| |
| |||||||
Log-Analyse und Auswertung: Virus JS:ScriptPE-inf (Trj) laut avast, nur noch Mail gehtWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
08.12.2015, 21:21
| #16 |
 |  FRST.txtCode:
ATTFilter Untersuchungsergebnis von Farbar Recovery Scan Tool (FRST) (x64) Version:05-12-2015
durchgeführt von Wartung (Administrator) auf WOHNZIMMER (08-12-2015 21:16:31)
Gestartet von D:\Installation\antivirus
Geladene Profile: Eltern & Wartung (Verfügbare Profile: Eltern & Sara & Wartung & test)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Sprache: Deutsch (Deutschland)
Internet Explorer Version 11 (Standard-Browser: FF)
Start-Modus: Normal
Anleitung für Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Prozesse (Nicht auf der Ausnahmeliste) =================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Prozess geschlossen. Die Datei wird nicht verschoben.)
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(REINER SCT) C:\Windows\SysWOW64\cjpcsc.exe
(CrypKey (Canada) Ltd.) C:\Windows\System32\Crypserv.exe
(SEIKO EPSON CORPORATION) C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_WT50RP.EXE
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(Telekom Deutschland GmbH) C:\Program Files (x86)\Telekom\Kinderschutz-Software\KSService64.exe
(Motorola Mobility LLC) C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe
(Microsoft Corporation) C:\Windows\System32\msiexec.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe
(pdfforge GmbH) C:\Program Files (x86)\PDF Architect 3\creator-ws.exe
(Motorola) C:\Program Files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(VIA Technologies, Inc.) C:\Windows\System32\ViakaraokeSrv.exe
(VMware, Inc.) C:\Windows\SysWOW64\vmnat.exe
(VMware, Inc.) C:\Windows\SysWOW64\vmnetdhcp.exe
(VMware, Inc.) C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
(Motorola Mobility LLC) C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperAgent.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(NVIDIA Corporation) C:\Users\Eltern\AppData\Local\NVIDIA\NvBackend\ApplicationOntology\NvOAWrapperCache.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Secomba GmbH) C:\Program Files (x86)\Boxcryptor Classic\BoxcryptorClassic.exe
(Dropbox, Inc.) C:\Users\Eltern\AppData\Local\Dropbox\Update\DropboxUpdate.exe
(Dropbox, Inc.) C:\Users\Eltern\AppData\Roaming\Dropbox\bin\Dropbox.exe
(VIA) C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIconLaunch.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXRCV.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(QFX Software Corporation) C:\Program Files (x86)\KeyScrambler\KeyScrambler.exe
(Geek Software GmbH) C:\Program Files (x86)\PDF24\pdf24.exe
(Telekom Deutschland GmbH) C:\Program Files (x86)\Telekom\Kinderschutz-Software\TO_KSSW.exe
(QFX Software Corporation) C:\Program Files (x86)\KeyScrambler\x64\KeyScrambler.exe
(Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
(Ghisler Software GmbH) C:\totalcmd\TOTALCMD64.EXE
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
==================== Registry (Nicht auf der Ausnahmeliste) ===========================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt. Die Datei wird nicht verschoben.)
HKLM\...\Run: [MSC] => C:\Program Files\Microsoft Security Client\msseces.exe [1337000 2015-04-30] (Microsoft Corporation)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2757424 2015-11-16] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => "C:\Windows\system32\rundll32.exe" C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [combofix] => C:\ComboFix\CF5217.3XE /c C:\ComboFix\Combobatch.bat
HKLM-x32\...\Run: [HDAudDeck] => C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe [5263504 2012-08-09] (VIA)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [284440 2012-02-01] (Intel Corporation)
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291648 2012-05-20] (Intel Corporation)
HKLM-x32\...\Run: [FUFAXRCV] => C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXRCV.exe [642664 2013-12-24] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [FUFAXSTM] => C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe [863848 2013-12-24] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [6133520 2015-11-06] (AVAST Software)
HKLM-x32\...\Run: [KeyScrambler] => C:\Program Files (x86)\KeyScrambler\keyscrambler.exe [509216 2015-10-12] (QFX Software Corporation)
HKLM-x32\...\Run: [PDFPrint] => C:\Program Files (x86)\PDF24\pdf24.exe [221728 2015-10-05] (Geek Software GmbH)
HKLM-x32\...\Run: [T-Online Kinderschutz-Software] => C:\Program Files (x86)\Telekom\Kinderschutz-Software\TO_KSSW.exe [6326984 2015-08-25] (Telekom Deutschland GmbH)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-3895678430-1897185528-4005713618-1000\...\Run: [hsscp.EXE] => C:\Users\Eltern\AppData\Roaming\Hotspot Shield\bin\hsscp.EXE -nonadmin
HKU\S-1-5-21-3895678430-1897185528-4005713618-1000\...\Run: [BoxcryptorClassic.exe] => C:\Program Files (x86)\Boxcryptor Classic\BoxcryptorClassic.exe [2249984 2014-07-31] (Secomba GmbH)
HKU\S-1-5-21-3895678430-1897185528-4005713618-1000\...\Run: [Dropbox Update] => C:\Users\Eltern\AppData\Local\Dropbox\Update\DropboxUpdate.exe [134512 2015-06-17] (Dropbox, Inc.)
HKU\S-1-5-21-3895678430-1897185528-4005713618-1000\...\Run: [Adobe Acrobat Synchronizer] => "C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe"
HKU\S-1-5-21-3895678430-1897185528-4005713618-1000\...\Policies\system: [LogonHoursAction] 2
HKU\S-1-5-21-3895678430-1897185528-4005713618-1000\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
HKU\S-1-5-21-3895678430-1897185528-4005713618-1000\...\MountPoints2: {22c2c85c-6677-11e5-87cf-005056c00008} - W:\SETUP.EXE
HKU\S-1-5-21-3895678430-1897185528-4005713618-1000\...\MountPoints2: {3e5bab9d-1566-11e4-99db-005056c00008} - T:\wubi.exe
HKU\S-1-5-21-3895678430-1897185528-4005713618-1000\...\MountPoints2: {513f4444-900e-11e4-bd1d-005056c00008} - "E:\WD SmartWare.exe" autoplay=true
HKU\S-1-5-21-3895678430-1897185528-4005713618-1000\...\MountPoints2: {70471d1a-2a01-11e4-bd3e-005056c00008} - E:\Startme.exe
HKU\S-1-5-21-3895678430-1897185528-4005713618-1000\...\MountPoints2: {9d04f0c7-942e-11e3-8427-806e6f6e6963} - D:\Run.exe
HKU\S-1-5-21-3895678430-1897185528-4005713618-1000\...\MountPoints2: {a8309106-e182-11e3-a476-005056c00008} - T:\setup.exe
HKU\S-1-5-21-3895678430-1897185528-4005713618-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\scrnsave.scr [11264 2009-07-14] (Microsoft Corporation)
HKU\S-1-5-21-3895678430-1897185528-4005713618-1006\...\Run: [EPLTarget\P0000000000000000] => C:\Windows\system32\spool\DRIVERS\x64\3\E_YATIH3E.EXE [241280 2012-07-12] (SEIKO EPSON CORPORATION)
HKU\S-1-5-21-3895678430-1897185528-4005713618-1006\...\Policies\system: [LogonHoursAction] 2
HKU\S-1-5-21-3895678430-1897185528-4005713618-1006\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
SSODL: EldosMountNotificator-cbfs4 - {B964A848-358C-48ED-8028-25D6EB143E1F} - C:\Windows\system32\cbfsMntNtf4.dll (EldoS Corporation)
SSODL-x32: EldosMountNotificator-cbfs4 - {B964A848-358C-48ED-8028-25D6EB143E1F} - C:\Windows\SysWOW64\cbfsMntNtf4.dll (EldoS Corporation)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2015-09-24] (AVAST Software)
ShellIconOverlayIdentifiers: [01Mediencenter_InSync] -> {77BC4082-DB5F-439A-8DC8-F9E24A63B0DE} => Keine Datei
ShellIconOverlayIdentifiers: [02Mediencenter_ToSync] -> {528EE335-5034-4EFC-834E-63E5F02D2BC2} => Keine Datei
ShellIconOverlayIdentifiers: [03Mediencenter_Failed] -> {6066ADF0-9EB0-43E5-ADB6-990F5A3B979C} => Keine Datei
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => Keine Datei
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => Keine Datei
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => Keine Datei
ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => Keine Datei
ShellIconOverlayIdentifiers: [EldosIconOverlay-cbfs4] -> {40E5AF57-121C-4262-ADC3-E2203E2AACE5} => C:\Windows\system32\cbfsMntNtf4.dll [2013-11-15] (EldoS Corporation)
ShellIconOverlayIdentifiers: [HardLinkMenu] -> {0A479751-02BC-11d3-A855-0004AC2568AA} => C:\Program Files\LinkShellExtension\HardlinkShellExt.dll [2013-12-29] (Hermann Schinagl)
ShellIconOverlayIdentifiers: [IconOverlayHardLink] -> {0A479751-02BC-11d3-A855-0004AC2568DD} => C:\Program Files\LinkShellExtension\HardlinkShellExt.dll [2013-12-29] (Hermann Schinagl)
ShellIconOverlayIdentifiers: [IconOverlaySymbolicLink] -> {0A479751-02BC-11d3-A855-0004AC2568EE} => C:\Program Files\LinkShellExtension\HardlinkShellExt.dll [2013-12-29] (Hermann Schinagl)
ShellIconOverlayIdentifiers-x32: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => Keine Datei
ShellIconOverlayIdentifiers-x32: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => Keine Datei
ShellIconOverlayIdentifiers-x32: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => Keine Datei
ShellIconOverlayIdentifiers-x32: [EldosIconOverlay-cbfs4] -> {40E5AF57-121C-4262-ADC3-E2203E2AACE5} => C:\Windows\SysWOW64\cbfsMntNtf4.dll [2013-11-15] (EldoS Corporation)
ShellIconOverlayIdentifiers-x32: [HardLinkMenu] -> {0A479751-02BC-11d3-A855-0004AC2568AA} => C:\Program Files\LinkShellExtension\32\HardlinkShellExt.dll [2013-12-29] (Hermann Schinagl)
ShellIconOverlayIdentifiers-x32: [IconOverlayHardLink] -> {0A479751-02BC-11d3-A855-0004AC2568DD} => C:\Program Files\LinkShellExtension\32\HardlinkShellExt.dll [2013-12-29] (Hermann Schinagl)
ShellIconOverlayIdentifiers-x32: [IconOverlaySymbolicLink] -> {0A479751-02BC-11d3-A855-0004AC2568EE} => C:\Program Files\LinkShellExtension\32\HardlinkShellExt.dll [2013-12-29] (Hermann Schinagl)
Startup: C:\Users\Eltern\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2015-11-12]
ShortcutTarget: Dropbox.lnk -> C:\Users\Wartung\AppData\Roaming\Dropbox\bin\Dropbox.exe (Keine Datei)
GroupPolicyUsers\S-1-5-21-3895678430-1897185528-4005713618-1011\User: Beschränkung <======= ACHTUNG
GroupPolicyUsers\S-1-5-21-3895678430-1897185528-4005713618-1003\User: Beschränkung <======= ACHTUNG
==================== Internet (Nicht auf der Ausnahmeliste) ====================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Eintrag entfernt oder auf den Standardwert zurückgesetzt, wenn es sich um einen Registryeintrag handelt.)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
Tcpip\..\Interfaces\{08F5E7D5-B473-4A6E-B947-B2A04C195D37}: [DhcpNameServer] 192.168.178.1
Tcpip\..\Interfaces\{0E9150F0-AA13-4168-ABCE-1F06CA097C29}: [DhcpNameServer] 192.168.178.1
Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Beschränkung <======= ACHTUNG
HKU\S-1-5-21-3895678430-1897185528-4005713618-1006\SOFTWARE\Policies\Microsoft\Internet Explorer: Beschränkung <======= ACHTUNG
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-3895678430-1897185528-4005713618-1000\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-3895678430-1897185528-4005713618-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
HKU\S-1-5-21-3895678430-1897185528-4005713618-1006\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-3895678430-1897185528-4005713618-1000 -> DefaultScope {CE8A2E0D-0003-42A8-B3D5-38558C7B46FB} URL = hxxps://startpage.com/do/search?query={searchTerms}&cat=web&pl=ie&language=deutsch
SearchScopes: HKU\S-1-5-21-3895678430-1897185528-4005713618-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-3895678430-1897185528-4005713618-1000 -> {CE8A2E0D-0003-42A8-B3D5-38558C7B46FB} URL = hxxps://startpage.com/do/search?query={searchTerms}&cat=web&pl=ie&language=deutsch
BHO-x32: Kein Name -> {06E08260-0695-4EC1-A74B-1310D8899D93} -> Keine Datei
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2012-09-23] (Adobe Systems Incorporated)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\ssv.dll [2015-04-20] (Oracle Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\jp2ssv.dll [2015-04-20] (Oracle Corporation)
DPF: HKLM {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
FireFox:
========
FF ProfilePath: C:\Users\Wartung\AppData\Roaming\Mozilla\Firefox\Profiles\9gkb4mqo.default
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_19_0_0_245.dll [2015-11-11] ()
FF Plugin: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\PDF XChange\PDF Viewer\npPDFXCviewNPPlugin.dll [2013-12-30] (Tracker Software Products (Canada) Ltd.)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin: @tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\PDF XChange\PDF Viewer\npPDFXCviewNPPlugin.dll [2013-12-30] (Tracker Software Products (Canada) Ltd.)
FF Plugin: @videolan.org/vlc,version=2.1.2 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-16] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.3 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-16] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.4 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-16] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-16] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.2.0 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-16] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.2.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-16] (VideoLAN)
FF Plugin: @wacom.com/wtPlugin,version=2.1.0.7 -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll [2014-03-25] (Wacom)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [Keine Datei]
FF Plugin: wacom.com/WacomTabletPlugin -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll [2014-03-25] (Wacom)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_19_0_0_245.dll [2015-11-11] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1214154.dll [2014-11-07] (Adobe Systems, Inc.)
FF Plugin-x32: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\PDF XChange\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll [2013-12-30] (Tracker Software Products (Canada) Ltd.)
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2013-10-07] (Google)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-06-06] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-06-06] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.45.2 -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\dtplugin\npDeployJava1.dll [2015-04-20] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.45.2 -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\plugin2\npjp2.dll [2015-04-20] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2015-11-14] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2015-11-14] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-02] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-02] (Google Inc.)
FF Plugin-x32: @tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\PDF XChange\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll [2013-12-30] (Tracker Software Products (Canada) Ltd.)
FF Plugin-x32: @wacom.com/wtPlugin,version=2.1.0.7 -> C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll [2014-03-25] (Wacom)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-05-08] (Adobe Systems Inc.)
FF Plugin-x32: wacom.com/WacomTabletPlugin -> C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll [2014-03-25] (Wacom)
FF Plugin HKU\S-1-5-21-3895678430-1897185528-4005713618-1000: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\PDF XChange\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll [2013-12-30] (Tracker Software Products (Canada) Ltd.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npPDFXCviewNPPlugin.dll [2013-12-30] (Tracker Software Products (Canada) Ltd.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll [2015-07-01] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll [2015-07-01] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll [2015-07-01] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll [2015-07-01] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll [2015-07-01] (Apple Inc.)
FF Extension: Password Hasher - C:\Users\Wartung\AppData\Roaming\Mozilla\Firefox\Profiles\9gkb4mqo.default\extensions\passhash@mozilla.wijjo.com [2014-12-16] [ist nicht signiert]
FF Extension: NoScript - C:\Users\Wartung\AppData\Roaming\Mozilla\Firefox\Profiles\9gkb4mqo.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2015-11-06]
FF Extension: Kein Name - C:\Users\Wartung\AppData\Roaming\Mozilla\Firefox\Profiles\9gkb4mqo.default\Extensions\firefox@ghostery.com.xpi [2014-12-04] [ist nicht signiert]
FF Extension: Adblock Edge - C:\Users\Wartung\AppData\Roaming\Mozilla\Firefox\Profiles\9gkb4mqo.default\Extensions\{fe272bd1-5f76-4ea4-8501-a05d35d823fc}.xpi [2014-12-04] [ist nicht signiert]
FF HKLM-x32\...\Firefox\Extensions: [pdf_architect_3_conv@pdfarchitect.org] - C:\Program Files (x86)\PDF Architect 3\resources\pdfarchitect3firefoxextension => nicht gefunden
Chrome:
=======
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
==================== Dienste (Nicht auf der Ausnahmeliste) ========================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
S3 AppleChargerSrv; C:\Windows\System32\AppleChargerSrv.exe [31272 2010-04-06] ()
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [146600 2015-09-24] (AVAST Software)
S4 Avira.OE.ServiceHost; C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [166192 2014-11-20] (Avira Operations GmbH & Co. KG)
R2 cjpcsc; C:\Windows\SysWOW64\cjpcsc.exe [518192 2014-01-27] (REINER SCT)
S2 CLKMSVC10_38F51D56; C:\Program Files (x86)\CyberLink\PowerDVD10\NavFilter\kmsvc.exe [243464 2013-09-25] (CyberLink)
R2 Crypkey License; C:\Windows\system32\crypserv.exe [122880 2007-05-23] (CrypKey (Canada) Ltd.) [Datei ist nicht signiert]
S3 FLEXnet Licensing Service; C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [651720 2014-02-13] (Macrovision Europe Ltd.) [Datei ist nicht signiert]
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1156400 2015-11-16] (NVIDIA Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [166720 2012-06-25] (Intel Corporation)
S4 jswpsapi; C:\Program Files (x86)\TP-LINK\TP-LINK-Konfigurationstool\WPS\jswpsapi.exe [954368 2012-10-25] (Wireless) [Datei ist nicht signiert]
R2 KSSWSVC; C:\Program Files (x86)\Telekom\Kinderschutz-Software\KSService64.exe [2597872 2015-08-25] (Telekom Deutschland GmbH)
R2 Motorola Device Manager; C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe [137528 2013-11-15] (Motorola Mobility LLC)
R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [23816 2015-04-30] (Microsoft Corporation)
S3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [366544 2015-04-30] (Microsoft Corporation)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1872688 2015-11-16] (NVIDIA Corporation)
R3 NvStreamNetworkSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe [8133424 2015-11-16] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [5915440 2015-11-16] (NVIDIA Corporation)
S3 Origin Client Service; D:\Programme\Origin\OriginClientService.exe [2104840 2015-12-01] (Electronic Arts)
S3 PDF Architect 3; C:\Program Files (x86)\PDF Architect 3\ws.exe [2243288 2015-03-20] (pdfforge GmbH)
S3 PDF Architect 3 CrashHandler; C:\Program Files (x86)\PDF Architect 3\crash-handler-ws.exe [901336 2015-03-20] (pdfforge GmbH)
R2 PDF Architect 3 Creator; C:\Program Files (x86)\PDF Architect 3\creator-ws.exe [740568 2015-03-20] (pdfforge GmbH)
R2 PST Service; C:\Program Files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe [65657 2011-09-02] (Motorola) [Datei ist nicht signiert]
S4 Secunia PSI Agent; C:\Program Files (x86)\Secunia\PSI\PSIA.exe [1229528 2013-12-06] (Secunia)
S4 Secunia Update Agent; C:\Program Files (x86)\Secunia\PSI\sua.exe [662232 2013-12-06] (Secunia)
S3 Sony PC Companion; C:\Program Files (x86)\Sony\Sony PC Companion\PCCService.exe [155824 2013-02-04] (Avanquest Software) [Datei ist nicht signiert]
S4 SXDS10; C:\Program Files (x86)\Common Files\soft Xpansion\sxds10.exe [234096 2014-08-04] (soft Xpansion)
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [6887696 2015-11-30] (TeamViewer GmbH)
R2 VIAKaraokeService; C:\Windows\system32\viakaraokesrv.exe [27792 2012-08-03] (VIA Technologies, Inc.)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
S4 WTabletServiceCon; C:\Program Files\Tablet\Pen\WTabletServiceCon.exe [656664 2014-08-19] (Wacom Technology, Corp.)
S4 AntiVirWebService; "C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe" [X]
S2 DeltaCopyService; "D:\DeltaCopy\DCServce.exe" [X]
S4 ShellfireVPN2Service; "C:\Program Files (x86)\ShellfireVPN\jre7\bin\java.exe" "-classpath" "C:\Program Files (x86)\ShellfireVPN\ShellfireVPN2.exe" "-Xrs" "-Dwrapper.service=true" "-Dwrapper.working.dir=C:\Program Files (x86)\ShellfireVPN" "-Djava.net.preferIPv4Stack=true" "-Dwrapper.config=C:\Program Files (x86)\ShellfireVPN\start.conf" "-Dwrapper.additional.1x=-Xrs" "-Dwrapper.stop.conf=C:\Program Files (x86)\ShellfireVPN\stop.conf" "-Djna_tmpdir=C:\Users\Wartung\AppData\Local\Temp" "org.rzo.yajsw.boot.WrapperServiceBooter"
===================== Treiber (Nicht auf der Ausnahmeliste) ==========================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
S3 akshasp; C:\Windows\System32\DRIVERS\akshasp.sys [60488 2013-08-09] (SafeNet Inc.)
S3 aksusb; C:\Windows\System32\DRIVERS\aksusb.sys [303624 2013-08-09] (SafeNet Inc.)
R1 AppleCharger; C:\Windows\System32\DRIVERS\AppleCharger.sys [22680 2012-10-25] ()
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [28656 2015-09-24] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [90968 2015-09-24] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93528 2015-09-24] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65224 2015-09-24] (AVAST Software)
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1059656 2015-11-06] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [449992 2015-11-06] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [153744 2015-09-24] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [274808 2015-09-24] (AVAST Software)
R1 cbfs4; C:\Windows\system32\drivers\cbfs4.sys [387776 2013-11-15] (EldoS Corporation)
S3 cjusb; C:\Windows\System32\DRIVERS\cjusb.sys [35192 2012-09-04] (REINER SCT)
S3 ebdrv; C:\Windows\system32\DRIVERS\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
S2 hardlock; C:\Windows\system32\drivers\hardlock.sys [331608 2014-04-28] (SafeNet Inc.)
S2 hardlock; C:\Windows\SysWOW64\drivers\hardlock.sys [457216 2014-03-14] (Aladdin Knowledge Systems) [Datei ist nicht signiert]
R3 KeyScrambler; C:\Windows\System32\drivers\keyscrambler.sys [224720 2015-08-18] (QFX Software Corporation)
R3 L1C; C:\Windows\System32\DRIVERS\L1C62x64.sys [110744 2012-07-19] (Qualcomm Atheros Co., Ltd.)
S3 libusb0; C:\Windows\SysWOW64\drivers\libusb0.sys [16896 2007-03-20] (hxxp://libusb-win32.sourceforge.net) [Datei ist nicht signiert]
R0 MBAMSwissArmy; C:\Windows\System32\drivers\MBAMSwissArmy.sys [192216 2015-12-08] (Malwarebytes)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [280376 2015-03-04] (Microsoft Corporation)
R1 NetworkX; C:\Windows\system32\ckldrv.sys [27904 2007-05-17] ()
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [124568 2015-03-04] (Microsoft Corporation)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19760 2015-11-16] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [50472 2015-11-16] (NVIDIA Corporation)
S3 PSI; C:\Windows\System32\DRIVERS\psi_mf_amd64.sys [18456 2013-12-06] (Secunia)
S3 pwdrvio; C:\Windows\system32\pwdrvio.sys [19152 2013-09-30] ()
S3 pwdspio; C:\Windows\system32\pwdspio.sys [12504 2013-09-30] ()
S3 RTL8187B; C:\Windows\System32\DRIVERS\RTL8187B.sys [416768 2009-06-10] (Realtek Semiconductor Corporation )
R3 RTL8192cu; C:\Windows\System32\DRIVERS\RTL8192cu.sys [926824 2012-10-25] (Realtek Semiconductor Corporation )
R2 T_KSSW_WFP_Callout; C:\Windows\System32\DRIVERS\TKSSWCO64.sys [93760 2015-08-14] (Telekom Deutschland GmbH)
R2 VMparport; C:\Windows\system32\drivers\VMparport.sys [31824 2013-10-18] (VMware, Inc.)
R3 vpnpbus; C:\Windows\System32\DRIVERS\vpnpbus.sys [18624 2013-11-15] (EldoS Corporation)
R0 vsock; C:\Windows\System32\drivers\vsock.sys [73296 2013-10-08] (VMware, Inc.)
S3 XUIF; C:\Windows\System32\Drivers\x10ufx2.sys [33048 2006-11-30] (X10 Wireless Technology, Inc.)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 gdrv; \??\C:\Windows\gdrv.sys [X]
S3 WIMMount; \??\D:\ctnotf\Projects\Tools\Win8PESE\X64\wimmount.sys [X]
==================== NetSvcs (Nicht auf der Ausnahmeliste) ===================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
==================== Ein Monat: Erstellte Dateien und Ordner ========
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)
2015-12-08 15:56 - 2015-12-08 16:25 - 00000000 ___SD C:\32788R22FWJFW
2015-12-08 15:37 - 2015-12-08 15:57 - 00000000 ___SD C:\ComboFix
2015-12-08 15:15 - 2011-06-26 07:45 - 00256000 _____ C:\Windows\PEV.exe
2015-12-08 15:15 - 2010-11-07 18:20 - 00208896 _____ C:\Windows\MBR.exe
2015-12-08 15:15 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2015-12-08 15:15 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2015-12-08 15:15 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2015-12-08 15:15 - 2000-08-31 01:00 - 00098816 _____ C:\Windows\sed.exe
2015-12-08 15:15 - 2000-08-31 01:00 - 00080412 _____ C:\Windows\grep.exe
2015-12-08 15:15 - 2000-08-31 01:00 - 00068096 _____ C:\Windows\zip.exe
2015-12-08 15:14 - 2015-12-08 15:53 - 00000000 ____D C:\Windows\erdnt
2015-12-08 15:14 - 2015-12-08 15:15 - 00000000 ____D C:\Qoobox
2015-12-08 14:56 - 2015-12-08 14:56 - 00005052 _____ C:\TDSSKiller.3.1.0.7_08.12.2015_14.56.11_log.txt
2015-12-08 12:44 - 2015-12-08 12:44 - 00331176 _____ C:\Windows\Minidump\120815-43243-01.dmp
2015-12-08 12:28 - 2015-12-08 12:42 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2015-12-08 11:40 - 2015-12-08 15:55 - 00000000 ____D C:\Users\Eltern\Desktop\log
2015-12-08 11:40 - 2015-12-08 11:47 - 00476154 _____ C:\TDSSKiller.3.1.0.7_08.12.2015_11.40.04_log.txt
2015-12-08 11:29 - 2015-12-08 11:30 - 00889113 _____ C:\Users\Wartung\Desktop\Gmer.txt
2015-12-08 11:19 - 2015-12-08 21:16 - 00000000 ____D C:\FRST
2015-12-08 09:34 - 2015-08-24 11:00 - 02050560 _____ (Telekom Deutschland GmbH) C:\Windows\SysWOW64\ks_kom.dll
2015-12-08 09:33 - 2015-08-14 14:30 - 00093760 _____ (Telekom Deutschland GmbH) C:\Windows\system32\Drivers\TKSSWCO64.sys
2015-12-07 18:58 - 2015-12-07 18:58 - 00000000 ____D C:\Users\Sara\AppData\Local\AutoIt v3
2015-12-07 16:11 - 2015-12-07 16:11 - 00000000 ____D C:\Users\Sara\AppData\Roaming\FileJuggler
2015-12-07 16:04 - 2015-12-07 16:04 - 00000836 _____ C:\Users\Sara\Desktop\Die Sims 2.lnk
2015-12-07 15:56 - 2015-12-07 15:56 - 00000000 ____D C:\Users\test\AppData\Local\AutoIt v3
2015-12-06 18:52 - 2015-12-06 18:52 - 00000000 ____D C:\Program Files\Script
2015-12-06 18:31 - 2015-12-08 12:42 - 00000000 ____D C:\Windows\script
2015-12-05 12:54 - 2015-12-07 16:08 - 00000000 ____D C:\Users\Wartung\AppData\Local\AutoIt v3
2015-12-05 11:56 - 2015-12-05 11:56 - 00001047 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 11.lnk
2015-12-05 11:31 - 2015-12-05 11:31 - 00202231 _____ C:\Users\Eltern\Desktop\Papier.pdf
2015-12-05 11:21 - 2015-12-05 11:21 - 00000000 ____D C:\Users\Wartung\AppData\Roaming\FileJuggler
2015-12-03 15:28 - 2015-12-04 13:08 - 00000000 ____D C:\Program Files (x86)\Mozilla Thunderbird
2015-12-03 14:19 - 2015-12-03 14:19 - 00091632 _____ C:\Users\Eltern\Desktop\DE011J48W0915AB-2.pdf
2015-12-03 14:12 - 2015-12-03 14:12 - 00000000 ____D C:\Windows\System32\Tasks\AVAST Software
2015-12-03 14:12 - 2015-12-03 14:12 - 00000000 ____D C:\Program Files\Common Files\AV
2015-12-02 22:11 - 2015-12-02 22:11 - 00000000 ____D C:\Users\test\AppData\Roaming\FileJuggler
2015-12-02 22:03 - 2015-12-02 22:03 - 00000000 ____D C:\Users\test\AppData\Roaming\Macromedia
2015-12-02 22:02 - 2015-12-08 09:50 - 00127680 __RSH C:\Users\test\ntuser.pol
2015-12-02 22:02 - 2015-12-08 09:50 - 00000000 ____D C:\Users\test
2015-12-02 22:02 - 2015-12-05 14:45 - 00166008 _____ C:\Users\test\AppData\Local\GDIPFONTCACHEV1.DAT
2015-12-02 22:02 - 2015-12-02 22:02 - 00001425 _____ C:\Users\test\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-12-02 22:02 - 2015-12-02 22:02 - 00000020 ___SH C:\Users\test\ntuser.ini
2015-12-02 22:02 - 2015-12-02 22:02 - 00000000 _SHDL C:\Users\test\Vorlagen
2015-12-02 22:02 - 2015-12-02 22:02 - 00000000 _SHDL C:\Users\test\Startmenü
2015-12-02 22:02 - 2015-12-02 22:02 - 00000000 _SHDL C:\Users\test\Netzwerkumgebung
2015-12-02 22:02 - 2015-12-02 22:02 - 00000000 _SHDL C:\Users\test\Lokale Einstellungen
2015-12-02 22:02 - 2015-12-02 22:02 - 00000000 _SHDL C:\Users\test\Eigene Dateien
2015-12-02 22:02 - 2015-12-02 22:02 - 00000000 _SHDL C:\Users\test\Druckumgebung
2015-12-02 22:02 - 2015-12-02 22:02 - 00000000 _SHDL C:\Users\test\Documents\Eigene Videos
2015-12-02 22:02 - 2015-12-02 22:02 - 00000000 _SHDL C:\Users\test\Documents\Eigene Musik
2015-12-02 22:02 - 2015-12-02 22:02 - 00000000 _SHDL C:\Users\test\Documents\Eigene Bilder
2015-12-02 22:02 - 2015-12-02 22:02 - 00000000 _SHDL C:\Users\test\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2015-12-02 22:02 - 2015-12-02 22:02 - 00000000 _SHDL C:\Users\test\AppData\Local\Verlauf
2015-12-02 22:02 - 2015-12-02 22:02 - 00000000 _SHDL C:\Users\test\AppData\Local\Anwendungsdaten
2015-12-02 22:02 - 2015-12-02 22:02 - 00000000 _SHDL C:\Users\test\Anwendungsdaten
2015-12-02 22:02 - 2015-12-02 22:02 - 00000000 ____D C:\Users\test\AppData\Roaming\QFX Software
2015-12-02 22:02 - 2015-12-02 22:02 - 00000000 ____D C:\Users\test\AppData\Roaming\Motorola Mobility
2015-12-02 22:02 - 2015-12-02 22:02 - 00000000 ____D C:\Users\test\AppData\Roaming\AVAST Software
2015-12-02 22:02 - 2015-12-02 22:02 - 00000000 ____D C:\Users\test\AppData\Roaming\Adobe
2015-12-02 22:02 - 2015-12-02 22:02 - 00000000 ____D C:\Users\test\AppData\Local\VirtualStore
2015-12-02 22:02 - 2015-12-02 22:02 - 00000000 ____D C:\Users\test\AppData\Local\NVIDIA Corporation
2015-12-02 22:02 - 2015-12-02 22:02 - 00000000 ____D C:\Users\test\AppData\Local\NVIDIA
2015-12-02 22:02 - 2014-02-16 00:22 - 00000000 ____D C:\Users\test\AppData\Local\Microsoft Help
2015-12-02 22:02 - 2009-07-14 19:18 - 00000000 ____D C:\Users\test\AppData\Roaming\Media Center Programs
2015-12-02 21:55 - 2015-12-02 22:18 - 00000000 ____D C:\Program Files (x86)\ParentsFriend8
2015-12-02 21:55 - 2014-03-19 18:58 - 01194144 _____ (WeOnlyDo! Software) C:\Windows\SysWOW64\wodSmtp.ocx
2015-12-02 21:55 - 2010-09-07 07:47 - 00192512 _____ (-) C:\Windows\SysWOW64\pfadmin.exe
2015-12-02 21:55 - 2010-07-09 08:47 - 00412555 _____ C:\Windows\SysWOW64\pf8.pdf
2015-12-02 21:55 - 2010-03-15 15:11 - 00000394 _____ C:\Windows\SysWOW64\pfadmin.exe.manifest
2015-12-02 21:55 - 2005-11-27 21:08 - 00372736 _____ C:\Windows\SysWOW64\CoolXPCheck.ocx
2015-12-02 21:55 - 2005-11-27 21:07 - 00491520 _____ C:\Windows\SysWOW64\CoolXPButton.ocx
2015-12-02 21:55 - 2005-11-27 21:07 - 00417792 _____ C:\Windows\SysWOW64\CoolXPCombo.ocx
2015-12-02 21:55 - 2005-11-27 21:07 - 00262144 _____ C:\Windows\SysWOW64\CoolXPFrame.ocx
2015-12-02 21:55 - 2005-11-27 21:06 - 00360448 _____ C:\Windows\SysWOW64\CoolXPLabel.ocx
2015-12-02 21:55 - 2005-02-05 12:41 - 00024576 _____ (Text & Redaktion) C:\Windows\SysWOW64\ScreenShotOCX.ocx
2015-12-02 21:55 - 2004-03-09 00:00 - 00260880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Msflxgrd.ocx
2015-12-02 21:55 - 2003-02-07 01:02 - 00424448 _____ ( Developer Express Inc.) C:\Windows\SysWOW64\dXTList.dll
2015-12-02 21:55 - 2002-04-05 10:32 - 00327680 _____ (DBI Technologies Inc.) C:\Windows\SysWOW64\ctSchedule.ocx
2015-12-02 21:55 - 2001-05-24 11:20 - 00544256 _____ C:\Windows\SysWOW64\janGraphics.dll
2015-12-02 21:55 - 2000-12-22 00:00 - 00699392 _____ (Stinga) C:\Windows\SysWOW64\BEEGD10.ocx
2015-12-02 21:55 - 2000-06-28 01:00 - 00124416 _____ () C:\Windows\SysWOW64\dXCtrls.dll
2015-12-02 00:00 - 2015-12-02 00:00 - 00000000 ____D C:\Users\Eltern\Documents\MeinSpore-Kreationen
2015-12-02 00:00 - 2015-12-02 00:00 - 00000000 ____D C:\Users\Eltern\AppData\Roaming\Spore
2015-12-01 22:42 - 2015-12-01 22:42 - 00006512 ____N C:\bootsqm.dat
2015-11-30 15:03 - 2015-12-06 18:35 - 00000000 ____D C:\Users\Eltern\AppData\Roaming\FileJuggler
2015-11-30 15:03 - 2015-11-30 15:03 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\File Juggler
2015-11-30 15:03 - 2015-11-30 15:03 - 00000000 ____D C:\Program Files (x86)\File Juggler
2015-11-30 07:57 - 2015-11-30 07:57 - 00000000 ____D C:\Users\Wartung\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Handbrake
2015-11-30 07:57 - 2015-11-30 07:57 - 00000000 ____D C:\Program Files\Handbrake
2015-11-29 10:31 - 2015-11-29 10:31 - 00001029 ____R C:\Users\Sara\Desktop\Emil und Pauline, Klasse 3.lnk
2015-11-29 10:28 - 2015-11-29 11:48 - 00000000 ____D C:\Users\Sara\Documents\USMPrefs
2015-11-26 19:24 - 2015-11-26 19:31 - 00000000 ____D C:\ProgramData\Electronic Arts
2015-11-26 17:50 - 2015-11-26 17:50 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DiskImager
2015-11-26 17:50 - 2015-11-26 17:50 - 00000000 ____D C:\Program Files (x86)\DiskImager
2015-11-26 17:49 - 2015-11-26 17:49 - 00374160 _____ (Roadkil.Net ) C:\Users\Eltern\Downloads\DiskImage_1_6_WinAll_Setup.exe
2015-11-26 08:59 - 2015-11-26 08:59 - 00000000 ____D C:\Users\Sara\Documents\Electronic Arts
2015-11-26 08:51 - 2015-11-26 08:51 - 00000016 _____ C:\Users\Sara\Desktop\s3.txt
2015-11-26 08:45 - 2015-11-26 08:58 - 00000000 ____D C:\Users\Sara\AppData\Roaming\Origin
2015-11-26 08:45 - 2015-11-26 08:58 - 00000000 ____D C:\Users\Sara\AppData\Local\Origin
2015-11-26 08:28 - 2015-11-26 08:28 - 00000000 ____D C:\Windows\System32\Tasks\Games
2015-11-26 08:25 - 2015-11-26 08:26 - 00000000 ____D C:\Users\Wartung\AppData\Local\NVIDIA
2015-11-26 08:25 - 2015-11-26 08:25 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
2015-11-26 08:25 - 2015-11-16 04:35 - 01828160 _____ (NVIDIA Corporation) C:\Windows\system32\nvspcap64.dll
2015-11-26 08:25 - 2015-11-16 04:35 - 01756424 _____ (NVIDIA Corporation) C:\Windows\system32\nvspbridge64.dll
2015-11-26 08:25 - 2015-11-16 04:35 - 01509824 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspcap.dll
2015-11-26 08:25 - 2015-11-16 04:35 - 01316000 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspbridge.dll
2015-11-26 08:25 - 2015-11-16 04:35 - 00112712 _____ C:\Windows\system32\NvRtmpStreamer64.dll
2015-11-26 08:24 - 2015-12-08 21:14 - 00000000 ____D C:\ProgramData\NVIDIA
2015-11-26 08:24 - 2015-11-14 07:06 - 06358832 _____ (NVIDIA Corporation) C:\Windows\system32\nvcpl.dll
2015-11-26 08:24 - 2015-11-14 07:06 - 02983032 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvc64.dll
2015-11-26 08:24 - 2015-11-14 07:06 - 02554488 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvcr.dll
2015-11-26 08:24 - 2015-11-14 07:06 - 00938800 _____ (NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
2015-11-26 08:24 - 2015-11-14 07:06 - 00385144 _____ (NVIDIA Corporation) C:\Windows\system32\nvmctray.dll
2015-11-26 08:24 - 2015-11-14 07:06 - 00062768 _____ (NVIDIA Corporation) C:\Windows\system32\nvshext.dll
2015-11-26 08:24 - 2015-11-14 06:53 - 00102520 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvStreaming.exe
2015-11-26 08:24 - 2015-10-28 09:17 - 06027430 _____ C:\Windows\system32\nvcoproc.bin
2015-11-26 08:23 - 2015-11-16 04:35 - 42913912 _____ C:\Windows\system32\nvcompiler.dll
2015-11-26 08:23 - 2015-11-16 04:35 - 37881976 _____ C:\Windows\SysWOW64\nvcompiler.dll
2015-11-26 08:23 - 2015-11-16 04:35 - 22310008 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv64.dll
2015-11-26 08:23 - 2015-11-16 04:35 - 18363000 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll
2015-11-26 08:23 - 2015-11-16 04:35 - 17515528 _____ (NVIDIA Corporation) C:\Windows\system32\nvwgf2umx.dll
2015-11-26 08:23 - 2015-11-16 04:35 - 16553568 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll
2015-11-26 08:23 - 2015-11-16 04:35 - 15717864 _____ (NVIDIA Corporation) C:\Windows\system32\nvd3dumx.dll
2015-11-26 08:23 - 2015-11-16 04:35 - 15122296 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvwgf2um.dll
2015-11-26 08:23 - 2015-11-16 04:35 - 14835872 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll
2015-11-26 08:23 - 2015-11-16 04:35 - 13527440 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll
2015-11-26 08:23 - 2015-11-16 04:35 - 12770944 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvd3dum.dll
2015-11-26 08:23 - 2015-11-16 04:35 - 12034248 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2015-11-26 08:23 - 2015-11-16 04:35 - 11130488 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys
2015-11-26 08:23 - 2015-11-16 04:35 - 03579696 _____ (NVIDIA Corporation) C:\Windows\system32\nvapi64.dll
2015-11-26 08:23 - 2015-11-16 04:35 - 03159248 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvapi.dll
2015-11-26 08:23 - 2015-11-16 04:35 - 02870576 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll
2015-11-26 08:23 - 2015-11-16 04:35 - 02490672 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2015-11-26 08:23 - 2015-11-16 04:35 - 01905272 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6435900.dll
2015-11-26 08:23 - 2015-11-16 04:35 - 01572496 _____ (NVIDIA Corporation) C:\Windows\system32\nvhdagenco6420103.dll
2015-11-26 08:23 - 2015-11-16 04:35 - 01564792 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6435900.dll
2015-11-26 08:23 - 2015-11-16 04:35 - 00877176 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll
2015-11-26 08:23 - 2015-11-16 04:35 - 00861816 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll
2015-11-26 08:23 - 2015-11-16 04:35 - 00689272 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll
2015-11-26 08:23 - 2015-11-16 04:35 - 00673912 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll
2015-11-26 08:23 - 2015-11-16 04:35 - 00501056 _____ (NVIDIA Corporation) C:\Windows\system32\nvEncodeAPI64.dll
2015-11-26 08:23 - 2015-11-16 04:35 - 00467912 _____ (NVIDIA Corporation) C:\Windows\system32\nvumdshimx.dll
2015-11-26 08:23 - 2015-11-16 04:35 - 00422240 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvEncodeAPI.dll
2015-11-26 08:23 - 2015-11-16 04:35 - 00413816 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFROpenGL.dll
2015-11-26 08:23 - 2015-11-16 04:35 - 00388024 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvumdshim.dll
2015-11-26 08:23 - 2015-11-16 04:35 - 00369272 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFROpenGL.dll
2015-11-26 08:23 - 2015-11-16 04:35 - 00205456 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvhda64v.sys
2015-11-26 08:23 - 2015-11-16 04:35 - 00177416 _____ (NVIDIA Corporation) C:\Windows\system32\nvinitx.dll
2015-11-26 08:23 - 2015-11-16 04:35 - 00155976 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvinit.dll
2015-11-26 08:23 - 2015-11-16 04:35 - 00151368 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglshim64.dll
2015-11-26 08:23 - 2015-11-16 04:35 - 00128512 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglshim32.dll
2015-11-26 08:23 - 2015-11-16 04:35 - 00072504 _____ (NVIDIA Corporation) C:\Windows\system32\nvaudcap64v.dll
2015-11-26 08:23 - 2015-11-16 04:35 - 00069416 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvaudcap32v.dll
2015-11-26 08:23 - 2015-11-16 04:35 - 00050472 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvvad64v.sys
2015-11-26 08:23 - 2015-11-16 04:35 - 00039240 _____ (NVIDIA Corporation) C:\Windows\system32\nvhdap64.dll
2015-11-26 08:23 - 2015-11-16 04:35 - 00033607 _____ C:\Windows\system32\nvinfo.pb
2015-11-26 08:13 - 2015-11-26 08:13 - 00001181 _____ C:\Users\Eltern\Downloads\autosizer.sh
2015-11-26 07:57 - 2015-11-26 07:57 - 00000000 ____D C:\Users\Eltern\Documents\Electronic Arts
2015-11-25 21:42 - 2015-11-25 21:42 - 00001552 _____ C:\Users\Eltern\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Win32DiskImager.lnk
2015-11-25 19:54 - 2015-11-25 19:54 - 00000000 ____D C:\Users\Wartung\.dvdcss
2015-11-25 15:17 - 2015-11-25 15:18 - 00000341 _____ C:\Users\Eltern\Documents\raspi.vnc
2015-11-25 15:15 - 2015-11-25 15:15 - 00000000 ____D C:\Users\Eltern\AppData\Roaming\TightVNC
2015-11-25 15:15 - 2015-11-25 15:15 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TightVNC
2015-11-25 15:15 - 2015-11-25 15:15 - 00000000 ____D C:\Program Files\TightVNC
2015-11-23 22:18 - 2015-11-23 22:18 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
2015-11-23 22:18 - 2015-11-23 22:18 - 00000000 ____D C:\Program Files\7-Zip
2015-11-23 20:47 - 2015-11-23 20:47 - 00000986 _____ C:\Users\Eltern\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Origin.lnk
2015-11-23 16:05 - 2015-11-23 16:09 - 00000139 _____ C:\Users\Eltern\Desktop\shutdown.bat
2015-11-23 15:49 - 2015-11-23 15:49 - 00000000 ____D C:\Users\Eltern\AppData\Local\pip
2015-11-23 14:58 - 2015-11-23 20:47 - 00000000 ____D C:\Users\Eltern\AppData\Roaming\Origin
2015-11-23 14:58 - 2015-11-23 14:59 - 00000000 ____D C:\Users\Eltern\AppData\Local\Origin
2015-11-23 14:52 - 2015-12-06 20:44 - 00000000 ____D C:\ProgramData\Origin
2015-11-19 10:55 - 2015-11-19 10:55 - 00633369 _____ C:\Users\Eltern\Desktop\Receptura_Legitimation_Stefanie_LoeschproHilger_2015_11_19.pdf
2015-11-18 14:38 - 2015-12-08 14:49 - 00000000 ____D C:\Skripte
2015-11-14 21:39 - 2015-11-14 21:39 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SDFormatter
2015-11-14 21:39 - 2015-11-14 21:39 - 00000000 ____D C:\Program Files (x86)\SDA
2015-11-14 17:26 - 2015-11-25 21:25 - 00000000 ____D C:\Users\Eltern\Documents\Finanzen test
2015-11-14 17:21 - 2015-11-25 21:14 - 00001940 _____ C:\Users\Eltern\Documents\backupffs-test.ffs_gui
2015-11-14 17:03 - 2015-11-14 17:10 - 00004172 _____ C:\Users\Eltern\fbf-finanz nach doku-finanztest.buj
2015-11-12 10:06 - 2015-11-03 18:55 - 03211264 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-11-12 10:05 - 2015-11-12 10:05 - 00000000 ____D C:\Users\Eltern\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2015-11-12 09:57 - 2015-12-08 21:15 - 00000000 ____D C:\Temp
2015-11-11 19:40 - 2015-11-11 20:05 - 00000000 ____D C:\Users\Wartung\AppData\Local\VMware
2015-11-11 19:40 - 2015-11-11 19:40 - 00000000 ____D C:\Users\Wartung\AppData\Roaming\VMware
2015-11-11 19:38 - 2015-10-20 19:42 - 03168768 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2015-11-11 19:38 - 2015-10-20 19:42 - 02608128 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2015-11-11 19:38 - 2015-10-20 19:42 - 00696320 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2015-11-11 19:38 - 2015-10-20 19:42 - 00192512 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2015-11-11 19:38 - 2015-10-20 19:42 - 00098816 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2015-11-11 19:38 - 2015-10-20 19:42 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2015-11-11 19:38 - 2015-10-20 19:42 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2015-11-11 19:38 - 2015-10-20 19:41 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2015-11-11 19:38 - 2015-10-20 19:41 - 00091136 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll
2015-11-11 19:38 - 2015-10-20 19:41 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2015-11-11 19:38 - 2015-10-20 19:41 - 00012288 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll
2015-11-11 19:38 - 2015-10-20 18:46 - 00566784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2015-11-11 19:38 - 2015-10-20 18:46 - 00174080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2015-11-11 19:38 - 2015-10-20 18:46 - 00093696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2015-11-11 19:38 - 2015-10-20 18:46 - 00030208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2015-11-11 19:38 - 2015-10-20 18:45 - 00035328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2015-11-11 14:05 - 2015-11-03 23:10 - 00390344 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-11-11 14:05 - 2015-11-03 22:51 - 00342728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-11-11 14:05 - 2015-10-31 00:46 - 25818624 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-11-11 14:05 - 2015-10-31 00:40 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-11-11 14:05 - 2015-10-31 00:40 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-11-11 14:05 - 2015-10-31 00:25 - 02886656 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-11-11 14:05 - 2015-10-31 00:25 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-11-11 14:05 - 2015-10-31 00:25 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-11-11 14:05 - 2015-10-31 00:25 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-11-11 14:05 - 2015-10-31 00:24 - 00585728 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-11-11 14:05 - 2015-10-31 00:24 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-11-11 14:05 - 2015-10-31 00:17 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-11-11 14:05 - 2015-10-31 00:16 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-11-11 14:05 - 2015-10-31 00:13 - 00616960 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-11-11 14:05 - 2015-10-31 00:12 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-11-11 14:05 - 2015-10-31 00:12 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-11-11 14:05 - 2015-10-31 00:11 - 05990912 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-11-11 14:05 - 2015-10-31 00:11 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-11-11 14:05 - 2015-10-31 00:11 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-11-11 14:05 - 2015-10-31 00:04 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-11-11 14:05 - 2015-10-31 00:01 - 00489984 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-11-11 14:05 - 2015-10-30 23:58 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-11-11 14:05 - 2015-10-30 23:53 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-11-11 14:05 - 2015-10-30 23:52 - 20331520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-11-11 14:05 - 2015-10-30 23:49 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-11-11 14:05 - 2015-10-30 23:49 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-11-11 14:05 - 2015-10-30 23:47 - 00504832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-11-11 14:05 - 2015-10-30 23:46 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-11-11 14:05 - 2015-10-30 23:46 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2015-11-11 14:05 - 2015-10-30 23:45 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2015-11-11 14:05 - 2015-10-30 23:45 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2015-11-11 14:05 - 2015-10-30 23:44 - 00152064 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2015-11-11 14:05 - 2015-10-30 23:44 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-11-11 14:05 - 2015-10-30 23:42 - 02279936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-11-11 14:05 - 2015-10-30 23:39 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-11-11 14:05 - 2015-10-30 23:39 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2015-11-11 14:05 - 2015-10-30 23:37 - 00480256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-11-11 14:05 - 2015-10-30 23:36 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2015-11-11 14:05 - 2015-10-30 23:36 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2015-11-11 14:05 - 2015-10-30 23:36 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-11-11 14:05 - 2015-10-30 23:34 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2015-11-11 14:05 - 2015-10-30 23:32 - 00720896 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-11-11 14:05 - 2015-10-30 23:31 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-11-11 14:05 - 2015-10-30 23:29 - 02126336 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-11-11 14:05 - 2015-10-30 23:29 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-11-11 14:05 - 2015-10-30 23:28 - 00416256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-11-11 14:05 - 2015-10-30 23:23 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-11-11 14:05 - 2015-10-30 23:22 - 14457856 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-11-11 14:05 - 2015-10-30 23:21 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2015-11-11 14:05 - 2015-10-30 23:19 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-11-11 14:05 - 2015-10-30 23:18 - 00279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-11-11 14:05 - 2015-10-30 23:17 - 02487808 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-11-11 14:05 - 2015-10-30 23:17 - 00130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2015-11-11 14:05 - 2015-10-30 23:16 - 04527616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-11-11 14:05 - 2015-10-30 23:11 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2015-11-11 14:05 - 2015-10-30 23:10 - 00689152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-11-11 14:05 - 2015-10-30 23:09 - 12854272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-11-11 14:05 - 2015-10-30 23:09 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-11-11 14:05 - 2015-10-30 23:09 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2015-11-11 14:05 - 2015-10-30 23:04 - 01547264 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-11-11 14:05 - 2015-10-30 22:53 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-11-11 14:05 - 2015-10-30 22:51 - 02011136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-11-11 14:05 - 2015-10-30 22:48 - 01311744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-11-11 14:05 - 2015-10-30 22:46 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-11-11 14:03 - 2015-10-20 02:12 - 05570496 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-11-11 14:03 - 2015-10-20 02:12 - 00154560 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-11-11 14:03 - 2015-10-20 02:12 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-11-11 14:03 - 2015-10-20 02:09 - 01730496 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2015-11-11 14:03 - 2015-10-20 02:06 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2015-11-11 14:03 - 2015-10-20 02:06 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2015-11-11 14:03 - 2015-10-20 02:06 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2015-11-11 14:03 - 2015-10-20 02:06 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2015-11-11 14:03 - 2015-10-20 02:05 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-11-11 14:03 - 2015-10-20 02:05 - 01216512 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2015-11-11 14:03 - 2015-10-20 02:05 - 01164800 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2015-11-11 14:03 - 2015-10-20 02:05 - 00729600 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-11-11 14:03 - 2015-10-20 02:05 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-11-11 14:03 - 2015-10-20 02:05 - 00424960 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2015-11-11 14:03 - 2015-10-20 02:05 - 00344064 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-11-11 14:03 - 2015-10-20 02:05 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-11-11 14:03 - 2015-10-20 02:05 - 00312320 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-11-11 14:03 - 2015-10-20 02:05 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-11-11 14:03 - 2015-10-20 02:05 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-11-11 14:03 - 2015-10-20 02:05 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-11-11 14:03 - 2015-10-20 02:05 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2015-11-11 14:03 - 2015-10-20 02:05 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-11-11 14:03 - 2015-10-20 02:05 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-11-11 14:03 - 2015-10-20 02:05 - 00044032 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2015-11-11 14:03 - 2015-10-20 02:05 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2015-11-11 14:03 - 2015-10-20 02:05 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-11-11 14:03 - 2015-10-20 02:05 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-11-11 14:03 - 2015-10-20 02:05 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-11-11 14:03 - 2015-10-20 02:05 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2015-11-11 14:03 - 2015-10-20 02:04 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2015-11-11 14:03 - 2015-10-20 02:04 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-11-11 14:03 - 2015-10-20 02:04 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-11-11 14:03 - 2015-10-20 02:00 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-11-11 14:03 - 2015-10-20 01:59 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-11-11 14:03 - 2015-10-20 01:53 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-11-11 14:03 - 2015-10-20 01:53 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2015-11-11 14:03 - 2015-10-20 01:53 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2015-11-11 14:03 - 2015-10-20 01:53 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2015-11-11 14:03 - 2015-10-20 01:53 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2015-11-11 14:03 - 2015-10-20 01:53 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2015-11-11 14:03 - 2015-10-20 01:53 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2015-11-11 14:03 - 2015-10-20 01:53 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2015-11-11 14:03 - 2015-10-20 01:53 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2015-11-11 14:03 - 2015-10-20 01:53 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2015-11-11 14:03 - 2015-10-20 01:53 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-11-11 14:03 - 2015-10-20 01:53 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2015-11-11 14:03 - 2015-10-20 01:53 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2015-11-11 14:03 - 2015-10-20 01:53 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2015-11-11 14:03 - 2015-10-20 01:53 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2015-11-11 14:03 - 2015-10-20 01:53 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2015-11-11 14:03 - 2015-10-20 01:53 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2015-11-11 14:03 - 2015-10-20 01:53 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2015-11-11 14:03 - 2015-10-20 01:53 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2015-11-11 14:03 - 2015-10-20 01:53 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2015-11-11 14:03 - 2015-10-20 01:53 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2015-11-11 14:03 - 2015-10-20 01:53 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2015-11-11 14:03 - 2015-10-20 01:53 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2015-11-11 14:03 - 2015-10-20 01:53 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2015-11-11 14:03 - 2015-10-20 01:53 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2015-11-11 14:03 - 2015-10-20 01:53 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2015-11-11 14:03 - 2015-10-20 01:53 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2015-11-11 14:03 - 2015-10-20 01:53 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2015-11-11 14:03 - 2015-10-20 01:53 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2015-11-11 14:03 - 2015-10-20 01:53 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2015-11-11 14:03 - 2015-10-20 01:52 - 03991488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-11-11 14:03 - 2015-10-20 01:52 - 03935680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-11-11 14:03 - 2015-10-20 01:48 - 01311768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2015-11-11 14:03 - 2015-10-20 01:45 - 00552960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-11-11 14:03 - 2015-10-20 01:45 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2015-11-11 14:03 - 2015-10-20 01:45 - 00251392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-11-11 14:03 - 2015-10-20 01:45 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2015-11-11 14:03 - 2015-10-20 01:45 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2015-11-11 14:03 - 2015-10-20 01:45 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2015-11-11 14:03 - 2015-10-20 01:45 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-11-11 14:03 - 2015-10-20 01:45 - 00036864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
2015-11-11 14:03 - 2015-10-20 01:45 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2015-11-11 14:03 - 2015-10-20 01:45 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2015-11-11 14:03 - 2015-10-20 01:45 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2015-11-11 14:03 - 2015-10-20 01:45 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2015-11-11 14:03 - 2015-10-20 01:44 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2015-11-11 14:03 - 2015-10-20 01:44 - 00665088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2015-11-11 14:03 - 2015-10-20 01:44 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2015-11-11 14:03 - 2015-10-20 01:44 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2015-11-11 14:03 - 2015-10-20 01:44 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2015-11-11 14:03 - 2015-10-20 01:44 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2015-11-11 14:03 - 2015-10-20 01:39 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2015-11-11 14:03 - 2015-10-20 01:39 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2015-11-11 14:03 - 2015-10-20 01:35 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2015-11-11 14:03 - 2015-10-20 01:35 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2015-11-11 14:03 - 2015-10-20 01:35 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2015-11-11 14:03 - 2015-10-20 01:35 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2015-11-11 14:03 - 2015-10-20 01:35 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2015-11-11 14:03 - 2015-10-20 01:35 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2015-11-11 14:03 - 2015-10-20 01:35 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2015-11-11 14:03 - 2015-10-20 01:35 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2015-11-11 14:03 - 2015-10-20 01:35 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2015-11-11 14:03 - 2015-10-20 01:35 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2015-11-11 14:03 - 2015-10-20 01:35 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2015-11-11 14:03 - 2015-10-20 01:35 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2015-11-11 14:03 - 2015-10-20 01:35 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2015-11-11 14:03 - 2015-10-20 01:35 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2015-11-11 14:03 - 2015-10-20 01:35 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2015-11-11 14:03 - 2015-10-20 01:35 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2015-11-11 14:03 - 2015-10-20 01:35 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-11-11 14:03 - 2015-10-20 01:35 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2015-11-11 14:03 - 2015-10-20 01:35 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2015-11-11 14:03 - 2015-10-20 01:35 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2015-11-11 14:03 - 2015-10-20 01:35 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2015-11-11 14:03 - 2015-10-20 01:35 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2015-11-11 14:03 - 2015-10-20 01:35 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2015-11-11 14:03 - 2015-10-20 01:35 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2015-11-11 14:03 - 2015-10-20 01:35 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2015-11-11 14:03 - 2015-10-20 01:35 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2015-11-11 14:03 - 2015-10-20 00:41 - 00159232 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2015-11-11 14:03 - 2015-10-20 00:40 - 00290816 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2015-11-11 14:03 - 2015-10-20 00:40 - 00129024 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2015-11-11 14:03 - 2015-10-20 00:29 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2015-11-11 14:03 - 2015-10-20 00:29 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2015-11-11 14:03 - 2015-10-20 00:27 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2015-11-11 14:03 - 2015-10-20 00:27 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2015-11-11 14:03 - 2015-10-20 00:27 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2015-11-11 14:03 - 2015-10-20 00:27 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2015-11-11 14:03 - 2015-10-13 17:41 - 00497664 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2015-11-11 14:03 - 2015-10-13 17:40 - 00118272 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tdx.sys
2015-11-11 14:03 - 2015-10-13 05:57 - 00950720 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ndis.sys
2015-11-11 14:03 - 2015-10-01 19:00 - 00275456 _____ (Microsoft Corporation) C:\Windows\system32\InkEd.dll
2015-11-11 14:03 - 2015-10-01 19:00 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\jnwmon.dll
2015-11-11 14:03 - 2015-10-01 18:50 - 00216064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\InkEd.dll
2015-11-11 14:03 - 2015-09-23 14:15 - 00460776 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2015-11-11 14:03 - 2015-09-23 14:15 - 00299632 _____ (Microsoft Corporation) C:\Windows\system32\bcryptprimitives.dll
2015-11-11 14:03 - 2015-09-23 14:09 - 00251000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\bcryptprimitives.dll
==================== Ein Monat: Geänderte Dateien und Ordner ========
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)
2015-12-08 21:15 - 2014-12-16 21:19 - 00004182 _____ C:\Windows\System32\Tasks\avast! Emergency Update
2015-12-08 21:15 - 2014-10-16 20:42 - 00001106 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-12-08 21:15 - 2014-03-14 10:38 - 00000000 ____D C:\ProgramData\VMware
2015-12-08 21:15 - 2014-02-14 00:57 - 00000000 ___RD C:\Users\Eltern\Dropbox
2015-12-08 21:15 - 2014-02-14 00:55 - 00000000 ____D C:\Users\Eltern\AppData\Roaming\Dropbox
2015-12-08 21:15 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-12-08 16:15 - 2014-02-12 23:17 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-12-08 16:13 - 2014-10-16 20:42 - 00001110 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-12-08 16:07 - 2009-07-14 04:20 - 00000000 ____D C:\Windows
2015-12-08 16:03 - 2009-07-14 05:45 - 00019312 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-12-08 16:03 - 2009-07-14 05:45 - 00019312 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-12-08 16:02 - 2009-07-14 18:58 - 00702138 _____ C:\Windows\system32\perfh007.dat
2015-12-08 16:02 - 2009-07-14 18:58 - 00150804 _____ C:\Windows\system32\perfc007.dat
2015-12-08 16:02 - 2009-07-14 06:13 - 01628890 _____ C:\Windows\system32\PerfStringBackup.INI
2015-12-08 16:02 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\inf
2015-12-08 16:00 - 2015-06-17 13:43 - 00001228 _____ C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-3895678430-1897185528-4005713618-1000UA.job
2015-12-08 15:31 - 2014-05-21 12:06 - 00000000 ____D C:\Users\Wartung
2015-12-08 12:44 - 2014-03-14 11:00 - 00000000 ____D C:\Windows\Minidump
2015-12-08 12:44 - 2014-02-12 22:44 - 00000000 ____D C:\Users\Eltern
2015-12-08 12:42 - 2015-03-28 09:51 - 00000000 ____D C:\Program Files (x86)\ShellfireVPN
2015-12-08 12:28 - 2014-12-04 11:56 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-12-08 12:28 - 2014-12-04 11:56 - 00109272 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-12-08 12:00 - 2015-01-30 17:48 - 00000000 ____D C:\Users\Eltern\Downloads\Sicherheit
2015-12-08 11:34 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\system32\NDF
2015-12-08 11:20 - 2014-02-24 23:26 - 00000000 ____D C:\Program Files (x86)\Steam
2015-12-08 10:01 - 2014-02-18 19:55 - 00000680 __RSH C:\Users\Eltern\ntuser.pol
2015-12-08 09:54 - 2014-06-04 09:08 - 00000680 __RSH C:\Users\Wartung\ntuser.pol
2015-12-08 09:50 - 2014-02-18 16:17 - 00279418 __RSH C:\Users\Sara\ntuser.pol
2015-12-08 09:50 - 2014-02-14 17:26 - 00000000 ____D C:\Users\Sara
2015-12-07 16:08 - 2015-01-20 22:22 - 00000000 ____D C:\Users\Wartung\Desktop\SleepTimerUltimate
2015-12-07 15:11 - 2014-10-02 12:07 - 00000000 ____D C:\Users\Eltern\Documents\WEG
2015-12-06 18:57 - 2009-07-14 06:08 - 00032640 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2015-12-05 17:42 - 2014-02-14 17:27 - 00166008 _____ C:\Users\Sara\AppData\Local\GDIPFONTCACHEV1.DAT
2015-12-05 17:41 - 2009-07-14 05:45 - 00513968 _____ C:\Windows\system32\FNTCACHE.DAT
2015-12-05 14:46 - 2014-06-04 09:08 - 00166008 _____ C:\Users\Wartung\AppData\Local\GDIPFONTCACHEV1.DAT
2015-12-05 14:43 - 2014-02-12 23:09 - 00166008 _____ C:\Users\Eltern\AppData\Local\GDIPFONTCACHEV1.DAT
2015-12-05 14:00 - 2015-06-17 13:43 - 00001176 _____ C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-3895678430-1897185528-4005713618-1000Core.job
2015-12-05 12:54 - 2014-02-17 15:16 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AutoIt v3
2015-12-05 12:54 - 2014-02-17 15:16 - 00000000 ____D C:\Program Files (x86)\AutoIt3
2015-12-05 12:51 - 2014-02-17 15:55 - 00000833 _____ C:\Users\Eltern\SciTE.session
2015-12-05 11:56 - 2014-02-13 23:56 - 00000000 ____D C:\Program Files (x86)\TeamViewer
2015-12-05 11:31 - 2014-08-17 00:07 - 02821632 ___SH C:\Users\Eltern\Desktop\Thumbs.db
2015-12-04 14:02 - 2014-02-12 23:26 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2015-12-03 14:23 - 2014-03-05 15:48 - 00000000 ____D C:\Users\Eltern\AppData\Roaming\ALFBanCo5
2015-12-03 14:17 - 2014-03-05 15:47 - 00000000 ____D C:\ProgramData\AlfBanCo5
2015-12-02 22:07 - 2014-02-14 14:10 - 00140488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\comdlg32.ocx--
2015-12-02 19:08 - 2014-10-16 20:42 - 00004106 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-12-02 19:08 - 2014-10-16 20:42 - 00003854 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2015-12-02 14:11 - 2014-02-14 00:16 - 00000000 ____D C:\Users\Eltern\Documents\Finanzkalkulationen
2015-12-01 23:48 - 2009-07-14 04:20 - 00000000 ___HD C:\Windows\system32\GroupPolicyUsers
2015-11-30 20:52 - 2014-02-14 00:50 - 00000000 ____D C:\Users\Eltern\AppData\Roaming\vlc
2015-11-30 14:20 - 2014-03-04 22:41 - 00000000 ____D C:\Users\Eltern\AppData\Roaming\HandBrake
2015-11-30 07:57 - 2014-11-27 15:21 - 00000824 _____ C:\Users\Wartung\Desktop\Handbrake.lnk
2015-11-30 07:57 - 2014-03-04 15:40 - 00000000 ____D C:\Users\Eltern\AppData\Roaming\dvdcss
2015-11-26 18:29 - 2014-03-14 11:09 - 00000000 ____D C:\Users\Eltern\AppData\Local\VMware
2015-11-26 17:23 - 2014-03-14 11:09 - 00000000 ____D C:\Users\Eltern\AppData\Roaming\VMware
2015-11-26 15:43 - 2009-07-14 06:32 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2015-11-26 08:32 - 2014-03-29 14:58 - 00000000 ____D C:\Program Files (x86)\QNAP
2015-11-26 08:26 - 2015-09-24 19:53 - 00000000 ____D C:\Users\Wartung\AppData\Local\NVIDIA Corporation
2015-11-26 08:25 - 2015-09-22 19:30 - 00000000 ____D C:\Users\Eltern\AppData\Local\NVIDIA Corporation
2015-11-26 08:25 - 2015-09-22 19:28 - 00000000 ____D C:\ProgramData\NVIDIA Corporation
2015-11-26 08:25 - 2015-09-22 19:27 - 00000000 ____D C:\Program Files\NVIDIA Corporation
2015-11-26 08:25 - 2015-09-16 21:08 - 00000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2015-11-26 08:24 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\Help
2015-11-25 20:01 - 2015-01-29 11:11 - 00000000 ____D C:\Program Files\multiAVCHD
2015-11-25 19:52 - 2014-02-14 21:18 - 00000000 ____D C:\Users\Eltern\AppData\Roaming\MusicBee
2015-11-24 16:12 - 2015-06-18 13:19 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Image Writer
2015-11-24 16:12 - 2015-06-18 13:19 - 00000000 ____D C:\Program Files (x86)\ImageWriter
2015-11-23 15:40 - 2015-09-02 21:18 - 00000000 ____D C:\Users\Wartung\Documents\SoftMaker
2015-11-23 14:52 - 2014-08-07 11:08 - 00000000 ____D C:\ProgramData\Package Cache
2015-11-22 13:33 - 2014-02-14 17:41 - 00000000 ____D C:\Users\Sara\AppData\Roaming\vlc
2015-11-20 17:48 - 2014-02-13 23:45 - 00000000 ____D C:\Program Files (x86)\Adobe
2015-11-20 17:48 - 2014-02-13 00:25 - 00000000 ____D C:\ProgramData\Adobe
2015-11-18 20:02 - 2015-05-04 14:02 - 00000348 _____ C:\Windows\Tasks\P nach D-Sicherungen.job
2015-11-18 13:51 - 2014-02-13 23:49 - 00003490 _____ C:\Windows\System32\Tasks\Motorola Device Manager Update
2015-11-18 13:51 - 2014-02-13 23:49 - 00003472 _____ C:\Windows\System32\Tasks\Motorola Device Manager Engine
2015-11-18 13:50 - 2015-05-04 14:02 - 00002944 _____ C:\Windows\System32\Tasks\P nach D-Sicherungen
2015-11-18 13:48 - 2015-10-30 20:47 - 00003888 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2015-11-17 19:51 - 2014-03-29 10:11 - 00000000 ____D C:\Users\Eltern\Documents\Praxis
2015-11-14 21:37 - 2015-01-20 13:11 - 00000000 ____D C:\Users\Eltern\AppData\Local\Downloaded Installations
2015-11-14 17:25 - 2015-06-21 19:49 - 00000000 ____D C:\Users\Eltern\Documents\Finanzen
2015-11-14 17:14 - 2015-05-03 21:07 - 00000000 ____D C:\Program Files\FreeFileSync
2015-11-14 17:03 - 2015-05-04 13:34 - 00000000 ____D C:\Users\Eltern\AppData\Roaming\PersBackup5
2015-11-13 14:10 - 2015-07-13 11:32 - 00000000 ____D C:\Users\Eltern\Desktop\Monokel
2015-11-11 21:49 - 2014-02-12 23:51 - 145617392 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-11-11 21:49 - 2014-02-12 23:51 - 00000000 ____D C:\Windows\system32\MRT
2015-11-11 21:49 - 2014-02-12 23:30 - 00000000 ____D C:\ProgramData\Microsoft Help
2015-11-11 16:46 - 2009-07-14 19:18 - 00000000 ____D C:\Program Files\Windows Journal
2015-11-11 16:09 - 2014-02-12 22:52 - 01602234 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2015-11-11 15:15 - 2014-02-12 23:17 - 00780488 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-11-11 15:15 - 2014-02-12 23:17 - 00142536 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-11-11 15:15 - 2014-02-12 23:17 - 00003822 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-11-11 13:50 - 2015-11-07 23:55 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
Einige Dateien in TEMP:
====================
C:\Users\Eltern\AppData\Local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpa4nmjl.dll
==================== Bamital & volsnap =================
(Es ist kein automatischer Fix für Dateien vorhanden, die an der Verifikation gescheitert sind.)
C:\Windows\system32\winlogon.exe => Datei ist digital signiert
C:\Windows\system32\wininit.exe => Datei ist digital signiert
C:\Windows\SysWOW64\wininit.exe => Datei ist digital signiert
C:\Windows\explorer.exe => Datei ist digital signiert
C:\Windows\SysWOW64\explorer.exe => Datei ist digital signiert
C:\Windows\system32\svchost.exe => Datei ist digital signiert
C:\Windows\SysWOW64\svchost.exe => Datei ist digital signiert
C:\Windows\system32\services.exe => Datei ist digital signiert
C:\Windows\system32\User32.dll => Datei ist digital signiert
C:\Windows\SysWOW64\User32.dll => Datei ist digital signiert
C:\Windows\system32\userinit.exe => Datei ist digital signiert
C:\Windows\SysWOW64\userinit.exe => Datei ist digital signiert
C:\Windows\system32\rpcss.dll => Datei ist digital signiert
C:\Windows\system32\dnsapi.dll => Datei ist digital signiert
C:\Windows\SysWOW64\dnsapi.dll => Datei ist digital signiert
C:\Windows\system32\Drivers\volsnap.sys => Datei ist digital signiert
LastRegBack: 2015-11-30 21:28
==================== Ende von FRST.txt ============================
Übrigens ist mein Eindruck, dass der Loginvorgang wieder recht lange geht trotz SSD. Nachdem das Hellblau sichtbar ist, kommt noch ca 5-10 Sek. ein "bitte warten" - wie man es sonst nur nach updates kennt. |
|
08.12.2015, 21:32
| #17 |
| /// Winkelfunktion /// TB-Süch-Tiger™   | Virus JS:ScriptPE-inf (Trj) laut avast, nur noch Mail geht Wieso ist denn da noch Avast drauf, das sollte doch runter!
__________________
__________________ |
|
08.12.2015, 21:42
| #18 |
| | Virus JS:ScriptPE-inf (Trj) laut avast, nur noch Mail geht kleinen Moment, ist gleich erledigt...
__________________So, jetzt ohne AV (außer den Essentials)... ;-) addition.txt: Code:
ATTFilter Zusätzliches Untersuchungsergebnis von Farbar Recovery Scan Tool (x64) Version:05-12-2015
durchgeführt von Wartung (2015-12-08 21:40:14)
Gestartet von D:\Installation\antivirus
Windows 7 Home Premium Service Pack 1 (X64) (2014-02-12 21:44:55)
Start-Modus: Normal
==========================================================
==================== Konten: =============================
Administrator (S-1-5-21-3895678430-1897185528-4005713618-500 - Administrator - Disabled)
Eltern (S-1-5-21-3895678430-1897185528-4005713618-1000 - Limited - Enabled) => C:\Users\Eltern
Gast (S-1-5-21-3895678430-1897185528-4005713618-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-3895678430-1897185528-4005713618-1002 - Limited - Enabled)
Sara (S-1-5-21-3895678430-1897185528-4005713618-1003 - Limited - Enabled) => C:\Users\Sara
test (S-1-5-21-3895678430-1897185528-4005713618-1011 - Limited - Enabled) => C:\Users\test
Wartung (S-1-5-21-3895678430-1897185528-4005713618-1006 - Administrator - Enabled) => C:\Users\Wartung
==================== Sicherheits-Center ========================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er entfernt.)
AV: Microsoft Security Essentials (Enabled - Up to date) {B7ECF8CD-0188-6703-DBA4-AA65C6ACFB0A}
AV: avast! Antivirus (Disabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Microsoft Security Essentials (Enabled - Up to date) {0C8D1929-27B2-688D-E114-9117BD2BB1B7}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Disabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
==================== Installierte Programme ======================
(Nur Adware-Programme mit dem Zusatz "Hidden" können in die Fixlist aufgenommen werden, um sie sichtbar zu machen. Die Adware-Programme sollten manuell deinstalliert werden.)
1954 Alcatraz (HKLM-x32\...\Steam App 255280) (Version: - Daedalic Entertainment)
7-Zip 15.12 (x64) (HKLM\...\7-Zip) (Version: 15.12 - Igor Pavlov)
A New Beginning - Final Cut (HKLM-x32\...\Steam App 105000) (Version: - Daedalic Entertainment)
Adobe Digital Editions 4.0 (HKLM-x32\...\Adobe Digital Editions 4.0) (Version: 4.0.2 - Adobe Systems Incorporated)
Adobe Flash Player 19 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 19.0.0.245 - Adobe Systems Incorporated)
Adobe Flash Player 19 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 19.0.0.245 - Adobe Systems Incorporated)
Adobe Photoshop Elements 7.0 (HKLM-x32\...\Adobe Photoshop Elements 7) (Version: 7.0 - Adobe Systems Incorporated)
Adobe Photoshop Lightroom 5.7 64-bit (HKLM\...\{1B77B02E-17E4-4B6D-B8A1-74B29AF3D8DD}) (Version: 5.7.0 - Adobe Systems Incorporated)
Adobe Premiere Elements 7.0 (HKLM-x32\...\PremElem70) (Version: 7.0 - Adobe Systems Incorporated)
Adobe Premiere Elements 7.0 Templates (HKLM-x32\...\PremElem70Templates) (Version: 7.0.0 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.07) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.07 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.1 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.1.4.154 - Adobe Systems, Inc.)
ALF-BanCo 4 (HKLM-x32\...\Alf-BanCo4_is1) (Version: - ALF AG)
ALF-BanCo 5 (HKLM-x32\...\Alf-BanCo5_is1) (Version: 5.3.5 - ALF AG)
Anki (HKLM-x32\...\Anki) (Version: - )
Any Video Converter 5.7.9 (HKLM-x32\...\Any Video Converter_is1) (Version: - Any-Video-Converter.com)
Apple Application Support (HKLM-x32\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.)
Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver (HKLM-x32\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 2.1.0.7 - Atheros Communications Inc.)
Audacity 2.1.0 (HKLM-x32\...\Audacity_is1) (Version: 2.1.0 - Audacity Team)
AutoIt v3.3.10.2 (HKLM-x32\...\AutoItv3) (Version: 3.3.10.2 - AutoIt Team)
Avidemux 2.6 - 64bits (HKLM-x32\...\Avidemux 2.6 - 64bits (64-bit)) (Version: 2.6.7.8981 - )
Avira (HKLM-x32\...\{e7c7c227-b742-4878-9425-f09bbf9951db}) (Version: 1.1.27.25527 - Avira Operations & Co. KG)
Avira (x32 Version: 1.1.27.25527 - Avira Operations & Co. KG) Hidden
AviSynth 2.5 (HKLM-x32\...\AviSynth) (Version: - )
Boxcryptor Classic 1.7 (HKLM-x32\...\{DF47AB90-FB92-42F4-926E-1C4FF16029E7}) (Version: 1.7.409.131 - Secomba GmbH)
calibre (HKLM-x32\...\{730F17AA-6E66-4BD1-B7C5-8F1DA33D2D66}) (Version: 2.41.0 - Kovid Goyal)
CDBurnerXP (HKLM-x32\...\{7E265513-8CDA-4631-B696-F40D983F3B07}_is1) (Version: 4.5.5.5666 - CDBurnerXP)
Chaos on Deponia (HKLM-x32\...\Steam App 220740) (Version: - Daedalic Entertainment)
Cities: Skylines (HKLM-x32\...\Steam App 255710) (Version: - Colossal Order Ltd.)
cwRsync (remove only) (HKLM-x32\...\cwRsync) (Version: - )
cyberJack Base Components (HKLM-x32\...\{FC338210-F594-11D3-BA24-00001C3AB4DF}) (Version: 6.10.8 - REINER SCT)
CyberLink BD_3D Advisor 2.0 (HKLM-x32\...\{2D2D8FE2-605C-4D3C-B706-36E981E7EEF0}) (Version: 2.0.5425 - CyberLink Corp.)
CyberLink Media Suite 10 (HKLM-x32\...\InstallShield_{8F14AA37-5193-4A14-BD5B-BDF9B361AEF7}) (Version: 10.0 - CyberLink Corp.)
CyberLink PowerProducer 5.5 (HKLM-x32\...\InstallShield_{B7A0CE06-068E-11D6-97FD-0050BACBF861}) (Version: 5.5.3.4118 - CyberLink Corp.)
DebugMode Wink (HKLM-x32\...\DebugMode Wink) (Version: - )
Der Schatz der Delfine (HKU\S-1-5-21-3895678430-1897185528-4005713618-1006\...\Der Schatz der Delfine) (Version: V2.000000 - )
Deutschlandrallye (HKLM-x32\...\{77D76333-82C6-4D5F-BDA8-574B398D5C79}) (Version: 1.00.0000 - Westermann)
Die Sims 2 (HKLM-x32\...\{6E7DD182-9FC6-4651-0095-2E666CC6AF35}) (Version: - )
Die Sims™ 3 (HKLM-x32\...\{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}) (Version: 1.69.36.024017 - Electronic Arts Inc.)
DiRT Rally (HKLM-x32\...\Steam App 310560) (Version: - Codemasters Racing Studio)
Dropbox (HKU\S-1-5-21-3895678430-1897185528-4005713618-1000\...\Dropbox) (Version: 3.10.11 - Dropbox, Inc.)
Druckerdeinstallation für EPSON WP-4535 Series (HKLM\...\EPSON WP-4535 Series) (Version: - SEIKO EPSON Corporation)
Druckschriften (3.1) (HKLM-x32\...\Druckschriften_is1) (Version: 3.1 - Medienwerkstatt Mühlacker)
DVD Decrypter (Remove Only) (HKLM-x32\...\DVD Decrypter) (Version: - )
Edna & Harvey: Harvey's New Eyes (HKLM-x32\...\Steam App 219910) (Version: - Daedalic Entertainment)
Edna & Harvey: The Breakout (HKLM-x32\...\Steam App 255320) (Version: - Daedalic Entertainment)
Eisbär 2 (HKLM-x32\...\Eisbär 2) (Version: - )
Emil und Pauline In der Burg (remove only) (HKLM-x32\...\Emil und Pauline In der Burg) (Version: - )
Emil und Pauline In der Südsee (remove only) (HKLM-x32\...\Emil und Pauline In der Südsee) (Version: - )
Epson Connect Printer Setup (HKLM-x32\...\{D9B1D51B-EB56-410D-AEB5-1CCFAC4B6C8C}) (Version: 1.3.0 - SEIKO EPSON CORPORATION)
Epson FAX Utility (HKLM-x32\...\{0CBE6C93-CB2E-4378-91EE-12BE6D4E2E4A}) (Version: 1.46.00 - SEIKO EPSON CORPORATION)
Epson PC-FAX Driver (HKLM-x32\...\EPSON PC-FAX Driver 2) (Version: - )
EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version: - Seiko Epson Corporation)
ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version: - )
Exif-Viewer 2.51 (HKLM-x32\...\Exif-Viewer) (Version: 2.51 - Ralf Bibinger)
FileJuggler (HKLM-x32\...\{C7005E49-2205-46B3-A4B7-ED3C3D99983D}_is1) (Version: 1.3.11 - Bitvaerk)
FileZilla Client 3.7.4.1 (HKU\S-1-5-21-3895678430-1897185528-4005713618-1000\...\FileZilla Client) (Version: 3.7.4.1 - Tim Kosse)
Freddy Mathematik 4 (HKLM-x32\...\Freddy Mathematik 4) (Version: - )
FreeFileSync 7.6 (HKLM-x32\...\FreeFileSync_is1) (Version: 7.6 - www.FreeFileSync.org)
Gedächtnisrallye (HKLM-x32\...\{2E016D9C-0876-4660-98E0-03BC07B4FFCD}) (Version: 1.00.0000 - Your Company Name)
GenoPro (HKLM-x32\...\GenoPro) (Version: - )
Goodbye Deponia (HKLM-x32\...\Steam App 241910) (Version: - Daedalic Entertainment)
Google Earth Plug-in (HKLM-x32\...\{4AB54F11-2F8C-11E3-B09F-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.29.1 - Google Inc.) Hidden
GPL Ghostscript (HKLM\...\GPL Ghostscript 9.18) (Version: 9.18 - Artifex Software Inc.)
GSmartControl (HKLM-x32\...\GSmartControl) (Version: 0.8.7 - Alexander Shaduri)
HandBrake 0.10.2 (HKLM-x32\...\HandBrake) (Version: 0.10.2 - )
inCloak VPN (HKLM-x32\...\{DFC5A448-F93F-48A0-AA3D-6FD0CD67A560}) (Version: 1.04 - inCloak Network Ltd.)
Indeo® software (HKLM-x32\...\Indeo® software) (Version: - )
Intel(R) Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1252 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.2932 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.1.0.1006 - Intel Corporation)
Intel(R) SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 2.0.0.37149 - Intel Corporation)
Intel(R) USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 1.0.5.235 - Intel Corporation)
IrfanView (remove only) (HKLM-x32\...\IrfanView) (Version: 4.38 - Irfan Skiljan)
Java 8 Update 45 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218045F0}) (Version: 8.0.450 - Oracle Corporation)
KC Softwares SUMo (HKLM-x32\...\KC Softwares SUMo_is1) (Version: 3.11.7.250 - KC Softwares)
KeyScrambler (HKLM-x32\...\KeyScrambler) (Version: 3.8.2.0 - QFX Software Corporation)
Kodi (HKU\S-1-5-21-3895678430-1897185528-4005713618-1006\...\Kodi) (Version: - XBMC-Foundation)
LAME v3.99.3 (for Windows) (HKLM-x32\...\LAME_is1) (Version: - )
Lateinische Ausgangsschrift (3.1) (HKLM-x32\...\Lateinische Ausgangsschrift_is1) (Version: 3.1.0 - Medienwerkstatt Mühlacker)
Lernen Mathe 3 (HKLM-x32\...\{C47F1C86-22F0-4C03-BFDF-7676E3CBB96F}) (Version: 1.00.0000 - Terzio Verlag)
LG ODD Auto Firmware Update (HKLM-x32\...\{6179550A-3E7C-499E-BCC9-9E8113E0A285}) (Version: 10.01.0712.01 - )
Life Is Strange™ (HKLM-x32\...\Steam App 319630) (Version: - DONTNOD Entertainment)
Link Shell Extension (HKLM\...\HardlinkShellExt) (Version: 3.7.5.9 - Hermann Schinagl)
Loewenzahn 4 (HKLM-x32\...\{AE9E39ED-A41A-40D4-B4CD-858A6E41D881}) (Version: 1.00.0000 - Terzio Verlag)
MakeMKV v1.9.1 (HKLM-x32\...\MakeMKV) (Version: v1.9.1 - GuinpinSoft inc)
Malwarebytes Anti-Malware Version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
Mathematische Zeichensätze 1.0 (HKLM-x32\...\Mathematische Zeichensätze_is1) (Version: 2.0 - Medienwerkstatt Mühlacker)
Mediencenter 3.9.1055.64 (HKU\S-1-5-21-3895678430-1897185528-4005713618-1000\...\Mediencenter) (Version: 3.9.1055.64 - Deutsche Telekom AG)
Memoria (HKLM-x32\...\Steam App 243200) (Version: - Daedalic Entertainment)
Microsoft .NET Framework 4.5.2 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation)
Microsoft Midtown Madness (HKLM-x32\...\Midtown Madness 1.0) (Version: - )
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)
Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office PowerPoint 2003 Template Pack 1 (HKLM-x32\...\{90AB0407-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.5614.0 - Microsoft Corporation)
Microsoft Office PowerPoint 2003 Template Pack 2 (HKLM-x32\...\{90AC0407-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.5614.0 - Microsoft Corporation)
Microsoft Office PowerPoint 2003 Template Pack 3 (HKLM-x32\...\{90AD0407-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.5614.0 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.8.204.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40728.0 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 ENU (HKLM-x32\...\{BCC899FE-2DAA-460C-A5FB-60291E73D9C3}) (Version: 3.5.5386.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.51106 (HKLM-x32\...\{cb41fc68-4442-4f7f-b22f-8f31c74897ac}) (Version: 11.0.51106.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{a55ac379-46b0-461a-95b1-fef5c08443f2}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ Run Time Lib Setup (HKLM-x32\...\{AAF4238F-7C29-451D-9925-C753271A5728}) (Version: 1.0.0 - Microsoft)
MiniTool Partition Wizard Home Edition 8.1.1 (HKLM-x32\...\{05D996FA-ADCB-4D23-BA3C-A7C184A8FAC6}_is1) (Version: - MiniTool Solution Ltd.)
Motorola Device Manager (HKLM-x32\...\{28DB8373-C1BB-444F-A427-A55585A12ED7}) (Version: 2.4.5 - Motorola Mobility)
Motorola Device Software Update (x32 Version: 13.09.3001 - Motorola Mobility) Hidden
Motorola Mobile Drivers Installation 6.3.0 (HKLM\...\{759E6A2F-1F01-45EF-A0C4-22F1B56CB975}) (Version: 6.3.0 - Motorola Mobility LLC)
Mozilla Firefox 42.0 (x86 de) (HKLM-x32\...\Mozilla Firefox 42.0 (x86 de)) (Version: 42.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 42.0.0.5780 - Mozilla)
Mozilla Thunderbird 38.4.0 (x86 de) (HKLM-x32\...\Mozilla Thunderbird 38.4.0 (x86 de)) (Version: 38.4.0 - Mozilla)
Mp3tag v2.69 (HKLM-x32\...\Mp3tag) (Version: v2.69 - Florian Heidenreich)
MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
MusicBee 2.4 (HKLM-x32\...\MusicBee) (Version: 2.4 - Steven Mayall)
MyPhoneExplorer (HKLM-x32\...\MPE) (Version: 1.8.6 - F.J. Wechselberger)
NVIDIA 3D Vision Controller-Treiber 352.65 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 352.65 - NVIDIA Corporation)
NVIDIA 3D Vision Treiber 359.00 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 359.00 - NVIDIA Corporation)
NVIDIA GeForce Experience 2.7.4.10 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.7.4.10 - NVIDIA Corporation)
NVIDIA Grafiktreiber 359.00 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 359.00 - NVIDIA Corporation)
NVIDIA HD-Audiotreiber 1.3.34.4 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.34.4 - NVIDIA Corporation)
NVIDIA PhysX-Systemsoftware 9.15.0428 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.15.0428 - NVIDIA Corporation)
ON_OFF Charge B12.1025.1 (HKLM-x32\...\{3DECD372-76A1-4483-BF10-B547790A3261}) (Version: 1.00.0001 - GIGABYTE)
OpenAL (HKLM-x32\...\OpenAL) (Version: - )
OpenOffice 4.1.1 (HKLM-x32\...\{ACD0FFF9-6B35-43C1-82DB-9FF6990E8602}) (Version: 4.11.9775 - Apache Software Foundation)
Origin (HKLM-x32\...\Origin) (Version: 9.10.2.4863 - Electronic Arts, Inc.)
Pädagogische Zeichensätze 1 (2.0) (HKLM-x32\...\Pädagogische Zeichensätze 1_is1) (Version: 2.0 - Medienwerkstatt Mühlacker)
Pädagogische Zeichensätze 2 (2.0) (HKLM-x32\...\Pädagogische Zeichensätze 2_is1) (Version: 2.0 - Medienwerkstatt Mühlacker)
Pädagogische Zeichensätze 3 (2.0) (HKLM-x32\...\Pädagogische Zeichensätze 3_is1) (Version: 2.0 - Medienwerkstatt Mühlacker)
Pädagogische Zeichensätze 5 1.0 (HKLM-x32\...\Pädagogische Zeichensätze 5_is1) (Version: 1.0 - Medienwerkstatt Mühlacker)
Pädagogische Zeichensätze 7 (1.0) (HKLM-x32\...\Pädagogische Zeichensätze 7_is1) (Version: 1.0 - Medienwerkstatt Mühlacker)
PaintTool SAI Ver.1 (HKLM-x32\...\PaintToolSAI) (Version: - )
PDF Architect 3 (HKLM-x32\...\PDF Architect 3) (Version: 3.0.45.22485 - pdfforge GmbH)
PDF Architect 3 Create Module (x32 Version: 3.0.8.22528 - pdfforge GmbH) Hidden
PDF Architect 3 Edit Module (x32 Version: 3.0.8.22528 - pdfforge GmbH) Hidden
PDF Architect 3 View Module (x32 Version: 3.0.8.22528 - pdfforge GmbH) Hidden
PDF24 Creator 7.4.0 (HKLM-x32\...\{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1) (Version: - PDF24.org)
PDFCreator (HKLM\...\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}) (Version: 2.1.2 - pdfforge)
PDF-Viewer (HKLM\...\{A278382D-4F1B-4D47-9885-8523F7261E8D}_is1) (Version: 2.5.214.0 - Tracker Software Products Ltd)
Personal Backup 5.6 (HKLM-x32\...\Personal Backup 5_is1) (Version: 5.7.3.0 - Dr. J. Rathlev)
Platform (x32 Version: 1.39 - VIA Technologies, Inc.) Hidden
QuickTime 7 (HKLM-x32\...\{627FFC10-CE0A-497F-BA2B-208CAC638010}) (Version: 7.77.80.95 - Apple Inc.)
QuickTime Alternative 3.2.2 (HKLM-x32\...\QuicktimeAlt_is1) (Version: 3.2.2 - )
Roadkil's Disk Image Version 1.6 (HKLM-x32\...\{2AE21A08-FF8E-44CF-84C7-F5571DBF7360}_is1) (Version: - Roadkil.Net)
RollerCoaster Tycoon 3: Platinum! (HKLM-x32\...\Steam App 2700) (Version: - Frontier)
RSDLite (HKLM-x32\...\{5ED80B30-4DAE-4D73-9D62-AD89F661AF46}) (Version: 5.7 - Motorola)
SciTE4AutoIt3 15.920.938.0 (HKLM-x32\...\SciTE4AutoIt3) (Version: 15.920.938.0 - Jos van der Zande)
Scribus 1.4.5 (64bit) (HKLM\...\Scribus 1.4.5) (Version: 1.4.5 - The Scribus Team)
SDFormatter (HKLM-x32\...\{179324FF-7B16-4BA8-9836-055CAAEE4F08}) (Version: 4.0.0 - SD Association)
Secunia PSI (3.0.0.9016) (HKLM-x32\...\Secunia PSI) (Version: 3.0.0.9016 - Secunia)
Sekundarstufen-Zeichensätze 2 (2.0) (HKLM-x32\...\Sekundarstufen-Zeichensätze 2_is1) (Version: - Medienwerkstatt Mühlacker)
ShellfireVPN 2.5 (HKLM-x32\...\ShellfireVPN) (Version: 2.5 - )
SHIELD Streaming (Version: 4.1.0240 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (Version: 2.7.4.10 - NVIDIA Corporation) Hidden
smartmontools (HKLM-x32\...\smartmontools) (Version: 6.3 2014-07-26 r3976 (sf-6.3-1) - smartmontools.org)
SmartSound Quicktracks for Premiere Elements (HKLM-x32\...\InstallShield_{F6234880-85BE-4DCB-8A45-1FF85A1A8552}) (Version: 3.11.3090 - SmartSound Software Inc)
SmartSound Quicktracks for Premiere Elements (x32 Version: 3.11.3090 - SmartSound Software Inc) Hidden
Sony PC Companion 2.10.259 (HKLM-x32\...\{F09EF8F2-0976-42C1-8D9D-8DF78337C6E3}) (Version: 2.10.259 - Sony)
Spore (HKLM-x32\...\Steam App 17390) (Version: - Maxis™)
Spore: Galactic Adventures (HKLM-x32\...\Steam App 24720) (Version: - EA - Maxis)
Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
TeamViewer 11 (HKLM-x32\...\TeamViewer) (Version: 11.0.52465 - TeamViewer)
The Dark Eye: Chains of Satinav (HKLM-x32\...\Steam App 203830) (Version: - Daedalic Entertainment)
The Night of the Rabbit (HKLM-x32\...\Steam App 230820) (Version: - Daedalic Entertainment)
The Saddle Club (HKLM-x32\...\Saddle Club) (Version: 1.0 - Tate Interactive)
The Walking Dead (HKLM-x32\...\Steam App 207610) (Version: - )
The Walking Dead: Season Two (HKLM-x32\...\Steam App 261030) (Version: - Telltale Games)
The Whispered World Special Edition (HKLM-x32\...\Steam App 268540) (Version: - Daedalic Entertainment)
TightVNC (HKLM\...\{D2372F87-7DA2-47F7-A102-AF2181B8EAA2}) (Version: 2.7.10.0 - GlavSoft LLC.)
Total Commander 64-bit (Remove or Repair) (HKLM\...\Totalcmd64) (Version: 8.51a - Ghisler Software GmbH)
TP-LINK 300Mbps Wireless USB Adapter Treiber (HKLM-x32\...\{852E893E-E4FD-45BB-8B17-72ADDF686974}) (Version: 1.3.1 - TP-LINK)
TP-LINK-Konfigurationstool (HKLM-x32\...\{319D91C6-3D44-436C-9F79-36C0D22372DC}) (Version: 1.3.1 - TP-LINK)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
Update für Microsoft Office Excel 2007 Help (KB963678) (HKLM-x32\...\{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{BEC163EC-7A83-48A1-BFB6-3BF47CC2F8CF}) (Version: - Microsoft)
Update für Microsoft Office Outlook 2007 Help (KB963677) (HKLM-x32\...\{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{F6828576-6F79-470D-AB50-69D1BBADBD30}) (Version: - Microsoft)
Update für Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM-x32\...\{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{EA160DA3-E9B5-4D03-A518-21D306665B96}) (Version: - Microsoft)
Update für Microsoft Office Word 2007 Help (KB963665) (HKLM-x32\...\{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{38472199-D7B6-4833-A949-10E4EE6365A1}) (Version: - Microsoft)
Vereinfachte Ausgangsschrift (3.1) (HKLM-x32\...\Vereinfachte Ausgangsschrift_is1) (Version: 3.1.0 - Medienwerkstatt Mühlacker)
VIA Plattform-Geräte-Manager (HKLM-x32\...\InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}) (Version: 1.39 - VIA Technologies, Inc.)
VLC media player (HKLM\...\VLC media player) (Version: 2.2.1 - VideoLAN)
VMware Player (HKLM-x32\...\VMware_Player) (Version: 6.0.1 - VMware, Inc)
VMware Player (Version: 6.0.1 - VMware, Inc.) Hidden
VNC Viewer 5.1.0 (HKLM\...\{8F29CFF4-4A54-4C34-8905-B74527DE93C8}) (Version: 5.1.0 - RealVNC Ltd)
VobSub v2.23 (Remove Only) (HKLM-x32\...\VobSub) (Version: - )
Wacom (HKLM\...\Pen Tablet Driver) (Version: 5.3.5-3 - Wacom Technology Corp.)
WD SES Driver Setup (x32 Version: 1.0.4.11 - Western Digital) Hidden
WebTablet FB Plugin 32 bit (HKLM-x32\...\Wacom WebTabletPlugin for Internet Explorer and Netscape) (Version: 2.1.0.7 - Wacom Technology Corp.)
WebTablet FB Plugin 64 bit (HKLM\...\Wacom WebTabletPlugin for Internet Explorer and Netscape) (Version: 2.1.0.7 - Wacom Technology Corp.)
Welt der Wunder - Eine Stadt spielt verrueckt (HKLM-x32\...\{DADC3DDB-589B-4299-83D0-673A76AEB927}) (Version: 1.00.0000 - Terzio Verlag)
Win32DiskImager version 0.9.5 (HKLM-x32\...\{D074CE74-912A-4AD3-A0BF-3937D9D01F17}_is1) (Version: 0.9.5 - ImageWriter Developers)
WinCDEmu (HKLM-x32\...\WinCDEmu) (Version: 3.6 - Bazis)
WinDirStat 1.1.2 (HKU\S-1-5-21-3895678430-1897185528-4005713618-1000\...\WinDirStat) (Version: - )
Windows 7 USB/DVD Download Tool (HKLM-x32\...\{CCF298AF-9CE1-4B26-B251-486E98A34789}) (Version: 1.0.30 - Microsoft Corporation)
XnView 2.34 (HKLM-x32\...\XnView_is1) (Version: 2.34 - Gougelet Pierre-e)
XviD MPEG4 Video Codec (remove only) (HKLM-x32\...\XviD MPEG4 Video Codec) (Version: - )
==================== Benutzerdefinierte CLSID (Nicht auf der Ausnahmeliste): ==========================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
CustomCLSID: HKU\S-1-5-21-3895678430-1897185528-4005713618-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Eltern\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3895678430-1897185528-4005713618-1000_Classes\CLSID\{268502F4-815D-4358-A8D6-B783FDB58EF0}\InprocServer32 -> C:\Users\Eltern\AppData\Roaming\Telekom\MediencenterSync\DTAG.Mediencenter.ContextMenuHandler.dll (Deutsche Telekom AG)
CustomCLSID: HKU\S-1-5-21-3895678430-1897185528-4005713618-1000_Classes\CLSID\{3134f9f1-f02f-075b-a5d0-ad606b5e5a057}\InprocServer32 -> 0x12F2ADEE772BD10100D81B9C33374F01000000000000000000000000 => Keine Datei
CustomCLSID: HKU\S-1-5-21-3895678430-1897185528-4005713618-1000_Classes\CLSID\{528EE335-5034-4EFC-834E-63E5F02D2BC2}\InprocServer32 -> C:\Users\Eltern\AppData\Roaming\Telekom\MediencenterSync\DTAG.Mediencenter.IconOverlayHandler.dll (Deutsche Telekom AG)
CustomCLSID: HKU\S-1-5-21-3895678430-1897185528-4005713618-1000_Classes\CLSID\{5654b362-b14b-cc96-9d33-6e5cb82b4a7b8}\InprocServer32 -> 0x46674941414376564A485568356330424867435336684E6E50356D3348666E745648716639442F48495165374168476672 (Der Dateneintrag hat 85 mehr Zeichen).
CustomCLSID: HKU\S-1-5-21-3895678430-1897185528-4005713618-1000_Classes\CLSID\{6066ADF0-9EB0-43E5-ADB6-990F5A3B979C}\InprocServer32 -> C:\Users\Eltern\AppData\Roaming\Telekom\MediencenterSync\DTAG.Mediencenter.IconOverlayHandler.dll (Deutsche Telekom AG)
CustomCLSID: HKU\S-1-5-21-3895678430-1897185528-4005713618-1000_Classes\CLSID\{77BC4082-DB5F-439A-8DC8-F9E24A63B0DE}\InprocServer32 -> C:\Users\Eltern\AppData\Roaming\Telekom\MediencenterSync\DTAG.Mediencenter.IconOverlayHandler.dll (Deutsche Telekom AG)
CustomCLSID: HKU\S-1-5-21-3895678430-1897185528-4005713618-1000_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Users\Eltern\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3895678430-1897185528-4005713618-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Eltern\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3895678430-1897185528-4005713618-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Eltern\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3895678430-1897185528-4005713618-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Eltern\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3895678430-1897185528-4005713618-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Eltern\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3895678430-1897185528-4005713618-1000_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Eltern\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3895678430-1897185528-4005713618-1000_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Eltern\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3895678430-1897185528-4005713618-1000_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Eltern\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3895678430-1897185528-4005713618-1000_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Eltern\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3895678430-1897185528-4005713618-1000_Classes\CLSID\{FBC9D74C-AF55-4309-9FB2-C426E071637F}\InprocServer32 -> C:\Users\Eltern\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll (Dropbox, Inc.)
==================== Wiederherstellungspunkte =========================
==================== Hosts Inhalt: ===============================
(Wenn benötigt kann der Hosts: Schalter in die Fixlist aufgenommen werden um die Hosts Datei zurückzusetzen.)
2009-07-14 03:34 - 2015-12-08 15:32 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 localhost
==================== Geplante Aufgaben (Nicht auf der Ausnahmeliste) =============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
Task: {0BD88260-DFC0-4B48-80AA-250977B03679} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-11-11] (Adobe Systems Incorporated)
Task: {3808E1E8-C9E7-4FA1-A3B0-C8CC7DB376EC} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-10-28] (Adobe Systems Incorporated)
Task: {3F1DA09F-EC94-48A4-BE5F-FB9B050F2DF4} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-3895678430-1897185528-4005713618-1000UA => C:\Users\Eltern\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2015-06-17] (Dropbox, Inc.)
Task: {43F84C7A-BD92-4B8E-B53A-49B4F5EB6047} - System32\Tasks\{DCB5CAA0-5AE1-493E-B9F8-8CA4D76A9B46} => C:\Program Files (x86)\Easy Paint Tool SAI\sai.exe [2008-12-28] ()
Task: {50C59EA6-A7DE-4188-8368-F44DB611865F} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)
Task: {52CF7AB7-5586-4120-A657-863837E36F38} - System32\Tasks\Games\UpdateCheck_S-1-5-21-3895678430-1897185528-4005713618-1006
Task: {5456F407-8EC4-44BF-A109-E31D0471E202} - System32\Tasks\{5F93A1FE-EE5D-4446-A51B-86420ABE934C} => pcalua.exe -a C:\Windows\IsUn0407.exe -c -fC:\Windows\DeIsL1.isu
Task: {61A1C62D-8D35-4CEA-B394-9A36033256DF} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)
Task: {61E5B0D2-AD97-4B78-BD34-5F7CDBB7044C} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe [2015-12-03] (AVAST Software)
Task: {67446E35-C1B2-4989-AF93-07DDB222497C} - System32\Tasks\Motorola Device Manager Update => C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotorolaDeviceManagerUpdate.exe [2013-10-31] ()
Task: {77CC32FC-D3FB-4E6B-A95C-E855D4D681E0} - \Backup Fotos -> Keine Datei <==== ACHTUNG
Task: {B7DF891E-47E5-47A6-B63E-FE9E550C48B3} - System32\Tasks\P nach D-Sicherungen => C:\Program Files (x86)\Personal Backup 5\PbPlaner.exe [2015-10-02] (DR. J. Rathlev, D-24222 Schwentinental)
Task: {DA8DADDC-9EE3-4250-BA19-241E7EE3441A} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-3895678430-1897185528-4005713618-1000Core => C:\Users\Eltern\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2015-06-17] (Dropbox, Inc.)
Task: {DF510810-C8EE-4FEC-9685-D4EA555880CB} - System32\Tasks\{78F40817-4110-442F-84F4-3FD6A036489A} => C:\Program Files (x86)\Easy Paint Tool SAI\sai.exe [2008-12-28] ()
Task: {EA63E5B8-1466-46FD-A63D-4B82FD8A4B61} - System32\Tasks\Motorola Device Manager Engine => C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotorolaDeviceManagerUpdate.exe [2013-10-31] ()
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Aufgabe verschoben. Die Datei, die durch die Aufgabe gestartet wird, wird nicht verschoben.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-3895678430-1897185528-4005713618-1000Core.job => C:\Users\Eltern\AppData\Local\Dropbox\Update\DropboxUpdate.exe
Task: C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-3895678430-1897185528-4005713618-1000UA.job => C:\Users\Eltern\AppData\Local\Dropbox\Update\DropboxUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\NAS.job => D:\DeltaCopy\NAS.dc
Task: C:\Windows\Tasks\P nach D-Sicherungen.job => C:\Program Files (x86)\Personal Backup 5\PbPlaner.exe
==================== Verknüpfungen =============================
(Die Einträge können gelistet werden, um sie zurückzusetzen oder zu entfernen.)
==================== Geladene Module (Nicht auf der Ausnahmeliste) ==============
2015-11-26 08:24 - 2015-11-14 07:06 - 00116528 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2014-09-07 22:10 - 2015-11-16 16:18 - 00020240 _____ () C:\Windows\system32\spool\PRTPROCS\x64\TeamViewer_PrintProcessor.dll
2004-09-30 19:15 - 2004-09-30 19:15 - 00192000 _____ () C:\Program Files\LinkShellExtension\RockallDLL.dll
2010-01-02 15:42 - 2010-01-02 15:42 - 00098304 _____ () C:\Program Files (x86)\FileZilla FTP Client\fzshellext_64.dll
2014-02-12 22:55 - 2012-08-09 11:55 - 00078480 _____ () C:\Program Files (x86)\VIA\VIAudioi\VDeck\QsApoApi64.dll
2014-02-12 22:55 - 2012-08-09 11:55 - 00386192 _____ () C:\Program Files (x86)\VIA\VIAudioi\VDeck\Dts2ApoApi64.dll
2014-02-14 14:15 - 2007-05-31 07:38 - 00167936 _____ () C:\Windows\SysWOW64\SerialXP.dll
2013-10-31 16:05 - 2013-10-31 16:05 - 00172032 _____ () C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\css_core.dll
2015-11-26 08:25 - 2015-11-16 04:35 - 00012080 _____ () C:\Program Files (x86)\NVIDIA Corporation\Update Core\detoured.dll
2015-12-08 21:39 - 2015-12-08 21:39 - 00071168 _____ () c:\users\eltern\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpqshst7.dll
2015-03-04 22:45 - 2015-09-03 01:11 - 00012800 _____ () C:\Users\Eltern\AppData\Roaming\Dropbox\bin\QtQuick.2\qtquick2plugin.dll
2015-03-04 22:45 - 2015-09-03 01:11 - 00779776 _____ () C:\Users\Eltern\AppData\Roaming\Dropbox\bin\QtQuick\Controls\qtquickcontrolsplugin.dll
2015-07-30 21:19 - 2015-09-03 01:11 - 00056320 _____ () C:\Users\Eltern\AppData\Roaming\Dropbox\bin\QtQuick\Layouts\qquicklayoutsplugin.dll
2015-03-04 22:45 - 2015-09-03 01:11 - 00012288 _____ () C:\Users\Eltern\AppData\Roaming\Dropbox\bin\QtQuick\Window.2\windowplugin.dll
2009-07-13 22:03 - 2009-07-14 02:15 - 00364544 _____ () C:\Windows\SysWOW64\msjetoledb40.dll
2013-10-18 12:46 - 2013-10-18 12:46 - 01260624 _____ () C:\Program Files (x86)\VMware\VMware Player\libxml2.dll
2014-08-04 14:28 - 2015-10-05 08:22 - 00074272 _____ () C:\Program Files (x86)\PDF24\zlib.dll
2014-08-04 14:28 - 2015-10-05 08:22 - 00051744 _____ () C:\Program Files (x86)\PDF24\OperationUI.dll
==================== Alternate Data Streams (Nicht auf der Ausnahmeliste) =========
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird nur der ADS entfernt.)
==================== Abgesicherter Modus (Nicht auf der Ausnahmeliste) ===================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Der Wert "AlternateShell" wird wiederhergestellt.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PEVSystemStart => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\procexp90.Sys => ""="Driver"
==================== EXE Verknüpfungen (Nicht auf der Ausnahmeliste) ===============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt.)
==================== Internet Explorer Vertrauenswürdig/Eingeschränkt ===============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt.)
==================== Andere Bereiche ============================
(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)
HKU\S-1-5-21-3895678430-1897185528-4005713618-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Eltern\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
HKU\S-1-5-21-3895678430-1897185528-4005713618-1006\Control Panel\Desktop\\Wallpaper -> C:\Users\Wartung\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.178.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall ist aktiviert.
==================== MSCONFIG/TASK MANAGER Deaktivierte Einträge ==
(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)
MSCONFIG\Services: AdobeARMservice => 2
MSCONFIG\Services: Avira.OE.ServiceHost => 2
MSCONFIG\Services: gupdate => 2
MSCONFIG\Services: gupdatem => 3
MSCONFIG\Services: jswpsapi => 3
MSCONFIG\Services: Secunia PSI Agent => 3
MSCONFIG\Services: Secunia Update Agent => 2
MSCONFIG\Services: ShellfireVPN2Service => 2
MSCONFIG\Services: Steam Client Service => 3
MSCONFIG\Services: SXDS10 => 3
MSCONFIG\Services: TeamViewer9 => 2
MSCONFIG\Services: WTabletServiceCon => 2
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^TP-LINK-Konfigurationstool.lnk => C:\Windows\pss\TP-LINK-Konfigurationstool.lnk.CommonStartup
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: APSDaemon => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: Avira Systray => C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe
MSCONFIG\startupreg: BDRegion => C:\Program Files (x86)\Cyberlink\Shared files\brs.exe
MSCONFIG\startupreg: CLMLServer => "C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe"
MSCONFIG\startupreg: GrooveMonitor => "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
MSCONFIG\startupreg: LGODDFU => C:\Program Files (x86)\lg_fwupdate\lgfw.exe blrun
MSCONFIG\startupreg: NetDrive2 => "C:\Program Files\NetDrive2\NetDrive2.exe" -tray
MSCONFIG\startupreg: QuickTime Task => "C:\Program Files (x86)\QuickTime Alternative\QTTask.exe" -atboottime
MSCONFIG\startupreg: RemoteControl10 => "C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe"
MSCONFIG\startupreg: Sony PC Companion => "C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe" /Background
MSCONFIG\startupreg: Spotify => "C:\Users\Eltern\AppData\Roaming\Spotify\spotify.exe" /uri spotify:autostart
MSCONFIG\startupreg: UpdatePPShortCut => "C:\Program Files (x86)\CyberLink\PowerProducer\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\PowerProducer" update "Software\CyberLink\PowerProducer\5.0"
==================== Firewall Regeln (Nicht auf der Ausnahmeliste) ===============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
FirewallRules: [TCP Query User{29F07AD5-5A56-493E-9C6E-825555D3412A}C:\totalcmd\totalcmd64.exe] => (Allow) C:\totalcmd\totalcmd64.exe
FirewallRules: [UDP Query User{53C57400-E93A-4A9A-BD6F-93861EB2E971}C:\totalcmd\totalcmd64.exe] => (Allow) C:\totalcmd\totalcmd64.exe
FirewallRules: [{258BFE41-3A05-40B8-8A00-B7077D33338D}] => (Allow) C:\Users\Eltern\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{DEA40A68-7277-4CD1-913E-8B0A88644FCD}] => (Allow) C:\Users\Eltern\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{0280CD04-02C8-423F-B78F-926D69C44D3E}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD10\PowerDVD Cinema\PowerDVDCinema10.exe
FirewallRules: [{AB999B92-FFB0-4346-A467-96FE82FF3A9D}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD10\PowerDVD10.EXE
FirewallRules: [{9694253A-8D1E-44BB-8E4D-5896F5BD3A71}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{47408284-3E3F-46E7-856D-F11DB006B21B}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{E2BD761B-F729-483B-88A8-9D60E79FE15E}] => (Allow) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer.exe
FirewallRules: [{70A1859D-EF4C-4943-8B7D-A78A68EBD634}] => (Allow) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer.exe
FirewallRules: [{D9D74EB9-5B19-4FB6-B5B2-0B2248519DE7}] => (Allow) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
FirewallRules: [{2A07A77B-BB10-4C77-84D4-CDEA43BBCBC1}] => (Allow) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
FirewallRules: [{DF42F26A-85BA-4FBE-8D16-62910A0024EA}] => (Allow) C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe
FirewallRules: [{C5118E0F-F493-415B-ABCD-DE0DADA8AE76}] => (Allow) C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe
FirewallRules: [TCP Query User{C9C238DE-B9F6-4881-AECC-7256CA21C286}C:\users\eltern\desktop\lan_messenger.exe] => (Allow) C:\users\eltern\desktop\lan_messenger.exe
FirewallRules: [UDP Query User{EB75AFAA-D2CB-41B5-8016-7403E36CEC4E}C:\users\eltern\desktop\lan_messenger.exe] => (Allow) C:\users\eltern\desktop\lan_messenger.exe
FirewallRules: [{B65F3561-93FD-4B20-89F5-AC3E7755A695}] => (Block) C:\users\eltern\desktop\lan_messenger.exe
FirewallRules: [{E2BAA91E-937F-402F-99F3-CE97E96ABF09}] => (Block) C:\users\eltern\desktop\lan_messenger.exe
FirewallRules: [TCP Query User{ABD8B441-7157-40BA-A2C7-1F917B70321A}C:\program files (x86)\qnap\qsync\qsync.exe] => (Allow) C:\program files (x86)\qnap\qsync\qsync.exe
FirewallRules: [UDP Query User{6E2A333E-BFCF-4C0E-BC6D-1CC96F508041}C:\program files (x86)\qnap\qsync\qsync.exe] => (Allow) C:\program files (x86)\qnap\qsync\qsync.exe
FirewallRules: [{759CA867-4E71-4B8B-B964-32776853F2EC}] => (Block) C:\program files (x86)\qnap\qsync\qsync.exe
FirewallRules: [{950D6851-0EA9-4148-87E2-26083880114C}] => (Block) C:\program files (x86)\qnap\qsync\qsync.exe
FirewallRules: [{905C0963-3F0B-4525-B2A4-3BD388F3DC2D}] => (Block) D:\deltacopy\rsync.exe
FirewallRules: [{542F0642-BDBF-49A6-98A8-BB2C2339B151}] => (Block) D:\deltacopy\rsync.exe
FirewallRules: [{989999EB-DE29-4CDD-B95F-4E597267C77A}] => (Allow) LPort=873
FirewallRules: [TCP Query User{72267810-3206-46DE-BBF6-D677081A3713}C:\program files (x86)\qtdsync\bin\rsync.exe] => (Allow) C:\program files (x86)\qtdsync\bin\rsync.exe
FirewallRules: [UDP Query User{5150BB0F-68AF-4BBE-8FD4-73735BE1B333}C:\program files (x86)\qtdsync\bin\rsync.exe] => (Allow) C:\program files (x86)\qtdsync\bin\rsync.exe
FirewallRules: [{EB34C185-A34E-4F6A-9024-475602E86303}] => (Block) C:\program files (x86)\qtdsync\bin\rsync.exe
FirewallRules: [{59B75B0A-8344-4C72-A461-022DE8944EE4}] => (Block) C:\program files (x86)\qtdsync\bin\rsync.exe
FirewallRules: [TCP Query User{669AF79C-5DBC-4CA4-B9A3-2A2B347470AF}C:\users\eltern\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\eltern\appdata\roaming\spotify\spotify.exe
FirewallRules: [UDP Query User{52ADE07C-BD8A-4703-9863-357AA5F5AA91}C:\users\eltern\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\eltern\appdata\roaming\spotify\spotify.exe
FirewallRules: [{A0EA3167-A778-42F1-969A-BD3696680F70}] => (Block) C:\users\eltern\appdata\roaming\spotify\spotify.exe
FirewallRules: [{3B9319D2-D0EA-42F4-B91E-8CD463FC748C}] => (Block) C:\users\eltern\appdata\roaming\spotify\spotify.exe
FirewallRules: [{77B40516-6549-4A6E-88E2-D548C98F798A}] => (Allow) C:\Program Files (x86)\hMailServer\Bin\DBSetup.exe
FirewallRules: [{83124B05-3E22-4C41-8044-6DA16263F1E6}] => (Allow) C:\Program Files (x86)\hMailServer\Bin\DBSetup.exe
FirewallRules: [{1CB0FC97-E7DF-4A00-A30C-7620A6CDE210}] => (Allow) C:\Program Files (x86)\hMailServer\Bin\DBSetup.exe
FirewallRules: [{78EC9183-58F1-4CDD-8005-A9F9400ABA39}] => (Allow) C:\Program Files (x86)\hMailServer\Bin\DBSetup.exe
FirewallRules: [{125829A5-AE6C-4DA6-9105-DE9D04EE8D18}] => (Allow) C:\Program Files (x86)\hMailServer\Bin\hMailAdmin.exe
FirewallRules: [{293D01A1-FC5C-4EC9-B1B4-068A27C77F44}] => (Allow) C:\Program Files (x86)\hMailServer\Bin\hMailAdmin.exe
FirewallRules: [{FB004255-872C-4DDC-8296-DE20572FDBBD}] => (Allow) C:\Program Files (x86)\hMailServer\Bin\hMailAdmin.exe
FirewallRules: [{119942AA-CFA2-46F6-B2BC-BC8B9A6CED35}] => (Allow) C:\Program Files (x86)\hMailServer\Bin\hMailAdmin.exe
FirewallRules: [{DBB6A798-AD51-42D9-867D-EAFFF43F9BE8}] => (Allow) C:\Program Files (x86)\hMailServer\Bin\hMailServer.exe
FirewallRules: [{6CEE52B0-ABBA-45C6-97A4-43B2588F8FE4}] => (Allow) C:\Program Files (x86)\hMailServer\Bin\hMailServer.exe
FirewallRules: [{840E7516-C8A4-42AA-9BCB-24F7BCAFDEDA}] => (Allow) C:\Program Files (x86)\hMailServer\Bin\hMailServer.exe
FirewallRules: [{D3686D56-B69F-4425-AFC6-BD03A2464DDF}] => (Allow) C:\Program Files (x86)\hMailServer\Bin\hMailServer.exe
FirewallRules: [{0EFD9495-D4A7-4B2B-B616-4DDDB84A3036}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD10\PowerDVD Cinema\PowerDVDCinema10.exe
FirewallRules: [{C52244FE-6128-4F5C-8329-11FCF69B138B}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD10\PowerDVD10.EXE
FirewallRules: [TCP Query User{8BAE0A3D-E27A-49A3-A23F-841E96720376}D:\rsync.exe] => (Allow) D:\rsync.exe
FirewallRules: [UDP Query User{C10DE08B-C7D5-4CC6-9F76-8C591F0A76CF}D:\rsync.exe] => (Allow) D:\rsync.exe
FirewallRules: [{AD76441B-4E53-4531-A7F0-1627DC2AE105}] => (Block) D:\rsync.exe
FirewallRules: [{2C580DCE-955F-4085-BA01-49C43142664D}] => (Block) D:\rsync.exe
FirewallRules: [TCP Query User{0A78FED8-95C6-49CF-AA11-ADCC4A2CB64B}C:\program files (x86)\internet explorer\iexplore.exe] => (Allow) C:\program files (x86)\internet explorer\iexplore.exe
FirewallRules: [UDP Query User{927C3889-92BD-4021-892B-C372CC18A2DB}C:\program files (x86)\internet explorer\iexplore.exe] => (Allow) C:\program files (x86)\internet explorer\iexplore.exe
FirewallRules: [{061E4343-97EF-408E-B7ED-24FD142CF3B1}] => (Block) C:\program files (x86)\internet explorer\iexplore.exe
FirewallRules: [{968098C6-E1DD-4C5C-93B4-41977DB072B5}] => (Block) C:\program files (x86)\internet explorer\iexplore.exe
FirewallRules: [TCP Query User{3521E368-280E-46C2-B251-ECED33361892}C:\program files (x86)\java\jre7\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre7\bin\javaw.exe
FirewallRules: [UDP Query User{80FD8FC9-AFB7-4217-8780-A7BCB949B23A}C:\program files (x86)\java\jre7\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre7\bin\javaw.exe
FirewallRules: [{7F185FAE-5C75-4BEC-B544-6744F633CF71}] => (Block) C:\program files (x86)\java\jre7\bin\javaw.exe
FirewallRules: [{FB1EC708-B630-43F8-BA45-5688CFF502F0}] => (Block) C:\program files (x86)\java\jre7\bin\javaw.exe
FirewallRules: [TCP Query User{4C96636D-F83A-4881-B62D-4AD30AFAA5C6}C:\users\wartung\appdata\local\temp\pyl10b2.tmp\pyrun.exe] => (Allow) C:\users\wartung\appdata\local\temp\pyl10b2.tmp\pyrun.exe
FirewallRules: [UDP Query User{79E0279E-061D-4E61-A44A-51B07F28A601}C:\users\wartung\appdata\local\temp\pyl10b2.tmp\pyrun.exe] => (Allow) C:\users\wartung\appdata\local\temp\pyl10b2.tmp\pyrun.exe
FirewallRules: [{26467342-D578-4DD2-B401-814212554F1A}] => (Block) C:\users\wartung\appdata\local\temp\pyl10b2.tmp\pyrun.exe
FirewallRules: [{9C98F715-D43A-4AE3-8F05-19A772022F2E}] => (Block) C:\users\wartung\appdata\local\temp\pyl10b2.tmp\pyrun.exe
FirewallRules: [TCP Query User{9D590A88-E982-4182-9591-2010CB9C4936}C:\users\wartung\appdata\local\temp\pyl5d.tmp\pyrun.exe] => (Allow) C:\users\wartung\appdata\local\temp\pyl5d.tmp\pyrun.exe
FirewallRules: [UDP Query User{01FF795F-66CD-457B-A9D1-DC72B33A0ED1}C:\users\wartung\appdata\local\temp\pyl5d.tmp\pyrun.exe] => (Allow) C:\users\wartung\appdata\local\temp\pyl5d.tmp\pyrun.exe
FirewallRules: [{268D70EF-EFCF-4D52-991F-C475FD03035A}] => (Block) C:\users\wartung\appdata\local\temp\pyl5d.tmp\pyrun.exe
FirewallRules: [{728E32BF-F88E-45B0-85BD-F888E3B8546C}] => (Block) C:\users\wartung\appdata\local\temp\pyl5d.tmp\pyrun.exe
FirewallRules: [TCP Query User{EAF835AE-39E4-42D4-957F-B830B74568E8}C:\program files (x86)\motorola\rsd lite\sdl.exe] => (Allow) C:\program files (x86)\motorola\rsd lite\sdl.exe
FirewallRules: [UDP Query User{E4B034BF-362A-4E95-91ED-0C1F6E9352D1}C:\program files (x86)\motorola\rsd lite\sdl.exe] => (Allow) C:\program files (x86)\motorola\rsd lite\sdl.exe
FirewallRules: [{3E6F2739-4A3D-4D60-8C3C-B3D89C284DB7}] => (Block) C:\program files (x86)\motorola\rsd lite\sdl.exe
FirewallRules: [{8E021030-4AA4-4361-87FE-9FC4F25B1C2E}] => (Block) C:\program files (x86)\motorola\rsd lite\sdl.exe
FirewallRules: [TCP Query User{260E237B-015C-450B-A687-CE024D747C60}C:\program files (x86)\xbmc\xbmc.exe] => (Allow) C:\program files (x86)\xbmc\xbmc.exe
FirewallRules: [UDP Query User{BDB999D2-C9B1-4E3B-B885-4B47FA07D9FB}C:\program files (x86)\xbmc\xbmc.exe] => (Allow) C:\program files (x86)\xbmc\xbmc.exe
FirewallRules: [{5D0159DE-D490-4377-BF5E-762F224CA14C}] => (Block) C:\program files (x86)\xbmc\xbmc.exe
FirewallRules: [{717EA41C-93B3-4920-8172-63E9F471769A}] => (Block) C:\program files (x86)\xbmc\xbmc.exe
FirewallRules: [TCP Query User{222D53C5-EE5D-458A-BDD9-07DACDFEE28A}C:\program files\videolan\vlc\vlc.exe] => (Allow) C:\program files\videolan\vlc\vlc.exe
FirewallRules: [UDP Query User{BFD32F66-8D26-4892-A2D2-097597AC0540}C:\program files\videolan\vlc\vlc.exe] => (Allow) C:\program files\videolan\vlc\vlc.exe
FirewallRules: [{A6752A9C-AA0A-48C5-A42C-186D0B9BF429}] => (Block) C:\program files\videolan\vlc\vlc.exe
FirewallRules: [{2DD456BB-6A9A-413B-8F09-64DE7A3575F3}] => (Block) C:\program files\videolan\vlc\vlc.exe
FirewallRules: [TCP Query User{5DE16294-D654-41E5-8B97-E0D1550CA970}C:\program files (x86)\tellystream\tellystream\tellystreamserver.exe] => (Allow) C:\program files (x86)\tellystream\tellystream\tellystreamserver.exe
FirewallRules: [UDP Query User{7BD6B96A-23DB-4609-844A-92BF664D7809}C:\program files (x86)\tellystream\tellystream\tellystreamserver.exe] => (Allow) C:\program files (x86)\tellystream\tellystream\tellystreamserver.exe
FirewallRules: [{7B06B0C5-6405-470C-8C07-F8777CFB18EB}] => (Allow) C:\Program Files\Adobe\Adobe Photoshop Lightroom 5.6\lightroom.exe
FirewallRules: [{D8EB214A-1000-4F2E-A5F4-EE6F8158FCDE}] => (Allow) C:\Program Files\Adobe\Adobe Photoshop Lightroom 5.6\lightroom.exe
FirewallRules: [{3A1E31E4-549E-46FB-85EE-03E96DECC0AE}] => (Allow) C:\Program Files\Adobe\Adobe Photoshop Lightroom 5.6\lightroom.exe
FirewallRules: [{2CBCED5B-6029-4B03-868C-0D746F03E5F1}] => (Allow) C:\Program Files\Adobe\Adobe Photoshop Lightroom 5.6\lightroom.exe
FirewallRules: [{4DD38CE8-61EE-433B-9A02-4447CDBC6BCF}] => (Allow) C:\Program Files (x86)\Epson Software\ECPrinterSetup\ENPApp.exe
FirewallRules: [{90840F6E-7F18-4B63-AF8C-EE27B0A29C16}] => (Allow) C:\Program Files (x86)\Epson Software\ECPrinterSetup\ENPApp.exe
FirewallRules: [TCP Query User{323BE3FD-90D0-4F6C-897D-1ACB027B4F43}C:\program files (x86)\microsoft games\midtown madness\midtown.exe] => (Block) C:\program files (x86)\microsoft games\midtown madness\midtown.exe
FirewallRules: [UDP Query User{09655467-BE14-400F-99A2-29311719E559}C:\program files (x86)\microsoft games\midtown madness\midtown.exe] => (Block) C:\program files (x86)\microsoft games\midtown madness\midtown.exe
FirewallRules: [TCP Query User{6B1F6EDA-B37D-46C9-8023-0E76FBF5DE8E}M:\asphaltduell.exe] => (Block) M:\asphaltduell.exe
FirewallRules: [UDP Query User{E9876208-7ECA-423F-846C-F7738DC273D8}M:\asphaltduell.exe] => (Block) M:\asphaltduell.exe
FirewallRules: [{67C203B1-A501-4BAA-885A-B83A8233A14B}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{AEC85D43-8986-41BB-9253-1D81879D557A}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [TCP Query User{0B82E1A0-4E09-4669-9A62-67E5B008D743}C:\program files (x86)\remote control server\remote control server.exe] => (Allow) C:\program files (x86)\remote control server\remote control server.exe
FirewallRules: [UDP Query User{0E9F0375-5C0D-484F-BEE4-A796B91509C8}C:\program files (x86)\remote control server\remote control server.exe] => (Allow) C:\program files (x86)\remote control server\remote control server.exe
FirewallRules: [{82400928-5257-4609-89C8-562A1FDA3F65}] => (Block) C:\program files (x86)\remote control server\remote control server.exe
FirewallRules: [{14150769-EC11-4688-A5CB-37F9BE0D4080}] => (Block) C:\program files (x86)\remote control server\remote control server.exe
FirewallRules: [TCP Query User{5928B28A-95E4-4FDF-9ACD-2B224BF30200}C:\program files (x86)\mozilla firefox\firefox.exe] => (Allow) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [UDP Query User{9277AEF8-A9BF-4ACB-BC78-F7BFF400B189}C:\program files (x86)\mozilla firefox\firefox.exe] => (Allow) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [TCP Query User{FE329E16-0194-4481-8697-57DDA7EFF503}D:\demo_rad\winchip\bin\winchip.exe] => (Allow) D:\demo_rad\winchip\bin\winchip.exe
FirewallRules: [UDP Query User{1EDF0150-7A72-4B3F-AAAF-1B1A0635753F}D:\demo_rad\winchip\bin\winchip.exe] => (Allow) D:\demo_rad\winchip\bin\winchip.exe
FirewallRules: [{490712DC-5759-47AD-9B46-238E93EFE380}] => (Block) D:\demo_rad\winchip\bin\winchip.exe
FirewallRules: [{934091DC-8BC1-4EFA-8B2B-F229FE14EFE6}] => (Block) D:\demo_rad\winchip\bin\winchip.exe
FirewallRules: [{240B4DDF-B9E4-473F-B374-97BCF64A8F45}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{CC400421-DD4E-4786-B768-680A63A39988}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{0DC32D74-A696-463E-877D-64FB1F5D1306}] => (Allow) D:\Programme\SteamLibrary\SteamApps\common\Cities_Skylines\Cities.exe
FirewallRules: [{DF4978E4-CBF7-4160-842D-233CA33073F4}] => (Allow) D:\Programme\SteamLibrary\SteamApps\common\Cities_Skylines\Cities.exe
FirewallRules: [TCP Query User{441E04A6-EB26-4689-BD4A-D6D158FC4BC0}C:\users\eltern\desktop\syncthing-windows-386-v0.11.2\syncthing.exe] => (Allow) C:\users\eltern\desktop\syncthing-windows-386-v0.11.2\syncthing.exe
FirewallRules: [UDP Query User{6C77543C-C97E-4E2F-A95E-08B694B080A3}C:\users\eltern\desktop\syncthing-windows-386-v0.11.2\syncthing.exe] => (Allow) C:\users\eltern\desktop\syncthing-windows-386-v0.11.2\syncthing.exe
FirewallRules: [{7948AC79-9733-4748-8326-22B27BE3FB22}] => (Block) C:\users\eltern\desktop\syncthing-windows-386-v0.11.2\syncthing.exe
FirewallRules: [{8B1EB0C9-3A45-4C09-AAB8-091AD87DE2AC}] => (Block) C:\users\eltern\desktop\syncthing-windows-386-v0.11.2\syncthing.exe
FirewallRules: [TCP Query User{043C0EB1-9805-41F6-ADD1-368538896339}C:\program files (x86)\calibre2\calibre.exe] => (Allow) C:\program files (x86)\calibre2\calibre.exe
FirewallRules: [UDP Query User{3F4D5877-01F9-4312-A3D5-97DF4940C3D8}C:\program files (x86)\calibre2\calibre.exe] => (Allow) C:\program files (x86)\calibre2\calibre.exe
FirewallRules: [{9BDCF337-84D2-4776-8C2B-5635C9225426}] => (Block) C:\program files (x86)\calibre2\calibre.exe
FirewallRules: [{B14BA50A-BEC2-4556-B21E-C701979976C4}] => (Block) C:\program files (x86)\calibre2\calibre.exe
FirewallRules: [TCP Query User{642682EF-2B21-4715-9143-C016023943D7}C:\program files (x86)\qnap\qfinder\qfinder.exe] => (Allow) C:\program files (x86)\qnap\qfinder\qfinder.exe
FirewallRules: [UDP Query User{516D39E3-ACBD-42FF-9594-2B61E42EBDD3}C:\program files (x86)\qnap\qfinder\qfinder.exe] => (Allow) C:\program files (x86)\qnap\qfinder\qfinder.exe
FirewallRules: [{8F722FCD-3BEE-4A66-9EB8-F6672DF681CF}] => (Block) C:\program files (x86)\qnap\qfinder\qfinder.exe
FirewallRules: [{E6F19BC4-3400-4330-8333-0543F09DD8C9}] => (Block) C:\program files (x86)\qnap\qfinder\qfinder.exe
FirewallRules: [TCP Query User{2A40A479-7235-4C44-B0E3-2E987E79B7A7}C:\program files (x86)\kodi\kodi.exe] => (Allow) C:\program files (x86)\kodi\kodi.exe
FirewallRules: [UDP Query User{BE62A8A3-4045-4778-8198-9F9C4D70DB13}C:\program files (x86)\kodi\kodi.exe] => (Allow) C:\program files (x86)\kodi\kodi.exe
FirewallRules: [{06B054F0-05E5-45CC-B848-8C4CB7E3C5DB}] => (Block) C:\program files (x86)\kodi\kodi.exe
FirewallRules: [{E0B89CAB-FC92-4504-8C72-6D6CC2F28B9B}] => (Block) C:\program files (x86)\kodi\kodi.exe
FirewallRules: [{461CC046-5FB8-422A-BFF2-5A984B698384}] => (Allow) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe
FirewallRules: [{1C0893FF-FAD8-42A1-B618-A2FC8E58B443}] => (Allow) C:\Program Files (x86)\Steam\streaming_client.exe
FirewallRules: [{CDE11D33-5BDC-499A-A9DF-501C4DDA7142}] => (Allow) C:\Program Files (x86)\Steam\streaming_client.exe
FirewallRules: [{30B0DCC2-FF7E-41DE-844D-12180E0F46E5}] => (Allow) C:\Program Files (x86)\Steam\streaming_client.exe
FirewallRules: [{17D929CC-2F71-4D5C-A8C1-319EF437A16E}] => (Allow) C:\Program Files (x86)\Steam\streaming_client.exe
FirewallRules: [{6E348405-7702-4216-A8F4-0A4BC24A914B}] => (Allow) D:\Programme\SteamLibrary\SteamApps\common\The Whispered World Special Edition\twwse.exe
FirewallRules: [{E14C72C2-ACD6-4FF0-95A7-4B1E89D07EDC}] => (Allow) D:\Programme\SteamLibrary\SteamApps\common\The Whispered World Special Edition\twwse.exe
FirewallRules: [{B9699CB7-3B80-43B9-A845-BD51577887E3}] => (Allow) D:\Programme\SteamLibrary\SteamApps\common\The Whispered World Special Edition\VisionaireConfigurationTool.exe
FirewallRules: [{19BEDDC0-A790-4E97-9D61-15DE47D626FB}] => (Allow) D:\Programme\SteamLibrary\SteamApps\common\The Whispered World Special Edition\VisionaireConfigurationTool.exe
FirewallRules: [{8D9D15BC-BD87-49B1-838E-80909199F5DD}] => (Allow) D:\Programme\SteamLibrary\SteamApps\common\Chaos on Deponia\deponia2.exe
FirewallRules: [{4501BB53-D25A-46B6-AA1F-0612A98484CF}] => (Allow) D:\Programme\SteamLibrary\SteamApps\common\Chaos on Deponia\deponia2.exe
FirewallRules: [{7276B5D1-45B6-4945-AE4A-50062DD166D6}] => (Allow) D:\Programme\SteamLibrary\SteamApps\common\Chaos on Deponia\VisionaireConfigurationTool.exe
FirewallRules: [{B0D4B363-5FB4-4603-A7AF-8F0FA9B21965}] => (Allow) D:\Programme\SteamLibrary\SteamApps\common\Chaos on Deponia\VisionaireConfigurationTool.exe
FirewallRules: [{954C0909-474C-4263-B46A-B1D421A6F967}] => (Allow) D:\Programme\SteamLibrary\SteamApps\common\A New Beginning\anb.exe
FirewallRules: [{E61F8BED-F0A5-4893-A2C6-DA4060131E91}] => (Allow) D:\Programme\SteamLibrary\SteamApps\common\A New Beginning\anb.exe
FirewallRules: [{987A240F-63B9-4A2B-AFF4-48A726211DB1}] => (Allow) D:\Programme\SteamLibrary\SteamApps\common\A New Beginning\VisionaireConfigurationTool.exe
FirewallRules: [{229DD41E-01F0-4EBD-A688-87893DA48FA6}] => (Allow) D:\Programme\SteamLibrary\SteamApps\common\A New Beginning\VisionaireConfigurationTool.exe
FirewallRules: [{AB0BCBB5-D019-4046-AAA2-BDB184C3A254}] => (Allow) D:\Programme\SteamLibrary\SteamApps\common\Rollercoaster Tycoon 3 Gold\RCT3plus.exe
FirewallRules: [{9012C265-3017-4510-B8CE-54207B76C558}] => (Allow) D:\Programme\SteamLibrary\SteamApps\common\Rollercoaster Tycoon 3 Gold\RCT3plus.exe
FirewallRules: [{706508DF-2C11-40FC-B218-5F5ADE29825D}] => (Allow) D:\Programme\SteamLibrary\SteamApps\common\Goodbye Deponia\deponia3.exe
FirewallRules: [{F9BBE23A-D899-4642-B4A4-36085B3D25C4}] => (Allow) D:\Programme\SteamLibrary\SteamApps\common\Goodbye Deponia\deponia3.exe
FirewallRules: [{E0B9BE05-3B03-4129-9CC1-2C0DFBD93314}] => (Allow) D:\Programme\SteamLibrary\SteamApps\common\Goodbye Deponia\VisionaireConfigurationTool.exe
FirewallRules: [{64AA602D-1BA1-4053-AAFF-3066E7B8DC58}] => (Allow) D:\Programme\SteamLibrary\SteamApps\common\Goodbye Deponia\VisionaireConfigurationTool.exe
FirewallRules: [{7EB5982B-6D8D-4202-B5EA-7BA655360FC5}] => (Allow) D:\Programme\SteamLibrary\SteamApps\common\TheDarkEye Cos\satinav.exe
FirewallRules: [{89BEAFE8-3E89-4003-8C6E-F510E374984C}] => (Allow) D:\Programme\SteamLibrary\SteamApps\common\TheDarkEye Cos\satinav.exe
FirewallRules: [{699097E8-E804-46A2-B22E-277385869F1C}] => (Allow) D:\Programme\SteamLibrary\SteamApps\common\TheDarkEye Cos\VisionaireConfigurationTool.exe
FirewallRules: [{F74BC864-C682-47AD-87D5-E7F6740059CF}] => (Allow) D:\Programme\SteamLibrary\SteamApps\common\TheDarkEye Cos\VisionaireConfigurationTool.exe
FirewallRules: [{96D3BE0A-D7EE-4B54-8D37-BAB83E246634}] => (Allow) D:\Programme\SteamLibrary\SteamApps\common\The Night of the Rabbit\rabbit.exe
FirewallRules: [{9842BF2C-EAEA-4BE7-BE7A-3A6393ABE9C3}] => (Allow) D:\Programme\SteamLibrary\SteamApps\common\The Night of the Rabbit\rabbit.exe
FirewallRules: [{1F2C1D8E-BDA5-4459-AEAA-E9162D429FC6}] => (Allow) D:\Programme\SteamLibrary\SteamApps\common\The Night of the Rabbit\VisionaireConfigurationTool.exe
FirewallRules: [{724ACA3E-B21B-4405-B40F-D4EEB135E504}] => (Allow) D:\Programme\SteamLibrary\SteamApps\common\The Night of the Rabbit\VisionaireConfigurationTool.exe
FirewallRules: [{C2B97010-D37F-4AB0-9CC8-C66180B0B008}] => (Allow) D:\Programme\SteamLibrary\SteamApps\common\Edna and Harvey Harvey's New Eyes\harvey.exe
FirewallRules: [{AE800986-4FAC-48E3-AD8C-BA29EEA38A74}] => (Allow) D:\Programme\SteamLibrary\SteamApps\common\Edna and Harvey Harvey's New Eyes\harvey.exe
FirewallRules: [{ED61C20F-C8EC-4BA6-9232-459594F1BEA2}] => (Allow) D:\Programme\SteamLibrary\SteamApps\common\Edna and Harvey Harvey's New Eyes\VisionaireConfigurationTool.exe
FirewallRules: [{1CE9ABAB-1AAC-425B-BAFC-3A57C169E626}] => (Allow) D:\Programme\SteamLibrary\SteamApps\common\Edna and Harvey Harvey's New Eyes\VisionaireConfigurationTool.exe
FirewallRules: [{9E60596D-FDD7-4190-9B42-21B67B58867F}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\GFExperience.exe
FirewallRules: [{F66A777B-AE61-410B-AEB3-169E1DEFEC3E}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\GFExperience.exe
FirewallRules: [{454114C8-2D4B-4DCD-BE35-97FB636DE8A2}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\GFExperience.exe
FirewallRules: [{BC9E49E3-A9A6-45B0-995C-F737C159228E}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\GFExperience.exe
FirewallRules: [{E6D74074-1D33-490C-84EC-41E6F9A09495}] => (Allow) D:\Programme\SteamLibrary\SteamApps\common\Memoria\memoria.exe
FirewallRules: [{24C00696-E4B5-4344-AF38-E2BA77A118F3}] => (Allow) D:\Programme\SteamLibrary\SteamApps\common\Memoria\memoria.exe
FirewallRules: [{EF1E340A-624E-4BAA-A2A5-FE24FC6C59FE}] => (Allow) D:\Programme\SteamLibrary\SteamApps\common\Memoria\VisionaireConfigurationTool.exe
FirewallRules: [{C02810DE-09FB-48BE-97AC-925348DFA2E8}] => (Allow) D:\Programme\SteamLibrary\SteamApps\common\Memoria\VisionaireConfigurationTool.exe
FirewallRules: [{42BED6A0-8ACF-48DD-A17A-D8B8BF2A88FA}] => (Allow) D:\Programme\SteamLibrary\SteamApps\common\1954 Alcatraz\Alcatraz.exe
FirewallRules: [{A53870A5-F69E-4A51-9E7C-35F048DDE8E6}] => (Allow) D:\Programme\SteamLibrary\SteamApps\common\1954 Alcatraz\Alcatraz.exe
FirewallRules: [{58A44D3D-3E81-495E-8620-D0AB2B51147B}] => (Allow) D:\Programme\SteamLibrary\SteamApps\common\Edna & Harvey The Breakout\Edna.exe
FirewallRules: [{3840ED6E-44BF-468C-94CB-B9725B377EB1}] => (Allow) D:\Programme\SteamLibrary\SteamApps\common\Edna & Harvey The Breakout\Edna.exe
FirewallRules: [{931FFF57-F616-494B-80D2-81B4D892745C}] => (Allow) D:\Programme\SteamLibrary\SteamApps\common\The Walking Dead\WalkingDead101.exe
FirewallRules: [{E72A796E-38C3-4A95-A77D-1D5824F14A32}] => (Allow) D:\Programme\SteamLibrary\SteamApps\common\The Walking Dead\WalkingDead101.exe
FirewallRules: [{24C5EC76-BDD5-44F7-A538-06670F4F9FA9}] => (Allow) D:\Programme\SteamLibrary\SteamApps\common\The Walking Dead Season Two\TheWalkingDead2.exe
FirewallRules: [{8B7498C1-A1A9-44EC-8594-B34A7B0847BD}] => (Allow) D:\Programme\SteamLibrary\SteamApps\common\The Walking Dead Season Two\TheWalkingDead2.exe
FirewallRules: [{1ED9485C-68F1-46B2-8075-41316EE1771A}] => (Allow) D:\Programme\SteamLibrary\SteamApps\common\DiRT Rally\drt.exe
FirewallRules: [{D9D03CF3-B871-4DE6-915C-DAF1900516FB}] => (Allow) D:\Programme\SteamLibrary\SteamApps\common\DiRT Rally\drt.exe
FirewallRules: [{81A5A51C-6B4A-49CF-9C99-5577CBFC1109}] => (Allow) D:\Programme\SteamLibrary\SteamApps\common\Life Is Strange\Binaries\Win32\LifeIsStrange.exe
FirewallRules: [{1B910E90-AF93-4142-A6D4-8EF5FAC55E93}] => (Allow) D:\Programme\SteamLibrary\SteamApps\common\Life Is Strange\Binaries\Win32\LifeIsStrange.exe
FirewallRules: [{4CBC6E1F-F73A-4FAD-A3F9-3DC5F9F71F8E}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{46694A3C-CDB3-4D3C-B34F-68EC87A2104A}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{7999DAB7-F91A-482F-9420-5AA30EC834DB}] => (Allow) C:\Program Files\TightVNC\tvnviewer.exe
FirewallRules: [{913DFFB8-11CD-4CF3-92CB-3FCD6EBF80E7}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{7281AED1-9960-4014-84D4-78A25B12ED0B}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{EB26FCDB-1276-4A55-A577-ADC5139ACC2C}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [{93BE8F29-E4B5-498D-99F7-43A57DBD9360}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [{0222282C-3C72-4E6F-964F-AADCAC958F6C}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
FirewallRules: [{48AC0E5A-CF8A-4807-9CB6-A78AC84CD652}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{B0D96A5E-A766-4A4B-9B92-134CEAC8EDA9}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{B90EF960-AB65-4789-855E-8CA6312BB555}] => (Allow) D:\Programme\SteamLibrary\SteamApps\common\Spore\SporeBin\SporeApp.exe
FirewallRules: [{BC2A80AA-DEAB-4C3F-9BE7-97FA84596358}] => (Allow) D:\Programme\SteamLibrary\SteamApps\common\Spore\SporeBin\SporeApp.exe
FirewallRules: [{D4693806-2806-4286-99DF-E93D739AE761}] => (Allow) D:\Programme\SteamLibrary\SteamApps\common\Spore\SporebinEP1\SporeApp.exe
FirewallRules: [{1B8CE012-3A2D-440A-869C-19DA036F8CF5}] => (Allow) D:\Programme\SteamLibrary\SteamApps\common\Spore\SporebinEP1\SporeApp.exe
FirewallRules: [{C7C96AB0-E30B-4075-BFE9-4E41DD6FA46F}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{FFC6E107-1D2F-45FF-8E3A-EA27B3D41387}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{9493C3B6-4B8C-487F-92D9-2A0B8EEF85CF}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{A4E5898F-BA33-4BCB-95F5-18D2556E7377}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
==================== Fehlerhafte Geräte im Gerätemanager =============
==================== Fehlereinträge in der Ereignisanzeige: =========================
Applikationsfehler:
==================
Error: (12/08/2015 11:23:03 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm o8civ05l.exe, Version 2.1.19357.0 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.
Prozess-ID: 1fbc
Startzeit: 01d131a2439d4851
Endzeit: 0
Anwendungspfad: D:\Installation\o8civ05l.exe
Berichts-ID: a85e2421-9d95-11e5-870d-10feed113b80
Error: (12/07/2015 04:05:20 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: Sims2.exe, Version: 1.0.0.1005, Zeitstempel: 0x4220176e
Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00000010
ID des fehlerhaften Prozesses: 0x1b94
Startzeit der fehlerhaften Anwendung: 0xSims2.exe0
Pfad der fehlerhaften Anwendung: Sims2.exe1
Pfad des fehlerhaften Moduls: Sims2.exe2
Berichtskennung: Sims2.exe3
Error: (12/07/2015 04:05:05 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: Sims2.exe, Version: 1.0.0.1005, Zeitstempel: 0x4220176e
Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00000010
ID des fehlerhaften Prozesses: 0x5b8
Startzeit der fehlerhaften Anwendung: 0xSims2.exe0
Pfad der fehlerhaften Anwendung: Sims2.exe1
Pfad des fehlerhaften Moduls: Sims2.exe2
Berichtskennung: Sims2.exe3
Error: (12/07/2015 04:04:58 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: Sims2.exe, Version: 1.0.0.1005, Zeitstempel: 0x4220176e
Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00000010
ID des fehlerhaften Prozesses: 0x1ae0
Startzeit der fehlerhaften Anwendung: 0xSims2.exe0
Pfad der fehlerhaften Anwendung: Sims2.exe1
Pfad des fehlerhaften Moduls: Sims2.exe2
Berichtskennung: Sims2.exe3
Error: (12/07/2015 04:04:47 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: Sims2.exe, Version: 1.0.0.1005, Zeitstempel: 0x4220176e
Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00000010
ID des fehlerhaften Prozesses: 0x184c
Startzeit der fehlerhaften Anwendung: 0xSims2.exe0
Pfad der fehlerhaften Anwendung: Sims2.exe1
Pfad des fehlerhaften Moduls: Sims2.exe2
Berichtskennung: Sims2.exe3
Error: (12/07/2015 04:04:32 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: Sims2.exe, Version: 1.0.0.1005, Zeitstempel: 0x4220176e
Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00000010
ID des fehlerhaften Prozesses: 0x1468
Startzeit der fehlerhaften Anwendung: 0xSims2.exe0
Pfad der fehlerhaften Anwendung: Sims2.exe1
Pfad des fehlerhaften Moduls: Sims2.exe2
Berichtskennung: Sims2.exe3
Error: (12/07/2015 04:04:25 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: Sims2.exe, Version: 1.0.0.1005, Zeitstempel: 0x4220176e
Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00000010
ID des fehlerhaften Prozesses: 0x1dcc
Startzeit der fehlerhaften Anwendung: 0xSims2.exe0
Pfad der fehlerhaften Anwendung: Sims2.exe1
Pfad des fehlerhaften Moduls: Sims2.exe2
Berichtskennung: Sims2.exe3
Error: (12/07/2015 04:04:15 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: Sims2.exe, Version: 1.0.0.1005, Zeitstempel: 0x4220176e
Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00000010
ID des fehlerhaften Prozesses: 0xfc8
Startzeit der fehlerhaften Anwendung: 0xSims2.exe0
Pfad der fehlerhaften Anwendung: Sims2.exe1
Pfad des fehlerhaften Moduls: Sims2.exe2
Berichtskennung: Sims2.exe3
Error: (12/07/2015 04:04:03 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: Sims2.exe, Version: 1.0.0.1005, Zeitstempel: 0x4220176e
Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00000010
ID des fehlerhaften Prozesses: 0x1f04
Startzeit der fehlerhaften Anwendung: 0xSims2.exe0
Pfad der fehlerhaften Anwendung: Sims2.exe1
Pfad des fehlerhaften Moduls: Sims2.exe2
Berichtskennung: Sims2.exe3
Error: (12/07/2015 04:03:53 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: Sims2.exe, Version: 1.0.0.1005, Zeitstempel: 0x4220176e
Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00000010
ID des fehlerhaften Prozesses: 0x1de8
Startzeit der fehlerhaften Anwendung: 0xSims2.exe0
Pfad der fehlerhaften Anwendung: Sims2.exe1
Pfad des fehlerhaften Moduls: Sims2.exe2
Berichtskennung: Sims2.exe3
Systemfehler:
=============
Error: (12/08/2015 09:40:20 PM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT)
Description: AnwendungsspezifischLokalStart{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT-AUTORITÄTSYSTEMS-1-5-18LocalHost (unter Verwendung von LRPC)
Error: (12/08/2015 09:39:17 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "hardlock" wurde aufgrund folgenden Fehlers nicht gestartet:
%%577
Error: (12/08/2015 09:39:16 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "DeltaCopy Server" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2
Error: (12/08/2015 09:39:07 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "aksdf" wurde aufgrund folgenden Fehlers nicht gestartet:
%%577
Error: (12/08/2015 09:39:05 PM) (Source: volsnap) (EventID: 25) (User: )
Description: Die Schattenkopien von Volume "C:" wurden gelöscht, weil der Schattenkopiespeicher nicht rechtzeitig vergrößert wurde. Sie sollten die E/A-Last auf dem System verringern oder ein Schattenkopie-Speichervolume, von dem keine Schattenkopie erstellt wird, auswählen.
Error: (12/08/2015 09:38:54 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10000) (User: NT-AUTORITÄT)
Description: Das WLAN-Erweiterungsmodul konnte nicht gestartet werden.
Modulpfad: C:\Windows\system32\Rtlihvs.dll
Fehlercode: 126
Error: (12/08/2015 09:29:48 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10000) (User: NT-AUTORITÄT)
Description: Das WLAN-Erweiterungsmodul konnte nicht gestartet werden.
Modulpfad: C:\Windows\system32\Rtlihvs.dll
Fehlercode: 126
Error: (12/08/2015 09:16:27 PM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT)
Description: AnwendungsspezifischLokalStart{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT-AUTORITÄTSYSTEMS-1-5-18LocalHost (unter Verwendung von LRPC)
Error: (12/08/2015 09:15:27 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "hardlock" wurde aufgrund folgenden Fehlers nicht gestartet:
%%577
Error: (12/08/2015 09:15:27 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "DeltaCopy Server" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2
CodeIntegrity:
===================================
Date: 2015-12-08 21:39:17.058
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\hardlock.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
Date: 2015-12-08 21:39:16.996
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\hardlock.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
Date: 2015-12-08 21:39:07.730
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\aksdf.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
Date: 2015-12-08 21:39:07.667
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\aksdf.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
Date: 2015-12-08 21:29:55.481
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files (x86)\Telekom\Kinderschutz-Software\KS64.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2015-12-08 21:15:27.301
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\hardlock.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
Date: 2015-12-08 21:15:27.238
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\hardlock.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
Date: 2015-12-08 21:15:27.082
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\aksdf.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
Date: 2015-12-08 21:15:27.004
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\aksdf.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
Date: 2015-12-08 16:07:09.712
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files (x86)\Telekom\Kinderschutz-Software\KS64.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
==================== Speicherinformationen ===========================
Prozessor: Intel(R) Core(TM) i5-3570K CPU @ 3.40GHz
Prozentuale Nutzung des RAM: 24%
Installierter physikalischer RAM: 8153.22 MB
Verfügbarer physikalischer RAM: 6192.98 MB
Summe virtueller Speicher: 16304.64 MB
Verfügbarer virtueller Speicher: 14373.84 MB
==================== Laufwerke ================================
Drive c: () (Fixed) (Total:119.14 GB) (Free:6.59 GB) NTFS
Drive d: (Daten) (Fixed) (Total:892.45 GB) (Free:64.13 GB) NTFS
Drive m: (Sims2) (CDROM) (Total:2.73 GB) (Free:0 GB) UDF
==================== MBR & Partitionstabelle ==================
========================================================
Disk: 0 (Size: 119.2 GB) (Disk ID: 44C6CDB0)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=119.1 GB) - (Type=07 NTFS)
========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 78E4E6D0)
Partition 1: (Not Active) - (Size=892.4 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=39.1 GB) - (Type=05)
==================== Ende von Addition.txt ============================
|
|
08.12.2015, 21:42
| #19 |
| | FRST.txtCode:
ATTFilter Untersuchungsergebnis von Farbar Recovery Scan Tool (FRST) (x64) Version:05-12-2015
durchgeführt von Wartung (Administrator) auf WOHNZIMMER (08-12-2015 21:39:43)
Gestartet von D:\Installation\antivirus
Geladene Profile: Eltern & Wartung (Verfügbare Profile: Eltern & Sara & Wartung & test)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Sprache: Deutsch (Deutschland)
Internet Explorer Version 11 (Standard-Browser: FF)
Start-Modus: Normal
Anleitung für Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Prozesse (Nicht auf der Ausnahmeliste) =================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Prozess geschlossen. Die Datei wird nicht verschoben.)
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(REINER SCT) C:\Windows\SysWOW64\cjpcsc.exe
(CrypKey (Canada) Ltd.) C:\Windows\System32\Crypserv.exe
(SEIKO EPSON CORPORATION) C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_WT50RP.EXE
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(Microsoft Corporation) C:\Windows\System32\userinit.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(Motorola Mobility LLC) C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe
(Microsoft Corporation) C:\Windows\System32\msiexec.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Secomba GmbH) C:\Program Files (x86)\Boxcryptor Classic\BoxcryptorClassic.exe
(Dropbox, Inc.) C:\Users\Eltern\AppData\Local\Dropbox\Update\DropboxUpdate.exe
(Dropbox, Inc.) C:\Users\Eltern\AppData\Roaming\Dropbox\bin\Dropbox.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(Dropbox, Inc.) C:\Users\Eltern\AppData\Local\Dropbox\Update\DropboxUpdate.exe
(Motorola Mobility LLC) C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperAgent.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe
(pdfforge GmbH) C:\Program Files (x86)\PDF Architect 3\creator-ws.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(NVIDIA Corporation) C:\Users\Eltern\AppData\Local\NVIDIA\NvBackend\ApplicationOntology\NvOAWrapperCache.exe
(VIA) C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIconLaunch.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXRCV.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe
(Motorola) C:\Program Files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(VIA Technologies, Inc.) C:\Windows\System32\ViakaraokeSrv.exe
(VMware, Inc.) C:\Windows\SysWOW64\vmnat.exe
(VMware, Inc.) C:\Windows\SysWOW64\vmnetdhcp.exe
(VMware, Inc.) C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(QFX Software Corporation) C:\Program Files (x86)\KeyScrambler\KeyScrambler.exe
(Geek Software GmbH) C:\Program Files (x86)\PDF24\pdf24.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
(QFX Software Corporation) C:\Program Files (x86)\KeyScrambler\x64\KeyScrambler.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
(Ghisler Software GmbH) C:\totalcmd\TOTALCMD64.EXE
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
==================== Registry (Nicht auf der Ausnahmeliste) ===========================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt. Die Datei wird nicht verschoben.)
HKLM\...\Run: [MSC] => C:\Program Files\Microsoft Security Client\msseces.exe [1337000 2015-04-30] (Microsoft Corporation)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2757424 2015-11-16] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => "C:\Windows\system32\rundll32.exe" C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [combofix] => C:\ComboFix\CF5217.3XE /c C:\ComboFix\Combobatch.bat
HKLM-x32\...\Run: [HDAudDeck] => C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe [5263504 2012-08-09] (VIA)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [284440 2012-02-01] (Intel Corporation)
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291648 2012-05-20] (Intel Corporation)
HKLM-x32\...\Run: [FUFAXRCV] => C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXRCV.exe [642664 2013-12-24] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [FUFAXSTM] => C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe [863848 2013-12-24] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [KeyScrambler] => C:\Program Files (x86)\KeyScrambler\keyscrambler.exe [509216 2015-10-12] (QFX Software Corporation)
HKLM-x32\...\Run: [PDFPrint] => C:\Program Files (x86)\PDF24\pdf24.exe [221728 2015-10-05] (Geek Software GmbH)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-3895678430-1897185528-4005713618-1000\...\Run: [hsscp.EXE] => C:\Users\Eltern\AppData\Roaming\Hotspot Shield\bin\hsscp.EXE -nonadmin
HKU\S-1-5-21-3895678430-1897185528-4005713618-1000\...\Run: [BoxcryptorClassic.exe] => C:\Program Files (x86)\Boxcryptor Classic\BoxcryptorClassic.exe [2249984 2014-07-31] (Secomba GmbH)
HKU\S-1-5-21-3895678430-1897185528-4005713618-1000\...\Run: [Dropbox Update] => C:\Users\Eltern\AppData\Local\Dropbox\Update\DropboxUpdate.exe [134512 2015-06-17] (Dropbox, Inc.)
HKU\S-1-5-21-3895678430-1897185528-4005713618-1000\...\Run: [Adobe Acrobat Synchronizer] => "C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe"
HKU\S-1-5-21-3895678430-1897185528-4005713618-1000\...\Policies\system: [LogonHoursAction] 2
HKU\S-1-5-21-3895678430-1897185528-4005713618-1000\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
HKU\S-1-5-21-3895678430-1897185528-4005713618-1000\...\MountPoints2: {22c2c85c-6677-11e5-87cf-005056c00008} - W:\SETUP.EXE
HKU\S-1-5-21-3895678430-1897185528-4005713618-1000\...\MountPoints2: {3e5bab9d-1566-11e4-99db-005056c00008} - T:\wubi.exe
HKU\S-1-5-21-3895678430-1897185528-4005713618-1000\...\MountPoints2: {513f4444-900e-11e4-bd1d-005056c00008} - "E:\WD SmartWare.exe" autoplay=true
HKU\S-1-5-21-3895678430-1897185528-4005713618-1000\...\MountPoints2: {70471d1a-2a01-11e4-bd3e-005056c00008} - E:\Startme.exe
HKU\S-1-5-21-3895678430-1897185528-4005713618-1000\...\MountPoints2: {9d04f0c7-942e-11e3-8427-806e6f6e6963} - D:\Run.exe
HKU\S-1-5-21-3895678430-1897185528-4005713618-1000\...\MountPoints2: {a8309106-e182-11e3-a476-005056c00008} - T:\setup.exe
HKU\S-1-5-21-3895678430-1897185528-4005713618-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\scrnsave.scr [11264 2009-07-14] (Microsoft Corporation)
HKU\S-1-5-21-3895678430-1897185528-4005713618-1006\...\Run: [EPLTarget\P0000000000000000] => C:\Windows\system32\spool\DRIVERS\x64\3\E_YATIH3E.EXE [241280 2012-07-12] (SEIKO EPSON CORPORATION)
HKU\S-1-5-21-3895678430-1897185528-4005713618-1006\...\Policies\system: [LogonHoursAction] 2
HKU\S-1-5-21-3895678430-1897185528-4005713618-1006\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
SSODL: EldosMountNotificator-cbfs4 - {B964A848-358C-48ED-8028-25D6EB143E1F} - C:\Windows\system32\cbfsMntNtf4.dll (EldoS Corporation)
SSODL-x32: EldosMountNotificator-cbfs4 - {B964A848-358C-48ED-8028-25D6EB143E1F} - C:\Windows\SysWOW64\cbfsMntNtf4.dll (EldoS Corporation)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => Keine Datei
ShellIconOverlayIdentifiers: [01Mediencenter_InSync] -> {77BC4082-DB5F-439A-8DC8-F9E24A63B0DE} => Keine Datei
ShellIconOverlayIdentifiers: [02Mediencenter_ToSync] -> {528EE335-5034-4EFC-834E-63E5F02D2BC2} => Keine Datei
ShellIconOverlayIdentifiers: [03Mediencenter_Failed] -> {6066ADF0-9EB0-43E5-ADB6-990F5A3B979C} => Keine Datei
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => Keine Datei
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => Keine Datei
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => Keine Datei
ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => Keine Datei
ShellIconOverlayIdentifiers: [EldosIconOverlay-cbfs4] -> {40E5AF57-121C-4262-ADC3-E2203E2AACE5} => C:\Windows\system32\cbfsMntNtf4.dll [2013-11-15] (EldoS Corporation)
ShellIconOverlayIdentifiers: [HardLinkMenu] -> {0A479751-02BC-11d3-A855-0004AC2568AA} => C:\Program Files\LinkShellExtension\HardlinkShellExt.dll [2013-12-29] (Hermann Schinagl)
ShellIconOverlayIdentifiers: [IconOverlayHardLink] -> {0A479751-02BC-11d3-A855-0004AC2568DD} => C:\Program Files\LinkShellExtension\HardlinkShellExt.dll [2013-12-29] (Hermann Schinagl)
ShellIconOverlayIdentifiers: [IconOverlaySymbolicLink] -> {0A479751-02BC-11d3-A855-0004AC2568EE} => C:\Program Files\LinkShellExtension\HardlinkShellExt.dll [2013-12-29] (Hermann Schinagl)
ShellIconOverlayIdentifiers-x32: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => Keine Datei
ShellIconOverlayIdentifiers-x32: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => Keine Datei
ShellIconOverlayIdentifiers-x32: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => Keine Datei
ShellIconOverlayIdentifiers-x32: [EldosIconOverlay-cbfs4] -> {40E5AF57-121C-4262-ADC3-E2203E2AACE5} => C:\Windows\SysWOW64\cbfsMntNtf4.dll [2013-11-15] (EldoS Corporation)
ShellIconOverlayIdentifiers-x32: [HardLinkMenu] -> {0A479751-02BC-11d3-A855-0004AC2568AA} => C:\Program Files\LinkShellExtension\32\HardlinkShellExt.dll [2013-12-29] (Hermann Schinagl)
ShellIconOverlayIdentifiers-x32: [IconOverlayHardLink] -> {0A479751-02BC-11d3-A855-0004AC2568DD} => C:\Program Files\LinkShellExtension\32\HardlinkShellExt.dll [2013-12-29] (Hermann Schinagl)
ShellIconOverlayIdentifiers-x32: [IconOverlaySymbolicLink] -> {0A479751-02BC-11d3-A855-0004AC2568EE} => C:\Program Files\LinkShellExtension\32\HardlinkShellExt.dll [2013-12-29] (Hermann Schinagl)
Startup: C:\Users\Eltern\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2015-11-12]
ShortcutTarget: Dropbox.lnk -> C:\Users\Wartung\AppData\Roaming\Dropbox\bin\Dropbox.exe (Keine Datei)
GroupPolicyUsers\S-1-5-21-3895678430-1897185528-4005713618-1011\User: Beschränkung <======= ACHTUNG
GroupPolicyUsers\S-1-5-21-3895678430-1897185528-4005713618-1003\User: Beschränkung <======= ACHTUNG
==================== Internet (Nicht auf der Ausnahmeliste) ====================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Eintrag entfernt oder auf den Standardwert zurückgesetzt, wenn es sich um einen Registryeintrag handelt.)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
Tcpip\..\Interfaces\{08F5E7D5-B473-4A6E-B947-B2A04C195D37}: [DhcpNameServer] 192.168.178.1
Tcpip\..\Interfaces\{0E9150F0-AA13-4168-ABCE-1F06CA097C29}: [DhcpNameServer] 192.168.178.1
Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Beschränkung <======= ACHTUNG
HKU\S-1-5-21-3895678430-1897185528-4005713618-1006\SOFTWARE\Policies\Microsoft\Internet Explorer: Beschränkung <======= ACHTUNG
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-3895678430-1897185528-4005713618-1000\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-3895678430-1897185528-4005713618-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
HKU\S-1-5-21-3895678430-1897185528-4005713618-1006\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-3895678430-1897185528-4005713618-1000 -> DefaultScope {CE8A2E0D-0003-42A8-B3D5-38558C7B46FB} URL = hxxps://startpage.com/do/search?query={searchTerms}&cat=web&pl=ie&language=deutsch
SearchScopes: HKU\S-1-5-21-3895678430-1897185528-4005713618-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-3895678430-1897185528-4005713618-1000 -> {CE8A2E0D-0003-42A8-B3D5-38558C7B46FB} URL = hxxps://startpage.com/do/search?query={searchTerms}&cat=web&pl=ie&language=deutsch
BHO-x32: Kein Name -> {06E08260-0695-4EC1-A74B-1310D8899D93} -> Keine Datei
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2012-09-23] (Adobe Systems Incorporated)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\ssv.dll [2015-04-20] (Oracle Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\jp2ssv.dll [2015-04-20] (Oracle Corporation)
DPF: HKLM {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
FireFox:
========
FF ProfilePath: C:\Users\Wartung\AppData\Roaming\Mozilla\Firefox\Profiles\9gkb4mqo.default
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_19_0_0_245.dll [2015-11-11] ()
FF Plugin: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\PDF XChange\PDF Viewer\npPDFXCviewNPPlugin.dll [2013-12-30] (Tracker Software Products (Canada) Ltd.)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin: @tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\PDF XChange\PDF Viewer\npPDFXCviewNPPlugin.dll [2013-12-30] (Tracker Software Products (Canada) Ltd.)
FF Plugin: @videolan.org/vlc,version=2.1.2 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-16] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.3 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-16] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.4 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-16] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-16] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.2.0 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-16] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.2.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-16] (VideoLAN)
FF Plugin: @wacom.com/wtPlugin,version=2.1.0.7 -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll [2014-03-25] (Wacom)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [Keine Datei]
FF Plugin: wacom.com/WacomTabletPlugin -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll [2014-03-25] (Wacom)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_19_0_0_245.dll [2015-11-11] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1214154.dll [2014-11-07] (Adobe Systems, Inc.)
FF Plugin-x32: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\PDF XChange\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll [2013-12-30] (Tracker Software Products (Canada) Ltd.)
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2013-10-07] (Google)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-06-06] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-06-06] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.45.2 -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\dtplugin\npDeployJava1.dll [2015-04-20] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.45.2 -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\plugin2\npjp2.dll [2015-04-20] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2015-11-14] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2015-11-14] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-02] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-02] (Google Inc.)
FF Plugin-x32: @tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\PDF XChange\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll [2013-12-30] (Tracker Software Products (Canada) Ltd.)
FF Plugin-x32: @wacom.com/wtPlugin,version=2.1.0.7 -> C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll [2014-03-25] (Wacom)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-05-08] (Adobe Systems Inc.)
FF Plugin-x32: wacom.com/WacomTabletPlugin -> C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll [2014-03-25] (Wacom)
FF Plugin HKU\S-1-5-21-3895678430-1897185528-4005713618-1000: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\PDF XChange\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll [2013-12-30] (Tracker Software Products (Canada) Ltd.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npPDFXCviewNPPlugin.dll [2013-12-30] (Tracker Software Products (Canada) Ltd.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll [2015-07-01] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll [2015-07-01] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll [2015-07-01] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll [2015-07-01] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll [2015-07-01] (Apple Inc.)
FF Extension: Password Hasher - C:\Users\Wartung\AppData\Roaming\Mozilla\Firefox\Profiles\9gkb4mqo.default\extensions\passhash@mozilla.wijjo.com [2014-12-16] [ist nicht signiert]
FF Extension: NoScript - C:\Users\Wartung\AppData\Roaming\Mozilla\Firefox\Profiles\9gkb4mqo.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2015-11-06]
FF Extension: Kein Name - C:\Users\Wartung\AppData\Roaming\Mozilla\Firefox\Profiles\9gkb4mqo.default\Extensions\firefox@ghostery.com.xpi [2014-12-04] [ist nicht signiert]
FF Extension: Adblock Edge - C:\Users\Wartung\AppData\Roaming\Mozilla\Firefox\Profiles\9gkb4mqo.default\Extensions\{fe272bd1-5f76-4ea4-8501-a05d35d823fc}.xpi [2014-12-04] [ist nicht signiert]
FF HKLM-x32\...\Firefox\Extensions: [pdf_architect_3_conv@pdfarchitect.org] - C:\Program Files (x86)\PDF Architect 3\resources\pdfarchitect3firefoxextension => nicht gefunden
Chrome:
=======
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
==================== Dienste (Nicht auf der Ausnahmeliste) ========================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
S3 AppleChargerSrv; C:\Windows\System32\AppleChargerSrv.exe [31272 2010-04-06] ()
S4 Avira.OE.ServiceHost; C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [166192 2014-11-20] (Avira Operations GmbH & Co. KG)
R2 cjpcsc; C:\Windows\SysWOW64\cjpcsc.exe [518192 2014-01-27] (REINER SCT)
S2 CLKMSVC10_38F51D56; C:\Program Files (x86)\CyberLink\PowerDVD10\NavFilter\kmsvc.exe [243464 2013-09-25] (CyberLink)
R2 Crypkey License; C:\Windows\system32\crypserv.exe [122880 2007-05-23] (CrypKey (Canada) Ltd.) [Datei ist nicht signiert]
S3 FLEXnet Licensing Service; C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [651720 2014-02-13] (Macrovision Europe Ltd.) [Datei ist nicht signiert]
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1156400 2015-11-16] (NVIDIA Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [166720 2012-06-25] (Intel Corporation)
S4 jswpsapi; C:\Program Files (x86)\TP-LINK\TP-LINK-Konfigurationstool\WPS\jswpsapi.exe [954368 2012-10-25] (Wireless) [Datei ist nicht signiert]
R2 Motorola Device Manager; C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe [137528 2013-11-15] (Motorola Mobility LLC)
R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [23816 2015-04-30] (Microsoft Corporation)
R3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [366544 2015-04-30] (Microsoft Corporation)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1872688 2015-11-16] (NVIDIA Corporation)
R3 NvStreamNetworkSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe [8133424 2015-11-16] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [5915440 2015-11-16] (NVIDIA Corporation)
S3 Origin Client Service; D:\Programme\Origin\OriginClientService.exe [2104840 2015-12-01] (Electronic Arts)
S3 PDF Architect 3; C:\Program Files (x86)\PDF Architect 3\ws.exe [2243288 2015-03-20] (pdfforge GmbH)
S3 PDF Architect 3 CrashHandler; C:\Program Files (x86)\PDF Architect 3\crash-handler-ws.exe [901336 2015-03-20] (pdfforge GmbH)
R2 PDF Architect 3 Creator; C:\Program Files (x86)\PDF Architect 3\creator-ws.exe [740568 2015-03-20] (pdfforge GmbH)
R2 PST Service; C:\Program Files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe [65657 2011-09-02] (Motorola) [Datei ist nicht signiert]
S4 Secunia PSI Agent; C:\Program Files (x86)\Secunia\PSI\PSIA.exe [1229528 2013-12-06] (Secunia)
S4 Secunia Update Agent; C:\Program Files (x86)\Secunia\PSI\sua.exe [662232 2013-12-06] (Secunia)
S3 Sony PC Companion; C:\Program Files (x86)\Sony\Sony PC Companion\PCCService.exe [155824 2013-02-04] (Avanquest Software) [Datei ist nicht signiert]
S4 SXDS10; C:\Program Files (x86)\Common Files\soft Xpansion\sxds10.exe [234096 2014-08-04] (soft Xpansion)
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [6887696 2015-11-30] (TeamViewer GmbH)
R2 VIAKaraokeService; C:\Windows\system32\viakaraokesrv.exe [27792 2012-08-03] (VIA Technologies, Inc.)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
S4 WTabletServiceCon; C:\Program Files\Tablet\Pen\WTabletServiceCon.exe [656664 2014-08-19] (Wacom Technology, Corp.)
S4 AntiVirWebService; "C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe" [X]
S2 DeltaCopyService; "D:\DeltaCopy\DCServce.exe" [X]
S4 ShellfireVPN2Service; "C:\Program Files (x86)\ShellfireVPN\jre7\bin\java.exe" "-classpath" "C:\Program Files (x86)\ShellfireVPN\ShellfireVPN2.exe" "-Xrs" "-Dwrapper.service=true" "-Dwrapper.working.dir=C:\Program Files (x86)\ShellfireVPN" "-Djava.net.preferIPv4Stack=true" "-Dwrapper.config=C:\Program Files (x86)\ShellfireVPN\start.conf" "-Dwrapper.additional.1x=-Xrs" "-Dwrapper.stop.conf=C:\Program Files (x86)\ShellfireVPN\stop.conf" "-Djna_tmpdir=C:\Users\Wartung\AppData\Local\Temp" "org.rzo.yajsw.boot.WrapperServiceBooter"
===================== Treiber (Nicht auf der Ausnahmeliste) ==========================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
S3 akshasp; C:\Windows\System32\DRIVERS\akshasp.sys [60488 2013-08-09] (SafeNet Inc.)
S3 aksusb; C:\Windows\System32\DRIVERS\aksusb.sys [303624 2013-08-09] (SafeNet Inc.)
R1 AppleCharger; C:\Windows\System32\DRIVERS\AppleCharger.sys [22680 2012-10-25] ()
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
R1 cbfs4; C:\Windows\system32\drivers\cbfs4.sys [387776 2013-11-15] (EldoS Corporation)
S3 cjusb; C:\Windows\System32\DRIVERS\cjusb.sys [35192 2012-09-04] (REINER SCT)
S3 ebdrv; C:\Windows\system32\DRIVERS\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
S2 hardlock; C:\Windows\system32\drivers\hardlock.sys [331608 2014-04-28] (SafeNet Inc.)
S2 hardlock; C:\Windows\SysWOW64\drivers\hardlock.sys [457216 2014-03-14] (Aladdin Knowledge Systems) [Datei ist nicht signiert]
R3 KeyScrambler; C:\Windows\System32\drivers\keyscrambler.sys [224720 2015-08-18] (QFX Software Corporation)
R3 L1C; C:\Windows\System32\DRIVERS\L1C62x64.sys [110744 2012-07-19] (Qualcomm Atheros Co., Ltd.)
S3 libusb0; C:\Windows\SysWOW64\drivers\libusb0.sys [16896 2007-03-20] (hxxp://libusb-win32.sourceforge.net) [Datei ist nicht signiert]
R0 MBAMSwissArmy; C:\Windows\System32\drivers\MBAMSwissArmy.sys [192216 2015-12-08] (Malwarebytes)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [280376 2015-03-04] (Microsoft Corporation)
R1 NetworkX; C:\Windows\system32\ckldrv.sys [27904 2007-05-17] ()
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [124568 2015-03-04] (Microsoft Corporation)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19760 2015-11-16] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [50472 2015-11-16] (NVIDIA Corporation)
S3 PSI; C:\Windows\System32\DRIVERS\psi_mf_amd64.sys [18456 2013-12-06] (Secunia)
S3 pwdrvio; C:\Windows\system32\pwdrvio.sys [19152 2013-09-30] ()
S3 pwdspio; C:\Windows\system32\pwdspio.sys [12504 2013-09-30] ()
S3 RTL8187B; C:\Windows\System32\DRIVERS\RTL8187B.sys [416768 2009-06-10] (Realtek Semiconductor Corporation )
R3 RTL8192cu; C:\Windows\System32\DRIVERS\RTL8192cu.sys [926824 2012-10-25] (Realtek Semiconductor Corporation )
R2 VMparport; C:\Windows\system32\drivers\VMparport.sys [31824 2013-10-18] (VMware, Inc.)
R3 vpnpbus; C:\Windows\System32\DRIVERS\vpnpbus.sys [18624 2013-11-15] (EldoS Corporation)
R0 vsock; C:\Windows\System32\drivers\vsock.sys [73296 2013-10-08] (VMware, Inc.)
S3 XUIF; C:\Windows\System32\Drivers\x10ufx2.sys [33048 2006-11-30] (X10 Wireless Technology, Inc.)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 gdrv; \??\C:\Windows\gdrv.sys [X]
S3 WIMMount; \??\D:\ctnotf\Projects\Tools\Win8PESE\X64\wimmount.sys [X]
==================== NetSvcs (Nicht auf der Ausnahmeliste) ===================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
==================== Ein Monat: Erstellte Dateien und Ordner ========
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)
2015-12-08 15:56 - 2015-12-08 16:25 - 00000000 ___SD C:\32788R22FWJFW
2015-12-08 15:37 - 2015-12-08 15:57 - 00000000 ___SD C:\ComboFix
2015-12-08 15:15 - 2011-06-26 07:45 - 00256000 _____ C:\Windows\PEV.exe
2015-12-08 15:15 - 2010-11-07 18:20 - 00208896 _____ C:\Windows\MBR.exe
2015-12-08 15:15 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2015-12-08 15:15 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2015-12-08 15:15 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2015-12-08 15:15 - 2000-08-31 01:00 - 00098816 _____ C:\Windows\sed.exe
2015-12-08 15:15 - 2000-08-31 01:00 - 00080412 _____ C:\Windows\grep.exe
2015-12-08 15:15 - 2000-08-31 01:00 - 00068096 _____ C:\Windows\zip.exe
2015-12-08 15:14 - 2015-12-08 15:53 - 00000000 ____D C:\Windows\erdnt
2015-12-08 15:14 - 2015-12-08 15:15 - 00000000 ____D C:\Qoobox
2015-12-08 14:56 - 2015-12-08 14:56 - 00005052 _____ C:\TDSSKiller.3.1.0.7_08.12.2015_14.56.11_log.txt
2015-12-08 12:44 - 2015-12-08 12:44 - 00331176 _____ C:\Windows\Minidump\120815-43243-01.dmp
2015-12-08 12:28 - 2015-12-08 12:42 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2015-12-08 11:40 - 2015-12-08 15:55 - 00000000 ____D C:\Users\Eltern\Desktop\log
2015-12-08 11:40 - 2015-12-08 11:47 - 00476154 _____ C:\TDSSKiller.3.1.0.7_08.12.2015_11.40.04_log.txt
2015-12-08 11:29 - 2015-12-08 11:30 - 00889113 _____ C:\Users\Wartung\Desktop\Gmer.txt
2015-12-08 11:19 - 2015-12-08 21:39 - 00000000 ____D C:\FRST
2015-12-07 18:58 - 2015-12-07 18:58 - 00000000 ____D C:\Users\Sara\AppData\Local\AutoIt v3
2015-12-07 16:11 - 2015-12-07 16:11 - 00000000 ____D C:\Users\Sara\AppData\Roaming\FileJuggler
2015-12-07 16:04 - 2015-12-07 16:04 - 00000836 _____ C:\Users\Sara\Desktop\Die Sims 2.lnk
2015-12-07 15:56 - 2015-12-07 15:56 - 00000000 ____D C:\Users\test\AppData\Local\AutoIt v3
2015-12-06 18:52 - 2015-12-06 18:52 - 00000000 ____D C:\Program Files\Script
2015-12-06 18:31 - 2015-12-08 12:42 - 00000000 ____D C:\Windows\script
2015-12-05 12:54 - 2015-12-07 16:08 - 00000000 ____D C:\Users\Wartung\AppData\Local\AutoIt v3
2015-12-05 11:56 - 2015-12-05 11:56 - 00001047 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 11.lnk
2015-12-05 11:31 - 2015-12-05 11:31 - 00202231 _____ C:\Users\Eltern\Desktop\Papier.pdf
2015-12-05 11:21 - 2015-12-05 11:21 - 00000000 ____D C:\Users\Wartung\AppData\Roaming\FileJuggler
2015-12-03 15:28 - 2015-12-04 13:08 - 00000000 ____D C:\Program Files (x86)\Mozilla Thunderbird
2015-12-03 14:19 - 2015-12-03 14:19 - 00091632 _____ C:\Users\Eltern\Desktop\DE011J48W0915AB-2.pdf
2015-12-03 14:12 - 2015-12-03 14:12 - 00000000 ____D C:\Windows\System32\Tasks\AVAST Software
2015-12-03 14:12 - 2015-12-03 14:12 - 00000000 ____D C:\Program Files\Common Files\AV
2015-12-02 22:11 - 2015-12-02 22:11 - 00000000 ____D C:\Users\test\AppData\Roaming\FileJuggler
2015-12-02 22:03 - 2015-12-02 22:03 - 00000000 ____D C:\Users\test\AppData\Roaming\Macromedia
2015-12-02 22:02 - 2015-12-08 09:50 - 00127680 __RSH C:\Users\test\ntuser.pol
2015-12-02 22:02 - 2015-12-08 09:50 - 00000000 ____D C:\Users\test
2015-12-02 22:02 - 2015-12-05 14:45 - 00166008 _____ C:\Users\test\AppData\Local\GDIPFONTCACHEV1.DAT
2015-12-02 22:02 - 2015-12-02 22:02 - 00001425 _____ C:\Users\test\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-12-02 22:02 - 2015-12-02 22:02 - 00000020 ___SH C:\Users\test\ntuser.ini
2015-12-02 22:02 - 2015-12-02 22:02 - 00000000 _SHDL C:\Users\test\Vorlagen
2015-12-02 22:02 - 2015-12-02 22:02 - 00000000 _SHDL C:\Users\test\Startmenü
2015-12-02 22:02 - 2015-12-02 22:02 - 00000000 _SHDL C:\Users\test\Netzwerkumgebung
2015-12-02 22:02 - 2015-12-02 22:02 - 00000000 _SHDL C:\Users\test\Lokale Einstellungen
2015-12-02 22:02 - 2015-12-02 22:02 - 00000000 _SHDL C:\Users\test\Eigene Dateien
2015-12-02 22:02 - 2015-12-02 22:02 - 00000000 _SHDL C:\Users\test\Druckumgebung
2015-12-02 22:02 - 2015-12-02 22:02 - 00000000 _SHDL C:\Users\test\Documents\Eigene Videos
2015-12-02 22:02 - 2015-12-02 22:02 - 00000000 _SHDL C:\Users\test\Documents\Eigene Musik
2015-12-02 22:02 - 2015-12-02 22:02 - 00000000 _SHDL C:\Users\test\Documents\Eigene Bilder
2015-12-02 22:02 - 2015-12-02 22:02 - 00000000 _SHDL C:\Users\test\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2015-12-02 22:02 - 2015-12-02 22:02 - 00000000 _SHDL C:\Users\test\AppData\Local\Verlauf
2015-12-02 22:02 - 2015-12-02 22:02 - 00000000 _SHDL C:\Users\test\AppData\Local\Anwendungsdaten
2015-12-02 22:02 - 2015-12-02 22:02 - 00000000 _SHDL C:\Users\test\Anwendungsdaten
2015-12-02 22:02 - 2015-12-02 22:02 - 00000000 ____D C:\Users\test\AppData\Roaming\QFX Software
2015-12-02 22:02 - 2015-12-02 22:02 - 00000000 ____D C:\Users\test\AppData\Roaming\Motorola Mobility
2015-12-02 22:02 - 2015-12-02 22:02 - 00000000 ____D C:\Users\test\AppData\Roaming\Adobe
2015-12-02 22:02 - 2015-12-02 22:02 - 00000000 ____D C:\Users\test\AppData\Local\VirtualStore
2015-12-02 22:02 - 2015-12-02 22:02 - 00000000 ____D C:\Users\test\AppData\Local\NVIDIA Corporation
2015-12-02 22:02 - 2015-12-02 22:02 - 00000000 ____D C:\Users\test\AppData\Local\NVIDIA
2015-12-02 22:02 - 2014-02-16 00:22 - 00000000 ____D C:\Users\test\AppData\Local\Microsoft Help
2015-12-02 22:02 - 2009-07-14 19:18 - 00000000 ____D C:\Users\test\AppData\Roaming\Media Center Programs
2015-12-02 21:55 - 2015-12-02 22:18 - 00000000 ____D C:\Program Files (x86)\ParentsFriend8
2015-12-02 21:55 - 2014-03-19 18:58 - 01194144 _____ (WeOnlyDo! Software) C:\Windows\SysWOW64\wodSmtp.ocx
2015-12-02 21:55 - 2010-09-07 07:47 - 00192512 _____ (-) C:\Windows\SysWOW64\pfadmin.exe
2015-12-02 21:55 - 2010-07-09 08:47 - 00412555 _____ C:\Windows\SysWOW64\pf8.pdf
2015-12-02 21:55 - 2010-03-15 15:11 - 00000394 _____ C:\Windows\SysWOW64\pfadmin.exe.manifest
2015-12-02 21:55 - 2005-11-27 21:08 - 00372736 _____ C:\Windows\SysWOW64\CoolXPCheck.ocx
2015-12-02 21:55 - 2005-11-27 21:07 - 00491520 _____ C:\Windows\SysWOW64\CoolXPButton.ocx
2015-12-02 21:55 - 2005-11-27 21:07 - 00417792 _____ C:\Windows\SysWOW64\CoolXPCombo.ocx
2015-12-02 21:55 - 2005-11-27 21:07 - 00262144 _____ C:\Windows\SysWOW64\CoolXPFrame.ocx
2015-12-02 21:55 - 2005-11-27 21:06 - 00360448 _____ C:\Windows\SysWOW64\CoolXPLabel.ocx
2015-12-02 21:55 - 2005-02-05 12:41 - 00024576 _____ (Text & Redaktion) C:\Windows\SysWOW64\ScreenShotOCX.ocx
2015-12-02 21:55 - 2004-03-09 00:00 - 00260880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Msflxgrd.ocx
2015-12-02 21:55 - 2003-02-07 01:02 - 00424448 _____ ( Developer Express Inc.) C:\Windows\SysWOW64\dXTList.dll
2015-12-02 21:55 - 2002-04-05 10:32 - 00327680 _____ (DBI Technologies Inc.) C:\Windows\SysWOW64\ctSchedule.ocx
2015-12-02 21:55 - 2001-05-24 11:20 - 00544256 _____ C:\Windows\SysWOW64\janGraphics.dll
2015-12-02 21:55 - 2000-12-22 00:00 - 00699392 _____ (Stinga) C:\Windows\SysWOW64\BEEGD10.ocx
2015-12-02 21:55 - 2000-06-28 01:00 - 00124416 _____ () C:\Windows\SysWOW64\dXCtrls.dll
2015-12-02 00:00 - 2015-12-02 00:00 - 00000000 ____D C:\Users\Eltern\Documents\MeinSpore-Kreationen
2015-12-02 00:00 - 2015-12-02 00:00 - 00000000 ____D C:\Users\Eltern\AppData\Roaming\Spore
2015-12-01 22:42 - 2015-12-01 22:42 - 00006512 ____N C:\bootsqm.dat
2015-11-30 15:03 - 2015-12-06 18:35 - 00000000 ____D C:\Users\Eltern\AppData\Roaming\FileJuggler
2015-11-30 15:03 - 2015-11-30 15:03 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\File Juggler
2015-11-30 15:03 - 2015-11-30 15:03 - 00000000 ____D C:\Program Files (x86)\File Juggler
2015-11-30 07:57 - 2015-11-30 07:57 - 00000000 ____D C:\Users\Wartung\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Handbrake
2015-11-30 07:57 - 2015-11-30 07:57 - 00000000 ____D C:\Program Files\Handbrake
2015-11-29 10:31 - 2015-11-29 10:31 - 00001029 ____R C:\Users\Sara\Desktop\Emil und Pauline, Klasse 3.lnk
2015-11-29 10:28 - 2015-11-29 11:48 - 00000000 ____D C:\Users\Sara\Documents\USMPrefs
2015-11-26 19:24 - 2015-11-26 19:31 - 00000000 ____D C:\ProgramData\Electronic Arts
2015-11-26 17:50 - 2015-11-26 17:50 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DiskImager
2015-11-26 17:50 - 2015-11-26 17:50 - 00000000 ____D C:\Program Files (x86)\DiskImager
2015-11-26 17:49 - 2015-11-26 17:49 - 00374160 _____ (Roadkil.Net ) C:\Users\Eltern\Downloads\DiskImage_1_6_WinAll_Setup.exe
2015-11-26 08:59 - 2015-11-26 08:59 - 00000000 ____D C:\Users\Sara\Documents\Electronic Arts
2015-11-26 08:51 - 2015-11-26 08:51 - 00000016 _____ C:\Users\Sara\Desktop\s3.txt
2015-11-26 08:45 - 2015-11-26 08:58 - 00000000 ____D C:\Users\Sara\AppData\Roaming\Origin
2015-11-26 08:45 - 2015-11-26 08:58 - 00000000 ____D C:\Users\Sara\AppData\Local\Origin
2015-11-26 08:28 - 2015-11-26 08:28 - 00000000 ____D C:\Windows\System32\Tasks\Games
2015-11-26 08:25 - 2015-11-26 08:26 - 00000000 ____D C:\Users\Wartung\AppData\Local\NVIDIA
2015-11-26 08:25 - 2015-11-26 08:25 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
2015-11-26 08:25 - 2015-11-16 04:35 - 01828160 _____ (NVIDIA Corporation) C:\Windows\system32\nvspcap64.dll
2015-11-26 08:25 - 2015-11-16 04:35 - 01756424 _____ (NVIDIA Corporation) C:\Windows\system32\nvspbridge64.dll
2015-11-26 08:25 - 2015-11-16 04:35 - 01509824 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspcap.dll
2015-11-26 08:25 - 2015-11-16 04:35 - 01316000 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspbridge.dll
2015-11-26 08:25 - 2015-11-16 04:35 - 00112712 _____ C:\Windows\system32\NvRtmpStreamer64.dll
2015-11-26 08:24 - 2015-12-08 21:38 - 00000000 ____D C:\ProgramData\NVIDIA
2015-11-26 08:24 - 2015-11-14 07:06 - 06358832 _____ (NVIDIA Corporation) C:\Windows\system32\nvcpl.dll
2015-11-26 08:24 - 2015-11-14 07:06 - 02983032 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvc64.dll
2015-11-26 08:24 - 2015-11-14 07:06 - 02554488 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvcr.dll
2015-11-26 08:24 - 2015-11-14 07:06 - 00938800 _____ (NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
2015-11-26 08:24 - 2015-11-14 07:06 - 00385144 _____ (NVIDIA Corporation) C:\Windows\system32\nvmctray.dll
2015-11-26 08:24 - 2015-11-14 07:06 - 00062768 _____ (NVIDIA Corporation) C:\Windows\system32\nvshext.dll
2015-11-26 08:24 - 2015-11-14 06:53 - 00102520 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvStreaming.exe
2015-11-26 08:24 - 2015-10-28 09:17 - 06027430 _____ C:\Windows\system32\nvcoproc.bin
2015-11-26 08:23 - 2015-11-16 04:35 - 42913912 _____ C:\Windows\system32\nvcompiler.dll
2015-11-26 08:23 - 2015-11-16 04:35 - 37881976 _____ C:\Windows\SysWOW64\nvcompiler.dll
2015-11-26 08:23 - 2015-11-16 04:35 - 22310008 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv64.dll
2015-11-26 08:23 - 2015-11-16 04:35 - 18363000 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll
2015-11-26 08:23 - 2015-11-16 04:35 - 17515528 _____ (NVIDIA Corporation) C:\Windows\system32\nvwgf2umx.dll
2015-11-26 08:23 - 2015-11-16 04:35 - 16553568 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll
2015-11-26 08:23 - 2015-11-16 04:35 - 15717864 _____ (NVIDIA Corporation) C:\Windows\system32\nvd3dumx.dll
2015-11-26 08:23 - 2015-11-16 04:35 - 15122296 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvwgf2um.dll
2015-11-26 08:23 - 2015-11-16 04:35 - 14835872 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll
2015-11-26 08:23 - 2015-11-16 04:35 - 13527440 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll
2015-11-26 08:23 - 2015-11-16 04:35 - 12770944 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvd3dum.dll
2015-11-26 08:23 - 2015-11-16 04:35 - 12034248 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2015-11-26 08:23 - 2015-11-16 04:35 - 11130488 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys
2015-11-26 08:23 - 2015-11-16 04:35 - 03579696 _____ (NVIDIA Corporation) C:\Windows\system32\nvapi64.dll
2015-11-26 08:23 - 2015-11-16 04:35 - 03159248 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvapi.dll
2015-11-26 08:23 - 2015-11-16 04:35 - 02870576 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll
2015-11-26 08:23 - 2015-11-16 04:35 - 02490672 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2015-11-26 08:23 - 2015-11-16 04:35 - 01905272 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6435900.dll
2015-11-26 08:23 - 2015-11-16 04:35 - 01572496 _____ (NVIDIA Corporation) C:\Windows\system32\nvhdagenco6420103.dll
2015-11-26 08:23 - 2015-11-16 04:35 - 01564792 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6435900.dll
2015-11-26 08:23 - 2015-11-16 04:35 - 00877176 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll
2015-11-26 08:23 - 2015-11-16 04:35 - 00861816 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll
2015-11-26 08:23 - 2015-11-16 04:35 - 00689272 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll
2015-11-26 08:23 - 2015-11-16 04:35 - 00673912 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll
2015-11-26 08:23 - 2015-11-16 04:35 - 00501056 _____ (NVIDIA Corporation) C:\Windows\system32\nvEncodeAPI64.dll
2015-11-26 08:23 - 2015-11-16 04:35 - 00467912 _____ (NVIDIA Corporation) C:\Windows\system32\nvumdshimx.dll
2015-11-26 08:23 - 2015-11-16 04:35 - 00422240 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvEncodeAPI.dll
2015-11-26 08:23 - 2015-11-16 04:35 - 00413816 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFROpenGL.dll
2015-11-26 08:23 - 2015-11-16 04:35 - 00388024 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvumdshim.dll
2015-11-26 08:23 - 2015-11-16 04:35 - 00369272 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFROpenGL.dll
2015-11-26 08:23 - 2015-11-16 04:35 - 00205456 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvhda64v.sys
2015-11-26 08:23 - 2015-11-16 04:35 - 00177416 _____ (NVIDIA Corporation) C:\Windows\system32\nvinitx.dll
2015-11-26 08:23 - 2015-11-16 04:35 - 00155976 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvinit.dll
2015-11-26 08:23 - 2015-11-16 04:35 - 00151368 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglshim64.dll
2015-11-26 08:23 - 2015-11-16 04:35 - 00128512 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglshim32.dll
2015-11-26 08:23 - 2015-11-16 04:35 - 00072504 _____ (NVIDIA Corporation) C:\Windows\system32\nvaudcap64v.dll
2015-11-26 08:23 - 2015-11-16 04:35 - 00069416 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvaudcap32v.dll
2015-11-26 08:23 - 2015-11-16 04:35 - 00050472 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvvad64v.sys
2015-11-26 08:23 - 2015-11-16 04:35 - 00039240 _____ (NVIDIA Corporation) C:\Windows\system32\nvhdap64.dll
2015-11-26 08:23 - 2015-11-16 04:35 - 00033607 _____ C:\Windows\system32\nvinfo.pb
2015-11-26 08:13 - 2015-11-26 08:13 - 00001181 _____ C:\Users\Eltern\Downloads\autosizer.sh
2015-11-26 07:57 - 2015-11-26 07:57 - 00000000 ____D C:\Users\Eltern\Documents\Electronic Arts
2015-11-25 21:42 - 2015-11-25 21:42 - 00001552 _____ C:\Users\Eltern\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Win32DiskImager.lnk
2015-11-25 19:54 - 2015-11-25 19:54 - 00000000 ____D C:\Users\Wartung\.dvdcss
2015-11-25 15:17 - 2015-11-25 15:18 - 00000341 _____ C:\Users\Eltern\Documents\raspi.vnc
2015-11-25 15:15 - 2015-11-25 15:15 - 00000000 ____D C:\Users\Eltern\AppData\Roaming\TightVNC
2015-11-25 15:15 - 2015-11-25 15:15 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TightVNC
2015-11-25 15:15 - 2015-11-25 15:15 - 00000000 ____D C:\Program Files\TightVNC
2015-11-23 22:18 - 2015-11-23 22:18 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
2015-11-23 22:18 - 2015-11-23 22:18 - 00000000 ____D C:\Program Files\7-Zip
2015-11-23 20:47 - 2015-11-23 20:47 - 00000986 _____ C:\Users\Eltern\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Origin.lnk
2015-11-23 16:05 - 2015-11-23 16:09 - 00000139 _____ C:\Users\Eltern\Desktop\shutdown.bat
2015-11-23 15:49 - 2015-11-23 15:49 - 00000000 ____D C:\Users\Eltern\AppData\Local\pip
2015-11-23 14:58 - 2015-11-23 20:47 - 00000000 ____D C:\Users\Eltern\AppData\Roaming\Origin
2015-11-23 14:58 - 2015-11-23 14:59 - 00000000 ____D C:\Users\Eltern\AppData\Local\Origin
2015-11-23 14:52 - 2015-12-06 20:44 - 00000000 ____D C:\ProgramData\Origin
2015-11-19 10:55 - 2015-11-19 10:55 - 00633369 _____ C:\Users\Eltern\Desktop\Receptura_Legitimation_Stefanie_LoeschproHilger_2015_11_19.pdf
2015-11-18 14:38 - 2015-12-08 14:49 - 00000000 ____D C:\Skripte
2015-11-14 21:39 - 2015-11-14 21:39 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SDFormatter
2015-11-14 21:39 - 2015-11-14 21:39 - 00000000 ____D C:\Program Files (x86)\SDA
2015-11-14 17:26 - 2015-11-25 21:25 - 00000000 ____D C:\Users\Eltern\Documents\Finanzen test
2015-11-14 17:21 - 2015-11-25 21:14 - 00001940 _____ C:\Users\Eltern\Documents\backupffs-test.ffs_gui
2015-11-14 17:03 - 2015-11-14 17:10 - 00004172 _____ C:\Users\Eltern\fbf-finanz nach doku-finanztest.buj
2015-11-12 10:06 - 2015-11-03 18:55 - 03211264 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-11-12 10:05 - 2015-11-12 10:05 - 00000000 ____D C:\Users\Eltern\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2015-11-12 09:57 - 2015-12-08 21:39 - 00000000 ____D C:\Temp
2015-11-11 19:40 - 2015-11-11 20:05 - 00000000 ____D C:\Users\Wartung\AppData\Local\VMware
2015-11-11 19:40 - 2015-11-11 19:40 - 00000000 ____D C:\Users\Wartung\AppData\Roaming\VMware
2015-11-11 19:38 - 2015-10-20 19:42 - 03168768 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2015-11-11 19:38 - 2015-10-20 19:42 - 02608128 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2015-11-11 19:38 - 2015-10-20 19:42 - 00696320 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2015-11-11 19:38 - 2015-10-20 19:42 - 00192512 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2015-11-11 19:38 - 2015-10-20 19:42 - 00098816 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2015-11-11 19:38 - 2015-10-20 19:42 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2015-11-11 19:38 - 2015-10-20 19:42 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2015-11-11 19:38 - 2015-10-20 19:41 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2015-11-11 19:38 - 2015-10-20 19:41 - 00091136 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll
2015-11-11 19:38 - 2015-10-20 19:41 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2015-11-11 19:38 - 2015-10-20 19:41 - 00012288 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll
2015-11-11 19:38 - 2015-10-20 18:46 - 00566784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2015-11-11 19:38 - 2015-10-20 18:46 - 00174080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2015-11-11 19:38 - 2015-10-20 18:46 - 00093696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2015-11-11 19:38 - 2015-10-20 18:46 - 00030208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2015-11-11 19:38 - 2015-10-20 18:45 - 00035328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2015-11-11 14:05 - 2015-11-03 23:10 - 00390344 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-11-11 14:05 - 2015-11-03 22:51 - 00342728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-11-11 14:05 - 2015-10-31 00:46 - 25818624 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-11-11 14:05 - 2015-10-31 00:40 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-11-11 14:05 - 2015-10-31 00:40 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-11-11 14:05 - 2015-10-31 00:25 - 02886656 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-11-11 14:05 - 2015-10-31 00:25 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-11-11 14:05 - 2015-10-31 00:25 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-11-11 14:05 - 2015-10-31 00:25 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-11-11 14:05 - 2015-10-31 00:24 - 00585728 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-11-11 14:05 - 2015-10-31 00:24 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-11-11 14:05 - 2015-10-31 00:17 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-11-11 14:05 - 2015-10-31 00:16 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-11-11 14:05 - 2015-10-31 00:13 - 00616960 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-11-11 14:05 - 2015-10-31 00:12 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-11-11 14:05 - 2015-10-31 00:12 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-11-11 14:05 - 2015-10-31 00:11 - 05990912 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-11-11 14:05 - 2015-10-31 00:11 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-11-11 14:05 - 2015-10-31 00:11 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-11-11 14:05 - 2015-10-31 00:04 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-11-11 14:05 - 2015-10-31 00:01 - 00489984 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-11-11 14:05 - 2015-10-30 23:58 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-11-11 14:05 - 2015-10-30 23:53 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-11-11 14:05 - 2015-10-30 23:52 - 20331520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-11-11 14:05 - 2015-10-30 23:49 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-11-11 14:05 - 2015-10-30 23:49 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-11-11 14:05 - 2015-10-30 23:47 - 00504832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-11-11 14:05 - 2015-10-30 23:46 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-11-11 14:05 - 2015-10-30 23:46 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2015-11-11 14:05 - 2015-10-30 23:45 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2015-11-11 14:05 - 2015-10-30 23:45 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2015-11-11 14:05 - 2015-10-30 23:44 - 00152064 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2015-11-11 14:05 - 2015-10-30 23:44 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-11-11 14:05 - 2015-10-30 23:42 - 02279936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-11-11 14:05 - 2015-10-30 23:39 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-11-11 14:05 - 2015-10-30 23:39 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2015-11-11 14:05 - 2015-10-30 23:37 - 00480256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-11-11 14:05 - 2015-10-30 23:36 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2015-11-11 14:05 - 2015-10-30 23:36 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2015-11-11 14:05 - 2015-10-30 23:36 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-11-11 14:05 - 2015-10-30 23:34 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2015-11-11 14:05 - 2015-10-30 23:32 - 00720896 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-11-11 14:05 - 2015-10-30 23:31 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-11-11 14:05 - 2015-10-30 23:29 - 02126336 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-11-11 14:05 - 2015-10-30 23:29 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-11-11 14:05 - 2015-10-30 23:28 - 00416256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-11-11 14:05 - 2015-10-30 23:23 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-11-11 14:05 - 2015-10-30 23:22 - 14457856 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-11-11 14:05 - 2015-10-30 23:21 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2015-11-11 14:05 - 2015-10-30 23:19 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-11-11 14:05 - 2015-10-30 23:18 - 00279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-11-11 14:05 - 2015-10-30 23:17 - 02487808 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-11-11 14:05 - 2015-10-30 23:17 - 00130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2015-11-11 14:05 - 2015-10-30 23:16 - 04527616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-11-11 14:05 - 2015-10-30 23:11 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2015-11-11 14:05 - 2015-10-30 23:10 - 00689152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-11-11 14:05 - 2015-10-30 23:09 - 12854272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-11-11 14:05 - 2015-10-30 23:09 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-11-11 14:05 - 2015-10-30 23:09 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2015-11-11 14:05 - 2015-10-30 23:04 - 01547264 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-11-11 14:05 - 2015-10-30 22:53 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-11-11 14:05 - 2015-10-30 22:51 - 02011136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-11-11 14:05 - 2015-10-30 22:48 - 01311744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-11-11 14:05 - 2015-10-30 22:46 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-11-11 14:03 - 2015-10-20 02:12 - 05570496 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-11-11 14:03 - 2015-10-20 02:12 - 00154560 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-11-11 14:03 - 2015-10-20 02:12 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-11-11 14:03 - 2015-10-20 02:09 - 01730496 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2015-11-11 14:03 - 2015-10-20 02:06 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2015-11-11 14:03 - 2015-10-20 02:06 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2015-11-11 14:03 - 2015-10-20 02:06 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2015-11-11 14:03 - 2015-10-20 02:06 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2015-11-11 14:03 - 2015-10-20 02:05 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-11-11 14:03 - 2015-10-20 02:05 - 01216512 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2015-11-11 14:03 - 2015-10-20 02:05 - 01164800 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2015-11-11 14:03 - 2015-10-20 02:05 - 00729600 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-11-11 14:03 - 2015-10-20 02:05 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-11-11 14:03 - 2015-10-20 02:05 - 00424960 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2015-11-11 14:03 - 2015-10-20 02:05 - 00344064 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-11-11 14:03 - 2015-10-20 02:05 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-11-11 14:03 - 2015-10-20 02:05 - 00312320 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-11-11 14:03 - 2015-10-20 02:05 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-11-11 14:03 - 2015-10-20 02:05 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-11-11 14:03 - 2015-10-20 02:05 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-11-11 14:03 - 2015-10-20 02:05 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2015-11-11 14:03 - 2015-10-20 02:05 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-11-11 14:03 - 2015-10-20 02:05 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-11-11 14:03 - 2015-10-20 02:05 - 00044032 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2015-11-11 14:03 - 2015-10-20 02:05 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2015-11-11 14:03 - 2015-10-20 02:05 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-11-11 14:03 - 2015-10-20 02:05 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-11-11 14:03 - 2015-10-20 02:05 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-11-11 14:03 - 2015-10-20 02:05 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2015-11-11 14:03 - 2015-10-20 02:04 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2015-11-11 14:03 - 2015-10-20 02:04 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-11-11 14:03 - 2015-10-20 02:04 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-11-11 14:03 - 2015-10-20 02:00 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-11-11 14:03 - 2015-10-20 01:59 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-11-11 14:03 - 2015-10-20 01:53 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-11-11 14:03 - 2015-10-20 01:53 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2015-11-11 14:03 - 2015-10-20 01:53 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2015-11-11 14:03 - 2015-10-20 01:53 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2015-11-11 14:03 - 2015-10-20 01:53 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2015-11-11 14:03 - 2015-10-20 01:53 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2015-11-11 14:03 - 2015-10-20 01:53 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2015-11-11 14:03 - 2015-10-20 01:53 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2015-11-11 14:03 - 2015-10-20 01:53 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2015-11-11 14:03 - 2015-10-20 01:53 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2015-11-11 14:03 - 2015-10-20 01:53 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-11-11 14:03 - 2015-10-20 01:53 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2015-11-11 14:03 - 2015-10-20 01:53 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2015-11-11 14:03 - 2015-10-20 01:53 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2015-11-11 14:03 - 2015-10-20 01:53 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2015-11-11 14:03 - 2015-10-20 01:53 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2015-11-11 14:03 - 2015-10-20 01:53 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2015-11-11 14:03 - 2015-10-20 01:53 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2015-11-11 14:03 - 2015-10-20 01:53 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2015-11-11 14:03 - 2015-10-20 01:53 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2015-11-11 14:03 - 2015-10-20 01:53 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2015-11-11 14:03 - 2015-10-20 01:53 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2015-11-11 14:03 - 2015-10-20 01:53 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2015-11-11 14:03 - 2015-10-20 01:53 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2015-11-11 14:03 - 2015-10-20 01:53 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2015-11-11 14:03 - 2015-10-20 01:53 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2015-11-11 14:03 - 2015-10-20 01:53 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2015-11-11 14:03 - 2015-10-20 01:53 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2015-11-11 14:03 - 2015-10-20 01:53 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2015-11-11 14:03 - 2015-10-20 01:53 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2015-11-11 14:03 - 2015-10-20 01:52 - 03991488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-11-11 14:03 - 2015-10-20 01:52 - 03935680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-11-11 14:03 - 2015-10-20 01:48 - 01311768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2015-11-11 14:03 - 2015-10-20 01:45 - 00552960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-11-11 14:03 - 2015-10-20 01:45 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2015-11-11 14:03 - 2015-10-20 01:45 - 00251392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-11-11 14:03 - 2015-10-20 01:45 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2015-11-11 14:03 - 2015-10-20 01:45 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2015-11-11 14:03 - 2015-10-20 01:45 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2015-11-11 14:03 - 2015-10-20 01:45 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-11-11 14:03 - 2015-10-20 01:45 - 00036864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
2015-11-11 14:03 - 2015-10-20 01:45 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2015-11-11 14:03 - 2015-10-20 01:45 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2015-11-11 14:03 - 2015-10-20 01:45 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2015-11-11 14:03 - 2015-10-20 01:45 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2015-11-11 14:03 - 2015-10-20 01:44 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2015-11-11 14:03 - 2015-10-20 01:44 - 00665088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2015-11-11 14:03 - 2015-10-20 01:44 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2015-11-11 14:03 - 2015-10-20 01:44 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2015-11-11 14:03 - 2015-10-20 01:44 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2015-11-11 14:03 - 2015-10-20 01:44 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2015-11-11 14:03 - 2015-10-20 01:39 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2015-11-11 14:03 - 2015-10-20 01:39 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2015-11-11 14:03 - 2015-10-20 01:35 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2015-11-11 14:03 - 2015-10-20 01:35 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2015-11-11 14:03 - 2015-10-20 01:35 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2015-11-11 14:03 - 2015-10-20 01:35 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2015-11-11 14:03 - 2015-10-20 01:35 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2015-11-11 14:03 - 2015-10-20 01:35 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2015-11-11 14:03 - 2015-10-20 01:35 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2015-11-11 14:03 - 2015-10-20 01:35 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2015-11-11 14:03 - 2015-10-20 01:35 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2015-11-11 14:03 - 2015-10-20 01:35 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2015-11-11 14:03 - 2015-10-20 01:35 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2015-11-11 14:03 - 2015-10-20 01:35 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2015-11-11 14:03 - 2015-10-20 01:35 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2015-11-11 14:03 - 2015-10-20 01:35 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2015-11-11 14:03 - 2015-10-20 01:35 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2015-11-11 14:03 - 2015-10-20 01:35 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2015-11-11 14:03 - 2015-10-20 01:35 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-11-11 14:03 - 2015-10-20 01:35 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2015-11-11 14:03 - 2015-10-20 01:35 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2015-11-11 14:03 - 2015-10-20 01:35 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2015-11-11 14:03 - 2015-10-20 01:35 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2015-11-11 14:03 - 2015-10-20 01:35 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2015-11-11 14:03 - 2015-10-20 01:35 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2015-11-11 14:03 - 2015-10-20 01:35 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2015-11-11 14:03 - 2015-10-20 01:35 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2015-11-11 14:03 - 2015-10-20 01:35 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2015-11-11 14:03 - 2015-10-20 00:41 - 00159232 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2015-11-11 14:03 - 2015-10-20 00:40 - 00290816 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2015-11-11 14:03 - 2015-10-20 00:40 - 00129024 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2015-11-11 14:03 - 2015-10-20 00:29 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2015-11-11 14:03 - 2015-10-20 00:29 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2015-11-11 14:03 - 2015-10-20 00:27 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2015-11-11 14:03 - 2015-10-20 00:27 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2015-11-11 14:03 - 2015-10-20 00:27 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2015-11-11 14:03 - 2015-10-20 00:27 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2015-11-11 14:03 - 2015-10-13 17:41 - 00497664 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2015-11-11 14:03 - 2015-10-13 17:40 - 00118272 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tdx.sys
2015-11-11 14:03 - 2015-10-13 05:57 - 00950720 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ndis.sys
2015-11-11 14:03 - 2015-10-01 19:00 - 00275456 _____ (Microsoft Corporation) C:\Windows\system32\InkEd.dll
2015-11-11 14:03 - 2015-10-01 19:00 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\jnwmon.dll
2015-11-11 14:03 - 2015-10-01 18:50 - 00216064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\InkEd.dll
2015-11-11 14:03 - 2015-09-23 14:15 - 00460776 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2015-11-11 14:03 - 2015-09-23 14:15 - 00299632 _____ (Microsoft Corporation) C:\Windows\system32\bcryptprimitives.dll
2015-11-11 14:03 - 2015-09-23 14:09 - 00251000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\bcryptprimitives.dll
==================== Ein Monat: Geänderte Dateien und Ordner ========
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)
2015-12-08 21:39 - 2014-10-16 20:42 - 00001106 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-12-08 21:39 - 2014-03-14 10:38 - 00000000 ____D C:\ProgramData\VMware
2015-12-08 21:39 - 2014-02-14 00:57 - 00000000 ___RD C:\Users\Eltern\Dropbox
2015-12-08 21:39 - 2014-02-14 00:55 - 00000000 ____D C:\Users\Eltern\AppData\Roaming\Dropbox
2015-12-08 21:38 - 2014-12-16 21:12 - 00000000 ____D C:\ProgramData\AVAST Software
2015-12-08 21:38 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-12-08 21:38 - 2009-07-14 04:20 - 00000000 ____D C:\Windows
2015-12-08 21:30 - 2009-07-14 05:45 - 00019312 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-12-08 21:30 - 2009-07-14 05:45 - 00019312 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-12-08 21:29 - 2009-07-14 18:58 - 00702138 _____ C:\Windows\system32\perfh007.dat
2015-12-08 21:29 - 2009-07-14 18:58 - 00150804 _____ C:\Windows\system32\perfc007.dat
2015-12-08 21:29 - 2009-07-14 06:13 - 01628890 _____ C:\Windows\system32\PerfStringBackup.INI
2015-12-08 21:29 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\inf
2015-12-08 16:15 - 2014-02-12 23:17 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-12-08 16:13 - 2014-10-16 20:42 - 00001110 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-12-08 16:00 - 2015-06-17 13:43 - 00001228 _____ C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-3895678430-1897185528-4005713618-1000UA.job
2015-12-08 15:31 - 2014-05-21 12:06 - 00000000 ____D C:\Users\Wartung
2015-12-08 12:44 - 2014-03-14 11:00 - 00000000 ____D C:\Windows\Minidump
2015-12-08 12:44 - 2014-02-12 22:44 - 00000000 ____D C:\Users\Eltern
2015-12-08 12:42 - 2015-03-28 09:51 - 00000000 ____D C:\Program Files (x86)\ShellfireVPN
2015-12-08 12:28 - 2014-12-04 11:56 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-12-08 12:28 - 2014-12-04 11:56 - 00109272 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-12-08 12:00 - 2015-01-30 17:48 - 00000000 ____D C:\Users\Eltern\Downloads\Sicherheit
2015-12-08 11:34 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\system32\NDF
2015-12-08 11:20 - 2014-02-24 23:26 - 00000000 ____D C:\Program Files (x86)\Steam
2015-12-08 10:01 - 2014-02-18 19:55 - 00000680 __RSH C:\Users\Eltern\ntuser.pol
2015-12-08 09:54 - 2014-06-04 09:08 - 00000680 __RSH C:\Users\Wartung\ntuser.pol
2015-12-08 09:50 - 2014-02-18 16:17 - 00279418 __RSH C:\Users\Sara\ntuser.pol
2015-12-08 09:50 - 2014-02-14 17:26 - 00000000 ____D C:\Users\Sara
2015-12-07 16:08 - 2015-01-20 22:22 - 00000000 ____D C:\Users\Wartung\Desktop\SleepTimerUltimate
2015-12-07 15:11 - 2014-10-02 12:07 - 00000000 ____D C:\Users\Eltern\Documents\WEG
2015-12-06 18:57 - 2009-07-14 06:08 - 00032640 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2015-12-05 17:42 - 2014-02-14 17:27 - 00166008 _____ C:\Users\Sara\AppData\Local\GDIPFONTCACHEV1.DAT
2015-12-05 17:41 - 2009-07-14 05:45 - 00513968 _____ C:\Windows\system32\FNTCACHE.DAT
2015-12-05 14:46 - 2014-06-04 09:08 - 00166008 _____ C:\Users\Wartung\AppData\Local\GDIPFONTCACHEV1.DAT
2015-12-05 14:43 - 2014-02-12 23:09 - 00166008 _____ C:\Users\Eltern\AppData\Local\GDIPFONTCACHEV1.DAT
2015-12-05 14:00 - 2015-06-17 13:43 - 00001176 _____ C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-3895678430-1897185528-4005713618-1000Core.job
2015-12-05 12:54 - 2014-02-17 15:16 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AutoIt v3
2015-12-05 12:54 - 2014-02-17 15:16 - 00000000 ____D C:\Program Files (x86)\AutoIt3
2015-12-05 12:51 - 2014-02-17 15:55 - 00000833 _____ C:\Users\Eltern\SciTE.session
2015-12-05 11:56 - 2014-02-13 23:56 - 00000000 ____D C:\Program Files (x86)\TeamViewer
2015-12-05 11:31 - 2014-08-17 00:07 - 02821632 ___SH C:\Users\Eltern\Desktop\Thumbs.db
2015-12-04 14:02 - 2014-02-12 23:26 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2015-12-03 14:23 - 2014-03-05 15:48 - 00000000 ____D C:\Users\Eltern\AppData\Roaming\ALFBanCo5
2015-12-03 14:17 - 2014-03-05 15:47 - 00000000 ____D C:\ProgramData\AlfBanCo5
2015-12-02 22:07 - 2014-02-14 14:10 - 00140488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\comdlg32.ocx--
2015-12-02 19:08 - 2014-10-16 20:42 - 00004106 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-12-02 19:08 - 2014-10-16 20:42 - 00003854 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2015-12-02 14:11 - 2014-02-14 00:16 - 00000000 ____D C:\Users\Eltern\Documents\Finanzkalkulationen
2015-12-01 23:48 - 2009-07-14 04:20 - 00000000 ___HD C:\Windows\system32\GroupPolicyUsers
2015-11-30 20:52 - 2014-02-14 00:50 - 00000000 ____D C:\Users\Eltern\AppData\Roaming\vlc
2015-11-30 14:20 - 2014-03-04 22:41 - 00000000 ____D C:\Users\Eltern\AppData\Roaming\HandBrake
2015-11-30 07:57 - 2014-11-27 15:21 - 00000824 _____ C:\Users\Wartung\Desktop\Handbrake.lnk
2015-11-30 07:57 - 2014-03-04 15:40 - 00000000 ____D C:\Users\Eltern\AppData\Roaming\dvdcss
2015-11-26 18:29 - 2014-03-14 11:09 - 00000000 ____D C:\Users\Eltern\AppData\Local\VMware
2015-11-26 17:23 - 2014-03-14 11:09 - 00000000 ____D C:\Users\Eltern\AppData\Roaming\VMware
2015-11-26 15:43 - 2009-07-14 06:32 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2015-11-26 08:32 - 2014-03-29 14:58 - 00000000 ____D C:\Program Files (x86)\QNAP
2015-11-26 08:26 - 2015-09-24 19:53 - 00000000 ____D C:\Users\Wartung\AppData\Local\NVIDIA Corporation
2015-11-26 08:25 - 2015-09-22 19:30 - 00000000 ____D C:\Users\Eltern\AppData\Local\NVIDIA Corporation
2015-11-26 08:25 - 2015-09-22 19:28 - 00000000 ____D C:\ProgramData\NVIDIA Corporation
2015-11-26 08:25 - 2015-09-22 19:27 - 00000000 ____D C:\Program Files\NVIDIA Corporation
2015-11-26 08:25 - 2015-09-16 21:08 - 00000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2015-11-26 08:24 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\Help
2015-11-25 20:01 - 2015-01-29 11:11 - 00000000 ____D C:\Program Files\multiAVCHD
2015-11-25 19:52 - 2014-02-14 21:18 - 00000000 ____D C:\Users\Eltern\AppData\Roaming\MusicBee
2015-11-24 16:12 - 2015-06-18 13:19 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Image Writer
2015-11-24 16:12 - 2015-06-18 13:19 - 00000000 ____D C:\Program Files (x86)\ImageWriter
2015-11-23 15:40 - 2015-09-02 21:18 - 00000000 ____D C:\Users\Wartung\Documents\SoftMaker
2015-11-23 14:52 - 2014-08-07 11:08 - 00000000 ____D C:\ProgramData\Package Cache
2015-11-22 13:33 - 2014-02-14 17:41 - 00000000 ____D C:\Users\Sara\AppData\Roaming\vlc
2015-11-20 17:48 - 2014-02-13 23:45 - 00000000 ____D C:\Program Files (x86)\Adobe
2015-11-20 17:48 - 2014-02-13 00:25 - 00000000 ____D C:\ProgramData\Adobe
2015-11-18 20:02 - 2015-05-04 14:02 - 00000348 _____ C:\Windows\Tasks\P nach D-Sicherungen.job
2015-11-18 13:51 - 2014-02-13 23:49 - 00003490 _____ C:\Windows\System32\Tasks\Motorola Device Manager Update
2015-11-18 13:51 - 2014-02-13 23:49 - 00003472 _____ C:\Windows\System32\Tasks\Motorola Device Manager Engine
2015-11-18 13:50 - 2015-05-04 14:02 - 00002944 _____ C:\Windows\System32\Tasks\P nach D-Sicherungen
2015-11-18 13:48 - 2015-10-30 20:47 - 00003888 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2015-11-17 19:51 - 2014-03-29 10:11 - 00000000 ____D C:\Users\Eltern\Documents\Praxis
2015-11-14 21:37 - 2015-01-20 13:11 - 00000000 ____D C:\Users\Eltern\AppData\Local\Downloaded Installations
2015-11-14 17:25 - 2015-06-21 19:49 - 00000000 ____D C:\Users\Eltern\Documents\Finanzen
2015-11-14 17:14 - 2015-05-03 21:07 - 00000000 ____D C:\Program Files\FreeFileSync
2015-11-14 17:03 - 2015-05-04 13:34 - 00000000 ____D C:\Users\Eltern\AppData\Roaming\PersBackup5
2015-11-13 14:10 - 2015-07-13 11:32 - 00000000 ____D C:\Users\Eltern\Desktop\Monokel
2015-11-11 21:49 - 2014-02-12 23:51 - 145617392 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-11-11 21:49 - 2014-02-12 23:51 - 00000000 ____D C:\Windows\system32\MRT
2015-11-11 21:49 - 2014-02-12 23:30 - 00000000 ____D C:\ProgramData\Microsoft Help
2015-11-11 16:46 - 2009-07-14 19:18 - 00000000 ____D C:\Program Files\Windows Journal
2015-11-11 16:09 - 2014-02-12 22:52 - 01602234 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2015-11-11 15:15 - 2014-02-12 23:17 - 00780488 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-11-11 15:15 - 2014-02-12 23:17 - 00142536 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-11-11 15:15 - 2014-02-12 23:17 - 00003822 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-11-11 13:50 - 2015-11-07 23:55 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
Einige Dateien in TEMP:
====================
C:\Users\Eltern\AppData\Local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpqshst7.dll
==================== Bamital & volsnap =================
(Es ist kein automatischer Fix für Dateien vorhanden, die an der Verifikation gescheitert sind.)
C:\Windows\system32\winlogon.exe => Datei ist digital signiert
C:\Windows\system32\wininit.exe => Datei ist digital signiert
C:\Windows\SysWOW64\wininit.exe => Datei ist digital signiert
C:\Windows\explorer.exe => Datei ist digital signiert
C:\Windows\SysWOW64\explorer.exe => Datei ist digital signiert
C:\Windows\system32\svchost.exe => Datei ist digital signiert
C:\Windows\SysWOW64\svchost.exe => Datei ist digital signiert
C:\Windows\system32\services.exe => Datei ist digital signiert
C:\Windows\system32\User32.dll => Datei ist digital signiert
C:\Windows\SysWOW64\User32.dll => Datei ist digital signiert
C:\Windows\system32\userinit.exe => Datei ist digital signiert
C:\Windows\SysWOW64\userinit.exe => Datei ist digital signiert
C:\Windows\system32\rpcss.dll => Datei ist digital signiert
C:\Windows\system32\dnsapi.dll => Datei ist digital signiert
C:\Windows\SysWOW64\dnsapi.dll => Datei ist digital signiert
C:\Windows\system32\Drivers\volsnap.sys => Datei ist digital signiert
LastRegBack: 2015-11-30 21:28
==================== Ende von FRST.txt ============================
|
|
08.12.2015, 21:57
| #20 |
| | Noch ne Fundstelle... Habe mal ein bisserl geschaut und noch was gefunden im MS Security Essentials: Hier sind weitere Infos zu diesem Ding: SoftwareBundler:Win32/InstallMonetizer (hxxp://www.microsoft.com/security/portal/threat/encyclopedia/entry.aspx?name=SoftwareBundler%3aWin32%2fInstallMonetizer&threatid=199745&enterprise=0) Kommt auch zeitlich ganz gut hin, das könnte das Einfallstor gewesen sein. Muss mal stöbern, woher das kommen könnte... Oh, ab kurz nach 11 war ich bereits auf der Suche nach Hilfe wegen Trojaner - falls der Zeitstempel stimmt, dann hat sich das irgendein Tool wohl im Hintergrund geholt. Zumal ich den IE eigentlich gar nicht einsetze, sondern nur den FF...? Geändert von rr15 (08.12.2015 um 22:02 Uhr) Grund: Ergänzung |
|
09.12.2015, 09:02
| #21 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Virus JS:ScriptPE-inf (Trj) laut avast, nur noch Mail geht Ok, Avast ist runter, aber da sind auch noch Reste von Avira: Zitat:
__________________ --> Virus JS:ScriptPE-inf (Trj) laut avast, nur noch Mail geht |
|
09.12.2015, 10:11
| #22 |
| | Virus JS:ScriptPE-inf (Trj) laut avast, nur noch Mail geht Hatte ich gestern Abend nach meinem Post ebenfalls gemerkt und deinstalliert. Leider komme ich erst heute Abend wieder dazu, eine neue Log zu erstellen, aber danke schonmal! |
|
09.12.2015, 10:13
| #23 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Virus JS:ScriptPE-inf (Trj) laut avast, nur noch Mail geht Gut wenn das auch runter ist, dann bitte Combofix neu runterladen und nach Anleitung wieder ausführen.
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
09.12.2015, 10:26
| #24 |
| | Virus JS:ScriptPE-inf (Trj) laut avast, nur noch Mail geht Gut, mache ich. Und dann vermutlich nochmal mit FRST checken lassen? |
|
09.12.2015, 10:41
| #25 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Virus JS:ScriptPE-inf (Trj) laut avast, nur noch Mail geht Mach doch erstmal combofix. Was dann ist sehen wir dann.
__________________ Logfiles bitte immer in CODE-Tags posten |
|
09.12.2015, 20:56
| #26 |
| | Virus JS:ScriptPE-inf (Trj) laut avast, nur noch Mail geht So, nochmal runtergeladen, laufen gelassen, offenbar keine Fehler gefunden und endlich eine log erstellt. Nebenbei kommen auch bei erneuter Anmeldung keine flackernden Combifix-Fenster mehr... Hier ist die Log: Code:
ATTFilter ComboFix 15-12-07.01 - Wartung 09.12.2015 20:43:24.3.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.49.1031.18.8153.6151 [GMT 1:00]
ausgeführt von:: d:\installation\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {B7ECF8CD-0188-6703-DBA4-AA65C6ACFB0A}
SP: Microsoft Security Essentials *Disabled/Updated* {0C8D1929-27B2-688D-E114-9117BD2BB1B7}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Neuer Wiederherstellungspunkt wurde erstellt
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-- Vorheriger Suchlauf --
.
Infizierte Kopie von c:\windows\SysWow64\userinit.exe wurde gefunden und desinfiziert
Kopie von - c:\windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe wurde wiederhergestellt
.
-- Vorheriger Suchlauf --
.
Infizierte Kopie von c:\windows\SysWow64\userinit.exe wurde gefunden und desinfiziert
Kopie von - c:\windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe wurde wiederhergestellt
.
--------
.
Infizierte Kopie von c:\windows\SysWow64\userinit.exe wurde gefunden und desinfiziert
Kopie von - c:\windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe wurde wiederhergestellt
.
--------
.
.
((((((((((((((((((((((((((((((((((((((( Treiber/Dienste )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_conhost.exe pid: 164 28: c:\windows\System32\de-DE\conhost.exe.mui
-------\Service_conhost.exe pid: 5440 28: c:\windows\System32\de-DE\conhost.exe.mui
-------\Service_Copyright (C) 1997-2008 Mark Russinovich
-------\Service_csrss.exe pid: 548 40: c:\windows\System32\de-DE\csrss.exe.mui
-------\Service_dwm.exe pid: 2396 28: c:\windows\System32\de-DE\dwm.exe.mui
-------\Service_explorer.exe pid: 2440 3C: c:\windows\de-DE\explorer.exe.mui
-------\Service_Handle v3.42
-------\Service_lsm.exe pid: 748 290: c:\windows\System32\de-DE\lsm.exe.mui
-------\Service_msiexec.exe pid: 3316 40: c:\windows\System32\de-DE\msiexec.exe.mui
-------\Service_MsMpEng.exe pid: 592 3F4: c:\program files\Microsoft Security Client\NisSrv.exe
-------\Service_MsMpEng.exe pid: 592 414: c:\program files\Microsoft Security Client\MpCmdRun.exe
-------\Service_SearchIndexer.exe pid: 4712 3C: c:\windows\System32\de-DE\SearchIndexer.exe.mui
-------\Service_services.exe pid: 696 4C: c:\windows\System32\de-DE\services.exe.mui
-------\Service_spoolsv.exe pid: 1748 34: c:\windows\System32\de-DE\spoolsv.exe.mui
-------\Service_svchost.exe pid: 1008 194: c:\windows\System32\de-DE\svchost.exe.mui
-------\Service_svchost.exe pid: 1068 38: c:\windows\System32\de-DE\svchost.exe.mui
-------\Service_svchost.exe pid: 1104 38: c:\windows\System32\de-DE\svchost.exe.mui
-------\Service_svchost.exe pid: 1140 38: c:\windows\System32\de-DE\svchost.exe.mui
-------\Service_svchost.exe pid: 1180 38: c:\windows\System32\de-DE\svchost.exe.mui
-------\Service_svchost.exe pid: 1280 38: c:\windows\System32\de-DE\svchost.exe.mui
-------\Service_svchost.exe pid: 1364 38: c:\windows\System32\de-DE\svchost.exe.mui
-------\Service_svchost.exe pid: 1888 38: c:\windows\System32\de-DE\svchost.exe.mui
-------\Service_svchost.exe pid: 1928 38: c:\windows\System32\de-DE\svchost.exe.mui
-------\Service_svchost.exe pid: 2460 30: c:\windows\System32\de-DE\svchost.exe.mui
-------\Service_svchost.exe pid: 2720 38: c:\windows\System32\de-DE\svchost.exe.mui
-------\Service_svchost.exe pid: 2996 98: c:\windows\System32\de-DE\svchost.exe.mui
-------\Service_svchost.exe pid: 5528 100: c:\windows\System32\de-DE\svchost.exe.mui
-------\Service_svchost.exe pid: 5820 144: c:\windows\System32\de-DE\svchost.exe.mui
-------\Service_svchost.exe pid: 860 90: c:\windows\System32\de-DE\svchost.exe.mui
-------\Service_Sysinternals - www.sysinternals.com
-------\Service_taskeng.exe pid: 1728 34: c:\windows\System32\de-DE\TaskEng.exe.mui
-------\Service_taskhost.exe pid: 2256 34: c:\windows\System32\de-DE\taskhost.exe.mui
-------\Service_wmpnetwk.exe pid: 5452 40: c:\program files\Windows Media Player\de-DE\wmpnetwk.exe.mui
-------\Service_conhost.exe pid: 12452 24: c:\windows\System32\de-DE\conhost.exe.mui
-------\Service_conhost.exe pid: 2700 28: c:\windows\System32\de-DE\conhost.exe.mui
-------\Service_Copyright (C) 1997-2008 Mark Russinovich
-------\Service_csrss.exe pid: 584 40: c:\windows\System32\de-DE\csrss.exe.mui
-------\Service_dwm.exe pid: 2336 28: c:\windows\System32\de-DE\dwm.exe.mui
-------\Service_explorer.exe pid: 2404 3C: c:\windows\de-DE\explorer.exe.mui
-------\Service_Handle v3.42
-------\Service_lsm.exe pid: 808 260: c:\windows\System32\de-DE\lsm.exe.mui
-------\Service_msiexec.exe pid: 4116 40: c:\windows\System32\de-DE\msiexec.exe.mui
-------\Service_MsMpEng.exe pid: 468 3B8: c:\program files\Microsoft Security Client\NisSrv.exe
-------\Service_MsMpEng.exe pid: 468 418: c:\program files\Microsoft Security Client\MpCmdRun.exe
-------\Service_SearchIndexer.exe pid: 5624 3C: c:\windows\System32\de-DE\SearchIndexer.exe.mui
-------\Service_services.exe pid: 792 4C: c:\windows\System32\de-DE\services.exe.mui
-------\Service_spoolsv.exe pid: 1812 34: c:\windows\System32\de-DE\spoolsv.exe.mui
-------\Service_sppsvc.exe pid: 6340 3C: c:\windows\System32\de-DE\sppsvc.exe.mui
-------\Service_svchost.exe pid: 1100 38: c:\windows\System32\de-DE\svchost.exe.mui
-------\Service_svchost.exe pid: 1132 38: c:\windows\System32\de-DE\svchost.exe.mui
-------\Service_svchost.exe pid: 1160 38: c:\windows\System32\de-DE\svchost.exe.mui
-------\Service_svchost.exe pid: 1184 38: c:\windows\System32\de-DE\svchost.exe.mui
-------\Service_svchost.exe pid: 1300 38: c:\windows\System32\de-DE\svchost.exe.mui
-------\Service_svchost.exe pid: 1420 38: c:\windows\System32\de-DE\svchost.exe.mui
-------\Service_svchost.exe pid: 1880 38: c:\windows\System32\de-DE\svchost.exe.mui
-------\Service_svchost.exe pid: 1916 38: c:\windows\System32\de-DE\svchost.exe.mui
-------\Service_svchost.exe pid: 3040 30: c:\windows\System32\de-DE\svchost.exe.mui
-------\Service_svchost.exe pid: 3324 34: c:\windows\System32\de-DE\svchost.exe.mui
-------\Service_svchost.exe pid: 448 194: c:\windows\System32\de-DE\svchost.exe.mui
-------\Service_svchost.exe pid: 4500 98: c:\windows\System32\de-DE\svchost.exe.mui
-------\Service_svchost.exe pid: 6128 100: c:\windows\System32\de-DE\svchost.exe.mui
-------\Service_svchost.exe pid: 7008 144: c:\windows\System32\de-DE\svchost.exe.mui
-------\Service_svchost.exe pid: 908 90: c:\windows\System32\de-DE\svchost.exe.mui
-------\Service_Sysinternals - www.sysinternals.com
-------\Service_taskeng.exe pid: 1788 34: c:\windows\System32\de-DE\TaskEng.exe.mui
-------\Service_taskhost.exe pid: 2188 34: c:\windows\System32\de-DE\taskhost.exe.mui
-------\Service_TrustedInstaller.exe pid: 9976 3C: c:\windows\servicing\de-DE\TrustedInstaller.exe.mui
-------\Service_wmpnetwk.exe pid: 5188 40: c:\program files\Windows Media Player\de-DE\wmpnetwk.exe.mui
.
.
((((((((((((((((((((((( Dateien erstellt von 2015-11-09 bis 2015-12-09 ))))))))))))))))))))))))))))))
.
.
2015-12-09 19:48 . 2015-12-09 19:48 -------- d-----w- c:\users\Wartung\AppData\Local\temp
2015-12-09 19:48 . 2015-12-09 19:48 -------- d-----w- c:\users\Sara\AppData\Local\temp
2015-12-09 19:48 . 2015-12-09 19:48 -------- d-----w- c:\users\Default\AppData\Local\temp
2015-12-09 19:48 . 2015-12-09 19:48 -------- d-----w- c:\users\Admin\AppData\Local\temp
2015-12-09 18:39 . 2015-10-29 09:28 11138400 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{8F02C81A-638F-41DB-ADB0-C6CE417AE4B9}\mpengine.dll
2015-12-08 21:03 . 2015-12-08 21:04 -------- d-s---w- c:\windows\system32\GWX
2015-12-08 21:03 . 2015-12-08 21:03 -------- d-s---w- c:\windows\SysWow64\GWX
2015-12-08 20:53 . 2015-07-09 17:58 1632256 ----a-w- c:\windows\system32\dwmcore.dll
2015-12-08 20:51 . 2015-06-25 10:06 115136 ----a-w- c:\windows\system32\consent.exe
2015-12-08 20:51 . 2015-06-25 10:01 1941504 ----a-w- c:\windows\system32\authui.dll
2015-12-08 20:51 . 2015-06-25 10:01 70656 ----a-w- c:\windows\system32\appinfo.dll
2015-12-08 20:51 . 2015-06-25 09:44 1805824 ----a-w- c:\windows\SysWow64\authui.dll
2015-12-08 20:35 . 2015-12-08 20:35 -------- d-s---w- c:\windows\SysWow64\Microsoft
2015-12-08 20:34 . 2015-10-29 09:28 11138400 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2015-12-08 11:28 . 2015-12-08 11:42 -------- d-----w- c:\programdata\Malwarebytes' Anti-Malware (portable)
2015-12-08 10:19 . 2015-12-08 20:40 -------- d-----w- C:\FRST
2015-12-07 17:58 . 2015-12-07 17:58 -------- d-----w- c:\users\Sara\AppData\Local\AutoIt v3
2015-12-07 15:11 . 2015-12-07 15:11 -------- d-----w- c:\users\Sara\AppData\Roaming\FileJuggler
2015-12-06 17:52 . 2015-12-06 17:52 -------- d-----w- c:\program files\Script
2015-12-06 17:31 . 2015-12-08 11:42 -------- d-----w- c:\windows\script
2015-12-05 11:54 . 2015-12-07 15:08 -------- d-----w- c:\users\Wartung\AppData\Local\AutoIt v3
2015-12-05 10:21 . 2015-12-05 10:21 -------- d-----w- c:\users\Wartung\AppData\Roaming\FileJuggler
2015-12-03 14:28 . 2015-12-04 12:08 -------- d-----w- c:\program files (x86)\Mozilla Thunderbird
2015-12-03 13:12 . 2015-12-03 13:12 -------- d-----w- c:\program files\Common Files\AV
2015-12-03 13:12 . 2015-12-03 13:12 -------- d-----w- c:\program files (x86)\Common Files\AV
2015-12-02 21:02 . 2015-12-08 08:50 -------- d-----w- c:\users\test
2015-12-01 23:00 . 2015-12-01 23:00 -------- d-----w- c:\users\Eltern\AppData\Roaming\Spore
2015-11-30 14:03 . 2015-12-06 17:35 -------- d-----w- c:\users\Eltern\AppData\Roaming\FileJuggler
2015-11-30 14:03 . 2015-11-30 14:03 -------- d-----w- c:\program files (x86)\File Juggler
2015-11-30 06:57 . 2015-11-30 06:57 -------- d-----w- c:\program files\Handbrake
2015-11-26 18:24 . 2015-11-26 18:31 -------- d-----w- c:\programdata\Electronic Arts
2015-11-26 17:49 . 2015-11-26 17:49 -------- d--h--w- c:\program files (x86)\Common Files\EAInstaller
2015-11-26 16:50 . 2015-11-26 16:50 -------- d-----w- c:\program files (x86)\DiskImager
2015-11-26 07:45 . 2015-11-26 07:58 -------- d-----w- c:\users\Sara\AppData\Roaming\Origin
2015-11-26 07:45 . 2015-11-26 07:58 -------- d-----w- c:\users\Sara\AppData\Local\Origin
2015-11-26 07:25 . 2015-11-26 07:26 -------- d-----w- c:\users\Wartung\AppData\Local\NVIDIA
2015-11-26 07:25 . 2015-11-16 03:35 1828160 ----a-w- c:\windows\system32\nvspcap64.dll
2015-11-26 07:25 . 2015-11-16 03:35 1756424 ----a-w- c:\windows\system32\nvspbridge64.dll
2015-11-26 07:25 . 2015-11-16 03:35 112712 ----a-w- c:\windows\system32\NvRtmpStreamer64.dll
2015-11-26 07:25 . 2015-11-16 03:35 1509824 ----a-w- c:\windows\SysWow64\nvspcap.dll
2015-11-26 07:25 . 2015-11-16 03:35 1316000 ----a-w- c:\windows\SysWow64\nvspbridge.dll
2015-11-26 07:24 . 2015-11-14 05:53 102520 ----a-w- c:\windows\SysWow64\nvStreaming.exe
2015-11-26 07:24 . 2015-12-09 19:38 -------- d-----w- c:\programdata\NVIDIA
2015-11-26 07:24 . 2015-11-14 06:06 6358832 ----a-w- c:\windows\system32\nvcpl.dll
2015-11-26 07:24 . 2015-11-14 06:06 2983032 ----a-w- c:\windows\system32\nvsvc64.dll
2015-11-26 07:24 . 2015-11-14 06:06 938800 ----a-w- c:\windows\system32\nvvsvc.exe
2015-11-26 07:24 . 2015-11-14 06:06 62768 ----a-w- c:\windows\system32\nvshext.dll
2015-11-26 07:24 . 2015-11-14 06:06 385144 ----a-w- c:\windows\system32\nvmctray.dll
2015-11-26 07:24 . 2015-11-14 06:06 2554488 ----a-w- c:\windows\system32\nvsvcr.dll
2015-11-26 07:24 . 2015-10-28 08:17 6027430 ----a-w- c:\windows\system32\nvcoproc.bin
2015-11-25 18:54 . 2015-11-25 18:54 -------- d-----w- c:\users\Wartung\.dvdcss
2015-11-25 14:15 . 2015-11-25 14:15 -------- d-----w- c:\users\Eltern\AppData\Roaming\TightVNC
2015-11-25 14:15 . 2015-11-25 14:15 -------- d-----w- c:\program files\TightVNC
2015-11-23 21:18 . 2015-11-23 21:18 -------- d-----w- c:\program files\7-Zip
2015-11-23 14:49 . 2015-11-23 14:49 -------- d-----w- c:\users\Eltern\AppData\Local\pip
2015-11-23 13:58 . 2015-11-23 19:47 -------- d-----w- c:\users\Eltern\AppData\Roaming\Origin
2015-11-23 13:58 . 2015-11-23 13:59 -------- d-----w- c:\users\Eltern\AppData\Local\Origin
2015-11-23 13:52 . 2015-12-06 19:44 -------- d-----w- c:\programdata\Origin
2015-11-18 13:38 . 2015-12-08 13:49 -------- d-----w- C:\Skripte
2015-11-14 20:39 . 2015-11-14 20:39 -------- d-----w- c:\program files (x86)\SDA
2015-11-12 09:06 . 2015-11-03 17:55 3211264 ----a-w- c:\windows\system32\win32k.sys
2015-11-12 08:57 . 2015-12-09 19:39 -------- d-----w- C:\Temp
2015-11-11 18:40 . 2015-11-11 19:05 -------- d-----w- c:\users\Wartung\AppData\Local\VMware
2015-11-11 18:40 . 2015-11-11 18:40 -------- d-----w- c:\users\Wartung\AppData\Roaming\VMware
2015-11-11 13:05 . 2015-10-30 23:33 50176 ----a-w- c:\program files\Internet Explorer\DiagnosticsHub_is.dll
2015-11-11 13:03 . 2015-10-20 01:12 5570496 ----a-w- c:\windows\system32\ntoskrnl.exe
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2015-12-09 03:39 . 2014-02-12 22:31 301728 ------w- c:\windows\system32\MpSigStub.exe
2015-12-08 11:28 . 2014-12-04 10:56 192216 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2015-12-08 11:28 . 2014-12-04 10:56 109272 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2015-12-02 21:07 . 2014-02-14 13:10 140488 ----a-w- c:\windows\SysWow64\comdlg32.ocx--
2015-11-11 20:49 . 2014-02-12 22:51 145617392 ----a-w- c:\windows\system32\MRT.exe
2015-11-11 14:15 . 2014-02-12 22:17 780488 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2015-11-11 14:15 . 2014-02-12 22:17 142536 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2015-10-29 17:50 . 2015-12-08 20:53 350208 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll
2015-10-29 17:50 . 2015-12-08 20:53 309248 ----a-w- c:\windows\apppatch\AppPatch64\AcGenral.dll
2015-10-29 17:50 . 2015-12-08 20:53 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll
2015-10-29 17:50 . 2015-12-08 20:53 103424 ----a-w- c:\windows\apppatch\AppPatch64\acspecfc.dll
2015-10-29 17:49 . 2015-12-08 20:53 562176 ----a-w- c:\windows\apppatch\AcLayers.dll
2015-10-29 17:49 . 2015-12-08 20:53 470528 ----a-w- c:\windows\apppatch\AcSpecfc.dll
2015-10-29 17:49 . 2015-12-08 20:53 2178560 ----a-w- c:\windows\apppatch\AcGenral.dll
2015-10-29 17:49 . 2015-12-08 20:53 211968 ----a-w- c:\windows\apppatch\AcXtrnal.dll
2015-10-29 17:39 . 2015-12-08 20:53 2560 ----a-w- c:\windows\apppatch\AcRes.dll
2015-10-20 00:45 . 2015-11-11 13:03 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2015-10-13 00:29 . 2015-10-13 00:29 875720 ----a-w- c:\windows\SysWow64\msvcr120_clr0400.dll
2015-10-13 00:22 . 2015-10-13 00:22 869568 ----a-w- c:\windows\system32\msvcr120_clr0400.dll
2015-10-01 18:06 . 2015-10-13 18:32 692672 ----a-w- c:\windows\system32\winload.efi
2015-10-01 18:04 . 2015-10-13 18:32 616360 ----a-w- c:\windows\system32\winresume.efi
2015-10-01 18:00 . 2015-10-13 18:32 63488 ----a-w- c:\windows\system32\setbcdlocale.dll
2015-10-01 18:00 . 2015-10-13 18:32 59392 ----a-w- c:\windows\system32\appidapi.dll
2015-10-01 18:00 . 2015-10-13 18:32 32768 ----a-w- c:\windows\system32\appidsvc.dll
2015-10-01 18:00 . 2015-10-13 18:32 17920 ----a-w- c:\windows\system32\appidcertstorecheck.exe
2015-10-01 18:00 . 2015-10-13 18:32 147456 ----a-w- c:\windows\system32\appidpolicyconverter.exe
2015-10-01 17:50 . 2015-10-13 18:32 50688 ----a-w- c:\windows\SysWow64\appidapi.dll
2015-10-01 17:00 . 2015-10-13 18:32 61440 ----a-w- c:\windows\system32\drivers\appid.sys
2015-09-14 00:29 . 2015-09-25 13:52 1898288 ----a-w- c:\windows\system32\nvdispco6435598.dll
2015-09-14 00:29 . 2015-09-25 13:52 1558832 ----a-w- c:\windows\system32\nvdispgenco6435598.dll
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\EldosIconOverlay-cbfs4]
@="{40E5AF57-121C-4262-ADC3-E2203E2AACE5}"
[HKEY_CLASSES_ROOT\CLSID\{40E5AF57-121C-4262-ADC3-E2203E2AACE5}]
2013-11-15 12:43 156456 ----a-w- c:\windows\SysWOW64\cbfsMntNtf4.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\HardLinkMenu]
@="{0A479751-02BC-11d3-A855-0004AC2568AA}"
[HKEY_CLASSES_ROOT\CLSID\{0A479751-02BC-11d3-A855-0004AC2568AA}]
2013-12-29 13:08 538824 ----a-w- c:\program files\LinkShellExtension\32\HardlinkShellExt.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\IconOverlayHardLink]
@="{0A479751-02BC-11d3-A855-0004AC2568DD}"
[HKEY_CLASSES_ROOT\CLSID\{0A479751-02BC-11d3-A855-0004AC2568DD}]
2013-12-29 13:08 538824 ----a-w- c:\program files\LinkShellExtension\32\HardlinkShellExt.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\IconOverlaySymbolicLink]
@="{0A479751-02BC-11d3-A855-0004AC2568EE}"
[HKEY_CLASSES_ROOT\CLSID\{0A479751-02BC-11d3-A855-0004AC2568EE}]
2013-12-29 13:08 538824 ----a-w- c:\program files\LinkShellExtension\32\HardlinkShellExt.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"EPLTarget\P0000000000000000"="c:\windows\system32\spool\DRIVERS\x64\3\E_YATIH3E.EXE" [2012-07-12 241280]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"HDAudDeck"="c:\program files (x86)\VIA\VIAudioi\VDeck\VDeck.exe" [2012-08-09 5263504]
"IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIconLaunch.exe" [2012-02-29 56088]
"USB3MON"="c:\program files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe" [2012-05-20 291648]
"FUFAXRCV"="c:\program files (x86)\Epson Software\FAX Utility\FUFAXRCV.exe" [2013-12-24 642664]
"FUFAXSTM"="c:\program files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe" [2013-12-24 863848]
"KeyScrambler"="c:\program files (x86)\KeyScrambler\keyscrambler.exe" [2015-10-12 509216]
"PDFPrint"="c:\program files (x86)\PDF24\pdf24.exe" [2015-10-05 221728]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"SoftwareSASGeneration"= 1 (0x1)
.
[hkey_local_machine\software\Wow6432Node\microsoft\windows\currentversion\explorer\SharedTaskScheduler]
"{B964A848-358C-48ED-8028-25D6EB143E1F}"= "c:\windows\SysWOW64\cbfsMntNtf4.dll" [2013-11-15 156456]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"EldosMountNotificator-cbfs4"= {B964A848-358C-48ED-8028-25D6EB143E1F} - c:\windows\SysWOW64\cbfsMntNtf4.dll [2013-11-15 156456]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 aksdf;aksdf;c:\windows\system32\drivers\aksdf.sys;c:\windows\SYSNATIVE\drivers\aksdf.sys [x]
R2 CLKMSVC10_38F51D56;CyberLink Product - 2014/02/24 22:00;c:\program files (x86)\CyberLink\PowerDVD10\NavFilter\kmsvc.exe;c:\program files (x86)\CyberLink\PowerDVD10\NavFilter\kmsvc.exe [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 DeltaCopyService;DeltaCopy Server;d:\deltacopy\DCServce.exe;d:\deltacopy\DCServce.exe [x]
R3 AppleChargerSrv;AppleChargerSrv;c:\windows\system32\AppleChargerSrv.exe;c:\windows\SYSNATIVE\AppleChargerSrv.exe [x]
R3 BTCFilterService;USB Networking Driver Filter Service;c:\windows\system32\DRIVERS\motfilt.sys;c:\windows\SYSNATIVE\DRIVERS\motfilt.sys [x]
R3 cjusb;REINER SCT cyberJack USB Driver;c:\windows\system32\DRIVERS\cjusb.sys;c:\windows\SYSNATIVE\DRIVERS\cjusb.sys [x]
R3 hidkmdf;KMDF Driver;c:\windows\system32\DRIVERS\hidkmdf.sys;c:\windows\SYSNATIVE\DRIVERS\hidkmdf.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 IntcDAud;Intel(R) Display-Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
R3 libusb0;LibUsb-Win32 - Kernel Driver, Version 0.1.12.1;c:\windows\system32\drivers\libusb0.sys;c:\windows\SYSNATIVE\drivers\libusb0.sys [x]
R3 motandroidusb;Mot ADB Interface Driver;c:\windows\system32\Drivers\motoandroid.sys;c:\windows\SYSNATIVE\Drivers\motoandroid.sys [x]
R3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\DRIVERS\motccgp.sys;c:\windows\SYSNATIVE\DRIVERS\motccgp.sys [x]
R3 MotDev;Motorola Inc. USB Device;c:\windows\system32\DRIVERS\motodrv.sys;c:\windows\SYSNATIVE\DRIVERS\motodrv.sys [x]
R3 Motousbnet;Motorola USB Networking Driver Service;c:\windows\system32\DRIVERS\Motousbnet.sys;c:\windows\SYSNATIVE\DRIVERS\Motousbnet.sys [x]
R3 motusbdevice;Motorola USB Dev Driver;c:\windows\system32\DRIVERS\motusbdevice.sys;c:\windows\SYSNATIVE\DRIVERS\motusbdevice.sys [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys;c:\windows\SYSNATIVE\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Microsoft-Netzwerkinspektion;c:\program files\Microsoft Security Client\NisSrv.exe;c:\program files\Microsoft Security Client\NisSrv.exe [x]
R3 Origin Client Service;Origin Client Service;d:\programme\Origin\OriginClientService.exe;d:\programme\Origin\OriginClientService.exe [x]
R3 PDF Architect 3 CrashHandler;PDF Architect 3 CrashHandler;c:\program files (x86)\PDF Architect 3\crash-handler-ws.exe;c:\program files (x86)\PDF Architect 3\crash-handler-ws.exe [x]
R3 PDF Architect 3;PDF Architect 3;c:\program files (x86)\PDF Architect 3\ws.exe;c:\program files (x86)\PDF Architect 3\ws.exe [x]
R3 PSI;PSI;c:\windows\system32\DRIVERS\psi_mf_amd64.sys;c:\windows\SYSNATIVE\DRIVERS\psi_mf_amd64.sys [x]
R3 pwdrvio;pwdrvio;c:\windows\system32\pwdrvio.sys;c:\windows\SYSNATIVE\pwdrvio.sys [x]
R3 pwdspio;pwdspio;c:\windows\system32\pwdspio.sys;c:\windows\SYSNATIVE\pwdspio.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 RTL8187B;RTL8187B Drahtlos-802.11b/g-USB 2.0-Netzwerkadapter (54 MBit/s) von Realtek;c:\windows\system32\DRIVERS\RTL8187B.sys;c:\windows\SYSNATIVE\DRIVERS\RTL8187B.sys [x]
R3 RTL8192cu;300Mbps Wireless USB Adapter;c:\windows\system32\DRIVERS\RTL8192cu.sys;c:\windows\SYSNATIVE\DRIVERS\RTL8192cu.sys [x]
R3 Sony PC Companion;Sony PC Companion;c:\program files (x86)\Sony\Sony PC Companion\PCCService.exe;c:\program files (x86)\Sony\Sony PC Companion\PCCService.exe [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 WacHidRouter;Wacom Hid Router;c:\windows\system32\DRIVERS\wachidrouter.sys;c:\windows\SYSNATIVE\DRIVERS\wachidrouter.sys [x]
R3 wacomrouterfilter;Wacom Router Filter Driver;c:\windows\system32\DRIVERS\wacomrouterfilter.sys;c:\windows\SYSNATIVE\DRIVERS\wacomrouterfilter.sys [x]
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys;c:\windows\SYSNATIVE\DRIVERS\wdcsam64.sys [x]
R3 WSDScan;WSD-Scanunterstützung durch UMB;c:\windows\system32\drivers\WSDScan.sys;c:\windows\SYSNATIVE\drivers\WSDScan.sys [x]
R4 AntiVirWebService;Avira Browser-Schutz;c:\program files (x86)\Avira\AntiVir Desktop\avwebg7.exe;c:\program files (x86)\Avira\AntiVir Desktop\avwebg7.exe [x]
R4 jswpsapi;JumpStart Wi-Fi Protected Setup;c:\program files (x86)\TP-LINK\TP-LINK-Konfigurationstool\WPS\jswpsapi.exe;c:\program files (x86)\TP-LINK\TP-LINK-Konfigurationstool\WPS\jswpsapi.exe [x]
R4 Secunia PSI Agent;Secunia PSI Agent;c:\program files (x86)\Secunia\PSI\PSIA.exe;c:\program files (x86)\Secunia\PSI\PSIA.exe [x]
R4 Secunia Update Agent;Secunia Update Agent;c:\program files (x86)\Secunia\PSI\sua.exe;c:\program files (x86)\Secunia\PSI\sua.exe [x]
R4 ShellfireVPN2Service;ShellfireVPN2Service;c:\program files (x86)\ShellfireVPN\jre7\bin\java.exe;c:\program files (x86)\ShellfireVPN\jre7\bin\java.exe [x]
R4 SXDS10;soft Xpansion Dispatch Service;c:\program files (x86)\Common Files\soft Xpansion\sxds10.exe \Service;c:\program files (x86)\Common Files\soft Xpansion\sxds10.exe \Service [x]
R4 WTabletServiceCon;Wacom Consumer Service;c:\program files\Tablet\Pen\WTabletServiceCon.exe;c:\program files\Tablet\Pen\WTabletServiceCon.exe [x]
S0 iusb3hcs;Intel(R) USB 3.0 Hostcontroller-Switchtreiber;c:\windows\system32\DRIVERS\iusb3hcs.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hcs.sys [x]
S0 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\MBAMSwissArmy.sys;c:\windows\SYSNATIVE\drivers\MBAMSwissArmy.sys [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys;c:\windows\SYSNATIVE\Drivers\PxHlpa64.sys [x]
S0 vmci;VMware VMCI Bus Driver;c:\windows\system32\DRIVERS\vmci.sys;c:\windows\SYSNATIVE\DRIVERS\vmci.sys [x]
S0 vsock;vSockets Driver;c:\windows\system32\drivers\vsock.sys;c:\windows\SYSNATIVE\drivers\vsock.sys [x]
S1 AppleCharger;AppleCharger;c:\windows\system32\DRIVERS\AppleCharger.sys;c:\windows\SYSNATIVE\DRIVERS\AppleCharger.sys [x]
S1 cbfs4;cbfs4;c:\windows\system32\drivers\cbfs4.sys;c:\windows\SYSNATIVE\drivers\cbfs4.sys [x]
S1 JSWPSLWF;JumpStart Wireless Filter Driver;c:\windows\system32\DRIVERS\jswpslwfx.sys;c:\windows\SYSNATIVE\DRIVERS\jswpslwfx.sys [x]
S2 cjpcsc;cyberJack PC/SC COM Service ;c:\windows\SysWOW64\cjpcsc.exe;c:\windows\SysWOW64\cjpcsc.exe [x]
S2 DiagTrack;Diagnostics Tracking Service;c:\windows\System32\svchost.exe;c:\windows\SYSNATIVE\svchost.exe [x]
S2 EPSON_PM_RPCV4_05;EPSON V3 Service4(05);c:\program files\Common Files\EPSON\EPW!3 SSRP\E_WT50RP.EXE;c:\program files\Common Files\EPSON\EPW!3 SSRP\E_WT50RP.EXE [x]
S2 GfExperienceService;NVIDIA GeForce Experience Service;c:\program files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe;c:\program files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [x]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [x]
S2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface;c:\program files\Intel\iCLS Client\HeciServer.exe;c:\program files\Intel\iCLS Client\HeciServer.exe [x]
S2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [x]
S2 Motorola Device Manager;Motorola Device Manager Service;c:\program files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe;c:\program files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe [x]
S2 NvNetworkService;NVIDIA Network Service;c:\program files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe;c:\program files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [x]
S2 NvStreamSvc;NVIDIA Streamer Service;c:\program files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe;c:\program files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [x]
S2 PDF Architect 3 Creator;PDF Architect 3 Creator;c:\program files (x86)\PDF Architect 3\creator-ws.exe;c:\program files (x86)\PDF Architect 3\creator-ws.exe [x]
S2 PST Service;PST Service;c:\program files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe;c:\program files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe [x]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]
S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [x]
S2 VIAKaraokeService;VIA Karaoke digital mixer Service;c:\windows\system32\viakaraokesrv.exe;c:\windows\SYSNATIVE\viakaraokesrv.exe [x]
S2 VMUSBArbService;VMware USB Arbitration Service;c:\program files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe;c:\program files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe [x]
S3 BazisVirtualCDBus;WinCDEmu Virtual Bus Driver;c:\windows\system32\DRIVERS\BazisVirtualCDBus.sys;c:\windows\SYSNATIVE\DRIVERS\BazisVirtualCDBus.sys [x]
S3 iusb3hub;Intel(R) USB 3.0-Hubtreiber;c:\windows\system32\DRIVERS\iusb3hub.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hub.sys [x]
S3 iusb3xhc;Intel(R) USB 3.0 eXtensible-Hostcontrollertreiber;c:\windows\system32\DRIVERS\iusb3xhc.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3xhc.sys [x]
S3 KeyScrambler;KeyScrambler;c:\windows\system32\drivers\keyscrambler.sys;c:\windows\SYSNATIVE\drivers\keyscrambler.sys [x]
S3 L1C;NDIS Miniport Driver for Qualcomm Atheros AR81xx PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys;c:\windows\SYSNATIVE\DRIVERS\L1C62x64.sys [x]
S3 NvStreamKms;NvStreamKms;c:\program files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys;c:\program files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [x]
S3 NvStreamNetworkSvc;NVIDIA Streamer Network Service;c:\program files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe;c:\program files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe [x]
S3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);c:\windows\system32\drivers\nvvad64v.sys;c:\windows\SYSNATIVE\drivers\nvvad64v.sys [x]
S3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys;c:\windows\SYSNATIVE\drivers\viahduaa.sys [x]
S3 vpnpbus;EldoS PnP Virtual Bus driver;c:\windows\system32\DRIVERS\vpnpbus.sys;c:\windows\SYSNATIVE\DRIVERS\vpnpbus.sys [x]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*Deregistered* - CLKMDRV10_38F51D56
.
Inhalt des "geplante Tasks" Ordners
.
2015-12-09 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-02-12 14:15]
.
2015-12-09 c:\windows\Tasks\DropboxUpdateTaskUserS-1-5-21-3895678430-1897185528-4005713618-1000Core.job
- c:\users\Eltern\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2015-06-17 12:43]
.
2015-12-09 c:\windows\Tasks\DropboxUpdateTaskUserS-1-5-21-3895678430-1897185528-4005713618-1000UA.job
- c:\users\Eltern\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2015-06-17 12:43]
.
2015-12-09 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2014-10-16 18:38]
.
2015-12-09 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2014-10-16 18:38]
.
2015-11-18 c:\windows\Tasks\P nach D-Sicherungen.job
- c:\program files (x86)\Personal Backup 5\PbPlaner.exe [2015-05-04 16:34]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\EldosIconOverlay-cbfs4]
@="{40E5AF57-121C-4262-ADC3-E2203E2AACE5}"
[HKEY_CLASSES_ROOT\CLSID\{40E5AF57-121C-4262-ADC3-E2203E2AACE5}]
2013-11-15 12:44 183080 ----a-w- c:\windows\System32\cbfsMntNtf4.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\HardLinkMenu]
@="{0A479751-02BC-11d3-A855-0004AC2568AA}"
[HKEY_CLASSES_ROOT\CLSID\{0A479751-02BC-11d3-A855-0004AC2568AA}]
2013-12-29 13:08 692936 ----a-w- c:\program files\LinkShellExtension\HardlinkShellExt.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\IconOverlayHardLink]
@="{0A479751-02BC-11d3-A855-0004AC2568DD}"
[HKEY_CLASSES_ROOT\CLSID\{0A479751-02BC-11d3-A855-0004AC2568DD}]
2013-12-29 13:08 692936 ----a-w- c:\program files\LinkShellExtension\HardlinkShellExt.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\IconOverlaySymbolicLink]
@="{0A479751-02BC-11d3-A855-0004AC2568EE}"
[HKEY_CLASSES_ROOT\CLSID\{0A479751-02BC-11d3-A855-0004AC2568EE}]
2013-12-29 13:08 692936 ----a-w- c:\program files\LinkShellExtension\HardlinkShellExt.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-12-14 172144]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-12-14 399984]
"Persistence"="c:\windows\system32\igfxpers.exe" [2012-12-14 441968]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2015-04-29 1337000]
"NvBackend"="c:\program files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe" [2015-11-16 2757424]
"ShadowPlay"="c:\windows\system32\nvspcap64.dll" [2015-11-16 1828160]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\SharedTaskScheduler]
"{B964A848-358C-48ED-8028-25D6EB143E1F}"= "c:\windows\system32\cbfsMntNtf4.dll" [2013-11-15 183080]
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: Nach Microsoft E&xel exportieren - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.178.1
FF - ProfilePath - c:\users\Wartung\AppData\Roaming\Mozilla\Firefox\Profiles\9gkb4mqo.default\
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
BHO-{06E08260-0695-4EC1-A74B-1310D8899D93} - (no file)
ShellIconOverlayIdentifiers-{FB314ED9-A251-47B7-93E1-CDD82E34AF8B} - (no file)
ShellIconOverlayIdentifiers-{FB314EDA-A251-47B7-93E1-CDD82E34AF8B} - (no file)
ShellIconOverlayIdentifiers-{FB314EDB-A251-47B7-93E1-CDD82E34AF8B} - (no file)
c:\users\Eltern\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk - c:\users\Wartung\AppData\Roaming\Dropbox\bin\Dropbox.exe /systemstartup
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
ShellIconOverlayIdentifiers-{472083B0-C522-11CF-8763-00608CC02F24} - (no file)
ShellIconOverlayIdentifiers-{77BC4082-DB5F-439A-8DC8-F9E24A63B0DE} - (no file)
ShellIconOverlayIdentifiers-{528EE335-5034-4EFC-834E-63E5F02D2BC2} - (no file)
ShellIconOverlayIdentifiers-{6066ADF0-9EB0-43E5-ADB6-990F5A3B979C} - (no file)
ShellIconOverlayIdentifiers-{FB314ED9-A251-47B7-93E1-CDD82E34AF8B} - (no file)
ShellIconOverlayIdentifiers-{FB314EDA-A251-47B7-93E1-CDD82E34AF8B} - (no file)
ShellIconOverlayIdentifiers-{FB314EDB-A251-47B7-93E1-CDD82E34AF8B} - (no file)
ShellIconOverlayIdentifiers-{FB314EDC-A251-47B7-93E1-CDD82E34AF8B} - (no file)
SSODL-EldosMountNotificator-cbfs4 REG_SZ {B964A848-358C-48ED-8028-25D6EB143E1F}- - (no file)
AddRemove-PaintToolSAI - c:\users\Eltern\Desktop\Easy Paint Tool SAI\uninst.exe
AddRemove-Saddle Club - d:\programme\The Saddle Club\uninstall.exe
.
.
"ImagePath"="%SystemRoot%\system32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235}"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\conhost.exe pid: 12452 24: C:]
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\conhost.exe pid: 164 28: C:]
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\conhost.exe pid: 2700 28: C:]
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\conhost.exe pid: 5440 28: C:]
--
"ServiceDll"="%SystemRoot%\system32\cryptsvc.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\csrss.exe pid: 548 40: C:]
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\csrss.exe pid: 584 40: C:]
--
"ImagePath"="\SystemRoot\system32\drivers\drmkaud.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\dwm.exe pid: 2336 28: C:]
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\dwm.exe pid: 2396 28: C:]
--
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\exfat]
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\explorer.exe pid: 2404 3C: C:]
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\explorer.exe pid: 2440 3C: C:]
--
"ImagePath"="\SystemRoot\system32\DRIVERS\lsi_scsi.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\lsm.exe pid: 748 290: C:]
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\lsm.exe pid: 808 260: C:]
--
"ImagePath"="\SystemRoot\System32\drivers\mshidkmdf.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\msiexec.exe pid: 3316 40: C:]
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\msiexec.exe pid: 4116 40: C:]
--
"ImagePath"="system32\drivers\MSKSSRV.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\MsMpEng.exe pid: 468 3B8: C:]
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\MsMpEng.exe pid: 468 418: C:]
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\MsMpEng.exe pid: 592 3F4: C:]
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\MsMpEng.exe pid: 592 414: C:]
--
"ServiceDll"="%Systemroot%\System32\SDRSVC.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\SearchIndexer.exe pid: 4712 3C: C:]
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\SearchIndexer.exe pid: 5624 3C: C:]
--
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\ServiceModelService 3.0.0.0]
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\services.exe pid: 696 4C: C:]
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\services.exe pid: 792 4C: C:]
--
"ImagePath"="%SystemRoot%\System32\spoolsv.exe"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\spoolsv.exe pid: 1748 34: C:]
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\spoolsv.exe pid: 1812 34: C:]
--
"ImagePath"="%SystemRoot%\system32\sppsvc.exe"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\sppsvc.exe pid: 6340 3C: C:]
--
"ServiceDll"="%SystemRoot%\System32\wiaservc.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\svchost.exe pid: 1008 194: C:]
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\svchost.exe pid: 1068 38: C:]
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\svchost.exe pid: 1100 38: C:]
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\svchost.exe pid: 1104 38: C:]
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\svchost.exe pid: 1132 38: C:]
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\svchost.exe pid: 1140 38: C:]
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\svchost.exe pid: 1160 38: C:]
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\svchost.exe pid: 1180 38: C:]
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\svchost.exe pid: 1184 38: C:]
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\svchost.exe pid: 1280 38: C:]
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\svchost.exe pid: 1300 38: C:]
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\svchost.exe pid: 1364 38: C:]
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\svchost.exe pid: 1420 38: C:]
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\svchost.exe pid: 1880 38: C:]
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\svchost.exe pid: 1888 38: C:]
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\svchost.exe pid: 1916 38: C:]
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\svchost.exe pid: 1928 38: C:]
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\svchost.exe pid: 2460 30: C:]
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\svchost.exe pid: 2720 38: C:]
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\svchost.exe pid: 2996 98: C:]
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\svchost.exe pid: 3040 30: C:]
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\svchost.exe pid: 3324 34: C:]
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\svchost.exe pid: 448 194: C:]
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\svchost.exe pid: 4500 98: C:]
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\svchost.exe pid: 5528 100: C:]
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\svchost.exe pid: 5820 144: C:]
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\svchost.exe pid: 6128 100: C:]
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\svchost.exe pid: 7008 144: C:]
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\svchost.exe pid: 860 90: C:]
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\svchost.exe pid: 908 90: C:]
--
"ServiceDll"="%SystemRoot%\System32\tapisrv.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\taskeng.exe pid: 1728 34: C:]
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\taskeng.exe pid: 1788 34: C:]
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\taskhost.exe pid: 2188 34: C:]
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\taskhost.exe pid: 2256 34: C:]
--
"ImagePath"="%SystemRoot%\servicing\TrustedInstaller.exe"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\TrustedInstaller.exe pid: 9976 3C: C:]
--
"ImagePath"="%systemroot%\system32\wbem\WmiApSrv.exe"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\wmpnetwk.exe pid: 5188 40: C:]
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\wmpnetwk.exe pid: 5452 40: C:]
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_19_0_0_245_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_19_0_0_245_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_19_0_0_245_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_19_0_0_245_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_19_0_0_245.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.19"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_19_0_0_245.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_19_0_0_245.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_19_0_0_245.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2015-12-09 20:50:10
ComboFix-quarantined-files.txt 2015-12-09 19:50
.
Vor Suchlauf: 6.603.276.288 Bytes frei
Nach Suchlauf: 6.862.323.712 Bytes frei
.
- - End Of File - - 8CB275B156DE928B2C19A7BB3BCE1CBB
|
|
09.12.2015, 21:38
| #27 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Virus JS:ScriptPE-inf (Trj) laut avast, nur noch Mail geht Malwarebytes Anti-Rootkit (MBAR) Downloade dir bitte  Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.
Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers
__________________ Logfiles bitte immer in CODE-Tags posten |
|
09.12.2015, 22:07
| #28 |
| | Virus JS:ScriptPE-inf (Trj) laut avast, nur noch Mail geht mbar wie beschrieben gestartet, update, scan und: "keine Malware gefunden" Hier ist die Log: Code:
ATTFilter Malwarebytes Anti-Rootkit BETA 1.9.3.1001
www.malwarebytes.org
Database version:
main: v2015.12.09.05
rootkit: v2015.12.07.01
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 11.0.9600.18097
Wartung :: WOHNZIMMER [administrator]
09.12.2015 21:54:51
mbar-log-2015-12-09 (21-54-51).txt
Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled:
Objects scanned: 534535
Time elapsed: 9 minute(s),
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
Physical Sectors Detected: 0
(No malicious items detected)
(end)
|
|
09.12.2015, 22:07
| #29 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Virus JS:ScriptPE-inf (Trj) laut avast, nur noch Mail geht Adware/Junkware/Toolbars entfernen Alte Versionen von adwCleaner und falls vorhanden JRT vorher löschen, danach neu runterladen auf den Desktop! Virenscanner jetzt vor dem Einsatz dieser Tools bitte komplett deaktivieren! 1. Schritt: adwCleaner Downloade Dir bitte  AdwCleaner auf deinen Desktop.
2. Schritt: JRT - Junkware Removal Tool Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
3. Schritt: Frisches Log mit FRST Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop:  FRST 32-Bit | FRST 64-Bit(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
__________________ Logfiles bitte immer in CODE-Tags posten |
|
09.12.2015, 22:24
| #30 |
| | Virus JS:ScriptPE-inf (Trj) laut avast, nur noch Mail geht Zwischenstand adwCleaner: Hatte was in einem Firefox-Profil gefunden (siehe log), nach Neustart die Platte D: mit chkdsk untersucht (ein paar Fehler korrigiert) und beim erneuten Durchlauf nichts mehr gefunden (Einstellungen wie beschrieben). Die anderen beiden Tools kommen gleich... Code:
ATTFilter # AdwCleaner v4.113 - Bericht erstellt 28/03/2015 um 00:11:19
# Aktualisiert 22/03/2015 von Xplode
# Datenbank : 2015-03-27.1 [Server]
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (x64)
# Benutzername : Wartung - WOHNZIMMER
# Gestarted von : C:\Users\Wartung\Downloads\adwcleaner_4.113.exe
# Option : Löschen
***** [ Dienste ] *****
***** [ Dateien / Ordner ] *****
Ordner Gelöscht : C:\Users\Eltern\AppData\Roaming\Mozilla\Firefox\Profiles\dreaqjlw.default\Extensions\afproxy@anchorfree.com
***** [ Geplante Tasks ] *****
***** [ Verknüpfungen ] *****
***** [ Registrierungsdatenbank ] *****
***** [ Internetbrowser ] *****
-\\ Internet Explorer v11.0.9600.17689
-\\ Mozilla Firefox v36.0.4 (x86 de)
*************************
AdwCleaner[R0].txt - [1697 Bytes] - [04/12/2014 11:38:13]
AdwCleaner[R1].txt - [1215 Bytes] - [04/12/2014 11:43:00]
AdwCleaner[R2].txt - [1335 Bytes] - [04/12/2014 11:46:02]
AdwCleaner[R3].txt - [1455 Bytes] - [04/12/2014 11:53:07]
AdwCleaner[R4].txt - [1515 Bytes] - [04/12/2014 12:11:32]
AdwCleaner[R5].txt - [1575 Bytes] - [04/12/2014 15:02:20]
AdwCleaner[R6].txt - [1382 Bytes] - [04/12/2014 15:18:59]
AdwCleaner[R7].txt - [1442 Bytes] - [04/12/2014 22:47:15]
AdwCleaner[R8].txt - [1884 Bytes] - [30/01/2015 17:48:02]
AdwCleaner[R9].txt - [1751 Bytes] - [28/03/2015 00:09:32]
AdwCleaner[S0].txt - [1715 Bytes] - [04/12/2014 11:40:57]
AdwCleaner[S1].txt - [1285 Bytes] - [04/12/2014 11:44:33]
AdwCleaner[S2].txt - [1405 Bytes] - [04/12/2014 11:48:11]
AdwCleaner[S3].txt - [1636 Bytes] - [04/12/2014 15:03:55]
AdwCleaner[S4].txt - [1945 Bytes] - [30/01/2015 17:50:30]
AdwCleaner[S5].txt - [1675 Bytes] - [28/03/2015 00:11:19]
########## EOF - \AdwCleaner\AdwCleaner[S5].txt - [1734 Bytes] ##########
|
|
| Themen zu Virus JS:ScriptPE-inf (Trj) laut avast, nur noch Mail geht |
| auffällig, avast, compiler, durchführen, firefox.exe, ftp, inter, interne, internet, kinder, konnte, langsam, mail, maus, meldung, neu, nicht, recht, sauber, scans, virus, zugriff |
Linear-Darstellung
