Downloads\Defogger.exe
2015-11-30 23:21 - 2015-12-01 00:10 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2015-11-30 23:21 - 2015-11-30 23:49 - 00192216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2015-11-30 23:21 - 2015-11-30 23:21 - 00000000 ____D C:\ProgramData\Malwarebytes
2015-11-30 23:19 - 2015-11-30 23:49 - 00109272 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2015-11-30 23:19 - 2015-11-30 23:19 - 00000000 ____D C:\Malwarebytes
2015-11-30 23:18 - 2015-11-30 23:18 - 16563352 _____ (Malwarebytes Corp.) C:\Users\Ulla & Christian\Downloads\mbar-1.09.3.1001.exe
2015-11-30 23:06 - 2015-11-30 23:07 - 00053534 _____ C:\Users\Ulla & Christian\Downloads\Addition.txt
2015-11-30 23:05 - 2015-12-01 00:13 - 00030188 _____ C:\Users\Ulla & Christian\Downloads\FRST.txt
2015-11-30 23:05 - 2015-12-01 00:13 - 00000000 ____D C:\FRST
2015-11-30 23:04 - 2015-11-30 23:04 - 02350080 _____ (Farbar) C:\Users\Ulla & Christian\Downloads\FRST64(1).exe
2015-11-30 23:02 - 2015-11-30 23:02 - 02350080 _____ (Farbar) C:\Users\Ulla & Christian\Downloads\FRST64.exe
2015-11-30 13:54 - 2015-11-30 13:56 - 00000050 _____ C:\Users\Ulla & Christian\AppData\Roaming\AVSDVDPlayer.m3u
2015-11-30 13:54 - 2015-11-30 13:55 - 00000000 ___HD C:\$WINDOWS.~BT
2015-11-29 22:45 - 2015-11-29 22:45 - 00024261 _____ C:\Users\Ulla & Christian\Downloads\RX_151129_Bestellbestaetigung_VID3_2245.pdf
2015-11-29 21:46 - 2015-11-29 21:46 - 00006921 _____ C:\WINDOWS\Tasks\how_recover+yer.html
2015-11-29 21:46 - 2015-11-29 21:46 - 00002401 _____ C:\WINDOWS\Tasks\how_recover+yer.txt
2015-11-29 21:45 - 2015-11-29 21:45 - 00006921 _____ C:\Users\Ulla & Christian\how_recover+yer.html
2015-11-29 21:45 - 2015-11-29 21:45 - 00002401 _____ C:\Users\Ulla & Christian\how_recover+yer.txt
2015-11-29 21:33 - 2015-11-29 21:34 - 00006921 _____ C:\Users\Ulla & Christian\Documents\how_recover+yer.html
2015-11-29 21:33 - 2015-11-29 21:34 - 00002401 _____ C:\Users\Ulla & Christian\Documents\how_recover+yer.txt
2015-11-29 21:33 - 2015-11-29 21:33 - 00006921 _____ C:\Users\Ulla & Christian\Downloads\how_recover+yer.html
2015-11-29 21:33 - 2015-11-29 21:33 - 00002401 _____ C:\Users\Ulla & Christian\Downloads\how_recover+yer.txt
2015-11-29 21:26 - 2015-11-29 21:26 - 00006921 _____ C:\Users\Ulla & Christian\AppData\how_recover+yer.html
2015-11-29 21:26 - 2015-11-29 21:26 - 00002401 _____ C:\Users\Ulla & Christian\AppData\how_recover+yer.txt
2015-11-29 21:25 - 2015-11-29 21:45 - 00006921 _____ C:\Users\Ulla & Christian\AppData\Roaming\Microsoft\Windows\Start Menu\how_recover+yer.html
2015-11-29 21:25 - 2015-11-29 21:45 - 00002401 _____ C:\Users\Ulla & Christian\AppData\Roaming\Microsoft\Windows\Start Menu\how_recover+yer.txt
2015-11-29 21:25 - 2015-11-29 21:25 - 00006921 _____ C:\Users\Ulla & Christian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\how_recover+yer.html
2015-11-29 21:25 - 2015-11-29 21:25 - 00006921 _____ C:\Users\Ulla & Christian\AppData\LocalLow\how_recover+yer.html
2015-11-29 21:25 - 2015-11-29 21:25 - 00002401 _____ C:\Users\Ulla & Christian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\how_recover+yer.txt
2015-11-29 21:25 - 2015-11-29 21:25 - 00002401 _____ C:\Users\Ulla & Christian\AppData\LocalLow\how_recover+yer.txt
2015-11-29 21:23 - 2015-11-29 21:34 - 00006921 _____ C:\Users\Ulla & Christian\AppData\Local\how_recover+yer.html
2015-11-29 21:23 - 2015-11-29 21:34 - 00002401 _____ C:\Users\Ulla & Christian\AppData\Local\how_recover+yer.txt
2015-11-29 21:23 - 2015-11-29 21:26 - 00006921 _____ C:\Users\Ulla & Christian\AppData\Roaming\how_recover+yer.html
2015-11-29 21:23 - 2015-11-29 21:26 - 00002401 _____ C:\Users\Ulla & Christian\AppData\Roaming\how_recover+yer.txt
2015-11-29 21:23 - 2015-11-29 21:23 - 00006921 _____ C:\Users\Ulla & Christian\AppData\Local\Apps\how_recover+yer.html
2015-11-29 21:23 - 2015-11-29 21:23 - 00006921 _____ C:\Users\Public\how_recover+yer.html
2015-11-29 21:23 - 2015-11-29 21:23 - 00006921 _____ C:\Users\Public\Downloads\how_recover+yer.html
2015-11-29 21:23 - 2015-11-29 21:23 - 00002401 _____ C:\Users\Ulla & Christian\AppData\Local\Apps\how_recover+yer.txt
2015-11-29 21:23 - 2015-11-29 21:23 - 00002401 _____ C:\Users\Public\how_recover+yer.txt
2015-11-29 21:23 - 2015-11-29 21:23 - 00002401 _____ C:\Users\Public\Downloads\how_recover+yer.txt
2015-11-29 21:21 - 2015-11-29 21:23 - 00006921 _____ C:\Users\Public\Documents\how_recover+yer.html
2015-11-29 21:21 - 2015-11-29 21:23 - 00006921 _____ C:\ProgramData\how_recover+yer.html
2015-11-29 21:21 - 2015-11-29 21:23 - 00002401 _____ C:\Users\Public\Documents\how_recover+yer.txt
2015-11-29 21:21 - 2015-11-29 21:23 - 00002401 _____ C:\ProgramData\how_recover+yer.txt
2015-11-29 21:19 - 2015-11-29 21:19 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
2015-11-29 21:19 - 2015-11-29 21:19 - 00000000 ____D C:\Program Files (x86)\7-Zip
2015-11-29 21:18 - 2015-11-29 21:18 - 01466656 _____ C:\Users\Ulla & Christian\Downloads\7 Zip 32 Bit - CHIP-Installer.exe
2015-11-29 21:16 - 2015-11-29 21:26 - 00000670 _____ C:\Users\Ulla & Christian\Documents\recover_file_jkvrflnqu.txt.vvv
2015-11-28 23:24 - 2015-11-28 23:24 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Live Add-in
2015-11-28 23:22 - 2015-10-22 18:43 - 00007168 _____ (Microsoft Corporation) C:\WINDOWS\system32\kbdgeoqw.dll
2015-11-28 23:22 - 2015-10-22 18:43 - 00007168 _____ (Microsoft Corporation) C:\WINDOWS\system32\KBDAZST.DLL
2015-11-28 23:22 - 2015-10-22 18:43 - 00007168 _____ (Microsoft Corporation) C:\WINDOWS\system32\KBDAZEL.DLL
2015-11-28 23:22 - 2015-10-22 18:43 - 00007168 _____ (Microsoft Corporation) C:\WINDOWS\system32\KBDAZE.DLL
2015-11-28 23:22 - 2015-10-22 17:59 - 00007168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kbdgeoqw.dll
2015-11-28 23:22 - 2015-10-22 17:59 - 00007168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KBDAZST.DLL
2015-11-28 23:22 - 2015-10-22 17:59 - 00007168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KBDAZEL.DLL
2015-11-28 23:22 - 2015-10-22 17:59 - 00007168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KBDAZE.DLL
2015-11-28 23:22 - 2015-10-22 17:21 - 01200128 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Globalization.dll
2015-11-28 23:22 - 2015-10-22 17:21 - 00323072 _____ (Microsoft Corporation) C:\WINDOWS\system32\GlobCollationHost.dll
2015-11-28 23:22 - 2015-10-22 16:58 - 00868864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Globalization.dll
2015-11-28 23:22 - 2015-10-22 16:58 - 00200704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GlobCollationHost.dll
2015-11-28 23:22 - 2015-10-22 15:08 - 00513456 _____ C:\WINDOWS\SysWOW64\locale.nls
2015-11-28 23:22 - 2015-10-22 15:08 - 00513456 _____ C:\WINDOWS\system32\locale.nls
2015-11-28 23:22 - 2015-01-06 04:01 - 00072192 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ndproxy.sys
2015-11-28 23:22 - 2015-01-06 03:59 - 00080896 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wanarp.sys
2015-11-28 23:22 - 2015-01-06 02:12 - 00185856 _____ (Microsoft Corporation) C:\WINDOWS\system32\rascfg.dll
2015-11-28 23:22 - 2015-01-06 02:02 - 00164864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rascfg.dll
2015-11-28 23:21 - 2015-10-11 07:34 - 00468824 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBHUB3.SYS
2015-11-28 23:21 - 2015-10-11 07:34 - 00462168 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbhub.sys
2015-11-28 23:21 - 2015-10-11 07:34 - 00443224 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbport.sys
2015-11-28 23:21 - 2015-10-11 07:34 - 00092504 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbehci.sys
2015-11-28 23:21 - 2015-10-11 07:34 - 00027992 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbd.sys
2015-11-28 23:21 - 2015-10-10 19:41 - 00037376 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbuhci.sys
2015-11-28 23:21 - 2015-10-10 19:41 - 00030208 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbohci.sys
2015-11-28 23:21 - 2015-10-10 19:40 - 00078848 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\winusb.sys
2015-11-28 23:21 - 2015-10-10 18:20 - 00186880 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpapisrv.dll
2015-11-28 23:21 - 2015-10-08 17:11 - 00060928 _____ (Microsoft Corporation) C:\WINDOWS\system32\PCPKsp.dll
2015-11-28 23:21 - 2015-10-08 16:50 - 00053248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PCPKsp.dll
2015-11-28 23:21 - 2015-10-05 19:28 - 00146432 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininit.exe
2015-11-28 23:21 - 2015-10-05 19:25 - 00572928 _____ (Microsoft Corporation) C:\WINDOWS\system32\winlogon.exe
2015-11-28 23:21 - 2015-10-03 20:41 - 01385280 _____ (Microsoft Corporation) C:\WINDOWS\system32\msctf.dll
2015-11-28 23:21 - 2015-10-03 20:41 - 01124384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msctf.dll
2015-11-28 23:21 - 2015-09-28 19:31 - 02775552 _____ (Microsoft Corporation) C:\WINDOWS\system32\authui.dll
2015-11-28 23:21 - 2015-09-28 19:24 - 02462720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\authui.dll
2015-11-28 23:21 - 2015-05-01 02:13 - 06521800 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppsvc.exe
2015-11-28 23:21 - 2015-05-01 02:13 - 01488000 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppobjs.dll
2015-11-28 23:21 - 2015-05-01 02:13 - 00261376 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppwinob.dll
2015-11-28 22:23 - 2015-11-28 22:23 - 14108096 _____ (Citrix Systems, Inc.) C:\Users\Ulla & Christian\Downloads\CitrixOnlinePluginWeb(3).exe
2015-11-25 23:20 - 2015-11-25 23:23 - 88173384 _____ (Buhl Data Service GmbH) C:\Users\Ulla & Christian\Downloads\WISOFinanz2016.exe
2015-11-23 07:26 - 2015-11-29 21:25 - 00000000 ____D C:\Users\Ulla & Christian\AppData\Roaming\DataDesign
2015-11-22 17:53 - 2015-11-22 17:54 - 14108096 _____ (Citrix Systems, Inc.) C:\Users\Ulla & Christian\Downloads\CitrixOnlinePluginWeb(2).exe
2015-11-18 20:20 - 2015-11-18 20:20 - 00000000 ____D C:\Users\Jan\AppData\Roaming\HpUpdate
2015-11-15 17:06 - 2015-11-15 17:06 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus
2015-11-15 17:06 - 2015-11-15 17:06 - 00000000 ____D C:\Program Files\McAfee Security Scan
2015-11-14 17:17 - 2015-11-30 23:51 - 00008510 _____ C:\WINDOWS\System32\Tasks\FinishInstall igdhbblpcellaljokkpfhcjlagemhgjl
2015-11-10 23:24 - 2015-11-10 23:24 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2015-11-10 19:37 - 2015-10-31 00:46 - 25818624 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2015-11-10 19:37 - 2015-10-31 00:25 - 02886656 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2015-11-10 19:37 - 2015-10-31 00:24 - 00585728 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2015-11-10 19:37 - 2015-10-31 00:11 - 05990912 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2015-11-10 19:37 - 2015-10-31 00:11 - 00817664 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2015-11-10 19:37 - 2015-10-30 23:52 - 20331520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2015-11-10 19:37 - 2015-10-30 23:47 - 00504832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2015-11-10 19:37 - 2015-10-30 23:42 - 02279936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2015-11-10 19:37 - 2015-10-30 23:39 - 01032704 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll
2015-11-10 19:37 - 2015-10-30 23:36 - 00663552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2015-11-10 19:37 - 2015-10-30 23:32 - 00720896 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2015-11-10 19:37 - 2015-10-30 23:31 - 00801280 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2015-11-10 19:37 - 2015-10-30 23:22 - 14457856 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2015-11-10 19:37 - 2015-10-30 23:17 - 02487808 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2015-11-10 19:37 - 2015-10-30 23:16 - 04527616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2015-11-10 19:37 - 2015-10-30 23:14 - 00880128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll
2015-11-10 19:37 - 2015-10-30 23:10 - 00689152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2015-11-10 19:37 - 2015-10-30 23:09 - 12854272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2015-11-10 19:37 - 2015-10-30 23:04 - 01547264 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2015-11-10 19:37 - 2015-10-30 22:53 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2015-11-10 19:37 - 2015-10-30 22:51 - 02011136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2015-11-10 19:37 - 2015-10-30 22:48 - 01311744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2015-11-10 19:37 - 2015-10-30 22:46 - 00710144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2015-11-10 19:35 - 2015-10-20 22:54 - 00136904 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
2015-11-10 19:35 - 2015-10-20 15:53 - 03705856 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2015-11-10 19:35 - 2015-10-20 15:36 - 02243072 _____ (Microsoft Corporation) C:\WINDOWS\system32\wucltux.dll
2015-11-10 19:35 - 2015-10-20 15:35 - 00891904 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2015-11-10 19:35 - 2015-10-20 15:34 - 00409088 _____ (Microsoft Corporation) C:\WINDOWS\system32\WUSettingsProvider.dll
2015-11-10 19:35 - 2015-10-20 15:34 - 00140288 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuwebv.dll
2015-11-10 19:35 - 2015-10-20 15:34 - 00035840 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapp.exe
2015-11-10 19:35 - 2015-10-20 15:33 - 00095744 _____ (Microsoft Corporation) C:\WINDOWS\system32\wudriver.dll
2015-11-10 19:35 - 2015-10-20 15:14 - 00721920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
2015-11-10 19:35 - 2015-10-20 15:13 - 00124928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuwebv.dll
2015-11-10 19:35 - 2015-10-20 15:13 - 00081920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wudriver.dll
2015-11-10 19:35 - 2015-10-20 15:13 - 00029696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapp.exe
2015-11-10 19:35 - 2015-10-15 17:08 - 00990208 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
2015-11-10 19:35 - 2015-10-15 16:46 - 00803328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll
2015-11-10 19:35 - 2015-10-15 00:02 - 07455064 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2015-11-10 19:35 - 2015-10-15 00:02 - 01659560 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2015-11-10 19:35 - 2015-10-15 00:02 - 01519592 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2015-11-10 19:35 - 2015-10-15 00:02 - 01487008 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2015-11-10 19:35 - 2015-10-15 00:02 - 01355848 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
2015-11-10 19:35 - 2015-10-13 18:10 - 00559616 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\afd.sys
2015-11-10 19:35 - 2015-10-13 18:10 - 00108032 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tdx.sys
2015-11-10 19:35 - 2015-10-13 16:59 - 00397224 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcryptprimitives.dll
2015-11-10 19:35 - 2015-10-13 16:59 - 00340872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\bcryptprimitives.dll
2015-11-10 19:35 - 2015-10-13 16:59 - 00137960 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncrypt.dll
2015-11-10 19:35 - 2015-10-13 16:59 - 00120376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ncrypt.dll
2015-11-10 19:35 - 2015-10-13 16:59 - 00106952 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncryptsslp.dll
2015-11-10 19:35 - 2015-10-13 16:59 - 00091416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ncryptsslp.dll
2015-11-10 19:35 - 2015-10-11 07:36 - 00561952 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2015-11-10 19:35 - 2015-10-11 07:36 - 00177496 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecpkg.sys
2015-11-10 19:35 - 2015-10-10 19:40 - 00202240 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb20.sys
2015-11-10 19:35 - 2015-10-10 19:39 - 00401408 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb.sys
2015-11-10 19:35 - 2015-10-10 19:07 - 00445440 _____ (Microsoft Corporation) C:\WINDOWS\system32\certcli.dll
2015-11-10 19:35 - 2015-10-10 18:33 - 01441280 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2015-11-10 19:35 - 2015-10-10 18:27 - 00432640 _____ (Microsoft Corporation) C:\WINDOWS\system32\schannel.dll
2015-11-10 19:35 - 2015-10-10 18:11 - 00324096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\certcli.dll
2015-11-10 19:35 - 2015-10-10 17:45 - 00359424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\schannel.dll
2015-11-10 19:35 - 2015-09-29 13:24 - 00155480 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tpm.sys
2015-11-10 19:35 - 2015-09-12 14:47 - 00414559 _____ C:\WINDOWS\system32\ApnDatabase.xml
2015-11-10 19:35 - 2015-09-07 17:22 - 00477184 _____ (Microsoft Corporation) C:\WINDOWS\system32\puiobj.dll
2015-11-10 19:35 - 2015-09-07 16:54 - 00367104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\puiobj.dll
2015-11-10 19:35 - 2015-09-07 16:30 - 01091584 _____ (Microsoft Corporation) C:\WINDOWS\system32\localspl.dll
2015-11-10 19:35 - 2015-09-04 20:24 - 00154112 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tunnel.sys
2015-11-10 19:35 - 2015-08-28 23:20 - 00183368 _____ (Microsoft Corporation) C:\WINDOWS\system32\AuthHost.exe
2015-11-10 19:35 - 2015-08-20 21:45 - 01380048 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32.dll
2015-11-10 19:35 - 2015-08-20 18:48 - 01096704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32.dll
2015-11-10 19:30 - 2015-10-17 15:19 - 04176384 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2015-11-10 19:30 - 2015-10-08 17:08 - 01083904 _____ (Microsoft Corporation) C:\WINDOWS\system32\IKEEXT.DLL
2015-11-10 19:30 - 2015-08-10 19:15 - 00845312 _____ (Microsoft Corporation) C:\WINDOWS\system32\BFE.DLL
2015-11-10 19:30 - 2015-08-10 19:06 - 00422400 _____ (Microsoft Corporation) C:\WINDOWS\system32\FWPUCLNT.DLL
2015-11-10 19:30 - 2015-08-10 18:49 - 00713216 _____ (Microsoft Corporation) C:\WINDOWS\system32\nshwfp.dll
2015-11-10 19:30 - 2015-08-10 17:56 - 00272384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\FWPUCLNT.DLL
2015-11-10 19:30 - 2015-08-10 17:46 - 00561664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\nshwfp.dll
2015-11-07 18:17 - 2015-11-07 18:17 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\World of Warships
2015-11-07 18:14 - 2015-11-07 18:14 - 07369576 _____ (Wargaming.net ) C:\Users\Ulla & Christian\Downloads\WoWS_internet_install_eu.exe
2015-11-07 15:58 - 2015-11-07 22:39 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2015-11-06 12:48 - 2015-11-06 12:49 - 14108096 _____ (Citrix Systems, Inc.) C:\Users\Ulla & Christian\Downloads\CitrixOnlinePluginWeb(1).exe
2015-11-03 13:42 - 2015-11-29 21:23 - 00000000 ____D C:\Users\Ulla & Christian\.android
2015-11-03 13:41 - 2015-11-29 21:25 - 00000000 ____D C:\Users\Ulla & Christian\AppData\Roaming\MyPhoneExplorer
2015-11-03 13:41 - 2015-11-03 13:41 - 00002078 _____ C:\Users\Public\Desktop\MyPhoneExplorer.lnk
2015-11-03 13:41 - 2015-11-03 13:41 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MyPhoneExplorer
2015-11-03 13:41 - 2015-11-03 13:41 - 00000000 ____D C:\Program Files (x86)\MyPhoneExplorer
2015-11-03 13:39 - 2015-11-03 13:39 - 01466656 _____ C:\Users\Ulla & Christian\Downloads\MyPhoneExplorer - CHIP-Installer(1).exe
2015-11-03 13:37 - 2015-11-03 13:38 - 01466656 _____ C:\Users\Ulla & Christian\Downloads\MyPhoneExplorer - CHIP-Installer.exe
2015-11-02 11:28 - 2015-11-02 11:28 - 00000383 _____ C:\ftconfig.ini
2015-11-01 22:19 - 2015-11-29 21:33 - 00392270 _____ C:\Users\Ulla & Christian\Downloads\10984200_908781199162434_4585968420000991718_o.jpg.vvv
==================== Ein Monat: Geänderte Dateien und Ordner ========
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)
2015-12-01 00:11 - 2014-11-27 07:27 - 00000000 ____D C:\Users\Ulla & Christian
2015-11-30 23:59 - 2013-09-12 20:04 - 00000884 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2015-11-30 23:51 - 2014-09-24 07:17 - 01989598 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2015-11-30 23:51 - 2014-09-24 06:43 - 00844836 _____ C:\WINDOWS\system32\perfh007.dat
2015-11-30 23:51 - 2014-09-24 06:43 - 00192568 _____ C:\WINDOWS\system32\perfc007.dat
2015-11-30 23:51 - 2013-08-22 14:36 - 00000000 ____D C:\WINDOWS\Inf
2015-11-30 23:45 - 2014-11-27 07:21 - 00000000 ____D C:\ProgramData\NVIDIA
2015-11-30 23:45 - 2013-08-22 16:36 - 00000000 ____D C:\WINDOWS\ADFS
2015-11-30 23:45 - 2013-08-22 15:45 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2015-11-30 23:45 - 2013-08-22 15:44 - 00505968 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2015-11-30 23:44 - 2013-08-22 14:25 - 00262144 ___SH C:\WINDOWS\system32\config\BBI
2015-11-30 23:06 - 2013-08-22 14:36 - 00000000 ____D C:\Windows
2015-11-30 13:55 - 2014-11-27 07:18 - 00000000 ___DC C:\WINDOWS\Panther
2015-11-30 13:14 - 2013-06-16 20:58 - 00003596 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3876800203-89553269-3656360523-1001
2015-11-29 21:46 - 2013-08-22 16:36 - 00000000 ____D C:\WINDOWS\tracing
2015-11-29 21:46 - 2013-08-22 16:36 - 00000000 ____D C:\WINDOWS\SysWOW64\FxsTmp
2015-11-29 21:45 - 2014-08-31 18:37 - 00000000 ___RD C:\Users\Ulla & Christian\SkyDrive
2015-11-29 21:45 - 2013-06-16 20:51 - 00000000 ____D C:\Users\Ulla & Christian\AppData\Local\VirtualStore
2015-11-29 21:34 - 2015-09-03 14:21 - 00000000 ____D C:\Users\Ulla & Christian\Neuer Ordner (2)
2015-11-29 21:34 - 2015-04-04 14:47 - 00000000 ____D C:\Users\Ulla & Christian\Neuer Ordner
2015-11-29 21:34 - 2013-10-05 10:52 - 00000000 ___RD C:\Users\Ulla & Christian\Dropbox
2015-11-29 21:34 - 2013-06-25 13:22 - 00000000 ____D C:\Users\Ulla & Christian\Mozilla Thunderbird
2015-11-29 21:33 - 2015-10-28 22:39 - 00113870 _____ C:\Users\Ulla & Christian\Downloads\ZIAUFEIN_gquatybzpgcfmcaexqtkhxyk6abcs.pdf.vvv
2015-11-29 21:33 - 2015-10-28 22:31 - 00020558 _____ C:\Users\Ulla & Christian\Downloads\_14576829_KuendigungsbestaetigungneuerLieferant_20151027_408d6e5b9a03c91b25785313609ad7d0.pdf.vvv
2015-11-29 21:33 - 2015-10-28 22:24 - 00021150 _____ C:\Users\Ulla & Christian\Downloads\_122679474_KuendigungsbestaetigungneuerLieferant_20151027_16f7742108956c86b068dca1a61d62c6.pdf.vvv
2015-11-29 21:33 - 2015-10-28 22:20 - 00566430 _____ C:\Users\Ulla & Christian\Downloads\005056881A0F1EE59F995BDDE2AF0EF0.pdf.vvv
2015-11-29 21:33 - 2015-10-25 12:55 - 01781646 _____ C:\Users\Ulla & Christian\Downloads\Ahnenblatt-Handbuch.pdf.vvv
2015-11-29 21:33 - 2015-09-28 21:21 - 00451534 _____ C:\Users\Ulla & Christian\Downloads\320.pdf.vvv
2015-11-29 21:33 - 2015-09-20 20:07 - 00313454 _____ C:\Users\Ulla & Christian\Downloads\_14576829_Preisinformation_20150908_005df263fe16be59a1e07e1fd8a76672.pdf.vvv
2015-11-29 21:33 - 2015-09-13 12:54 - 00122526 _____ C:\Users\Ulla & Christian\Downloads\2390_499_1.PDF.vvv
2015-11-29 21:33 - 2015-09-13 12:32 - 00114462 _____ C:\Users\Ulla & Christian\Downloads\2390_493_1.PDF.vvv
2015-11-29 21:33 - 2015-08-15 23:11 - 00000000 ____D C:\Users\Ulla & Christian\Downloads\Lacey
2015-11-29 21:33 - 2015-08-15 22:19 - 09891454 _____ C:\Users\Ulla & Christian\Downloads\freemusicdownloader_1-59.zip.vvv
2015-11-29 21:33 - 2015-05-17 20:41 - 00030910 _____ C:\Users\Ulla & Christian\Downloads\RS9823838721(1).pdf.vvv
2015-11-29 21:33 - 2015-05-17 20:38 - 00030910 _____ C:\Users\Ulla & Christian\Downloads\RS9823838721.pdf.vvv
2015-11-29 21:33 - 2015-04-11 15:42 - 00178222 _____ C:\Users\Ulla & Christian\Downloads\rlmpdf.pdf.vvv
2015-11-29 21:33 - 2015-03-06 20:40 - 00984990 _____ C:\Users\Ulla & Christian\Downloads\Bedarfsfeldbroschuere_Vermoegen_anlegen_VR.pdf.vvv
2015-11-29 21:33 - 2015-01-09 23:24 - 01414318 _____ C:\Users\Ulla & Christian\Downloads\Syno_QIG_2bay2_deu.pdf.vvv
2015-11-29 21:33 - 2014-12-26 20:27 - 30247390 _____ C:\Users\Ulla & Christian\Downloads\TL-WN851ND_V1_110114.zip.vvv
2015-11-29 21:33 - 2014-12-26 20:27 - 11537854 _____ C:\Users\Ulla & Christian\Downloads\TL-WN851ND_V1_Utility99.zip.vvv
2015-11-29 21:33 - 2014-12-26 20:26 - 21632238 _____ C:\Users\Ulla & Christian\Downloads\TL-WN851ND_v1_110825.zip.vvv
2015-11-29 21:33 - 2014-12-21 14:12 - 00027790 _____ C:\Users\Ulla & Christian\Downloads\RX_141221_Bestellbestaetigung_VID616_1412.pdf.vvv
2015-11-29 21:33 - 2014-11-23 21:39 - 00039278 _____ C:\Users\Ulla & Christian\Downloads\_14576829_Lieferbestaetigung_20141121_df4db33247be1b6428d8ec0eb7955911.pdf.vvv
2015-11-29 21:33 - 2014-10-25 22:41 - 00000000 ____D C:\Users\Ulla & Christian\Downloads\Gameforge Live
2015-11-29 21:33 - 2014-08-03 12:06 - 00225342 _____ C:\Users\Ulla & Christian\Downloads\testresultate_farbspruehgeraete.pdf.vvv
2015-11-29 21:33 - 2014-07-28 19:47 - 00916606 _____ C:\Users\Ulla & Christian\Downloads\flexibrass.pdf.vvv
2015-11-29 21:33 - 2014-05-27 19:08 - 00342942 _____ C:\Users\Ulla & Christian\Downloads\IMM1294E.PDF.vvv
2015-11-29 21:33 - 2014-05-27 18:54 - 01053998 _____ C:\Users\Ulla & Christian\Downloads\custodian-parent(1).pdf.vvv
2015-11-29 21:33 - 2014-05-10 14:46 - 00239358 _____ C:\Users\Ulla & Christian\Downloads\document.pdf.vvv
2015-11-29 21:33 - 2014-05-04 12:08 - 01053998 _____ C:\Users\Ulla & Christian\Downloads\custodian-parent.pdf.vvv
2015-11-29 21:33 - 2014-02-13 22:20 - 00078174 _____ C:\Users\Ulla & Christian\Downloads\identificationAstIdent.PDF.vvv
2015-11-29 21:33 - 2013-12-21 20:55 - 00001150 _____ C:\Users\Ulla & Christian\Downloads\umsatz-5232________0800-20131221.csv.vvv
2015-11-29 21:33 - 2013-12-01 19:02 - 00000000 ____D C:\Users\Ulla & Christian\Documents\SelfMV
2015-11-29 21:33 - 2013-10-05 20:18 - 00000000 ____D C:\Users\Ulla & Christian\Documents\Turbo Lister
2015-11-29 21:33 - 2013-07-25 15:22 - 00000000 ___RD C:\Users\Ulla & Christian\Documents\Scanned Documents
2015-11-29 21:33 - 2013-07-12 21:07 - 00509358 _____ C:\Users\Ulla & Christian\Downloads\15875_1373659579.pdf.vvv
2015-11-29 21:33 - 2013-07-12 21:05 - 00103934 _____ C:\Users\Ulla & Christian\Downloads\versicherungsbedingungen_indiv_praktikum.pdf.vvv
2015-11-29 21:33 - 2013-07-03 22:32 - 00000000 ____D C:\Users\Ulla & Christian\Documents\Volition
2015-11-29 21:33 - 2013-06-30 13:26 - 00000000 ____D C:\Users\Ulla & Christian\Documents\Turbo Lister Backup
2015-11-29 21:33 - 2013-06-23 12:08 - 00000000 ____D C:\Users\Ulla & Christian\Documents\WISO Mein Geld
2015-11-29 21:33 - 2013-06-17 21:43 - 00000000 ____D C:\Users\Ulla & Christian\Documents\samsung
2015-11-29 21:26 - 2014-11-17 00:01 - 00000000 ____D C:\Users\Ulla & Christian\AppData\Roaming\WorldofTanks
2015-11-29 21:26 - 2014-08-17 16:22 - 00000000 ____D C:\Users\Ulla & Christian\AppData\Roaming\Skype
2015-11-29 21:26 - 2013-09-25 20:16 - 00000000 ____D C:\Users\Ulla & Christian\Documents\My Games
2015-11-29 21:26 - 2013-07-25 15:22 - 00000000 ____D C:\Users\Ulla & Christian\Documents\Fax
2015-11-29 21:26 - 2013-07-25 12:37 - 00000000 ____D C:\Users\Ulla & Christian\Documents\Amazon MP3
2015-11-29 21:26 - 2013-07-05 20:19 - 00000000 ____D C:\Users\Ulla & Christian\AppData\Roaming\vlc
2015-11-29 21:26 - 2013-07-05 20:11 - 00000000 ____D C:\Users\Ulla & Christian\AppData\Roaming\WebApp
2015-11-29 21:26 - 2013-07-05 20:06 - 00000000 ____D C:\Users\Ulla & Christian\Documents\CyberLink
2015-11-29 21:26 - 2013-07-02 22:05 - 00000000 ____D C:\Users\Ulla & Christian\Documents\default
2015-11-29 21:26 - 2013-06-23 21:54 - 00000000 ____D C:\Users\Ulla & Christian\AppData\Roaming\Thunderbird
2015-11-29 21:26 - 2013-06-22 08:01 - 00000000 ____D C:\Users\Ulla & Christian\AppData\Roaming\Wargaming.net
2015-11-29 21:26 - 2013-06-21 22:14 - 00000000 ____D C:\Users\Ulla & Christian\Bilder
2015-11-29 21:26 - 2013-06-18 01:05 - 00000000 ____D C:\Users\Ulla & Christian\AppData\Roaming\WinBatch
2015-11-29 21:26 - 2013-06-17 13:03 - 00000000 ____D C:\Users\Ulla & Christian\Documents\Ahnenblatt
2015-11-29 21:26 - 2013-06-16 20:50 - 00000000 ___HD C:\Users\Ulla & Christian\Documents\hp.system.package.metadata
2015-11-29 21:26 - 2013-06-16 20:50 - 00000000 ___HD C:\Users\Ulla & Christian\Documents\hp.applications.package.appdata
2015-11-29 21:25 - 2015-10-25 13:02 - 00000000 ____D C:\Users\Ulla & Christian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Ahnenblatt
2015-11-29 21:25 - 2015-05-17 15:43 - 00000000 ____D C:\Users\Ulla & Christian\AppData\LocalLow\Hewlett-Packard
2015-11-29 21:25 - 2015-05-17 15:42 - 00000000 ____D C:\Users\Ulla & Christian\AppData\Roaming\HpUpdate
2015-11-29 21:25 - 2014-12-25 23:08 - 00000000 ____D C:\Users\Ulla & Christian\AppData\Roaming\java
2015-11-29 21:25 - 2014-12-25 23:08 - 00000000 ____D C:\Users\Ulla & Christian\AppData\Roaming\.minecraft
2015-11-29 21:25 - 2014-12-24 22:48 - 00000000 __SHD C:\Users\Ulla & Christian\AppData\LocalLow\EmieSiteList
2015-11-29 21:25 - 2014-12-13 11:06 - 00000000 ____D C:\Users\Ulla & Christian\AppData\Roaming\hpqLog
2015-11-29 21:25 - 2014-11-20 09:32 - 00000000 ____D C:\Users\Ulla & Christian\AppData\Roaming\Iminent
2015-11-29 21:25 - 2014-11-17 00:03 - 00000000 ____D C:\Users\Ulla & Christian\AppData\Roaming\Opera Software
2015-11-29 21:25 - 2014-11-17 00:01 - 00000000 ____D C:\Users\Ulla & Christian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WorldofTanks
2015-11-29 21:25 - 2014-11-17 00:01 - 00000000 ____D C:\Users\Ulla & Christian\AppData\Local\WorldofTanks
2015-11-29 21:25 - 2014-09-24 19:55 - 00000000 ____D C:\Users\Ulla & Christian\AppData\LocalLow\Temp
2015-11-29 21:25 - 2014-08-17 16:22 - 00000000 ____D C:\Users\Ulla & Christian\AppData\Local\Skype
2015-11-29 21:25 - 2014-02-02 11:21 - 00000000 ____D C:\Users\Ulla & Christian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google+ Auto Backup
2015-11-29 21:25 - 2013-12-22 18:24 - 00000000 ____D C:\Users\Ulla & Christian\AppData\LocalLow\Sun
2015-11-29 21:25 - 2013-10-05 20:51 - 00000000 ____D C:\Users\Ulla & Christian\AppData\Roaming\ArcSoft
2015-11-29 21:25 - 2013-10-05 10:49 - 00000000 ____D C:\Users\Ulla & Christian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2015-11-29 21:25 - 2013-10-05 10:48 - 00000000 ____D C:\Users\Ulla & Christian\AppData\Roaming\Dropbox
2015-11-29 21:25 - 2013-09-25 20:16 - 00000000 ____D C:\Users\Ulla & Christian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WarThunder
2015-11-29 21:25 - 2013-09-25 20:16 - 00000000 ____D C:\Users\Ulla & Christian\AppData\Local\WarThunder
2015-11-29 21:25 - 2013-09-01 20:00 - 00000000 ____D C:\Users\Ulla & Christian\AppData\Roaming\Leadertech
2015-11-29 21:25 - 2013-08-27 20:03 - 00000000 ____D C:\Users\Ulla & Christian\AppData\Roaming\ICAClient
2015-11-29 21:25 - 2013-08-26 19:55 - 00000000 ____D C:\Users\Ulla & Christian\AppData\Local\Sophos
2015-11-29 21:25 - 2013-08-26 19:50 - 00000000 ____D C:\Users\Ulla & Christian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Sophos
2015-11-29 21:25 - 2013-08-09 18:00 - 00000000 ____D C:\Users\Ulla & Christian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\GameShadow
2015-11-29 21:25 - 2013-08-07 20:57 - 00000000 __RHD C:\Users\Ulla & Christian\AppData\Roaming\SecuROM
2015-11-29 21:25 - 2013-07-25 12:37 - 00000000 ____D C:\Users\Ulla & Christian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Amazon
2015-11-29 21:25 - 2013-07-25 12:37 - 00000000 ____D C:\Users\Ulla & Christian\AppData\Roaming\Amazon
2015-11-29 21:25 - 2013-07-25 12:37 - 00000000 ____D C:\Users\Ulla & Christian\AppData\Local\Program Files
2015-11-29 21:25 - 2013-07-10 21:30 - 00000000 ____D C:\Users\Ulla & Christian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\LaserSoft Imaging
2015-11-29 21:25 - 2013-07-10 21:27 - 00000000 ____D C:\Users\Ulla & Christian\AppData\Roaming\Lasersoft Imaging
2015-11-29 21:25 - 2013-07-05 20:39 - 00000000 ____D C:\Users\Ulla & Christian\AppData\Roaming\Media Player Classic
2015-11-29 21:25 - 2013-07-05 20:36 - 00000462 _____ C:\Users\Ulla & Christian\AppData\Roaming\AVSDVDPlayer.m3u.vvv
2015-11-29 21:25 - 2013-07-05 20:34 - 00000000 ____D C:\Users\Ulla & Christian\AppData\Roaming\dvdcss
2015-11-29 21:25 - 2013-07-05 20:13 - 00000000 ____D C:\Users\Ulla & Christian\AppData\Local\Windows Live
2015-11-29 21:25 - 2013-07-05 20:06 - 00000000 ____D C:\Users\Ulla & Christian\AppData\Roaming\CyberLink
2015-11-29 21:25 - 2013-07-05 19:55 - 00000000 ____D C:\Users\Ulla & Christian\AppData\Roaming\Mozilla
2015-11-29 21:25 - 2013-07-03 22:40 - 00000000 ____D C:\Users\Ulla & Christian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Wing Commander Saga
2015-11-29 21:25 - 2013-07-03 22:24 - 00000000 ____D C:\Users\Ulla & Christian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Spiele
2015-11-29 21:25 - 2013-07-02 22:15 - 00000000 ____D C:\Users\Ulla & Christian\AppData\Roaming\AVS4YOU
2015-11-29 21:25 - 2013-07-02 22:01 - 00000000 ____D C:\Users\Ulla & Christian\AppData\Roaming\Ashampoo
2015-11-29 21:25 - 2013-07-02 13:12 - 00000000 ____D C:\Users\Ulla & Christian\AppData\LocalLow\UtilityChest_49EI
2015-11-29 21:25 - 2013-07-02 06:37 - 00000000 ____D C:\Users\Ulla & Christian\AppData\Roaming\Canon
2015-11-29 21:25 - 2013-07-01 22:08 - 00000000 ____D C:\Users\Ulla & Christian\AppData\LocalLow\Adobe
2015-11-29 21:25 - 2013-06-23 21:54 - 00000000 ____D C:\Users\Ulla & Christian\AppData\Local\Thunderbird
2015-11-29 21:25 - 2013-06-23 20:27 - 00000000 ____D C:\Users\Ulla & Christian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AVS4YOU
2015-11-29 21:25 - 2013-06-23 18:02 - 00000000 ____D C:\Users\Ulla & Christian\AppData\Roaming\Avira
2015-11-29 21:25 - 2013-06-23 17:55 - 00000000 ____D C:\Users\Ulla & Christian\AppData\Roaming\Canneverbe Limited
2015-11-29 21:25 - 2013-06-23 12:08 - 00000000 ____D C:\Users\Ulla & Christian\AppData\Roaming\Buhl Data Service GmbH
2015-11-29 21:25 - 2013-06-23 12:08 - 00000000 ____D C:\Users\Ulla & Christian\AppData\Roaming\Buhl Data Service
2015-11-29 21:25 - 2013-06-19 21:22 - 00000000 ____D C:\Users\Ulla & Christian\AppData\Roaming\NVIDIA
2015-11-29 21:25 - 2013-06-18 13:18 - 00000000 ____D C:\Users\Ulla & Christian\AppData\Roaming\Microsoft Web Folders
2015-11-29 21:25 - 2013-06-17 21:54 - 00000000 ____D C:\Users\Ulla & Christian\AppData\Roaming\MediaMonkey
2015-11-29 21:25 - 2013-06-17 21:47 - 00000000 ____D C:\Users\Ulla & Christian\AppData\Roaming\igdhbblpcellaljokkpfhcjlagemhgjl
2015-11-29 21:25 - 2013-06-17 21:46 - 00000000 ____D C:\Users\Ulla & Christian\AppData\Roaming\Opera
2015-11-29 21:25 - 2013-06-17 21:46 - 00000000 ____D C:\Users\Ulla & Christian\AppData\Roaming\OCS
2015-11-29 21:25 - 2013-06-17 21:43 - 00000000 ____D C:\Users\Ulla & Christian\AppData\Roaming\Samsung
2015-11-29 21:25 - 2013-06-17 21:43 - 00000000 ____D C:\Users\Ulla & Christian\AppData\Local\Samsung
2015-11-29 21:25 - 2013-06-17 13:02 - 00000000 ____D C:\Users\Ulla & Christian\AppData\Roaming\Ahnenblatt
2015-11-29 21:25 - 2013-06-16 21:38 - 00000000 ____D C:\Users\Ulla & Christian\AppData\Roaming\Macromedia
2015-11-29 21:25 - 2013-06-16 20:53 - 00000000 ____D C:\Users\Ulla & Christian\AppData\Roaming\Adobe
2015-11-29 21:25 - 2013-06-16 20:51 - 00000000 ____D C:\Users\Ulla & Christian\AppData\Roaming\Hewlett-Packard
2015-11-29 21:25 - 2013-06-16 20:51 - 00000000 ____D C:\Users\Ulla & Christian\AppData\Local\Power2Go8
2015-11-29 21:25 - 2013-06-16 20:51 - 00000000 ____D C:\Users\Ulla & Christian\AppData\Local\Packages
2015-11-29 21:24 - 2014-11-17 00:03 - 00000000 ____D C:\Users\Ulla & Christian\AppData\Local\Opera Software
2015-11-29 21:24 - 2013-06-21 20:57 - 00000000 ____D C:\Users\Ulla & Christian\AppData\Local\Microsoft Help
2015-11-29 21:24 - 2013-06-17 22:31 - 00000000 ____D C:\Users\Ulla & Christian\AppData\Local\Mozilla
2015-11-29 21:23 - 2015-06-09 21:46 - 00000000 ____D C:\Users\Ulla & Christian\AppData\Local\GWX
2015-11-29 21:23 - 2015-05-17 15:43 - 00000000 ____D C:\ProgramData\Visan
2015-11-29 21:23 - 2015-01-10 22:40 - 00000000 ____D C:\ProgramData\Synology
2015-11-29 21:23 - 2014-11-27 07:20 - 00000000 ____D C:\ProgramData\NVIDIA Corporation
2015-11-29 21:23 - 2014-11-17 00:04 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
2015-11-29 21:23 - 2014-08-31 18:37 - 00000000 ____D C:\ProgramData\Microsoft OneDrive
2015-11-29 21:23 - 2014-08-17 16:22 - 00000000 ____D C:\ProgramData\Skype
2015-11-29 21:23 - 2013-12-22 18:26 - 00000000 ____D C:\ProgramData\Sun
2015-11-29 21:23 - 2013-12-22 18:26 - 00000000 ____D C:\ProgramData\Oracle
2015-11-29 21:23 - 2013-11-14 20:02 - 00000000 ____D C:\Users\Public\Documents\CrashDump
2015-11-29 21:23 - 2013-11-10 17:07 - 00000000 ____D C:\ProgramData\tmp
2015-11-29 21:23 - 2013-10-03 19:03 - 00000000 ____D C:\Users\Ulla & Christian\2013_10_03
2015-11-29 21:23 - 2013-09-25 20:16 - 00000000 ____D C:\ProgramData\WarThunder
2015-11-29 21:23 - 2013-09-25 20:13 - 00000000 ____D C:\Users\Ulla & Christian\AppData\Local\Gameforge4d
2015-11-29 21:23 - 2013-09-01 20:05 - 00000000 ____D C:\Users\Ulla & Christian\AppData\Local\Logitech® Webcam-Software
2015-11-29 21:23 - 2013-08-27 20:03 - 00000000 ____D C:\Users\Ulla & Christian\AppData\Local\Citrix
2015-11-29 21:23 - 2013-08-22 16:36 - 00000000 __RHD C:\Users\Public\Libraries
2015-11-29 21:23 - 2013-07-12 20:34 - 00000000 ____D C:\Users\Ulla & Christian\AppData\Local\Apps\2.0
2015-11-29 21:23 - 2013-07-05 20:06 - 00000000 ____D C:\Users\Public\CyberLink
2015-11-29 21:23 - 2013-07-04 20:16 - 00000000 ____D C:\Users\Ulla & Christian\AppData\Local\Logitech
2015-11-29 21:23 - 2013-07-03 22:25 - 00000000 ____D C:\Users\Ulla & Christian\AppData\Local\DFH
2015-11-29 21:23 - 2013-07-03 22:25 - 00000000 ____D C:\Users\Public\Documents\Softwrap
2015-11-29 21:23 - 2013-07-02 22:00 - 00000000 ____D C:\Users\Ulla & Christian\AppData\Local\ashampoo
2015-11-29 21:23 - 2013-07-02 06:30 - 00000000 ____D C:\Users\Ulla & Christian\AppData\Local\HP
2015-11-29 21:23 - 2013-06-30 15:28 - 00000000 ____D C:\Users\Ulla & Christian\AppData\Local\HP Quick Start
2015-11-29 21:23 - 2013-06-23 18:11 - 00000000 ____D C:\Users\Ulla & Christian\AppData\Local\ArcSoft
2015-11-29 21:23 - 2013-06-23 12:08 - 00000000 ____D C:\Users\Ulla & Christian\AppData\Local\Buhl Data Service
2015-11-29 21:23 - 2013-06-23 11:54 - 00000000 ____D C:\Users\Ulla & Christian\AppData\Local\Macromedia
2015-11-29 21:23 - 2013-06-17 22:27 - 00000000 ____D C:\ProgramData\Mozilla
2015-11-29 21:23 - 2013-06-17 21:59 - 00000000 ____D C:\Users\Ulla & Christian\AppData\Local\Google
2015-11-29 21:23 - 2013-06-17 21:54 - 00000000 ____D C:\Users\Ulla & Christian\AppData\Local\MediaMonkey
2015-11-29 21:23 - 2013-06-17 21:43 - 00000000 ____D C:\Users\Public\Documents\NativeFus_Log
2015-11-29 21:23 - 2013-06-17 21:33 - 00000000 ____D C:\ProgramData\Samsung
2015-11-29 21:23 - 2013-06-17 21:31 - 00000000 ____D C:\Users\Ulla & Christian\AppData\Local\Downloaded Installations
2015-11-29 21:23 - 2013-06-17 21:30 - 00000000 ____D C:\Users\Ulla & Christian\AppData\Local\Adobe
2015-11-29 21:23 - 2013-06-16 21:18 - 00000000 ____D C:\Users\Ulla & Christian\AppData\Local\Hewlett-Packard
2015-11-29 21:23 - 2013-06-16 20:44 - 00000000 __RHD C:\Users\Public\AccountPictures
2015-11-29 21:23 - 2013-01-12 06:38 - 00000000 ____D C:\Users\Public\Symantec
2015-11-29 21:23 - 2013-01-12 06:38 - 00000000 ____D C:\ProgramData\Norton
2015-11-29 21:23 - 2013-01-12 06:37 - 00000000 ____D C:\ProgramData\NortonInstaller
2015-11-29 21:23 - 2013-01-12 06:36 - 00000000 ____D C:\ProgramData\Microsoft SkyDrive
2015-11-29 21:23 - 2013-01-12 06:23 - 00000000 ____D C:\ProgramData\Temp
2015-11-29 21:23 - 2013-01-12 06:14 - 00000000 ____D C:\ProgramData\SoundResearch
2015-11-29 21:23 - 2012-08-10 16:06 - 00000000 ____D C:\ProgramData\PRICache
2015-11-29 21:23 - 2010-01-25 22:35 - 00000000 ___DC C:\ProgramData\Mozilla Thunderbird
2015-11-29 21:22 - 2015-05-17 15:43 - 00000000 ____D C:\ProgramData\HP Photo Creations
2015-11-29 21:22 - 2015-05-17 15:41 - 00000000 ____D C:\ProgramData\HP
2015-11-29 21:22 - 2014-12-20 16:57 - 00000000 ____D C:\ProgramData\McAfee Security Scan
2015-11-29 21:22 - 2014-11-20 09:32 - 00000000 ____D C:\ProgramData\Iminent
2015-11-29 21:22 - 2013-11-26 07:45 - 00000000 ____D C:\ProgramData\McAfee
2015-11-29 21:22 - 2013-11-10 17:07 - 00000000 ____D C:\ProgramData\hps
2015-11-29 21:22 - 2013-09-01 21:25 - 00000000 ____D C:\ProgramData\FLEXnet
2015-11-29 21:22 - 2013-09-01 20:00 - 00000000 ____D C:\ProgramData\LogiShrd
2015-11-29 21:22 - 2013-07-03 22:32 - 00000000 ____D C:\ProgramData\InstallMate
2015-11-29 21:22 - 2013-06-23 18:07 - 00000000 ____D C:\ProgramData\eBay
2015-11-29 21:22 - 2013-06-21 22:16 - 00000000 ____D C:\ProgramData\MediaMonkey
2015-11-29 21:22 - 2013-01-12 06:25 - 00000000 ____D C:\ProgramData\install_clap
2015-11-29 21:22 - 2013-01-12 06:19 - 00000000 ____D C:\ProgramData\Hewlett-Packard
2015-11-29 21:21 - 2015-01-10 19:07 - 00000000 ___HD C:\ProgramData\CanonIJEGV
2015-11-29 21:21 - 2014-11-27 08:00 - 00000000 ____D C:\ProgramData\AmUStor
2015-11-29 21:21 - 2013-08-27 20:03 - 00000000 ____D C:\ProgramData\Citrix
2015-11-29 21:21 - 2013-07-02 22:20 - 00000000 ____D C:\ProgramData\AomeiBR
2015-11-29 21:21 - 2013-07-02 22:00 - 00000000 ____D C:\ProgramData\Ashampoo
2015-11-29 21:21 - 2013-07-02 06:37 - 00000000 ___HD C:\ProgramData\CanonIJScan
2015-11-29 21:21 - 2013-07-01 20:47 - 00000000 ____D C:\ProgramData\Adobe
2015-11-29 21:21 - 2013-06-23 20:30 - 00000000 ____D C:\ProgramData\AVS4YOU
2015-11-29 21:21 - 2013-06-23 18:11 - 00000000 ____D C:\ProgramData\ArcSoft
2015-11-29 21:21 - 2013-06-23 17:57 - 00000000 ____D C:\ProgramData\Avira
2015-11-29 21:21 - 2013-06-23 17:55 - 00000000 ____D C:\ProgramData\Canneverbe Limited
2015-11-29 21:21 - 2013-06-23 11:35 - 00000000 ____D C:\ProgramData\Buhl Data Service GmbH
2015-11-29 21:21 - 2013-01-12 06:26 - 00000000 ____D C:\ProgramData\CyberLink
2015-11-29 21:21 - 2013-01-12 06:26 - 00000000 ____D C:\ProgramData\Apple
2015-11-29 21:18 - 2012-10-12 04:21 - 00000000 _RSHD C:\SYSTEM.SAV
2015-11-29 21:17 - 2013-07-01 23:00 - 00000000 ____D C:\Program Files (x86)l
2015-11-29 21:17 - 2013-06-18 21:29 - 00000000 ____D C:\sources
2015-11-29 21:17 - 2012-10-12 04:24 - 00000000 ____D C:\SWSETUP
2015-11-29 21:16 - 2014-07-03 20:43 - 00000000 ____D C:\My Music
2015-11-29 21:16 - 2013-01-07 12:12 - 00000000 _RSHD C:\hp
2015-11-28 23:24 - 2012-07-26 08:59 - 00000000 ____D C:\WINDOWS\CbsTemp
2015-11-23 06:45 - 2013-08-22 16:36 - 00000000 ____D C:\WINDOWS\AppReadiness
2015-11-18 20:56 - 2015-10-06 19:48 - 00001048 _____ C:\Users\Jan\Desktop\nativelog.txt
2015-11-18 20:56 - 2015-10-03 14:43 - 00000000 ____D C:\Users\Jan\AppData\Roaming\.minecraft
2015-11-18 20:30 - 2015-10-01 13:15 - 00003594 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3876800203-89553269-3656360523-1003
2015-11-18 20:25 - 2013-08-22 16:36 - 00000000 ___HD C:\Program Files\WindowsApps
2015-11-16 23:50 - 2013-08-22 16:36 - 00000000 ____D C:\WINDOWS\Registration
2015-11-15 17:06 - 2014-12-20 16:57 - 00001959 _____ C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk
2015-11-13 22:18 - 2013-08-22 16:36 - 00000000 ____D C:\WINDOWS\rescache
2015-11-12 23:13 - 2013-08-22 16:36 - 00000000 ___RD C:\WINDOWS\ToastData
2015-11-12 21:39 - 2013-06-21 20:57 - 00000000 ____D C:\ProgramData\Microsoft Help
2015-11-12 21:34 - 2013-08-27 20:47 - 00000000 ____D C:\WINDOWS\system32\MRT
2015-11-12 21:29 - 2013-06-17 22:17 - 145617392 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2015-11-10 23:24 - 2015-05-07 21:02 - 00002274 _____ C:\Users\Public\Desktop\Avira Antivirus.lnk
2015-11-10 21:59 - 2014-11-29 17:24 - 00003772 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2015-11-08 13:16 - 2015-03-08 14:44 - 00000000 ____D C:\WINDOWS\Minidump
2015-11-08 10:34 - 2015-04-23 12:23 - 00000000 ___RD C:\Users\Ulla & Christian\Desktop\Spiele
2015-11-07 22:39 - 2013-06-17 22:31 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2015-11-07 18:16 - 2013-06-21 23:19 - 00000000 ____D C:\Program Files (x86)\Spiele
2015-11-03 01:23 - 2014-12-13 10:44 - 00810488 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2015-11-03 01:23 - 2014-12-13 10:44 - 00176632 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
==================== Dateien im Wurzelverzeichnis einiger Verzeichnisse =======
2013-06-23 18:04 - 2006-07-18 08:49 - 0587249 _____ (MAGIX AG) C:\Program Files (x86)\addoninstall.exe
2013-06-23 18:04 - 2002-02-13 07:00 - 0022016 _____ (Borland Software Corporation) C:\Program Files (x86)\borlndmm.dll
2013-06-23 18:04 - 2003-03-17 05:04 - 1500160 _____ (Borland Corporation) C:\Program Files (x86)\cc3260mt.dll
2013-06-23 18:04 - 2006-06-28 08:32 - 0004694 _____ () C:\Program Files (x86)\e-mode-upgradedialog.rtf
2013-06-23 18:04 - 2006-06-28 08:32 - 0004716 _____ () C:\Program Files (x86)\e-mode-upgradedlg-exit.rtf
2013-06-23 18:04 - 2013-06-23 18:04 - 0002885 _____ () C:\Program Files (x86)\e-mode.ini
2013-06-23 18:04 - 2006-06-28 09:55 - 0315392 _____ (MAGIX AG) C:\Program Files (x86)\eModeUpgradeDlg.dll
2013-06-23 18:04 - 2003-02-12 10:20 - 0028672 _____ () C:\Program Files (x86)\explore.exe
2013-06-23 18:04 - 2006-07-26 15:46 - 2442752 _____ (MAGIX) C:\Program Files (x86)\FotoClinic.exe
2013-06-23 18:04 - 2013-06-23 18:04 - 0000707 _____ () C:\Program Files (x86)\FotoClinic.ini
2013-06-23 18:04 - 2013-06-23 18:04 - 0001138 _____ () C:\Program Files (x86)\Install.cfg
2013-06-23 18:04 - 2013-06-23 18:04 - 0040289 _____ () C:\Program Files (x86)\INSTALL.LOG
2013-06-23 18:04 - 2013-06-23 18:04 - 0006564 _____ () C:\Program Files (x86)\INSTALL1.LOG
2013-06-23 18:04 - 2006-07-17 09:58 - 0184320 _____ (MAGIX AG) C:\Program Files (x86)\instslct.exe
2013-06-23 18:04 - 2006-07-26 15:29 - 0100352 _____ () C:\Program Files (x86)\libpng.dll
2013-06-23 18:04 - 2005-06-16 08:43 - 0008980 _____ () C:\Program Files (x86)\license.txt
2013-06-23 18:04 - 2005-08-08 14:51 - 0786305 _____ () C:\Program Files (x86)\MAGIX Creation Logo.pdf
2013-06-23 18:04 - 2004-04-15 14:48 - 0032768 _____ () C:\Program Files (x86)\MagixUpdater.exe
2013-06-23 18:04 - 2006-04-25 09:27 - 0014810 _____ () C:\Program Files (x86)\order.rtf
2013-06-23 18:04 - 2005-03-04 17:51 - 0005509 _____ () C:\Program Files (x86)\pa.cnt
2013-06-23 18:04 - 2005-03-04 17:51 - 0361656 _____ () C:\Program Files (x86)\pa.hlp
2013-06-23 18:04 - 2006-07-26 15:46 - 0055296 _____ () C:\Program Files (x86)\palng.dll
2013-06-23 18:04 - 2006-07-26 15:45 - 0240128 _____ () C:\Program Files (x86)\pcomponents.bpl
2013-06-23 18:04 - 2006-07-26 15:29 - 0018432 _____ () C:\Program Files (x86)\ps8bf.dll
2013-06-23 18:04 - 2013-06-23 18:04 - 0002757 _____ () C:\Program Files (x86)\register.rtf
2013-06-23 18:04 - 1999-12-10 12:00 - 0431376 _____ (Microsoft Corporation) C:\Program Files (x86)\riched20.dll
2013-06-23 18:04 - 2003-03-17 05:04 - 0685056 _____ (Borland Software Corporation) C:\Program Files (x86)\rtl60.bpl
2013-06-23 18:04 - 2003-03-17 05:04 - 0618496 _____ () C:\Program Files (x86)\stlpmt45.dll
2013-06-23 18:04 - 2005-11-02 14:34 - 0016460 _____ () C:\Program Files (x86)\support.rtf
2013-06-23 18:04 - 2006-07-17 12:30 - 0129024 _____ () C:\Program Files (x86)\uninstall.exe
2013-06-23 18:04 - 2002-02-18 10:06 - 0006034 _____ () C:\Program Files (x86)\uninstall.ini
2013-06-23 18:04 - 2006-07-17 10:09 - 0081920 _____ (MAGIX AG) C:\Program Files (x86)\unwise.adf
2013-06-23 18:04 - 2006-07-17 10:10 - 0176128 _____ (MAGIX AG) C:\Program Files (x86)\unwise.exe
2013-06-23 18:04 - 2013-06-23 18:04 - 0000723 _____ () C:\Program Files (x86)\unwise.ini
2013-06-23 18:04 - 2006-07-26 13:50 - 0139264 _____ () C:\Program Files (x86)\UpgradeInfo.exe
2013-06-23 18:04 - 2006-02-14 14:03 - 0024576 _____ (Magix AG) C:\Program Files (x86)\Validation.exe
2013-06-23 18:04 - 2013-06-23 18:04 - 0000140 _____ () C:\Program Files (x86)\Validation.ini
2013-06-23 18:04 - 2002-02-13 07:00 - 1326080 _____ (Borland Software Corporation) C:\Program Files (x86)\vcl60.bpl
2013-06-23 18:04 - 2006-07-26 15:29 - 0046080 _____ () C:\Program Files (x86)\zlib.dll
2015-11-30 13:54 - 2015-11-30 13:56 - 0000050 _____ () C:\Users\Ulla & Christian\AppData\Roaming\AVSDVDPlayer.m3u
2013-07-05 20:36 - 2015-11-29 21:25 - 0000462 _____ () C:\Users\Ulla & Christian\AppData\Roaming\AVSDVDPlayer.m3u.vvv
2015-11-29 21:23 - 2015-11-29 21:26 - 0006921 _____ () C:\Users\Ulla & Christian\AppData\Roaming\how_recover+yer.html
2015-11-29 21:23 - 2015-11-29 21:26 - 0002401 _____ () C:\Users\Ulla & Christian\AppData\Roaming\how_recover+yer.txt
2013-12-25 21:18 - 2015-10-20 22:01 - 0028256 _____ () C:\Users\Ulla & Christian\AppData\Roaming\Kommagetrennte Werte (Windows).ADR
2013-12-25 21:14 - 2013-12-25 21:16 - 0028295 _____ () C:\Users\Ulla & Christian\AppData\Roaming\Tabulatorgetrennte Werte (Windows).ADR
2013-10-20 11:29 - 2015-07-02 13:29 - 0005632 _____ () C:\Users\Ulla & Christian\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2015-11-29 21:23 - 2015-11-29 21:34 - 0006921 _____ () C:\Users\Ulla & Christian\AppData\Local\how_recover+yer.html
2015-11-29 21:23 - 2015-11-29 21:34 - 0002401 _____ () C:\Users\Ulla & Christian\AppData\Local\how_recover+yer.txt
2013-12-10 20:40 - 2015-09-13 22:27 - 0007605 _____ () C:\Users\Ulla & Christian\AppData\Local\resmon.resmoncfg
2015-05-17 15:41 - 2015-05-17 15:41 - 0000057 _____ () C:\ProgramData\Ament.ini
2015-11-29 21:21 - 2015-11-29 21:23 - 0006921 _____ () C:\ProgramData\how_recover+yer.html
2015-11-29 21:21 - 2015-11-29 21:23 - 0002401 _____ () C:\ProgramData\how_recover+yer.txt
2013-06-16 20:51 - 2013-06-16 20:51 - 0000141 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.351.64.bc
2013-07-10 21:31 - 2013-07-10 21:42 - 0020531 ____H () C:\ProgramData\R49LW
Einige Dateien in TEMP:
====================
C:\Users\Jan\AppData\Local\Temp\avgnt.exe
C:\Users\Ulla & Christian\AppData\Local\Temp\avgnt.exe
==================== Bamital & volsnap =================
(Es ist kein automatischer Fix für Dateien vorhanden, die an der Verifikation gescheitert sind.)
C:\WINDOWS\system32\winlogon.exe => Datei ist digital signiert
C:\WINDOWS\system32\wininit.exe => Datei ist digital signiert
C:\WINDOWS\explorer.exe => Datei ist digital signiert
C:\WINDOWS\SysWOW64\explorer.exe => Datei ist digital signiert
C:\WINDOWS\system32\svchost.exe => Datei ist digital signiert
C:\WINDOWS\SysWOW64\svchost.exe => Datei ist digital signiert
C:\WINDOWS\system32\services.exe => Datei ist digital signiert
C:\WINDOWS\system32\User32.dll => Datei ist digital signiert
C:\WINDOWS\SysWOW64\User32.dll => Datei ist digital signiert
C:\WINDOWS\system32\userinit.exe => Datei ist digital signiert
C:\WINDOWS\SysWOW64\userinit.exe => Datei ist digital signiert
C:\WINDOWS\system32\rpcss.dll => Datei ist digital signiert
C:\WINDOWS\system32\dnsapi.dll => Datei ist digital signiert
C:\WINDOWS\SysWOW64\dnsapi.dll => Datei ist digital signiert
C:\WINDOWS\system32\Drivers\volsnap.sys => Datei ist digital signiert
LastRegBack: 2015-11-29 14:04
==================== Ende von FRST.txt ============================
Kann mir jemand helfen? Im Voraus schon mal Danke. Christian |
|
01.12.2015, 07:43
| #2 |
| /// the machine /// TB-Ausbilder    | Virus hängt an alle Dateien .vvv Hi,
__________________Entschlüsselung unmöglich, Bereinigung eventuell. Sollen wir eine Bereinigung versuchen? Dann bitte FRST öffnen, Haken setzen bei Addition und scannen, poste bitte die Addition.txt.
__________________ |
|
01.12.2015, 11:17
| #3 |
| | Virus hängt an alle Dateien .vvv Hallo Schrauber,
__________________gerne. Hier die addition.tx. Code:
ATTFilter Untersuchungsergebnis von Farbar Recovery Scan Tool (FRST) (x64) Version:30-11-2015
durchgeführt von Ulla & Christian (Administrator) auf PC (01-12-2015 00:13:46)
Gestartet von C:\Users\Ulla & Christian\Downloads
Geladene Profile: Ulla & Christian & (Verfügbare Profile: Ulla & Christian & Jan)
Platform: Windows 8.1 (X64) Sprache: Deutsch (Deutschland)
Internet Explorer Version 11 (Standard-Browser: FF)
Start-Modus: Normal
Anleitung für Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Prozesse (Nicht auf der Ausnahmeliste) =================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Prozess geschlossen. Die Datei wird nicht verschoben.)
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Sicherheit-Ordnung\Avira\AntiVir Desktop\sched.exe
(ArcSoft Inc.) C:\Program Files (x86)\Common Files\ArcSoft\esinter\Bin\eservutil.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Sicherheit-Ordnung\Avira\AntiVir Desktop\avguard.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(The OpenVPN Project) C:\Program Files (x86)\Sophos\Sophos SSL VPN Client\bin\openvpnserv.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(DEVGURU Co., LTD.) C:\Program Files (x86)\Samsung\USB Drivers\25_escape\conn\ss_conn_service.exe
() C:\Program Files (x86)\Synology\Assistant\UsbClientService.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Sicherheit-Ordnung\Avira\AntiVir Desktop\avshadow.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.11.226\SSScheduler.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Sicherheit-Ordnung\Avira\AntiVir Desktop\avgnt.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
() C:\Program Files (x86)\Sophos\Sophos SSL VPN Client\bin\openvpn-gui.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\concentr.exe
(Logitech Inc.) C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe
() C:\Program Files (x86)\Logitech\LWS\Webcam Software\CameraHelperShell.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Sicherheit-Ordnung\Avira\AntiVir Desktop\avcenter.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Connected Remote\HPConnectedRemoteService.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Connected Remote\HPConnectedRemoteUser.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
==================== Registry (Nicht auf der Ausnahmeliste) ===========================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt. Die Datei wird nicht verschoben.)
HKLM\...\Run: [BeatsOSDApp] => C:\Program Files\IDT\WDM\beats64.exe [41664 2013-11-20] (Hewlett-Packard )
HKLM\...\Run: [Ocs_SM] => C:\Users\Ulla & Christian\AppData\Roaming\OCS\SM\SearchAnonymizer.exe [106496 2013-06-17] (OCS)
HKLM\...\Run: [KiesTrayAgent] => C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe [311616 2015-07-27] (Samsung Electronics Co., Ltd.)
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1703424 2013-11-20] (IDT, Inc.)
HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Sicherheit-Ordnung\Avira\AntiVir Desktop\avgnt.exe [788176 2015-11-10] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1021128 2014-11-20] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [openvpn-gui] => C:\Program Files (x86)\Sophos\Sophos SSL VPN Client\bin\openvpn-gui.exe [436776 2013-06-14] ()
HKLM-x32\...\Run: [ConnectionCenter] => C:\Program Files (x86)\Citrix\ICA Client\concentr.exe [304568 2010-10-12] (Citrix Systems, Inc.)
HKLM-x32\...\Run: [LWS] => C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe [204136 2012-09-12] (Logitech Inc.)
HKLM-x32\...\Run: [KiesTrayAgent] => C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe [311616 2015-07-27] (Samsung Electronics Co., Ltd.)
HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKU\S-1-5-21-3876800203-89553269-3656360523-1001\...\Run: [CCleaner Monitoring] => C:\Program Files (x86)\Sicherheit-Ordnung\CCleaner64.exe [8455960 2015-08-20] (Piriform Ltd)
HKU\S-1-5-21-3876800203-89553269-3656360523-1001\...\Run: [Spybot-S&D Cleaning] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe [4566952 2014-06-24] (Safer-Networking Ltd.)
HKU\S-1-5-21-3876800203-89553269-3656360523-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [CCleaner Monitoring] => C:\Program Files (x86)\Sicherheit-Ordnung\CCleaner64.exe [8455960 2015-08-20] (Piriform Ltd)
HKU\S-1-5-21-3876800203-89553269-3656360523-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [Spybot-S&D Cleaning] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe [4566952 2014-06-24] (Safer-Networking Ltd.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk [2015-11-15]
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.11.226\SSScheduler.exe (McAfee, Inc.)
Startup: C:\Users\Ulla & Christian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\how_recover+yer.html [2015-11-29] ()
Startup: C:\Users\Ulla & Christian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\how_recover+yer.txt [2015-11-29] ()
GroupPolicyUsers\S-1-5-21-3876800203-89553269-3656360523-1003\User: Beschränkung <======= ACHTUNG
==================== Internet (Nicht auf der Ausnahmeliste) ====================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Eintrag entfernt oder auf den Standardwert zurückgesetzt, wenn es sich um einen Registryeintrag handelt.)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
Tcpip\..\Interfaces\{82DFC5A4-518D-445C-A2B1-591A6747A3D5}: [DhcpNameServer] 192.168.103.1 192.168.103.20
Tcpip\..\Interfaces\{B56279DC-0CCA-4C4C-8F65-B5B765D59070}: [DhcpNameServer] 192.168.2.1
Internet Explorer:
==================
HKU\S-1-5-21-3876800203-89553269-3656360523-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPDSK13/4
HKU\S-1-5-21-3876800203-89553269-3656360523-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.bing.com
HKU\S-1-5-21-3876800203-89553269-3656360523-1001\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.bing.com
HKU\S-1-5-21-3876800203-89553269-3656360523-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPDSK13/4
HKU\S-1-5-21-3876800203-89553269-3656360523-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.bing.com
HKU\S-1-5-21-3876800203-89553269-3656360523-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.bing.com
HKU\S-1-5-21-3876800203-89553269-3656360523-1003-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.uk.msn.com/HPDSK13/4
HKU\S-1-5-21-3876800203-89553269-3656360523-1003-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0\Software\Microsoft\Internet Explorer\Main,First Home Page = hxxp://g.uk.msn.com/HPDSK13/4
HKU\S-1-5-21-3876800203-89553269-3656360523-1003-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPDSK13/4
URLSearchHook: [S-1-5-21-3876800203-89553269-3656360523-1003-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0] ACHTUNG => Standard URLSearchHook fehlt
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM -> {471E55EA-5870-4D06-85B1-087E723116A4} URL = hxxp://www.amazon.de/s/ref=azs_osd_ieade?ie=UTF-8&tag=hp-de1-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/707-154345-12128-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> {471E55EA-5870-4D06-85B1-087E723116A4} URL = hxxp://www.amazon.de/s/ref=azs_osd_ieade?ie=UTF-8&tag=hp-de1-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM-x32 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/707-154345-12128-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
SearchScopes: HKU\S-1-5-21-3876800203-89553269-3656360523-1001 -> {0376A5AC-5698-4CFB-BF5B-1A12FE88CE17} URL = hxxp://de.wikipedia.org.anonymize-me.de/?to=64652E77696B6970656469612E6F7267&st={searchTerms}&clid=8106a2b4-3f40-4652-b50f-5ed672b28841&pid=fotofreeware&mode=bounce&k=0
SearchScopes: HKU\S-1-5-21-3876800203-89553269-3656360523-1001 -> {2B9277F9-9AFF-4BE1-8D9F-5C47ACDE8AF9} URL = hxxp://www.pricerunner.de.anonymize-me.de/?to=707269636572756E6E65722E6465&st={searchTerms}&clid=8106a2b4-3f40-4652-b50f-5ed672b28841&pid=fotofreeware&mode=bounce&k=0
SearchScopes: HKU\S-1-5-21-3876800203-89553269-3656360523-1001 -> {471E55EA-5870-4D06-85B1-087E723116A4} URL = hxxp://www.amazon.de.anonymize-me.de/?anonymto=687474703A2F2F7777772E616D617A6F6E2E64652F732F7265663D617A735F6F73645F69656164653F69653D5554462D38267461673D68702D6465312D7673622D3231266C696E6B253546636F64653D717326696E6465783D617073266669656C642D6B6579776F7264733D7B7365617263685465726D737D&st={searchTerms}&clid=8106a2b4-3f40-4652-b50f-5ed672b28841&pid=fotofreeware&k=0
SearchScopes: HKU\S-1-5-21-3876800203-89553269-3656360523-1001 -> {68DA0295-7A32-4CC5-A929-A2513D7186F0} URL = hxxp://www.otto.de.anonymize-me.de/?to=6F74746F2E6465&st={searchTerms}&clid=8106a2b4-3f40-4652-b50f-5ed672b28841&pid=fotofreeware&mode=bounce&k=0
SearchScopes: HKU\S-1-5-21-3876800203-89553269-3656360523-1001 -> {B52B0020-6410-4905-8380-4EED9883BE80} URL = hxxp://www.myvideo.de.anonymize-me.de/?to=6D79766964656F2E6465&st={searchTerms}&clid=8106a2b4-3f40-4652-b50f-5ed672b28841&pid=fotofreeware&mode=bounce&k=0
SearchScopes: HKU\S-1-5-21-3876800203-89553269-3656360523-1001 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com.anonymize-me.de/?anonymto=687474703A2F2F726F7665722E656261792E636F6D2F726F7665722F312F3730372D3135343334352D31323132382D322F34203F6D7072653D687474702533412532462532467777772E656261792E636F6D2532467363682532462533465F6E6B772533447B7365617263685465726D737D266B6579776F72643D7B7365617263685465726D737D&st={searchTerms}&clid=8106a2b4-3f40-4652-b50f-5ed672b28841&pid=fotofreeware&k=0
SearchScopes: HKU\S-1-5-21-3876800203-89553269-3656360523-1001 -> {F2109080-1672-4F41-BDB0-B480859F3699} URL = hxxp://www.google.de/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-3876800203-89553269-3656360523-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {0376A5AC-5698-4CFB-BF5B-1A12FE88CE17} URL = hxxp://de.wikipedia.org.anonymize-me.de/?to=64652E77696B6970656469612E6F7267&st={searchTerms}&clid=8106a2b4-3f40-4652-b50f-5ed672b28841&pid=fotofreeware&mode=bounce&k=0
SearchScopes: HKU\S-1-5-21-3876800203-89553269-3656360523-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {2B9277F9-9AFF-4BE1-8D9F-5C47ACDE8AF9} URL = hxxp://www.pricerunner.de.anonymize-me.de/?to=707269636572756E6E65722E6465&st={searchTerms}&clid=8106a2b4-3f40-4652-b50f-5ed672b28841&pid=fotofreeware&mode=bounce&k=0
SearchScopes: HKU\S-1-5-21-3876800203-89553269-3656360523-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {471E55EA-5870-4D06-85B1-087E723116A4} URL = hxxp://www.amazon.de.anonymize-me.de/?anonymto=687474703A2F2F7777772E616D617A6F6E2E64652F732F7265663D617A735F6F73645F69656164653F69653D5554462D38267461673D68702D6465312D7673622D3231266C696E6B253546636F64653D717326696E6465783D617073266669656C642D6B6579776F7264733D7B7365617263685465726D737D&st={searchTerms}&clid=8106a2b4-3f40-4652-b50f-5ed672b28841&pid=fotofreeware&k=0
SearchScopes: HKU\S-1-5-21-3876800203-89553269-3656360523-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {68DA0295-7A32-4CC5-A929-A2513D7186F0} URL = hxxp://www.otto.de.anonymize-me.de/?to=6F74746F2E6465&st={searchTerms}&clid=8106a2b4-3f40-4652-b50f-5ed672b28841&pid=fotofreeware&mode=bounce&k=0
SearchScopes: HKU\S-1-5-21-3876800203-89553269-3656360523-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {B52B0020-6410-4905-8380-4EED9883BE80} URL = hxxp://www.myvideo.de.anonymize-me.de/?to=6D79766964656F2E6465&st={searchTerms}&clid=8106a2b4-3f40-4652-b50f-5ed672b28841&pid=fotofreeware&mode=bounce&k=0
SearchScopes: HKU\S-1-5-21-3876800203-89553269-3656360523-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com.anonymize-me.de/?anonymto=687474703A2F2F726F7665722E656261792E636F6D2F726F7665722F312F3730372D3135343334352D31323132382D322F34203F6D7072653D687474702533412532462532467777772E656261792E636F6D2532467363682532462533465F6E6B772533447B7365617263685465726D737D266B6579776F72643D7B7365617263685465726D737D&st={searchTerms}&clid=8106a2b4-3f40-4652-b50f-5ed672b28841&pid=fotofreeware&k=0
SearchScopes: HKU\S-1-5-21-3876800203-89553269-3656360523-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {F2109080-1672-4F41-BDB0-B480859F3699} URL = hxxp://www.google.de/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-3876800203-89553269-3656360523-1003-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0 -> {471E55EA-5870-4D06-85B1-087E723116A4} URL = hxxp://www.amazon.de/s/ref=azs_osd_ieade?ie=UTF-8&tag=hp-de1-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKU\S-1-5-21-3876800203-89553269-3656360523-1003-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/707-154345-12128-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\ssv.dll [2015-01-28] (Oracle Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\jp2ssv.dll [2015-01-28] (Oracle Corporation)
Toolbar: HKU\S-1-5-21-3876800203-89553269-3656360523-1001 -> Kein Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - Keine Datei
Toolbar: HKU\S-1-5-21-3876800203-89553269-3656360523-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> Kein Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - Keine Datei
Handler-x32: http - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL [1999-02-03] (Microsoft Corporation)
Handler-x32: http - {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL [1999-02-03] (Microsoft Corporation)
Handler-x32: https - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL [1999-02-03] (Microsoft Corporation)
Handler-x32: https - {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL [1999-02-03] (Microsoft Corporation)
Handler-x32: ipp - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL [1999-02-03] (Microsoft Corporation)
Handler-x32: msdaipp - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL [1999-02-03] (Microsoft Corporation)
Handler-x32: msdaipp - {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL [1999-02-03] (Microsoft Corporation)
Filter-x32: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2010-10-12] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2010-10-12] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2010-10-12] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2010-10-12] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2010-10-12] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2010-10-12] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2010-10-12] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2010-10-12] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2010-10-12] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2010-10-12] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2010-10-12] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2010-10-12] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2010-10-12] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2010-10-12] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2010-10-12] (Citrix Systems, Inc.)
Filter-x32: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2010-10-12] (Citrix Systems, Inc.)
FireFox:
========
FF ProfilePath: C:\Users\Ulla & Christian\AppData\Roaming\Mozilla\Firefox\Profiles\7shvkqc1.default
FF SelectedSearchEngine: Bing
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_19_0_0_245.dll [2015-11-10] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.0.2 -> C:\Program Files (x86)\Filme - Video\VLC\npvlc.dll [2012-06-28] (VideoLAN)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_19_0_0_245.dll [2015-11-10] ()
FF Plugin-x32: @ei.UtilityChest_49.com/Plugin -> C:\Program Files (x86)\UtilityChest_49EI\Installr\1.bin\NP49EISB.dll [2013-07-02] (Utility Chest)
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Bilder\Picasa3\npPicasa3.dll [2014-01-06] (Google, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll [2015-01-28] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\plugin2\npjp2.dll [2015-01-28] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll [2010-04-26] (Microsoft Corp.)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3503.0728 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-07-28] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2013-08-29] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2013-08-29] (NVIDIA Corporation)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2013-12-21] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-3876800203-89553269-3656360523-1001: amazon.com/AmazonMP3DownloaderPlugin -> C:\Users\Ulla & Christian\AppData\Local\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin10181.dll [2013-05-22] (Amazon.com, Inc.)
FF Plugin HKU\S-1-5-21-3876800203-89553269-3656360523-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0: amazon.com/AmazonMP3DownloaderPlugin -> C:\Users\Ulla & Christian\AppData\Local\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin10181.dll [2013-05-22] (Amazon.com, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\CCMSDK.dll [2010-10-12] (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\cgpcfg.dll [2010-10-12] (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\CgpCore.dll [2010-10-12] (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\confmgr.dll [2010-10-12] (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\ctxlogging.dll [2010-10-12] (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\ctxmui.dll [2010-10-12] (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\icafile.dll [2010-10-12] (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\icalogon.dll [2010-10-12] (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npicaN.dll [2010-10-12] ()
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2013-12-21] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\sslsdk_b.dll [2010-07-14] (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\TcpPServ.dll [2010-10-12] (Citrix Systems, Inc.)
FF SearchPlugin: C:\Users\Ulla & Christian\AppData\Roaming\Mozilla\Firefox\Profiles\7shvkqc1.default\searchplugins\how_recover+yer.html [2015-11-29]
FF SearchPlugin: C:\Users\Ulla & Christian\AppData\Roaming\Mozilla\Firefox\Profiles\7shvkqc1.default\searchplugins\how_recover+yer.txt [2015-11-29]
FF Extension: Shrunked Image Resizer - C:\Users\Ulla & Christian\AppData\Roaming\Mozilla\Firefox\Profiles\7shvkqc1.default\extensions\shrunked@darktrojan.net.xpi [2015-09-14]
FF Extension: Avira Browser Safety - C:\Users\Ulla & Christian\AppData\Roaming\Mozilla\Firefox\Profiles\7shvkqc1.default\Extensions\abs@avira.com [2015-11-29] [ist nicht signiert]
Chrome:
=======
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
==================== Dienste (Nicht auf der Ausnahmeliste) ========================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
R2 ADExchange; C:\Program Files (x86)\Common Files\ArcSoft\esinter\Bin\eservutil.exe [43112 2012-02-16] (ArcSoft Inc.)
S2 AntiVirMailService; C:\Program Files (x86)\Sicherheit-Ordnung\Avira\AntiVir Desktop\avmailc7.exe [936544 2015-11-10] (Avira Operations GmbH & Co. KG)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Sicherheit-Ordnung\Avira\AntiVir Desktop\sched.exe [466408 2015-11-10] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Sicherheit-Ordnung\Avira\AntiVir Desktop\avguard.exe [466408 2015-11-10] (Avira Operations GmbH & Co. KG)
S2 AntiVirWebService; C:\Program Files (x86)\Sicherheit-Ordnung\Avira\AntiVir Desktop\avwebg7.exe [1105952 2015-11-10] (Avira Operations GmbH & Co. KG)
S3 DfSdkS; C:\Program Files (x86)\Ashampoo\Ashampoo WinOptimizer 2015\DfsdkS64.exe [544768 2009-08-24] (mst software GmbH, Germany) [Datei ist nicht signiert]
R2 HP Support Assistant Service; C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [92160 2013-11-04] (Hewlett-Packard Company) [Datei ist nicht signiert]
R2 HPConnectedRemote; c:\Program Files (x86)\Hewlett-Packard\HP Connected Remote\HPConnectedRemoteService.exe [35744 2012-10-12] (Hewlett-Packard)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.11.226\McCHSvc.exe [289256 2015-10-30] (McAfee, Inc.)
S3 OpenVPNService; C:\Program Files (x86)\Sophos\Sophos SSL VPN Client\bin\openvpnserv.exe [59432 2013-06-14] (The OpenVPN Project)
R2 OpenVPNServiceInteractive; C:\Program Files (x86)\Sophos\Sophos SSL VPN Client\bin\openvpnserv.exe [59432 2013-06-14] (The OpenVPN Project)
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)
R2 ss_conn_service; C:\Program Files (x86)\Samsung\USB Drivers\25_escape\conn\ss_conn_service.exe [743688 2015-05-21] (DEVGURU Co., LTD.)
R2 STacSV; C:\Program Files\IDT\WDM\STacSV64.exe [339456 2013-11-20] (IDT, Inc.) [Datei ist nicht signiert]
R2 UsbClientService; C:\Program Files (x86)\Synology\Assistant\UsbClientService.exe [248736 2014-12-17] ()
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366552 2015-07-07] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2015-07-07] (Microsoft Corporation)
===================== Treiber (Nicht auf der Ausnahmeliste) ==========================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
R0 ambakdrv; C:\Windows\System32\ambakdrv.sys [30648 2013-04-27] () [Datei ist nicht signiert]
R2 ammntdrv; C:\windows\system32\ammntdrv.sys [151480 2013-04-27] () [Datei ist nicht signiert]
R2 amwrtdrv; C:\windows\system32\amwrtdrv.sys [17848 2013-02-06] () [Datei ist nicht signiert]
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [137800 2015-09-23] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [148632 2015-08-04] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\system32\DRIVERS\avkmgr.sys [28600 2013-11-26] (Avira Operations GmbH & Co. KG)
R2 avnetflt; C:\Windows\system32\DRIVERS\avnetflt.sys [74440 2015-09-23] (Avira Operations GmbH & Co. KG)
R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [92536 2012-06-25] (CyberLink)
S0 ebdrv; C:\Windows\System32\drivers\evbda.sys [3357024 2013-08-22] (Broadcom Corporation)
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44560 2015-07-07] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [270168 2015-07-07] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114520 2015-07-07] (Microsoft Corporation)
==================== NetSvcs (Nicht auf der Ausnahmeliste) ===================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
==================== Ein Monat: Erstellte Dateien und Ordner ========
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)
2015-12-01 00:11 - 2015-12-01 00:11 - 00000000 _____ C:\Users\Ulla & Christian\defogger_reenable
2015-12-01 00:10 - 2015-12-01 00:10 - 00050477 _____ C:\Users\Ulla & Christian\Downloads\Defogger.exe
2015-11-30 23:21 - 2015-12-01 00:10 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2015-11-30 23:21 - 2015-11-30 23:49 - 00192216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2015-11-30 23:21 - 2015-11-30 23:21 - 00000000 ____D C:\ProgramData\Malwarebytes
2015-11-30 23:19 - 2015-11-30 23:49 - 00109272 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2015-11-30 23:19 - 2015-11-30 23:19 - 00000000 ____D C:\Malwarebytes
2015-11-30 23:18 - 2015-11-30 23:18 - 16563352 _____ (Malwarebytes Corp.) C:\Users\Ulla & Christian\Downloads\mbar-1.09.3.1001.exe
2015-11-30 23:06 - 2015-11-30 23:07 - 00053534 _____ C:\Users\Ulla & Christian\Downloads\Addition.txt
2015-11-30 23:05 - 2015-12-01 00:13 - 00030188 _____ C:\Users\Ulla & Christian\Downloads\FRST.txt
2015-11-30 23:05 - 2015-12-01 00:13 - 00000000 ____D C:\FRST
2015-11-30 23:04 - 2015-11-30 23:04 - 02350080 _____ (Farbar) C:\Users\Ulla & Christian\Downloads\FRST64(1).exe
2015-11-30 23:02 - 2015-11-30 23:02 - 02350080 _____ (Farbar) C:\Users\Ulla & Christian\Downloads\FRST64.exe
2015-11-30 13:54 - 2015-11-30 13:56 - 00000050 _____ C:\Users\Ulla & Christian\AppData\Roaming\AVSDVDPlayer.m3u
2015-11-30 13:54 - 2015-11-30 13:55 - 00000000 ___HD C:\$WINDOWS.~BT
2015-11-29 22:45 - 2015-11-29 22:45 - 00024261 _____ C:\Users\Ulla & Christian\Downloads\RX_151129_Bestellbestaetigung_VID3_2245.pdf
2015-11-29 21:46 - 2015-11-29 21:46 - 00006921 _____ C:\WINDOWS\Tasks\how_recover+yer.html
2015-11-29 21:46 - 2015-11-29 21:46 - 00002401 _____ C:\WINDOWS\Tasks\how_recover+yer.txt
2015-11-29 21:45 - 2015-11-29 21:45 - 00006921 _____ C:\Users\Ulla & Christian\how_recover+yer.html
2015-11-29 21:45 - 2015-11-29 21:45 - 00002401 _____ C:\Users\Ulla & Christian\how_recover+yer.txt
2015-11-29 21:33 - 2015-11-29 21:34 - 00006921 _____ C:\Users\Ulla & Christian\Documents\how_recover+yer.html
2015-11-29 21:33 - 2015-11-29 21:34 - 00002401 _____ C:\Users\Ulla & Christian\Documents\how_recover+yer.txt
2015-11-29 21:33 - 2015-11-29 21:33 - 00006921 _____ C:\Users\Ulla & Christian\Downloads\how_recover+yer.html
2015-11-29 21:33 - 2015-11-29 21:33 - 00002401 _____ C:\Users\Ulla & Christian\Downloads\how_recover+yer.txt
2015-11-29 21:26 - 2015-11-29 21:26 - 00006921 _____ C:\Users\Ulla & Christian\AppData\how_recover+yer.html
2015-11-29 21:26 - 2015-11-29 21:26 - 00002401 _____ C:\Users\Ulla & Christian\AppData\how_recover+yer.txt
2015-11-29 21:25 - 2015-11-29 21:45 - 00006921 _____ C:\Users\Ulla & Christian\AppData\Roaming\Microsoft\Windows\Start Menu\how_recover+yer.html
2015-11-29 21:25 - 2015-11-29 21:45 - 00002401 _____ C:\Users\Ulla & Christian\AppData\Roaming\Microsoft\Windows\Start Menu\how_recover+yer.txt
2015-11-29 21:25 - 2015-11-29 21:25 - 00006921 _____ C:\Users\Ulla & Christian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\how_recover+yer.html
2015-11-29 21:25 - 2015-11-29 21:25 - 00006921 _____ C:\Users\Ulla & Christian\AppData\LocalLow\how_recover+yer.html
2015-11-29 21:25 - 2015-11-29 21:25 - 00002401 _____ C:\Users\Ulla & Christian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\how_recover+yer.txt
2015-11-29 21:25 - 2015-11-29 21:25 - 00002401 _____ C:\Users\Ulla & Christian\AppData\LocalLow\how_recover+yer.txt
2015-11-29 21:23 - 2015-11-29 21:34 - 00006921 _____ C:\Users\Ulla & Christian\AppData\Local\how_recover+yer.html
2015-11-29 21:23 - 2015-11-29 21:34 - 00002401 _____ C:\Users\Ulla & Christian\AppData\Local\how_recover+yer.txt
2015-11-29 21:23 - 2015-11-29 21:26 - 00006921 _____ C:\Users\Ulla & Christian\AppData\Roaming\how_recover+yer.html
2015-11-29 21:23 - 2015-11-29 21:26 - 00002401 _____ C:\Users\Ulla & Christian\AppData\Roaming\how_recover+yer.txt
2015-11-29 21:23 - 2015-11-29 21:23 - 00006921 _____ C:\Users\Ulla & Christian\AppData\Local\Apps\how_recover+yer.html
2015-11-29 21:23 - 2015-11-29 21:23 - 00006921 _____ C:\Users\Public\how_recover+yer.html
2015-11-29 21:23 - 2015-11-29 21:23 - 00006921 _____ C:\Users\Public\Downloads\how_recover+yer.html
2015-11-29 21:23 - 2015-11-29 21:23 - 00002401 _____ C:\Users\Ulla & Christian\AppData\Local\Apps\how_recover+yer.txt
2015-11-29 21:23 - 2015-11-29 21:23 - 00002401 _____ C:\Users\Public\how_recover+yer.txt
2015-11-29 21:23 - 2015-11-29 21:23 - 00002401 _____ C:\Users\Public\Downloads\how_recover+yer.txt
2015-11-29 21:21 - 2015-11-29 21:23 - 00006921 _____ C:\Users\Public\Documents\how_recover+yer.html
2015-11-29 21:21 - 2015-11-29 21:23 - 00006921 _____ C:\ProgramData\how_recover+yer.html
2015-11-29 21:21 - 2015-11-29 21:23 - 00002401 _____ C:\Users\Public\Documents\how_recover+yer.txt
2015-11-29 21:21 - 2015-11-29 21:23 - 00002401 _____ C:\ProgramData\how_recover+yer.txt
2015-11-29 21:19 - 2015-11-29 21:19 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
2015-11-29 21:19 - 2015-11-29 21:19 - 00000000 ____D C:\Program Files (x86)\7-Zip
2015-11-29 21:18 - 2015-11-29 21:18 - 01466656 _____ C:\Users\Ulla & Christian\Downloads\7 Zip 32 Bit - CHIP-Installer.exe
2015-11-29 21:16 - 2015-11-29 21:26 - 00000670 _____ C:\Users\Ulla & Christian\Documents\recover_file_jkvrflnqu.txt.vvv
2015-11-28 23:24 - 2015-11-28 23:24 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Live Add-in
2015-11-28 23:22 - 2015-10-22 18:43 - 00007168 _____ (Microsoft Corporation) C:\WINDOWS\system32\kbdgeoqw.dll
2015-11-28 23:22 - 2015-10-22 18:43 - 00007168 _____ (Microsoft Corporation) C:\WINDOWS\system32\KBDAZST.DLL
2015-11-28 23:22 - 2015-10-22 18:43 - 00007168 _____ (Microsoft Corporation) C:\WINDOWS\system32\KBDAZEL.DLL
2015-11-28 23:22 - 2015-10-22 18:43 - 00007168 _____ (Microsoft Corporation) C:\WINDOWS\system32\KBDAZE.DLL
2015-11-28 23:22 - 2015-10-22 17:59 - 00007168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kbdgeoqw.dll
2015-11-28 23:22 - 2015-10-22 17:59 - 00007168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KBDAZST.DLL
2015-11-28 23:22 - 2015-10-22 17:59 - 00007168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KBDAZEL.DLL
2015-11-28 23:22 - 2015-10-22 17:59 - 00007168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KBDAZE.DLL
2015-11-28 23:22 - 2015-10-22 17:21 - 01200128 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Globalization.dll
2015-11-28 23:22 - 2015-10-22 17:21 - 00323072 _____ (Microsoft Corporation) C:\WINDOWS\system32\GlobCollationHost.dll
2015-11-28 23:22 - 2015-10-22 16:58 - 00868864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Globalization.dll
2015-11-28 23:22 - 2015-10-22 16:58 - 00200704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GlobCollationHost.dll
2015-11-28 23:22 - 2015-10-22 15:08 - 00513456 _____ C:\WINDOWS\SysWOW64\locale.nls
2015-11-28 23:22 - 2015-10-22 15:08 - 00513456 _____ C:\WINDOWS\system32\locale.nls
2015-11-28 23:22 - 2015-01-06 04:01 - 00072192 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ndproxy.sys
2015-11-28 23:22 - 2015-01-06 03:59 - 00080896 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wanarp.sys
2015-11-28 23:22 - 2015-01-06 02:12 - 00185856 _____ (Microsoft Corporation) C:\WINDOWS\system32\rascfg.dll
2015-11-28 23:22 - 2015-01-06 02:02 - 00164864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rascfg.dll
2015-11-28 23:21 - 2015-10-11 07:34 - 00468824 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBHUB3.SYS
2015-11-28 23:21 - 2015-10-11 07:34 - 00462168 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbhub.sys
2015-11-28 23:21 - 2015-10-11 07:34 - 00443224 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbport.sys
2015-11-28 23:21 - 2015-10-11 07:34 - 00092504 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbehci.sys
2015-11-28 23:21 - 2015-10-11 07:34 - 00027992 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbd.sys
2015-11-28 23:21 - 2015-10-10 19:41 - 00037376 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbuhci.sys
2015-11-28 23:21 - 2015-10-10 19:41 - 00030208 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbohci.sys
2015-11-28 23:21 - 2015-10-10 19:40 - 00078848 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\winusb.sys
2015-11-28 23:21 - 2015-10-10 18:20 - 00186880 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpapisrv.dll
2015-11-28 23:21 - 2015-10-08 17:11 - 00060928 _____ (Microsoft Corporation) C:\WINDOWS\system32\PCPKsp.dll
2015-11-28 23:21 - 2015-10-08 16:50 - 00053248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PCPKsp.dll
2015-11-28 23:21 - 2015-10-05 19:28 - 00146432 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininit.exe
2015-11-28 23:21 - 2015-10-05 19:25 - 00572928 _____ (Microsoft Corporation) C:\WINDOWS\system32\winlogon.exe
2015-11-28 23:21 - 2015-10-03 20:41 - 01385280 _____ (Microsoft Corporation) C:\WINDOWS\system32\msctf.dll
2015-11-28 23:21 - 2015-10-03 20:41 - 01124384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msctf.dll
2015-11-28 23:21 - 2015-09-28 19:31 - 02775552 _____ (Microsoft Corporation) C:\WINDOWS\system32\authui.dll
2015-11-28 23:21 - 2015-09-28 19:24 - 02462720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\authui.dll
2015-11-28 23:21 - 2015-05-01 02:13 - 06521800 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppsvc.exe
2015-11-28 23:21 - 2015-05-01 02:13 - 01488000 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppobjs.dll
2015-11-28 23:21 - 2015-05-01 02:13 - 00261376 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppwinob.dll
2015-11-28 22:23 - 2015-11-28 22:23 - 14108096 _____ (Citrix Systems, Inc.) C:\Users\Ulla & Christian\Downloads\CitrixOnlinePluginWeb(3).exe
2015-11-25 23:20 - 2015-11-25 23:23 - 88173384 _____ (Buhl Data Service GmbH) C:\Users\Ulla & Christian\Downloads\WISOFinanz2016.exe
2015-11-23 07:26 - 2015-11-29 21:25 - 00000000 ____D C:\Users\Ulla & Christian\AppData\Roaming\DataDesign
2015-11-22 17:53 - 2015-11-22 17:54 - 14108096 _____ (Citrix Systems, Inc.) C:\Users\Ulla & Christian\Downloads\CitrixOnlinePluginWeb(2).exe
2015-11-18 20:20 - 2015-11-18 20:20 - 00000000 ____D C:\Users\Jan\AppData\Roaming\HpUpdate
2015-11-15 17:06 - 2015-11-15 17:06 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus
2015-11-15 17:06 - 2015-11-15 17:06 - 00000000 ____D C:\Program Files\McAfee Security Scan
2015-11-14 17:17 - 2015-11-30 23:51 - 00008510 _____ C:\WINDOWS\System32\Tasks\FinishInstall igdhbblpcellaljokkpfhcjlagemhgjl
2015-11-10 23:24 - 2015-11-10 23:24 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2015-11-10 19:37 - 2015-10-31 00:46 - 25818624 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2015-11-10 19:37 - 2015-10-31 00:25 - 02886656 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2015-11-10 19:37 - 2015-10-31 00:24 - 00585728 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2015-11-10 19:37 - 2015-10-31 00:11 - 05990912 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2015-11-10 19:37 - 2015-10-31 00:11 - 00817664 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2015-11-10 19:37 - 2015-10-30 23:52 - 20331520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2015-11-10 19:37 - 2015-10-30 23:47 - 00504832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2015-11-10 19:37 - 2015-10-30 23:42 - 02279936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2015-11-10 19:37 - 2015-10-30 23:39 - 01032704 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll
2015-11-10 19:37 - 2015-10-30 23:36 - 00663552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2015-11-10 19:37 - 2015-10-30 23:32 - 00720896 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2015-11-10 19:37 - 2015-10-30 23:31 - 00801280 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2015-11-10 19:37 - 2015-10-30 23:22 - 14457856 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2015-11-10 19:37 - 2015-10-30 23:17 - 02487808 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2015-11-10 19:37 - 2015-10-30 23:16 - 04527616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2015-11-10 19:37 - 2015-10-30 23:14 - 00880128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll
2015-11-10 19:37 - 2015-10-30 23:10 - 00689152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2015-11-10 19:37 - 2015-10-30 23:09 - 12854272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2015-11-10 19:37 - 2015-10-30 23:04 - 01547264 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2015-11-10 19:37 - 2015-10-30 22:53 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2015-11-10 19:37 - 2015-10-30 22:51 - 02011136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2015-11-10 19:37 - 2015-10-30 22:48 - 01311744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2015-11-10 19:37 - 2015-10-30 22:46 - 00710144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2015-11-10 19:35 - 2015-10-20 22:54 - 00136904 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
2015-11-10 19:35 - 2015-10-20 15:53 - 03705856 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2015-11-10 19:35 - 2015-10-20 15:36 - 02243072 _____ (Microsoft Corporation) C:\WINDOWS\system32\wucltux.dll
2015-11-10 19:35 - 2015-10-20 15:35 - 00891904 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2015-11-10 19:35 - 2015-10-20 15:34 - 00409088 _____ (Microsoft Corporation) C:\WINDOWS\system32\WUSettingsProvider.dll
2015-11-10 19:35 - 2015-10-20 15:34 - 00140288 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuwebv.dll
2015-11-10 19:35 - 2015-10-20 15:34 - 00035840 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapp.exe
2015-11-10 19:35 - 2015-10-20 15:33 - 00095744 _____ (Microsoft Corporation) C:\WINDOWS\system32\wudriver.dll
2015-11-10 19:35 - 2015-10-20 15:14 - 00721920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
2015-11-10 19:35 - 2015-10-20 15:13 - 00124928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuwebv.dll
2015-11-10 19:35 - 2015-10-20 15:13 - 00081920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wudriver.dll
2015-11-10 19:35 - 2015-10-20 15:13 - 00029696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapp.exe
2015-11-10 19:35 - 2015-10-15 17:08 - 00990208 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
2015-11-10 19:35 - 2015-10-15 16:46 - 00803328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll
2015-11-10 19:35 - 2015-10-15 00:02 - 07455064 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2015-11-10 19:35 - 2015-10-15 00:02 - 01659560 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2015-11-10 19:35 - 2015-10-15 00:02 - 01519592 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2015-11-10 19:35 - 2015-10-15 00:02 - 01487008 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2015-11-10 19:35 - 2015-10-15 00:02 - 01355848 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
2015-11-10 19:35 - 2015-10-13 18:10 - 00559616 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\afd.sys
2015-11-10 19:35 - 2015-10-13 18:10 - 00108032 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tdx.sys
2015-11-10 19:35 - 2015-10-13 16:59 - 00397224 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcryptprimitives.dll
2015-11-10 19:35 - 2015-10-13 16:59 - 00340872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\bcryptprimitives.dll
2015-11-10 19:35 - 2015-10-13 16:59 - 00137960 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncrypt.dll
2015-11-10 19:35 - 2015-10-13 16:59 - 00120376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ncrypt.dll
2015-11-10 19:35 - 2015-10-13 16:59 - 00106952 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncryptsslp.dll
2015-11-10 19:35 - 2015-10-13 16:59 - 00091416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ncryptsslp.dll
2015-11-10 19:35 - 2015-10-11 07:36 - 00561952 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2015-11-10 19:35 - 2015-10-11 07:36 - 00177496 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecpkg.sys
2015-11-10 19:35 - 2015-10-10 19:40 - 00202240 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb20.sys
2015-11-10 19:35 - 2015-10-10 19:39 - 00401408 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb.sys
2015-11-10 19:35 - 2015-10-10 19:07 - 00445440 _____ (Microsoft Corporation) C:\WINDOWS\system32\certcli.dll
2015-11-10 19:35 - 2015-10-10 18:33 - 01441280 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2015-11-10 19:35 - 2015-10-10 18:27 - 00432640 _____ (Microsoft Corporation) C:\WINDOWS\system32\schannel.dll
2015-11-10 19:35 - 2015-10-10 18:11 - 00324096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\certcli.dll
2015-11-10 19:35 - 2015-10-10 17:45 - 00359424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\schannel.dll
2015-11-10 19:35 - 2015-09-29 13:24 - 00155480 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tpm.sys
2015-11-10 19:35 - 2015-09-12 14:47 - 00414559 _____ C:\WINDOWS\system32\ApnDatabase.xml
2015-11-10 19:35 - 2015-09-07 17:22 - 00477184 _____ (Microsoft Corporation) C:\WINDOWS\system32\puiobj.dll
2015-11-10 19:35 - 2015-09-07 16:54 - 00367104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\puiobj.dll
2015-11-10 19:35 - 2015-09-07 16:30 - 01091584 _____ (Microsoft Corporation) C:\WINDOWS\system32\localspl.dll
2015-11-10 19:35 - 2015-09-04 20:24 - 00154112 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tunnel.sys
2015-11-10 19:35 - 2015-08-28 23:20 - 00183368 _____ (Microsoft Corporation) C:\WINDOWS\system32\AuthHost.exe
2015-11-10 19:35 - 2015-08-20 21:45 - 01380048 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32.dll
2015-11-10 19:35 - 2015-08-20 18:48 - 01096704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32.dll
2015-11-10 19:30 - 2015-10-17 15:19 - 04176384 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2015-11-10 19:30 - 2015-10-08 17:08 - 01083904 _____ (Microsoft Corporation) C:\WINDOWS\system32\IKEEXT.DLL
2015-11-10 19:30 - 2015-08-10 19:15 - 00845312 _____ (Microsoft Corporation) C:\WINDOWS\system32\BFE.DLL
2015-11-10 19:30 - 2015-08-10 19:06 - 00422400 _____ (Microsoft Corporation) C:\WINDOWS\system32\FWPUCLNT.DLL
2015-11-10 19:30 - 2015-08-10 18:49 - 00713216 _____ (Microsoft Corporation) C:\WINDOWS\system32\nshwfp.dll
2015-11-10 19:30 - 2015-08-10 17:56 - 00272384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\FWPUCLNT.DLL
2015-11-10 19:30 - 2015-08-10 17:46 - 00561664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\nshwfp.dll
2015-11-07 18:17 - 2015-11-07 18:17 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\World of Warships
2015-11-07 18:14 - 2015-11-07 18:14 - 07369576 _____ (Wargaming.net ) C:\Users\Ulla & Christian\Downloads\WoWS_internet_install_eu.exe
2015-11-07 15:58 - 2015-11-07 22:39 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2015-11-06 12:48 - 2015-11-06 12:49 - 14108096 _____ (Citrix Systems, Inc.) C:\Users\Ulla & Christian\Downloads\CitrixOnlinePluginWeb(1).exe
2015-11-03 13:42 - 2015-11-29 21:23 - 00000000 ____D C:\Users\Ulla & Christian\.android
2015-11-03 13:41 - 2015-11-29 21:25 - 00000000 ____D C:\Users\Ulla & Christian\AppData\Roaming\MyPhoneExplorer
2015-11-03 13:41 - 2015-11-03 13:41 - 00002078 _____ C:\Users\Public\Desktop\MyPhoneExplorer.lnk
2015-11-03 13:41 - 2015-11-03 13:41 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MyPhoneExplorer
2015-11-03 13:41 - 2015-11-03 13:41 - 00000000 ____D C:\Program Files (x86)\MyPhoneExplorer
2015-11-03 13:39 - 2015-11-03 13:39 - 01466656 _____ C:\Users\Ulla & Christian\Downloads\MyPhoneExplorer - CHIP-Installer(1).exe
2015-11-03 13:37 - 2015-11-03 13:38 - 01466656 _____ C:\Users\Ulla & Christian\Downloads\MyPhoneExplorer - CHIP-Installer.exe
2015-11-02 11:28 - 2015-11-02 11:28 - 00000383 _____ C:\ftconfig.ini
2015-11-01 22:19 - 2015-11-29 21:33 - 00392270 _____ C:\Users\Ulla & Christian\Downloads\10984200_908781199162434_4585968420000991718_o.jpg.vvv
==================== Ein Monat: Geänderte Dateien und Ordner ========
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)
2015-12-01 00:11 - 2014-11-27 07:27 - 00000000 ____D C:\Users\Ulla & Christian
2015-11-30 23:59 - 2013-09-12 20:04 - 00000884 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2015-11-30 23:51 - 2014-09-24 07:17 - 01989598 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2015-11-30 23:51 - 2014-09-24 06:43 - 00844836 _____ C:\WINDOWS\system32\perfh007.dat
2015-11-30 23:51 - 2014-09-24 06:43 - 00192568 _____ C:\WINDOWS\system32\perfc007.dat
2015-11-30 23:51 - 2013-08-22 14:36 - 00000000 ____D C:\WINDOWS\Inf
2015-11-30 23:45 - 2014-11-27 07:21 - 00000000 ____D C:\ProgramData\NVIDIA
2015-11-30 23:45 - 2013-08-22 16:36 - 00000000 ____D C:\WINDOWS\ADFS
2015-11-30 23:45 - 2013-08-22 15:45 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2015-11-30 23:45 - 2013-08-22 15:44 - 00505968 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2015-11-30 23:44 - 2013-08-22 14:25 - 00262144 ___SH C:\WINDOWS\system32\config\BBI
2015-11-30 23:06 - 2013-08-22 14:36 - 00000000 ____D C:\Windows
2015-11-30 13:55 - 2014-11-27 07:18 - 00000000 ___DC C:\WINDOWS\Panther
2015-11-30 13:14 - 2013-06-16 20:58 - 00003596 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3876800203-89553269-3656360523-1001
2015-11-29 21:46 - 2013-08-22 16:36 - 00000000 ____D C:\WINDOWS\tracing
2015-11-29 21:46 - 2013-08-22 16:36 - 00000000 ____D C:\WINDOWS\SysWOW64\FxsTmp
2015-11-29 21:45 - 2014-08-31 18:37 - 00000000 ___RD C:\Users\Ulla & Christian\SkyDrive
2015-11-29 21:45 - 2013-06-16 20:51 - 00000000 ____D C:\Users\Ulla & Christian\AppData\Local\VirtualStore
2015-11-29 21:34 - 2015-09-03 14:21 - 00000000 ____D C:\Users\Ulla & Christian\Neuer Ordner (2)
2015-11-29 21:34 - 2015-04-04 14:47 - 00000000 ____D C:\Users\Ulla & Christian\Neuer Ordner
2015-11-29 21:34 - 2013-10-05 10:52 - 00000000 ___RD C:\Users\Ulla & Christian\Dropbox
2015-11-29 21:34 - 2013-06-25 13:22 - 00000000 ____D C:\Users\Ulla & Christian\Mozilla Thunderbird
2015-11-29 21:33 - 2015-10-28 22:39 - 00113870 _____ C:\Users\Ulla & Christian\Downloads\ZIAUFEIN_gquatybzpgcfmcaexqtkhxyk6abcs.pdf.vvv
2015-11-29 21:33 - 2015-10-28 22:31 - 00020558 _____ C:\Users\Ulla & Christian\Downloads\_14576829_KuendigungsbestaetigungneuerLieferant_20151027_408d6e5b9a03c91b25785313609ad7d0.pdf.vvv
2015-11-29 21:33 - 2015-10-28 22:24 - 00021150 _____ C:\Users\Ulla & Christian\Downloads\_122679474_KuendigungsbestaetigungneuerLieferant_20151027_16f7742108956c86b068dca1a61d62c6.pdf.vvv
2015-11-29 21:33 - 2015-10-28 22:20 - 00566430 _____ C:\Users\Ulla & Christian\Downloads\005056881A0F1EE59F995BDDE2AF0EF0.pdf.vvv
2015-11-29 21:33 - 2015-10-25 12:55 - 01781646 _____ C:\Users\Ulla & Christian\Downloads\Ahnenblatt-Handbuch.pdf.vvv
2015-11-29 21:33 - 2015-09-28 21:21 - 00451534 _____ C:\Users\Ulla & Christian\Downloads\320.pdf.vvv
2015-11-29 21:33 - 2015-09-20 20:07 - 00313454 _____ C:\Users\Ulla & Christian\Downloads\_14576829_Preisinformation_20150908_005df263fe16be59a1e07e1fd8a76672.pdf.vvv
2015-11-29 21:33 - 2015-09-13 12:54 - 00122526 _____ C:\Users\Ulla & Christian\Downloads\2390_499_1.PDF.vvv
2015-11-29 21:33 - 2015-09-13 12:32 - 00114462 _____ C:\Users\Ulla & Christian\Downloads\2390_493_1.PDF.vvv
2015-11-29 21:33 - 2015-08-15 23:11 - 00000000 ____D C:\Users\Ulla & Christian\Downloads\Lacey
2015-11-29 21:33 - 2015-08-15 22:19 - 09891454 _____ C:\Users\Ulla & Christian\Downloads\freemusicdownloader_1-59.zip.vvv
2015-11-29 21:33 - 2015-05-17 20:41 - 00030910 _____ C:\Users\Ulla & Christian\Downloads\RS9823838721(1).pdf.vvv
2015-11-29 21:33 - 2015-05-17 20:38 - 00030910 _____ C:\Users\Ulla & Christian\Downloads\RS9823838721.pdf.vvv
2015-11-29 21:33 - 2015-04-11 15:42 - 00178222 _____ C:\Users\Ulla & Christian\Downloads\rlmpdf.pdf.vvv
2015-11-29 21:33 - 2015-03-06 20:40 - 00984990 _____ C:\Users\Ulla & Christian\Downloads\Bedarfsfeldbroschuere_Vermoegen_anlegen_VR.pdf.vvv
2015-11-29 21:33 - 2015-01-09 23:24 - 01414318 _____ C:\Users\Ulla & Christian\Downloads\Syno_QIG_2bay2_deu.pdf.vvv
2015-11-29 21:33 - 2014-12-26 20:27 - 30247390 _____ C:\Users\Ulla & Christian\Downloads\TL-WN851ND_V1_110114.zip.vvv
2015-11-29 21:33 - 2014-12-26 20:27 - 11537854 _____ C:\Users\Ulla & Christian\Downloads\TL-WN851ND_V1_Utility99.zip.vvv
2015-11-29 21:33 - 2014-12-26 20:26 - 21632238 _____ C:\Users\Ulla & Christian\Downloads\TL-WN851ND_v1_110825.zip.vvv
2015-11-29 21:33 - 2014-12-21 14:12 - 00027790 _____ C:\Users\Ulla & Christian\Downloads\RX_141221_Bestellbestaetigung_VID616_1412.pdf.vvv
2015-11-29 21:33 - 2014-11-23 21:39 - 00039278 _____ C:\Users\Ulla & Christian\Downloads\_14576829_Lieferbestaetigung_20141121_df4db33247be1b6428d8ec0eb7955911.pdf.vvv
2015-11-29 21:33 - 2014-10-25 22:41 - 00000000 ____D C:\Users\Ulla & Christian\Downloads\Gameforge Live
2015-11-29 21:33 - 2014-08-03 12:06 - 00225342 _____ C:\Users\Ulla & Christian\Downloads\testresultate_farbspruehgeraete.pdf.vvv
2015-11-29 21:33 - 2014-07-28 19:47 - 00916606 _____ C:\Users\Ulla & Christian\Downloads\flexibrass.pdf.vvv
2015-11-29 21:33 - 2014-05-27 19:08 - 00342942 _____ C:\Users\Ulla & Christian\Downloads\IMM1294E.PDF.vvv
2015-11-29 21:33 - 2014-05-27 18:54 - 01053998 _____ C:\Users\Ulla & Christian\Downloads\custodian-parent(1).pdf.vvv
2015-11-29 21:33 - 2014-05-10 14:46 - 00239358 _____ C:\Users\Ulla & Christian\Downloads\document.pdf.vvv
2015-11-29 21:33 - 2014-05-04 12:08 - 01053998 _____ C:\Users\Ulla & Christian\Downloads\custodian-parent.pdf.vvv
2015-11-29 21:33 - 2014-02-13 22:20 - 00078174 _____ C:\Users\Ulla & Christian\Downloads\identificationAstIdent.PDF.vvv
2015-11-29 21:33 - 2013-12-21 20:55 - 00001150 _____ C:\Users\Ulla & Christian\Downloads\umsatz-5232________0800-20131221.csv.vvv
2015-11-29 21:33 - 2013-12-01 19:02 - 00000000 ____D C:\Users\Ulla & Christian\Documents\SelfMV
2015-11-29 21:33 - 2013-10-05 20:18 - 00000000 ____D C:\Users\Ulla & Christian\Documents\Turbo Lister
2015-11-29 21:33 - 2013-07-25 15:22 - 00000000 ___RD C:\Users\Ulla & Christian\Documents\Scanned Documents
2015-11-29 21:33 - 2013-07-12 21:07 - 00509358 _____ C:\Users\Ulla & Christian\Downloads\15875_1373659579.pdf.vvv
2015-11-29 21:33 - 2013-07-12 21:05 - 00103934 _____ C:\Users\Ulla & Christian\Downloads\versicherungsbedingungen_indiv_praktikum.pdf.vvv
2015-11-29 21:33 - 2013-07-03 22:32 - 00000000 ____D C:\Users\Ulla & Christian\Documents\Volition
2015-11-29 21:33 - 2013-06-30 13:26 - 00000000 ____D C:\Users\Ulla & Christian\Documents\Turbo Lister Backup
2015-11-29 21:33 - 2013-06-23 12:08 - 00000000 ____D C:\Users\Ulla & Christian\Documents\WISO Mein Geld
2015-11-29 21:33 - 2013-06-17 21:43 - 00000000 ____D C:\Users\Ulla & Christian\Documents\samsung
2015-11-29 21:26 - 2014-11-17 00:01 - 00000000 ____D C:\Users\Ulla & Christian\AppData\Roaming\WorldofTanks
2015-11-29 21:26 - 2014-08-17 16:22 - 00000000 ____D C:\Users\Ulla & Christian\AppData\Roaming\Skype
2015-11-29 21:26 - 2013-09-25 20:16 - 00000000 ____D C:\Users\Ulla & Christian\Documents\My Games
2015-11-29 21:26 - 2013-07-25 15:22 - 00000000 ____D C:\Users\Ulla & Christian\Documents\Fax
2015-11-29 21:26 - 2013-07-25 12:37 - 00000000 ____D C:\Users\Ulla & Christian\Documents\Amazon MP3
2015-11-29 21:26 - 2013-07-05 20:19 - 00000000 ____D C:\Users\Ulla & Christian\AppData\Roaming\vlc
2015-11-29 21:26 - 2013-07-05 20:11 - 00000000 ____D C:\Users\Ulla & Christian\AppData\Roaming\WebApp
2015-11-29 21:26 - 2013-07-05 20:06 - 00000000 ____D C:\Users\Ulla & Christian\Documents\CyberLink
2015-11-29 21:26 - 2013-07-02 22:05 - 00000000 ____D C:\Users\Ulla & Christian\Documents\default
2015-11-29 21:26 - 2013-06-23 21:54 - 00000000 ____D C:\Users\Ulla & Christian\AppData\Roaming\Thunderbird
2015-11-29 21:26 - 2013-06-22 08:01 - 00000000 ____D C:\Users\Ulla & Christian\AppData\Roaming\Wargaming.net
2015-11-29 21:26 - 2013-06-21 22:14 - 00000000 ____D C:\Users\Ulla & Christian\Bilder
2015-11-29 21:26 - 2013-06-18 01:05 - 00000000 ____D C:\Users\Ulla & Christian\AppData\Roaming\WinBatch
2015-11-29 21:26 - 2013-06-17 13:03 - 00000000 ____D C:\Users\Ulla & Christian\Documents\Ahnenblatt
2015-11-29 21:26 - 2013-06-16 20:50 - 00000000 ___HD C:\Users\Ulla & Christian\Documents\hp.system.package.metadata
2015-11-29 21:26 - 2013-06-16 20:50 - 00000000 ___HD C:\Users\Ulla & Christian\Documents\hp.applications.package.appdata
2015-11-29 21:25 - 2015-10-25 13:02 - 00000000 ____D C:\Users\Ulla & Christian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Ahnenblatt
2015-11-29 21:25 - 2015-05-17 15:43 - 00000000 ____D C:\Users\Ulla & Christian\AppData\LocalLow\Hewlett-Packard
2015-11-29 21:25 - 2015-05-17 15:42 - 00000000 ____D C:\Users\Ulla & Christian\AppData\Roaming\HpUpdate
2015-11-29 21:25 - 2014-12-25 23:08 - 00000000 ____D C:\Users\Ulla & Christian\AppData\Roaming\java
2015-11-29 21:25 - 2014-12-25 23:08 - 00000000 ____D C:\Users\Ulla & Christian\AppData\Roaming\.minecraft
2015-11-29 21:25 - 2014-12-24 22:48 - 00000000 __SHD C:\Users\Ulla & Christian\AppData\LocalLow\EmieSiteList
2015-11-29 21:25 - 2014-12-13 11:06 - 00000000 ____D C:\Users\Ulla & Christian\AppData\Roaming\hpqLog
2015-11-29 21:25 - 2014-11-20 09:32 - 00000000 ____D C:\Users\Ulla & Christian\AppData\Roaming\Iminent
2015-11-29 21:25 - 2014-11-17 00:03 - 00000000 ____D C:\Users\Ulla & Christian\AppData\Roaming\Opera Software
2015-11-29 21:25 - 2014-11-17 00:01 - 00000000 ____D C:\Users\Ulla & Christian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WorldofTanks
2015-11-29 21:25 - 2014-11-17 00:01 - 00000000 ____D C:\Users\Ulla & Christian\AppData\Local\WorldofTanks
2015-11-29 21:25 - 2014-09-24 19:55 - 00000000 ____D C:\Users\Ulla & Christian\AppData\LocalLow\Temp
2015-11-29 21:25 - 2014-08-17 16:22 - 00000000 ____D C:\Users\Ulla & Christian\AppData\Local\Skype
2015-11-29 21:25 - 2014-02-02 11:21 - 00000000 ____D C:\Users\Ulla & Christian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google+ Auto Backup
2015-11-29 21:25 - 2013-12-22 18:24 - 00000000 ____D C:\Users\Ulla & Christian\AppData\LocalLow\Sun
2015-11-29 21:25 - 2013-10-05 20:51 - 00000000 ____D C:\Users\Ulla & Christian\AppData\Roaming\ArcSoft
2015-11-29 21:25 - 2013-10-05 10:49 - 00000000 ____D C:\Users\Ulla & Christian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2015-11-29 21:25 - 2013-10-05 10:48 - 00000000 ____D C:\Users\Ulla & Christian\AppData\Roaming\Dropbox
2015-11-29 21:25 - 2013-09-25 20:16 - 00000000 ____D C:\Users\Ulla & Christian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WarThunder
2015-11-29 21:25 - 2013-09-25 20:16 - 00000000 ____D C:\Users\Ulla & Christian\AppData\Local\WarThunder
2015-11-29 21:25 - 2013-09-01 20:00 - 00000000 ____D C:\Users\Ulla & Christian\AppData\Roaming\Leadertech
2015-11-29 21:25 - 2013-08-27 20:03 - 00000000 ____D C:\Users\Ulla & Christian\AppData\Roaming\ICAClient
2015-11-29 21:25 - 2013-08-26 19:55 - 00000000 ____D C:\Users\Ulla & Christian\AppData\Local\Sophos
2015-11-29 21:25 - 2013-08-26 19:50 - 00000000 ____D C:\Users\Ulla & Christian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Sophos
2015-11-29 21:25 - 2013-08-09 18:00 - 00000000 ____D C:\Users\Ulla & Christian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\GameShadow
2015-11-29 21:25 - 2013-08-07 20:57 - 00000000 __RHD C:\Users\Ulla & Christian\AppData\Roaming\SecuROM
2015-11-29 21:25 - 2013-07-25 12:37 - 00000000 ____D C:\Users\Ulla & Christian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Amazon
2015-11-29 21:25 - 2013-07-25 12:37 - 00000000 ____D C:\Users\Ulla & Christian\AppData\Roaming\Amazon
2015-11-29 21:25 - 2013-07-25 12:37 - 00000000 ____D C:\Users\Ulla & Christian\AppData\Local\Program Files
2015-11-29 21:25 - 2013-07-10 21:30 - 00000000 ____D C:\Users\Ulla & Christian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\LaserSoft Imaging
2015-11-29 21:25 - 2013-07-10 21:27 - 00000000 ____D C:\Users\Ulla & Christian\AppData\Roaming\Lasersoft Imaging
2015-11-29 21:25 - 2013-07-05 20:39 - 00000000 ____D C:\Users\Ulla & Christian\AppData\Roaming\Media Player Classic
2015-11-29 21:25 - 2013-07-05 20:36 - 00000462 _____ C:\Users\Ulla & Christian\AppData\Roaming\AVSDVDPlayer.m3u.vvv
2015-11-29 21:25 - 2013-07-05 20:34 - 00000000 ____D C:\Users\Ulla & Christian\AppData\Roaming\dvdcss
2015-11-29 21:25 - 2013-07-05 20:13 - 00000000 ____D C:\Users\Ulla & Christian\AppData\Local\Windows Live
2015-11-29 21:25 - 2013-07-05 20:06 - 00000000 ____D C:\Users\Ulla & Christian\AppData\Roaming\CyberLink
2015-11-29 21:25 - 2013-07-05 19:55 - 00000000 ____D C:\Users\Ulla & Christian\AppData\Roaming\Mozilla
2015-11-29 21:25 - 2013-07-03 22:40 - 00000000 ____D C:\Users\Ulla & Christian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Wing Commander Saga
2015-11-29 21:25 - 2013-07-03 22:24 - 00000000 ____D C:\Users\Ulla & Christian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Spiele
2015-11-29 21:25 - 2013-07-02 22:15 - 00000000 ____D C:\Users\Ulla & Christian\AppData\Roaming\AVS4YOU
2015-11-29 21:25 - 2013-07-02 22:01 - 00000000 ____D C:\Users\Ulla & Christian\AppData\Roaming\Ashampoo
2015-11-29 21:25 - 2013-07-02 13:12 - 00000000 ____D C:\Users\Ulla & Christian\AppData\LocalLow\UtilityChest_49EI
2015-11-29 21:25 - 2013-07-02 06:37 - 00000000 ____D C:\Users\Ulla & Christian\AppData\Roaming\Canon
2015-11-29 21:25 - 2013-07-01 22:08 - 00000000 ____D C:\Users\Ulla & Christian\AppData\LocalLow\Adobe
2015-11-29 21:25 - 2013-06-23 21:54 - 00000000 ____D C:\Users\Ulla & Christian\AppData\Local\Thunderbird
2015-11-29 21:25 - 2013-06-23 20:27 - 00000000 ____D C:\Users\Ulla & Christian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AVS4YOU
2015-11-29 21:25 - 2013-06-23 18:02 - 00000000 ____D C:\Users\Ulla & Christian\AppData\Roaming\Avira
2015-11-29 21:25 - 2013-06-23 17:55 - 00000000 ____D C:\Users\Ulla & Christian\AppData\Roaming\Canneverbe Limited
2015-11-29 21:25 - 2013-06-23 12:08 - 00000000 ____D C:\Users\Ulla & Christian\AppData\Roaming\Buhl Data Service GmbH
2015-11-29 21:25 - 2013-06-23 12:08 - 00000000 ____D C:\Users\Ulla & Christian\AppData\Roaming\Buhl Data Service
2015-11-29 21:25 - 2013-06-19 21:22 - 00000000 ____D C:\Users\Ulla & Christian\AppData\Roaming\NVIDIA
2015-11-29 21:25 - 2013-06-18 13:18 - 00000000 ____D C:\Users\Ulla & Christian\AppData\Roaming\Microsoft Web Folders
2015-11-29 21:25 - 2013-06-17 21:54 - 00000000 ____D C:\Users\Ulla & Christian\AppData\Roaming\MediaMonkey
2015-11-29 21:25 - 2013-06-17 21:47 - 00000000 ____D C:\Users\Ulla & Christian\AppData\Roaming\igdhbblpcellaljokkpfhcjlagemhgjl
2015-11-29 21:25 - 2013-06-17 21:46 - 00000000 ____D C:\Users\Ulla & Christian\AppData\Roaming\Opera
2015-11-29 21:25 - 2013-06-17 21:46 - 00000000 ____D C:\Users\Ulla & Christian\AppData\Roaming\OCS
2015-11-29 21:25 - 2013-06-17 21:43 - 00000000 ____D C:\Users\Ulla & Christian\AppData\Roaming\Samsung
2015-11-29 21:25 - 2013-06-17 21:43 - 00000000 ____D C:\Users\Ulla & Christian\AppData\Local\Samsung
2015-11-29 21:25 - 2013-06-17 13:02 - 00000000 ____D C:\Users\Ulla & Christian\AppData\Roaming\Ahnenblatt
2015-11-29 21:25 - 2013-06-16 21:38 - 00000000 ____D C:\Users\Ulla & Christian\AppData\Roaming\Macromedia
2015-11-29 21:25 - 2013-06-16 20:53 - 00000000 ____D C:\Users\Ulla & Christian\AppData\Roaming\Adobe
2015-11-29 21:25 - 2013-06-16 20:51 - 00000000 ____D C:\Users\Ulla & Christian\AppData\Roaming\Hewlett-Packard
2015-11-29 21:25 - 2013-06-16 20:51 - 00000000 ____D C:\Users\Ulla & Christian\AppData\Local\Power2Go8
2015-11-29 21:25 - 2013-06-16 20:51 - 00000000 ____D C:\Users\Ulla & Christian\AppData\Local\Packages
2015-11-29 21:24 - 2014-11-17 00:03 - 00000000 ____D C:\Users\Ulla & Christian\AppData\Local\Opera Software
2015-11-29 21:24 - 2013-06-21 20:57 - 00000000 ____D C:\Users\Ulla & Christian\AppData\Local\Microsoft Help
2015-11-29 21:24 - 2013-06-17 22:31 - 00000000 ____D C:\Users\Ulla & Christian\AppData\Local\Mozilla
2015-11-29 21:23 - 2015-06-09 21:46 - 00000000 ____D C:\Users\Ulla & Christian\AppData\Local\GWX
2015-11-29 21:23 - 2015-05-17 15:43 - 00000000 ____D C:\ProgramData\Visan
2015-11-29 21:23 - 2015-01-10 22:40 - 00000000 ____D C:\ProgramData\Synology
2015-11-29 21:23 - 2014-11-27 07:20 - 00000000 ____D C:\ProgramData\NVIDIA Corporation
2015-11-29 21:23 - 2014-11-17 00:04 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
2015-11-29 21:23 - 2014-08-31 18:37 - 00000000 ____D C:\ProgramData\Microsoft OneDrive
2015-11-29 21:23 - 2014-08-17 16:22 - 00000000 ____D C:\ProgramData\Skype
2015-11-29 21:23 - 2013-12-22 18:26 - 00000000 ____D C:\ProgramData\Sun
2015-11-29 21:23 - 2013-12-22 18:26 - 00000000 ____D C:\ProgramData\Oracle
2015-11-29 21:23 - 2013-11-14 20:02 - 00000000 ____D C:\Users\Public\Documents\CrashDump
2015-11-29 21:23 - 2013-11-10 17:07 - 00000000 ____D C:\ProgramData\tmp
2015-11-29 21:23 - 2013-10-03 19:03 - 00000000 ____D C:\Users\Ulla & Christian\2013_10_03
2015-11-29 21:23 - 2013-09-25 20:16 - 00000000 ____D C:\ProgramData\WarThunder
2015-11-29 21:23 - 2013-09-25 20:13 - 00000000 ____D C:\Users\Ulla & Christian\AppData\Local\Gameforge4d
2015-11-29 21:23 - 2013-09-01 20:05 - 00000000 ____D C:\Users\Ulla & Christian\AppData\Local\Logitech® Webcam-Software
2015-11-29 21:23 - 2013-08-27 20:03 - 00000000 ____D C:\Users\Ulla & Christian\AppData\Local\Citrix
2015-11-29 21:23 - 2013-08-22 16:36 - 00000000 __RHD C:\Users\Public\Libraries
2015-11-29 21:23 - 2013-07-12 20:34 - 00000000 ____D C:\Users\Ulla & Christian\AppData\Local\Apps\2.0
2015-11-29 21:23 - 2013-07-05 20:06 - 00000000 ____D C:\Users\Public\CyberLink
2015-11-29 21:23 - 2013-07-04 20:16 - 00000000 ____D C:\Users\Ulla & Christian\AppData\Local\Logitech
2015-11-29 21:23 - 2013-07-03 22:25 - 00000000 ____D C:\Users\Ulla & Christian\AppData\Local\DFH
2015-11-29 21:23 - 2013-07-03 22:25 - 00000000 ____D C:\Users\Public\Documents\Softwrap
2015-11-29 21:23 - 2013-07-02 22:00 - 00000000 ____D C:\Users\Ulla & Christian\AppData\Local\ashampoo
2015-11-29 21:23 - 2013-07-02 06:30 - 00000000 ____D C:\Users\Ulla & Christian\AppData\Local\HP
2015-11-29 21:23 - 2013-06-30 15:28 - 00000000 ____D C:\Users\Ulla & Christian\AppData\Local\HP Quick Start
2015-11-29 21:23 - 2013-06-23 18:11 - 00000000 ____D C:\Users\Ulla & Christian\AppData\Local\ArcSoft
2015-11-29 21:23 - 2013-06-23 12:08 - 00000000 ____D C:\Users\Ulla & Christian\AppData\Local\Buhl Data Service
2015-11-29 21:23 - 2013-06-23 11:54 - 00000000 ____D C:\Users\Ulla & Christian\AppData\Local\Macromedia
2015-11-29 21:23 - 2013-06-17 22:27 - 00000000 ____D C:\ProgramData\Mozilla
2015-11-29 21:23 - 2013-06-17 21:59 - 00000000 ____D C:\Users\Ulla & Christian\AppData\Local\Google
2015-11-29 21:23 - 2013-06-17 21:54 - 00000000 ____D C:\Users\Ulla & Christian\AppData\Local\MediaMonkey
2015-11-29 21:23 - 2013-06-17 21:43 - 00000000 ____D C:\Users\Public\Documents\NativeFus_Log
2015-11-29 21:23 - 2013-06-17 21:33 - 00000000 ____D C:\ProgramData\Samsung
2015-11-29 21:23 - 2013-06-17 21:31 - 00000000 ____D C:\Users\Ulla & Christian\AppData\Local\Downloaded Installations
2015-11-29 21:23 - 2013-06-17 21:30 - 00000000 ____D C:\Users\Ulla & Christian\AppData\Local\Adobe
2015-11-29 21:23 - 2013-06-16 21:18 - 00000000 ____D C:\Users\Ulla & Christian\AppData\Local\Hewlett-Packard
2015-11-29 21:23 - 2013-06-16 20:44 - 00000000 __RHD C:\Users\Public\AccountPictures
2015-11-29 21:23 - 2013-01-12 06:38 - 00000000 ____D C:\Users\Public\Symantec
2015-11-29 21:23 - 2013-01-12 06:38 - 00000000 ____D C:\ProgramData\Norton
2015-11-29 21:23 - 2013-01-12 06:37 - 00000000 ____D C:\ProgramData\NortonInstaller
2015-11-29 21:23 - 2013-01-12 06:36 - 00000000 ____D C:\ProgramData\Microsoft SkyDrive
2015-11-29 21:23 - 2013-01-12 06:23 - 00000000 ____D C:\ProgramData\Temp
2015-11-29 21:23 - 2013-01-12 06:14 - 00000000 ____D C:\ProgramData\SoundResearch
2015-11-29 21:23 - 2012-08-10 16:06 - 00000000 ____D C:\ProgramData\PRICache
2015-11-29 21:23 - 2010-01-25 22:35 - 00000000 ___DC C:\ProgramData\Mozilla Thunderbird
2015-11-29 21:22 - 2015-05-17 15:43 - 00000000 ____D C:\ProgramData\HP Photo Creations
2015-11-29 21:22 - 2015-05-17 15:41 - 00000000 ____D C:\ProgramData\HP
2015-11-29 21:22 - 2014-12-20 16:57 - 00000000 ____D C:\ProgramData\McAfee Security Scan
2015-11-29 21:22 - 2014-11-20 09:32 - 00000000 ____D C:\ProgramData\Iminent
2015-11-29 21:22 - 2013-11-26 07:45 - 00000000 ____D C:\ProgramData\McAfee
2015-11-29 21:22 - 2013-11-10 17:07 - 00000000 ____D C:\ProgramData\hps
2015-11-29 21:22 - 2013-09-01 21:25 - 00000000 ____D C:\ProgramData\FLEXnet
2015-11-29 21:22 - 2013-09-01 20:00 - 00000000 ____D C:\ProgramData\LogiShrd
2015-11-29 21:22 - 2013-07-03 22:32 - 00000000 ____D C:\ProgramData\InstallMate
2015-11-29 21:22 - 2013-06-23 18:07 - 00000000 ____D C:\ProgramData\eBay
2015-11-29 21:22 - 2013-06-21 22:16 - 00000000 ____D C:\ProgramData\MediaMonkey
2015-11-29 21:22 - 2013-01-12 06:25 - 00000000 ____D C:\ProgramData\install_clap
2015-11-29 21:22 - 2013-01-12 06:19 - 00000000 ____D C:\ProgramData\Hewlett-Packard
2015-11-29 21:21 - 2015-01-10 19:07 - 00000000 ___HD C:\ProgramData\CanonIJEGV
2015-11-29 21:21 - 2014-11-27 08:00 - 00000000 ____D C:\ProgramData\AmUStor
2015-11-29 21:21 - 2013-08-27 20:03 - 00000000 ____D C:\ProgramData\Citrix
2015-11-29 21:21 - 2013-07-02 22:20 - 00000000 ____D C:\ProgramData\AomeiBR
2015-11-29 21:21 - 2013-07-02 22:00 - 00000000 ____D C:\ProgramData\Ashampoo
2015-11-29 21:21 - 2013-07-02 06:37 - 00000000 ___HD C:\ProgramData\CanonIJScan
2015-11-29 21:21 - 2013-07-01 20:47 - 00000000 ____D C:\ProgramData\Adobe
2015-11-29 21:21 - 2013-06-23 20:30 - 00000000 ____D C:\ProgramData\AVS4YOU
2015-11-29 21:21 - 2013-06-23 18:11 - 00000000 ____D C:\ProgramData\ArcSoft
2015-11-29 21:21 - 2013-06-23 17:57 - 00000000 ____D C:\ProgramData\Avira
2015-11-29 21:21 - 2013-06-23 17:55 - 00000000 ____D C:\ProgramData\Canneverbe Limited
2015-11-29 21:21 - 2013-06-23 11:35 - 00000000 ____D C:\ProgramData\Buhl Data Service GmbH
2015-11-29 21:21 - 2013-01-12 06:26 - 00000000 ____D C:\ProgramData\CyberLink
2015-11-29 21:21 - 2013-01-12 06:26 - 00000000 ____D C:\ProgramData\Apple
2015-11-29 21:18 - 2012-10-12 04:21 - 00000000 _RSHD C:\SYSTEM.SAV
2015-11-29 21:17 - 2013-07-01 23:00 - 00000000 ____D C:\Program Files (x86)l
2015-11-29 21:17 - 2013-06-18 21:29 - 00000000 ____D C:\sources
2015-11-29 21:17 - 2012-10-12 04:24 - 00000000 ____D C:\SWSETUP
2015-11-29 21:16 - 2014-07-03 20:43 - 00000000 ____D C:\My Music
2015-11-29 21:16 - 2013-01-07 12:12 - 00000000 _RSHD C:\hp
2015-11-28 23:24 - 2012-07-26 08:59 - 00000000 ____D C:\WINDOWS\CbsTemp
2015-11-23 06:45 - 2013-08-22 16:36 - 00000000 ____D C:\WINDOWS\AppReadiness
2015-11-18 20:56 - 2015-10-06 19:48 - 00001048 _____ C:\Users\Jan\Desktop\nativelog.txt
2015-11-18 20:56 - 2015-10-03 14:43 - 00000000 ____D C:\Users\Jan\AppData\Roaming\.minecraft
2015-11-18 20:30 - 2015-10-01 13:15 - 00003594 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3876800203-89553269-3656360523-1003
2015-11-18 20:25 - 2013-08-22 16:36 - 00000000 ___HD C:\Program Files\WindowsApps
2015-11-16 23:50 - 2013-08-22 16:36 - 00000000 ____D C:\WINDOWS\Registration
2015-11-15 17:06 - 2014-12-20 16:57 - 00001959 _____ C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk
2015-11-13 22:18 - 2013-08-22 16:36 - 00000000 ____D C:\WINDOWS\rescache
2015-11-12 23:13 - 2013-08-22 16:36 - 00000000 ___RD C:\WINDOWS\ToastData
2015-11-12 21:39 - 2013-06-21 20:57 - 00000000 ____D C:\ProgramData\Microsoft Help
2015-11-12 21:34 - 2013-08-27 20:47 - 00000000 ____D C:\WINDOWS\system32\MRT
2015-11-12 21:29 - 2013-06-17 22:17 - 145617392 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2015-11-10 23:24 - 2015-05-07 21:02 - 00002274 _____ C:\Users\Public\Desktop\Avira Antivirus.lnk
2015-11-10 21:59 - 2014-11-29 17:24 - 00003772 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2015-11-08 13:16 - 2015-03-08 14:44 - 00000000 ____D C:\WINDOWS\Minidump
2015-11-08 10:34 - 2015-04-23 12:23 - 00000000 ___RD C:\Users\Ulla & Christian\Desktop\Spiele
2015-11-07 22:39 - 2013-06-17 22:31 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2015-11-07 18:16 - 2013-06-21 23:19 - 00000000 ____D C:\Program Files (x86)\Spiele
2015-11-03 01:23 - 2014-12-13 10:44 - 00810488 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2015-11-03 01:23 - 2014-12-13 10:44 - 00176632 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
==================== Dateien im Wurzelverzeichnis einiger Verzeichnisse =======
2013-06-23 18:04 - 2006-07-18 08:49 - 0587249 _____ (MAGIX AG) C:\Program Files (x86)\addoninstall.exe
2013-06-23 18:04 - 2002-02-13 07:00 - 0022016 _____ (Borland Software Corporation) C:\Program Files (x86)\borlndmm.dll
2013-06-23 18:04 - 2003-03-17 05:04 - 1500160 _____ (Borland Corporation) C:\Program Files (x86)\cc3260mt.dll
2013-06-23 18:04 - 2006-06-28 08:32 - 0004694 _____ () C:\Program Files (x86)\e-mode-upgradedialog.rtf
2013-06-23 18:04 - 2006-06-28 08:32 - 0004716 _____ () C:\Program Files (x86)\e-mode-upgradedlg-exit.rtf
2013-06-23 18:04 - 2013-06-23 18:04 - 0002885 _____ () C:\Program Files (x86)\e-mode.ini
2013-06-23 18:04 - 2006-06-28 09:55 - 0315392 _____ (MAGIX AG) C:\Program Files (x86)\eModeUpgradeDlg.dll
2013-06-23 18:04 - 2003-02-12 10:20 - 0028672 _____ () C:\Program Files (x86)\explore.exe
2013-06-23 18:04 - 2006-07-26 15:46 - 2442752 _____ (MAGIX) C:\Program Files (x86)\FotoClinic.exe
2013-06-23 18:04 - 2013-06-23 18:04 - 0000707 _____ () C:\Program Files (x86)\FotoClinic.ini
2013-06-23 18:04 - 2013-06-23 18:04 - 0001138 _____ () C:\Program Files (x86)\Install.cfg
2013-06-23 18:04 - 2013-06-23 18:04 - 0040289 _____ () C:\Program Files (x86)\INSTALL.LOG
2013-06-23 18:04 - 2013-06-23 18:04 - 0006564 _____ () C:\Program Files (x86)\INSTALL1.LOG
2013-06-23 18:04 - 2006-07-17 09:58 - 0184320 _____ (MAGIX AG) C:\Program Files (x86)\instslct.exe
2013-06-23 18:04 - 2006-07-26 15:29 - 0100352 _____ () C:\Program Files (x86)\libpng.dll
2013-06-23 18:04 - 2005-06-16 08:43 - 0008980 _____ () C:\Program Files (x86)\license.txt
2013-06-23 18:04 - 2005-08-08 14:51 - 0786305 _____ () C:\Program Files (x86)\MAGIX Creation Logo.pdf
2013-06-23 18:04 - 2004-04-15 14:48 - 0032768 _____ () C:\Program Files (x86)\MagixUpdater.exe
2013-06-23 18:04 - 2006-04-25 09:27 - 0014810 _____ () C:\Program Files (x86)\order.rtf
2013-06-23 18:04 - 2005-03-04 17:51 - 0005509 _____ () C:\Program Files (x86)\pa.cnt
2013-06-23 18:04 - 2005-03-04 17:51 - 0361656 _____ () C:\Program Files (x86)\pa.hlp
2013-06-23 18:04 - 2006-07-26 15:46 - 0055296 _____ () C:\Program Files (x86)\palng.dll
2013-06-23 18:04 - 2006-07-26 15:45 - 0240128 _____ () C:\Program Files (x86)\pcomponents.bpl
2013-06-23 18:04 - 2006-07-26 15:29 - 0018432 _____ () C:\Program Files (x86)\ps8bf.dll
2013-06-23 18:04 - 2013-06-23 18:04 - 0002757 _____ () C:\Program Files (x86)\register.rtf
2013-06-23 18:04 - 1999-12-10 12:00 - 0431376 _____ (Microsoft Corporation) C:\Program Files (x86)\riched20.dll
2013-06-23 18:04 - 2003-03-17 05:04 - 0685056 _____ (Borland Software Corporation) C:\Program Files (x86)\rtl60.bpl
2013-06-23 18:04 - 2003-03-17 05:04 - 0618496 _____ () C:\Program Files (x86)\stlpmt45.dll
2013-06-23 18:04 - 2005-11-02 14:34 - 0016460 _____ () C:\Program Files (x86)\support.rtf
2013-06-23 18:04 - 2006-07-17 12:30 - 0129024 _____ () C:\Program Files (x86)\uninstall.exe
2013-06-23 18:04 - 2002-02-18 10:06 - 0006034 _____ () C:\Program Files (x86)\uninstall.ini
2013-06-23 18:04 - 2006-07-17 10:09 - 0081920 _____ (MAGIX AG) C:\Program Files (x86)\unwise.adf
2013-06-23 18:04 - 2006-07-17 10:10 - 0176128 _____ (MAGIX AG) C:\Program Files (x86)\unwise.exe
2013-06-23 18:04 - 2013-06-23 18:04 - 0000723 _____ () C:\Program Files (x86)\unwise.ini
2013-06-23 18:04 - 2006-07-26 13:50 - 0139264 _____ () C:\Program Files (x86)\UpgradeInfo.exe
2013-06-23 18:04 - 2006-02-14 14:03 - 0024576 _____ (Magix AG) C:\Program Files (x86)\Validation.exe
2013-06-23 18:04 - 2013-06-23 18:04 - 0000140 _____ () C:\Program Files (x86)\Validation.ini
2013-06-23 18:04 - 2002-02-13 07:00 - 1326080 _____ (Borland Software Corporation) C:\Program Files (x86)\vcl60.bpl
2013-06-23 18:04 - 2006-07-26 15:29 - 0046080 _____ () C:\Program Files (x86)\zlib.dll
2015-11-30 13:54 - 2015-11-30 13:56 - 0000050 _____ () C:\Users\Ulla & Christian\AppData\Roaming\AVSDVDPlayer.m3u
2013-07-05 20:36 - 2015-11-29 21:25 - 0000462 _____ () C:\Users\Ulla & Christian\AppData\Roaming\AVSDVDPlayer.m3u.vvv
2015-11-29 21:23 - 2015-11-29 21:26 - 0006921 _____ () C:\Users\Ulla & Christian\AppData\Roaming\how_recover+yer.html
2015-11-29 21:23 - 2015-11-29 21:26 - 0002401 _____ () C:\Users\Ulla & Christian\AppData\Roaming\how_recover+yer.txt
2013-12-25 21:18 - 2015-10-20 22:01 - 0028256 _____ () C:\Users\Ulla & Christian\AppData\Roaming\Kommagetrennte Werte (Windows).ADR
2013-12-25 21:14 - 2013-12-25 21:16 - 0028295 _____ () C:\Users\Ulla & Christian\AppData\Roaming\Tabulatorgetrennte Werte (Windows).ADR
2013-10-20 11:29 - 2015-07-02 13:29 - 0005632 _____ () C:\Users\Ulla & Christian\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2015-11-29 21:23 - 2015-11-29 21:34 - 0006921 _____ () C:\Users\Ulla & Christian\AppData\Local\how_recover+yer.html
2015-11-29 21:23 - 2015-11-29 21:34 - 0002401 _____ () C:\Users\Ulla & Christian\AppData\Local\how_recover+yer.txt
2013-12-10 20:40 - 2015-09-13 22:27 - 0007605 _____ () C:\Users\Ulla & Christian\AppData\Local\resmon.resmoncfg
2015-05-17 15:41 - 2015-05-17 15:41 - 0000057 _____ () C:\ProgramData\Ament.ini
2015-11-29 21:21 - 2015-11-29 21:23 - 0006921 _____ () C:\ProgramData\how_recover+yer.html
2015-11-29 21:21 - 2015-11-29 21:23 - 0002401 _____ () C:\ProgramData\how_recover+yer.txt
2013-06-16 20:51 - 2013-06-16 20:51 - 0000141 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.351.64.bc
2013-07-10 21:31 - 2013-07-10 21:42 - 0020531 ____H () C:\ProgramData\R49LW
Einige Dateien in TEMP:
====================
C:\Users\Jan\AppData\Local\Temp\avgnt.exe
C:\Users\Ulla & Christian\AppData\Local\Temp\avgnt.exe
==================== Bamital & volsnap =================
(Es ist kein automatischer Fix für Dateien vorhanden, die an der Verifikation gescheitert sind.)
C:\WINDOWS\system32\winlogon.exe => Datei ist digital signiert
C:\WINDOWS\system32\wininit.exe => Datei ist digital signiert
C:\WINDOWS\explorer.exe => Datei ist digital signiert
C:\WINDOWS\SysWOW64\explorer.exe => Datei ist digital signiert
C:\WINDOWS\system32\svchost.exe => Datei ist digital signiert
C:\WINDOWS\SysWOW64\svchost.exe => Datei ist digital signiert
C:\WINDOWS\system32\services.exe => Datei ist digital signiert
C:\WINDOWS\system32\User32.dll => Datei ist digital signiert
C:\WINDOWS\SysWOW64\User32.dll => Datei ist digital signiert
C:\WINDOWS\system32\userinit.exe => Datei ist digital signiert
C:\WINDOWS\SysWOW64\userinit.exe => Datei ist digital signiert
C:\WINDOWS\system32\rpcss.dll => Datei ist digital signiert
C:\WINDOWS\system32\dnsapi.dll => Datei ist digital signiert
C:\WINDOWS\SysWOW64\dnsapi.dll => Datei ist digital signiert
C:\WINDOWS\system32\Drivers\volsnap.sys => Datei ist digital signiert
LastRegBack: 2015-11-29 14:04
==================== Ende von FRST.txt ============================
|
|
01.12.2015, 20:46
| #4 |
| /// the machine /// TB-Ausbilder | Virus hängt an alle Dateien .vvv hi, Downloade dir bitte  Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.
Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers Downloade dir bitte  TDSSKiller.exe und speichere diese Datei auf dem Desktop
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
01.12.2015, 22:21
| #5 |
| | Virus hängt an alle Dateien .vvv Hallo, ich habe mbar gestern schon laufen lassen. Da hat es 3 Fehler gefunden und behoben. Heute Abend hat es nichts mehr gefunden. Code:
ATTFilter Malwarebytes Anti-Rootkit BETA 1.9.3.1001
www.malwarebytes.org
Database version:
main: v2015.12.01.06
rootkit: v2015.11.26.01
Windows 8.1 x64 NTFS
Internet Explorer 11.0.9600.18098
Ulla & Christian :: PC [administrator]
01.12.2015 21:33:42
mbar-log-2015-12-01 (21-33-42).txt
Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled:
Objects scanned: 435499
Time elapsed: 25 minute(s), 35 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
Physical Sectors Detected: 0
(No malicious items detected)
(end)
Code:
ATTFilter 22:13:25.0895 0x0ffc TDSS rootkit removing tool 3.1.0.7 Nov 29 2015 22:37:04
22:13:25.0895 0x0ffc UEFI system
22:14:08.0870 0x0ffc ============================================================
22:14:08.0870 0x0ffc Current date / time: 2015/12/01 22:14:08.0870
22:14:08.0870 0x0ffc SystemInfo:
22:14:08.0870 0x0ffc
22:14:08.0870 0x0ffc OS Version: 6.3.9600 ServicePack: 0.0
22:14:08.0870 0x0ffc Product type: Workstation
22:14:08.0870 0x0ffc ComputerName: PC
22:14:08.0870 0x0ffc UserName: Ulla & Christian
22:14:08.0870 0x0ffc Windows directory: C:\WINDOWS
22:14:08.0870 0x0ffc System windows directory: C:\WINDOWS
22:14:08.0870 0x0ffc Running under WOW64
22:14:08.0870 0x0ffc Processor architecture: Intel x64
22:14:08.0870 0x0ffc Number of processors: 4
22:14:08.0870 0x0ffc Page size: 0x1000
22:14:08.0870 0x0ffc Boot type: Normal boot
22:14:08.0870 0x0ffc ============================================================
22:14:09.0667 0x0ffc KLMD registered as C:\WINDOWS\system32\drivers\94715411.sys
22:14:10.0620 0x0ffc System UUID: {6E158DDA-BEF9-6DF3-D126-0B059BA19288}
22:14:12.0167 0x0ffc Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 ( 931.51 Gb ), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
22:14:12.0198 0x0ffc ============================================================
22:14:12.0198 0x0ffc \Device\Harddisk0\DR0:
22:14:12.0198 0x0ffc GPT partitions:
22:14:12.0198 0x0ffc \Device\Harddisk0\DR0\Partition1: GPT, TypeGUID: {DE94BBA4-06D1-4D40-A16A-BFD50179D6AC}, UniqueGUID: {25FDF47F-DF08-4C32-8441-7284723865BF}, Name: Basic data partition, StartLBA 0x800, BlocksNum 0x1FF800
22:14:12.0198 0x0ffc \Device\Harddisk0\DR0\Partition2: GPT, TypeGUID: {C12A7328-F81F-11D2-BA4B-00A0C93EC93B}, UniqueGUID: {AF2C3336-11DF-481C-AF98-0A66A58C2DB3}, Name: EFI system partition, StartLBA 0x200000, BlocksNum 0xB4000
22:14:12.0198 0x0ffc \Device\Harddisk0\DR0\Partition3: GPT, TypeGUID: {E3C9E316-0B5C-4DB8-817D-F92DF00215AE}, UniqueGUID: {22A34A73-B85E-42D8-A682-4F54106BADFB}, Name: Microsoft reserved partition, StartLBA 0x2B4000, BlocksNum 0x40000
22:14:12.0198 0x0ffc \Device\Harddisk0\DR0\Partition4: GPT, TypeGUID: {EBD0A0A2-B9E5-4433-87C0-68B6B72699C7}, UniqueGUID: {3E123CB9-3670-4D79-B747-C0A6C71D4E39}, Name: Basic data partition, StartLBA 0x2F4000, BlocksNum 0x23696000
22:14:12.0198 0x0ffc \Device\Harddisk0\DR0\Partition5: GPT, TypeGUID: {DE94BBA4-06D1-4D40-A16A-BFD50179D6AC}, UniqueGUID: {5C4895AA-990D-4E0D-9445-8ED4FBFF4265}, Name: , StartLBA 0x2398A000, BlocksNum 0xE1000
22:14:12.0198 0x0ffc \Device\Harddisk0\DR0\Partition6: GPT, TypeGUID: {EBD0A0A2-B9E5-4433-87C0-68B6B72699C7}, UniqueGUID: {1F9B68AB-CE7D-44B8-9326-5858CA09620B}, Name: Basic data partition, StartLBA 0x23A6B000, BlocksNum 0x4F587800
22:14:12.0198 0x0ffc \Device\Harddisk0\DR0\Partition7: GPT, TypeGUID: {EBD0A0A2-B9E5-4433-87C0-68B6B72699C7}, UniqueGUID: {FEB7732C-BE78-4E55-93C6-0140768331DB}, Name: Basic data partition, StartLBA 0x72FF3000, BlocksNum 0x1713800
22:14:12.0198 0x0ffc MBR partitions:
22:14:12.0198 0x0ffc ============================================================
22:14:12.0214 0x0ffc C: <-> \Device\Harddisk0\DR0\Partition4
22:14:12.0261 0x0ffc D: <-> \Device\Harddisk0\DR0\Partition7
22:14:12.0308 0x0ffc G: <-> \Device\Harddisk0\DR0\Partition6
22:14:12.0308 0x0ffc ============================================================
22:14:12.0308 0x0ffc Initialize success
22:14:12.0308 0x0ffc ============================================================
22:15:23.0620 0x1428 ============================================================
22:15:23.0620 0x1428 Scan started
22:15:23.0620 0x1428 Mode: Manual; SigCheck; TDLFS;
22:15:23.0620 0x1428 ============================================================
22:15:23.0636 0x1428 KSN ping started
22:15:26.0120 0x1428 KSN ping finished: true
22:15:28.0745 0x1428 ================ Scan system memory ========================
22:15:28.0745 0x1428 System memory - ok
22:15:28.0745 0x1428 ================ Scan services =============================
22:15:28.0948 0x1428 [ E1832BD9FD7E0FC2DC9FA5935DE3E8C1, 41FF7418887AFC8B9C96EF21C5950DD342CC9E3C0D87AFD60A05B988C1D6CC23 ] 1394ohci C:\WINDOWS\System32\drivers\1394ohci.sys
22:15:29.0027 0x1428 1394ohci - ok
22:15:29.0058 0x1428 [ AD508A1A46EC21B740AB31C28EFDFDB1, 9B1046CF0B80723149BD359B55CC0B8B3ABBEAA9038469F542A4C345C503FB02 ] 3ware C:\WINDOWS\system32\drivers\3ware.sys
22:15:29.0073 0x1428 3ware - ok
22:15:29.0105 0x1428 [ E796AE43DDD1844281DB4D57294D17C0, 21AE69615044A96041E46476BE814B52C22624B6C7EA6BFC77BB64F69C3C21F5 ] ACPI C:\WINDOWS\system32\drivers\ACPI.sys
22:15:29.0136 0x1428 ACPI - ok
22:15:29.0152 0x1428 [ AC8279D229398BCF05C3154ADCA86813, 083E86CBE53244D24C334DB1511C77025133AE7875191845764B890A8CA5AFA9 ] acpiex C:\WINDOWS\system32\Drivers\acpiex.sys
22:15:29.0167 0x1428 acpiex - ok
22:15:29.0198 0x1428 [ A8970D9BF23CD309E0403978A1B58F3F, 9946C8477104EEC7DB197E2222F9905307F101C398CCED4B5FD0F86A5622C791 ] acpipagr C:\WINDOWS\System32\drivers\acpipagr.sys
22:15:29.0214 0x1428 acpipagr - ok
22:15:29.0245 0x1428 [ 111A89C99C5B4F1A7BCE5F643DD86F65, 41A2E49FF443927D05F7EF638518108227852984E68D4663C8761178C0B84A45 ] AcpiPmi C:\WINDOWS\System32\drivers\acpipmi.sys
22:15:29.0323 0x1428 AcpiPmi - ok
22:15:29.0386 0x1428 [ 5758387D68A20AE7D3245011B07E36E7, 77832E200E8B0D259552F6F60FE454A887E3EBBB9EA2F3590E6645289A04E293 ] acpitime C:\WINDOWS\System32\drivers\acpitime.sys
22:15:29.0448 0x1428 acpitime - ok
22:15:29.0573 0x1428 [ D9881575C4166AE3A92118ECC217B079, 8D5D5A281576AD18D4C49CF022B28B095528D8E0FEA51AC1C28030547822317D ] ADExchange C:\Program Files (x86)\Common Files\ArcSoft\esinter\Bin\eservutil.exe
22:15:29.0605 0x1428 ADExchange - ok
22:15:29.0683 0x1428 [ 34400005DE52842C4D6D4EE978B4D7CE, E7C3121812284B9FE6A12910C67C98354BAF5DB74865A5B4E0C2E64852BDB50A ] AdobeActiveFileMonitor8.0 C:\Program Files (x86)\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe
22:15:29.0714 0x1428 AdobeActiveFileMonitor8.0 - ok
22:15:29.0777 0x1428 [ B362181ED3771DC03B4141927C80F801, 69514E5177A0AEA89C27C2234712F9F82E8D8F99E1FD4273898C9324C6FF7472 ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
22:15:29.0792 0x1428 AdobeARMservice - ok
22:15:29.0917 0x1428 [ 280A526E8111AC6A5BCC1A059E1E0340, FB92DDAE29A097D148AB23D8A0BD2B9E662EC1DBF0DA8B716374D6919B4C646F ] AdobeFlashPlayerUpdateSvc C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
22:15:30.0027 0x1428 AdobeFlashPlayerUpdateSvc - ok
22:15:30.0183 0x1428 [ 7C1FDF1B48298CBA7CE4BDD4978951AD, 80F4D536E1231B30E836F72ADC8814AE6AA9FEC573FB5F3F965FAC8ABCCAF0F8 ] ADP80XX C:\WINDOWS\system32\drivers\ADP80XX.SYS
22:15:30.0214 0x1428 ADP80XX - ok
22:15:30.0245 0x1428 [ BCD58DACAA1EAAADC115EDD940478F6D, F31613F583C302F62A00E6766B031531C9E193CAED563689B178BA257715B992 ] AeLookupSvc C:\WINDOWS\System32\aelupsvc.dll
22:15:30.0292 0x1428 AeLookupSvc - ok
22:15:30.0339 0x1428 [ A460C3AF3755A2A79A3C8EFE72E147B5, 62CEA85DA53D86D3E7B5D79F94095C6126FFF3DEE1427BBF3DEF5EA366B4513B ] AFD C:\WINDOWS\system32\drivers\afd.sys
22:15:30.0386 0x1428 AFD - ok
22:15:30.0417 0x1428 [ 7DFAEBA9AD62D20102B576D5CAC45EC8, 9FA5207335303D1E8E9A3C9E1FB82C09AD21B04382F69D777A67E48EE91D2093 ] agp440 C:\WINDOWS\system32\drivers\agp440.sys
22:15:30.0417 0x1428 agp440 - ok
22:15:30.0448 0x1428 [ FE14D249D39368CA62D8DA6BC94AC694, E1036E22BFBD3750FD2D3DA6AB939B2DD54E824F4BD3E6539EF0E45AB5453DD1 ] ahcache C:\WINDOWS\system32\DRIVERS\ahcache.sys
22:15:30.0511 0x1428 ahcache - ok
22:15:30.0542 0x1428 [ 14A45BE6F5678339F0EC5752D9849410, DD0F60E96FAC68FBD5B86382E541408C613BD0F871D0E0A1EF9AB6E7B26E545C ] ALG C:\WINDOWS\System32\alg.exe
22:15:30.0573 0x1428 ALG - ok
22:15:30.0605 0x1428 [ E019017558B28A707119F8545AD1A1C0, 7A080DB2BDD1AE7E849EE79BF42B737D78A4F6EA6D07F61D6E994D7A383E9551 ] ambakdrv C:\WINDOWS\system32\ambakdrv.sys
22:15:30.0620 0x1428 ambakdrv - detected UnsignedFile.Multi.Generic ( 1 )
22:15:33.0105 0x1428 Detect skipped due to KSN trusted
22:15:33.0105 0x1428 ambakdrv - ok
22:15:33.0136 0x1428 [ 7589DE749DB6F71A68489DCE04158729, 5F35EDD50737985595C9D6703237CA2ADE49AA5443331020899698EB5114A0FB ] AmdK8 C:\WINDOWS\System32\drivers\amdk8.sys
22:15:33.0198 0x1428 AmdK8 - ok
22:15:33.0230 0x1428 [ B46D2D89AFF8A9490FA8C98C7A5616E3, BE0765B5423B690E0F097FECD9717FAA95BFDFFDC6CF1B93DE5A19A1B7797879 ] AmdPPM C:\WINDOWS\System32\drivers\amdppm.sys
22:15:33.0261 0x1428 AmdPPM - ok
22:15:33.0277 0x1428 [ D2BF2F94A47D332814910FD47C6BBCD2, FE273D77D119D958676E1197D9EA7B008E3B05C6192B1962A81D4223ED204C35 ] amdsata C:\WINDOWS\system32\drivers\amdsata.sys
22:15:33.0292 0x1428 amdsata - ok
22:15:33.0323 0x1428 [ A8E04943C7BBA7219AA50400272C3C6E, 794C0BD12DF0392654E9A37AE4A24B5BE2D83F1F24F74DD48A1A0BF3AB8B1FF8 ] amdsbs C:\WINDOWS\system32\drivers\amdsbs.sys
22:15:33.0339 0x1428 amdsbs - ok
22:15:33.0339 0x1428 [ CEA5F4F27CFC08E3A44D576811B35F50, 89DF64B81BD109BAABAE93A4603C1617241219F38DDAF325EFE6BD35FF6FD717 ] amdxata C:\WINDOWS\system32\drivers\amdxata.sys
22:15:33.0355 0x1428 amdxata - ok
22:15:33.0370 0x1428 [ 46014EDFDC8AF8733E14947448D122C5, 8CE2BD29CF7230A624745334A76F5F8C2E5C01EEDB2B803F9468771BC9DCBC4D ] ammntdrv C:\windows\system32\ammntdrv.sys
22:15:33.0386 0x1428 ammntdrv - detected UnsignedFile.Multi.Generic ( 1 )
22:15:35.0902 0x1428 Detect skipped due to KSN trusted
22:15:35.0902 0x1428 ammntdrv - ok
22:15:35.0933 0x1428 [ E5F36F2FF6E8BC2E9E51655489EA753D, 83A7BA29D411C039511A9306C0136099572EE8E306E1C87207F3E721568C0136 ] AmUStor C:\WINDOWS\system32\drivers\AmUStor.SYS
22:15:35.0948 0x1428 AmUStor - ok
22:15:35.0964 0x1428 [ 7CD08E63219E00BB206077F5BA708677, E8F4031E5E524C60D5853B5DE3AC37E45F28B490665F0CD2016754EDCFA4B2F2 ] amwrtdrv C:\windows\system32\amwrtdrv.sys
22:15:35.0980 0x1428 amwrtdrv - detected UnsignedFile.Multi.Generic ( 1 )
22:15:43.0620 0x1428 Detect skipped due to KSN trusted
22:15:43.0620 0x1428 amwrtdrv - ok
22:15:43.0761 0x1428 [ 81E02299B534F61E104C1235519C37B3, B389458C13A0E0717365B7CE371A6B768EB2F98C4CDBAA6DCBBBDE3A2B1D8B14 ] AntiVirMailService C:\Program Files (x86)\Sicherheit-Ordnung\Avira\AntiVir Desktop\avmailc7.exe
22:15:43.0808 0x1428 AntiVirMailService - ok
22:15:43.0839 0x1428 [ 3CBE5047BB08BD363420D68364F9E829, 7A6C59E9B98C1A50CB5FB895050127C5A433BA825D3832FC6DDA2A41AE986543 ] AntiVirSchedulerService C:\Program Files (x86)\Sicherheit-Ordnung\Avira\AntiVir Desktop\sched.exe
22:15:43.0855 0x1428 AntiVirSchedulerService - ok
22:15:43.0902 0x1428 [ 3CBE5047BB08BD363420D68364F9E829, 7A6C59E9B98C1A50CB5FB895050127C5A433BA825D3832FC6DDA2A41AE986543 ] AntiVirService C:\Program Files (x86)\Sicherheit-Ordnung\Avira\AntiVir Desktop\avguard.exe
22:15:43.0917 0x1428 AntiVirService - ok
22:15:43.0948 0x1428 [ CAA9D66CA6D21AF0AE7DA01D5AC6CC2F, 827400CFB53026757B3D75B6C5AC7BBECE7E62B335160C18CBF6A41047F4A400 ] AntiVirWebService C:\Program Files (x86)\Sicherheit-Ordnung\Avira\AntiVir Desktop\avwebg7.exe
22:15:44.0027 0x1428 AntiVirWebService - ok
22:15:44.0058 0x1428 [ 9DCB42905F1EBF9CEC57EE5DF0BDA965, 4C888AAD0DDE01565FD7FBB6B70A500158CF2E4CECF9ADD4AFD302A993587269 ] AppHostSvc C:\WINDOWS\system32\inetsrv\apphostsvc.dll
22:15:44.0120 0x1428 AppHostSvc - ok
22:15:44.0167 0x1428 [ 415DD71628795197F7AFC176CBADC74E, 5F0359053A6CD6EE239139E0E6F46E1FA9A73F017C0CE9B7BC052216B2C846EC ] AppID C:\WINDOWS\system32\drivers\appid.sys
22:15:44.0198 0x1428 AppID - ok
22:15:44.0214 0x1428 [ 88358135810B9DFD830A9D3A8C3D149A, DF914DA3828EE2310895D156342E3B3DF5E8C6F6F9B851C359E82A1F48180D4B ] AppIDSvc C:\WINDOWS\System32\appidsvc.dll
22:15:44.0245 0x1428 AppIDSvc - ok
22:15:44.0277 0x1428 [ 680BFB820C5A943AB709BAA2B1EF27F2, A51D2A7976A762FE470C13C6D1BA0319A0FB19C9E66BF02AA44F83EAEC7130F8 ] Appinfo C:\WINDOWS\System32\appinfo.dll
22:15:44.0355 0x1428 Appinfo - ok
22:15:44.0386 0x1428 [ 35E28923A23ADABAA5A1B43256D0AB58, A5F3AF8BBEE58B2165BAFACC5FF8B167B55B020998D3D1565C2229ED8753B269 ] AppReadiness C:\WINDOWS\system32\AppReadiness.dll
22:15:44.0433 0x1428 AppReadiness - ok
22:15:44.0495 0x1428 [ 573542B5E97772021B73E854DA861DAA, C3FD00FA28060F8D7CDFD455BBB5FF8239CB76DDFFF2BDAE6AA944674DD993D3 ] AppXSvc C:\WINDOWS\system32\appxdeploymentserver.dll
22:15:44.0589 0x1428 AppXSvc - ok
22:15:44.0605 0x1428 [ 65045784366F7EC5FB4E71BCF923187B, 53C215C64FF12E44B097F7CB88E8482438CE0ACBD3C68D8FD38BA0D0D8747FAA ] arcsas C:\WINDOWS\system32\drivers\arcsas.sys
22:15:44.0620 0x1428 arcsas - ok
22:15:44.0730 0x1428 [ F15AB80B867D3332D5DDFB0A05B9CE04, 5A16577106246AB5DCC04FE0A0B00B7C5702557B75F958721E4C00383AB99809 ] aspnet_state C:\WINDOWS\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
22:15:44.0761 0x1428 aspnet_state - ok
22:15:44.0792 0x1428 [ 3DB7721F06BC2FEDB25029EA23AB27DA, 221861148C66FE53E4D6EE49C6E656479AB5804A2D348A280A1CD8093E8AB788 ] AsyncMac C:\WINDOWS\system32\DRIVERS\asyncmac.sys
22:15:44.0839 0x1428 AsyncMac - ok
22:15:44.0870 0x1428 [ 74B14192CF79A72F7536B27CB8814FBD, 0CF6BBB63FFE0C12777664D80B2797923844C8392D0FD81D7962EE5EE2C3C3D9 ] atapi C:\WINDOWS\system32\drivers\atapi.sys
22:15:44.0886 0x1428 atapi - ok
22:15:44.0917 0x1428 [ 431FE56F5A2F5937994CB2DA330B47DB, E5AED551529A21494114959251FDF566802DD6D9B9D86A937A0EECE53338CAC7 ] AudioEndpointBuilder C:\WINDOWS\System32\AudioEndpointBuilder.dll
22:15:44.0948 0x1428 AudioEndpointBuilder - ok
22:15:44.0995 0x1428 [ 0F03CC00645D7F841879A048787D6AC7, 3ECD2486157469F2EDB63D4868338D1445F2909153DF0AFFE432083730EEE3F5 ] Audiosrv C:\WINDOWS\System32\Audiosrv.dll
22:15:45.0027 0x1428 Audiosrv - ok
22:15:45.0058 0x1428 [ CF233C89DEFF6BCA1F65BE3DA0C1A306, B718A59CFC0E3A9ED4E8C690390F54C96828C5A4C2790C2E98075DB4484240D6 ] avgntflt C:\WINDOWS\system32\DRIVERS\avgntflt.sys
22:15:45.0073 0x1428 avgntflt - ok
22:15:45.0105 0x1428 [ 4764D299855174D6B5C7DA853B490029, 6E2C8E25DC3C38EEAAA1221E515AC06C2EDC0A71CF2F7762E8DFCC55938D59B3 ] avipbb C:\WINDOWS\system32\DRIVERS\avipbb.sys
22:15:45.0120 0x1428 avipbb - ok
22:15:45.0152 0x1428 [ 79F7741A773FF194EEC64A8161AE26D5, 3DDEA5FBDCB74A2BACC895A44C8C2A947F09E2649ED61D781E99DD61DBFACA5D ] avkmgr C:\WINDOWS\system32\DRIVERS\avkmgr.sys
22:15:45.0167 0x1428 avkmgr - ok
22:15:45.0183 0x1428 [ E477AF94ACCCF99A0E56D71D450DCCCB, C97756A4E82EC7EF8268967B10DEBAAEDB746B2846CA2BFD68E1B7DBBAE7901A ] avnetflt C:\WINDOWS\system32\DRIVERS\avnetflt.sys
22:15:45.0198 0x1428 avnetflt - ok
22:15:45.0245 0x1428 [ 3C6ED74AF41DD1A5585CE5EF3D00915F, A742F576407776634E5A8E49C60023FFDF395DE0B2DE36662A23F85B79405ED2 ] AxInstSV C:\WINDOWS\System32\AxInstSV.dll
22:15:45.0292 0x1428 AxInstSV - ok
22:15:45.0339 0x1428 [ A4A73F631FE2AA2826FBE4A399B04DEF, 973AACE8DC8DA669D0DF20F17EFDEEABB90AA046AC980948D16A62D39A606A79 ] b06bdrv C:\WINDOWS\system32\drivers\bxvbda.sys
22:15:45.0370 0x1428 b06bdrv - ok
22:15:45.0386 0x1428 [ 8CC7F7E4AFCBA605921B137ED7992C68, 71406E6D6E9964740A6D90B05329D5492BB90AF40E0630CF2FBF4BA4BA14F2DD ] BasicDisplay C:\WINDOWS\System32\drivers\BasicDisplay.sys
22:15:45.0464 0x1428 BasicDisplay - ok
22:15:45.0480 0x1428 [ 38A82F4EE8C416A6744B6D30381ED768, 9EAAE5F43BA09359130AC04B1DCA0F5D4DF32ED89C02DC5CEB640918948847F7 ] BasicRender C:\WINDOWS\System32\drivers\BasicRender.sys
22:15:45.0527 0x1428 BasicRender - ok
22:15:45.0542 0x1428 [ C1ABB0F7E3BEA48A0417BDF6FF14AB21, 1CAC63A1A0FB9855A27EE977794576A860F6650C9EF7667FFB27F2A2FF721857 ] bcmfn2 C:\WINDOWS\System32\drivers\bcmfn2.sys
22:15:45.0558 0x1428 bcmfn2 - ok
22:15:45.0589 0x1428 [ 4B6F61BD394DCEDA9B06D702836531C2, 83C739467BD9A00FE09BCE83BB9409EA2DA62FCDD2384F9EE98626226223E918 ] BDESVC C:\WINDOWS\System32\bdesvc.dll
22:15:45.0698 0x1428 BDESVC - ok
22:15:45.0730 0x1428 [ EC19013E4CF87609534165DF897274D6, 8ED45537CF2D58D759A587CCBFDADD5580C7447B0C3B172CF19ECC7585E073FC ] Beep C:\WINDOWS\system32\drivers\Beep.sys
22:15:45.0792 0x1428 Beep - ok
22:15:45.0948 0x1428 [ 8F2AD111B47A190F325EE7495D3C1803, C61F1506E74A9EFBB61B8A06B30886B6E891C33211F755F30B924EBA202ECEC5 ] BFE C:\WINDOWS\System32\bfe.dll
22:15:46.0058 0x1428 BFE - ok
22:15:46.0136 0x1428 [ 48554994279BFE17A3D2B00076D0CB1A, 6521B1EC0BC6B01F63976370D89FE7DC2E7404899F68B6FAC37A9173B9C5D489 ] BITS C:\WINDOWS\System32\qmgr.dll
22:15:46.0245 0x1428 BITS - ok
22:15:46.0355 0x1428 [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD, 17BFFC5DF609CE3B2F0CAB4BD6C118608C66A3AD86116A47E90B2BB7D8954122 ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
22:15:46.0386 0x1428 Bonjour Service - ok
22:15:46.0402 0x1428 [ 6B4FFFDDC618FCF64473CAA86E305697, 29EA66071D5822920F5C50533673ADAB5204F8B25C11027AD27450D881F1142D ] bowser C:\WINDOWS\system32\DRIVERS\bowser.sys
22:15:46.0433 0x1428 bowser - ok
22:15:46.0464 0x1428 [ FA601515FF2B59F25FDD8EDB1D2A1104, 21DFB53241F8E880F7546B9ADF38F47D6AD0782EC7F8F0284ED69DE7CEF7DCB9 ] BrokerInfrastructure C:\WINDOWS\System32\bisrv.dll
22:15:46.0511 0x1428 BrokerInfrastructure - ok
22:15:46.0558 0x1428 [ BC111AADACD0BF59D56547461D13AB6E, 91E3619930C29EE4B2683683888BA7EE3CF6B1DDB0C19A14E0880470CBE40EF4 ] Browser C:\WINDOWS\System32\browser.dll
22:15:46.0620 0x1428 Browser - ok
22:15:46.0636 0x1428 [ A8F23D453A424FF4DE04989C4727ECC7, AE4A9081395C7379F1C947EF8243F7609F90C843E086B8E77E1A2C06E36D4381 ] BthAvrcpTg C:\WINDOWS\System32\drivers\BthAvrcpTg.sys
22:15:46.0652 0x1428 BthAvrcpTg - ok
22:15:46.0683 0x1428 [ 272A62B660A48AEF366F8A1836CED19F, 78EFAC6B1B2313482329BBFFBF0DDA6462BD88E5BE3C817C5E8E0EAF3074C925 ] BthHFEnum C:\WINDOWS\System32\drivers\bthhfenum.sys
22:15:46.0714 0x1428 BthHFEnum - ok
22:15:46.0730 0x1428 [ 71FE2A48E4C93DDB9798C024880B6C07, 8E93DE29C61A5FA64216231228CB3C4A1A693FE87CAA2C070BCAD7BE2D8ED000 ] bthhfhid C:\WINDOWS\System32\drivers\BthHFHid.sys
22:15:46.0839 0x1428 bthhfhid - ok
22:15:46.0902 0x1428 [ 9307A4B743D277C499CDA8E19E5687AC, 7A01989EC3D54581F292BDEDC9B9445F2ABD50165102617E3089BDD061C63A19 ] BthHFSrv C:\WINDOWS\System32\BthHFSrv.dll
22:15:46.0933 0x1428 BthHFSrv - ok
22:15:46.0964 0x1428 [ EF4B9E7C9AD88C00C18A12B0D22D1894, 672537E75201E690D86CD65252B8AEF887C76EBD37AB0C419462D69164B350CC ] BTHMODEM C:\WINDOWS\System32\drivers\bthmodem.sys
22:15:47.0011 0x1428 BTHMODEM - ok
22:15:47.0058 0x1428 [ 043A0F37631BF453F16D478B71320F46, C368296B802984F438852927B8A40EA3F4205724A05828F3173F08EC17228356 ] bthserv C:\WINDOWS\system32\bthserv.dll
22:15:47.0120 0x1428 bthserv - ok
22:15:47.0136 0x1428 [ 5A458422B4312BAEEFA3E64D321596E6, 1213D86B9B6FBB1414D1D3E5F4B0ED0C68D05EB98C902395AB0F0FC3D8A29AD5 ] busenum C:\WINDOWS\System32\drivers\busenum.sys
22:15:47.0152 0x1428 busenum - ok
22:15:47.0167 0x1428 [ 2FA6510E33F7DEFEC03658B74101A9B9, 61C8C8E3F09B427711464C974EE22E1E01C48E10DB54A4EC9901F482FC36C978 ] cdfs C:\WINDOWS\system32\DRIVERS\cdfs.sys
22:15:47.0214 0x1428 cdfs - ok
22:15:47.0230 0x1428 [ C6796EA22B513E3457514D92DCDB1A3D, 2B893F3950C6B913B934C2089B69F3B0B77F229AE1820907E598455CBB78139C ] cdrom C:\WINDOWS\System32\drivers\cdrom.sys
22:15:47.0261 0x1428 cdrom - ok
22:15:47.0292 0x1428 [ 41C0D7B1A6D4AD119BA6AC0487EA5C8E, 516C2B34BA7507D0DA4148B4ABC0A8C36286570D4EA5C60B28647B1249C15018 ] CertPropSvc C:\WINDOWS\System32\certprop.dll
22:15:47.0323 0x1428 CertPropSvc - ok
22:15:47.0339 0x1428 [ BE9936EDD3267FAAFF94A7835867F00B, 3CEEF2377D45ED38C7CD3CE4C746EC5EA7277EFEC728A5438F0EF5F62FC7C859 ] circlass C:\WINDOWS\System32\drivers\circlass.sys
22:15:47.0339 0x1428 circlass - ok
22:15:47.0386 0x1428 [ 8EB7E70C2D348FE2476A2E3F2D585E3D, 2B5D407FACF1D049261026CC552A7C93B028A661B0F4E959815EAE7670054127 ] CLFS C:\WINDOWS\system32\drivers\CLFS.sys
22:15:47.0402 0x1428 CLFS - ok
22:15:47.0433 0x1428 [ 075CCE75090786F124573A788C8656E6, AA188CFF2F8EE2D9F50701AB2315D24E15D7715FD84F5054D3FC175D4BD35734 ] CLVirtualDrive C:\WINDOWS\system32\DRIVERS\CLVirtualDrive.sys
22:15:47.0448 0x1428 CLVirtualDrive - ok
22:15:47.0480 0x1428 [ EF6EF85DADC3184A10D8F2F7159973CB, 42FCB286CED95A5DEBC5C0C894FCBC4818A2C818BB71087142FB51A08A0BE96B ] CmBatt C:\WINDOWS\System32\drivers\CmBatt.sys
22:15:47.0511 0x1428 CmBatt - ok
22:15:47.0542 0x1428 [ 0DE32A0BB1FE2A773666572F79584520, C417C12476B937265BEDC9A2C3C3F6C50FD19AEC096362337B0921627A2A92EA ] CNG C:\WINDOWS\system32\Drivers\cng.sys
22:15:47.0573 0x1428 CNG - ok
22:15:47.0589 0x1428 [ 03AAED827C36F35D70900558B8274905, 8E44A23C6013FFAE7769F99CAA3B1D6288DE00A38937F9056903AC265B503AFA ] CompositeBus C:\WINDOWS\System32\drivers\CompositeBus.sys
22:15:47.0605 0x1428 CompositeBus - ok
22:15:47.0620 0x1428 COMSysApp - ok
22:15:47.0636 0x1428 [ A1FF7DFBFBE164CF92603C651D304DD2, 470ACE5A75E64FC62C950037201199857E974803625DC73BEDBCF6FA4DDD496C ] condrv C:\WINDOWS\system32\drivers\condrv.sys
22:15:47.0652 0x1428 condrv - ok
22:15:47.0683 0x1428 [ 6324F0D18FB52833BA64BC828E29054C, 04118FA1BDFC512F76E4A81FEF34C78B6BD98429DB1D65123B6802B4A1E30584 ] CryptSvc C:\WINDOWS\system32\cryptsvc.dll
22:15:47.0714 0x1428 CryptSvc - ok
22:15:47.0745 0x1428 [ BA8E5B2291C01EF71CA80E25F0C79D55, 913C85EC00752AEEE2E29C6664085865DA45A091789C0F8CB015208D69F1915A ] ctxusbm C:\WINDOWS\system32\DRIVERS\ctxusbm.sys
22:15:47.0761 0x1428 ctxusbm - ok
22:15:47.0792 0x1428 [ 389C998C64319CD97625B0550E52ECFA, DD0EDDD9C8412F78D2D2B648D67DA887C3040E05DF29F48F71299CB68FDDD0F8 ] dam C:\WINDOWS\system32\drivers\dam.sys
22:15:47.0808 0x1428 dam - ok
22:15:47.0886 0x1428 [ A6F17C299A03BAFEFB9257C462A19E00, EB68967D28355271897166D7B6FD963D1E546D3C24AE1AEAAC561F94357A9345 ] DcomLaunch C:\WINDOWS\system32\rpcss.dll
22:15:47.0917 0x1428 DcomLaunch - ok
22:15:47.0964 0x1428 [ 95E1ABFB27F8A62ED764805775F0D2F3, 692865DA60C93481E01592883678B2C51FD9AC9A835DFB00A8E3F2DFEE7AB0ED ] defragsvc C:\WINDOWS\System32\defragsvc.dll
22:15:47.0995 0x1428 defragsvc - ok
22:15:48.0027 0x1428 [ FF086DEF5995558CCB1B5AAC2110195D, CED52FF01F9247BFDAFC5C7EFC538F8638146ED715574A422496EE0F846CB079 ] DeviceAssociationService C:\WINDOWS\system32\das.dll
22:15:48.0073 0x1428 DeviceAssociationService - ok
22:15:48.0089 0x1428 [ 2C02AFF8383D893F8DBEB07A84F6E77C, 7CC34BAC67E2988E3D16DD6EB6F6785CD2460E3EF7FBD0BD5F86E49793BD473E ] DeviceInstall C:\WINDOWS\system32\umpnpmgr.dll
22:15:48.0136 0x1428 DeviceInstall - ok
22:15:48.0152 0x1428 [ A03F362C5557E238CBFA914689C77248, BAD0A1124E6A384C15028FBE121ADF650F7716442555AD3737B9EA1F58A69246 ] Dfsc C:\WINDOWS\system32\Drivers\dfsc.sys
22:15:48.0183 0x1428 Dfsc - ok
22:15:48.0245 0x1428 [ D51B32BA3897F630D99713B74B40D6A2, 5EB136A8248E6FA1316CFA273D9DC8F9C8E8CCB9AC00AE23C1337FBF5F6FDBEC ] DfSdkS C:\Program Files (x86)\Ashampoo\Ashampoo WinOptimizer 2015\DfsdkS64.exe
22:15:48.0292 0x1428 DfSdkS - detected UnsignedFile.Multi.Generic ( 1 )
22:15:50.0777 0x1428 Detect skipped due to KSN trusted
22:15:50.0777 0x1428 DfSdkS - ok
22:15:50.0808 0x1428 [ 5492F6FB1F32E10AEF02679872AFD194, 470A0C39734E261DC7443C8E59ECE89A7E367ABCFC15AA325EB995452C3973AA ] dg_ssudbus C:\WINDOWS\system32\DRIVERS\ssudbus.sys
22:15:50.0839 0x1428 dg_ssudbus - ok
22:15:50.0870 0x1428 [ 3EEAADA3125431980E5804ED7143458A, 381E12C83E3211C255B321D35536F4049D67E31061F8D82155E4D4509E97F43D ] Dhcp C:\WINDOWS\system32\dhcpcore.dll
22:15:50.0917 0x1428 Dhcp - ok
22:15:50.0980 0x1428 [ 21EDAD8188372C912B7BB9B1C6CB0D38, 4A102745DE8A2A82D2C069B30503BF9FF2312A035A82854F84EF9C27E3533CEE ] DiagTrack C:\WINDOWS\system32\diagtrack.dll
22:15:51.0042 0x1428 DiagTrack - ok
22:15:51.0073 0x1428 [ 4D40C9B33F738797CF50E77CB7C53E85, 7BA341342A47DEB15B51971C97A5237ACD8BDAD9033F63DF0000892BE43F8E13 ] disk C:\WINDOWS\system32\drivers\disk.sys
22:15:51.0089 0x1428 disk - ok
22:15:51.0105 0x1428 [ EB70A894708D1BC176AFD690FF06085F, 0DD2A97F5E1B38D1F7C0D44E50F09EA222B18B3B074CC9C8CD25A7526CB1A112 ] dmvsc C:\WINDOWS\System32\drivers\dmvsc.sys
22:15:51.0152 0x1428 dmvsc - ok
22:15:51.0198 0x1428 [ E9AE4FAE83FB38A2962F9032B24CEB3C, CC7D2D8C97CB779791613D76D6E4AF5D628C948C28BAC584C3C7F6A5A6036FBA ] Dnscache C:\WINDOWS\System32\dnsrslvr.dll
22:15:51.0230 0x1428 Dnscache - ok
22:15:51.0277 0x1428 [ 811EACBCC7C51A03AE11F13CC27B2AB6, FAB94F84950FFB7D3649BAFB8D96D43B880D7FDE8D5B879472AE26C4BC4203B0 ] dot3svc C:\WINDOWS\System32\dot3svc.dll
22:15:51.0308 0x1428 dot3svc - ok
22:15:51.0339 0x1428 [ B99CB575986789A93A683DCF292A43A1, 6ACEA31C723B74003E106FC8303542FCC6DBC4952B6B523F6590D006BE57238D ] DPS C:\WINDOWS\system32\dps.dll
22:15:51.0355 0x1428 DPS - ok
22:15:51.0386 0x1428 [ 00C594D5A1DBD22AD8B2902B9F6EFF94, 2920D62B5F7C49A8AFA80FCAD1E834BBAA670AEBDD7E6F21F0496D1D3CCB4E90 ] drmkaud C:\WINDOWS\system32\drivers\drmkaud.sys
22:15:51.0386 0x1428 drmkaud - ok
22:15:51.0417 0x1428 [ 263625A4F616538EB867B6306A6590DB, 2A064720C247EAA3446EFDCC9E01D84CBA875905D78DFED0FBD62D1EE422D416 ] DsmSvc C:\WINDOWS\System32\DeviceSetupManager.dll
22:15:51.0433 0x1428 DsmSvc - ok
22:15:51.0511 0x1428 [ E1BB0B6F00F470B451AB45EA13EBA0B3, 3A2FC2175B69A5EB98D6C2D563DBFDCB320647AB87A14E47FAE800423DCACDAB ] DXGKrnl C:\WINDOWS\System32\drivers\dxgkrnl.sys
22:15:51.0573 0x1428 DXGKrnl - ok
22:15:51.0589 0x1428 [ E253530BD5EDE28F1FF6AF93C4D8034D, 787A70C3E946348F066FB8EB81FCE60157217D93FD78ADC631B5835E8D76A253 ] Eaphost C:\WINDOWS\System32\eapsvc.dll
22:15:51.0636 0x1428 Eaphost - ok
22:15:51.0761 0x1428 [ 114BCFDF367FF37C3F1B0A96AF542E4D, D385BC1D91BC1406091C8C3691C07A90BD60EDE05B1384E5AA3506FCB909C857 ] ebdrv C:\WINDOWS\system32\drivers\evbda.sys
22:15:51.0886 0x1428 ebdrv - ok
22:15:51.0917 0x1428 [ 382100E75B6F4668AEAEF228C6CEFFAD, 9C7229F10F11D18E1FED6395391A46225A84B421034B9AB6F81AF7430FDC556F ] EFS C:\WINDOWS\System32\lsass.exe
22:15:51.0933 0x1428 EFS - ok
22:15:51.0948 0x1428 [ 43531A5993380CC5113242C29D265FD9, EE0076D96F7F3CF29884AC7A67C08A429115A7201354A1FB5DE45FD63ABB4960 ] EhStorClass C:\WINDOWS\system32\drivers\EhStorClass.sys
22:15:51.0948 0x1428 EhStorClass - ok
22:15:51.0964 0x1428 [ 6F8E738A9505A388B1157FDDE7B3101B, 3696CA634102B41EEA11EB9DCA0B24439D8636AED4A7190C138C5E64A2EFB514 ] EhStorTcgDrv C:\WINDOWS\system32\drivers\EhStorTcgDrv.sys
22:15:51.0980 0x1428 EhStorTcgDrv - ok
22:15:51.0995 0x1428 [ DFFFAE1442BA4076E18EED5E406FA0D3, 329FC6FB8D14BEACDBE2A5D4C496EDEA485E838B1DF27566E278F8F8E0D8E82E ] ErrDev C:\WINDOWS\System32\drivers\errdev.sys
22:15:51.0995 0x1428 ErrDev - ok
22:15:52.0042 0x1428 [ F00C593994D57C75273F820653440536, 2DC986D9890EC907405FB2045E6F55ACC384169B45F0B56CCB1A953CF71D9A5D ] EventSystem C:\WINDOWS\system32\es.dll
22:15:52.0089 0x1428 EventSystem - ok
22:15:52.0105 0x1428 [ 7729D294A555C7AEB281ED8E4D0E01E4, 7269E79D72CCE477AC108294D0DDFB59CF533B03C587599C5AB0507C43A0B6D4 ] exfat C:\WINDOWS\system32\drivers\exfat.sys
22:15:52.0183 0x1428 exfat - ok
22:15:52.0198 0x1428 [ 7C4E0D5900B2A1D11EDD626D6DDB937B, 732F310F8F6016C56F432A81636B13CE0124A802FE8DD91287B618EED22C9A1D ] fastfat C:\WINDOWS\system32\drivers\fastfat.sys
22:15:52.0214 0x1428 fastfat - ok
22:15:52.0277 0x1428 [ 304B6AEC4639A7CCCCF544C6BA6177B2, B75CDD52FD3890B3008E06C503945D1E36478F0EC5E067C8DBC2822D7935D24B ] Fax C:\WINDOWS\system32\fxssvc.exe
22:15:52.0323 0x1428 Fax - ok
22:15:52.0339 0x1428 [ 5D8402613E778B3BD45E687A8372710B, EE9EA10805168D309A609B9019AEC5961EE46D18207B5E0EA2DE4064A5770AF8 ] fdc C:\WINDOWS\System32\drivers\fdc.sys
22:15:52.0370 0x1428 fdc - ok
22:15:52.0386 0x1428 [ 020D2F29009F893ADEFF4405B4B44565, 9F8501064C72933D1442DA00E70392B30D0207EB7D60F50E6648FF363799E6F1 ] fdPHost C:\WINDOWS\system32\fdPHost.dll
22:15:52.0448 0x1428 fdPHost - ok
22:15:52.0464 0x1428 [ E80D2EDD2F88B6E20076A0A4F5A5A245, E3CD6E0BE152B22E8A7340EFFD10CCDB1B632CD3EDF487E83F697D2E22A7D594 ] FDResPub C:\WINDOWS\system32\fdrespub.dll
22:15:52.0511 0x1428 FDResPub - ok
22:15:52.0542 0x1428 [ 47AB7D16EDE434B934AA4D661456C2D5, D375A92FB3E4BB0A8DA5270DACC888E53FB9F514516039FE6DAE4D4EF6B9A970 ] fhsvc C:\WINDOWS\system32\fhsvc.dll
22:15:52.0605 0x1428 fhsvc - ok
22:15:52.0620 0x1428 [ BCFD8B149B3ADF92D0DB1E909CAF0265, 002B085C131473642450176B4B8359F3E5B04350AFB659B9C0F9EB587D1181E7 ] FileInfo C:\WINDOWS\system32\drivers\fileinfo.sys
22:15:52.0636 0x1428 FileInfo - ok
22:15:52.0652 0x1428 [ A1A66C4FDAFD6B0289523232AFB7D8AF, 0F5832F626BB62190D5F3A088CE6E048D8A400CCF9EA527F06973CAD96D3A81C ] Filetrace C:\WINDOWS\system32\drivers\filetrace.sys
22:15:52.0683 0x1428 Filetrace - ok
22:15:52.0777 0x1428 [ ABEDFD48AC042C6AAAD32452E77217A1, BC45A1C36BDBC20EF4E7D3CFB5368912382D964CB34D050ED255F56307F4C910 ] FLEXnet Licensing Service C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
22:15:52.0792 0x1428 FLEXnet Licensing Service - ok
22:15:52.0808 0x1428 [ BE743083CF7063C486A4398E3AEFE59A, 85796D89943DD6FE3932C1ED6CF01470C1B4DFD243C390B07055FFDA3C231551 ] flpydisk C:\WINDOWS\System32\drivers\flpydisk.sys
22:15:52.0823 0x1428 flpydisk - ok
22:15:52.0855 0x1428 [ C1FB505A73FA2E9019D32444AB33B75A, 765F0635C18295855CA4C0394192E8B94BA2EA1C4D74F86B720358ABA019FFAA ] FltMgr C:\WINDOWS\system32\drivers\fltmgr.sys
22:15:52.0870 0x1428 FltMgr - ok
22:15:52.0933 0x1428 [ 1E93CBB75D167CDF85501A8C790097A8, C9E5DD090C94E7855939CE1F416460DB408EFF897C2CD52E0D52A734D8ED18B7 ] FontCache C:\WINDOWS\system32\FntCache.dll
22:15:53.0027 0x1428 FontCache - ok
22:15:53.0073 0x1428 [ 1C52387BF5A127F5F3BFB31288F30D93, 90D13F60170CD74304F3036A90D596AA3E1E134455A780310BDF67AC7815F2E7 ] FontCache3.0.0.0 C:\WINDOWS\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
22:15:53.0089 0x1428 FontCache3.0.0.0 - ok
22:15:53.0120 0x1428 [ A7C31B168F371E8E6796219F23E354DB, C51C9BF568F1E96CBBE57D2432B38F93F40520086DDB6AAAAC48CBCD1691B441 ] FsDepends C:\WINDOWS\system32\drivers\FsDepends.sys
22:15:53.0136 0x1428 FsDepends - ok
22:15:53.0152 0x1428 [ 09F460AFEDCA03F3BF6E07D1CCC9AC42, B832091BC9B2C2FE38A4BCA132ABB58251E851F21EC6F39636E73777AB9A5791 ] Fs_Rec C:\WINDOWS\system32\drivers\Fs_Rec.sys
22:15:53.0152 0x1428 Fs_Rec - ok
22:15:53.0183 0x1428 [ F152D55E497E12256290C43B31C7D0CE, FFC54B14CCFBC1548948C07FB3866E40A11D0C05AC352BD000E71CEF053F6A6E ] fvevol C:\WINDOWS\system32\DRIVERS\fvevol.sys
22:15:53.0214 0x1428 fvevol - ok
22:15:53.0230 0x1428 [ 9591D0B9351ED489EAFD9D1CE52A8015, AC64C236C3AE545FCE8ED44A4A87FB86265A453BA60026EC9A4DE2B631E99996 ] FxPPM C:\WINDOWS\System32\drivers\fxppm.sys
22:15:53.0245 0x1428 FxPPM - ok
22:15:53.0261 0x1428 [ FC3EF65EE20D39F8749C2218DBA681CA, 12980F1DE99B25E6920A33556F3ABDA5EC9BFE4757BE602130B5E939D8D25CE3 ] gagp30kx C:\WINDOWS\system32\drivers\gagp30kx.sys
22:15:53.0277 0x1428 gagp30kx - ok
22:15:53.0292 0x1428 [ 0BF5CAD281E25F1418E5B8875DC5ADD1, 0929AD8437DD78234553D8B2CDF0D6838FD54ACDE1918AFEBE48684EB32A07A3 ] gencounter C:\WINDOWS\System32\drivers\vmgencounter.sys
22:15:53.0323 0x1428 gencounter - ok
22:15:53.0370 0x1428 [ 8DF1254093B5C354CE725EB6B9B0DE19, DE6C5661CC076DA44B8A5D044FDB7280EDCF38D322A98C14FDC82E25586B3014 ] GPIOClx0101 C:\WINDOWS\system32\Drivers\msgpioclx.sys
22:15:53.0402 0x1428 GPIOClx0101 - ok
22:15:53.0448 0x1428 [ 0D03F87D4FF4ADBAF8336DD80548155A, BC10CFA88EA2F41A8D96CB810B7953A4C168B79273A3E804A9F020F49AB58CD3 ] gpsvc C:\WINDOWS\System32\gpsvc.dll
22:15:53.0527 0x1428 gpsvc - ok
22:15:53.0558 0x1428 [ C1B577B2169900F4CF7190C39F085794, 73E104B96A48F4C80D8C37254ECB0891D15C0D2F0C251B57C168F90D60316447 ] gusvc C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
22:15:53.0558 0x1428 gusvc - ok
22:15:53.0573 0x1428 [ D4B7ED39C7900384D9E5C1283F1E7926, F93F98858067B40F1C071EAD0F8E85442A78B95342BC692AF4D726540634923F ] HDAudBus C:\WINDOWS\System32\drivers\HDAudBus.sys
22:15:53.0605 0x1428 HDAudBus - ok
22:15:53.0636 0x1428 [ 10A70BC1871CD955D85CD88372724906, 2480A74854D0A89FF028EE9BA41224D4B2F9B0863066BFC43097920794FEE08D ] HidBatt C:\WINDOWS\System32\drivers\HidBatt.sys
22:15:53.0667 0x1428 HidBatt - ok
22:15:53.0698 0x1428 [ 42F88B57CAE42FC10059C887B3FCFCEA, 9363AA2B8E839A6935A7C6A36C491938DF78024886DCCE6D29CB18E1D6A6D806 ] HidBth C:\WINDOWS\System32\drivers\hidbth.sys
22:15:53.0745 0x1428 HidBth - ok
22:15:53.0761 0x1428 [ C241A8BAFBBFC90176EA0F5240EACC17, 571E20B87818618BE9179986177D55739A240F04D1F740B3C1B7809B9427B767 ] hidi2c C:\WINDOWS\System32\drivers\hidi2c.sys
22:15:53.0792 0x1428 hidi2c - ok
22:15:53.0808 0x1428 [ 9BDDEE26255421017E161CCB9D5EDA95, B766FD5E31708F29384F69418FC33C4BCC6E3064AA553D5B1D30EE0B8B1BFB40 ] HidIr C:\WINDOWS\System32\drivers\hidir.sys
22:15:53.0839 0x1428 HidIr - ok
22:15:53.0870 0x1428 [ EA85B5093DF7B5C3E80362B053740AE2, 1D4251385402A2ADEE8FA1642F54180304F88337DA74989BDE44025ABB145FE5 ] hidserv C:\WINDOWS\system32\hidserv.dll
22:15:53.0917 0x1428 hidserv - ok
22:15:53.0933 0x1428 [ 8DB8EAB9D0C6A5DF0BDCADEA239220B4, EDA23E6909EB83E5E148816DFB16CC29EA01BD6BD2F73AA46B3D820B85FB9C83 ] HidUsb C:\WINDOWS\System32\drivers\hidusb.sys
22:15:53.0964 0x1428 HidUsb - ok
22:15:53.0995 0x1428 [ 93C4315F47F8D635C6DB0DF49FCE10EE, 70C52B8927D54ACD23F27948780B522974250FD5CD81AA9801C3F158C402889F ] hkmsvc C:\WINDOWS\system32\kmsvc.dll
22:15:54.0042 0x1428 hkmsvc - ok
22:15:54.0073 0x1428 [ AC49522ED106BD4B545D6614D71C2445, 40BD738A301170378ECFC031635EB04E2F812B676376CADDD6607ECABEC9255F ] HomeGroupListener C:\WINDOWS\system32\ListSvc.dll
22:15:54.0120 0x1428 HomeGroupListener - ok
22:15:54.0167 0x1428 [ 99932E30CE0283B73BB6E5019E150394, 1F88C2F56A7B8E1F75E6359281F418F9661DA4FB7B7D7B14FA7F718B15D4DCE0 ] HomeGroupProvider C:\WINDOWS\system32\provsvc.dll
22:15:54.0214 0x1428 HomeGroupProvider - ok
22:15:54.0292 0x1428 [ 2A8B93A01621E100A578E83C768AFA2C, 6637D260AF180D1F200D219796FCE6D524FC6BF57C0CEEF9E1B3616E85865AD1 ] HP Support Assistant Service C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
22:15:54.0308 0x1428 HP Support Assistant Service - detected UnsignedFile.Multi.Generic ( 1 )
22:15:56.0808 0x1428 Detect skipped due to KSN trusted
22:15:56.0808 0x1428 HP Support Assistant Service - ok
22:15:56.0855 0x1428 [ 4F88FA114D15504E1B17978A8DA4165E, FB3876525BC82B20D1CD159F1DC2CCBA63CAAA755A97E5C97089B09DEA6DD790 ] HPConnectedRemote c:\Program Files (x86)\Hewlett-Packard\HP Connected Remote\HPConnectedRemoteService.exe
22:15:56.0870 0x1428 HPConnectedRemote - ok
22:15:56.0933 0x1428 [ D2946D9F020AE76E9CEF9B4A6DF838C0, C29CE594879385DA12B8EAA90B258905827B613839CCD820DE49215B68676995 ] hpqwmiex C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
22:15:56.0980 0x1428 hpqwmiex - ok
22:15:56.0995 0x1428 [ A6AACEA4C785789BDA5912AD1FEDA80D, D197012A5DA6AB3F76FF298336DF0CF027C07ECC71267BAEF5912DE12893E096 ] HpSAMD C:\WINDOWS\system32\drivers\HpSAMD.sys
22:15:57.0011 0x1428 HpSAMD - ok
22:15:57.0058 0x1428 [ E87A6D3B8FECD5B93BC0CFBB48C27970, 55C49B6F3822450447C082B40A263F3370694DB53AD0018ADEB911E4A9F65A88 ] HTTP C:\WINDOWS\system32\drivers\HTTP.sys
22:15:57.0089 0x1428 HTTP - ok
22:15:57.0120 0x1428 [ 90656C0B3864804B090434EFC582404F, BDB60050B729AACB9E009AC7129BEBD6298BBD8A9DB14B817D02E8E13669BD6E ] hwpolicy C:\WINDOWS\system32\drivers\hwpolicy.sys
22:15:57.0136 0x1428 hwpolicy - ok
22:15:57.0152 0x1428 [ 6D6F9E3BF0484967E52F7E846BFF1CA1, C982966BDE6A3E6773D9441ADA7A3B08D13511DFC68D04DF303248B942423F38 ] hyperkbd C:\WINDOWS\System32\drivers\hyperkbd.sys
22:15:57.0183 0x1428 hyperkbd - ok
22:15:57.0198 0x1428 [ 907C870F8C31F8DDD6F090857B46AB25, 308664A31717383D06185875E76C6612407A9F04E7DB28404F574A5706C6715D ] HyperVideo C:\WINDOWS\system32\DRIVERS\HyperVideo.sys
22:15:57.0214 0x1428 HyperVideo - ok
22:15:57.0230 0x1428 [ 49EE0AE9E5B64FFBBD06D55C4984B598, 8866627F9241B24A59C81D8BCC67A4DCA87576F589599BA291D0E323F679EB4D ] i8042prt C:\WINDOWS\System32\drivers\i8042prt.sys
22:15:57.0277 0x1428 i8042prt - ok
22:15:57.0292 0x1428 [ 5D90E32E36CE5D4C535D17CE08AEAF05, 976A463343E8C8308AFBE9E64DF56C430D2241DE002430D00318AB065EB72E4A ] iaLPSSi_GPIO C:\WINDOWS\System32\drivers\iaLPSSi_GPIO.sys
22:15:57.0308 0x1428 iaLPSSi_GPIO - ok
22:15:57.0323 0x1428 [ DD05E7E80F52ADE9AEB292819920F32C, E71AB6A50B0F90C8F94569CE89F66F915A0A4A00D4AC091B2E5E750D88CFC334 ] iaLPSSi_I2C C:\WINDOWS\System32\drivers\iaLPSSi_I2C.sys
22:15:57.0339 0x1428 iaLPSSi_I2C - ok
22:15:57.0370 0x1428 [ 08BFE413B0B4AA8DFA4B5684CE06D3DC, 95DEEBB203E12EE6E191F5247A74C04AEC0E16DE981FADDC4D6C42EE41D8D079 ] iaStorAV C:\WINDOWS\system32\drivers\iaStorAV.sys
22:15:57.0386 0x1428 iaStorAV - ok
22:15:57.0417 0x1428 [ A2200C3033FA4EF249FC096A7A7D02A2, 5819F5C2020DE2EEE339B0C08CD4B1E3490EAFBBEA1277CE649DB5A5150986B0 ] iaStorV C:\WINDOWS\system32\drivers\iaStorV.sys
22:15:57.0433 0x1428 iaStorV - ok
22:15:57.0448 0x1428 IEEtwCollectorService - ok
22:15:57.0527 0x1428 [ AF8A43C376F83A4A1E7DA16461EDE114, EBA10519B074888355A4FC11D52FF1E6A52F88F754B7F1F9863A8313638645CB ] IKEEXT C:\WINDOWS\System32\ikeext.dll
22:15:57.0573 0x1428 IKEEXT - ok
22:15:57.0589 0x1428 [ 4E448FCFFD00E8D657CD9E48D3E47157, 4A958CF0BF8DAEAE5E008500BA67CE89B21388592811274331EE39CAC1043A00 ] intelide C:\WINDOWS\system32\drivers\intelide.sys
22:15:57.0605 0x1428 intelide - ok
22:15:57.0620 0x1428 [ 7AA01AB1C110916825E6E1389F1B9AF2, E2885955AFA0908E194B1BC364C9582249B2B2AFFF93F17F3414F55B1E5F2C42 ] intelpep C:\WINDOWS\system32\drivers\intelpep.sys
22:15:57.0620 0x1428 intelpep - ok
22:15:57.0652 0x1428 [ 47E74A8E53C7C24DCE38311E1451C1D9, 79B06E37A552C8A847404D4C572CDB8CF525354D8AE3BEBC06892B7C3B330761 ] intelppm C:\WINDOWS\System32\drivers\intelppm.sys
22:15:57.0683 0x1428 intelppm - ok
22:15:57.0698 0x1428 [ 9DB76D7F9E4E53EFE5DD8C53DE837514, 07BA4EDA9BE9139A689A2C3EFC1D1A4F3D1216625ED145F313398292A2CD5703 ] IpFilterDriver C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
22:15:57.0714 0x1428 IpFilterDriver - ok
22:15:57.0792 0x1428 [ A5800036E4EA06697A34742A24ACFBE1, BA67060526E9213000B4206F86A74F904999AD7018EFCBE4FE9708650DA9D973 ] iphlpsvc C:\WINDOWS\System32\iphlpsvc.dll
22:15:57.0823 0x1428 iphlpsvc - ok
22:15:57.0839 0x1428 [ 9C096BF5E10CA8BFA56F32522A89FAF1, 6C1151160799338DA351C7237AB049926C6C15F24F5E154BBF5929B4A96C0B8D ] IPMIDRV C:\WINDOWS\System32\drivers\IPMIDrv.sys
22:15:57.0870 0x1428 IPMIDRV - ok
22:15:57.0902 0x1428 [ B7342B3C58E91107F6E946A93D9D4EFD, D5DA3C02C5C5A343785745EF6983CC9B5FBD3FB8D49FE9B450523E50212D1A32 ] IPNAT C:\WINDOWS\system32\drivers\ipnat.sys
22:15:57.0917 0x1428 IPNAT - ok
22:15:57.0948 0x1428 [ AE44C526AB5F8A487D941CEB57B10C97, A783A2EAF7A6FF450FB3F189A5930036FA60D125C42171AC44B6FE2E3DBD6F7A ] IRENUM C:\WINDOWS\system32\drivers\irenum.sys
22:15:57.0964 0x1428 IRENUM - ok
22:15:57.0995 0x1428 [ 8AFEEA3955AA43616A60F133B1D25F21, E99359A4F1D653790133F145CF7C9F97399FD75C5E135AA7E5F989BB660789AF ] isapnp C:\WINDOWS\system32\drivers\isapnp.sys
22:15:57.0995 0x1428 isapnp - ok
22:15:58.0042 0x1428 [ D90AB68D0FAC9F357F663670FDBB511E, A82AAA5DF1B38EFBDCF834535A0C520D1BB2D7A4A906C18CFDD22BCF16BDB97D ] iScsiPrt C:\WINDOWS\System32\drivers\msiscsi.sys
22:15:58.0058 0x1428 iScsiPrt - ok
22:15:58.0089 0x1428 [ 5917AFE4A3F695A54B99C1849C8207FE, DD57638966F2F0387DCF9DA4BBAEE3CDD8CC6F1A2D49581A0374D46A565BED4F ] kbdclass C:\WINDOWS\System32\drivers\kbdclass.sys
22:15:58.0089 0x1428 kbdclass - ok
22:15:58.0120 0x1428 [ 8CD840A062F6BDF41DDE3ACB96164B72, AEAE867F3557C1CE6B931E19D7144A3BD3CBABD81B1542667680D54FC24DEBE1 ] kbdhid C:\WINDOWS\System32\drivers\kbdhid.sys
22:15:58.0152 0x1428 kbdhid - ok
22:15:58.0167 0x1428 [ 813871C7D402A05F2E3A7075F9584A05, FF0C2F87EB083F8CE74C679D80C845CDFBFBBC70BE818F899F3336BBB54A3FFB ] kdnic C:\WINDOWS\system32\DRIVERS\kdnic.sys
22:15:58.0214 0x1428 kdnic - ok
22:15:58.0230 0x1428 [ 382100E75B6F4668AEAEF228C6CEFFAD, 9C7229F10F11D18E1FED6395391A46225A84B421034B9AB6F81AF7430FDC556F ] KeyIso C:\WINDOWS\system32\lsass.exe
22:15:58.0245 0x1428 KeyIso - ok
22:15:58.0277 0x1428 [ 4E829B18D5BAEC29893792A3C671A847, 64C3B99F53A9D1ACA802B46B09E820AD210B667D5A1CD0ADAF1F12944B15B52E ] KSecDD C:\WINDOWS\system32\Drivers\ksecdd.sys
22:15:58.0292 0x1428 KSecDD - ok
22:15:58.0323 0x1428 [ 35C19AF2116F67914712D7C4CBE47B8C, 5F976726880A6E51D7ABFA7E3EF7294C6FB7F383DC5710A2C2EC8DD26DAEC204 ] KSecPkg C:\WINDOWS\system32\Drivers\ksecpkg.sys
22:15:58.0339 0x1428 KSecPkg - ok
22:15:58.0355 0x1428 [ 11AFB527AA370B1DAFD5C36F35F6D45F, 757AD234284467ADB826F7CA0251F58D48866B91995BC867DEA4BAF676947163 ] ksthunk C:\WINDOWS\system32\drivers\ksthunk.sys
22:15:58.0370 0x1428 ksthunk - ok
22:15:58.0386 0x1428 [ C1591A66028C71147A3E2EAB0B1CCB7E, 82F3D5DCC1614398A144D9791E4BAA814DBA9112677341FD57D5E9834CEDEB41 ] KtmRm C:\WINDOWS\system32\msdtckrm.dll
22:15:58.0417 0x1428 KtmRm - ok
22:15:58.0448 0x1428 [ 50AECF8C21AB2A6428A6E1E10549D8E5, 6BC7C60CF5E8AFB9972619EE1C78357756E9C0A3EC783C3056CEB600DCBB1555 ] L1C C:\WINDOWS\system32\DRIVERS\L1C63x64.sys
22:15:58.0448 0x1428 L1C - ok
22:15:58.0495 0x1428 [ CA2828DDE4B09FEFFDB7CE68B3D8D00A, B514792FF1EF36C678BB51644A1C420105D5E2CD6DD5A89A3FB252D08277A40C ] LanmanServer C:\WINDOWS\system32\srvsvc.dll
22:15:58.0527 0x1428 LanmanServer - ok
22:15:58.0558 0x1428 [ 3DBD9100745F9B8506B8FEC6FE6CCDE3, C3EF2856A1680AFDE133887E48946CF9CAB6755C3BDC07F0326965DCD4096F62 ] LanmanWorkstation C:\WINDOWS\System32\wkssvc.dll
22:15:58.0589 0x1428 LanmanWorkstation - ok
22:15:58.0636 0x1428 [ 8B9F3796EC1762CF255BDB324E5529C8, F73D6BEF19BE20AEB18DA82CB63E9D8B50ACBBE4ED9B646EF0C9F598F6B81F94 ] lfsvc C:\WINDOWS\System32\GeofenceMonitorService.dll
22:15:58.0683 0x1428 lfsvc - ok
22:15:58.0698 0x1428 [ C09010B3680860131631F53E8FE7BAD8, 35F2A06D5F29478D22ABDCC20DA893EF9D96504C65594A0CEA674D1C21B04FF8 ] lltdio C:\WINDOWS\system32\DRIVERS\lltdio.sys
22:15:58.0730 0x1428 lltdio - ok
22:15:58.0745 0x1428 [ DAE98CC96C5EE308BF4EA7B18F226CB8, 7A6CC56BF075010707715AB6608764291E358EDF27C806A025532869004C686B ] lltdsvc C:\WINDOWS\System32\lltdsvc.dll
22:15:58.0777 0x1428 lltdsvc - ok
22:15:58.0808 0x1428 [ 1E2662D847B7D9995C65D90D254A7E0F, AFD4063D2071FFCB6B0EAC0715276D986F42326919C86E525DCE12E1109A93E2 ] lmhosts C:\WINDOWS\System32\lmhsvc.dll
22:15:58.0870 0x1428 lmhosts - ok
22:15:58.0902 0x1428 [ C755AE4635457AA2A11F79C0DF857ABC, E03D1ACAC155287291FE1BD0B653953ADC94279A74D0152088D698FAA796460F ] LSI_SAS C:\WINDOWS\system32\drivers\lsi_sas.sys
22:15:58.0917 0x1428 LSI_SAS - ok
22:15:58.0933 0x1428 [ ADAC09CBE7A2040B7F68B5E5C9A75141, 7865DA7E91404F3642BC444B97F6B7AA42B9523D5EDD7F6365DA236B8EC3410F ] LSI_SAS2 C:\WINDOWS\system32\drivers\lsi_sas2.sys
22:15:58.0948 0x1428 LSI_SAS2 - ok
22:15:58.0964 0x1428 [ 04D1274BB9BBCCF12BD12374002AA191, 4B9618F8D25F2278DE1610A70ACAADB074D171D162C3AF27D464F5DC800A8E60 ] LSI_SAS3 C:\WINDOWS\system32\drivers\lsi_sas3.sys
22:15:58.0980 0x1428 LSI_SAS3 - ok
22:15:58.0980 0x1428 [ 327469EEF3833D0C584B7E88A76AEC0C, 3D88B5A2D68F93F01B39C6E3D8D5C7A2A20686EFC756086E66AFFF1BC3019B85 ] LSI_SSS C:\WINDOWS\system32\drivers\lsi_sss.sys
22:15:58.0995 0x1428 LSI_SSS - ok
22:15:59.0042 0x1428 [ 9A7A7E45DAED2E8C2816716D8D28236A, C94787988826E546A8DC752BD6BE4EA7423DC3762B2D371DB297A63F865A95FF ] LSM C:\WINDOWS\System32\lsm.dll
22:15:59.0105 0x1428 LSM - ok
22:15:59.0120 0x1428 [ DDEE191AB32DFC22C6465002ECDF5EE4, 190C3930A8449118F9FEDF43C482837EF1C255E6D67F9651156E66A1E2BC6553 ] luafv C:\WINDOWS\system32\drivers\luafv.sys
22:15:59.0152 0x1428 luafv - ok
22:15:59.0183 0x1428 [ A0A527569856B9814E8920F52EBB67F5, 4347277C84B47E4CC048850BDEFB258CFB3B476AA99FD503FD71FBB70FFF5ACF ] LVRS64 C:\WINDOWS\system32\DRIVERS\lvrs64.sys
22:15:59.0198 0x1428 LVRS64 - ok
22:15:59.0370 0x1428 [ 415E344294D1C0D04627B29146F68481, B4A1A05BDF07E8F226A98E51F62BE18BE2C046A084C495BD8A95CABC79FD0614 ] LVUVC64 C:\WINDOWS\system32\DRIVERS\lvuvc64.sys
22:15:59.0511 0x1428 LVUVC64 - ok
22:15:59.0573 0x1428 [ E1C4AE452E1F6C6571CE5F8A6937EAF4, CB3C89BD5C6C0197A033C8A6B834FD3326728BA5D7364E64AE2E8F42AAD91D23 ] McComponentHostService C:\Program Files\McAfee Security Scan\3.11.226\McCHSvc.exe
22:15:59.0605 0x1428 McComponentHostService - ok
22:15:59.0620 0x1428 [ EB5C03A070F30D64A6DF80E53B22F53F, 12051B6AEBDEE1E28F24364F25A52BA3A6E282ECF86D6290E34BD38E6D4E066D ] megasas C:\WINDOWS\system32\drivers\megasas.sys
22:15:59.0636 0x1428 megasas - ok
22:15:59.0667 0x1428 [ F6F13533196DE7A582D422B0241E4363, B3CD9B08937AFFF12141B38634AF3A56F5AC5FF3EF03941802B9841DEC559469 ] megasr C:\WINDOWS\system32\drivers\megasr.sys
22:15:59.0698 0x1428 megasr - ok
22:15:59.0761 0x1428 [ 123271BD5237AB991DC5C21FDF8835EB, 004F8F9228EE291A0E36CE33078D572D61733516F9AA5CFC832AF204C6869E89 ] Microsoft Office Groove Audit Service C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe
22:15:59.0792 0x1428 Microsoft Office Groove Audit Service - ok
22:15:59.0823 0x1428 [ 4C5179DB61B9E14BEC15CDC4B152B2E9, 9048BEC7AD6A3F4B640E99B1F0365AC9A46740B188758FBB2C160EF30AD6E64B ] MMCSS C:\WINDOWS\system32\mmcss.dll
22:15:59.0855 0x1428 MMCSS - ok
22:15:59.0886 0x1428 [ 8B38C44F69259987C95135C9627E2378, E698B82D4EFFF56D66C7FC9866369BA5736FDBDBE2028CC421C51E70DEA74727 ] Modem C:\WINDOWS\system32\drivers\modem.sys
22:15:59.0917 0x1428 Modem - ok
22:15:59.0933 0x1428 [ 601589000CC90F0DF8DA2CC254A3CCC9, D1238A386C41B6C368D9A44B7C112C943995B5403E2A5B4B7346B266DDB0C5A0 ] monitor C:\WINDOWS\System32\drivers\monitor.sys
22:15:59.0995 0x1428 monitor - ok
22:16:00.0042 0x1428 [ 08374E4E5B8914DE6067CBA99F61E930, CBB1390D6523FC968BEDF78FD13699488621ACB2CD1DF55D1606316090548661 ] mouclass C:\WINDOWS\System32\drivers\mouclass.sys
22:16:00.0073 0x1428 mouclass - ok
22:16:00.0105 0x1428 [ 5FCBAB60598AE119E02B4C27DE6B99EA, 36F30094F700DE41C293047ACB49ED1961DD927BEDAD8DFDAB7023D4D24CB0DE ] mouhid C:\WINDOWS\System32\drivers\mouhid.sys
22:16:00.0152 0x1428 mouhid - ok
22:16:00.0183 0x1428 [ 9A788037D768809DFD677F4BA08A224A, E0686B3318F924E440ADA439D6671D44D3FF97C13D45C2E0A3A7B9E23DA38350 ] mountmgr C:\WINDOWS\system32\drivers\mountmgr.sys
22:16:00.0198 0x1428 mountmgr - ok
22:16:00.0230 0x1428 [ 0DE2474F316C515482ABAD3B697F8714, 62862AE7432F5350068E96AD466093359C6CF444EB517AE6D09134FAF78C49F5 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
22:16:00.0245 0x1428 MozillaMaintenance - ok
22:16:00.0277 0x1428 [ 6FC047578785B0435F4E2660946D1ADC, 8AEA5659F01FC2F75160922C69622502DABA39F33CB90D5178DD679A1CDE617D ] mpsdrv C:\WINDOWS\system32\drivers\mpsdrv.sys
22:16:00.0308 0x1428 mpsdrv - ok
22:16:00.0355 0x1428 [ C18AA14126ADC66478E8E962B2DFAA98, A6F8CE9D88D590DC083253004392572C3BD02C33433CD6C0D9117D2AA7171EEC ] MpsSvc C:\WINDOWS\system32\mpssvc.dll
22:16:00.0402 0x1428 MpsSvc - ok
22:16:00.0464 0x1428 [ DB32958F0E704EFBF7F15161A569E39F, 8A26448B954F8A16EE9BA72EF47F6C549A75B30BD13FEB5A29EB099A74D8F678 ] MRxDAV C:\WINDOWS\system32\drivers\mrxdav.sys
22:16:00.0511 0x1428 MRxDAV - ok
22:16:00.0542 0x1428 [ 89DE71940A0E7F5BA617AE08321EF5C3, BD056C9E18E902D6F118E59A6AC68415BFA0690A02D2B360F6C111CE3B5EAC67 ] mrxsmb C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
22:16:00.0589 0x1428 mrxsmb - ok
22:16:00.0620 0x1428 [ BCBD64220AD85C26823453FF1DC3EFBD, 0245E3659E9135B9276F3CCFBEA0CEFFC4F4C0826F6D19B6329057620235F087 ] mrxsmb10 C:\WINDOWS\system32\DRIVERS\mrxsmb10.sys
22:16:00.0667 0x1428 mrxsmb10 - ok
22:16:00.0698 0x1428 [ EE16457030175F449BAB0ABD279F4B6A, DF627054136079553A24AD12DC7374F1ACEEAD782EFFDC278996AD7BCCE98877 ] mrxsmb20 C:\WINDOWS\system32\DRIVERS\mrxsmb20.sys
22:16:00.0714 0x1428 mrxsmb20 - ok
22:16:00.0745 0x1428 [ F3C060444777A59FC63D920719E43CCD, 8766A2746E3DFB0749E902F458141269335CA6F0CEDCA3D5F8C204637C19E783 ] MsBridge C:\WINDOWS\system32\DRIVERS\bridge.sys
22:16:00.0761 0x1428 MsBridge - ok
22:16:00.0792 0x1428 [ 915747E010A9414B069173284A9B93F4, 8A335C28FE1EF96DD71485877F2E86155D24B5614ACE05468F4B07E2ACD56331 ] MSDTC C:\WINDOWS\System32\msdtc.exe
22:16:00.0823 0x1428 MSDTC - ok
22:16:00.0886 0x1428 [ D13329FBF8345B28AB30F44CC247DC08, 9C7EC2D4D65E6510EB5B9E61BB0D14F725D7E8FE98D65161C3971E43EF1AB6EB ] Msfs C:\WINDOWS\system32\drivers\Msfs.sys
22:16:00.0917 0x1428 Msfs - ok
22:16:00.0948 0x1428 [ C6B474E46F9E543B875981ED3FFE6ADD, E16687E52FB649C23D92159A1F036CB662202C1E58D961EECDAA528AA4FA669A ] msgpiowin32 C:\WINDOWS\System32\drivers\msgpiowin32.sys
22:16:00.0964 0x1428 msgpiowin32 - ok
22:16:00.0980 0x1428 [ 65C92EB9D08DB5C69F28C7FFD4E84E31, D709BA4723225321F665B1157A33A4AE230420752308EF535DA9A41CAC164628 ] mshidkmdf C:\WINDOWS\System32\drivers\mshidkmdf.sys
22:16:00.0995 0x1428 mshidkmdf - ok
22:16:01.0011 0x1428 [ 52299F086AC2DAFD100DD5DC4A8614BA, B36BE0FC96798E5EB8C193C318970E3906961E3ABC3BFAAD73138C76D9A95B0B ] mshidumdf C:\WINDOWS\System32\drivers\mshidumdf.sys
22:16:01.0042 0x1428 mshidumdf - ok
22:16:01.0058 0x1428 [ 36D92AF3343C3A3E57FEF11C449AEA4C, ECC85AA1E530DF55B4A4545798219F87F0FCA66DDD2E37BCEF0850D3C9129DD2 ] msisadrv C:\WINDOWS\system32\drivers\msisadrv.sys
22:16:01.0058 0x1428 msisadrv - ok
22:16:01.0089 0x1428 [ 4EAEEBAC8CFF4E0D717DFA920BC58A90, A65CB1BB3392B6A04B978348CAC18A414560A6B04A727F22DFC0ADB20DD3AF6B ] MSiSCSI C:\WINDOWS\system32\iscsiexe.dll
22:16:01.0105 0x1428 MSiSCSI - ok
22:16:01.0105 0x1428 msiserver - ok
22:16:01.0120 0x1428 [ A9BBBD2BAE6142253B9195E949AC2E8D, 599D2952D4E0B0B3E02D91E38A30F4900B1ADA330716B887B156A1CB9A3E6EE9 ] MSKSSRV C:\WINDOWS\system32\drivers\MSKSSRV.sys
22:16:01.0152 0x1428 MSKSSRV - ok
22:16:01.0183 0x1428 [ 51B3AC0560848CD6D65AC2033E293113, 73A27E88774C6929328E6C9FC9C389F4DF76D4D4D5CBFC4F51651CC308829628 ] MsLldp C:\WINDOWS\system32\DRIVERS\mslldp.sys
22:16:01.0198 0x1428 MsLldp - ok
22:16:01.0214 0x1428 [ 7B2128EB875DCBC006E6A913211006D6, 97BBD7FF770741FBFC0F181A609AD0954EA926DA203B742E8F08C89AD8FE476E ] MSPCLOCK C:\WINDOWS\system32\drivers\MSPCLOCK.sys
22:16:01.0245 0x1428 MSPCLOCK - ok
22:16:01.0277 0x1428 [ 1E88171579B218115C7A772F8DE04BD8, B9EAA835D0BF8F9C4DF8403D95EF1400E8AE38F28F9DBA87657DE2129FEF02D2 ] MSPQM C:\WINDOWS\system32\drivers\MSPQM.sys
22:16:01.0292 0x1428 MSPQM - ok
22:16:01.0308 0x1428 [ BBE2A455053E63BECBF42C2F9B21FAE0, 7C5DF563499DF59DF9895A1581E47ADF5FD54C94ECEF6C886CDB60E5E95A6DAE ] MsRPC C:\WINDOWS\system32\drivers\MsRPC.sys
22:16:01.0339 0x1428 MsRPC - ok
22:16:01.0355 0x1428 [ 8D6B7D515C5CBCDB75B928A0B73C3C5E, 1EB4DC3DD21D2627C78EC3F9931D9E5D033169087E43B5D7C17BF1FF2A0028CD ] mssmbios C:\WINDOWS\System32\drivers\mssmbios.sys
22:16:01.0370 0x1428 mssmbios - ok
22:16:01.0386 0x1428 [ 115019AE01E0EB9C048530D2928AB4A2, 6E2275E85EACF2D0FC784792E0D72A165589D33CBAB3BCFA8E271CA09566C925 ] MSTEE C:\WINDOWS\system32\drivers\MSTEE.sys
22:16:01.0402 0x1428 MSTEE - ok
22:16:01.0417 0x1428 [ 96D604A35070360F0DD4A7A8AF410B5E, F94DD1A3566C7C8D0A76D6E1E2530552A9B7F99C5DA0DE11829325EAB9F8B7ED ] MTConfig C:\WINDOWS\System32\drivers\MTConfig.sys
22:16:01.0433 0x1428 MTConfig - ok
22:16:01.0480 0x1428 [ 619CA29326B82372621DB2C0964D8365, 4091F08E266DB45A6E33A4A8B1CE9FA78BB294B3111526AA9E3868620F30AFDF ] Mup C:\WINDOWS\system32\Drivers\mup.sys
22:16:01.0480 0x1428 Mup - ok
22:16:01.0511 0x1428 [ B8C35C94DCB2DFEAF03BB42131F2F77F, F0FCF367CA8F722D6ABCF7F363CD406D890D71452E91C3FC6677B47AD74D6324 ] mvumis C:\WINDOWS\system32\drivers\mvumis.sys
22:16:01.0511 0x1428 mvumis - ok
22:16:01.0558 0x1428 [ 8DF30698BDD9492A9D45A4B94FB4A82A, 26B1B2D7E785E29B8BCB74C467C66AE4EBDD481ACFF36334F3BDF4506B778244 ] napagent C:\WINDOWS\system32\qagentRT.dll
22:16:01.0573 0x1428 napagent - ok
22:16:01.0652 0x1428 [ 008F7CED69FD5B30CBDE1E03C6F36A27, D4ADA7834C470B17A3CD976012DC5A511B32545B9F91D23D09A85722E0B75320 ] NativeWifiP C:\WINDOWS\system32\DRIVERS\nwifi.sys
22:16:01.0730 0x1428 NativeWifiP - ok
22:16:01.0761 0x1428 [ BFCE1225D10619029E68946929CEB64C, 499F560331FFBA82E3D673B47F027FDAB7BEE4F2CB5B811D69E0218839F6E6A5 ] NcaSvc C:\WINDOWS\System32\ncasvc.dll
22:16:01.0777 0x1428 NcaSvc - ok
22:16:01.0823 0x1428 [ 267C97373110B7AFD3B46DF60B6CBB85, CEBB99F71D47634BB9C04DF2836DF6B47F15B3073FEFC237F85526DF01E4E38B ] NcbService C:\WINDOWS\System32\ncbservice.dll
22:16:01.0886 0x1428 NcbService - ok
22:16:01.0917 0x1428 [ 0813B71EAF097208DC76CE0605B48AF0, A93A2E6A8FB77B58AC4D580E6F8BF307A25BADC9493994F9BE235EBFB0E1DB22 ] NcdAutoSetup C:\WINDOWS\System32\NcdAutoSetup.dll
22:16:01.0948 0x1428 NcdAutoSetup - ok
22:16:02.0011 0x1428 [ 97DC5967F65503213FD1F1B3E4A6F983, 3EC515856C7CE9B30032F963DC04190F66EE62402A819781DC45B7D088C84229 ] NDIS C:\WINDOWS\system32\drivers\ndis.sys
22:16:02.0073 0x1428 NDIS - ok
22:16:02.0105 0x1428 [ 8CECC8DA55F3274181FD1EA28AD76664, 188112424CEF97FB926A0FB915260B803555A775DD2E1846725A9C8616300F42 ] NdisCap C:\WINDOWS\system32\DRIVERS\ndiscap.sys
22:16:02.0120 0x1428 NdisCap - ok
22:16:02.0167 0x1428 [ 269882812E9A68FFF1AFE1283D428322, 50B99EBC42DA9B46A8C2C28C9BADCF58AE3079535CDD1227D0F5C86291C715FF ] NdisImPlatform C:\WINDOWS\system32\DRIVERS\NdisImPlatform.sys
22:16:02.0214 0x1428 NdisImPlatform - ok
22:16:02.0230 0x1428 [ DC1D9F692C2AD84C214584C28501C1F7, 96FC0D1EC48FED963E02648541A2AAC8E72ED00D797EA8E3D0ED02F5EB4816C5 ] NdisTapi C:\WINDOWS\system32\DRIVERS\ndistapi.sys
22:16:02.0277 0x1428 NdisTapi - ok
22:16:02.0308 0x1428 [ B832B35055BA2B7B4181861FF94D8E59, 2E60E5D503E88D27E35ECFEE265D51328E93A9C7B9B931F86D9CBC947636BB00 ] Ndisuio C:\WINDOWS\system32\DRIVERS\ndisuio.sys
22:16:02.0339 0x1428 Ndisuio - ok
22:16:02.0355 0x1428 [ 1F58E48EF75F34C35D8E93A0DC535CFE, D65619A6C4B1747F8B05DA08A44EF0E46B5CC384880E04E4755A2BA6CDB3C4EA ] NdisVirtualBus C:\WINDOWS\System32\drivers\NdisVirtualBus.sys
22:16:02.0370 0x1428 NdisVirtualBus - ok
22:16:02.0386 0x1428 [ DEC29080202D4F9F17F55E18BCFCC41A, F7E543741B1F4F637A99C40543D6AEC6EBF893F74359BBA769D1F882E0AFB571 ] NdisWan C:\WINDOWS\system32\DRIVERS\ndiswan.sys
22:16:02.0417 0x1428 NdisWan - ok
22:16:02.0433 0x1428 [ DEC29080202D4F9F17F55E18BCFCC41A, F7E543741B1F4F637A99C40543D6AEC6EBF893F74359BBA769D1F882E0AFB571 ] NdisWanLegacy C:\WINDOWS\system32\DRIVERS\ndiswan.sys
22:16:02.0448 0x1428 NdisWanLegacy - ok
22:16:02.0480 0x1428 [ B8F36CBC72FC5C8B8A30AD850165EA8E, 478454B1399700B745265A64EC9C797C66BD0141471200BCF222F5EB15B0F40C ] NDProxy C:\WINDOWS\system32\drivers\NDProxy.sys
22:16:02.0495 0x1428 NDProxy - ok
22:16:02.0527 0x1428 [ 3083926D1CC5B56EA0786527B557DD1B, 3C3F0CA0D43398576DBE8F677B353ADDA7E8F56829874958CE668E31261C1590 ] Ndu C:\WINDOWS\system32\drivers\Ndu.sys
22:16:02.0589 0x1428 Ndu - ok
22:16:02.0605 0x1428 [ 42FF4975D032CAE558AE4BB8448F6E5A, 0B8FACF3382443DED79A8004A6AA14C32471A6A1C6BAA543AA9F3FEC52620A6D ] NetBIOS C:\WINDOWS\system32\DRIVERS\netbios.sys
22:16:02.0636 0x1428 NetBIOS - ok
22:16:02.0667 0x1428 [ 0217532E19A748F0E5D569307363D5FD, C40C2E7AFA276057E7327A7BB173122689D6CEC9AE443C3850C3F94AF03DFBF5 ] NetBT C:\WINDOWS\system32\DRIVERS\netbt.sys
22:16:02.0698 0x1428 NetBT - ok
22:16:02.0730 0x1428 [ 382100E75B6F4668AEAEF228C6CEFFAD, 9C7229F10F11D18E1FED6395391A46225A84B421034B9AB6F81AF7430FDC556F ] Netlogon C:\WINDOWS\system32\lsass.exe
22:16:02.0745 0x1428 Netlogon - ok
22:16:02.0777 0x1428 [ 8F074B62E66B6117D9598C62A12069C5, 5FDB19045D3E2F6D0F0C5158AC2ECB0D5404CD2AF7A319755D7E3753CA3B7CF3 ] Netman C:\WINDOWS\System32\netman.dll
22:16:02.0808 0x1428 Netman - ok
22:16:02.0855 0x1428 [ 4A04B1CD5BFB4A978C5F60E86D6C3E45, A946922C1C38ADD3CF9D3B09DDCC301AE4DAC960A081B2F42B32BE1E7095B3FD ] netprofm C:\WINDOWS\System32\netprofmsvc.dll
22:16:02.0870 0x1428 netprofm - ok
22:16:02.0948 0x1428 [ 1092B3190E69E0C5ECBCE90F171DE047, C16106EEFC324EE80E5F659CB71A5DD69FA800D36D829F5B0E6AD3393BD1BAF7 ] NetTcpPortSharing C:\WINDOWS\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
22:16:02.0980 0x1428 NetTcpPortSharing - ok
22:16:03.0011 0x1428 [ D4DCE03870314D3354F3501F9DDD4123, 5BFE8299B3F72B8C39A4965365CBF5BA151024451F02DD872FAD1CC35CF94CEA ] netvsc C:\WINDOWS\System32\drivers\netvsc63.sys
22:16:03.0073 0x1428 netvsc - ok
22:16:03.0120 0x1428 [ E94EB2A95D7D016E119C4D6868788831, 3E4A925D23262FBA0A6432DD635FBE94B0CEF76BD9BB323254B66977497FEE2A ] NlaSvc C:\WINDOWS\System32\nlasvc.dll
22:16:03.0152 0x1428 NlaSvc - ok
22:16:03.0183 0x1428 [ 8F44A2F57C9F1A19AC9C6288C10FB351, 310274DDBAC0FE4BE54ECD3B90C97D82A0F9F5CFCA7A35711A36164DE4B94074 ] Npfs C:\WINDOWS\system32\drivers\Npfs.sys
22:16:03.0198 0x1428 Npfs - ok
22:16:03.0230 0x1428 [ CBDB4F0871C88DF930FC0E8588CA67FC, 7E4AA3EA81A9D532F236FD7896744F07ED07CA9B37A9F18A9778BCCCC67490F2 ] npsvctrig C:\WINDOWS\System32\drivers\npsvctrig.sys
22:16:03.0261 0x1428 npsvctrig - ok
22:16:03.0292 0x1428 [ 0F12A72A753CFD7FB0631EE8D08FE983, 860A96471F6CD90DDA9AB3A48E95CEAD826C87D2FA98A00EF91B61C44A4C8B82 ] nsi C:\WINDOWS\system32\nsisvc.dll
22:16:03.0323 0x1428 nsi - ok
22:16:03.0339 0x1428 [ 0E046FF5823B95326D10CF1B4AF23541, 39D22715003746527AB4BFEDED8C34B695DAF589091AE7F3A2A2C4B8A35675A9 ] nsiproxy C:\WINDOWS\system32\drivers\nsiproxy.sys
22:16:03.0448 0x1428 nsiproxy - ok
22:16:03.0683 0x1428 [ 7F68063A5A0461E02BC860CE0E6BFDDC, 47E9F75D27B97278B74034B7D3951A26B1644911ED321455E08D935731C858DE ] Ntfs C:\WINDOWS\system32\drivers\Ntfs.sys
22:16:03.0777 0x1428 Ntfs - ok
22:16:03.0808 0x1428 [ EF1B290FC9F0E47CC0B537292BEE5904, DBC07BBC54EBC2D2E576B23A4CE116B3DA988577AD0D96CB7289A6748A60F9EA ] Null C:\WINDOWS\system32\drivers\Null.sys
22:16:03.0870 0x1428 Null - ok
22:16:03.0902 0x1428 [ 1F07B814C0BB5AABA703ABFF1F31F2E8, 07F578686CAE0FAB5462B472A03DD1BC5DFE0D5DA6307895534CECC330C3D220 ] NVHDA C:\WINDOWS\system32\drivers\nvhda64v.sys
22:16:03.0917 0x1428 NVHDA - ok
22:16:04.0261 0x1428 [ 9B93CC9C70EDE60A9C486E7719DB9E8D, 8E31BE72797D3308D8AF136E9F4C6199BCF4592F88E9FEB361752FF768225EC9 ] nvlddmkm C:\WINDOWS\system32\DRIVERS\nvlddmkm.sys
22:16:04.0605 0x1428 nvlddmkm - ok
22:16:04.0652 0x1428 [ BC6B5942AFF25EBAF62DE43C3807EDF8, CB0FA194084B8C309039D571B5760FDA800E9531B8660C499B4F9977BA5C36D5 ] nvraid C:\WINDOWS\system32\drivers\nvraid.sys
22:16:04.0667 0x1428 nvraid - ok
22:16:04.0698 0x1428 [ 1F43ABFFAC3D6CA356851D517392966E, 6FD7621F67BA94B0E1D8F43BEC2951DBCDEEA1E848BB265AC169E27C01DA68F2 ] nvstor C:\WINDOWS\system32\drivers\nvstor.sys
22:16:04.0698 0x1428 nvstor - ok
22:16:04.0745 0x1428 [ FB50E60564ED30DDC855F0CE435C8467, C9A56D74F58739B8A069336FF5456FC5F3CE89371B8CFE8144B8D06A9C79C6AB ] nvsvc C:\WINDOWS\system32\nvvsvc.exe
22:16:04.0777 0x1428 nvsvc - ok
22:16:04.0792 0x1428 [ 6934A936A7369DFE37B7DBA93F5E5E49, 0900FEEB0CE8D09F0FC60630B5B986034A8BCD3882ED66E47170810C32492892 ] nv_agp C:\WINDOWS\system32\drivers\nv_agp.sys
22:16:04.0808 0x1428 nv_agp - ok
22:16:04.0902 0x1428 [ 785F487A64950F3CB8E9F16253BA3B7B, 02445344BD214370A6D48B1CA04921D8EFCB13E676B5648266DD0E076C0822B6 ] odserv C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
22:16:04.0933 0x1428 odserv - ok
22:16:04.0995 0x1428 [ 475C3F9886D18A8392C476493C99E9AF, B2E50A8620E1467FCD0A009516E7509CE0DAAF7F2F24434BF2A5BC77D1C66C81 ] OpenVPNService C:\Program Files (x86)\Sophos\Sophos SSL VPN Client\bin\openvpnserv.exe
22:16:05.0027 0x1428 OpenVPNService - ok
22:16:05.0027 0x1428 [ 475C3F9886D18A8392C476493C99E9AF, B2E50A8620E1467FCD0A009516E7509CE0DAAF7F2F24434BF2A5BC77D1C66C81 ] OpenVPNServiceInteractive C:\Program Files (x86)\Sophos\Sophos SSL VPN Client\bin\openvpnserv.exe
22:16:05.0042 0x1428 OpenVPNServiceInteractive - ok
22:16:05.0073 0x1428 [ 9D10F99A6712E28F8ACD5641E3A7EA6B, 70964A0ED9011EA94044E15FA77EDD9CF535CC79ED8E03A3721FF007E69595CC ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
22:16:05.0073 0x1428 ose - ok
22:16:05.0120 0x1428 [ 26657F3B4F39A0E64AF859278B599C4E, 3DD65E0BCEF3045DBA29FB8171CA3FCC9781AED3A1C7A160CF26388CE80A3683 ] p2pimsvc C:\WINDOWS\system32\pnrpsvc.dll
22:16:05.0152 0x1428 p2pimsvc - ok
22:16:05.0198 0x1428 [ FD8F61F0D1F64BBB3D835F39A3F979C9, E5C5F86576488EA7F605E26C06EE5AFB36506A446F60C894D55E0A148BF7F02D ] p2psvc C:\WINDOWS\system32\p2psvc.dll
22:16:05.0230 0x1428 p2psvc - ok
22:16:05.0245 0x1428 [ 764B1121867B2D9B31C491668AC72B2B, 32C04B6FCE1DDD09697B81473A23BDCED8BEEFBCD0D2D58DDC9A11A33C756967 ] Parport C:\WINDOWS\System32\drivers\parport.sys
22:16:05.0261 0x1428 Parport - ok
22:16:05.0292 0x1428 [ BAFF6122CFC9F95CA175AD8C348179A4, 079A912D951DF6A57BC1BDB0D182977EE9592751EC9DDCDA2932BDEDB333850C ] partmgr C:\WINDOWS\system32\drivers\partmgr.sys
22:16:05.0308 0x1428 partmgr - ok
22:16:05.0323 0x1428 [ ABE95ABE27A8BD9701782BBCD82C9925, AE3BA1E9ECDE692374D8DAC95A8DAA289DD2470E3D8D58EFAD9F83A37F3AC8E5 ] PcaSvc C:\WINDOWS\System32\pcasvc.dll
22:16:05.0355 0x1428 PcaSvc - ok
22:16:05.0355 0x1428 [ 91ED124E261EA8FAA1C0FFDF2A71B0C4, 20E41A38067395D03184938983A9BE459717A1941352972DBC28D83D542319EC ] pci C:\WINDOWS\system32\drivers\pci.sys
22:16:05.0386 0x1428 pci - ok
22:16:05.0402 0x1428 [ 346E38FCC6859A727DD28AFAD1F0AFF4, FF3DA26F79B3BC3A5B8A8AA0B9139B9EF70297F4EA1203B1E68FB5A212C3AA58 ] pciide C:\WINDOWS\system32\drivers\pciide.sys
22:16:05.0402 0x1428 pciide - ok
22:16:05.0417 0x1428 [ 4D3BDCC1C7B40C9D7B6AD990E6DEC397, 27A7AF2127B699F4579CB77936F38DC102211E26E5E2947DB808756FE06FC98E ] pcmcia C:\WINDOWS\system32\drivers\pcmcia.sys
22:16:05.0433 0x1428 pcmcia - ok
22:16:05.0448 0x1428 [ BF28771D1436C88BE1D297D3098B0F7D, 5F7630916A76A8CF31289E9C577F522B999C74C39E541CD40E62BD53004BEF74 ] pcw C:\WINDOWS\system32\drivers\pcw.sys
22:16:05.0464 0x1428 pcw - ok
22:16:05.0495 0x1428 [ ED54A75050211DC77F9B98C41E026858, F92FB59ADE88469EAA50E91D43165C68CC32FDE11595A0069FD43103A674FE44 ] pdc C:\WINDOWS\system32\drivers\pdc.sys
22:16:05.0495 0x1428 pdc - ok
22:16:05.0542 0x1428 [ 0ECEE590F2E2EF969FB74A6FC583A1E6, 1C611D9225C863CF32125F684B324C58BDE1942F4F283F5674133200AC505D44 ] PEAUTH C:\WINDOWS\system32\drivers\peauth.sys
22:16:05.0589 0x1428 PEAUTH - ok
22:16:05.0667 0x1428 [ 8E3C640FFF5A963F570233AE99C0FFF3, 3DE978B005BF2E88BA858CE37D9E27BD3584642B8412E22C300A1E739743838A ] PerfHost C:\WINDOWS\SysWow64\perfhost.exe
22:16:05.0714 0x1428 PerfHost - ok
22:16:05.0808 0x1428 [ 70B39E7241F750A248798CE82C44596D, 54A72199EB277EE586611DCBC21654786FD2196F91D5884C4F531297893CC3EC ] pla C:\WINDOWS\system32\pla.dll
22:16:05.0886 0x1428 pla - ok
22:16:05.0917 0x1428 [ 2C02AFF8383D893F8DBEB07A84F6E77C, 7CC34BAC67E2988E3D16DD6EB6F6785CD2460E3EF7FBD0BD5F86E49793BD473E ] PlugPlay C:\WINDOWS\system32\umpnpmgr.dll
22:16:05.0933 0x1428 PlugPlay - ok
22:16:05.0964 0x1428 [ 4570F8A37D221660F3A09D6F4DD4BA94, 0EA190CFFA53DF9CCA2D53A4EF1BCB837BA3F2489A3AC5BD11F6D6ED811D118E ] PNRPAutoReg C:\WINDOWS\system32\pnrpauto.dll
22:16:05.0995 0x1428 PNRPAutoReg - ok
22:16:06.0011 0x1428 [ 26657F3B4F39A0E64AF859278B599C4E, 3DD65E0BCEF3045DBA29FB8171CA3FCC9781AED3A1C7A160CF26388CE80A3683 ] PNRPsvc C:\WINDOWS\system32\pnrpsvc.dll
22:16:06.0042 0x1428 PNRPsvc - ok
22:16:06.0073 0x1428 [ BDD52AB4AEBB8B1904568DBD0CCB70CB, C3D1DBA349C79B43DCDD9EF5255C5EE973EFB844235B808B5EF9B63A51FF00AA ] PolicyAgent C:\WINDOWS\System32\ipsecsvc.dll
22:16:06.0120 0x1428 PolicyAgent - ok
22:16:06.0152 0x1428 [ C8DD82C3035E60D671B8CC5DF128D3A9, 6AABF632CBEDA9A7B553BC9134FF100CB6FDC88000D499D2883408FCEDD97576 ] Power C:\WINDOWS\system32\umpo.dll
22:16:06.0183 0x1428 Power - ok
22:16:06.0230 0x1428 [ E075CC071022BD4E9BE7C024717C0E0A, BE65A8C1082AE8DF8C37CA06B2BCC521478AC153EA7388B03F7FAE3913920E75 ] PptpMiniport C:\WINDOWS\system32\DRIVERS\raspptp.sys
22:16:06.0261 0x1428 PptpMiniport - ok
22:16:06.0417 0x1428 [ 3C96A45CA3403A276B0F045C448EC27B, C0011DB8C5A85817CAF815CC0095EE2C1CDD5964DCD8EAF4C35A2495D6A873CC ] PrintNotify C:\WINDOWS\system32\spool\drivers\x64\3\PrintConfig.dll
22:16:06.0558 0x1428 PrintNotify - ok
22:16:06.0574 0x1428 [ ECD373F9571C745894367CC2635EA44F, E08B2A1017DAE1BF10B986DAFAD14BDE20D79703E0EF3A8C700A3753908C1392 ] Processor C:\WINDOWS\System32\drivers\processr.sys
22:16:06.0605 0x1428 Processor - ok
22:16:06.0636 0x1428 [ 6E409D818C6B342544EAE741B1422B85, B4ADFB7809FC42C432C984C3AC13FAFD1B7AD53BCC7FB16E86371DE4C829DD1A ] ProfSvc C:\WINDOWS\system32\profsvc.dll
22:16:06.0683 0x1428 ProfSvc - ok
22:16:06.0714 0x1428 [ FC0141B4A5AD6D637D883C1A89FC45C5, DCE8942C02EEDAE7A57707CA60CAC3A8CD6BA68E6571E405CA882D4DD6D69E43 ] Psched C:\WINDOWS\system32\DRIVERS\pacer.sys
22:16:06.0714 0x1428 Psched - ok
22:16:06.0761 0x1428 [ FBF4DB6D53585437E41A113300002A2B, A0145CE87A95DA3775B28A00E741660C26ADE34BBCC7FC502ED809931482C8F2 ] PxHlpa64 C:\WINDOWS\system32\Drivers\PxHlpa64.sys
22:16:06.0761 0x1428 PxHlpa64 - ok
22:16:06.0792 0x1428 [ DAA9DEE0A5D5F238C4EE54C2C7FB67C5, 7EC8C603BD92699AC35BDCD294F13BEE90D5C2C195FD93A3F16928BFCF53CA93 ] QWAVE C:\WINDOWS\system32\qwave.dll
22:16:06.0839 0x1428 QWAVE - ok
22:16:06.0870 0x1428 [ 83868EB2924E6BC21A54337C65D614D1, 8D1BE01EBD190231153B867C32120DC8FBFBD32050448A778134D435D76A0B07 ] QWAVEdrv C:\WINDOWS\system32\drivers\qwavedrv.sys
22:16:06.0886 0x1428 QWAVEdrv - ok
22:16:06.0902 0x1428 [ B337B1F1E82A83E20A1743E008E25C0F, A2E8AF041B4CAB78AEE28A2147A189FF0F9D2FCEFB167D60FBBA0A787A5A5BE7 ] RasAcd C:\WINDOWS\system32\DRIVERS\rasacd.sys
22:16:06.0933 0x1428 RasAcd - ok
22:16:06.0980 0x1428 [ 3EE5097945A7F680E320953271EB2D4F, 0B9F2B458177A654F65C5E862B7C55B35E20271B76D5E20A20F30D3223A1216F ] RasAgileVpn C:\WINDOWS\system32\DRIVERS\AgileVpn.sys
22:16:06.0995 0x1428 RasAgileVpn - ok
22:16:07.0027 0x1428 [ 044638489B4A5FE5334F46C5314A0826, E06CC2A9EF369794DAD69FBB5AFD1676D4283DDAB2AD5E3EFE454C473F62F955 ] RasAuto C:\WINDOWS\System32\rasauto.dll
22:16:07.0042 0x1428 RasAuto - ok
22:16:07.0058 0x1428 [ 1BD3022FD6E450B00DE560265638FD2A, 3878B443053DFFED62641BE8736891F426C7121EB8C4DB38FF0F218697133A6D ] Rasl2tp C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
22:16:07.0089 0x1428 Rasl2tp - ok
22:16:07.0136 0x1428 [ F83B38FCD4F69157B3D158433FA149CC, AB103BD3E2B3B134CB355C556DF70BCF0CF4DB11EFF7DB4A9876D5AA43D81293 ] RasMan C:\WINDOWS\System32\rasmans.dll
22:16:07.0183 0x1428 RasMan - ok
22:16:07.0199 0x1428 [ 5247F308C4103CDC4FE12AE1D235800A, E567CD33CA1897D53795E071B7AFBAF98B2C8F725F8BED0BA90F5EF611520E48 ] RasPppoe C:\WINDOWS\system32\DRIVERS\raspppoe.sys
22:16:07.0230 0x1428 RasPppoe - ok
22:16:07.0245 0x1428 [ 41F631007A158FEBB67F0E2AD1601BBA, EB5EA7277F4178BC27E55BF850AEBCD84B6BED80B2383CFB29548824AAFED135 ] RasSstp C:\WINDOWS\system32\DRIVERS\rassstp.sys
22:16:07.0261 0x1428 RasSstp - ok
22:16:07.0308 0x1428 [ A1A5E79C0D1352AFDC08328A623DA051, 01546DDE6F1FF159A7EB7F2BF104910445D3D863F1F37DEA695579BA60D84280 ] rdbss C:\WINDOWS\system32\DRIVERS\rdbss.sys
22:16:07.0355 0x1428 rdbss - ok
22:16:07.0386 0x1428 [ 6B21EBF892CD8CACB71669B35AB5DE32, 0AD8E14FEF16FB2559F5FC8AFBC9D49E4E24F43CF65F480DBF9FAB593269B419 ] rdpbus C:\WINDOWS\System32\drivers\rdpbus.sys
22:16:07.0417 0x1428 rdpbus - ok
22:16:07.0433 0x1428 [ 680C1DAE268B6FB67FA21B389A8B79EF, 856911F77BDD8830C3D683EBE8AF399FB3A54C7D8D0B34EA37D903377F0A39BD ] RDPDR C:\WINDOWS\system32\drivers\rdpdr.sys
22:16:07.0464 0x1428 RDPDR - ok
22:16:07.0495 0x1428 [ BC8A79C625568DDB7DCA49D0C2741A64, AB0A7ED9EC2282EC0356D27EA4F70515943E41C2112428B787636B8BEC278933 ] RdpVideoMiniport C:\WINDOWS\system32\drivers\rdpvideominiport.sys
22:16:07.0511 0x1428 RdpVideoMiniport - ok
22:16:07.0527 0x1428 [ A26AEC49F318FEE141DDDB2C5F99B3E6, 246AD79FF27E79DEDCB0AAA7C22A8EA6349DEDAC863413A1E378E68FD94C9C4F ] rdyboost C:\WINDOWS\system32\drivers\rdyboost.sys
22:16:07.0542 0x1428 rdyboost - ok
22:16:07.0589 0x1428 [ 615DFD97DEA56CE1C3A52185A3038FF8, 707BF5F9FAE478A12656D15013F507CC1335E7B72BD21CA99BB813CB95E37BC0 ] ReFS C:\WINDOWS\system32\drivers\ReFS.sys
22:16:07.0620 0x1428 ReFS - ok
22:16:07.0652 0x1428 [ 0CF7CB56BF2D5E9DBCEE0185CB626FAD, 2BD2E2FB1D2EADD1F70EF55E8523C353F95D4FEB1BAD5017FA4D94F790F27825 ] RemoteAccess C:\WINDOWS\System32\mprdim.dll
22:16:07.0683 0x1428 RemoteAccess - ok
22:16:07.0714 0x1428 [ AC8785B53F8436058C90450DA1840AE7, CC1FFC2713910211F8A6AD532DBB9253ACD188CBD784F1BE6613DF382825A3C1 ] RemoteRegistry C:\WINDOWS\system32\regsvc.dll
22:16:07.0745 0x1428 RemoteRegistry - ok
22:16:07.0761 0x1428 [ 65B9FDE300A6DECC03BA44C4616DCAD6, CAD992982733DD20282A3453DC4E554AE1FC077C35479C0CA4E8BC3A9DCD3BB0 ] RpcEptMapper C:\WINDOWS\System32\RpcEpMap.dll
22:16:07.0792 0x1428 RpcEptMapper - ok
22:16:07.0839 0x1428 [ A737B433ABAF3F2DCB2BD7B4CC582B26, 3B5706B0CF0969A9F82060FD4DCC745F2D83C066B663FE8A4F0F493B64032C9C ] RpcLocator C:\WINDOWS\system32\locator.exe
22:16:07.0902 0x1428 RpcLocator - ok
22:16:07.0949 0x1428 [ A6F17C299A03BAFEFB9257C462A19E00, EB68967D28355271897166D7B6FD963D1E546D3C24AE1AEAAC561F94357A9345 ] RpcSs C:\WINDOWS\system32\rpcss.dll
22:16:07.0980 0x1428 RpcSs - ok
22:16:08.0011 0x1428 [ 2D05A5508F4685412F2B89E8C2189ABC, 82F12B4E0E73411A121EFD35FBD3B44CBBC0AE96ACFBB45D8C3C3777E2EA320D ] rspndr C:\WINDOWS\system32\DRIVERS\rspndr.sys
22:16:08.0027 0x1428 rspndr - ok
22:16:08.0027 0x1428 [ 1A063730F221B2746FF00457AE17E4F0, 39A3C258CBFE3BC566C63528C9020A3BC9409736AE5289C08A7BA471D8409263 ] s3cap C:\WINDOWS\System32\drivers\vms3cap.sys
22:16:08.0058 0x1428 s3cap - ok
22:16:08.0089 0x1428 [ 382100E75B6F4668AEAEF228C6CEFFAD, 9C7229F10F11D18E1FED6395391A46225A84B421034B9AB6F81AF7430FDC556F ] SamSs C:\WINDOWS\system32\lsass.exe
22:16:08.0105 0x1428 SamSs - ok
22:16:08.0136 0x1428 [ C624A1B32211C3166EDB3F4AB02A30B7, 6B2A4607DB52D74242787ED9DF9067058983D310431D8612D2B0236E6201E681 ] sbp2port C:\WINDOWS\system32\drivers\sbp2port.sys
22:16:08.0152 0x1428 sbp2port - ok
22:16:08.0183 0x1428 [ 74A3B67F03877D06B09B1B40C5ED582E, A8FF9BF416F0BF365BFB4E1796859825C811A74B5E54DDDCE8345193BEEBE206 ] SCardSvr C:\WINDOWS\System32\SCardSvr.dll
22:16:08.0214 0x1428 SCardSvr - ok
22:16:08.0230 0x1428 [ 8B9C4D55B4A536FB01C360DDB9533574, 9B939FE68F6F9C171ED0D91E2CE1E67515295D34EC23606BCDFD097DCC8CFD4A ] ScDeviceEnum C:\WINDOWS\System32\ScDeviceEnum.dll
22:16:08.0245 0x1428 ScDeviceEnum - ok
22:16:08.0277 0x1428 [ 13BEA6C882D4D877A5A85CA149C86BC1, 8E9BE5C2A36D5881D9985C3A31309FE03966EA13A3541D3C5B542AB67FA0D55F ] scfilter C:\WINDOWS\system32\DRIVERS\scfilter.sys
22:16:08.0292 0x1428 scfilter - ok
22:16:08.0355 0x1428 [ 3151A020E03DDE31AAC49F35C5EFB4DB, 5ABB1103009979F86C862357E28F37C2744979F2C99F7CF6ABB4EB1B8416B3F6 ] Schedule C:\WINDOWS\system32\schedsvc.dll
22:16:08.0433 0x1428 Schedule - ok
22:16:08.0449 0x1428 [ 41C0D7B1A6D4AD119BA6AC0487EA5C8E, 516C2B34BA7507D0DA4148B4ABC0A8C36286570D4EA5C60B28647B1249C15018 ] SCPolicySvc C:\WINDOWS\System32\certprop.dll
22:16:08.0464 0x1428 SCPolicySvc - ok
22:16:08.0480 0x1428 [ C54B6B2170BF628FD42F799A66956D75, BCF460A124CAA6F1F1A9A7BCBDCC2D5E39B0404D96B7C9FFAC806E041782B91E ] sdbus C:\WINDOWS\System32\drivers\sdbus.sys
22:16:08.0495 0x1428 sdbus - ok
22:16:08.0667 0x1428 [ D777F1417D9BB9F66CD9D9C3B61F730F, 0CBD830EB9D2B0F1946131F20907793B2D68A3BCEEC3EA5416972149F73DC815 ] SDScannerService C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
22:16:08.0714 0x1428 SDScannerService - ok
22:16:08.0730 0x1428 [ 0B1E929D11A8E358106955603FAC65E8, A5EC91BFC0873EC6AB1D0DB4E91654BD35339BD680E7E82DA2DC64996B4AE515 ] sdstor C:\WINDOWS\System32\drivers\sdstor.sys
22:16:08.0745 0x1428 sdstor - ok
22:16:08.0824 0x1428 [ 68D6C7F99BC73B88954D844FCCBEB2A0, F746861B103C8BE8EA234B9FCFBBDD2412C79FB65F2F1E0F5E6EBC0B34905FF1 ] SDUpdateService C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
22:16:08.0870 0x1428 SDUpdateService - ok
22:16:08.0886 0x1428 [ 9B9B368A8FF5CAF91D7A333CF62CD2CC, A4AE7FFBBAF983BFDE15B521ED162CBC4E6FC85BCDB200C75D45878B3FFDFA68 ] SDWSCService C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
22:16:08.0902 0x1428 SDWSCService - ok
22:16:08.0933 0x1428 [ 3EA8A16169C26AFBEB544E0E48421186, 34BBB0459C96B3DE94CCB0D73461562935C583D7BF93828DA4E20A6BC9B7301D ] secdrv C:\WINDOWS\system32\drivers\secdrv.sys
22:16:08.0949 0x1428 secdrv - ok
22:16:08.0980 0x1428 [ BA24CEA7152239F42ECD04AFB7C89D24, A2A11EABB0C283772B74667C7544B61BEB1B9745FBF065E831542129EB585AFA ] seclogon C:\WINDOWS\system32\seclogon.dll
22:16:08.0995 0x1428 seclogon - ok
22:16:09.0011 0x1428 [ 81FE9A81EDF8016816C9E91FBFBF7D35, 87FB92A3D15F312F0B9C423EF851061A944B013E5668D8C9A441B4DC0EB690AF ] SENS C:\WINDOWS\System32\sens.dll
22:16:09.0074 0x1428 SENS - ok
22:16:09.0105 0x1428 [ 6E4012AE67F09F867EF620C8D5524C0B, 63933E51F8E413E63481369CE2F9FD224560550FBD3BD2B4573E9F4AD88708A2 ] SensrSvc C:\WINDOWS\system32\sensrsvc.dll
22:16:09.0152 0x1428 SensrSvc - ok
22:16:09.0167 0x1428 [ DB2FF24CE0BDD15FE75870AFE312BA89, 7DB0D978C92CD0A0A81F7AB46FE323B4929CEA01585B0F330921E6DFA7DE1B85 ] SerCx C:\WINDOWS\system32\drivers\SerCx.sys
22:16:09.0167 0x1428 SerCx - ok
22:16:09.0183 0x1428 [ 0044B31F93946D5D41982314381FE431, 95B8A94BA9EF770F29ACD5B23D447EC2B6CF1CB3D0030343BA1550AC31F6E2A5 ] SerCx2 C:\WINDOWS\system32\drivers\SerCx2.sys
22:16:09.0199 0x1428 SerCx2 - ok
22:16:09.0214 0x1428 [ 3CD600C089C1251BEEB4CD4CD5164F9E, D9F81951B4454B24E821E33ACA53A851A61F3135E8EC6FBE6761A1A3E1CDCBE2 ] Serenum C:\WINDOWS\System32\drivers\serenum.sys
22:16:09.0245 0x1428 Serenum - ok
22:16:09.0277 0x1428 [ D864381BC9C725FAB01D94C060660166, 132FED95222BBE3B0B25B3F1F0EFC5903D04564BD047BA4D2042AD51E3FDA724 ] Serial C:\WINDOWS\System32\drivers\serial.sys
22:16:09.0292 0x1428 Serial - ok
22:16:09.0324 0x1428 [ 148195AE95D9BC7375A08846439FDAC1, 3A2F78FD18AA7A6D659921E19335E943894530874AC5AB5E7219CEF28FA54F7A ] sermouse C:\WINDOWS\System32\drivers\sermouse.sys
22:16:09.0339 0x1428 sermouse - ok
22:16:09.0402 0x1428 [ 3A2F1A7472C3B7CC9B89C8516C726488, 9BCBBAC10C900EA7B30822B463A77EE5067F217C4B490857A09E5277983CB89B ] SessionEnv C:\WINDOWS\system32\sessenv.dll
22:16:09.0433 0x1428 SessionEnv - ok
22:16:09.0449 0x1428 [ 472B7A5AC181C050888DB454663DD764, C950A8615D57BFD455E18880398350642B2E1D6B951EC9754FD8D429F3418835 ] sfloppy C:\WINDOWS\System32\drivers\sfloppy.sys
22:16:09.0464 0x1428 sfloppy - ok
22:16:09.0495 0x1428 [ 8081FF3DAE8159FE8956B09BC29CE983, AC0F305AEE8B1AB2E1275F1D33EC1D2F3E23F234F831BD9D41F415A94A19D3AB ] SharedAccess C:\WINDOWS\System32\ipnathlp.dll
22:16:09.0527 0x1428 SharedAccess - ok
22:16:09.0558 0x1428 [ 7FD9A61A3523A61FC135D61D6E160314, 409E1CF7A62FD90CBC31AEAFBB7230B02DBEC6CFCA2D266D221A7643FAEBA13B ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
22:16:09.0605 0x1428 ShellHWDetection - ok
22:16:09.0620 0x1428 [ 2F518D13DD6F3053837FE606F1A2EA1F, 64109296CE95BD233525688A350D575CF97B9464659AA07CF78B307B6ADBC835 ] SiSRaid2 C:\WINDOWS\system32\drivers\SiSRaid2.sys
22:16:09.0636 0x1428 SiSRaid2 - ok
22:16:09.0652 0x1428 [ 1AC9A200A9C49C4508F04AAFFCA34A3F, 972BCB2A39169155F74111FAC74ACCD8F50E34EADCF087833B0980827627BBF4 ] SiSRaid4 C:\WINDOWS\system32\drivers\sisraid4.sys
22:16:09.0652 0x1428 SiSRaid4 - ok
22:16:09.0699 0x1428 [ F6EF225A23D336CA30001E5007644C24, B0A4B1256C1074F1B4F73E3BBA16FD4683D6EEA583DEEF8E11EFD29BA7541F2A ] SkypeUpdate C:\Program Files (x86)\Skype\Updater\Updater.exe
22:16:09.0714 0x1428 SkypeUpdate - ok
22:16:09.0761 0x1428 [ 3C84DCCE5B322F745A75CA8BA3A0F6B3, 1FB94A8A1C63D6FDB82E28ED5B696B3CB1F64183A89A3B5153B266C292CB7815 ] smphost C:\WINDOWS\System32\smphost.dll
22:16:09.0777 0x1428 smphost - ok
22:16:09.0808 0x1428 [ D0EB0DF8C603BBA084351A92732B1CBE, E24ED8F78EF41C1BC17386AE4BBCE0DC892C5B89B12C03FC9FB61D359B13F1B4 ] SNMPTRAP C:\WINDOWS\System32\snmptrap.exe
22:16:09.0824 0x1428 SNMPTRAP - ok
22:16:09.0886 0x1428 [ D24B1945ED1F9C96DA786DBBF1E983CE, B46CB0B72B7A3DF94A46B8D65E38535C5F8E72A55CF2DC48EFA1F9A0108691C4 ] spaceport C:\WINDOWS\system32\drivers\spaceport.sys
22:16:09.0917 0x1428 spaceport - ok
22:16:09.0933 0x1428 [ F337BE11071818FC3F5DC2940B6BDE34, D5CFF00E5DF37045F71AEE101AC9B270EBB29F372F404757B58600E9966C7E4D ] SpbCx C:\WINDOWS\system32\drivers\SpbCx.sys
22:16:09.0949 0x1428 SpbCx - ok
22:16:09.0995 0x1428 [ 2E3976C857D7230EC8D2B2276E688255, C0A6A84369CB3E709A6FFEBED2B38AB62D731B79D052D6D6FA8EF855BC428778 ] Spooler C:\WINDOWS\System32\spoolsv.exe
22:16:10.0042 0x1428 Spooler - ok
22:16:10.0261 0x1428 [ 46549AF7CB672BC8138264CC4100E9F8, 6434249FADB07A033FD40C37DF2B775CF0617CF0C3E7C170F2984BD3CE423794 ] sppsvc C:\WINDOWS\system32\sppsvc.exe
22:16:10.0433 0x1428 sppsvc - ok
22:16:10.0464 0x1428 [ 6416E79A58A8FCC33A447A4DDDD3BF04, 839E3107ACCD520C309BD6C8324DF7A8EB724EAD442AB1F1CACB0D83F84BE488 ] srv C:\WINDOWS\system32\DRIVERS\srv.sys
22:16:10.0511 0x1428 srv - ok
22:16:10.0558 0x1428 [ 00D8AC8E3053290BDE6EA2FB6810D2FC, 957FEF84CBBAE71829529AE99A1B24F52D7831BD666442D0132FBB825409A75D ] srv2 C:\WINDOWS\system32\DRIVERS\srv2.sys
22:16:10.0605 0x1428 srv2 - ok
22:16:10.0620 0x1428 [ D047CD668E6277FD80F0C613946F034C, BD0209E7FD89F9295D4DE48C9652DF2A2990277C16AFA473B96704B1CBD2F338 ] srvnet C:\WINDOWS\system32\DRIVERS\srvnet.sys
22:16:10.0652 0x1428 srvnet - ok
22:16:10.0699 0x1428 [ CF6C3037839CF78421A94F9060C2886F, CA98C180AE03F5BE8FEFFBA75BD98DEE2AD4FA975E1EF83215C9CD2476946811 ] SSDPSRV C:\WINDOWS\System32\ssdpsrv.dll
22:16:10.0745 0x1428 SSDPSRV - ok
22:16:10.0761 0x1428 [ 198A737DBA666F4808D62E9A8277A6B7, 90B6E5E2ACE95D850C913A3A1DA1F966C44955C530004C228FA93B2A536F5C27 ] SstpSvc C:\WINDOWS\system32\sstpsvc.dll
22:16:10.0808 0x1428 SstpSvc - ok
22:16:10.0839 0x1428 [ 627FFBE52FEDF0460C3D7259FC0EDF50, 92CB006CA91E4AF0CAA3ECD74D9329C349650EAFF70D847E62D9D8F2BE38B3B1 ] ssudmdm C:\WINDOWS\system32\DRIVERS\ssudmdm.sys
22:16:10.0855 0x1428 ssudmdm - ok
22:16:11.0042 0x1428 [ 9DA3B55B17B54789AFB8C657D4ACE4D7, 5E4599E682327E3B8097A88A69ED73F96254A29054744D5DFB782054863F131E ] ss_conn_service C:\Program Files (x86)\Samsung\USB Drivers\25_escape\conn\ss_conn_service.exe
22:16:11.0074 0x1428 ss_conn_service - ok
22:16:11.0183 0x1428 [ D67F951F6BA708812420195B8D0AB8B6, 6583DB22EB8AA5FF0134D2536C9A46BC0D7D8F8B2829D5719DD68968C22F5917 ] STacSV C:\Program Files\IDT\WDM\STacSV64.exe
22:16:11.0214 0x1428 STacSV - detected UnsignedFile.Multi.Generic ( 1 )
22:16:13.0120 0x14bc Object required for P2P: [ 81E02299B534F61E104C1235519C37B3 ] AntiVirMailService
22:16:13.0730 0x1428 Detect skipped due to KSN trusted
22:16:13.0730 0x1428 STacSV - ok
22:16:13.0792 0x1428 [ 3F0826F632F66906CB3ED62202A6BAD7, CA21B038DD1A1BED7293A8DEEBE19D43D1C12378ED5C6B82D36900CD4FFF23B7 ] Steam Client Service C:\Program Files (x86)\Common Files\Steam\SteamService.exe
22:16:13.0824 0x1428 Steam Client Service - ok
22:16:13.0902 0x1428 [ 7FCE08C739136C9C64107A8814EF854C, 820E494A401D69E3DA7A8624B2093DCF98198E6D8CCCE345BDF76952EE4ADB07 ] Stereo Service C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
22:16:13.0917 0x1428 Stereo Service - ok
22:16:13.0964 0x1428 [ 366DEA74BBA65B362BCCFC6FC2ADFD8B, 4D28122AB9D8DAB724021E6513B4474BD34FCEDF47769B1D27AC7551FCA002F8 ] stexstor C:\WINDOWS\system32\drivers\stexstor.sys
22:16:13.0964 0x1428 stexstor - ok
22:16:14.0027 0x1428 [ 71CB3BB20F08BB724769DAAAFD5AB26E, FC4B2BD03037EC07F4443BBE13A28859035F7229CA06D4E42AFB42ABF1A89F09 ] STHDA C:\WINDOWS\system32\DRIVERS\stwrt64.sys
22:16:14.0074 0x1428 STHDA - ok
22:16:14.0183 0x1428 [ 63E9CE568CF1192771A5F0460DE7D2B9, C27B21FD2C14AD41A59EF62EB8AC95C08EB13CCB1CEECD8378B8CDD4DC352E69 ] stisvc C:\WINDOWS\System32\wiaservc.dll
22:16:14.0245 0x1428 stisvc - ok
22:16:14.0277 0x1428 [ 0ED2E318ABB68C1A35A8B8038BDB4C90, 5C3ABC245F4BCFE64E646D9C0E2F5E211244956C84D03084C71FF6A7E0CDED30 ] storahci C:\WINDOWS\system32\drivers\storahci.sys
22:16:14.0292 0x1428 storahci - ok
22:16:14.0324 0x1428 [ 8B9486B64E5FC17FB9CC04CA10B77A34, C1EAC9D27DC83E4C56B890D97988C3CCFAE3877309610601F2E3FFFE97686D43 ] storflt C:\WINDOWS\system32\drivers\vmstorfl.sys
22:16:14.0339 0x1428 storflt - ok
22:16:14.0355 0x1428 [ 6B06E2D11E604BE2B1A406C4CB3B90DE, 2DDEA1568A85AD64FCE5D10D348304FCD9BE6E96C2313353EF70A2933306D188 ] stornvme C:\WINDOWS\system32\drivers\stornvme.sys
22:16:14.0370 0x1428 stornvme - ok
22:16:14.0402 0x1428 [ A45F5AC9D8069D0EC66E3CA73103073B, 996788F1C58E016E8E5CF3FD1D220A3C40AFFD6C21361A34636415DB12E0D381 ] StorSvc C:\WINDOWS\system32\storsvc.dll
22:16:14.0433 0x1428 StorSvc - ok
22:16:14.0449 0x1428 [ 548759755BC73DAD663250239D7E0B9F, D31A05A8CE800B539420B6E545F1F4BF6E4B02EAF8366DE89CAF13A83C6CA48D ] storvsc C:\WINDOWS\system32\drivers\storvsc.sys
22:16:14.0464 0x1428 storvsc - ok
22:16:14.0495 0x1428 [ E395BE02F80A79A6CF973BA38DBB8135, 4C6F85B0EB8E7725BA720F9742561D229726C0D7C17505D1E79F19A5626F6325 ] svsvc C:\WINDOWS\system32\svsvc.dll
22:16:14.0527 0x1428 svsvc - ok
22:16:14.0558 0x1428 [ 65454187E0F8B6C0DCECB0287D06EC43, 87550000CF5B3C1DF3E69633934AFE8554AE40B6638F190D3185AD63F1D7A2EE ] swenum C:\WINDOWS\System32\drivers\swenum.sys
22:16:14.0558 0x1428 swenum - ok
22:16:14.0620 0x1428 [ 1C71D72D4997A284128FBEE770726330, 21682BDE74A1108FED1124FB1EA35A03CBFA94ABE1B89CC0FADB4DD82596C43E ] swprv C:\WINDOWS\System32\swprv.dll
22:16:14.0667 0x1428 swprv - ok
22:16:14.0730 0x1428 [ 7E85DB0463AD2403AE84AD162B162279, 996C42ECAFC6E24C623068AFAFCC0A2612526333AF9315F7536C6D40C2570632 ] SysMain C:\WINDOWS\system32\sysmain.dll
22:16:14.0792 0x1428 SysMain - ok
22:16:14.0824 0x1428 [ D73DBBB96CEE90C2856164AAD8543425, D11ADB5D4C5DD355314CA656D375D0062CAE7462E866F94F1B26D5803F65DCB2 ] SystemEventsBroker C:\WINDOWS\System32\SystemEventsBrokerServer.dll
22:16:14.0870 0x1428 SystemEventsBroker - ok
22:16:14.0902 0x1428 [ D6A71B95ACF71ACA63B67232059F1BCD, C5CEC032E7AB507500D1CC7A4E65DA6322412C798201A9D770CBDE892E50DFC8 ] TabletInputService C:\WINDOWS\System32\TabSvc.dll
22:16:14.0933 0x1428 TabletInputService - ok
22:16:14.0964 0x1428 [ 5D7360A19660F1C9B3E15C8DA969FE41, 94E144E5AB3A0AB4CF18D1DBAD2B2AE426DBF40D520F7C961705A71CE3C0629E ] tap0901 C:\WINDOWS\system32\DRIVERS\tap0901.sys
22:16:14.0964 0x1428 tap0901 - ok
22:16:15.0011 0x1428 [ 5A5BAB1CA9621E73E25EE4744B67CDA6, 479EBD7BAE1E2AD431153FDC016742F7A8D824716EAB1A4CA87EBBD21D61DECD ] TapiSrv C:\WINDOWS\System32\tapisrv.dll
22:16:15.0058 0x1428 TapiSrv - ok
22:16:15.0167 0x1428 [ 746DDF7D59AB8D721C88D48434597E8D, 78BDBAB8D1E86A11804FEB19B355C0FAD04ACE8DD4BDDFDADCE5461E259BCE82 ] Tcpip C:\WINDOWS\system32\drivers\tcpip.sys
22:16:15.0261 0x1428 Tcpip - ok
22:16:15.0339 0x1428 [ 746DDF7D59AB8D721C88D48434597E8D, 78BDBAB8D1E86A11804FEB19B355C0FAD04ACE8DD4BDDFDADCE5461E259BCE82 ] TCPIP6 C:\WINDOWS\system32\DRIVERS\tcpip.sys
22:16:15.0402 0x1428 TCPIP6 - ok
22:16:15.0449 0x1428 [ 41CF802064F72E55F50CA0A221FD36D4, 70ABCDF9E96611E8C83042C581575E26649FE479475E8E118CD3FF6CB1C84C3F ] tcpipreg C:\WINDOWS\system32\drivers\tcpipreg.sys
22:16:15.0464 0x1428 tcpipreg - ok
22:16:15.0495 0x1428 [ E0BD2D83875464FEEEB242CBA8B7E073, A3067165128F36035FA9F3CBA55CFED736E180C495497FA7332B3D97908C3D90 ] tdx C:\WINDOWS\system32\DRIVERS\tdx.sys
22:16:15.0527 0x1428 tdx - ok
22:16:15.0542 0x1428 [ 232D185D2337F141311D0CF1983E1431, 02EB56D3F26174AF1741C1A444CE30DE84D5BAF583C1A52C7A953BCC52445547 ] terminpt C:\WINDOWS\System32\drivers\terminpt.sys
22:16:15.0558 0x1428 terminpt - ok
22:16:15.0605 0x1428 [ C50997E282576DA492EBA66B059D4196, EBD793CB396F9503376207FA60353F5672DEDB620C8E01C8D6AE0030B3B03339 ] TermService C:\WINDOWS\System32\termsrv.dll
22:16:15.0652 0x1428 TermService - ok
22:16:15.0683 0x1428 [ 2180DBCE75B914E5E5BBFFFAAE97AA21, 8000AECC8855903DB50ABA7E304396D1FCEAE8DC9ADD4FC50275CF24B4D914DE ] Themes C:\WINDOWS\system32\themeservice.dll
22:16:15.0699 0x1428 Themes - ok
22:16:15.0745 0x1428 [ 4C5179DB61B9E14BEC15CDC4B152B2E9, 9048BEC7AD6A3F4B640E99B1F0365AC9A46740B188758FBB2C160EF30AD6E64B ] THREADORDER C:\WINDOWS\system32\mmcss.dll
22:16:15.0761 0x1428 THREADORDER - ok
22:16:15.0777 0x1428 [ B5ED9CC61798C7D44BD535D40B89EFB5, 1BDCEAA9AF2096381870D92129C748F4EE06A1167ABA9367B9DD43BAF27E3F5B ] TimeBroker C:\WINDOWS\System32\TimeBrokerServer.dll
22:16:15.0808 0x1428 TimeBroker - ok
22:16:15.0839 0x1428 [ 80A2FC1A089A71F2DBE5D8394FFB009F, DEA30E751F6EA42E43E16869713FC7E37832B15DAFA0062B1798DFA476981385 ] TPM C:\WINDOWS\system32\drivers\tpm.sys
22:16:15.0839 0x1428 TPM - ok
22:16:15.0886 0x1428 [ 884113C2BB703FE806C8608B75F34831, 24DE5750CA4363455412BABB0B1FAB08497153E8F158ED44958F100410F93506 ] TrkWks C:\WINDOWS\System32\trkwks.dll
22:16:15.0917 0x1428 TrkWks - ok
22:16:15.0980 0x1428 [ 44A94FB4C76528D2382FFE04B05827C3, B0BCDF7CD1D65E61A9061D539D83527A89B69583958F8A26C6BF9766C1B61E0C ] TrustedInstaller C:\WINDOWS\servicing\TrustedInstaller.exe
22:16:16.0027 0x1428 TrustedInstaller - ok
22:16:16.0042 0x1428 [ BF8F54CA37E9C9D6582C31C5761F8C93, 337C566792F6FB9B7FD5D1D4384B767CFE4CF5DBB2E4688CCC36CBB018A0DD0F ] TsUsbFlt C:\WINDOWS\system32\drivers\tsusbflt.sys
22:16:16.0058 0x1428 TsUsbFlt - ok
22:16:16.0089 0x1428 [ 20185BEB7512EDE4EFECDFA148AC9F99, 6F539478493C0F87F3DDF67A4A6D4D41E9474EEF21434E856350CE149A34EA9F ] TsUsbGD C:\WINDOWS\System32\drivers\TsUsbGD.sys
22:16:16.0120 0x1428 TsUsbGD - ok
22:16:16.0152 0x1428 [ E85916632CD3B9E9B546968DB950BF42, DECE3852C763CC6293C7D1B772296C43A0AE1E47BBCC4979C96B3B2AD70413F3 ] tunnel C:\WINDOWS\system32\DRIVERS\tunnel.sys
22:16:16.0183 0x1428 tunnel - ok
22:16:16.0214 0x1428 [ F6EEAD052943B5A3104C1405BB856C54, FE422813E6C1012E9F392EFF2AE4C6D3A4DBD9CB2BD5E6A5CAB57D4E89A29468 ] uagp35 C:\WINDOWS\system32\drivers\uagp35.sys
22:16:16.0230 0x1428 uagp35 - ok
22:16:16.0245 0x1428 [ FE6067B1FD4E63650C667B33D080565B, 2C330ED00E49BA55E25564230E0DFB8A35F2B5320EB18D4AF7CAACFA9A449044 ] UASPStor C:\WINDOWS\System32\drivers\uaspstor.sys
22:16:16.0261 0x1428 UASPStor - ok
22:16:16.0292 0x1428 [ 807F8CF3E973305FC435C61CBBEE2A49, 43CDEAC2BFC5091C11DFC0E7F7171AF9A598AE56CB056C3CF382AE7807F79EF0 ] UCX01000 C:\WINDOWS\System32\drivers\ucx01000.sys
22:16:16.0308 0x1428 UCX01000 - ok
22:16:16.0355 0x1428 [ C61EAF8E1E4B2F62BA4FDF457440B2C6, 961F76A789925234AC27F56AAE34556FA06088D71580B42C24B0BC209EAFD67E ] udfs C:\WINDOWS\system32\DRIVERS\udfs.sys
22:16:16.0386 0x1428 udfs - ok
22:16:16.0402 0x1428 [ 9578691F297E1B1F519970FE6D47CB21, 080C352AAF22A16A4F3C4AB4DCEA5BFA656457C73F735CEBA30516FDACCF6301 ] UEFI C:\WINDOWS\System32\drivers\UEFI.sys
22:16:16.0402 0x1428 UEFI - ok
22:16:16.0433 0x1428 [ A867F0F978EE64C87FADC3B100869EE4, 2686BE85F963D0D0BB275E92E5B543280D8742CF10772303E3189D0719B6A277 ] UI0Detect C:\WINDOWS\system32\UI0Detect.exe
22:16:16.0480 0x1428 UI0Detect - ok
22:16:16.0480 0x1428 [ 5EAB5117DDB24FC4D39E6FFFCF1837B9, 2BC709240867F161E94BE6625A04F478EAAA3EEE7BC7C37ED0DFA9EEA5928E98 ] uliagpkx C:\WINDOWS\system32\drivers\uliagpkx.sys
22:16:16.0495 0x1428 uliagpkx - ok
22:16:16.0495 0x1428 [ DA34C39A18E60E7C3FA0630566408034, 2F162504214053894C72760D9933D01DBF3578609FE5E2376C3272818599FE32 ] umbus C:\WINDOWS\System32\drivers\umbus.sys
22:16:16.0527 0x1428 umbus - ok
22:16:16.0542 0x1428 [ AE8294875E5446E359B1E8035D40C05E, AE0357BAB47C07C3576BC76951CD258C009BC5A1B93259D2122A841BD9CDA8FA ] UmPass C:\WINDOWS\System32\drivers\umpass.sys
22:16:16.0558 0x1428 UmPass - ok
22:16:16.0620 0x1428 [ A023F267A262D5DA6CE1436D9C5E8FD9, 92AD7AF91184C244A7E392F49663143193A80D5D81114546A00F18227DE31D23 ] UmRdpService C:\WINDOWS\System32\umrdp.dll
22:16:16.0652 0x14bc Object send P2P result: true
22:16:16.0652 0x14bc Object required for P2P: [ 3CBE5047BB08BD363420D68364F9E829 ] AntiVirSchedulerService
22:16:16.0714 0x1428 UmRdpService - ok
22:16:16.0761 0x1428 [ C98493DD8E6A50154FAC75C15E1C36BB, CECD1C826C8F7AF05468871BF6A0ACDBB6B0202F4F87F48C6D367E5BD699E800 ] upnphost C:\WINDOWS\System32\upnphost.dll
22:16:16.0839 0x1428 upnphost - ok
22:16:16.0886 0x1428 [ DF355EB0199198728027962DCFCDE5FB, 9E158BD07389B4CFF99674716647FA3AABEECBD1A98EDF20E544E099A99A8768 ] usbaudio C:\WINDOWS\system32\drivers\usbaudio.sys
22:16:16.0933 0x1428 usbaudio - ok
22:16:16.0949 0x1428 [ FF78D053A05E5A394F4E3C1816CC65A8, 5DAE02414271231F5FDBB751AFEB99874779B467947020815D4AE54432D4269D ] usbccgp C:\WINDOWS\System32\drivers\usbccgp.sys
22:16:16.0964 0x1428 usbccgp - ok
22:16:17.0011 0x1428 [ 0139248F6B95CF0D837B5B46A2722D40, 38E3E704E0364F07732DB418AEBD126B040FB3CDB7D78EA36E8605D50D528A80 ] usbcir C:\WINDOWS\System32\drivers\usbcir.sys
22:16:17.0074 0x1428 usbcir - ok
22:16:17.0120 0x1428 [ 635686E528F2C9CB916EC1BB04EE6AD1, 080A0F209773232860F510F17005EF92650BA831F69BB0006AEF11A2BB0A4906 ] UsbClientService C:\Program Files (x86)\Synology\Assistant\UsbClientService.exe
22:16:17.0152 0x1428 UsbClientService - ok
22:16:17.0183 0x1428 [ BBFD17B6B954FC9FA02E62D604052069, 47D2B7228EABA7F37F69A1756B69FFFB19F0C2CC2869C5BF674E4FD9257488A2 ] usbehci C:\WINDOWS\System32\drivers\usbehci.sys
22:16:17.0183 0x1428 usbehci - ok
22:16:17.0230 0x1428 [ 4875DC63E548812C75D4FDEF84970C89, 6A29306BAB6F95F0384E16533A9588A654A6E3CFC35D55A4CEB2B14EF34EEE19 ] usbfilter C:\WINDOWS\System32\drivers\usbfilter.sys
22:16:17.0230 0x1428 usbfilter - ok
22:16:17.0245 0x1428 [ CD81683F4553677B9BF5163A922153EB, 6B304B0D68B9BFF0245EC755CDAAF9DF59DF3A081727E32CB66672929F0DBC50 ] usbhub C:\WINDOWS\System32\drivers\usbhub.sys
22:16:17.0277 0x1428 usbhub - ok
22:16:17.0308 0x1428 [ 5C90D5379B53590FBB24BBAD4FA682EE, DC036340510C1C0999AB1CB845F8E6EB8B7696BAC9BBE6E936454C0000D1E9D4 ] USBHUB3 C:\WINDOWS\System32\drivers\UsbHub3.sys
22:16:17.0339 0x1428 USBHUB3 - ok
22:16:17.0370 0x1428 [ A0F0484C97D6441ED6A75D7426ECCC9E, FF928ADE1C5464E581BF929F7383D5762D110EA6C7E31A6F0887EA7357ADBEFE ] usbohci C:\WINDOWS\System32\drivers\usbohci.sys
22:16:17.0402 0x1428 usbohci - ok
22:16:17.0402 0x1428 [ 4D655E3B684BE9B0F7FFD8A2935C348C, 3A7FC1748C5AEA8CFE0E7C22ADC77E3DCA475455FC16D9C6A5C16EB5E949A516 ] usbprint C:\WINDOWS\System32\drivers\usbprint.sys
22:16:17.0433 0x1428 usbprint - ok
22:16:17.0464 0x1428 [ 0F030491BA4A27BD46F8B8ACEEE83F1A, 7063855611BEF94D4D229BA1BE507ECBDD89F5861641A407EB3E2919A352F9D4 ] usbscan C:\WINDOWS\System32\drivers\usbscan.sys
22:16:17.0511 0x1428 usbscan - ok
22:16:17.0527 0x1428 [ 66732C13628BDB1AB0D6FD46027327C2, B582C0F348D8F79419CA5A58F10CA151E06D7CA3BE162344CADA46D9D7FED97C ] USBSTOR C:\WINDOWS\System32\drivers\USBSTOR.SYS
22:16:17.0542 0x1428 USBSTOR - ok
22:16:17.0558 0x1428 [ FC974B03C8B87455F44F734C8F31A3C8, D69F6EE8030F7DF96FF151D9EAA6AE65417ACAC5A267C7DB96E9611D5BC42D2C ] usbuhci C:\WINDOWS\System32\drivers\usbuhci.sys
22:16:17.0574 0x1428 usbuhci - ok
22:16:17.0620 0x1428 [ 44603DA5A87FB491EF59C889EBBB4DDB, 59AA9B6B0B5D66F9312CD3F999D0D9F12F1A2C5D230365AD7287CD71FD86961C ] USBXHCI C:\WINDOWS\System32\drivers\USBXHCI.SYS
22:16:17.0652 0x1428 USBXHCI - ok
22:16:17.0667 0x1428 [ 382100E75B6F4668AEAEF228C6CEFFAD, 9C7229F10F11D18E1FED6395391A46225A84B421034B9AB6F81AF7430FDC556F ] VaultSvc C:\WINDOWS\system32\lsass.exe
22:16:17.0667 0x1428 VaultSvc - ok
22:16:17.0699 0x1428 [ FEB26E3B8345A7E8D62F945C4AE86562, 3AAFE87C402FC8E92542DFE60EC9540559863065F88D429A16D7B1BF829223FF ] vdrvroot C:\WINDOWS\system32\drivers\vdrvroot.sys
22:16:17.0699 0x1428 vdrvroot - ok
22:16:17.0777 0x1428 [ 8A4D808D1EC7C1C47B2C8BF488A9A07A, 63C07312ADB6F8A8BDE93361C30AC63DAB4DE1141AF54630EEF11E54B0BF983D ] vds C:\WINDOWS\System32\vds.exe
22:16:17.0824 0x1428 vds - ok
22:16:17.0839 0x1428 [ A026EDEAA5EECAE0B08E2748B616D4BD, 2525A54DC7F49DDFBB999C22BF3FAB6D9E9F70C0806E58D81E90AC59F9F46089 ] VerifierExt C:\WINDOWS\system32\drivers\VerifierExt.sys
22:16:17.0855 0x1428 VerifierExt - ok
22:16:17.0902 0x1428 [ F6ECFD6128A16A4851CFE98D4E01B011, C349893E8D7FB9B510A3FAD040F70C3C72B0ACDD5F6EB336951849F9E953717D ] vhdmp C:\WINDOWS\System32\drivers\vhdmp.sys
22:16:17.0933 0x1428 vhdmp - ok
22:16:17.0949 0x1428 [ 06D38968028E9AB19DE9B618C7B6D199, 62022297A47F440D1C82CA0B0E57C0C8E9D5033D83DD3B40492B218DF65EBF68 ] viaide C:\WINDOWS\system32\drivers\viaide.sys
22:16:17.0964 0x1428 viaide - ok
22:16:17.0980 0x1428 [ 511AD3FF957A0127E6BD336FF6F89C38, 55325BFD0857A1204F7F6F8ED8C91C07B0E20A50402105708E7365ECD9E25A21 ] vmbus C:\WINDOWS\system32\drivers\vmbus.sys
22:16:17.0995 0x1428 vmbus - ok
22:16:18.0011 0x1428 [ DA40BEA0A863CE768C940CA9723BF81F, 567C0C3F422325635808B0CF76E05D3B6187F96845C33F85F92F98C9FE53A5B8 ] VMBusHID C:\WINDOWS\System32\drivers\VMBusHID.sys
22:16:18.0027 0x1428 VMBusHID - ok
22:16:18.0074 0x1428 [ C42C38E15C0DC39D4B0BDF34F733E468, 7264680C44FA68BB1FC0A490FE3988AFDE19892295F7458943D8CBEE6C01D4F0 ] vmicguestinterface C:\WINDOWS\System32\ICSvc.dll
22:16:18.0105 0x1428 vmicguestinterface - ok
22:16:18.0105 0x1428 [ C42C38E15C0DC39D4B0BDF34F733E468, 7264680C44FA68BB1FC0A490FE3988AFDE19892295F7458943D8CBEE6C01D4F0 ] vmicheartbeat C:\WINDOWS\System32\ICSvc.dll
22:16:18.0136 0x1428 vmicheartbeat - ok
22:16:18.0152 0x1428 [ C42C38E15C0DC39D4B0BDF34F733E468, 7264680C44FA68BB1FC0A490FE3988AFDE19892295F7458943D8CBEE6C01D4F0 ] vmickvpexchange C:\WINDOWS\System32\ICSvc.dll
22:16:18.0167 0x1428 vmickvpexchange - ok
22:16:18.0183 0x1428 [ C42C38E15C0DC39D4B0BDF34F733E468, 7264680C44FA68BB1FC0A490FE3988AFDE19892295F7458943D8CBEE6C01D4F0 ] vmicrdv C:\WINDOWS\System32\ICSvc.dll
22:16:18.0214 0x1428 vmicrdv - ok
22:16:18.0230 0x1428 [ C42C38E15C0DC39D4B0BDF34F733E468, 7264680C44FA68BB1FC0A490FE3988AFDE19892295F7458943D8CBEE6C01D4F0 ] vmicshutdown C:\WINDOWS\System32\ICSvc.dll
22:16:18.0245 0x1428 vmicshutdown - ok
22:16:18.0261 0x1428 [ C42C38E15C0DC39D4B0BDF34F733E468, 7264680C44FA68BB1FC0A490FE3988AFDE19892295F7458943D8CBEE6C01D4F0 ] vmictimesync C:\WINDOWS\System32\ICSvc.dll
22:16:18.0277 0x1428 vmictimesync - ok
22:16:18.0292 0x1428 [ C42C38E15C0DC39D4B0BDF34F733E468, 7264680C44FA68BB1FC0A490FE3988AFDE19892295F7458943D8CBEE6C01D4F0 ] vmicvss C:\WINDOWS\System32\ICSvc.dll
22:16:18.0324 0x1428 vmicvss - ok
22:16:18.0324 0x1428 [ 55D7D963DE85162F1C49721E502F9744, 5AD34D6DB707EF3E5242BD8CA67B21D6258EE7E7FC477D5227BD15500AE7F45F ] volmgr C:\WINDOWS\system32\drivers\volmgr.sys
22:16:18.0339 0x1428 volmgr - ok
22:16:18.0370 0x1428 [ CCB9E901F7254BF96D28EB1B0E5329B7, F0E3CA4EFA544CDAEF4092284CF3EC7DF07F806A770285E281816457AD8813F5 ] volmgrx C:\WINDOWS\system32\drivers\volmgrx.sys
22:16:18.0386 0x1428 volmgrx - ok
22:16:18.0417 0x1428 [ 64CA2B4A49A8EAF495E435623ECCE7DB, 81151F295A54DE2B8B88C7F48C86BF58CDFF96F98493509C06D6F41484594386 ] volsnap C:\WINDOWS\system32\drivers\volsnap.sys
22:16:18.0433 0x1428 volsnap - ok
22:16:18.0449 0x1428 [ EF31713EE4C7CCFE4049F7E7F15645A2, 35D198D3F1061E19A7EF89FA1E75377049CD6BCA9702F8076B9F95BB8737E0D4 ] vpci C:\WINDOWS\System32\drivers\vpci.sys
22:16:18.0464 0x1428 vpci - ok
22:16:18.0480 0x1428 [ 4539F45F9F4C9757A86A56C949421E07, DEC362314B2C66414F39354AFE79C02B18BF4EEF90787FB58307F6EB62237E2C ] vsmraid C:\WINDOWS\system32\drivers\vsmraid.sys
22:16:18.0495 0x1428 vsmraid - ok
22:16:18.0542 0x1428 [ 3B7F9612439EA47151EC5EAB232C1C3F, CA08CCB14CB46512F72E2C20454242B18BC57E34C55B42A37B7EC27B79242CDC ] VSS C:\WINDOWS\system32\vssvc.exe
22:16:18.0605 0x1428 VSS - ok
22:16:18.0636 0x1428 [ 0849B7260F26FE05EA56DED0672E2F4B, 7EAC0E7988F45CB4133A15932955B7B03CE715C967A3BAC9999D81543EBCAEC5 ] VSTXRAID C:\WINDOWS\system32\drivers\vstxraid.sys
22:16:18.0652 0x1428 VSTXRAID - ok
22:16:18.0714 0x1428 [ BE970C369E43B509C1EDA2B8FA7CECB0, 18951F2AA842A0795AA79A4E164EE925A35E6270EBE4C4CDB19D0A891830E383 ] vwifibus C:\WINDOWS\System32\drivers\vwifibus.sys
22:16:18.0761 0x1428 vwifibus - ok
22:16:18.0792 0x1428 [ DC821E811EFBB65CDD77FBB8B6ECA385, B7C8AACDF81DBA298F2F384983D36B269876C31F0398D89BF9070217A069B96F ] W32Time C:\WINDOWS\system32\w32time.dll
22:16:18.0839 0x1428 W32Time - ok
22:16:18.0870 0x1428 [ A22546B0093EBBDE03C52E56C3391373, 0C28D5C6A4E4EF12ABF0195409CAED17E07DEA22FB330D99FEEF847CBBC04A4E ] w3logsvc C:\WINDOWS\system32\inetsrv\w3logsvc.dll
22:16:18.0933 0x1428 w3logsvc - ok
22:16:18.0933 0x1428 [ 0910AB9ED404C1434E2D0376C2AD5D8B, 62585CA5F1375BDA440D28D5DF1ADDC9DE3DDFA196D49BBFF3456A5A09EE1C6B ] WacomPen C:\WINDOWS\System32\drivers\wacompen.sys
22:16:18.0964 0x1428 WacomPen - ok
22:16:18.0995 0x1428 [ 23006D660C0E54BF1CE8253E15F5E995, 4FA7ED2F6B29BACBE2BB43C79FC8231C4C59F27C79AB09DB07BBFE36B35689E5 ] Wanarp C:\WINDOWS\system32\DRIVERS\wanarp.sys
22:16:19.0042 0x1428 Wanarp - ok
22:16:19.0042 0x1428 [ 23006D660C0E54BF1CE8253E15F5E995, 4FA7ED2F6B29BACBE2BB43C79FC8231C4C59F27C79AB09DB07BBFE36B35689E5 ] Wanarpv6 C:\WINDOWS\system32\DRIVERS\wanarp.sys
22:16:19.0074 0x1428 Wanarpv6 - ok
22:16:19.0120 0x1428 [ 9BAE40BD31E3EE0B0C70BEF167E0A2BC, 2419AC815C95F2629E1832973501983D06F788728755605D42D6C8565C3CBBF1 ] WAS C:\WINDOWS\system32\inetsrv\iisw3adm.dll
22:16:19.0152 0x1428 WAS - ok
22:16:19.0214 0x1428 [ A81988DCC4FA440AA88B84CA452F5E22, 3573AAA09971E8ADB6FEFA778E02B2D8EE5E4249267CF37A524D9F019CC836FB ] wbengine C:\WINDOWS\system32\wbengine.exe
22:16:19.0277 0x1428 wbengine - ok
22:16:19.0292 0x1428 [ 0F1DFA2FED73FA78B8C3CDE332A870F6, 1089F6F585F5350D349A640EBD3117832DF6B3657EB6667CB00AE217E04ACA17 ] WbioSrvc C:\WINDOWS\System32\wbiosrvc.dll
22:16:19.0355 0x1428 WbioSrvc - ok
22:16:19.0355 0x1428 [ 0EAEC313B24837613621B4A2536ED382, 61C194ED7FA7D65BBE61A546D5FCA52F52AB08324E084D3EC23C9706E9BF0175 ] Wcmsvc C:\WINDOWS\System32\wcmsvc.dll
22:16:19.0386 0x1428 Wcmsvc - ok
22:16:19.0417 0x1428 [ F6B4C2280FF7C7156AC8A4687B9DA35E, 1899D584D7469BB49355D84080051E2575B033E6312009D9C6C1DD3F7F9AA4C5 ] wcncsvc C:\WINDOWS\System32\wcncsvc.dll
22:16:19.0433 0x1428 wcncsvc - ok
22:16:19.0464 0x1428 [ B7BF1D783F5B2484E8CE1C0C78257F16, 468601199FCCF63DBAE86EE6B8825EA85B2A1EE177413353FFA2CC9CA5249FCD ] WcsPlugInService C:\WINDOWS\System32\WcsPlugInService.dll
22:16:19.0495 0x1428 WcsPlugInService - ok
22:16:19.0527 0x1428 [ 81285DDC994F03379DB46419300B2DCB, 98D3622E11F375718AEA1DE3B5F0104DDAB4F96B6D4C19788C14F7B338A6F235 ] WdBoot C:\WINDOWS\system32\drivers\WdBoot.sys
22:16:19.0542 0x1428 WdBoot - ok
22:16:19.0589 0x1428 [ CB6C63FF8342B467E2EF76E98D5B934D, BE017CE91E3BAB293DE6ECF143797CCE3F33CC63024437472B4E38C6961AD884 ] Wdf01000 C:\WINDOWS\system32\drivers\Wdf01000.sys
22:16:19.0620 0x1428 Wdf01000 - ok
22:16:19.0636 0x1428 [ 26B8FED3F3B85F5F0C4BD03FD00B9941, 7F94FE7954498223B33C025258DB588A3AC9FF25C58EEAD204514FD20652FE40 ] WdFilter C:\WINDOWS\system32\drivers\WdFilter.sys
22:16:19.0652 0x1428 WdFilter - ok
22:16:19.0683 0x1428 [ F581F9C9D6953FABFA24E67105F0B614, 5A7BB72523D1C53BBE68700537D7AE0D150BC7E4B8227A916B2E29EE4CA267A9 ] WdiServiceHost C:\WINDOWS\system32\wdi.dll
22:16:19.0824 0x1428 WdiServiceHost - ok
22:16:19.0824 0x1428 [ F581F9C9D6953FABFA24E67105F0B614, 5A7BB72523D1C53BBE68700537D7AE0D150BC7E4B8227A916B2E29EE4CA267A9 ] WdiSystemHost C:\WINDOWS\system32\wdi.dll
22:16:19.0839 0x1428 WdiSystemHost - ok
22:16:19.0870 0x1428 [ CE67080F00E0AF32755096CEA6430ABA, 0E5D626F9F76C0BC63B2D246AD66D9CBF7D92F34B56398417BCFD0C331DBD282 ] WdNisDrv C:\WINDOWS\system32\Drivers\WdNisDrv.sys
22:16:19.0917 0x1428 WdNisDrv - ok
22:16:19.0933 0x1428 WdNisSvc - ok
22:16:19.0995 0x1428 [ 40F83492DB9ABBA59773A45FB487C8B2, 0D0DE0B0C9B929FEFD2674CCF17F5F2FC4B16EAB8E1981BBCE51B0305FD7D75E ] WebClient C:\WINDOWS\System32\webclnt.dll
22:16:20.0074 0x1428 WebClient - ok
22:16:20.0105 0x1428 [ 384E1D04FE20845B2559D292F17A9FA1, AD3B0B2B2219691AC30FEEC8AFDB3BBB74B51BB7D02038AE2B4DEA514E245315 ] Wecsvc C:\WINDOWS\system32\wecsvc.dll
22:16:20.0136 0x1428 Wecsvc - ok
22:16:20.0152 0x14bc Object send P2P result: true
22:16:20.0152 0x14bc Object required for P2P: [ 3CBE5047BB08BD363420D68364F9E829 ] AntiVirService
22:16:20.0167 0x1428 [ 455014F4E48B67EBE0F032E2B0E06BF2, A36435784A034B27056A0E606683A20C69F1B0AB2B6BAEDEAEAA190F6287CAEF ] WEPHOSTSVC C:\WINDOWS\system32\wephostsvc.dll
22:16:20.0183 0x1428 WEPHOSTSVC - ok
22:16:20.0230 0x1428 [ F13DBA57CEA9B7074B95EDCA6AD2635E, 1D9BA4841EF1343A5D9096B5FE27FC65DC1901D6683DD13516171638549666B5 ] wercplsupport C:\WINDOWS\System32\wercplsupport.dll
22:16:20.0261 0x1428 wercplsupport - ok
22:16:20.0277 0x1428 [ FD7E58B6AA3EABF2D12B9762A20E11E4, 4C5E2E246C5C70074866BB3DBC2AAF483ECE4345004CCB8D1FE285047268685D ] WerSvc C:\WINDOWS\System32\WerSvc.dll
22:16:20.0308 0x1428 WerSvc - ok
22:16:20.0339 0x1428 [ 715ABA3DD164D06457A2A3C92F6EA9D5, E6F8269D2FFC4A548B65724C0A3F53756ED15E47229861FBD40B656EE40FE166 ] WFPLWFS C:\WINDOWS\system32\DRIVERS\wfplwfs.sys
22:16:20.0355 0x1428 WFPLWFS - ok
22:16:20.0370 0x1428 [ 8C840E1FD7584E74BD0CC1EA581EC187, 148E534A94B4882E7396B13FABE17407802292E7890713540080D03D5629C81D ] WiaRpc C:\WINDOWS\System32\wiarpc.dll
22:16:20.0402 0x1428 WiaRpc - ok
22:16:20.0402 0x1428 [ 5F66B7BB330AA80067FC66149A692620, 92C5D7115A168A23108B65EEEB5FBA8FA43D781855355792596D2419160263C2 ] WIMMount C:\WINDOWS\system32\drivers\wimmount.sys
22:16:20.0417 0x1428 WIMMount - ok
22:16:20.0417 0x1428 WinDefend - ok
22:16:20.0480 0x1428 [ 10DAD6A7FC617A221313BD584E3C3A00, F139B878668ECF38FE59831E8595A207D5CEEE76C6FFDA8C9F735435E601A763 ] WinHttpAutoProxySvc C:\WINDOWS\system32\winhttp.dll
22:16:20.0511 0x1428 WinHttpAutoProxySvc - ok
22:16:20.0558 0x1428 [ FC8BD690321216C32BB58B035B6D5674, D61698DB19D9DB2593B60B6BA13F7B7735667206F41D751D507135469D6D3CDD ] Winmgmt C:\WINDOWS\system32\wbem\WMIsvc.dll
22:16:20.0605 0x1428 Winmgmt - ok
22:16:20.0683 0x1428 [ 75436315AA383CF527695C6D49D0CA59, E3D55F2ACBD45D4D031FA6CA799394459C89BE50FF6ADE4FE36F2CAB2D2E63D0 ] WinRM C:\WINDOWS\system32\WsmSvc.dll
22:16:20.0792 0x1428 WinRM - ok
22:16:20.0824 0x1428 [ 3AF1FA17F1C4ACBDB660D8F98B1A9C13, 99B0851410B462685F6705EBF832D10943FB9634030B02D15BF5D0C66F26F2C2 ] WinUsb C:\WINDOWS\System32\drivers\WinUsb.sys
22:16:20.0886 0x1428 WinUsb - ok
22:16:20.0949 0x1428 [ DC079BA8390089E4EBCA63D27EEA3ECB, 4D549217A68292E2B16C09FD9F84317011EE54A2DAF4E2AB85554267DF0D3249 ] WlanSvc C:\WINDOWS\System32\wlansvc.dll
22:16:21.0011 0x1428 WlanSvc - ok
22:16:21.0058 0x1428 [ 06BF5897949A8F24893F792E876B71F5, 9D3719492A86BF52A56E2EA798FD6FDB5862A03F6D360FCC4B0CEA9BE9792AE4 ] wlidsvc C:\WINDOWS\system32\wlidsvc.dll
22:16:21.0136 0x1428 wlidsvc - ok
22:16:21.0214 0x1428 [ 680A7846370000D20D7E74917D5B7936, 55B77B358039672845D361CA4205F3482D1F30A4654B610FD785A1337EFDC316 ] WmBEnum C:\WINDOWS\system32\drivers\WmBEnum.sys
22:16:21.0230 0x1428 WmBEnum - ok
22:16:21.0261 0x1428 [ 2834D9D3B4F554A39C72F00EA3F0E128, D10124343C67FE9A0B711AD569BB8080495FCEA0ECEF9AC3F3FBD6865F436A44 ] WmiAcpi C:\WINDOWS\System32\drivers\wmiacpi.sys
22:16:21.0292 0x1428 WmiAcpi - ok
22:16:21.0324 0x1428 [ B96F7A1236C3F21212DE2C40A3DDB005, 5A29EBB6DA036E303611EB1304192655021405BB05452FD37886DDE604FF0D9D ] wmiApSrv C:\WINDOWS\system32\wbem\WmiApSrv.exe
22:16:21.0355 0x1428 wmiApSrv - ok
22:16:21.0386 0x1428 WMPNetworkSvc - ok
22:16:21.0417 0x1428 [ 14802B3A30AA849C97CB968CCC813BF3, 330AD828ABD040ECDBF58F7162978CD61BFC093CAD404FD2BCAC74E3F2EC542A ] WmXlCore C:\WINDOWS\system32\drivers\WmXlCore.sys
22:16:21.0433 0x1428 WmXlCore - ok
22:16:21.0464 0x1428 [ 7FC5667DF73D4B04AA457CC3A4180E09, CB7B014945DCA16B6D120DBE0E5876C4C867A4ACD3C3536AEADC14B908613D4E ] Wof C:\WINDOWS\system32\drivers\Wof.sys
22:16:21.0480 0x1428 Wof - ok
22:16:21.0527 0x1428 [ 588040D595BBF0856CA1ADD941A8ED17, CBC92BB5453FE1BEA6F33239B7CE884F312559591383408EA5F95A006156C5D3 ] workfolderssvc C:\WINDOWS\system32\workfolderssvc.dll
22:16:21.0620 0x1428 workfolderssvc - ok
22:16:21.0652 0x1428 [ A2468CC3509394A33C4C32F99563D845, 62690C7D41F382DF74B8F4B942647842858E37DE35FF2DE028192E4D09ABB2C5 ] wpcfltr C:\WINDOWS\system32\DRIVERS\wpcfltr.sys
22:16:21.0667 0x1428 wpcfltr - ok
22:16:21.0699 0x1428 [ 19F4DF69876DA7E9C4965351560FE6B7, 127247A7964F55EE3AF842D25120F5ACD387632BEE2BF3D28FAC05840CEA19BA ] WPCSvc C:\WINDOWS\System32\wpcsvc.dll
22:16:21.0730 0x1428 WPCSvc - ok
22:16:21.0761 0x1428 [ 2ADE11F3D84709C5F6781E4C59F11683, F003C43396CF8FCF44EAB87583650DB4D2A233322D28D6A78D1694945D9073BB ] WPDBusEnum C:\WINDOWS\system32\wpdbusenum.dll
22:16:21.0792 0x1428 WPDBusEnum - ok
22:16:21.0824 0x1428 [ 9F2904B55F6CECCD1A8D986B5CE2609A, E19ED4DD3CEF3A22C058FC324824604FB3FC98A029C94E6C2A3389F938D680B6 ] WpdUpFltr C:\WINDOWS\system32\drivers\WpdUpFltr.sys
22:16:21.0824 0x1428 WpdUpFltr - ok
22:16:21.0839 0x1428 [ AE072B0339D0A18E455DC21666CAD572, AB1DAEA25E2C7AD610818D4B4783F6D4190D85EBB3963BBAD410E8CEA7899EDB ] ws2ifsl C:\WINDOWS\system32\drivers\ws2ifsl.sys
22:16:21.0870 0x1428 ws2ifsl - ok
22:16:21.0902 0x1428 [ 5596C0960ED6ED7494BF2A55DE428684, C95CF09A657F37F421CC80E16F2F95B8EC59A8D5D48F104551155EAC8E53DCB2 ] wscsvc C:\WINDOWS\System32\wscsvc.dll
22:16:21.0933 0x1428 wscsvc - ok
22:16:21.0933 0x1428 WSearch - ok
22:16:22.0058 0x1428 [ 6B2D71124C1EA86B74412F414C42431D, 078CC6C9667EF6BDA3E6900BC26A5A5B030CAA66928A6BBB7B7DC43C5C199EDC ] WSService C:\WINDOWS\System32\WSService.dll
22:16:22.0230 0x1428 WSService - ok
22:16:22.0417 0x1428 [ 4BD3138EF061E24F9FDC722B49274B40, F9339F6AA8822E5E1334E41BE4140F9E8E5B24D1CD85B4C746D714AFDD485B49 ] wuauserv C:\WINDOWS\system32\wuaueng.dll
22:16:22.0542 0x1428 wuauserv - ok
22:16:22.0589 0x1428 [ 481286719402E4BAEFEA0604AB1B5113, F3CF65DF2AB39F79AE4C1335831408418E40726706E0242677E8B96B0FAD988F ] WudfPf C:\WINDOWS\system32\drivers\WudfPf.sys
22:16:22.0636 0x1428 WudfPf - ok
22:16:22.0652 0x1428 [ D7B4859227B02BCC1055B279A63C937F, 82C99844CC596C2723523B1B98573488FF23337947B78AA04BA21E58394BB751 ] WUDFRd C:\WINDOWS\System32\drivers\WUDFRd.sys
22:16:22.0683 0x1428 WUDFRd - ok
22:16:22.0714 0x1428 [ 51D28F7F1F888DDCF2C67DCF3B79A5D3, 74FF2936AFCEB9A36175D5B00EB91A5AD614B52BE3FB3FA9B994A025A484D2B7 ] wudfsvc C:\WINDOWS\System32\WUDFSvc.dll
22:16:22.0745 0x1428 wudfsvc - ok
22:16:22.0761 0x1428 [ D7B4859227B02BCC1055B279A63C937F, 82C99844CC596C2723523B1B98573488FF23337947B78AA04BA21E58394BB751 ] WUDFWpdFs C:\WINDOWS\System32\drivers\WUDFRd.sys
22:16:22.0777 0x1428 WUDFWpdFs - ok
22:16:22.0792 0x1428 [ D7B4859227B02BCC1055B279A63C937F, 82C99844CC596C2723523B1B98573488FF23337947B78AA04BA21E58394BB751 ] WUDFWpdMtp C:\WINDOWS\System32\drivers\WUDFRd.sys
22:16:22.0808 0x1428 WUDFWpdMtp - ok
22:16:22.0839 0x1428 [ A0900F8F628B5AF6841414EB3CF11E50, 8A531F2472FF4B4D895D469D28C215C834ECADBEF539894B8F3F606079A86184 ] WwanSvc C:\WINDOWS\System32\wwansvc.dll
22:16:22.0870 0x1428 WwanSvc - ok
22:16:22.0870 0x1428 ================ Scan global ===============================
22:16:22.0917 0x1428 [ 05B08C20B8428ECE088CB5635696A48D, 471642A2D0E5C3BB235962FC8D86A49AC30D7DDE80B97E348425BBFCDE4DCDC3 ] C:\WINDOWS\system32\basesrv.dll
22:16:22.0964 0x1428 [ EAB311B0A7A8EA0346F14F08D4BC8F46, 11168E4074679F8A69DA714C0ABD0C68BA49D171B379343F14783C9C563202CA ] C:\WINDOWS\system32\winsrv.dll
22:16:22.0995 0x1428 [ 3600ED7EA8AED849E20700551C0BD63B, 4A8C346C1646E80B58EF93F87F915A41E05CA2E993BB1C96955AE62A0669AF66 ] C:\WINDOWS\system32\sxssrv.dll
22:16:23.0058 0x1428 [ E0C7813A97CA7947FF5C18A8F3B61A45, 083BB4F3B20419C87DB656F1465E5F782ACDE76838CDE6207F26AAD035C69DE0 ] C:\WINDOWS\system32\services.exe
22:16:23.0058 0x1428 [ Global ] - ok
22:16:23.0058 0x1428 ================ Scan MBR ==================================
22:16:23.0074 0x1428 [ 5FB38429D5D77768867C76DCBDB35194 ] \Device\Harddisk0\DR0
22:16:23.0152 0x1428 \Device\Harddisk0\DR0 - ok
22:16:23.0152 0x1428 ================ Scan VBR ==================================
22:16:23.0183 0x1428 [ DC434E4CE68371C0257562F10E59D8C1 ] \Device\Harddisk0\DR0\Partition1
22:16:23.0261 0x1428 \Device\Harddisk0\DR0\Partition1 - ok
22:16:23.0277 0x1428 [ 3BC3BBE85C5862F82D445926527DDE4A ] \Device\Harddisk0\DR0\Partition2
22:16:23.0324 0x1428 \Device\Harddisk0\DR0\Partition2 - ok
22:16:23.0339 0x1428 [ CA8623916A4A9F50086A957970977E6C ] \Device\Harddisk0\DR0\Partition3
22:16:23.0339 0x1428 \Device\Harddisk0\DR0\Partition3 - ok
22:16:23.0355 0x1428 [ B8242B121673FB16B11A4ACAA06AB030 ] \Device\Harddisk0\DR0\Partition4
22:16:23.0402 0x1428 \Device\Harddisk0\DR0\Partition4 - ok
22:16:23.0433 0x1428 [ 87A268C6BC6D4FEF3BA15752EDF2576D ] \Device\Harddisk0\DR0\Partition5
22:16:23.0464 0x1428 \Device\Harddisk0\DR0\Partition5 - ok
22:16:23.0480 0x1428 [ C4D051979BEA83FB73D0B79DEBB824B6 ] \Device\Harddisk0\DR0\Partition6
22:16:23.0527 0x1428 \Device\Harddisk0\DR0\Partition6 - ok
22:16:23.0542 0x1428 [ 0908369477BA8F33AB0078D8E3F402D8 ] \Device\Harddisk0\DR0\Partition7
22:16:23.0558 0x1428 \Device\Harddisk0\DR0\Partition7 - ok
22:16:23.0558 0x1428 ================ Scan generic autorun ======================
22:16:23.0589 0x1428 [ 96A1D93D16F959C6F5A63E749A9F2EF7, 9EDD4EEC5C625ECF4A1C82318ED6B74404E63A3D43312B53E4F627D76D47658C ] C:\Program Files\IDT\WDM\beats64.exe
22:16:23.0620 0x1428 BeatsOSDApp - detected UnsignedFile.Multi.Generic ( 1 )
22:16:23.0636 0x14bc Object send P2P result: true
22:16:23.0636 0x14bc Object required for P2P: [ CAA9D66CA6D21AF0AE7DA01D5AC6CC2F ] AntiVirWebService
22:16:26.0120 0x1428 Detect skipped due to KSN trusted
22:16:26.0120 0x1428 BeatsOSDApp - ok
22:16:26.0261 0x1428 [ CC450F79AC71C54FFE48527B9C547259, 8557B9B3E950498559DA2A0336D6BADDC2A63A862319DBDF831D1DDE112B06C1 ] C:\Users\Ulla & Christian\AppData\Roaming\OCS\SM\SearchAnonymizer.exe
22:16:26.0277 0x1428 Ocs_SM - detected UnsignedFile.Multi.Generic ( 1 )
22:16:27.0120 0x14bc Object send P2P result: true
22:16:27.0120 0x14bc Object required for P2P: [ 4764D299855174D6B5C7DA853B490029 ] avipbb
22:16:28.0777 0x1428 Detect skipped due to KSN trusted
22:16:28.0777 0x1428 Ocs_SM - ok
22:16:28.0839 0x1428 [ 2EA68E33DFF41A10F1BAB15FC3A28076, C971C009F36A87116FBE785E45EB7192EAD9BAF713C43C8A3AC643624144ECF9 ] C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
22:16:28.0855 0x1428 KiesTrayAgent - ok
22:16:28.0917 0x1428 [ 4A57AB2D5E3624D63E7F8854C79F3D8C, 2637E8933193F10BC8CD893EE0CCF7ABF7A7B32A2278EFE95D958FDAD3794696 ] C:\Program Files\IDT\WDM\sttray64.exe
22:16:28.0949 0x1428 SysTrayApp - detected UnsignedFile.Multi.Generic ( 1 )
22:16:30.0620 0x14bc Object send P2P result: true
22:16:30.0620 0x14bc Object required for P2P: [ E477AF94ACCCF99A0E56D71D450DCCCB ] avnetflt
22:16:31.0464 0x1428 Detect skipped due to KSN trusted
22:16:31.0464 0x1428 SysTrayApp - ok
22:16:31.0542 0x1428 [ 0E34B7BB1FCF22BCC1E394D16F9E992B, 382CA8E6BAC301E2F277F8EDA03D263FF71272796A8EED582C36294EEE9191F9 ] C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe
22:16:31.0558 0x1428 GrooveMonitor - ok
22:16:31.0667 0x1428 [ 5668994A6AE925189C7D7F03BFE19C66, 269146783422D06BE2BA5D358D22B03339C102D0D5970894625C9C03BFCCB773 ] C:\Program Files (x86)\Sicherheit-Ordnung\Avira\AntiVir Desktop\avgnt.exe
22:16:31.0699 0x1428 avgnt - ok
22:16:31.0824 0x1428 [ 07A37CB5C5A01E73FB69F138FAE2DB0E, 9E8B5D78D7EAB8FA35133763EDA91AFE5CDEE275D604F02CDB56FB00A0D5AA0F ] C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
22:16:31.0839 0x1428 Adobe ARM - ok
22:16:31.0870 0x1428 [ C8918EBDE8B9BA1C35F8030E7E8534D3, CFDF7B0592D290EC9F32B1A96283CA84D62E741E1B1B4C5CF3E0032EDB3D06DB ] C:\Program Files (x86)\Sophos\Sophos SSL VPN Client\bin\openvpn-gui.exe
22:16:31.0886 0x1428 openvpn-gui - ok
22:16:31.0949 0x1428 [ 20FFD9CA4AF20000665B73F4E56235B4, 35D3B37CA3C6D5D1C0ECC1428145C1D498C22C532CB37B5A8CD27CA71911FE7B ] C:\Program Files (x86)\Citrix\ICA Client\concentr.exe
22:16:31.0980 0x1428 ConnectionCenter - ok
22:16:32.0027 0x1428 [ 8FFDB89A0FB7C8ABC3A8825E38047341, B9107FAA3A885CD9A08C20F78D31C3642FA76812E417F41C4F2ADF7D90CA8C72 ] C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe
22:16:32.0058 0x1428 LWS - ok
22:16:32.0074 0x1428 [ 2EA68E33DFF41A10F1BAB15FC3A28076, C971C009F36A87116FBE785E45EB7192EAD9BAF713C43C8A3AC643624144ECF9 ] C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
22:16:32.0089 0x1428 KiesTrayAgent - ok
22:16:32.0292 0x1428 [ 7EE68A122ED08E4AAD8DA551E34D2515, B3C9AB270AF595D3DBAFBF4A312B96CBF00C16F0A03CCC86BE56825CD1EB7143 ] C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
22:16:32.0370 0x1428 SDTray - ok
22:16:32.0433 0x1428 [ 34D296AFC913E302953C70463EF09A48, BC413307CBC56C039EE8A05B51A56E14EF59678FBB33815AEB320078056C8CE7 ] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
22:16:32.0449 0x1428 HP Software Update - ok
22:16:32.0714 0x1428 [ FB5B78A3DE88FD3B725DA574497BC225, 0096C3ED0E29153E6A9E84C121B79A170FEDFE521AEA1BC602BC536E1795E5F3 ] C:\Program Files (x86)\Sicherheit-Ordnung\CCleaner64.exe
22:16:32.0980 0x1428 CCleaner Monitoring - ok
22:16:33.0152 0x1428 [ B1949628130F192DA27FDBAEA516BB6E, 13E5A2EBF0FDAB29CEA1E7FAEB3141233198D9A28353BDBB6FDB03602BE32AC6 ] C:\Program Files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe
22:16:33.0324 0x1428 Spybot-S&D Cleaning - ok
22:16:33.0433 0x1428 [ F51BB12D8977D26C1A4CDA348770D9F1, DDA35CD8F8A6591B83821B5180D457740E0B820CCE000BC7FB1B78FB4AEAD3BA ] C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe
22:16:33.0464 0x1428 SpybotPostWindows10UpgradeReInstall - detected UnsignedFile.Multi.Generic ( 1 )
22:16:34.0120 0x14bc Object send P2P result: true
22:16:35.0980 0x1428 Detect skipped due to KSN trusted
22:16:35.0980 0x1428 SpybotPostWindows10UpgradeReInstall - ok
22:16:35.0980 0x1428 Waiting for KSN requests completion. In queue: 12
22:16:36.0995 0x1428 Waiting for KSN requests completion. In queue: 12
22:16:38.0011 0x1428 Waiting for KSN requests completion. In queue: 12
22:16:39.0120 0x1428 AV detected via SS2: Avira Antivirus, C:\Program Files (x86)\Sicherheit-Ordnung\Avira\AntiVir Desktop\wsctool.exe ( 15.0.15.106 ), 0x41000 ( enabled : updated )
22:16:39.0120 0x1428 AV detected via SS2: Windows Defender, C:\Program Files\Windows Defender\MSASCui.exe ( 4.8.207.0 ), 0x60100 ( disabled : updated )
22:16:39.0183 0x1428 Win FW state via NFP2: enabled ( trusted )
22:16:41.0714 0x1428 ============================================================
22:16:41.0714 0x1428 Scan finished
22:16:41.0714 0x1428 ============================================================
22:16:41.0730 0x0148 Detected object count: 0
22:16:41.0730 0x0148 Actual detected object count: 0
Grüße Christian |
|
02.12.2015, 11:45
| #6 |
| | Virus hängt an alle Dateien .vvv ich noch mal. Irgendwas ist noch da. Beim Neustart kommt automatisch das: Code:
ATTFilter ________________________1234____________________________________-
What happened to your files ?
All of your files were protected by a strong encryption with RSA-2048.
More information about the encryption keys using RSA-2048 can be found here: hxxp://en.wikipedia.org/wiki/RSA_(cryptosystem)
What does this mean ?
This means that the structure and data within your files have been irrevocably changed, you will not be able to work with them, read them or see them,
it is the same thing as losing them forever, but with our help, you can restore them.
How did this happen ?
Especially for you, on our server was generated the secret key pair RSA-2048 - public and private.
All your files were encrypted with the public key, which has been transferred to your computer via the Internet.
Decrypting of your files is only possible with the help of the private key and decrypt program, which is on our secret server.
What do I do ?
________________________1234____________________________________
Alas, if you do not take the necessary measures for the specified time then the conditions for obtaining the private key will be changed.
If you really value your data, then we suggest you do not waste valuable time searching for other solutions because they do not exist.
________________________1234____________________________________
For more specific instructions, please visit your personal home page, there are a few different addresses pointing to your page below:
1. hxxp://gfhshhf.home7dfg4.com/AEF8A5E235723E8F
2. hxxp://td63hftt.buwve5ton2.com/AEF8A5E235723E8F
3. https://tw7kaqthui5ojcez.onion.to/AEF8A5E235723E8F
If for some reasons the addresses are not available, follow these steps:
1. Download and install tor-browser: hxxp://www.torproject.org/projects/torbrowser.html.en
2. After a successful installation, run the browser and wait for initialization.
3. Type in the address bar: tw7kaqthui5ojcez.onion/AEF8A5E235723E8F
4. Follow the instructions on the site.
IMPORTANT INFORMATION:
Your personal pages:
hxxp://gfhshhf.home7dfg4.com/AEF8A5E235723E8F
hxxp://td63hftt.buwve5ton2.com/AEF8A5E235723E8F
https://tw7kaqthui5ojcez.onion.to/AEF8A5E235723E8F
Your personal page (using TOR-Browser): tw7kaqthui5ojcez.onion/AEF8A5E235723E8F
Your personal identification number (if you open the site (or TOR-Browser's) directly): AEF8A5E235723E8F
Grüße Christian das obige Problem scheint gelöst. Ich habe die Autostart/Word und Excel bereinigt. Eine neu erstellte Excel-Datei ist bis jetzt nicht wieder befallen worden und kann uneingeschränkt genutzt werden. Ich hoffe, dass das so bleibt und sich nicht noch irgendwo ein "Schläfer" versteckt hält. |
|
03.12.2015, 15:36
| #7 |
| /// the machine /// TB-Ausbilder | Virus hängt an alle Dateien .vvv Downloade Dir bitte  Malwarebytes Anti-Malware
Downloade Dir bitte  AdwCleaner auf deinen Desktop.
Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
und ein frisches FRST log bitte.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
04.12.2015, 21:03
| #8 |
| | Virus hängt an alle Dateien .vvv Hallo, hier die Datei von MBAM Code:
ATTFilter # AdwCleaner v5.023 - Bericht erstellt am 04/12/2015 um 20:36:46
# Aktualisiert am 30/11/2015 von Xplode
# Datenbank : 2015-12-03.1 [Server]
# Betriebssystem : Windows 8.1 (x64)
# Benutzername : Ulla & Christian - PC
# Gestartet von : C:\Users\Ulla & Christian\Downloads\AdwCleaner_5.023.exe
# Option : Löschen
# Unterstützung : hxxp://toolslib.net/forum
***** [ Dienste ] *****
***** [ Ordner ] *****
[-] Ordner Gelöscht : C:\Program Files (x86)\myfree codec
[-] Ordner Gelöscht : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\myfree codec
[#] Ordner Gelöscht : C:\Users\Jan\AppData\Roaming\Mozilla\Firefox\Profiles\7tneikau.default\Extensions\staged\firefoxmini@go.im.xpi
[-] Ordner Gelöscht : C:\Users\Ulla & Christian\AppData\Roaming\DesktopIconForAmazon
[-] Ordner Gelöscht : C:\Users\Ulla & Christian\AppData\Roaming\OCS
***** [ Dateien ] *****
***** [ DLLs ] *****
***** [ Verknüpfungen ] *****
[-] Verknüpfung Desinfiziert : C:\Users\Ulla & Christian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WorldofTanks\WorldofTanks.lnk
[-] Verknüpfung Desinfiziert : C:\Users\Ulla & Christian\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\WorldofTanks.lnk
***** [ Aufgabenplanung ] *****
[-] Aufgabenplanung Gelöscht : WOT N
[-] Aufgabenplanung Gelöscht : WOT T
***** [ Registrierungsdatenbank ] *****
[-] Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Prod.cap
[-] Schlüssel Gelöscht : HKCU\Software\5f2dedae73ee414
[-] Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{4D076AB4-7562-427A-B5D2-BD96E19DEE56}
[-] Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556}
[-] Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{5C3B5DAA-0AFF-4808-90FB-0F2F2D760E36}
[-] Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{021B4049-F57D-4565-A693-FD3B04786BFA}
[-] Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{0362AA09-808D-48E9-B360-FB51A8CBCE09}
[-] Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{06844020-CD0B-3D3D-A7FE-371153013E49}
[-] Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{0ADC01BB-303B-3F8E-93DA-12C140E85460}
[-] Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{10D3722F-23E6-3901-B6C1-FF6567121920}
[-] Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{1675E62B-F911-3B7B-A046-EB57261212F3}
[-] Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{192929F2-9273-3894-91B0-F54671C4C861}
[-] Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{2932897E-3036-43D9-8A64-B06447992065}
[-] Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{2DE92D29-A042-3C37-BFF8-07C7D8893EFA}
[-] Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{32B80AD6-1214-45F4-994E-78A5D482C000}
[-] Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{3A8E103F-B2B7-3BEF-B3B0-88E29B2420E4}
[-] Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{478CE5D3-D38E-3FFE-8DBE-8C4A0F1C4D8D}
[-] Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{48B7DA4E-69ED-39E3-BAD5-3E3EFF22CFB0}
[-] Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{5982F405-44E4-3BBB-BAC4-CF8141CBBC5C}
[-] Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{5D8C3CC3-3C05-38A1-B244-924A23115FE9}
[-] Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{641593AF-D9FD-30F7-B783-36E16F7A2E08}
[-] Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE}
[-] Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{711FC48A-1356-3932-94D8-A8B733DBC7E4}
[-] Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{72227B7F-1F02-3560-95F5-592E68BACC0C}
[-] Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{7B5E8CE3-4722-4C0E-A236-A6FF731BEF37}
[-] Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{890D4F59-5ED0-3CB4-8E0E-74A5A86E7ED0}
[-] Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{8C68913C-AC3C-4494-8B9C-984D87C85003}
[-] Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{8D019513-083F-4AA5-933F-7D43A6DA82C4}
[-] Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{923F6FB8-A390-370E-A0D2-DD505432481D}
[-] Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{9BBB26EF-B178-35D6-9D3D-B485F4279FE5}
[-] Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{A62DDBE0-8D2A-339A-B089-8CBCC5CD322A}
[-] Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{A82AD04D-0B8E-3A49-947B-6A69A8A9C96D}
[-] Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{ADEB3CC9-A05D-4FCC-BD09-9025456AA3EA}
[-] Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{B06D4521-D09C-3F41-8E39-9D784CCA2A75}
[-] Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{C06DAD42-6F39-4CE1-83CC-9A8B9105E556}
[-] Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{C2E799D0-43A5-3477-8A98-FC5F3677F35C}
[-] Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{D16107CD-2AD5-46A8-BA59-303B7C32C500}
[-] Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{D25B101F-8188-3B43-9D85-201F372BC205}
[-] Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{D2BA7595-5E44-3F1E-880F-03B3139FA5ED}
[-] Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{D35F5C81-17D9-3E1C-A1FC-4472542E1D25}
[-] Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{D8FA96CA-B250-312C-AF34-4FF1DD72589D}
[-] Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{DAFC1E63-3359-416D-9BC2-E7DCA6F7B0F3}
[-] Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{DC5E5C44-80FD-3697-9E65-9F286D92F3E7}
[-] Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{E1B4C9DE-D741-385F-981E-6745FACE6F01}
[-] Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{E7B623F5-9715-3F9F-A671-D1485A39F8A2}
[-] Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{ED916A7B-7C68-3198-B87D-2DABC30A5587}
[-] Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{EFA1BDB2-BB3D-3D9A-8EB5-D0D22E0F64F4}
[-] Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{F4CBF4DD-F8FE-35BA-BB7E-68304DAAB70B}
[-] Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{FC32005D-E27C-32E0-ADFA-152F598B75E7}
[-] Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{94952EC4-DB66-3F32-BE4C-F0BB875EA98E}
[-] Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{11549FE4-7C5A-4C17-9FC3-56FC5162A994}
[-] Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{2BF2028E-3F3C-4C05-AB45-B2F1DCFE0759}
[-] Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{DB538320-D3C5-433C-BCA9-C4081A054FCF}
[-] Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{405592DC-1E4A-47F9-9C3C-DCCC346655FD}
[-] Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID [{58124A0B-DC32-4180-9BFF-E0E21AE34026}]
[-] Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID [{977AE9CC-AF83-45E8-9E03-E2798216E2D5}]
[-] Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID [{A09AB6EB-31B5-454C-97EC-9B294D92EE2A}]
[-] Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{021B4049-F57D-4565-A693-FD3B04786BFA}
[-] Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{0362AA09-808D-48E9-B360-FB51A8CBCE09}
[-] Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{06844020-CD0B-3D3D-A7FE-371153013E49}
[-] Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{0ADC01BB-303B-3F8E-93DA-12C140E85460}
[-] Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{10D3722F-23E6-3901-B6C1-FF6567121920}
[-] Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{1675E62B-F911-3B7B-A046-EB57261212F3}
[-] Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{192929F2-9273-3894-91B0-F54671C4C861}
[-] Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{2932897E-3036-43D9-8A64-B06447992065}
[-] Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{2DE92D29-A042-3C37-BFF8-07C7D8893EFA}
[-] Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{32B80AD6-1214-45F4-994E-78A5D482C000}
[-] Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{3A8E103F-B2B7-3BEF-B3B0-88E29B2420E4}
[-] Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{478CE5D3-D38E-3FFE-8DBE-8C4A0F1C4D8D}
[-] Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{48B7DA4E-69ED-39E3-BAD5-3E3EFF22CFB0}
[-] Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{5982F405-44E4-3BBB-BAC4-CF8141CBBC5C}
[-] Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{5D8C3CC3-3C05-38A1-B244-924A23115FE9}
[-] Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{641593AF-D9FD-30F7-B783-36E16F7A2E08}
[-] Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE}
[-] Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{711FC48A-1356-3932-94D8-A8B733DBC7E4}
[-] Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{72227B7F-1F02-3560-95F5-592E68BACC0C}
[-] Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{7B5E8CE3-4722-4C0E-A236-A6FF731BEF37}
[-] Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{890D4F59-5ED0-3CB4-8E0E-74A5A86E7ED0}
[-] Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{8C68913C-AC3C-4494-8B9C-984D87C85003}
[-] Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{8D019513-083F-4AA5-933F-7D43A6DA82C4}
[-] Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{923F6FB8-A390-370E-A0D2-DD505432481D}
[-] Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{9BBB26EF-B178-35D6-9D3D-B485F4279FE5}
[-] Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{A62DDBE0-8D2A-339A-B089-8CBCC5CD322A}
[-] Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{A82AD04D-0B8E-3A49-947B-6A69A8A9C96D}
[-] Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{ADEB3CC9-A05D-4FCC-BD09-9025456AA3EA}
[-] Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{B06D4521-D09C-3F41-8E39-9D784CCA2A75}
[-] Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{C06DAD42-6F39-4CE1-83CC-9A8B9105E556}
[-] Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{C2E799D0-43A5-3477-8A98-FC5F3677F35C}
[-] Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{D16107CD-2AD5-46A8-BA59-303B7C32C500}
[-] Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{D25B101F-8188-3B43-9D85-201F372BC205}
[-] Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{D2BA7595-5E44-3F1E-880F-03B3139FA5ED}
[-] Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{D35F5C81-17D9-3E1C-A1FC-4472542E1D25}
[-] Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{D8FA96CA-B250-312C-AF34-4FF1DD72589D}
[-] Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{DAFC1E63-3359-416D-9BC2-E7DCA6F7B0F3}
[-] Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{DC5E5C44-80FD-3697-9E65-9F286D92F3E7}
[-] Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{E1B4C9DE-D741-385F-981E-6745FACE6F01}
[-] Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{E7B623F5-9715-3F9F-A671-D1485A39F8A2}
[-] Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{ED916A7B-7C68-3198-B87D-2DABC30A5587}
[-] Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{EFA1BDB2-BB3D-3D9A-8EB5-D0D22E0F64F4}
[-] Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{F4CBF4DD-F8FE-35BA-BB7E-68304DAAB70B}
[-] Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{FC32005D-E27C-32E0-ADFA-152F598B75E7}
[-] Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{94952EC4-DB66-3F32-BE4C-F0BB875EA98E}
[-] Schlüssel Gelöscht : HKCU\Software\Myfree Codec
[-] Schlüssel Gelöscht : HKCU\Software\OCS
[-] Schlüssel Gelöscht : HKCU\Software\Softonic
[-] Schlüssel Gelöscht : HKLM\SOFTWARE\Myfree Codec
[-] Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\{206a7328-437f-4bd9-b53e-12bfee24d588}
[-] Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\WorldofTanks
[-] Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\MyFreeCodec
[-] Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{1837A345-0C6D-42AE-ACD6-6C4F5FF490BA}
[-] Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SearchTheWebARP
[-] Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Your Software Deals_is1
[-] Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DesktopIconAmazon
[-] Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SearchAnonymizer
[-] Schlüssel Gelöscht : HKU\S-1-5-21-3876800203-89553269-3656360523-1003-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0\Software\Myfree Codec
[-] Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Installer\UpgradeCodes\F1057DD419AED0B468AD8888429E139A
[-] Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0238BBE24EA3A70408B81E4BB89C15E5
[-] Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0702826FCAC36EE52AC0441EEEEE2170
[-] Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1198E28F40C3E185E9958608554D4253
[-] Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\14C66209FCA938858B9729645C666684
[-] Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\15A073601B9AEC3549BE4A9314794615
[-] Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1F7C80F9CE5CDF44E9AADDC99402534C
[-] Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\206AF45B775E3A445B3B2273827DA85F
[-] Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\225C3CBCEB850204D860A6C7CC7724AF
[-] Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2310FC151CD4F185798FA0996B3524D7
[-] Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\28572D2E2DE533256AC6B560EA573C22
[-] Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\29799DE249E7DBC459FC6C8F07EB8375
[-] Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\29C79786B109AC443B0DC7BFD61B1896
[-] Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2ABB56EABB920EB59B04BDDD26A62083
[-] Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2DABA02DFED47E352A2FA2EBDD6F6187
[-] Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\311567B4A9A002050BB9423FD73FB880
[-] Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\373FCED70D7F84E5FB5F3F7B76BEE024
[-] Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\3BE992C130B235E53A2937391FDCA35B
[-] Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\3DA5F64B3483DE549947A9164ACBAD21
[-] Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\3ED93605BB9B6635E9D0D86615AF31F1
[-] Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\43C098337DB065A49B665D4EA7F16D1C
[-] Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\4759B017032BA185F9BA6F7DBC95A2D4
[-] Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\4A78ABCBB54E46E5482A3EE0AD66C39E
[-] Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\4F9E947B6B895EB5A86757FC5D3DB862
[-] Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\4FEEA83BF72B97E43A2DF0EE4BE4F261
[-] Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\509EC7EFB89B7D942997574AB14037A4
[-] Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\50A730A9A3A61BF5BA70CA8A3B7C133B
[-] Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\51A95A1D4CDE4F958A9451FBB39BF54A
[-] Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\536133807DE80465BA6CD0A9742B7DE5
[-] Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\5E25036E68895D45B95E72D1C3C58C74
[-] Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\60ECC80C54085B141A40437A96CA2618
[-] Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\60FD8CD5BE007315CA3B5C7E41F24017
[-] Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\618E7D05458C4F257909ED9C8CDC0D66
[-] Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\621C21014D3C152529E2460FA6304EE3
[-] Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6241FF6F317CABD4EBBEE0DE9076BD94
[-] Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\636B9C23C79154B57AB561F39A139BFD
[-] Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\65AAF0F0CB7F0B45F900FDF19CEAAF2B
[-] Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6879A5E348601C45986308CA84958E94
[-] Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6A6F3B7A9805E1F5492A1020EEDF2341
[-] Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6B1F5D204E4EEB342A5AD1D7E60D61BF
[-] Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7005A2A4DCF9DD7548137AB17E3A3AF3
[-] Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\712EAF07EE73CC65C822CC3BAE3B2483
[-] Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\75FF6D97AF9FC004A9521D4B83FA6321
[-] Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7947B301B2446E752A3FE06EAD7D26B5
[-] Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7987CE52D13E16258B0E1E3DB1BB0974
[-] Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7BEED197C514FDA53901AE8DD8EF0891
[-] Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7DFDCF03D46C34159BDE29FBDBF1ACF5
[-] Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\87EC9ACEAFE8ECD52A529663CD35213F
[-] Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\890F436B85B790A55A582B7307DA12CE
[-] Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\8C13DA6755F685B529615C8E92B3CA39
[-] Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\8D07CD9CB3E6BE652872BF06A1CCA782
[-] Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\90841B1FC98200349925C88999866F17
[-] Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\94194FDD4DF523E53A888D65722A135D
[-] Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\95266D07D008D2E4E9B6F8E0DD15432A
[-] Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A4223BBC9438CAD49BBE10B4E344B1DD
[-] Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A71991503412AEB42838B02C5ED9F9CD
[-] Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A72F23B1D745C27508518132197BC982
[-] Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A89E2B6FB14D8275DA63D075171DA184
[-] Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A9C43CD4001E9E4518B274AF9A0EFDA9
[-] Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\AABA081CF7F19915FBB80B3BAF47CE63
[-] Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\AC2A0FFD0A1686D53A4E24D6E96949E4
[-] Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\AE5BDB2750259915D8442D4591A7717B
[-] Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B1A79C71D5DC1C150B76B6ED11195DFC
[-] Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B6D497DB33974935488761F7C4C3D755
[-] Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B752EF3300008394886C402CC27B474F
[-] Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B8C8BCC1206978D51A8B9EECBF806C53
[-] Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BAD3576CEA646895B962F94754612791
[-] Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BB4091512C8F4295E99CE2D061ED2020
[-] Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BEE6BBC9A31531F598794A62120B51C7
[-] Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\C19162788CA4D235E829F88E2F771567
[-] Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\C71F07DA356B66B5484A8E7F2ADEB7DC
[-] Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\C96AD15EE8E887B56BAF2136A9088503
[-] Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\C9E6B66ECC49D155888399C51D05C49E
[-] Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\CA360F24F0B214744BE40657FDA0B727
[-] Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\CB13D869D7D092348847B7481BB59E27
[-] Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\CE85F265816AE2D4E9B73C3E207E679C
[-] Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D5389AEEA4A1E20428D045E86BCF643B
[-] Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D5B62BB7BC607FB539585E2B7B6AFD16
[-] Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DB027F01D4D53765C8E4FBE7DB77E07E
[-] Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DC2EB492393411F5ABE8ED13C59FBF20
[-] Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DDA2534BD056D1F44B6EC96AAA7F1F6E
[-] Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DDCA763D4C48A105086B4CCCEE78043F
[-] Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DEF7558C7CD27EF46AF802AFBE402675
[-] Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E05B987540A9E2849AAF9E5B06C27DA8
[-] Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E09F4A6B9D2A08B599AE9E38BFC93CD6
[-] Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E27B6535D0D94A24E91047C7D86F27BC
[-] Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E45D171E075A5425CBACF6631A45FA39
[-] Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E513C2076D90AD04F888BD762143F191
[-] Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E8F4C985459564F5B8DCFF2B3C7EBD27
[-] Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E96E33222BAC06B57A1FA9D72951C945
[-] Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\EAA46CE9007F70A5CAFA5F26E5DDEBE5
[-] Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\EE43FF091A8714A599F33EF2533FB59A
[-] Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\EE790015CF30DAA569960905FF1651A0
[-] Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\EEB44C47185BD304D80FDF5A4BBE8F54
[-] Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F214EB834D2EC474CA76C1CDE306CF3A
[-] Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F25491036D0FA5D5FA6742F5742F151A
[-] Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F2E0D3DD9E5E4B74CA43BCE77815E287
[-] Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F4D1BA8B482D9734E943EE260A7ADEF2
[-] Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F6704141BAAF6884785EC6843143D6A7
[-] Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F7507D4D4C310125E9A22BD909A41FB6
[-] Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F7652513C62FF63448CFF05163719DB7
[-] Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F79C21D785419125595AC59458A6142D
[-] Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\FA15C90F092A60F53A4E0F88CED02968
[-] Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\FA1CF130B3D58B553833ACB6BE8AFAD4
[-] Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\FB0F1A18E4F0DBD509A42F4D4C05C02A
[-] Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\FD17ED194F1C2B457B4F6EF4AE8DEAF3
[-] Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\18C9E3869A16248439FE3FF9EB02207A
[-] Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\5D8011310B2622942868A458964FFDC5
[-] Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6C63F7979DCC2154CB9591969A5CB89D
[-] Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6DD31E6C1A73B334383DF186676F4D20
[-] Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\AB3204F747B20694B8D49EF92D8DC94B
[-] Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\C81E33A400B6F814E90C7A3354E2A3A5
[-] Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\EDBF68C5F16790341B7C6FD7C7F8E4FC
[-] Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\FFA531D0F3A71504DA7AC6A11CE33739
[-] Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\F1057DD419AED0B468AD8888429E139A
[-] Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0376A5AC-5698-4CFB-BF5B-1A12FE88CE17}
[-] Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{2B9277F9-9AFF-4BE1-8D9F-5C47ACDE8AF9}
[-] Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{471E55EA-5870-4D06-85B1-087E723116A4}
[-] Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{68DA0295-7A32-4CC5-A929-A2513D7186F0}
[-] Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{B52B0020-6410-4905-8380-4EED9883BE80}
[-] Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}
***** [ Internetbrowser ] *****
[-] [C:\Users\Ulla & Christian\AppData\Roaming\Mozilla\Firefox\Profiles\7shvkqc1.default\prefs.js] [Preference] Gelöscht : user_pref("iminent.LayoutId", "1");
[-] [C:\Users\Ulla & Christian\AppData\Roaming\Mozilla\Firefox\Profiles\7shvkqc1.default\prefs.js] [Preference] Gelöscht : user_pref("iminent.ShowThankyouPixel", "0");
[-] [C:\Users\Ulla & Christian\AppData\Roaming\Mozilla\Firefox\Profiles\7shvkqc1.default\prefs.js] [Preference] Gelöscht : user_pref("iminent._oaZGabJJ8Q_", "{\"cpt\":0,\"cpr\":0,\"s\":0,\"es\":3}");
[-] [C:\Users\Ulla & Christian\AppData\Roaming\Mozilla\Firefox\Profiles\7shvkqc1.default\prefs.js] [Preference] Gelöscht : user_pref("iminent.adapters", "{\"get3.adobe.com\":{\"CountryCode\":\"DE\",\"NoAds\":false,\"Status\":2,\"AdapterKey\":\"default_adapter\",\"v\":true,\"p\":0,\"t\":1,\"th\":1.1,\"expireTime\":\"140891[...]
[-] [C:\Users\Ulla & Christian\AppData\Roaming\Mozilla\Firefox\Profiles\7shvkqc1.default\prefs.js] [Preference] Gelöscht : user_pref("iminent.externalScripts", "{\"value\":[{\"addonUid\":\"b7110a40-a16f-4a12-a411-bd0b6014905a\",\"name\":\"Superfish\",\"addonId\":2,\"url\":\"//www.superfish.com/ws/sf_main.jsp\",\"queryStri[...]
[-] [C:\Users\Ulla & Christian\AppData\Roaming\Mozilla\Firefox\Profiles\7shvkqc1.default\prefs.js] [Preference] Gelöscht : user_pref("iminent.externalScripts.iRobinHood.IROBPKG", "{\"pkgid\":\"wrPCtMK3wrHCtMK4wrbCtcK0\",\"raw_pkgid\":\"256059745\"}");
[-] [C:\Users\Ulla & Christian\AppData\Roaming\Mozilla\Firefox\Profiles\7shvkqc1.default\prefs.js] [Preference] Gelöscht : user_pref("iminent.externalScripts.iRobinHood.irobsettings2", "[{\"ALERT_MESSAGES\":1,\"Analytics_code\":\"\",\"APPROVE_STRIP_COLOR\":\"4BBA42 \",\"CHARITY_URL\":\"hxxp://iminent.donation-tools.org[...]
[-] [C:\Users\Ulla & Christian\AppData\Roaming\Mozilla\Firefox\Profiles\7shvkqc1.default\prefs.js] [Preference] Gelöscht : user_pref("iminent.externalScripts.iRobinHood.menuURL", "hxxp://iminent.donation-tools.org/home.aspx?pkgId=wrPCtMK3wrHCtMK4wrbCtcK0");
[-] [C:\Users\Ulla & Christian\AppData\Roaming\Mozilla\Firefox\Profiles\7shvkqc1.default\prefs.js] [Preference] Gelöscht : user_pref("iminent.registerToolbarEvent102", "1416262758803");
[-] [C:\Users\Ulla & Christian\AppData\Roaming\Mozilla\Firefox\Profiles\7shvkqc1.default\prefs.js] [Preference] Gelöscht : user_pref("iminent.registerToolbarEvent109", "1416170232538");
[-] [C:\Users\Ulla & Christian\AppData\Roaming\Mozilla\Firefox\Profiles\7shvkqc1.default\prefs.js] [Preference] Gelöscht : user_pref("iminent.registerToolbarEvent110", "1414520649129");
[-] [C:\Users\Ulla & Christian\AppData\Roaming\Mozilla\Firefox\Profiles\7shvkqc1.default\prefs.js] [Preference] Gelöscht : user_pref("iminent.registerToolbarEvent111", "1416170231631");
[-] [C:\Users\Ulla & Christian\AppData\Roaming\Mozilla\Firefox\Profiles\7shvkqc1.default\prefs.js] [Preference] Gelöscht : user_pref("iminent.registerToolbarEvent112", "1416170232608");
[-] [C:\Users\Ulla & Christian\AppData\Roaming\Mozilla\Firefox\Profiles\7shvkqc1.default\prefs.js] [Preference] Gelöscht : user_pref("iminent.registerToolbarEvent122", "1416170232705");
[-] [C:\Users\Ulla & Christian\AppData\Roaming\Mozilla\Firefox\Profiles\7shvkqc1.default\prefs.js] [Preference] Gelöscht : user_pref("iminent.registerToolbarEvent136", "1414609195025");
[-] [C:\Users\Ulla & Christian\AppData\Roaming\Mozilla\Firefox\Profiles\7shvkqc1.default\prefs.js] [Preference] Gelöscht : user_pref("iminent.registerToolbarEvent140", "1416259266190");
[-] [C:\Users\Ulla & Christian\AppData\Roaming\Mozilla\Firefox\Profiles\7shvkqc1.default\prefs.js] [Preference] Gelöscht : user_pref("iminent.trackExternalScripts12", "1415310470837");
[-] [C:\Users\Ulla & Christian\AppData\Roaming\Mozilla\Firefox\Profiles\7shvkqc1.default\prefs.js] [Preference] Gelöscht : user_pref("iminent.trackExternalScripts14", "1415278245956");
[-] [C:\Users\Ulla & Christian\AppData\Roaming\Mozilla\Firefox\Profiles\7shvkqc1.default\prefs.js] [Preference] Gelöscht : user_pref("iminent.trackExternalScripts15", "1415309653277");
[-] [C:\Users\Ulla & Christian\AppData\Roaming\Mozilla\Firefox\Profiles\7shvkqc1.default\prefs.js] [Preference] Gelöscht : user_pref("iminent.trackExternalScripts16", "1415226049923");
[-] [C:\Users\Ulla & Christian\AppData\Roaming\Mozilla\Firefox\Profiles\7shvkqc1.default\prefs.js] [Preference] Gelöscht : user_pref("iminent.trackExternalScripts2", "1415226048960");
[-] [C:\Users\Ulla & Christian\AppData\Roaming\Mozilla\Firefox\Profiles\7shvkqc1.default\prefs.js] [Preference] Gelöscht : user_pref("iminent.trackExternalScripts3", "1415226049499");
[-] [C:\Users\Ulla & Christian\AppData\Roaming\Mozilla\Firefox\Profiles\7shvkqc1.default\prefs.js] [Preference] Gelöscht : user_pref("iminent.trackExternalScripts5", "1415226049606");
[-] [C:\Users\Ulla & Christian\AppData\Roaming\Mozilla\Firefox\Profiles\7shvkqc1.default\prefs.js] [Preference] Gelöscht : user_pref("iminent.trackExternalScripts6", "1415309640296");
[-] [C:\Users\Ulla & Christian\AppData\Roaming\Mozilla\Firefox\Profiles\7shvkqc1.default\prefs.js] [Preference] Gelöscht : user_pref("iminent.trackExternalScripts7", "1415226049713");
[-] [C:\Users\Ulla & Christian\AppData\Roaming\Mozilla\Firefox\Profiles\7shvkqc1.default\prefs.js] [Preference] Gelöscht : user_pref("iminent.trackExternalScripts8", "1415226049814");
[-] [C:\Users\Ulla & Christian\AppData\Roaming\Mozilla\Firefox\Profiles\7shvkqc1.default\prefs.js] [Preference] Gelöscht : user_pref("iminent.trackExternalScripts9", "1415309652970");
[-] [C:\Users\Ulla & Christian\AppData\Roaming\Mozilla\Firefox\Profiles\7shvkqc1.default\prefs.js] [Preference] Gelöscht : user_pref("iminent.trackingInfo", "{\"state\":0,\"samplingRate\":0}");
[-] [C:\Users\Ulla & Christian\AppData\Roaming\Mozilla\Firefox\Profiles\7shvkqc1.default\prefs.js] [Preference] Gelöscht : user_pref("iminent.version", "8.45.2.1");
[-] [C:\Users\Ulla & Christian\AppData\Roaming\Mozilla\Firefox\Profiles\7shvkqc1.default\prefs.js] [Preference] Gelöscht : user_pref("iminent.versioning", "{\"CurrentVersion\":\"8.45.2.1\",\"InstallEventCTime\":1416178805692,\"InstallEvent\":\"True\"}");
[-] [C:\Users\Jan\AppData\Roaming\Mozilla\Firefox\Profiles\7tneikau.default\prefs.js] [Preference] Gelöscht : user_pref("iminent._oaZGabJJ8Q_", "{\"cpt\":0,\"cpr\":0,\"s\":0,\"es\":3}");
[-] [C:\Users\Jan\AppData\Roaming\Mozilla\Firefox\Profiles\7tneikau.default\prefs.js] [Preference] Gelöscht : user_pref("iminent.adapters", "{\"www.google.de\":{\"CountryCode\":\"DE\",\"NoAds\":false,\"Status\":1,\"AdapterKey\":\"google\",\"v\":true,\"p\":0,\"t\":1,\"th\":1.1,\"expireTime\":\"1409337617899864[...]
[-] [C:\Users\Jan\AppData\Roaming\Mozilla\Firefox\Profiles\7tneikau.default\prefs.js] [Preference] Gelöscht : user_pref("iminent.registerToolbarEvent102", "1409337619205");
[-] [C:\Users\Jan\AppData\Roaming\Mozilla\Firefox\Profiles\7tneikau.default\prefs.js] [Preference] Gelöscht : user_pref("iminent.trackingInfo", "{\"state\":0,\"samplingRate\":0}");
[-] [C:\Users\Jan\AppData\Roaming\Mozilla\Firefox\Profiles\7tneikau.default\prefs.js] [Preference] Gelöscht : user_pref("iminent.version", "8.31.1.1");
[-] [C:\Users\Jan\AppData\Roaming\Mozilla\Firefox\Profiles\7tneikau.default\prefs.js] [Preference] Gelöscht : user_pref("iminent.versioning", "{\"CurrentVersion\":\"8.31.1.1\",\"InstallEventCTime\":1409337604546,\"InstallEvent\":\"True\"}");
[-] [C:\Users\Jan\AppData\Roaming\Mozilla\Firefox\Profiles\7tneikau.default\prefs.js] [Preference] Gelöscht : user_pref("iminent.versioning", "");
*************************
:: "Tracing" Schlüssel gelöscht
:: Proxy Einstellungen zurückgesetzt
:: Winsock Einstellungen zurückgesetzt
:: Chrome Richtlinien gelöscht
########## EOF - C:\AdwCleaner\AdwCleaner[C1].txt - [38428 Bytes] ##########
Code:
ATTFilter # AdwCleaner v5.023 - Bericht erstellt am 04/12/2015 um 20:36:46
# Aktualisiert am 30/11/2015 von Xplode
# Datenbank : 2015-12-03.1 [Server]
# Betriebssystem : Windows 8.1 (x64)
# Benutzername : Ulla & Christian - PC
# Gestartet von : C:\Users\Ulla & Christian\Downloads\AdwCleaner_5.023.exe
# Option : Löschen
# Unterstützung : hxxp://toolslib.net/forum
***** [ Dienste ] *****
***** [ Ordner ] *****
[-] Ordner Gelöscht : C:\Program Files (x86)\myfree codec
[-] Ordner Gelöscht : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\myfree codec
[#] Ordner Gelöscht : C:\Users\Jan\AppData\Roaming\Mozilla\Firefox\Profiles\7tneikau.default\Extensions\staged\firefoxmini@go.im.xpi
[-] Ordner Gelöscht : C:\Users\Ulla & Christian\AppData\Roaming\DesktopIconForAmazon
[-] Ordner Gelöscht : C:\Users\Ulla & Christian\AppData\Roaming\OCS
***** [ Dateien ] *****
***** [ DLLs ] *****
***** [ Verknüpfungen ] *****
[-] Verknüpfung Desinfiziert : C:\Users\Ulla & Christian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WorldofTanks\WorldofTanks.lnk
[-] Verknüpfung Desinfiziert : C:\Users\Ulla & Christian\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\WorldofTanks.lnk
***** [ Aufgabenplanung ] *****
[-] Aufgabenplanung Gelöscht : WOT N
[-] Aufgabenplanung Gelöscht : WOT T
***** [ Registrierungsdatenbank ] *****
[-] Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Prod.cap
[-] Schlüssel Gelöscht : HKCU\Software\5f2dedae73ee414
[-] Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{4D076AB4-7562-427A-B5D2-BD96E19DEE56}
[-] Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556}
[-] Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{5C3B5DAA-0AFF-4808-90FB-0F2F2D760E36}
[-] Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{021B4049-F57D-4565-A693-FD3B04786BFA}
[-] Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{0362AA09-808D-48E9-B360-FB51A8CBCE09}
[-] Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{06844020-CD0B-3D3D-A7FE-371153013E49}
[-] Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{0ADC01BB-303B-3F8E-93DA-12C140E85460}
[-] Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{10D3722F-23E6-3901-B6C1-FF6567121920}
[-] Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{1675E62B-F911-3B7B-A046-EB57261212F3}
[-] Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{192929F2-9273-3894-91B0-F54671C4C861}
[-] Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{2932897E-3036-43D9-8A64-B06447992065}
[-] Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{2DE92D29-A042-3C37-BFF8-07C7D8893EFA}
[-] Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{32B80AD6-1214-45F4-994E-78A5D482C000}
[-] Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{3A8E103F-B2B7-3BEF-B3B0-88E29B2420E4}
[-] Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{478CE5D3-D38E-3FFE-8DBE-8C4A0F1C4D8D}
[-] Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{48B7DA4E-69ED-39E3-BAD5-3E3EFF22CFB0}
[-] Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{5982F405-44E4-3BBB-BAC4-CF8141CBBC5C}
[-] Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{5D8C3CC3-3C05-38A1-B244-924A23115FE9}
[-] Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{641593AF-D9FD-30F7-B783-36E16F7A2E08}
[-] Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE}
[-] Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{711FC48A-1356-3932-94D8-A8B733DBC7E4}
[-] Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{72227B7F-1F02-3560-95F5-592E68BACC0C}
[-] Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{7B5E8CE3-4722-4C0E-A236-A6FF731BEF37}
[-] Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{890D4F59-5ED0-3CB4-8E0E-74A5A86E7ED0}
[-] Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{8C68913C-AC3C-4494-8B9C-984D87C85003}
[-] Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{8D019513-083F-4AA5-933F-7D43A6DA82C4}
[-] Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{923F6FB8-A390-370E-A0D2-DD505432481D}
[-] Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{9BBB26EF-B178-35D6-9D3D-B485F4279FE5}
[-] Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{A62DDBE0-8D2A-339A-B089-8CBCC5CD322A}
[-] Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{A82AD04D-0B8E-3A49-947B-6A69A8A9C96D}
[-] Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{ADEB3CC9-A05D-4FCC-BD09-9025456AA3EA}
[-] Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{B06D4521-D09C-3F41-8E39-9D784CCA2A75}
[-] Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{C06DAD42-6F39-4CE1-83CC-9A8B9105E556}
[-] Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{C2E799D0-43A5-3477-8A98-FC5F3677F35C}
[-] Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{D16107CD-2AD5-46A8-BA59-303B7C32C500}
[-] Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{D25B101F-8188-3B43-9D85-201F372BC205}
[-] Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{D2BA7595-5E44-3F1E-880F-03B3139FA5ED}
[-] Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{D35F5C81-17D9-3E1C-A1FC-4472542E1D25}
[-] Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{D8FA96CA-B250-312C-AF34-4FF1DD72589D}
[-] Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{DAFC1E63-3359-416D-9BC2-E7DCA6F7B0F3}
[-] Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{DC5E5C44-80FD-3697-9E65-9F286D92F3E7}
[-] Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{E1B4C9DE-D741-385F-981E-6745FACE6F01}
[-] Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{E7B623F5-9715-3F9F-A671-D1485A39F8A2}
[-] Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{ED916A7B-7C68-3198-B87D-2DABC30A5587}
[-] Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{EFA1BDB2-BB3D-3D9A-8EB5-D0D22E0F64F4}
[-] Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{F4CBF4DD-F8FE-35BA-BB7E-68304DAAB70B}
[-] Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{FC32005D-E27C-32E0-ADFA-152F598B75E7}
[-] Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{94952EC4-DB66-3F32-BE4C-F0BB875EA98E}
[-] Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{11549FE4-7C5A-4C17-9FC3-56FC5162A994}
[-] Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{2BF2028E-3F3C-4C05-AB45-B2F1DCFE0759}
[-] Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{DB538320-D3C5-433C-BCA9-C4081A054FCF}
[-] Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{405592DC-1E4A-47F9-9C3C-DCCC346655FD}
[-] Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID [{58124A0B-DC32-4180-9BFF-E0E21AE34026}]
[-] Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID [{977AE9CC-AF83-45E8-9E03-E2798216E2D5}]
[-] Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID [{A09AB6EB-31B5-454C-97EC-9B294D92EE2A}]
[-] Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{021B4049-F57D-4565-A693-FD3B04786BFA}
[-] Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{0362AA09-808D-48E9-B360-FB51A8CBCE09}
[-] Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{06844020-CD0B-3D3D-A7FE-371153013E49}
[-] Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{0ADC01BB-303B-3F8E-93DA-12C140E85460}
[-] Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{10D3722F-23E6-3901-B6C1-FF6567121920}
[-] Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{1675E62B-F911-3B7B-A046-EB57261212F3}
[-] Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{192929F2-9273-3894-91B0-F54671C4C861}
[-] Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{2932897E-3036-43D9-8A64-B06447992065}
[-] Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{2DE92D29-A042-3C37-BFF8-07C7D8893EFA}
[-] Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{32B80AD6-1214-45F4-994E-78A5D482C000}
[-] Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{3A8E103F-B2B7-3BEF-B3B0-88E29B2420E4}
[-] Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{478CE5D3-D38E-3FFE-8DBE-8C4A0F1C4D8D}
[-] Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{48B7DA4E-69ED-39E3-BAD5-3E3EFF22CFB0}
[-] Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{5982F405-44E4-3BBB-BAC4-CF8141CBBC5C}
[-] Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{5D8C3CC3-3C05-38A1-B244-924A23115FE9}
[-] Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{641593AF-D9FD-30F7-B783-36E16F7A2E08}
[-] Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE}
[-] Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{711FC48A-1356-3932-94D8-A8B733DBC7E4}
[-] Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{72227B7F-1F02-3560-95F5-592E68BACC0C}
[-] Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{7B5E8CE3-4722-4C0E-A236-A6FF731BEF37}
[-] Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{890D4F59-5ED0-3CB4-8E0E-74A5A86E7ED0}
[-] Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{8C68913C-AC3C-4494-8B9C-984D87C85003}
[-] Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{8D019513-083F-4AA5-933F-7D43A6DA82C4}
[-] Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{923F6FB8-A390-370E-A0D2-DD505432481D}
[-] Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{9BBB26EF-B178-35D6-9D3D-B485F4279FE5}
[-] Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{A62DDBE0-8D2A-339A-B089-8CBCC5CD322A}
[-] Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{A82AD04D-0B8E-3A49-947B-6A69A8A9C96D}
[-] Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{ADEB3CC9-A05D-4FCC-BD09-9025456AA3EA}
[-] Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{B06D4521-D09C-3F41-8E39-9D784CCA2A75}
[-] Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{C06DAD42-6F39-4CE1-83CC-9A8B9105E556}
[-] Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{C2E799D0-43A5-3477-8A98-FC5F3677F35C}
[-] Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{D16107CD-2AD5-46A8-BA59-303B7C32C500}
[-] Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{D25B101F-8188-3B43-9D85-201F372BC205}
[-] Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{D2BA7595-5E44-3F1E-880F-03B3139FA5ED}
[-] Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{D35F5C81-17D9-3E1C-A1FC-4472542E1D25}
[-] Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{D8FA96CA-B250-312C-AF34-4FF1DD72589D}
[-] Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{DAFC1E63-3359-416D-9BC2-E7DCA6F7B0F3}
[-] Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{DC5E5C44-80FD-3697-9E65-9F286D92F3E7}
[-] Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{E1B4C9DE-D741-385F-981E-6745FACE6F01}
[-] Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{E7B623F5-9715-3F9F-A671-D1485A39F8A2}
[-] Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{ED916A7B-7C68-3198-B87D-2DABC30A5587}
[-] Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{EFA1BDB2-BB3D-3D9A-8EB5-D0D22E0F64F4}
[-] Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{F4CBF4DD-F8FE-35BA-BB7E-68304DAAB70B}
[-] Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{FC32005D-E27C-32E0-ADFA-152F598B75E7}
[-] Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{94952EC4-DB66-3F32-BE4C-F0BB875EA98E}
[-] Schlüssel Gelöscht : HKCU\Software\Myfree Codec
[-] Schlüssel Gelöscht : HKCU\Software\OCS
[-] Schlüssel Gelöscht : HKCU\Software\Softonic
[-] Schlüssel Gelöscht : HKLM\SOFTWARE\Myfree Codec
[-] Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\{206a7328-437f-4bd9-b53e-12bfee24d588}
[-] Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\WorldofTanks
[-] Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\MyFreeCodec
[-] Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{1837A345-0C6D-42AE-ACD6-6C4F5FF490BA}
[-] Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SearchTheWebARP
[-] Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Your Software Deals_is1
[-] Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DesktopIconAmazon
[-] Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SearchAnonymizer
[-] Schlüssel Gelöscht : HKU\S-1-5-21-3876800203-89553269-3656360523-1003-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0\Software\Myfree Codec
[-] Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Installer\UpgradeCodes\F1057DD419AED0B468AD8888429E139A
[-] Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0238BBE24EA3A70408B81E4BB89C15E5
[-] Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0702826FCAC36EE52AC0441EEEEE2170
[-] Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1198E28F40C3E185E9958608554D4253
[-] Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\14C66209FCA938858B9729645C666684
[-] Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\15A073601B9AEC3549BE4A9314794615
[-] Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1F7C80F9CE5CDF44E9AADDC99402534C
[-] Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\206AF45B775E3A445B3B2273827DA85F
[-] Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\225C3CBCEB850204D860A6C7CC7724AF
[-] Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2310FC151CD4F185798FA0996B3524D7
[-] Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\28572D2E2DE533256AC6B560EA573C22
[-] Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\29799DE249E7DBC459FC6C8F07EB8375
[-] Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\29C79786B109AC443B0DC7BFD61B1896
[-] Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2ABB56EABB920EB59B04BDDD26A62083
[-] Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2DABA02DFED47E352A2FA2EBDD6F6187
[-] Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\311567B4A9A002050BB9423FD73FB880
[-] Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\373FCED70D7F84E5FB5F3F7B76BEE024
[-] Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\3BE992C130B235E53A2937391FDCA35B
[-] Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\3DA5F64B3483DE549947A9164ACBAD21
[-] Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\3ED93605BB9B6635E9D0D86615AF31F1
[-] Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\43C098337DB065A49B665D4EA7F16D1C
[-] Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\4759B017032BA185F9BA6F7DBC95A2D4
[-] Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\4A78ABCBB54E46E5482A3EE0AD66C39E
[-] Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\4F9E947B6B895EB5A86757FC5D3DB862
[-] Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\4FEEA83BF72B97E43A2DF0EE4BE4F261
[-] Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\509EC7EFB89B7D942997574AB14037A4
[-] Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\50A730A9A3A61BF5BA70CA8A3B7C133B
[-] Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\51A95A1D4CDE4F958A9451FBB39BF54A
[-] Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\536133807DE80465BA6CD0A9742B7DE5
[-] Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\5E25036E68895D45B95E72D1C3C58C74
[-] Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\60ECC80C54085B141A40437A96CA2618
[-] Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\60FD8CD5BE007315CA3B5C7E41F24017
[-] Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\618E7D05458C4F257909ED9C8CDC0D66
[-] Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\621C21014D3C152529E2460FA6304EE3
[-] Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6241FF6F317CABD4EBBEE0DE9076BD94
[-] Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\636B9C23C79154B57AB561F39A139BFD
[-] Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\65AAF0F0CB7F0B45F900FDF19CEAAF2B
[-] Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6879A5E348601C45986308CA84958E94
[-] Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6A6F3B7A9805E1F5492A1020EEDF2341
[-] Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6B1F5D204E4EEB342A5AD1D7E60D61BF
[-] Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7005A2A4DCF9DD7548137AB17E3A3AF3
[-] Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\712EAF07EE73CC65C822CC3BAE3B2483
[-] Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\75FF6D97AF9FC004A9521D4B83FA6321
[-] Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7947B301B2446E752A3FE06EAD7D26B5
[-] Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7987CE52D13E16258B0E1E3DB1BB0974
[-] Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7BEED197C514FDA53901AE8DD8EF0891
[-] Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7DFDCF03D46C34159BDE29FBDBF1ACF5
[-] Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\87EC9ACEAFE8ECD52A529663CD35213F
[-] Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\890F436B85B790A55A582B7307DA12CE
[-] Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\8C13DA6755F685B529615C8E92B3CA39
[-] Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\8D07CD9CB3E6BE652872BF06A1CCA782
[-] Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\90841B1FC98200349925C88999866F17
[-] Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\94194FDD4DF523E53A888D65722A135D
[-] Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\95266D07D008D2E4E9B6F8E0DD15432A
[-] Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A4223BBC9438CAD49BBE10B4E344B1DD
[-] Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A71991503412AEB42838B02C5ED9F9CD
[-] Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A72F23B1D745C27508518132197BC982
[-] Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A89E2B6FB14D8275DA63D075171DA184
[-] Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A9C43CD4001E9E4518B274AF9A0EFDA9
[-] Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\AABA081CF7F19915FBB80B3BAF47CE63
[-] Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\AC2A0FFD0A1686D53A4E24D6E96949E4
[-] Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\AE5BDB2750259915D8442D4591A7717B
[-] Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B1A79C71D5DC1C150B76B6ED11195DFC
[-] Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B6D497DB33974935488761F7C4C3D755
[-] Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B752EF3300008394886C402CC27B474F
[-] Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B8C8BCC1206978D51A8B9EECBF806C53
[-] Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BAD3576CEA646895B962F94754612791
[-] Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BB4091512C8F4295E99CE2D061ED2020
[-] Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BEE6BBC9A31531F598794A62120B51C7
[-] Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\C19162788CA4D235E829F88E2F771567
[-] Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\C71F07DA356B66B5484A8E7F2ADEB7DC
[-] Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\C96AD15EE8E887B56BAF2136A9088503
[-] Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\C9E6B66ECC49D155888399C51D05C49E
[-] Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\CA360F24F0B214744BE40657FDA0B727
[-] Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\CB13D869D7D092348847B7481BB59E27
[-] Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\CE85F265816AE2D4E9B73C3E207E679C
[-] Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D5389AEEA4A1E20428D045E86BCF643B
[-] Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D5B62BB7BC607FB539585E2B7B6AFD16
[-] Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DB027F01D4D53765C8E4FBE7DB77E07E
[-] Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DC2EB492393411F5ABE8ED13C59FBF20
[-] Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DDA2534BD056D1F44B6EC96AAA7F1F6E
[-] Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DDCA763D4C48A105086B4CCCEE78043F
[-] Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DEF7558C7CD27EF46AF802AFBE402675
[-] Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E05B987540A9E2849AAF9E5B06C27DA8
[-] Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E09F4A6B9D2A08B599AE9E38BFC93CD6
[-] Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E27B6535D0D94A24E91047C7D86F27BC
[-] Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E45D171E075A5425CBACF6631A45FA39
[-] Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E513C2076D90AD04F888BD762143F191
[-] Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E8F4C985459564F5B8DCFF2B3C7EBD27
[-] Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E96E33222BAC06B57A1FA9D72951C945
[-] Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\EAA46CE9007F70A5CAFA5F26E5DDEBE5
[-] Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\EE43FF091A8714A599F33EF2533FB59A
[-] Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\EE790015CF30DAA569960905FF1651A0
[-] Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\EEB44C47185BD304D80FDF5A4BBE8F54
[-] Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F214EB834D2EC474CA76C1CDE306CF3A
[-] Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F25491036D0FA5D5FA6742F5742F151A
[-] Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F2E0D3DD9E5E4B74CA43BCE77815E287
[-] Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F4D1BA8B482D9734E943EE260A7ADEF2
[-] Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F6704141BAAF6884785EC6843143D6A7
[-] Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F7507D4D4C310125E9A22BD909A41FB6
[-] Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F7652513C62FF63448CFF05163719DB7
[-] Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F79C21D785419125595AC59458A6142D
[-] Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\FA15C90F092A60F53A4E0F88CED02968
[-] Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\FA1CF130B3D58B553833ACB6BE8AFAD4
[-] Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\FB0F1A18E4F0DBD509A42F4D4C05C02A
[-] Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\FD17ED194F1C2B457B4F6EF4AE8DEAF3
[-] Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\18C9E3869A16248439FE3FF9EB02207A
[-] Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\5D8011310B2622942868A458964FFDC5
[-] Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6C63F7979DCC2154CB9591969A5CB89D
[-] Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6DD31E6C1A73B334383DF186676F4D20
[-] Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\AB3204F747B20694B8D49EF92D8DC94B
[-] Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\C81E33A400B6F814E90C7A3354E2A3A5
[-] Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\EDBF68C5F16790341B7C6FD7C7F8E4FC
[-] Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\FFA531D0F3A71504DA7AC6A11CE33739
[-] Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\F1057DD419AED0B468AD8888429E139A
[-] Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0376A5AC-5698-4CFB-BF5B-1A12FE88CE17}
[-] Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{2B9277F9-9AFF-4BE1-8D9F-5C47ACDE8AF9}
[-] Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{471E55EA-5870-4D06-85B1-087E723116A4}
[-] Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{68DA0295-7A32-4CC5-A929-A2513D7186F0}
[-] Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{B52B0020-6410-4905-8380-4EED9883BE80}
[-] Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}
***** [ Internetbrowser ] *****
[-] [C:\Users\Ulla & Christian\AppData\Roaming\Mozilla\Firefox\Profiles\7shvkqc1.default\prefs.js] [Preference] Gelöscht : user_pref("iminent.LayoutId", "1");
[-] [C:\Users\Ulla & Christian\AppData\Roaming\Mozilla\Firefox\Profiles\7shvkqc1.default\prefs.js] [Preference] Gelöscht : user_pref("iminent.ShowThankyouPixel", "0");
[-] [C:\Users\Ulla & Christian\AppData\Roaming\Mozilla\Firefox\Profiles\7shvkqc1.default\prefs.js] [Preference] Gelöscht : user_pref("iminent._oaZGabJJ8Q_", "{\"cpt\":0,\"cpr\":0,\"s\":0,\"es\":3}");
[-] [C:\Users\Ulla & Christian\AppData\Roaming\Mozilla\Firefox\Profiles\7shvkqc1.default\prefs.js] [Preference] Gelöscht : user_pref("iminent.adapters", "{\"get3.adobe.com\":{\"CountryCode\":\"DE\",\"NoAds\":false,\"Status\":2,\"AdapterKey\":\"default_adapter\",\"v\":true,\"p\":0,\"t\":1,\"th\":1.1,\"expireTime\":\"140891[...]
[-] [C:\Users\Ulla & Christian\AppData\Roaming\Mozilla\Firefox\Profiles\7shvkqc1.default\prefs.js] [Preference] Gelöscht : user_pref("iminent.externalScripts", "{\"value\":[{\"addonUid\":\"b7110a40-a16f-4a12-a411-bd0b6014905a\",\"name\":\"Superfish\",\"addonId\":2,\"url\":\"//www.superfish.com/ws/sf_main.jsp\",\"queryStri[...]
[-] [C:\Users\Ulla & Christian\AppData\Roaming\Mozilla\Firefox\Profiles\7shvkqc1.default\prefs.js] [Preference] Gelöscht : user_pref("iminent.externalScripts.iRobinHood.IROBPKG", "{\"pkgid\":\"wrPCtMK3wrHCtMK4wrbCtcK0\",\"raw_pkgid\":\"256059745\"}");
[-] [C:\Users\Ulla & Christian\AppData\Roaming\Mozilla\Firefox\Profiles\7shvkqc1.default\prefs.js] [Preference] Gelöscht : user_pref("iminent.externalScripts.iRobinHood.irobsettings2", "[{\"ALERT_MESSAGES\":1,\"Analytics_code\":\"\",\"APPROVE_STRIP_COLOR\":\"4BBA42 \",\"CHARITY_URL\":\"hxxp://iminent.donation-tools.org[...]
[-] [C:\Users\Ulla & Christian\AppData\Roaming\Mozilla\Firefox\Profiles\7shvkqc1.default\prefs.js] [Preference] Gelöscht : user_pref("iminent.externalScripts.iRobinHood.menuURL", "hxxp://iminent.donation-tools.org/home.aspx?pkgId=wrPCtMK3wrHCtMK4wrbCtcK0");
[-] [C:\Users\Ulla & Christian\AppData\Roaming\Mozilla\Firefox\Profiles\7shvkqc1.default\prefs.js] [Preference] Gelöscht : user_pref("iminent.registerToolbarEvent102", "1416262758803");
[-] [C:\Users\Ulla & Christian\AppData\Roaming\Mozilla\Firefox\Profiles\7shvkqc1.default\prefs.js] [Preference] Gelöscht : user_pref("iminent.registerToolbarEvent109", "1416170232538");
[-] [C:\Users\Ulla & Christian\AppData\Roaming\Mozilla\Firefox\Profiles\7shvkqc1.default\prefs.js] [Preference] Gelöscht : user_pref("iminent.registerToolbarEvent110", "1414520649129");
[-] [C:\Users\Ulla & Christian\AppData\Roaming\Mozilla\Firefox\Profiles\7shvkqc1.default\prefs.js] [Preference] Gelöscht : user_pref("iminent.registerToolbarEvent111", "1416170231631");
[-] [C:\Users\Ulla & Christian\AppData\Roaming\Mozilla\Firefox\Profiles\7shvkqc1.default\prefs.js] [Preference] Gelöscht : user_pref("iminent.registerToolbarEvent112", "1416170232608");
[-] [C:\Users\Ulla & Christian\AppData\Roaming\Mozilla\Firefox\Profiles\7shvkqc1.default\prefs.js] [Preference] Gelöscht : user_pref("iminent.registerToolbarEvent122", "1416170232705");
[-] [C:\Users\Ulla & Christian\AppData\Roaming\Mozilla\Firefox\Profiles\7shvkqc1.default\prefs.js] [Preference] Gelöscht : user_pref("iminent.registerToolbarEvent136", "1414609195025");
[-] [C:\Users\Ulla & Christian\AppData\Roaming\Mozilla\Firefox\Profiles\7shvkqc1.default\prefs.js] [Preference] Gelöscht : user_pref("iminent.registerToolbarEvent140", "1416259266190");
[-] [C:\Users\Ulla & Christian\AppData\Roaming\Mozilla\Firefox\Profiles\7shvkqc1.default\prefs.js] [Preference] Gelöscht : user_pref("iminent.trackExternalScripts12", "1415310470837");
[-] [C:\Users\Ulla & Christian\AppData\Roaming\Mozilla\Firefox\Profiles\7shvkqc1.default\prefs.js] [Preference] Gelöscht : user_pref("iminent.trackExternalScripts14", "1415278245956");
[-] [C:\Users\Ulla & Christian\AppData\Roaming\Mozilla\Firefox\Profiles\7shvkqc1.default\prefs.js] [Preference] Gelöscht : user_pref("iminent.trackExternalScripts15", "1415309653277");
[-] [C:\Users\Ulla & Christian\AppData\Roaming\Mozilla\Firefox\Profiles\7shvkqc1.default\prefs.js] [Preference] Gelöscht : user_pref("iminent.trackExternalScripts16", "1415226049923");
[-] [C:\Users\Ulla & Christian\AppData\Roaming\Mozilla\Firefox\Profiles\7shvkqc1.default\prefs.js] [Preference] Gelöscht : user_pref("iminent.trackExternalScripts2", "1415226048960");
[-] [C:\Users\Ulla & Christian\AppData\Roaming\Mozilla\Firefox\Profiles\7shvkqc1.default\prefs.js] [Preference] Gelöscht : user_pref("iminent.trackExternalScripts3", "1415226049499");
[-] [C:\Users\Ulla & Christian\AppData\Roaming\Mozilla\Firefox\Profiles\7shvkqc1.default\prefs.js] [Preference] Gelöscht : user_pref("iminent.trackExternalScripts5", "1415226049606");
[-] [C:\Users\Ulla & Christian\AppData\Roaming\Mozilla\Firefox\Profiles\7shvkqc1.default\prefs.js] [Preference] Gelöscht : user_pref("iminent.trackExternalScripts6", "1415309640296");
[-] [C:\Users\Ulla & Christian\AppData\Roaming\Mozilla\Firefox\Profiles\7shvkqc1.default\prefs.js] [Preference] Gelöscht : user_pref("iminent.trackExternalScripts7", "1415226049713");
[-] [C:\Users\Ulla & Christian\AppData\Roaming\Mozilla\Firefox\Profiles\7shvkqc1.default\prefs.js] [Preference] Gelöscht : user_pref("iminent.trackExternalScripts8", "1415226049814");
[-] [C:\Users\Ulla & Christian\AppData\Roaming\Mozilla\Firefox\Profiles\7shvkqc1.default\prefs.js] [Preference] Gelöscht : user_pref("iminent.trackExternalScripts9", "1415309652970");
[-] [C:\Users\Ulla & Christian\AppData\Roaming\Mozilla\Firefox\Profiles\7shvkqc1.default\prefs.js] [Preference] Gelöscht : user_pref("iminent.trackingInfo", "{\"state\":0,\"samplingRate\":0}");
[-] [C:\Users\Ulla & Christian\AppData\Roaming\Mozilla\Firefox\Profiles\7shvkqc1.default\prefs.js] [Preference] Gelöscht : user_pref("iminent.version", "8.45.2.1");
[-] [C:\Users\Ulla & Christian\AppData\Roaming\Mozilla\Firefox\Profiles\7shvkqc1.default\prefs.js] [Preference] Gelöscht : user_pref("iminent.versioning", "{\"CurrentVersion\":\"8.45.2.1\",\"InstallEventCTime\":1416178805692,\"InstallEvent\":\"True\"}");
[-] [C:\Users\Jan\AppData\Roaming\Mozilla\Firefox\Profiles\7tneikau.default\prefs.js] [Preference] Gelöscht : user_pref("iminent._oaZGabJJ8Q_", "{\"cpt\":0,\"cpr\":0,\"s\":0,\"es\":3}");
[-] [C:\Users\Jan\AppData\Roaming\Mozilla\Firefox\Profiles\7tneikau.default\prefs.js] [Preference] Gelöscht : user_pref("iminent.adapters", "{\"www.google.de\":{\"CountryCode\":\"DE\",\"NoAds\":false,\"Status\":1,\"AdapterKey\":\"google\",\"v\":true,\"p\":0,\"t\":1,\"th\":1.1,\"expireTime\":\"1409337617899864[...]
[-] [C:\Users\Jan\AppData\Roaming\Mozilla\Firefox\Profiles\7tneikau.default\prefs.js] [Preference] Gelöscht : user_pref("iminent.registerToolbarEvent102", "1409337619205");
[-] [C:\Users\Jan\AppData\Roaming\Mozilla\Firefox\Profiles\7tneikau.default\prefs.js] [Preference] Gelöscht : user_pref("iminent.trackingInfo", "{\"state\":0,\"samplingRate\":0}");
[-] [C:\Users\Jan\AppData\Roaming\Mozilla\Firefox\Profiles\7tneikau.default\prefs.js] [Preference] Gelöscht : user_pref("iminent.version", "8.31.1.1");
[-] [C:\Users\Jan\AppData\Roaming\Mozilla\Firefox\Profiles\7tneikau.default\prefs.js] [Preference] Gelöscht : user_pref("iminent.versioning", "{\"CurrentVersion\":\"8.31.1.1\",\"InstallEventCTime\":1409337604546,\"InstallEvent\":\"True\"}");
[-] [C:\Users\Jan\AppData\Roaming\Mozilla\Firefox\Profiles\7tneikau.default\prefs.js] [Preference] Gelöscht : user_pref("iminent.versioning", "");
*************************
:: "Tracing" Schlüssel gelöscht
:: Proxy Einstellungen zurückgesetzt
:: Winsock Einstellungen zurückgesetzt
:: Chrome Richtlinien gelöscht
########## EOF - C:\AdwCleaner\AdwCleaner[C1].txt - [38428 Bytes] ##########
Code:
ATTFilter ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.0.1 (11.24.2015)
Operating System: Windows 8.1 x64
Ran by Ulla & Christian (Administrator) on 04.12.2015 at 20:51:44,42
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
File System: 4
Successfully deleted: C:\Users\Ulla & Christian\AppData\Local\worldoftanks (Folder)
Successfully deleted: C:\Users\Ulla & Christian\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\worldoftanks.lnk (Shortcut)
Successfully deleted: C:\Users\Ulla & Christian\AppData\Roaming\worldoftanks (Folder)
Successfully deleted: C:\WINDOWS\wininit.ini (File)
Registry: 1
Successfully deleted: HKLM\Software\Microsoft\Internet Explorer\SearchScopes\{471E55EA-5870-4D06-85B1-087E723116A4} (Registry Key)
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 04.12.2015 at 20:53:31,75
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
|
|
04.12.2015, 21:06
| #9 |
| | Virus hängt an alle Dateien .vvv und dann noch der Text von FRST: Code:
ATTFilter Untersuchungsergebnis von Farbar Recovery Scan Tool (FRST) (x64) Version:30-11-2015
durchgeführt von Ulla & Christian (Administrator) auf PC (04-12-2015 21:04:01)
Gestartet von C:\Users\Ulla & Christian\Downloads
Geladene Profile: Ulla & Christian (Verfügbare Profile: Ulla & Christian & Jan)
Platform: Windows 8.1 (X64) Sprache: Deutsch (Deutschland)
Internet Explorer Version 11 (Standard-Browser: FF)
Start-Modus: Normal
Anleitung für Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Prozesse (Nicht auf der Ausnahmeliste) =================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Prozess geschlossen. Die Datei wird nicht verschoben.)
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Sicherheit-Ordnung\Avira\AntiVir Desktop\sched.exe
(ArcSoft Inc.) C:\Program Files (x86)\Common Files\ArcSoft\esinter\Bin\eservutil.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Sicherheit-Ordnung\Avira\AntiVir Desktop\avguard.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(The OpenVPN Project) C:\Program Files (x86)\Sophos\Sophos SSL VPN Client\bin\openvpnserv.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(DEVGURU Co., LTD.) C:\Program Files (x86)\Samsung\USB Drivers\25_escape\conn\ss_conn_service.exe
() C:\Program Files (x86)\Synology\Assistant\UsbClientService.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Sicherheit-Ordnung\Avira\AntiVir Desktop\avshadow.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Sicherheit-Ordnung\Avira\AntiVir Desktop\avgnt.exe
() C:\Program Files (x86)\Sophos\Sophos SSL VPN Client\bin\openvpn-gui.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Connected Remote\HPConnectedRemoteService.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Connected Remote\HPConnectedRemoteUser.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Farbar) C:\Users\Ulla & Christian\Downloads\FRST64(1).exe
==================== Registry (Nicht auf der Ausnahmeliste) ===========================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt. Die Datei wird nicht verschoben.)
HKLM\...\Run: [BeatsOSDApp] => C:\Program Files\IDT\WDM\beats64.exe [41664 2013-11-20] (Hewlett-Packard )
HKLM\...\Run: [Ocs_SM] => C:\Users\Ulla & Christian\AppData\Roaming\OCS\SM\SearchAnonymizer.exe
HKLM\...\Run: [KiesTrayAgent] => C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe [311616 2015-07-27] (Samsung Electronics Co., Ltd.)
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1703424 2013-11-20] (IDT, Inc.)
HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Sicherheit-Ordnung\Avira\AntiVir Desktop\avgnt.exe [803200 2015-12-01] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1021128 2014-11-20] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [openvpn-gui] => C:\Program Files (x86)\Sophos\Sophos SSL VPN Client\bin\openvpn-gui.exe [436776 2013-06-14] ()
HKLM-x32\...\Run: [ConnectionCenter] => C:\Program Files (x86)\Citrix\ICA Client\concentr.exe [304568 2010-10-12] (Citrix Systems, Inc.)
HKLM-x32\...\Run: [LWS] => C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe [204136 2012-09-12] (Logitech Inc.)
HKLM-x32\...\Run: [KiesTrayAgent] => C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe [311616 2015-07-27] (Samsung Electronics Co., Ltd.)
HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKU\S-1-5-21-3876800203-89553269-3656360523-1001\...\Run: [CCleaner Monitoring] => C:\Program Files (x86)\Sicherheit-Ordnung\CCleaner64.exe [8455960 2015-08-20] (Piriform Ltd)
HKU\S-1-5-21-3876800203-89553269-3656360523-1001\...\Run: [Spybot-S&D Cleaning] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe [4566952 2014-06-24] (Safer-Networking Ltd.)
HKU\S-1-5-21-3876800203-89553269-3656360523-1001\...\Run: [SpybotPostWindows10UpgradeReInstall] => C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe [1011200 2015-07-28] (Safer-Networking Ltd.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk [2015-11-15]
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.11.226\SSScheduler.exe (McAfee, Inc.)
==================== Internet (Nicht auf der Ausnahmeliste) ====================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Eintrag entfernt oder auf den Standardwert zurückgesetzt, wenn es sich um einen Registryeintrag handelt.)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
Tcpip\..\Interfaces\{82DFC5A4-518D-445C-A2B1-591A6747A3D5}: [DhcpNameServer] 192.168.103.1 192.168.103.20
Tcpip\..\Interfaces\{B56279DC-0CCA-4C4C-8F65-B5B765D59070}: [DhcpNameServer] 192.168.2.1
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://search.avira.net/#web/result?source=art&q=
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxps://search.avira.net/#web/result?source=art&q=
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxps://search.avira.net/#web/result?source=art&q=
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxps://search.avira.net/#web/result?source=art&q=
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxps://search.avira.net/#web/result?source=art&q=
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxps://search.avira.net/#web/result?source=art&q=
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxps://search.avira.net/#web/result?source=art&q=
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxps://search.avira.net/#web/result?source=art&q=
HKU\S-1-5-21-3876800203-89553269-3656360523-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxps://search.avira.net/#web/result?source=art&q=
HKU\S-1-5-21-3876800203-89553269-3656360523-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://search.avira.net/#web/result?source=art&q=
HKU\S-1-5-21-3876800203-89553269-3656360523-1001\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.bing.com
HKU\S-1-5-21-3876800203-89553269-3656360523-1001\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxps://search.avira.net/#web/result?source=art&q=
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM -> {471E55EA-5870-4D06-85B1-087E723116A4} URL = hxxp://www.amazon.de/s/ref=azs_osd_ieade?ie=UTF-8&tag=hp-de1-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/707-154345-12128-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/707-154345-12128-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
SearchScopes: HKU\S-1-5-21-3876800203-89553269-3656360523-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-3876800203-89553269-3656360523-1001 -> {F2109080-1672-4F41-BDB0-B480859F3699} URL = hxxp://www.google.de/search?q={searchTerms}
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\ssv.dll [2015-01-28] (Oracle Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\jp2ssv.dll [2015-01-28] (Oracle Corporation)
Toolbar: HKU\S-1-5-21-3876800203-89553269-3656360523-1001 -> Kein Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - Keine Datei
Handler-x32: http - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL [1999-02-03] (Microsoft Corporation)
Handler-x32: http - {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL [1999-02-03] (Microsoft Corporation)
Handler-x32: https - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL [1999-02-03] (Microsoft Corporation)
Handler-x32: https - {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL [1999-02-03] (Microsoft Corporation)
Handler-x32: ipp - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL [1999-02-03] (Microsoft Corporation)
Handler-x32: msdaipp - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL [1999-02-03] (Microsoft Corporation)
Handler-x32: msdaipp - {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL [1999-02-03] (Microsoft Corporation)
Filter-x32: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2010-10-12] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2010-10-12] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2010-10-12] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2010-10-12] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2010-10-12] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2010-10-12] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2010-10-12] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2010-10-12] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2010-10-12] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2010-10-12] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2010-10-12] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2010-10-12] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2010-10-12] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2010-10-12] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2010-10-12] (Citrix Systems, Inc.)
Filter-x32: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2010-10-12] (Citrix Systems, Inc.)
FireFox:
========
FF ProfilePath: C:\Users\Ulla & Christian\AppData\Roaming\Mozilla\Firefox\Profiles\7shvkqc1.default
FF SelectedSearchEngine: Bing
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_19_0_0_245.dll [2015-11-10] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.0.2 -> C:\Program Files (x86)\Filme - Video\VLC\npvlc.dll [2012-06-28] (VideoLAN)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_19_0_0_245.dll [2015-11-10] ()
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Bilder\Picasa3\npPicasa3.dll [2014-01-06] (Google, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll [2015-01-28] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\plugin2\npjp2.dll [2015-01-28] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll [2010-04-26] (Microsoft Corp.)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3503.0728 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-07-28] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2013-08-29] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2013-08-29] (NVIDIA Corporation)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2013-12-21] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-3876800203-89553269-3656360523-1001: amazon.com/AmazonMP3DownloaderPlugin -> C:\Users\Ulla & Christian\AppData\Local\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin10181.dll [2013-05-22] (Amazon.com, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\CCMSDK.dll [2010-10-12] (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\cgpcfg.dll [2010-10-12] (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\CgpCore.dll [2010-10-12] (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\confmgr.dll [2010-10-12] (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\ctxlogging.dll [2010-10-12] (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\ctxmui.dll [2010-10-12] (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\icafile.dll [2010-10-12] (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\icalogon.dll [2010-10-12] (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npicaN.dll [2010-10-12] ()
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2013-12-21] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\sslsdk_b.dll [2010-07-14] (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\TcpPServ.dll [2010-10-12] (Citrix Systems, Inc.)
FF SearchPlugin: C:\Users\Ulla & Christian\AppData\Roaming\Mozilla\Firefox\Profiles\7shvkqc1.default\searchplugins\how_recover+yer.html [2015-11-29]
FF SearchPlugin: C:\Users\Ulla & Christian\AppData\Roaming\Mozilla\Firefox\Profiles\7shvkqc1.default\searchplugins\how_recover+yer.txt [2015-11-29]
FF Extension: Shrunked Image Resizer - C:\Users\Ulla & Christian\AppData\Roaming\Mozilla\Firefox\Profiles\7shvkqc1.default\extensions\shrunked@darktrojan.net.xpi [2015-09-14]
FF Extension: Avira Browser Safety - C:\Users\Ulla & Christian\AppData\Roaming\Mozilla\Firefox\Profiles\7shvkqc1.default\Extensions\abs@avira.com [2015-11-29] [ist nicht signiert]
Chrome:
=======
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
==================== Dienste (Nicht auf der Ausnahmeliste) ========================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
R2 ADExchange; C:\Program Files (x86)\Common Files\ArcSoft\esinter\Bin\eservutil.exe [43112 2012-02-16] (ArcSoft Inc.)
S2 AntiVirMailService; C:\Program Files (x86)\Sicherheit-Ordnung\Avira\AntiVir Desktop\avmailc7.exe [948392 2015-12-01] (Avira Operations GmbH & Co. KG)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Sicherheit-Ordnung\Avira\AntiVir Desktop\sched.exe [466408 2015-12-01] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Sicherheit-Ordnung\Avira\AntiVir Desktop\avguard.exe [466408 2015-12-01] (Avira Operations GmbH & Co. KG)
S2 AntiVirWebService; C:\Program Files (x86)\Sicherheit-Ordnung\Avira\AntiVir Desktop\avwebg7.exe [1418560 2015-12-01] (Avira Operations GmbH & Co. KG)
S3 DfSdkS; C:\Program Files (x86)\Ashampoo\Ashampoo WinOptimizer 2015\DfsdkS64.exe [544768 2009-08-24] (mst software GmbH, Germany) [Datei ist nicht signiert]
R2 HP Support Assistant Service; C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [92160 2013-11-04] (Hewlett-Packard Company) [Datei ist nicht signiert]
R2 HPConnectedRemote; c:\Program Files (x86)\Hewlett-Packard\HP Connected Remote\HPConnectedRemoteService.exe [35744 2012-10-12] (Hewlett-Packard)
S2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [1135416 2015-10-05] (Malwarebytes)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.11.226\McCHSvc.exe [289256 2015-10-30] (McAfee, Inc.)
S3 OpenVPNService; C:\Program Files (x86)\Sophos\Sophos SSL VPN Client\bin\openvpnserv.exe [59432 2013-06-14] (The OpenVPN Project)
R2 OpenVPNServiceInteractive; C:\Program Files (x86)\Sophos\Sophos SSL VPN Client\bin\openvpnserv.exe [59432 2013-06-14] (The OpenVPN Project)
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)
R2 ss_conn_service; C:\Program Files (x86)\Samsung\USB Drivers\25_escape\conn\ss_conn_service.exe [743688 2015-05-21] (DEVGURU Co., LTD.)
R2 STacSV; C:\Program Files\IDT\WDM\STacSV64.exe [339456 2013-11-20] (IDT, Inc.) [Datei ist nicht signiert]
R2 UsbClientService; C:\Program Files (x86)\Synology\Assistant\UsbClientService.exe [248736 2014-12-17] ()
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366552 2015-07-07] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2015-07-07] (Microsoft Corporation)
===================== Treiber (Nicht auf der Ausnahmeliste) ==========================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
R0 ambakdrv; C:\Windows\System32\ambakdrv.sys [30648 2013-04-27] () [Datei ist nicht signiert]
R2 ammntdrv; C:\windows\system32\ammntdrv.sys [151480 2013-04-27] () [Datei ist nicht signiert]
R2 amwrtdrv; C:\windows\system32\amwrtdrv.sys [17848 2013-02-06] () [Datei ist nicht signiert]
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [135880 2015-12-01] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [146696 2015-12-01] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\system32\DRIVERS\avkmgr.sys [35488 2015-12-01] (Avira Operations GmbH & Co. KG)
R2 avnetflt; C:\Windows\system32\DRIVERS\avnetflt.sys [73032 2015-12-01] (Avira Operations GmbH & Co. KG)
R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [92536 2012-06-25] (CyberLink)
S0 ebdrv; C:\Windows\System32\drivers\evbda.sys [3357024 2013-08-22] (Broadcom Corporation)
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25816 2015-10-05] (Malwarebytes)
S3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [64216 2015-10-05] (Malwarebytes Corporation)
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44560 2015-07-07] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [270168 2015-07-07] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114520 2015-07-07] (Microsoft Corporation)
==================== NetSvcs (Nicht auf der Ausnahmeliste) ===================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
==================== Ein Monat: Erstellte Dateien und Ordner ========
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)
2015-12-04 20:53 - 2015-12-04 20:53 - 00001049 _____ C:\Users\Ulla & Christian\Desktop\JRT.txt
2015-12-04 20:50 - 2015-12-04 20:50 - 01599336 _____ (Malwarebytes) C:\Users\Ulla & Christian\Downloads\JRT.exe
2015-12-04 20:34 - 2015-12-04 20:36 - 00000000 ____D C:\AdwCleaner
2015-12-04 20:31 - 2015-12-04 20:31 - 01736704 _____ C:\Users\Ulla & Christian\Downloads\AdwCleaner_5.023.exe
2015-12-04 19:57 - 2015-12-04 20:46 - 00000000 ____D C:\Program Files (x86)\ Malwarebytes Anti-Malware
2015-12-04 19:57 - 2015-12-04 19:57 - 00001123 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2015-12-04 19:57 - 2015-12-04 19:57 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware
2015-12-04 19:57 - 2015-10-05 09:50 - 00064216 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys
2015-12-04 19:57 - 2015-10-05 09:50 - 00025816 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2015-12-04 19:15 - 2015-12-04 19:16 - 22908888 _____ (Malwarebytes ) C:\Users\Ulla & Christian\Downloads\mbam-setup-2.2.0.1024.exe
2015-12-02 13:49 - 2015-12-02 13:49 - 00294272 _____ C:\WINDOWS\Minidump\120215-20734-01.dmp
2015-12-02 13:21 - 2015-12-02 13:51 - 00000000 ____D C:\Program Files\Recuva
2015-12-02 13:21 - 2015-12-02 13:21 - 00001679 _____ C:\Users\Public\Desktop\Recuva.lnk
2015-12-02 13:21 - 2015-12-02 13:21 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Recuva
2015-12-02 13:14 - 2015-12-02 13:20 - 04426120 _____ (Piriform Ltd) C:\Users\Ulla & Christian\Downloads\rcsetup152.exe
2015-12-02 13:07 - 2015-12-02 13:07 - 00380416 _____ C:\Users\Ulla & Christian\Downloads\Gmer-19357.exe
2015-12-01 22:13 - 2015-12-01 22:16 - 00235860 _____ C:\TDSSKiller.3.1.0.7_01.12.2015_22.13.25_log.txt
2015-12-01 22:12 - 2015-12-01 22:12 - 00000560 _____ C:\TDSSKiller.3.1.0.7_01.12.2015_22.12.00_log.txt
2015-12-01 22:11 - 2015-12-01 22:11 - 04398264 _____ (Kaspersky Lab ZAO) C:\Users\Ulla & Christian\Downloads\tdsskiller.exe
2015-12-01 21:28 - 2015-12-01 21:28 - 00001093 _____ C:\Users\Ulla & Christian\Desktop\mbar.lnk
2015-12-01 21:10 - 2015-12-01 21:10 - 00001301 _____ C:\Users\Ulla & Christian\Downloads\mbar-1.09.3.1001.exe - Verknüpfung.lnk
2015-12-01 20:42 - 2015-12-01 20:42 - 00000000 ____D C:\Program Files\Common Files\AV
2015-12-01 20:37 - 2015-12-01 20:37 - 00292976 _____ C:\WINDOWS\Minidump\120115-23468-01.dmp
2015-12-01 15:44 - 2015-12-01 15:44 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2015-12-01 15:29 - 2015-12-01 15:29 - 00296856 _____ C:\WINDOWS\Minidump\120115-29140-01.dmp
2015-12-01 15:28 - 2015-12-02 13:49 - 563044145 _____ C:\WINDOWS\MEMORY.DMP
2015-12-01 11:06 - 2015-12-01 11:08 - 00001256 _____ C:\Users\Ulla & Christian\Desktop\FRST64.lnk
2015-12-01 00:11 - 2015-12-01 00:11 - 00000000 _____ C:\Users\Ulla & Christian\defogger_reenable
2015-12-01 00:10 - 2015-12-01 00:10 - 00050477 _____ C:\Users\Ulla & Christian\Downloads\Defogger.exe
2015-11-30 23:21 - 2015-12-04 20:45 - 00192216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2015-11-30 23:21 - 2015-12-04 20:26 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2015-11-30 23:21 - 2015-12-04 19:57 - 00000000 ____D C:\ProgramData\Malwarebytes
2015-11-30 23:19 - 2015-11-30 23:19 - 00000000 ____D C:\Malwarebytes
2015-11-30 23:19 - 2015-10-05 09:50 - 00109272 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2015-11-30 23:18 - 2015-11-30 23:18 - 16563352 _____ (Malwarebytes Corp.) C:\Users\Ulla & Christian\Downloads\mbar-1.09.3.1001.exe
2015-11-30 23:06 - 2015-12-01 11:11 - 00059415 _____ C:\Users\Ulla & Christian\Downloads\Addition.txt
2015-11-30 23:05 - 2015-12-04 21:04 - 00022888 _____ C:\Users\Ulla & Christian\Downloads\FRST.txt
2015-11-30 23:05 - 2015-12-04 21:04 - 00000000 ____D C:\FRST
2015-11-30 23:04 - 2015-11-30 23:04 - 02350080 _____ (Farbar) C:\Users\Ulla & Christian\Downloads\FRST64(1).exe
2015-11-30 23:02 - 2015-11-30 23:02 - 02350080 _____ (Farbar) C:\Users\Ulla & Christian\Downloads\FRST64.exe
2015-11-30 13:54 - 2015-11-30 13:56 - 00000050 _____ C:\Users\Ulla & Christian\AppData\Roaming\AVSDVDPlayer.m3u
2015-11-30 13:54 - 2015-11-30 13:55 - 00000000 ___HD C:\$WINDOWS.~BT
2015-11-29 22:45 - 2015-11-29 22:45 - 00024261 _____ C:\Users\Ulla & Christian\Downloads\RX_151129_Bestellbestaetigung_VID3_2245.pdf
2015-11-29 21:46 - 2015-11-29 21:46 - 00006921 _____ C:\WINDOWS\Tasks\how_recover+yer.html
2015-11-29 21:46 - 2015-11-29 21:46 - 00002401 _____ C:\WINDOWS\Tasks\how_recover+yer.txt
2015-11-29 21:45 - 2015-11-29 21:45 - 00006921 _____ C:\Users\Ulla & Christian\how_recover+yer.html
2015-11-29 21:45 - 2015-11-29 21:45 - 00002401 _____ C:\Users\Ulla & Christian\how_recover+yer.txt
2015-11-29 21:33 - 2015-11-29 21:34 - 00006921 _____ C:\Users\Ulla & Christian\Documents\how_recover+yer.html
2015-11-29 21:33 - 2015-11-29 21:34 - 00002401 _____ C:\Users\Ulla & Christian\Documents\how_recover+yer.txt
2015-11-29 21:33 - 2015-11-29 21:33 - 00006921 _____ C:\Users\Ulla & Christian\Downloads\how_recover+yer.html
2015-11-29 21:33 - 2015-11-29 21:33 - 00002401 _____ C:\Users\Ulla & Christian\Downloads\how_recover+yer.txt
2015-11-29 21:26 - 2015-11-29 21:26 - 00006921 _____ C:\Users\Ulla & Christian\AppData\how_recover+yer.html
2015-11-29 21:26 - 2015-11-29 21:26 - 00002401 _____ C:\Users\Ulla & Christian\AppData\how_recover+yer.txt
2015-11-29 21:25 - 2015-11-29 21:45 - 00006921 _____ C:\Users\Ulla & Christian\AppData\Roaming\Microsoft\Windows\Start Menu\how_recover+yer.html
2015-11-29 21:25 - 2015-11-29 21:45 - 00002401 _____ C:\Users\Ulla & Christian\AppData\Roaming\Microsoft\Windows\Start Menu\how_recover+yer.txt
2015-11-29 21:25 - 2015-11-29 21:25 - 00006921 _____ C:\Users\Ulla & Christian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\how_recover+yer.html
2015-11-29 21:25 - 2015-11-29 21:25 - 00006921 _____ C:\Users\Ulla & Christian\AppData\LocalLow\how_recover+yer.html
2015-11-29 21:25 - 2015-11-29 21:25 - 00002401 _____ C:\Users\Ulla & Christian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\how_recover+yer.txt
2015-11-29 21:25 - 2015-11-29 21:25 - 00002401 _____ C:\Users\Ulla & Christian\AppData\LocalLow\how_recover+yer.txt
2015-11-29 21:23 - 2015-11-29 21:34 - 00006921 _____ C:\Users\Ulla & Christian\AppData\Local\how_recover+yer.html
2015-11-29 21:23 - 2015-11-29 21:34 - 00002401 _____ C:\Users\Ulla & Christian\AppData\Local\how_recover+yer.txt
2015-11-29 21:23 - 2015-11-29 21:26 - 00006921 _____ C:\Users\Ulla & Christian\AppData\Roaming\how_recover+yer.html
2015-11-29 21:23 - 2015-11-29 21:26 - 00002401 _____ C:\Users\Ulla & Christian\AppData\Roaming\how_recover+yer.txt
2015-11-29 21:23 - 2015-11-29 21:23 - 00006921 _____ C:\Users\Ulla & Christian\AppData\Local\Apps\how_recover+yer.html
2015-11-29 21:23 - 2015-11-29 21:23 - 00006921 _____ C:\Users\Public\how_recover+yer.html
2015-11-29 21:23 - 2015-11-29 21:23 - 00006921 _____ C:\Users\Public\Downloads\how_recover+yer.html
2015-11-29 21:23 - 2015-11-29 21:23 - 00002401 _____ C:\Users\Ulla & Christian\AppData\Local\Apps\how_recover+yer.txt
2015-11-29 21:23 - 2015-11-29 21:23 - 00002401 _____ C:\Users\Public\how_recover+yer.txt
2015-11-29 21:23 - 2015-11-29 21:23 - 00002401 _____ C:\Users\Public\Downloads\how_recover+yer.txt
2015-11-29 21:21 - 2015-11-29 21:23 - 00006921 _____ C:\Users\Public\Documents\how_recover+yer.html
2015-11-29 21:21 - 2015-11-29 21:23 - 00006921 _____ C:\ProgramData\how_recover+yer.html
2015-11-29 21:21 - 2015-11-29 21:23 - 00002401 _____ C:\Users\Public\Documents\how_recover+yer.txt
2015-11-29 21:21 - 2015-11-29 21:23 - 00002401 _____ C:\ProgramData\how_recover+yer.txt
2015-11-29 21:19 - 2015-11-29 21:19 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
2015-11-29 21:19 - 2015-11-29 21:19 - 00000000 ____D C:\Program Files (x86)\7-Zip
2015-11-29 21:18 - 2015-11-29 21:18 - 01466656 _____ C:\Users\Ulla & Christian\Downloads\7 Zip 32 Bit - CHIP-Installer.exe
2015-11-29 21:16 - 2015-11-29 21:26 - 00000670 _____ C:\Users\Ulla & Christian\Documents\recover_file_jkvrflnqu.txt.vvv
2015-11-28 23:24 - 2015-11-28 23:24 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Live Add-in
2015-11-28 23:22 - 2015-10-22 18:43 - 00007168 _____ (Microsoft Corporation) C:\WINDOWS\system32\kbdgeoqw.dll
2015-11-28 23:22 - 2015-10-22 18:43 - 00007168 _____ (Microsoft Corporation) C:\WINDOWS\system32\KBDAZST.DLL
2015-11-28 23:22 - 2015-10-22 18:43 - 00007168 _____ (Microsoft Corporation) C:\WINDOWS\system32\KBDAZEL.DLL
2015-11-28 23:22 - 2015-10-22 18:43 - 00007168 _____ (Microsoft Corporation) C:\WINDOWS\system32\KBDAZE.DLL
2015-11-28 23:22 - 2015-10-22 17:59 - 00007168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kbdgeoqw.dll
2015-11-28 23:22 - 2015-10-22 17:59 - 00007168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KBDAZST.DLL
2015-11-28 23:22 - 2015-10-22 17:59 - 00007168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KBDAZEL.DLL
2015-11-28 23:22 - 2015-10-22 17:59 - 00007168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KBDAZE.DLL
2015-11-28 23:22 - 2015-10-22 17:21 - 01200128 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Globalization.dll
2015-11-28 23:22 - 2015-10-22 17:21 - 00323072 _____ (Microsoft Corporation) C:\WINDOWS\system32\GlobCollationHost.dll
2015-11-28 23:22 - 2015-10-22 16:58 - 00868864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Globalization.dll
2015-11-28 23:22 - 2015-10-22 16:58 - 00200704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GlobCollationHost.dll
2015-11-28 23:22 - 2015-10-22 15:08 - 00513456 _____ C:\WINDOWS\SysWOW64\locale.nls
2015-11-28 23:22 - 2015-10-22 15:08 - 00513456 _____ C:\WINDOWS\system32\locale.nls
2015-11-28 23:22 - 2015-01-06 04:01 - 00072192 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ndproxy.sys
2015-11-28 23:22 - 2015-01-06 03:59 - 00080896 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wanarp.sys
2015-11-28 23:22 - 2015-01-06 02:12 - 00185856 _____ (Microsoft Corporation) C:\WINDOWS\system32\rascfg.dll
2015-11-28 23:22 - 2015-01-06 02:02 - 00164864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rascfg.dll
2015-11-28 23:21 - 2015-10-11 07:34 - 00468824 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBHUB3.SYS
2015-11-28 23:21 - 2015-10-11 07:34 - 00462168 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbhub.sys
2015-11-28 23:21 - 2015-10-11 07:34 - 00443224 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbport.sys
2015-11-28 23:21 - 2015-10-11 07:34 - 00092504 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbehci.sys
2015-11-28 23:21 - 2015-10-11 07:34 - 00027992 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbd.sys
2015-11-28 23:21 - 2015-10-10 19:41 - 00037376 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbuhci.sys
2015-11-28 23:21 - 2015-10-10 19:41 - 00030208 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbohci.sys
2015-11-28 23:21 - 2015-10-10 19:40 - 00078848 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\winusb.sys
2015-11-28 23:21 - 2015-10-10 18:20 - 00186880 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpapisrv.dll
2015-11-28 23:21 - 2015-10-08 17:11 - 00060928 _____ (Microsoft Corporation) C:\WINDOWS\system32\PCPKsp.dll
2015-11-28 23:21 - 2015-10-08 16:50 - 00053248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PCPKsp.dll
2015-11-28 23:21 - 2015-10-05 19:28 - 00146432 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininit.exe
2015-11-28 23:21 - 2015-10-05 19:25 - 00572928 _____ (Microsoft Corporation) C:\WINDOWS\system32\winlogon.exe
2015-11-28 23:21 - 2015-10-03 20:41 - 01385280 _____ (Microsoft Corporation) C:\WINDOWS\system32\msctf.dll
2015-11-28 23:21 - 2015-10-03 20:41 - 01124384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msctf.dll
2015-11-28 23:21 - 2015-09-28 19:31 - 02775552 _____ (Microsoft Corporation) C:\WINDOWS\system32\authui.dll
2015-11-28 23:21 - 2015-09-28 19:24 - 02462720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\authui.dll
2015-11-28 23:21 - 2015-05-01 02:13 - 06521800 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppsvc.exe
2015-11-28 23:21 - 2015-05-01 02:13 - 01488000 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppobjs.dll
2015-11-28 23:21 - 2015-05-01 02:13 - 00261376 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppwinob.dll
2015-11-28 22:23 - 2015-11-28 22:23 - 14108096 _____ (Citrix Systems, Inc.) C:\Users\Ulla & Christian\Downloads\CitrixOnlinePluginWeb(3).exe
2015-11-25 23:20 - 2015-11-25 23:23 - 88173384 _____ (Buhl Data Service GmbH) C:\Users\Ulla & Christian\Downloads\WISOFinanz2016.exe
2015-11-23 07:26 - 2015-11-29 21:25 - 00000000 ____D C:\Users\Ulla & Christian\AppData\Roaming\DataDesign
2015-11-22 17:53 - 2015-11-22 17:54 - 14108096 _____ (Citrix Systems, Inc.) C:\Users\Ulla & Christian\Downloads\CitrixOnlinePluginWeb(2).exe
2015-11-18 20:20 - 2015-11-18 20:20 - 00000000 ____D C:\Users\Jan\AppData\Roaming\HpUpdate
2015-11-15 17:06 - 2015-11-15 17:06 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus
2015-11-15 17:06 - 2015-11-15 17:06 - 00000000 ____D C:\Program Files\McAfee Security Scan
2015-11-10 19:37 - 2015-10-31 00:46 - 25818624 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2015-11-10 19:37 - 2015-10-31 00:25 - 02886656 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2015-11-10 19:37 - 2015-10-31 00:24 - 00585728 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2015-11-10 19:37 - 2015-10-31 00:11 - 05990912 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2015-11-10 19:37 - 2015-10-31 00:11 - 00817664 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2015-11-10 19:37 - 2015-10-30 23:52 - 20331520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2015-11-10 19:37 - 2015-10-30 23:47 - 00504832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2015-11-10 19:37 - 2015-10-30 23:42 - 02279936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2015-11-10 19:37 - 2015-10-30 23:39 - 01032704 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll
2015-11-10 19:37 - 2015-10-30 23:36 - 00663552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2015-11-10 19:37 - 2015-10-30 23:32 - 00720896 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2015-11-10 19:37 - 2015-10-30 23:31 - 00801280 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2015-11-10 19:37 - 2015-10-30 23:22 - 14457856 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2015-11-10 19:37 - 2015-10-30 23:17 - 02487808 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2015-11-10 19:37 - 2015-10-30 23:16 - 04527616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2015-11-10 19:37 - 2015-10-30 23:14 - 00880128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll
2015-11-10 19:37 - 2015-10-30 23:10 - 00689152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2015-11-10 19:37 - 2015-10-30 23:09 - 12854272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2015-11-10 19:37 - 2015-10-30 23:04 - 01547264 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2015-11-10 19:37 - 2015-10-30 22:53 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2015-11-10 19:37 - 2015-10-30 22:51 - 02011136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2015-11-10 19:37 - 2015-10-30 22:48 - 01311744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2015-11-10 19:37 - 2015-10-30 22:46 - 00710144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2015-11-10 19:35 - 2015-10-20 22:54 - 00136904 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
2015-11-10 19:35 - 2015-10-20 15:53 - 03705856 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2015-11-10 19:35 - 2015-10-20 15:36 - 02243072 _____ (Microsoft Corporation) C:\WINDOWS\system32\wucltux.dll
2015-11-10 19:35 - 2015-10-20 15:35 - 00891904 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2015-11-10 19:35 - 2015-10-20 15:34 - 00409088 _____ (Microsoft Corporation) C:\WINDOWS\system32\WUSettingsProvider.dll
2015-11-10 19:35 - 2015-10-20 15:34 - 00140288 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuwebv.dll
2015-11-10 19:35 - 2015-10-20 15:34 - 00035840 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapp.exe
2015-11-10 19:35 - 2015-10-20 15:33 - 00095744 _____ (Microsoft Corporation) C:\WINDOWS\system32\wudriver.dll
2015-11-10 19:35 - 2015-10-20 15:14 - 00721920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
2015-11-10 19:35 - 2015-10-20 15:13 - 00124928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuwebv.dll
2015-11-10 19:35 - 2015-10-20 15:13 - 00081920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wudriver.dll
2015-11-10 19:35 - 2015-10-20 15:13 - 00029696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapp.exe
2015-11-10 19:35 - 2015-10-15 17:08 - 00990208 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
2015-11-10 19:35 - 2015-10-15 16:46 - 00803328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll
2015-11-10 19:35 - 2015-10-15 00:02 - 07455064 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2015-11-10 19:35 - 2015-10-15 00:02 - 01659560 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2015-11-10 19:35 - 2015-10-15 00:02 - 01519592 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2015-11-10 19:35 - 2015-10-15 00:02 - 01487008 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2015-11-10 19:35 - 2015-10-15 00:02 - 01355848 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
2015-11-10 19:35 - 2015-10-13 18:10 - 00559616 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\afd.sys
2015-11-10 19:35 - 2015-10-13 18:10 - 00108032 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tdx.sys
2015-11-10 19:35 - 2015-10-13 16:59 - 00397224 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcryptprimitives.dll
2015-11-10 19:35 - 2015-10-13 16:59 - 00340872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\bcryptprimitives.dll
2015-11-10 19:35 - 2015-10-13 16:59 - 00137960 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncrypt.dll
2015-11-10 19:35 - 2015-10-13 16:59 - 00120376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ncrypt.dll
2015-11-10 19:35 - 2015-10-13 16:59 - 00106952 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncryptsslp.dll
2015-11-10 19:35 - 2015-10-13 16:59 - 00091416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ncryptsslp.dll
2015-11-10 19:35 - 2015-10-11 07:36 - 00561952 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2015-11-10 19:35 - 2015-10-11 07:36 - 00177496 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecpkg.sys
2015-11-10 19:35 - 2015-10-10 19:40 - 00202240 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb20.sys
2015-11-10 19:35 - 2015-10-10 19:39 - 00401408 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb.sys
2015-11-10 19:35 - 2015-10-10 19:07 - 00445440 _____ (Microsoft Corporation) C:\WINDOWS\system32\certcli.dll
2015-11-10 19:35 - 2015-10-10 18:33 - 01441280 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2015-11-10 19:35 - 2015-10-10 18:27 - 00432640 _____ (Microsoft Corporation) C:\WINDOWS\system32\schannel.dll
2015-11-10 19:35 - 2015-10-10 18:11 - 00324096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\certcli.dll
2015-11-10 19:35 - 2015-10-10 17:45 - 00359424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\schannel.dll
2015-11-10 19:35 - 2015-09-29 13:24 - 00155480 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tpm.sys
2015-11-10 19:35 - 2015-09-12 14:47 - 00414559 _____ C:\WINDOWS\system32\ApnDatabase.xml
2015-11-10 19:35 - 2015-09-07 17:22 - 00477184 _____ (Microsoft Corporation) C:\WINDOWS\system32\puiobj.dll
2015-11-10 19:35 - 2015-09-07 16:54 - 00367104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\puiobj.dll
2015-11-10 19:35 - 2015-09-07 16:30 - 01091584 _____ (Microsoft Corporation) C:\WINDOWS\system32\localspl.dll
2015-11-10 19:35 - 2015-09-04 20:24 - 00154112 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tunnel.sys
2015-11-10 19:35 - 2015-08-28 23:20 - 00183368 _____ (Microsoft Corporation) C:\WINDOWS\system32\AuthHost.exe
2015-11-10 19:35 - 2015-08-20 21:45 - 01380048 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32.dll
2015-11-10 19:35 - 2015-08-20 18:48 - 01096704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32.dll
2015-11-10 19:30 - 2015-10-17 15:19 - 04176384 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2015-11-10 19:30 - 2015-10-08 17:08 - 01083904 _____ (Microsoft Corporation) C:\WINDOWS\system32\IKEEXT.DLL
2015-11-10 19:30 - 2015-08-10 19:15 - 00845312 _____ (Microsoft Corporation) C:\WINDOWS\system32\BFE.DLL
2015-11-10 19:30 - 2015-08-10 19:06 - 00422400 _____ (Microsoft Corporation) C:\WINDOWS\system32\FWPUCLNT.DLL
2015-11-10 19:30 - 2015-08-10 18:49 - 00713216 _____ (Microsoft Corporation) C:\WINDOWS\system32\nshwfp.dll
2015-11-10 19:30 - 2015-08-10 17:56 - 00272384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\FWPUCLNT.DLL
2015-11-10 19:30 - 2015-08-10 17:46 - 00561664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\nshwfp.dll
2015-11-07 18:17 - 2015-11-07 18:17 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\World of Warships
2015-11-07 18:14 - 2015-11-07 18:14 - 07369576 _____ (Wargaming.net ) C:\Users\Ulla & Christian\Downloads\WoWS_internet_install_eu.exe
2015-11-07 15:58 - 2015-11-07 22:39 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2015-11-06 12:48 - 2015-11-06 12:49 - 14108096 _____ (Citrix Systems, Inc.) C:\Users\Ulla & Christian\Downloads\CitrixOnlinePluginWeb(1).exe
==================== Ein Monat: Geänderte Dateien und Ordner ========
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)
2015-12-04 20:59 - 2013-09-12 20:04 - 00000884 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2015-12-04 20:57 - 2013-06-16 20:58 - 00003596 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3876800203-89553269-3656360523-1001
2015-12-04 20:52 - 2013-08-22 14:36 - 00000000 ____D C:\Windows
2015-12-04 20:45 - 2014-09-24 07:17 - 01989598 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2015-12-04 20:45 - 2014-09-24 06:43 - 00844836 _____ C:\WINDOWS\system32\perfh007.dat
2015-12-04 20:45 - 2014-09-24 06:43 - 00192568 _____ C:\WINDOWS\system32\perfc007.dat
2015-12-04 20:45 - 2013-08-22 14:36 - 00000000 ____D C:\WINDOWS\Inf
2015-12-04 20:38 - 2014-11-27 07:21 - 00000000 ____D C:\ProgramData\NVIDIA
2015-12-04 20:38 - 2013-08-22 15:45 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2015-12-04 20:36 - 2014-11-17 00:01 - 00000000 ____D C:\Users\Ulla & Christian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WorldofTanks
2015-12-04 20:25 - 2013-08-22 16:36 - 00000000 ____D C:\WINDOWS\Camera
2015-12-02 17:25 - 2014-11-27 07:27 - 00000000 ____D C:\Users\Ulla & Christian
2015-12-02 17:19 - 2013-06-17 21:54 - 00000000 ____D C:\Users\Ulla & Christian\AppData\Roaming\MediaMonkey
2015-12-02 13:49 - 2015-03-08 14:44 - 00000000 ____D C:\WINDOWS\Minidump
2015-12-01 21:12 - 2014-11-27 07:27 - 00000000 ____D C:\Users\Jan
2015-12-01 20:42 - 2014-11-17 00:04 - 00000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2
2015-12-01 15:44 - 2015-05-07 21:02 - 00002274 _____ C:\Users\Public\Desktop\Avira Antivirus.lnk
2015-12-01 15:43 - 2013-06-23 17:57 - 00146696 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avipbb.sys
2015-12-01 15:43 - 2013-06-23 17:57 - 00135880 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avgntflt.sys
2015-12-01 15:43 - 2013-06-23 17:57 - 00073032 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avnetflt.sys
2015-12-01 15:43 - 2013-06-23 17:57 - 00035488 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avkmgr.sys
2015-11-30 23:45 - 2013-08-22 16:36 - 00000000 ____D C:\WINDOWS\ADFS
2015-11-30 23:45 - 2013-08-22 15:44 - 00505968 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2015-11-30 23:44 - 2013-08-22 14:25 - 00262144 ___SH C:\WINDOWS\system32\config\BBI
2015-11-30 13:55 - 2014-11-27 07:18 - 00000000 ___DC C:\WINDOWS\Panther
2015-11-29 21:46 - 2013-08-22 16:36 - 00000000 ____D C:\WINDOWS\tracing
2015-11-29 21:46 - 2013-08-22 16:36 - 00000000 ____D C:\WINDOWS\SysWOW64\FxsTmp
2015-11-29 21:45 - 2014-08-31 18:37 - 00000000 ___RD C:\Users\Ulla & Christian\SkyDrive
2015-11-29 21:45 - 2013-06-16 20:51 - 00000000 ____D C:\Users\Ulla & Christian\AppData\Local\VirtualStore
2015-11-29 21:34 - 2015-09-03 14:21 - 00000000 ____D C:\Users\Ulla & Christian\Neuer Ordner (2)
2015-11-29 21:34 - 2015-04-04 14:47 - 00000000 ____D C:\Users\Ulla & Christian\Neuer Ordner
2015-11-29 21:34 - 2013-10-05 10:52 - 00000000 ___RD C:\Users\Ulla & Christian\Dropbox
2015-11-29 21:34 - 2013-06-25 13:22 - 00000000 ____D C:\Users\Ulla & Christian\Mozilla Thunderbird
2015-11-29 21:33 - 2015-11-01 22:19 - 00392270 _____ C:\Users\Ulla & Christian\Downloads\10984200_908781199162434_4585968420000991718_o.jpg.vvv
2015-11-29 21:33 - 2015-10-28 22:39 - 00113870 _____ C:\Users\Ulla & Christian\Downloads\ZIAUFEIN_gquatybzpgcfmcaexqtkhxyk6abcs.pdf.vvv
2015-11-29 21:33 - 2015-10-28 22:31 - 00020558 _____ C:\Users\Ulla & Christian\Downloads\_14576829_KuendigungsbestaetigungneuerLieferant_20151027_408d6e5b9a03c91b25785313609ad7d0.pdf.vvv
2015-11-29 21:33 - 2015-10-28 22:24 - 00021150 _____ C:\Users\Ulla & Christian\Downloads\_122679474_KuendigungsbestaetigungneuerLieferant_20151027_16f7742108956c86b068dca1a61d62c6.pdf.vvv
2015-11-29 21:33 - 2015-10-28 22:20 - 00566430 _____ C:\Users\Ulla & Christian\Downloads\005056881A0F1EE59F995BDDE2AF0EF0.pdf.vvv
2015-11-29 21:33 - 2015-10-25 12:55 - 01781646 _____ C:\Users\Ulla & Christian\Downloads\Ahnenblatt-Handbuch.pdf.vvv
2015-11-29 21:33 - 2015-09-28 21:21 - 00451534 _____ C:\Users\Ulla & Christian\Downloads\320.pdf.vvv
2015-11-29 21:33 - 2015-09-20 20:07 - 00313454 _____ C:\Users\Ulla & Christian\Downloads\_14576829_Preisinformation_20150908_005df263fe16be59a1e07e1fd8a76672.pdf.vvv
2015-11-29 21:33 - 2015-09-13 12:54 - 00122526 _____ C:\Users\Ulla & Christian\Downloads\2390_499_1.PDF.vvv
2015-11-29 21:33 - 2015-09-13 12:32 - 00114462 _____ C:\Users\Ulla & Christian\Downloads\2390_493_1.PDF.vvv
2015-11-29 21:33 - 2015-08-15 23:11 - 00000000 ____D C:\Users\Ulla & Christian\Downloads\Lacey
2015-11-29 21:33 - 2015-08-15 22:19 - 09891454 _____ C:\Users\Ulla & Christian\Downloads\freemusicdownloader_1-59.zip.vvv
2015-11-29 21:33 - 2015-05-17 20:41 - 00030910 _____ C:\Users\Ulla & Christian\Downloads\RS9823838721(1).pdf.vvv
2015-11-29 21:33 - 2015-05-17 20:38 - 00030910 _____ C:\Users\Ulla & Christian\Downloads\RS9823838721.pdf.vvv
2015-11-29 21:33 - 2015-04-11 15:42 - 00178222 _____ C:\Users\Ulla & Christian\Downloads\rlmpdf.pdf.vvv
2015-11-29 21:33 - 2015-03-06 20:40 - 00984990 _____ C:\Users\Ulla & Christian\Downloads\Bedarfsfeldbroschuere_Vermoegen_anlegen_VR.pdf.vvv
2015-11-29 21:33 - 2015-01-09 23:24 - 01414318 _____ C:\Users\Ulla & Christian\Downloads\Syno_QIG_2bay2_deu.pdf.vvv
2015-11-29 21:33 - 2014-12-26 20:27 - 30247390 _____ C:\Users\Ulla & Christian\Downloads\TL-WN851ND_V1_110114.zip.vvv
2015-11-29 21:33 - 2014-12-26 20:27 - 11537854 _____ C:\Users\Ulla & Christian\Downloads\TL-WN851ND_V1_Utility99.zip.vvv
2015-11-29 21:33 - 2014-12-26 20:26 - 21632238 _____ C:\Users\Ulla & Christian\Downloads\TL-WN851ND_v1_110825.zip.vvv
2015-11-29 21:33 - 2014-12-21 14:12 - 00027790 _____ C:\Users\Ulla & Christian\Downloads\RX_141221_Bestellbestaetigung_VID616_1412.pdf.vvv
2015-11-29 21:33 - 2014-11-23 21:39 - 00039278 _____ C:\Users\Ulla & Christian\Downloads\_14576829_Lieferbestaetigung_20141121_df4db33247be1b6428d8ec0eb7955911.pdf.vvv
2015-11-29 21:33 - 2014-10-25 22:41 - 00000000 ____D C:\Users\Ulla & Christian\Downloads\Gameforge Live
2015-11-29 21:33 - 2014-08-03 12:06 - 00225342 _____ C:\Users\Ulla & Christian\Downloads\testresultate_farbspruehgeraete.pdf.vvv
2015-11-29 21:33 - 2014-07-28 19:47 - 00916606 _____ C:\Users\Ulla & Christian\Downloads\flexibrass.pdf.vvv
2015-11-29 21:33 - 2014-05-27 19:08 - 00342942 _____ C:\Users\Ulla & Christian\Downloads\IMM1294E.PDF.vvv
2015-11-29 21:33 - 2014-05-27 18:54 - 01053998 _____ C:\Users\Ulla & Christian\Downloads\custodian-parent(1).pdf.vvv
2015-11-29 21:33 - 2014-05-10 14:46 - 00239358 _____ C:\Users\Ulla & Christian\Downloads\document.pdf.vvv
2015-11-29 21:33 - 2014-05-04 12:08 - 01053998 _____ C:\Users\Ulla & Christian\Downloads\custodian-parent.pdf.vvv
2015-11-29 21:33 - 2014-02-13 22:20 - 00078174 _____ C:\Users\Ulla & Christian\Downloads\identificationAstIdent.PDF.vvv
2015-11-29 21:33 - 2013-12-21 20:55 - 00001150 _____ C:\Users\Ulla & Christian\Downloads\umsatz-5232________0800-20131221.csv.vvv
2015-11-29 21:33 - 2013-12-01 19:02 - 00000000 ____D C:\Users\Ulla & Christian\Documents\SelfMV
2015-11-29 21:33 - 2013-10-05 20:18 - 00000000 ____D C:\Users\Ulla & Christian\Documents\Turbo Lister
2015-11-29 21:33 - 2013-07-25 15:22 - 00000000 ___RD C:\Users\Ulla & Christian\Documents\Scanned Documents
2015-11-29 21:33 - 2013-07-12 21:07 - 00509358 _____ C:\Users\Ulla & Christian\Downloads\15875_1373659579.pdf.vvv
2015-11-29 21:33 - 2013-07-12 21:05 - 00103934 _____ C:\Users\Ulla & Christian\Downloads\versicherungsbedingungen_indiv_praktikum.pdf.vvv
2015-11-29 21:33 - 2013-07-03 22:32 - 00000000 ____D C:\Users\Ulla & Christian\Documents\Volition
2015-11-29 21:33 - 2013-06-30 13:26 - 00000000 ____D C:\Users\Ulla & Christian\Documents\Turbo Lister Backup
2015-11-29 21:33 - 2013-06-23 12:08 - 00000000 ____D C:\Users\Ulla & Christian\Documents\WISO Mein Geld
2015-11-29 21:33 - 2013-06-17 21:43 - 00000000 ____D C:\Users\Ulla & Christian\Documents\samsung
2015-11-29 21:26 - 2014-08-17 16:22 - 00000000 ____D C:\Users\Ulla & Christian\AppData\Roaming\Skype
2015-11-29 21:26 - 2013-09-25 20:16 - 00000000 ____D C:\Users\Ulla & Christian\Documents\My Games
2015-11-29 21:26 - 2013-07-25 15:22 - 00000000 ____D C:\Users\Ulla & Christian\Documents\Fax
2015-11-29 21:26 - 2013-07-25 12:37 - 00000000 ____D C:\Users\Ulla & Christian\Documents\Amazon MP3
2015-11-29 21:26 - 2013-07-05 20:19 - 00000000 ____D C:\Users\Ulla & Christian\AppData\Roaming\vlc
2015-11-29 21:26 - 2013-07-05 20:11 - 00000000 ____D C:\Users\Ulla & Christian\AppData\Roaming\WebApp
2015-11-29 21:26 - 2013-07-05 20:06 - 00000000 ____D C:\Users\Ulla & Christian\Documents\CyberLink
2015-11-29 21:26 - 2013-07-02 22:05 - 00000000 ____D C:\Users\Ulla & Christian\Documents\default
2015-11-29 21:26 - 2013-06-23 21:54 - 00000000 ____D C:\Users\Ulla & Christian\AppData\Roaming\Thunderbird
2015-11-29 21:26 - 2013-06-22 08:01 - 00000000 ____D C:\Users\Ulla & Christian\AppData\Roaming\Wargaming.net
2015-11-29 21:26 - 2013-06-21 22:14 - 00000000 ____D C:\Users\Ulla & Christian\Bilder
2015-11-29 21:26 - 2013-06-18 01:05 - 00000000 ____D C:\Users\Ulla & Christian\AppData\Roaming\WinBatch
2015-11-29 21:26 - 2013-06-17 13:03 - 00000000 ____D C:\Users\Ulla & Christian\Documents\Ahnenblatt
2015-11-29 21:26 - 2013-06-16 20:50 - 00000000 ___HD C:\Users\Ulla & Christian\Documents\hp.system.package.metadata
2015-11-29 21:26 - 2013-06-16 20:50 - 00000000 ___HD C:\Users\Ulla & Christian\Documents\hp.applications.package.appdata
2015-11-29 21:25 - 2015-11-03 13:41 - 00000000 ____D C:\Users\Ulla & Christian\AppData\Roaming\MyPhoneExplorer
2015-11-29 21:25 - 2015-10-25 13:02 - 00000000 ____D C:\Users\Ulla & Christian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Ahnenblatt
2015-11-29 21:25 - 2015-05-17 15:43 - 00000000 ____D C:\Users\Ulla & Christian\AppData\LocalLow\Hewlett-Packard
2015-11-29 21:25 - 2015-05-17 15:42 - 00000000 ____D C:\Users\Ulla & Christian\AppData\Roaming\HpUpdate
2015-11-29 21:25 - 2014-12-25 23:08 - 00000000 ____D C:\Users\Ulla & Christian\AppData\Roaming\java
2015-11-29 21:25 - 2014-12-25 23:08 - 00000000 ____D C:\Users\Ulla & Christian\AppData\Roaming\.minecraft
2015-11-29 21:25 - 2014-12-24 22:48 - 00000000 __SHD C:\Users\Ulla & Christian\AppData\LocalLow\EmieSiteList
2015-11-29 21:25 - 2014-12-13 11:06 - 00000000 ____D C:\Users\Ulla & Christian\AppData\Roaming\hpqLog
2015-11-29 21:25 - 2014-11-17 00:03 - 00000000 ____D C:\Users\Ulla & Christian\AppData\Roaming\Opera Software
2015-11-29 21:25 - 2014-09-24 19:55 - 00000000 ____D C:\Users\Ulla & Christian\AppData\LocalLow\Temp
2015-11-29 21:25 - 2014-08-17 16:22 - 00000000 ____D C:\Users\Ulla & Christian\AppData\Local\Skype
2015-11-29 21:25 - 2014-02-02 11:21 - 00000000 ____D C:\Users\Ulla & Christian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google+ Auto Backup
2015-11-29 21:25 - 2013-12-22 18:24 - 00000000 ____D C:\Users\Ulla & Christian\AppData\LocalLow\Sun
2015-11-29 21:25 - 2013-10-05 20:51 - 00000000 ____D C:\Users\Ulla & Christian\AppData\Roaming\ArcSoft
2015-11-29 21:25 - 2013-10-05 10:49 - 00000000 ____D C:\Users\Ulla & Christian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2015-11-29 21:25 - 2013-10-05 10:48 - 00000000 ____D C:\Users\Ulla & Christian\AppData\Roaming\Dropbox
2015-11-29 21:25 - 2013-09-25 20:16 - 00000000 ____D C:\Users\Ulla & Christian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WarThunder
2015-11-29 21:25 - 2013-09-25 20:16 - 00000000 ____D C:\Users\Ulla & Christian\AppData\Local\WarThunder
2015-11-29 21:25 - 2013-09-01 20:00 - 00000000 ____D C:\Users\Ulla & Christian\AppData\Roaming\Leadertech
2015-11-29 21:25 - 2013-08-27 20:03 - 00000000 ____D C:\Users\Ulla & Christian\AppData\Roaming\ICAClient
2015-11-29 21:25 - 2013-08-26 19:55 - 00000000 ____D C:\Users\Ulla & Christian\AppData\Local\Sophos
2015-11-29 21:25 - 2013-08-26 19:50 - 00000000 ____D C:\Users\Ulla & Christian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Sophos
2015-11-29 21:25 - 2013-08-09 18:00 - 00000000 ____D C:\Users\Ulla & Christian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\GameShadow
2015-11-29 21:25 - 2013-08-07 20:57 - 00000000 __RHD C:\Users\Ulla & Christian\AppData\Roaming\SecuROM
2015-11-29 21:25 - 2013-07-25 12:37 - 00000000 ____D C:\Users\Ulla & Christian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Amazon
2015-11-29 21:25 - 2013-07-25 12:37 - 00000000 ____D C:\Users\Ulla & Christian\AppData\Roaming\Amazon
2015-11-29 21:25 - 2013-07-25 12:37 - 00000000 ____D C:\Users\Ulla & Christian\AppData\Local\Program Files
2015-11-29 21:25 - 2013-07-10 21:30 - 00000000 ____D C:\Users\Ulla & Christian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\LaserSoft Imaging
2015-11-29 21:25 - 2013-07-10 21:27 - 00000000 ____D C:\Users\Ulla & Christian\AppData\Roaming\Lasersoft Imaging
2015-11-29 21:25 - 2013-07-05 20:39 - 00000000 ____D C:\Users\Ulla & Christian\AppData\Roaming\Media Player Classic
2015-11-29 21:25 - 2013-07-05 20:36 - 00000462 _____ C:\Users\Ulla & Christian\AppData\Roaming\AVSDVDPlayer.m3u.vvv
2015-11-29 21:25 - 2013-07-05 20:34 - 00000000 ____D C:\Users\Ulla & Christian\AppData\Roaming\dvdcss
2015-11-29 21:25 - 2013-07-05 20:13 - 00000000 ____D C:\Users\Ulla & Christian\AppData\Local\Windows Live
2015-11-29 21:25 - 2013-07-05 20:06 - 00000000 ____D C:\Users\Ulla & Christian\AppData\Roaming\CyberLink
2015-11-29 21:25 - 2013-07-05 19:55 - 00000000 ____D C:\Users\Ulla & Christian\AppData\Roaming\Mozilla
2015-11-29 21:25 - 2013-07-03 22:40 - 00000000 ____D C:\Users\Ulla & Christian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Wing Commander Saga
2015-11-29 21:25 - 2013-07-03 22:24 - 00000000 ____D C:\Users\Ulla & Christian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Spiele
2015-11-29 21:25 - 2013-07-02 22:15 - 00000000 ____D C:\Users\Ulla & Christian\AppData\Roaming\AVS4YOU
2015-11-29 21:25 - 2013-07-02 22:01 - 00000000 ____D C:\Users\Ulla & Christian\AppData\Roaming\Ashampoo
2015-11-29 21:25 - 2013-07-02 06:37 - 00000000 ____D C:\Users\Ulla & Christian\AppData\Roaming\Canon
2015-11-29 21:25 - 2013-07-01 22:08 - 00000000 ____D C:\Users\Ulla & Christian\AppData\LocalLow\Adobe
2015-11-29 21:25 - 2013-06-23 21:54 - 00000000 ____D C:\Users\Ulla & Christian\AppData\Local\Thunderbird
2015-11-29 21:25 - 2013-06-23 20:27 - 00000000 ____D C:\Users\Ulla & Christian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AVS4YOU
2015-11-29 21:25 - 2013-06-23 18:02 - 00000000 ____D C:\Users\Ulla & Christian\AppData\Roaming\Avira
2015-11-29 21:25 - 2013-06-23 17:55 - 00000000 ____D C:\Users\Ulla & Christian\AppData\Roaming\Canneverbe Limited
2015-11-29 21:25 - 2013-06-23 12:08 - 00000000 ____D C:\Users\Ulla & Christian\AppData\Roaming\Buhl Data Service GmbH
2015-11-29 21:25 - 2013-06-23 12:08 - 00000000 ____D C:\Users\Ulla & Christian\AppData\Roaming\Buhl Data Service
2015-11-29 21:25 - 2013-06-19 21:22 - 00000000 ____D C:\Users\Ulla & Christian\AppData\Roaming\NVIDIA
2015-11-29 21:25 - 2013-06-18 13:18 - 00000000 ____D C:\Users\Ulla & Christian\AppData\Roaming\Microsoft Web Folders
2015-11-29 21:25 - 2013-06-17 21:46 - 00000000 ____D C:\Users\Ulla & Christian\AppData\Roaming\Opera
2015-11-29 21:25 - 2013-06-17 21:43 - 00000000 ____D C:\Users\Ulla & Christian\AppData\Roaming\Samsung
2015-11-29 21:25 - 2013-06-17 21:43 - 00000000 ____D C:\Users\Ulla & Christian\AppData\Local\Samsung
2015-11-29 21:25 - 2013-06-17 13:02 - 00000000 ____D C:\Users\Ulla & Christian\AppData\Roaming\Ahnenblatt
2015-11-29 21:25 - 2013-06-16 21:38 - 00000000 ____D C:\Users\Ulla & Christian\AppData\Roaming\Macromedia
2015-11-29 21:25 - 2013-06-16 20:53 - 00000000 ____D C:\Users\Ulla & Christian\AppData\Roaming\Adobe
2015-11-29 21:25 - 2013-06-16 20:51 - 00000000 ____D C:\Users\Ulla & Christian\AppData\Roaming\Hewlett-Packard
2015-11-29 21:25 - 2013-06-16 20:51 - 00000000 ____D C:\Users\Ulla & Christian\AppData\Local\Power2Go8
2015-11-29 21:25 - 2013-06-16 20:51 - 00000000 ____D C:\Users\Ulla & Christian\AppData\Local\Packages
2015-11-29 21:24 - 2014-11-17 00:03 - 00000000 ____D C:\Users\Ulla & Christian\AppData\Local\Opera Software
2015-11-29 21:24 - 2013-06-21 20:57 - 00000000 ____D C:\Users\Ulla & Christian\AppData\Local\Microsoft Help
2015-11-29 21:24 - 2013-06-17 22:31 - 00000000 ____D C:\Users\Ulla & Christian\AppData\Local\Mozilla
2015-11-29 21:23 - 2015-11-03 13:42 - 00000000 ____D C:\Users\Ulla & Christian\.android
2015-11-29 21:23 - 2015-06-09 21:46 - 00000000 ____D C:\Users\Ulla & Christian\AppData\Local\GWX
2015-11-29 21:23 - 2015-05-17 15:43 - 00000000 ____D C:\ProgramData\Visan
2015-11-29 21:23 - 2015-01-10 22:40 - 00000000 ____D C:\ProgramData\Synology
2015-11-29 21:23 - 2014-11-27 07:20 - 00000000 ____D C:\ProgramData\NVIDIA Corporation
2015-11-29 21:23 - 2014-11-17 00:04 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
2015-11-29 21:23 - 2014-08-31 18:37 - 00000000 ____D C:\ProgramData\Microsoft OneDrive
2015-11-29 21:23 - 2014-08-17 16:22 - 00000000 ____D C:\ProgramData\Skype
2015-11-29 21:23 - 2013-12-22 18:26 - 00000000 ____D C:\ProgramData\Sun
2015-11-29 21:23 - 2013-12-22 18:26 - 00000000 ____D C:\ProgramData\Oracle
2015-11-29 21:23 - 2013-11-14 20:02 - 00000000 ____D C:\Users\Public\Documents\CrashDump
2015-11-29 21:23 - 2013-11-10 17:07 - 00000000 ____D C:\ProgramData\tmp
2015-11-29 21:23 - 2013-10-03 19:03 - 00000000 ____D C:\Users\Ulla & Christian\2013_10_03
2015-11-29 21:23 - 2013-09-25 20:16 - 00000000 ____D C:\ProgramData\WarThunder
2015-11-29 21:23 - 2013-09-25 20:13 - 00000000 ____D C:\Users\Ulla & Christian\AppData\Local\Gameforge4d
2015-11-29 21:23 - 2013-09-01 20:05 - 00000000 ____D C:\Users\Ulla & Christian\AppData\Local\Logitech® Webcam-Software
2015-11-29 21:23 - 2013-08-27 20:03 - 00000000 ____D C:\Users\Ulla & Christian\AppData\Local\Citrix
2015-11-29 21:23 - 2013-08-22 16:36 - 00000000 __RHD C:\Users\Public\Libraries
2015-11-29 21:23 - 2013-07-12 20:34 - 00000000 ____D C:\Users\Ulla & Christian\AppData\Local\Apps\2.0
2015-11-29 21:23 - 2013-07-05 20:06 - 00000000 ____D C:\Users\Public\CyberLink
2015-11-29 21:23 - 2013-07-04 20:16 - 00000000 ____D C:\Users\Ulla & Christian\AppData\Local\Logitech
2015-11-29 21:23 - 2013-07-03 22:25 - 00000000 ____D C:\Users\Ulla & Christian\AppData\Local\DFH
2015-11-29 21:23 - 2013-07-03 22:25 - 00000000 ____D C:\Users\Public\Documents\Softwrap
2015-11-29 21:23 - 2013-07-02 22:00 - 00000000 ____D C:\Users\Ulla & Christian\AppData\Local\ashampoo
2015-11-29 21:23 - 2013-07-02 06:30 - 00000000 ____D C:\Users\Ulla & Christian\AppData\Local\HP
2015-11-29 21:23 - 2013-06-30 15:28 - 00000000 ____D C:\Users\Ulla & Christian\AppData\Local\HP Quick Start
2015-11-29 21:23 - 2013-06-23 18:11 - 00000000 ____D C:\Users\Ulla & Christian\AppData\Local\ArcSoft
2015-11-29 21:23 - 2013-06-23 12:08 - 00000000 ____D C:\Users\Ulla & Christian\AppData\Local\Buhl Data Service
2015-11-29 21:23 - 2013-06-23 11:54 - 00000000 ____D C:\Users\Ulla & Christian\AppData\Local\Macromedia
2015-11-29 21:23 - 2013-06-17 22:27 - 00000000 ____D C:\ProgramData\Mozilla
2015-11-29 21:23 - 2013-06-17 21:59 - 00000000 ____D C:\Users\Ulla & Christian\AppData\Local\Google
2015-11-29 21:23 - 2013-06-17 21:54 - 00000000 ____D C:\Users\Ulla & Christian\AppData\Local\MediaMonkey
2015-11-29 21:23 - 2013-06-17 21:43 - 00000000 ____D C:\Users\Public\Documents\NativeFus_Log
2015-11-29 21:23 - 2013-06-17 21:33 - 00000000 ____D C:\ProgramData\Samsung
2015-11-29 21:23 - 2013-06-17 21:31 - 00000000 ____D C:\Users\Ulla & Christian\AppData\Local\Downloaded Installations
2015-11-29 21:23 - 2013-06-17 21:30 - 00000000 ____D C:\Users\Ulla & Christian\AppData\Local\Adobe
2015-11-29 21:23 - 2013-06-16 21:18 - 00000000 ____D C:\Users\Ulla & Christian\AppData\Local\Hewlett-Packard
2015-11-29 21:23 - 2013-06-16 20:44 - 00000000 __RHD C:\Users\Public\AccountPictures
2015-11-29 21:23 - 2013-01-12 06:38 - 00000000 ____D C:\Users\Public\Symantec
2015-11-29 21:23 - 2013-01-12 06:38 - 00000000 ____D C:\ProgramData\Norton
2015-11-29 21:23 - 2013-01-12 06:37 - 00000000 ____D C:\ProgramData\NortonInstaller
2015-11-29 21:23 - 2013-01-12 06:36 - 00000000 ____D C:\ProgramData\Microsoft SkyDrive
2015-11-29 21:23 - 2013-01-12 06:23 - 00000000 ____D C:\ProgramData\Temp
2015-11-29 21:23 - 2013-01-12 06:14 - 00000000 ____D C:\ProgramData\SoundResearch
2015-11-29 21:23 - 2012-08-10 16:06 - 00000000 ____D C:\ProgramData\PRICache
2015-11-29 21:23 - 2010-01-25 22:35 - 00000000 ___DC C:\ProgramData\Mozilla Thunderbird
2015-11-29 21:22 - 2015-05-17 15:43 - 00000000 ____D C:\ProgramData\HP Photo Creations
2015-11-29 21:22 - 2015-05-17 15:41 - 00000000 ____D C:\ProgramData\HP
2015-11-29 21:22 - 2014-12-20 16:57 - 00000000 ____D C:\ProgramData\McAfee Security Scan
2015-11-29 21:22 - 2013-11-26 07:45 - 00000000 ____D C:\ProgramData\McAfee
2015-11-29 21:22 - 2013-11-10 17:07 - 00000000 ____D C:\ProgramData\hps
2015-11-29 21:22 - 2013-09-01 21:25 - 00000000 ____D C:\ProgramData\FLEXnet
2015-11-29 21:22 - 2013-09-01 20:00 - 00000000 ____D C:\ProgramData\LogiShrd
2015-11-29 21:22 - 2013-07-03 22:32 - 00000000 ____D C:\ProgramData\InstallMate
2015-11-29 21:22 - 2013-06-23 18:07 - 00000000 ____D C:\ProgramData\eBay
2015-11-29 21:22 - 2013-06-21 22:16 - 00000000 ____D C:\ProgramData\MediaMonkey
2015-11-29 21:22 - 2013-01-12 06:25 - 00000000 ____D C:\ProgramData\install_clap
2015-11-29 21:22 - 2013-01-12 06:19 - 00000000 ____D C:\ProgramData\Hewlett-Packard
2015-11-29 21:21 - 2015-01-10 19:07 - 00000000 ___HD C:\ProgramData\CanonIJEGV
2015-11-29 21:21 - 2014-11-27 08:00 - 00000000 ____D C:\ProgramData\AmUStor
2015-11-29 21:21 - 2013-08-27 20:03 - 00000000 ____D C:\ProgramData\Citrix
2015-11-29 21:21 - 2013-07-02 22:20 - 00000000 ____D C:\ProgramData\AomeiBR
2015-11-29 21:21 - 2013-07-02 22:00 - 00000000 ____D C:\ProgramData\Ashampoo
2015-11-29 21:21 - 2013-07-02 06:37 - 00000000 ___HD C:\ProgramData\CanonIJScan
2015-11-29 21:21 - 2013-07-01 20:47 - 00000000 ____D C:\ProgramData\Adobe
2015-11-29 21:21 - 2013-06-23 20:30 - 00000000 ____D C:\ProgramData\AVS4YOU
2015-11-29 21:21 - 2013-06-23 18:11 - 00000000 ____D C:\ProgramData\ArcSoft
2015-11-29 21:21 - 2013-06-23 17:57 - 00000000 ____D C:\ProgramData\Avira
2015-11-29 21:21 - 2013-06-23 17:55 - 00000000 ____D C:\ProgramData\Canneverbe Limited
2015-11-29 21:21 - 2013-06-23 11:35 - 00000000 ____D C:\ProgramData\Buhl Data Service GmbH
2015-11-29 21:21 - 2013-01-12 06:26 - 00000000 ____D C:\ProgramData\CyberLink
2015-11-29 21:21 - 2013-01-12 06:26 - 00000000 ____D C:\ProgramData\Apple
2015-11-29 21:18 - 2012-10-12 04:21 - 00000000 _RSHD C:\SYSTEM.SAV
2015-11-29 21:17 - 2013-07-01 23:00 - 00000000 ____D C:\Program Files (x86)l
2015-11-29 21:17 - 2013-06-18 21:29 - 00000000 ____D C:\sources
2015-11-29 21:17 - 2012-10-12 04:24 - 00000000 ____D C:\SWSETUP
2015-11-29 21:16 - 2014-07-03 20:43 - 00000000 ____D C:\My Music
2015-11-29 21:16 - 2013-01-07 12:12 - 00000000 _RSHD C:\hp
2015-11-28 23:24 - 2012-07-26 08:59 - 00000000 ____D C:\WINDOWS\CbsTemp
2015-11-23 06:45 - 2013-08-22 16:36 - 00000000 ____D C:\WINDOWS\AppReadiness
2015-11-18 20:56 - 2015-10-06 19:48 - 00001048 _____ C:\Users\Jan\Desktop\nativelog.txt
2015-11-18 20:56 - 2015-10-03 14:43 - 00000000 ____D C:\Users\Jan\AppData\Roaming\.minecraft
2015-11-18 20:30 - 2015-10-01 13:15 - 00003594 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3876800203-89553269-3656360523-1003
2015-11-18 20:25 - 2013-08-22 16:36 - 00000000 ___HD C:\Program Files\WindowsApps
2015-11-16 23:50 - 2013-08-22 16:36 - 00000000 ____D C:\WINDOWS\Registration
2015-11-15 17:06 - 2014-12-20 16:57 - 00001959 _____ C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk
2015-11-13 22:18 - 2013-08-22 16:36 - 00000000 ____D C:\WINDOWS\rescache
2015-11-12 23:13 - 2013-08-22 16:36 - 00000000 ___RD C:\WINDOWS\ToastData
2015-11-12 21:39 - 2013-06-21 20:57 - 00000000 ____D C:\ProgramData\Microsoft Help
2015-11-12 21:34 - 2013-08-27 20:47 - 00000000 ____D C:\WINDOWS\system32\MRT
2015-11-12 21:29 - 2013-06-17 22:17 - 145617392 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2015-11-10 21:59 - 2014-11-29 17:24 - 00003772 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2015-11-08 10:34 - 2015-04-23 12:23 - 00000000 ___RD C:\Users\Ulla & Christian\Desktop\Spiele
2015-11-07 22:39 - 2013-06-17 22:31 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2015-11-07 18:16 - 2013-06-21 23:19 - 00000000 ____D C:\Program Files (x86)\Spiele
==================== Dateien im Wurzelverzeichnis einiger Verzeichnisse =======
2013-06-23 18:04 - 2006-07-18 08:49 - 0587249 _____ (MAGIX AG) C:\Program Files (x86)\addoninstall.exe
2013-06-23 18:04 - 2002-02-13 07:00 - 0022016 _____ (Borland Software Corporation) C:\Program Files (x86)\borlndmm.dll
2013-06-23 18:04 - 2003-03-17 05:04 - 1500160 _____ (Borland Corporation) C:\Program Files (x86)\cc3260mt.dll
2013-06-23 18:04 - 2006-06-28 08:32 - 0004694 _____ () C:\Program Files (x86)\e-mode-upgradedialog.rtf
2013-06-23 18:04 - 2006-06-28 08:32 - 0004716 _____ () C:\Program Files (x86)\e-mode-upgradedlg-exit.rtf
2013-06-23 18:04 - 2013-06-23 18:04 - 0002885 _____ () C:\Program Files (x86)\e-mode.ini
2013-06-23 18:04 - 2006-06-28 09:55 - 0315392 _____ (MAGIX AG) C:\Program Files (x86)\eModeUpgradeDlg.dll
2013-06-23 18:04 - 2003-02-12 10:20 - 0028672 _____ () C:\Program Files (x86)\explore.exe
2013-06-23 18:04 - 2006-07-26 15:46 - 2442752 _____ (MAGIX) C:\Program Files (x86)\FotoClinic.exe
2013-06-23 18:04 - 2013-06-23 18:04 - 0000707 _____ () C:\Program Files (x86)\FotoClinic.ini
2013-06-23 18:04 - 2013-06-23 18:04 - 0001138 _____ () C:\Program Files (x86)\Install.cfg
2013-06-23 18:04 - 2013-06-23 18:04 - 0040289 _____ () C:\Program Files (x86)\INSTALL.LOG
2013-06-23 18:04 - 2013-06-23 18:04 - 0006564 _____ () C:\Program Files (x86)\INSTALL1.LOG
2013-06-23 18:04 - 2006-07-17 09:58 - 0184320 _____ (MAGIX AG) C:\Program Files (x86)\instslct.exe
2013-06-23 18:04 - 2006-07-26 15:29 - 0100352 _____ () C:\Program Files (x86)\libpng.dll
2013-06-23 18:04 - 2005-06-16 08:43 - 0008980 _____ () C:\Program Files (x86)\license.txt
2013-06-23 18:04 - 2005-08-08 14:51 - 0786305 _____ () C:\Program Files (x86)\MAGIX Creation Logo.pdf
2013-06-23 18:04 - 2004-04-15 14:48 - 0032768 _____ () C:\Program Files (x86)\MagixUpdater.exe
2013-06-23 18:04 - 2006-04-25 09:27 - 0014810 _____ () C:\Program Files (x86)\order.rtf
2013-06-23 18:04 - 2005-03-04 17:51 - 0005509 _____ () C:\Program Files (x86)\pa.cnt
2013-06-23 18:04 - 2005-03-04 17:51 - 0361656 _____ () C:\Program Files (x86)\pa.hlp
2013-06-23 18:04 - 2006-07-26 15:46 - 0055296 _____ () C:\Program Files (x86)\palng.dll
2013-06-23 18:04 - 2006-07-26 15:45 - 0240128 _____ () C:\Program Files (x86)\pcomponents.bpl
2013-06-23 18:04 - 2006-07-26 15:29 - 0018432 _____ () C:\Program Files (x86)\ps8bf.dll
2013-06-23 18:04 - 2013-06-23 18:04 - 0002757 _____ () C:\Program Files (x86)\register.rtf
2013-06-23 18:04 - 1999-12-10 12:00 - 0431376 _____ (Microsoft Corporation) C:\Program Files (x86)\riched20.dll
2013-06-23 18:04 - 2003-03-17 05:04 - 0685056 _____ (Borland Software Corporation) C:\Program Files (x86)\rtl60.bpl
2013-06-23 18:04 - 2003-03-17 05:04 - 0618496 _____ () C:\Program Files (x86)\stlpmt45.dll
2013-06-23 18:04 - 2005-11-02 14:34 - 0016460 _____ () C:\Program Files (x86)\support.rtf
2013-06-23 18:04 - 2006-07-17 12:30 - 0129024 _____ () C:\Program Files (x86)\uninstall.exe
2013-06-23 18:04 - 2002-02-18 10:06 - 0006034 _____ () C:\Program Files (x86)\uninstall.ini
2013-06-23 18:04 - 2006-07-17 10:09 - 0081920 _____ (MAGIX AG) C:\Program Files (x86)\unwise.adf
2013-06-23 18:04 - 2006-07-17 10:10 - 0176128 _____ (MAGIX AG) C:\Program Files (x86)\unwise.exe
2013-06-23 18:04 - 2013-06-23 18:04 - 0000723 _____ () C:\Program Files (x86)\unwise.ini
2013-06-23 18:04 - 2006-07-26 13:50 - 0139264 _____ () C:\Program Files (x86)\UpgradeInfo.exe
2013-06-23 18:04 - 2006-02-14 14:03 - 0024576 _____ (Magix AG) C:\Program Files (x86)\Validation.exe
2013-06-23 18:04 - 2013-06-23 18:04 - 0000140 _____ () C:\Program Files (x86)\Validation.ini
2013-06-23 18:04 - 2002-02-13 07:00 - 1326080 _____ (Borland Software Corporation) C:\Program Files (x86)\vcl60.bpl
2013-06-23 18:04 - 2006-07-26 15:29 - 0046080 _____ () C:\Program Files (x86)\zlib.dll
2015-11-30 13:54 - 2015-11-30 13:56 - 0000050 _____ () C:\Users\Ulla & Christian\AppData\Roaming\AVSDVDPlayer.m3u
2013-07-05 20:36 - 2015-11-29 21:25 - 0000462 _____ () C:\Users\Ulla & Christian\AppData\Roaming\AVSDVDPlayer.m3u.vvv
2015-11-29 21:23 - 2015-11-29 21:26 - 0006921 _____ () C:\Users\Ulla & Christian\AppData\Roaming\how_recover+yer.html
2015-11-29 21:23 - 2015-11-29 21:26 - 0002401 _____ () C:\Users\Ulla & Christian\AppData\Roaming\how_recover+yer.txt
2013-12-25 21:18 - 2015-10-20 22:01 - 0028256 _____ () C:\Users\Ulla & Christian\AppData\Roaming\Kommagetrennte Werte (Windows).ADR
2013-12-25 21:14 - 2013-12-25 21:16 - 0028295 _____ () C:\Users\Ulla & Christian\AppData\Roaming\Tabulatorgetrennte Werte (Windows).ADR
2013-10-20 11:29 - 2015-07-02 13:29 - 0005632 _____ () C:\Users\Ulla & Christian\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2015-11-29 21:23 - 2015-11-29 21:34 - 0006921 _____ () C:\Users\Ulla & Christian\AppData\Local\how_recover+yer.html
2015-11-29 21:23 - 2015-11-29 21:34 - 0002401 _____ () C:\Users\Ulla & Christian\AppData\Local\how_recover+yer.txt
2013-12-10 20:40 - 2015-09-13 22:27 - 0007605 _____ () C:\Users\Ulla & Christian\AppData\Local\resmon.resmoncfg
2015-05-17 15:41 - 2015-05-17 15:41 - 0000057 _____ () C:\ProgramData\Ament.ini
2015-11-29 21:21 - 2015-11-29 21:23 - 0006921 _____ () C:\ProgramData\how_recover+yer.html
2015-11-29 21:21 - 2015-11-29 21:23 - 0002401 _____ () C:\ProgramData\how_recover+yer.txt
2013-06-16 20:51 - 2013-06-16 20:51 - 0000141 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.351.64.bc
2013-07-10 21:31 - 2013-07-10 21:42 - 0020531 ____H () C:\ProgramData\R49LW
Einige Dateien in TEMP:
====================
C:\Users\Jan\AppData\Local\Temp\avgnt.exe
C:\Users\Ulla & Christian\AppData\Local\Temp\avgnt.exe
C:\Users\Ulla & Christian\AppData\Local\Temp\sqlite3.dll
==================== Bamital & volsnap =================
(Es ist kein automatischer Fix für Dateien vorhanden, die an der Verifikation gescheitert sind.)
C:\WINDOWS\system32\winlogon.exe => Datei ist digital signiert
C:\WINDOWS\system32\wininit.exe => Datei ist digital signiert
C:\WINDOWS\explorer.exe => Datei ist digital signiert
C:\WINDOWS\SysWOW64\explorer.exe => Datei ist digital signiert
C:\WINDOWS\system32\svchost.exe => Datei ist digital signiert
C:\WINDOWS\SysWOW64\svchost.exe => Datei ist digital signiert
C:\WINDOWS\system32\services.exe => Datei ist digital signiert
C:\WINDOWS\system32\User32.dll => Datei ist digital signiert
C:\WINDOWS\SysWOW64\User32.dll => Datei ist digital signiert
C:\WINDOWS\system32\userinit.exe => Datei ist digital signiert
C:\WINDOWS\SysWOW64\userinit.exe => Datei ist digital signiert
C:\WINDOWS\system32\rpcss.dll => Datei ist digital signiert
C:\WINDOWS\system32\dnsapi.dll => Datei ist digital signiert
C:\WINDOWS\SysWOW64\dnsapi.dll => Datei ist digital signiert
C:\WINDOWS\system32\Drivers\volsnap.sys => Datei ist digital signiert
LastRegBack: 2015-12-04 20:57
==================== Ende von FRST.txt ============================
|
|
05.12.2015, 22:16
| #10 |
| /// the machine /// TB-Ausbilder | Virus hängt an alle Dateien .vvvESET Online Scanner
Downloade Dir bitte  SecurityCheck und:
und ein frisches FRST log bitte. Noch Probleme? 
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
06.12.2015, 20:46
| #11 |
| | Virus hängt an alle Dateien .vvv Hallo, hier die log.txt von ESET: Code:
ATTFilter ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# EOSSerial=548ce59711622748bfbd6c67bfc90ae2
# end=init
# utc_time=2015-12-06 01:52:48
# local_time=2015-12-06 02:52:48 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# osver=6.2.9200 NT
Update Init
Update Download
Update Finalize
Updated modules version: 27068
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# EOSSerial=548ce59711622748bfbd6c67bfc90ae2
# end=updated
# utc_time=2015-12-06 02:04:49
# local_time=2015-12-06 03:04:49 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# osver=6.2.9200 NT
Die abschließende checkup.txt ist leer. Hier noch die FRST.txt: Code:
ATTFilter Untersuchungsergebnis von Farbar Recovery Scan Tool (FRST) (x64) Version:05-12-2015
durchgeführt von Ulla & Christian (Administrator) auf PC (06-12-2015 20:40:37)
Gestartet von C:\Users\Ulla & Christian\Downloads
Geladene Profile: Ulla & Christian (Verfügbare Profile: Ulla & Christian & Jan)
Platform: Windows 8.1 (X64) Sprache: Deutsch (Deutschland)
Internet Explorer Version 11 (Standard-Browser: FF)
Start-Modus: Normal
Anleitung für Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Prozesse (Nicht auf der Ausnahmeliste) =================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Prozess geschlossen. Die Datei wird nicht verschoben.)
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Sicherheit-Ordnung\Avira\AntiVir Desktop\sched.exe
(ArcSoft Inc.) C:\Program Files (x86)\Common Files\ArcSoft\esinter\Bin\eservutil.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Sicherheit-Ordnung\Avira\AntiVir Desktop\avguard.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(The OpenVPN Project) C:\Program Files (x86)\Sophos\Sophos SSL VPN Client\bin\openvpnserv.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(DEVGURU Co., LTD.) C:\Program Files (x86)\Samsung\USB Drivers\25_escape\conn\ss_conn_service.exe
() C:\Program Files (x86)\Synology\Assistant\UsbClientService.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Sicherheit-Ordnung\Avira\AntiVir Desktop\avshadow.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Connected Remote\HPConnectedRemoteService.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.11.226\SSScheduler.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Sicherheit-Ordnung\Avira\AntiVir Desktop\avgnt.exe
() C:\Program Files (x86)\Sophos\Sophos SSL VPN Client\bin\openvpn-gui.exe
(Logitech Inc.) C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
() C:\Program Files (x86)\Logitech\LWS\Webcam Software\CameraHelperShell.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
(Microsoft) C:\Program Files (x86)\Microsoft AutoRoute 2013\StreetsOlkShim.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office12\EXCEL.EXE
(Wargaming St.Petersburg) C:\Program Files (x86)\Spiele\World of Warships\WorldOfWarships.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
() C:\Users\Ulla & Christian\Downloads\SecurityCheck.exe
==================== Registry (Nicht auf der Ausnahmeliste) ===========================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt. Die Datei wird nicht verschoben.)
HKLM\...\Run: [BeatsOSDApp] => C:\Program Files\IDT\WDM\beats64.exe [41664 2013-11-20] (Hewlett-Packard )
HKLM\...\Run: [Ocs_SM] => C:\Users\Ulla & Christian\AppData\Roaming\OCS\SM\SearchAnonymizer.exe
HKLM\...\Run: [KiesTrayAgent] => C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe [311616 2015-07-27] (Samsung Electronics Co., Ltd.)
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1703424 2013-11-20] (IDT, Inc.)
HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Sicherheit-Ordnung\Avira\AntiVir Desktop\avgnt.exe [803200 2015-12-01] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1021128 2014-11-20] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [openvpn-gui] => C:\Program Files (x86)\Sophos\Sophos SSL VPN Client\bin\openvpn-gui.exe [436776 2013-06-14] ()
HKLM-x32\...\Run: [ConnectionCenter] => C:\Program Files (x86)\Citrix\ICA Client\concentr.exe [304568 2010-10-12] (Citrix Systems, Inc.)
HKLM-x32\...\Run: [LWS] => C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe [204136 2012-09-12] (Logitech Inc.)
HKLM-x32\...\Run: [KiesTrayAgent] => C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe [311616 2015-07-27] (Samsung Electronics Co., Ltd.)
HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKU\S-1-5-21-3876800203-89553269-3656360523-1001\...\Run: [CCleaner Monitoring] => C:\Program Files (x86)\Sicherheit-Ordnung\CCleaner64.exe [8455960 2015-08-20] (Piriform Ltd)
HKU\S-1-5-21-3876800203-89553269-3656360523-1001\...\Run: [Spybot-S&D Cleaning] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe [4566952 2014-06-24] (Safer-Networking Ltd.)
HKU\S-1-5-21-3876800203-89553269-3656360523-1001\...\Run: [SpybotPostWindows10UpgradeReInstall] => C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe [1011200 2015-07-28] (Safer-Networking Ltd.)
HKU\S-1-5-21-3876800203-89553269-3656360523-1001\...\RunOnce: [Adobe Speed Launcher] => 1449415797
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk [2015-11-15]
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.11.226\SSScheduler.exe (McAfee, Inc.)
==================== Internet (Nicht auf der Ausnahmeliste) ====================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Eintrag entfernt oder auf den Standardwert zurückgesetzt, wenn es sich um einen Registryeintrag handelt.)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
Tcpip\..\Interfaces\{82DFC5A4-518D-445C-A2B1-591A6747A3D5}: [DhcpNameServer] 192.168.103.1 192.168.103.20
Tcpip\..\Interfaces\{B56279DC-0CCA-4C4C-8F65-B5B765D59070}: [DhcpNameServer] 192.168.2.1
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://search.avira.net/#web/result?source=art&q=
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxps://search.avira.net/#web/result?source=art&q=
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxps://search.avira.net/#web/result?source=art&q=
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxps://search.avira.net/#web/result?source=art&q=
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxps://search.avira.net/#web/result?source=art&q=
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxps://search.avira.net/#web/result?source=art&q=
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxps://search.avira.net/#web/result?source=art&q=
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxps://search.avira.net/#web/result?source=art&q=
HKU\S-1-5-21-3876800203-89553269-3656360523-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxps://search.avira.net/#web/result?source=art&q=
HKU\S-1-5-21-3876800203-89553269-3656360523-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://search.avira.net/#web/result?source=art&q=
HKU\S-1-5-21-3876800203-89553269-3656360523-1001\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.bing.com
HKU\S-1-5-21-3876800203-89553269-3656360523-1001\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxps://search.avira.net/#web/result?source=art&q=
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM -> {471E55EA-5870-4D06-85B1-087E723116A4} URL = hxxp://www.amazon.de/s/ref=azs_osd_ieade?ie=UTF-8&tag=hp-de1-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/707-154345-12128-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/707-154345-12128-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
SearchScopes: HKU\S-1-5-21-3876800203-89553269-3656360523-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-3876800203-89553269-3656360523-1001 -> {F2109080-1672-4F41-BDB0-B480859F3699} URL = hxxp://www.google.de/search?q={searchTerms}
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\ssv.dll [2015-01-28] (Oracle Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\jp2ssv.dll [2015-01-28] (Oracle Corporation)
Toolbar: HKU\S-1-5-21-3876800203-89553269-3656360523-1001 -> Kein Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - Keine Datei
Handler-x32: http - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL [1999-02-03] (Microsoft Corporation)
Handler-x32: http - {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL [1999-02-03] (Microsoft Corporation)
Handler-x32: https - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL [1999-02-03] (Microsoft Corporation)
Handler-x32: https - {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL [1999-02-03] (Microsoft Corporation)
Handler-x32: ipp - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL [1999-02-03] (Microsoft Corporation)
Handler-x32: msdaipp - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL [1999-02-03] (Microsoft Corporation)
Handler-x32: msdaipp - {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL [1999-02-03] (Microsoft Corporation)
Filter-x32: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2010-10-12] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2010-10-12] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2010-10-12] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2010-10-12] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2010-10-12] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2010-10-12] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2010-10-12] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2010-10-12] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2010-10-12] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2010-10-12] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2010-10-12] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2010-10-12] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2010-10-12] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2010-10-12] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2010-10-12] (Citrix Systems, Inc.)
Filter-x32: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2010-10-12] (Citrix Systems, Inc.)
FireFox:
========
FF ProfilePath: C:\Users\Ulla & Christian\AppData\Roaming\Mozilla\Firefox\Profiles\7shvkqc1.default
FF SelectedSearchEngine: Bing
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_19_0_0_245.dll [2015-11-10] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.0.2 -> C:\Program Files (x86)\Filme - Video\VLC\npvlc.dll [2012-06-28] (VideoLAN)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_19_0_0_245.dll [2015-11-10] ()
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Bilder\Picasa3\npPicasa3.dll [2014-01-06] (Google, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll [2015-01-28] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\plugin2\npjp2.dll [2015-01-28] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll [2010-04-26] (Microsoft Corp.)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3503.0728 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-07-28] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2013-08-29] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2013-08-29] (NVIDIA Corporation)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2013-12-21] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-3876800203-89553269-3656360523-1001: amazon.com/AmazonMP3DownloaderPlugin -> C:\Users\Ulla & Christian\AppData\Local\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin10181.dll [2013-05-22] (Amazon.com, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\CCMSDK.dll [2010-10-12] (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\cgpcfg.dll [2010-10-12] (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\CgpCore.dll [2010-10-12] (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\confmgr.dll [2010-10-12] (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\ctxlogging.dll [2010-10-12] (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\ctxmui.dll [2010-10-12] (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\icafile.dll [2010-10-12] (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\icalogon.dll [2010-10-12] (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npicaN.dll [2010-10-12] ()
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2013-12-21] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\sslsdk_b.dll [2010-07-14] (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\TcpPServ.dll [2010-10-12] (Citrix Systems, Inc.)
FF SearchPlugin: C:\Users\Ulla & Christian\AppData\Roaming\Mozilla\Firefox\Profiles\7shvkqc1.default\searchplugins\how_recover+yer.html [2015-11-29]
FF SearchPlugin: C:\Users\Ulla & Christian\AppData\Roaming\Mozilla\Firefox\Profiles\7shvkqc1.default\searchplugins\how_recover+yer.txt [2015-11-29]
FF Extension: Shrunked Image Resizer - C:\Users\Ulla & Christian\AppData\Roaming\Mozilla\Firefox\Profiles\7shvkqc1.default\extensions\shrunked@darktrojan.net.xpi [2015-12-06]
FF Extension: Avira Browser Safety - C:\Users\Ulla & Christian\AppData\Roaming\Mozilla\Firefox\Profiles\7shvkqc1.default\Extensions\abs@avira.com [2015-11-29] [ist nicht signiert]
Chrome:
=======
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
==================== Dienste (Nicht auf der Ausnahmeliste) ========================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
R2 ADExchange; C:\Program Files (x86)\Common Files\ArcSoft\esinter\Bin\eservutil.exe [43112 2012-02-16] (ArcSoft Inc.)
S2 AntiVirMailService; C:\Program Files (x86)\Sicherheit-Ordnung\Avira\AntiVir Desktop\avmailc7.exe [948392 2015-12-01] (Avira Operations GmbH & Co. KG)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Sicherheit-Ordnung\Avira\AntiVir Desktop\sched.exe [466408 2015-12-01] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Sicherheit-Ordnung\Avira\AntiVir Desktop\avguard.exe [466408 2015-12-01] (Avira Operations GmbH & Co. KG)
S2 AntiVirWebService; C:\Program Files (x86)\Sicherheit-Ordnung\Avira\AntiVir Desktop\avwebg7.exe [1418560 2015-12-01] (Avira Operations GmbH & Co. KG)
S3 DfSdkS; C:\Program Files (x86)\Ashampoo\Ashampoo WinOptimizer 2015\DfsdkS64.exe [544768 2009-08-24] (mst software GmbH, Germany) [Datei ist nicht signiert]
R2 HP Support Assistant Service; C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [92160 2013-11-04] (Hewlett-Packard Company) [Datei ist nicht signiert]
R2 HPConnectedRemote; c:\Program Files (x86)\Hewlett-Packard\HP Connected Remote\HPConnectedRemoteService.exe [35744 2012-10-12] (Hewlett-Packard)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.11.226\McCHSvc.exe [289256 2015-10-30] (McAfee, Inc.)
S3 OpenVPNService; C:\Program Files (x86)\Sophos\Sophos SSL VPN Client\bin\openvpnserv.exe [59432 2013-06-14] (The OpenVPN Project)
R2 OpenVPNServiceInteractive; C:\Program Files (x86)\Sophos\Sophos SSL VPN Client\bin\openvpnserv.exe [59432 2013-06-14] (The OpenVPN Project)
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)
R2 ss_conn_service; C:\Program Files (x86)\Samsung\USB Drivers\25_escape\conn\ss_conn_service.exe [743688 2015-05-21] (DEVGURU Co., LTD.)
R2 STacSV; C:\Program Files\IDT\WDM\STacSV64.exe [339456 2013-11-20] (IDT, Inc.) [Datei ist nicht signiert]
R2 UsbClientService; C:\Program Files (x86)\Synology\Assistant\UsbClientService.exe [248736 2014-12-17] ()
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366552 2015-07-07] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2015-07-07] (Microsoft Corporation)
S2 MBAMService; "C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe" [X]
===================== Treiber (Nicht auf der Ausnahmeliste) ==========================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
R0 ambakdrv; C:\Windows\System32\ambakdrv.sys [30648 2013-04-27] () [Datei ist nicht signiert]
R2 ammntdrv; C:\windows\system32\ammntdrv.sys [151480 2013-04-27] () [Datei ist nicht signiert]
R2 amwrtdrv; C:\windows\system32\amwrtdrv.sys [17848 2013-02-06] () [Datei ist nicht signiert]
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [135880 2015-12-01] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [146696 2015-12-01] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\system32\DRIVERS\avkmgr.sys [35488 2015-12-01] (Avira Operations GmbH & Co. KG)
R2 avnetflt; C:\Windows\system32\DRIVERS\avnetflt.sys [73032 2015-12-01] (Avira Operations GmbH & Co. KG)
R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [92536 2012-06-25] (CyberLink)
S0 ebdrv; C:\Windows\System32\drivers\evbda.sys [3357024 2013-08-22] (Broadcom Corporation)
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25816 2015-10-05] (Malwarebytes)
S3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [64216 2015-10-05] (Malwarebytes Corporation)
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44560 2015-07-07] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [270168 2015-07-07] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114520 2015-07-07] (Microsoft Corporation)
==================== NetSvcs (Nicht auf der Ausnahmeliste) ===================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
==================== Ein Monat: Erstellte Dateien und Ordner ========
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)
2015-12-06 20:40 - 2015-12-06 20:40 - 00000000 ____D C:\Users\Ulla & Christian\Downloads\FRST-OlderVersion
2015-12-06 20:40 - 2015-12-06 20:40 - 00000000 ____D C:\FRST
2015-12-06 20:26 - 2015-12-06 20:26 - 00852771 _____ C:\Users\Ulla & Christian\Downloads\SecurityCheck.exe
2015-12-06 14:51 - 2015-12-06 14:51 - 02870984 _____ (ESET) C:\Users\Ulla & Christian\Downloads\esetsmartinstaller_deu.exe
2015-12-05 22:50 - 2015-12-05 22:50 - 14108096 _____ (Citrix Systems, Inc.) C:\Users\Ulla & Christian\Downloads\CitrixOnlinePluginWeb(4).exe
2015-12-04 20:53 - 2015-12-04 20:53 - 00001049 _____ C:\Users\Ulla & Christian\Desktop\JRT.txt
2015-12-04 20:50 - 2015-12-04 20:50 - 01599336 _____ (Malwarebytes) C:\Users\Ulla & Christian\Downloads\JRT.exe
2015-12-04 20:34 - 2015-12-04 20:36 - 00000000 ____D C:\AdwCleaner
2015-12-04 20:31 - 2015-12-04 20:31 - 01736704 _____ C:\Users\Ulla & Christian\Downloads\AdwCleaner_5.023.exe
2015-12-04 19:57 - 2015-12-04 19:57 - 00001123 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2015-12-04 19:57 - 2015-12-04 19:57 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware
2015-12-04 19:57 - 2015-10-05 09:50 - 00064216 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys
2015-12-04 19:57 - 2015-10-05 09:50 - 00025816 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2015-12-04 19:15 - 2015-12-04 19:16 - 22908888 _____ (Malwarebytes ) C:\Users\Ulla & Christian\Downloads\mbam-setup-2.2.0.1024.exe
2015-12-02 13:49 - 2015-12-02 13:49 - 00294272 _____ C:\WINDOWS\Minidump\120215-20734-01.dmp
2015-12-02 13:21 - 2015-12-02 13:51 - 00000000 ____D C:\Program Files\Recuva
2015-12-02 13:21 - 2015-12-02 13:21 - 00001679 _____ C:\Users\Public\Desktop\Recuva.lnk
2015-12-02 13:21 - 2015-12-02 13:21 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Recuva
2015-12-02 13:14 - 2015-12-02 13:20 - 04426120 _____ (Piriform Ltd) C:\Users\Ulla & Christian\Downloads\rcsetup152.exe
2015-12-02 13:07 - 2015-12-02 13:07 - 00380416 _____ C:\Users\Ulla & Christian\Downloads\Gmer-19357.exe
2015-12-01 22:13 - 2015-12-01 22:16 - 00235860 _____ C:\TDSSKiller.3.1.0.7_01.12.2015_22.13.25_log.txt
2015-12-01 22:12 - 2015-12-01 22:12 - 00000560 _____ C:\TDSSKiller.3.1.0.7_01.12.2015_22.12.00_log.txt
2015-12-01 22:11 - 2015-12-01 22:11 - 04398264 _____ (Kaspersky Lab ZAO) C:\Users\Ulla & Christian\Downloads\tdsskiller.exe
2015-12-01 21:28 - 2015-12-01 21:28 - 00001093 _____ C:\Users\Ulla & Christian\Desktop\mbar.lnk
2015-12-01 21:10 - 2015-12-01 21:10 - 00001301 _____ C:\Users\Ulla & Christian\Downloads\mbar-1.09.3.1001.exe - Verknüpfung.lnk
2015-12-01 20:42 - 2015-12-01 20:42 - 00000000 ____D C:\Program Files\Common Files\AV
2015-12-01 20:37 - 2015-12-01 20:37 - 00292976 _____ C:\WINDOWS\Minidump\120115-23468-01.dmp
2015-12-01 15:44 - 2015-12-01 15:44 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2015-12-01 15:29 - 2015-12-01 15:29 - 00296856 _____ C:\WINDOWS\Minidump\120115-29140-01.dmp
2015-12-01 15:28 - 2015-12-02 13:49 - 563044145 _____ C:\WINDOWS\MEMORY.DMP
2015-12-01 11:06 - 2015-12-01 11:08 - 00001256 _____ C:\Users\Ulla & Christian\Desktop\FRST64.lnk
2015-12-01 00:11 - 2015-12-01 00:11 - 00000000 _____ C:\Users\Ulla & Christian\defogger_reenable
2015-12-01 00:10 - 2015-12-01 00:10 - 00050477 _____ C:\Users\Ulla & Christian\Downloads\Defogger.exe
2015-11-30 23:21 - 2015-12-04 20:45 - 00192216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2015-11-30 23:21 - 2015-12-04 20:26 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2015-11-30 23:21 - 2015-12-04 19:57 - 00000000 ____D C:\ProgramData\Malwarebytes
2015-11-30 23:19 - 2015-10-05 09:50 - 00109272 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2015-11-30 23:18 - 2015-11-30 23:18 - 16563352 _____ (Malwarebytes Corp.) C:\Users\Ulla & Christian\Downloads\mbar-1.09.3.1001.exe
2015-11-30 23:06 - 2015-12-01 11:11 - 00059415 _____ C:\Users\Ulla & Christian\Downloads\Addition.txt
2015-11-30 23:05 - 2015-12-06 20:40 - 00023860 _____ C:\Users\Ulla & Christian\Downloads\FRST.txt
2015-11-30 23:02 - 2015-12-06 20:40 - 02369024 _____ (Farbar) C:\Users\Ulla & Christian\Downloads\FRST64.exe
2015-11-30 13:54 - 2015-11-30 13:56 - 00000050 _____ C:\Users\Ulla & Christian\AppData\Roaming\AVSDVDPlayer.m3u
2015-11-30 13:54 - 2015-11-30 13:55 - 00000000 ___HD C:\$WINDOWS.~BT
2015-11-29 22:45 - 2015-11-29 22:45 - 00024261 _____ C:\Users\Ulla & Christian\Downloads\RX_151129_Bestellbestaetigung_VID3_2245.pdf
2015-11-29 21:46 - 2015-11-29 21:46 - 00006921 _____ C:\WINDOWS\Tasks\how_recover+yer.html
2015-11-29 21:46 - 2015-11-29 21:46 - 00002401 _____ C:\WINDOWS\Tasks\how_recover+yer.txt
2015-11-29 21:45 - 2015-11-29 21:45 - 00006921 _____ C:\Users\Ulla & Christian\how_recover+yer.html
2015-11-29 21:45 - 2015-11-29 21:45 - 00002401 _____ C:\Users\Ulla & Christian\how_recover+yer.txt
2015-11-29 21:33 - 2015-11-29 21:34 - 00006921 _____ C:\Users\Ulla & Christian\Documents\how_recover+yer.html
2015-11-29 21:33 - 2015-11-29 21:34 - 00002401 _____ C:\Users\Ulla & Christian\Documents\how_recover+yer.txt
2015-11-29 21:33 - 2015-11-29 21:33 - 00006921 _____ C:\Users\Ulla & Christian\Downloads\how_recover+yer.html
2015-11-29 21:33 - 2015-11-29 21:33 - 00002401 _____ C:\Users\Ulla & Christian\Downloads\how_recover+yer.txt
2015-11-29 21:26 - 2015-11-29 21:26 - 00006921 _____ C:\Users\Ulla & Christian\AppData\how_recover+yer.html
2015-11-29 21:26 - 2015-11-29 21:26 - 00002401 _____ C:\Users\Ulla & Christian\AppData\how_recover+yer.txt
2015-11-29 21:25 - 2015-11-29 21:45 - 00006921 _____ C:\Users\Ulla & Christian\AppData\Roaming\Microsoft\Windows\Start Menu\how_recover+yer.html
2015-11-29 21:25 - 2015-11-29 21:45 - 00002401 _____ C:\Users\Ulla & Christian\AppData\Roaming\Microsoft\Windows\Start Menu\how_recover+yer.txt
2015-11-29 21:25 - 2015-11-29 21:25 - 00006921 _____ C:\Users\Ulla & Christian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\how_recover+yer.html
2015-11-29 21:25 - 2015-11-29 21:25 - 00006921 _____ C:\Users\Ulla & Christian\AppData\LocalLow\how_recover+yer.html
2015-11-29 21:25 - 2015-11-29 21:25 - 00002401 _____ C:\Users\Ulla & Christian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\how_recover+yer.txt
2015-11-29 21:25 - 2015-11-29 21:25 - 00002401 _____ C:\Users\Ulla & Christian\AppData\LocalLow\how_recover+yer.txt
2015-11-29 21:23 - 2015-11-29 21:34 - 00006921 _____ C:\Users\Ulla & Christian\AppData\Local\how_recover+yer.html
2015-11-29 21:23 - 2015-11-29 21:34 - 00002401 _____ C:\Users\Ulla & Christian\AppData\Local\how_recover+yer.txt
2015-11-29 21:23 - 2015-11-29 21:26 - 00006921 _____ C:\Users\Ulla & Christian\AppData\Roaming\how_recover+yer.html
2015-11-29 21:23 - 2015-11-29 21:26 - 00002401 _____ C:\Users\Ulla & Christian\AppData\Roaming\how_recover+yer.txt
2015-11-29 21:23 - 2015-11-29 21:23 - 00006921 _____ C:\Users\Ulla & Christian\AppData\Local\Apps\how_recover+yer.html
2015-11-29 21:23 - 2015-11-29 21:23 - 00006921 _____ C:\Users\Public\how_recover+yer.html
2015-11-29 21:23 - 2015-11-29 21:23 - 00006921 _____ C:\Users\Public\Downloads\how_recover+yer.html
2015-11-29 21:23 - 2015-11-29 21:23 - 00002401 _____ C:\Users\Ulla & Christian\AppData\Local\Apps\how_recover+yer.txt
2015-11-29 21:23 - 2015-11-29 21:23 - 00002401 _____ C:\Users\Public\how_recover+yer.txt
2015-11-29 21:23 - 2015-11-29 21:23 - 00002401 _____ C:\Users\Public\Downloads\how_recover+yer.txt
2015-11-29 21:21 - 2015-11-29 21:23 - 00006921 _____ C:\Users\Public\Documents\how_recover+yer.html
2015-11-29 21:21 - 2015-11-29 21:23 - 00006921 _____ C:\ProgramData\how_recover+yer.html
2015-11-29 21:21 - 2015-11-29 21:23 - 00002401 _____ C:\Users\Public\Documents\how_recover+yer.txt
2015-11-29 21:21 - 2015-11-29 21:23 - 00002401 _____ C:\ProgramData\how_recover+yer.txt
2015-11-29 21:19 - 2015-11-29 21:19 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
2015-11-29 21:19 - 2015-11-29 21:19 - 00000000 ____D C:\Program Files (x86)\7-Zip
2015-11-29 21:18 - 2015-11-29 21:18 - 01466656 _____ C:\Users\Ulla & Christian\Downloads\7 Zip 32 Bit - CHIP-Installer.exe
2015-11-29 21:16 - 2015-11-29 21:26 - 00000670 _____ C:\Users\Ulla & Christian\Documents\recover_file_jkvrflnqu.txt.vvv
2015-11-28 23:24 - 2015-11-28 23:24 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Live Add-in
2015-11-28 23:22 - 2015-10-22 18:43 - 00007168 _____ (Microsoft Corporation) C:\WINDOWS\system32\kbdgeoqw.dll
2015-11-28 23:22 - 2015-10-22 18:43 - 00007168 _____ (Microsoft Corporation) C:\WINDOWS\system32\KBDAZST.DLL
2015-11-28 23:22 - 2015-10-22 18:43 - 00007168 _____ (Microsoft Corporation) C:\WINDOWS\system32\KBDAZEL.DLL
2015-11-28 23:22 - 2015-10-22 18:43 - 00007168 _____ (Microsoft Corporation) C:\WINDOWS\system32\KBDAZE.DLL
2015-11-28 23:22 - 2015-10-22 17:59 - 00007168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kbdgeoqw.dll
2015-11-28 23:22 - 2015-10-22 17:59 - 00007168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KBDAZST.DLL
2015-11-28 23:22 - 2015-10-22 17:59 - 00007168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KBDAZEL.DLL
2015-11-28 23:22 - 2015-10-22 17:59 - 00007168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KBDAZE.DLL
2015-11-28 23:22 - 2015-10-22 17:21 - 01200128 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Globalization.dll
2015-11-28 23:22 - 2015-10-22 17:21 - 00323072 _____ (Microsoft Corporation) C:\WINDOWS\system32\GlobCollationHost.dll
2015-11-28 23:22 - 2015-10-22 16:58 - 00868864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Globalization.dll
2015-11-28 23:22 - 2015-10-22 16:58 - 00200704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GlobCollationHost.dll
2015-11-28 23:22 - 2015-10-22 15:08 - 00513456 _____ C:\WINDOWS\SysWOW64\locale.nls
2015-11-28 23:22 - 2015-10-22 15:08 - 00513456 _____ C:\WINDOWS\system32\locale.nls
2015-11-28 23:22 - 2015-01-06 04:01 - 00072192 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ndproxy.sys
2015-11-28 23:22 - 2015-01-06 03:59 - 00080896 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wanarp.sys
2015-11-28 23:22 - 2015-01-06 02:12 - 00185856 _____ (Microsoft Corporation) C:\WINDOWS\system32\rascfg.dll
2015-11-28 23:22 - 2015-01-06 02:02 - 00164864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rascfg.dll
2015-11-28 23:21 - 2015-10-11 07:34 - 00468824 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBHUB3.SYS
2015-11-28 23:21 - 2015-10-11 07:34 - 00462168 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbhub.sys
2015-11-28 23:21 - 2015-10-11 07:34 - 00443224 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbport.sys
2015-11-28 23:21 - 2015-10-11 07:34 - 00092504 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbehci.sys
2015-11-28 23:21 - 2015-10-11 07:34 - 00027992 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbd.sys
2015-11-28 23:21 - 2015-10-10 19:41 - 00037376 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbuhci.sys
2015-11-28 23:21 - 2015-10-10 19:41 - 00030208 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbohci.sys
2015-11-28 23:21 - 2015-10-10 19:40 - 00078848 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\winusb.sys
2015-11-28 23:21 - 2015-10-10 18:20 - 00186880 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpapisrv.dll
2015-11-28 23:21 - 2015-10-08 17:11 - 00060928 _____ (Microsoft Corporation) C:\WINDOWS\system32\PCPKsp.dll
2015-11-28 23:21 - 2015-10-08 16:50 - 00053248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PCPKsp.dll
2015-11-28 23:21 - 2015-10-05 19:28 - 00146432 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininit.exe
2015-11-28 23:21 - 2015-10-05 19:25 - 00572928 _____ (Microsoft Corporation) C:\WINDOWS\system32\winlogon.exe
2015-11-28 23:21 - 2015-10-03 20:41 - 01385280 _____ (Microsoft Corporation) C:\WINDOWS\system32\msctf.dll
2015-11-28 23:21 - 2015-10-03 20:41 - 01124384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msctf.dll
2015-11-28 23:21 - 2015-09-28 19:31 - 02775552 _____ (Microsoft Corporation) C:\WINDOWS\system32\authui.dll
2015-11-28 23:21 - 2015-09-28 19:24 - 02462720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\authui.dll
2015-11-28 23:21 - 2015-05-01 02:13 - 06521800 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppsvc.exe
2015-11-28 23:21 - 2015-05-01 02:13 - 01488000 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppobjs.dll
2015-11-28 23:21 - 2015-05-01 02:13 - 00261376 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppwinob.dll
2015-11-28 22:23 - 2015-11-28 22:23 - 14108096 _____ (Citrix Systems, Inc.) C:\Users\Ulla & Christian\Downloads\CitrixOnlinePluginWeb(3).exe
2015-11-25 23:20 - 2015-11-25 23:23 - 88173384 _____ (Buhl Data Service GmbH) C:\Users\Ulla & Christian\Downloads\WISOFinanz2016.exe
2015-11-23 07:26 - 2015-11-29 21:25 - 00000000 ____D C:\Users\Ulla & Christian\AppData\Roaming\DataDesign
2015-11-22 17:53 - 2015-11-22 17:54 - 14108096 _____ (Citrix Systems, Inc.) C:\Users\Ulla & Christian\Downloads\CitrixOnlinePluginWeb(2).exe
2015-11-18 20:20 - 2015-11-18 20:20 - 00000000 ____D C:\Users\Jan\AppData\Roaming\HpUpdate
2015-11-15 17:06 - 2015-11-15 17:06 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus
2015-11-15 17:06 - 2015-11-15 17:06 - 00000000 ____D C:\Program Files\McAfee Security Scan
2015-11-10 19:37 - 2015-10-31 00:46 - 25818624 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2015-11-10 19:37 - 2015-10-31 00:25 - 02886656 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2015-11-10 19:37 - 2015-10-31 00:24 - 00585728 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2015-11-10 19:37 - 2015-10-31 00:11 - 05990912 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2015-11-10 19:37 - 2015-10-31 00:11 - 00817664 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2015-11-10 19:37 - 2015-10-30 23:52 - 20331520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2015-11-10 19:37 - 2015-10-30 23:47 - 00504832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2015-11-10 19:37 - 2015-10-30 23:42 - 02279936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2015-11-10 19:37 - 2015-10-30 23:39 - 01032704 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll
2015-11-10 19:37 - 2015-10-30 23:36 - 00663552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2015-11-10 19:37 - 2015-10-30 23:32 - 00720896 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2015-11-10 19:37 - 2015-10-30 23:31 - 00801280 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2015-11-10 19:37 - 2015-10-30 23:22 - 14457856 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2015-11-10 19:37 - 2015-10-30 23:17 - 02487808 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2015-11-10 19:37 - 2015-10-30 23:16 - 04527616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2015-11-10 19:37 - 2015-10-30 23:14 - 00880128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll
2015-11-10 19:37 - 2015-10-30 23:10 - 00689152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2015-11-10 19:37 - 2015-10-30 23:09 - 12854272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2015-11-10 19:37 - 2015-10-30 23:04 - 01547264 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2015-11-10 19:37 - 2015-10-30 22:53 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2015-11-10 19:37 - 2015-10-30 22:51 - 02011136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2015-11-10 19:37 - 2015-10-30 22:48 - 01311744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2015-11-10 19:37 - 2015-10-30 22:46 - 00710144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2015-11-10 19:35 - 2015-10-20 22:54 - 00136904 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
2015-11-10 19:35 - 2015-10-20 15:53 - 03705856 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2015-11-10 19:35 - 2015-10-20 15:36 - 02243072 _____ (Microsoft Corporation) C:\WINDOWS\system32\wucltux.dll
2015-11-10 19:35 - 2015-10-20 15:35 - 00891904 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2015-11-10 19:35 - 2015-10-20 15:34 - 00409088 _____ (Microsoft Corporation) C:\WINDOWS\system32\WUSettingsProvider.dll
2015-11-10 19:35 - 2015-10-20 15:34 - 00140288 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuwebv.dll
2015-11-10 19:35 - 2015-10-20 15:34 - 00035840 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapp.exe
2015-11-10 19:35 - 2015-10-20 15:33 - 00095744 _____ (Microsoft Corporation) C:\WINDOWS\system32\wudriver.dll
2015-11-10 19:35 - 2015-10-20 15:14 - 00721920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
2015-11-10 19:35 - 2015-10-20 15:13 - 00124928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuwebv.dll
2015-11-10 19:35 - 2015-10-20 15:13 - 00081920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wudriver.dll
2015-11-10 19:35 - 2015-10-20 15:13 - 00029696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapp.exe
2015-11-10 19:35 - 2015-10-15 17:08 - 00990208 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
2015-11-10 19:35 - 2015-10-15 16:46 - 00803328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll
2015-11-10 19:35 - 2015-10-15 00:02 - 07455064 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2015-11-10 19:35 - 2015-10-15 00:02 - 01659560 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2015-11-10 19:35 - 2015-10-15 00:02 - 01519592 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2015-11-10 19:35 - 2015-10-15 00:02 - 01487008 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2015-11-10 19:35 - 2015-10-15 00:02 - 01355848 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
2015-11-10 19:35 - 2015-10-13 18:10 - 00559616 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\afd.sys
2015-11-10 19:35 - 2015-10-13 18:10 - 00108032 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tdx.sys
2015-11-10 19:35 - 2015-10-13 16:59 - 00397224 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcryptprimitives.dll
2015-11-10 19:35 - 2015-10-13 16:59 - 00340872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\bcryptprimitives.dll
2015-11-10 19:35 - 2015-10-13 16:59 - 00137960 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncrypt.dll
2015-11-10 19:35 - 2015-10-13 16:59 - 00120376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ncrypt.dll
2015-11-10 19:35 - 2015-10-13 16:59 - 00106952 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncryptsslp.dll
2015-11-10 19:35 - 2015-10-13 16:59 - 00091416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ncryptsslp.dll
2015-11-10 19:35 - 2015-10-11 07:36 - 00561952 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2015-11-10 19:35 - 2015-10-11 07:36 - 00177496 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecpkg.sys
2015-11-10 19:35 - 2015-10-10 19:40 - 00202240 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb20.sys
2015-11-10 19:35 - 2015-10-10 19:39 - 00401408 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb.sys
2015-11-10 19:35 - 2015-10-10 19:07 - 00445440 _____ (Microsoft Corporation) C:\WINDOWS\system32\certcli.dll
2015-11-10 19:35 - 2015-10-10 18:33 - 01441280 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2015-11-10 19:35 - 2015-10-10 18:27 - 00432640 _____ (Microsoft Corporation) C:\WINDOWS\system32\schannel.dll
2015-11-10 19:35 - 2015-10-10 18:11 - 00324096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\certcli.dll
2015-11-10 19:35 - 2015-10-10 17:45 - 00359424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\schannel.dll
2015-11-10 19:35 - 2015-09-29 13:24 - 00155480 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tpm.sys
2015-11-10 19:35 - 2015-09-12 14:47 - 00414559 _____ C:\WINDOWS\system32\ApnDatabase.xml
2015-11-10 19:35 - 2015-09-07 17:22 - 00477184 _____ (Microsoft Corporation) C:\WINDOWS\system32\puiobj.dll
2015-11-10 19:35 - 2015-09-07 16:54 - 00367104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\puiobj.dll
2015-11-10 19:35 - 2015-09-07 16:30 - 01091584 _____ (Microsoft Corporation) C:\WINDOWS\system32\localspl.dll
2015-11-10 19:35 - 2015-09-04 20:24 - 00154112 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tunnel.sys
2015-11-10 19:35 - 2015-08-28 23:20 - 00183368 _____ (Microsoft Corporation) C:\WINDOWS\system32\AuthHost.exe
2015-11-10 19:35 - 2015-08-20 21:45 - 01380048 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32.dll
2015-11-10 19:35 - 2015-08-20 18:48 - 01096704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32.dll
2015-11-10 19:30 - 2015-10-17 15:19 - 04176384 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2015-11-10 19:30 - 2015-10-08 17:08 - 01083904 _____ (Microsoft Corporation) C:\WINDOWS\system32\IKEEXT.DLL
2015-11-10 19:30 - 2015-08-10 19:15 - 00845312 _____ (Microsoft Corporation) C:\WINDOWS\system32\BFE.DLL
2015-11-10 19:30 - 2015-08-10 19:06 - 00422400 _____ (Microsoft Corporation) C:\WINDOWS\system32\FWPUCLNT.DLL
2015-11-10 19:30 - 2015-08-10 18:49 - 00713216 _____ (Microsoft Corporation) C:\WINDOWS\system32\nshwfp.dll
2015-11-10 19:30 - 2015-08-10 17:56 - 00272384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\FWPUCLNT.DLL
2015-11-10 19:30 - 2015-08-10 17:46 - 00561664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\nshwfp.dll
2015-11-07 18:17 - 2015-11-07 18:17 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\World of Warships
2015-11-07 18:14 - 2015-11-07 18:14 - 07369576 _____ (Wargaming.net ) C:\Users\Ulla & Christian\Downloads\WoWS_internet_install_eu.exe
2015-11-07 15:58 - 2015-11-07 22:39 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2015-11-06 12:48 - 2015-11-06 12:49 - 14108096 _____ (Citrix Systems, Inc.) C:\Users\Ulla & Christian\Downloads\CitrixOnlinePluginWeb(1).exe
==================== Ein Monat: Geänderte Dateien und Ordner ========
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)
2015-12-06 20:40 - 2013-08-22 14:36 - 00000000 ____D C:\Windows
2015-12-06 19:59 - 2013-09-12 20:04 - 00000884 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2015-12-05 15:05 - 2013-08-22 14:36 - 00000000 ____D C:\WINDOWS\Inf
2015-12-04 21:21 - 2013-06-21 22:06 - 00000000 ____D C:\Program Files (x86)\Sicherheit-Ordnung
2015-12-04 20:57 - 2013-06-16 20:58 - 00003596 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3876800203-89553269-3656360523-1001
2015-12-04 20:45 - 2014-09-24 07:17 - 01989598 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2015-12-04 20:45 - 2014-09-24 06:43 - 00844836 _____ C:\WINDOWS\system32\perfh007.dat
2015-12-04 20:45 - 2014-09-24 06:43 - 00192568 _____ C:\WINDOWS\system32\perfc007.dat
2015-12-04 20:38 - 2014-11-27 07:21 - 00000000 ____D C:\ProgramData\NVIDIA
2015-12-04 20:38 - 2013-08-22 15:45 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2015-12-04 20:36 - 2014-11-17 00:01 - 00000000 ____D C:\Users\Ulla & Christian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WorldofTanks
2015-12-04 20:25 - 2013-08-22 16:36 - 00000000 ____D C:\WINDOWS\Camera
2015-12-02 17:25 - 2014-11-27 07:27 - 00000000 ____D C:\Users\Ulla & Christian
2015-12-02 17:19 - 2013-06-17 21:54 - 00000000 ____D C:\Users\Ulla & Christian\AppData\Roaming\MediaMonkey
2015-12-02 13:49 - 2015-03-08 14:44 - 00000000 ____D C:\WINDOWS\Minidump
2015-12-01 21:12 - 2014-11-27 07:27 - 00000000 ____D C:\Users\Jan
2015-12-01 20:42 - 2014-11-17 00:04 - 00000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2
2015-12-01 15:44 - 2015-05-07 21:02 - 00002274 _____ C:\Users\Public\Desktop\Avira Antivirus.lnk
2015-12-01 15:43 - 2013-06-23 17:57 - 00146696 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avipbb.sys
2015-12-01 15:43 - 2013-06-23 17:57 - 00135880 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avgntflt.sys
2015-12-01 15:43 - 2013-06-23 17:57 - 00073032 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avnetflt.sys
2015-12-01 15:43 - 2013-06-23 17:57 - 00035488 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avkmgr.sys
2015-11-30 23:45 - 2013-08-22 16:36 - 00000000 ____D C:\WINDOWS\ADFS
2015-11-30 23:45 - 2013-08-22 15:44 - 00505968 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2015-11-30 23:44 - 2013-08-22 14:25 - 00262144 ___SH C:\WINDOWS\system32\config\BBI
2015-11-30 13:55 - 2014-11-27 07:18 - 00000000 ___DC C:\WINDOWS\Panther
2015-11-29 21:46 - 2013-08-22 16:36 - 00000000 ____D C:\WINDOWS\tracing
2015-11-29 21:46 - 2013-08-22 16:36 - 00000000 ____D C:\WINDOWS\SysWOW64\FxsTmp
2015-11-29 21:45 - 2014-08-31 18:37 - 00000000 ___RD C:\Users\Ulla & Christian\SkyDrive
2015-11-29 21:45 - 2013-06-16 20:51 - 00000000 ____D C:\Users\Ulla & Christian\AppData\Local\VirtualStore
2015-11-29 21:34 - 2015-09-03 14:21 - 00000000 ____D C:\Users\Ulla & Christian\Neuer Ordner (2)
2015-11-29 21:34 - 2015-04-04 14:47 - 00000000 ____D C:\Users\Ulla & Christian\Neuer Ordner
2015-11-29 21:34 - 2013-10-05 10:52 - 00000000 ___RD C:\Users\Ulla & Christian\Dropbox
2015-11-29 21:34 - 2013-06-25 13:22 - 00000000 ____D C:\Users\Ulla & Christian\Mozilla Thunderbird
2015-11-29 21:33 - 2015-11-01 22:19 - 00392270 _____ C:\Users\Ulla & Christian\Downloads\10984200_908781199162434_4585968420000991718_o.jpg.vvv
2015-11-29 21:33 - 2015-10-28 22:39 - 00113870 _____ C:\Users\Ulla & Christian\Downloads\ZIAUFEIN_gquatybzpgcfmcaexqtkhxyk6abcs.pdf.vvv
2015-11-29 21:33 - 2015-10-28 22:31 - 00020558 _____ C:\Users\Ulla & Christian\Downloads\_14576829_KuendigungsbestaetigungneuerLieferant_20151027_408d6e5b9a03c91b25785313609ad7d0.pdf.vvv
2015-11-29 21:33 - 2015-10-28 22:24 - 00021150 _____ C:\Users\Ulla & Christian\Downloads\_122679474_KuendigungsbestaetigungneuerLieferant_20151027_16f7742108956c86b068dca1a61d62c6.pdf.vvv
2015-11-29 21:33 - 2015-10-28 22:20 - 00566430 _____ C:\Users\Ulla & Christian\Downloads\005056881A0F1EE59F995BDDE2AF0EF0.pdf.vvv
2015-11-29 21:33 - 2015-10-25 12:55 - 01781646 _____ C:\Users\Ulla & Christian\Downloads\Ahnenblatt-Handbuch.pdf.vvv
2015-11-29 21:33 - 2015-09-28 21:21 - 00451534 _____ C:\Users\Ulla & Christian\Downloads\320.pdf.vvv
2015-11-29 21:33 - 2015-09-20 20:07 - 00313454 _____ C:\Users\Ulla & Christian\Downloads\_14576829_Preisinformation_20150908_005df263fe16be59a1e07e1fd8a76672.pdf.vvv
2015-11-29 21:33 - 2015-09-13 12:54 - 00122526 _____ C:\Users\Ulla & Christian\Downloads\2390_499_1.PDF.vvv
2015-11-29 21:33 - 2015-09-13 12:32 - 00114462 _____ C:\Users\Ulla & Christian\Downloads\2390_493_1.PDF.vvv
2015-11-29 21:33 - 2015-08-15 23:11 - 00000000 ____D C:\Users\Ulla & Christian\Downloads\Lacey
2015-11-29 21:33 - 2015-08-15 22:19 - 09891454 _____ C:\Users\Ulla & Christian\Downloads\freemusicdownloader_1-59.zip.vvv
2015-11-29 21:33 - 2015-05-17 20:41 - 00030910 _____ C:\Users\Ulla & Christian\Downloads\RS9823838721(1).pdf.vvv
2015-11-29 21:33 - 2015-05-17 20:38 - 00030910 _____ C:\Users\Ulla & Christian\Downloads\RS9823838721.pdf.vvv
2015-11-29 21:33 - 2015-04-11 15:42 - 00178222 _____ C:\Users\Ulla & Christian\Downloads\rlmpdf.pdf.vvv
2015-11-29 21:33 - 2015-03-06 20:40 - 00984990 _____ C:\Users\Ulla & Christian\Downloads\Bedarfsfeldbroschuere_Vermoegen_anlegen_VR.pdf.vvv
2015-11-29 21:33 - 2015-01-09 23:24 - 01414318 _____ C:\Users\Ulla & Christian\Downloads\Syno_QIG_2bay2_deu.pdf.vvv
2015-11-29 21:33 - 2014-12-26 20:27 - 30247390 _____ C:\Users\Ulla & Christian\Downloads\TL-WN851ND_V1_110114.zip.vvv
2015-11-29 21:33 - 2014-12-26 20:27 - 11537854 _____ C:\Users\Ulla & Christian\Downloads\TL-WN851ND_V1_Utility99.zip.vvv
2015-11-29 21:33 - 2014-12-26 20:26 - 21632238 _____ C:\Users\Ulla & Christian\Downloads\TL-WN851ND_v1_110825.zip.vvv
2015-11-29 21:33 - 2014-12-21 14:12 - 00027790 _____ C:\Users\Ulla & Christian\Downloads\RX_141221_Bestellbestaetigung_VID616_1412.pdf.vvv
2015-11-29 21:33 - 2014-11-23 21:39 - 00039278 _____ C:\Users\Ulla & Christian\Downloads\_14576829_Lieferbestaetigung_20141121_df4db33247be1b6428d8ec0eb7955911.pdf.vvv
2015-11-29 21:33 - 2014-10-25 22:41 - 00000000 ____D C:\Users\Ulla & Christian\Downloads\Gameforge Live
2015-11-29 21:33 - 2014-08-03 12:06 - 00225342 _____ C:\Users\Ulla & Christian\Downloads\testresultate_farbspruehgeraete.pdf.vvv
2015-11-29 21:33 - 2014-07-28 19:47 - 00916606 _____ C:\Users\Ulla & Christian\Downloads\flexibrass.pdf.vvv
2015-11-29 21:33 - 2014-05-27 19:08 - 00342942 _____ C:\Users\Ulla & Christian\Downloads\IMM1294E.PDF.vvv
2015-11-29 21:33 - 2014-05-27 18:54 - 01053998 _____ C:\Users\Ulla & Christian\Downloads\custodian-parent(1).pdf.vvv
2015-11-29 21:33 - 2014-05-10 14:46 - 00239358 _____ C:\Users\Ulla & Christian\Downloads\document.pdf.vvv
2015-11-29 21:33 - 2014-05-04 12:08 - 01053998 _____ C:\Users\Ulla & Christian\Downloads\custodian-parent.pdf.vvv
2015-11-29 21:33 - 2014-02-13 22:20 - 00078174 _____ C:\Users\Ulla & Christian\Downloads\identificationAstIdent.PDF.vvv
2015-11-29 21:33 - 2013-12-21 20:55 - 00001150 _____ C:\Users\Ulla & Christian\Downloads\umsatz-5232________0800-20131221.csv.vvv
2015-11-29 21:33 - 2013-12-01 19:02 - 00000000 ____D C:\Users\Ulla & Christian\Documents\SelfMV
2015-11-29 21:33 - 2013-10-05 20:18 - 00000000 ____D C:\Users\Ulla & Christian\Documents\Turbo Lister
2015-11-29 21:33 - 2013-07-25 15:22 - 00000000 ___RD C:\Users\Ulla & Christian\Documents\Scanned Documents
2015-11-29 21:33 - 2013-07-12 21:07 - 00509358 _____ C:\Users\Ulla & Christian\Downloads\15875_1373659579.pdf.vvv
2015-11-29 21:33 - 2013-07-12 21:05 - 00103934 _____ C:\Users\Ulla & Christian\Downloads\versicherungsbedingungen_indiv_praktikum.pdf.vvv
2015-11-29 21:33 - 2013-07-03 22:32 - 00000000 ____D C:\Users\Ulla & Christian\Documents\Volition
2015-11-29 21:33 - 2013-06-30 13:26 - 00000000 ____D C:\Users\Ulla & Christian\Documents\Turbo Lister Backup
2015-11-29 21:33 - 2013-06-23 12:08 - 00000000 ____D C:\Users\Ulla & Christian\Documents\WISO Mein Geld
2015-11-29 21:33 - 2013-06-17 21:43 - 00000000 ____D C:\Users\Ulla & Christian\Documents\samsung
2015-11-29 21:26 - 2014-08-17 16:22 - 00000000 ____D C:\Users\Ulla & Christian\AppData\Roaming\Skype
2015-11-29 21:26 - 2013-09-25 20:16 - 00000000 ____D C:\Users\Ulla & Christian\Documents\My Games
2015-11-29 21:26 - 2013-07-25 15:22 - 00000000 ____D C:\Users\Ulla & Christian\Documents\Fax
2015-11-29 21:26 - 2013-07-25 12:37 - 00000000 ____D C:\Users\Ulla & Christian\Documents\Amazon MP3
2015-11-29 21:26 - 2013-07-05 20:19 - 00000000 ____D C:\Users\Ulla & Christian\AppData\Roaming\vlc
2015-11-29 21:26 - 2013-07-05 20:11 - 00000000 ____D C:\Users\Ulla & Christian\AppData\Roaming\WebApp
2015-11-29 21:26 - 2013-07-05 20:06 - 00000000 ____D C:\Users\Ulla & Christian\Documents\CyberLink
2015-11-29 21:26 - 2013-07-02 22:05 - 00000000 ____D C:\Users\Ulla & Christian\Documents\default
2015-11-29 21:26 - 2013-06-23 21:54 - 00000000 ____D C:\Users\Ulla & Christian\AppData\Roaming\Thunderbird
2015-11-29 21:26 - 2013-06-22 08:01 - 00000000 ____D C:\Users\Ulla & Christian\AppData\Roaming\Wargaming.net
2015-11-29 21:26 - 2013-06-21 22:14 - 00000000 ____D C:\Users\Ulla & Christian\Bilder
2015-11-29 21:26 - 2013-06-18 01:05 - 00000000 ____D C:\Users\Ulla & Christian\AppData\Roaming\WinBatch
2015-11-29 21:26 - 2013-06-17 13:03 - 00000000 ____D C:\Users\Ulla & Christian\Documents\Ahnenblatt
2015-11-29 21:26 - 2013-06-16 20:50 - 00000000 ___HD C:\Users\Ulla & Christian\Documents\hp.system.package.metadata
2015-11-29 21:26 - 2013-06-16 20:50 - 00000000 ___HD C:\Users\Ulla & Christian\Documents\hp.applications.package.appdata
2015-11-29 21:25 - 2015-11-03 13:41 - 00000000 ____D C:\Users\Ulla & Christian\AppData\Roaming\MyPhoneExplorer
2015-11-29 21:25 - 2015-10-25 13:02 - 00000000 ____D C:\Users\Ulla & Christian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Ahnenblatt
2015-11-29 21:25 - 2015-05-17 15:43 - 00000000 ____D C:\Users\Ulla & Christian\AppData\LocalLow\Hewlett-Packard
2015-11-29 21:25 - 2015-05-17 15:42 - 00000000 ____D C:\Users\Ulla & Christian\AppData\Roaming\HpUpdate
2015-11-29 21:25 - 2014-12-25 23:08 - 00000000 ____D C:\Users\Ulla & Christian\AppData\Roaming\java
2015-11-29 21:25 - 2014-12-25 23:08 - 00000000 ____D C:\Users\Ulla & Christian\AppData\Roaming\.minecraft
2015-11-29 21:25 - 2014-12-24 22:48 - 00000000 __SHD C:\Users\Ulla & Christian\AppData\LocalLow\EmieSiteList
2015-11-29 21:25 - 2014-12-13 11:06 - 00000000 ____D C:\Users\Ulla & Christian\AppData\Roaming\hpqLog
2015-11-29 21:25 - 2014-11-17 00:03 - 00000000 ____D C:\Users\Ulla & Christian\AppData\Roaming\Opera Software
2015-11-29 21:25 - 2014-09-24 19:55 - 00000000 ____D C:\Users\Ulla & Christian\AppData\LocalLow\Temp
2015-11-29 21:25 - 2014-08-17 16:22 - 00000000 ____D C:\Users\Ulla & Christian\AppData\Local\Skype
2015-11-29 21:25 - 2014-02-02 11:21 - 00000000 ____D C:\Users\Ulla & Christian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google+ Auto Backup
2015-11-29 21:25 - 2013-12-22 18:24 - 00000000 ____D C:\Users\Ulla & Christian\AppData\LocalLow\Sun
2015-11-29 21:25 - 2013-10-05 20:51 - 00000000 ____D C:\Users\Ulla & Christian\AppData\Roaming\ArcSoft
2015-11-29 21:25 - 2013-10-05 10:49 - 00000000 ____D C:\Users\Ulla & Christian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2015-11-29 21:25 - 2013-10-05 10:48 - 00000000 ____D C:\Users\Ulla & Christian\AppData\Roaming\Dropbox
2015-11-29 21:25 - 2013-09-25 20:16 - 00000000 ____D C:\Users\Ulla & Christian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WarThunder
2015-11-29 21:25 - 2013-09-25 20:16 - 00000000 ____D C:\Users\Ulla & Christian\AppData\Local\WarThunder
2015-11-29 21:25 - 2013-09-01 20:00 - 00000000 ____D C:\Users\Ulla & Christian\AppData\Roaming\Leadertech
2015-11-29 21:25 - 2013-08-27 20:03 - 00000000 ____D C:\Users\Ulla & Christian\AppData\Roaming\ICAClient
2015-11-29 21:25 - 2013-08-26 19:55 - 00000000 ____D C:\Users\Ulla & Christian\AppData\Local\Sophos
2015-11-29 21:25 - 2013-08-26 19:50 - 00000000 ____D C:\Users\Ulla & Christian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Sophos
2015-11-29 21:25 - 2013-08-09 18:00 - 00000000 ____D C:\Users\Ulla & Christian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\GameShadow
2015-11-29 21:25 - 2013-08-07 20:57 - 00000000 __RHD C:\Users\Ulla & Christian\AppData\Roaming\SecuROM
2015-11-29 21:25 - 2013-07-25 12:37 - 00000000 ____D C:\Users\Ulla & Christian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Amazon
2015-11-29 21:25 - 2013-07-25 12:37 - 00000000 ____D C:\Users\Ulla & Christian\AppData\Roaming\Amazon
2015-11-29 21:25 - 2013-07-25 12:37 - 00000000 ____D C:\Users\Ulla & Christian\AppData\Local\Program Files
2015-11-29 21:25 - 2013-07-10 21:30 - 00000000 ____D C:\Users\Ulla & Christian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\LaserSoft Imaging
2015-11-29 21:25 - 2013-07-10 21:27 - 00000000 ____D C:\Users\Ulla & Christian\AppData\Roaming\Lasersoft Imaging
2015-11-29 21:25 - 2013-07-05 20:39 - 00000000 ____D C:\Users\Ulla & Christian\AppData\Roaming\Media Player Classic
2015-11-29 21:25 - 2013-07-05 20:36 - 00000462 _____ C:\Users\Ulla & Christian\AppData\Roaming\AVSDVDPlayer.m3u.vvv
2015-11-29 21:25 - 2013-07-05 20:34 - 00000000 ____D C:\Users\Ulla & Christian\AppData\Roaming\dvdcss
2015-11-29 21:25 - 2013-07-05 20:13 - 00000000 ____D C:\Users\Ulla & Christian\AppData\Local\Windows Live
2015-11-29 21:25 - 2013-07-05 20:06 - 00000000 ____D C:\Users\Ulla & Christian\AppData\Roaming\CyberLink
2015-11-29 21:25 - 2013-07-05 19:55 - 00000000 ____D C:\Users\Ulla & Christian\AppData\Roaming\Mozilla
2015-11-29 21:25 - 2013-07-03 22:40 - 00000000 ____D C:\Users\Ulla & Christian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Wing Commander Saga
2015-11-29 21:25 - 2013-07-03 22:24 - 00000000 ____D C:\Users\Ulla & Christian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Spiele
2015-11-29 21:25 - 2013-07-02 22:15 - 00000000 ____D C:\Users\Ulla & Christian\AppData\Roaming\AVS4YOU
2015-11-29 21:25 - 2013-07-02 22:01 - 00000000 ____D C:\Users\Ulla & Christian\AppData\Roaming\Ashampoo
2015-11-29 21:25 - 2013-07-02 06:37 - 00000000 ____D C:\Users\Ulla & Christian\AppData\Roaming\Canon
2015-11-29 21:25 - 2013-07-01 22:08 - 00000000 ____D C:\Users\Ulla & Christian\AppData\LocalLow\Adobe
2015-11-29 21:25 - 2013-06-23 21:54 - 00000000 ____D C:\Users\Ulla & Christian\AppData\Local\Thunderbird
2015-11-29 21:25 - 2013-06-23 20:27 - 00000000 ____D C:\Users\Ulla & Christian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AVS4YOU
2015-11-29 21:25 - 2013-06-23 18:02 - 00000000 ____D C:\Users\Ulla & Christian\AppData\Roaming\Avira
2015-11-29 21:25 - 2013-06-23 17:55 - 00000000 ____D C:\Users\Ulla & Christian\AppData\Roaming\Canneverbe Limited
2015-11-29 21:25 - 2013-06-23 12:08 - 00000000 ____D C:\Users\Ulla & Christian\AppData\Roaming\Buhl Data Service GmbH
2015-11-29 21:25 - 2013-06-23 12:08 - 00000000 ____D C:\Users\Ulla & Christian\AppData\Roaming\Buhl Data Service
2015-11-29 21:25 - 2013-06-19 21:22 - 00000000 ____D C:\Users\Ulla & Christian\AppData\Roaming\NVIDIA
2015-11-29 21:25 - 2013-06-18 13:18 - 00000000 ____D C:\Users\Ulla & Christian\AppData\Roaming\Microsoft Web Folders
2015-11-29 21:25 - 2013-06-17 21:46 - 00000000 ____D C:\Users\Ulla & Christian\AppData\Roaming\Opera
2015-11-29 21:25 - 2013-06-17 21:43 - 00000000 ____D C:\Users\Ulla & Christian\AppData\Roaming\Samsung
2015-11-29 21:25 - 2013-06-17 21:43 - 00000000 ____D C:\Users\Ulla & Christian\AppData\Local\Samsung
2015-11-29 21:25 - 2013-06-17 13:02 - 00000000 ____D C:\Users\Ulla & Christian\AppData\Roaming\Ahnenblatt
2015-11-29 21:25 - 2013-06-16 21:38 - 00000000 ____D C:\Users\Ulla & Christian\AppData\Roaming\Macromedia
2015-11-29 21:25 - 2013-06-16 20:53 - 00000000 ____D C:\Users\Ulla & Christian\AppData\Roaming\Adobe
2015-11-29 21:25 - 2013-06-16 20:51 - 00000000 ____D C:\Users\Ulla & Christian\AppData\Roaming\Hewlett-Packard
2015-11-29 21:25 - 2013-06-16 20:51 - 00000000 ____D C:\Users\Ulla & Christian\AppData\Local\Power2Go8
2015-11-29 21:25 - 2013-06-16 20:51 - 00000000 ____D C:\Users\Ulla & Christian\AppData\Local\Packages
2015-11-29 21:24 - 2014-11-17 00:03 - 00000000 ____D C:\Users\Ulla & Christian\AppData\Local\Opera Software
2015-11-29 21:24 - 2013-06-21 20:57 - 00000000 ____D C:\Users\Ulla & Christian\AppData\Local\Microsoft Help
2015-11-29 21:24 - 2013-06-17 22:31 - 00000000 ____D C:\Users\Ulla & Christian\AppData\Local\Mozilla
2015-11-29 21:23 - 2015-11-03 13:42 - 00000000 ____D C:\Users\Ulla & Christian\.android
2015-11-29 21:23 - 2015-06-09 21:46 - 00000000 ____D C:\Users\Ulla & Christian\AppData\Local\GWX
2015-11-29 21:23 - 2015-05-17 15:43 - 00000000 ____D C:\ProgramData\Visan
2015-11-29 21:23 - 2015-01-10 22:40 - 00000000 ____D C:\ProgramData\Synology
2015-11-29 21:23 - 2014-11-27 07:20 - 00000000 ____D C:\ProgramData\NVIDIA Corporation
2015-11-29 21:23 - 2014-11-17 00:04 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
2015-11-29 21:23 - 2014-08-31 18:37 - 00000000 ____D C:\ProgramData\Microsoft OneDrive
2015-11-29 21:23 - 2014-08-17 16:22 - 00000000 ____D C:\ProgramData\Skype
2015-11-29 21:23 - 2013-12-22 18:26 - 00000000 ____D C:\ProgramData\Sun
2015-11-29 21:23 - 2013-12-22 18:26 - 00000000 ____D C:\ProgramData\Oracle
2015-11-29 21:23 - 2013-11-14 20:02 - 00000000 ____D C:\Users\Public\Documents\CrashDump
2015-11-29 21:23 - 2013-11-10 17:07 - 00000000 ____D C:\ProgramData\tmp
2015-11-29 21:23 - 2013-10-03 19:03 - 00000000 ____D C:\Users\Ulla & Christian\2013_10_03
2015-11-29 21:23 - 2013-09-25 20:16 - 00000000 ____D C:\ProgramData\WarThunder
2015-11-29 21:23 - 2013-09-25 20:13 - 00000000 ____D C:\Users\Ulla & Christian\AppData\Local\Gameforge4d
2015-11-29 21:23 - 2013-09-01 20:05 - 00000000 ____D C:\Users\Ulla & Christian\AppData\Local\Logitech® Webcam-Software
2015-11-29 21:23 - 2013-08-27 20:03 - 00000000 ____D C:\Users\Ulla & Christian\AppData\Local\Citrix
2015-11-29 21:23 - 2013-08-22 16:36 - 00000000 __RHD C:\Users\Public\Libraries
2015-11-29 21:23 - 2013-07-12 20:34 - 00000000 ____D C:\Users\Ulla & Christian\AppData\Local\Apps\2.0
2015-11-29 21:23 - 2013-07-05 20:06 - 00000000 ____D C:\Users\Public\CyberLink
2015-11-29 21:23 - 2013-07-04 20:16 - 00000000 ____D C:\Users\Ulla & Christian\AppData\Local\Logitech
2015-11-29 21:23 - 2013-07-03 22:25 - 00000000 ____D C:\Users\Ulla & Christian\AppData\Local\DFH
2015-11-29 21:23 - 2013-07-03 22:25 - 00000000 ____D C:\Users\Public\Documents\Softwrap
2015-11-29 21:23 - 2013-07-02 22:00 - 00000000 ____D C:\Users\Ulla & Christian\AppData\Local\ashampoo
2015-11-29 21:23 - 2013-07-02 06:30 - 00000000 ____D C:\Users\Ulla & Christian\AppData\Local\HP
2015-11-29 21:23 - 2013-06-30 15:28 - 00000000 ____D C:\Users\Ulla & Christian\AppData\Local\HP Quick Start
2015-11-29 21:23 - 2013-06-23 18:11 - 00000000 ____D C:\Users\Ulla & Christian\AppData\Local\ArcSoft
2015-11-29 21:23 - 2013-06-23 12:08 - 00000000 ____D C:\Users\Ulla & Christian\AppData\Local\Buhl Data Service
2015-11-29 21:23 - 2013-06-23 11:54 - 00000000 ____D C:\Users\Ulla & Christian\AppData\Local\Macromedia
2015-11-29 21:23 - 2013-06-17 22:27 - 00000000 ____D C:\ProgramData\Mozilla
2015-11-29 21:23 - 2013-06-17 21:59 - 00000000 ____D C:\Users\Ulla & Christian\AppData\Local\Google
2015-11-29 21:23 - 2013-06-17 21:54 - 00000000 ____D C:\Users\Ulla & Christian\AppData\Local\MediaMonkey
2015-11-29 21:23 - 2013-06-17 21:43 - 00000000 ____D C:\Users\Public\Documents\NativeFus_Log
2015-11-29 21:23 - 2013-06-17 21:33 - 00000000 ____D C:\ProgramData\Samsung
2015-11-29 21:23 - 2013-06-17 21:31 - 00000000 ____D C:\Users\Ulla & Christian\AppData\Local\Downloaded Installations
2015-11-29 21:23 - 2013-06-17 21:30 - 00000000 ____D C:\Users\Ulla & Christian\AppData\Local\Adobe
2015-11-29 21:23 - 2013-06-16 21:18 - 00000000 ____D C:\Users\Ulla & Christian\AppData\Local\Hewlett-Packard
2015-11-29 21:23 - 2013-06-16 20:44 - 00000000 __RHD C:\Users\Public\AccountPictures
2015-11-29 21:23 - 2013-01-12 06:38 - 00000000 ____D C:\Users\Public\Symantec
2015-11-29 21:23 - 2013-01-12 06:38 - 00000000 ____D C:\ProgramData\Norton
2015-11-29 21:23 - 2013-01-12 06:37 - 00000000 ____D C:\ProgramData\NortonInstaller
2015-11-29 21:23 - 2013-01-12 06:36 - 00000000 ____D C:\ProgramData\Microsoft SkyDrive
2015-11-29 21:23 - 2013-01-12 06:23 - 00000000 ____D C:\ProgramData\Temp
2015-11-29 21:23 - 2013-01-12 06:14 - 00000000 ____D C:\ProgramData\SoundResearch
2015-11-29 21:23 - 2012-08-10 16:06 - 00000000 ____D C:\ProgramData\PRICache
2015-11-29 21:23 - 2010-01-25 22:35 - 00000000 ___DC C:\ProgramData\Mozilla Thunderbird
2015-11-29 21:22 - 2015-05-17 15:43 - 00000000 ____D C:\ProgramData\HP Photo Creations
2015-11-29 21:22 - 2015-05-17 15:41 - 00000000 ____D C:\ProgramData\HP
2015-11-29 21:22 - 2014-12-20 16:57 - 00000000 ____D C:\ProgramData\McAfee Security Scan
2015-11-29 21:22 - 2013-11-26 07:45 - 00000000 ____D C:\ProgramData\McAfee
2015-11-29 21:22 - 2013-11-10 17:07 - 00000000 ____D C:\ProgramData\hps
2015-11-29 21:22 - 2013-09-01 21:25 - 00000000 ____D C:\ProgramData\FLEXnet
2015-11-29 21:22 - 2013-09-01 20:00 - 00000000 ____D C:\ProgramData\LogiShrd
2015-11-29 21:22 - 2013-07-03 22:32 - 00000000 ____D C:\ProgramData\InstallMate
2015-11-29 21:22 - 2013-06-23 18:07 - 00000000 ____D C:\ProgramData\eBay
2015-11-29 21:22 - 2013-06-21 22:16 - 00000000 ____D C:\ProgramData\MediaMonkey
2015-11-29 21:22 - 2013-01-12 06:25 - 00000000 ____D C:\ProgramData\install_clap
2015-11-29 21:22 - 2013-01-12 06:19 - 00000000 ____D C:\ProgramData\Hewlett-Packard
2015-11-29 21:21 - 2015-01-10 19:07 - 00000000 ___HD C:\ProgramData\CanonIJEGV
2015-11-29 21:21 - 2014-11-27 08:00 - 00000000 ____D C:\ProgramData\AmUStor
2015-11-29 21:21 - 2013-08-27 20:03 - 00000000 ____D C:\ProgramData\Citrix
2015-11-29 21:21 - 2013-07-02 22:20 - 00000000 ____D C:\ProgramData\AomeiBR
2015-11-29 21:21 - 2013-07-02 22:00 - 00000000 ____D C:\ProgramData\Ashampoo
2015-11-29 21:21 - 2013-07-02 06:37 - 00000000 ___HD C:\ProgramData\CanonIJScan
2015-11-29 21:21 - 2013-07-01 20:47 - 00000000 ____D C:\ProgramData\Adobe
2015-11-29 21:21 - 2013-06-23 20:30 - 00000000 ____D C:\ProgramData\AVS4YOU
2015-11-29 21:21 - 2013-06-23 18:11 - 00000000 ____D C:\ProgramData\ArcSoft
2015-11-29 21:21 - 2013-06-23 17:57 - 00000000 ____D C:\ProgramData\Avira
2015-11-29 21:21 - 2013-06-23 17:55 - 00000000 ____D C:\ProgramData\Canneverbe Limited
2015-11-29 21:21 - 2013-06-23 11:35 - 00000000 ____D C:\ProgramData\Buhl Data Service GmbH
2015-11-29 21:21 - 2013-01-12 06:26 - 00000000 ____D C:\ProgramData\CyberLink
2015-11-29 21:21 - 2013-01-12 06:26 - 00000000 ____D C:\ProgramData\Apple
2015-11-29 21:18 - 2012-10-12 04:21 - 00000000 _RSHD C:\SYSTEM.SAV
2015-11-29 21:17 - 2013-07-01 23:00 - 00000000 ____D C:\Program Files (x86)l
2015-11-29 21:17 - 2013-06-18 21:29 - 00000000 ____D C:\sources
2015-11-29 21:17 - 2012-10-12 04:24 - 00000000 ____D C:\SWSETUP
2015-11-29 21:16 - 2014-07-03 20:43 - 00000000 ____D C:\My Music
2015-11-29 21:16 - 2013-01-07 12:12 - 00000000 _RSHD C:\hp
2015-11-28 23:24 - 2012-07-26 08:59 - 00000000 ____D C:\WINDOWS\CbsTemp
2015-11-23 06:45 - 2013-08-22 16:36 - 00000000 ____D C:\WINDOWS\AppReadiness
2015-11-18 20:56 - 2015-10-06 19:48 - 00001048 _____ C:\Users\Jan\Desktop\nativelog.txt
2015-11-18 20:56 - 2015-10-03 14:43 - 00000000 ____D C:\Users\Jan\AppData\Roaming\.minecraft
2015-11-18 20:30 - 2015-10-01 13:15 - 00003594 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3876800203-89553269-3656360523-1003
2015-11-18 20:25 - 2013-08-22 16:36 - 00000000 ___HD C:\Program Files\WindowsApps
2015-11-16 23:50 - 2013-08-22 16:36 - 00000000 ____D C:\WINDOWS\Registration
2015-11-15 17:06 - 2014-12-20 16:57 - 00001959 _____ C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk
2015-11-13 22:18 - 2013-08-22 16:36 - 00000000 ____D C:\WINDOWS\rescache
2015-11-12 23:13 - 2013-08-22 16:36 - 00000000 ___RD C:\WINDOWS\ToastData
2015-11-12 21:39 - 2013-06-21 20:57 - 00000000 ____D C:\ProgramData\Microsoft Help
2015-11-12 21:34 - 2013-08-27 20:47 - 00000000 ____D C:\WINDOWS\system32\MRT
2015-11-12 21:29 - 2013-06-17 22:17 - 145617392 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2015-11-10 21:59 - 2014-11-29 17:24 - 00003772 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2015-11-08 10:34 - 2015-04-23 12:23 - 00000000 ___RD C:\Users\Ulla & Christian\Desktop\Spiele
2015-11-07 22:39 - 2013-06-17 22:31 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2015-11-07 18:16 - 2013-06-21 23:19 - 00000000 ____D C:\Program Files (x86)\Spiele
==================== Dateien im Wurzelverzeichnis einiger Verzeichnisse =======
2013-06-23 18:04 - 2006-07-18 08:49 - 0587249 _____ (MAGIX AG) C:\Program Files (x86)\addoninstall.exe
2013-06-23 18:04 - 2002-02-13 07:00 - 0022016 _____ (Borland Software Corporation) C:\Program Files (x86)\borlndmm.dll
2013-06-23 18:04 - 2003-03-17 05:04 - 1500160 _____ (Borland Corporation) C:\Program Files (x86)\cc3260mt.dll
2013-06-23 18:04 - 2006-06-28 08:32 - 0004694 _____ () C:\Program Files (x86)\e-mode-upgradedialog.rtf
2013-06-23 18:04 - 2006-06-28 08:32 - 0004716 _____ () C:\Program Files (x86)\e-mode-upgradedlg-exit.rtf
2013-06-23 18:04 - 2013-06-23 18:04 - 0002885 _____ () C:\Program Files (x86)\e-mode.ini
2013-06-23 18:04 - 2006-06-28 09:55 - 0315392 _____ (MAGIX AG) C:\Program Files (x86)\eModeUpgradeDlg.dll
2013-06-23 18:04 - 2003-02-12 10:20 - 0028672 _____ () C:\Program Files (x86)\explore.exe
2013-06-23 18:04 - 2006-07-26 15:46 - 2442752 _____ (MAGIX) C:\Program Files (x86)\FotoClinic.exe
2013-06-23 18:04 - 2013-06-23 18:04 - 0000707 _____ () C:\Program Files (x86)\FotoClinic.ini
2013-06-23 18:04 - 2013-06-23 18:04 - 0001138 _____ () C:\Program Files (x86)\Install.cfg
2013-06-23 18:04 - 2013-06-23 18:04 - 0040289 _____ () C:\Program Files (x86)\INSTALL.LOG
2013-06-23 18:04 - 2013-06-23 18:04 - 0006564 _____ () C:\Program Files (x86)\INSTALL1.LOG
2013-06-23 18:04 - 2006-07-17 09:58 - 0184320 _____ (MAGIX AG) C:\Program Files (x86)\instslct.exe
2013-06-23 18:04 - 2006-07-26 15:29 - 0100352 _____ () C:\Program Files (x86)\libpng.dll
2013-06-23 18:04 - 2005-06-16 08:43 - 0008980 _____ () C:\Program Files (x86)\license.txt
2013-06-23 18:04 - 2005-08-08 14:51 - 0786305 _____ () C:\Program Files (x86)\MAGIX Creation Logo.pdf
2013-06-23 18:04 - 2004-04-15 14:48 - 0032768 _____ () C:\Program Files (x86)\MagixUpdater.exe
2013-06-23 18:04 - 2006-04-25 09:27 - 0014810 _____ () C:\Program Files (x86)\order.rtf
2013-06-23 18:04 - 2005-03-04 17:51 - 0005509 _____ () C:\Program Files (x86)\pa.cnt
2013-06-23 18:04 - 2005-03-04 17:51 - 0361656 _____ () C:\Program Files (x86)\pa.hlp
2013-06-23 18:04 - 2006-07-26 15:46 - 0055296 _____ () C:\Program Files (x86)\palng.dll
2013-06-23 18:04 - 2006-07-26 15:45 - 0240128 _____ () C:\Program Files (x86)\pcomponents.bpl
2013-06-23 18:04 - 2006-07-26 15:29 - 0018432 _____ () C:\Program Files (x86)\ps8bf.dll
2013-06-23 18:04 - 2013-06-23 18:04 - 0002757 _____ () C:\Program Files (x86)\register.rtf
2013-06-23 18:04 - 1999-12-10 12:00 - 0431376 _____ (Microsoft Corporation) C:\Program Files (x86)\riched20.dll
2013-06-23 18:04 - 2003-03-17 05:04 - 0685056 _____ (Borland Software Corporation) C:\Program Files (x86)\rtl60.bpl
2013-06-23 18:04 - 2003-03-17 05:04 - 0618496 _____ () C:\Program Files (x86)\stlpmt45.dll
2013-06-23 18:04 - 2005-11-02 14:34 - 0016460 _____ () C:\Program Files (x86)\support.rtf
2013-06-23 18:04 - 2006-07-17 12:30 - 0129024 _____ () C:\Program Files (x86)\uninstall.exe
2013-06-23 18:04 - 2002-02-18 10:06 - 0006034 _____ () C:\Program Files (x86)\uninstall.ini
2013-06-23 18:04 - 2006-07-17 10:09 - 0081920 _____ (MAGIX AG) C:\Program Files (x86)\unwise.adf
2013-06-23 18:04 - 2006-07-17 10:10 - 0176128 _____ (MAGIX AG) C:\Program Files (x86)\unwise.exe
2013-06-23 18:04 - 2013-06-23 18:04 - 0000723 _____ () C:\Program Files (x86)\unwise.ini
2013-06-23 18:04 - 2006-07-26 13:50 - 0139264 _____ () C:\Program Files (x86)\UpgradeInfo.exe
2013-06-23 18:04 - 2006-02-14 14:03 - 0024576 _____ (Magix AG) C:\Program Files (x86)\Validation.exe
2013-06-23 18:04 - 2013-06-23 18:04 - 0000140 _____ () C:\Program Files (x86)\Validation.ini
2013-06-23 18:04 - 2002-02-13 07:00 - 1326080 _____ (Borland Software Corporation) C:\Program Files (x86)\vcl60.bpl
2013-06-23 18:04 - 2006-07-26 15:29 - 0046080 _____ () C:\Program Files (x86)\zlib.dll
2015-11-30 13:54 - 2015-11-30 13:56 - 0000050 _____ () C:\Users\Ulla & Christian\AppData\Roaming\AVSDVDPlayer.m3u
2013-07-05 20:36 - 2015-11-29 21:25 - 0000462 _____ () C:\Users\Ulla & Christian\AppData\Roaming\AVSDVDPlayer.m3u.vvv
2015-11-29 21:23 - 2015-11-29 21:26 - 0006921 _____ () C:\Users\Ulla & Christian\AppData\Roaming\how_recover+yer.html
2015-11-29 21:23 - 2015-11-29 21:26 - 0002401 _____ () C:\Users\Ulla & Christian\AppData\Roaming\how_recover+yer.txt
2013-12-25 21:18 - 2015-10-20 22:01 - 0028256 _____ () C:\Users\Ulla & Christian\AppData\Roaming\Kommagetrennte Werte (Windows).ADR
2013-12-25 21:14 - 2013-12-25 21:16 - 0028295 _____ () C:\Users\Ulla & Christian\AppData\Roaming\Tabulatorgetrennte Werte (Windows).ADR
2013-10-20 11:29 - 2015-07-02 13:29 - 0005632 _____ () C:\Users\Ulla & Christian\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2015-11-29 21:23 - 2015-11-29 21:34 - 0006921 _____ () C:\Users\Ulla & Christian\AppData\Local\how_recover+yer.html
2015-11-29 21:23 - 2015-11-29 21:34 - 0002401 _____ () C:\Users\Ulla & Christian\AppData\Local\how_recover+yer.txt
2013-12-10 20:40 - 2015-09-13 22:27 - 0007605 _____ () C:\Users\Ulla & Christian\AppData\Local\resmon.resmoncfg
2015-05-17 15:41 - 2015-05-17 15:41 - 0000057 _____ () C:\ProgramData\Ament.ini
2015-11-29 21:21 - 2015-11-29 21:23 - 0006921 _____ () C:\ProgramData\how_recover+yer.html
2015-11-29 21:21 - 2015-11-29 21:23 - 0002401 _____ () C:\ProgramData\how_recover+yer.txt
2013-06-16 20:51 - 2013-06-16 20:51 - 0000141 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.351.64.bc
2013-07-10 21:31 - 2013-07-10 21:42 - 0020531 ____H () C:\ProgramData\R49LW
Einige Dateien in TEMP:
====================
C:\Users\Jan\AppData\Local\Temp\avgnt.exe
C:\Users\Ulla & Christian\AppData\Local\Temp\avgnt.exe
C:\Users\Ulla & Christian\AppData\Local\Temp\sqlite3.dll
==================== Bamital & volsnap =================
(Es ist kein automatischer Fix für Dateien vorhanden, die an der Verifikation gescheitert sind.)
C:\WINDOWS\system32\winlogon.exe => Datei ist digital signiert
C:\WINDOWS\system32\wininit.exe => Datei ist digital signiert
C:\WINDOWS\explorer.exe => Datei ist digital signiert
C:\WINDOWS\SysWOW64\explorer.exe => Datei ist digital signiert
C:\WINDOWS\system32\svchost.exe => Datei ist digital signiert
C:\WINDOWS\SysWOW64\svchost.exe => Datei ist digital signiert
C:\WINDOWS\system32\services.exe => Datei ist digital signiert
C:\WINDOWS\system32\User32.dll => Datei ist digital signiert
C:\WINDOWS\SysWOW64\User32.dll => Datei ist digital signiert
C:\WINDOWS\system32\userinit.exe => Datei ist digital signiert
C:\WINDOWS\SysWOW64\userinit.exe => Datei ist digital signiert
C:\WINDOWS\system32\rpcss.dll => Datei ist digital signiert
C:\WINDOWS\system32\dnsapi.dll => Datei ist digital signiert
C:\WINDOWS\SysWOW64\dnsapi.dll => Datei ist digital signiert
C:\WINDOWS\system32\Drivers\volsnap.sys => Datei ist digital signiert
LastRegBack: 2015-12-04 20:57
==================== Ende von FRST.txt ===========================
|
|
07.12.2015, 21:36
| #12 |
| /// the machine /// TB-Ausbilder | Virus hängt an alle Dateien .vvv du meinst die verschlüsselten? Cleanup: (Die Reihenfolge ist hier entscheidend) Falls Defogger verwendet wurde: Erneut starten und auf Re-enable klicken. Falls Combofix verwendet wurde:  Combofix deinstallieren .
Alle Logs gepostet? Dann lade Dir bitte  DelFix herunter.
Hinweis: DelFix entfernt u.a. alle verwendeten Programme, die Quarantäne unserer Scanner, den Java-Cache und löscht sich abschließend selbst. Starte Deinen Rechner abschließend neu. Sollten jetzt noch Programme aus unserer Bereinigung übrig sein, kannst Du diese bedenkenlos löschen. Wenn Du möchtest, kannst Du hier sagen, ob Du mit mir und meiner Hilfe zufrieden warst...  und/oder das Forum mit einer kleinen Spende  unterstützen.   Absicherung:Beim Betriebsystem Windows die automatischen Updates aktivieren. Auch die sicherheitsrelevante Software sollte immer nur in der aktuellsten Version vorliegen: Browser Java Flash-Player PDF-Reader Sicherheitslücken in deren alten Versionen werden dazu ausgenutzt, um beim einfachen Besuch einer manipulierten Website per "Drive-by" Malware zu installieren. Ich empfehle z.B. die Verwendung von Mozilla Firefox statt des Internet Explorers. Zudem lassen sich mit dem Firefox auch PDF-Dokumente öffnen. Aktiviere eine Firewall. Die in Windows integrierte genügt im Normalfall völlig. Verwende ein Antivirusprogramm mit Echtzeitscanner und stets aktueller Signaturendatenbank. Meine Empfehlung:  Emsisoft Zusätzlich kannst Du Deinen PC regelmäßig mit Malwarebytes Anti-Malware und ESET scannen. Optional:  NoScript verhindert das Ausführen von aktiven Inhalten (Java, JavaScript, Flash,...) für sämtliche Websites. Man kann aber nach dem Prinzip einer Whitelist festlegen, auf welchen Seiten Scripts erlaubt werden sollen. Malwarebytes Anti Exploit: Schützt die Anwendungen des Computers vor der Ausnutzung bekannter Schwachstellen.Lade Software von einem sauberen Portal wie  .Wähle beim Installieren von Software immer die benutzerdefinierte Option und entferne den Haken bei allen optional angebotenen Toolbars oder sonstigen, fürs Programm, irrelevanten Ergänzungen. Um Adware wieder los zu werden, empfiehlt sich zunächst die Deinstallation sowie die anschließende Resteentfernung mit Adwarecleaner . Abschließend noch ein paar grundsätzliche Bemerkungen: Ändere regelmäßig Deine wichtigen Online-Passwörter und erstelle regelmäßig Backups Deiner wichtigen Dateien oder des Systems. Der Nutzen von Registry-Cleanern, Optimizern usw. zur Performancesteigerung ist umstritten. Ich empfehle deshalb, die Finger von der Registry zu lassen und lieber die windowseigene Datenträgerbereinigung zu verwenden.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
| Themen zu Virus hängt an alle Dateien .vvv |
| .vvv-anhang, adobe, antivir, avira, bonjour, defender, desktop, dnsapi.dll, explorer, festplatte, firefox, flash player, geld, home, hängt, mozilla, neustart, prozesse, registry, security, services.exe, svchost.exe, synology, system, usb, virus, windows, wiso |
+ R Taste und schreibe Combofix /Uninstall in das 
Linear-Darstellung
