|
Plagegeister aller Art und deren Bekämpfung: Adware ADWARE/AddLyrics.Gen... / Mind. sechs Viren gefundenWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
25.01.2016, 15:27 | #16 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Adware ADWARE/AddLyrics.Gen... / Mind. sechs Viren gefunden Poste mal bitte nur die Funde. Was unsichtbar ist, ist nicht so relevant...
__________________ Logfiles bitte immer in CODE-Tags posten |
25.01.2016, 15:29 | #17 |
| Adware ADWARE/AddLyrics.Gen... / Mind. sechs Viren gefunden Ok, also hier das Log ab der Stelle "über gestartete Prozesse":
__________________Avira 2. Suchlauf: Code:
ATTFilter Der Suchlauf über gestartete Prozesse wird begonnen: Durchsuche Prozess 'svchost.exe' - '60' Modul(e) wurden durchsucht Durchsuche Prozess 'svchost.exe' - '45' Modul(e) wurden durchsucht Durchsuche Prozess 'atiesrxx.exe' - '30' Modul(e) wurden durchsucht Durchsuche Prozess 'svchost.exe' - '99' Modul(e) wurden durchsucht Durchsuche Prozess 'svchost.exe' - '121' Modul(e) wurden durchsucht Durchsuche Prozess 'svchost.exe' - '85' Modul(e) wurden durchsucht Durchsuche Prozess 'svchost.exe' - '155' Modul(e) wurden durchsucht Durchsuche Prozess 'svchost.exe' - '76' Modul(e) wurden durchsucht Durchsuche Prozess 'WLANExt.exe' - '35' Modul(e) wurden durchsucht Durchsuche Prozess 'conhost.exe' - '14' Modul(e) wurden durchsucht Durchsuche Prozess 'atieclxx.exe' - '38' Modul(e) wurden durchsucht Durchsuche Prozess 'spoolsv.exe' - '105' Modul(e) wurden durchsucht Durchsuche Prozess 'taskeng.exe' - '28' Modul(e) wurden durchsucht Durchsuche Prozess 'sched.exe' - '85' Modul(e) wurden durchsucht Durchsuche Prozess 'svchost.exe' - '60' Modul(e) wurden durchsucht Durchsuche Prozess 'AdAwareService.exe' - '31' Modul(e) wurden durchsucht Durchsuche Prozess 'armsvc.exe' - '28' Modul(e) wurden durchsucht Durchsuche Prozess 'avguard.exe' - '106' Modul(e) wurden durchsucht Durchsuche Prozess 'AppleMobileDeviceService.exe' - '72' Modul(e) wurden durchsucht Durchsuche Prozess 'mDNSResponder.exe' - '35' Modul(e) wurden durchsucht Durchsuche Prozess 'svchost.exe' - '58' Modul(e) wurden durchsucht Durchsuche Prozess 'svchost.exe' - '62' Modul(e) wurden durchsucht Durchsuche Prozess 'svchost.exe' - '50' Modul(e) wurden durchsucht Durchsuche Prozess 'svchost.exe' - '21' Modul(e) wurden durchsucht Durchsuche Prozess 'setqos.exe' - '35' Modul(e) wurden durchsucht Durchsuche Prozess 'HelperService.exe' - '56' Modul(e) wurden durchsucht Durchsuche Prozess 'ConversionService.exe' - '38' Modul(e) wurden durchsucht Durchsuche Prozess 'svchost.exe' - '24' Modul(e) wurden durchsucht Durchsuche Prozess 'PnkBstrA.exe' - '32' Modul(e) wurden durchsucht Durchsuche Prozess 'SCVSSSvc.exe' - '29' Modul(e) wurden durchsucht Durchsuche Prozess 'SDFSSvc.exe' - '109' Modul(e) wurden durchsucht Durchsuche Prozess 'SDUpdSvc.exe' - '75' Modul(e) wurden durchsucht Durchsuche Prozess 'svchost.exe' - '47' Modul(e) wurden durchsucht Durchsuche Prozess 'SynoDrServicex64.exe' - '29' Modul(e) wurden durchsucht Durchsuche Prozess 'TeamViewer_Service.exe' - '95' Modul(e) wurden durchsucht Durchsuche Prozess 'TODDSrv.exe' - '23' Modul(e) wurden durchsucht Durchsuche Prozess 'TosCoSrv.exe' - '26' Modul(e) wurden durchsucht Durchsuche Prozess 'WLIDSVC.EXE' - '76' Modul(e) wurden durchsucht Durchsuche Prozess 'CodeMeter.exe' - '62' Modul(e) wurden durchsucht Durchsuche Prozess 'SDWSCSvc.exe' - '48' Modul(e) wurden durchsucht Durchsuche Prozess 'TecoService.exe' - '38' Modul(e) wurden durchsucht Durchsuche Prozess 'WLIDSvcM.exe' - '17' Modul(e) wurden durchsucht Durchsuche Prozess 'wmiprvse.exe' - '32' Modul(e) wurden durchsucht Durchsuche Prozess 'avshadow.exe' - '30' Modul(e) wurden durchsucht Durchsuche Prozess 'svchost.exe' - '52' Modul(e) wurden durchsucht Durchsuche Prozess 'svchost.exe' - '37' Modul(e) wurden durchsucht Durchsuche Prozess 'WUDFHost.exe' - '34' Modul(e) wurden durchsucht Durchsuche Prozess 'taskhost.exe' - '76' Modul(e) wurden durchsucht Durchsuche Prozess 'Dwm.exe' - '36' Modul(e) wurden durchsucht Durchsuche Prozess 'Explorer.EXE' - '242' Modul(e) wurden durchsucht Durchsuche Prozess 'TDLPowerCtrl.exe' - '63' Modul(e) wurden durchsucht Durchsuche Prozess 'RAVCpl64.exe' - '46' Modul(e) wurden durchsucht Durchsuche Prozess 'Apoint.exe' - '53' Modul(e) wurden durchsucht Durchsuche Prozess 'TPwrMain.exe' - '41' Modul(e) wurden durchsucht Durchsuche Prozess 'TCrdMain.exe' - '108' Modul(e) wurden durchsucht Durchsuche Prozess 'TosNcCore.exe' - '30' Modul(e) wurden durchsucht Durchsuche Prozess 'ApMsgFwd.exe' - '27' Modul(e) wurden durchsucht Durchsuche Prozess 'owncloud.exe' - '98' Modul(e) wurden durchsucht Durchsuche Prozess 'TosBtMng.exe' - '64' Modul(e) wurden durchsucht Durchsuche Prozess 'hpqtra08.exe' - '78' Modul(e) wurden durchsucht Durchsuche Prozess 'MFManager.exe' - '77' Modul(e) wurden durchsucht Durchsuche Prozess 'Dropbox.exe' - '182' Modul(e) wurden durchsucht Durchsuche Prozess 'ONENOTEM.EXE' - '26' Modul(e) wurden durchsucht Durchsuche Prozess 'TNROTATE.exe' - '27' Modul(e) wurden durchsucht Durchsuche Prozess 'TosSyncScheduler.exe' - '25' Modul(e) wurden durchsucht Durchsuche Prozess 'HidFind.exe' - '24' Modul(e) wurden durchsucht Durchsuche Prozess 'Apntex.exe' - '23' Modul(e) wurden durchsucht Durchsuche Prozess 'adawarebp.exe' - '68' Modul(e) wurden durchsucht Durchsuche Prozess 'conhost.exe' - '20' Modul(e) wurden durchsucht Durchsuche Prozess 'avgnt.exe' - '130' Modul(e) wurden durchsucht Durchsuche Prozess 'Control Center.exe' - '60' Modul(e) wurden durchsucht Durchsuche Prozess 'SDTray.exe' - '114' Modul(e) wurden durchsucht Durchsuche Prozess 'pdf24.exe' - '42' Modul(e) wurden durchsucht Durchsuche Prozess 'hpwuschd2.exe' - '24' Modul(e) wurden durchsucht Durchsuche Prozess 'TosBtSrv.exe' - '30' Modul(e) wurden durchsucht Durchsuche Prozess 'MOM.exe' - '82' Modul(e) wurden durchsucht Durchsuche Prozess 'TosA2dp.exe' - '57' Modul(e) wurden durchsucht Durchsuche Prozess 'TosBtHid.exe' - '40' Modul(e) wurden durchsucht Durchsuche Prozess 'CCC.exe' - '240' Modul(e) wurden durchsucht Durchsuche Prozess 'TosBtAvAC.exe' - '43' Modul(e) wurden durchsucht Durchsuche Prozess 'TosBtHsp.exe' - '47' Modul(e) wurden durchsucht Durchsuche Prozess 'SearchIndexer.exe' - '57' Modul(e) wurden durchsucht Durchsuche Prozess 'wmpnetwk.exe' - '120' Modul(e) wurden durchsucht Durchsuche Prozess 'hpqSTE08.exe' - '62' Modul(e) wurden durchsucht Durchsuche Prozess 'hpqbam08.exe' - '39' Modul(e) wurden durchsucht Durchsuche Prozess 'CCleaner64.exe' - '65' Modul(e) wurden durchsucht Durchsuche Prozess 'svchost.exe' - '59' Modul(e) wurden durchsucht Durchsuche Prozess 'GWX.exe' - '37' Modul(e) wurden durchsucht Durchsuche Prozess 'taskeng.exe' - '31' Modul(e) wurden durchsucht Durchsuche Prozess 'NDSTray.exe' - '99' Modul(e) wurden durchsucht Durchsuche Prozess 'DllHost.exe' - '45' Modul(e) wurden durchsucht Durchsuche Prozess 'CFSwMgr.exe' - '68' Modul(e) wurden durchsucht Durchsuche Prozess 'CFIWmxSvcs64.exe' - '17' Modul(e) wurden durchsucht Durchsuche Prozess 'CFSvcs.exe' - '61' Modul(e) wurden durchsucht Durchsuche Prozess 'LMS.exe' - '33' Modul(e) wurden durchsucht Durchsuche Prozess 'NASvc.exe' - '46' Modul(e) wurden durchsucht Durchsuche Prozess 'SBAMSvc.exe' - '109' Modul(e) wurden durchsucht Durchsuche Prozess 'UNS.exe' - '45' Modul(e) wurden durchsucht Durchsuche Prozess 'TosSmartSrv.exe' - '40' Modul(e) wurden durchsucht Durchsuche Prozess 'TosSENotify.exe' - '42' Modul(e) wurden durchsucht Durchsuche Prozess 'svchost.exe' - '45' Modul(e) wurden durchsucht Durchsuche Prozess 'avcenter.exe' - '157' Modul(e) wurden durchsucht Durchsuche Prozess 'firefox.exe' - '159' Modul(e) wurden durchsucht Durchsuche Prozess 'plugin-container.exe' - '85' Modul(e) wurden durchsucht Durchsuche Prozess 'FlashPlayerPlugin_20_0_0_286.exe' - '75' Modul(e) wurden durchsucht Durchsuche Prozess 'FlashPlayerPlugin_20_0_0_286.exe' - '84' Modul(e) wurden durchsucht Durchsuche Prozess 'lightroom.exe' - '156' Modul(e) wurden durchsucht Durchsuche Prozess 'WISPTIS.EXE' - '42' Modul(e) wurden durchsucht Durchsuche Prozess 'thunderbird.exe' - '148' Modul(e) wurden durchsucht Durchsuche Prozess 'foobar2000.exe' - '67' Modul(e) wurden durchsucht Durchsuche Prozess 'NOTEPAD.EXE' - '26' Modul(e) wurden durchsucht Durchsuche Prozess 'NOTEPAD.EXE' - '26' Modul(e) wurden durchsucht Durchsuche Prozess 'NOTEPAD.EXE' - '26' Modul(e) wurden durchsucht Durchsuche Prozess 'svchost.exe' - '34' Modul(e) wurden durchsucht Durchsuche Prozess 'NOTEPAD.EXE' - '31' Modul(e) wurden durchsucht Durchsuche Prozess 'avscan.exe' - '88' Modul(e) wurden durchsucht Durchsuche Prozess 'avscan.exe' - '125' Modul(e) wurden durchsucht Durchsuche Prozess 'vssvc.exe' - '47' Modul(e) wurden durchsucht Durchsuche Prozess 'smss.exe' - '2' Modul(e) wurden durchsucht Durchsuche Prozess 'csrss.exe' - '18' Modul(e) wurden durchsucht Durchsuche Prozess 'wininit.exe' - '26' Modul(e) wurden durchsucht Durchsuche Prozess 'csrss.exe' - '18' Modul(e) wurden durchsucht Durchsuche Prozess 'services.exe' - '33' Modul(e) wurden durchsucht Durchsuche Prozess 'lsass.exe' - '68' Modul(e) wurden durchsucht Durchsuche Prozess 'lsm.exe' - '16' Modul(e) wurden durchsucht Durchsuche Prozess 'winlogon.exe' - '36' Modul(e) wurden durchsucht Der Suchlauf auf Verweise zu ausführbaren Dateien (Registry) wird begonnen: Die Registry wurde durchsucht ( '15299' Dateien ). Der Suchlauf über die ausgewählten Dateien wird begonnen: Beginne mit der Suche in 'C:\' <System> Beginne mit der Suche in 'K:\' <Bunker> [0] Archivtyp: RSRC --> C:\Program Files (x86)\GetData\Recover My Files v5\RecoverMyFiles.exe [1] Archivtyp: RSRC --> C:\Program Files\Beyond Compare 4\BCompare.exe [2] Archivtyp: RSRC --> C:\Program Files\Beyond Compare 4\BCompare.exe [3] Archivtyp: RSRC --> C:\Program Files (x86)\GetData\Recover My Files v5\RecoverMyFiles.exe [4] Archivtyp: RSRC --> C:\Program Files (x86)\PC Connectivity Solution\WUDFUpdate_01009.dll [5] Archivtyp: RSRC --> C:\Windows\System32\WUDFUpdate_01009.dll [6] Archivtyp: RSRC --> C:\Windows\System32\DriverStore\FileRepository\pccswpddriver.inf_amd64_neutral_6a1c3221782e911c\WUDFUpdate_01009.dll [7] Archivtyp: RSRC --> K:\$RECYCLE.BIN\S-1-5-21-50433080-710429258-2441499552-1000\$RIVOL9P\Backup Set 2016-01-17 190003\Backup Files 2016-01-17 190003\Backup files 1.zip [8] Archivtyp: ZIP --> C/AdwCleaner/Quarantine/C/Program Files (x86)/LyricsSeeker/131.crx.vir [9] Archivtyp: CRX --> cs.js [FUND] Enthält Erkennungsmuster der Adware ADWARE/AddLyrics.Gen [WARNUNG] Infizierte Dateien in Archiven können nicht repariert werden K:\$RECYCLE.BIN\S-1-5-21-50433080-710429258-2441499552-1000\$RIVOL9P\Backup Set 2016-01-17 190003\Backup Files 2016-01-17 190003\Backup files 1.zip [FUND] Enthält Erkennungsmuster der Adware ADWARE/AddLyrics.Gen Beginne mit der Desinfektion: K:\$RECYCLE.BIN\S-1-5-21-50433080-710429258-2441499552-1000\$RIVOL9P\Backup Set 2016-01-17 190003\Backup Files 2016-01-17 190003\Backup files 1.zip [FUND] Enthält Erkennungsmuster der Adware ADWARE/AddLyrics.Gen [HINWEIS] Die Datei wurde gelöscht. Ende des Suchlaufs: Donnerstag, 21. Januar 2016 09:45 Benötigte Zeit: 6:35:30 Stunde(n) Der Suchlauf wurde vollständig durchgeführt. 124915 Verzeichnisse wurden überprüft 2528562 Dateien wurden geprüft 2 Viren bzw. unerwünschte Programme wurden gefunden 0 Dateien wurden als verdächtig eingestuft 1 Dateien wurden gelöscht 0 Viren bzw. unerwünschte Programme wurden repariert 0 Dateien wurden in die Quarantäne verschoben 0 Dateien wurden umbenannt 0 Dateien konnten nicht durchsucht werden 2528560 Dateien ohne Befall 31272 Archive wurden durchsucht 1 Warnungen 5895 Hinweise 1841734 Objekte wurden beim Rootkitscan durchsucht 5894 Versteckte Objekte wurden gefunden Code:
ATTFilter Malwarebytes Anti-Malware www.malwarebytes.org Suchlaufdatum: 20.01.2016 Suchlaufzeit: 12:38 Protokolldatei: malwarebytes.txt Administrator: Ja Version: 2.2.0.1024 Malware-Datenbank: v2016.01.20.03 Rootkit-Datenbank: v2016.01.09.01 Lizenz: Kostenlose Version Malware-Schutz: Deaktiviert Schutz vor bösartigen Websites: Deaktiviert Selbstschutz: Deaktiviert Betriebssystem: Windows 7 Service Pack 1 CPU: x64 Dateisystem: NTFS Benutzer: benjamka Suchlauftyp: Bedrohungssuchlauf Ergebnis: Abgeschlossen Durchsuchte Objekte: 523536 Abgelaufene Zeit: 18 Min., 38 Sek. Speicher: Aktiviert Start: Aktiviert Dateisystem: Aktiviert Archive: Aktiviert Rootkits: Deaktiviert Heuristik: Aktiviert PUP: Warnen PUM: Aktiviert Prozesse: 0 (keine bösartigen Elemente erkannt) Module: 0 (keine bösartigen Elemente erkannt) Registrierungsschlüssel: 1 PUP.Optional.Conduit, HKU\S-1-5-21-50433080-710429258-2441499552-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0633EE93-D776-472F-A0FF-E1416B8B2E3A}, In Quarantäne, [fce7a09be8b10e2853bba80fd62d36ca], Registrierungswerte: 2 PUP.Optional.Conduit, HKU\S-1-5-21-50433080-710429258-2441499552-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}|URL, hxxp://www.bing.com/search?pc=COSP&ptag=D011916-AD42D1DB7E9&form=CONBDF&conlogo=CT3334497&q={searchTerms}, In Quarantäne, [fce7a09be8b10e2853bba80fd62d36ca] PUP.Optional.Conduit, HKU\S-1-5-21-50433080-710429258-2441499552-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}|TopResultURL, hxxp://www.bing.com/search?pc=COSP&ptag=D011916-AD42D1DB7E9&form=CONBDF&conlogo=CT3334497&q={searchTerms}, In Quarantäne, [31b2c972d3c633037b93feb9a360669a] Registrierungsdaten: 1 PUP.Optional.Conduit, HKU\S-1-5-21-50433080-710429258-2441499552-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Start Page, hxxp://www.bing.com/?pc=COSP&ptag=D011916-AD42D1DB7E9&form=CONMHP&conlogo=CT3334497, Gut: (www.google.com), Schlecht: (hxxp://www.bing.com/?pc=COSP&ptag=D011916-AD42D1DB7E9&form=CONMHP&conlogo=CT3334497),Ersetzt,[984b0e2dc6d39d9932a1b2077b8950b0] Ordner: 0 (keine bösartigen Elemente erkannt) Dateien: 2 PUP.Optional.Conduit, C:\Prefs.js, In Quarantäne, [01e21c1f0e8bf046144886600202748c], PUP.Optional.Conduit, C:\Users\benjamka\AppData\Roaming\Mozilla\Firefox\Profiles\2sdewnmb.Bene\prefs.js, Gut: (), Schlecht: (user_pref("browser.newtab.url", "hxxp://www.bing.com/?pc=COSP&ptag=D011916-AD42D1DB7E9&form=CONMHP&conlogo=CT3334497");), Ersetzt,[34afc7741188fd39b1a42db3758fc13f] Physische Sektoren: 0 (keine bösartigen Elemente erkannt) (end) |
25.01.2016, 15:31 | #18 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Adware ADWARE/AddLyrics.Gen... / Mind. sechs Viren gefunden ok...die FRST Logs brauch ich noch
__________________
__________________ |
25.01.2016, 15:32 | #19 |
| Adware ADWARE/AddLyrics.Gen... / Mind. sechs Viren gefunden Und hier die FRST: Code:
ATTFilter Untersuchungsergebnis von Farbar Recovery Scan Tool (FRST) (x64) Version:18-01-2016 durchgeführt von benjamka (Administrator) auf BBKLAPTOP (25-01-2016 13:48:53) Gestartet von C:\Users\benjamka\Downloads Geladene Profile: benjamka (Verfügbare Profile: benjamka & BBK 64 & Hombre & Gast) Platform: Windows 7 Home Premium Service Pack 1 (X64) Sprache: Deutsch (Deutschland) Internet Explorer Version 11 (Standard-Browser: FF) Start-Modus: Normal Anleitung für Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Prozesse (Nicht auf der Ausnahmeliste) ================= (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Prozess geschlossen. Die Datei wird nicht verschoben.) (AMD) C:\Windows\System32\atiesrxx.exe (Microsoft Corporation) C:\Windows\System32\wlanext.exe (AMD) C:\Windows\System32\atieclxx.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Lavasoft Limited) C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareService.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe (Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe () C:\Program Files (x86)\NETGEAR\USB Media Extender\SetQos.exe (pdfforge GbR) C:\Program Files (x86)\PDF Architect\HelperService.exe (pdfforge GbR) C:\Program Files (x86)\PDF Architect\ConversionService.exe () C:\Windows\SysWOW64\PnkBstrA.exe () C:\Program Files (x86)\Second Copy 8\SCVSSSvc.exe (Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe (Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe () C:\Program Files (x86)\Synology Data Replicator 3\SynoDrServicex64.exe (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe (TOSHIBA Corporation) C:\Windows\System32\TODDSrv.exe (TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (WIBU-SYSTEMS AG) C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe (Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe (TOSHIBA Corporation) C:\Program Files\TOSHIBA\TECO\TecoService.exe (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe (Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe (TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA Intelligent Display Management\TDLPowerCtrl.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\Apoint.exe (TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe (TOSHIBA Corporation) C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe (TOSHIBA Corporation) C:\Program Files\TOSHIBA\BulletinBoard\TosNcCore.exe () C:\Program Files (x86)\ownCloud\owncloud.exe (Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\ApMsgFwd.exe (TOSHIBA CORPORATION.) C:\Program Files (x86)\TOSHIBA\Bluetooth Toshiba Stack\TosBtMng.exe (Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe () C:\Program Files (x86)\Canon\ImageBrowser EX\MFManager.exe (Dropbox, Inc.) C:\Users\benjamka\AppData\Roaming\Dropbox\bin\Dropbox.exe (Microsoft Corporation) C:\Program Files (x86)\Microsoft Office 2007\Office12\ONENOTEM.EXE (Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\hidfind.exe (Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\ApntEx.exe (TOSHIBA Corporation) C:\Program Files (x86)\TOSHIBA\TNROTATE\TNROTATE.exe (TOSHIBA Corporation) C:\Program Files (x86)\TOSHIBA\Sync Utility\TosSyncScheduler.exe (Lavasoft) C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe () C:\Program Files (x86)\NETGEAR\USB Media Extender\Control Center.exe (Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe (Geek Software GmbH) C:\Program Files (x86)\PDF24\pdf24.exe (Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe (TOSHIBA CORPORATION) C:\Program Files (x86)\TOSHIBA\Bluetooth Toshiba Stack\TosBtSrv.exe (Advanced Micro Devices Inc.) C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\MOM.exe (TOSHIBA CORPORATION.) C:\Program Files (x86)\TOSHIBA\Bluetooth Toshiba Stack\TosA2dp.exe (Advanced Micro Devices Inc.) C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\CCC.exe (TOSHIBA CORPORATION.) C:\Program Files (x86)\TOSHIBA\Bluetooth Toshiba Stack\TosBtHid.exe (TOSHIBA CORPORATION.) C:\Program Files (x86)\TOSHIBA\Bluetooth Toshiba Stack\TosBtAvAC.exe (TOSHIBA CORPORATION.) C:\Program Files (x86)\TOSHIBA\Bluetooth Toshiba Stack\TosBtHSP.exe (TOSHIBA CORPORATION) C:\Program Files (x86)\TOSHIBA\ConfigFree\NDSTray.exe (Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqste08.exe (Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe (Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe (TOSHIBA CORPORATION) C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSwMgr.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (TOSHIBA CORPORATION) C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe (TOSHIBA CORPORATION) C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe (GFI Software) C:\Program Files (x86)\Ad-Aware Antivirus\SBAMSvc.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe (TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe ==================== Registry (Nicht auf der Ausnahmeliste) =========================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt. Die Datei wird nicht verschoben.) HKLM\...\Run: [] => [X] HKLM\...\Run: [TDLPowerCtrl] => C:\Program Files\TOSHIBA\TOSHIBA Intelligent Display Management\TDLPowerCtrl.exe [498120 2011-01-24] (TOSHIBA Corporation) HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11775592 2011-01-19] (Realtek Semiconductor) HKLM\...\Run: [Apoint] => C:\Program Files\Apoint2K\Apoint.exe [328048 2011-01-21] (Alps Electric Co., Ltd.) HKLM\...\Run: [TPwrMain] => C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXE [566696 2011-03-02] (TOSHIBA Corporation) HKLM\...\Run: [HSON] => C:\Program Files\TOSHIBA\TBS\HSON.exe [296824 2010-09-25] (TOSHIBA Corporation) HKLM\...\Run: [TCrdMain] => C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe [967544 2011-03-09] (TOSHIBA Corporation) HKLM\...\Run: [TosSENotify] => C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe [710040 2010-12-08] (TOSHIBA Corporation) HKLM\...\Run: [TosVolRegulator] => C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe [24376 2009-11-11] (TOSHIBA Corporation) HKLM\...\Run: [TosNC] => C:\Program Files\Toshiba\BulletinBoard\TosNcCore.exe [597928 2011-03-03] (TOSHIBA Corporation) HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [472984 2013-06-03] (Adobe Systems Incorporated) HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe [40336 2015-09-24] (Adobe Systems Incorporated) HKLM-x32\...\Run: [TWebCamera] => C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe [2475384 2011-01-17] (TOSHIBA CORPORATION.) HKLM-x32\...\Run: [TNRotate] => C:\Program Files (x86)\TOSHIBA\TNRotate\TNRotate.exe [607688 2010-11-25] (TOSHIBA Corporation) HKLM-x32\...\Run: [TSleepSrv] => C:\Program Files (x86)\TOSHIBA\TOSHIBA Sleep Utility\TSleepSrv.exe [252792 2010-06-05] (TOSHIBA) HKLM-x32\...\Run: [TSUScheduler] => C:\Program Files (x86)\TOSHIBA\Sync Utility\TosSyncScheduler.exe [923000 2010-05-11] (TOSHIBA Corporation) HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office 2007\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation) HKLM-x32\...\Run: [Ad-Aware Browsing Protection] => C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe [542104 2012-12-12] (Lavasoft) HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2012-04-18] (Apple Inc.) HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [803200 2015-12-01] (Avira Operations GmbH & Co. KG) HKLM-x32\...\Run: [Netgear UDS Control Center] => C:\Program Files (x86)\NETGEAR\USB Media Extender\Control Center.exe [22641664 2012-06-25] () HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.) HKLM-x32\...\Run: [PDFPrint] => C:\Program Files (x86)\PDF24\pdf24.exe [217632 2015-07-21] (Geek Software GmbH) HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard) HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\amd64\CLIStart.exe [767176 2015-08-04] (Advanced Micro Devices, Inc.) Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X] HKU\S-1-5-19\...\Run: [TOPI.EXE] => C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe [845176 2011-02-18] (TOSHIBA) HKU\S-1-5-20\...\Run: [TOPI.EXE] => C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe [845176 2011-02-18] (TOSHIBA) HKU\S-1-5-21-50433080-710429258-2441499552-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [7394584 2014-12-12] (Piriform Ltd) HKU\S-1-5-21-50433080-710429258-2441499552-1000\...\Run: [Dropbox Update] => C:\Users\benjamka\AppData\Local\Dropbox\Update\DropboxUpdate.exe [134512 2015-06-16] (Dropbox, Inc.) HKU\S-1-5-21-50433080-710429258-2441499552-1000\...\Run: [SpybotPostWindows10UpgradeReInstall] => C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe [1011200 2015-07-28] (Safer-Networking Ltd.) HKU\S-1-5-21-50433080-710429258-2441499552-1000\...\Run: [ownCloud] => C:\Program Files (x86)\ownCloud\owncloud.exe [1890830 2015-12-03] () HKU\S-1-5-18\...\Run: [TOPI.EXE] => C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe [845176 2011-02-18] (TOSHIBA) ShellIconOverlayIdentifiers: [ OCError] -> {0960F090-F328-48A3-B746-276B1E3C3722} => C:\Program Files (x86)\ownCloud\shellext\OCOverlays_x64.dll [2015-06-19] (ownCloud Inc.) ShellIconOverlayIdentifiers: [ OCErrorShared] -> {0960F091-F328-48A3-B746-276B1E3C3722} => C:\Program Files (x86)\ownCloud\shellext\OCOverlays_x64.dll [2015-06-19] (ownCloud Inc.) ShellIconOverlayIdentifiers: [ OCOK] -> {0960F092-F328-48A3-B746-276B1E3C3722} => C:\Program Files (x86)\ownCloud\shellext\OCOverlays_x64.dll [2015-06-19] (ownCloud Inc.) ShellIconOverlayIdentifiers: [ OCOKShared] -> {0960F093-F328-48A3-B746-276B1E3C3722} => C:\Program Files (x86)\ownCloud\shellext\OCOverlays_x64.dll [2015-06-19] (ownCloud Inc.) ShellIconOverlayIdentifiers: [ OCSync] -> {0960F094-F328-48A3-B746-276B1E3C3722} => C:\Program Files (x86)\ownCloud\shellext\OCOverlays_x64.dll [2015-06-19] (ownCloud Inc.) ShellIconOverlayIdentifiers: [ OCSyncShared] -> {0960F095-F328-48A3-B746-276B1E3C3722} => C:\Program Files (x86)\ownCloud\shellext\OCOverlays_x64.dll [2015-06-19] (ownCloud Inc.) ShellIconOverlayIdentifiers: [ OCWarning] -> {0960F096-F328-48A3-B746-276B1E3C3722} => C:\Program Files (x86)\ownCloud\shellext\OCOverlays_x64.dll [2015-06-19] (ownCloud Inc.) ShellIconOverlayIdentifiers: [ OCWarningShared] -> {0960F097-F328-48A3-B746-276B1E3C3722} => C:\Program Files (x86)\ownCloud\shellext\OCOverlays_x64.dll [2015-06-19] (ownCloud Inc.) ShellIconOverlayIdentifiers: [01UnsuppModule] -> {AEB16659-2125-4ADA-A4AB-45EE21E86469} => C:\Users\benjamka\AppData\Local\CloudStation\app\icon-overlay\10\x64\iconOverlay.dll [2015-01-07] (TODO: <Company name>) ShellIconOverlayIdentifiers: [02SyncingModule] -> {48AB5ADA-36B1-4137-99C9-2BD97F8788AB} => C:\Users\benjamka\AppData\Local\CloudStation\app\icon-overlay\10\x64\iconOverlay.dll [2015-01-07] (TODO: <Company name>) ShellIconOverlayIdentifiers: [03SyncedModule] -> {472CE1AD-5D53-4BCF-A1FB-3982A5F55138} => C:\Users\benjamka\AppData\Local\CloudStation\app\icon-overlay\10\x64\iconOverlay.dll [2015-01-07] (TODO: <Company name>) ShellIconOverlayIdentifiers: [04ReadOnlyModule] -> {A433C3E0-8B24-40EB-93C3-4B10D9959F58} => C:\Users\benjamka\AppData\Local\CloudStation\app\icon-overlay\10\x64\iconOverlay.dll [2015-01-07] (TODO: <Company name>) ShellIconOverlayIdentifiers: [05NoPermModule] -> {C701AD67-3DF0-47C9-89CB-DFA6207BE229} => C:\Users\benjamka\AppData\Local\CloudStation\app\icon-overlay\10\x64\iconOverlay.dll [2015-01-07] (TODO: <Company name>) ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\benjamka\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll [2015-12-08] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\benjamka\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll [2015-12-08] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\benjamka\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll [2015-12-08] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\benjamka\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll [2015-12-08] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\benjamka\AppData\Roaming\Dropbox\bin\DropboxExt.28.dll [2015-12-08] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\benjamka\AppData\Roaming\Dropbox\bin\DropboxExt.28.dll [2015-12-08] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\benjamka\AppData\Roaming\Dropbox\bin\DropboxExt.28.dll [2015-12-08] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [Groove Explorer Icon Overlay 1 (GFS Unread Stub)] -> {99FD978C-D287-4F50-827F-B2C658EDA8E7} => C:\Program Files (x86)\Microsoft Office 2007\Office12\GrooveShellExtensions.dll [2009-02-26] (Microsoft Corporation) ShellIconOverlayIdentifiers-x32: [Groove Explorer Icon Overlay 2 (GFS Stub)] -> {AB5C5600-7E6E-4B06-9197-9ECEF74D31CC} => C:\Program Files (x86)\Microsoft Office 2007\Office12\GrooveShellExtensions.dll [2009-02-26] (Microsoft Corporation) ShellIconOverlayIdentifiers-x32: [Groove Explorer Icon Overlay 2.5 (GFS Unread Folder)] -> {920E6DB1-9907-4370-B3A0-BAFC03D81399} => C:\Program Files (x86)\Microsoft Office 2007\Office12\GrooveShellExtensions.dll [2009-02-26] (Microsoft Corporation) ShellIconOverlayIdentifiers-x32: [Groove Explorer Icon Overlay 3 (GFS Folder)] -> {16F3DD56-1AF5-4347-846D-7C10C4192619} => C:\Program Files (x86)\Microsoft Office 2007\Office12\GrooveShellExtensions.dll [2009-02-26] (Microsoft Corporation) ShellIconOverlayIdentifiers-x32: [Groove Explorer Icon Overlay 4 (GFS Unread Mark)] -> {2916C86E-86A6-43FE-8112-43ABE6BF8DCC} => C:\Program Files (x86)\Microsoft Office 2007\Office12\GrooveShellExtensions.dll [2009-02-26] (Microsoft Corporation) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk [2012-02-02] ShortcutTarget: Adobe Gamma Loader.lnk -> C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth Manager.lnk [2015-11-06] ShortcutTarget: Bluetooth Manager.lnk -> C:\Program Files (x86)\TOSHIBA\Bluetooth Toshiba Stack\TosBtMng.exe (TOSHIBA CORPORATION.) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk [2015-08-09] ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\ImageBrowser EX Agent.lnk [2013-12-29] ShortcutTarget: ImageBrowser EX Agent.lnk -> C:\Program Files (x86)\Canon\ImageBrowser EX\MFManager.exe () Startup: C:\Users\BBK 64\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk [2011-08-13] ShortcutTarget: TRDCReminder.lnk -> C:\Program Files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe) Startup: C:\Users\benjamka\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2015-12-11] ShortcutTarget: Dropbox.lnk -> C:\Users\benjamka\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) Startup: C:\Users\benjamka\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk [2012-02-19] ShortcutTarget: OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk -> C:\Program Files (x86)\Microsoft Office 2007\Office12\ONENOTEM.EXE (Microsoft Corporation) Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk [2011-08-13] ShortcutTarget: TRDCReminder.lnk -> C:\Program Files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe) Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk [2011-08-13] ShortcutTarget: TRDCReminder.lnk -> C:\Program Files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe) Startup: C:\Users\Gast\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk [2011-08-13] ShortcutTarget: TRDCReminder.lnk -> C:\Program Files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe) Startup: C:\Users\Hombre\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk [2011-08-13] ShortcutTarget: TRDCReminder.lnk -> C:\Program Files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe) BootExecute: autocheck autochk * sdnclean64.exe ==================== Internet (Nicht auf der Ausnahmeliste) ==================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Eintrag entfernt oder auf den Standardwert zurückgesetzt, wenn es sich um einen Registryeintrag handelt.) Tcpip\Parameters: [DhcpNameServer] 192.168.178.1 Tcpip\..\Interfaces\{6F3EF3E1-6473-4698-9280-C471DE069571}: [DhcpNameServer] 192.168.178.1 Tcpip\..\Interfaces\{EF8C008F-760B-40DB-AA0D-C662DC07F9EF}: [DhcpNameServer] 192.168.178.1 Internet Explorer: ================== HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Beschränkung <======= ACHTUNG HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://search.avira.net/#web/result?source=art&q= HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxps://search.avira.net/#web/result?source=art&q= HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxps://search.avira.net/#web/result?source=art&q= HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxps://search.avira.net/#web/result?source=art&q= HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxps://search.avira.net/#web/result?source=art&q= HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxps://search.avira.net/#web/result?source=art&q= HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxps://search.avira.net/#web/result?source=art&q= HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxps://search.avira.net/#web/result?source=art&q= HKU\S-1-5-21-50433080-710429258-2441499552-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://search.avira.net/#web/result?source=art&q= HKU\S-1-5-21-50433080-710429258-2441499552-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxps://search.avira.net/#web/result?source=art&q= HKU\S-1-5-21-50433080-710429258-2441499552-1000\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://toshiba.eu/places?touch=4&cat=1 HKU\S-1-5-21-50433080-710429258-2441499552-1000\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxps://search.avira.net/#web/result?source=art&q= SearchScopes: HKLM -> DefaultScope {61A6F76C-F0EE-4F58-A7A4-EA3E809AAAE4} URL = hxxp://www.bing.com/search?q={searchTerms}&form=TSHMDF&pc=MATM&src=IE-SearchBox SearchScopes: HKLM -> {61A6F76C-F0EE-4F58-A7A4-EA3E809AAAE4} URL = hxxp://www.bing.com/search?q={searchTerms}&form=TSHMDF&pc=MATM&src=IE-SearchBox SearchScopes: HKLM-x32 -> DefaultScope Wert fehlt SearchScopes: HKLM-x32 -> {61A6F76C-F0EE-4F58-A7A4-EA3E809AAAE4} URL = hxxp://www.bing.com/search?q={searchTerms}&form=TSHMDF&pc=MATM&src=IE-SearchBox SearchScopes: HKU\S-1-5-21-50433080-710429258-2441499552-1000 -> DefaultScope {61A6F76C-F0EE-4F58-A7A4-EA3E809AAAE4} URL = SearchScopes: HKU\S-1-5-21-50433080-710429258-2441499552-1000 -> {29AA9FFF-B981-40A6-8F74-F02CAD29809D} URL = hxxp://rover.ebay.com/rover/1/707-44556-9400-9/4?satitle={searchTerms} SearchScopes: HKU\S-1-5-21-50433080-710429258-2441499552-1000 -> {61A6F76C-F0EE-4F58-A7A4-EA3E809AAAE4} URL = SearchScopes: HKU\S-1-5-21-50433080-710429258-2441499552-1000 -> {895F93D1-22C5-4CCF-8735-43F9FF5FBF91} URL = hxxp://www.amazon.de/gp/search?ie=UTF8&keywords={searchTerms}&tag=tochibade-win7-ie-search-21&index=blended&linkCode=ur2 BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_31\bin\ssv.dll [2015-01-28] (Oracle Corporation) BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.) BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_31\bin\jp2ssv.dll [2015-01-28] (Oracle Corporation) BHO-x32: HP Print Enhancer -> {0347C33E-8762-4905-BF09-768834316C61} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll [2009-05-21] (Hewlett-Packard Co.) BHO-x32: PDF Architect Helper -> {3A2D5EBA-F86D-4BD3-A177-019765996711} -> C:\Program Files (x86)\PDF Architect\PDFIEHelper.dll [2012-11-22] (pdfforge GbR) BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office 2007\Office12\GrooveShellExtensions.dll [2009-02-26] (Microsoft Corporation) BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.) BHO-x32: TOSHIBA Media Controller Plug-in -> {F3C88694-EFFA-4d78-B409-54B7B2535B14} -> C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll [2010-12-05] (<TOSHIBA>) BHO-x32: HP Smart BHO Class -> {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll [2009-05-21] (Hewlett-Packard Co.) DPF: HKLM-x32 {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} Handler-x32: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office 2007\Office12\GrooveSystemServices.dll [2009-02-26] (Microsoft Corporation) Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2012-01-17] (Skype Technologies S.A.) Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2014-05-02] (Skype Technologies) FireFox: ======== FF ProfilePath: C:\Users\benjamka\AppData\Roaming\Mozilla\Firefox\Profiles\2sdewnmb.Bene FF NewTab: hxxp://www.bing.com/?pc=COSP&ptag=D011916-AD42D1DB7E9&form=CONMHP&conlogo=CT3334497 FF SelectedSearchEngine: Bing® FF Homepage: www.google.de FF Session Restore: -> ist aktiviert. FF NetworkProxy: "type", 0 FF Plugin: @adobe.com/FlashPlayer -> C:\windows\system32\Macromed\Flash\NPSWF64_20_0_0_286.dll [2016-01-19] () FF Plugin: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll [2015-01-28] (Oracle Corporation) FF Plugin: @java.com/JavaPlugin -> C:\Program Files\Java\jre1.8.0_31\bin\new_plugin\npjp2.dll [Keine Datei] FF Plugin: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files\Java\jre1.8.0_31\bin\plugin2\npjp2.dll [2015-01-28] (Oracle Corporation) FF Plugin: @microsoft.com/GENUINE -> disabled [Keine Datei] FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-11] ( Microsoft Corporation) FF Plugin-x32: @adobe.com/FlashPlayer -> C:\windows\SysWOW64\Macromed\Flash\NPSWF32_20_0_0_286.dll [2016-01-19] () FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2012-04-05] () FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf -> C:\PROGRAM FILES (X86)\FOXIT SOFTWARE\FOXIT READER\plugins\npFoxitReaderPlugin.dll [2015-02-11] (Foxit Corporation) FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:\PROGRAM FILES (X86)\FOXIT SOFTWARE\FOXIT READER\plugins\npFoxitReaderPlugin.dll [2015-02-11] (Foxit Corporation) FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xdp -> C:\PROGRAM FILES (X86)\FOXIT SOFTWARE\FOXIT READER\plugins\npFoxitReaderPlugin.dll [2015-02-11] (Foxit Corporation) FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xfdf -> C:\PROGRAM FILES (X86)\FOXIT SOFTWARE\FOXIT READER\plugins\npFoxitReaderPlugin.dll [2015-02-11] (Foxit Corporation) FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2013-10-07] (Google) FF Plugin-x32: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll [2015-01-28] (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\plugin2\npjp2.dll [2015-01-28] (Oracle Corporation) FF Plugin-x32: @microsoft.com/GENUINE -> disabled [Keine Datei] FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-11] ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll [2010-04-26] (Microsoft Corp.) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-04] (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-04] (Google Inc.) FF Plugin-x32: @videolan.org/vlc,version=2.0.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2014-07-23] (VideoLAN) FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2014-07-23] (VideoLAN) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2015-09-24] (Adobe Systems Inc.) FF SearchPlugin: C:\Users\benjamka\AppData\Roaming\Mozilla\Firefox\Profiles\104o7vav.default\searchplugins\google-deutschland.xml [2015-09-03] FF SearchPlugin: C:\Users\benjamka\AppData\Roaming\Mozilla\Firefox\Profiles\104o7vav.default\searchplugins\ixquick-https---deutsch.xml [2015-10-05] FF SearchPlugin: C:\Users\benjamka\AppData\Roaming\Mozilla\Firefox\Profiles\2sdewnmb.Bene\searchplugins\bing-lavasoft.xml [2016-01-19] FF Extension: Lavasoft Search Plugin - C:\Users\benjamka\AppData\Roaming\Mozilla\Firefox\Profiles\104o7vav.default\Extensions\jid1-yZwVFzbsyfMrqQ@jetpack [2013-01-15] [ist nicht signiert] FF Extension: Adblock Plus - C:\Users\benjamka\AppData\Roaming\Mozilla\Firefox\Profiles\104o7vav.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2015-09-25] FF Extension: BetterPrivacy - C:\Users\benjamka\AppData\Roaming\Mozilla\Firefox\Profiles\104o7vav.default\Extensions\{d40f5e7b-d2cf-4856-b441-cc613eeffbe3}.xpi [2015-09-17] FF Extension: Session Manager - C:\Users\benjamka\AppData\Roaming\Mozilla\Firefox\Profiles\2sdewnmb.Bene\Extensions\{1280606b-2510-4fe0-97ef-9b5a22eafe30}.xpi [2016-01-16] FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2016-01-07] [ist nicht signiert] FF HKLM-x32\...\Firefox\Extensions: [FFPDFArchitectConverter@pdfarchitect.com] - C:\Program Files (x86)\PDF Architect\FFPDFArchitectExt FF Extension: PDF Architect Converter For Firefox - C:\Program Files (x86)\PDF Architect\FFPDFArchitectExt [2012-12-10] [ist nicht signiert] FF HKLM-x32\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 FF Extension: HP Smart Web Printing - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2015-08-09] [ist nicht signiert] FF HKU\S-1-5-21-50433080-710429258-2441499552-1000\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 Chrome: ======= CHR HKU\S-1-5-21-50433080-710429258-2441499552-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [bknbnapaddjdnbilpmlacdkjdkjmbjhd] - hxxp://clients2.google.com/service/update2/crx CHR HKLM-x32\...\Chrome\Extension: [bknbnapaddjdnbilpmlacdkjdkjmbjhd] - hxxp://clients2.google.com/service/update2/crx CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx ==================== Dienste (Nicht auf der Ausnahmeliste) ======================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.) R2 Ad-Aware Service; C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareService.exe [1236968 2012-12-14] (Lavasoft Limited) S2 AntiVirMailService; C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc7.exe [948392 2015-12-01] (Avira Operations GmbH & Co. KG) R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [466408 2015-12-01] (Avira Operations GmbH & Co. KG) R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [466408 2015-12-01] (Avira Operations GmbH & Co. KG) S4 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE [1212048 2015-09-03] (Avira Operations GmbH & Co. KG) R3 hpqcxs08; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll [248832 2009-05-21] (Hewlett-Packard Co.) [Datei ist nicht signiert] R2 hpqddsvc; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll [133120 2009-05-21] (Hewlett-Packard Co.) [Datei ist nicht signiert] R2 HPSLPSVC; C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL [1039360 2010-10-22] (Hewlett-Packard Co.) [Datei ist nicht signiert] S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [73728 2004-10-22] (Macrovision Corporation) [Datei ist nicht signiert] S2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [1135416 2015-10-05] (Malwarebytes) S3 Microsoft Office Groove Audit Service; C:\Program Files (x86)\Microsoft Office 2007\Office12\GrooveAuditService.exe [64856 2009-02-26] (Microsoft Corporation) R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2010-08-06] (Hewlett-Packard) [Datei ist nicht signiert] R2 NuSetQos; C:\Program Files (x86)\NETGEAR\USB Media Extender\\setqos.exe [718848 2012-06-15] () [Datei ist nicht signiert] R2 PDF Architect Helper Service; C:\Program Files (x86)\PDF Architect\HelperService.exe [1522312 2012-11-22] (pdfforge GbR) R2 PDF Architect Service; C:\Program Files (x86)\PDF Architect\ConversionService.exe [905864 2012-11-22] (pdfforge GbR) R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2010-08-06] (Hewlett-Packard) [Datei ist nicht signiert] R2 PnkBstrA; C:\windows\SysWOW64\PnkBstrA.exe [76888 2015-03-03] () R2 SBAMSvc; C:\Program Files (x86)\Ad-Aware Antivirus\SBAMSvc.exe [3677000 2012-09-20] (GFI Software) R2 SCVSSService; C:\Program Files (x86)\Second Copy 8\SCVSSSvc.exe [968448 2010-04-13] () R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.) R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.) R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.) R2 SynoDrService; C:\Program Files (x86)\Synology Data Replicator 3\SynoDrServicex64.exe [384072 2013-10-09] () S3 TemproMonitoringService; C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe [112080 2011-02-10] (Toshiba Europe GmbH) S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation) ===================== Treiber (Nicht auf der Ausnahmeliste) ========================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.) R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [162072 2015-12-01] (Avira Operations GmbH & Co. KG) R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [140448 2015-12-01] (Avira Operations GmbH & Co. KG) R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-11-25] (Avira Operations GmbH & Co. KG) R3 avmaura; C:\Windows\System32\DRIVERS\avmaura.sys [116480 2013-11-08] (AVM Berlin) R2 avnetflt; C:\Windows\System32\DRIVERS\avnetflt.sys [75472 2015-12-01] (Avira Operations GmbH & Co. KG) S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation) R0 gfibto; C:\Windows\System32\drivers\gfibto.sys [14456 2013-01-15] (GFI Software) R3 MBAMProtector; C:\windows\system32\drivers\mbam.sys [25816 2015-10-05] (Malwarebytes) S3 MBAMWebAccessControl; C:\windows\system32\drivers\mwac.sys [63704 2015-10-05] (Malwarebytes Corporation) R3 NetgearUDSMBus; C:\Windows\SysWow64\Drivers\NetgearUDSMBus.sys [106632 2012-06-15] (Windows (R) Codename Longhorn DDK provider) R3 NetgearUDSTcpBus; C:\Windows\SysWow64\Drivers\NetgearUDSTcpBus.sys [182920 2012-06-15] (Windows (R) Codename Longhorn DDK provider) S3 PcaSp50; C:\Windows\System32\Drivers\PcaSp50.sys [45624 2009-08-24] (Printing Communications Assoc., Inc. (PCAUSA)) R1 veracrypt; C:\Windows\System32\drivers\veracrypt.sys [195416 2015-10-08] (IDRIX) S1 SBRE; \??\C:\windows\system32\drivers\SBREdrv.sys [X] ==================== NetSvcs (Nicht auf der Ausnahmeliste) =================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.) ==================== Ein Monat: Erstellte Dateien und Ordner ======== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.) 2016-01-25 12:22 - 2016-01-25 12:22 - 00000000 ____H C:\ProgramData\cm-lock 2016-01-22 14:09 - 2016-01-22 14:14 - 00093463 _____ C:\Users\benjamka\Downloads\Addition.txt 2016-01-22 14:08 - 2016-01-25 13:48 - 00036200 _____ C:\Users\benjamka\Downloads\FRST.txt 2016-01-22 14:08 - 2016-01-22 14:08 - 02370560 _____ (Farbar) C:\Users\benjamka\Downloads\FRST64.exe 2016-01-20 14:08 - 2016-01-20 14:08 - 00003273 _____ C:\Users\benjamka\AppData\Local\recently-used.xbel 2016-01-19 21:03 - 2016-01-19 21:03 - 00000000 ____D C:\searchplugins 2016-01-19 21:02 - 2016-01-20 09:21 - 00002896 _____ C:\windows\SysWOW64\LavasoftTcpServiceOff.ini 2016-01-19 21:02 - 2016-01-20 09:21 - 00002896 _____ C:\windows\system32\LavasoftTcpServiceOff.ini 2016-01-19 21:02 - 2016-01-19 21:02 - 00425744 _____ (Lavasoft Limited) C:\windows\system32\LavasoftTcpService64.dll 2016-01-19 21:02 - 2016-01-19 21:02 - 00345360 _____ (Lavasoft Limited) C:\windows\SysWOW64\LavasoftTcpService.dll 2016-01-19 21:02 - 2016-01-19 21:02 - 00000000 ____D C:\Users\benjamka\AppData\Roaming\MPC-HC 2016-01-19 21:01 - 2016-01-19 21:01 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack 2016-01-19 21:01 - 2016-01-19 21:01 - 00000000 ____D C:\Program Files (x86)\K-Lite Codec Pack 2016-01-19 21:01 - 2015-12-18 11:00 - 00755200 _____ C:\windows\system32\xvidcore.dll 2016-01-19 21:01 - 2015-12-18 11:00 - 00674816 _____ C:\windows\SysWOW64\xvidcore.dll 2016-01-19 21:01 - 2015-12-18 11:00 - 00309248 _____ C:\windows\system32\xvidvfw.dll 2016-01-19 21:01 - 2015-12-18 11:00 - 00282112 _____ C:\windows\SysWOW64\xvidvfw.dll 2016-01-19 21:01 - 2015-10-24 18:00 - 00126976 _____ C:\windows\system32\ff_vfw.dll 2016-01-19 21:01 - 2015-10-24 18:00 - 00112128 _____ C:\windows\SysWOW64\ff_vfw.dll 2016-01-19 21:01 - 2015-02-28 17:22 - 03571200 _____ (x264vfw project) C:\windows\system32\x264vfw64.dll 2016-01-19 21:01 - 2015-02-28 17:21 - 03591680 _____ (x264vfw project) C:\windows\SysWOW64\x264vfw.dll 2016-01-19 21:01 - 2012-07-21 12:55 - 00180736 _____ (fccHandler) C:\windows\system32\ac3acm.acm 2016-01-19 21:01 - 2012-07-21 12:54 - 00122880 _____ (fccHandler) C:\windows\SysWOW64\ac3acm.acm 2016-01-19 21:01 - 2011-12-07 19:37 - 00148992 _____ ( ) C:\windows\system32\lagarith.dll 2016-01-19 21:01 - 2011-12-07 19:32 - 00216064 _____ ( ) C:\windows\SysWOW64\lagarith.dll 2016-01-19 20:57 - 2016-01-19 20:57 - 42013590 _____ ( ) C:\Users\benjamka\Downloads\K-Lite_Codec_Pack_1180_Mega.exe 2016-01-19 03:01 - 2016-01-19 03:01 - 00000000 ____D C:\Users\benjamka\AppData\Local\NokiaAccount 2016-01-16 19:15 - 2016-01-16 19:15 - 02529622 _____ C:\Users\benjamka\AppData\Local\[j0002]-[p23].bmp 2016-01-16 19:15 - 2016-01-16 19:15 - 02529622 _____ C:\Users\benjamka\AppData\Local\[j0002]-[p22].bmp 2016-01-16 19:15 - 2016-01-16 19:15 - 02529622 _____ C:\Users\benjamka\AppData\Local\[j0002]-[p21].bmp 2016-01-16 19:15 - 2016-01-16 19:15 - 02529622 _____ C:\Users\benjamka\AppData\Local\[j0002]-[p20].bmp 2016-01-16 19:15 - 2016-01-16 19:15 - 02529622 _____ C:\Users\benjamka\AppData\Local\[j0002]-[p19].bmp 2016-01-16 19:15 - 2016-01-16 19:15 - 02529622 _____ C:\Users\benjamka\AppData\Local\[j0002]-[p18].bmp 2016-01-16 19:15 - 2016-01-16 19:15 - 02529622 _____ C:\Users\benjamka\AppData\Local\[j0002]-[p17].bmp 2016-01-16 19:14 - 2016-01-16 19:15 - 02529622 _____ C:\Users\benjamka\AppData\Local\[j0002]-[p16].bmp 2016-01-16 19:14 - 2016-01-16 19:14 - 02529622 _____ C:\Users\benjamka\AppData\Local\[j0002]-[p15].bmp 2016-01-16 19:14 - 2016-01-16 19:14 - 02529622 _____ C:\Users\benjamka\AppData\Local\[j0002]-[p14].bmp 2016-01-16 19:14 - 2016-01-16 19:14 - 02529622 _____ C:\Users\benjamka\AppData\Local\[j0002]-[p13].bmp 2016-01-16 19:14 - 2016-01-16 19:14 - 02529622 _____ C:\Users\benjamka\AppData\Local\[j0002]-[p12].bmp 2016-01-16 19:14 - 2016-01-16 19:14 - 02529622 _____ C:\Users\benjamka\AppData\Local\[j0002]-[p11].bmp 2016-01-16 19:14 - 2016-01-16 19:14 - 02529622 _____ C:\Users\benjamka\AppData\Local\[j0002]-[p10].bmp 2016-01-16 19:14 - 2016-01-16 19:14 - 02529622 _____ C:\Users\benjamka\AppData\Local\[j0002]-[p09].bmp 2016-01-16 19:14 - 2016-01-16 19:14 - 02529622 _____ C:\Users\benjamka\AppData\Local\[j0002]-[p08].bmp 2016-01-16 19:14 - 2016-01-16 19:14 - 02529622 _____ C:\Users\benjamka\AppData\Local\[j0002]-[p07].bmp 2016-01-16 19:14 - 2016-01-16 19:14 - 02529622 _____ C:\Users\benjamka\AppData\Local\[j0002]-[p06].bmp 2016-01-16 19:14 - 2016-01-16 19:14 - 02529622 _____ C:\Users\benjamka\AppData\Local\[j0002]-[p05].bmp 2016-01-16 19:14 - 2016-01-16 19:14 - 02529622 _____ C:\Users\benjamka\AppData\Local\[j0002]-[p04].bmp 2016-01-16 19:14 - 2016-01-16 19:14 - 02529622 _____ C:\Users\benjamka\AppData\Local\[j0002]-[p03].bmp 2016-01-16 19:13 - 2016-01-16 19:14 - 02529622 _____ C:\Users\benjamka\AppData\Local\[j0002]-[p02].bmp 2016-01-14 13:28 - 2016-01-14 13:52 - 00000000 ____D C:\Users\benjamka\Documents\MyScans 2016-01-14 13:26 - 2016-01-14 13:29 - 00000000 ____D C:\Users\benjamka\AppData\Roaming\Foxit Scanner Images 2016-01-13 09:42 - 2015-12-11 19:57 - 01164800 _____ (Microsoft Corporation) C:\windows\system32\aeinv.dll 2016-01-13 09:42 - 2015-12-08 22:54 - 01620992 _____ (Microsoft Corporation) C:\windows\SysWOW64\WMVDECOD.DLL 2016-01-13 09:42 - 2015-12-08 22:54 - 01568768 _____ (Microsoft Corporation) C:\windows\SysWOW64\WMVENCOD.DLL 2016-01-13 09:42 - 2015-12-08 22:54 - 00902144 _____ (Microsoft Corporation) C:\windows\SysWOW64\WMADMOD.DLL 2016-01-13 09:42 - 2015-12-08 22:54 - 00815616 _____ (Microsoft Corporation) C:\windows\SysWOW64\WMADMOE.DLL 2016-01-13 09:42 - 2015-12-08 22:54 - 00740352 _____ (Microsoft Corporation) C:\windows\SysWOW64\wmpmde.dll 2016-01-13 09:42 - 2015-12-08 22:54 - 00739328 _____ (Microsoft Corporation) C:\windows\SysWOW64\WMSPDMOD.DLL 2016-01-13 09:42 - 2015-12-08 22:54 - 00541184 _____ (Microsoft Corporation) C:\windows\SysWOW64\WMVSDECD.DLL 2016-01-13 09:42 - 2015-12-08 22:53 - 03209728 _____ (Microsoft Corporation) C:\windows\SysWOW64\mf.dll 2016-01-13 09:42 - 2015-12-08 22:53 - 00970240 _____ (Microsoft Corporation) C:\windows\SysWOW64\msmpeg2adec.dll 2016-01-13 09:42 - 2015-12-08 22:53 - 00829952 _____ (Microsoft Corporation) C:\windows\SysWOW64\MSMPEG2ENC.DLL 2016-01-13 09:42 - 2015-12-08 22:53 - 00509952 _____ (Microsoft Corporation) C:\windows\SysWOW64\qedit.dll 2016-01-13 09:42 - 2015-12-08 22:53 - 00153600 _____ (Microsoft Corporation) C:\windows\SysWOW64\COLORCNV.DLL 2016-01-13 09:42 - 2015-12-08 20:07 - 04121600 _____ (Microsoft Corporation) C:\windows\system32\mf.dll 2016-01-13 09:42 - 2015-12-08 20:07 - 01955328 _____ (Microsoft Corporation) C:\windows\system32\WMVENCOD.DLL 2016-01-13 09:42 - 2015-12-08 20:07 - 01888768 _____ (Microsoft Corporation) C:\windows\system32\WMVDECOD.DLL 2016-01-13 09:42 - 2015-12-08 20:07 - 01573888 _____ (Microsoft Corporation) C:\windows\system32\quartz.dll 2016-01-13 09:42 - 2015-12-08 20:07 - 01307136 _____ (Microsoft Corporation) C:\windows\system32\msmpeg2adec.dll 2016-01-13 09:42 - 2015-12-08 20:07 - 01232896 _____ (Microsoft Corporation) C:\windows\system32\WMADMOD.DLL 2016-01-13 09:42 - 2015-12-08 20:07 - 01160192 _____ (Microsoft Corporation) C:\windows\system32\MSMPEG2ENC.DLL 2016-01-13 09:42 - 2015-12-08 20:07 - 01153024 _____ (Microsoft Corporation) C:\windows\system32\WMADMOE.DLL 2016-01-13 09:42 - 2015-12-08 20:07 - 01026048 _____ (Microsoft Corporation) C:\windows\system32\wmpmde.dll 2016-01-13 09:42 - 2015-12-08 20:07 - 01010688 _____ (Microsoft Corporation) C:\windows\system32\mcmde.dll 2016-01-13 09:42 - 2015-12-08 20:07 - 00978944 _____ (Microsoft Corporation) C:\windows\system32\WMSPDMOD.DLL 2016-01-13 09:42 - 2015-12-08 20:07 - 00666112 _____ (Microsoft Corporation) C:\windows\system32\WMVSDECD.DLL 2016-01-13 09:42 - 2015-12-08 20:07 - 00632320 _____ (Microsoft Corporation) C:\windows\system32\evr.dll 2016-01-13 09:42 - 2015-12-08 20:07 - 00624640 _____ (Microsoft Corporation) C:\windows\system32\qedit.dll 2016-01-13 09:42 - 2015-12-08 20:07 - 00189952 _____ (Microsoft Corporation) C:\windows\system32\COLORCNV.DLL 2016-01-13 09:42 - 2015-11-14 00:09 - 00091648 _____ (Microsoft Corporation) C:\windows\system32\mapistub.dll 2016-01-13 09:42 - 2015-11-14 00:09 - 00091648 _____ (Microsoft Corporation) C:\windows\system32\mapi32.dll 2016-01-13 09:42 - 2015-11-14 00:08 - 00017920 _____ (Microsoft Corporation) C:\windows\system32\fixmapi.exe 2016-01-13 09:42 - 2015-11-13 23:50 - 00076800 _____ (Microsoft Corporation) C:\windows\SysWOW64\mapistub.dll 2016-01-13 09:42 - 2015-11-13 23:50 - 00076800 _____ (Microsoft Corporation) C:\windows\SysWOW64\mapi32.dll 2016-01-13 09:42 - 2015-11-13 23:49 - 00014336 _____ (Microsoft Corporation) C:\windows\SysWOW64\fixmapi.exe 2016-01-13 09:41 - 2015-12-24 00:13 - 00387784 _____ (Microsoft Corporation) C:\windows\system32\iedkcs32.dll 2016-01-13 09:41 - 2015-12-23 23:52 - 00341192 _____ (Microsoft Corporation) C:\windows\SysWOW64\iedkcs32.dll 2016-01-13 09:41 - 2015-12-12 19:54 - 25837568 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll 2016-01-13 09:41 - 2015-12-12 19:31 - 02724864 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb 2016-01-13 09:41 - 2015-12-12 19:30 - 00004096 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollectorres.dll 2016-01-13 09:41 - 2015-12-12 19:16 - 00066560 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll 2016-01-13 09:41 - 2015-12-12 19:15 - 02887168 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll 2016-01-13 09:41 - 2015-12-12 19:15 - 00571904 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll 2016-01-13 09:41 - 2015-12-12 19:15 - 00417792 _____ (Microsoft Corporation) C:\windows\system32\html.iec 2016-01-13 09:41 - 2015-12-12 19:15 - 00048640 _____ (Microsoft Corporation) C:\windows\system32\ieetwproxystub.dll 2016-01-13 09:41 - 2015-12-12 19:14 - 00088064 _____ (Microsoft Corporation) C:\windows\system32\MshtmlDac.dll 2016-01-13 09:41 - 2015-12-12 19:07 - 06051328 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll 2016-01-13 09:41 - 2015-12-12 19:07 - 00054784 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll 2016-01-13 09:41 - 2015-12-12 19:07 - 00034304 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll 2016-01-13 09:41 - 2015-12-12 19:03 - 00615936 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll 2016-01-13 09:41 - 2015-12-12 19:02 - 20367360 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll 2016-01-13 09:41 - 2015-12-12 19:02 - 00817664 _____ (Microsoft Corporation) C:\windows\system32\jscript.dll 2016-01-13 09:41 - 2015-12-12 19:02 - 00814080 _____ (Microsoft Corporation) C:\windows\system32\jscript9diag.dll 2016-01-13 09:41 - 2015-12-12 19:02 - 00144384 _____ (Microsoft Corporation) C:\windows\system32\ieUnatt.exe 2016-01-13 09:41 - 2015-12-12 19:02 - 00114688 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollector.exe 2016-01-13 09:41 - 2015-12-12 18:55 - 00968704 _____ (Microsoft Corporation) C:\windows\system32\MsSpellCheckingFacility.exe 2016-01-13 09:41 - 2015-12-12 18:51 - 00489984 _____ (Microsoft Corporation) C:\windows\system32\dxtmsft.dll 2016-01-13 09:41 - 2015-12-12 18:49 - 02724864 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb 2016-01-13 09:41 - 2015-12-12 18:44 - 00077824 _____ (Microsoft Corporation) C:\windows\system32\JavaScriptCollectionAgent.dll 2016-01-13 09:41 - 2015-12-12 18:40 - 00199680 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll 2016-01-13 09:41 - 2015-12-12 18:39 - 00092160 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll 2016-01-13 09:41 - 2015-12-12 18:37 - 00496640 _____ (Microsoft Corporation) C:\windows\SysWOW64\vbscript.dll 2016-01-13 09:41 - 2015-12-12 18:37 - 00315392 _____ (Microsoft Corporation) C:\windows\system32\dxtrans.dll 2016-01-13 09:41 - 2015-12-12 18:37 - 00062464 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesetup.dll 2016-01-13 09:41 - 2015-12-12 18:37 - 00047616 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieetwproxystub.dll 2016-01-13 09:41 - 2015-12-12 18:36 - 00341504 _____ (Microsoft Corporation) C:\windows\SysWOW64\html.iec 2016-01-13 09:41 - 2015-12-12 18:36 - 00064000 _____ (Microsoft Corporation) C:\windows\SysWOW64\MshtmlDac.dll 2016-01-13 09:41 - 2015-12-12 18:35 - 00152064 _____ (Microsoft Corporation) C:\windows\system32\occache.dll 2016-01-13 09:41 - 2015-12-12 18:33 - 02280448 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll 2016-01-13 09:41 - 2015-12-12 18:31 - 00047104 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll 2016-01-13 09:41 - 2015-12-12 18:30 - 00030720 _____ (Microsoft Corporation) C:\windows\SysWOW64\iernonce.dll 2016-01-13 09:41 - 2015-12-12 18:28 - 00476160 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieui.dll 2016-01-13 09:41 - 2015-12-12 18:27 - 00663552 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript.dll 2016-01-13 09:41 - 2015-12-12 18:27 - 00620032 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9diag.dll 2016-01-13 09:41 - 2015-12-12 18:27 - 00115712 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieUnatt.exe 2016-01-13 09:41 - 2015-12-12 18:25 - 00262144 _____ (Microsoft Corporation) C:\windows\system32\webcheck.dll 2016-01-13 09:41 - 2015-12-12 18:23 - 00798208 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll 2016-01-13 09:41 - 2015-12-12 18:22 - 00718336 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe 2016-01-13 09:41 - 2015-12-12 18:21 - 01359360 _____ (Microsoft Corporation) C:\windows\system32\mshtmlmedia.dll 2016-01-13 09:41 - 2015-12-12 18:20 - 02123264 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl 2016-01-13 09:41 - 2015-12-12 18:19 - 00416256 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtmsft.dll 2016-01-13 09:41 - 2015-12-12 18:18 - 14457856 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll 2016-01-13 09:41 - 2015-12-12 18:14 - 00060416 _____ (Microsoft Corporation) C:\windows\SysWOW64\JavaScriptCollectionAgent.dll 2016-01-13 09:41 - 2015-12-12 18:12 - 00168960 _____ (Microsoft Corporation) C:\windows\SysWOW64\msrating.dll 2016-01-13 09:41 - 2015-12-12 18:10 - 00279040 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtrans.dll 2016-01-13 09:41 - 2015-12-12 18:10 - 00076288 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmled.dll 2016-01-13 09:41 - 2015-12-12 18:09 - 04610560 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll 2016-01-13 09:41 - 2015-12-12 18:08 - 00130048 _____ (Microsoft Corporation) C:\windows\SysWOW64\occache.dll 2016-01-13 09:41 - 2015-12-12 18:06 - 02487808 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll 2016-01-13 09:41 - 2015-12-12 18:02 - 00230400 _____ (Microsoft Corporation) C:\windows\SysWOW64\webcheck.dll 2016-01-13 09:41 - 2015-12-12 18:00 - 12856320 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll 2016-01-13 09:41 - 2015-12-12 18:00 - 02050560 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcpl.cpl 2016-01-13 09:41 - 2015-12-12 18:00 - 01155072 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmlmedia.dll 2016-01-13 09:41 - 2015-12-12 18:00 - 00687104 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll 2016-01-13 09:41 - 2015-12-12 17:54 - 01546752 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll 2016-01-13 09:41 - 2015-12-12 17:42 - 00800768 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll 2016-01-13 09:41 - 2015-12-12 17:41 - 02011136 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll 2016-01-13 09:41 - 2015-12-12 17:38 - 01311744 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll 2016-01-13 09:41 - 2015-12-12 17:36 - 00710144 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dll 2016-01-13 09:41 - 2015-12-08 22:54 - 02285056 _____ (Microsoft Corporation) C:\windows\SysWOW64\msmpeg2vdec.dll 2016-01-13 09:41 - 2015-12-08 22:54 - 01325056 _____ (Microsoft Corporation) C:\windows\SysWOW64\WMSPDMOE.DLL 2016-01-13 09:41 - 2015-12-08 22:54 - 00665088 _____ (Microsoft Corporation) C:\windows\SysWOW64\WMVXENCD.DLL 2016-01-13 09:41 - 2015-12-08 22:54 - 00358400 _____ (Microsoft Corporation) C:\windows\SysWOW64\WMVSENCD.DLL 2016-01-13 09:41 - 2015-12-08 22:54 - 00154112 _____ (Microsoft Corporation) C:\windows\SysWOW64\VIDRESZR.DLL 2016-01-13 09:41 - 2015-12-08 22:53 - 01329664 _____ (Microsoft Corporation) C:\windows\SysWOW64\quartz.dll 2016-01-13 09:41 - 2015-12-08 22:53 - 00609280 _____ (Microsoft Corporation) C:\windows\SysWOW64\MFWMAAEC.DLL 2016-01-13 09:41 - 2015-12-08 22:53 - 00519680 _____ (Microsoft Corporation) C:\windows\SysWOW64\qdvd.dll 2016-01-13 09:41 - 2015-12-08 22:53 - 00489984 _____ (Microsoft Corporation) C:\windows\SysWOW64\evr.dll 2016-01-13 09:41 - 2015-12-08 22:53 - 00415744 _____ (Microsoft Corporation) C:\windows\SysWOW64\MP4SDECD.DLL 2016-01-13 09:41 - 2015-12-08 22:53 - 00354816 _____ (Microsoft Corporation) C:\windows\SysWOW64\mfplat.dll 2016-01-13 09:41 - 2015-12-08 22:53 - 00241152 _____ (Microsoft Corporation) C:\windows\SysWOW64\MPG4DECD.DLL 2016-01-13 09:41 - 2015-12-08 22:53 - 00241152 _____ (Microsoft Corporation) C:\windows\SysWOW64\MP43DECD.DLL 2016-01-13 09:41 - 2015-12-08 22:53 - 00206848 _____ (Microsoft Corporation) C:\windows\SysWOW64\RESAMPLEDMO.DLL 2016-01-13 09:41 - 2015-12-08 22:53 - 00206848 _____ (Microsoft Corporation) C:\windows\SysWOW64\qasf.dll 2016-01-13 09:41 - 2015-12-08 22:53 - 00193536 _____ (Microsoft Corporation) C:\windows\SysWOW64\ksproxy.ax 2016-01-13 09:41 - 2015-12-08 22:53 - 00103424 _____ (Microsoft Corporation) C:\windows\SysWOW64\mfps.dll 2016-01-13 09:41 - 2015-12-08 22:53 - 00079872 _____ (Microsoft Corporation) C:\windows\SysWOW64\MP3DMOD.DLL 2016-01-13 09:41 - 2015-12-08 22:53 - 00067584 _____ (Microsoft Corporation) C:\windows\SysWOW64\devenum.dll 2016-01-13 09:41 - 2015-12-08 22:53 - 00053248 _____ (Microsoft Corporation) C:\windows\SysWOW64\mfvdsp.dll 2016-01-13 09:41 - 2015-12-08 22:53 - 00050176 _____ (Microsoft Corporation) C:\windows\SysWOW64\rrinstaller.exe 2016-01-13 09:41 - 2015-12-08 22:53 - 00023040 _____ (Microsoft Corporation) C:\windows\SysWOW64\mfpmp.exe 2016-01-13 09:41 - 2015-12-08 22:53 - 00004608 _____ (Microsoft Corporation) C:\windows\SysWOW64\ksuser.dll 2016-01-13 09:41 - 2015-12-08 22:50 - 00002048 _____ (Microsoft Corporation) C:\windows\SysWOW64\mferror.dll 2016-01-13 09:41 - 2015-12-08 20:07 - 02777088 _____ (Microsoft Corporation) C:\windows\system32\msmpeg2vdec.dll 2016-01-13 09:41 - 2015-12-08 20:07 - 01575424 _____ (Microsoft Corporation) C:\windows\system32\WMSPDMOE.DLL 2016-01-13 09:41 - 2015-12-08 20:07 - 00653824 _____ (Microsoft Corporation) C:\windows\system32\MP4SDECD.DLL 2016-01-13 09:41 - 2015-12-08 20:07 - 00642048 _____ (Microsoft Corporation) C:\windows\system32\WMVXENCD.DLL 2016-01-13 09:41 - 2015-12-08 20:07 - 00484864 _____ (Microsoft Corporation) C:\windows\system32\MFWMAAEC.DLL 2016-01-13 09:41 - 2015-12-08 20:07 - 00447488 _____ (Microsoft Corporation) C:\windows\system32\WMVSENCD.DLL 2016-01-13 09:41 - 2015-12-08 20:07 - 00432128 _____ (Microsoft Corporation) C:\windows\system32\mfplat.dll 2016-01-13 09:41 - 2015-12-08 20:07 - 00378880 _____ (Microsoft Corporation) C:\windows\system32\SysFxUI.dll 2016-01-13 09:41 - 2015-12-08 20:07 - 00371712 _____ (Microsoft Corporation) C:\windows\system32\qdvd.dll 2016-01-13 09:41 - 2015-12-08 20:07 - 00292352 _____ (Microsoft Corporation) C:\windows\system32\VIDRESZR.DLL 2016-01-13 09:41 - 2015-12-08 20:07 - 00254464 _____ (Microsoft Corporation) C:\windows\system32\qasf.dll 2016-01-13 09:41 - 2015-12-08 20:07 - 00225792 _____ (Microsoft Corporation) C:\windows\system32\RESAMPLEDMO.DLL 2016-01-13 09:41 - 2015-12-08 20:07 - 00224768 _____ (Microsoft Corporation) C:\windows\system32\MPG4DECD.DLL 2016-01-13 09:41 - 2015-12-08 20:07 - 00223744 _____ (Microsoft Corporation) C:\windows\system32\MP43DECD.DLL 2016-01-13 09:41 - 2015-12-08 20:07 - 00206848 _____ (Microsoft Corporation) C:\windows\system32\mfps.dll 2016-01-13 09:41 - 2015-12-08 20:07 - 00100864 _____ (Microsoft Corporation) C:\windows\system32\MP3DMOD.DLL 2016-01-13 09:41 - 2015-12-08 20:07 - 00076288 _____ (Microsoft Corporation) C:\windows\system32\devenum.dll 2016-01-13 09:41 - 2015-12-08 20:07 - 00070144 _____ (Microsoft Corporation) C:\windows\system32\mfvdsp.dll 2016-01-13 09:41 - 2015-12-08 20:07 - 00055808 _____ (Microsoft Corporation) C:\windows\system32\rrinstaller.exe 2016-01-13 09:41 - 2015-12-08 20:07 - 00005120 _____ (Microsoft Corporation) C:\windows\system32\ksuser.dll 2016-01-13 09:41 - 2015-12-08 20:06 - 00250880 _____ (Microsoft Corporation) C:\windows\system32\ksproxy.ax 2016-01-13 09:41 - 2015-12-08 20:06 - 00024576 _____ (Microsoft Corporation) C:\windows\system32\mfpmp.exe 2016-01-13 09:41 - 2015-12-08 20:04 - 00002048 _____ (Microsoft Corporation) C:\windows\system32\mferror.dll 2016-01-13 09:41 - 2015-12-08 19:54 - 00116736 _____ (Microsoft Corporation) C:\windows\system32\Drivers\drmk.sys 2016-01-13 09:41 - 2015-12-08 19:12 - 00230400 _____ (Microsoft Corporation) C:\windows\system32\Drivers\portcls.sys 2016-01-13 09:41 - 2015-12-08 19:11 - 00005632 _____ (Microsoft Corporation) C:\windows\system32\Drivers\drmkaud.sys 2016-01-13 09:41 - 2015-12-08 18:58 - 03211264 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys 2016-01-13 09:40 - 2015-12-30 20:08 - 05572544 _____ (Microsoft Corporation) C:\windows\system32\ntoskrnl.exe 2016-01-13 09:40 - 2015-12-30 20:08 - 00154560 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ksecpkg.sys 2016-01-13 09:40 - 2015-12-30 20:08 - 00095680 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ksecdd.sys 2016-01-13 09:40 - 2015-12-30 20:05 - 01730496 _____ (Microsoft Corporation) C:\windows\system32\ntdll.dll 2016-01-13 09:40 - 2015-12-30 20:02 - 00362496 _____ (Microsoft Corporation) C:\windows\system32\wow64win.dll 2016-01-13 09:40 - 2015-12-30 20:02 - 00243712 _____ (Microsoft Corporation) C:\windows\system32\wow64.dll 2016-01-13 09:40 - 2015-12-30 20:02 - 00215040 _____ (Microsoft Corporation) C:\windows\system32\winsrv.dll 2016-01-13 09:40 - 2015-12-30 20:02 - 00210432 _____ (Microsoft Corporation) C:\windows\system32\wdigest.dll 2016-01-13 09:40 - 2015-12-30 20:02 - 00086528 _____ (Microsoft Corporation) C:\windows\system32\TSpkg.dll 2016-01-13 09:40 - 2015-12-30 20:02 - 00013312 _____ (Microsoft Corporation) C:\windows\system32\wow64cpu.dll 2016-01-13 09:40 - 2015-12-30 20:01 - 01214464 _____ (Microsoft Corporation) C:\windows\system32\rpcrt4.dll 2016-01-13 09:40 - 2015-12-30 20:01 - 00503808 _____ (Microsoft Corporation) C:\windows\system32\srcore.dll 2016-01-13 09:40 - 2015-12-30 20:01 - 00344064 _____ (Microsoft Corporation) C:\windows\system32\schannel.dll 2016-01-13 09:40 - 2015-12-30 20:01 - 00135680 _____ (Microsoft Corporation) C:\windows\system32\sspicli.dll 2016-01-13 09:40 - 2015-12-30 20:01 - 00050176 _____ (Microsoft Corporation) C:\windows\system32\srclient.dll 2016-01-13 09:40 - 2015-12-30 20:01 - 00028672 _____ (Microsoft Corporation) C:\windows\system32\sspisrv.dll 2016-01-13 09:40 - 2015-12-30 20:01 - 00028160 _____ (Microsoft Corporation) C:\windows\system32\secur32.dll 2016-01-13 09:40 - 2015-12-30 20:00 - 00016384 _____ (Microsoft Corporation) C:\windows\system32\ntvdm64.dll 2016-01-13 09:40 - 2015-12-30 19:59 - 00315392 _____ (Microsoft Corporation) C:\windows\system32\msv1_0.dll 2016-01-13 09:40 - 2015-12-30 19:59 - 00312320 _____ (Microsoft Corporation) C:\windows\system32\ncrypt.dll 2016-01-13 09:40 - 2015-12-30 19:59 - 00060416 _____ (Microsoft Corporation) C:\windows\system32\msobjs.dll 2016-01-13 09:40 - 2015-12-30 19:58 - 01461248 _____ (Microsoft Corporation) C:\windows\system32\lsasrv.dll 2016-01-13 09:40 - 2015-12-30 19:58 - 00146432 _____ (Microsoft Corporation) C:\windows\system32\msaudite.dll 2016-01-13 09:40 - 2015-12-30 19:57 - 01163264 _____ (Microsoft Corporation) C:\windows\system32\kernel32.dll 2016-01-13 09:40 - 2015-12-30 19:57 - 00729600 _____ (Microsoft Corporation) C:\windows\system32\kerberos.dll 2016-01-13 09:40 - 2015-12-30 19:57 - 00424448 _____ (Microsoft Corporation) C:\windows\system32\KernelBase.dll 2016-01-13 09:40 - 2015-12-30 19:55 - 00043520 _____ (Microsoft Corporation) C:\windows\system32\csrsrv.dll 2016-01-13 09:40 - 2015-12-30 19:55 - 00043520 _____ (Microsoft Corporation) C:\windows\system32\cryptbase.dll 2016-01-13 09:40 - 2015-12-30 19:55 - 00022016 _____ (Microsoft Corporation) C:\windows\system32\credssp.dll 2016-01-13 09:40 - 2015-12-30 19:54 - 00686080 _____ (Microsoft Corporation) C:\windows\system32\adtschema.dll 2016-01-13 09:40 - 2015-12-30 19:54 - 00006656 _____ (Microsoft Corporation) C:\windows\system32\apisetschema.dll 2016-01-13 09:40 - 2015-12-30 19:54 - 00006144 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-security-base-l1-1-0.dll 2016-01-13 09:40 - 2015-12-30 19:54 - 00005120 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-file-l1-1-0.dll 2016-01-13 09:40 - 2015-12-30 19:54 - 00004608 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll 2016-01-13 09:40 - 2015-12-30 19:54 - 00004608 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-processthreads-l1-1-0.dll 2016-01-13 09:40 - 2015-12-30 19:54 - 00004096 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll 2016-01-13 09:40 - 2015-12-30 19:54 - 00004096 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-synch-l1-1-0.dll 2016-01-13 09:40 - 2015-12-30 19:54 - 00004096 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-localregistry-l1-1-0.dll 2016-01-13 09:40 - 2015-12-30 19:54 - 00004096 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-localization-l1-1-0.dll 2016-01-13 09:40 - 2015-12-30 19:54 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll 2016-01-13 09:40 - 2015-12-30 19:54 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll 2016-01-13 09:40 - 2015-12-30 19:54 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll 2016-01-13 09:40 - 2015-12-30 19:54 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-misc-l1-1-0.dll 2016-01-13 09:40 - 2015-12-30 19:54 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-memory-l1-1-0.dll 2016-01-13 09:40 - 2015-12-30 19:54 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll 2016-01-13 09:40 - 2015-12-30 19:54 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-heap-l1-1-0.dll 2016-01-13 09:40 - 2015-12-30 19:54 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll 2016-01-13 09:40 - 2015-12-30 19:54 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-util-l1-1-0.dll 2016-01-13 09:40 - 2015-12-30 19:54 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-string-l1-1-0.dll 2016-01-13 09:40 - 2015-12-30 19:54 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-profile-l1-1-0.dll 2016-01-13 09:40 - 2015-12-30 19:54 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-io-l1-1-0.dll 2016-01-13 09:40 - 2015-12-30 19:54 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-interlocked-l1-1-0.dll 2016-01-13 09:40 - 2015-12-30 19:54 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-handle-l1-1-0.dll 2016-01-13 09:40 - 2015-12-30 19:54 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-fibers-l1-1-0.dll 2016-01-13 09:40 - 2015-12-30 19:54 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll 2016-01-13 09:40 - 2015-12-30 19:54 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-delayload-l1-1-0.dll 2016-01-13 09:40 - 2015-12-30 19:54 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-debug-l1-1-0.dll 2016-01-13 09:40 - 2015-12-30 19:54 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-datetime-l1-1-0.dll 2016-01-13 09:40 - 2015-12-30 19:54 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-console-l1-1-0.dll 2016-01-13 09:40 - 2015-12-30 19:47 - 03993536 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntkrnlpa.exe 2016-01-13 09:40 - 2015-12-30 19:47 - 03938240 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntoskrnl.exe 2016-01-13 09:40 - 2015-12-30 19:44 - 01311768 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntdll.dll 2016-01-13 09:40 - 2015-12-30 19:41 - 01114112 _____ (Microsoft Corporation) C:\windows\SysWOW64\kernel32.dll 2016-01-13 09:40 - 2015-12-30 19:41 - 00665088 _____ (Microsoft Corporation) C:\windows\SysWOW64\rpcrt4.dll 2016-01-13 09:40 - 2015-12-30 19:41 - 00274944 _____ (Microsoft Corporation) C:\windows\SysWOW64\KernelBase.dll 2016-01-13 09:40 - 2015-12-30 19:41 - 00171520 _____ (Microsoft Corporation) C:\windows\SysWOW64\wdigest.dll 2016-01-13 09:40 - 2015-12-30 19:41 - 00096768 _____ (Microsoft Corporation) C:\windows\SysWOW64\sspicli.dll 2016-01-13 09:40 - 2015-12-30 19:41 - 00065536 _____ (Microsoft Corporation) C:\windows\SysWOW64\TSpkg.dll 2016-01-13 09:40 - 2015-12-30 19:41 - 00043008 _____ (Microsoft Corporation) C:\windows\SysWOW64\srclient.dll 2016-01-13 09:40 - 2015-12-30 19:41 - 00005120 _____ (Microsoft Corporation) C:\windows\SysWOW64\wow32.dll 2016-01-13 09:40 - 2015-12-30 19:40 - 00251392 _____ (Microsoft Corporation) C:\windows\SysWOW64\schannel.dll 2016-01-13 09:40 - 2015-12-30 19:40 - 00022016 _____ (Microsoft Corporation) C:\windows\SysWOW64\secur32.dll 2016-01-13 09:40 - 2015-12-30 19:39 - 00259584 _____ (Microsoft Corporation) C:\windows\SysWOW64\msv1_0.dll 2016-01-13 09:40 - 2015-12-30 19:39 - 00223232 _____ (Microsoft Corporation) C:\windows\SysWOW64\ncrypt.dll 2016-01-13 09:40 - 2015-12-30 19:39 - 00146432 _____ (Microsoft Corporation) C:\windows\SysWOW64\msaudite.dll 2016-01-13 09:40 - 2015-12-30 19:39 - 00060416 _____ (Microsoft Corporation) C:\windows\SysWOW64\msobjs.dll 2016-01-13 09:40 - 2015-12-30 19:38 - 00552960 _____ (Microsoft Corporation) C:\windows\SysWOW64\kerberos.dll 2016-01-13 09:40 - 2015-12-30 19:38 - 00017408 _____ (Microsoft Corporation) C:\windows\SysWOW64\credssp.dll 2016-01-13 09:40 - 2015-12-30 19:37 - 00686080 _____ (Microsoft Corporation) C:\windows\SysWOW64\adtschema.dll 2016-01-13 09:40 - 2015-12-30 19:37 - 00006656 _____ (Microsoft Corporation) C:\windows\SysWOW64\apisetschema.dll 2016-01-13 09:40 - 2015-12-30 19:37 - 00005120 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll 2016-01-13 09:40 - 2015-12-30 19:37 - 00004608 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll 2016-01-13 09:40 - 2015-12-30 19:37 - 00004096 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll 2016-01-13 09:40 - 2015-12-30 19:37 - 00004096 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll 2016-01-13 09:40 - 2015-12-30 19:37 - 00004096 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll 2016-01-13 09:40 - 2015-12-30 19:37 - 00004096 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll 2016-01-13 09:40 - 2015-12-30 19:37 - 00004096 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll 2016-01-13 09:40 - 2015-12-30 19:37 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll 2016-01-13 09:40 - 2015-12-30 19:37 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll 2016-01-13 09:40 - 2015-12-30 19:37 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll 2016-01-13 09:40 - 2015-12-30 19:37 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll 2016-01-13 09:40 - 2015-12-30 19:37 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll 2016-01-13 09:40 - 2015-12-30 19:37 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll 2016-01-13 09:40 - 2015-12-30 19:37 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll 2016-01-13 09:40 - 2015-12-30 19:37 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll 2016-01-13 09:40 - 2015-12-30 19:37 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll 2016-01-13 09:40 - 2015-12-30 19:37 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll 2016-01-13 09:40 - 2015-12-30 19:37 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll 2016-01-13 09:40 - 2015-12-30 19:37 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll 2016-01-13 09:40 - 2015-12-30 19:37 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll 2016-01-13 09:40 - 2015-12-30 19:37 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll 2016-01-13 09:40 - 2015-12-30 19:37 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll 2016-01-13 09:40 - 2015-12-30 19:37 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll 2016-01-13 09:40 - 2015-12-30 19:37 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll 2016-01-13 09:40 - 2015-12-30 18:57 - 00064000 _____ (Microsoft Corporation) C:\windows\system32\auditpol.exe 2016-01-13 09:40 - 2015-12-30 18:50 - 00338432 _____ (Microsoft Corporation) C:\windows\system32\conhost.exe 2016-01-13 09:40 - 2015-12-30 18:49 - 00296960 _____ (Microsoft Corporation) C:\windows\system32\rstrui.exe 2016-01-13 09:40 - 2015-12-30 18:44 - 00050176 _____ (Microsoft Corporation) C:\windows\SysWOW64\auditpol.exe 2016-01-13 09:40 - 2015-12-30 18:43 - 00159232 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mrxsmb.sys 2016-01-13 09:40 - 2015-12-30 18:42 - 00290816 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mrxsmb10.sys 2016-01-13 09:40 - 2015-12-30 18:42 - 00129024 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mrxsmb20.sys 2016-01-13 09:40 - 2015-12-30 18:41 - 00112640 _____ (Microsoft Corporation) C:\windows\system32\smss.exe 2016-01-13 09:40 - 2015-12-30 18:41 - 00030720 _____ (Microsoft Corporation) C:\windows\system32\lsass.exe 2016-01-13 09:40 - 2015-12-30 18:32 - 00025600 _____ (Microsoft Corporation) C:\windows\SysWOW64\setup16.exe 2016-01-13 09:40 - 2015-12-30 18:32 - 00014336 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntvdm64.dll 2016-01-13 09:40 - 2015-12-30 18:32 - 00007680 _____ (Microsoft Corporation) C:\windows\SysWOW64\instnm.exe 2016-01-13 09:40 - 2015-12-30 18:32 - 00002048 _____ (Microsoft Corporation) C:\windows\SysWOW64\user.exe 2016-01-13 09:40 - 2015-12-30 18:30 - 00036352 _____ (Microsoft Corporation) C:\windows\SysWOW64\cryptbase.dll 2016-01-13 09:40 - 2015-12-30 18:30 - 00006144 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll 2016-01-13 09:40 - 2015-12-30 18:30 - 00004608 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll 2016-01-13 09:40 - 2015-12-30 18:30 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll 2016-01-13 09:40 - 2015-12-30 18:30 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll 2016-01-13 09:40 - 2015-12-08 22:53 - 00641536 _____ (Microsoft Corporation) C:\windows\SysWOW64\advapi32.dll 2016-01-13 09:40 - 2015-12-08 22:52 - 00312320 _____ (Microsoft Corporation) C:\windows\SysWOW64\gdi32.dll 2016-01-13 09:40 - 2015-12-08 20:07 - 00879104 _____ (Microsoft Corporation) C:\windows\system32\advapi32.dll 2016-01-13 09:40 - 2015-12-08 20:07 - 00405504 _____ (Microsoft Corporation) C:\windows\system32\gdi32.dll 2016-01-13 09:40 - 2015-11-17 02:11 - 00025024 _____ (Microsoft Corporation) C:\windows\system32\CompatTelRunner.exe 2016-01-13 09:40 - 2015-11-17 02:08 - 01381376 _____ (Microsoft Corporation) C:\windows\system32\appraiser.dll 2016-01-13 09:40 - 2015-11-17 02:08 - 00792064 _____ (Microsoft Corporation) C:\windows\system32\generaltel.dll 2016-01-13 09:40 - 2015-11-17 02:08 - 00705536 _____ (Microsoft Corporation) C:\windows\system32\invagent.dll 2016-01-13 09:40 - 2015-11-17 02:08 - 00505856 _____ (Microsoft Corporation) C:\windows\system32\devinv.dll 2016-01-13 09:40 - 2015-11-17 02:08 - 00076800 _____ (Microsoft Corporation) C:\windows\system32\acmigration.dll 2016-01-13 09:40 - 2015-11-16 21:17 - 00210432 _____ (Microsoft Corporation) C:\windows\system32\aepic.dll 2016-01-12 16:49 - 2016-01-19 21:02 - 00000000 ____D C:\Users\benjamka\AppData\Local\CrashDumps 2016-01-12 04:13 - 2016-01-12 04:13 - 00000000 ____D C:\Users\benjamka\AppData\Roaming\JAM Software 2016-01-12 04:13 - 2016-01-12 04:13 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TreeSize Free 2016-01-12 04:13 - 2016-01-12 04:13 - 00000000 ____D C:\Program Files (x86)\JAM Software 2016-01-09 23:19 - 2016-01-09 23:19 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\XAMPP 2016-01-09 23:16 - 2016-01-10 02:24 - 00000000 ____D C:\xampp 2016-01-09 23:04 - 2016-01-11 02:37 - 00000106 _____ C:\Users\benjamka\Documents\urls.txt 2016-01-09 01:20 - 2016-01-09 01:20 - 00273025 _____ C:\Users\benjamka\Documents\Logo2.xcf 2016-01-08 22:22 - 2016-01-08 22:22 - 00003971 _____ C:\Users\benjamka\Documents\wp-config.php 2016-01-07 11:04 - 2016-01-09 23:08 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox 2016-01-02 12:05 - 2016-01-02 12:05 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype 2015-12-27 20:21 - 2009-06-10 22:00 - 00000824 _____ C:\windows\system32\Drivers\etc\hosts.20151227-202141.backup 2015-12-26 02:35 - 2016-01-09 23:08 - 00000000 ____D C:\Program Files (x86)\Mozilla Thunderbird ==================== Ein Monat: Geänderte Dateien und Ordner ======== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.) 2016-01-25 13:48 - 2015-11-13 22:40 - 00000000 ____D C:\FRST 2016-01-25 12:58 - 2015-06-16 11:48 - 00001236 _____ C:\windows\Tasks\DropboxUpdateTaskUserS-1-5-21-50433080-710429258-2441499552-1000UA.job 2016-01-25 12:52 - 2012-09-11 19:44 - 00001110 _____ C:\windows\Tasks\GoogleUpdateTaskMachineUA.job 2016-01-25 12:50 - 2012-07-30 17:58 - 00000884 _____ C:\windows\Tasks\Adobe Flash Player Updater.job 2016-01-25 12:38 - 2009-07-14 05:45 - 00025120 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2016-01-25 12:38 - 2009-07-14 05:45 - 00025120 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2016-01-25 12:28 - 2011-02-11 09:21 - 00699682 _____ C:\windows\system32\perfh007.dat 2016-01-25 12:28 - 2011-02-11 09:21 - 00149790 _____ C:\windows\system32\perfc007.dat 2016-01-25 12:28 - 2009-07-14 06:13 - 01620684 _____ C:\windows\system32\PerfStringBackup.INI 2016-01-25 12:28 - 2009-07-14 04:20 - 00000000 ____D C:\windows\inf 2016-01-25 12:23 - 2015-11-14 01:09 - 00000000 ____D C:\Users\benjamka\AppData\Local\ownCloud 2016-01-25 12:23 - 2012-09-11 19:44 - 00001106 _____ C:\windows\Tasks\GoogleUpdateTaskMachineCore.job 2016-01-25 12:23 - 2012-05-30 19:58 - 00000000 ____D C:\ProgramData\Ad-Aware Browsing Protection 2016-01-25 12:23 - 2012-05-20 20:58 - 00000000 ___RD C:\Users\benjamka\Dropbox 2016-01-25 12:23 - 2012-05-20 20:56 - 00000000 ____D C:\Users\benjamka\AppData\Roaming\Dropbox 2016-01-25 12:22 - 2009-07-14 06:08 - 00000006 ____H C:\windows\Tasks\SA.DAT 2016-01-25 02:00 - 2014-08-28 22:26 - 00000000 ____D C:\Users\benjamka\AppData\Local\Adobe 2016-01-24 23:03 - 2012-01-24 21:09 - 00000000 ___RD C:\Users\benjamka 2016-01-24 19:00 - 2015-12-11 16:43 - 00000000 ____D C:\Users\benjamka\Documents\Golem 2016-01-24 15:33 - 2015-06-04 22:27 - 00000000 ____D C:\Users\benjamka\.gimp-2.8 2016-01-24 08:24 - 2015-12-09 19:11 - 00005385 _____ C:\Users\benjamka\Documents\Spamtexts.txt 2016-01-24 08:24 - 2012-01-25 21:14 - 00000000 ____D C:\Users\benjamka\AppData\Roaming\foobar2000 2016-01-23 16:35 - 2014-08-09 16:15 - 00192216 _____ (Malwarebytes) C:\windows\system32\Drivers\MBAMSwissArmy.sys 2016-01-23 15:32 - 2009-07-14 06:08 - 00032640 _____ C:\windows\Tasks\SCHEDLGU.TXT 2016-01-22 14:17 - 2015-08-17 23:07 - 00000000 ____D C:\Users\benjamka\Documents\Schrift-Feld 2016-01-22 14:10 - 2009-07-14 04:20 - 00000000 ____D C:\Windows 2016-01-22 14:05 - 2015-06-16 11:48 - 00001184 _____ C:\windows\Tasks\DropboxUpdateTaskUserS-1-5-21-50433080-710429258-2441499552-1000Core.job 2016-01-22 13:34 - 2009-07-14 04:20 - 00000000 ____D C:\windows\system32\NDF 2016-01-20 14:22 - 2013-01-15 22:06 - 00000000 ____D C:\ProgramData\Lavasoft 2016-01-20 14:22 - 2012-02-01 20:13 - 00000000 ____D C:\Program Files (x86)\Lavasoft 2016-01-20 14:08 - 2015-06-25 11:24 - 00000000 ____D C:\Users\benjamka\AppData\Local\gtk-2.0 2016-01-19 21:02 - 2012-02-02 03:58 - 00000000 ____D C:\Users\benjamka\AppData\Roaming\vlc 2016-01-19 20:50 - 2012-07-30 17:58 - 00003822 _____ C:\windows\System32\Tasks\Adobe Flash Player Updater 2016-01-19 20:50 - 2012-03-31 08:40 - 00796864 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe 2016-01-19 20:50 - 2012-01-25 10:23 - 00142528 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl 2016-01-19 10:58 - 2012-01-24 21:15 - 00110376 _____ C:\Users\benjamka\AppData\Local\GDIPFONTCACHEV1.DAT 2016-01-19 10:56 - 2009-07-14 05:45 - 00501824 _____ C:\windows\system32\FNTCACHE.DAT 2016-01-19 03:14 - 2011-05-15 18:27 - 00000000 ____D C:\Program Files (x86)\Adobe 2016-01-19 03:01 - 2015-10-13 21:56 - 00000000 ____D C:\Users\benjamka\AppData\Roaming\Nokia Suite 2016-01-19 03:01 - 2015-10-13 21:56 - 00000000 ____D C:\Users\benjamka\AppData\Roaming\Nokia 2016-01-19 03:01 - 2015-10-13 21:18 - 00000000 ____D C:\ProgramData\Nokia 2016-01-19 03:01 - 2015-10-13 21:17 - 00000000 ____D C:\Program Files (x86)\Nokia 2016-01-16 19:28 - 2013-01-22 19:33 - 00000000 ____D C:\Users\benjamka\AppData\Roaming\FileZilla 2016-01-14 17:47 - 2009-07-14 04:20 - 00000000 ____D C:\windows\rescache 2016-01-14 16:09 - 2014-08-14 18:33 - 00000000 ____D C:\ProgramData\Package Cache 2016-01-14 14:08 - 2013-11-22 16:55 - 00000000 ____D C:\Users\benjamka\Documents\Business 2016-01-14 13:19 - 2011-05-15 18:27 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk 2016-01-14 13:18 - 2011-05-15 18:27 - 00000000 ____D C:\ProgramData\Adobe 2016-01-14 13:09 - 2015-11-24 19:27 - 00000000 ___RD C:\Users\benjamka\Documents\Scanned Documents 2016-01-14 11:36 - 2013-03-14 17:40 - 00000000 ____D C:\Program Files\Microsoft Silverlight 2016-01-14 11:36 - 2013-03-14 17:40 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight 2016-01-13 23:30 - 2013-03-14 17:41 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight 2016-01-13 23:30 - 2012-01-25 17:12 - 00000000 ____D C:\ProgramData\Microsoft Help 2016-01-13 23:16 - 2014-02-14 20:24 - 00000000 ____D C:\Users\benjamka\AppData\Roaming\MyPhoneExplorer 2016-01-13 12:19 - 2015-04-16 18:24 - 00000000 ____D C:\windows\system32\appraiser 2016-01-13 12:19 - 2014-05-06 21:40 - 00000000 ___SD C:\windows\system32\CompatTel 2016-01-13 01:40 - 2015-09-14 20:59 - 00000000 ____D C:\Users\benjamka\Documents\Eigene Scans 2016-01-09 23:08 - 2012-05-12 13:27 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service 2016-01-08 16:00 - 2014-04-26 14:03 - 00001962 _____ C:\Users\Public\Desktop\FileZilla Client.lnk 2016-01-08 16:00 - 2013-01-22 19:33 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FileZilla FTP Client 2016-01-08 16:00 - 2013-01-22 19:33 - 00000000 ____D C:\Program Files (x86)\FileZilla FTP Client 2016-01-05 05:06 - 2012-02-21 22:26 - 00000000 ____D C:\Users\benjamka\AppData\Roaming\Skype 2016-01-03 15:20 - 2015-08-09 13:43 - 00000000 ____D C:\Users\benjamka\AppData\Roaming\HpUpdate 2016-01-02 12:06 - 2011-05-15 18:55 - 00000000 ____D C:\ProgramData\Skype 2016-01-02 12:05 - 2014-03-19 23:14 - 00000000 ____D C:\Users\benjamka\AppData\Local\Skype 2016-01-02 12:05 - 2011-05-15 18:55 - 00000000 ___RD C:\Program Files (x86)\Skype 2015-12-27 19:32 - 2013-08-22 20:55 - 00000000 ____D C:\Program Files (x86)\Steam ==================== Dateien im Wurzelverzeichnis einiger Verzeichnisse ======= 2016-01-20 14:08 - 2016-01-20 14:08 - 0003273 _____ () C:\Users\benjamka\AppData\Local\recently-used.xbel 2014-02-09 21:36 - 2015-11-08 13:29 - 0007627 _____ () C:\Users\benjamka\AppData\Local\Resmon.ResmonCfg 2016-01-16 19:13 - 2016-01-16 19:14 - 2529622 _____ () C:\Users\benjamka\AppData\Local\[j0002]-[p02].bmp 2016-01-16 19:14 - 2016-01-16 19:14 - 2529622 _____ () C:\Users\benjamka\AppData\Local\[j0002]-[p03].bmp 2016-01-16 19:14 - 2016-01-16 19:14 - 2529622 _____ () C:\Users\benjamka\AppData\Local\[j0002]-[p04].bmp 2016-01-16 19:14 - 2016-01-16 19:14 - 2529622 _____ () C:\Users\benjamka\AppData\Local\[j0002]-[p05].bmp 2016-01-16 19:14 - 2016-01-16 19:14 - 2529622 _____ () C:\Users\benjamka\AppData\Local\[j0002]-[p06].bmp 2016-01-16 19:14 - 2016-01-16 19:14 - 2529622 _____ () C:\Users\benjamka\AppData\Local\[j0002]-[p07].bmp 2016-01-16 19:14 - 2016-01-16 19:14 - 2529622 _____ () C:\Users\benjamka\AppData\Local\[j0002]-[p08].bmp 2016-01-16 19:14 - 2016-01-16 19:14 - 2529622 _____ () C:\Users\benjamka\AppData\Local\[j0002]-[p09].bmp 2016-01-16 19:14 - 2016-01-16 19:14 - 2529622 _____ () C:\Users\benjamka\AppData\Local\[j0002]-[p10].bmp 2016-01-16 19:14 - 2016-01-16 19:14 - 2529622 _____ () C:\Users\benjamka\AppData\Local\[j0002]-[p11].bmp 2016-01-16 19:14 - 2016-01-16 19:14 - 2529622 _____ () C:\Users\benjamka\AppData\Local\[j0002]-[p12].bmp 2016-01-16 19:14 - 2016-01-16 19:14 - 2529622 _____ () C:\Users\benjamka\AppData\Local\[j0002]-[p13].bmp 2016-01-16 19:14 - 2016-01-16 19:14 - 2529622 _____ () C:\Users\benjamka\AppData\Local\[j0002]-[p14].bmp 2016-01-16 19:14 - 2016-01-16 19:14 - 2529622 _____ () C:\Users\benjamka\AppData\Local\[j0002]-[p15].bmp 2016-01-16 19:14 - 2016-01-16 19:15 - 2529622 _____ () C:\Users\benjamka\AppData\Local\[j0002]-[p16].bmp 2016-01-16 19:15 - 2016-01-16 19:15 - 2529622 _____ () C:\Users\benjamka\AppData\Local\[j0002]-[p17].bmp 2016-01-16 19:15 - 2016-01-16 19:15 - 2529622 _____ () C:\Users\benjamka\AppData\Local\[j0002]-[p18].bmp 2016-01-16 19:15 - 2016-01-16 19:15 - 2529622 _____ () C:\Users\benjamka\AppData\Local\[j0002]-[p19].bmp 2016-01-16 19:15 - 2016-01-16 19:15 - 2529622 _____ () C:\Users\benjamka\AppData\Local\[j0002]-[p20].bmp 2016-01-16 19:15 - 2016-01-16 19:15 - 2529622 _____ () C:\Users\benjamka\AppData\Local\[j0002]-[p21].bmp 2016-01-16 19:15 - 2016-01-16 19:15 - 2529622 _____ () C:\Users\benjamka\AppData\Local\[j0002]-[p22].bmp 2016-01-16 19:15 - 2016-01-16 19:15 - 2529622 _____ () C:\Users\benjamka\AppData\Local\[j0002]-[p23].bmp 2012-12-26 00:20 - 2013-11-22 16:33 - 0000040 ___SH () C:\ProgramData\.zreglib 2016-01-25 12:22 - 2016-01-25 12:22 - 0000000 ____H () C:\ProgramData\cm-lock 2012-02-21 22:28 - 2012-02-21 22:28 - 0000056 ____H () C:\ProgramData\ezsidmv.dat 2015-08-03 19:02 - 2015-08-09 14:19 - 0034260 _____ () C:\ProgramData\hpzinstall.log Einige Dateien in TEMP: ==================== C:\Users\BBK 64\AppData\Local\Temp\avgnt.exe C:\Users\benjamka\AppData\Local\Temp\avgnt.exe C:\Users\Gast\AppData\Local\Temp\AskSLib.dll C:\Users\Gast\AppData\Local\Temp\avgnt.exe C:\Users\Hombre\AppData\Local\Temp\avgnt.exe ==================== Bamital & volsnap ================= (Es ist kein automatischer Fix für Dateien vorhanden, die an der Verifikation gescheitert sind.) C:\windows\system32\winlogon.exe => Datei ist digital signiert C:\windows\system32\wininit.exe => Datei ist digital signiert C:\windows\SysWOW64\wininit.exe => Datei ist digital signiert C:\windows\explorer.exe => Datei ist digital signiert C:\windows\SysWOW64\explorer.exe => Datei ist digital signiert C:\windows\system32\svchost.exe => Datei ist digital signiert C:\windows\SysWOW64\svchost.exe => Datei ist digital signiert C:\windows\system32\services.exe => Datei ist digital signiert C:\windows\system32\User32.dll => Datei ist digital signiert C:\windows\SysWOW64\User32.dll => Datei ist digital signiert C:\windows\system32\userinit.exe => Datei ist digital signiert C:\windows\SysWOW64\userinit.exe => Datei ist digital signiert C:\windows\system32\rpcss.dll => Datei ist digital signiert C:\windows\system32\dnsapi.dll => Datei ist digital signiert C:\windows\SysWOW64\dnsapi.dll => Datei ist digital signiert C:\windows\system32\Drivers\volsnap.sys => Datei ist digital signiert LastRegBack: 2016-01-19 13:14 ==================== Ende von FRST.txt ============================ |
25.01.2016, 15:59 | #20 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Adware ADWARE/AddLyrics.Gen... / Mind. sechs Viren gefunden Addition.txt Logfile fehlt
__________________ Logfiles bitte immer in CODE-Tags posten |
25.01.2016, 16:09 | #21 |
| Adware ADWARE/AddLyrics.Gen... / Mind. sechs Viren gefunden Sorry... Hier die Addition.txt: Code:
ATTFilter Zusätzliches Untersuchungsergebnis von Farbar Recovery Scan Tool (x64) Version:18-01-2016 durchgeführt von benjamka (2016-01-22 14:09:40) Gestartet von C:\Users\benjamka\Downloads Windows 7 Home Premium Service Pack 1 (X64) (2012-01-24 20:09:27) Start-Modus: Normal ========================================================== ==================== Konten: ============================= Administrator (S-1-5-21-50433080-710429258-2441499552-500 - Administrator - Disabled) BBK 64 (S-1-5-21-50433080-710429258-2441499552-1004 - Administrator - Enabled) => C:\Users\BBK 64 benjamka (S-1-5-21-50433080-710429258-2441499552-1000 - Administrator - Enabled) => C:\Users\benjamka Gast (S-1-5-21-50433080-710429258-2441499552-501 - Limited - Enabled) => C:\Users\Gast Hombre (S-1-5-21-50433080-710429258-2441499552-1005 - Limited - Enabled) => C:\Users\Hombre HomeGroupUser$ (S-1-5-21-50433080-710429258-2441499552-1007 - Limited - Enabled) ==================== Sicherheits-Center ======================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er entfernt.) AV: Avira Antivirus (Enabled - Out of date) {4D041356-F94D-285F-8768-AAE50FA36859} AV: Lavasoft Ad-Aware (Enabled - Out of date) {E0D97DD4-42BA-B3F2-A5A7-22E9ACE81FC7} AS: Avira Antivirus (Enabled - Out of date) {F665F2B2-DF77-27D1-BDD8-9197742422E4} AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: Lavasoft Ad-Aware (Enabled - Out of date) {5BB89C30-6480-BC7C-9F17-199BD76F557A} AS: Spybot - Search and Destroy (Enabled - Out of date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0} FW: Lavasoft Ad-Aware (Enabled) {D8E2FCF1-08D5-B2AA-8EF8-8BDC523B58BC} ==================== Installierte Programme ====================== (Nur Adware-Programme mit dem Zusatz "Hidden" können in die Fixlist aufgenommen werden, um sie sichtbar zu machen. Die Adware-Programme sollten manuell deinstalliert werden.) 4500_G510nz_Help (x32 Version: 000.0.439.000 - Hewlett-Packard) Hidden 4500G510nz (x32 Version: 000.0.439.000 - Hewlett-Packard) Hidden 4500G510nz_Software_Min (x32 Version: 000.0.423.000 - Hewlett-Packard) Hidden 64 Bit HP CIO Components Installer (Version: 7.2.8 - Hewlett-Packard) Hidden Ad-Aware Antivirus (HKLM-x32\...\{2819e172-81d5-4113-88bd-4605b02344e0}) (Version: 10.4.49.4168 - Lavasoft) Ad-Aware Browsing Protection (HKLM-x32\...\Ad-Aware Browsing Protection) (Version: 1.0.1.82 - Lavasoft) Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 2.0.3.13070 - Adobe Systems Inc.) Adobe Flash Player 20 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 20.0.0.286 - Adobe Systems Incorporated) Adobe Flash Player 20 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 20.0.0.286 - Adobe Systems Incorporated) Adobe Illustrator CS (HKLM-x32\...\{91A4AD99-69CE-4745-97B7-0E0DFBECFDE5}) (Version: 11 - Adobe Systems, Inc.) Adobe Photoshop Lightroom 5.7 64-bit (HKLM\...\{1B77B02E-17E4-4B6D-B8A1-74B29AF3D8DD}) (Version: 5.7.0 - Adobe Systems Incorporated) Adobe Reader X (10.1.16) MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-AA0000000001}) (Version: 10.1.16 - Adobe Systems Incorporated) Adobe SVG Viewer 3.0 (HKLM-x32\...\Adobe SVG Viewer) (Version: 3.0 - Adobe Systems, Inc.) ALPS Touch Pad Driver (HKLM\...\{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}) (Version: 7.106.303.203 - ALPS ELECTRIC CO., LTD.) AMD Catalyst Install Manager (HKLM\...\{7E5DC2C5-115A-322B-976C-219237FAED66}) (Version: 8.0.916.0 - Advanced Micro Devices, Inc.) Apple Application Support (HKLM-x32\...\{122ADF8C-DDA1-480C-9936-C88F2825B265}) (Version: 2.1.9 - Apple Inc.) Apple Mobile Device Support (HKLM\...\{6A76BEAF-6D1F-4273-A79B-DA8410A2E56B}) (Version: 5.2.0.6 - Apple Inc.) Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.) Aptana Studio 3 (HKLM-x32\...\Aptana Studio 3) (Version: 3.0.0 - Appcelerator, Inc.) Atheros Bluetooth Filter Driver Package (HKLM\...\{65486209-5C54-439C-8383-8AC9BBE25932}) (Version: 1.00.007 - Atheros Communications) Atheros Driver Installation Program (HKLM-x32\...\{C3A32068-8AB1-4327-BB16-BED9C6219DC7}) (Version: 9.2 - Atheros) Avira Antivirus (HKLM-x32\...\Avira Antivirus) (Version: 15.0.15.129 - Avira Operations GmbH & Co. KG) AVM FRITZ!Box Druckeranschluss (HKLM-x32\...\AVMFBoxPrinter) (Version: - AVM Berlin) Bluetooth Stack for Windows by Toshiba (HKLM\...\{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}) (Version: v8.00.06(T) - TOSHIBA CORPORATION) Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.) BufferChm (x32 Version: 130.0.331.000 - Hewlett-Packard) Hidden Canon Inkjet Printer Driver Add-On Module (HKLM\...\CANONIJINBOXADDON100) (Version: - ) Canon iP2700 series Printer Driver (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_iP2700_series) (Version: - Canon Inc.) Canon Utilities Digital Photo Professional (HKLM-x32\...\Digital Photo Professional) (Version: 3.12.51.2 - Canon Inc.) Canon Utilities EOS Sample Music (HKLM-x32\...\EOS Sample Music) (Version: 1.0.1.1 - Canon Inc.) Canon Utilities EOS Utility (HKLM-x32\...\EOS Utility) (Version: 2.12.2.1 - Canon Inc.) Canon Utilities ImageBrowser EX (HKLM-x32\...\ImageBrowser EX) (Version: 1.4.0.5 - Canon Inc.) Canon Utilities PhotoStitch (HKLM-x32\...\PhotoStitch) (Version: 3.1.23.47 - Canon Inc.) Canon Utilities Picture Style Editor (HKLM-x32\...\Picture Style Editor) (Version: 1.12.2.0 - Canon Inc.) CBL Daten-Shredder (HKLM-x32\...\{560E96B3-356D-4572-9FE3-B44F9AB92622}) (Version: 1.0.0 - CBL Datenrettung GmbH) CCleaner (HKLM\...\CCleaner) (Version: 5.01 - Piriform) Contrôle ActiveX Windows Live Mesh pour connexions à distance (HKLM-x32\...\{55D003F4-9599-44BF-BA9E-95D060730DD3}) (Version: 15.4.5722.2 - Microsoft Corporation) Counter-Strike: Source (HKLM-x32\...\{9580813D-94B1-4C28-9426-A441E2BB29A5}) (Version: 1.0.0.0 - Valve) D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden Destinations (x32 Version: 130.0.0.0 - Hewlett-Packard) Hidden DeviceDiscovery (x32 Version: 130.0.372.000 - Hewlett-Packard) Hidden DocMgr (x32 Version: 130.0.000.000 - Ihr Firmenname) Hidden DocProc (x32 Version: 13.0.0.0 - Hewlett-Packard) Hidden Dropbox (HKU\S-1-5-21-50433080-710429258-2441499552-1000\...\Dropbox) (Version: 3.12.5 - Dropbox, Inc.) ElsterFormular (HKLM-x32\...\ElsterFormular) (Version: 14.3.20130522 - Landesfinanzdirektion Thüringen) ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version: - ) Fax (x32 Version: 130.0.418.000 - Hewlett-Packard) Hidden File Scavenger 4.3 (en) (HKLM-x32\...\QueTek File Scavenger 4.3 (en)) (Version: 4.3.2.0 - QueTek Consulting Corporation) FileZilla Client 3.14.1 (HKLM-x32\...\FileZilla Client) (Version: 3.14.1 - Tim Kosse) foobar2000 v1.1.10 (HKLM-x32\...\foobar2000) (Version: 1.1.10 - Peter Pawlowski) FRITZ!Box USB-Fernanschluss (HKU\S-1-5-21-50433080-710429258-2441499552-1000\...\2db37667170956ee) (Version: 2.3.2.0 - AVM Berlin) Galerie de photos Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden GetDataBack for FAT (HKLM-x32\...\{2EEEC858-21F8-419B-8FE2-820621BFFCD7}) (Version: 4.33.000 - Runtime Software) GetDataBack for NTFS (HKLM-x32\...\{56582EEA-3AEF-4D84-8B9D-C87A3CD9250F}) (Version: 4.33.000 - Runtime Software) Google Earth Plug-in (HKLM-x32\...\{4AB54F11-2F8C-11E3-B09F-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google) Google SketchUp 8 (HKLM-x32\...\{4BA6784F-3B10-473A-B9F5-33A36AC354D5}) (Version: 3.0.14358 - Google, Inc.) Google Update Helper (x32 Version: 1.3.29.1 - Google Inc.) Hidden GPL Ghostscript (HKLM\...\GPL Ghostscript 9.05) (Version: 9.05 - Artifex Software Inc.) GrampsAIO64 (HKLM-x32\...\GrampsAIO64 4.1.2) (Version: 4.1.2 - The GRAMPS project) High-Definition Video Playback (x32 Version: 7.1.13900.47.0 - Nero AG) Hidden HiJackThis (HKLM-x32\...\{45A66726-69BC-466B-A7A4-12FCBA4883D7}) (Version: 1.0.0 - Trend Micro) HP Document Manager 2.0 (HKLM\...\HP Document Manager) (Version: 2.0 - HP) HP Imaging Device Functions 13.0 (HKLM\...\HP Imaging Device Functions) (Version: 13.0 - HP) HP Officejet 4500 G510n-z (HKLM\...\{7E0E61CC-1C99-429D-BEA7-C4DD5B898D2A}) (Version: 13.0 - HP) HP Smart Web Printing 4.5 (HKLM\...\HP Smart Web Printing) (Version: 4.5 - HP) HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard) Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1144 - Intel Corporation) Intel(R) Network Connections Drivers (HKLM\...\PROSet) (Version: 15.4 - Intel) Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 10.1.2.1004 - Intel Corporation) IrfanView (remove only) (HKLM-x32\...\IrfanView) (Version: 4.35 - Irfan Skiljan) iTunes (HKLM\...\{840A3BAA-4C68-4581-9C7A-6F8D6CF531B9}) (Version: 10.6.3.25 - Apple Inc.) Java 8 Update 31 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418031F0}) (Version: 8.0.310 - Oracle Corporation) Java 8 Update 31 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218031F0}) (Version: 8.0.310 - Oracle Corporation) Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Macromedia Extension Manager (HKLM-x32\...\{0F022A2E-7022-497D-90A5-0F46746D8275}) (Version: 1.7.270 - Ihr Firmenname) Macromedia Flash 8 (HKLM-x32\...\{2BD5C305-1B27-4D41-B690-7A61172D2FEB}) (Version: 8.00.0000 - Macromedia) Macromedia Flash 8 Video Encoder (HKLM-x32\...\{8BF2C401-02CE-424D-BC26-6C4F9FB446B6}) (Version: 1.00.0000 - Macromedia) Macromedia Flash Player 8 (HKLM-x32\...\{885A63EA-382B-4DD4-A755-14809B8557D6}) (Version: 8.0.22.0 - Macromedia) Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation) Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft) Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation) Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation) Microsoft Office Live Add-in 1.5 (HKLM-x32\...\{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}) (Version: 2.0.4024.1 - Microsoft Corporation) Microsoft Primary Interoperability Assemblies 2005 (HKLM-x32\...\{2C303EE0-A595-3543-A71A-931C7AC40EDE}) (Version: 9.0.21022 - Microsoft Corporation) Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.41212.0 - Microsoft Corporation) Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation) Mozilla Firefox 43.0.4 (x86 de) (HKLM-x32\...\Mozilla Firefox 43.0.4 (x86 de)) (Version: 43.0.4 - Mozilla) Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 43.0.4.5848 - Mozilla) Mozilla Thunderbird 38.5.0 (x86 de) (HKLM-x32\...\Mozilla Thunderbird 38.5.0 (x86 de)) (Version: 38.5.0 - Mozilla) Mozilla Thunderbird 38.5.1 (x86 de) (HKU\S-1-5-21-50433080-710429258-2441499552-1000\...\Mozilla Thunderbird 38.5.1 (x86 de)) (Version: 38.5.1 - Mozilla) MSVC80_x64_v2 (Version: 1.0.3.0 - Nokia) Hidden MSVC80_x86_v2 (x32 Version: 1.0.3.0 - Nokia) Hidden MSVC90_x64 (Version: 1.0.1.2 - Nokia) Hidden MSVC90_x86 (x32 Version: 1.0.1.2 - Nokia) Hidden MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation) MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation) MyPhoneExplorer (HKLM-x32\...\MPE) (Version: 1.8.6 - F.J. Wechselberger) Nero BackItUp 10 (HKLM-x32\...\{68AB6930-5BFF-4FF6-923B-516A91984FE6}) (Version: 5.6.11500.16.100 - Nero AG) Nero BurnRights 10 (HKLM-x32\...\{943CFD7D-5336-47AF-9418-E02473A5A517}) (Version: 4.2.10500.1.102 - Nero AG) Nero Express 10 (HKLM-x32\...\{70550193-1C22-445C-8FA4-564E155DB1A7}) (Version: 10.2.12000.21.100 - Nero AG) Nero InfoTool 10 (HKLM-x32\...\{F412B4AF-388C-4FF5-9B2F-33DB1C536953}) (Version: 7.2.10400.5.100 - Nero AG) Nero MediaHub 10 (HKLM-x32\...\{1F7FB68F-52F6-46A3-B42F-38CE46295AE5}) (Version: 1.2.13300.36.100 - Nero AG) Nero Multimedia Suite 10 Essentials (HKLM-x32\...\{0FF68F26-416C-4954-ACA5-6AD5F9DE99C1}) (Version: 10.5.14800 - Nero AG) Nero RescueAgent 10 (HKLM-x32\...\{E337E787-CF61-4B7B-B84F-509202A54023}) (Version: 3.2.10800.9.100 - Nero AG) Nero StartSmart 10 (HKLM-x32\...\{F61D489E-6C44-49AC-AD02-7DA8ACA73A65}) (Version: 10.2.11600.14.100 - Nero AG) Nero Update (HKLM-x32\...\{65BB0407-4CC8-4DC7-952E-3EEFDF05602A}) (Version: 1.0.10300.25.0 - Nero AG) NETGEAR Powerline Utility (HKLM-x32\...\InstallShield_{2753B568-6F85-4E31-A114-A7F8D8606DDD}) (Version: 3.1.0.3 - NETGEAR Powerline) NETGEAR Powerline Utility (x32 Version: 3.1.0.3 - NETGEAR Powerline) Hidden NETGEAR USB Media Extender (HKLM-x32\...\{402E9ECB-92CE-49EE-8ABC-ECE73D009ED8}) (Version: 1.31 - NETGEAR) Network64 (Version: 130.0.550.000 - Hewlett-Packard) Hidden Network64 (Version: 140.0.221.000 - Hewlett-Packard) Hidden Nokia Connectivity Cable Driver (HKLM-x32\...\{29373274-977E-413C-A4DE-DC0F8E80C429}) (Version: 7.1.172.0 - Nokia) OCR Software by I.R.I.S. 13.0 (HKLM\...\HPOCR) (Version: 13.0 - HP) Open Sea Map - Data Logger - Logs data from ship's data networks (HKLM-x32\...\Open Sea Map Data Logger) (Version: "1.0.0" - "Open Sea Map") ownCloud (HKLM-x32\...\ownCloud) (Version: 2.1.0.5683 - ownCloud) Paint.NET v3.5.10 (HKLM\...\{529125EF-E3AC-4B74-97E6-F688A7C0F1C0}) (Version: 3.60.0 - dotPDN LLC) PC Connectivity Solution (HKLM-x32\...\{6D01D1B1-17BD-4F10-BB11-F08F0C47D42B}) (Version: 12.0.109.0 - Nokia) PDF Architect (HKLM-x32\...\{30B41B7A-3C9D-44DE-A7A1-949011F33CC3}) (Version: 1.0.41.8362 - pdfforge) PDFCreator (HKLM-x32\...\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}) (Version: 1.7.3 - pdfforge) PL-2303 USB-to-Serial (HKLM-x32\...\{ECC3713C-08A4-40E3-95F1-7D0704F1CE5E}) (Version: 1.3.0 - Prolific Technology INC) PlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation) PRE12 STI 64Installer (x32 Version: 12.0 - Adobe Systems Incorporated) Hidden PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.989 - Even Balance, Inc.) QuickTime (HKLM-x32\...\{0E64B098-8018-4256-BA23-C316A43AD9B0}) (Version: 7.72.80.56 - Apple Inc.) Raccolta foto di Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Realtek HDMI Audio Driver for ATI (HKLM-x32\...\{5449FB4F-1802-4D5B-A6D8-087DB1142147}) (Version: 6.0.1.6121 - Realtek Semiconductor Corp.) Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6293 - Realtek Semiconductor Corp.) Renesas Electronics USB 3.0 Host Controller Driver (HKLM-x32\...\InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}) (Version: 2.0.34.1 - Renesas Electronics Corporation) Renesas Electronics USB 3.0 Host Controller Driver (x32 Version: 2.0.34.1 - Renesas Electronics Corporation) Hidden RICOH Media Driver v2.13.17.01 (HKLM-x32\...\{FE041B02-234C-4AAA-9511-80DF6482A458}) (Version: 2.13.17.01 - RICOH) Scan (x32 Version: 13.0.0.0 - Hewlett-Packard) Hidden Skype Click to Call (HKLM-x32\...\{B6CF2967-C81E-40C0-9815-C05774FEF120}) (Version: 5.9.9216 - Skype Technologies S.A.) Skype™ 7.17 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.17.105 - Skype Technologies S.A.) SmartWebPrinting (x32 Version: 130.0.373.000 - Hewlett-Packard) Hidden Status (x32 Version: 130.0.373.000 - Hewlett-Packard) Hidden Steam(TM) (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve) Synology Cloud Station (HKLM-x32\...\{102406C7-6BD4-47AA-A858-A54C7002E32E}) (Version: 3.1.3320 - Synology) Synology Data Replicator 3 (HKLM-x32\...\{8E310838-457C-4269-B177-3EFB300CBDDC}) (Version: 1.0.0.0 - Synology Inc.) TeamViewer 8 (HKLM-x32\...\TeamViewer 8) (Version: 8.0.16642 - TeamViewer) Toolbox (x32 Version: 130.0.648.000 - Hewlett-Packard) Hidden TOSHIBA 180 Degrees Rotation Utility (HKLM-x32\...\{FEDFB4DC-E149-4897-B616-4811C718E54F}) (Version: 1.4.0 - TOSHIBA Corporation) TOSHIBA Assist (HKLM-x32\...\{C2A276E3-154E-44DC-AAF1-FFDD7FD30E35}) (Version: 4.02.02 - TOSHIBA CORPORATION) TOSHIBA Bulletin Board (HKLM-x32\...\InstallShield_{43DBC64B-3DD1-47E2-8788-D3C3B110C574}) (Version: 2.1.10.64 - TOSHIBA Corporation) TOSHIBA ConfigFree (HKLM-x32\...\{38C52F7D-A6CB-4CE7-A189-8AABE8774D8A}) (Version: 8.0.38 - TOSHIBA CORPORATION) TOSHIBA Disc Creator (HKLM\...\{5DA0E02F-970B-424B-BF41-513A5018E4C0}) (Version: 2.1.0.9 for x64 - TOSHIBA Corporation) TOSHIBA eco Utility (HKLM\...\{6FF9A012-0254-41E9-81E2-F538C4B53611}) (Version: 1.3.2.64 - TOSHIBA Corporation) TOSHIBA Face Recognition (HKLM-x32\...\InstallShield_{F67FA545-D8E5-4209-86B1-AEE045D1003F}) (Version: 3.1.8.64 - TOSHIBA Corporation) TOSHIBA HDD/SSD Alert (HKLM\...\{D4322448-B6AF-4316-B859-D8A0E84DCB38}) (Version: 3.1.64.8 - TOSHIBA Corporation) TOSHIBA Intelligent Display Management (HKLM\...\{636E2BA9-126F-493D-A033-343C145AAD87}) (Version: 1.0.3.0 - TOSHIBA Corporation) Toshiba Manuals (HKLM-x32\...\{90FF4432-21B7-4AF6-BA6E-FB8C1FED9173}) (Version: 10.02 - TOSHIBA) TOSHIBA Media Controller (HKLM-x32\...\{C7A4F26F-F9B0-41B2-8659-99181108CDE3}) (Version: 1.0.86.2 - TOSHIBA CORPORATION) TOSHIBA Media Controller Plug-in (HKLM-x32\...\{F26FDF57-483E-42C8-A9C9-EEE1EDB256E0}) (Version: 1.0.6.1 - TOSHIBA CORPORATION) TOSHIBA Online Product Information (HKLM-x32\...\{2290A680-4083-410A-ADCC-7092C67FC052}) (Version: 4.00.0008 - TOSHIBA) TOSHIBA PC Health Monitor (HKLM\...\{9DECD0F9-D3E8-48B0-A390-1CF09F54E3A4}) (Version: 1.7.7.64 - TOSHIBA Corporation) TOSHIBA Places Icon Utility (HKLM-x32\...\{461F6F0D-7173-4902-9604-AB1A29108AF2}) (Version: 1.1.1.4 - TOSHIBA Corporation) TOSHIBA Recovery Media Creator (HKLM-x32\...\{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}) (Version: 2.1.3.5109 - TOSHIBA CORPORATION) TOSHIBA Recovery Media Creator Reminder (HKLM-x32\...\InstallShield_{773970F1-5EBA-4474-ADEE-1EA3B0A59492}) (Version: 1.00.0019 - TOSHIBA) TOSHIBA ReelTime (HKLM-x32\...\InstallShield_{24811C12-F4A9-4D0F-8494-A7B8FE46123C}) (Version: 1.7.18.64 - TOSHIBA Corporation) TOSHIBA Resolution+ Plug-in for Windows Media Player (HKLM-x32\...\{6CB76C9D-80C2-4CB3-A4CD-D96B239E3F94}) (Version: 1.1.0 - TOSHIBA Corporation) TOSHIBA Security Assist (HKLM-x32\...\{1E63ACB5-D45E-4856-8FC9-78F4B0D7BB80}) (Version: 2.0.9 - TOSHIBA) TOSHIBA Service Station (HKLM-x32\...\{AC6569FA-6919-442A-8552-073BE69E247A}) (Version: 2.1.52 - TOSHIBA) TOSHIBA Sleep Utility (HKLM-x32\...\{654F7484-88C5-46DC-AB32-C66BCB0E2102}) (Version: 1.4.2.7 - TOSHIBA Corporation) TOSHIBA Sync Utility (HKLM-x32\...\{CCF62642-ECB1-4D2B-80C0-3FD3286AEAED}) (Version: 2.0.3060 - TOSHIBA Corporation) TOSHIBA TEMPRO (HKLM-x32\...\{F082CB11-4794-4259-99A1-D91BA762AD15}) (Version: 3.35 - Toshiba Europe GmbH) TOSHIBA Value Added Package (HKLM-x32\...\InstallShield_{066CFFF8-12BF-4390-A673-75F95EFF188E}) (Version: 1.5.10.64 - TOSHIBA Corporation) TOSHIBA VIDEO PLAYER (HKLM-x32\...\{6C5F3BDC-0A1B-4436-A696-5939629D5C31}) (Version: 4.00.4.60-A - TOSHIBA Corporation) TOSHIBA Web Camera Application (HKLM-x32\...\InstallShield_{6F3C8901-EBD3-470D-87F8-AC210F6E5E02}) (Version: 1.1.7.1 - TOSHIBA Corporation) TOSHIBA Wireless LAN Indicator (HKLM-x32\...\{5BA99779-6E12-49EF-BE49-F35B1EDB4DF9}) (Version: 1.0.4 - TOSHIBA CORPORATION) Total Commander 64-bit (Remove or Repair) (HKLM\...\Totalcmd64) (Version: 8.50 beta 12 - Ghisler Software GmbH) TrayApp (x32 Version: 130.0.376.000 - Hewlett-Packard) Hidden TrueCrypt (HKLM-x32\...\TrueCrypt) (Version: 7.1a - TrueCrypt Foundation) Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft) Update für Microsoft Office Excel 2007 Help (KB963678) (HKLM-x32\...\{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{BEC163EC-7A83-48A1-BFB6-3BF47CC2F8CF}) (Version: - Microsoft) Update für Microsoft Office Outlook 2007 Help (KB963677) (HKLM-x32\...\{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{F6828576-6F79-470D-AB50-69D1BBADBD30}) (Version: - Microsoft) Update für Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM-x32\...\{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{EA160DA3-E9B5-4D03-A518-21D306665B96}) (Version: - Microsoft) Update für Microsoft Office Word 2007 Help (KB963665) (HKLM-x32\...\{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{38472199-D7B6-4833-A949-10E4EE6365A1}) (Version: - Microsoft) VeraCrypt (HKLM-x32\...\VeraCrypt) (Version: 1.16 - IDRIX) VLC media player (HKLM-x32\...\VLC media player) (Version: 2.1.5 - VideoLAN) WebReg (x32 Version: 130.0.132.017 - Hewlett-Packard) Hidden Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3508.1109 - Microsoft Corporation) Windows Live Mesh - ActiveX-besturingselement voor externe verbindingen (HKLM-x32\...\{C32CE55C-12BA-4951-8797-0967FDEF556F}) (Version: 15.4.5722.2 - Microsoft Corporation) Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation) Windows Live Mesh ActiveX control for remote connections (HKLM-x32\...\{C5398A89-516C-4DAF-BA07-EE7949090E56}) (Version: 15.4.5722.2 - Microsoft Corporation) Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{C63A1E60-B6A4-440B-89A5-1FC6E4AC1C94}) (Version: 15.4.5722.2 - Microsoft Corporation) Windows-Treiberpaket - Nokia pccsmcfd LegacyDriver (05/31/2012 7.1.2.0) (HKLM\...\62BBD193ADFDBB228C7E1ADB56463F5732FF7F6F) (Version: 05/31/2012 7.1.2.0 - Nokia) WinRAR 4.10 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 4.10.0 - win.rar GmbH) XAMPP (HKLM-x32\...\xampp) (Version: 5.6.15-1 - Bitnami) ==================== Benutzerdefinierte CLSID (Nicht auf der Ausnahmeliste): ========================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.) CustomCLSID: HKU\S-1-5-21-50433080-710429258-2441499552-1000_Classes\CLSID\{00000001-0E3A-4123-8B32-4B68A91E104A}\InprocServer32 -> C:\Program Files\TOSHIBA\TOSHIBA Places Icon Utility\TosDIBasePlace.dll (Toshiba Corporation) CustomCLSID: HKU\S-1-5-21-50433080-710429258-2441499552-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\benjamka\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-50433080-710429258-2441499552-1000_Classes\CLSID\{2C4A5D61-009C-4561-9A33-6AFD542FD237}\InprocServer32 -> C:\Users\benjamka\AppData\Local\CloudStation\app\icon-overlay\10\x64\ContextMenu.dll () CustomCLSID: HKU\S-1-5-21-50433080-710429258-2441499552-1000_Classes\CLSID\{472CE1AD-5D53-4BCF-A1FB-3982A5F55138}\InprocServer32 -> C:\Users\benjamka\AppData\Local\CloudStation\app\icon-overlay\10\x64\iconOverlay.dll (TODO: <Company name>) CustomCLSID: HKU\S-1-5-21-50433080-710429258-2441499552-1000_Classes\CLSID\{48AB5ADA-36B1-4137-99C9-2BD97F8788AB}\InprocServer32 -> C:\Users\benjamka\AppData\Local\CloudStation\app\icon-overlay\10\x64\iconOverlay.dll (TODO: <Company name>) CustomCLSID: HKU\S-1-5-21-50433080-710429258-2441499552-1000_Classes\CLSID\{A433C3E0-8B24-40EB-93C3-4B10D9959F58}\InprocServer32 -> C:\Users\benjamka\AppData\Local\CloudStation\app\icon-overlay\10\x64\iconOverlay.dll (TODO: <Company name>) CustomCLSID: HKU\S-1-5-21-50433080-710429258-2441499552-1000_Classes\CLSID\{AEB16659-2125-4ADA-A4AB-45EE21E86469}\InprocServer32 -> C:\Users\benjamka\AppData\Local\CloudStation\app\icon-overlay\10\x64\iconOverlay.dll (TODO: <Company name>) CustomCLSID: HKU\S-1-5-21-50433080-710429258-2441499552-1000_Classes\CLSID\{C701AD67-3DF0-47C9-89CB-DFA6207BE229}\InprocServer32 -> C:\Users\benjamka\AppData\Local\CloudStation\app\icon-overlay\10\x64\iconOverlay.dll (TODO: <Company name>) CustomCLSID: HKU\S-1-5-21-50433080-710429258-2441499552-1000_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Users\benjamka\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-50433080-710429258-2441499552-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\benjamka\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-50433080-710429258-2441499552-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\benjamka\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-50433080-710429258-2441499552-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\benjamka\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-50433080-710429258-2441499552-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\benjamka\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-50433080-710429258-2441499552-1000_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\benjamka\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-50433080-710429258-2441499552-1000_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\benjamka\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-50433080-710429258-2441499552-1000_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\benjamka\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-50433080-710429258-2441499552-1000_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\benjamka\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-50433080-710429258-2441499552-1000_Classes\CLSID\{FBC9D74C-AF55-4309-9FB2-C426E071637F}\InprocServer32 -> C:\Users\benjamka\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll (Dropbox, Inc.) ==================== Geplante Aufgaben (Nicht auf der Ausnahmeliste) ============= (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.) Task: {206FF519-2D66-4E99-B239-D287DB41B0B4} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe [2014-06-24] (Safer-Networking Ltd.) Task: {3BC1310F-6262-42B9-AB22-8764714495F3} - \Lyrics Seeker Update -> Keine Datei <==== ACHTUNG Task: {533CC4DB-ED83-4A01-86D2-45C2C6C5B463} - System32\Tasks\AdobeAAMUpdater-1.0-BBKLAPTOP-benjamka => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2013-06-03] (Adobe Systems Incorporated) Task: {57A33E44-A40B-46D7-9614-BFEF1DE09CDB} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDImmunize.exe [2014-06-24] (Safer-Networking Ltd.) Task: {5A40E926-9E86-4B89-9CFD-B12311724371} - System32\Tasks\Microsoft\Windows\UPnP\UPnPHostConfig => config upnphost start= auto Task: {5DC2A5C6-291E-431E-A4BA-0D992EDAC946} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-50433080-710429258-2441499552-1000UA => C:\Users\benjamka\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2015-06-16] (Dropbox, Inc.) Task: {5F67D011-55AA-45C2-A392-FCF737176BF3} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-09-03] (Google Inc.) Task: {612FDC98-97F1-4126-AFA2-2AA3D1E9A694} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-50433080-710429258-2441499552-1000Core => C:\Users\benjamka\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2015-06-16] (Dropbox, Inc.) Task: {667B4007-3460-4B4D-AF2C-0C5FB1448F21} - System32\Tasks\Adobe Flash Player Updater => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-01-19] (Adobe Systems Incorporated) Task: {806B77B1-FDCD-4237-AFD5-B41275BFFB69} - System32\Tasks\Ad-Aware Update (Weekly) => C:\Program Files (x86)\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe Task: {81195C19-3472-43E1-9EF1-E3BD96BE36FE} - System32\Tasks\{008D639C-C03A-41C9-BEF9-9FAEFC132657} => pcalua.exe -a "C:\Program Files (x86)\InstallShield Installation Information\{EF36A836-BF89-4A4F-B079-057B0C68C1E0}\setup.exe" -c -runfromtemp -l0x0007 -removeonly Task: {8EA91B99-DF5D-4D52-97B5-434ABC07657E} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe [2014-06-27] (Safer-Networking Ltd.) Task: {A38DB3D4-273D-4B21-A5C1-65B9CE1D48D5} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime => C:\Windows\system32\GWX\GWXUXWorker.exe [2015-12-05] (Microsoft Corporation) Task: {BB590BE5-9A30-423B-B339-6D03DAC80375} - System32\Tasks\Microsoft\Windows\Setup\xtgt\refreshxtgtconfig => C:\Windows\system32\XTgt\XTgtMgr.exe [2015-10-05] (Microsoft Corporation) Task: {C12F51AA-FD5C-4DC2-B4DD-BB5F0C966510} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-10-28] (Adobe Systems Incorporated) Task: {D9209408-5882-4E3F-B395-A413AC2F0E07} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-09-03] (Google Inc.) Task: {DC404808-131E-4D79-A6F9-5E68B8D971CC} - System32\Tasks\ConfigFree Startup Programs => C:\Program Files (x86)\TOSHIBA\ConfigFree\NDSTray.exe [2010-12-03] (TOSHIBA CORPORATION) Task: {DD9F510C-95F4-499A-90C8-BAC5BC372FF4} - System32\Tasks\Microsoft\Windows\SoftwareProtectionPlatform\SvcRestartTask => start sppsvc Task: {E17171CB-9A8A-466D-B3A0-96D8BDD6E81E} - System32\Tasks\Ad-Aware Antivirus Scheduled Scan => C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareLauncher.exe [2012-12-14] (Lavasoft Limited) Task: {F5380E93-EEE0-4354-8FD2-0958E256E503} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime => C:\Windows\system32\GWX\GWXUXWorker.exe [2015-12-05] (Microsoft Corporation) Task: {FC21203B-2B24-4388-9208-6B84BBA593A5} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-12-12] (Piriform Ltd) (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Aufgabe verschoben. Die Datei, die durch die Aufgabe gestartet wird, wird nicht verschoben.) Task: C:\windows\Tasks\Adobe Flash Player Updater.job => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe Task: C:\windows\Tasks\DropboxUpdateTaskUserS-1-5-21-50433080-710429258-2441499552-1000Core.job => C:\Users\benjamka\AppData\Local\Dropbox\Update\DropboxUpdate.exe Task: C:\windows\Tasks\DropboxUpdateTaskUserS-1-5-21-50433080-710429258-2441499552-1000UA.job => C:\Users\benjamka\AppData\Local\Dropbox\Update\DropboxUpdate.exe Task: C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe ==================== Verknüpfungen ============================= (Die Einträge können gelistet werden, um sie zurückzusetzen oder zu entfernen.) ==================== Geladene Module (Nicht auf der Ausnahmeliste) ============== 2013-01-21 20:45 - 2012-11-28 18:50 - 00019880 _____ () C:\windows\system32\spool\PRTPROCS\x64\TeamViewer_PrintProcessor.dll 2012-06-15 11:31 - 2012-06-15 11:31 - 00718848 _____ () C:\Program Files (x86)\NETGEAR\USB Media Extender\setqos.exe 2015-03-03 00:53 - 2015-03-03 00:57 - 00076888 _____ () C:\windows\SysWOW64\PnkBstrA.exe 2013-05-15 20:33 - 2010-04-13 15:40 - 00968448 _____ () C:\Program Files (x86)\Second Copy 8\SCVSSSvc.exe 2013-10-09 10:52 - 2013-10-09 10:52 - 00384072 _____ () C:\Program Files (x86)\Synology Data Replicator 3\SynoDrServicex64.exe 2011-04-07 21:59 - 2011-04-07 21:59 - 00592312 _____ () C:\Program Files\TOSHIBA\TECO\TecoPower.dll 2015-06-19 02:31 - 2015-06-19 02:31 - 00059392 _____ () C:\Program Files (x86)\ownCloud\shellext\OCUtil_x64.dll 2015-10-16 11:02 - 2015-10-16 11:02 - 00043480 _____ () C:\Program Files (x86)\FileZilla FTP Client\fzshellext_64.dll 2012-02-02 23:43 - 2012-01-09 19:44 - 00193536 _____ () C:\Program Files\WinRAR\rarext.dll 2010-11-19 01:18 - 2010-11-19 01:18 - 11190784 _____ () C:\Program Files\TOSHIBA\FlashCards\BlackPng.dll 2011-03-03 22:21 - 2011-03-03 22:21 - 03420584 _____ () C:\Program Files\TOSHIBA\BulletinBoard\TosNcUi.dll 2015-12-03 10:27 - 2015-12-03 10:27 - 01890830 _____ () C:\Program Files (x86)\ownCloud\owncloud.exe 2013-12-29 23:05 - 2013-10-03 10:42 - 00069120 _____ () C:\Program Files (x86)\Canon\ImageBrowser EX\MFManager.exe 2012-06-25 10:19 - 2012-06-25 10:19 - 22641664 _____ () C:\Program Files (x86)\NETGEAR\USB Media Extender\Control Center.exe 2014-12-12 23:24 - 2014-12-12 23:24 - 00047104 _____ () C:\Program Files\CCleaner\lang\lang-1031.dll 2010-12-08 23:42 - 2010-12-08 23:42 - 00079264 _____ () C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosIPCWraper.dll 2011-12-02 16:07 - 2011-12-02 16:07 - 02046976 _____ () C:\Program Files (x86)\foobar2000\foobar2000.exe 2012-05-30 19:06 - 2012-05-30 19:06 - 00087912 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll 2012-05-30 19:06 - 2012-05-30 19:06 - 01242512 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll 2014-10-30 14:04 - 2014-05-13 12:04 - 00109400 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl 2014-10-30 14:04 - 2014-05-13 12:04 - 00416600 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl 2014-10-30 14:04 - 2014-05-13 12:04 - 00167768 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl 2014-10-30 14:04 - 2012-08-23 10:38 - 00574840 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\sqlite3.dll 2014-10-30 14:04 - 2012-04-03 17:06 - 00565640 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\av\BDSmartDB.dll 2015-12-03 10:27 - 2015-12-03 10:27 - 00681998 _____ () C:\Program Files (x86)\ownCloud\libocsync.dll 2015-08-06 08:59 - 2015-08-06 08:59 - 00097326 _____ () C:\Program Files (x86)\ownCloud\libgcc_s_sjlj-1.dll 2015-08-06 08:59 - 2015-08-06 08:59 - 00922727 _____ () C:\Program Files (x86)\ownCloud\libstdc++-6.dll 2015-12-03 10:27 - 2015-12-03 10:27 - 01022478 _____ () C:\Program Files (x86)\ownCloud\libowncloudsync.dll 2015-08-06 08:10 - 2015-08-06 08:10 - 00085548 _____ () C:\Program Files (x86)\ownCloud\zlib1.dll 2015-08-06 16:48 - 2015-08-06 16:48 - 00051095 _____ () C:\Program Files (x86)\ownCloud\libqt5keychain.dll 2015-08-06 08:21 - 2015-08-06 08:21 - 02197765 _____ () C:\Program Files (x86)\ownCloud\icui18n53.dll 2015-08-06 08:21 - 2015-08-06 08:21 - 01308778 _____ () C:\Program Files (x86)\ownCloud\icuuc53.dll 2015-08-06 08:21 - 2015-08-06 08:21 - 21539975 _____ () C:\Program Files (x86)\ownCloud\icudata53.dll 2015-08-06 08:11 - 2015-08-06 08:11 - 00148117 _____ () C:\Program Files (x86)\ownCloud\libpcre16-0.dll 2015-08-06 08:16 - 2015-08-06 08:16 - 01366986 _____ () C:\Program Files (x86)\ownCloud\libGLESv2.dll 2015-08-06 08:14 - 2015-08-06 08:14 - 00209711 _____ () C:\Program Files (x86)\ownCloud\libpng16-16.dll 2015-08-06 08:16 - 2015-08-06 08:16 - 00154982 _____ () C:\Program Files (x86)\ownCloud\libEGL.dll 2015-08-06 08:14 - 2015-08-06 08:14 - 00350662 _____ () C:\Program Files (x86)\ownCloud\libjpeg-8.dll 2015-08-06 08:17 - 2015-08-06 08:17 - 00689339 _____ () C:\Program Files (x86)\ownCloud\libsqlite3-0.dll 2015-08-06 10:35 - 2015-08-06 10:35 - 00247540 _____ () C:\Program Files (x86)\ownCloud\libwebp-4.dll 2015-08-06 08:26 - 2015-08-06 08:26 - 01169416 _____ () C:\Program Files (x86)\ownCloud\libxml2-2.dll 2015-08-06 10:38 - 2015-08-06 10:38 - 00231727 _____ () C:\Program Files (x86)\ownCloud\libxslt-1.dll 2013-12-29 23:05 - 2013-10-03 10:42 - 00112128 _____ () C:\Program Files (x86)\Canon\ImageBrowser EX\MFMFileSystemWatcher.dll 2015-12-11 14:11 - 2015-10-31 01:59 - 00034768 _____ () C:\Users\benjamka\AppData\Roaming\Dropbox\bin\_multiprocessing.pyd 2015-12-11 14:11 - 2015-10-31 02:00 - 00019408 _____ () C:\Users\benjamka\AppData\Roaming\Dropbox\bin\faulthandler.pyd 2015-12-11 14:11 - 2015-12-08 22:36 - 00022848 _____ () C:\Users\benjamka\AppData\Roaming\Dropbox\bin\Crypto.Random.OSRNG.winrandom.pyd 2015-12-11 14:11 - 2015-12-08 22:36 - 00023352 _____ () C:\Users\benjamka\AppData\Roaming\Dropbox\bin\Crypto.Util._counter.pyd 2015-12-11 14:11 - 2015-12-08 22:36 - 00042296 _____ () C:\Users\benjamka\AppData\Roaming\Dropbox\bin\Crypto.Cipher._AES.pyd 2015-12-11 14:11 - 2015-10-31 01:59 - 00116688 _____ () C:\Users\benjamka\AppData\Roaming\Dropbox\bin\pywintypes27.dll 2015-12-11 14:11 - 2015-10-31 01:59 - 00093640 _____ () C:\Users\benjamka\AppData\Roaming\Dropbox\bin\_ctypes.pyd 2015-12-11 14:11 - 2015-10-31 01:59 - 00018376 _____ () C:\Users\benjamka\AppData\Roaming\Dropbox\bin\select.pyd 2015-12-11 14:11 - 2015-12-08 22:36 - 00019760 _____ () C:\Users\benjamka\AppData\Roaming\Dropbox\bin\tornado.speedups.pyd 2015-12-11 14:11 - 2015-10-31 02:00 - 00105928 _____ () C:\Users\benjamka\AppData\Roaming\Dropbox\bin\win32api.pyd 2015-12-11 14:11 - 2015-10-31 01:59 - 00392144 _____ () C:\Users\benjamka\AppData\Roaming\Dropbox\bin\pythoncom27.dll 2015-12-11 14:11 - 2015-12-08 22:36 - 00381752 _____ () C:\Users\benjamka\AppData\Roaming\Dropbox\bin\win32com.shell.shell.pyd 2015-12-11 14:11 - 2015-10-31 01:59 - 00692688 _____ () C:\Users\benjamka\AppData\Roaming\Dropbox\bin\unicodedata.pyd 2015-12-11 14:11 - 2015-12-08 22:36 - 00020816 _____ () C:\Users\benjamka\AppData\Roaming\Dropbox\bin\cryptography.hazmat.bindings._constant_time.pyd 2015-12-11 14:11 - 2015-10-31 02:00 - 00109520 _____ () C:\Users\benjamka\AppData\Roaming\Dropbox\bin\_cffi_backend.pyd 2015-12-11 14:11 - 2015-12-08 22:36 - 01737032 _____ () C:\Users\benjamka\AppData\Roaming\Dropbox\bin\cryptography.hazmat.bindings._openssl.pyd 2015-12-11 14:11 - 2015-12-08 22:36 - 00020808 _____ () C:\Users\benjamka\AppData\Roaming\Dropbox\bin\cryptography.hazmat.bindings._padding.pyd 2015-12-11 14:11 - 2015-12-08 22:36 - 00020800 _____ () C:\Users\benjamka\AppData\Roaming\Dropbox\bin\_cffi_python_x66cf7a7cx17a72769.pyd 2015-12-11 14:11 - 2015-12-08 22:36 - 00021840 _____ () C:\Users\benjamka\AppData\Roaming\Dropbox\bin\_cffi_unicode_environ_win32_x8bf8e68bx9968e850.pyd 2015-12-11 14:11 - 2015-12-08 22:36 - 00038696 _____ () C:\Users\benjamka\AppData\Roaming\Dropbox\bin\fastpath.pyd 2015-12-11 14:11 - 2015-10-31 02:00 - 00024528 _____ () C:\Users\benjamka\AppData\Roaming\Dropbox\bin\win32event.pyd 2015-12-11 14:11 - 2015-10-31 02:00 - 00020936 _____ () C:\Users\benjamka\AppData\Roaming\Dropbox\bin\mmapfile.pyd 2015-12-11 14:11 - 2015-10-31 02:00 - 00114640 _____ () C:\Users\benjamka\AppData\Roaming\Dropbox\bin\win32security.pyd 2015-12-11 14:11 - 2015-12-08 22:36 - 00021320 _____ () C:\Users\benjamka\AppData\Roaming\Dropbox\bin\_cffi_pywin_kernel32_xde9e4433x360333f0.pyd 2015-12-11 14:11 - 2015-10-31 02:00 - 00124880 _____ () C:\Users\benjamka\AppData\Roaming\Dropbox\bin\win32file.pyd 2015-12-11 14:11 - 2015-10-31 02:00 - 00030160 _____ () C:\Users\benjamka\AppData\Roaming\Dropbox\bin\win32pipe.pyd 2015-12-11 14:11 - 2015-10-31 02:00 - 00043472 _____ () C:\Users\benjamka\AppData\Roaming\Dropbox\bin\win32process.pyd 2015-12-11 14:11 - 2015-10-31 02:00 - 00175560 _____ () C:\Users\benjamka\AppData\Roaming\Dropbox\bin\win32gui.pyd 2015-12-11 14:11 - 2015-10-31 02:00 - 00028616 _____ () C:\Users\benjamka\AppData\Roaming\Dropbox\bin\win32ts.pyd 2015-12-11 14:11 - 2015-10-31 02:00 - 00024016 _____ () C:\Users\benjamka\AppData\Roaming\Dropbox\bin\win32clipboard.pyd 2015-12-11 14:11 - 2015-10-31 02:00 - 00048592 _____ () C:\Users\benjamka\AppData\Roaming\Dropbox\bin\win32service.pyd 2015-12-11 14:11 - 2015-12-08 22:36 - 00024392 _____ () C:\Users\benjamka\AppData\Roaming\Dropbox\bin\librsyncffi.compiled._librsyncffi.pyd 2015-12-11 14:11 - 2015-10-31 02:00 - 00036296 _____ () C:\Users\benjamka\AppData\Roaming\Dropbox\bin\librsync.dll 2015-12-11 14:11 - 2015-10-31 02:00 - 00024016 _____ () C:\Users\benjamka\AppData\Roaming\Dropbox\bin\win32profile.pyd 2015-12-11 14:11 - 2015-12-08 22:36 - 00117056 _____ () C:\Users\benjamka\AppData\Roaming\Dropbox\bin\breakpad.client.windows.handler.pyd 2015-12-11 14:11 - 2015-12-08 22:36 - 00023376 _____ () C:\Users\benjamka\AppData\Roaming\Dropbox\bin\winscreenshot.compiled._CaptureScreenshot.pyd 2015-12-11 14:11 - 2015-10-31 01:59 - 00134608 _____ () C:\Users\benjamka\AppData\Roaming\Dropbox\bin\_elementtree.pyd 2015-12-11 14:11 - 2015-10-31 01:59 - 00134088 _____ () C:\Users\benjamka\AppData\Roaming\Dropbox\bin\pyexpat.pyd 2015-12-11 14:11 - 2015-10-31 02:00 - 00240584 _____ () C:\Users\benjamka\AppData\Roaming\Dropbox\bin\jpegtran.pyd 2015-12-11 14:11 - 2015-12-08 22:36 - 00020280 _____ () C:\Users\benjamka\AppData\Roaming\Dropbox\bin\cpuid.compiled._cpuid.pyd 2015-12-11 14:11 - 2015-12-08 22:36 - 00052024 _____ () C:\Users\benjamka\AppData\Roaming\Dropbox\bin\psutil._psutil_windows.pyd 2015-12-11 14:11 - 2015-12-08 22:36 - 00021304 _____ () C:\Users\benjamka\AppData\Roaming\Dropbox\bin\Crypto.Util.strxor.pyd 2015-12-11 14:11 - 2015-10-31 02:00 - 00350152 _____ () C:\Users\benjamka\AppData\Roaming\Dropbox\bin\winxpgui.pyd 2015-12-11 14:11 - 2015-12-08 22:36 - 00084792 _____ () C:\Users\benjamka\AppData\Roaming\Dropbox\bin\dropbox_sqlite_ext.DLL 2015-12-11 14:11 - 2015-12-08 22:36 - 01826608 _____ () C:\Users\benjamka\AppData\Roaming\Dropbox\bin\PyQt5.QtCore.pyd 2015-12-11 14:11 - 2015-10-31 02:00 - 00083912 _____ () C:\Users\benjamka\AppData\Roaming\Dropbox\bin\sip.pyd 2015-12-11 14:11 - 2015-12-08 22:36 - 03891504 _____ () C:\Users\benjamka\AppData\Roaming\Dropbox\bin\PyQt5.QtWidgets.pyd 2015-12-11 14:11 - 2015-12-08 22:36 - 01950000 _____ () C:\Users\benjamka\AppData\Roaming\Dropbox\bin\PyQt5.QtGui.pyd 2015-12-11 14:11 - 2015-12-08 22:36 - 00519984 _____ () C:\Users\benjamka\AppData\Roaming\Dropbox\bin\PyQt5.QtNetwork.pyd 2015-12-11 14:11 - 2015-12-08 22:36 - 00133936 _____ () C:\Users\benjamka\AppData\Roaming\Dropbox\bin\PyQt5.QtWebKit.pyd 2015-12-11 14:11 - 2015-12-08 22:36 - 00225080 _____ () C:\Users\benjamka\AppData\Roaming\Dropbox\bin\PyQt5.QtWebKitWidgets.pyd 2015-12-11 14:11 - 2015-12-08 22:36 - 00207672 _____ () C:\Users\benjamka\AppData\Roaming\Dropbox\bin\PyQt5.QtPrintSupport.pyd 2015-12-11 14:11 - 2015-12-08 22:36 - 00024904 _____ () C:\Users\benjamka\AppData\Roaming\Dropbox\bin\_cffi_wpad_proxy_win_x752e3d61xdcfdcc84.pyd 2015-12-11 14:11 - 2015-12-08 22:36 - 00486704 _____ () C:\Users\benjamka\AppData\Roaming\Dropbox\bin\PyQt5.QtQuick.pyd 2015-12-11 14:11 - 2015-12-08 22:36 - 00357680 _____ () C:\Users\benjamka\AppData\Roaming\Dropbox\bin\PyQt5.QtQml.pyd 2015-03-04 22:45 - 2015-10-31 02:01 - 00019920 _____ () C:\Users\benjamka\AppData\Roaming\Dropbox\bin\QtQuick.2\qtquick2plugin.dll 2015-03-04 22:45 - 2015-10-31 02:00 - 00786904 _____ () C:\Users\benjamka\AppData\Roaming\Dropbox\bin\QtQuick\Controls\qtquickcontrolsplugin.dll 2015-07-30 23:59 - 2015-10-31 02:00 - 00063448 _____ () C:\Users\benjamka\AppData\Roaming\Dropbox\bin\QtQuick\Layouts\qquicklayoutsplugin.dll 2015-03-04 22:45 - 2015-10-31 02:00 - 00019408 _____ () C:\Users\benjamka\AppData\Roaming\Dropbox\bin\QtQuick\Window.2\windowplugin.dll 2015-03-04 22:45 - 2015-10-31 02:00 - 00063432 _____ () C:\Users\benjamka\AppData\Roaming\Dropbox\bin\libEGL.dll 2015-03-04 22:45 - 2015-10-31 02:00 - 01135568 _____ () C:\Users\benjamka\AppData\Roaming\Dropbox\bin\libGLESv2.dll 2014-06-21 13:14 - 2015-07-21 10:43 - 00074272 _____ () C:\Program Files (x86)\PDF24\zlib.dll 2014-06-21 13:14 - 2015-07-21 10:43 - 00051744 _____ () C:\Program Files (x86)\PDF24\OperationUI.dll 2013-01-15 22:13 - 2014-12-19 05:01 - 00192376 _____ () C:\Program Files (x86)\Ad-Aware Antivirus\Definitions\libBase64.dll 2013-01-15 22:13 - 2014-12-19 05:01 - 00180088 _____ () C:\Program Files (x86)\Ad-Aware Antivirus\Definitions\libMachoUniv.dll 2015-10-16 11:02 - 2015-10-16 11:02 - 00039384 _____ () C:\Program Files (x86)\FileZilla FTP Client\fzshellext.dll 2015-12-26 02:35 - 2016-01-09 19:59 - 00153032 _____ () C:\Program Files (x86)\Mozilla Thunderbird\NSLDAP32V60.dll 2015-12-26 02:35 - 2016-01-09 19:59 - 00022472 _____ () C:\Program Files (x86)\Mozilla Thunderbird\NSLDAPPR32V60.dll 2015-11-11 03:41 - 2015-11-11 03:41 - 00756376 _____ () C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\MSPTLS.DLL 2016-01-19 20:50 - 2016-01-19 20:50 - 17882304 _____ () C:\windows\SysWOW64\Macromed\Flash\NPSWF32_20_0_0_286.dll 2010-04-21 13:48 - 2010-04-21 13:48 - 00066560 _____ () C:\Program Files (x86)\foobar2000\zlib1.dll 2011-12-02 16:04 - 2011-12-02 16:04 - 00148480 _____ () C:\Program Files (x86)\foobar2000\shared.dll 2011-12-02 16:05 - 2011-12-02 16:05 - 01483264 _____ () C:\Program Files (x86)\foobar2000\components\foo_input_std.dll 2011-12-02 16:06 - 2011-12-02 16:06 - 00365056 _____ () C:\Program Files (x86)\foobar2000\components\foo_albumlist.dll 2011-12-02 16:06 - 2011-12-02 16:06 - 00276480 _____ () C:\Program Files (x86)\foobar2000\components\foo_dsp_std.dll 2011-12-02 16:05 - 2011-12-02 16:05 - 00283136 _____ () C:\Program Files (x86)\foobar2000\components\foo_rgscan.dll 2011-12-02 16:05 - 2011-12-02 16:05 - 00483840 _____ () C:\Program Files (x86)\foobar2000\components\foo_converter.dll 2012-07-13 14:36 - 2011-06-12 22:17 - 01858048 _____ () C:\Program Files (x86)\foobar2000\components\foo_dop.dll 2011-12-02 16:05 - 2011-12-02 16:05 - 00171008 _____ () C:\Program Files (x86)\foobar2000\components\foo_unpack.dll 2011-12-02 16:05 - 2011-12-02 16:05 - 00276480 _____ () C:\Program Files (x86)\foobar2000\components\foo_fileops.dll 2011-12-02 16:06 - 2011-12-02 16:06 - 01130496 _____ () C:\Program Files (x86)\foobar2000\components\foo_ui_std.dll 2011-12-02 16:05 - 2011-12-02 16:05 - 00237568 _____ () C:\Program Files (x86)\foobar2000\components\foo_freedb2.dll 2011-12-02 16:06 - 2011-12-02 16:06 - 00299008 _____ () C:\Program Files (x86)\foobar2000\components\foo_cdda.dll ==================== Alternate Data Streams (Nicht auf der Ausnahmeliste) ========= (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird nur der ADS entfernt.) ==================== Abgesicherter Modus (Nicht auf der Ausnahmeliste) =================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Der Wert "AlternateShell" wird wiederhergestellt.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Ad-Aware Service => ""="Ad-Aware Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SBAMSvc => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Ad-Aware Service => ""="Ad-Aware Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MSIServer => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SBAMSvc => ""="Service" ==================== EXE Verknüpfungen (Nicht auf der Ausnahmeliste) =============== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt.) ==================== Internet Explorer Vertrauenswürdig/Eingeschränkt =============== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt.) IE trusted site: HKU\.DEFAULT\...\localhost -> localhost IE trusted site: HKU\.DEFAULT\...\webcompanion.com -> hxxp://webcompanion.com IE restricted site: HKU\.DEFAULT\...\007guard.com -> install.007guard.com IE restricted site: HKU\.DEFAULT\...\008i.com -> 008i.com IE restricted site: HKU\.DEFAULT\...\008k.com -> www.008k.com IE restricted site: HKU\.DEFAULT\...\00hq.com -> www.00hq.com IE restricted site: HKU\.DEFAULT\...\010402.com -> 010402.com IE restricted site: HKU\.DEFAULT\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com IE restricted site: HKU\.DEFAULT\...\0scan.com -> www.0scan.com IE restricted site: HKU\.DEFAULT\...\1-2005-search.com -> www.1-2005-search.com IE restricted site: HKU\.DEFAULT\...\1-domains-registrations.com -> www.1-domains-registrations.com IE restricted site: HKU\.DEFAULT\...\1000gratisproben.com -> www.1000gratisproben.com IE restricted site: HKU\.DEFAULT\...\1001namen.com -> www.1001namen.com IE restricted site: HKU\.DEFAULT\...\100888290cs.com -> mir.100888290cs.com IE restricted site: HKU\.DEFAULT\...\100sexlinks.com -> www.100sexlinks.com IE restricted site: HKU\.DEFAULT\...\10sek.com -> www.10sek.com IE restricted site: HKU\.DEFAULT\...\12-26.net -> user1.12-26.net IE restricted site: HKU\.DEFAULT\...\12-27.net -> user1.12-27.net IE restricted site: HKU\.DEFAULT\...\123fporn.info -> www.123fporn.info IE restricted site: HKU\.DEFAULT\...\123haustiereundmehr.com -> www.123haustiereundmehr.com IE restricted site: HKU\.DEFAULT\...\123moviedownload.com -> www.123moviedownload.com IE restricted site: HKU\.DEFAULT\...\123simsen.com -> www.123simsen.com Da befinden sich 7867 mehr Seiten. IE trusted site: HKU\S-1-5-21-50433080-710429258-2441499552-1000\...\localhost -> localhost IE trusted site: HKU\S-1-5-21-50433080-710429258-2441499552-1000\...\webcompanion.com -> hxxp://webcompanion.com IE restricted site: HKU\S-1-5-21-50433080-710429258-2441499552-1000\...\007guard.com -> install.007guard.com IE restricted site: HKU\S-1-5-21-50433080-710429258-2441499552-1000\...\008i.com -> 008i.com IE restricted site: HKU\S-1-5-21-50433080-710429258-2441499552-1000\...\008k.com -> www.008k.com IE restricted site: HKU\S-1-5-21-50433080-710429258-2441499552-1000\...\00hq.com -> www.00hq.com IE restricted site: HKU\S-1-5-21-50433080-710429258-2441499552-1000\...\010402.com -> 010402.com IE restricted site: HKU\S-1-5-21-50433080-710429258-2441499552-1000\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com IE restricted site: HKU\S-1-5-21-50433080-710429258-2441499552-1000\...\0scan.com -> www.0scan.com IE restricted site: HKU\S-1-5-21-50433080-710429258-2441499552-1000\...\1-2005-search.com -> www.1-2005-search.com IE restricted site: HKU\S-1-5-21-50433080-710429258-2441499552-1000\...\1-domains-registrations.com -> www.1-domains-registrations.com IE restricted site: HKU\S-1-5-21-50433080-710429258-2441499552-1000\...\1000gratisproben.com -> www.1000gratisproben.com IE restricted site: HKU\S-1-5-21-50433080-710429258-2441499552-1000\...\1001namen.com -> www.1001namen.com IE restricted site: HKU\S-1-5-21-50433080-710429258-2441499552-1000\...\100888290cs.com -> mir.100888290cs.com IE restricted site: HKU\S-1-5-21-50433080-710429258-2441499552-1000\...\100sexlinks.com -> www.100sexlinks.com IE restricted site: HKU\S-1-5-21-50433080-710429258-2441499552-1000\...\10sek.com -> www.10sek.com IE restricted site: HKU\S-1-5-21-50433080-710429258-2441499552-1000\...\12-26.net -> user1.12-26.net IE restricted site: HKU\S-1-5-21-50433080-710429258-2441499552-1000\...\12-27.net -> user1.12-27.net IE restricted site: HKU\S-1-5-21-50433080-710429258-2441499552-1000\...\123fporn.info -> www.123fporn.info IE restricted site: HKU\S-1-5-21-50433080-710429258-2441499552-1000\...\123haustiereundmehr.com -> www.123haustiereundmehr.com IE restricted site: HKU\S-1-5-21-50433080-710429258-2441499552-1000\...\123moviedownload.com -> www.123moviedownload.com IE restricted site: HKU\S-1-5-21-50433080-710429258-2441499552-1000\...\123simsen.com -> www.123simsen.com Da befinden sich 7867 mehr Seiten. IE restricted site: HKU\S-1-5-21-50433080-710429258-2441499552-1004\...\007guard.com -> install.007guard.com IE restricted site: HKU\S-1-5-21-50433080-710429258-2441499552-1004\...\008i.com -> 008i.com IE restricted site: HKU\S-1-5-21-50433080-710429258-2441499552-1004\...\008k.com -> www.008k.com IE restricted site: HKU\S-1-5-21-50433080-710429258-2441499552-1004\...\00hq.com -> www.00hq.com IE restricted site: HKU\S-1-5-21-50433080-710429258-2441499552-1004\...\010402.com -> 010402.com IE restricted site: HKU\S-1-5-21-50433080-710429258-2441499552-1004\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com IE restricted site: HKU\S-1-5-21-50433080-710429258-2441499552-1004\...\0scan.com -> www.0scan.com IE restricted site: HKU\S-1-5-21-50433080-710429258-2441499552-1004\...\1-2005-search.com -> www.1-2005-search.com IE restricted site: HKU\S-1-5-21-50433080-710429258-2441499552-1004\...\1-domains-registrations.com -> www.1-domains-registrations.com IE restricted site: HKU\S-1-5-21-50433080-710429258-2441499552-1004\...\1000gratisproben.com -> www.1000gratisproben.com IE restricted site: HKU\S-1-5-21-50433080-710429258-2441499552-1004\...\1001namen.com -> www.1001namen.com IE restricted site: HKU\S-1-5-21-50433080-710429258-2441499552-1004\...\100888290cs.com -> mir.100888290cs.com IE restricted site: HKU\S-1-5-21-50433080-710429258-2441499552-1004\...\100sexlinks.com -> www.100sexlinks.com IE restricted site: HKU\S-1-5-21-50433080-710429258-2441499552-1004\...\10sek.com -> www.10sek.com IE restricted site: HKU\S-1-5-21-50433080-710429258-2441499552-1004\...\12-26.net -> user1.12-26.net IE restricted site: HKU\S-1-5-21-50433080-710429258-2441499552-1004\...\12-27.net -> user1.12-27.net IE restricted site: HKU\S-1-5-21-50433080-710429258-2441499552-1004\...\123fporn.info -> www.123fporn.info IE restricted site: HKU\S-1-5-21-50433080-710429258-2441499552-1004\...\123haustiereundmehr.com -> www.123haustiereundmehr.com IE restricted site: HKU\S-1-5-21-50433080-710429258-2441499552-1004\...\123moviedownload.com -> www.123moviedownload.com IE restricted site: HKU\S-1-5-21-50433080-710429258-2441499552-1004\...\123simsen.com -> www.123simsen.com Da befinden sich 7866 mehr Seiten. IE restricted site: HKU\S-1-5-21-50433080-710429258-2441499552-1005\...\007guard.com -> install.007guard.com IE restricted site: HKU\S-1-5-21-50433080-710429258-2441499552-1005\...\008i.com -> 008i.com IE restricted site: HKU\S-1-5-21-50433080-710429258-2441499552-1005\...\008k.com -> www.008k.com IE restricted site: HKU\S-1-5-21-50433080-710429258-2441499552-1005\...\00hq.com -> www.00hq.com IE restricted site: HKU\S-1-5-21-50433080-710429258-2441499552-1005\...\010402.com -> 010402.com IE restricted site: HKU\S-1-5-21-50433080-710429258-2441499552-1005\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com IE restricted site: HKU\S-1-5-21-50433080-710429258-2441499552-1005\...\0scan.com -> www.0scan.com IE restricted site: HKU\S-1-5-21-50433080-710429258-2441499552-1005\...\1-2005-search.com -> www.1-2005-search.com IE restricted site: HKU\S-1-5-21-50433080-710429258-2441499552-1005\...\1-domains-registrations.com -> www.1-domains-registrations.com IE restricted site: HKU\S-1-5-21-50433080-710429258-2441499552-1005\...\1000gratisproben.com -> www.1000gratisproben.com IE restricted site: HKU\S-1-5-21-50433080-710429258-2441499552-1005\...\1001namen.com -> www.1001namen.com IE restricted site: HKU\S-1-5-21-50433080-710429258-2441499552-1005\...\100888290cs.com -> mir.100888290cs.com IE restricted site: HKU\S-1-5-21-50433080-710429258-2441499552-1005\...\100sexlinks.com -> www.100sexlinks.com IE restricted site: HKU\S-1-5-21-50433080-710429258-2441499552-1005\...\10sek.com -> www.10sek.com IE restricted site: HKU\S-1-5-21-50433080-710429258-2441499552-1005\...\12-26.net -> user1.12-26.net IE restricted site: HKU\S-1-5-21-50433080-710429258-2441499552-1005\...\12-27.net -> user1.12-27.net IE restricted site: HKU\S-1-5-21-50433080-710429258-2441499552-1005\...\123fporn.info -> www.123fporn.info IE restricted site: HKU\S-1-5-21-50433080-710429258-2441499552-1005\...\123haustiereundmehr.com -> www.123haustiereundmehr.com IE restricted site: HKU\S-1-5-21-50433080-710429258-2441499552-1005\...\123moviedownload.com -> www.123moviedownload.com IE restricted site: HKU\S-1-5-21-50433080-710429258-2441499552-1005\...\123simsen.com -> www.123simsen.com Da befinden sich 7866 mehr Seiten. IE restricted site: HKU\S-1-5-21-50433080-710429258-2441499552-501\...\007guard.com -> install.007guard.com IE restricted site: HKU\S-1-5-21-50433080-710429258-2441499552-501\...\008i.com -> 008i.com IE restricted site: HKU\S-1-5-21-50433080-710429258-2441499552-501\...\008k.com -> www.008k.com IE restricted site: HKU\S-1-5-21-50433080-710429258-2441499552-501\...\00hq.com -> www.00hq.com IE restricted site: HKU\S-1-5-21-50433080-710429258-2441499552-501\...\010402.com -> 010402.com IE restricted site: HKU\S-1-5-21-50433080-710429258-2441499552-501\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com IE restricted site: HKU\S-1-5-21-50433080-710429258-2441499552-501\...\0scan.com -> www.0scan.com IE restricted site: HKU\S-1-5-21-50433080-710429258-2441499552-501\...\1-2005-search.com -> www.1-2005-search.com IE restricted site: HKU\S-1-5-21-50433080-710429258-2441499552-501\...\1-domains-registrations.com -> www.1-domains-registrations.com IE restricted site: HKU\S-1-5-21-50433080-710429258-2441499552-501\...\1000gratisproben.com -> www.1000gratisproben.com IE restricted site: HKU\S-1-5-21-50433080-710429258-2441499552-501\...\1001namen.com -> www.1001namen.com IE restricted site: HKU\S-1-5-21-50433080-710429258-2441499552-501\...\100888290cs.com -> mir.100888290cs.com IE restricted site: HKU\S-1-5-21-50433080-710429258-2441499552-501\...\100sexlinks.com -> www.100sexlinks.com IE restricted site: HKU\S-1-5-21-50433080-710429258-2441499552-501\...\10sek.com -> www.10sek.com IE restricted site: HKU\S-1-5-21-50433080-710429258-2441499552-501\...\12-26.net -> user1.12-26.net IE restricted site: HKU\S-1-5-21-50433080-710429258-2441499552-501\...\12-27.net -> user1.12-27.net IE restricted site: HKU\S-1-5-21-50433080-710429258-2441499552-501\...\123fporn.info -> www.123fporn.info IE restricted site: HKU\S-1-5-21-50433080-710429258-2441499552-501\...\123haustiereundmehr.com -> www.123haustiereundmehr.com IE restricted site: HKU\S-1-5-21-50433080-710429258-2441499552-501\...\123moviedownload.com -> www.123moviedownload.com IE restricted site: HKU\S-1-5-21-50433080-710429258-2441499552-501\...\123simsen.com -> www.123simsen.com Da befinden sich 7866 mehr Seiten. ==================== Hosts Inhalt: =============================== (Wenn benötigt kann der Hosts: Schalter in die Fixlist aufgenommen werden um die Hosts Datei zurückzusetzen.) 2009-07-14 03:34 - 2009-06-10 22:00 - 00000824 ____N C:\windows\system32\Drivers\etc\hosts ==================== Andere Bereiche ============================ (Aktuell gibt es keinen automatisierten Fix für diesen Bereich.) HKU\S-1-5-21-50433080-710429258-2441499552-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\benjamka\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg HKU\S-1-5-21-50433080-710429258-2441499552-1004\Control Panel\Desktop\\Wallpaper -> C:\Users\BBK 64\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg HKU\S-1-5-21-50433080-710429258-2441499552-1005\Control Panel\Desktop\\Wallpaper -> C:\Users\Hombre\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg HKU\S-1-5-21-50433080-710429258-2441499552-501\Control Panel\Desktop\\Wallpaper -> C:\Users\Gast\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg DNS Servers: 192.168.178.1 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1) Windows Firewall ist aktiviert. ==================== MSCONFIG/TASK MANAGER Deaktivierte Einträge == (Aktuell gibt es keinen automatisierten Fix für diesen Bereich.) MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Toshiba Places Icon Utility.lnk => C:\windows\pss\Toshiba Places Icon Utility.lnk.CommonStartup MSCONFIG\startupreg: Ad-Aware Antivirus => "C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareLauncher" --windows-run MSCONFIG\startupreg: APSDaemon => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" MSCONFIG\startupreg: iTunesHelper => "C:\Program Files (x86)\iTunes\iTunesHelper.exe" MSCONFIG\startupreg: NBAgent => "C:\Program Files (x86)\Nero\Nero 10\Nero BackItUp\NBAgent.exe" /WinStart MSCONFIG\startupreg: Teco => "%ProgramFiles%\TOSHIBA\TECO\Teco.exe" /r MSCONFIG\startupreg: Toshiba Registration => C:\Program Files\TOSHIBA\Registration\ToshibaReminder.exe MSCONFIG\startupreg: Toshiba TEMPRO => C:\Program Files (x86)\Toshiba TEMPRO\TemproTray.exe MSCONFIG\startupreg: ToshibaServiceStation => "C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" /hide:60 MSCONFIG\startupreg: TosReelTimeMonitor => %ProgramFiles%\TOSHIBA\ReelTime\TosReelTimeMonitor.exe MSCONFIG\startupreg: TosWaitSrv => %ProgramFiles%\TOSHIBA\TPHM\TosWaitSrv.exe ==================== Firewall Regeln (Nicht auf der Ausnahmeliste) =============== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.) FirewallRules: [{18F9B4CF-3355-4DFE-9A11-D544039302FF}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe FirewallRules: [{0AEE0B96-C74A-41C4-B0D7-52425B60CC47}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe FirewallRules: [{7E4BAF6A-B2BF-4C1C-A432-BA8825ADEF25}] => (Allow) LPort=2869 FirewallRules: [{F6200A9A-D8DC-4617-9C3B-2631DDDE95DB}] => (Allow) LPort=1900 FirewallRules: [{43FC74DA-1CCE-4F15-913D-635F2B84115E}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe FirewallRules: [{A5482107-A5A1-4B1E-A0BF-D0D5E728C283}] => (Allow) C:\Program Files (x86)\Windows Live\Mesh\MOE.exe FirewallRules: [{50CA9607-1D43-411F-A483-16BD03B2902B}] => (Allow) C:\Program Files (x86)\Microsoft Office 2007\Office12\GROOVE.EXE FirewallRules: [{750BDA4C-701B-4E79-92F2-56F29D3AFCF7}] => (Allow) C:\Program Files (x86)\Microsoft Office 2007\Office12\GROOVE.EXE FirewallRules: [{872C8B78-429A-444A-BA1E-8AA79F340C81}] => (Allow) C:\Program Files (x86)\Microsoft Office 2007\Office12\ONENOTE.EXE FirewallRules: [{3B34C576-1E96-4C9B-8830-1FAF738001D8}] => (Allow) C:\Program Files (x86)\Microsoft Office 2007\Office12\ONENOTE.EXE FirewallRules: [TCP Query User{290FD82D-744F-4563-BB4D-566EAF8A35DA}C:\program files (x86)\microsoft office 2007\office12\groove.exe] => (Block) C:\program files (x86)\microsoft office 2007\office12\groove.exe FirewallRules: [UDP Query User{009B87DA-B380-4B5E-8E95-AA6D96F66C91}C:\program files (x86)\microsoft office 2007\office12\groove.exe] => (Block) C:\program files (x86)\microsoft office 2007\office12\groove.exe FirewallRules: [{6ECD5366-F230-4D9A-8475-B19A133B0997}] => (Allow) D:\fsetup.exe FirewallRules: [{A6B0C297-39D7-4AE5-8F73-72D7152A034E}] => (Allow) D:\fsetup.exe FirewallRules: [TCP Query User{0808B48E-0F94-4355-81D5-C327815353C0}C:\program files (x86)\videolan\vlc\vlc.exe] => (Block) C:\program files (x86)\videolan\vlc\vlc.exe FirewallRules: [UDP Query User{7BCEEF7D-9774-4A50-8D57-7884CEA9FEFF}C:\program files (x86)\videolan\vlc\vlc.exe] => (Block) C:\program files (x86)\videolan\vlc\vlc.exe FirewallRules: [{C57FF549-1292-430A-AA52-E86DB915416D}] => (Allow) C:\Users\benjamka\AppData\Roaming\Dropbox\bin\Dropbox.exe FirewallRules: [{C0715ED8-A10D-4CAF-ADB5-8873988C001E}] => (Allow) C:\Users\benjamka\AppData\Roaming\Dropbox\bin\Dropbox.exe FirewallRules: [{D40F8F1B-E8EA-4AB7-A73F-A2714B71F44A}] => (Allow) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe FirewallRules: [{1794BA9E-C5FB-46A5-8BA6-61E092ABD086}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe FirewallRules: [{9059B235-D15D-44F1-BBFA-9E8464658AD2}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe FirewallRules: [{459AEDE0-A773-49A6-AA3A-1CA18CFCD9F2}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe FirewallRules: [{D4EE5496-ED1E-4AE2-9769-FD54D3F59260}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe FirewallRules: [{EFA2E455-9780-4321-AA57-2DB9076619CD}] => (Allow) C:\Program Files (x86)\iTunes\iTunes.exe FirewallRules: [TCP Query User{CCDA79A0-1B87-4DFF-8FF1-75046488DAAF}C:\users\benjamka\appdata\roaming\dropbox\bin\dropbox.exe] => (Block) C:\users\benjamka\appdata\roaming\dropbox\bin\dropbox.exe FirewallRules: [UDP Query User{74CC3B9D-9D4C-4F71-B8BB-C3EDB7D9258C}C:\users\benjamka\appdata\roaming\dropbox\bin\dropbox.exe] => (Block) C:\users\benjamka\appdata\roaming\dropbox\bin\dropbox.exe FirewallRules: [TCP Query User{2893CA94-B315-4C4B-905C-6763A8268B26}C:\xampp\apache\bin\httpd.exe] => (Allow) C:\xampp\apache\bin\httpd.exe FirewallRules: [UDP Query User{EADBD15E-1BD8-48A6-BC05-BAB4C0E09FC4}C:\xampp\apache\bin\httpd.exe] => (Allow) C:\xampp\apache\bin\httpd.exe FirewallRules: [TCP Query User{2CCFD4B7-9196-4106-8EC0-BF94EF15EBEC}C:\xampp\mysql\bin\mysqld.exe] => (Allow) C:\xampp\mysql\bin\mysqld.exe FirewallRules: [UDP Query User{12D95F95-5719-46CB-AADA-A4C6AFA5DDA7}C:\xampp\mysql\bin\mysqld.exe] => (Allow) C:\xampp\mysql\bin\mysqld.exe FirewallRules: [{C5F8245F-2D8D-4E79-817A-A771DB1A0293}] => (Allow) C:\Program Files (x86)\TeamViewer\Version8\TeamViewer.exe FirewallRules: [{D264E3A8-828E-4490-91D0-A80340AA544D}] => (Allow) C:\Program Files (x86)\TeamViewer\Version8\TeamViewer.exe FirewallRules: [{9A9DD54F-0EBD-4DF4-A6F8-755DCDAA8C1F}] => (Allow) C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe FirewallRules: [{047E83B1-8FFD-4EB6-880A-B39D73DD215A}] => (Allow) C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe FirewallRules: [TCP Query User{C21B43D8-3ABE-4D6D-A569-130CCE4049C0}C:\program files (x86)\aptana s3\aptanastudio3.exe] => (Block) C:\program files (x86)\aptana s3\aptanastudio3.exe FirewallRules: [UDP Query User{E3C65BF3-1B18-49C7-B585-A72D5360EE61}C:\program files (x86)\aptana s3\aptanastudio3.exe] => (Block) C:\program files (x86)\aptana s3\aptanastudio3.exe FirewallRules: [{E7758F1E-63EC-45FD-9B85-2415BB68CC52}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe FirewallRules: [{B10DFC3C-0C9B-4D4C-803F-2BB6C0D22966}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe FirewallRules: [{956CEC33-57A0-4ED1-9491-06EE748AE28F}] => (Allow) C:\Users\benjamka\AppData\Local\Apps\2.0\422DB9VB.QPA\KCW72ZC9.DW9\frit..tion_1acae14e4778b8d2_0002.0003_7c9366a34786c7f9\fritzbox-usb-fernanschluss.exe FirewallRules: [{90692234-AB12-4938-BB19-B05AD3C4398D}] => (Allow) C:\Users\benjamka\AppData\Local\Apps\2.0\422DB9VB.QPA\KCW72ZC9.DW9\frit..tion_1acae14e4778b8d2_0002.0003_7c9366a34786c7f9\fritzbox-usb-fernanschluss.exe FirewallRules: [{653789C9-2244-4292-B8D5-ECCC7F39ED2C}] => (Allow) C:\Users\benjamka\AppData\Local\Apps\2.0\422DB9VB.QPA\KCW72ZC9.DW9\frit..tion_1acae14e4778b8d2_0002.0003_7c9366a34786c7f9\fritzbox-usb-fernanschluss.exe FirewallRules: [{8A8A586E-BBFD-49C2-921B-70552DBA4505}] => (Allow) C:\Users\benjamka\AppData\Local\Apps\2.0\422DB9VB.QPA\KCW72ZC9.DW9\frit..tion_1acae14e4778b8d2_0002.0003_7c9366a34786c7f9\fritzbox-usb-fernanschluss.exe FirewallRules: [TCP Query User{7D2883FE-1DE7-4647-AB3F-CC614D0D1BCE}C:\program files (x86)\netgear\netgear powerline utility\namepipeserver.exe] => (Allow) C:\program files (x86)\netgear\netgear powerline utility\namepipeserver.exe FirewallRules: [UDP Query User{43964E8F-4E80-426D-A03B-B027ADA07193}C:\program files (x86)\netgear\netgear powerline utility\namepipeserver.exe] => (Allow) C:\program files (x86)\netgear\netgear powerline utility\namepipeserver.exe FirewallRules: [{85EEB40F-87B1-4E2C-BE65-FF46E1E96359}] => (Allow) C:\Program Files (x86)\NETGEAR\USB Media Extender\Control Center.exe FirewallRules: [{5A69410F-94CE-4A98-B9A9-5520C598DECE}] => (Allow) C:\Program Files (x86)\NETGEAR\USB Media Extender\Control Center.exe FirewallRules: [{A37CA65D-E391-4E7C-B7F2-AA1616B3C220}] => (Allow) LPort=7423 FirewallRules: [TCP Query User{1DE2F863-C392-43BF-8DB8-77CEC9E588E1}C:\program files (x86)\netgear\usb media extender\control center.exe] => (Allow) C:\program files (x86)\netgear\usb media extender\control center.exe FirewallRules: [UDP Query User{7B49CC51-7112-4674-B482-AD99D8E9929D}C:\program files (x86)\netgear\usb media extender\control center.exe] => (Allow) C:\program files (x86)\netgear\usb media extender\control center.exe FirewallRules: [{435E377B-2111-4A5E-8FDB-C415E3C62290}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Counter-Strike Source\hl2.exe FirewallRules: [{D30E6E9E-54FC-4B72-8D94-8E293F34C409}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Counter-Strike Source\hl2.exe FirewallRules: [{0CBA0D94-61A8-411A-8370-42C359239AD3}] => (Allow) C:\Users\benjamka\AppData\Local\Apps\2.0\422DB9VB.QPA\KCW72ZC9.DW9\frit..tion_1acae14e4778b8d2_0002.0003_6dcb4a48ddb2ee39\fritzbox-usb-fernanschluss.exe FirewallRules: [{C6678117-7A35-4AE5-A677-8433A92E88A2}] => (Allow) C:\Users\benjamka\AppData\Local\Apps\2.0\422DB9VB.QPA\KCW72ZC9.DW9\frit..tion_1acae14e4778b8d2_0002.0003_6dcb4a48ddb2ee39\fritzbox-usb-fernanschluss.exe FirewallRules: [TCP Query User{8D8DCD9C-5994-4CBC-90D2-FDD63A2A4A80}C:\program files (x86)\myphoneexplorer\myphoneexplorer.exe] => (Allow) C:\program files (x86)\myphoneexplorer\myphoneexplorer.exe FirewallRules: [UDP Query User{B27ED4E2-B59D-486A-8526-719F80E23CAC}C:\program files (x86)\myphoneexplorer\myphoneexplorer.exe] => (Allow) C:\program files (x86)\myphoneexplorer\myphoneexplorer.exe FirewallRules: [TCP Query User{8AA0389B-D88D-4258-BB47-869BBFF7F547}C:\program files (x86)\myphoneexplorer\myphoneexplorer.exe] => (Allow) C:\program files (x86)\myphoneexplorer\myphoneexplorer.exe FirewallRules: [UDP Query User{7CB416AF-ECBC-4AC7-99ED-F6369D7FE7DD}C:\program files (x86)\myphoneexplorer\myphoneexplorer.exe] => (Allow) C:\program files (x86)\myphoneexplorer\myphoneexplorer.exe FirewallRules: [{ED0A0AE5-9288-4F8C-90C2-58E91CC48307}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe FirewallRules: [{A70AB663-1A21-41F4-A0EF-6408C418ED3C}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe FirewallRules: [{2AE23FEB-2DB7-49EB-ADBC-06026A976947}] => (Allow) C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe FirewallRules: [{20843831-991E-4452-B606-916DF6A2C163}] => (Allow) C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe FirewallRules: [{D614FBCD-8932-4A15-AFD6-145F2D7F5622}] => (Allow) C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe FirewallRules: [{C7087D5D-CFDC-42AF-8B42-9123E6A48EE1}] => (Allow) C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe FirewallRules: [{4FDC107C-92E7-481D-ADA7-4E9688AC5B3D}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe FirewallRules: [{2A802569-8847-4BAD-B985-A1259E64E879}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe FirewallRules: [TCP Query User{6798A8E8-1689-49AC-A3CB-45C5A2B4D8DF}C:\program files (x86)\xmind\xmind.exe] => (Block) C:\program files (x86)\xmind\xmind.exe FirewallRules: [UDP Query User{42E56A99-7257-4A61-9409-735A688E1E5D}C:\program files (x86)\xmind\xmind.exe] => (Block) C:\program files (x86)\xmind\xmind.exe FirewallRules: [{086C1F9A-EAF8-433A-9EB6-38835A5D6F9B}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe FirewallRules: [{B39F605D-7624-4FC1-96E0-56CFF1B7A75A}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe FirewallRules: [{42024F60-7C4C-49F5-9100-53A5BD952780}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe FirewallRules: [{63C4A8D5-AE82-4CED-AF04-D1CE54DEEA4E}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe FirewallRules: [TCP Query User{9343847B-823D-406E-8EF0-DDA067BABE4C}C:\program files (x86)\mozilla firefox\firefox.exe] => (Allow) C:\program files (x86)\mozilla firefox\firefox.exe FirewallRules: [UDP Query User{703F3735-EB12-4AE9-91C5-861A603A739C}C:\program files (x86)\mozilla firefox\firefox.exe] => (Allow) C:\program files (x86)\mozilla firefox\firefox.exe FirewallRules: [TCP Query User{3D4E75DF-1E7F-4FF5-B7AF-58EA8A4FF3BC}C:\program files (x86)\xmind\xmind.exe] => (Allow) C:\program files (x86)\xmind\xmind.exe FirewallRules: [UDP Query User{730F680A-9F93-496B-BBDD-45DCC5B737D8}C:\program files (x86)\xmind\xmind.exe] => (Allow) C:\program files (x86)\xmind\xmind.exe FirewallRules: [{F108CA64-DB8D-461D-A2F1-F046D0E34A4E}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hposid01.exe FirewallRules: [{01665006-C410-4A51-825C-8EE9584EEF2E}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqkygrp.exe FirewallRules: [{6E21E433-8E73-4352-9706-8038C7C56DE0}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpfccopy.exe FirewallRules: [{A755771B-BB5C-4B92-A3C0-1961F9297838}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpoews01.exe FirewallRules: [{0224646B-7B76-447A-90B1-FA9BD06733F3}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpiscnapp.exe FirewallRules: [{B27425B9-2E2A-4DC5-986A-62190D84B0A7}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe FirewallRules: [{C42DF63F-84E3-48BC-A5F8-1BCF05462D8E}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqste08.exe FirewallRules: [{B4C011C8-3310-4180-A289-BB6EC225906F}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpofxm08.exe FirewallRules: [{E01EFA1A-E680-47EC-B4A4-42E8843BFBAF}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hposfx08.exe FirewallRules: [{AC0BC2B0-49C4-4F97-B52B-DBDBCEA42266}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpzwiz01.exe FirewallRules: [{3B8611BD-2B58-4688-BC26-894590614A06}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpofxs08.exe FirewallRules: [{D3C91DD3-D003-44E7-8CD2-F784E934685A}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqfxt08.exe FirewallRules: [{8EDA2C51-9765-42B4-A010-35A7DE6AEA20}] => (Allow) C:\Program Files (x86)\HP\hp software update\hpwucli.exe FirewallRules: [{92404291-EDF3-4B0D-9FC8-C6C00487F9AA}] => (Allow) C:\Program Files (x86)\HP\digital imaging\smart web printing\smartwebprintexe.exe FirewallRules: [{45C1BA4C-B108-4C7A-AA32-343A321A483E}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe FirewallRules: [{2C4083D5-3893-4DE7-883E-2CA61B6A02CF}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe] => Enabled:Spybot - Search & Destroy tray access StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe] => Enabled:Spybot-S&D 2 Scanner Service StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe] => Enabled:Spybot-S&D 2 Updater StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe] => Enabled:Spybot-S&D 2 Background update service ==================== Wiederherstellungspunkte ========================= ==================== Fehlerhafte Geräte im Gerätemanager ============= Name: Officejet 4500 G510n-z Description: Officejet 4500 G510n-z Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318} Manufacturer: HP Service: Problem: : This device is disabled. (Code 22) Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions. Name: TeamViewer VPN Adapter Description: TeamViewer VPN Adapter Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318} Manufacturer: TeamViewer GmbH Service: teamviewervpn Problem: : This device is disabled. (Code 22) Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions. Name: SBRE Description: SBRE Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1} Manufacturer: Service: SBRE Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24) Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed. Devices stay in this state if they have been prepared for removal. After you remove the device, this error disappears.Remove the device, and this error should be resolved. Name: Officejet 4500 G510n-z Description: Officejet 4500 G510n-z Class Guid: {6bdd1fc6-810f-11d0-bec7-08002be2092f} Manufacturer: HP Service: StillCam Problem: : This device is disabled. (Code 22) Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions. ==================== Fehlereinträge in der Ereignisanzeige: ========================= Applikationsfehler: ================== Error: (01/22/2016 01:35:08 PM) (Source: SideBySide) (EventID: 80) (User: ) Description: Fehler beim Generieren des Aktivierungskontexts für "C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest2" in Zeile C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest3. Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion. In Konflikt stehende Komponenten:. Komponente 1: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest. Komponente 2: C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest. Error: (01/22/2016 11:44:03 AM) (Source: SideBySide) (EventID: 80) (User: ) Description: Fehler beim Generieren des Aktivierungskontexts für "C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest2" in Zeile C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest3. Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion. In Konflikt stehende Komponenten:. Komponente 1: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest. Komponente 2: C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest. Error: (01/22/2016 11:44:03 AM) (Source: SideBySide) (EventID: 80) (User: ) Description: Fehler beim Generieren des Aktivierungskontexts für "C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest2" in Zeile C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest3. Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion. In Konflikt stehende Komponenten:. Komponente 1: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest. Komponente 2: C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest. Error: (01/20/2016 02:41:40 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (01/20/2016 02:39:19 PM) (Source: Application Hang) (EventID: 1002) (User: ) Description: Programm Explorer.EXE, Version 6.1.7601.17567 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: 5d8 Startzeit: 01d1535cbc581d67 Endzeit: 202 Anwendungspfad: C:\windows\Explorer.EXE Berichts-ID: 67f6fe8a-bf79-11e5-8c4c-e89d87f3862a Error: (01/20/2016 09:22:01 AM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (01/19/2016 09:02:29 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Name der fehlerhaften Anwendung: plugin-container.exe, Version: 43.0.4.5848, Zeitstempel: 0x568c88bd Name des fehlerhaften Moduls: mozglue.dll, Version: 43.0.4.5848, Zeitstempel: 0x568c7b16 Ausnahmecode: 0x80000003 Fehleroffset: 0x0000ed44 ID des fehlerhaften Prozesses: 0x2008 Startzeit der fehlerhaften Anwendung: 0xplugin-container.exe0 Pfad der fehlerhaften Anwendung: plugin-container.exe1 Pfad des fehlerhaften Moduls: plugin-container.exe2 Berichtskennung: plugin-container.exe3 Error: (01/19/2016 09:02:26 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Name der fehlerhaften Anwendung: plugin-container.exe, Version: 43.0.4.5848, Zeitstempel: 0x568c88bd Name des fehlerhaften Moduls: mozglue.dll, Version: 43.0.4.5848, Zeitstempel: 0x568c7b16 Ausnahmecode: 0x80000003 Fehleroffset: 0x0000ed44 ID des fehlerhaften Prozesses: 0xd90 Startzeit der fehlerhaften Anwendung: 0xplugin-container.exe0 Pfad der fehlerhaften Anwendung: plugin-container.exe1 Pfad des fehlerhaften Moduls: plugin-container.exe2 Berichtskennung: plugin-container.exe3 Error: (01/19/2016 10:56:39 AM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (01/19/2016 03:02:20 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: Name der fehlerhaften Anwendung: plugin-container.exe, Version: 43.0.4.5848, Zeitstempel: 0x568c88bd Name des fehlerhaften Moduls: mozglue.dll, Version: 43.0.4.5848, Zeitstempel: 0x568c7b16 Ausnahmecode: 0x80000003 Fehleroffset: 0x0000ed44 ID des fehlerhaften Prozesses: 0xfe8 Startzeit der fehlerhaften Anwendung: 0xplugin-container.exe0 Pfad der fehlerhaften Anwendung: plugin-container.exe1 Pfad des fehlerhaften Moduls: plugin-container.exe2 Berichtskennung: plugin-container.exe3 Systemfehler: ============= Error: (01/22/2016 11:54:51 AM) (Source: volsnap) (EventID: 36) (User: ) Description: Die Schattenkopien von Volume "C:" wurden abgebrochen, weil der Schattenkopiespeicher nicht auf ein benutzerdefiniertes Limit vergrößert werden konnte. Error: (01/20/2016 02:41:49 PM) (Source: Service Control Manager) (EventID: 7026) (User: ) Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen: SBRE Error: (01/20/2016 09:22:09 AM) (Source: Service Control Manager) (EventID: 7026) (User: ) Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen: SBRE Error: (01/19/2016 09:07:09 PM) (Source: volsnap) (EventID: 36) (User: ) Description: Die Schattenkopien von Volume "C:" wurden abgebrochen, weil der Schattenkopiespeicher nicht auf ein benutzerdefiniertes Limit vergrößert werden konnte. Error: (01/19/2016 01:41:25 PM) (Source: DCOM) (EventID: 10010) (User: ) Description: {F9717507-6651-4EDB-BFF7-AE615179BCCF} Error: (01/19/2016 10:56:47 AM) (Source: Service Control Manager) (EventID: 7026) (User: ) Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen: SBRE Error: (01/19/2016 04:48:56 AM) (Source: volsnap) (EventID: 36) (User: ) Description: Die Schattenkopien von Volume "C:" wurden abgebrochen, weil der Schattenkopiespeicher nicht auf ein benutzerdefiniertes Limit vergrößert werden konnte. Error: (01/18/2016 01:27:55 PM) (Source: volsnap) (EventID: 36) (User: ) Description: Die Schattenkopien von Volume "C:" wurden abgebrochen, weil der Schattenkopiespeicher nicht auf ein benutzerdefiniertes Limit vergrößert werden konnte. Error: (01/18/2016 12:04:03 PM) (Source: Service Control Manager) (EventID: 7026) (User: ) Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen: SBRE Error: (01/18/2016 05:04:36 AM) (Source: Service Control Manager) (EventID: 7026) (User: ) Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen: SBRE CodeIntegrity: =================================== Date: 2013-11-30 00:45:47.691 Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\SysWOW64\drivers\NetgearUDSMBus.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert. Date: 2013-11-30 00:45:47.629 Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\SysWOW64\drivers\NetgearUDSMBus.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert. Date: 2013-11-30 00:45:47.520 Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\SysWOW64\drivers\NetgearUDSMBus.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert. Date: 2013-11-30 00:45:47.457 Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\SysWOW64\drivers\NetgearUDSMBus.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert. Date: 2013-11-29 23:58:18.780 Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\SysWOW64\drivers\NetgearUDSMBus.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert. Date: 2013-11-29 23:58:18.702 Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\SysWOW64\drivers\NetgearUDSMBus.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert. Date: 2013-11-29 23:58:18.624 Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\SysWOW64\drivers\NetgearUDSMBus.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert. Date: 2013-11-29 23:58:18.562 Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\SysWOW64\drivers\NetgearUDSMBus.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert. ==================== Speicherinformationen =========================== Prozessor: Intel(R) Core(TM) i5-2410M CPU @ 2.30GHz Prozentuale Nutzung des RAM: 80% Installierter physikalischer RAM: 4069.43 MB Verfügbarer physikalischer RAM: 799.09 MB Summe virtueller Speicher: 7465.71 MB Verfügbarer virtueller Speicher: 2265.8 MB ==================== Laufwerke ================================ Drive c: (System) (Fixed) (Total:103.23 GB) (Free:3.1 GB) NTFS ==>[System mit Startkomponenten (eingeholt von Laufwerk)] Drive e: () (Removable) (Total:29.02 GB) (Free:22.25 GB) FAT32 Drive k: (Bunker) (Fixed) (Total:931.51 GB) (Free:137.68 GB) NTFS Drive y: (BeneNAS) (Network) (Total:2746.22 GB) (Free:861.72 GB) NTFS ==================== MBR & Partitionstabelle ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 119.2 GB) (Disk ID: 749600A5) Partition 1: (Active) - (Size=1.5 GB) - (Type=27) Partition 2: (Not Active) - (Size=103.2 GB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=14.5 GB) - (Type=17) ======================================================== Disk: 1 (MBR Code: Windows XP) (Size: 931.5 GB) (Disk ID: FEB4A2EE) Partition 1: (Not Active) - (Size=931.5 GB) - (Type=07 NTFS) ======================================================== Disk: 2 (Size: 29 GB) (Disk ID: 00000000) Partition: GPT. ==================== Ende von Addition.txt ============================ |
25.01.2016, 16:13 | #22 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Adware ADWARE/AddLyrics.Gen... / Mind. sechs Viren gefunden Deinstaliere: Avira, Lavasoft Ad-Aware und Spybot. Sind alles Tools die wir nicht empfehlen, schon lange nicht mehr empfehlen und/oder bei der Bereinigung überhaupt keine Rolle spielen gar eher kontraproduktiv sind. Wenn wir hier durch sind, kannst du ein anderes AV installieren. Gib bitte Bescheid wenn die Programme deinstalliert sind.
__________________ Logfiles bitte immer in CODE-Tags posten |
25.01.2016, 19:39 | #24 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Adware ADWARE/AddLyrics.Gen... / Mind. sechs Viren gefunden MBAM ist kein "echtes" AV. CCleaner hat rein garnix damit zu tun. Es löscht doch nur Temp- und andere unnötige Dateien! Dann zeig mal frische FRST Logs. Haken setzen bei addition.txt dann auf Untersuchen klicken
__________________ Logfiles bitte immer in CODE-Tags posten |
25.01.2016, 20:58 | #25 |
| Adware ADWARE/AddLyrics.Gen... / Mind. sechs Viren gefunden Alles klar. Hier die neue Logfile von FRST Code:
ATTFilter Untersuchungsergebnis von Farbar Recovery Scan Tool (FRST) (x64) Version:18-01-2016 durchgeführt von benjamka (Administrator) auf BBKLAPTOP (25-01-2016 20:54:14) Gestartet von C:\Users\benjamka\Downloads Geladene Profile: benjamka (Verfügbare Profile: benjamka & BBK 64 & Hombre & Gast) Platform: Windows 7 Home Premium Service Pack 1 (X64) Sprache: Deutsch (Deutschland) Internet Explorer Version 11 (Standard-Browser: FF) Start-Modus: Normal Anleitung für Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Prozesse (Nicht auf der Ausnahmeliste) ================= (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Prozess geschlossen. Die Datei wird nicht verschoben.) (AMD) C:\Windows\System32\atiesrxx.exe (AMD) C:\Windows\System32\atieclxx.exe (Microsoft Corporation) C:\Windows\System32\wlanext.exe (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe (Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe () C:\Program Files (x86)\NETGEAR\USB Media Extender\SetQos.exe (pdfforge GbR) C:\Program Files (x86)\PDF Architect\HelperService.exe (pdfforge GbR) C:\Program Files (x86)\PDF Architect\ConversionService.exe () C:\Windows\SysWOW64\PnkBstrA.exe () C:\Program Files (x86)\Second Copy 8\SCVSSSvc.exe () C:\Program Files (x86)\Synology Data Replicator 3\SynoDrServicex64.exe (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe (TOSHIBA Corporation) C:\Windows\System32\TODDSrv.exe (TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (WIBU-SYSTEMS AG) C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe (TOSHIBA Corporation) C:\Program Files\TOSHIBA\TECO\TecoService.exe (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE (Microsoft Corporation) C:\Windows\System32\rundll32.exe (Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe (TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA Intelligent Display Management\TDLPowerCtrl.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\Apoint.exe (TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe (TOSHIBA Corporation) C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe (TOSHIBA Corporation) C:\Program Files\TOSHIBA\BulletinBoard\TosNcCore.exe () C:\Program Files (x86)\ownCloud\owncloud.exe (TOSHIBA CORPORATION.) C:\Program Files (x86)\TOSHIBA\Bluetooth Toshiba Stack\TosBtMng.exe (Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\ApMsgFwd.exe (Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe () C:\Program Files (x86)\Canon\ImageBrowser EX\MFManager.exe (Dropbox, Inc.) C:\Users\benjamka\AppData\Roaming\Dropbox\bin\Dropbox.exe (Microsoft Corporation) C:\Program Files (x86)\Microsoft Office 2007\Office12\ONENOTEM.EXE (Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\ApntEx.exe (Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\hidfind.exe (TOSHIBA Corporation) C:\Program Files (x86)\TOSHIBA\TNROTATE\TNROTATE.exe (TOSHIBA Corporation) C:\Program Files (x86)\TOSHIBA\Sync Utility\TosSyncScheduler.exe () C:\Program Files (x86)\NETGEAR\USB Media Extender\Control Center.exe (Geek Software GmbH) C:\Program Files (x86)\PDF24\pdf24.exe (Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe (Advanced Micro Devices Inc.) C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\MOM.exe (Advanced Micro Devices Inc.) C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\CCC.exe (TOSHIBA CORPORATION) C:\Program Files (x86)\TOSHIBA\Bluetooth Toshiba Stack\TosBtSrv.exe (TOSHIBA CORPORATION.) C:\Program Files (x86)\TOSHIBA\Bluetooth Toshiba Stack\TosA2dp.exe (TOSHIBA CORPORATION.) C:\Program Files (x86)\TOSHIBA\Bluetooth Toshiba Stack\TosBtHid.exe (TOSHIBA CORPORATION.) C:\Program Files (x86)\TOSHIBA\Bluetooth Toshiba Stack\TosBtAvAC.exe (TOSHIBA CORPORATION.) C:\Program Files (x86)\TOSHIBA\Bluetooth Toshiba Stack\TosBtHSP.exe (Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqste08.exe (TOSHIBA CORPORATION) C:\Program Files (x86)\TOSHIBA\ConfigFree\NDSTray.exe (Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (TOSHIBA CORPORATION) C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSwMgr.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe (TOSHIBA CORPORATION) C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe (TOSHIBA CORPORATION) C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe (TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe ==================== Registry (Nicht auf der Ausnahmeliste) =========================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt. Die Datei wird nicht verschoben.) HKLM\...\Run: [] => [X] HKLM\...\Run: [TDLPowerCtrl] => C:\Program Files\TOSHIBA\TOSHIBA Intelligent Display Management\TDLPowerCtrl.exe [498120 2011-01-24] (TOSHIBA Corporation) HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11775592 2011-01-19] (Realtek Semiconductor) HKLM\...\Run: [Apoint] => C:\Program Files\Apoint2K\Apoint.exe [328048 2011-01-21] (Alps Electric Co., Ltd.) HKLM\...\Run: [TPwrMain] => C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXE [566696 2011-03-02] (TOSHIBA Corporation) HKLM\...\Run: [HSON] => C:\Program Files\TOSHIBA\TBS\HSON.exe [296824 2010-09-25] (TOSHIBA Corporation) HKLM\...\Run: [TCrdMain] => C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe [967544 2011-03-09] (TOSHIBA Corporation) HKLM\...\Run: [TosSENotify] => C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe [710040 2010-12-08] (TOSHIBA Corporation) HKLM\...\Run: [TosVolRegulator] => C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe [24376 2009-11-11] (TOSHIBA Corporation) HKLM\...\Run: [TosNC] => C:\Program Files\Toshiba\BulletinBoard\TosNcCore.exe [597928 2011-03-03] (TOSHIBA Corporation) HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [472984 2013-06-03] (Adobe Systems Incorporated) HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe [40336 2015-09-24] (Adobe Systems Incorporated) HKLM-x32\...\Run: [TWebCamera] => C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe [2475384 2011-01-17] (TOSHIBA CORPORATION.) HKLM-x32\...\Run: [TNRotate] => C:\Program Files (x86)\TOSHIBA\TNRotate\TNRotate.exe [607688 2010-11-25] (TOSHIBA Corporation) HKLM-x32\...\Run: [TSleepSrv] => C:\Program Files (x86)\TOSHIBA\TOSHIBA Sleep Utility\TSleepSrv.exe [252792 2010-06-05] (TOSHIBA) HKLM-x32\...\Run: [TSUScheduler] => C:\Program Files (x86)\TOSHIBA\Sync Utility\TosSyncScheduler.exe [923000 2010-05-11] (TOSHIBA Corporation) HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office 2007\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation) HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2012-04-18] (Apple Inc.) HKLM-x32\...\Run: [Netgear UDS Control Center] => C:\Program Files (x86)\NETGEAR\USB Media Extender\Control Center.exe [22641664 2012-06-25] () HKLM-x32\...\Run: [PDFPrint] => C:\Program Files (x86)\PDF24\pdf24.exe [217632 2015-07-21] (Geek Software GmbH) HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard) HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\amd64\CLIStart.exe [767176 2015-08-04] (Advanced Micro Devices, Inc.) HKU\S-1-5-19\...\Run: [TOPI.EXE] => C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe [845176 2011-02-18] (TOSHIBA) HKU\S-1-5-20\...\Run: [TOPI.EXE] => C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe [845176 2011-02-18] (TOSHIBA) HKU\S-1-5-21-50433080-710429258-2441499552-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [7394584 2014-12-12] (Piriform Ltd) HKU\S-1-5-21-50433080-710429258-2441499552-1000\...\Run: [Dropbox Update] => C:\Users\benjamka\AppData\Local\Dropbox\Update\DropboxUpdate.exe [134512 2015-06-16] (Dropbox, Inc.) HKU\S-1-5-21-50433080-710429258-2441499552-1000\...\Run: [SpybotPostWindows10UpgradeReInstall] => C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe [1011200 2015-07-28] (Safer-Networking Ltd.) HKU\S-1-5-21-50433080-710429258-2441499552-1000\...\Run: [ownCloud] => C:\Program Files (x86)\ownCloud\owncloud.exe [1890830 2015-12-03] () HKU\S-1-5-18\...\Run: [TOPI.EXE] => C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe [845176 2011-02-18] (TOSHIBA) ShellIconOverlayIdentifiers: [ OCError] -> {0960F090-F328-48A3-B746-276B1E3C3722} => C:\Program Files (x86)\ownCloud\shellext\OCOverlays_x64.dll [2015-06-19] (ownCloud Inc.) ShellIconOverlayIdentifiers: [ OCErrorShared] -> {0960F091-F328-48A3-B746-276B1E3C3722} => C:\Program Files (x86)\ownCloud\shellext\OCOverlays_x64.dll [2015-06-19] (ownCloud Inc.) ShellIconOverlayIdentifiers: [ OCOK] -> {0960F092-F328-48A3-B746-276B1E3C3722} => C:\Program Files (x86)\ownCloud\shellext\OCOverlays_x64.dll [2015-06-19] (ownCloud Inc.) ShellIconOverlayIdentifiers: [ OCOKShared] -> {0960F093-F328-48A3-B746-276B1E3C3722} => C:\Program Files (x86)\ownCloud\shellext\OCOverlays_x64.dll [2015-06-19] (ownCloud Inc.) ShellIconOverlayIdentifiers: [ OCSync] -> {0960F094-F328-48A3-B746-276B1E3C3722} => C:\Program Files (x86)\ownCloud\shellext\OCOverlays_x64.dll [2015-06-19] (ownCloud Inc.) ShellIconOverlayIdentifiers: [ OCSyncShared] -> {0960F095-F328-48A3-B746-276B1E3C3722} => C:\Program Files (x86)\ownCloud\shellext\OCOverlays_x64.dll [2015-06-19] (ownCloud Inc.) ShellIconOverlayIdentifiers: [ OCWarning] -> {0960F096-F328-48A3-B746-276B1E3C3722} => C:\Program Files (x86)\ownCloud\shellext\OCOverlays_x64.dll [2015-06-19] (ownCloud Inc.) ShellIconOverlayIdentifiers: [ OCWarningShared] -> {0960F097-F328-48A3-B746-276B1E3C3722} => C:\Program Files (x86)\ownCloud\shellext\OCOverlays_x64.dll [2015-06-19] (ownCloud Inc.) ShellIconOverlayIdentifiers: [01UnsuppModule] -> {AEB16659-2125-4ADA-A4AB-45EE21E86469} => C:\Users\benjamka\AppData\Local\CloudStation\app\icon-overlay\10\x64\iconOverlay.dll [2015-01-07] (TODO: <Company name>) ShellIconOverlayIdentifiers: [02SyncingModule] -> {48AB5ADA-36B1-4137-99C9-2BD97F8788AB} => C:\Users\benjamka\AppData\Local\CloudStation\app\icon-overlay\10\x64\iconOverlay.dll [2015-01-07] (TODO: <Company name>) ShellIconOverlayIdentifiers: [03SyncedModule] -> {472CE1AD-5D53-4BCF-A1FB-3982A5F55138} => C:\Users\benjamka\AppData\Local\CloudStation\app\icon-overlay\10\x64\iconOverlay.dll [2015-01-07] (TODO: <Company name>) ShellIconOverlayIdentifiers: [04ReadOnlyModule] -> {A433C3E0-8B24-40EB-93C3-4B10D9959F58} => C:\Users\benjamka\AppData\Local\CloudStation\app\icon-overlay\10\x64\iconOverlay.dll [2015-01-07] (TODO: <Company name>) ShellIconOverlayIdentifiers: [05NoPermModule] -> {C701AD67-3DF0-47C9-89CB-DFA6207BE229} => C:\Users\benjamka\AppData\Local\CloudStation\app\icon-overlay\10\x64\iconOverlay.dll [2015-01-07] (TODO: <Company name>) ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\benjamka\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll [2015-12-08] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\benjamka\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll [2015-12-08] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\benjamka\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll [2015-12-08] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\benjamka\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll [2015-12-08] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\benjamka\AppData\Roaming\Dropbox\bin\DropboxExt.28.dll [2015-12-08] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\benjamka\AppData\Roaming\Dropbox\bin\DropboxExt.28.dll [2015-12-08] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\benjamka\AppData\Roaming\Dropbox\bin\DropboxExt.28.dll [2015-12-08] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [Groove Explorer Icon Overlay 1 (GFS Unread Stub)] -> {99FD978C-D287-4F50-827F-B2C658EDA8E7} => C:\Program Files (x86)\Microsoft Office 2007\Office12\GrooveShellExtensions.dll [2009-02-26] (Microsoft Corporation) ShellIconOverlayIdentifiers-x32: [Groove Explorer Icon Overlay 2 (GFS Stub)] -> {AB5C5600-7E6E-4B06-9197-9ECEF74D31CC} => C:\Program Files (x86)\Microsoft Office 2007\Office12\GrooveShellExtensions.dll [2009-02-26] (Microsoft Corporation) ShellIconOverlayIdentifiers-x32: [Groove Explorer Icon Overlay 2.5 (GFS Unread Folder)] -> {920E6DB1-9907-4370-B3A0-BAFC03D81399} => C:\Program Files (x86)\Microsoft Office 2007\Office12\GrooveShellExtensions.dll [2009-02-26] (Microsoft Corporation) ShellIconOverlayIdentifiers-x32: [Groove Explorer Icon Overlay 3 (GFS Folder)] -> {16F3DD56-1AF5-4347-846D-7C10C4192619} => C:\Program Files (x86)\Microsoft Office 2007\Office12\GrooveShellExtensions.dll [2009-02-26] (Microsoft Corporation) ShellIconOverlayIdentifiers-x32: [Groove Explorer Icon Overlay 4 (GFS Unread Mark)] -> {2916C86E-86A6-43FE-8112-43ABE6BF8DCC} => C:\Program Files (x86)\Microsoft Office 2007\Office12\GrooveShellExtensions.dll [2009-02-26] (Microsoft Corporation) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk [2012-02-02] ShortcutTarget: Adobe Gamma Loader.lnk -> C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth Manager.lnk [2015-11-06] ShortcutTarget: Bluetooth Manager.lnk -> C:\Program Files (x86)\TOSHIBA\Bluetooth Toshiba Stack\TosBtMng.exe (TOSHIBA CORPORATION.) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk [2015-08-09] ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\ImageBrowser EX Agent.lnk [2013-12-29] ShortcutTarget: ImageBrowser EX Agent.lnk -> C:\Program Files (x86)\Canon\ImageBrowser EX\MFManager.exe () Startup: C:\Users\BBK 64\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk [2011-08-13] ShortcutTarget: TRDCReminder.lnk -> C:\Program Files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe) Startup: C:\Users\benjamka\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2015-12-11] ShortcutTarget: Dropbox.lnk -> C:\Users\benjamka\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) Startup: C:\Users\benjamka\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk [2012-02-19] ShortcutTarget: OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk -> C:\Program Files (x86)\Microsoft Office 2007\Office12\ONENOTEM.EXE (Microsoft Corporation) Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk [2011-08-13] ShortcutTarget: TRDCReminder.lnk -> C:\Program Files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe) Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk [2011-08-13] ShortcutTarget: TRDCReminder.lnk -> C:\Program Files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe) Startup: C:\Users\Gast\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk [2011-08-13] ShortcutTarget: TRDCReminder.lnk -> C:\Program Files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe) Startup: C:\Users\Hombre\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk [2011-08-13] ShortcutTarget: TRDCReminder.lnk -> C:\Program Files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe) BootExecute: autocheck autochk * sdnclean64.exe ==================== Internet (Nicht auf der Ausnahmeliste) ==================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Eintrag entfernt oder auf den Standardwert zurückgesetzt, wenn es sich um einen Registryeintrag handelt.) Tcpip\Parameters: [DhcpNameServer] 192.168.178.1 Tcpip\..\Interfaces\{6F3EF3E1-6473-4698-9280-C471DE069571}: [DhcpNameServer] 192.168.178.1 Tcpip\..\Interfaces\{EF8C008F-760B-40DB-AA0D-C662DC07F9EF}: [DhcpNameServer] 192.168.178.1 Internet Explorer: ================== HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Beschränkung <======= ACHTUNG HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://search.avira.net/#web/result?source=art&q= HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxps://search.avira.net/#web/result?source=art&q= HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxps://search.avira.net/#web/result?source=art&q= HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxps://search.avira.net/#web/result?source=art&q= HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxps://search.avira.net/#web/result?source=art&q= HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxps://search.avira.net/#web/result?source=art&q= HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxps://search.avira.net/#web/result?source=art&q= HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxps://search.avira.net/#web/result?source=art&q= HKU\S-1-5-21-50433080-710429258-2441499552-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://search.avira.net/#web/result?source=art&q= HKU\S-1-5-21-50433080-710429258-2441499552-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxps://search.avira.net/#web/result?source=art&q= HKU\S-1-5-21-50433080-710429258-2441499552-1000\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://toshiba.eu/places?touch=4&cat=1 HKU\S-1-5-21-50433080-710429258-2441499552-1000\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxps://search.avira.net/#web/result?source=art&q= SearchScopes: HKLM -> DefaultScope {61A6F76C-F0EE-4F58-A7A4-EA3E809AAAE4} URL = hxxp://www.bing.com/search?q={searchTerms}&form=TSHMDF&pc=MATM&src=IE-SearchBox SearchScopes: HKLM -> {61A6F76C-F0EE-4F58-A7A4-EA3E809AAAE4} URL = hxxp://www.bing.com/search?q={searchTerms}&form=TSHMDF&pc=MATM&src=IE-SearchBox SearchScopes: HKLM-x32 -> DefaultScope Wert fehlt SearchScopes: HKLM-x32 -> {61A6F76C-F0EE-4F58-A7A4-EA3E809AAAE4} URL = hxxp://www.bing.com/search?q={searchTerms}&form=TSHMDF&pc=MATM&src=IE-SearchBox SearchScopes: HKU\S-1-5-21-50433080-710429258-2441499552-1000 -> DefaultScope {61A6F76C-F0EE-4F58-A7A4-EA3E809AAAE4} URL = SearchScopes: HKU\S-1-5-21-50433080-710429258-2441499552-1000 -> {29AA9FFF-B981-40A6-8F74-F02CAD29809D} URL = hxxp://rover.ebay.com/rover/1/707-44556-9400-9/4?satitle={searchTerms} SearchScopes: HKU\S-1-5-21-50433080-710429258-2441499552-1000 -> {61A6F76C-F0EE-4F58-A7A4-EA3E809AAAE4} URL = SearchScopes: HKU\S-1-5-21-50433080-710429258-2441499552-1000 -> {895F93D1-22C5-4CCF-8735-43F9FF5FBF91} URL = hxxp://www.amazon.de/gp/search?ie=UTF8&keywords={searchTerms}&tag=tochibade-win7-ie-search-21&index=blended&linkCode=ur2 BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_31\bin\ssv.dll [2015-01-28] (Oracle Corporation) BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.) BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_31\bin\jp2ssv.dll [2015-01-28] (Oracle Corporation) BHO-x32: HP Print Enhancer -> {0347C33E-8762-4905-BF09-768834316C61} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll [2009-05-21] (Hewlett-Packard Co.) BHO-x32: PDF Architect Helper -> {3A2D5EBA-F86D-4BD3-A177-019765996711} -> C:\Program Files (x86)\PDF Architect\PDFIEHelper.dll [2012-11-22] (pdfforge GbR) BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office 2007\Office12\GrooveShellExtensions.dll [2009-02-26] (Microsoft Corporation) BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.) BHO-x32: TOSHIBA Media Controller Plug-in -> {F3C88694-EFFA-4d78-B409-54B7B2535B14} -> C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll [2010-12-05] (<TOSHIBA>) BHO-x32: HP Smart BHO Class -> {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll [2009-05-21] (Hewlett-Packard Co.) DPF: HKLM-x32 {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} Handler-x32: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office 2007\Office12\GrooveSystemServices.dll [2009-02-26] (Microsoft Corporation) Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2012-01-17] (Skype Technologies S.A.) Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2014-05-02] (Skype Technologies) FireFox: ======== FF ProfilePath: C:\Users\benjamka\AppData\Roaming\Mozilla\Firefox\Profiles\2sdewnmb.Bene FF NewTab: hxxp://www.bing.com/?pc=COSP&ptag=D011916-AD42D1DB7E9&form=CONMHP&conlogo=CT3334497 FF SelectedSearchEngine: Bing® FF Homepage: www.google.de FF Session Restore: -> ist aktiviert. FF NetworkProxy: "type", 0 FF Plugin: @adobe.com/FlashPlayer -> C:\windows\system32\Macromed\Flash\NPSWF64_20_0_0_286.dll [2016-01-19] () FF Plugin: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll [2015-01-28] (Oracle Corporation) FF Plugin: @java.com/JavaPlugin -> C:\Program Files\Java\jre1.8.0_31\bin\new_plugin\npjp2.dll [Keine Datei] FF Plugin: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files\Java\jre1.8.0_31\bin\plugin2\npjp2.dll [2015-01-28] (Oracle Corporation) FF Plugin: @microsoft.com/GENUINE -> disabled [Keine Datei] FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-11] ( Microsoft Corporation) FF Plugin-x32: @adobe.com/FlashPlayer -> C:\windows\SysWOW64\Macromed\Flash\NPSWF32_20_0_0_286.dll [2016-01-19] () FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2012-04-05] () FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf -> C:\PROGRAM FILES (X86)\FOXIT SOFTWARE\FOXIT READER\plugins\npFoxitReaderPlugin.dll [2015-02-11] (Foxit Corporation) FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:\PROGRAM FILES (X86)\FOXIT SOFTWARE\FOXIT READER\plugins\npFoxitReaderPlugin.dll [2015-02-11] (Foxit Corporation) FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xdp -> C:\PROGRAM FILES (X86)\FOXIT SOFTWARE\FOXIT READER\plugins\npFoxitReaderPlugin.dll [2015-02-11] (Foxit Corporation) FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xfdf -> C:\PROGRAM FILES (X86)\FOXIT SOFTWARE\FOXIT READER\plugins\npFoxitReaderPlugin.dll [2015-02-11] (Foxit Corporation) FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2013-10-07] (Google) FF Plugin-x32: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll [2015-01-28] (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\plugin2\npjp2.dll [2015-01-28] (Oracle Corporation) FF Plugin-x32: @microsoft.com/GENUINE -> disabled [Keine Datei] FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-11] ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll [2010-04-26] (Microsoft Corp.) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-04] (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-04] (Google Inc.) FF Plugin-x32: @videolan.org/vlc,version=2.0.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2014-07-23] (VideoLAN) FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2014-07-23] (VideoLAN) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2015-09-24] (Adobe Systems Inc.) FF SearchPlugin: C:\Users\benjamka\AppData\Roaming\Mozilla\Firefox\Profiles\104o7vav.default\searchplugins\google-deutschland.xml [2015-09-03] FF SearchPlugin: C:\Users\benjamka\AppData\Roaming\Mozilla\Firefox\Profiles\104o7vav.default\searchplugins\ixquick-https---deutsch.xml [2015-10-05] FF SearchPlugin: C:\Users\benjamka\AppData\Roaming\Mozilla\Firefox\Profiles\2sdewnmb.Bene\searchplugins\bing-lavasoft.xml [2016-01-19] FF Extension: Lavasoft Search Plugin - C:\Users\benjamka\AppData\Roaming\Mozilla\Firefox\Profiles\104o7vav.default\Extensions\jid1-yZwVFzbsyfMrqQ@jetpack [2013-01-15] [ist nicht signiert] FF Extension: Adblock Plus - C:\Users\benjamka\AppData\Roaming\Mozilla\Firefox\Profiles\104o7vav.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2015-09-25] FF Extension: BetterPrivacy - C:\Users\benjamka\AppData\Roaming\Mozilla\Firefox\Profiles\104o7vav.default\Extensions\{d40f5e7b-d2cf-4856-b441-cc613eeffbe3}.xpi [2015-09-17] FF Extension: Session Manager - C:\Users\benjamka\AppData\Roaming\Mozilla\Firefox\Profiles\2sdewnmb.Bene\Extensions\{1280606b-2510-4fe0-97ef-9b5a22eafe30}.xpi [2016-01-16] FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2016-01-07] [ist nicht signiert] FF HKLM-x32\...\Firefox\Extensions: [FFPDFArchitectConverter@pdfarchitect.com] - C:\Program Files (x86)\PDF Architect\FFPDFArchitectExt FF Extension: PDF Architect Converter For Firefox - C:\Program Files (x86)\PDF Architect\FFPDFArchitectExt [2012-12-10] [ist nicht signiert] FF HKLM-x32\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 FF Extension: HP Smart Web Printing - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2015-08-09] [ist nicht signiert] FF HKU\S-1-5-21-50433080-710429258-2441499552-1000\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 Chrome: ======= CHR HKU\S-1-5-21-50433080-710429258-2441499552-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [bknbnapaddjdnbilpmlacdkjdkjmbjhd] - hxxp://clients2.google.com/service/update2/crx CHR HKLM-x32\...\Chrome\Extension: [bknbnapaddjdnbilpmlacdkjdkjmbjhd] - hxxp://clients2.google.com/service/update2/crx CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx ==================== Dienste (Nicht auf der Ausnahmeliste) ======================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.) R3 hpqcxs08; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll [248832 2009-05-21] (Hewlett-Packard Co.) [Datei ist nicht signiert] R2 hpqddsvc; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll [133120 2009-05-21] (Hewlett-Packard Co.) [Datei ist nicht signiert] R2 HPSLPSVC; C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL [1039360 2010-10-22] (Hewlett-Packard Co.) [Datei ist nicht signiert] S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [73728 2004-10-22] (Macrovision Corporation) [Datei ist nicht signiert] S2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [1135416 2015-10-05] (Malwarebytes) S3 Microsoft Office Groove Audit Service; C:\Program Files (x86)\Microsoft Office 2007\Office12\GrooveAuditService.exe [64856 2009-02-26] (Microsoft Corporation) S2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2010-08-06] (Hewlett-Packard) [Datei ist nicht signiert] R2 NuSetQos; C:\Program Files (x86)\NETGEAR\USB Media Extender\\setqos.exe [718848 2012-06-15] () [Datei ist nicht signiert] R2 PDF Architect Helper Service; C:\Program Files (x86)\PDF Architect\HelperService.exe [1522312 2012-11-22] (pdfforge GbR) R2 PDF Architect Service; C:\Program Files (x86)\PDF Architect\ConversionService.exe [905864 2012-11-22] (pdfforge GbR) S2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2010-08-06] (Hewlett-Packard) [Datei ist nicht signiert] R2 PnkBstrA; C:\windows\SysWOW64\PnkBstrA.exe [76888 2015-03-03] () R2 SCVSSService; C:\Program Files (x86)\Second Copy 8\SCVSSSvc.exe [968448 2010-04-13] () R2 SynoDrService; C:\Program Files (x86)\Synology Data Replicator 3\SynoDrServicex64.exe [384072 2013-10-09] () S3 TemproMonitoringService; C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe [112080 2011-02-10] (Toshiba Europe GmbH) R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation) ===================== Treiber (Nicht auf der Ausnahmeliste) ========================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.) R3 avmaura; C:\Windows\System32\DRIVERS\avmaura.sys [116480 2013-11-08] (AVM Berlin) S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation) R0 gfibto; C:\Windows\System32\drivers\gfibto.sys [14456 2013-01-15] (GFI Software) R3 MBAMProtector; C:\windows\system32\drivers\mbam.sys [25816 2015-10-05] (Malwarebytes) S3 MBAMWebAccessControl; C:\windows\system32\drivers\mwac.sys [63704 2015-10-05] (Malwarebytes Corporation) R3 NetgearUDSMBus; C:\Windows\SysWow64\Drivers\NetgearUDSMBus.sys [106632 2012-06-15] (Windows (R) Codename Longhorn DDK provider) R3 NetgearUDSTcpBus; C:\Windows\SysWow64\Drivers\NetgearUDSTcpBus.sys [182920 2012-06-15] (Windows (R) Codename Longhorn DDK provider) S3 PcaSp50; C:\Windows\System32\Drivers\PcaSp50.sys [45624 2009-08-24] (Printing Communications Assoc., Inc. (PCAUSA)) R1 veracrypt; C:\Windows\System32\drivers\veracrypt.sys [195416 2015-10-08] (IDRIX) S1 SBRE; \??\C:\windows\system32\drivers\SBREdrv.sys [X] ==================== NetSvcs (Nicht auf der Ausnahmeliste) =================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.) ==================== Ein Monat: Erstellte Dateien und Ordner ======== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.) 2016-01-25 16:27 - 2016-01-25 16:27 - 00000000 ____H C:\ProgramData\cm-lock 2016-01-25 16:26 - 2016-01-25 16:26 - 00000085 _____ C:\windows\wininit.ini 2016-01-25 14:08 - 2016-01-25 16:06 - 00000000 ____D C:\Logsinf 2016-01-22 14:08 - 2016-01-25 20:54 - 00033379 _____ C:\Users\benjamka\Downloads\FRST.txt 2016-01-22 14:08 - 2016-01-22 14:08 - 02370560 _____ (Farbar) C:\Users\benjamka\Downloads\FRST64.exe 2016-01-20 14:08 - 2016-01-20 14:08 - 00003273 _____ C:\Users\benjamka\AppData\Local\recently-used.xbel 2016-01-19 21:03 - 2016-01-19 21:03 - 00000000 ____D C:\searchplugins 2016-01-19 21:02 - 2016-01-20 09:21 - 00002896 _____ C:\windows\SysWOW64\LavasoftTcpServiceOff.ini 2016-01-19 21:02 - 2016-01-20 09:21 - 00002896 _____ C:\windows\system32\LavasoftTcpServiceOff.ini 2016-01-19 21:02 - 2016-01-19 21:02 - 00425744 _____ (Lavasoft Limited) C:\windows\system32\LavasoftTcpService64.dll 2016-01-19 21:02 - 2016-01-19 21:02 - 00345360 _____ (Lavasoft Limited) C:\windows\SysWOW64\LavasoftTcpService.dll 2016-01-19 21:02 - 2016-01-19 21:02 - 00000000 ____D C:\Users\benjamka\AppData\Roaming\MPC-HC 2016-01-19 21:01 - 2016-01-19 21:01 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack 2016-01-19 21:01 - 2016-01-19 21:01 - 00000000 ____D C:\Program Files (x86)\K-Lite Codec Pack 2016-01-19 21:01 - 2015-12-18 11:00 - 00755200 _____ C:\windows\system32\xvidcore.dll 2016-01-19 21:01 - 2015-12-18 11:00 - 00674816 _____ C:\windows\SysWOW64\xvidcore.dll 2016-01-19 21:01 - 2015-12-18 11:00 - 00309248 _____ C:\windows\system32\xvidvfw.dll 2016-01-19 21:01 - 2015-12-18 11:00 - 00282112 _____ C:\windows\SysWOW64\xvidvfw.dll 2016-01-19 21:01 - 2015-10-24 18:00 - 00126976 _____ C:\windows\system32\ff_vfw.dll 2016-01-19 21:01 - 2015-10-24 18:00 - 00112128 _____ C:\windows\SysWOW64\ff_vfw.dll 2016-01-19 21:01 - 2015-02-28 17:22 - 03571200 _____ (x264vfw project) C:\windows\system32\x264vfw64.dll 2016-01-19 21:01 - 2015-02-28 17:21 - 03591680 _____ (x264vfw project) C:\windows\SysWOW64\x264vfw.dll 2016-01-19 21:01 - 2012-07-21 12:55 - 00180736 _____ (fccHandler) C:\windows\system32\ac3acm.acm 2016-01-19 21:01 - 2012-07-21 12:54 - 00122880 _____ (fccHandler) C:\windows\SysWOW64\ac3acm.acm 2016-01-19 21:01 - 2011-12-07 19:37 - 00148992 _____ ( ) C:\windows\system32\lagarith.dll 2016-01-19 21:01 - 2011-12-07 19:32 - 00216064 _____ ( ) C:\windows\SysWOW64\lagarith.dll 2016-01-19 20:57 - 2016-01-19 20:57 - 42013590 _____ ( ) C:\Users\benjamka\Downloads\K-Lite_Codec_Pack_1180_Mega.exe 2016-01-19 03:01 - 2016-01-19 03:01 - 00000000 ____D C:\Users\benjamka\AppData\Local\NokiaAccount 2016-01-16 19:15 - 2016-01-16 19:15 - 02529622 _____ C:\Users\benjamka\AppData\Local\[j0002]-[p23].bmp 2016-01-16 19:15 - 2016-01-16 19:15 - 02529622 _____ C:\Users\benjamka\AppData\Local\[j0002]-[p22].bmp 2016-01-16 19:15 - 2016-01-16 19:15 - 02529622 _____ C:\Users\benjamka\AppData\Local\[j0002]-[p21].bmp 2016-01-16 19:15 - 2016-01-16 19:15 - 02529622 _____ C:\Users\benjamka\AppData\Local\[j0002]-[p20].bmp 2016-01-16 19:15 - 2016-01-16 19:15 - 02529622 _____ C:\Users\benjamka\AppData\Local\[j0002]-[p19].bmp 2016-01-16 19:15 - 2016-01-16 19:15 - 02529622 _____ C:\Users\benjamka\AppData\Local\[j0002]-[p18].bmp 2016-01-16 19:15 - 2016-01-16 19:15 - 02529622 _____ C:\Users\benjamka\AppData\Local\[j0002]-[p17].bmp 2016-01-16 19:14 - 2016-01-16 19:15 - 02529622 _____ C:\Users\benjamka\AppData\Local\[j0002]-[p16].bmp 2016-01-16 19:14 - 2016-01-16 19:14 - 02529622 _____ C:\Users\benjamka\AppData\Local\[j0002]-[p15].bmp 2016-01-16 19:14 - 2016-01-16 19:14 - 02529622 _____ C:\Users\benjamka\AppData\Local\[j0002]-[p14].bmp 2016-01-16 19:14 - 2016-01-16 19:14 - 02529622 _____ C:\Users\benjamka\AppData\Local\[j0002]-[p13].bmp 2016-01-16 19:14 - 2016-01-16 19:14 - 02529622 _____ C:\Users\benjamka\AppData\Local\[j0002]-[p12].bmp 2016-01-16 19:14 - 2016-01-16 19:14 - 02529622 _____ C:\Users\benjamka\AppData\Local\[j0002]-[p11].bmp 2016-01-16 19:14 - 2016-01-16 19:14 - 02529622 _____ C:\Users\benjamka\AppData\Local\[j0002]-[p10].bmp 2016-01-16 19:14 - 2016-01-16 19:14 - 02529622 _____ C:\Users\benjamka\AppData\Local\[j0002]-[p09].bmp 2016-01-16 19:14 - 2016-01-16 19:14 - 02529622 _____ C:\Users\benjamka\AppData\Local\[j0002]-[p08].bmp 2016-01-16 19:14 - 2016-01-16 19:14 - 02529622 _____ C:\Users\benjamka\AppData\Local\[j0002]-[p07].bmp 2016-01-16 19:14 - 2016-01-16 19:14 - 02529622 _____ C:\Users\benjamka\AppData\Local\[j0002]-[p06].bmp 2016-01-16 19:14 - 2016-01-16 19:14 - 02529622 _____ C:\Users\benjamka\AppData\Local\[j0002]-[p05].bmp 2016-01-16 19:14 - 2016-01-16 19:14 - 02529622 _____ C:\Users\benjamka\AppData\Local\[j0002]-[p04].bmp 2016-01-16 19:14 - 2016-01-16 19:14 - 02529622 _____ C:\Users\benjamka\AppData\Local\[j0002]-[p03].bmp 2016-01-16 19:13 - 2016-01-16 19:14 - 02529622 _____ C:\Users\benjamka\AppData\Local\[j0002]-[p02].bmp 2016-01-14 13:28 - 2016-01-14 13:52 - 00000000 ____D C:\Users\benjamka\Documents\MyScans 2016-01-14 13:26 - 2016-01-14 13:29 - 00000000 ____D C:\Users\benjamka\AppData\Roaming\Foxit Scanner Images 2016-01-13 09:42 - 2015-12-11 19:57 - 01164800 _____ (Microsoft Corporation) C:\windows\system32\aeinv.dll 2016-01-13 09:42 - 2015-12-08 22:54 - 01620992 _____ (Microsoft Corporation) C:\windows\SysWOW64\WMVDECOD.DLL 2016-01-13 09:42 - 2015-12-08 22:54 - 01568768 _____ (Microsoft Corporation) C:\windows\SysWOW64\WMVENCOD.DLL 2016-01-13 09:42 - 2015-12-08 22:54 - 00902144 _____ (Microsoft Corporation) C:\windows\SysWOW64\WMADMOD.DLL 2016-01-13 09:42 - 2015-12-08 22:54 - 00815616 _____ (Microsoft Corporation) C:\windows\SysWOW64\WMADMOE.DLL 2016-01-13 09:42 - 2015-12-08 22:54 - 00740352 _____ (Microsoft Corporation) C:\windows\SysWOW64\wmpmde.dll 2016-01-13 09:42 - 2015-12-08 22:54 - 00739328 _____ (Microsoft Corporation) C:\windows\SysWOW64\WMSPDMOD.DLL 2016-01-13 09:42 - 2015-12-08 22:54 - 00541184 _____ (Microsoft Corporation) C:\windows\SysWOW64\WMVSDECD.DLL 2016-01-13 09:42 - 2015-12-08 22:53 - 03209728 _____ (Microsoft Corporation) C:\windows\SysWOW64\mf.dll 2016-01-13 09:42 - 2015-12-08 22:53 - 00970240 _____ (Microsoft Corporation) C:\windows\SysWOW64\msmpeg2adec.dll 2016-01-13 09:42 - 2015-12-08 22:53 - 00829952 _____ (Microsoft Corporation) C:\windows\SysWOW64\MSMPEG2ENC.DLL 2016-01-13 09:42 - 2015-12-08 22:53 - 00509952 _____ (Microsoft Corporation) C:\windows\SysWOW64\qedit.dll 2016-01-13 09:42 - 2015-12-08 22:53 - 00153600 _____ (Microsoft Corporation) C:\windows\SysWOW64\COLORCNV.DLL 2016-01-13 09:42 - 2015-12-08 20:07 - 04121600 _____ (Microsoft Corporation) C:\windows\system32\mf.dll 2016-01-13 09:42 - 2015-12-08 20:07 - 01955328 _____ (Microsoft Corporation) C:\windows\system32\WMVENCOD.DLL 2016-01-13 09:42 - 2015-12-08 20:07 - 01888768 _____ (Microsoft Corporation) C:\windows\system32\WMVDECOD.DLL 2016-01-13 09:42 - 2015-12-08 20:07 - 01573888 _____ (Microsoft Corporation) C:\windows\system32\quartz.dll 2016-01-13 09:42 - 2015-12-08 20:07 - 01307136 _____ (Microsoft Corporation) C:\windows\system32\msmpeg2adec.dll 2016-01-13 09:42 - 2015-12-08 20:07 - 01232896 _____ (Microsoft Corporation) C:\windows\system32\WMADMOD.DLL 2016-01-13 09:42 - 2015-12-08 20:07 - 01160192 _____ (Microsoft Corporation) C:\windows\system32\MSMPEG2ENC.DLL 2016-01-13 09:42 - 2015-12-08 20:07 - 01153024 _____ (Microsoft Corporation) C:\windows\system32\WMADMOE.DLL 2016-01-13 09:42 - 2015-12-08 20:07 - 01026048 _____ (Microsoft Corporation) C:\windows\system32\wmpmde.dll 2016-01-13 09:42 - 2015-12-08 20:07 - 01010688 _____ (Microsoft Corporation) C:\windows\system32\mcmde.dll 2016-01-13 09:42 - 2015-12-08 20:07 - 00978944 _____ (Microsoft Corporation) C:\windows\system32\WMSPDMOD.DLL 2016-01-13 09:42 - 2015-12-08 20:07 - 00666112 _____ (Microsoft Corporation) C:\windows\system32\WMVSDECD.DLL 2016-01-13 09:42 - 2015-12-08 20:07 - 00632320 _____ (Microsoft Corporation) C:\windows\system32\evr.dll 2016-01-13 09:42 - 2015-12-08 20:07 - 00624640 _____ (Microsoft Corporation) C:\windows\system32\qedit.dll 2016-01-13 09:42 - 2015-12-08 20:07 - 00189952 _____ (Microsoft Corporation) C:\windows\system32\COLORCNV.DLL 2016-01-13 09:42 - 2015-11-14 00:09 - 00091648 _____ (Microsoft Corporation) C:\windows\system32\mapistub.dll 2016-01-13 09:42 - 2015-11-14 00:09 - 00091648 _____ (Microsoft Corporation) C:\windows\system32\mapi32.dll 2016-01-13 09:42 - 2015-11-14 00:08 - 00017920 _____ (Microsoft Corporation) C:\windows\system32\fixmapi.exe 2016-01-13 09:42 - 2015-11-13 23:50 - 00076800 _____ (Microsoft Corporation) C:\windows\SysWOW64\mapistub.dll 2016-01-13 09:42 - 2015-11-13 23:50 - 00076800 _____ (Microsoft Corporation) C:\windows\SysWOW64\mapi32.dll 2016-01-13 09:42 - 2015-11-13 23:49 - 00014336 _____ (Microsoft Corporation) C:\windows\SysWOW64\fixmapi.exe 2016-01-13 09:41 - 2015-12-24 00:13 - 00387784 _____ (Microsoft Corporation) C:\windows\system32\iedkcs32.dll 2016-01-13 09:41 - 2015-12-23 23:52 - 00341192 _____ (Microsoft Corporation) C:\windows\SysWOW64\iedkcs32.dll 2016-01-13 09:41 - 2015-12-12 19:54 - 25837568 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll 2016-01-13 09:41 - 2015-12-12 19:31 - 02724864 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb 2016-01-13 09:41 - 2015-12-12 19:30 - 00004096 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollectorres.dll 2016-01-13 09:41 - 2015-12-12 19:16 - 00066560 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll 2016-01-13 09:41 - 2015-12-12 19:15 - 02887168 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll 2016-01-13 09:41 - 2015-12-12 19:15 - 00571904 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll 2016-01-13 09:41 - 2015-12-12 19:15 - 00417792 _____ (Microsoft Corporation) C:\windows\system32\html.iec 2016-01-13 09:41 - 2015-12-12 19:15 - 00048640 _____ (Microsoft Corporation) C:\windows\system32\ieetwproxystub.dll 2016-01-13 09:41 - 2015-12-12 19:14 - 00088064 _____ (Microsoft Corporation) C:\windows\system32\MshtmlDac.dll 2016-01-13 09:41 - 2015-12-12 19:07 - 06051328 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll 2016-01-13 09:41 - 2015-12-12 19:07 - 00054784 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll 2016-01-13 09:41 - 2015-12-12 19:07 - 00034304 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll 2016-01-13 09:41 - 2015-12-12 19:03 - 00615936 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll 2016-01-13 09:41 - 2015-12-12 19:02 - 20367360 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll 2016-01-13 09:41 - 2015-12-12 19:02 - 00817664 _____ (Microsoft Corporation) C:\windows\system32\jscript.dll 2016-01-13 09:41 - 2015-12-12 19:02 - 00814080 _____ (Microsoft Corporation) C:\windows\system32\jscript9diag.dll 2016-01-13 09:41 - 2015-12-12 19:02 - 00144384 _____ (Microsoft Corporation) C:\windows\system32\ieUnatt.exe 2016-01-13 09:41 - 2015-12-12 19:02 - 00114688 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollector.exe 2016-01-13 09:41 - 2015-12-12 18:55 - 00968704 _____ (Microsoft Corporation) C:\windows\system32\MsSpellCheckingFacility.exe 2016-01-13 09:41 - 2015-12-12 18:51 - 00489984 _____ (Microsoft Corporation) C:\windows\system32\dxtmsft.dll 2016-01-13 09:41 - 2015-12-12 18:49 - 02724864 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb 2016-01-13 09:41 - 2015-12-12 18:44 - 00077824 _____ (Microsoft Corporation) C:\windows\system32\JavaScriptCollectionAgent.dll 2016-01-13 09:41 - 2015-12-12 18:40 - 00199680 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll 2016-01-13 09:41 - 2015-12-12 18:39 - 00092160 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll 2016-01-13 09:41 - 2015-12-12 18:37 - 00496640 _____ (Microsoft Corporation) C:\windows\SysWOW64\vbscript.dll 2016-01-13 09:41 - 2015-12-12 18:37 - 00315392 _____ (Microsoft Corporation) C:\windows\system32\dxtrans.dll 2016-01-13 09:41 - 2015-12-12 18:37 - 00062464 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesetup.dll 2016-01-13 09:41 - 2015-12-12 18:37 - 00047616 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieetwproxystub.dll 2016-01-13 09:41 - 2015-12-12 18:36 - 00341504 _____ (Microsoft Corporation) C:\windows\SysWOW64\html.iec 2016-01-13 09:41 - 2015-12-12 18:36 - 00064000 _____ (Microsoft Corporation) C:\windows\SysWOW64\MshtmlDac.dll 2016-01-13 09:41 - 2015-12-12 18:35 - 00152064 _____ (Microsoft Corporation) C:\windows\system32\occache.dll 2016-01-13 09:41 - 2015-12-12 18:33 - 02280448 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll 2016-01-13 09:41 - 2015-12-12 18:31 - 00047104 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll 2016-01-13 09:41 - 2015-12-12 18:30 - 00030720 _____ (Microsoft Corporation) C:\windows\SysWOW64\iernonce.dll 2016-01-13 09:41 - 2015-12-12 18:28 - 00476160 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieui.dll 2016-01-13 09:41 - 2015-12-12 18:27 - 00663552 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript.dll 2016-01-13 09:41 - 2015-12-12 18:27 - 00620032 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9diag.dll 2016-01-13 09:41 - 2015-12-12 18:27 - 00115712 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieUnatt.exe 2016-01-13 09:41 - 2015-12-12 18:25 - 00262144 _____ (Microsoft Corporation) C:\windows\system32\webcheck.dll 2016-01-13 09:41 - 2015-12-12 18:23 - 00798208 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll 2016-01-13 09:41 - 2015-12-12 18:22 - 00718336 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe 2016-01-13 09:41 - 2015-12-12 18:21 - 01359360 _____ (Microsoft Corporation) C:\windows\system32\mshtmlmedia.dll 2016-01-13 09:41 - 2015-12-12 18:20 - 02123264 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl 2016-01-13 09:41 - 2015-12-12 18:19 - 00416256 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtmsft.dll 2016-01-13 09:41 - 2015-12-12 18:18 - 14457856 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll 2016-01-13 09:41 - 2015-12-12 18:14 - 00060416 _____ (Microsoft Corporation) C:\windows\SysWOW64\JavaScriptCollectionAgent.dll 2016-01-13 09:41 - 2015-12-12 18:12 - 00168960 _____ (Microsoft Corporation) C:\windows\SysWOW64\msrating.dll 2016-01-13 09:41 - 2015-12-12 18:10 - 00279040 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtrans.dll 2016-01-13 09:41 - 2015-12-12 18:10 - 00076288 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmled.dll 2016-01-13 09:41 - 2015-12-12 18:09 - 04610560 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll 2016-01-13 09:41 - 2015-12-12 18:08 - 00130048 _____ (Microsoft Corporation) C:\windows\SysWOW64\occache.dll 2016-01-13 09:41 - 2015-12-12 18:06 - 02487808 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll 2016-01-13 09:41 - 2015-12-12 18:02 - 00230400 _____ (Microsoft Corporation) C:\windows\SysWOW64\webcheck.dll 2016-01-13 09:41 - 2015-12-12 18:00 - 12856320 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll 2016-01-13 09:41 - 2015-12-12 18:00 - 02050560 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcpl.cpl 2016-01-13 09:41 - 2015-12-12 18:00 - 01155072 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmlmedia.dll 2016-01-13 09:41 - 2015-12-12 18:00 - 00687104 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll 2016-01-13 09:41 - 2015-12-12 17:54 - 01546752 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll 2016-01-13 09:41 - 2015-12-12 17:42 - 00800768 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll 2016-01-13 09:41 - 2015-12-12 17:41 - 02011136 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll 2016-01-13 09:41 - 2015-12-12 17:38 - 01311744 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll 2016-01-13 09:41 - 2015-12-12 17:36 - 00710144 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dll 2016-01-13 09:41 - 2015-12-08 22:54 - 02285056 _____ (Microsoft Corporation) C:\windows\SysWOW64\msmpeg2vdec.dll 2016-01-13 09:41 - 2015-12-08 22:54 - 01325056 _____ (Microsoft Corporation) C:\windows\SysWOW64\WMSPDMOE.DLL 2016-01-13 09:41 - 2015-12-08 22:54 - 00665088 _____ (Microsoft Corporation) C:\windows\SysWOW64\WMVXENCD.DLL 2016-01-13 09:41 - 2015-12-08 22:54 - 00358400 _____ (Microsoft Corporation) C:\windows\SysWOW64\WMVSENCD.DLL 2016-01-13 09:41 - 2015-12-08 22:54 - 00154112 _____ (Microsoft Corporation) C:\windows\SysWOW64\VIDRESZR.DLL 2016-01-13 09:41 - 2015-12-08 22:53 - 01329664 _____ (Microsoft Corporation) C:\windows\SysWOW64\quartz.dll 2016-01-13 09:41 - 2015-12-08 22:53 - 00609280 _____ (Microsoft Corporation) C:\windows\SysWOW64\MFWMAAEC.DLL 2016-01-13 09:41 - 2015-12-08 22:53 - 00519680 _____ (Microsoft Corporation) C:\windows\SysWOW64\qdvd.dll 2016-01-13 09:41 - 2015-12-08 22:53 - 00489984 _____ (Microsoft Corporation) C:\windows\SysWOW64\evr.dll 2016-01-13 09:41 - 2015-12-08 22:53 - 00415744 _____ (Microsoft Corporation) C:\windows\SysWOW64\MP4SDECD.DLL 2016-01-13 09:41 - 2015-12-08 22:53 - 00354816 _____ (Microsoft Corporation) C:\windows\SysWOW64\mfplat.dll 2016-01-13 09:41 - 2015-12-08 22:53 - 00241152 _____ (Microsoft Corporation) C:\windows\SysWOW64\MPG4DECD.DLL 2016-01-13 09:41 - 2015-12-08 22:53 - 00241152 _____ (Microsoft Corporation) C:\windows\SysWOW64\MP43DECD.DLL 2016-01-13 09:41 - 2015-12-08 22:53 - 00206848 _____ (Microsoft Corporation) C:\windows\SysWOW64\RESAMPLEDMO.DLL 2016-01-13 09:41 - 2015-12-08 22:53 - 00206848 _____ (Microsoft Corporation) C:\windows\SysWOW64\qasf.dll 2016-01-13 09:41 - 2015-12-08 22:53 - 00193536 _____ (Microsoft Corporation) C:\windows\SysWOW64\ksproxy.ax 2016-01-13 09:41 - 2015-12-08 22:53 - 00103424 _____ (Microsoft Corporation) C:\windows\SysWOW64\mfps.dll 2016-01-13 09:41 - 2015-12-08 22:53 - 00079872 _____ (Microsoft Corporation) C:\windows\SysWOW64\MP3DMOD.DLL 2016-01-13 09:41 - 2015-12-08 22:53 - 00067584 _____ (Microsoft Corporation) C:\windows\SysWOW64\devenum.dll 2016-01-13 09:41 - 2015-12-08 22:53 - 00053248 _____ (Microsoft Corporation) C:\windows\SysWOW64\mfvdsp.dll 2016-01-13 09:41 - 2015-12-08 22:53 - 00050176 _____ (Microsoft Corporation) C:\windows\SysWOW64\rrinstaller.exe 2016-01-13 09:41 - 2015-12-08 22:53 - 00023040 _____ (Microsoft Corporation) C:\windows\SysWOW64\mfpmp.exe 2016-01-13 09:41 - 2015-12-08 22:53 - 00004608 _____ (Microsoft Corporation) C:\windows\SysWOW64\ksuser.dll 2016-01-13 09:41 - 2015-12-08 22:50 - 00002048 _____ (Microsoft Corporation) C:\windows\SysWOW64\mferror.dll 2016-01-13 09:41 - 2015-12-08 20:07 - 02777088 _____ (Microsoft Corporation) C:\windows\system32\msmpeg2vdec.dll 2016-01-13 09:41 - 2015-12-08 20:07 - 01575424 _____ (Microsoft Corporation) C:\windows\system32\WMSPDMOE.DLL 2016-01-13 09:41 - 2015-12-08 20:07 - 00653824 _____ (Microsoft Corporation) C:\windows\system32\MP4SDECD.DLL 2016-01-13 09:41 - 2015-12-08 20:07 - 00642048 _____ (Microsoft Corporation) C:\windows\system32\WMVXENCD.DLL 2016-01-13 09:41 - 2015-12-08 20:07 - 00484864 _____ (Microsoft Corporation) C:\windows\system32\MFWMAAEC.DLL 2016-01-13 09:41 - 2015-12-08 20:07 - 00447488 _____ (Microsoft Corporation) C:\windows\system32\WMVSENCD.DLL 2016-01-13 09:41 - 2015-12-08 20:07 - 00432128 _____ (Microsoft Corporation) C:\windows\system32\mfplat.dll 2016-01-13 09:41 - 2015-12-08 20:07 - 00378880 _____ (Microsoft Corporation) C:\windows\system32\SysFxUI.dll 2016-01-13 09:41 - 2015-12-08 20:07 - 00371712 _____ (Microsoft Corporation) C:\windows\system32\qdvd.dll 2016-01-13 09:41 - 2015-12-08 20:07 - 00292352 _____ (Microsoft Corporation) C:\windows\system32\VIDRESZR.DLL 2016-01-13 09:41 - 2015-12-08 20:07 - 00254464 _____ (Microsoft Corporation) C:\windows\system32\qasf.dll 2016-01-13 09:41 - 2015-12-08 20:07 - 00225792 _____ (Microsoft Corporation) C:\windows\system32\RESAMPLEDMO.DLL 2016-01-13 09:41 - 2015-12-08 20:07 - 00224768 _____ (Microsoft Corporation) C:\windows\system32\MPG4DECD.DLL 2016-01-13 09:41 - 2015-12-08 20:07 - 00223744 _____ (Microsoft Corporation) C:\windows\system32\MP43DECD.DLL 2016-01-13 09:41 - 2015-12-08 20:07 - 00206848 _____ (Microsoft Corporation) C:\windows\system32\mfps.dll 2016-01-13 09:41 - 2015-12-08 20:07 - 00100864 _____ (Microsoft Corporation) C:\windows\system32\MP3DMOD.DLL 2016-01-13 09:41 - 2015-12-08 20:07 - 00076288 _____ (Microsoft Corporation) C:\windows\system32\devenum.dll 2016-01-13 09:41 - 2015-12-08 20:07 - 00070144 _____ (Microsoft Corporation) C:\windows\system32\mfvdsp.dll 2016-01-13 09:41 - 2015-12-08 20:07 - 00055808 _____ (Microsoft Corporation) C:\windows\system32\rrinstaller.exe 2016-01-13 09:41 - 2015-12-08 20:07 - 00005120 _____ (Microsoft Corporation) C:\windows\system32\ksuser.dll 2016-01-13 09:41 - 2015-12-08 20:06 - 00250880 _____ (Microsoft Corporation) C:\windows\system32\ksproxy.ax 2016-01-13 09:41 - 2015-12-08 20:06 - 00024576 _____ (Microsoft Corporation) C:\windows\system32\mfpmp.exe 2016-01-13 09:41 - 2015-12-08 20:04 - 00002048 _____ (Microsoft Corporation) C:\windows\system32\mferror.dll 2016-01-13 09:41 - 2015-12-08 19:54 - 00116736 _____ (Microsoft Corporation) C:\windows\system32\Drivers\drmk.sys 2016-01-13 09:41 - 2015-12-08 19:12 - 00230400 _____ (Microsoft Corporation) C:\windows\system32\Drivers\portcls.sys 2016-01-13 09:41 - 2015-12-08 19:11 - 00005632 _____ (Microsoft Corporation) C:\windows\system32\Drivers\drmkaud.sys 2016-01-13 09:41 - 2015-12-08 18:58 - 03211264 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys 2016-01-13 09:40 - 2015-12-30 20:08 - 05572544 _____ (Microsoft Corporation) C:\windows\system32\ntoskrnl.exe 2016-01-13 09:40 - 2015-12-30 20:08 - 00154560 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ksecpkg.sys 2016-01-13 09:40 - 2015-12-30 20:08 - 00095680 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ksecdd.sys 2016-01-13 09:40 - 2015-12-30 20:05 - 01730496 _____ (Microsoft Corporation) C:\windows\system32\ntdll.dll 2016-01-13 09:40 - 2015-12-30 20:02 - 00362496 _____ (Microsoft Corporation) C:\windows\system32\wow64win.dll 2016-01-13 09:40 - 2015-12-30 20:02 - 00243712 _____ (Microsoft Corporation) C:\windows\system32\wow64.dll 2016-01-13 09:40 - 2015-12-30 20:02 - 00215040 _____ (Microsoft Corporation) C:\windows\system32\winsrv.dll 2016-01-13 09:40 - 2015-12-30 20:02 - 00210432 _____ (Microsoft Corporation) C:\windows\system32\wdigest.dll 2016-01-13 09:40 - 2015-12-30 20:02 - 00086528 _____ (Microsoft Corporation) C:\windows\system32\TSpkg.dll 2016-01-13 09:40 - 2015-12-30 20:02 - 00013312 _____ (Microsoft Corporation) C:\windows\system32\wow64cpu.dll 2016-01-13 09:40 - 2015-12-30 20:01 - 01214464 _____ (Microsoft Corporation) C:\windows\system32\rpcrt4.dll 2016-01-13 09:40 - 2015-12-30 20:01 - 00503808 _____ (Microsoft Corporation) C:\windows\system32\srcore.dll 2016-01-13 09:40 - 2015-12-30 20:01 - 00344064 _____ (Microsoft Corporation) C:\windows\system32\schannel.dll 2016-01-13 09:40 - 2015-12-30 20:01 - 00135680 _____ (Microsoft Corporation) C:\windows\system32\sspicli.dll 2016-01-13 09:40 - 2015-12-30 20:01 - 00050176 _____ (Microsoft Corporation) C:\windows\system32\srclient.dll 2016-01-13 09:40 - 2015-12-30 20:01 - 00028672 _____ (Microsoft Corporation) C:\windows\system32\sspisrv.dll 2016-01-13 09:40 - 2015-12-30 20:01 - 00028160 _____ (Microsoft Corporation) C:\windows\system32\secur32.dll 2016-01-13 09:40 - 2015-12-30 20:00 - 00016384 _____ (Microsoft Corporation) C:\windows\system32\ntvdm64.dll 2016-01-13 09:40 - 2015-12-30 19:59 - 00315392 _____ (Microsoft Corporation) C:\windows\system32\msv1_0.dll 2016-01-13 09:40 - 2015-12-30 19:59 - 00312320 _____ (Microsoft Corporation) C:\windows\system32\ncrypt.dll 2016-01-13 09:40 - 2015-12-30 19:59 - 00060416 _____ (Microsoft Corporation) C:\windows\system32\msobjs.dll 2016-01-13 09:40 - 2015-12-30 19:58 - 01461248 _____ (Microsoft Corporation) C:\windows\system32\lsasrv.dll 2016-01-13 09:40 - 2015-12-30 19:58 - 00146432 _____ (Microsoft Corporation) C:\windows\system32\msaudite.dll 2016-01-13 09:40 - 2015-12-30 19:57 - 01163264 _____ (Microsoft Corporation) C:\windows\system32\kernel32.dll 2016-01-13 09:40 - 2015-12-30 19:57 - 00729600 _____ (Microsoft Corporation) C:\windows\system32\kerberos.dll 2016-01-13 09:40 - 2015-12-30 19:57 - 00424448 _____ (Microsoft Corporation) C:\windows\system32\KernelBase.dll 2016-01-13 09:40 - 2015-12-30 19:55 - 00043520 _____ (Microsoft Corporation) C:\windows\system32\csrsrv.dll 2016-01-13 09:40 - 2015-12-30 19:55 - 00043520 _____ (Microsoft Corporation) C:\windows\system32\cryptbase.dll 2016-01-13 09:40 - 2015-12-30 19:55 - 00022016 _____ (Microsoft Corporation) C:\windows\system32\credssp.dll 2016-01-13 09:40 - 2015-12-30 19:54 - 00686080 _____ (Microsoft Corporation) C:\windows\system32\adtschema.dll 2016-01-13 09:40 - 2015-12-30 19:54 - 00006656 _____ (Microsoft Corporation) C:\windows\system32\apisetschema.dll 2016-01-13 09:40 - 2015-12-30 19:54 - 00006144 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-security-base-l1-1-0.dll 2016-01-13 09:40 - 2015-12-30 19:54 - 00005120 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-file-l1-1-0.dll 2016-01-13 09:40 - 2015-12-30 19:54 - 00004608 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll 2016-01-13 09:40 - 2015-12-30 19:54 - 00004608 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-processthreads-l1-1-0.dll 2016-01-13 09:40 - 2015-12-30 19:54 - 00004096 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll 2016-01-13 09:40 - 2015-12-30 19:54 - 00004096 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-synch-l1-1-0.dll 2016-01-13 09:40 - 2015-12-30 19:54 - 00004096 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-localregistry-l1-1-0.dll 2016-01-13 09:40 - 2015-12-30 19:54 - 00004096 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-localization-l1-1-0.dll 2016-01-13 09:40 - 2015-12-30 19:54 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll 2016-01-13 09:40 - 2015-12-30 19:54 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll 2016-01-13 09:40 - 2015-12-30 19:54 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll 2016-01-13 09:40 - 2015-12-30 19:54 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-misc-l1-1-0.dll 2016-01-13 09:40 - 2015-12-30 19:54 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-memory-l1-1-0.dll 2016-01-13 09:40 - 2015-12-30 19:54 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll 2016-01-13 09:40 - 2015-12-30 19:54 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-heap-l1-1-0.dll 2016-01-13 09:40 - 2015-12-30 19:54 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll 2016-01-13 09:40 - 2015-12-30 19:54 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-util-l1-1-0.dll 2016-01-13 09:40 - 2015-12-30 19:54 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-string-l1-1-0.dll 2016-01-13 09:40 - 2015-12-30 19:54 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-profile-l1-1-0.dll 2016-01-13 09:40 - 2015-12-30 19:54 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-io-l1-1-0.dll 2016-01-13 09:40 - 2015-12-30 19:54 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-interlocked-l1-1-0.dll 2016-01-13 09:40 - 2015-12-30 19:54 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-handle-l1-1-0.dll 2016-01-13 09:40 - 2015-12-30 19:54 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-fibers-l1-1-0.dll 2016-01-13 09:40 - 2015-12-30 19:54 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll 2016-01-13 09:40 - 2015-12-30 19:54 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-delayload-l1-1-0.dll 2016-01-13 09:40 - 2015-12-30 19:54 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-debug-l1-1-0.dll 2016-01-13 09:40 - 2015-12-30 19:54 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-datetime-l1-1-0.dll 2016-01-13 09:40 - 2015-12-30 19:54 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-console-l1-1-0.dll 2016-01-13 09:40 - 2015-12-30 19:47 - 03993536 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntkrnlpa.exe 2016-01-13 09:40 - 2015-12-30 19:47 - 03938240 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntoskrnl.exe 2016-01-13 09:40 - 2015-12-30 19:44 - 01311768 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntdll.dll 2016-01-13 09:40 - 2015-12-30 19:41 - 01114112 _____ (Microsoft Corporation) C:\windows\SysWOW64\kernel32.dll 2016-01-13 09:40 - 2015-12-30 19:41 - 00665088 _____ (Microsoft Corporation) C:\windows\SysWOW64\rpcrt4.dll 2016-01-13 09:40 - 2015-12-30 19:41 - 00274944 _____ (Microsoft Corporation) C:\windows\SysWOW64\KernelBase.dll 2016-01-13 09:40 - 2015-12-30 19:41 - 00171520 _____ (Microsoft Corporation) C:\windows\SysWOW64\wdigest.dll 2016-01-13 09:40 - 2015-12-30 19:41 - 00096768 _____ (Microsoft Corporation) C:\windows\SysWOW64\sspicli.dll 2016-01-13 09:40 - 2015-12-30 19:41 - 00065536 _____ (Microsoft Corporation) C:\windows\SysWOW64\TSpkg.dll 2016-01-13 09:40 - 2015-12-30 19:41 - 00043008 _____ (Microsoft Corporation) C:\windows\SysWOW64\srclient.dll 2016-01-13 09:40 - 2015-12-30 19:41 - 00005120 _____ (Microsoft Corporation) C:\windows\SysWOW64\wow32.dll 2016-01-13 09:40 - 2015-12-30 19:40 - 00251392 _____ (Microsoft Corporation) C:\windows\SysWOW64\schannel.dll 2016-01-13 09:40 - 2015-12-30 19:40 - 00022016 _____ (Microsoft Corporation) C:\windows\SysWOW64\secur32.dll 2016-01-13 09:40 - 2015-12-30 19:39 - 00259584 _____ (Microsoft Corporation) C:\windows\SysWOW64\msv1_0.dll 2016-01-13 09:40 - 2015-12-30 19:39 - 00223232 _____ (Microsoft Corporation) C:\windows\SysWOW64\ncrypt.dll 2016-01-13 09:40 - 2015-12-30 19:39 - 00146432 _____ (Microsoft Corporation) C:\windows\SysWOW64\msaudite.dll 2016-01-13 09:40 - 2015-12-30 19:39 - 00060416 _____ (Microsoft Corporation) C:\windows\SysWOW64\msobjs.dll 2016-01-13 09:40 - 2015-12-30 19:38 - 00552960 _____ (Microsoft Corporation) C:\windows\SysWOW64\kerberos.dll 2016-01-13 09:40 - 2015-12-30 19:38 - 00017408 _____ (Microsoft Corporation) C:\windows\SysWOW64\credssp.dll 2016-01-13 09:40 - 2015-12-30 19:37 - 00686080 _____ (Microsoft Corporation) C:\windows\SysWOW64\adtschema.dll 2016-01-13 09:40 - 2015-12-30 19:37 - 00006656 _____ (Microsoft Corporation) C:\windows\SysWOW64\apisetschema.dll 2016-01-13 09:40 - 2015-12-30 19:37 - 00005120 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll 2016-01-13 09:40 - 2015-12-30 19:37 - 00004608 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll 2016-01-13 09:40 - 2015-12-30 19:37 - 00004096 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll 2016-01-13 09:40 - 2015-12-30 19:37 - 00004096 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll 2016-01-13 09:40 - 2015-12-30 19:37 - 00004096 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll 2016-01-13 09:40 - 2015-12-30 19:37 - 00004096 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll 2016-01-13 09:40 - 2015-12-30 19:37 - 00004096 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll 2016-01-13 09:40 - 2015-12-30 19:37 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll 2016-01-13 09:40 - 2015-12-30 19:37 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll 2016-01-13 09:40 - 2015-12-30 19:37 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll 2016-01-13 09:40 - 2015-12-30 19:37 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll 2016-01-13 09:40 - 2015-12-30 19:37 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll 2016-01-13 09:40 - 2015-12-30 19:37 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll 2016-01-13 09:40 - 2015-12-30 19:37 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll 2016-01-13 09:40 - 2015-12-30 19:37 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll 2016-01-13 09:40 - 2015-12-30 19:37 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll 2016-01-13 09:40 - 2015-12-30 19:37 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll 2016-01-13 09:40 - 2015-12-30 19:37 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll 2016-01-13 09:40 - 2015-12-30 19:37 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll 2016-01-13 09:40 - 2015-12-30 19:37 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll 2016-01-13 09:40 - 2015-12-30 19:37 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll 2016-01-13 09:40 - 2015-12-30 19:37 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll 2016-01-13 09:40 - 2015-12-30 19:37 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll 2016-01-13 09:40 - 2015-12-30 19:37 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll 2016-01-13 09:40 - 2015-12-30 18:57 - 00064000 _____ (Microsoft Corporation) C:\windows\system32\auditpol.exe 2016-01-13 09:40 - 2015-12-30 18:50 - 00338432 _____ (Microsoft Corporation) C:\windows\system32\conhost.exe 2016-01-13 09:40 - 2015-12-30 18:49 - 00296960 _____ (Microsoft Corporation) C:\windows\system32\rstrui.exe 2016-01-13 09:40 - 2015-12-30 18:44 - 00050176 _____ (Microsoft Corporation) C:\windows\SysWOW64\auditpol.exe 2016-01-13 09:40 - 2015-12-30 18:43 - 00159232 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mrxsmb.sys 2016-01-13 09:40 - 2015-12-30 18:42 - 00290816 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mrxsmb10.sys 2016-01-13 09:40 - 2015-12-30 18:42 - 00129024 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mrxsmb20.sys 2016-01-13 09:40 - 2015-12-30 18:41 - 00112640 _____ (Microsoft Corporation) C:\windows\system32\smss.exe 2016-01-13 09:40 - 2015-12-30 18:41 - 00030720 _____ (Microsoft Corporation) C:\windows\system32\lsass.exe 2016-01-13 09:40 - 2015-12-30 18:32 - 00025600 _____ (Microsoft Corporation) C:\windows\SysWOW64\setup16.exe 2016-01-13 09:40 - 2015-12-30 18:32 - 00014336 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntvdm64.dll 2016-01-13 09:40 - 2015-12-30 18:32 - 00007680 _____ (Microsoft Corporation) C:\windows\SysWOW64\instnm.exe 2016-01-13 09:40 - 2015-12-30 18:32 - 00002048 _____ (Microsoft Corporation) C:\windows\SysWOW64\user.exe 2016-01-13 09:40 - 2015-12-30 18:30 - 00036352 _____ (Microsoft Corporation) C:\windows\SysWOW64\cryptbase.dll 2016-01-13 09:40 - 2015-12-30 18:30 - 00006144 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll 2016-01-13 09:40 - 2015-12-30 18:30 - 00004608 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll 2016-01-13 09:40 - 2015-12-30 18:30 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll 2016-01-13 09:40 - 2015-12-30 18:30 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll 2016-01-13 09:40 - 2015-12-08 22:53 - 00641536 _____ (Microsoft Corporation) C:\windows\SysWOW64\advapi32.dll 2016-01-13 09:40 - 2015-12-08 22:52 - 00312320 _____ (Microsoft Corporation) C:\windows\SysWOW64\gdi32.dll 2016-01-13 09:40 - 2015-12-08 20:07 - 00879104 _____ (Microsoft Corporation) C:\windows\system32\advapi32.dll 2016-01-13 09:40 - 2015-12-08 20:07 - 00405504 _____ (Microsoft Corporation) C:\windows\system32\gdi32.dll 2016-01-13 09:40 - 2015-11-17 02:11 - 00025024 _____ (Microsoft Corporation) C:\windows\system32\CompatTelRunner.exe 2016-01-13 09:40 - 2015-11-17 02:08 - 01381376 _____ (Microsoft Corporation) C:\windows\system32\appraiser.dll 2016-01-13 09:40 - 2015-11-17 02:08 - 00792064 _____ (Microsoft Corporation) C:\windows\system32\generaltel.dll 2016-01-13 09:40 - 2015-11-17 02:08 - 00705536 _____ (Microsoft Corporation) C:\windows\system32\invagent.dll 2016-01-13 09:40 - 2015-11-17 02:08 - 00505856 _____ (Microsoft Corporation) C:\windows\system32\devinv.dll 2016-01-13 09:40 - 2015-11-17 02:08 - 00076800 _____ (Microsoft Corporation) C:\windows\system32\acmigration.dll 2016-01-13 09:40 - 2015-11-16 21:17 - 00210432 _____ (Microsoft Corporation) C:\windows\system32\aepic.dll 2016-01-12 16:49 - 2016-01-19 21:02 - 00000000 ____D C:\Users\benjamka\AppData\Local\CrashDumps 2016-01-12 04:13 - 2016-01-12 04:13 - 00000000 ____D C:\Users\benjamka\AppData\Roaming\JAM Software 2016-01-12 04:13 - 2016-01-12 04:13 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TreeSize Free 2016-01-12 04:13 - 2016-01-12 04:13 - 00000000 ____D C:\Program Files (x86)\JAM Software 2016-01-09 23:19 - 2016-01-09 23:19 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\XAMPP 2016-01-09 23:16 - 2016-01-10 02:24 - 00000000 ____D C:\xampp 2016-01-09 23:04 - 2016-01-11 02:37 - 00000106 _____ C:\Users\benjamka\Documents\urls.txt 2016-01-09 01:20 - 2016-01-09 01:20 - 00273025 _____ C:\Users\benjamka\Documents\Logo2.xcf 2016-01-08 22:22 - 2016-01-08 22:22 - 00003971 _____ C:\Users\benjamka\Documents\wp-config.php 2016-01-07 11:04 - 2016-01-09 23:08 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox 2016-01-02 12:05 - 2016-01-02 12:05 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype 2015-12-27 20:21 - 2009-06-10 22:00 - 00000824 _____ C:\windows\system32\Drivers\etc\hosts.20151227-202141.backup 2015-12-26 02:35 - 2016-01-09 23:08 - 00000000 ____D C:\Program Files (x86)\Mozilla Thunderbird ==================== Ein Monat: Geänderte Dateien und Ordner ======== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.) 2016-01-25 20:54 - 2015-11-13 22:40 - 00000000 ____D C:\FRST 2016-01-25 20:52 - 2012-09-11 19:44 - 00001110 _____ C:\windows\Tasks\GoogleUpdateTaskMachineUA.job 2016-01-25 20:52 - 2009-07-14 05:45 - 00025120 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2016-01-25 20:52 - 2009-07-14 05:45 - 00025120 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2016-01-25 20:50 - 2012-07-30 17:58 - 00000884 _____ C:\windows\Tasks\Adobe Flash Player Updater.job 2016-01-25 20:47 - 2015-06-16 11:48 - 00001236 _____ C:\windows\Tasks\DropboxUpdateTaskUserS-1-5-21-50433080-710429258-2441499552-1000UA.job 2016-01-25 16:31 - 2015-12-09 19:11 - 00005688 _____ C:\Users\benjamka\Documents\Spamtexts.txt 2016-01-25 16:31 - 2011-02-11 09:21 - 00699682 _____ C:\windows\system32\perfh007.dat 2016-01-25 16:31 - 2011-02-11 09:21 - 00149790 _____ C:\windows\system32\perfc007.dat 2016-01-25 16:31 - 2009-07-14 06:13 - 01620684 _____ C:\windows\system32\PerfStringBackup.INI 2016-01-25 16:31 - 2009-07-14 04:20 - 00000000 ____D C:\windows\inf 2016-01-25 16:27 - 2015-11-14 01:09 - 00000000 ____D C:\Users\benjamka\AppData\Local\ownCloud 2016-01-25 16:27 - 2014-10-30 14:04 - 00000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2 2016-01-25 16:27 - 2012-09-11 19:44 - 00001106 _____ C:\windows\Tasks\GoogleUpdateTaskMachineCore.job 2016-01-25 16:27 - 2012-05-20 20:58 - 00000000 ___RD C:\Users\benjamka\Dropbox 2016-01-25 16:27 - 2012-05-20 20:56 - 00000000 ____D C:\Users\benjamka\AppData\Roaming\Dropbox 2016-01-25 16:27 - 2009-07-14 06:08 - 00000006 ____H C:\windows\Tasks\SA.DAT 2016-01-25 16:26 - 2009-07-14 04:20 - 00000000 ____D C:\Windows 2016-01-25 16:23 - 2013-08-05 23:35 - 00000000 ____D C:\Program Files (x86)\Avira 2016-01-25 16:22 - 2013-08-05 23:35 - 00000000 ____D C:\ProgramData\Avira 2016-01-25 14:10 - 2015-06-16 11:48 - 00001184 _____ C:\windows\Tasks\DropboxUpdateTaskUserS-1-5-21-50433080-710429258-2441499552-1000Core.job 2016-01-25 14:03 - 2014-08-09 16:15 - 00192216 _____ (Malwarebytes) C:\windows\system32\Drivers\MBAMSwissArmy.sys 2016-01-25 02:00 - 2014-08-28 22:26 - 00000000 ____D C:\Users\benjamka\AppData\Local\Adobe 2016-01-24 23:03 - 2012-01-24 21:09 - 00000000 ___RD C:\Users\benjamka 2016-01-24 19:00 - 2015-12-11 16:43 - 00000000 ____D C:\Users\benjamka\Documents\Golem 2016-01-24 15:33 - 2015-06-04 22:27 - 00000000 ____D C:\Users\benjamka\.gimp-2.8 2016-01-24 08:24 - 2012-01-25 21:14 - 00000000 ____D C:\Users\benjamka\AppData\Roaming\foobar2000 2016-01-23 15:32 - 2009-07-14 06:08 - 00032640 _____ C:\windows\Tasks\SCHEDLGU.TXT 2016-01-22 14:17 - 2015-08-17 23:07 - 00000000 ____D C:\Users\benjamka\Documents\Schrift-Feld 2016-01-22 13:34 - 2009-07-14 04:20 - 00000000 ____D C:\windows\system32\NDF 2016-01-20 14:22 - 2012-02-01 20:13 - 00000000 ____D C:\Program Files (x86)\Lavasoft 2016-01-20 14:08 - 2015-06-25 11:24 - 00000000 ____D C:\Users\benjamka\AppData\Local\gtk-2.0 2016-01-19 21:02 - 2012-02-02 03:58 - 00000000 ____D C:\Users\benjamka\AppData\Roaming\vlc 2016-01-19 20:50 - 2012-07-30 17:58 - 00003822 _____ C:\windows\System32\Tasks\Adobe Flash Player Updater 2016-01-19 20:50 - 2012-03-31 08:40 - 00796864 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe 2016-01-19 20:50 - 2012-01-25 10:23 - 00142528 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl 2016-01-19 10:58 - 2012-01-24 21:15 - 00110376 _____ C:\Users\benjamka\AppData\Local\GDIPFONTCACHEV1.DAT 2016-01-19 10:56 - 2009-07-14 05:45 - 00501824 _____ C:\windows\system32\FNTCACHE.DAT 2016-01-19 03:14 - 2011-05-15 18:27 - 00000000 ____D C:\Program Files (x86)\Adobe 2016-01-19 03:01 - 2015-10-13 21:56 - 00000000 ____D C:\Users\benjamka\AppData\Roaming\Nokia Suite 2016-01-19 03:01 - 2015-10-13 21:56 - 00000000 ____D C:\Users\benjamka\AppData\Roaming\Nokia 2016-01-19 03:01 - 2015-10-13 21:18 - 00000000 ____D C:\ProgramData\Nokia 2016-01-19 03:01 - 2015-10-13 21:17 - 00000000 ____D C:\Program Files (x86)\Nokia 2016-01-16 19:28 - 2013-01-22 19:33 - 00000000 ____D C:\Users\benjamka\AppData\Roaming\FileZilla 2016-01-14 17:47 - 2009-07-14 04:20 - 00000000 ____D C:\windows\rescache 2016-01-14 16:09 - 2014-08-14 18:33 - 00000000 ____D C:\ProgramData\Package Cache 2016-01-14 14:08 - 2013-11-22 16:55 - 00000000 ____D C:\Users\benjamka\Documents\Business 2016-01-14 13:19 - 2011-05-15 18:27 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk 2016-01-14 13:18 - 2011-05-15 18:27 - 00000000 ____D C:\ProgramData\Adobe 2016-01-14 13:09 - 2015-11-24 19:27 - 00000000 ___RD C:\Users\benjamka\Documents\Scanned Documents 2016-01-14 11:36 - 2013-03-14 17:40 - 00000000 ____D C:\Program Files\Microsoft Silverlight 2016-01-14 11:36 - 2013-03-14 17:40 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight 2016-01-13 23:30 - 2013-03-14 17:41 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight 2016-01-13 23:30 - 2012-01-25 17:12 - 00000000 ____D C:\ProgramData\Microsoft Help 2016-01-13 23:16 - 2014-02-14 20:24 - 00000000 ____D C:\Users\benjamka\AppData\Roaming\MyPhoneExplorer 2016-01-13 12:19 - 2015-04-16 18:24 - 00000000 ____D C:\windows\system32\appraiser 2016-01-13 12:19 - 2014-05-06 21:40 - 00000000 ___SD C:\windows\system32\CompatTel 2016-01-13 01:40 - 2015-09-14 20:59 - 00000000 ____D C:\Users\benjamka\Documents\Eigene Scans 2016-01-09 23:08 - 2012-05-12 13:27 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service 2016-01-08 16:00 - 2014-04-26 14:03 - 00001962 _____ C:\Users\Public\Desktop\FileZilla Client.lnk 2016-01-08 16:00 - 2013-01-22 19:33 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FileZilla FTP Client 2016-01-08 16:00 - 2013-01-22 19:33 - 00000000 ____D C:\Program Files (x86)\FileZilla FTP Client 2016-01-05 05:06 - 2012-02-21 22:26 - 00000000 ____D C:\Users\benjamka\AppData\Roaming\Skype 2016-01-03 15:20 - 2015-08-09 13:43 - 00000000 ____D C:\Users\benjamka\AppData\Roaming\HpUpdate 2016-01-02 12:06 - 2011-05-15 18:55 - 00000000 ____D C:\ProgramData\Skype 2016-01-02 12:05 - 2014-03-19 23:14 - 00000000 ____D C:\Users\benjamka\AppData\Local\Skype 2016-01-02 12:05 - 2011-05-15 18:55 - 00000000 ___RD C:\Program Files (x86)\Skype 2015-12-27 19:32 - 2013-08-22 20:55 - 00000000 ____D C:\Program Files (x86)\Steam ==================== Dateien im Wurzelverzeichnis einiger Verzeichnisse ======= 2016-01-20 14:08 - 2016-01-20 14:08 - 0003273 _____ () C:\Users\benjamka\AppData\Local\recently-used.xbel 2014-02-09 21:36 - 2015-11-08 13:29 - 0007627 _____ () C:\Users\benjamka\AppData\Local\Resmon.ResmonCfg 2016-01-16 19:13 - 2016-01-16 19:14 - 2529622 _____ () C:\Users\benjamka\AppData\Local\[j0002]-[p02].bmp 2016-01-16 19:14 - 2016-01-16 19:14 - 2529622 _____ () C:\Users\benjamka\AppData\Local\[j0002]-[p03].bmp 2016-01-16 19:14 - 2016-01-16 19:14 - 2529622 _____ () C:\Users\benjamka\AppData\Local\[j0002]-[p04].bmp 2016-01-16 19:14 - 2016-01-16 19:14 - 2529622 _____ () C:\Users\benjamka\AppData\Local\[j0002]-[p05].bmp 2016-01-16 19:14 - 2016-01-16 19:14 - 2529622 _____ () C:\Users\benjamka\AppData\Local\[j0002]-[p06].bmp 2016-01-16 19:14 - 2016-01-16 19:14 - 2529622 _____ () C:\Users\benjamka\AppData\Local\[j0002]-[p07].bmp 2016-01-16 19:14 - 2016-01-16 19:14 - 2529622 _____ () C:\Users\benjamka\AppData\Local\[j0002]-[p08].bmp 2016-01-16 19:14 - 2016-01-16 19:14 - 2529622 _____ () C:\Users\benjamka\AppData\Local\[j0002]-[p09].bmp 2016-01-16 19:14 - 2016-01-16 19:14 - 2529622 _____ () C:\Users\benjamka\AppData\Local\[j0002]-[p10].bmp 2016-01-16 19:14 - 2016-01-16 19:14 - 2529622 _____ () C:\Users\benjamka\AppData\Local\[j0002]-[p11].bmp 2016-01-16 19:14 - 2016-01-16 19:14 - 2529622 _____ () C:\Users\benjamka\AppData\Local\[j0002]-[p12].bmp 2016-01-16 19:14 - 2016-01-16 19:14 - 2529622 _____ () C:\Users\benjamka\AppData\Local\[j0002]-[p13].bmp 2016-01-16 19:14 - 2016-01-16 19:14 - 2529622 _____ () C:\Users\benjamka\AppData\Local\[j0002]-[p14].bmp 2016-01-16 19:14 - 2016-01-16 19:14 - 2529622 _____ () C:\Users\benjamka\AppData\Local\[j0002]-[p15].bmp 2016-01-16 19:14 - 2016-01-16 19:15 - 2529622 _____ () C:\Users\benjamka\AppData\Local\[j0002]-[p16].bmp 2016-01-16 19:15 - 2016-01-16 19:15 - 2529622 _____ () C:\Users\benjamka\AppData\Local\[j0002]-[p17].bmp 2016-01-16 19:15 - 2016-01-16 19:15 - 2529622 _____ () C:\Users\benjamka\AppData\Local\[j0002]-[p18].bmp 2016-01-16 19:15 - 2016-01-16 19:15 - 2529622 _____ () C:\Users\benjamka\AppData\Local\[j0002]-[p19].bmp 2016-01-16 19:15 - 2016-01-16 19:15 - 2529622 _____ () C:\Users\benjamka\AppData\Local\[j0002]-[p20].bmp 2016-01-16 19:15 - 2016-01-16 19:15 - 2529622 _____ () C:\Users\benjamka\AppData\Local\[j0002]-[p21].bmp 2016-01-16 19:15 - 2016-01-16 19:15 - 2529622 _____ () C:\Users\benjamka\AppData\Local\[j0002]-[p22].bmp 2016-01-16 19:15 - 2016-01-16 19:15 - 2529622 _____ () C:\Users\benjamka\AppData\Local\[j0002]-[p23].bmp 2012-12-26 00:20 - 2013-11-22 16:33 - 0000040 ___SH () C:\ProgramData\.zreglib 2016-01-25 16:27 - 2016-01-25 16:27 - 0000000 ____H () C:\ProgramData\cm-lock 2012-02-21 22:28 - 2012-02-21 22:28 - 0000056 ____H () C:\ProgramData\ezsidmv.dat 2015-08-03 19:02 - 2015-08-09 14:19 - 0034260 _____ () C:\ProgramData\hpzinstall.log Einige Dateien in TEMP: ==================== C:\Users\BBK 64\AppData\Local\Temp\avgnt.exe C:\Users\benjamka\AppData\Local\Temp\avgnt.exe C:\Users\Gast\AppData\Local\Temp\AskSLib.dll C:\Users\Gast\AppData\Local\Temp\avgnt.exe C:\Users\Hombre\AppData\Local\Temp\avgnt.exe ==================== Bamital & volsnap ================= (Es ist kein automatischer Fix für Dateien vorhanden, die an der Verifikation gescheitert sind.) C:\windows\system32\winlogon.exe => Datei ist digital signiert C:\windows\system32\wininit.exe => Datei ist digital signiert C:\windows\SysWOW64\wininit.exe => Datei ist digital signiert C:\windows\explorer.exe => Datei ist digital signiert C:\windows\SysWOW64\explorer.exe => Datei ist digital signiert C:\windows\system32\svchost.exe => Datei ist digital signiert C:\windows\SysWOW64\svchost.exe => Datei ist digital signiert C:\windows\system32\services.exe => Datei ist digital signiert C:\windows\system32\User32.dll => Datei ist digital signiert C:\windows\SysWOW64\User32.dll => Datei ist digital signiert C:\windows\system32\userinit.exe => Datei ist digital signiert C:\windows\SysWOW64\userinit.exe => Datei ist digital signiert C:\windows\system32\rpcss.dll => Datei ist digital signiert C:\windows\system32\dnsapi.dll => Datei ist digital signiert C:\windows\SysWOW64\dnsapi.dll => Datei ist digital signiert C:\windows\system32\Drivers\volsnap.sys => Datei ist digital signiert LastRegBack: 2016-01-19 13:14 ==================== Ende von FRST.txt ============================ |
25.01.2016, 20:59 | #26 |
| Adware ADWARE/AddLyrics.Gen... / Mind. sechs Viren gefunden ...und die Addition.txt: Code:
ATTFilter Zusätzliches Untersuchungsergebnis von Farbar Recovery Scan Tool (x64) Version:18-01-2016 durchgeführt von benjamka (2016-01-25 20:54:57) Gestartet von C:\Users\benjamka\Downloads Windows 7 Home Premium Service Pack 1 (X64) (2012-01-24 20:09:27) Start-Modus: Normal ========================================================== ==================== Konten: ============================= Administrator (S-1-5-21-50433080-710429258-2441499552-500 - Administrator - Disabled) BBK 64 (S-1-5-21-50433080-710429258-2441499552-1004 - Administrator - Enabled) => C:\Users\BBK 64 benjamka (S-1-5-21-50433080-710429258-2441499552-1000 - Administrator - Enabled) => C:\Users\benjamka Gast (S-1-5-21-50433080-710429258-2441499552-501 - Limited - Enabled) => C:\Users\Gast Hombre (S-1-5-21-50433080-710429258-2441499552-1005 - Limited - Enabled) => C:\Users\Hombre HomeGroupUser$ (S-1-5-21-50433080-710429258-2441499552-1007 - Limited - Enabled) ==================== Sicherheits-Center ======================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er entfernt.) AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ==================== Installierte Programme ====================== (Nur Adware-Programme mit dem Zusatz "Hidden" können in die Fixlist aufgenommen werden, um sie sichtbar zu machen. Die Adware-Programme sollten manuell deinstalliert werden.) 4500_G510nz_Help (x32 Version: 000.0.439.000 - Hewlett-Packard) Hidden 4500G510nz (x32 Version: 000.0.439.000 - Hewlett-Packard) Hidden 4500G510nz_Software_Min (x32 Version: 000.0.423.000 - Hewlett-Packard) Hidden 64 Bit HP CIO Components Installer (Version: 7.2.8 - Hewlett-Packard) Hidden Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 2.0.3.13070 - Adobe Systems Inc.) Adobe Flash Player 20 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 20.0.0.286 - Adobe Systems Incorporated) Adobe Flash Player 20 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 20.0.0.286 - Adobe Systems Incorporated) Adobe Illustrator CS (HKLM-x32\...\{91A4AD99-69CE-4745-97B7-0E0DFBECFDE5}) (Version: 11 - Adobe Systems, Inc.) Adobe Photoshop Lightroom 5.7 64-bit (HKLM\...\{1B77B02E-17E4-4B6D-B8A1-74B29AF3D8DD}) (Version: 5.7.0 - Adobe Systems Incorporated) Adobe Reader X (10.1.16) MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-AA0000000001}) (Version: 10.1.16 - Adobe Systems Incorporated) Adobe SVG Viewer 3.0 (HKLM-x32\...\Adobe SVG Viewer) (Version: 3.0 - Adobe Systems, Inc.) ALPS Touch Pad Driver (HKLM\...\{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}) (Version: 7.106.303.203 - ALPS ELECTRIC CO., LTD.) AMD Catalyst Install Manager (HKLM\...\{7E5DC2C5-115A-322B-976C-219237FAED66}) (Version: 8.0.916.0 - Advanced Micro Devices, Inc.) Apple Application Support (HKLM-x32\...\{122ADF8C-DDA1-480C-9936-C88F2825B265}) (Version: 2.1.9 - Apple Inc.) Apple Mobile Device Support (HKLM\...\{6A76BEAF-6D1F-4273-A79B-DA8410A2E56B}) (Version: 5.2.0.6 - Apple Inc.) Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.) Aptana Studio 3 (HKLM-x32\...\Aptana Studio 3) (Version: 3.0.0 - Appcelerator, Inc.) Atheros Bluetooth Filter Driver Package (HKLM\...\{65486209-5C54-439C-8383-8AC9BBE25932}) (Version: 1.00.007 - Atheros Communications) Atheros Driver Installation Program (HKLM-x32\...\{C3A32068-8AB1-4327-BB16-BED9C6219DC7}) (Version: 9.2 - Atheros) AVM FRITZ!Box Druckeranschluss (HKLM-x32\...\AVMFBoxPrinter) (Version: - AVM Berlin) Bluetooth Stack for Windows by Toshiba (HKLM\...\{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}) (Version: v8.00.06(T) - TOSHIBA CORPORATION) Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.) BufferChm (x32 Version: 130.0.331.000 - Hewlett-Packard) Hidden Canon Inkjet Printer Driver Add-On Module (HKLM\...\CANONIJINBOXADDON100) (Version: - ) Canon iP2700 series Printer Driver (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_iP2700_series) (Version: - Canon Inc.) Canon Utilities Digital Photo Professional (HKLM-x32\...\Digital Photo Professional) (Version: 3.12.51.2 - Canon Inc.) Canon Utilities EOS Sample Music (HKLM-x32\...\EOS Sample Music) (Version: 1.0.1.1 - Canon Inc.) Canon Utilities EOS Utility (HKLM-x32\...\EOS Utility) (Version: 2.12.2.1 - Canon Inc.) Canon Utilities ImageBrowser EX (HKLM-x32\...\ImageBrowser EX) (Version: 1.4.0.5 - Canon Inc.) Canon Utilities PhotoStitch (HKLM-x32\...\PhotoStitch) (Version: 3.1.23.47 - Canon Inc.) Canon Utilities Picture Style Editor (HKLM-x32\...\Picture Style Editor) (Version: 1.12.2.0 - Canon Inc.) CBL Daten-Shredder (HKLM-x32\...\{560E96B3-356D-4572-9FE3-B44F9AB92622}) (Version: 1.0.0 - CBL Datenrettung GmbH) CCleaner (HKLM\...\CCleaner) (Version: 5.01 - Piriform) Contrôle ActiveX Windows Live Mesh pour connexions à distance (HKLM-x32\...\{55D003F4-9599-44BF-BA9E-95D060730DD3}) (Version: 15.4.5722.2 - Microsoft Corporation) Counter-Strike: Source (HKLM-x32\...\{9580813D-94B1-4C28-9426-A441E2BB29A5}) (Version: 1.0.0.0 - Valve) D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden Destinations (x32 Version: 130.0.0.0 - Hewlett-Packard) Hidden DeviceDiscovery (x32 Version: 130.0.372.000 - Hewlett-Packard) Hidden DocMgr (x32 Version: 130.0.000.000 - Ihr Firmenname) Hidden DocProc (x32 Version: 13.0.0.0 - Hewlett-Packard) Hidden Dropbox (HKU\S-1-5-21-50433080-710429258-2441499552-1000\...\Dropbox) (Version: 3.12.5 - Dropbox, Inc.) ElsterFormular (HKLM-x32\...\ElsterFormular) (Version: 14.3.20130522 - Landesfinanzdirektion Thüringen) ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version: - ) Fax (x32 Version: 130.0.418.000 - Hewlett-Packard) Hidden File Scavenger 4.3 (en) (HKLM-x32\...\QueTek File Scavenger 4.3 (en)) (Version: 4.3.2.0 - QueTek Consulting Corporation) FileZilla Client 3.14.1 (HKLM-x32\...\FileZilla Client) (Version: 3.14.1 - Tim Kosse) foobar2000 v1.1.10 (HKLM-x32\...\foobar2000) (Version: 1.1.10 - Peter Pawlowski) FRITZ!Box USB-Fernanschluss (HKU\S-1-5-21-50433080-710429258-2441499552-1000\...\2db37667170956ee) (Version: 2.3.2.0 - AVM Berlin) Galerie de photos Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden GetDataBack for FAT (HKLM-x32\...\{2EEEC858-21F8-419B-8FE2-820621BFFCD7}) (Version: 4.33.000 - Runtime Software) GetDataBack for NTFS (HKLM-x32\...\{56582EEA-3AEF-4D84-8B9D-C87A3CD9250F}) (Version: 4.33.000 - Runtime Software) Google Earth Plug-in (HKLM-x32\...\{4AB54F11-2F8C-11E3-B09F-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google) Google SketchUp 8 (HKLM-x32\...\{4BA6784F-3B10-473A-B9F5-33A36AC354D5}) (Version: 3.0.14358 - Google, Inc.) Google Update Helper (x32 Version: 1.3.29.1 - Google Inc.) Hidden GPL Ghostscript (HKLM\...\GPL Ghostscript 9.05) (Version: 9.05 - Artifex Software Inc.) GrampsAIO64 (HKLM-x32\...\GrampsAIO64 4.1.2) (Version: 4.1.2 - The GRAMPS project) High-Definition Video Playback (x32 Version: 7.1.13900.47.0 - Nero AG) Hidden HiJackThis (HKLM-x32\...\{45A66726-69BC-466B-A7A4-12FCBA4883D7}) (Version: 1.0.0 - Trend Micro) HP Document Manager 2.0 (HKLM\...\HP Document Manager) (Version: 2.0 - HP) HP Imaging Device Functions 13.0 (HKLM\...\HP Imaging Device Functions) (Version: 13.0 - HP) HP Officejet 4500 G510n-z (HKLM\...\{7E0E61CC-1C99-429D-BEA7-C4DD5B898D2A}) (Version: 13.0 - HP) HP Smart Web Printing 4.5 (HKLM\...\HP Smart Web Printing) (Version: 4.5 - HP) HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard) Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1144 - Intel Corporation) Intel(R) Network Connections Drivers (HKLM\...\PROSet) (Version: 15.4 - Intel) Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 10.1.2.1004 - Intel Corporation) IrfanView (remove only) (HKLM-x32\...\IrfanView) (Version: 4.35 - Irfan Skiljan) iTunes (HKLM\...\{840A3BAA-4C68-4581-9C7A-6F8D6CF531B9}) (Version: 10.6.3.25 - Apple Inc.) Java 8 Update 31 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418031F0}) (Version: 8.0.310 - Oracle Corporation) Java 8 Update 31 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218031F0}) (Version: 8.0.310 - Oracle Corporation) Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Macromedia Extension Manager (HKLM-x32\...\{0F022A2E-7022-497D-90A5-0F46746D8275}) (Version: 1.7.270 - Ihr Firmenname) Macromedia Flash 8 (HKLM-x32\...\{2BD5C305-1B27-4D41-B690-7A61172D2FEB}) (Version: 8.00.0000 - Macromedia) Macromedia Flash 8 Video Encoder (HKLM-x32\...\{8BF2C401-02CE-424D-BC26-6C4F9FB446B6}) (Version: 1.00.0000 - Macromedia) Macromedia Flash Player 8 (HKLM-x32\...\{885A63EA-382B-4DD4-A755-14809B8557D6}) (Version: 8.0.22.0 - Macromedia) Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation) Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft) Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation) Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation) Microsoft Office Live Add-in 1.5 (HKLM-x32\...\{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}) (Version: 2.0.4024.1 - Microsoft Corporation) Microsoft Primary Interoperability Assemblies 2005 (HKLM-x32\...\{2C303EE0-A595-3543-A71A-931C7AC40EDE}) (Version: 9.0.21022 - Microsoft Corporation) Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.41212.0 - Microsoft Corporation) Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation) Mozilla Firefox 43.0.4 (x86 de) (HKLM-x32\...\Mozilla Firefox 43.0.4 (x86 de)) (Version: 43.0.4 - Mozilla) Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 43.0.4.5848 - Mozilla) Mozilla Thunderbird 38.5.0 (x86 de) (HKLM-x32\...\Mozilla Thunderbird 38.5.0 (x86 de)) (Version: 38.5.0 - Mozilla) Mozilla Thunderbird 38.5.1 (x86 de) (HKU\S-1-5-21-50433080-710429258-2441499552-1000\...\Mozilla Thunderbird 38.5.1 (x86 de)) (Version: 38.5.1 - Mozilla) MSVC80_x64_v2 (Version: 1.0.3.0 - Nokia) Hidden MSVC80_x86_v2 (x32 Version: 1.0.3.0 - Nokia) Hidden MSVC90_x64 (Version: 1.0.1.2 - Nokia) Hidden MSVC90_x86 (x32 Version: 1.0.1.2 - Nokia) Hidden MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation) MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation) MyPhoneExplorer (HKLM-x32\...\MPE) (Version: 1.8.6 - F.J. Wechselberger) Nero BackItUp 10 (HKLM-x32\...\{68AB6930-5BFF-4FF6-923B-516A91984FE6}) (Version: 5.6.11500.16.100 - Nero AG) Nero BurnRights 10 (HKLM-x32\...\{943CFD7D-5336-47AF-9418-E02473A5A517}) (Version: 4.2.10500.1.102 - Nero AG) Nero Express 10 (HKLM-x32\...\{70550193-1C22-445C-8FA4-564E155DB1A7}) (Version: 10.2.12000.21.100 - Nero AG) Nero InfoTool 10 (HKLM-x32\...\{F412B4AF-388C-4FF5-9B2F-33DB1C536953}) (Version: 7.2.10400.5.100 - Nero AG) Nero MediaHub 10 (HKLM-x32\...\{1F7FB68F-52F6-46A3-B42F-38CE46295AE5}) (Version: 1.2.13300.36.100 - Nero AG) Nero Multimedia Suite 10 Essentials (HKLM-x32\...\{0FF68F26-416C-4954-ACA5-6AD5F9DE99C1}) (Version: 10.5.14800 - Nero AG) Nero RescueAgent 10 (HKLM-x32\...\{E337E787-CF61-4B7B-B84F-509202A54023}) (Version: 3.2.10800.9.100 - Nero AG) Nero StartSmart 10 (HKLM-x32\...\{F61D489E-6C44-49AC-AD02-7DA8ACA73A65}) (Version: 10.2.11600.14.100 - Nero AG) Nero Update (HKLM-x32\...\{65BB0407-4CC8-4DC7-952E-3EEFDF05602A}) (Version: 1.0.10300.25.0 - Nero AG) NETGEAR Powerline Utility (HKLM-x32\...\InstallShield_{2753B568-6F85-4E31-A114-A7F8D8606DDD}) (Version: 3.1.0.3 - NETGEAR Powerline) NETGEAR Powerline Utility (x32 Version: 3.1.0.3 - NETGEAR Powerline) Hidden NETGEAR USB Media Extender (HKLM-x32\...\{402E9ECB-92CE-49EE-8ABC-ECE73D009ED8}) (Version: 1.31 - NETGEAR) Network64 (Version: 130.0.550.000 - Hewlett-Packard) Hidden Network64 (Version: 140.0.221.000 - Hewlett-Packard) Hidden Nokia Connectivity Cable Driver (HKLM-x32\...\{29373274-977E-413C-A4DE-DC0F8E80C429}) (Version: 7.1.172.0 - Nokia) OCR Software by I.R.I.S. 13.0 (HKLM\...\HPOCR) (Version: 13.0 - HP) Open Sea Map - Data Logger - Logs data from ship's data networks (HKLM-x32\...\Open Sea Map Data Logger) (Version: "1.0.0" - "Open Sea Map") ownCloud (HKLM-x32\...\ownCloud) (Version: 2.1.0.5683 - ownCloud) Paint.NET v3.5.10 (HKLM\...\{529125EF-E3AC-4B74-97E6-F688A7C0F1C0}) (Version: 3.60.0 - dotPDN LLC) PC Connectivity Solution (HKLM-x32\...\{6D01D1B1-17BD-4F10-BB11-F08F0C47D42B}) (Version: 12.0.109.0 - Nokia) PDF Architect (HKLM-x32\...\{30B41B7A-3C9D-44DE-A7A1-949011F33CC3}) (Version: 1.0.41.8362 - pdfforge) PDFCreator (HKLM-x32\...\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}) (Version: 1.7.3 - pdfforge) PL-2303 USB-to-Serial (HKLM-x32\...\{ECC3713C-08A4-40E3-95F1-7D0704F1CE5E}) (Version: 1.3.0 - Prolific Technology INC) PlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation) PRE12 STI 64Installer (x32 Version: 12.0 - Adobe Systems Incorporated) Hidden PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.989 - Even Balance, Inc.) QuickTime (HKLM-x32\...\{0E64B098-8018-4256-BA23-C316A43AD9B0}) (Version: 7.72.80.56 - Apple Inc.) Raccolta foto di Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Realtek HDMI Audio Driver for ATI (HKLM-x32\...\{5449FB4F-1802-4D5B-A6D8-087DB1142147}) (Version: 6.0.1.6121 - Realtek Semiconductor Corp.) Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6293 - Realtek Semiconductor Corp.) Renesas Electronics USB 3.0 Host Controller Driver (HKLM-x32\...\InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}) (Version: 2.0.34.1 - Renesas Electronics Corporation) Renesas Electronics USB 3.0 Host Controller Driver (x32 Version: 2.0.34.1 - Renesas Electronics Corporation) Hidden RICOH Media Driver v2.13.17.01 (HKLM-x32\...\{FE041B02-234C-4AAA-9511-80DF6482A458}) (Version: 2.13.17.01 - RICOH) Scan (x32 Version: 13.0.0.0 - Hewlett-Packard) Hidden Skype Click to Call (HKLM-x32\...\{B6CF2967-C81E-40C0-9815-C05774FEF120}) (Version: 5.9.9216 - Skype Technologies S.A.) Skype™ 7.17 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.17.105 - Skype Technologies S.A.) SmartWebPrinting (x32 Version: 130.0.373.000 - Hewlett-Packard) Hidden Status (x32 Version: 130.0.373.000 - Hewlett-Packard) Hidden Steam(TM) (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve) Synology Cloud Station (HKLM-x32\...\{102406C7-6BD4-47AA-A858-A54C7002E32E}) (Version: 3.1.3320 - Synology) Synology Data Replicator 3 (HKLM-x32\...\{8E310838-457C-4269-B177-3EFB300CBDDC}) (Version: 1.0.0.0 - Synology Inc.) TeamViewer 8 (HKLM-x32\...\TeamViewer 8) (Version: 8.0.16642 - TeamViewer) Toolbox (x32 Version: 130.0.648.000 - Hewlett-Packard) Hidden TOSHIBA 180 Degrees Rotation Utility (HKLM-x32\...\{FEDFB4DC-E149-4897-B616-4811C718E54F}) (Version: 1.4.0 - TOSHIBA Corporation) TOSHIBA Assist (HKLM-x32\...\{C2A276E3-154E-44DC-AAF1-FFDD7FD30E35}) (Version: 4.02.02 - TOSHIBA CORPORATION) TOSHIBA Bulletin Board (HKLM-x32\...\InstallShield_{43DBC64B-3DD1-47E2-8788-D3C3B110C574}) (Version: 2.1.10.64 - TOSHIBA Corporation) TOSHIBA ConfigFree (HKLM-x32\...\{38C52F7D-A6CB-4CE7-A189-8AABE8774D8A}) (Version: 8.0.38 - TOSHIBA CORPORATION) TOSHIBA Disc Creator (HKLM\...\{5DA0E02F-970B-424B-BF41-513A5018E4C0}) (Version: 2.1.0.9 for x64 - TOSHIBA Corporation) TOSHIBA eco Utility (HKLM\...\{6FF9A012-0254-41E9-81E2-F538C4B53611}) (Version: 1.3.2.64 - TOSHIBA Corporation) TOSHIBA Face Recognition (HKLM-x32\...\InstallShield_{F67FA545-D8E5-4209-86B1-AEE045D1003F}) (Version: 3.1.8.64 - TOSHIBA Corporation) TOSHIBA HDD/SSD Alert (HKLM\...\{D4322448-B6AF-4316-B859-D8A0E84DCB38}) (Version: 3.1.64.8 - TOSHIBA Corporation) TOSHIBA Intelligent Display Management (HKLM\...\{636E2BA9-126F-493D-A033-343C145AAD87}) (Version: 1.0.3.0 - TOSHIBA Corporation) Toshiba Manuals (HKLM-x32\...\{90FF4432-21B7-4AF6-BA6E-FB8C1FED9173}) (Version: 10.02 - TOSHIBA) TOSHIBA Media Controller (HKLM-x32\...\{C7A4F26F-F9B0-41B2-8659-99181108CDE3}) (Version: 1.0.86.2 - TOSHIBA CORPORATION) TOSHIBA Media Controller Plug-in (HKLM-x32\...\{F26FDF57-483E-42C8-A9C9-EEE1EDB256E0}) (Version: 1.0.6.1 - TOSHIBA CORPORATION) TOSHIBA Online Product Information (HKLM-x32\...\{2290A680-4083-410A-ADCC-7092C67FC052}) (Version: 4.00.0008 - TOSHIBA) TOSHIBA PC Health Monitor (HKLM\...\{9DECD0F9-D3E8-48B0-A390-1CF09F54E3A4}) (Version: 1.7.7.64 - TOSHIBA Corporation) TOSHIBA Places Icon Utility (HKLM-x32\...\{461F6F0D-7173-4902-9604-AB1A29108AF2}) (Version: 1.1.1.4 - TOSHIBA Corporation) TOSHIBA Recovery Media Creator (HKLM-x32\...\{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}) (Version: 2.1.3.5109 - TOSHIBA CORPORATION) TOSHIBA Recovery Media Creator Reminder (HKLM-x32\...\InstallShield_{773970F1-5EBA-4474-ADEE-1EA3B0A59492}) (Version: 1.00.0019 - TOSHIBA) TOSHIBA ReelTime (HKLM-x32\...\InstallShield_{24811C12-F4A9-4D0F-8494-A7B8FE46123C}) (Version: 1.7.18.64 - TOSHIBA Corporation) TOSHIBA Resolution+ Plug-in for Windows Media Player (HKLM-x32\...\{6CB76C9D-80C2-4CB3-A4CD-D96B239E3F94}) (Version: 1.1.0 - TOSHIBA Corporation) TOSHIBA Security Assist (HKLM-x32\...\{1E63ACB5-D45E-4856-8FC9-78F4B0D7BB80}) (Version: 2.0.9 - TOSHIBA) TOSHIBA Service Station (HKLM-x32\...\{AC6569FA-6919-442A-8552-073BE69E247A}) (Version: 2.1.52 - TOSHIBA) TOSHIBA Sleep Utility (HKLM-x32\...\{654F7484-88C5-46DC-AB32-C66BCB0E2102}) (Version: 1.4.2.7 - TOSHIBA Corporation) TOSHIBA Sync Utility (HKLM-x32\...\{CCF62642-ECB1-4D2B-80C0-3FD3286AEAED}) (Version: 2.0.3060 - TOSHIBA Corporation) TOSHIBA TEMPRO (HKLM-x32\...\{F082CB11-4794-4259-99A1-D91BA762AD15}) (Version: 3.35 - Toshiba Europe GmbH) TOSHIBA Value Added Package (HKLM-x32\...\InstallShield_{066CFFF8-12BF-4390-A673-75F95EFF188E}) (Version: 1.5.10.64 - TOSHIBA Corporation) TOSHIBA VIDEO PLAYER (HKLM-x32\...\{6C5F3BDC-0A1B-4436-A696-5939629D5C31}) (Version: 4.00.4.60-A - TOSHIBA Corporation) TOSHIBA Web Camera Application (HKLM-x32\...\InstallShield_{6F3C8901-EBD3-470D-87F8-AC210F6E5E02}) (Version: 1.1.7.1 - TOSHIBA Corporation) TOSHIBA Wireless LAN Indicator (HKLM-x32\...\{5BA99779-6E12-49EF-BE49-F35B1EDB4DF9}) (Version: 1.0.4 - TOSHIBA CORPORATION) Total Commander 64-bit (Remove or Repair) (HKLM\...\Totalcmd64) (Version: 8.50 beta 12 - Ghisler Software GmbH) TrayApp (x32 Version: 130.0.376.000 - Hewlett-Packard) Hidden TrueCrypt (HKLM-x32\...\TrueCrypt) (Version: 7.1a - TrueCrypt Foundation) Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft) Update für Microsoft Office Excel 2007 Help (KB963678) (HKLM-x32\...\{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{BEC163EC-7A83-48A1-BFB6-3BF47CC2F8CF}) (Version: - Microsoft) Update für Microsoft Office Outlook 2007 Help (KB963677) (HKLM-x32\...\{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{F6828576-6F79-470D-AB50-69D1BBADBD30}) (Version: - Microsoft) Update für Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM-x32\...\{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{EA160DA3-E9B5-4D03-A518-21D306665B96}) (Version: - Microsoft) Update für Microsoft Office Word 2007 Help (KB963665) (HKLM-x32\...\{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{38472199-D7B6-4833-A949-10E4EE6365A1}) (Version: - Microsoft) VeraCrypt (HKLM-x32\...\VeraCrypt) (Version: 1.16 - IDRIX) VLC media player (HKLM-x32\...\VLC media player) (Version: 2.1.5 - VideoLAN) WebReg (x32 Version: 130.0.132.017 - Hewlett-Packard) Hidden Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3508.1109 - Microsoft Corporation) Windows Live Mesh - ActiveX-besturingselement voor externe verbindingen (HKLM-x32\...\{C32CE55C-12BA-4951-8797-0967FDEF556F}) (Version: 15.4.5722.2 - Microsoft Corporation) Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation) Windows Live Mesh ActiveX control for remote connections (HKLM-x32\...\{C5398A89-516C-4DAF-BA07-EE7949090E56}) (Version: 15.4.5722.2 - Microsoft Corporation) Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{C63A1E60-B6A4-440B-89A5-1FC6E4AC1C94}) (Version: 15.4.5722.2 - Microsoft Corporation) Windows-Treiberpaket - Nokia pccsmcfd LegacyDriver (05/31/2012 7.1.2.0) (HKLM\...\62BBD193ADFDBB228C7E1ADB56463F5732FF7F6F) (Version: 05/31/2012 7.1.2.0 - Nokia) WinRAR 4.10 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 4.10.0 - win.rar GmbH) XAMPP (HKLM-x32\...\xampp) (Version: 5.6.15-1 - Bitnami) ==================== Benutzerdefinierte CLSID (Nicht auf der Ausnahmeliste): ========================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.) CustomCLSID: HKU\S-1-5-21-50433080-710429258-2441499552-1000_Classes\CLSID\{00000001-0E3A-4123-8B32-4B68A91E104A}\InprocServer32 -> C:\Program Files\TOSHIBA\TOSHIBA Places Icon Utility\TosDIBasePlace.dll (Toshiba Corporation) CustomCLSID: HKU\S-1-5-21-50433080-710429258-2441499552-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\benjamka\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-50433080-710429258-2441499552-1000_Classes\CLSID\{2C4A5D61-009C-4561-9A33-6AFD542FD237}\InprocServer32 -> C:\Users\benjamka\AppData\Local\CloudStation\app\icon-overlay\10\x64\ContextMenu.dll () CustomCLSID: HKU\S-1-5-21-50433080-710429258-2441499552-1000_Classes\CLSID\{472CE1AD-5D53-4BCF-A1FB-3982A5F55138}\InprocServer32 -> C:\Users\benjamka\AppData\Local\CloudStation\app\icon-overlay\10\x64\iconOverlay.dll (TODO: <Company name>) CustomCLSID: HKU\S-1-5-21-50433080-710429258-2441499552-1000_Classes\CLSID\{48AB5ADA-36B1-4137-99C9-2BD97F8788AB}\InprocServer32 -> C:\Users\benjamka\AppData\Local\CloudStation\app\icon-overlay\10\x64\iconOverlay.dll (TODO: <Company name>) CustomCLSID: HKU\S-1-5-21-50433080-710429258-2441499552-1000_Classes\CLSID\{A433C3E0-8B24-40EB-93C3-4B10D9959F58}\InprocServer32 -> C:\Users\benjamka\AppData\Local\CloudStation\app\icon-overlay\10\x64\iconOverlay.dll (TODO: <Company name>) CustomCLSID: HKU\S-1-5-21-50433080-710429258-2441499552-1000_Classes\CLSID\{AEB16659-2125-4ADA-A4AB-45EE21E86469}\InprocServer32 -> C:\Users\benjamka\AppData\Local\CloudStation\app\icon-overlay\10\x64\iconOverlay.dll (TODO: <Company name>) CustomCLSID: HKU\S-1-5-21-50433080-710429258-2441499552-1000_Classes\CLSID\{C701AD67-3DF0-47C9-89CB-DFA6207BE229}\InprocServer32 -> C:\Users\benjamka\AppData\Local\CloudStation\app\icon-overlay\10\x64\iconOverlay.dll (TODO: <Company name>) CustomCLSID: HKU\S-1-5-21-50433080-710429258-2441499552-1000_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Users\benjamka\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-50433080-710429258-2441499552-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\benjamka\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-50433080-710429258-2441499552-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\benjamka\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-50433080-710429258-2441499552-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\benjamka\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-50433080-710429258-2441499552-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\benjamka\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-50433080-710429258-2441499552-1000_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\benjamka\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-50433080-710429258-2441499552-1000_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\benjamka\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-50433080-710429258-2441499552-1000_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\benjamka\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-50433080-710429258-2441499552-1000_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\benjamka\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-50433080-710429258-2441499552-1000_Classes\CLSID\{FBC9D74C-AF55-4309-9FB2-C426E071637F}\InprocServer32 -> C:\Users\benjamka\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll (Dropbox, Inc.) ==================== Geplante Aufgaben (Nicht auf der Ausnahmeliste) ============= (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.) Task: {011F99F6-D4FE-4507-BF04-0C1ECE08CFB6} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime => C:\Windows\system32\GWX\GWXUXWorker.exe [2015-12-05] (Microsoft Corporation) Task: {2DB0196A-A783-4BC7-B53F-99E000A2922E} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime => C:\Windows\system32\GWX\GWXUXWorker.exe [2015-12-05] (Microsoft Corporation) Task: {3BC1310F-6262-42B9-AB22-8764714495F3} - \Lyrics Seeker Update -> Keine Datei <==== ACHTUNG Task: {533CC4DB-ED83-4A01-86D2-45C2C6C5B463} - System32\Tasks\AdobeAAMUpdater-1.0-BBKLAPTOP-benjamka => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2013-06-03] (Adobe Systems Incorporated) Task: {5A40E926-9E86-4B89-9CFD-B12311724371} - System32\Tasks\Microsoft\Windows\UPnP\UPnPHostConfig => config upnphost start= auto Task: {5DC2A5C6-291E-431E-A4BA-0D992EDAC946} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-50433080-710429258-2441499552-1000UA => C:\Users\benjamka\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2015-06-16] (Dropbox, Inc.) Task: {5F67D011-55AA-45C2-A392-FCF737176BF3} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-09-03] (Google Inc.) Task: {612FDC98-97F1-4126-AFA2-2AA3D1E9A694} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-50433080-710429258-2441499552-1000Core => C:\Users\benjamka\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2015-06-16] (Dropbox, Inc.) Task: {667B4007-3460-4B4D-AF2C-0C5FB1448F21} - System32\Tasks\Adobe Flash Player Updater => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-01-19] (Adobe Systems Incorporated) Task: {806B77B1-FDCD-4237-AFD5-B41275BFFB69} - System32\Tasks\Ad-Aware Update (Weekly) => C:\Program Files (x86)\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe Task: {81195C19-3472-43E1-9EF1-E3BD96BE36FE} - System32\Tasks\{008D639C-C03A-41C9-BEF9-9FAEFC132657} => pcalua.exe -a "C:\Program Files (x86)\InstallShield Installation Information\{EF36A836-BF89-4A4F-B079-057B0C68C1E0}\setup.exe" -c -runfromtemp -l0x0007 -removeonly Task: {BB590BE5-9A30-423B-B339-6D03DAC80375} - System32\Tasks\Microsoft\Windows\Setup\xtgt\refreshxtgtconfig => C:\Windows\system32\XTgt\XTgtMgr.exe [2015-10-05] (Microsoft Corporation) Task: {C12F51AA-FD5C-4DC2-B4DD-BB5F0C966510} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-10-28] (Adobe Systems Incorporated) Task: {D9209408-5882-4E3F-B395-A413AC2F0E07} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-09-03] (Google Inc.) Task: {DC404808-131E-4D79-A6F9-5E68B8D971CC} - System32\Tasks\ConfigFree Startup Programs => C:\Program Files (x86)\TOSHIBA\ConfigFree\NDSTray.exe [2010-12-03] (TOSHIBA CORPORATION) Task: {DD9F510C-95F4-499A-90C8-BAC5BC372FF4} - System32\Tasks\Microsoft\Windows\SoftwareProtectionPlatform\SvcRestartTask => start sppsvc Task: {FC21203B-2B24-4388-9208-6B84BBA593A5} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-12-12] (Piriform Ltd) (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Aufgabe verschoben. Die Datei, die durch die Aufgabe gestartet wird, wird nicht verschoben.) Task: C:\windows\Tasks\Adobe Flash Player Updater.job => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe Task: C:\windows\Tasks\DropboxUpdateTaskUserS-1-5-21-50433080-710429258-2441499552-1000Core.job => C:\Users\benjamka\AppData\Local\Dropbox\Update\DropboxUpdate.exe Task: C:\windows\Tasks\DropboxUpdateTaskUserS-1-5-21-50433080-710429258-2441499552-1000UA.job => C:\Users\benjamka\AppData\Local\Dropbox\Update\DropboxUpdate.exe Task: C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe ==================== Verknüpfungen ============================= (Die Einträge können gelistet werden, um sie zurückzusetzen oder zu entfernen.) ==================== Geladene Module (Nicht auf der Ausnahmeliste) ============== 2013-01-21 20:45 - 2012-11-28 18:50 - 00019880 _____ () C:\windows\system32\spool\PRTPROCS\x64\TeamViewer_PrintProcessor.dll 2012-06-15 11:31 - 2012-06-15 11:31 - 00718848 _____ () C:\Program Files (x86)\NETGEAR\USB Media Extender\setqos.exe 2015-03-03 00:53 - 2015-03-03 00:57 - 00076888 _____ () C:\windows\SysWOW64\PnkBstrA.exe 2013-05-15 20:33 - 2010-04-13 15:40 - 00968448 _____ () C:\Program Files (x86)\Second Copy 8\SCVSSSvc.exe 2013-10-09 10:52 - 2013-10-09 10:52 - 00384072 _____ () C:\Program Files (x86)\Synology Data Replicator 3\SynoDrServicex64.exe 2011-04-07 21:59 - 2011-04-07 21:59 - 00592312 _____ () C:\Program Files\TOSHIBA\TECO\TecoPower.dll 2015-06-19 02:31 - 2015-06-19 02:31 - 00059392 _____ () C:\Program Files (x86)\ownCloud\shellext\OCUtil_x64.dll 2015-10-16 11:02 - 2015-10-16 11:02 - 00043480 _____ () C:\Program Files (x86)\FileZilla FTP Client\fzshellext_64.dll 2010-11-19 01:18 - 2010-11-19 01:18 - 11190784 _____ () C:\Program Files\TOSHIBA\FlashCards\BlackPng.dll 2011-03-03 22:21 - 2011-03-03 22:21 - 03420584 _____ () C:\Program Files\TOSHIBA\BulletinBoard\TosNcUi.dll 2015-12-03 10:27 - 2015-12-03 10:27 - 01890830 _____ () C:\Program Files (x86)\ownCloud\owncloud.exe 2013-12-29 23:05 - 2013-10-03 10:42 - 00069120 _____ () C:\Program Files (x86)\Canon\ImageBrowser EX\MFManager.exe 2012-06-25 10:19 - 2012-06-25 10:19 - 22641664 _____ () C:\Program Files (x86)\NETGEAR\USB Media Extender\Control Center.exe 2014-12-12 23:24 - 2014-12-12 23:24 - 00047104 _____ () C:\Program Files\CCleaner\lang\lang-1031.dll 2010-12-08 23:42 - 2010-12-08 23:42 - 00079264 _____ () C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosIPCWraper.dll 2012-05-30 19:06 - 2012-05-30 19:06 - 00087912 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll 2012-05-30 19:06 - 2012-05-30 19:06 - 01242512 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll 2015-12-03 10:27 - 2015-12-03 10:27 - 00681998 _____ () C:\Program Files (x86)\ownCloud\libocsync.dll 2015-08-06 08:59 - 2015-08-06 08:59 - 00097326 _____ () C:\Program Files (x86)\ownCloud\libgcc_s_sjlj-1.dll 2015-08-06 08:59 - 2015-08-06 08:59 - 00922727 _____ () C:\Program Files (x86)\ownCloud\libstdc++-6.dll 2015-12-03 10:27 - 2015-12-03 10:27 - 01022478 _____ () C:\Program Files (x86)\ownCloud\libowncloudsync.dll 2015-08-06 08:10 - 2015-08-06 08:10 - 00085548 _____ () C:\Program Files (x86)\ownCloud\zlib1.dll 2015-08-06 16:48 - 2015-08-06 16:48 - 00051095 _____ () C:\Program Files (x86)\ownCloud\libqt5keychain.dll 2015-08-06 08:21 - 2015-08-06 08:21 - 02197765 _____ () C:\Program Files (x86)\ownCloud\icui18n53.dll 2015-08-06 08:21 - 2015-08-06 08:21 - 01308778 _____ () C:\Program Files (x86)\ownCloud\icuuc53.dll 2015-08-06 08:21 - 2015-08-06 08:21 - 21539975 _____ () C:\Program Files (x86)\ownCloud\icudata53.dll 2015-08-06 08:11 - 2015-08-06 08:11 - 00148117 _____ () C:\Program Files (x86)\ownCloud\libpcre16-0.dll 2015-08-06 08:16 - 2015-08-06 08:16 - 01366986 _____ () C:\Program Files (x86)\ownCloud\libGLESv2.dll 2015-08-06 08:14 - 2015-08-06 08:14 - 00209711 _____ () C:\Program Files (x86)\ownCloud\libpng16-16.dll 2015-08-06 08:16 - 2015-08-06 08:16 - 00154982 _____ () C:\Program Files (x86)\ownCloud\libEGL.dll 2015-08-06 08:14 - 2015-08-06 08:14 - 00350662 _____ () C:\Program Files (x86)\ownCloud\libjpeg-8.dll 2015-08-06 08:17 - 2015-08-06 08:17 - 00689339 _____ () C:\Program Files (x86)\ownCloud\libsqlite3-0.dll 2015-08-06 10:35 - 2015-08-06 10:35 - 00247540 _____ () C:\Program Files (x86)\ownCloud\libwebp-4.dll 2015-08-06 08:26 - 2015-08-06 08:26 - 01169416 _____ () C:\Program Files (x86)\ownCloud\libxml2-2.dll 2015-08-06 10:38 - 2015-08-06 10:38 - 00231727 _____ () C:\Program Files (x86)\ownCloud\libxslt-1.dll 2013-12-29 23:05 - 2013-10-03 10:42 - 00112128 _____ () C:\Program Files (x86)\Canon\ImageBrowser EX\MFMFileSystemWatcher.dll 2015-12-11 14:11 - 2015-10-31 01:59 - 00034768 _____ () C:\Users\benjamka\AppData\Roaming\Dropbox\bin\_multiprocessing.pyd 2015-12-11 14:11 - 2015-10-31 02:00 - 00019408 _____ () C:\Users\benjamka\AppData\Roaming\Dropbox\bin\faulthandler.pyd 2015-12-11 14:11 - 2015-12-08 22:36 - 00022848 _____ () C:\Users\benjamka\AppData\Roaming\Dropbox\bin\Crypto.Random.OSRNG.winrandom.pyd 2015-12-11 14:11 - 2015-12-08 22:36 - 00023352 _____ () C:\Users\benjamka\AppData\Roaming\Dropbox\bin\Crypto.Util._counter.pyd 2015-12-11 14:11 - 2015-12-08 22:36 - 00042296 _____ () C:\Users\benjamka\AppData\Roaming\Dropbox\bin\Crypto.Cipher._AES.pyd 2015-12-11 14:11 - 2015-10-31 01:59 - 00116688 _____ () C:\Users\benjamka\AppData\Roaming\Dropbox\bin\pywintypes27.dll 2015-12-11 14:11 - 2015-10-31 01:59 - 00093640 _____ () C:\Users\benjamka\AppData\Roaming\Dropbox\bin\_ctypes.pyd 2015-12-11 14:11 - 2015-10-31 01:59 - 00018376 _____ () C:\Users\benjamka\AppData\Roaming\Dropbox\bin\select.pyd 2015-12-11 14:11 - 2015-12-08 22:36 - 00019760 _____ () C:\Users\benjamka\AppData\Roaming\Dropbox\bin\tornado.speedups.pyd 2015-12-11 14:11 - 2015-10-31 02:00 - 00105928 _____ () C:\Users\benjamka\AppData\Roaming\Dropbox\bin\win32api.pyd 2015-12-11 14:11 - 2015-10-31 01:59 - 00392144 _____ () C:\Users\benjamka\AppData\Roaming\Dropbox\bin\pythoncom27.dll 2015-12-11 14:11 - 2015-12-08 22:36 - 00381752 _____ () C:\Users\benjamka\AppData\Roaming\Dropbox\bin\win32com.shell.shell.pyd 2015-12-11 14:11 - 2015-10-31 01:59 - 00692688 _____ () C:\Users\benjamka\AppData\Roaming\Dropbox\bin\unicodedata.pyd 2015-12-11 14:11 - 2015-12-08 22:36 - 00020816 _____ () C:\Users\benjamka\AppData\Roaming\Dropbox\bin\cryptography.hazmat.bindings._constant_time.pyd 2015-12-11 14:11 - 2015-10-31 02:00 - 00109520 _____ () C:\Users\benjamka\AppData\Roaming\Dropbox\bin\_cffi_backend.pyd 2015-12-11 14:11 - 2015-12-08 22:36 - 01737032 _____ () C:\Users\benjamka\AppData\Roaming\Dropbox\bin\cryptography.hazmat.bindings._openssl.pyd 2015-12-11 14:11 - 2015-12-08 22:36 - 00020808 _____ () C:\Users\benjamka\AppData\Roaming\Dropbox\bin\cryptography.hazmat.bindings._padding.pyd 2015-12-11 14:11 - 2015-12-08 22:36 - 00020800 _____ () C:\Users\benjamka\AppData\Roaming\Dropbox\bin\_cffi_python_x66cf7a7cx17a72769.pyd 2015-12-11 14:11 - 2015-12-08 22:36 - 00021840 _____ () C:\Users\benjamka\AppData\Roaming\Dropbox\bin\_cffi_unicode_environ_win32_x8bf8e68bx9968e850.pyd 2015-12-11 14:11 - 2015-12-08 22:36 - 00038696 _____ () C:\Users\benjamka\AppData\Roaming\Dropbox\bin\fastpath.pyd 2015-12-11 14:11 - 2015-10-31 02:00 - 00024528 _____ () C:\Users\benjamka\AppData\Roaming\Dropbox\bin\win32event.pyd 2015-12-11 14:11 - 2015-10-31 02:00 - 00020936 _____ () C:\Users\benjamka\AppData\Roaming\Dropbox\bin\mmapfile.pyd 2015-12-11 14:11 - 2015-10-31 02:00 - 00114640 _____ () C:\Users\benjamka\AppData\Roaming\Dropbox\bin\win32security.pyd 2015-12-11 14:11 - 2015-12-08 22:36 - 00021320 _____ () C:\Users\benjamka\AppData\Roaming\Dropbox\bin\_cffi_pywin_kernel32_xde9e4433x360333f0.pyd 2015-12-11 14:11 - 2015-10-31 02:00 - 00124880 _____ () C:\Users\benjamka\AppData\Roaming\Dropbox\bin\win32file.pyd 2015-12-11 14:11 - 2015-10-31 02:00 - 00030160 _____ () C:\Users\benjamka\AppData\Roaming\Dropbox\bin\win32pipe.pyd 2015-12-11 14:11 - 2015-10-31 02:00 - 00043472 _____ () C:\Users\benjamka\AppData\Roaming\Dropbox\bin\win32process.pyd 2015-12-11 14:11 - 2015-10-31 02:00 - 00175560 _____ () C:\Users\benjamka\AppData\Roaming\Dropbox\bin\win32gui.pyd 2015-12-11 14:11 - 2015-10-31 02:00 - 00028616 _____ () C:\Users\benjamka\AppData\Roaming\Dropbox\bin\win32ts.pyd 2015-12-11 14:11 - 2015-10-31 02:00 - 00024016 _____ () C:\Users\benjamka\AppData\Roaming\Dropbox\bin\win32clipboard.pyd 2015-12-11 14:11 - 2015-10-31 02:00 - 00048592 _____ () C:\Users\benjamka\AppData\Roaming\Dropbox\bin\win32service.pyd 2015-12-11 14:11 - 2015-12-08 22:36 - 00024392 _____ () C:\Users\benjamka\AppData\Roaming\Dropbox\bin\librsyncffi.compiled._librsyncffi.pyd 2015-12-11 14:11 - 2015-10-31 02:00 - 00036296 _____ () C:\Users\benjamka\AppData\Roaming\Dropbox\bin\librsync.dll 2015-12-11 14:11 - 2015-10-31 02:00 - 00024016 _____ () C:\Users\benjamka\AppData\Roaming\Dropbox\bin\win32profile.pyd 2015-12-11 14:11 - 2015-12-08 22:36 - 00117056 _____ () C:\Users\benjamka\AppData\Roaming\Dropbox\bin\breakpad.client.windows.handler.pyd 2015-12-11 14:11 - 2015-12-08 22:36 - 00023376 _____ () C:\Users\benjamka\AppData\Roaming\Dropbox\bin\winscreenshot.compiled._CaptureScreenshot.pyd 2015-12-11 14:11 - 2015-10-31 01:59 - 00134608 _____ () C:\Users\benjamka\AppData\Roaming\Dropbox\bin\_elementtree.pyd 2015-12-11 14:11 - 2015-10-31 01:59 - 00134088 _____ () C:\Users\benjamka\AppData\Roaming\Dropbox\bin\pyexpat.pyd 2015-12-11 14:11 - 2015-10-31 02:00 - 00240584 _____ () C:\Users\benjamka\AppData\Roaming\Dropbox\bin\jpegtran.pyd 2015-12-11 14:11 - 2015-12-08 22:36 - 00020280 _____ () C:\Users\benjamka\AppData\Roaming\Dropbox\bin\cpuid.compiled._cpuid.pyd 2015-12-11 14:11 - 2015-12-08 22:36 - 00052024 _____ () C:\Users\benjamka\AppData\Roaming\Dropbox\bin\psutil._psutil_windows.pyd 2015-12-11 14:11 - 2015-12-08 22:36 - 00021304 _____ () C:\Users\benjamka\AppData\Roaming\Dropbox\bin\Crypto.Util.strxor.pyd 2015-12-11 14:11 - 2015-10-31 02:00 - 00350152 _____ () C:\Users\benjamka\AppData\Roaming\Dropbox\bin\winxpgui.pyd 2015-12-11 14:11 - 2015-12-08 22:36 - 00084792 _____ () C:\Users\benjamka\AppData\Roaming\Dropbox\bin\dropbox_sqlite_ext.DLL 2015-12-11 14:11 - 2015-12-08 22:36 - 01826608 _____ () C:\Users\benjamka\AppData\Roaming\Dropbox\bin\PyQt5.QtCore.pyd 2015-12-11 14:11 - 2015-10-31 02:00 - 00083912 _____ () C:\Users\benjamka\AppData\Roaming\Dropbox\bin\sip.pyd 2015-12-11 14:11 - 2015-12-08 22:36 - 03891504 _____ () C:\Users\benjamka\AppData\Roaming\Dropbox\bin\PyQt5.QtWidgets.pyd 2015-12-11 14:11 - 2015-12-08 22:36 - 01950000 _____ () C:\Users\benjamka\AppData\Roaming\Dropbox\bin\PyQt5.QtGui.pyd 2015-12-11 14:11 - 2015-12-08 22:36 - 00519984 _____ () C:\Users\benjamka\AppData\Roaming\Dropbox\bin\PyQt5.QtNetwork.pyd 2015-12-11 14:11 - 2015-12-08 22:36 - 00133936 _____ () C:\Users\benjamka\AppData\Roaming\Dropbox\bin\PyQt5.QtWebKit.pyd 2015-12-11 14:11 - 2015-12-08 22:36 - 00225080 _____ () C:\Users\benjamka\AppData\Roaming\Dropbox\bin\PyQt5.QtWebKitWidgets.pyd 2015-12-11 14:11 - 2015-12-08 22:36 - 00207672 _____ () C:\Users\benjamka\AppData\Roaming\Dropbox\bin\PyQt5.QtPrintSupport.pyd 2015-12-11 14:11 - 2015-12-08 22:36 - 00024904 _____ () C:\Users\benjamka\AppData\Roaming\Dropbox\bin\_cffi_wpad_proxy_win_x752e3d61xdcfdcc84.pyd 2015-12-11 14:11 - 2015-12-08 22:36 - 00486704 _____ () C:\Users\benjamka\AppData\Roaming\Dropbox\bin\PyQt5.QtQuick.pyd 2015-12-11 14:11 - 2015-12-08 22:36 - 00357680 _____ () C:\Users\benjamka\AppData\Roaming\Dropbox\bin\PyQt5.QtQml.pyd 2015-03-04 22:45 - 2015-10-31 02:01 - 00019920 _____ () C:\Users\benjamka\AppData\Roaming\Dropbox\bin\QtQuick.2\qtquick2plugin.dll 2015-03-04 22:45 - 2015-10-31 02:00 - 00786904 _____ () C:\Users\benjamka\AppData\Roaming\Dropbox\bin\QtQuick\Controls\qtquickcontrolsplugin.dll 2015-07-30 23:59 - 2015-10-31 02:00 - 00063448 _____ () C:\Users\benjamka\AppData\Roaming\Dropbox\bin\QtQuick\Layouts\qquicklayoutsplugin.dll 2015-03-04 22:45 - 2015-10-31 02:00 - 00019408 _____ () C:\Users\benjamka\AppData\Roaming\Dropbox\bin\QtQuick\Window.2\windowplugin.dll 2014-06-21 13:14 - 2015-07-21 10:43 - 00074272 _____ () C:\Program Files (x86)\PDF24\zlib.dll 2014-06-21 13:14 - 2015-07-21 10:43 - 00051744 _____ () C:\Program Files (x86)\PDF24\OperationUI.dll 2015-12-26 02:35 - 2016-01-09 19:59 - 00153032 _____ () C:\Program Files (x86)\Mozilla Thunderbird\NSLDAP32V60.dll 2015-12-26 02:35 - 2016-01-09 19:59 - 00022472 _____ () C:\Program Files (x86)\Mozilla Thunderbird\NSLDAPPR32V60.dll ==================== Alternate Data Streams (Nicht auf der Ausnahmeliste) ========= (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird nur der ADS entfernt.) ==================== Abgesicherter Modus (Nicht auf der Ausnahmeliste) =================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Der Wert "AlternateShell" wird wiederhergestellt.) ==================== EXE Verknüpfungen (Nicht auf der Ausnahmeliste) =============== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt.) ==================== Internet Explorer Vertrauenswürdig/Eingeschränkt =============== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt.) IE trusted site: HKU\.DEFAULT\...\localhost -> localhost IE trusted site: HKU\.DEFAULT\...\webcompanion.com -> hxxp://webcompanion.com IE restricted site: HKU\.DEFAULT\...\007guard.com -> install.007guard.com IE restricted site: HKU\.DEFAULT\...\008i.com -> 008i.com IE restricted site: HKU\.DEFAULT\...\008k.com -> www.008k.com IE restricted site: HKU\.DEFAULT\...\00hq.com -> www.00hq.com IE restricted site: HKU\.DEFAULT\...\010402.com -> 010402.com IE restricted site: HKU\.DEFAULT\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com IE restricted site: HKU\.DEFAULT\...\0scan.com -> www.0scan.com IE restricted site: HKU\.DEFAULT\...\1-2005-search.com -> www.1-2005-search.com IE restricted site: HKU\.DEFAULT\...\1-domains-registrations.com -> www.1-domains-registrations.com IE restricted site: HKU\.DEFAULT\...\1000gratisproben.com -> www.1000gratisproben.com IE restricted site: HKU\.DEFAULT\...\1001namen.com -> www.1001namen.com IE restricted site: HKU\.DEFAULT\...\100888290cs.com -> mir.100888290cs.com IE restricted site: HKU\.DEFAULT\...\100sexlinks.com -> www.100sexlinks.com IE restricted site: HKU\.DEFAULT\...\10sek.com -> www.10sek.com IE restricted site: HKU\.DEFAULT\...\12-26.net -> user1.12-26.net IE restricted site: HKU\.DEFAULT\...\12-27.net -> user1.12-27.net IE restricted site: HKU\.DEFAULT\...\123fporn.info -> www.123fporn.info IE restricted site: HKU\.DEFAULT\...\123haustiereundmehr.com -> www.123haustiereundmehr.com IE restricted site: HKU\.DEFAULT\...\123moviedownload.com -> www.123moviedownload.com IE restricted site: HKU\.DEFAULT\...\123simsen.com -> www.123simsen.com Da befinden sich 7867 mehr Seiten. IE trusted site: HKU\S-1-5-21-50433080-710429258-2441499552-1000\...\localhost -> localhost IE trusted site: HKU\S-1-5-21-50433080-710429258-2441499552-1000\...\webcompanion.com -> hxxp://webcompanion.com IE restricted site: HKU\S-1-5-21-50433080-710429258-2441499552-1000\...\007guard.com -> install.007guard.com IE restricted site: HKU\S-1-5-21-50433080-710429258-2441499552-1000\...\008i.com -> 008i.com IE restricted site: HKU\S-1-5-21-50433080-710429258-2441499552-1000\...\008k.com -> www.008k.com IE restricted site: HKU\S-1-5-21-50433080-710429258-2441499552-1000\...\00hq.com -> www.00hq.com IE restricted site: HKU\S-1-5-21-50433080-710429258-2441499552-1000\...\010402.com -> 010402.com IE restricted site: HKU\S-1-5-21-50433080-710429258-2441499552-1000\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com IE restricted site: HKU\S-1-5-21-50433080-710429258-2441499552-1000\...\0scan.com -> www.0scan.com IE restricted site: HKU\S-1-5-21-50433080-710429258-2441499552-1000\...\1-2005-search.com -> www.1-2005-search.com IE restricted site: HKU\S-1-5-21-50433080-710429258-2441499552-1000\...\1-domains-registrations.com -> www.1-domains-registrations.com IE restricted site: HKU\S-1-5-21-50433080-710429258-2441499552-1000\...\1000gratisproben.com -> www.1000gratisproben.com IE restricted site: HKU\S-1-5-21-50433080-710429258-2441499552-1000\...\1001namen.com -> www.1001namen.com IE restricted site: HKU\S-1-5-21-50433080-710429258-2441499552-1000\...\100888290cs.com -> mir.100888290cs.com IE restricted site: HKU\S-1-5-21-50433080-710429258-2441499552-1000\...\100sexlinks.com -> www.100sexlinks.com IE restricted site: HKU\S-1-5-21-50433080-710429258-2441499552-1000\...\10sek.com -> www.10sek.com IE restricted site: HKU\S-1-5-21-50433080-710429258-2441499552-1000\...\12-26.net -> user1.12-26.net IE restricted site: HKU\S-1-5-21-50433080-710429258-2441499552-1000\...\12-27.net -> user1.12-27.net IE restricted site: HKU\S-1-5-21-50433080-710429258-2441499552-1000\...\123fporn.info -> www.123fporn.info IE restricted site: HKU\S-1-5-21-50433080-710429258-2441499552-1000\...\123haustiereundmehr.com -> www.123haustiereundmehr.com IE restricted site: HKU\S-1-5-21-50433080-710429258-2441499552-1000\...\123moviedownload.com -> www.123moviedownload.com IE restricted site: HKU\S-1-5-21-50433080-710429258-2441499552-1000\...\123simsen.com -> www.123simsen.com Da befinden sich 7867 mehr Seiten. ==================== Hosts Inhalt: =============================== (Wenn benötigt kann der Hosts: Schalter in die Fixlist aufgenommen werden um die Hosts Datei zurückzusetzen.) 2009-07-14 03:34 - 2009-06-10 22:00 - 00000824 ____N C:\windows\system32\Drivers\etc\hosts ==================== Andere Bereiche ============================ (Aktuell gibt es keinen automatisierten Fix für diesen Bereich.) HKU\S-1-5-21-50433080-710429258-2441499552-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\benjamka\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg DNS Servers: 192.168.178.1 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1) Windows Firewall ist aktiviert. ==================== MSCONFIG/TASK MANAGER Deaktivierte Einträge == (Aktuell gibt es keinen automatisierten Fix für diesen Bereich.) MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Toshiba Places Icon Utility.lnk => C:\windows\pss\Toshiba Places Icon Utility.lnk.CommonStartup MSCONFIG\startupreg: Ad-Aware Antivirus => "C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareLauncher" --windows-run MSCONFIG\startupreg: APSDaemon => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" MSCONFIG\startupreg: iTunesHelper => "C:\Program Files (x86)\iTunes\iTunesHelper.exe" MSCONFIG\startupreg: NBAgent => "C:\Program Files (x86)\Nero\Nero 10\Nero BackItUp\NBAgent.exe" /WinStart MSCONFIG\startupreg: Teco => "%ProgramFiles%\TOSHIBA\TECO\Teco.exe" /r MSCONFIG\startupreg: Toshiba Registration => C:\Program Files\TOSHIBA\Registration\ToshibaReminder.exe MSCONFIG\startupreg: Toshiba TEMPRO => C:\Program Files (x86)\Toshiba TEMPRO\TemproTray.exe MSCONFIG\startupreg: ToshibaServiceStation => "C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" /hide:60 MSCONFIG\startupreg: TosReelTimeMonitor => %ProgramFiles%\TOSHIBA\ReelTime\TosReelTimeMonitor.exe MSCONFIG\startupreg: TosWaitSrv => %ProgramFiles%\TOSHIBA\TPHM\TosWaitSrv.exe ==================== Firewall Regeln (Nicht auf der Ausnahmeliste) =============== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.) FirewallRules: [{18F9B4CF-3355-4DFE-9A11-D544039302FF}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe FirewallRules: [{0AEE0B96-C74A-41C4-B0D7-52425B60CC47}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe FirewallRules: [{7E4BAF6A-B2BF-4C1C-A432-BA8825ADEF25}] => (Allow) LPort=2869 FirewallRules: [{F6200A9A-D8DC-4617-9C3B-2631DDDE95DB}] => (Allow) LPort=1900 FirewallRules: [{43FC74DA-1CCE-4F15-913D-635F2B84115E}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe FirewallRules: [{A5482107-A5A1-4B1E-A0BF-D0D5E728C283}] => (Allow) C:\Program Files (x86)\Windows Live\Mesh\MOE.exe FirewallRules: [{50CA9607-1D43-411F-A483-16BD03B2902B}] => (Allow) C:\Program Files (x86)\Microsoft Office 2007\Office12\GROOVE.EXE FirewallRules: [{750BDA4C-701B-4E79-92F2-56F29D3AFCF7}] => (Allow) C:\Program Files (x86)\Microsoft Office 2007\Office12\GROOVE.EXE FirewallRules: [{872C8B78-429A-444A-BA1E-8AA79F340C81}] => (Allow) C:\Program Files (x86)\Microsoft Office 2007\Office12\ONENOTE.EXE FirewallRules: [{3B34C576-1E96-4C9B-8830-1FAF738001D8}] => (Allow) C:\Program Files (x86)\Microsoft Office 2007\Office12\ONENOTE.EXE FirewallRules: [TCP Query User{290FD82D-744F-4563-BB4D-566EAF8A35DA}C:\program files (x86)\microsoft office 2007\office12\groove.exe] => (Block) C:\program files (x86)\microsoft office 2007\office12\groove.exe FirewallRules: [UDP Query User{009B87DA-B380-4B5E-8E95-AA6D96F66C91}C:\program files (x86)\microsoft office 2007\office12\groove.exe] => (Block) C:\program files (x86)\microsoft office 2007\office12\groove.exe FirewallRules: [{6ECD5366-F230-4D9A-8475-B19A133B0997}] => (Allow) D:\fsetup.exe FirewallRules: [{A6B0C297-39D7-4AE5-8F73-72D7152A034E}] => (Allow) D:\fsetup.exe FirewallRules: [TCP Query User{0808B48E-0F94-4355-81D5-C327815353C0}C:\program files (x86)\videolan\vlc\vlc.exe] => (Block) C:\program files (x86)\videolan\vlc\vlc.exe FirewallRules: [UDP Query User{7BCEEF7D-9774-4A50-8D57-7884CEA9FEFF}C:\program files (x86)\videolan\vlc\vlc.exe] => (Block) C:\program files (x86)\videolan\vlc\vlc.exe FirewallRules: [{C57FF549-1292-430A-AA52-E86DB915416D}] => (Allow) C:\Users\benjamka\AppData\Roaming\Dropbox\bin\Dropbox.exe FirewallRules: [{C0715ED8-A10D-4CAF-ADB5-8873988C001E}] => (Allow) C:\Users\benjamka\AppData\Roaming\Dropbox\bin\Dropbox.exe FirewallRules: [{D40F8F1B-E8EA-4AB7-A73F-A2714B71F44A}] => (Allow) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe FirewallRules: [{1794BA9E-C5FB-46A5-8BA6-61E092ABD086}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe FirewallRules: [{9059B235-D15D-44F1-BBFA-9E8464658AD2}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe FirewallRules: [{459AEDE0-A773-49A6-AA3A-1CA18CFCD9F2}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe FirewallRules: [{D4EE5496-ED1E-4AE2-9769-FD54D3F59260}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe FirewallRules: [{EFA2E455-9780-4321-AA57-2DB9076619CD}] => (Allow) C:\Program Files (x86)\iTunes\iTunes.exe FirewallRules: [TCP Query User{CCDA79A0-1B87-4DFF-8FF1-75046488DAAF}C:\users\benjamka\appdata\roaming\dropbox\bin\dropbox.exe] => (Block) C:\users\benjamka\appdata\roaming\dropbox\bin\dropbox.exe FirewallRules: [UDP Query User{74CC3B9D-9D4C-4F71-B8BB-C3EDB7D9258C}C:\users\benjamka\appdata\roaming\dropbox\bin\dropbox.exe] => (Block) C:\users\benjamka\appdata\roaming\dropbox\bin\dropbox.exe FirewallRules: [TCP Query User{2893CA94-B315-4C4B-905C-6763A8268B26}C:\xampp\apache\bin\httpd.exe] => (Allow) C:\xampp\apache\bin\httpd.exe FirewallRules: [UDP Query User{EADBD15E-1BD8-48A6-BC05-BAB4C0E09FC4}C:\xampp\apache\bin\httpd.exe] => (Allow) C:\xampp\apache\bin\httpd.exe FirewallRules: [TCP Query User{2CCFD4B7-9196-4106-8EC0-BF94EF15EBEC}C:\xampp\mysql\bin\mysqld.exe] => (Allow) C:\xampp\mysql\bin\mysqld.exe FirewallRules: [UDP Query User{12D95F95-5719-46CB-AADA-A4C6AFA5DDA7}C:\xampp\mysql\bin\mysqld.exe] => (Allow) C:\xampp\mysql\bin\mysqld.exe FirewallRules: [{C5F8245F-2D8D-4E79-817A-A771DB1A0293}] => (Allow) C:\Program Files (x86)\TeamViewer\Version8\TeamViewer.exe FirewallRules: [{D264E3A8-828E-4490-91D0-A80340AA544D}] => (Allow) C:\Program Files (x86)\TeamViewer\Version8\TeamViewer.exe FirewallRules: [{9A9DD54F-0EBD-4DF4-A6F8-755DCDAA8C1F}] => (Allow) C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe FirewallRules: [{047E83B1-8FFD-4EB6-880A-B39D73DD215A}] => (Allow) C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe FirewallRules: [TCP Query User{C21B43D8-3ABE-4D6D-A569-130CCE4049C0}C:\program files (x86)\aptana s3\aptanastudio3.exe] => (Block) C:\program files (x86)\aptana s3\aptanastudio3.exe FirewallRules: [UDP Query User{E3C65BF3-1B18-49C7-B585-A72D5360EE61}C:\program files (x86)\aptana s3\aptanastudio3.exe] => (Block) C:\program files (x86)\aptana s3\aptanastudio3.exe FirewallRules: [{E7758F1E-63EC-45FD-9B85-2415BB68CC52}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe FirewallRules: [{B10DFC3C-0C9B-4D4C-803F-2BB6C0D22966}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe FirewallRules: [{956CEC33-57A0-4ED1-9491-06EE748AE28F}] => (Allow) C:\Users\benjamka\AppData\Local\Apps\2.0\422DB9VB.QPA\KCW72ZC9.DW9\frit..tion_1acae14e4778b8d2_0002.0003_7c9366a34786c7f9\fritzbox-usb-fernanschluss.exe FirewallRules: [{90692234-AB12-4938-BB19-B05AD3C4398D}] => (Allow) C:\Users\benjamka\AppData\Local\Apps\2.0\422DB9VB.QPA\KCW72ZC9.DW9\frit..tion_1acae14e4778b8d2_0002.0003_7c9366a34786c7f9\fritzbox-usb-fernanschluss.exe FirewallRules: [{653789C9-2244-4292-B8D5-ECCC7F39ED2C}] => (Allow) C:\Users\benjamka\AppData\Local\Apps\2.0\422DB9VB.QPA\KCW72ZC9.DW9\frit..tion_1acae14e4778b8d2_0002.0003_7c9366a34786c7f9\fritzbox-usb-fernanschluss.exe FirewallRules: [{8A8A586E-BBFD-49C2-921B-70552DBA4505}] => (Allow) C:\Users\benjamka\AppData\Local\Apps\2.0\422DB9VB.QPA\KCW72ZC9.DW9\frit..tion_1acae14e4778b8d2_0002.0003_7c9366a34786c7f9\fritzbox-usb-fernanschluss.exe FirewallRules: [TCP Query User{7D2883FE-1DE7-4647-AB3F-CC614D0D1BCE}C:\program files (x86)\netgear\netgear powerline utility\namepipeserver.exe] => (Allow) C:\program files (x86)\netgear\netgear powerline utility\namepipeserver.exe FirewallRules: [UDP Query User{43964E8F-4E80-426D-A03B-B027ADA07193}C:\program files (x86)\netgear\netgear powerline utility\namepipeserver.exe] => (Allow) C:\program files (x86)\netgear\netgear powerline utility\namepipeserver.exe FirewallRules: [{85EEB40F-87B1-4E2C-BE65-FF46E1E96359}] => (Allow) C:\Program Files (x86)\NETGEAR\USB Media Extender\Control Center.exe FirewallRules: [{5A69410F-94CE-4A98-B9A9-5520C598DECE}] => (Allow) C:\Program Files (x86)\NETGEAR\USB Media Extender\Control Center.exe FirewallRules: [{A37CA65D-E391-4E7C-B7F2-AA1616B3C220}] => (Allow) LPort=7423 FirewallRules: [TCP Query User{1DE2F863-C392-43BF-8DB8-77CEC9E588E1}C:\program files (x86)\netgear\usb media extender\control center.exe] => (Allow) C:\program files (x86)\netgear\usb media extender\control center.exe FirewallRules: [UDP Query User{7B49CC51-7112-4674-B482-AD99D8E9929D}C:\program files (x86)\netgear\usb media extender\control center.exe] => (Allow) C:\program files (x86)\netgear\usb media extender\control center.exe FirewallRules: [{435E377B-2111-4A5E-8FDB-C415E3C62290}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Counter-Strike Source\hl2.exe FirewallRules: [{D30E6E9E-54FC-4B72-8D94-8E293F34C409}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Counter-Strike Source\hl2.exe FirewallRules: [{0CBA0D94-61A8-411A-8370-42C359239AD3}] => (Allow) C:\Users\benjamka\AppData\Local\Apps\2.0\422DB9VB.QPA\KCW72ZC9.DW9\frit..tion_1acae14e4778b8d2_0002.0003_6dcb4a48ddb2ee39\fritzbox-usb-fernanschluss.exe FirewallRules: [{C6678117-7A35-4AE5-A677-8433A92E88A2}] => (Allow) C:\Users\benjamka\AppData\Local\Apps\2.0\422DB9VB.QPA\KCW72ZC9.DW9\frit..tion_1acae14e4778b8d2_0002.0003_6dcb4a48ddb2ee39\fritzbox-usb-fernanschluss.exe FirewallRules: [TCP Query User{8D8DCD9C-5994-4CBC-90D2-FDD63A2A4A80}C:\program files (x86)\myphoneexplorer\myphoneexplorer.exe] => (Allow) C:\program files (x86)\myphoneexplorer\myphoneexplorer.exe FirewallRules: [UDP Query User{B27ED4E2-B59D-486A-8526-719F80E23CAC}C:\program files (x86)\myphoneexplorer\myphoneexplorer.exe] => (Allow) C:\program files (x86)\myphoneexplorer\myphoneexplorer.exe FirewallRules: [TCP Query User{8AA0389B-D88D-4258-BB47-869BBFF7F547}C:\program files (x86)\myphoneexplorer\myphoneexplorer.exe] => (Allow) C:\program files (x86)\myphoneexplorer\myphoneexplorer.exe FirewallRules: [UDP Query User{7CB416AF-ECBC-4AC7-99ED-F6369D7FE7DD}C:\program files (x86)\myphoneexplorer\myphoneexplorer.exe] => (Allow) C:\program files (x86)\myphoneexplorer\myphoneexplorer.exe FirewallRules: [{ED0A0AE5-9288-4F8C-90C2-58E91CC48307}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe FirewallRules: [{A70AB663-1A21-41F4-A0EF-6408C418ED3C}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe FirewallRules: [{2AE23FEB-2DB7-49EB-ADBC-06026A976947}] => (Allow) C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe FirewallRules: [{20843831-991E-4452-B606-916DF6A2C163}] => (Allow) C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe FirewallRules: [{D614FBCD-8932-4A15-AFD6-145F2D7F5622}] => (Allow) C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe FirewallRules: [{C7087D5D-CFDC-42AF-8B42-9123E6A48EE1}] => (Allow) C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe FirewallRules: [{4FDC107C-92E7-481D-ADA7-4E9688AC5B3D}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe FirewallRules: [{2A802569-8847-4BAD-B985-A1259E64E879}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe FirewallRules: [TCP Query User{6798A8E8-1689-49AC-A3CB-45C5A2B4D8DF}C:\program files (x86)\xmind\xmind.exe] => (Block) C:\program files (x86)\xmind\xmind.exe FirewallRules: [UDP Query User{42E56A99-7257-4A61-9409-735A688E1E5D}C:\program files (x86)\xmind\xmind.exe] => (Block) C:\program files (x86)\xmind\xmind.exe FirewallRules: [{086C1F9A-EAF8-433A-9EB6-38835A5D6F9B}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe FirewallRules: [{B39F605D-7624-4FC1-96E0-56CFF1B7A75A}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe FirewallRules: [{42024F60-7C4C-49F5-9100-53A5BD952780}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe FirewallRules: [{63C4A8D5-AE82-4CED-AF04-D1CE54DEEA4E}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe FirewallRules: [TCP Query User{9343847B-823D-406E-8EF0-DDA067BABE4C}C:\program files (x86)\mozilla firefox\firefox.exe] => (Allow) C:\program files (x86)\mozilla firefox\firefox.exe FirewallRules: [UDP Query User{703F3735-EB12-4AE9-91C5-861A603A739C}C:\program files (x86)\mozilla firefox\firefox.exe] => (Allow) C:\program files (x86)\mozilla firefox\firefox.exe FirewallRules: [TCP Query User{3D4E75DF-1E7F-4FF5-B7AF-58EA8A4FF3BC}C:\program files (x86)\xmind\xmind.exe] => (Allow) C:\program files (x86)\xmind\xmind.exe FirewallRules: [UDP Query User{730F680A-9F93-496B-BBDD-45DCC5B737D8}C:\program files (x86)\xmind\xmind.exe] => (Allow) C:\program files (x86)\xmind\xmind.exe FirewallRules: [{F108CA64-DB8D-461D-A2F1-F046D0E34A4E}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hposid01.exe FirewallRules: [{01665006-C410-4A51-825C-8EE9584EEF2E}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqkygrp.exe FirewallRules: [{6E21E433-8E73-4352-9706-8038C7C56DE0}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpfccopy.exe FirewallRules: [{A755771B-BB5C-4B92-A3C0-1961F9297838}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpoews01.exe FirewallRules: [{0224646B-7B76-447A-90B1-FA9BD06733F3}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpiscnapp.exe FirewallRules: [{B27425B9-2E2A-4DC5-986A-62190D84B0A7}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe FirewallRules: [{C42DF63F-84E3-48BC-A5F8-1BCF05462D8E}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqste08.exe FirewallRules: [{B4C011C8-3310-4180-A289-BB6EC225906F}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpofxm08.exe FirewallRules: [{E01EFA1A-E680-47EC-B4A4-42E8843BFBAF}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hposfx08.exe FirewallRules: [{AC0BC2B0-49C4-4F97-B52B-DBDBCEA42266}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpzwiz01.exe FirewallRules: [{3B8611BD-2B58-4688-BC26-894590614A06}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpofxs08.exe FirewallRules: [{D3C91DD3-D003-44E7-8CD2-F784E934685A}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqfxt08.exe FirewallRules: [{8EDA2C51-9765-42B4-A010-35A7DE6AEA20}] => (Allow) C:\Program Files (x86)\HP\hp software update\hpwucli.exe FirewallRules: [{92404291-EDF3-4B0D-9FC8-C6C00487F9AA}] => (Allow) C:\Program Files (x86)\HP\digital imaging\smart web printing\smartwebprintexe.exe FirewallRules: [{45C1BA4C-B108-4C7A-AA32-343A321A483E}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe FirewallRules: [{2C4083D5-3893-4DE7-883E-2CA61B6A02CF}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe ==================== Wiederherstellungspunkte ========================= ==================== Fehlerhafte Geräte im Gerätemanager ============= Name: Officejet 4500 G510n-z Description: Officejet 4500 G510n-z Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318} Manufacturer: HP Service: Problem: : This device is disabled. (Code 22) Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions. Name: TeamViewer VPN Adapter Description: TeamViewer VPN Adapter Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318} Manufacturer: TeamViewer GmbH Service: teamviewervpn Problem: : This device is disabled. (Code 22) Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions. Name: SBRE Description: SBRE Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1} Manufacturer: Service: SBRE Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24) Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed. Devices stay in this state if they have been prepared for removal. After you remove the device, this error disappears.Remove the device, and this error should be resolved. Name: Officejet 4500 G510n-z Description: Officejet 4500 G510n-z Class Guid: {6bdd1fc6-810f-11d0-bec7-08002be2092f} Manufacturer: HP Service: StillCam Problem: : This device is disabled. (Code 22) Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions. ==================== Fehlereinträge in der Ereignisanzeige: ========================= Applikationsfehler: ================== Error: (01/25/2016 06:21:17 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledSPRetry 1326 Error: (01/25/2016 06:21:17 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledEvent 1326 Error: (01/25/2016 06:21:17 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: Continuously busy for more than a second Error: (01/25/2016 04:28:55 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (01/25/2016 04:23:52 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (01/25/2016 12:22:38 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (01/25/2016 02:34:23 AM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledSPRetry 4602 Error: (01/25/2016 02:34:23 AM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledEvent 4602 Error: (01/25/2016 02:34:23 AM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: Continuously busy for more than a second Error: (01/25/2016 02:34:21 AM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledSPRetry 3432 Systemfehler: ============= Error: (01/25/2016 04:27:15 PM) (Source: Service Control Manager) (EventID: 7026) (User: ) Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen: SBRE Error: (01/25/2016 04:27:09 PM) (Source: volsnap) (EventID: 36) (User: ) Description: Die Schattenkopien von Volume "C:" wurden abgebrochen, weil der Schattenkopiespeicher nicht auf ein benutzerdefiniertes Limit vergrößert werden konnte. Error: (01/25/2016 04:24:22 PM) (Source: Disk) (EventID: 11) (User: ) Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden. Error: (01/25/2016 04:23:53 PM) (Source: Service Control Manager) (EventID: 7026) (User: ) Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen: SBRE Error: (01/25/2016 12:22:48 PM) (Source: Service Control Manager) (EventID: 7026) (User: ) Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen: SBRE Error: (01/25/2016 12:43:54 AM) (Source: volsnap) (EventID: 36) (User: ) Description: Die Schattenkopien von Volume "C:" wurden abgebrochen, weil der Schattenkopiespeicher nicht auf ein benutzerdefiniertes Limit vergrößert werden konnte. Error: (01/24/2016 11:00:13 PM) (Source: Service Control Manager) (EventID: 7026) (User: ) Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen: SBRE Error: (01/24/2016 03:39:05 PM) (Source: Service Control Manager) (EventID: 7026) (User: ) Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen: SBRE Error: (01/24/2016 03:09:27 PM) (Source: Service Control Manager) (EventID: 7026) (User: ) Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen: SBRE Error: (01/23/2016 03:32:34 PM) (Source: Service Control Manager) (EventID: 7026) (User: ) Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen: SBRE CodeIntegrity: =================================== Date: 2013-11-30 00:45:47.691 Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\SysWOW64\drivers\NetgearUDSMBus.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert. Date: 2013-11-30 00:45:47.629 Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\SysWOW64\drivers\NetgearUDSMBus.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert. Date: 2013-11-30 00:45:47.520 Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\SysWOW64\drivers\NetgearUDSMBus.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert. Date: 2013-11-30 00:45:47.457 Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\SysWOW64\drivers\NetgearUDSMBus.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert. Date: 2013-11-29 23:58:18.780 Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\SysWOW64\drivers\NetgearUDSMBus.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert. Date: 2013-11-29 23:58:18.702 Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\SysWOW64\drivers\NetgearUDSMBus.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert. Date: 2013-11-29 23:58:18.624 Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\SysWOW64\drivers\NetgearUDSMBus.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert. Date: 2013-11-29 23:58:18.562 Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\SysWOW64\drivers\NetgearUDSMBus.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert. ==================== Speicherinformationen =========================== Prozessor: Intel(R) Core(TM) i5-2410M CPU @ 2.30GHz Prozentuale Nutzung des RAM: 42% Installierter physikalischer RAM: 8165.43 MB Verfügbarer physikalischer RAM: 4730.24 MB Summe virtueller Speicher: 11192.48 MB Verfügbarer virtueller Speicher: 7608.12 MB ==================== Laufwerke ================================ Drive c: (System) (Fixed) (Total:103.23 GB) (Free:2.95 GB) NTFS ==>[System mit Startkomponenten (eingeholt von Laufwerk)] Drive e: () (Removable) (Total:29.02 GB) (Free:22.25 GB) FAT32 Drive k: (Bunker) (Fixed) (Total:931.51 GB) (Free:137.68 GB) NTFS ==================== MBR & Partitionstabelle ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 119.2 GB) (Disk ID: 749600A5) Partition 1: (Active) - (Size=1.5 GB) - (Type=27) Partition 2: (Not Active) - (Size=103.2 GB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=14.5 GB) - (Type=17) ======================================================== Disk: 1 (MBR Code: Windows XP) (Size: 931.5 GB) (Disk ID: FEB4A2EE) Partition 1: (Not Active) - (Size=931.5 GB) - (Type=07 NTFS) ======================================================== Disk: 2 (Size: 29 GB) (Disk ID: 00000000) Partition: GPT. ==================== Ende von Addition.txt ============================ |
25.01.2016, 22:10 | #27 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Adware ADWARE/AddLyrics.Gen... / Mind. sechs Viren gefunden FRST-Fix Virenscanner jetzt bitte komplett deaktivieren, damit sichergestellt ist, dass der Fix sauber durchläuft! Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster. Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument Code:
ATTFilter Task: {3BC1310F-6262-42B9-AB22-8764714495F3} - \Lyrics Seeker Update -> Keine Datei <==== ACHTUNG HKLM\...\Run: [] => [X] HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Beschränkung <======= ACHTUNG emptytemp: Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
__________________ Logfiles bitte immer in CODE-Tags posten |
26.01.2016, 05:45 | #28 |
| Adware ADWARE/AddLyrics.Gen... / Mind. sechs Viren gefunden Done. Code:
ATTFilter Entferungsergebnis von Farbar Recovery Scan Tool (x64) Version:18-01-2016 durchgeführt von benjamka (2016-01-26 05:40:25) Run:1 Gestartet von C:\Users\benjamka\Downloads Geladene Profile: benjamka (Verfügbare Profile: benjamka & BBK 64 & Hombre & Gast) Start-Modus: Normal ============================================== fixlist Inhalt: ***************** Task: {3BC1310F-6262-42B9-AB22-8764714495F3} - \Lyrics Seeker Update -> Keine Datei <==== ACHTUNG HKLM\...\Run: [] => [X] HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Beschränkung <======= ACHTUNG emptytemp: ***************** "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{3BC1310F-6262-42B9-AB22-8764714495F3}" => Schlüssel erfolgreich entfernt "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3BC1310F-6262-42B9-AB22-8764714495F3}" => Schlüssel erfolgreich entfernt HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Lyrics Seeker Update => Schlüssel nicht gefunden. HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\ => Wert erfolgreich entfernt "HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer" => Schlüssel erfolgreich entfernt EmptyTemp: => 1.2 GB temporäre Dateien entfernt. Das System musste neu gestartet werden. ==== Ende von Fixlog 05:40:47 ==== |
26.01.2016, 09:02 | #29 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Adware ADWARE/AddLyrics.Gen... / Mind. sechs Viren gefunden Adware/Junkware/Toolbars entfernen Alte Versionen von adwCleaner und falls vorhanden JRT vorher löschen, danach neu runterladen auf den Desktop! Virenscanner jetzt vor dem Einsatz dieser Tools bitte komplett deaktivieren! 1. Schritt: adwCleaner Downloade Dir bitte AdwCleaner auf deinen Desktop.
2. Schritt: JRT - Junkware Removal Tool Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
3. Schritt: Frisches Log mit FRST Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST 32-Bit | FRST 64-Bit (Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
__________________ Logfiles bitte immer in CODE-Tags posten |
26.01.2016, 12:29 | #30 |
| Adware ADWARE/AddLyrics.Gen... / Mind. sechs Viren gefunden Geschafft. Hier das Log von ADWCLeaner: Code:
ATTFilter # AdwCleaner v5.031 - Bericht erstellt am 26/01/2016 um 12:08:26 # Aktualisiert am 25/01/2016 von Xplode # Datenbank : 2016-01-25.3 [Server] # Betriebssystem : Windows 7 Home Premium Service Pack 1 (x64) # Benutzername : benjamka - BBKLAPTOP # Gestartet von : C:\Users\benjamka\Desktop\adwcleaner_5.031.exe # Option : Löschen # Unterstützung : hxxp://toolslib.net/forum ***** [ Dienste ] ***** ***** [ Ordner ] ***** ***** [ Dateien ] ***** [-] Datei Gelöscht : C:\searchplugins\bing-lavasoft.xml [-] Datei Gelöscht : C:\Users\benjamka\AppData\Roaming\Mozilla\Firefox\Profiles\2sdewnmb.Bene\searchplugins\bing-lavasoft.xml [-] Datei Gelöscht : C:\windows\SysWOW64\lavasofttcpservice.dll ***** [ DLLs ] ***** ***** [ Verknüpfungen ] ***** ***** [ Aufgabenplanung ] ***** ***** [ Registrierungsdatenbank ] ***** ***** [ Internetbrowser ] ***** [-] [C:\Users\benjamka\AppData\Roaming\Mozilla\Firefox\Profiles\2sdewnmb.Bene\prefs.js] [Preference] Gelöscht : user_pref("browser.newtab.url", "hxxp://www.bing.com/?pc=COSP&ptag=D011916-AD42D1DB7E9&form=CONMHP&conlogo=CT3334497"); ************************* :: "Tracing" Schlüssel gelöscht :: Proxy Einstellungen zurückgesetzt :: Winsock Einstellungen zurückgesetzt :: Chrome Richtlinien gelöscht ########## EOF - C:\AdwCleaner\AdwCleaner[C3].txt - [1312 Bytes] ########## Code:
ATTFilter ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Junkware Removal Tool (JRT) by Malwarebytes Version: 8.0.2 (01.06.2016) Operating System: Windows 7 Home Premium x64 Ran by benjamka (Administrator) on 26.01.2016 at 12:14:26,98 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ File System: 9 Successfully deleted: C:\Users\benjamka\AppData\Local\{4B03B0CB-C65A-461D-A38F-B90BA0EFC948} (Empty Folder) Successfully deleted: C:\Users\benjamka\AppData\Local\{79E17A30-7A77-4D3F-857E-AA359A3E195A} (Empty Folder) Successfully deleted: C:\Users\benjamka\AppData\Local\{7D02B031-6CBD-4AB0-BDB7-EB65182D8C41} (Empty Folder) Successfully deleted: C:\Users\benjamka\AppData\Roaming\pdfforge (Folder) Successfully deleted: C:\windows\wininit.ini (File) Successfully deleted: C:\Users\benjamka\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\14N1UE2G (Folder) Successfully deleted: C:\Users\benjamka\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2BIU8LLU (Folder) Successfully deleted: C:\Users\benjamka\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FW6CMDGN (Folder) Successfully deleted: C:\Users\benjamka\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\IOQ7OUGS (Folder) Registry: 2 Successfully deleted: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{61A6F76C-F0EE-4F58-A7A4-EA3E809AAAE4} (Registry Key) Successfully deleted: HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3A2D5EBA-F86D-4BD3-A177-019765996711} (Registry Key) ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Scan was completed on 26.01.2016 at 12:16:57,46 End of JRT log ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Code:
ATTFilter Untersuchungsergebnis von Farbar Recovery Scan Tool (FRST) (x64) Version:18-01-2016 durchgeführt von benjamka (Administrator) auf BBKLAPTOP (26-01-2016 12:20:51) Gestartet von C:\Users\benjamka\Downloads Geladene Profile: benjamka (Verfügbare Profile: benjamka & BBK 64 & Hombre & Gast) Platform: Windows 7 Home Premium Service Pack 1 (X64) Sprache: Deutsch (Deutschland) Internet Explorer Version 11 (Standard-Browser: FF) Start-Modus: Normal Anleitung für Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Prozesse (Nicht auf der Ausnahmeliste) ================= (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Prozess geschlossen. Die Datei wird nicht verschoben.) (AMD) C:\Windows\System32\atiesrxx.exe (Microsoft Corporation) C:\Windows\System32\wlanext.exe (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe (Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe () C:\Program Files (x86)\NETGEAR\USB Media Extender\SetQos.exe (pdfforge GbR) C:\Program Files (x86)\PDF Architect\HelperService.exe (pdfforge GbR) C:\Program Files (x86)\PDF Architect\ConversionService.exe () C:\Windows\SysWOW64\PnkBstrA.exe () C:\Program Files (x86)\Second Copy 8\SCVSSSvc.exe () C:\Program Files (x86)\Synology Data Replicator 3\SynoDrServicex64.exe (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe (TOSHIBA Corporation) C:\Windows\System32\TODDSrv.exe (TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (WIBU-SYSTEMS AG) C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe (TOSHIBA Corporation) C:\Program Files\TOSHIBA\TECO\TecoService.exe (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE (TOSHIBA Corporation) C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe (Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe (Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\hidfind.exe (TOSHIBA CORPORATION) C:\Program Files (x86)\TOSHIBA\Bluetooth Toshiba Stack\TosBtSrv.exe (Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe (TOSHIBA CORPORATION) C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe (TOSHIBA CORPORATION) C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe (Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe (Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe ==================== Registry (Nicht auf der Ausnahmeliste) =========================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt. Die Datei wird nicht verschoben.) HKLM\...\Run: [TDLPowerCtrl] => C:\Program Files\TOSHIBA\TOSHIBA Intelligent Display Management\TDLPowerCtrl.exe [498120 2011-01-24] (TOSHIBA Corporation) HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11775592 2011-01-19] (Realtek Semiconductor) HKLM\...\Run: [Apoint] => C:\Program Files\Apoint2K\Apoint.exe [328048 2011-01-21] (Alps Electric Co., Ltd.) HKLM\...\Run: [TPwrMain] => C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXE [566696 2011-03-02] (TOSHIBA Corporation) HKLM\...\Run: [HSON] => C:\Program Files\TOSHIBA\TBS\HSON.exe [296824 2010-09-25] (TOSHIBA Corporation) HKLM\...\Run: [TCrdMain] => C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe [967544 2011-03-09] (TOSHIBA Corporation) HKLM\...\Run: [TosSENotify] => C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe [710040 2010-12-08] (TOSHIBA Corporation) HKLM\...\Run: [TosVolRegulator] => C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe [24376 2009-11-11] (TOSHIBA Corporation) HKLM\...\Run: [TosNC] => C:\Program Files\Toshiba\BulletinBoard\TosNcCore.exe [597928 2011-03-03] (TOSHIBA Corporation) HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [472984 2013-06-03] (Adobe Systems Incorporated) HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe [40336 2015-09-24] (Adobe Systems Incorporated) HKLM-x32\...\Run: [TWebCamera] => C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe [2475384 2011-01-17] (TOSHIBA CORPORATION.) HKLM-x32\...\Run: [TNRotate] => C:\Program Files (x86)\TOSHIBA\TNRotate\TNRotate.exe [607688 2010-11-25] (TOSHIBA Corporation) HKLM-x32\...\Run: [TSleepSrv] => C:\Program Files (x86)\TOSHIBA\TOSHIBA Sleep Utility\TSleepSrv.exe [252792 2010-06-05] (TOSHIBA) HKLM-x32\...\Run: [TSUScheduler] => C:\Program Files (x86)\TOSHIBA\Sync Utility\TosSyncScheduler.exe [923000 2010-05-11] (TOSHIBA Corporation) HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office 2007\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation) HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2012-04-18] (Apple Inc.) HKLM-x32\...\Run: [Netgear UDS Control Center] => C:\Program Files (x86)\NETGEAR\USB Media Extender\Control Center.exe [22641664 2012-06-25] () HKLM-x32\...\Run: [PDFPrint] => C:\Program Files (x86)\PDF24\pdf24.exe [217632 2015-07-21] (Geek Software GmbH) HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard) HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\amd64\CLIStart.exe [767176 2015-08-04] (Advanced Micro Devices, Inc.) HKU\S-1-5-19\...\Run: [TOPI.EXE] => C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe [845176 2011-02-18] (TOSHIBA) HKU\S-1-5-20\...\Run: [TOPI.EXE] => C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe [845176 2011-02-18] (TOSHIBA) HKU\S-1-5-21-50433080-710429258-2441499552-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [7394584 2014-12-12] (Piriform Ltd) HKU\S-1-5-21-50433080-710429258-2441499552-1000\...\Run: [Dropbox Update] => C:\Users\benjamka\AppData\Local\Dropbox\Update\DropboxUpdate.exe [134512 2015-06-16] (Dropbox, Inc.) HKU\S-1-5-21-50433080-710429258-2441499552-1000\...\Run: [SpybotPostWindows10UpgradeReInstall] => C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe [1011200 2015-07-28] (Safer-Networking Ltd.) HKU\S-1-5-21-50433080-710429258-2441499552-1000\...\Run: [ownCloud] => C:\Program Files (x86)\ownCloud\owncloud.exe [1890830 2015-12-03] () HKU\S-1-5-18\...\Run: [TOPI.EXE] => C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe [845176 2011-02-18] (TOSHIBA) ShellIconOverlayIdentifiers: [ OCError] -> {0960F090-F328-48A3-B746-276B1E3C3722} => C:\Program Files (x86)\ownCloud\shellext\OCOverlays_x64.dll [2015-06-19] (ownCloud Inc.) ShellIconOverlayIdentifiers: [ OCErrorShared] -> {0960F091-F328-48A3-B746-276B1E3C3722} => C:\Program Files (x86)\ownCloud\shellext\OCOverlays_x64.dll [2015-06-19] (ownCloud Inc.) ShellIconOverlayIdentifiers: [ OCOK] -> {0960F092-F328-48A3-B746-276B1E3C3722} => C:\Program Files (x86)\ownCloud\shellext\OCOverlays_x64.dll [2015-06-19] (ownCloud Inc.) ShellIconOverlayIdentifiers: [ OCOKShared] -> {0960F093-F328-48A3-B746-276B1E3C3722} => C:\Program Files (x86)\ownCloud\shellext\OCOverlays_x64.dll [2015-06-19] (ownCloud Inc.) ShellIconOverlayIdentifiers: [ OCSync] -> {0960F094-F328-48A3-B746-276B1E3C3722} => C:\Program Files (x86)\ownCloud\shellext\OCOverlays_x64.dll [2015-06-19] (ownCloud Inc.) ShellIconOverlayIdentifiers: [ OCSyncShared] -> {0960F095-F328-48A3-B746-276B1E3C3722} => C:\Program Files (x86)\ownCloud\shellext\OCOverlays_x64.dll [2015-06-19] (ownCloud Inc.) ShellIconOverlayIdentifiers: [ OCWarning] -> {0960F096-F328-48A3-B746-276B1E3C3722} => C:\Program Files (x86)\ownCloud\shellext\OCOverlays_x64.dll [2015-06-19] (ownCloud Inc.) ShellIconOverlayIdentifiers: [ OCWarningShared] -> {0960F097-F328-48A3-B746-276B1E3C3722} => C:\Program Files (x86)\ownCloud\shellext\OCOverlays_x64.dll [2015-06-19] (ownCloud Inc.) ShellIconOverlayIdentifiers: [01UnsuppModule] -> {AEB16659-2125-4ADA-A4AB-45EE21E86469} => C:\Users\benjamka\AppData\Local\CloudStation\app\icon-overlay\10\x64\iconOverlay.dll [2015-01-07] (TODO: <Company name>) ShellIconOverlayIdentifiers: [02SyncingModule] -> {48AB5ADA-36B1-4137-99C9-2BD97F8788AB} => C:\Users\benjamka\AppData\Local\CloudStation\app\icon-overlay\10\x64\iconOverlay.dll [2015-01-07] (TODO: <Company name>) ShellIconOverlayIdentifiers: [03SyncedModule] -> {472CE1AD-5D53-4BCF-A1FB-3982A5F55138} => C:\Users\benjamka\AppData\Local\CloudStation\app\icon-overlay\10\x64\iconOverlay.dll [2015-01-07] (TODO: <Company name>) ShellIconOverlayIdentifiers: [04ReadOnlyModule] -> {A433C3E0-8B24-40EB-93C3-4B10D9959F58} => C:\Users\benjamka\AppData\Local\CloudStation\app\icon-overlay\10\x64\iconOverlay.dll [2015-01-07] (TODO: <Company name>) ShellIconOverlayIdentifiers: [05NoPermModule] -> {C701AD67-3DF0-47C9-89CB-DFA6207BE229} => C:\Users\benjamka\AppData\Local\CloudStation\app\icon-overlay\10\x64\iconOverlay.dll [2015-01-07] (TODO: <Company name>) ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\benjamka\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll [2015-12-08] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\benjamka\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll [2015-12-08] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\benjamka\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll [2015-12-08] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\benjamka\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll [2015-12-08] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\benjamka\AppData\Roaming\Dropbox\bin\DropboxExt.28.dll [2015-12-08] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\benjamka\AppData\Roaming\Dropbox\bin\DropboxExt.28.dll [2015-12-08] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\benjamka\AppData\Roaming\Dropbox\bin\DropboxExt.28.dll [2015-12-08] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [Groove Explorer Icon Overlay 1 (GFS Unread Stub)] -> {99FD978C-D287-4F50-827F-B2C658EDA8E7} => C:\Program Files (x86)\Microsoft Office 2007\Office12\GrooveShellExtensions.dll [2009-02-26] (Microsoft Corporation) ShellIconOverlayIdentifiers-x32: [Groove Explorer Icon Overlay 2 (GFS Stub)] -> {AB5C5600-7E6E-4B06-9197-9ECEF74D31CC} => C:\Program Files (x86)\Microsoft Office 2007\Office12\GrooveShellExtensions.dll [2009-02-26] (Microsoft Corporation) ShellIconOverlayIdentifiers-x32: [Groove Explorer Icon Overlay 2.5 (GFS Unread Folder)] -> {920E6DB1-9907-4370-B3A0-BAFC03D81399} => C:\Program Files (x86)\Microsoft Office 2007\Office12\GrooveShellExtensions.dll [2009-02-26] (Microsoft Corporation) ShellIconOverlayIdentifiers-x32: [Groove Explorer Icon Overlay 3 (GFS Folder)] -> {16F3DD56-1AF5-4347-846D-7C10C4192619} => C:\Program Files (x86)\Microsoft Office 2007\Office12\GrooveShellExtensions.dll [2009-02-26] (Microsoft Corporation) ShellIconOverlayIdentifiers-x32: [Groove Explorer Icon Overlay 4 (GFS Unread Mark)] -> {2916C86E-86A6-43FE-8112-43ABE6BF8DCC} => C:\Program Files (x86)\Microsoft Office 2007\Office12\GrooveShellExtensions.dll [2009-02-26] (Microsoft Corporation) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk [2012-02-02] ShortcutTarget: Adobe Gamma Loader.lnk -> C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth Manager.lnk [2015-11-06] ShortcutTarget: Bluetooth Manager.lnk -> C:\Program Files (x86)\TOSHIBA\Bluetooth Toshiba Stack\TosBtMng.exe (TOSHIBA CORPORATION.) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk [2015-08-09] ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\ImageBrowser EX Agent.lnk [2013-12-29] ShortcutTarget: ImageBrowser EX Agent.lnk -> C:\Program Files (x86)\Canon\ImageBrowser EX\MFManager.exe () Startup: C:\Users\BBK 64\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk [2011-08-13] ShortcutTarget: TRDCReminder.lnk -> C:\Program Files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe) Startup: C:\Users\benjamka\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2015-12-11] ShortcutTarget: Dropbox.lnk -> C:\Users\benjamka\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) Startup: C:\Users\benjamka\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk [2012-02-19] ShortcutTarget: OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk -> C:\Program Files (x86)\Microsoft Office 2007\Office12\ONENOTEM.EXE (Microsoft Corporation) Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk [2011-08-13] ShortcutTarget: TRDCReminder.lnk -> C:\Program Files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe) Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk [2011-08-13] ShortcutTarget: TRDCReminder.lnk -> C:\Program Files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe) Startup: C:\Users\Gast\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk [2011-08-13] ShortcutTarget: TRDCReminder.lnk -> C:\Program Files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe) Startup: C:\Users\Hombre\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk [2011-08-13] ShortcutTarget: TRDCReminder.lnk -> C:\Program Files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe) BootExecute: autocheck autochk * sdnclean64.exe ==================== Internet (Nicht auf der Ausnahmeliste) ==================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Eintrag entfernt oder auf den Standardwert zurückgesetzt, wenn es sich um einen Registryeintrag handelt.) Tcpip\Parameters: [DhcpNameServer] 192.168.178.1 Tcpip\..\Interfaces\{6F3EF3E1-6473-4698-9280-C471DE069571}: [DhcpNameServer] 192.168.178.1 Tcpip\..\Interfaces\{EF8C008F-760B-40DB-AA0D-C662DC07F9EF}: [DhcpNameServer] 192.168.178.1 Internet Explorer: ================== HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://search.avira.net/#web/result?source=art&q= HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxps://search.avira.net/#web/result?source=art&q= HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxps://search.avira.net/#web/result?source=art&q= HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxps://search.avira.net/#web/result?source=art&q= HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxps://search.avira.net/#web/result?source=art&q= HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxps://search.avira.net/#web/result?source=art&q= HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxps://search.avira.net/#web/result?source=art&q= HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxps://search.avira.net/#web/result?source=art&q= HKU\S-1-5-21-50433080-710429258-2441499552-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://search.avira.net/#web/result?source=art&q= HKU\S-1-5-21-50433080-710429258-2441499552-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxps://search.avira.net/#web/result?source=art&q= HKU\S-1-5-21-50433080-710429258-2441499552-1000\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://toshiba.eu/places?touch=4&cat=1 HKU\S-1-5-21-50433080-710429258-2441499552-1000\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxps://search.avira.net/#web/result?source=art&q= SearchScopes: HKLM -> DefaultScope {61A6F76C-F0EE-4F58-A7A4-EA3E809AAAE4} URL = hxxp://www.bing.com/search?q={searchTerms}&form=TSHMDF&pc=MATM&src=IE-SearchBox SearchScopes: HKLM -> {61A6F76C-F0EE-4F58-A7A4-EA3E809AAAE4} URL = hxxp://www.bing.com/search?q={searchTerms}&form=TSHMDF&pc=MATM&src=IE-SearchBox SearchScopes: HKLM-x32 -> DefaultScope Wert fehlt SearchScopes: HKLM-x32 -> {61A6F76C-F0EE-4F58-A7A4-EA3E809AAAE4} URL = hxxp://www.bing.com/search?q={searchTerms}&form=TSHMDF&pc=MATM&src=IE-SearchBox SearchScopes: HKU\S-1-5-21-50433080-710429258-2441499552-1000 -> DefaultScope {61A6F76C-F0EE-4F58-A7A4-EA3E809AAAE4} URL = SearchScopes: HKU\S-1-5-21-50433080-710429258-2441499552-1000 -> {29AA9FFF-B981-40A6-8F74-F02CAD29809D} URL = hxxp://rover.ebay.com/rover/1/707-44556-9400-9/4?satitle={searchTerms} SearchScopes: HKU\S-1-5-21-50433080-710429258-2441499552-1000 -> {895F93D1-22C5-4CCF-8735-43F9FF5FBF91} URL = hxxp://www.amazon.de/gp/search?ie=UTF8&keywords={searchTerms}&tag=tochibade-win7-ie-search-21&index=blended&linkCode=ur2 BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_31\bin\ssv.dll [2015-01-28] (Oracle Corporation) BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.) BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_31\bin\jp2ssv.dll [2015-01-28] (Oracle Corporation) BHO-x32: HP Print Enhancer -> {0347C33E-8762-4905-BF09-768834316C61} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll [2009-05-21] (Hewlett-Packard Co.) BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office 2007\Office12\GrooveShellExtensions.dll [2009-02-26] (Microsoft Corporation) BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.) BHO-x32: TOSHIBA Media Controller Plug-in -> {F3C88694-EFFA-4d78-B409-54B7B2535B14} -> C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll [2010-12-05] (<TOSHIBA>) BHO-x32: HP Smart BHO Class -> {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll [2009-05-21] (Hewlett-Packard Co.) DPF: HKLM-x32 {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} Handler-x32: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office 2007\Office12\GrooveSystemServices.dll [2009-02-26] (Microsoft Corporation) Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2012-01-17] (Skype Technologies S.A.) Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2014-05-02] (Skype Technologies) FireFox: ======== FF ProfilePath: C:\Users\benjamka\AppData\Roaming\Mozilla\Firefox\Profiles\2sdewnmb.Bene FF SelectedSearchEngine: Bing® FF Homepage: www.google.de FF Session Restore: -> ist aktiviert. FF NetworkProxy: "type", 0 FF Plugin: @adobe.com/FlashPlayer -> C:\windows\system32\Macromed\Flash\NPSWF64_20_0_0_286.dll [2016-01-19] () FF Plugin: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll [2015-01-28] (Oracle Corporation) FF Plugin: @java.com/JavaPlugin -> C:\Program Files\Java\jre1.8.0_31\bin\new_plugin\npjp2.dll [Keine Datei] FF Plugin: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files\Java\jre1.8.0_31\bin\plugin2\npjp2.dll [2015-01-28] (Oracle Corporation) FF Plugin: @microsoft.com/GENUINE -> disabled [Keine Datei] FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-11] ( Microsoft Corporation) FF Plugin-x32: @adobe.com/FlashPlayer -> C:\windows\SysWOW64\Macromed\Flash\NPSWF32_20_0_0_286.dll [2016-01-19] () FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2012-04-05] () FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf -> C:\PROGRAM FILES (X86)\FOXIT SOFTWARE\FOXIT READER\plugins\npFoxitReaderPlugin.dll [2015-02-11] (Foxit Corporation) FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:\PROGRAM FILES (X86)\FOXIT SOFTWARE\FOXIT READER\plugins\npFoxitReaderPlugin.dll [2015-02-11] (Foxit Corporation) FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xdp -> C:\PROGRAM FILES (X86)\FOXIT SOFTWARE\FOXIT READER\plugins\npFoxitReaderPlugin.dll [2015-02-11] (Foxit Corporation) FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xfdf -> C:\PROGRAM FILES (X86)\FOXIT SOFTWARE\FOXIT READER\plugins\npFoxitReaderPlugin.dll [2015-02-11] (Foxit Corporation) FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2013-10-07] (Google) FF Plugin-x32: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll [2015-01-28] (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\plugin2\npjp2.dll [2015-01-28] (Oracle Corporation) FF Plugin-x32: @microsoft.com/GENUINE -> disabled [Keine Datei] FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-11] ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll [2010-04-26] (Microsoft Corp.) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-04] (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-04] (Google Inc.) FF Plugin-x32: @videolan.org/vlc,version=2.0.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2014-07-23] (VideoLAN) FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2014-07-23] (VideoLAN) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2015-09-24] (Adobe Systems Inc.) FF SearchPlugin: C:\Users\benjamka\AppData\Roaming\Mozilla\Firefox\Profiles\104o7vav.default\searchplugins\google-deutschland.xml [2015-09-03] FF SearchPlugin: C:\Users\benjamka\AppData\Roaming\Mozilla\Firefox\Profiles\104o7vav.default\searchplugins\ixquick-https---deutsch.xml [2015-10-05] FF Extension: Lavasoft Search Plugin - C:\Users\benjamka\AppData\Roaming\Mozilla\Firefox\Profiles\104o7vav.default\Extensions\jid1-yZwVFzbsyfMrqQ@jetpack [2013-01-15] [ist nicht signiert] FF Extension: Adblock Plus - C:\Users\benjamka\AppData\Roaming\Mozilla\Firefox\Profiles\104o7vav.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2015-09-25] FF Extension: BetterPrivacy - C:\Users\benjamka\AppData\Roaming\Mozilla\Firefox\Profiles\104o7vav.default\Extensions\{d40f5e7b-d2cf-4856-b441-cc613eeffbe3}.xpi [2015-09-17] FF Extension: Session Manager - C:\Users\benjamka\AppData\Roaming\Mozilla\Firefox\Profiles\2sdewnmb.Bene\Extensions\{1280606b-2510-4fe0-97ef-9b5a22eafe30}.xpi [2016-01-16] FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2016-01-07] [ist nicht signiert] FF HKLM-x32\...\Firefox\Extensions: [FFPDFArchitectConverter@pdfarchitect.com] - C:\Program Files (x86)\PDF Architect\FFPDFArchitectExt FF Extension: PDF Architect Converter For Firefox - C:\Program Files (x86)\PDF Architect\FFPDFArchitectExt [2012-12-10] [ist nicht signiert] FF HKLM-x32\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 FF Extension: HP Smart Web Printing - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2015-08-09] [ist nicht signiert] FF HKU\S-1-5-21-50433080-710429258-2441499552-1000\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 Chrome: ======= CHR HKU\S-1-5-21-50433080-710429258-2441499552-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [bknbnapaddjdnbilpmlacdkjdkjmbjhd] - hxxp://clients2.google.com/service/update2/crx CHR HKLM-x32\...\Chrome\Extension: [bknbnapaddjdnbilpmlacdkjdkjmbjhd] - hxxp://clients2.google.com/service/update2/crx CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx ==================== Dienste (Nicht auf der Ausnahmeliste) ======================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.) R3 hpqcxs08; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll [248832 2009-05-21] (Hewlett-Packard Co.) [Datei ist nicht signiert] R2 hpqddsvc; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll [133120 2009-05-21] (Hewlett-Packard Co.) [Datei ist nicht signiert] R2 HPSLPSVC; C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL [1039360 2010-10-22] (Hewlett-Packard Co.) [Datei ist nicht signiert] S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [73728 2004-10-22] (Macrovision Corporation) [Datei ist nicht signiert] S2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [1135416 2015-10-05] (Malwarebytes) S3 Microsoft Office Groove Audit Service; C:\Program Files (x86)\Microsoft Office 2007\Office12\GrooveAuditService.exe [64856 2009-02-26] (Microsoft Corporation) R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2010-08-06] (Hewlett-Packard) [Datei ist nicht signiert] R2 NuSetQos; C:\Program Files (x86)\NETGEAR\USB Media Extender\\setqos.exe [718848 2012-06-15] () [Datei ist nicht signiert] R2 PDF Architect Helper Service; C:\Program Files (x86)\PDF Architect\HelperService.exe [1522312 2012-11-22] (pdfforge GbR) R2 PDF Architect Service; C:\Program Files (x86)\PDF Architect\ConversionService.exe [905864 2012-11-22] (pdfforge GbR) R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2010-08-06] (Hewlett-Packard) [Datei ist nicht signiert] R2 PnkBstrA; C:\windows\SysWOW64\PnkBstrA.exe [76888 2015-03-03] () R2 SCVSSService; C:\Program Files (x86)\Second Copy 8\SCVSSSvc.exe [968448 2010-04-13] () R2 SynoDrService; C:\Program Files (x86)\Synology Data Replicator 3\SynoDrServicex64.exe [384072 2013-10-09] () S3 TemproMonitoringService; C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe [112080 2011-02-10] (Toshiba Europe GmbH) R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation) ===================== Treiber (Nicht auf der Ausnahmeliste) ========================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.) R3 avmaura; C:\Windows\System32\DRIVERS\avmaura.sys [116480 2013-11-08] (AVM Berlin) S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation) R0 gfibto; C:\Windows\System32\drivers\gfibto.sys [14456 2013-01-15] (GFI Software) R3 MBAMProtector; C:\windows\system32\drivers\mbam.sys [25816 2015-10-05] (Malwarebytes) S3 MBAMWebAccessControl; C:\windows\system32\drivers\mwac.sys [63704 2015-10-05] (Malwarebytes Corporation) R3 NetgearUDSMBus; C:\Windows\SysWow64\Drivers\NetgearUDSMBus.sys [106632 2012-06-15] (Windows (R) Codename Longhorn DDK provider) R3 NetgearUDSTcpBus; C:\Windows\SysWow64\Drivers\NetgearUDSTcpBus.sys [182920 2012-06-15] (Windows (R) Codename Longhorn DDK provider) S3 PcaSp50; C:\Windows\System32\Drivers\PcaSp50.sys [45624 2009-08-24] (Printing Communications Assoc., Inc. (PCAUSA)) R1 veracrypt; C:\Windows\System32\drivers\veracrypt.sys [195416 2015-10-08] (IDRIX) S1 SBRE; \??\C:\windows\system32\drivers\SBREdrv.sys [X] ==================== NetSvcs (Nicht auf der Ausnahmeliste) =================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.) ==================== Ein Monat: Erstellte Dateien und Ordner ======== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.) 2016-01-26 12:16 - 2016-01-26 12:16 - 00001818 _____ C:\Users\benjamka\Desktop\JRT.txt 2016-01-26 12:13 - 2016-01-26 12:13 - 01600184 _____ (Malwarebytes) C:\Users\benjamka\Downloads\JRT.exe 2016-01-26 12:13 - 2016-01-26 12:13 - 01600184 _____ (Malwarebytes) C:\Users\benjamka\Desktop\JRT.exe 2016-01-26 12:10 - 2016-01-26 12:10 - 00000000 ____H C:\ProgramData\cm-lock 2016-01-26 11:57 - 2016-01-26 11:57 - 01507840 _____ C:\Users\benjamka\Desktop\adwcleaner_5.031.exe 2016-01-26 05:40 - 2016-01-26 05:40 - 00001345 _____ C:\Users\benjamka\Downloads\Fixlog.txt 2016-01-26 05:38 - 2016-01-26 05:38 - 00000217 _____ C:\Users\benjamka\Desktop\Fixlist.txt 2016-01-25 20:54 - 2016-01-25 20:56 - 00075749 _____ C:\Users\benjamka\Downloads\Addition.txt 2016-01-25 14:08 - 2016-01-26 05:34 - 00000000 ____D C:\Logsinf 2016-01-22 14:08 - 2016-01-26 12:20 - 00030241 _____ C:\Users\benjamka\Downloads\FRST.txt 2016-01-22 14:08 - 2016-01-22 14:08 - 02370560 _____ (Farbar) C:\Users\benjamka\Downloads\FRST64.exe 2016-01-20 14:08 - 2016-01-20 14:08 - 00003273 _____ C:\Users\benjamka\AppData\Local\recently-used.xbel 2016-01-19 21:03 - 2016-01-26 12:08 - 00000000 ____D C:\searchplugins 2016-01-19 21:02 - 2016-01-20 09:21 - 00002896 _____ C:\windows\SysWOW64\LavasoftTcpServiceOff.ini 2016-01-19 21:02 - 2016-01-20 09:21 - 00002896 _____ C:\windows\system32\LavasoftTcpServiceOff.ini 2016-01-19 21:02 - 2016-01-19 21:02 - 00425744 _____ (Lavasoft Limited) C:\windows\system32\LavasoftTcpService64.dll 2016-01-19 21:02 - 2016-01-19 21:02 - 00000000 ____D C:\Users\benjamka\AppData\Roaming\MPC-HC 2016-01-19 21:01 - 2016-01-19 21:01 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack 2016-01-19 21:01 - 2016-01-19 21:01 - 00000000 ____D C:\Program Files (x86)\K-Lite Codec Pack 2016-01-19 21:01 - 2015-12-18 11:00 - 00755200 _____ C:\windows\system32\xvidcore.dll 2016-01-19 21:01 - 2015-12-18 11:00 - 00674816 _____ C:\windows\SysWOW64\xvidcore.dll 2016-01-19 21:01 - 2015-12-18 11:00 - 00309248 _____ C:\windows\system32\xvidvfw.dll 2016-01-19 21:01 - 2015-12-18 11:00 - 00282112 _____ C:\windows\SysWOW64\xvidvfw.dll 2016-01-19 21:01 - 2015-10-24 18:00 - 00126976 _____ C:\windows\system32\ff_vfw.dll 2016-01-19 21:01 - 2015-10-24 18:00 - 00112128 _____ C:\windows\SysWOW64\ff_vfw.dll 2016-01-19 21:01 - 2015-02-28 17:22 - 03571200 _____ (x264vfw project) C:\windows\system32\x264vfw64.dll 2016-01-19 21:01 - 2015-02-28 17:21 - 03591680 _____ (x264vfw project) C:\windows\SysWOW64\x264vfw.dll 2016-01-19 21:01 - 2012-07-21 12:55 - 00180736 _____ (fccHandler) C:\windows\system32\ac3acm.acm 2016-01-19 21:01 - 2012-07-21 12:54 - 00122880 _____ (fccHandler) C:\windows\SysWOW64\ac3acm.acm 2016-01-19 21:01 - 2011-12-07 19:37 - 00148992 _____ ( ) C:\windows\system32\lagarith.dll 2016-01-19 21:01 - 2011-12-07 19:32 - 00216064 _____ ( ) C:\windows\SysWOW64\lagarith.dll 2016-01-19 20:57 - 2016-01-19 20:57 - 42013590 _____ ( ) C:\Users\benjamka\Downloads\K-Lite_Codec_Pack_1180_Mega.exe 2016-01-19 03:01 - 2016-01-19 03:01 - 00000000 ____D C:\Users\benjamka\AppData\Local\NokiaAccount 2016-01-16 19:15 - 2016-01-16 19:15 - 02529622 _____ C:\Users\benjamka\AppData\Local\[j0002]-[p23].bmp 2016-01-16 19:15 - 2016-01-16 19:15 - 02529622 _____ C:\Users\benjamka\AppData\Local\[j0002]-[p22].bmp 2016-01-16 19:15 - 2016-01-16 19:15 - 02529622 _____ C:\Users\benjamka\AppData\Local\[j0002]-[p21].bmp 2016-01-16 19:15 - 2016-01-16 19:15 - 02529622 _____ C:\Users\benjamka\AppData\Local\[j0002]-[p20].bmp 2016-01-16 19:15 - 2016-01-16 19:15 - 02529622 _____ C:\Users\benjamka\AppData\Local\[j0002]-[p19].bmp 2016-01-16 19:15 - 2016-01-16 19:15 - 02529622 _____ C:\Users\benjamka\AppData\Local\[j0002]-[p18].bmp 2016-01-16 19:15 - 2016-01-16 19:15 - 02529622 _____ C:\Users\benjamka\AppData\Local\[j0002]-[p17].bmp 2016-01-16 19:14 - 2016-01-16 19:15 - 02529622 _____ C:\Users\benjamka\AppData\Local\[j0002]-[p16].bmp 2016-01-16 19:14 - 2016-01-16 19:14 - 02529622 _____ C:\Users\benjamka\AppData\Local\[j0002]-[p15].bmp 2016-01-16 19:14 - 2016-01-16 19:14 - 02529622 _____ C:\Users\benjamka\AppData\Local\[j0002]-[p14].bmp 2016-01-16 19:14 - 2016-01-16 19:14 - 02529622 _____ C:\Users\benjamka\AppData\Local\[j0002]-[p13].bmp 2016-01-16 19:14 - 2016-01-16 19:14 - 02529622 _____ C:\Users\benjamka\AppData\Local\[j0002]-[p12].bmp 2016-01-16 19:14 - 2016-01-16 19:14 - 02529622 _____ C:\Users\benjamka\AppData\Local\[j0002]-[p11].bmp 2016-01-16 19:14 - 2016-01-16 19:14 - 02529622 _____ C:\Users\benjamka\AppData\Local\[j0002]-[p10].bmp 2016-01-16 19:14 - 2016-01-16 19:14 - 02529622 _____ C:\Users\benjamka\AppData\Local\[j0002]-[p09].bmp 2016-01-16 19:14 - 2016-01-16 19:14 - 02529622 _____ C:\Users\benjamka\AppData\Local\[j0002]-[p08].bmp 2016-01-16 19:14 - 2016-01-16 19:14 - 02529622 _____ C:\Users\benjamka\AppData\Local\[j0002]-[p07].bmp 2016-01-16 19:14 - 2016-01-16 19:14 - 02529622 _____ C:\Users\benjamka\AppData\Local\[j0002]-[p06].bmp 2016-01-16 19:14 - 2016-01-16 19:14 - 02529622 _____ C:\Users\benjamka\AppData\Local\[j0002]-[p05].bmp 2016-01-16 19:14 - 2016-01-16 19:14 - 02529622 _____ C:\Users\benjamka\AppData\Local\[j0002]-[p04].bmp 2016-01-16 19:14 - 2016-01-16 19:14 - 02529622 _____ C:\Users\benjamka\AppData\Local\[j0002]-[p03].bmp 2016-01-16 19:13 - 2016-01-16 19:14 - 02529622 _____ C:\Users\benjamka\AppData\Local\[j0002]-[p02].bmp 2016-01-14 13:28 - 2016-01-14 13:52 - 00000000 ____D C:\Users\benjamka\Documents\MyScans 2016-01-14 13:26 - 2016-01-14 13:29 - 00000000 ____D C:\Users\benjamka\AppData\Roaming\Foxit Scanner Images 2016-01-13 09:42 - 2015-12-11 19:57 - 01164800 _____ (Microsoft Corporation) C:\windows\system32\aeinv.dll 2016-01-13 09:42 - 2015-12-08 22:54 - 01620992 _____ (Microsoft Corporation) C:\windows\SysWOW64\WMVDECOD.DLL 2016-01-13 09:42 - 2015-12-08 22:54 - 01568768 _____ (Microsoft Corporation) C:\windows\SysWOW64\WMVENCOD.DLL 2016-01-13 09:42 - 2015-12-08 22:54 - 00902144 _____ (Microsoft Corporation) C:\windows\SysWOW64\WMADMOD.DLL 2016-01-13 09:42 - 2015-12-08 22:54 - 00815616 _____ (Microsoft Corporation) C:\windows\SysWOW64\WMADMOE.DLL 2016-01-13 09:42 - 2015-12-08 22:54 - 00740352 _____ (Microsoft Corporation) C:\windows\SysWOW64\wmpmde.dll 2016-01-13 09:42 - 2015-12-08 22:54 - 00739328 _____ (Microsoft Corporation) C:\windows\SysWOW64\WMSPDMOD.DLL 2016-01-13 09:42 - 2015-12-08 22:54 - 00541184 _____ (Microsoft Corporation) C:\windows\SysWOW64\WMVSDECD.DLL 2016-01-13 09:42 - 2015-12-08 22:53 - 03209728 _____ (Microsoft Corporation) C:\windows\SysWOW64\mf.dll 2016-01-13 09:42 - 2015-12-08 22:53 - 00970240 _____ (Microsoft Corporation) C:\windows\SysWOW64\msmpeg2adec.dll 2016-01-13 09:42 - 2015-12-08 22:53 - 00829952 _____ (Microsoft Corporation) C:\windows\SysWOW64\MSMPEG2ENC.DLL 2016-01-13 09:42 - 2015-12-08 22:53 - 00509952 _____ (Microsoft Corporation) C:\windows\SysWOW64\qedit.dll 2016-01-13 09:42 - 2015-12-08 22:53 - 00153600 _____ (Microsoft Corporation) C:\windows\SysWOW64\COLORCNV.DLL 2016-01-13 09:42 - 2015-12-08 20:07 - 04121600 _____ (Microsoft Corporation) C:\windows\system32\mf.dll 2016-01-13 09:42 - 2015-12-08 20:07 - 01955328 _____ (Microsoft Corporation) C:\windows\system32\WMVENCOD.DLL 2016-01-13 09:42 - 2015-12-08 20:07 - 01888768 _____ (Microsoft Corporation) C:\windows\system32\WMVDECOD.DLL 2016-01-13 09:42 - 2015-12-08 20:07 - 01573888 _____ (Microsoft Corporation) C:\windows\system32\quartz.dll 2016-01-13 09:42 - 2015-12-08 20:07 - 01307136 _____ (Microsoft Corporation) C:\windows\system32\msmpeg2adec.dll 2016-01-13 09:42 - 2015-12-08 20:07 - 01232896 _____ (Microsoft Corporation) C:\windows\system32\WMADMOD.DLL 2016-01-13 09:42 - 2015-12-08 20:07 - 01160192 _____ (Microsoft Corporation) C:\windows\system32\MSMPEG2ENC.DLL 2016-01-13 09:42 - 2015-12-08 20:07 - 01153024 _____ (Microsoft Corporation) C:\windows\system32\WMADMOE.DLL 2016-01-13 09:42 - 2015-12-08 20:07 - 01026048 _____ (Microsoft Corporation) C:\windows\system32\wmpmde.dll 2016-01-13 09:42 - 2015-12-08 20:07 - 01010688 _____ (Microsoft Corporation) C:\windows\system32\mcmde.dll 2016-01-13 09:42 - 2015-12-08 20:07 - 00978944 _____ (Microsoft Corporation) C:\windows\system32\WMSPDMOD.DLL 2016-01-13 09:42 - 2015-12-08 20:07 - 00666112 _____ (Microsoft Corporation) C:\windows\system32\WMVSDECD.DLL 2016-01-13 09:42 - 2015-12-08 20:07 - 00632320 _____ (Microsoft Corporation) C:\windows\system32\evr.dll 2016-01-13 09:42 - 2015-12-08 20:07 - 00624640 _____ (Microsoft Corporation) C:\windows\system32\qedit.dll 2016-01-13 09:42 - 2015-12-08 20:07 - 00189952 _____ (Microsoft Corporation) C:\windows\system32\COLORCNV.DLL 2016-01-13 09:42 - 2015-11-14 00:09 - 00091648 _____ (Microsoft Corporation) C:\windows\system32\mapistub.dll 2016-01-13 09:42 - 2015-11-14 00:09 - 00091648 _____ (Microsoft Corporation) C:\windows\system32\mapi32.dll 2016-01-13 09:42 - 2015-11-14 00:08 - 00017920 _____ (Microsoft Corporation) C:\windows\system32\fixmapi.exe 2016-01-13 09:42 - 2015-11-13 23:50 - 00076800 _____ (Microsoft Corporation) C:\windows\SysWOW64\mapistub.dll 2016-01-13 09:42 - 2015-11-13 23:50 - 00076800 _____ (Microsoft Corporation) C:\windows\SysWOW64\mapi32.dll 2016-01-13 09:42 - 2015-11-13 23:49 - 00014336 _____ (Microsoft Corporation) C:\windows\SysWOW64\fixmapi.exe 2016-01-13 09:41 - 2015-12-24 00:13 - 00387784 _____ (Microsoft Corporation) C:\windows\system32\iedkcs32.dll 2016-01-13 09:41 - 2015-12-23 23:52 - 00341192 _____ (Microsoft Corporation) C:\windows\SysWOW64\iedkcs32.dll 2016-01-13 09:41 - 2015-12-12 19:54 - 25837568 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll 2016-01-13 09:41 - 2015-12-12 19:31 - 02724864 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb 2016-01-13 09:41 - 2015-12-12 19:30 - 00004096 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollectorres.dll 2016-01-13 09:41 - 2015-12-12 19:16 - 00066560 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll 2016-01-13 09:41 - 2015-12-12 19:15 - 02887168 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll 2016-01-13 09:41 - 2015-12-12 19:15 - 00571904 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll 2016-01-13 09:41 - 2015-12-12 19:15 - 00417792 _____ (Microsoft Corporation) C:\windows\system32\html.iec 2016-01-13 09:41 - 2015-12-12 19:15 - 00048640 _____ (Microsoft Corporation) C:\windows\system32\ieetwproxystub.dll 2016-01-13 09:41 - 2015-12-12 19:14 - 00088064 _____ (Microsoft Corporation) C:\windows\system32\MshtmlDac.dll 2016-01-13 09:41 - 2015-12-12 19:07 - 06051328 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll 2016-01-13 09:41 - 2015-12-12 19:07 - 00054784 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll 2016-01-13 09:41 - 2015-12-12 19:07 - 00034304 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll 2016-01-13 09:41 - 2015-12-12 19:03 - 00615936 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll 2016-01-13 09:41 - 2015-12-12 19:02 - 20367360 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll 2016-01-13 09:41 - 2015-12-12 19:02 - 00817664 _____ (Microsoft Corporation) C:\windows\system32\jscript.dll 2016-01-13 09:41 - 2015-12-12 19:02 - 00814080 _____ (Microsoft Corporation) C:\windows\system32\jscript9diag.dll 2016-01-13 09:41 - 2015-12-12 19:02 - 00144384 _____ (Microsoft Corporation) C:\windows\system32\ieUnatt.exe 2016-01-13 09:41 - 2015-12-12 19:02 - 00114688 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollector.exe 2016-01-13 09:41 - 2015-12-12 18:55 - 00968704 _____ (Microsoft Corporation) C:\windows\system32\MsSpellCheckingFacility.exe 2016-01-13 09:41 - 2015-12-12 18:51 - 00489984 _____ (Microsoft Corporation) C:\windows\system32\dxtmsft.dll 2016-01-13 09:41 - 2015-12-12 18:49 - 02724864 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb 2016-01-13 09:41 - 2015-12-12 18:44 - 00077824 _____ (Microsoft Corporation) C:\windows\system32\JavaScriptCollectionAgent.dll 2016-01-13 09:41 - 2015-12-12 18:40 - 00199680 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll 2016-01-13 09:41 - 2015-12-12 18:39 - 00092160 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll 2016-01-13 09:41 - 2015-12-12 18:37 - 00496640 _____ (Microsoft Corporation) C:\windows\SysWOW64\vbscript.dll 2016-01-13 09:41 - 2015-12-12 18:37 - 00315392 _____ (Microsoft Corporation) C:\windows\system32\dxtrans.dll 2016-01-13 09:41 - 2015-12-12 18:37 - 00062464 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesetup.dll 2016-01-13 09:41 - 2015-12-12 18:37 - 00047616 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieetwproxystub.dll 2016-01-13 09:41 - 2015-12-12 18:36 - 00341504 _____ (Microsoft Corporation) C:\windows\SysWOW64\html.iec 2016-01-13 09:41 - 2015-12-12 18:36 - 00064000 _____ (Microsoft Corporation) C:\windows\SysWOW64\MshtmlDac.dll 2016-01-13 09:41 - 2015-12-12 18:35 - 00152064 _____ (Microsoft Corporation) C:\windows\system32\occache.dll 2016-01-13 09:41 - 2015-12-12 18:33 - 02280448 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll 2016-01-13 09:41 - 2015-12-12 18:31 - 00047104 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll 2016-01-13 09:41 - 2015-12-12 18:30 - 00030720 _____ (Microsoft Corporation) C:\windows\SysWOW64\iernonce.dll 2016-01-13 09:41 - 2015-12-12 18:28 - 00476160 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieui.dll 2016-01-13 09:41 - 2015-12-12 18:27 - 00663552 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript.dll 2016-01-13 09:41 - 2015-12-12 18:27 - 00620032 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9diag.dll 2016-01-13 09:41 - 2015-12-12 18:27 - 00115712 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieUnatt.exe 2016-01-13 09:41 - 2015-12-12 18:25 - 00262144 _____ (Microsoft Corporation) C:\windows\system32\webcheck.dll 2016-01-13 09:41 - 2015-12-12 18:23 - 00798208 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll 2016-01-13 09:41 - 2015-12-12 18:22 - 00718336 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe 2016-01-13 09:41 - 2015-12-12 18:21 - 01359360 _____ (Microsoft Corporation) C:\windows\system32\mshtmlmedia.dll 2016-01-13 09:41 - 2015-12-12 18:20 - 02123264 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl 2016-01-13 09:41 - 2015-12-12 18:19 - 00416256 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtmsft.dll 2016-01-13 09:41 - 2015-12-12 18:18 - 14457856 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll 2016-01-13 09:41 - 2015-12-12 18:14 - 00060416 _____ (Microsoft Corporation) C:\windows\SysWOW64\JavaScriptCollectionAgent.dll 2016-01-13 09:41 - 2015-12-12 18:12 - 00168960 _____ (Microsoft Corporation) C:\windows\SysWOW64\msrating.dll 2016-01-13 09:41 - 2015-12-12 18:10 - 00279040 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtrans.dll 2016-01-13 09:41 - 2015-12-12 18:10 - 00076288 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmled.dll 2016-01-13 09:41 - 2015-12-12 18:09 - 04610560 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll 2016-01-13 09:41 - 2015-12-12 18:08 - 00130048 _____ (Microsoft Corporation) C:\windows\SysWOW64\occache.dll 2016-01-13 09:41 - 2015-12-12 18:06 - 02487808 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll 2016-01-13 09:41 - 2015-12-12 18:02 - 00230400 _____ (Microsoft Corporation) C:\windows\SysWOW64\webcheck.dll 2016-01-13 09:41 - 2015-12-12 18:00 - 12856320 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll 2016-01-13 09:41 - 2015-12-12 18:00 - 02050560 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcpl.cpl 2016-01-13 09:41 - 2015-12-12 18:00 - 01155072 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmlmedia.dll 2016-01-13 09:41 - 2015-12-12 18:00 - 00687104 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll 2016-01-13 09:41 - 2015-12-12 17:54 - 01546752 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll 2016-01-13 09:41 - 2015-12-12 17:42 - 00800768 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll 2016-01-13 09:41 - 2015-12-12 17:41 - 02011136 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll 2016-01-13 09:41 - 2015-12-12 17:38 - 01311744 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll 2016-01-13 09:41 - 2015-12-12 17:36 - 00710144 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dll 2016-01-13 09:41 - 2015-12-08 22:54 - 02285056 _____ (Microsoft Corporation) C:\windows\SysWOW64\msmpeg2vdec.dll 2016-01-13 09:41 - 2015-12-08 22:54 - 01325056 _____ (Microsoft Corporation) C:\windows\SysWOW64\WMSPDMOE.DLL 2016-01-13 09:41 - 2015-12-08 22:54 - 00665088 _____ (Microsoft Corporation) C:\windows\SysWOW64\WMVXENCD.DLL 2016-01-13 09:41 - 2015-12-08 22:54 - 00358400 _____ (Microsoft Corporation) C:\windows\SysWOW64\WMVSENCD.DLL 2016-01-13 09:41 - 2015-12-08 22:54 - 00154112 _____ (Microsoft Corporation) C:\windows\SysWOW64\VIDRESZR.DLL 2016-01-13 09:41 - 2015-12-08 22:53 - 01329664 _____ (Microsoft Corporation) C:\windows\SysWOW64\quartz.dll 2016-01-13 09:41 - 2015-12-08 22:53 - 00609280 _____ (Microsoft Corporation) C:\windows\SysWOW64\MFWMAAEC.DLL 2016-01-13 09:41 - 2015-12-08 22:53 - 00519680 _____ (Microsoft Corporation) C:\windows\SysWOW64\qdvd.dll 2016-01-13 09:41 - 2015-12-08 22:53 - 00489984 _____ (Microsoft Corporation) C:\windows\SysWOW64\evr.dll 2016-01-13 09:41 - 2015-12-08 22:53 - 00415744 _____ (Microsoft Corporation) C:\windows\SysWOW64\MP4SDECD.DLL 2016-01-13 09:41 - 2015-12-08 22:53 - 00354816 _____ (Microsoft Corporation) C:\windows\SysWOW64\mfplat.dll 2016-01-13 09:41 - 2015-12-08 22:53 - 00241152 _____ (Microsoft Corporation) C:\windows\SysWOW64\MPG4DECD.DLL 2016-01-13 09:41 - 2015-12-08 22:53 - 00241152 _____ (Microsoft Corporation) C:\windows\SysWOW64\MP43DECD.DLL 2016-01-13 09:41 - 2015-12-08 22:53 - 00206848 _____ (Microsoft Corporation) C:\windows\SysWOW64\RESAMPLEDMO.DLL 2016-01-13 09:41 - 2015-12-08 22:53 - 00206848 _____ (Microsoft Corporation) C:\windows\SysWOW64\qasf.dll 2016-01-13 09:41 - 2015-12-08 22:53 - 00193536 _____ (Microsoft Corporation) C:\windows\SysWOW64\ksproxy.ax 2016-01-13 09:41 - 2015-12-08 22:53 - 00103424 _____ (Microsoft Corporation) C:\windows\SysWOW64\mfps.dll 2016-01-13 09:41 - 2015-12-08 22:53 - 00079872 _____ (Microsoft Corporation) C:\windows\SysWOW64\MP3DMOD.DLL 2016-01-13 09:41 - 2015-12-08 22:53 - 00067584 _____ (Microsoft Corporation) C:\windows\SysWOW64\devenum.dll 2016-01-13 09:41 - 2015-12-08 22:53 - 00053248 _____ (Microsoft Corporation) C:\windows\SysWOW64\mfvdsp.dll 2016-01-13 09:41 - 2015-12-08 22:53 - 00050176 _____ (Microsoft Corporation) C:\windows\SysWOW64\rrinstaller.exe 2016-01-13 09:41 - 2015-12-08 22:53 - 00023040 _____ (Microsoft Corporation) C:\windows\SysWOW64\mfpmp.exe 2016-01-13 09:41 - 2015-12-08 22:53 - 00004608 _____ (Microsoft Corporation) C:\windows\SysWOW64\ksuser.dll 2016-01-13 09:41 - 2015-12-08 22:50 - 00002048 _____ (Microsoft Corporation) C:\windows\SysWOW64\mferror.dll 2016-01-13 09:41 - 2015-12-08 20:07 - 02777088 _____ (Microsoft Corporation) C:\windows\system32\msmpeg2vdec.dll 2016-01-13 09:41 - 2015-12-08 20:07 - 01575424 _____ (Microsoft Corporation) C:\windows\system32\WMSPDMOE.DLL 2016-01-13 09:41 - 2015-12-08 20:07 - 00653824 _____ (Microsoft Corporation) C:\windows\system32\MP4SDECD.DLL 2016-01-13 09:41 - 2015-12-08 20:07 - 00642048 _____ (Microsoft Corporation) C:\windows\system32\WMVXENCD.DLL 2016-01-13 09:41 - 2015-12-08 20:07 - 00484864 _____ (Microsoft Corporation) C:\windows\system32\MFWMAAEC.DLL 2016-01-13 09:41 - 2015-12-08 20:07 - 00447488 _____ (Microsoft Corporation) C:\windows\system32\WMVSENCD.DLL 2016-01-13 09:41 - 2015-12-08 20:07 - 00432128 _____ (Microsoft Corporation) C:\windows\system32\mfplat.dll 2016-01-13 09:41 - 2015-12-08 20:07 - 00378880 _____ (Microsoft Corporation) C:\windows\system32\SysFxUI.dll 2016-01-13 09:41 - 2015-12-08 20:07 - 00371712 _____ (Microsoft Corporation) C:\windows\system32\qdvd.dll 2016-01-13 09:41 - 2015-12-08 20:07 - 00292352 _____ (Microsoft Corporation) C:\windows\system32\VIDRESZR.DLL 2016-01-13 09:41 - 2015-12-08 20:07 - 00254464 _____ (Microsoft Corporation) C:\windows\system32\qasf.dll 2016-01-13 09:41 - 2015-12-08 20:07 - 00225792 _____ (Microsoft Corporation) C:\windows\system32\RESAMPLEDMO.DLL 2016-01-13 09:41 - 2015-12-08 20:07 - 00224768 _____ (Microsoft Corporation) C:\windows\system32\MPG4DECD.DLL 2016-01-13 09:41 - 2015-12-08 20:07 - 00223744 _____ (Microsoft Corporation) C:\windows\system32\MP43DECD.DLL 2016-01-13 09:41 - 2015-12-08 20:07 - 00206848 _____ (Microsoft Corporation) C:\windows\system32\mfps.dll 2016-01-13 09:41 - 2015-12-08 20:07 - 00100864 _____ (Microsoft Corporation) C:\windows\system32\MP3DMOD.DLL 2016-01-13 09:41 - 2015-12-08 20:07 - 00076288 _____ (Microsoft Corporation) C:\windows\system32\devenum.dll 2016-01-13 09:41 - 2015-12-08 20:07 - 00070144 _____ (Microsoft Corporation) C:\windows\system32\mfvdsp.dll 2016-01-13 09:41 - 2015-12-08 20:07 - 00055808 _____ (Microsoft Corporation) C:\windows\system32\rrinstaller.exe 2016-01-13 09:41 - 2015-12-08 20:07 - 00005120 _____ (Microsoft Corporation) C:\windows\system32\ksuser.dll 2016-01-13 09:41 - 2015-12-08 20:06 - 00250880 _____ (Microsoft Corporation) C:\windows\system32\ksproxy.ax 2016-01-13 09:41 - 2015-12-08 20:06 - 00024576 _____ (Microsoft Corporation) C:\windows\system32\mfpmp.exe 2016-01-13 09:41 - 2015-12-08 20:04 - 00002048 _____ (Microsoft Corporation) C:\windows\system32\mferror.dll 2016-01-13 09:41 - 2015-12-08 19:54 - 00116736 _____ (Microsoft Corporation) C:\windows\system32\Drivers\drmk.sys 2016-01-13 09:41 - 2015-12-08 19:12 - 00230400 _____ (Microsoft Corporation) C:\windows\system32\Drivers\portcls.sys 2016-01-13 09:41 - 2015-12-08 19:11 - 00005632 _____ (Microsoft Corporation) C:\windows\system32\Drivers\drmkaud.sys 2016-01-13 09:41 - 2015-12-08 18:58 - 03211264 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys 2016-01-13 09:40 - 2015-12-30 20:08 - 05572544 _____ (Microsoft Corporation) C:\windows\system32\ntoskrnl.exe 2016-01-13 09:40 - 2015-12-30 20:08 - 00154560 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ksecpkg.sys 2016-01-13 09:40 - 2015-12-30 20:08 - 00095680 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ksecdd.sys 2016-01-13 09:40 - 2015-12-30 20:05 - 01730496 _____ (Microsoft Corporation) C:\windows\system32\ntdll.dll 2016-01-13 09:40 - 2015-12-30 20:02 - 00362496 _____ (Microsoft Corporation) C:\windows\system32\wow64win.dll 2016-01-13 09:40 - 2015-12-30 20:02 - 00243712 _____ (Microsoft Corporation) C:\windows\system32\wow64.dll 2016-01-13 09:40 - 2015-12-30 20:02 - 00215040 _____ (Microsoft Corporation) C:\windows\system32\winsrv.dll 2016-01-13 09:40 - 2015-12-30 20:02 - 00210432 _____ (Microsoft Corporation) C:\windows\system32\wdigest.dll 2016-01-13 09:40 - 2015-12-30 20:02 - 00086528 _____ (Microsoft Corporation) C:\windows\system32\TSpkg.dll 2016-01-13 09:40 - 2015-12-30 20:02 - 00013312 _____ (Microsoft Corporation) C:\windows\system32\wow64cpu.dll 2016-01-13 09:40 - 2015-12-30 20:01 - 01214464 _____ (Microsoft Corporation) C:\windows\system32\rpcrt4.dll 2016-01-13 09:40 - 2015-12-30 20:01 - 00503808 _____ (Microsoft Corporation) C:\windows\system32\srcore.dll 2016-01-13 09:40 - 2015-12-30 20:01 - 00344064 _____ (Microsoft Corporation) C:\windows\system32\schannel.dll 2016-01-13 09:40 - 2015-12-30 20:01 - 00135680 _____ (Microsoft Corporation) C:\windows\system32\sspicli.dll 2016-01-13 09:40 - 2015-12-30 20:01 - 00050176 _____ (Microsoft Corporation) C:\windows\system32\srclient.dll 2016-01-13 09:40 - 2015-12-30 20:01 - 00028672 _____ (Microsoft Corporation) C:\windows\system32\sspisrv.dll 2016-01-13 09:40 - 2015-12-30 20:01 - 00028160 _____ (Microsoft Corporation) C:\windows\system32\secur32.dll 2016-01-13 09:40 - 2015-12-30 20:00 - 00016384 _____ (Microsoft Corporation) C:\windows\system32\ntvdm64.dll 2016-01-13 09:40 - 2015-12-30 19:59 - 00315392 _____ (Microsoft Corporation) C:\windows\system32\msv1_0.dll 2016-01-13 09:40 - 2015-12-30 19:59 - 00312320 _____ (Microsoft Corporation) C:\windows\system32\ncrypt.dll 2016-01-13 09:40 - 2015-12-30 19:59 - 00060416 _____ (Microsoft Corporation) C:\windows\system32\msobjs.dll 2016-01-13 09:40 - 2015-12-30 19:58 - 01461248 _____ (Microsoft Corporation) C:\windows\system32\lsasrv.dll 2016-01-13 09:40 - 2015-12-30 19:58 - 00146432 _____ (Microsoft Corporation) C:\windows\system32\msaudite.dll 2016-01-13 09:40 - 2015-12-30 19:57 - 01163264 _____ (Microsoft Corporation) C:\windows\system32\kernel32.dll 2016-01-13 09:40 - 2015-12-30 19:57 - 00729600 _____ (Microsoft Corporation) C:\windows\system32\kerberos.dll 2016-01-13 09:40 - 2015-12-30 19:57 - 00424448 _____ (Microsoft Corporation) C:\windows\system32\KernelBase.dll 2016-01-13 09:40 - 2015-12-30 19:55 - 00043520 _____ (Microsoft Corporation) C:\windows\system32\csrsrv.dll 2016-01-13 09:40 - 2015-12-30 19:55 - 00043520 _____ (Microsoft Corporation) C:\windows\system32\cryptbase.dll 2016-01-13 09:40 - 2015-12-30 19:55 - 00022016 _____ (Microsoft Corporation) C:\windows\system32\credssp.dll 2016-01-13 09:40 - 2015-12-30 19:54 - 00686080 _____ (Microsoft Corporation) C:\windows\system32\adtschema.dll 2016-01-13 09:40 - 2015-12-30 19:54 - 00006656 _____ (Microsoft Corporation) C:\windows\system32\apisetschema.dll 2016-01-13 09:40 - 2015-12-30 19:54 - 00006144 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-security-base-l1-1-0.dll 2016-01-13 09:40 - 2015-12-30 19:54 - 00005120 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-file-l1-1-0.dll 2016-01-13 09:40 - 2015-12-30 19:54 - 00004608 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll 2016-01-13 09:40 - 2015-12-30 19:54 - 00004608 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-processthreads-l1-1-0.dll 2016-01-13 09:40 - 2015-12-30 19:54 - 00004096 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll 2016-01-13 09:40 - 2015-12-30 19:54 - 00004096 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-synch-l1-1-0.dll 2016-01-13 09:40 - 2015-12-30 19:54 - 00004096 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-localregistry-l1-1-0.dll 2016-01-13 09:40 - 2015-12-30 19:54 - 00004096 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-localization-l1-1-0.dll 2016-01-13 09:40 - 2015-12-30 19:54 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll 2016-01-13 09:40 - 2015-12-30 19:54 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll 2016-01-13 09:40 - 2015-12-30 19:54 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll 2016-01-13 09:40 - 2015-12-30 19:54 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-misc-l1-1-0.dll 2016-01-13 09:40 - 2015-12-30 19:54 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-memory-l1-1-0.dll 2016-01-13 09:40 - 2015-12-30 19:54 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll 2016-01-13 09:40 - 2015-12-30 19:54 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-heap-l1-1-0.dll 2016-01-13 09:40 - 2015-12-30 19:54 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll 2016-01-13 09:40 - 2015-12-30 19:54 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-util-l1-1-0.dll 2016-01-13 09:40 - 2015-12-30 19:54 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-string-l1-1-0.dll 2016-01-13 09:40 - 2015-12-30 19:54 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-profile-l1-1-0.dll 2016-01-13 09:40 - 2015-12-30 19:54 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-io-l1-1-0.dll 2016-01-13 09:40 - 2015-12-30 19:54 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-interlocked-l1-1-0.dll 2016-01-13 09:40 - 2015-12-30 19:54 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-handle-l1-1-0.dll 2016-01-13 09:40 - 2015-12-30 19:54 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-fibers-l1-1-0.dll 2016-01-13 09:40 - 2015-12-30 19:54 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll 2016-01-13 09:40 - 2015-12-30 19:54 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-delayload-l1-1-0.dll 2016-01-13 09:40 - 2015-12-30 19:54 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-debug-l1-1-0.dll 2016-01-13 09:40 - 2015-12-30 19:54 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-datetime-l1-1-0.dll 2016-01-13 09:40 - 2015-12-30 19:54 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-console-l1-1-0.dll 2016-01-13 09:40 - 2015-12-30 19:47 - 03993536 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntkrnlpa.exe 2016-01-13 09:40 - 2015-12-30 19:47 - 03938240 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntoskrnl.exe 2016-01-13 09:40 - 2015-12-30 19:44 - 01311768 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntdll.dll 2016-01-13 09:40 - 2015-12-30 19:41 - 01114112 _____ (Microsoft Corporation) C:\windows\SysWOW64\kernel32.dll 2016-01-13 09:40 - 2015-12-30 19:41 - 00665088 _____ (Microsoft Corporation) C:\windows\SysWOW64\rpcrt4.dll 2016-01-13 09:40 - 2015-12-30 19:41 - 00274944 _____ (Microsoft Corporation) C:\windows\SysWOW64\KernelBase.dll 2016-01-13 09:40 - 2015-12-30 19:41 - 00171520 _____ (Microsoft Corporation) C:\windows\SysWOW64\wdigest.dll 2016-01-13 09:40 - 2015-12-30 19:41 - 00096768 _____ (Microsoft Corporation) C:\windows\SysWOW64\sspicli.dll 2016-01-13 09:40 - 2015-12-30 19:41 - 00065536 _____ (Microsoft Corporation) C:\windows\SysWOW64\TSpkg.dll 2016-01-13 09:40 - 2015-12-30 19:41 - 00043008 _____ (Microsoft Corporation) C:\windows\SysWOW64\srclient.dll 2016-01-13 09:40 - 2015-12-30 19:41 - 00005120 _____ (Microsoft Corporation) C:\windows\SysWOW64\wow32.dll 2016-01-13 09:40 - 2015-12-30 19:40 - 00251392 _____ (Microsoft Corporation) C:\windows\SysWOW64\schannel.dll 2016-01-13 09:40 - 2015-12-30 19:40 - 00022016 _____ (Microsoft Corporation) C:\windows\SysWOW64\secur32.dll 2016-01-13 09:40 - 2015-12-30 19:39 - 00259584 _____ (Microsoft Corporation) C:\windows\SysWOW64\msv1_0.dll 2016-01-13 09:40 - 2015-12-30 19:39 - 00223232 _____ (Microsoft Corporation) C:\windows\SysWOW64\ncrypt.dll 2016-01-13 09:40 - 2015-12-30 19:39 - 00146432 _____ (Microsoft Corporation) C:\windows\SysWOW64\msaudite.dll 2016-01-13 09:40 - 2015-12-30 19:39 - 00060416 _____ (Microsoft Corporation) C:\windows\SysWOW64\msobjs.dll 2016-01-13 09:40 - 2015-12-30 19:38 - 00552960 _____ (Microsoft Corporation) C:\windows\SysWOW64\kerberos.dll 2016-01-13 09:40 - 2015-12-30 19:38 - 00017408 _____ (Microsoft Corporation) C:\windows\SysWOW64\credssp.dll 2016-01-13 09:40 - 2015-12-30 19:37 - 00686080 _____ (Microsoft Corporation) C:\windows\SysWOW64\adtschema.dll 2016-01-13 09:40 - 2015-12-30 19:37 - 00006656 _____ (Microsoft Corporation) C:\windows\SysWOW64\apisetschema.dll 2016-01-13 09:40 - 2015-12-30 19:37 - 00005120 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll 2016-01-13 09:40 - 2015-12-30 19:37 - 00004608 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll 2016-01-13 09:40 - 2015-12-30 19:37 - 00004096 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll 2016-01-13 09:40 - 2015-12-30 19:37 - 00004096 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll 2016-01-13 09:40 - 2015-12-30 19:37 - 00004096 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll 2016-01-13 09:40 - 2015-12-30 19:37 - 00004096 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll 2016-01-13 09:40 - 2015-12-30 19:37 - 00004096 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll 2016-01-13 09:40 - 2015-12-30 19:37 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll 2016-01-13 09:40 - 2015-12-30 19:37 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll 2016-01-13 09:40 - 2015-12-30 19:37 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll 2016-01-13 09:40 - 2015-12-30 19:37 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll 2016-01-13 09:40 - 2015-12-30 19:37 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll 2016-01-13 09:40 - 2015-12-30 19:37 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll 2016-01-13 09:40 - 2015-12-30 19:37 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll 2016-01-13 09:40 - 2015-12-30 19:37 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll 2016-01-13 09:40 - 2015-12-30 19:37 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll 2016-01-13 09:40 - 2015-12-30 19:37 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll 2016-01-13 09:40 - 2015-12-30 19:37 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll 2016-01-13 09:40 - 2015-12-30 19:37 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll 2016-01-13 09:40 - 2015-12-30 19:37 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll 2016-01-13 09:40 - 2015-12-30 19:37 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll 2016-01-13 09:40 - 2015-12-30 19:37 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll 2016-01-13 09:40 - 2015-12-30 19:37 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll 2016-01-13 09:40 - 2015-12-30 19:37 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll 2016-01-13 09:40 - 2015-12-30 18:57 - 00064000 _____ (Microsoft Corporation) C:\windows\system32\auditpol.exe 2016-01-13 09:40 - 2015-12-30 18:50 - 00338432 _____ (Microsoft Corporation) C:\windows\system32\conhost.exe 2016-01-13 09:40 - 2015-12-30 18:49 - 00296960 _____ (Microsoft Corporation) C:\windows\system32\rstrui.exe 2016-01-13 09:40 - 2015-12-30 18:44 - 00050176 _____ (Microsoft Corporation) C:\windows\SysWOW64\auditpol.exe 2016-01-13 09:40 - 2015-12-30 18:43 - 00159232 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mrxsmb.sys 2016-01-13 09:40 - 2015-12-30 18:42 - 00290816 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mrxsmb10.sys 2016-01-13 09:40 - 2015-12-30 18:42 - 00129024 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mrxsmb20.sys 2016-01-13 09:40 - 2015-12-30 18:41 - 00112640 _____ (Microsoft Corporation) C:\windows\system32\smss.exe 2016-01-13 09:40 - 2015-12-30 18:41 - 00030720 _____ (Microsoft Corporation) C:\windows\system32\lsass.exe 2016-01-13 09:40 - 2015-12-30 18:32 - 00025600 _____ (Microsoft Corporation) C:\windows\SysWOW64\setup16.exe 2016-01-13 09:40 - 2015-12-30 18:32 - 00014336 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntvdm64.dll 2016-01-13 09:40 - 2015-12-30 18:32 - 00007680 _____ (Microsoft Corporation) C:\windows\SysWOW64\instnm.exe 2016-01-13 09:40 - 2015-12-30 18:32 - 00002048 _____ (Microsoft Corporation) C:\windows\SysWOW64\user.exe 2016-01-13 09:40 - 2015-12-30 18:30 - 00036352 _____ (Microsoft Corporation) C:\windows\SysWOW64\cryptbase.dll 2016-01-13 09:40 - 2015-12-30 18:30 - 00006144 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll 2016-01-13 09:40 - 2015-12-30 18:30 - 00004608 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll 2016-01-13 09:40 - 2015-12-30 18:30 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll 2016-01-13 09:40 - 2015-12-30 18:30 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll 2016-01-13 09:40 - 2015-12-08 22:53 - 00641536 _____ (Microsoft Corporation) C:\windows\SysWOW64\advapi32.dll 2016-01-13 09:40 - 2015-12-08 22:52 - 00312320 _____ (Microsoft Corporation) C:\windows\SysWOW64\gdi32.dll 2016-01-13 09:40 - 2015-12-08 20:07 - 00879104 _____ (Microsoft Corporation) C:\windows\system32\advapi32.dll 2016-01-13 09:40 - 2015-12-08 20:07 - 00405504 _____ (Microsoft Corporation) C:\windows\system32\gdi32.dll 2016-01-13 09:40 - 2015-11-17 02:11 - 00025024 _____ (Microsoft Corporation) C:\windows\system32\CompatTelRunner.exe 2016-01-13 09:40 - 2015-11-17 02:08 - 01381376 _____ (Microsoft Corporation) C:\windows\system32\appraiser.dll 2016-01-13 09:40 - 2015-11-17 02:08 - 00792064 _____ (Microsoft Corporation) C:\windows\system32\generaltel.dll 2016-01-13 09:40 - 2015-11-17 02:08 - 00705536 _____ (Microsoft Corporation) C:\windows\system32\invagent.dll 2016-01-13 09:40 - 2015-11-17 02:08 - 00505856 _____ (Microsoft Corporation) C:\windows\system32\devinv.dll 2016-01-13 09:40 - 2015-11-17 02:08 - 00076800 _____ (Microsoft Corporation) C:\windows\system32\acmigration.dll 2016-01-13 09:40 - 2015-11-16 21:17 - 00210432 _____ (Microsoft Corporation) C:\windows\system32\aepic.dll 2016-01-12 16:49 - 2016-01-19 21:02 - 00000000 ____D C:\Users\benjamka\AppData\Local\CrashDumps 2016-01-12 04:13 - 2016-01-12 04:13 - 00000000 ____D C:\Users\benjamka\AppData\Roaming\JAM Software 2016-01-12 04:13 - 2016-01-12 04:13 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TreeSize Free 2016-01-12 04:13 - 2016-01-12 04:13 - 00000000 ____D C:\Program Files (x86)\JAM Software 2016-01-09 23:19 - 2016-01-09 23:19 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\XAMPP 2016-01-09 23:16 - 2016-01-10 02:24 - 00000000 ____D C:\xampp 2016-01-09 23:04 - 2016-01-11 02:37 - 00000106 _____ C:\Users\benjamka\Documents\urls.txt 2016-01-09 01:20 - 2016-01-09 01:20 - 00273025 _____ C:\Users\benjamka\Documents\Logo2.xcf 2016-01-08 22:22 - 2016-01-08 22:22 - 00003971 _____ C:\Users\benjamka\Documents\wp-config.php 2016-01-07 11:04 - 2016-01-09 23:08 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox 2016-01-02 12:05 - 2016-01-02 12:05 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype 2015-12-27 20:21 - 2009-06-10 22:00 - 00000824 _____ C:\windows\system32\Drivers\etc\hosts.20151227-202141.backup ==================== Ein Monat: Geänderte Dateien und Ordner ======== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.) 2016-01-26 12:20 - 2015-11-13 22:40 - 00000000 ____D C:\FRST 2016-01-26 12:17 - 2009-07-14 05:45 - 00025120 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2016-01-26 12:17 - 2009-07-14 05:45 - 00025120 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2016-01-26 12:14 - 2011-02-11 09:21 - 00699682 _____ C:\windows\system32\perfh007.dat 2016-01-26 12:14 - 2011-02-11 09:21 - 00149790 _____ C:\windows\system32\perfc007.dat 2016-01-26 12:14 - 2009-07-14 06:13 - 01620684 _____ C:\windows\system32\PerfStringBackup.INI 2016-01-26 12:14 - 2009-07-14 04:20 - 00000000 ____D C:\windows\inf 2016-01-26 12:14 - 2009-07-14 04:20 - 00000000 ____D C:\Windows 2016-01-26 12:10 - 2015-11-14 01:09 - 00000000 ____D C:\Users\benjamka\AppData\Local\ownCloud 2016-01-26 12:10 - 2012-09-11 19:44 - 00001106 _____ C:\windows\Tasks\GoogleUpdateTaskMachineCore.job 2016-01-26 12:10 - 2012-05-20 20:58 - 00000000 ___RD C:\Users\benjamka\Dropbox 2016-01-26 12:10 - 2012-05-20 20:56 - 00000000 ____D C:\Users\benjamka\AppData\Roaming\Dropbox 2016-01-26 12:10 - 2009-07-14 06:08 - 00000006 ____H C:\windows\Tasks\SA.DAT 2016-01-26 12:08 - 2013-09-04 22:00 - 00000000 ____D C:\AdwCleaner 2016-01-26 11:58 - 2015-06-16 11:48 - 00001236 _____ C:\windows\Tasks\DropboxUpdateTaskUserS-1-5-21-50433080-710429258-2441499552-1000UA.job 2016-01-26 11:52 - 2012-09-11 19:44 - 00001110 _____ C:\windows\Tasks\GoogleUpdateTaskMachineUA.job 2016-01-26 11:50 - 2012-07-30 17:58 - 00000884 _____ C:\windows\Tasks\Adobe Flash Player Updater.job 2016-01-26 05:40 - 2012-10-22 21:45 - 00000000 ____D C:\Users\benjamka\AppData\LocalLow\Temp 2016-01-26 05:32 - 2014-08-28 22:26 - 00000000 ____D C:\Users\benjamka\AppData\Local\Adobe 2016-01-25 16:31 - 2015-12-09 19:11 - 00005688 _____ C:\Users\benjamka\Documents\Spamtexts.txt 2016-01-25 16:27 - 2014-10-30 14:04 - 00000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2 2016-01-25 16:23 - 2013-08-05 23:35 - 00000000 ____D C:\Program Files (x86)\Avira 2016-01-25 16:22 - 2013-08-05 23:35 - 00000000 ____D C:\ProgramData\Avira 2016-01-25 14:10 - 2015-06-16 11:48 - 00001184 _____ C:\windows\Tasks\DropboxUpdateTaskUserS-1-5-21-50433080-710429258-2441499552-1000Core.job 2016-01-25 14:03 - 2014-08-09 16:15 - 00192216 _____ (Malwarebytes) C:\windows\system32\Drivers\MBAMSwissArmy.sys 2016-01-24 23:03 - 2012-01-24 21:09 - 00000000 ___RD C:\Users\benjamka 2016-01-24 19:00 - 2015-12-11 16:43 - 00000000 ____D C:\Users\benjamka\Documents\Golem 2016-01-24 15:33 - 2015-06-04 22:27 - 00000000 ____D C:\Users\benjamka\.gimp-2.8 2016-01-24 08:24 - 2012-01-25 21:14 - 00000000 ____D C:\Users\benjamka\AppData\Roaming\foobar2000 2016-01-23 15:32 - 2009-07-14 06:08 - 00032640 _____ C:\windows\Tasks\SCHEDLGU.TXT 2016-01-22 14:17 - 2015-08-17 23:07 - 00000000 ____D C:\Users\benjamka\Documents\Schrift-Feld 2016-01-22 13:34 - 2009-07-14 04:20 - 00000000 ____D C:\windows\system32\NDF 2016-01-20 14:22 - 2012-02-01 20:13 - 00000000 ____D C:\Program Files (x86)\Lavasoft 2016-01-20 14:08 - 2015-06-25 11:24 - 00000000 ____D C:\Users\benjamka\AppData\Local\gtk-2.0 2016-01-19 21:02 - 2012-02-02 03:58 - 00000000 ____D C:\Users\benjamka\AppData\Roaming\vlc 2016-01-19 20:50 - 2012-07-30 17:58 - 00003822 _____ C:\windows\System32\Tasks\Adobe Flash Player Updater 2016-01-19 20:50 - 2012-03-31 08:40 - 00796864 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe 2016-01-19 20:50 - 2012-01-25 10:23 - 00142528 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl 2016-01-19 10:58 - 2012-01-24 21:15 - 00110376 _____ C:\Users\benjamka\AppData\Local\GDIPFONTCACHEV1.DAT 2016-01-19 10:56 - 2009-07-14 05:45 - 00501824 _____ C:\windows\system32\FNTCACHE.DAT 2016-01-19 03:14 - 2011-05-15 18:27 - 00000000 ____D C:\Program Files (x86)\Adobe 2016-01-19 03:01 - 2015-10-13 21:56 - 00000000 ____D C:\Users\benjamka\AppData\Roaming\Nokia Suite 2016-01-19 03:01 - 2015-10-13 21:56 - 00000000 ____D C:\Users\benjamka\AppData\Roaming\Nokia 2016-01-19 03:01 - 2015-10-13 21:18 - 00000000 ____D C:\ProgramData\Nokia 2016-01-19 03:01 - 2015-10-13 21:17 - 00000000 ____D C:\Program Files (x86)\Nokia 2016-01-16 19:28 - 2013-01-22 19:33 - 00000000 ____D C:\Users\benjamka\AppData\Roaming\FileZilla 2016-01-14 17:47 - 2009-07-14 04:20 - 00000000 ____D C:\windows\rescache 2016-01-14 16:09 - 2014-08-14 18:33 - 00000000 ____D C:\ProgramData\Package Cache 2016-01-14 14:08 - 2013-11-22 16:55 - 00000000 ____D C:\Users\benjamka\Documents\Business 2016-01-14 13:19 - 2011-05-15 18:27 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk 2016-01-14 13:18 - 2011-05-15 18:27 - 00000000 ____D C:\ProgramData\Adobe 2016-01-14 13:09 - 2015-11-24 19:27 - 00000000 ___RD C:\Users\benjamka\Documents\Scanned Documents 2016-01-14 11:36 - 2013-03-14 17:40 - 00000000 ____D C:\Program Files\Microsoft Silverlight 2016-01-14 11:36 - 2013-03-14 17:40 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight 2016-01-13 23:30 - 2013-03-14 17:41 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight 2016-01-13 23:30 - 2012-01-25 17:12 - 00000000 ____D C:\ProgramData\Microsoft Help 2016-01-13 23:16 - 2014-02-14 20:24 - 00000000 ____D C:\Users\benjamka\AppData\Roaming\MyPhoneExplorer 2016-01-13 12:19 - 2015-04-16 18:24 - 00000000 ____D C:\windows\system32\appraiser 2016-01-13 12:19 - 2014-05-06 21:40 - 00000000 ___SD C:\windows\system32\CompatTel 2016-01-13 01:40 - 2015-09-14 20:59 - 00000000 ____D C:\Users\benjamka\Documents\Eigene Scans 2016-01-09 23:08 - 2015-12-26 02:35 - 00000000 ____D C:\Program Files (x86)\Mozilla Thunderbird 2016-01-09 23:08 - 2012-05-12 13:27 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service 2016-01-08 16:00 - 2014-04-26 14:03 - 00001962 _____ C:\Users\Public\Desktop\FileZilla Client.lnk 2016-01-08 16:00 - 2013-01-22 19:33 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FileZilla FTP Client 2016-01-08 16:00 - 2013-01-22 19:33 - 00000000 ____D C:\Program Files (x86)\FileZilla FTP Client 2016-01-05 05:06 - 2012-02-21 22:26 - 00000000 ____D C:\Users\benjamka\AppData\Roaming\Skype 2016-01-03 15:20 - 2015-08-09 13:43 - 00000000 ____D C:\Users\benjamka\AppData\Roaming\HpUpdate 2016-01-02 12:06 - 2011-05-15 18:55 - 00000000 ____D C:\ProgramData\Skype 2016-01-02 12:05 - 2014-03-19 23:14 - 00000000 ____D C:\Users\benjamka\AppData\Local\Skype 2016-01-02 12:05 - 2011-05-15 18:55 - 00000000 ___RD C:\Program Files (x86)\Skype 2015-12-27 19:32 - 2013-08-22 20:55 - 00000000 ____D C:\Program Files (x86)\Steam ==================== Dateien im Wurzelverzeichnis einiger Verzeichnisse ======= 2016-01-20 14:08 - 2016-01-20 14:08 - 0003273 _____ () C:\Users\benjamka\AppData\Local\recently-used.xbel 2014-02-09 21:36 - 2015-11-08 13:29 - 0007627 _____ () C:\Users\benjamka\AppData\Local\Resmon.ResmonCfg 2016-01-16 19:13 - 2016-01-16 19:14 - 2529622 _____ () C:\Users\benjamka\AppData\Local\[j0002]-[p02].bmp 2016-01-16 19:14 - 2016-01-16 19:14 - 2529622 _____ () C:\Users\benjamka\AppData\Local\[j0002]-[p03].bmp 2016-01-16 19:14 - 2016-01-16 19:14 - 2529622 _____ () C:\Users\benjamka\AppData\Local\[j0002]-[p04].bmp 2016-01-16 19:14 - 2016-01-16 19:14 - 2529622 _____ () C:\Users\benjamka\AppData\Local\[j0002]-[p05].bmp 2016-01-16 19:14 - 2016-01-16 19:14 - 2529622 _____ () C:\Users\benjamka\AppData\Local\[j0002]-[p06].bmp 2016-01-16 19:14 - 2016-01-16 19:14 - 2529622 _____ () C:\Users\benjamka\AppData\Local\[j0002]-[p07].bmp 2016-01-16 19:14 - 2016-01-16 19:14 - 2529622 _____ () C:\Users\benjamka\AppData\Local\[j0002]-[p08].bmp 2016-01-16 19:14 - 2016-01-16 19:14 - 2529622 _____ () C:\Users\benjamka\AppData\Local\[j0002]-[p09].bmp 2016-01-16 19:14 - 2016-01-16 19:14 - 2529622 _____ () C:\Users\benjamka\AppData\Local\[j0002]-[p10].bmp 2016-01-16 19:14 - 2016-01-16 19:14 - 2529622 _____ () C:\Users\benjamka\AppData\Local\[j0002]-[p11].bmp 2016-01-16 19:14 - 2016-01-16 19:14 - 2529622 _____ () C:\Users\benjamka\AppData\Local\[j0002]-[p12].bmp 2016-01-16 19:14 - 2016-01-16 19:14 - 2529622 _____ () C:\Users\benjamka\AppData\Local\[j0002]-[p13].bmp 2016-01-16 19:14 - 2016-01-16 19:14 - 2529622 _____ () C:\Users\benjamka\AppData\Local\[j0002]-[p14].bmp 2016-01-16 19:14 - 2016-01-16 19:14 - 2529622 _____ () C:\Users\benjamka\AppData\Local\[j0002]-[p15].bmp 2016-01-16 19:14 - 2016-01-16 19:15 - 2529622 _____ () C:\Users\benjamka\AppData\Local\[j0002]-[p16].bmp 2016-01-16 19:15 - 2016-01-16 19:15 - 2529622 _____ () C:\Users\benjamka\AppData\Local\[j0002]-[p17].bmp 2016-01-16 19:15 - 2016-01-16 19:15 - 2529622 _____ () C:\Users\benjamka\AppData\Local\[j0002]-[p18].bmp 2016-01-16 19:15 - 2016-01-16 19:15 - 2529622 _____ () C:\Users\benjamka\AppData\Local\[j0002]-[p19].bmp 2016-01-16 19:15 - 2016-01-16 19:15 - 2529622 _____ () C:\Users\benjamka\AppData\Local\[j0002]-[p20].bmp 2016-01-16 19:15 - 2016-01-16 19:15 - 2529622 _____ () C:\Users\benjamka\AppData\Local\[j0002]-[p21].bmp 2016-01-16 19:15 - 2016-01-16 19:15 - 2529622 _____ () C:\Users\benjamka\AppData\Local\[j0002]-[p22].bmp 2016-01-16 19:15 - 2016-01-16 19:15 - 2529622 _____ () C:\Users\benjamka\AppData\Local\[j0002]-[p23].bmp 2012-12-26 00:20 - 2013-11-22 16:33 - 0000040 ___SH () C:\ProgramData\.zreglib 2016-01-26 12:10 - 2016-01-26 12:10 - 0000000 ____H () C:\ProgramData\cm-lock 2012-02-21 22:28 - 2012-02-21 22:28 - 0000056 ____H () C:\ProgramData\ezsidmv.dat 2015-08-03 19:02 - 2015-08-09 14:19 - 0034260 _____ () C:\ProgramData\hpzinstall.log Einige Dateien in TEMP: ==================== C:\Users\benjamka\AppData\Local\Temp\sqlite3.dll ==================== Bamital & volsnap ================= (Es ist kein automatischer Fix für Dateien vorhanden, die an der Verifikation gescheitert sind.) C:\windows\system32\winlogon.exe => Datei ist digital signiert C:\windows\system32\wininit.exe => Datei ist digital signiert C:\windows\SysWOW64\wininit.exe => Datei ist digital signiert C:\windows\explorer.exe => Datei ist digital signiert C:\windows\SysWOW64\explorer.exe => Datei ist digital signiert C:\windows\system32\svchost.exe => Datei ist digital signiert C:\windows\SysWOW64\svchost.exe => Datei ist digital signiert C:\windows\system32\services.exe => Datei ist digital signiert C:\windows\system32\User32.dll => Datei ist digital signiert C:\windows\SysWOW64\User32.dll => Datei ist digital signiert C:\windows\system32\userinit.exe => Datei ist digital signiert C:\windows\SysWOW64\userinit.exe => Datei ist digital signiert C:\windows\system32\rpcss.dll => Datei ist digital signiert C:\windows\system32\dnsapi.dll => Datei ist digital signiert C:\windows\SysWOW64\dnsapi.dll => Datei ist digital signiert C:\windows\system32\Drivers\volsnap.sys => Datei ist digital signiert LastRegBack: 2016-01-19 13:14 ==================== Ende von FRST.txt ============================ |
Themen zu Adware ADWARE/AddLyrics.Gen... / Mind. sechs Viren gefunden |
adware, anti-malware, antivir, avira, avira antivir, diskstation, einzige, einzigen, entfern, entfernt, externe, freue, gefunde, malware / spyware etc, malwarebytes, melde, meldet, poste, problems, pup trojaner, pup virus, rechner, scan, spybot, störenfriede, synology, verschiedene, viren, würde, zeichen |