| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Windows 7: PCKeeper ungefragt aufgetaucht, lässt sich nicht deinstallierenWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
| |
06.05.2016, 09:06
| #1 |
| |  Windows 7: PCKeeper ungefragt aufgetaucht, lässt sich nicht deinstallieren Hallo! Ich habe gerade auf meinem Desktop zwei Programme entdeckt, die ich nie willentlich/wissentlich installiert habe: PCKeeper und PCKeeper Antivirus. Im Task-Manager werden in der Registerkarte „Dienste“ jetzt drei Einträge von PCKeeper angezeigt. Evtll. sind diese Programme beim Installieren von Freeware als Huckepack mitgekommen (obwohl ich da eigentlich immer sehr vorsichtig bin). Ich wollte sie nun über Systemsteuerung/Programme deinstallieren entfernen, aber in der Liste der installierten Software sind diese Programme gar nicht aufgeführt! Auch in der Liste von Geek Uninstaller tauchen sie nicht auf! Wie bekomme ich diese ungebetenen Gäste nun wieder weg? (Google hat nur die Standard-Antworten (Systemsteuerung/Programme deinstallieren) geliefert.) Vielen Dank für Hilfe! Lothar FRST.txt: Code:
ATTFilter Untersuchungsergebnis von Farbar Recovery Scan Tool (FRST) (x64) Version:03-05-2016
durchgeführt von ****** (Administrator) auf HAUPTCOMPUTER (05-05-2016 00:02:03)
Gestartet von C:\Users\******\Desktop
Geladene Profile: ****** (Verfügbare Profile: ****** & Björn & Administrator)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Sprache: Deutsch (Deutschland)
Internet Explorer Version 11 (Standard-Browser: FF)
Start-Modus: Normal
Anleitung für Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Prozesse (Nicht auf der Ausnahmeliste) =================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Prozess geschlossen. Die Datei wird nicht verschoben.)
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
() C:\Program Files (x86)\Lexware\AAVUpdateManager\aavus.exe
(Essentware) C:\Program Files\Essentware\Common\AccountService.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe
(Nuance Communications, Inc.) C:\Program Files (x86)\Common Files\Nuance\dgnsvc.exe
(ESET) C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe
(SEIKO EPSON CORPORATION) C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50STB.EXE
(SEIKO EPSON CORPORATION) C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE
(Microsoft Corporation) C:\Program Files\Microsoft LifeCam\MSCamS64.exe
(Essentware) C:\Program Files\Essentware\PCKAV\PCKAVService.exe
(Essentware) C:\Program Files\Essentware\PCKeeper\OneClickFixService.exe
(Portrait Displays, Inc.) C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\pdisrvc.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Essentware) C:\Program Files\Essentware\PCKeeper\PCKeeperService.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe
(ESET) C:\Program Files\ESET\ESET Smart Security\egui.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Dropbox, Inc.) C:\Users\******\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Acronis) C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\tv_w32.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\tv_x64.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
==================== Registry (Nicht auf der Ausnahmeliste) ===========================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt. Die Datei wird nicht verschoben.)
HKLM\...\Run: [Acronis Scheduler2 Service] => C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe [357936 2009-08-28] (Acronis)
HKLM\...\Run: [egui] => C:\Program Files\ESET\ESET Smart Security\egui.exe [5595848 2015-07-08] (ESET)
HKLM-x32\...\Run: [DNS7reminder] => "C:\Program Files (x86)\Nuance\NaturallySpeaking12\Ereg\Ereg.exe" -r "C:\ProgramData\Nuance\NaturallySpeaking12\Ereg.ini"
HKLM-x32\...\Run: [LifeCam] => C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe [135536 2010-12-13] (Microsoft Corporation)
HKLM-x32\...\Run: [TrueImageMonitor.exe] => C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe [5078416 2009-08-28] (Acronis)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [596528 2015-11-09] (Oracle Corporation)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1085656 2015-12-14] (Adobe Systems Incorporated)
HKU\S-1-5-21-1645918933-1587179398-1173790561-1000\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [51662464 2016-04-08] (Skype Technologies S.A.)
ShellIconOverlayIdentifiers: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\******\AppData\Roaming\Dropbox\bin\DropboxExt64.30.dll [2016-04-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\******\AppData\Roaming\Dropbox\bin\DropboxExt64.30.dll [2016-04-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\******\AppData\Roaming\Dropbox\bin\DropboxExt64.30.dll [2016-04-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\******\AppData\Roaming\Dropbox\bin\DropboxExt64.30.dll [2016-04-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\******\AppData\Roaming\Dropbox\bin\DropboxExt64.30.dll [2016-04-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\******\AppData\Roaming\Dropbox\bin\DropboxExt64.30.dll [2016-04-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\******\AppData\Roaming\Dropbox\bin\DropboxExt64.30.dll [2016-04-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\******\AppData\Roaming\Dropbox\bin\DropboxExt64.30.dll [2016-04-08] (Dropbox, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\JFritz.lnk [2014-07-28]
ShortcutTarget: JFritz.lnk -> C:\Program Files (x86)\JFritz\jfritz.exe ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Office.lnk [2014-07-27]
ShortcutTarget: Microsoft Office.lnk -> C:\Program Files (x86)\Microsoft Office\Office10\OSA.EXE (Microsoft Corporation)
Startup: C:\Users\******\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2016-04-15]
ShortcutTarget: Dropbox.lnk -> C:\Users\******\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
==================== Internet (Nicht auf der Ausnahmeliste) ====================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Eintrag entfernt oder auf den Standardwert zurückgesetzt, wenn es sich um einen Registryeintrag handelt.)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
Tcpip\..\Interfaces\{41DC600C-17C3-45AD-AC98-268F3658BD96}: [DhcpNameServer] 192.168.178.1
Internet Explorer:
==================
HKU\S-1-5-21-1645918933-1587179398-1173790561-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.facebook.com/
HKU\S-1-5-21-1645918933-1587179398-1173790561-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://localoem.msn.com
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-1645918933-1587179398-1173790561-1000 -> DefaultScope {6A3BFF71-31DA-45A6-BEDC-595E43AF1C3B} URL =
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\2015\x64\AcroIEFavStub.dll [2015-12-18] (Adobe Systems Incorporated)
BHO: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\2015\x64\AcroIEFavStub.dll [2015-12-18] (Adobe Systems Incorporated)
BHO-x32: Adobe PDF Reader -> {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2012-09-23] (Adobe Systems Incorporated)
BHO-x32: Dragon NaturallySpeaking Rich Internet Application Support - Extension -> {73A89C60-CF59-4EC7-9215-9B7EF05ECEA4} -> C:\Program Files (x86)\Nuance\NaturallySpeaking12\Program\ieShim.dll [2013-10-15] (Nuance Communications, Inc.)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_66\bin\ssv.dll [2015-11-21] (Oracle Corporation)
BHO-x32: Microsoft-Konto-Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO-x32: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\2015\AcroIEFavStub.dll [2015-12-18] (Adobe Systems Incorporated)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_66\bin\jp2ssv.dll [2015-11-21] (Oracle Corporation)
BHO-x32: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\2015\AcroIEFavStub.dll [2015-12-18] (Adobe Systems Incorporated)
Toolbar: HKLM - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\2015\x64\AcroIEFavStub.dll [2015-12-18] (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\2015\AcroIEFavStub.dll [2015-12-18] (Adobe Systems Incorporated)
FireFox:
========
FF ProfilePath: C:\Users\******\AppData\Roaming\Mozilla\Firefox\Profiles\tdnqdafv.default-1461583433130
FF NewTab: file:///D:/Eigene%20Webs/Internet-Startseite/Internet%20Startseite.html
FF Homepage: file:///D:/Eigene Webs/Internet-Startseite/Internet Startseite.html
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_21_0_0_213.dll [2016-04-07] ()
FF Plugin: @microsoft.com/GENUINE -> disabled [Keine Datei]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-12] ( Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.1.4 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2014-02-28] (VideoLAN)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [2015-07-29] (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_21_0_0_213.dll [2016-04-07] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-02-21] ()
FF Plugin-x32: @java.com/DTPlugin,version=11.66.2 -> C:\Program Files (x86)\Java\jre1.8.0_66\bin\dtplugin\npDeployJava1.dll [2015-11-21] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.66.2 -> C:\Program Files (x86)\Java\jre1.8.0_66\bin\plugin2\npjp2.dll [2015-11-21] (Oracle Corporation)
FF Plugin-x32: @logitech.com/HarmonyRemote,version=1.0.0 -> C:\Program Files (x86)\Logitech\Harmony Remote Driver\NprtHarmonyPlugin.dll [2010-01-25] (Logitech Inc.)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [Keine Datei]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-12] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll [2010-04-26] (Microsoft Corp.)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-04] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-04] (Google Inc.)
FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat 2015\Acrobat\Air\nppdf32.dll [2015-12-18] (Adobe Systems Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-12-18] (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll [2015-07-29] (Adobe Systems)
FF Plugin-x32: nuance.com/DragonRIAPlugin -> C:\PROGRA~2\Nuance\NATURA~1\Program\npDgnRia.dll [2013-10-15] (Nuance Communications Inc.)
FF Extension: Adobe Acrobat DC - Create PDF - C:\Program Files (x86)\Adobe\Acrobat 2015\Acrobat\Browser\WCFirefoxExtn [2016-01-14]
FF Extension: Tab Mix Plus - C:\Users\******\AppData\Roaming\Mozilla\Firefox\Profiles\tdnqdafv.default-1461583433130\extensions\{dc572301-7619-498c-a57d-39143191b318}.xpi [2016-04-25]
FF Extension: Copy Plain Text 2 - C:\Users\******\AppData\Roaming\Mozilla\Firefox\Profiles\tdnqdafv.default-1461583433130\extensions\copyplaintext@teo.pl.xpi [2016-04-25]
FF Extension: WOT - C:\Users\******\AppData\Roaming\Mozilla\Firefox\Profiles\tdnqdafv.default-1461583433130\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} [2016-04-25]
FF Extension: LeechBlock - C:\Users\******\AppData\Roaming\Mozilla\Firefox\Profiles\tdnqdafv.default-1461583433130\extensions\{a95d8332-e4b4-6e7f-98ac-20b733364387} [2016-04-29]
FF Extension: ProxTube - Unblock YouTube - C:\Users\******\AppData\Roaming\Mozilla\Firefox\Profiles\tdnqdafv.default-1461583433130\Extensions\ich@maltegoetz.de.xpi [2016-04-25]
FF Extension: Download YouTube Videos as MP4 - C:\Users\******\AppData\Roaming\Mozilla\Firefox\Profiles\tdnqdafv.default-1461583433130\Extensions\{b9bfaf1c-a63f-47cd-8b9a-29526ced9060}.xpi [2016-04-25]
FF Extension: Video DownloadHelper - C:\Users\******\AppData\Roaming\Mozilla\Firefox\Profiles\tdnqdafv.default-1461583433130\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}.xpi [2016-04-25]
FF HKLM\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird => nicht gefunden
FF HKLM-x32\...\Firefox\Extensions: [jid0-lmZNVK7a82O8cufhdfB9dUDfA2w@jetpack] - C:\Program Files (x86)\Nuance\NaturallySpeaking12\Program\ffShim.xpi
FF Extension: Dragon NaturallySpeaking Rich Internet Application Support - C:\Program Files (x86)\Nuance\NaturallySpeaking12\Program\ffShim.xpi [2013-10-15] [ist nicht signiert]
FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension@web2pdf.adobedotcom] - C:\Program Files (x86)\Adobe\Acrobat 2015\Acrobat\Browser\WCFirefoxExtn
FF HKLM-x32\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird => nicht gefunden
Chrome:
=======
CHR HomePage: Default -> file:///D:/Eigene%20Webs/Internet-Startseite/Internet%20Startseite.html
CHR StartupUrls: Default -> "file:///D:/Eigene%20Webs/Internet-Startseite/Internet%20Startseite.html"
CHR Profile: C:\Users\******\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Präsentationen) - C:\Users\******\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-02-04]
CHR Extension: (Google Docs) - C:\Users\******\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-02-04]
CHR Extension: (Google Drive) - C:\Users\******\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-21]
CHR Extension: (WOT: Web of Trust, Website Reputation Ratings) - C:\Users\******\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhmmomiinigofkjcapegjjndpbikblnp [2016-04-10]
CHR Extension: (YouTube) - C:\Users\******\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-24]
CHR Extension: (Google-Suche) - C:\Users\******\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-27]
CHR Extension: (Adobe Acrobat) - C:\Users\******\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2016-01-12]
CHR Extension: (Google Tabellen) - C:\Users\******\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-02-04]
CHR Extension: (Google Docs Offline) - C:\Users\******\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-16]
CHR Extension: (StayFocusd) - C:\Users\******\AppData\Local\Google\Chrome\User Data\Default\Extensions\laankejkbhbdhmipfmgcngdelahlfoji [2016-04-12]
CHR Extension: (Video DownloadHelper) - C:\Users\******\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjnegcaeklhafolokijcfjliaokphfk [2016-01-24]
CHR Extension: (Dragon NaturallySpeaking Rich Internet Application Support) - C:\Users\******\AppData\Local\Google\Chrome\User Data\Default\Extensions\mikhcaiakabeeokmenglcdebplfdjicn [2014-09-22]
CHR Extension: (Webutation) - C:\Users\******\AppData\Local\Google\Chrome\User Data\Default\Extensions\nfclfmabiojpommfcalfdgjjeaahnjbj [2015-05-10]
CHR Extension: (Chrome Web Store-Zahlungen) - C:\Users\******\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-02]
CHR Extension: (Google Mail) - C:\Users\******\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-28]
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [mikhcaiakabeeokmenglcdebplfdjicn] - C:\Program Files (x86)\Nuance\NaturallySpeaking12\Program\chromeShim.crx [2013-10-15]
==================== Dienste (Nicht auf der Ausnahmeliste) ========================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
R2 AAV UpdateService; C:\Program Files (x86)\Lexware\AAVUpdateManager\aavus.exe [128296 2008-10-24] ()
R2 AccountService; C:\Program Files\Essentware\Common\AccountService.exe [211136 2016-02-29] (Essentware) <==== ACHTUNG
S4 Adobe LM Service; C:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [72704 2014-09-02] (Adobe Systems) [Datei ist nicht signiert]
S4 Adobe Version Cue CS2; c:\Program Files x86\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe [163840 2005-04-06] (Adobe Systems Incorporated) [Datei ist nicht signiert]
S4 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2016448 2015-11-25] (Adobe Systems, Incorporated)
R2 ekrn; C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe [1353720 2015-07-08] (ESET)
R2 PCKAVService; C:\Program Files\Essentware\PCKAV\PCKAVService.exe [192792 2016-04-20] (Essentware)
R2 PCKeeper2Service; C:\Program Files\Essentware\PCKeeper\PCKeeperService.exe [191768 2016-04-27] (Essentware) <==== ACHTUNG
R2 PCKeeperOcfService; C:\Program Files\Essentware\PCKeeper\OneClickFixService.exe [1136832 2016-04-27] (Essentware) <==== ACHTUNG
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [5702416 2015-09-11] (TeamViewer GmbH)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2014-02-20] (Microsoft Corporation)
===================== Treiber (Nicht auf der Ausnahmeliste) ==========================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
R0 amdkmpfd; C:\Windows\System32\drivers\amdkmpfd.sys [36520 2012-09-13] (Advanced Micro Devices, Inc.)
R1 eamonm; C:\Windows\System32\DRIVERS\eamonm.sys [255240 2015-07-14] (ESET)
S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
U5 edevmon; C:\Windows\System32\Drivers\edevmon.sys [251632 2015-07-14] (ESET)
R1 ehdrv; C:\Windows\System32\DRIVERS\ehdrv.sys [178520 2015-07-14] (ESET)
R2 epfw; C:\Windows\System32\DRIVERS\epfw.sys [231520 2015-07-14] (ESET)
R1 EpfwLWF; C:\Windows\System32\DRIVERS\EpfwLWF.sys [53360 2015-07-14] (ESET)
R0 epfwwfp; C:\Windows\System32\DRIVERS\epfwwfp.sys [72400 2015-07-14] (ESET)
S3 fileHiders; C:\Windows\System32\DRIVERS\fileHiders.sys [32352 2016-04-27] () <==== ACHTUNG
S3 KOBCCID; C:\Windows\System32\drivers\KOBCCID.sys [116864 2014-09-29] (KOBIL Systems GmbH)
R3 MTsensor; C:\Windows\system32\drivers\ASACPI.sys [8192 2008-01-21] ()
R3 PdiPorts; C:\Windows\System32\DRIVERS\PdiPorts.sys [20592 2010-04-16] (Portrait Displays, Inc.)
R0 tdrpman251; C:\Windows\System32\DRIVERS\tdrpm251.sys [1455648 2015-03-07] (Acronis)
S3 ZeoScanner; C:\Windows\System32\DRIVERS\zeoscanner.sys [34592 2016-01-15] (Windows (R) Win 7 DDK provider)
S3 DIRECTIO; \??\UNC\srv1c027-b.wds8-b.intern\reminst\Test\BitPro64\DirectIo.sys [X]
==================== NetSvcs (Nicht auf der Ausnahmeliste) ===================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
==================== Ein Monat: Erstellte Dateien und Ordner ========
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)
2016-05-05 00:02 - 2016-05-05 00:02 - 00021867 _____ C:\Users\******\Desktop\FRST.txt
2016-05-04 16:24 - 2016-05-05 00:02 - 00000000 ____D C:\FRST
2016-05-04 16:24 - 2016-05-04 16:24 - 02377216 _____ (Farbar) C:\Users\******\Desktop\FRST64.exe
2016-05-04 15:36 - 2016-05-04 15:36 - 00000000 ____D C:\Users\******\AppData\Roaming\Geek Uninstaller
2016-05-04 15:23 - 2016-05-04 15:23 - 00000000 ____D C:\Users\******\Desktop\Vorsicht, Virus!
2016-05-03 15:34 - 2016-05-03 15:34 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Essentware
2016-05-03 15:33 - 2016-05-03 15:34 - 00000000 ____D C:\ProgramData\Essentware
2016-05-03 15:33 - 2016-05-03 15:34 - 00000000 ____D C:\Program Files\Essentware
2016-04-29 20:57 - 2016-04-29 20:57 - 00000000 ____D C:\Users\******\AppData\Roaming\JAM Software
2016-04-27 11:33 - 2016-04-27 11:33 - 00032352 _____ C:\Windows\system32\Drivers\fileHiders.sys
2016-04-26 20:21 - 2016-04-27 12:33 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2016-04-25 13:23 - 2016-04-25 13:23 - 00000000 ____D C:\Users\******\Desktop\Alte Firefox-Daten
2016-04-15 08:38 - 2016-04-15 08:38 - 00000000 ____D C:\Users\******\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2016-04-13 08:34 - 2016-03-31 21:25 - 00394952 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2016-04-13 08:34 - 2016-03-31 20:41 - 00346320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2016-04-13 08:34 - 2016-03-31 02:54 - 25817600 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2016-04-13 08:34 - 2016-03-31 02:40 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2016-04-13 08:34 - 2016-03-31 02:40 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2016-04-13 08:34 - 2016-03-31 02:31 - 02892800 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2016-04-13 08:34 - 2016-03-31 02:28 - 00571904 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2016-04-13 08:34 - 2016-03-31 02:28 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2016-04-13 08:34 - 2016-03-31 02:27 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2016-04-13 08:34 - 2016-03-31 02:27 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2016-04-13 08:34 - 2016-03-31 02:27 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2016-04-13 08:34 - 2016-03-31 02:25 - 06052352 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2016-04-13 08:34 - 2016-03-31 02:22 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2016-04-13 08:34 - 2016-03-31 02:21 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2016-04-13 08:34 - 2016-03-31 02:19 - 00615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2016-04-13 08:34 - 2016-03-31 02:17 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2016-04-13 08:34 - 2016-03-31 02:17 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2016-04-13 08:34 - 2016-03-31 02:17 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2016-04-13 08:34 - 2016-03-31 02:17 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2016-04-13 08:34 - 2016-03-31 02:11 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2016-04-13 08:34 - 2016-03-31 02:08 - 00489984 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2016-04-13 08:34 - 2016-03-31 02:03 - 20352512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2016-04-13 08:34 - 2016-03-31 02:02 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2016-04-13 08:34 - 2016-03-31 02:00 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2016-04-13 08:34 - 2016-03-31 01:59 - 00107520 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2016-04-13 08:34 - 2016-03-31 01:57 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2016-04-13 08:34 - 2016-03-31 01:56 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2016-04-13 08:34 - 2016-03-31 01:55 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2016-04-13 08:34 - 2016-03-31 01:53 - 00496640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2016-04-13 08:34 - 2016-03-31 01:53 - 00152064 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2016-04-13 08:34 - 2016-03-31 01:52 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2016-04-13 08:34 - 2016-03-31 01:52 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2016-04-13 08:34 - 2016-03-31 01:52 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2016-04-13 08:34 - 2016-03-31 01:52 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2016-04-13 08:34 - 2016-03-31 01:51 - 02285056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2016-04-13 08:34 - 2016-03-31 01:48 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2016-04-13 08:34 - 2016-03-31 01:48 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2016-04-13 08:34 - 2016-03-31 01:46 - 00476160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2016-04-13 08:34 - 2016-03-31 01:45 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2016-04-13 08:34 - 2016-03-31 01:45 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2016-04-13 08:34 - 2016-03-31 01:45 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2016-04-13 08:34 - 2016-03-31 01:45 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2016-04-13 08:34 - 2016-03-31 01:43 - 00806400 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2016-04-13 08:34 - 2016-03-31 01:43 - 00725504 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2016-04-13 08:34 - 2016-03-31 01:42 - 02131968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2016-04-13 08:34 - 2016-03-31 01:42 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2016-04-13 08:34 - 2016-03-31 01:39 - 15415808 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2016-04-13 08:34 - 2016-03-31 01:38 - 00416256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2016-04-13 08:34 - 2016-03-31 01:34 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2016-04-13 08:34 - 2016-03-31 01:33 - 00091136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2016-04-13 08:34 - 2016-03-31 01:31 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2016-04-13 08:34 - 2016-03-31 01:31 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2016-04-13 08:34 - 2016-03-31 01:30 - 04611072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2016-04-13 08:34 - 2016-03-31 01:30 - 02596864 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2016-04-13 08:34 - 2016-03-31 01:30 - 00279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2016-04-13 08:34 - 2016-03-31 01:29 - 00130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2016-04-13 08:34 - 2016-03-31 01:24 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2016-04-13 08:34 - 2016-03-31 01:23 - 02056192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2016-04-13 08:34 - 2016-03-31 01:23 - 00693248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2016-04-13 08:34 - 2016-03-31 01:22 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2016-04-13 08:34 - 2016-03-31 01:21 - 13811712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2016-04-13 08:34 - 2016-03-31 01:18 - 01547264 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2016-04-13 08:34 - 2016-03-31 01:06 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2016-04-13 08:34 - 2016-03-31 01:05 - 02121216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2016-04-13 08:34 - 2016-03-31 01:02 - 01311744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2016-04-13 08:34 - 2016-03-31 01:00 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2016-04-13 08:34 - 2016-03-29 19:53 - 03216896 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2016-04-13 08:34 - 2016-03-18 01:04 - 05551336 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2016-04-13 08:34 - 2016-03-18 01:04 - 00706280 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2016-04-13 08:34 - 2016-03-18 01:04 - 00154344 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2016-04-13 08:34 - 2016-03-18 01:04 - 00095464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2016-04-13 08:34 - 2016-03-18 01:01 - 01732864 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2016-04-13 08:34 - 2016-03-18 01:01 - 00631176 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2016-04-13 08:34 - 2016-03-18 00:58 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2016-04-13 08:34 - 2016-03-18 00:58 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2016-04-13 08:34 - 2016-03-18 00:58 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2016-04-13 08:34 - 2016-03-18 00:58 - 00215552 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2016-04-13 08:34 - 2016-03-18 00:58 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2016-04-13 08:34 - 2016-03-18 00:58 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2016-04-13 08:34 - 2016-03-18 00:58 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2016-04-13 08:34 - 2016-03-18 00:58 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2016-04-13 08:34 - 2016-03-18 00:58 - 00028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2016-04-13 08:34 - 2016-03-18 00:58 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2016-04-13 08:34 - 2016-03-18 00:57 - 01212928 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2016-04-13 08:34 - 2016-03-18 00:57 - 00344064 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2016-04-13 08:34 - 2016-03-18 00:57 - 00190464 _____ (Microsoft Corporation) C:\Windows\system32\rpchttp.dll
2016-04-13 08:34 - 2016-03-18 00:57 - 00063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2016-04-13 08:34 - 2016-03-18 00:57 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2016-04-13 08:34 - 2016-03-18 00:56 - 02084864 _____ (Microsoft Corporation) C:\Windows\system32\ole32.dll
2016-04-13 08:34 - 2016-03-18 00:56 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2016-04-13 08:34 - 2016-03-18 00:54 - 00316416 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2016-04-13 08:34 - 2016-03-18 00:54 - 00312320 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2016-04-13 08:34 - 2016-03-18 00:54 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2016-04-13 08:34 - 2016-03-18 00:54 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2016-04-13 08:34 - 2016-03-18 00:53 - 01464320 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2016-04-13 08:34 - 2016-03-18 00:53 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2016-04-13 08:34 - 2016-03-18 00:53 - 00731136 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2016-04-13 08:34 - 2016-03-18 00:53 - 00419840 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2016-04-13 08:34 - 2016-03-18 00:50 - 00880640 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2016-04-13 08:34 - 2016-03-18 00:50 - 00690688 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2016-04-13 08:34 - 2016-03-18 00:50 - 00463872 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2016-04-13 08:34 - 2016-03-18 00:50 - 00059904 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2016-04-13 08:34 - 2016-03-18 00:50 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2016-04-13 08:34 - 2016-03-18 00:50 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2016-04-13 08:34 - 2016-03-18 00:50 - 00034816 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2016-04-13 08:34 - 2016-03-18 00:50 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2016-04-13 08:34 - 2016-03-18 00:50 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2016-04-13 08:34 - 2016-03-18 00:50 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2016-04-13 08:34 - 2016-03-18 00:50 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2016-04-13 08:34 - 2016-03-18 00:50 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2016-04-13 08:34 - 2016-03-18 00:50 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2016-04-13 08:34 - 2016-03-18 00:50 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2016-04-13 08:34 - 2016-03-18 00:50 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2016-04-13 08:34 - 2016-03-18 00:50 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2016-04-13 08:34 - 2016-03-18 00:50 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2016-04-13 08:34 - 2016-03-18 00:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2016-04-13 08:34 - 2016-03-18 00:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2016-04-13 08:34 - 2016-03-18 00:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2016-04-13 08:34 - 2016-03-18 00:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2016-04-13 08:34 - 2016-03-18 00:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2016-04-13 08:34 - 2016-03-18 00:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2016-04-13 08:34 - 2016-03-18 00:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2016-04-13 08:34 - 2016-03-18 00:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2016-04-13 08:34 - 2016-03-18 00:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2016-04-13 08:34 - 2016-03-18 00:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2016-04-13 08:34 - 2016-03-18 00:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2016-04-13 08:34 - 2016-03-18 00:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2016-04-13 08:34 - 2016-03-18 00:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2016-04-13 08:34 - 2016-03-18 00:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2016-04-13 08:34 - 2016-03-18 00:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2016-04-13 08:34 - 2016-03-18 00:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2016-04-13 08:34 - 2016-03-18 00:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2016-04-13 08:34 - 2016-03-18 00:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2016-04-13 08:34 - 2016-03-18 00:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2016-04-13 08:34 - 2016-03-18 00:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2016-04-13 08:34 - 2016-03-18 00:36 - 03998952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2016-04-13 08:34 - 2016-03-18 00:36 - 03943144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2016-04-13 08:34 - 2016-03-18 00:33 - 01314112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2016-04-13 08:34 - 2016-03-18 00:31 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2016-04-13 08:34 - 2016-03-18 00:31 - 00666112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2016-04-13 08:34 - 2016-03-18 00:31 - 00275456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2016-04-13 08:34 - 2016-03-18 00:31 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2016-04-13 08:34 - 2016-03-18 00:31 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2016-04-13 08:34 - 2016-03-18 00:30 - 00171520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2016-04-13 08:34 - 2016-03-18 00:30 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2016-04-13 08:34 - 2016-03-18 00:30 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2016-04-13 08:34 - 2016-03-18 00:29 - 00251392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2016-04-13 08:34 - 2016-03-18 00:29 - 00141312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpchttp.dll
2016-04-13 08:34 - 2016-03-18 00:29 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2016-04-13 08:34 - 2016-03-18 00:28 - 01414144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ole32.dll
2016-04-13 08:34 - 2016-03-18 00:27 - 00260608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2016-04-13 08:34 - 2016-03-18 00:27 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2016-04-13 08:34 - 2016-03-18 00:27 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2016-04-13 08:34 - 2016-03-18 00:27 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2016-04-13 08:34 - 2016-03-18 00:26 - 00553984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2016-04-13 08:34 - 2016-03-18 00:25 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2016-04-13 08:34 - 2016-03-18 00:24 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2016-04-13 08:34 - 2016-03-18 00:24 - 00644096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2016-04-13 08:34 - 2016-03-18 00:24 - 00342528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2016-04-13 08:34 - 2016-03-18 00:24 - 00050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll
2016-04-13 08:34 - 2016-03-18 00:24 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2016-04-13 08:34 - 2016-03-18 00:24 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2016-04-13 08:34 - 2016-03-18 00:24 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2016-04-13 08:34 - 2016-03-18 00:24 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2016-04-13 08:34 - 2016-03-18 00:24 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2016-04-13 08:34 - 2016-03-18 00:24 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2016-04-13 08:34 - 2016-03-18 00:24 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2016-04-13 08:34 - 2016-03-18 00:24 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2016-04-13 08:34 - 2016-03-18 00:24 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2016-04-13 08:34 - 2016-03-18 00:24 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2016-04-13 08:34 - 2016-03-18 00:24 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2016-04-13 08:34 - 2016-03-18 00:24 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2016-04-13 08:34 - 2016-03-18 00:24 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2016-04-13 08:34 - 2016-03-18 00:24 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2016-04-13 08:34 - 2016-03-18 00:24 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2016-04-13 08:34 - 2016-03-18 00:24 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2016-04-13 08:34 - 2016-03-18 00:24 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2016-04-13 08:34 - 2016-03-18 00:24 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2016-04-13 08:34 - 2016-03-18 00:24 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2016-04-13 08:34 - 2016-03-18 00:24 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2016-04-13 08:34 - 2016-03-18 00:24 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2016-04-13 08:34 - 2016-03-18 00:24 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2016-04-13 08:34 - 2016-03-18 00:24 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2016-04-13 08:34 - 2016-03-18 00:24 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2016-04-13 08:34 - 2016-03-18 00:24 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2016-04-13 08:34 - 2016-03-17 23:53 - 00148480 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2016-04-13 08:34 - 2016-03-17 23:52 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2016-04-13 08:34 - 2016-03-17 23:52 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2016-04-13 08:34 - 2016-03-17 23:51 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2016-04-13 08:34 - 2016-03-17 23:44 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2016-04-13 08:34 - 2016-03-17 23:43 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2016-04-13 08:34 - 2016-03-17 23:41 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2016-04-13 08:34 - 2016-03-17 23:38 - 00159744 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2016-04-13 08:34 - 2016-03-17 23:37 - 00291328 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2016-04-13 08:34 - 2016-03-17 23:37 - 00129536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2016-04-13 08:34 - 2016-03-17 23:35 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2016-04-13 08:34 - 2016-03-17 23:35 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2016-04-13 08:34 - 2016-03-17 23:30 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2016-04-13 08:34 - 2016-03-17 23:30 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2016-04-13 08:34 - 2016-03-17 23:30 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2016-04-13 08:34 - 2016-03-17 23:30 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2016-04-13 08:34 - 2016-03-17 23:29 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
2016-04-13 08:34 - 2016-03-17 23:29 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2016-04-13 08:34 - 2016-03-17 23:29 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2016-04-13 08:34 - 2016-03-17 23:29 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2016-04-13 08:34 - 2016-03-17 23:29 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2016-04-13 08:34 - 2016-03-16 02:16 - 00760320 _____ (Microsoft Corporation) C:\Windows\system32\samsrv.dll
2016-04-13 08:34 - 2016-03-16 02:16 - 00106496 _____ (Microsoft Corporation) C:\Windows\system32\samlib.dll
2016-04-13 08:34 - 2016-03-16 01:53 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\samlib.dll
2016-04-13 08:34 - 2016-03-11 20:57 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2016-04-13 08:34 - 2016-03-11 20:35 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2016-04-13 08:34 - 2016-03-06 20:53 - 01885696 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2016-04-13 08:34 - 2016-03-06 20:53 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2016-04-13 08:34 - 2016-03-06 20:38 - 01240576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2016-04-13 08:34 - 2016-03-06 20:38 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
==================== Ein Monat: Geänderte Dateien und Ordner ========
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)
2016-05-04 23:59 - 2014-07-29 18:58 - 00000000 ____D C:\ProgramData\TEMP
2016-05-04 23:40 - 2015-06-01 11:34 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2016-05-04 23:33 - 2015-06-19 10:22 - 00001224 _____ C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-1645918933-1587179398-1173790561-1000UA.job
2016-05-04 19:33 - 2014-07-28 23:48 - 00000000 ____D C:\Users\******\AppData\Roaming\dvdcss
2016-05-04 18:33 - 2015-06-19 10:22 - 00001172 _____ C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-1645918933-1587179398-1173790561-1000Core.job
2016-05-04 18:33 - 2014-07-28 00:03 - 00000000 ____D C:\Users\******\AppData\Local\CrashDumps
2016-05-04 15:54 - 2015-01-03 12:38 - 00000000 ____D C:\Users\******\AppData\Local\Microsoft Games
2016-05-04 15:49 - 2014-07-30 16:26 - 00001958 _____ C:\Users\******\AppData\Roaming\SAS7_000.DAT
2016-05-04 12:40 - 2009-07-14 06:45 - 00028944 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-05-04 12:40 - 2009-07-14 06:45 - 00028944 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-05-04 12:36 - 2014-09-13 10:55 - 00000000 ____D C:\Users\******\AppData\Roaming\Skype
2016-05-04 12:36 - 2014-09-13 10:55 - 00000000 ____D C:\ProgramData\Skype
2016-05-04 12:36 - 2014-07-28 09:10 - 00000000 ___RD C:\Users\******\Dropbox
2016-05-04 12:33 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-05-01 13:42 - 2015-11-13 17:17 - 00000000 ____D C:\Users\******\AppData\Roaming\MuseScore
2016-05-01 12:23 - 2011-04-12 09:43 - 00702630 _____ C:\Windows\system32\perfh007.dat
2016-05-01 12:23 - 2011-04-12 09:43 - 00150288 _____ C:\Windows\system32\perfc007.dat
2016-05-01 12:23 - 2009-07-14 07:13 - 01628106 _____ C:\Windows\system32\PerfStringBackup.INI
2016-05-01 12:23 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\inf
2016-04-30 17:36 - 2014-07-28 23:48 - 00000000 ____D C:\Users\******\AppData\Roaming\vlc
2016-04-29 21:19 - 2014-07-28 23:54 - 00000000 ____D C:\Users\******\dwhelper
2016-04-28 08:33 - 2014-07-27 17:29 - 00000432 _____ C:\Windows\BRWMARK.INI
2016-04-28 06:50 - 2014-07-28 19:13 - 00000000 ____D C:\Users\******\AppData\Roaming\JFritz
2016-04-27 12:33 - 2015-06-01 08:42 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2016-04-27 08:09 - 2014-12-18 10:15 - 00000000 ____D C:\Users\******\AppData\Roaming\Audacity
2016-04-21 15:05 - 2010-11-21 05:27 - 00453288 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2016-04-21 13:29 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\system32\NDF
2016-04-18 11:49 - 2015-05-08 11:43 - 00000000 ____D C:\Program Files (x86)\TeamViewer
2016-04-16 00:26 - 2014-09-12 18:44 - 00000000 ____D C:\Users\******\AppData\LocalLow\Adobe
2016-04-15 12:14 - 2016-02-27 09:11 - 00001310 _____ C:\Users\******\Desktop\Mal-Einführung - Verknüpfung.lnk
2016-04-15 12:14 - 2015-12-23 22:26 - 00001126 _____ C:\Users\******\Desktop\Filmprojekte - Verknüpfung.lnk
2016-04-15 12:14 - 2015-06-22 09:49 - 00001273 _____ C:\Users\******\Desktop\Goldene Hochzeit Schwiegereltern - Verknüpfung.lnk
2016-04-15 08:39 - 2014-07-28 09:08 - 00000000 ____D C:\Users\******\AppData\Roaming\Dropbox
2016-04-15 08:38 - 2015-06-19 10:22 - 00000000 ____D C:\Users\******\AppData\Local\Dropbox
2016-04-14 06:30 - 2009-07-14 06:45 - 01026784 _____ C:\Windows\system32\FNTCACHE.DAT
2016-04-13 23:48 - 2014-07-17 23:18 - 00000000 ____D C:\Windows\system32\MRT
2016-04-13 23:30 - 2014-07-17 23:18 - 135176864 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2016-04-11 14:52 - 2014-07-28 21:06 - 00000000 ____D C:\Users\******\AppData\Local\ElevatedDiagnostics
2016-04-08 20:16 - 2009-07-14 04:34 - 00000499 _____ C:\Windows\win.ini
2016-04-08 12:03 - 2009-07-14 05:20 - 00000000 __RHD C:\Users\Public\Libraries
2016-04-07 19:40 - 2015-06-01 11:34 - 00797376 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2016-04-07 19:40 - 2015-06-01 11:34 - 00142528 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2016-04-07 19:40 - 2015-06-01 11:34 - 00003822 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
==================== Dateien im Wurzelverzeichnis einiger Verzeichnisse =======
2014-07-30 16:26 - 2016-05-04 15:49 - 0001958 _____ () C:\Users\******\AppData\Roaming\SAS7_000.DAT
2015-05-26 11:07 - 2015-05-26 11:07 - 0007602 _____ () C:\Users\******\AppData\Local\Resmon.ResmonCfg
Einige Dateien in TEMP:
====================
C:\Users\******\AppData\Local\Temp\SkypeSetup.exe
==================== Bamital & volsnap =================
(Es ist kein automatischer Fix für Dateien vorhanden, die an der Verifikation gescheitert sind.)
C:\Windows\system32\winlogon.exe => Datei ist digital signiert
C:\Windows\system32\wininit.exe => Datei ist digital signiert
C:\Windows\SysWOW64\wininit.exe => Datei ist digital signiert
C:\Windows\explorer.exe => Datei ist digital signiert
C:\Windows\SysWOW64\explorer.exe => Datei ist digital signiert
C:\Windows\system32\svchost.exe => Datei ist digital signiert
C:\Windows\SysWOW64\svchost.exe => Datei ist digital signiert
C:\Windows\system32\services.exe => Datei ist digital signiert
C:\Windows\system32\User32.dll => Datei ist digital signiert
C:\Windows\SysWOW64\User32.dll => Datei ist digital signiert
C:\Windows\system32\userinit.exe => Datei ist digital signiert
C:\Windows\SysWOW64\userinit.exe => Datei ist digital signiert
C:\Windows\system32\rpcss.dll => Datei ist digital signiert
C:\Windows\system32\dnsapi.dll => Datei ist digital signiert
C:\Windows\SysWOW64\dnsapi.dll => Datei ist digital signiert
C:\Windows\system32\Drivers\volsnap.sys => Datei ist digital signiert
LastRegBack: 2016-04-28 13:52
==================== Ende von FRST.txt ============================
Code:
ATTFilter Zusätzliches Untersuchungsergebnis von Farbar Recovery Scan Tool (x64) Version:03-05-2016
durchgeführt von ****** (2016-05-05 00:02:25)
Gestartet von C:\Users\******\Desktop
Windows 7 Home Premium Service Pack 1 (X64) (2014-07-13 15:23:05)
Start-Modus: Normal
==========================================================
==================== Konten: =============================
Administrator (S-1-5-21-1645918933-1587179398-1173790561-500 - Administrator - Enabled) => C:\Users\Administrator
Björn (S-1-5-21-1645918933-1587179398-1173790561-1001 - Limited - Enabled) => C:\Users\Björn
Gast (S-1-5-21-1645918933-1587179398-1173790561-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1645918933-1587179398-1173790561-1004 - Limited - Enabled)
****** (S-1-5-21-1645918933-1587179398-1173790561-1000 - Administrator - Enabled) => C:\Users\******
==================== Sicherheits-Center ========================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er entfernt.)
AV: ESET Smart Security 8.0 (Enabled - Up to date) {19259FAE-8396-A113-46DB-15B0E7DFA289}
AV: PCKeeper Antivirus (Disabled - Up to date) {156D9A2F-8BF7-CC79-6637-F31E244756C7}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: PCKeeper Antivirus (Disabled - Up to date) {AE0C7BCB-ADCD-C3F7-5C87-C86C5FC01C7A}
AS: ESET Smart Security 8.0 (Enabled - Up to date) {A2447E4A-A5AC-AE9D-7C6B-2EC29C58E834}
FW: ESET Personal Firewall (Enabled) {211E1E8B-C9F9-A04B-6D84-BC85190CE5F2}
==================== Installierte Programme ======================
(Nur Adware-Programme mit dem Zusatz "Hidden" können in die Fixlist aufgenommen werden, um sie sichtbar zu machen. Die Adware-Programme sollten manuell deinstalliert werden.)
AAVUpdateManager (HKLM-x32\...\{AFA42FE1-A5C3-485F-9180-BFCF5BF1F1C3}) (Version: 18.00.0000 - Wolters Kluwer Deutschland GmbH)
AccountService (Version: 1.1.69 - Essentware) Hidden
Acronis*True*Image*Home (HKLM-x32\...\{C2F1F96A-057E-5819-B52E-FEA1D1D2933B}) (Version: 13.0.5029 - Acronis)
Adobe Acrobat DC (HKLM-x32\...\{AC76BA86-1033-FFFF-7760-0E0F06755100}) (Version: 15.006.30119 - Adobe Systems Incorporated)
Adobe Creative Suite 2 (HKLM-x32\...\{0134A1A1-C283-4A47-91A1-92F19F960372}) (Version: - )
Adobe Flash Player 21 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 21.0.0.213 - Adobe Systems Incorporated)
Adobe Flash Player 21 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 21.0.0.213 - Adobe Systems Incorporated)
Adobe Photoshop Lightroom 5.6 64-bit (HKLM\...\{D19E99C2-6D9D-4075-B446-B4387EAF70A5}) (Version: 5.6.0 - Adobe Systems Incorporated)
Adobe Premiere Pro 2.0 (HKLM-x32\...\Adobe Premiere Pro 2.0) (Version: 2.000.000 - Adobe Systems, Inc.)
Adobe Reader XI (11.0.14) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.14 - Adobe Systems Incorporated)
Adobe SVG Viewer 3.0 (HKLM-x32\...\Adobe SVG Viewer) (Version: 3.0 - Adobe Systems, Inc.)
Ant Renamer (HKLM-x32\...\Ant Renamer 2_is1) (Version: 2.10.0 - Ant Software)
Apple Application Support (HKLM-x32\...\{78002155-F025-4070-85B3-7C0453561701}) (Version: 3.0.6 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{6AF2AC2A-3532-43FD-9F4D-BDC9C0D724C7}) (Version: 7.1.2.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Ashampoo Burning Studio 2014 v.12.0.5 (HKLM-x32\...\{91B33C97-280F-B76D-E27B-E712D7041B76}_is1) (Version: 12.0.5 - Ashampoo GmbH & Co. KG)
Audacity 2.0.2 (HKLM-x32\...\Audacity_is1) (Version: 2.0.2 - Audacity Team)
Audible Download Manager (HKLM-x32\...\AudibleDownloadManager) (Version: 6.6.0.15 - Audible, Inc.)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 3.02 - Piriform)
Compatibility Pack für 2007 Office System (HKLM-x32\...\{90120000-0020-0407-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Dragon NaturallySpeaking 12 (HKLM-x32\...\{D5D422B9-6976-4E98-8DDF-9632CB515D7E}) (Version: 12.50.000 - Nuance Communications Inc.)
Dropbox (HKU\S-1-5-21-1645918933-1587179398-1173790561-1000\...\Dropbox) (Version: 3.18.1 - Dropbox, Inc.)
Druckerdeinstallation für EPSON BX620FWD Series (HKLM\...\EPSON BX620FWD Series) (Version: - SEIKO EPSON Corporation)
DVR-Compress (HKLM-x32\...\{BD61F72D-2F1F-4BE1-9D41-3DF75B2CA59A}) (Version: - Haenlein Software)
DVR-Studio Pro 2 (HKLM-x32\...\{BD60F72D-3F2F-4AE1-9C41-3CF75B2CA59A}) (Version: - Haenlein Software)
EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version: - Seiko Epson Corporation)
EpsonNet Print (HKLM-x32\...\{3E31400D-274E-4647-916C-2CACC3741799}) (Version: 2.6.0 - SEIKO EPSON CORPORATION)
EpsonNet Setup 3.3 (HKLM-x32\...\{C9D8A041-2963-4B31-8FFC-1500F3DB9293}) (Version: 3.3b - SEIKO EPSON CORPORATION)
ESET Smart Security (HKLM\...\{B06E39BF-C72B-446B-9462-1EE31789B3A2}) (Version: 8.0.319.1 - ESET, spol s r. o.)
FFmpeg (Windows) for Audacity Version 2.2.2 (HKLM-x32\...\{9C7E31E3-017F-434C-AC40-24431A354A1E}_is1) (Version: 2.2.2 - )
FileZilla Client 3.11.0.2 (HKLM-x32\...\FileZilla Client) (Version: 3.11.0.2 - Tim Kosse)
Fotogalerie (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Galería de fotos (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Galerie de photos (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 48.0.2564.97 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.29.1 - Google Inc.) Hidden
iTunes (HKLM\...\{77DE5105-D05E-448C-96CB-7FA381903753}) (Version: 11.3.1.2 - Apple Inc.)
Java 8 Update 66 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218066F0}) (Version: 8.0.660.18 - Oracle Corporation)
JFritz 0.7.5 Rev. 1 (HKLM-x32\...\{AF5B3ED5-70D3-48CF-A00F-FC29F5261A37}_is1) (Version: - JFritz Team)
Junk Mail filter update (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
KOBIL drivers x64x86 installation (x32 Version: 1.013.02221 - KOBIL Systems) Hidden
KOBIL Kartenleser Treiber v2.3 (HKLM-x32\...\{3ECA0079-088F-4E69-B66A-65D5E687B092}) (Version: 2.3.03111 - KOBIL Systems)
LAME v3.99.3 (for Windows) (HKLM-x32\...\LAME_is1) (Version: - )
Logitech Harmony Remote Software (HKLM-x32\...\{634F79E1-2A41-4C40-9E8D-89EC740AC9D6}) (Version: 0.6.0201 - Logitech)
Luminance HDR 2.3.1 (HKLM\...\{7020FC34-6E04-4858-924D-354B28CB2402}_is1) (Version: - Luminance HDR Dev Team)
Microsoft .NET Framework 4.5.2 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 (Français) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1036) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft LifeCam (HKLM\...\{5CE7E3F5-9803-4F32-AA89-2D8848A80109}) (Version: 3.60.253.0 - Microsoft Corporation)
Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4454.1510 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Live Add-in 1.5 (HKLM-x32\...\{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}) (Version: 2.0.4024.1 - Microsoft Corporation)
Microsoft Office Professional Edition 2003 (HKLM-x32\...\{91110407-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)
Microsoft Office XP Professional mit FrontPage (HKLM-x32\...\{90280407-6000-11D3-8CFE-0050048383C9}) (Version: 10.0.6626.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.41212.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Movie Maker (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Mozilla Firefox 46.0 (x86 de) (HKLM-x32\...\Mozilla Firefox 46.0 (x86 de)) (Version: 46.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 46.0.0.5955 - Mozilla)
Mozilla Thunderbird 31.2.0 (x86 de) (HKLM-x32\...\Mozilla Thunderbird 31.2.0 (x86 de)) (Version: 31.2.0 - Mozilla)
Mp3tag v2.71 (HKLM-x32\...\Mp3tag) (Version: v2.71 - Florian Heidenreich)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
MuseScore 1.3 (HKLM-x32\...\MuseScore) (Version: 1.3.0 - Werner Schweer and Others)
MuseScore 2 (HKLM-x32\...\{D0969A82-E79E-45D9-95D2-B2824880F780}) (Version: 2.0.2 - Werner Schweer and Others)
OpenSC (HKLM-x32\...\{33A2BFC1-5465-4284-9377-28493C47840E}) (Version: 0.14.0.0 - OpenSC Project)
PCKAVLang.de (Version: 1.0.0 - Essentware) Hidden
PCKeeper (Version: 2.2.2152 - Essentware) Hidden
PCKeeper Antivirus (Version: 1.1.615 - Essentware) Hidden
PCKLang.de (Version: 1.0.0 - Essentware) Hidden
Pivot Software (HKLM-x32\...\{0217E1D1-BCEF-4A61-AF6D-F7740F65A066}) (Version: 9.51.003 - Portrait Displays, Inc.)
QuickSteuer Deluxe 2014 (HKLM-x32\...\{F0DDB61B-25D1-4159-8F10-7A5B83B86339}) (Version: 20.04.00.0003 - Haufe-Lexware GmbH & Co.KG)
QuickSteuer Deluxe 2015 (HKLM-x32\...\{49E0E0CA-C817-49C8-861B-B766599BCB96}) (Version: 20.38.173 - Haufe-Lexware GmbH & Co.KG)
QuickTime 7 (HKLM-x32\...\{111EE7DF-FC45-40C7-98A7-753AC46B12FB}) (Version: 7.75.80.95 - Apple Inc.)
Raccolta foto (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Recuva (HKLM\...\Recuva) (Version: 1.51 - Piriform)
Samsung Kies (HKLM-x32\...\InstallShield_{758C8301-2696-4855-AF45-534B1200980A}) (Version: 2.3.3.12085_7 - Samsung Electronics Co., Ltd.)
Samsung Kies (x32 Version: 2.3.3.12085_7 - Samsung Electronics Co., Ltd.) Hidden
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.9.0 - SAMSUNG Electronics Co., Ltd.)
SDK (x32 Version: 2.22.002 - Portrait Displays, Inc.) Hidden
Skype™ 7.22 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.22.109 - Skype Technologies S.A.)
Suite Specific (x32 Version: 2.0.0 - Adobe Systems, Incorporated) Hidden
Sun ODF Plugin for Microsoft Office 3.2 (HKLM-x32\...\{BD136CE7-6666-4273-A056-8D92F8625AAB}) (Version: 3.2.9483 - Sun Microsystems)
TeamViewer 10 (HKLM-x32\...\TeamViewer) (Version: 10.0.47484 - TeamViewer)
TrueType-Font Klee 1.0 (HKLM-x32\...\{17350614-D988-4250-A77A-445361799829}_is1) (Version: 1.0 - Schroedel)
Visual Studio C++ 10.0 Runtime (HKLM-x32\...\{4412F224-3849-4461-A3E9-DEEF8D252790}) (Version: 10.0.0 - TomTom International B.V.)
VLC media player 2.1.4 (HKLM\...\VLC media player) (Version: 2.1.4 - VideoLAN)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
WinRAR 5.10 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 5.10.0 - win.rar GmbH)
==================== Benutzerdefinierte CLSID (Nicht auf der Ausnahmeliste): ==========================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
CustomCLSID: HKU\S-1-5-21-1645918933-1587179398-1173790561-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\******\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1645918933-1587179398-1173790561-1000_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Users\******\AppData\Roaming\Dropbox\bin\DropboxExt64.30.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1645918933-1587179398-1173790561-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\******\AppData\Roaming\Dropbox\bin\DropboxExt64.30.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1645918933-1587179398-1173790561-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\******\AppData\Roaming\Dropbox\bin\DropboxExt64.30.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1645918933-1587179398-1173790561-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\******\AppData\Roaming\Dropbox\bin\DropboxExt64.30.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1645918933-1587179398-1173790561-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\******\AppData\Roaming\Dropbox\bin\DropboxExt64.30.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1645918933-1587179398-1173790561-1000_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\******\AppData\Roaming\Dropbox\bin\DropboxExt64.30.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1645918933-1587179398-1173790561-1000_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\******\AppData\Roaming\Dropbox\bin\DropboxExt64.30.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1645918933-1587179398-1173790561-1000_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\******\AppData\Roaming\Dropbox\bin\DropboxExt64.30.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1645918933-1587179398-1173790561-1000_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\******\AppData\Roaming\Dropbox\bin\DropboxExt64.30.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1645918933-1587179398-1173790561-1000_Classes\CLSID\{FBC9D74C-AF55-4309-9FB2-C426E071637F}\InprocServer32 -> C:\Users\******\AppData\Roaming\Dropbox\bin\DropboxExt64.30.dll (Dropbox, Inc.)
==================== Geplante Aufgaben (Nicht auf der Ausnahmeliste) =============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
Task: {279B454A-2823-4F81-8540-3952AF601CE5} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)
Task: {2D3B2970-54BA-4EB5-9B77-B60EB97D4405} - System32\Tasks\GoogleUpdateTaskMachineUA1d08f945924455e => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)
Task: {3CBDAF57-2B04-4DCC-AF14-CF3DA1D6DFA5} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-12-14] (Adobe Systems Incorporated)
Task: {593164A8-EED5-4248-B1D8-C2C45D6C2347} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)
Task: {6255AF87-11BF-4298-80B3-7D55035ABE7C} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-1645918933-1587179398-1173790561-1000Core => C:\Users\******\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2015-06-19] (Dropbox, Inc.)
Task: {8511D224-037B-45CF-98B2-D9D152321F78} - System32\Tasks\GoogleUpdateTaskMachineCore1d08f945860f54c => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)
Task: {A0E30C18-2F4E-47C1-9D27-6B83DA14761A} - System32\Tasks\{7126B2BC-AE4D-40E9-8A96-6559F674DAF6} => C:\Program Files (x86)\Microsoft Office\OFFICE11\EXCEL.EXE [2013-05-29] (Microsoft Corporation)
Task: {A8DAE3CF-DBBD-43BB-B76B-B4BDCAECEB36} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-1645918933-1587179398-1173790561-1000UA => C:\Users\******\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2015-06-19] (Dropbox, Inc.)
Task: {B0418181-B5AD-434E-93D1-B4E12922DFC9} - System32\Tasks\{883EC3CF-FF72-4ADF-B19F-1BFB58CAFC1C} => E:\Auslagerung besonders großer Dateien\Zwischengeparkt\Adobe\Acrobat pro 7.0\22020134.exe
Task: {B1D2F4F4-5A8F-4F5F-B817-1B694B5188DF} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-04-07] (Adobe Systems Incorporated)
Task: {B3D330B6-B5BC-4244-B5FE-CDA9E91D1194} - System32\Tasks\{BCF9596D-1BB2-4F04-A68C-0AB73F4580A2} => pcalua.exe -a "E:\Auslagerung besonders großer Dateien\Zwischengeparkt\Adobe\Acrobat 8\APRO23_Win_ESD1_WWEFG.exe" -d "E:\Auslagerung besonders großer Dateien\Zwischengeparkt\Adobe\Acrobat 8"
Task: {D23C1F35-0567-47E0-98BB-220DACC5F009} - System32\Tasks\GoogleUpdateTaskMachineUA1d041e11c46c845 => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)
Task: {F83F26F7-6181-4679-853B-B74662F5ED46} - System32\Tasks\GoogleUpdateTaskMachineCore1d041e11ba2e4bf => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Aufgabe verschoben. Die Datei, die durch die Aufgabe gestartet wird, wird nicht verschoben.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-1645918933-1587179398-1173790561-1000Core.job => C:\Users\******\AppData\Local\Dropbox\Update\DropboxUpdate.exe
Task: C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-1645918933-1587179398-1173790561-1000UA.job => C:\Users\******\AppData\Local\Dropbox\Update\DropboxUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore1d041e11ba2e4bf.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore1d08f945860f54c.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA1d041e11c46c845.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA1d08f945924455e.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
==================== Verknüpfungen =============================
(Die Einträge können gelistet werden, um sie zurückzusetzen oder zu entfernen.)
==================== Geladene Module (Nicht auf der Ausnahmeliste) ==============
2008-10-24 16:35 - 2008-10-24 16:35 - 00128296 _____ () C:\Program Files (x86)\Lexware\AAVUpdateManager\aavus.exe
2016-04-20 18:41 - 2016-04-20 18:41 - 00090304 _____ () C:\Program Files\Essentware\PCKAV\SharedNativeLibraryPS.dll
2016-04-14 14:39 - 2016-04-14 14:39 - 00015872 _____ () C:\Program Files\Essentware\PCKAV\AvScan.dll
2015-06-02 17:18 - 2015-06-02 17:18 - 00043480 _____ () C:\Program Files (x86)\FileZilla FTP Client\fzshellext_64.dll
2016-04-27 11:32 - 2016-04-27 11:32 - 00102080 _____ () C:\Program Files\Essentware\PCKeeper\OneClickFixServicePS.dll
2016-04-27 11:32 - 2016-04-27 11:32 - 00104640 _____ () C:\Program Files\Essentware\PCKeeper\ZBAnalyticsCore.dll
2016-04-27 11:32 - 2016-04-27 11:32 - 00092864 _____ () C:\Program Files\Essentware\PCKeeper\SharedNativeLibraryPS.dll
2015-12-12 15:33 - 2016-03-21 23:50 - 00034768 _____ () C:\Users\******\AppData\Roaming\Dropbox\bin\_multiprocessing.pyd
2016-04-15 08:37 - 2016-03-21 23:51 - 00019408 _____ () C:\Users\******\AppData\Roaming\Dropbox\bin\faulthandler.pyd
2016-04-15 08:37 - 2016-03-21 23:50 - 00116688 _____ () C:\Users\******\AppData\Roaming\Dropbox\bin\pywintypes27.dll
2015-12-12 15:33 - 2016-03-21 23:50 - 00093640 _____ () C:\Users\******\AppData\Roaming\Dropbox\bin\_ctypes.pyd
2015-12-12 15:33 - 2016-03-21 23:50 - 00018376 _____ () C:\Users\******\AppData\Roaming\Dropbox\bin\select.pyd
2015-12-12 15:33 - 2016-04-08 20:20 - 00019760 _____ () C:\Users\******\AppData\Roaming\Dropbox\bin\tornado.speedups.pyd
2015-12-12 15:33 - 2016-03-21 23:52 - 00105928 _____ () C:\Users\******\AppData\Roaming\Dropbox\bin\win32api.pyd
2016-04-15 08:37 - 2016-03-21 23:50 - 00392144 _____ () C:\Users\******\AppData\Roaming\Dropbox\bin\pythoncom27.dll
2015-12-12 15:33 - 2016-04-08 20:20 - 00381752 _____ () C:\Users\******\AppData\Roaming\Dropbox\bin\win32com.shell.shell.pyd
2015-12-12 15:33 - 2016-03-21 23:50 - 00692688 _____ () C:\Users\******\AppData\Roaming\Dropbox\bin\unicodedata.pyd
2016-04-15 08:37 - 2016-04-08 20:19 - 00020816 _____ () C:\Users\******\AppData\Roaming\Dropbox\bin\cryptography.hazmat.bindings._constant_time.pyd
2015-12-12 15:33 - 2016-03-21 23:51 - 00112592 _____ () C:\Users\******\AppData\Roaming\Dropbox\bin\_cffi_backend.pyd
2016-04-15 08:37 - 2016-04-08 20:19 - 01682760 _____ () C:\Users\******\AppData\Roaming\Dropbox\bin\cryptography.hazmat.bindings._openssl.pyd
2016-04-15 08:37 - 2016-04-08 20:19 - 00020808 _____ () C:\Users\******\AppData\Roaming\Dropbox\bin\cryptography.hazmat.bindings._padding.pyd
2015-12-12 15:33 - 2016-04-08 20:20 - 00021840 _____ () C:\Users\******\AppData\Roaming\Dropbox\bin\_cffi_unicode_environ_win32_x8bf8e68bx9968e850.pyd
2016-04-15 08:37 - 2016-04-08 20:19 - 00038696 _____ () C:\Users\******\AppData\Roaming\Dropbox\bin\fastpath.pyd
2016-04-15 08:37 - 2016-03-21 23:52 - 00020936 _____ () C:\Users\******\AppData\Roaming\Dropbox\bin\mmapfile.pyd
2015-12-12 15:33 - 2016-03-21 23:52 - 00024528 _____ () C:\Users\******\AppData\Roaming\Dropbox\bin\win32event.pyd
2015-12-12 15:33 - 2016-03-21 23:52 - 00114640 _____ () C:\Users\******\AppData\Roaming\Dropbox\bin\win32security.pyd
2015-12-12 15:33 - 2016-03-21 23:52 - 00124880 _____ () C:\Users\******\AppData\Roaming\Dropbox\bin\win32file.pyd
2016-02-12 09:19 - 2016-04-08 20:20 - 00021832 _____ () C:\Users\******\AppData\Roaming\Dropbox\bin\_cffi_pywin_kernel32_x64d8f881xc8c369be.pyd
2015-12-12 15:33 - 2016-03-21 23:52 - 00024016 _____ () C:\Users\******\AppData\Roaming\Dropbox\bin\win32clipboard.pyd
2015-12-12 15:33 - 2016-03-21 23:52 - 00175560 _____ () C:\Users\******\AppData\Roaming\Dropbox\bin\win32gui.pyd
2015-12-12 15:33 - 2016-03-21 23:52 - 00030160 _____ () C:\Users\******\AppData\Roaming\Dropbox\bin\win32pipe.pyd
2015-12-12 15:33 - 2016-03-21 23:52 - 00043472 _____ () C:\Users\******\AppData\Roaming\Dropbox\bin\win32process.pyd
2015-12-12 15:33 - 2016-03-21 23:52 - 00028616 _____ () C:\Users\******\AppData\Roaming\Dropbox\bin\win32ts.pyd
2015-12-12 15:33 - 2016-03-21 23:52 - 00048592 _____ () C:\Users\******\AppData\Roaming\Dropbox\bin\win32service.pyd
2016-04-15 08:37 - 2016-04-08 20:19 - 00026456 _____ () C:\Users\******\AppData\Roaming\Dropbox\bin\dropbox.infinite.win.compiled._driverinstallation.pyd
2015-12-12 15:33 - 2016-03-21 23:52 - 00057808 _____ () C:\Users\******\AppData\Roaming\Dropbox\bin\win32evtlog.pyd
2015-12-12 15:33 - 2016-03-21 23:52 - 00024016 _____ () C:\Users\******\AppData\Roaming\Dropbox\bin\win32profile.pyd
2016-04-15 08:37 - 2016-04-08 20:19 - 00117056 _____ () C:\Users\******\AppData\Roaming\Dropbox\bin\breakpad.client.windows.handler.pyd
2015-12-12 15:33 - 2016-04-08 20:20 - 00023376 _____ () C:\Users\******\AppData\Roaming\Dropbox\bin\winscreenshot.compiled._CaptureScreenshot.pyd
2015-12-12 15:33 - 2016-03-21 23:50 - 00134608 _____ () C:\Users\******\AppData\Roaming\Dropbox\bin\_elementtree.pyd
2016-04-15 08:37 - 2016-03-21 23:50 - 00134088 _____ () C:\Users\******\AppData\Roaming\Dropbox\bin\pyexpat.pyd
2016-04-15 08:37 - 2016-03-21 23:51 - 00240584 _____ () C:\Users\******\AppData\Roaming\Dropbox\bin\jpegtran.pyd
2016-04-15 08:37 - 2016-04-08 20:19 - 00024392 _____ () C:\Users\******\AppData\Roaming\Dropbox\bin\librsyncffi.compiled._librsyncffi.pyd
2016-04-15 08:37 - 2016-03-21 23:52 - 00036296 _____ () C:\Users\******\AppData\Roaming\Dropbox\bin\librsync.dll
2016-04-15 08:37 - 2016-04-08 20:19 - 00052024 _____ () C:\Users\******\AppData\Roaming\Dropbox\bin\psutil._psutil_windows.pyd
2016-02-12 09:19 - 2016-04-08 20:20 - 00020800 _____ () C:\Users\******\AppData\Roaming\Dropbox\bin\winffi.iphlpapi._winffi_iphlpapi.pyd
2016-02-12 09:19 - 2016-04-08 20:20 - 00021824 _____ () C:\Users\******\AppData\Roaming\Dropbox\bin\winffi.kernel32._winffi_kernel32.pyd
2016-02-12 09:19 - 2016-04-08 20:20 - 00019776 _____ () C:\Users\******\AppData\Roaming\Dropbox\bin\winffi.winerror._winffi_winerror.pyd
2016-02-12 09:19 - 2016-04-08 20:20 - 00020800 _____ () C:\Users\******\AppData\Roaming\Dropbox\bin\winffi.wininet._winffi_wininet.pyd
2016-04-15 08:37 - 2016-04-08 20:19 - 00020280 _____ () C:\Users\******\AppData\Roaming\Dropbox\bin\cpuid.compiled._cpuid.pyd
2015-12-12 15:33 - 2016-03-21 23:52 - 00350152 _____ () C:\Users\******\AppData\Roaming\Dropbox\bin\winxpgui.pyd
2016-02-12 09:19 - 2016-04-08 20:20 - 00022352 _____ () C:\Users\******\AppData\Roaming\Dropbox\bin\winverifysignature.compiled._VerifySignature.pyd
2016-04-15 08:37 - 2016-04-08 20:19 - 00084280 _____ () C:\Users\******\AppData\Roaming\Dropbox\bin\dropbox_sqlite_ext.DLL
2016-04-15 08:37 - 2016-04-08 20:20 - 01826096 _____ () C:\Users\******\AppData\Roaming\Dropbox\bin\PyQt5.QtCore.pyd
2015-12-12 15:33 - 2016-03-21 23:51 - 00083912 _____ () C:\Users\******\AppData\Roaming\Dropbox\bin\sip.pyd
2016-04-15 08:37 - 2016-04-08 20:20 - 03928880 _____ () C:\Users\******\AppData\Roaming\Dropbox\bin\PyQt5.QtWidgets.pyd
2016-04-15 08:37 - 2016-04-08 20:20 - 01971504 _____ () C:\Users\******\AppData\Roaming\Dropbox\bin\PyQt5.QtGui.pyd
2016-04-15 08:37 - 2016-04-08 20:20 - 00531248 _____ () C:\Users\******\AppData\Roaming\Dropbox\bin\PyQt5.QtNetwork.pyd
2016-04-15 08:37 - 2016-04-08 20:20 - 00132912 _____ () C:\Users\******\AppData\Roaming\Dropbox\bin\PyQt5.QtWebKit.pyd
2016-04-15 08:37 - 2016-04-08 20:20 - 00223544 _____ () C:\Users\******\AppData\Roaming\Dropbox\bin\PyQt5.QtWebKitWidgets.pyd
2016-04-15 08:37 - 2016-04-08 20:20 - 00207672 _____ () C:\Users\******\AppData\Roaming\Dropbox\bin\PyQt5.QtPrintSupport.pyd
2016-04-15 08:37 - 2016-04-08 20:20 - 00158008 _____ () C:\Users\******\AppData\Roaming\Dropbox\bin\PyQt5.QtWebEngineWidgets.pyd
2016-04-15 08:37 - 2016-04-08 20:20 - 00042808 _____ () C:\Users\******\AppData\Roaming\Dropbox\bin\PyQt5.QtWebChannel.pyd
2016-04-15 08:37 - 2016-03-21 23:54 - 00017864 _____ () C:\Users\******\AppData\Roaming\Dropbox\bin\libEGL.dll
2016-04-15 08:37 - 2016-03-21 23:54 - 01631184 _____ () C:\Users\******\AppData\Roaming\Dropbox\bin\libGLESv2.dll
2015-12-12 15:33 - 2016-04-08 20:20 - 00024904 _____ () C:\Users\******\AppData\Roaming\Dropbox\bin\_cffi_wpad_proxy_win_x752e3d61xdcfdcc84.pyd
2016-04-15 08:37 - 2016-04-08 20:20 - 00546096 _____ () C:\Users\******\AppData\Roaming\Dropbox\bin\PyQt5.QtQuick.pyd
2016-04-15 08:37 - 2016-04-08 20:20 - 00357680 _____ () C:\Users\******\AppData\Roaming\Dropbox\bin\PyQt5.QtQml.pyd
2015-03-04 23:45 - 2016-03-21 23:56 - 00697304 _____ () C:\Users\******\AppData\Roaming\Dropbox\bin\QtQuick\Controls\qtquickcontrolsplugin.dll
==================== Alternate Data Streams (Nicht auf der Ausnahmeliste) =========
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird nur der ADS entfernt.)
AlternateDataStreams: C:\ProgramData\TEMP:0FF263E8 [496]
==================== Abgesicherter Modus (Nicht auf der Ausnahmeliste) ===================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Der Wert "AlternateShell" wird wiederhergestellt.)
==================== EXE Verknüpfungen (Nicht auf der Ausnahmeliste) ===============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt.)
==================== Internet Explorer Vertrauenswürdig/Eingeschränkt ===============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt.)
==================== Hosts Inhalt: ===============================
(Wenn benötigt kann der Hosts: Schalter in die Fixlist aufgenommen werden um die Hosts Datei zurückzusetzen.)
2009-07-14 04:34 - 2009-06-10 23:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
==================== Andere Bereiche ============================
(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)
HKU\S-1-5-21-1645918933-1587179398-1173790561-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\******\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.178.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall ist aktiviert.
==================== MSCONFIG/TASK MANAGER Deaktivierte Einträge ==
(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)
MSCONFIG\Services: Adobe LM Service => 3
MSCONFIG\Services: Adobe Version Cue CS2 => 2
MSCONFIG\Services: AdobeARMservice => 2
MSCONFIG\Services: AGSService => 2
MSCONFIG\Services: Apple Mobile Device => 2
MSCONFIG\Services: Bonjour Service => 2
MSCONFIG\Services: FLEXnet Licensing Service => 3
MSCONFIG\Services: gupdate => 2
MSCONFIG\Services: gupdatem => 3
MSCONFIG\Services: iPod Service => 3
MSCONFIG\Services: SkypeUpdate => 2
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Gamma.lnk => C:\Windows\pss\Adobe Gamma.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Reader Synchronizer.lnk => C:\Windows\pss\Adobe Reader Synchronizer.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Audible Download Manager.lnk => C:\Windows\pss\Audible Download Manager.lnk.CommonStartup
MSCONFIG\startupreg: Acrobat Assistant 8.0 => "C:\Program Files (x86)\Adobe\Acrobat 2015\Acrobat\Acrotray.exe"
MSCONFIG\startupreg: Adobe Acrobat Synchronizer => "C:\Program Files (x86)\Adobe\Acrobat 2015\Acrobat\AdobeCollabSync.exe"
MSCONFIG\startupreg: Adobe Version Cue CS2 => "c:\Program Files x86\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe"
MSCONFIG\startupreg: AdobeAAMUpdater-1.0 => "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
MSCONFIG\startupreg: Dropbox Update => "C:\Users\******\AppData\Local\Dropbox\Update\DropboxUpdate.exe" /c
MSCONFIG\startupreg: ISUSPM => C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe -scheduler
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: KiesAirMessage => C:\Program Files (x86)\Samsung\Kies\KiesAirMessage.exe -startup
MSCONFIG\startupreg: KiesPDLR => C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
MSCONFIG\startupreg: KiesPreload => C:\Program Files (x86)\Samsung\Kies\Kies.exe /preload
MSCONFIG\startupreg: KiesTrayAgent => C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
MSCONFIG\startupreg: PivotSoftware => "C:\Program Files (x86)\Portrait Displays\Pivot Software\Pivot_startup.exe" -delay=10
MSCONFIG\startupreg: QuickTime Task => "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
==================== Firewall Regeln (Nicht auf der Ausnahmeliste) ===============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
FirewallRules: [{DF2EE3A6-84B8-4C3C-A713-7A86BF24A6C2}] => (Allow) C:\Program Files x86\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe
FirewallRules: [{C2192891-89A8-431C-B22E-C2F1BEACFFF8}] => (Allow) C:\Program Files x86\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe
FirewallRules: [{F042E2BE-C14F-4AEC-8626-CBA97C110C5E}] => (Allow) C:\Users\******\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{6DE097DF-7F0C-423F-87F6-7267CACC6AEA}] => (Allow) C:\Users\******\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{EE5004E9-8FA9-4E13-A022-E509095497B5}] => (Allow) LPort=51001
FirewallRules: [{9E58E297-3EAF-4885-B143-DB46CA8C28DD}] => (Allow) C:\Windows\SysWOW64\muzapp.exe
FirewallRules: [{A4CA6657-781C-4578-A9DA-AE0A84F0C7DB}] => (Allow) C:\Windows\SysWOW64\muzapp.exe
FirewallRules: [{F4A42295-D36D-4E74-BEBE-69EBEEB1CF51}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{0A84733A-93F2-4376-930C-E024E4075A0B}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{1801A563-9728-4A2D-9332-5ABA24A4D797}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{ED65E0AE-0706-44E9-A07D-35890A9FE44B}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{6B3E679F-112A-41B4-98FC-AB073FBBF8FF}] => (Allow) C:\Program Files (x86)\iTunes\iTunes.exe
FirewallRules: [{C44790B8-F05D-4B93-A27A-23A5D8E2718F}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{EF9801DA-618B-417F-8ABE-C57597D1B2DE}] => (Allow) LPort=2869
FirewallRules: [{6052F836-803F-44AC-8D4B-2D09C3CABB51}] => (Allow) LPort=1900
FirewallRules: [{29A85D60-2422-461B-B193-8E9B31FA1A1C}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{5B96A6DB-ADD9-4E9B-BA68-4B35FCC7534D}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{EBFCF653-C635-412F-882E-09D49F88DB12}] => (Allow) C:\Program Files (x86)\Microsoft LifeCam\LifeCam.exe
FirewallRules: [{F16D33D4-BE9A-42EF-810D-DB4BCDDA5649}] => (Allow) C:\Program Files (x86)\Microsoft LifeCam\LifeCam.exe
FirewallRules: [{D086F0F5-33A7-4DCB-B619-B7E48C130A28}] => (Allow) C:\Program Files (x86)\Microsoft LifeCam\LifeEnC2.exe
FirewallRules: [{22F7622F-7757-440B-BF4F-A63919EF0FF7}] => (Allow) C:\Program Files (x86)\Microsoft LifeCam\LifeEnC2.exe
FirewallRules: [{3AAB34DA-8D84-4AAF-84CF-493E7C8F2F95}] => (Allow) C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe
FirewallRules: [{76F1D5E6-2D92-44A7-B1F4-F11DCE4C3352}] => (Allow) C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe
FirewallRules: [{75D7B52D-BD49-4684-9EFF-2418EC92BD7E}] => (Allow) C:\Program Files (x86)\Microsoft LifeCam\LifeTray.exe
FirewallRules: [{09D151D1-A570-4CD3-95AC-531DFA9B58C7}] => (Allow) C:\Program Files (x86)\Microsoft LifeCam\LifeTray.exe
FirewallRules: [{6F215490-A04C-4B67-BFBC-22CB8286949D}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{5FB7D8FA-442C-4CDF-836B-3E7460D6BC33}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{5808D095-6CA1-49C1-A0FA-E8560364E53B}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{F332F739-19E7-48AE-BD06-9109A8E7F3BD}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{C01797B0-F674-4CC6-8331-CE40A1DB2124}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{B218D3AE-4239-4DE6-9CE8-09441C44FB82}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{C193489F-447D-4857-B626-12BEE4D2B338}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{76BAD875-778B-47CC-B002-EA78C72928F7}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{A1C4CBFE-0590-4C82-A192-6C1A8DEE6C65}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
==================== Wiederherstellungspunkte =========================
==================== Fehlerhafte Geräte im Gerätemanager =============
==================== Fehlereinträge in der Ereignisanzeige: =========================
Applikationsfehler:
==================
Error: (05/04/2016 11:39:00 PM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: 80004005
Error: (05/04/2016 06:33:42 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm FRST64.exe, Version 3.5.2016.0 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.
Prozess-ID: 26a8
Startzeit: 01d1a610b044c251
Endzeit: 230
Anwendungspfad: D:\Downloads\FRST64.exe
Berichts-ID:
Error: (05/04/2016 06:33:08 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: plugin-container.exe, Version: 46.0.0.5955, Zeitstempel: 0x5719583c
Name des fehlerhaften Moduls: NPSWF32_21_0_0_213.dll, Version: 21.0.0.213, Zeitstempel: 0x57033807
Ausnahmecode: 0xc0000005
Fehleroffset: 0x003bb82c
ID des fehlerhaften Prozesses: 0x1090
Startzeit der fehlerhaften Anwendung: 0xplugin-container.exe0
Pfad der fehlerhaften Anwendung: plugin-container.exe1
Pfad des fehlerhaften Moduls: plugin-container.exe2
Berichtskennung: plugin-container.exe3
Error: (05/04/2016 12:34:45 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (05/04/2016 08:07:51 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: Acrobat.exe, Version: 15.6.30119.36332, Zeitstempel: 0x56740a62
Name des fehlerhaften Moduls: MSONSEXT.DLL, Version: 11.0.6715.60, Zeitstempel: 0x43306199
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00053555
ID des fehlerhaften Prozesses: 0x110
Startzeit der fehlerhaften Anwendung: 0xAcrobat.exe0
Pfad der fehlerhaften Anwendung: Acrobat.exe1
Pfad des fehlerhaften Moduls: Acrobat.exe2
Berichtskennung: Acrobat.exe3
Error: (05/04/2016 05:52:14 AM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: 80004005
Error: (05/03/2016 05:31:04 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: Acrobat.exe, Version: 15.6.30119.36332, Zeitstempel: 0x56740a62
Name des fehlerhaften Moduls: PDDom.api, Version: 15.6.30119.36332, Zeitstempel: 0x5674085e
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0000bf79
ID des fehlerhaften Prozesses: 0x1e44
Startzeit der fehlerhaften Anwendung: 0xAcrobat.exe0
Pfad der fehlerhaften Anwendung: Acrobat.exe1
Pfad des fehlerhaften Moduls: Acrobat.exe2
Berichtskennung: Acrobat.exe3
Error: (05/03/2016 10:32:07 AM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: 80004005
Error: (05/02/2016 03:50:29 PM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: 80004005
Error: (05/02/2016 02:15:34 PM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: 80004005
Systemfehler:
=============
Error: (05/04/2016 12:54:59 PM) (Source: Schannel) (EventID: 4119) (User: NT-AUTORITÄT)
Description: Es wurde eine schwerwiegende Warnung empfangen: 40.
Error: (05/04/2016 08:03:47 AM) (Source: volsnap) (EventID: 36) (User: )
Description: Die Schattenkopien von Volume "C:" wurden abgebrochen, weil der Schattenkopiespeicher nicht auf ein benutzerdefiniertes Limit vergrößert werden konnte.
Error: (05/01/2016 06:05:55 PM) (Source: volsnap) (EventID: 36) (User: )
Description: Die Schattenkopien von Volume "C:" wurden abgebrochen, weil der Schattenkopiespeicher nicht auf ein benutzerdefiniertes Limit vergrößert werden konnte.
Error: (05/01/2016 12:20:31 PM) (Source: Disk) (EventID: 11) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk6\DR7 gefunden.
Error: (05/01/2016 12:20:30 PM) (Source: Disk) (EventID: 11) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk6\DR7 gefunden.
Error: (05/01/2016 12:20:29 PM) (Source: Disk) (EventID: 11) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk6\DR7 gefunden.
Error: (04/30/2016 07:02:34 AM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst Spooler erreicht.
Error: (04/28/2016 12:14:41 AM) (Source: Schannel) (EventID: 4119) (User: NT-AUTORITÄT)
Description: Es wurde eine schwerwiegende Warnung empfangen: 20.
Error: (04/27/2016 07:20:50 AM) (Source: volsnap) (EventID: 36) (User: )
Description: Die Schattenkopien von Volume "C:" wurden abgebrochen, weil der Schattenkopiespeicher nicht auf ein benutzerdefiniertes Limit vergrößert werden konnte.
Error: (04/26/2016 05:25:07 PM) (Source: Schannel) (EventID: 4119) (User: NT-AUTORITÄT)
Description: Es wurde eine schwerwiegende Warnung empfangen: 20.
==================== Speicherinformationen ===========================
Prozessor: AMD FX(tm)-8320 Eight-Core Processor
Prozentuale Nutzung des RAM: 24%
Installierter physikalischer RAM: 16366.12 MB
Verfügbarer physikalischer RAM: 12429.84 MB
Summe virtueller Speicher: 32730.42 MB
Verfügbarer virtueller Speicher: 28839.3 MB
==================== Laufwerke ================================
Drive a: (System) (Fixed) (Total:0.34 GB) (Free:0.3 GB) NTFS ==>[System mit Startkomponenten (eingeholt von Laufwerk)]
Drive c: (Windows) (Fixed) (Total:137.02 GB) (Free:2.94 GB) NTFS
Drive d: (******) (Fixed) (Total:1714.62 GB) (Free:1009.69 GB) NTFS
Drive e: (Fotoarchiv) (Fixed) (Total:886.45 GB) (Free:198.5 GB) NTFS
Drive f: (Speicher) (Fixed) (Total:976.56 GB) (Free:107.54 GB) NTFS
Drive g: (KINGSTON) (Removable) (Total:14.52 GB) (Free:12.94 GB) FAT32
Drive s: (Sicherheitskopien) (Fixed) (Total:1863.01 GB) (Free:420.27 GB) NTFS
==================== MBR & Partitionstabelle ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 1863 GB) (Disk ID: 4F54BC71)
Partition 1: (Not Active) - (Size=1863 GB) - (Type=07 NTFS)
========================================================
Disk: 1 (MBR Code: Windows XP) (Size: 1863 GB) (Disk ID: 2CFF8DF9)
Partition 1: (Active) - (Size=976.6 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=886.5 GB) - (Type=07 NTFS)
========================================================
Disk: 2 (MBR Code: Windows 7 or 8) (Size: 1863 GB) (Disk ID: 14EBD508)
Partition 1: (Active) - (Size=350 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=137 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=11 GB) - (Type=27)
Partition 4: (Not Active) - (Size=1714.6 GB) - (Type=07 NTFS)
========================================================
Disk: 4 (MBR Code: Windows XP) (Size: 14.5 GB) (Disk ID: 48941706)
Partition 1: (Active) - (Size=14.5 GB) - (Type=0C)
==================== Ende von Addition.txt ============================
Mein (echtes) Virenprogramm ESET Smart Security hat sich nicht gemeldet, daher kann ich davon keine Logs posten. Fehlen sonst noch Angaben? |
|
06.05.2016, 19:48
| #2 |
| /// TB-Ausbilder   | Windows 7: PCKeeper ungefragt aufgetaucht, lässt sich nicht deinstallieren Mein Name ist Matthias und ich werde dir bei der Bereinigung deines Computers helfen. Bitte beachte folgende Hinweise:
Bitte arbeite alle Schritte in der vorgegebenen Reihefolge nacheinander ab und poste alle Logdateien in CODE-Tags:  So funktioniert es:Posten in CODE-Tags Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert deinem Helfer massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu groß für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
Danke für deine Mitarbeit! Schritt 1 Downloade Dir bitte  AdwCleaner auf deinen Desktop.
Schritt 2 Downloade Dir bitte  Malwarebytes Anti-Malware
Schritt 3 Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Schritt 4
Bitte poste mit deiner nächsten Antwort
|
|
09.05.2016, 16:20
| #3 |
| /// TB-Ausbilder | Windows 7: PCKeeper ungefragt aufgetaucht, lässt sich nicht deinstallieren Fehlende Rückmeldung
__________________Dieses Thema wurde aus den Abos gelöscht. Somit bekomme ich keine Benachrichtigung über neue Antworten. PM an mich falls Du denoch weiter machen willst. Hinweis: Das Verschwinden der Symptome bedeutet nicht, dass Dein Rechner schon sauber ist. Jeder andere bitte hier klicken und einen eigenen Thread erstellen! |
|
10.05.2016, 10:26
| #4 |
| | Scan-Ergebnisse Hallo Matthias! Hier sind die Scan-Ergebnisse: AdwareCleaner: Code:
ATTFilter # AdwCleaner v5.115 - Bericht erstellt am 08/05/2016 um 20:05:53
# Aktualisiert am 01/05/2016 von Xplode
# Datenbank : 2016-05-08.4 [Server]
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (X64)
# Benutzername : ****** - HAUPTCOMPUTER
# Gestartet von : C:\Users\******\Desktop\AdwCleaner_5.115.exe
# Option : Löschen
# Unterstützung : hxxp://toolslib.net/forum
***** [ Dienste ] *****
[-] Dienst gelöscht : PCKeeper2Service
[-] Dienst gelöscht : PCKeeperOcfService
[-] Dienst gelöscht : fileHiders
[-] Dienst gelöscht : AccountService
[-] Dienst gelöscht : ZeoScanner
[-] Dienst gelöscht : PCKAVService
***** [ Ordner ] *****
[-] Ordner gelöscht : C:\ProgramData\Essentware
[#] Ordner gelöscht : C:\ProgramData\Application Data\Essentware
[-] Ordner gelöscht : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Essentware
[-] Ordner gelöscht : C:\Program Files\Essentware
***** [ Dateien ] *****
[-] Datei gelöscht : C:\Users\******\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_de.anisearch.com_0.localstorage-journal
[-] Datei gelöscht : C:\Users\******\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_icons.mysitemyway.com_0.localstorage-journal
[-] Datei gelöscht : C:\Users\******\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_land.pckeeper.software_0.localstorage
[-] Datei gelöscht : C:\Users\******\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_land.pckeeper.software_0.localstorage-journal
[-] Datei gelöscht : C:\Users\******\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_search.emaildefendplussearch.com_0.localstorage
[-] Datei gelöscht : C:\Users\******\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_search.emaildefendplussearch.com_0.localstorage-journal
[-] Datei gelöscht : C:\Windows\SysNative\drivers\fileHiders.sys
[-] Datei gelöscht : C:\Windows\SysNative\drivers\zeoscanner.sys
***** [ DLLs ] *****
***** [ WMI ] *****
***** [ Verknüpfungen ] *****
***** [ Aufgabenplanung ] *****
***** [ Registrierungsdatenbank ] *****
[-] Schlüssel gelöscht : HKLM\SOFTWARE\Classes\Directory\Background\shellex\ContextMenuHandlers\PCKeeperShell32
[-] Schlüssel gelöscht : HKLM\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\PCKeeperShell32
[-] Schlüssel gelöscht : HKLM\SOFTWARE\Classes\Drive\shellex\ContextMenuHandlers\PCKeeperShell32
[-] Schlüssel gelöscht : HKLM\SOFTWARE\Classes\Folder\ShellEx\ContextMenuHandlers\PCKeeperShell32
[-] Schlüssel gelöscht : HKLM\SOFTWARE\Classes\lnkfile\shellex\ContextMenuHandlers\PCKeeperShell32
[-] Schlüssel gelöscht : HKCU\Software\Essentware
[-] Schlüssel gelöscht : [x64] HKLM\SOFTWARE\Essentware
***** [ Internetbrowser ] *****
[-] [C:\Users\******\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] gelöscht : 1und1.de
[-] [C:\Users\******\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] gelöscht : dsl.1und1.de
*************************
:: "Tracing" Schlüssel gelöscht
:: Proxy Einstellungen zurückgesetzt
:: Winsock Einstellungen zurückgesetzt
:: Internet Explorer Richtlinien gelöscht
:: Chrome Richtlinien gelöscht
*************************
C:\AdwCleaner\AdwCleaner[C1].txt - [3302 Bytes] - [08/05/2016 20:05:53]
C:\AdwCleaner\AdwCleaner[S1].txt - [3193 Bytes] - [08/05/2016 20:03:30]
########## EOF - C:\AdwCleaner\AdwCleaner[C1].txt - [3448 Bytes] ##########
Malwarebytes Scanprotkoll: Code:
ATTFilter Malwarebytes Anti-Malware www.malwarebytes.org Suchlaufdatum: 08.05.2016 Suchlaufzeit: 20:11 Protokolldatei: mbam.txt Administrator: Ja Version: 2.2.1.1043 Malware-Datenbank: v2016.05.08.03 Rootkit-Datenbank: v2016.05.06.01 Lizenz: Kostenlose Version Malware-Schutz: Deaktiviert Schutz vor bösartigen Websites: Deaktiviert Selbstschutz: Deaktiviert Betriebssystem: Windows 7 Service Pack 1 CPU: x64 Dateisystem: NTFS Benutzer: ****** Suchlauftyp: Bedrohungssuchlauf Ergebnis: Abgeschlossen Durchsuchte Objekte: 446940 Abgelaufene Zeit: 26 Min., 23 Sek. Speicher: Aktiviert Start: Aktiviert Dateisystem: Aktiviert Archive: Aktiviert Rootkits: Deaktiviert Heuristik: Aktiviert PUP: Aktiviert PUM: Aktiviert Prozesse: 0 (keine bösartigen Elemente erkannt) Module: 0 (keine bösartigen Elemente erkannt) Registrierungsschlüssel: 2 PUP.Optional.PCKeeper, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{382E502B-E5EB-4DBB-9C2B-E13565F07B57}, In Quarantäne, [5c173c97722712246afbb81118eb6799], PUP.Optional.PCKeeper, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{68603850-395A-4183-BB63-BECF9C2C4F98}, In Quarantäne, [a1d2aa2997022f07fd683495f60ddc24], Registrierungswerte: 2 PUP.Optional.PCKeeper, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{382E502B-E5EB-4DBB-9C2B-E13565F07B57}|DisplayName, PCKeeper, In Quarantäne, [5c173c97722712246afbb81118eb6799] PUP.Optional.PCKeeper, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{68603850-395A-4183-BB63-BECF9C2C4F98}|DisplayName, PCKeeper Antivirus, In Quarantäne, [a1d2aa2997022f07fd683495f60ddc24] Registrierungsdaten: 0 (keine bösartigen Elemente erkannt) Ordner: 0 (keine bösartigen Elemente erkannt) Dateien: 0 (keine bösartigen Elemente erkannt) Physische Sektoren: 0 (keine bösartigen Elemente erkannt) (end) Code:
ATTFilter ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.0.6 (04.25.2016)
Operating System: Windows 7 Home Premium x64
Ran by ****** (Administrator) on 09.05.2016 at 0:45:02,66
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
File System: 42
Successfully deleted: C:\Users\******\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_static.audienceinsights.net_0.localstorage-journal (File)
Successfully deleted: C:\Users\******\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_static.audienceinsights.net_0.localstorage (File)
Successfully deleted: C:\Users\******\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\07TU923Y (Temporary Internet Files Folder)
Successfully deleted: C:\Users\******\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0PS72R2M (Temporary Internet Files Folder)
Successfully deleted: C:\Users\******\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\16CYPP2P (Temporary Internet Files Folder)
Successfully deleted: C:\Users\******\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\62AXOPQ5 (Temporary Internet Files Folder)
Successfully deleted: C:\Users\******\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6G13RSHO (Temporary Internet Files Folder)
Successfully deleted: C:\Users\******\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\7OALS97P (Temporary Internet Files Folder)
Successfully deleted: C:\Users\******\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\9EUDNIB2 (Temporary Internet Files Folder)
Successfully deleted: C:\Users\******\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\A2WKD66I (Temporary Internet Files Folder)
Successfully deleted: C:\Users\******\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BRIWLTT3 (Temporary Internet Files Folder)
Successfully deleted: C:\Users\******\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\C1LKABNH (Temporary Internet Files Folder)
Successfully deleted: C:\Users\******\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\CX9KAMVM (Temporary Internet Files Folder)
Successfully deleted: C:\Users\******\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FZG8CKJ5 (Temporary Internet Files Folder)
Successfully deleted: C:\Users\******\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HQ800GBW (Temporary Internet Files Folder)
Successfully deleted: C:\Users\******\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HVADEZ9L (Temporary Internet Files Folder)
Successfully deleted: C:\Users\******\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LFV2IX3B (Temporary Internet Files Folder)
Successfully deleted: C:\Users\******\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LIXMVQOA (Temporary Internet Files Folder)
Successfully deleted: C:\Users\******\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\QSP1WFZ1 (Temporary Internet Files Folder)
Successfully deleted: C:\Users\******\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SFKQFB1A (Temporary Internet Files Folder)
Successfully deleted: C:\Users\******\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\WBKA2NGU (Temporary Internet Files Folder)
Successfully deleted: C:\Users\******\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\X0K81XTI (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\07TU923Y (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0PS72R2M (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\16CYPP2P (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\62AXOPQ5 (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6G13RSHO (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\7OALS97P (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\9EUDNIB2 (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\A2WKD66I (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BRIWLTT3 (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\C1LKABNH (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\CX9KAMVM (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FZG8CKJ5 (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HQ800GBW (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HVADEZ9L (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LFV2IX3B (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LIXMVQOA (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\QSP1WFZ1 (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SFKQFB1A (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\WBKA2NGU (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\X0K81XTI (Temporary Internet Files Folder)
Registry: 2
Successfully deleted: HKLM\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} (Registry Key)
Successfully deleted: HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} (Registry Key)
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 09.05.2016 at 0:48:22,24
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Hier die FRST.txt, die zuletzt erstellt worden ist: Code:
ATTFilter Untersuchungsergebnis von Farbar Recovery Scan Tool (FRST) (x64) Version:09-05-2016
durchgeführt von ****** (Administrator) auf HAUPTCOMPUTER (10-05-2016 11:05:05)
Gestartet von C:\Users\******\Desktop
Geladene Profile: ****** (Verfügbare Profile: ****** & Björn & Administrator)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Sprache: Deutsch (Deutschland)
Internet Explorer Version 11 (Standard-Browser: FF)
Start-Modus: Normal
Anleitung für Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Prozesse (Nicht auf der Ausnahmeliste) =================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Prozess geschlossen. Die Datei wird nicht verschoben.)
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
() C:\Program Files (x86)\Lexware\AAVUpdateManager\aavus.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe
(Nuance Communications, Inc.) C:\Program Files (x86)\Common Files\Nuance\dgnsvc.exe
(ESET) C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe
(SEIKO EPSON CORPORATION) C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50STB.EXE
(SEIKO EPSON CORPORATION) C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE
(Microsoft Corporation) C:\Program Files\Microsoft LifeCam\MSCamS64.exe
(Portrait Displays, Inc.) C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\pdisrvc.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe
(ESET) C:\Program Files\ESET\ESET Smart Security\egui.exe
(Dropbox, Inc.) C:\Users\******\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Acronis) C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
(Microsoft Corporation) C:\Windows\splwow64.exe
(Microsoft Corporation) C:\Windows\SysWOW64\SearchProtocolHost.exe
==================== Registry (Nicht auf der Ausnahmeliste) ===========================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt. Die Datei wird nicht verschoben.)
HKLM\...\Run: [Acronis Scheduler2 Service] => C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe [357936 2009-08-28] (Acronis)
HKLM\...\Run: [egui] => C:\Program Files\ESET\ESET Smart Security\egui.exe [5595848 2015-07-08] (ESET)
HKLM-x32\...\Run: [DNS7reminder] => "C:\Program Files (x86)\Nuance\NaturallySpeaking12\Ereg\Ereg.exe" -r "C:\ProgramData\Nuance\NaturallySpeaking12\Ereg.ini"
HKLM-x32\...\Run: [LifeCam] => C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe [135536 2010-12-13] (Microsoft Corporation)
HKLM-x32\...\Run: [TrueImageMonitor.exe] => C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe [5078416 2009-08-28] (Acronis)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [596528 2015-11-09] (Oracle Corporation)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1085656 2015-12-14] (Adobe Systems Incorporated)
HKU\S-1-5-21-1645918933-1587179398-1173790561-1000\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [51662464 2016-04-08] (Skype Technologies S.A.)
ShellIconOverlayIdentifiers: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\******\AppData\Roaming\Dropbox\bin\DropboxExt64.30.dll [2016-04-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\******\AppData\Roaming\Dropbox\bin\DropboxExt64.30.dll [2016-04-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\******\AppData\Roaming\Dropbox\bin\DropboxExt64.30.dll [2016-04-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\******\AppData\Roaming\Dropbox\bin\DropboxExt64.30.dll [2016-04-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\******\AppData\Roaming\Dropbox\bin\DropboxExt64.30.dll [2016-04-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\******\AppData\Roaming\Dropbox\bin\DropboxExt64.30.dll [2016-04-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\******\AppData\Roaming\Dropbox\bin\DropboxExt64.30.dll [2016-04-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\******\AppData\Roaming\Dropbox\bin\DropboxExt64.30.dll [2016-04-08] (Dropbox, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\JFritz.lnk [2014-07-28]
ShortcutTarget: JFritz.lnk -> C:\Program Files (x86)\JFritz\jfritz.exe ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Office.lnk [2014-07-27]
ShortcutTarget: Microsoft Office.lnk -> C:\Program Files (x86)\Microsoft Office\Office10\OSA.EXE (Microsoft Corporation)
Startup: C:\Users\******\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2016-04-15]
ShortcutTarget: Dropbox.lnk -> C:\Users\******\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
==================== Internet (Nicht auf der Ausnahmeliste) ====================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Eintrag entfernt oder auf den Standardwert zurückgesetzt, wenn es sich um einen Registryeintrag handelt.)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
Tcpip\..\Interfaces\{41DC600C-17C3-45AD-AC98-268F3658BD96}: [DhcpNameServer] 192.168.178.1
Internet Explorer:
==================
HKU\S-1-5-21-1645918933-1587179398-1173790561-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.facebook.com/
HKU\S-1-5-21-1645918933-1587179398-1173790561-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://localoem.msn.com
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-1645918933-1587179398-1173790561-1000 -> DefaultScope {6A3BFF71-31DA-45A6-BEDC-595E43AF1C3B} URL =
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\2015\x64\AcroIEFavStub.dll [2015-12-18] (Adobe Systems Incorporated)
BHO: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\2015\x64\AcroIEFavStub.dll [2015-12-18] (Adobe Systems Incorporated)
BHO-x32: Adobe PDF Reader -> {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2012-09-23] (Adobe Systems Incorporated)
BHO-x32: Dragon NaturallySpeaking Rich Internet Application Support - Extension -> {73A89C60-CF59-4EC7-9215-9B7EF05ECEA4} -> C:\Program Files (x86)\Nuance\NaturallySpeaking12\Program\ieShim.dll [2013-10-15] (Nuance Communications, Inc.)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_66\bin\ssv.dll [2015-11-21] (Oracle Corporation)
BHO-x32: Microsoft-Konto-Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO-x32: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\2015\AcroIEFavStub.dll [2015-12-18] (Adobe Systems Incorporated)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_66\bin\jp2ssv.dll [2015-11-21] (Oracle Corporation)
BHO-x32: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\2015\AcroIEFavStub.dll [2015-12-18] (Adobe Systems Incorporated)
Toolbar: HKLM - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\2015\x64\AcroIEFavStub.dll [2015-12-18] (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\2015\AcroIEFavStub.dll [2015-12-18] (Adobe Systems Incorporated)
FireFox:
========
FF ProfilePath: C:\Users\******\AppData\Roaming\Mozilla\Firefox\Profiles\tdnqdafv.default-1461583433130
FF NewTab: file:///D:/Eigene%20Webs/Internet-Startseite/Internet%20Startseite.html
FF Homepage: file:///D:/Eigene Webs/Internet-Startseite/Internet Startseite.html
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_21_0_0_213.dll [2016-04-07] ()
FF Plugin: @microsoft.com/GENUINE -> disabled [Keine Datei]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-12] ( Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.1.4 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2014-02-28] (VideoLAN)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [2015-07-29] (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_21_0_0_213.dll [2016-04-07] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-02-21] ()
FF Plugin-x32: @java.com/DTPlugin,version=11.66.2 -> C:\Program Files (x86)\Java\jre1.8.0_66\bin\dtplugin\npDeployJava1.dll [2015-11-21] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.66.2 -> C:\Program Files (x86)\Java\jre1.8.0_66\bin\plugin2\npjp2.dll [2015-11-21] (Oracle Corporation)
FF Plugin-x32: @logitech.com/HarmonyRemote,version=1.0.0 -> C:\Program Files (x86)\Logitech\Harmony Remote Driver\NprtHarmonyPlugin.dll [2010-01-25] (Logitech Inc.)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [Keine Datei]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-12] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll [2010-04-26] (Microsoft Corp.)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-04] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-04] (Google Inc.)
FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat 2015\Acrobat\Air\nppdf32.dll [2015-12-18] (Adobe Systems Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-12-18] (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll [2015-07-29] (Adobe Systems)
FF Plugin-x32: nuance.com/DragonRIAPlugin -> C:\PROGRA~2\Nuance\NATURA~1\Program\npDgnRia.dll [2013-10-15] (Nuance Communications Inc.)
FF Extension: Adobe Acrobat DC - Create PDF - C:\Program Files (x86)\Adobe\Acrobat 2015\Acrobat\Browser\WCFirefoxExtn [2016-01-14]
FF Extension: Tab Mix Plus - C:\Users\******\AppData\Roaming\Mozilla\Firefox\Profiles\tdnqdafv.default-1461583433130\extensions\{dc572301-7619-498c-a57d-39143191b318}.xpi [2016-04-25]
FF Extension: Copy Plain Text 2 - C:\Users\******\AppData\Roaming\Mozilla\Firefox\Profiles\tdnqdafv.default-1461583433130\extensions\copyplaintext@teo.pl.xpi [2016-04-25]
FF Extension: WOT - C:\Users\******\AppData\Roaming\Mozilla\Firefox\Profiles\tdnqdafv.default-1461583433130\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} [2016-04-25]
FF Extension: LeechBlock - C:\Users\******\AppData\Roaming\Mozilla\Firefox\Profiles\tdnqdafv.default-1461583433130\extensions\{a95d8332-e4b4-6e7f-98ac-20b733364387} [2016-04-29]
FF Extension: ProxTube - Unblock YouTube - C:\Users\******\AppData\Roaming\Mozilla\Firefox\Profiles\tdnqdafv.default-1461583433130\Extensions\ich@maltegoetz.de.xpi [2016-04-25]
FF Extension: Download YouTube Videos as MP4 - C:\Users\******\AppData\Roaming\Mozilla\Firefox\Profiles\tdnqdafv.default-1461583433130\Extensions\{b9bfaf1c-a63f-47cd-8b9a-29526ced9060}.xpi [2016-04-25]
FF Extension: Video DownloadHelper - C:\Users\******\AppData\Roaming\Mozilla\Firefox\Profiles\tdnqdafv.default-1461583433130\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}.xpi [2016-05-09]
FF HKLM\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird => nicht gefunden
FF HKLM-x32\...\Firefox\Extensions: [jid0-lmZNVK7a82O8cufhdfB9dUDfA2w@jetpack] - C:\Program Files (x86)\Nuance\NaturallySpeaking12\Program\ffShim.xpi
FF Extension: Dragon NaturallySpeaking Rich Internet Application Support - C:\Program Files (x86)\Nuance\NaturallySpeaking12\Program\ffShim.xpi [2013-10-15] [ist nicht signiert]
FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension@web2pdf.adobedotcom] - C:\Program Files (x86)\Adobe\Acrobat 2015\Acrobat\Browser\WCFirefoxExtn
FF HKLM-x32\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird => nicht gefunden
Chrome:
=======
CHR HomePage: Default -> file:///D:/Eigene%20Webs/Internet-Startseite/Internet%20Startseite.html
CHR StartupUrls: Default -> "file:///D:/Eigene%20Webs/Internet-Startseite/Internet%20Startseite.html"
CHR Profile: C:\Users\******\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Präsentationen) - C:\Users\******\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-02-04]
CHR Extension: (Google Docs) - C:\Users\******\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-02-04]
CHR Extension: (Google Drive) - C:\Users\******\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-21]
CHR Extension: (WOT: Web of Trust, Website Reputation Ratings) - C:\Users\******\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhmmomiinigofkjcapegjjndpbikblnp [2016-04-10]
CHR Extension: (YouTube) - C:\Users\******\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-24]
CHR Extension: (Google-Suche) - C:\Users\******\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-27]
CHR Extension: (Adobe Acrobat) - C:\Users\******\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2016-01-12]
CHR Extension: (Google Tabellen) - C:\Users\******\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-02-04]
CHR Extension: (Google Docs Offline) - C:\Users\******\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-16]
CHR Extension: (StayFocusd) - C:\Users\******\AppData\Local\Google\Chrome\User Data\Default\Extensions\laankejkbhbdhmipfmgcngdelahlfoji [2016-04-12]
CHR Extension: (Video DownloadHelper) - C:\Users\******\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjnegcaeklhafolokijcfjliaokphfk [2016-01-24]
CHR Extension: (Dragon NaturallySpeaking Rich Internet Application Support) - C:\Users\******\AppData\Local\Google\Chrome\User Data\Default\Extensions\mikhcaiakabeeokmenglcdebplfdjicn [2014-09-22]
CHR Extension: (Webutation) - C:\Users\******\AppData\Local\Google\Chrome\User Data\Default\Extensions\nfclfmabiojpommfcalfdgjjeaahnjbj [2015-05-10]
CHR Extension: (Chrome Web Store-Zahlungen) - C:\Users\******\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-02]
CHR Extension: (Google Mail) - C:\Users\******\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-28]
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [mikhcaiakabeeokmenglcdebplfdjicn] - C:\Program Files (x86)\Nuance\NaturallySpeaking12\Program\chromeShim.crx [2013-10-15]
==================== Dienste (Nicht auf der Ausnahmeliste) ========================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
R2 AAV UpdateService; C:\Program Files (x86)\Lexware\AAVUpdateManager\aavus.exe [128296 2008-10-24] ()
S4 Adobe LM Service; C:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [72704 2014-09-02] (Adobe Systems) [Datei ist nicht signiert]
S4 Adobe Version Cue CS2; c:\Program Files x86\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe [163840 2005-04-06] (Adobe Systems Incorporated) [Datei ist nicht signiert]
S4 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2016448 2015-11-25] (Adobe Systems, Incorporated)
R2 ekrn; C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe [1353720 2015-07-08] (ESET)
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [5702416 2015-09-11] (TeamViewer GmbH)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2014-02-20] (Microsoft Corporation)
===================== Treiber (Nicht auf der Ausnahmeliste) ==========================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
R0 amdkmpfd; C:\Windows\System32\drivers\amdkmpfd.sys [36520 2012-09-13] (Advanced Micro Devices, Inc.)
R1 eamonm; C:\Windows\System32\DRIVERS\eamonm.sys [255240 2015-07-14] (ESET)
S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
U5 edevmon; C:\Windows\System32\Drivers\edevmon.sys [251632 2015-07-14] (ESET)
R1 ehdrv; C:\Windows\System32\DRIVERS\ehdrv.sys [178520 2015-07-14] (ESET)
R2 epfw; C:\Windows\System32\DRIVERS\epfw.sys [231520 2015-07-14] (ESET)
R1 EpfwLWF; C:\Windows\System32\DRIVERS\EpfwLWF.sys [53360 2015-07-14] (ESET)
R0 epfwwfp; C:\Windows\System32\DRIVERS\epfwwfp.sys [72400 2015-07-14] (ESET)
S3 KOBCCID; C:\Windows\System32\drivers\KOBCCID.sys [116864 2014-09-29] (KOBIL Systems GmbH)
R3 MTsensor; C:\Windows\system32\drivers\ASACPI.sys [8192 2008-01-21] ()
R3 PdiPorts; C:\Windows\System32\DRIVERS\PdiPorts.sys [20592 2010-04-16] (Portrait Displays, Inc.)
R0 tdrpman251; C:\Windows\System32\DRIVERS\tdrpm251.sys [1455648 2015-03-07] (Acronis)
S3 DIRECTIO; \??\UNC\srv1c027-b.wds8-b.intern\reminst\Test\BitPro64\DirectIo.sys [X]
==================== NetSvcs (Nicht auf der Ausnahmeliste) ===================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
==================== Ein Monat: Erstellte Dateien und Ordner ========
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)
2016-05-10 11:04 - 2016-05-10 11:04 - 00000000 ____D C:\Users\******\Desktop\FRST-OlderVersion
2016-05-09 00:48 - 2016-05-09 00:48 - 00007707 _____ C:\Users\******\Desktop\JRT.txt
2016-05-08 20:11 - 2016-05-08 20:11 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2016-05-08 20:10 - 2016-05-08 20:10 - 00001073 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2016-05-08 20:10 - 2016-05-08 20:10 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware
2016-05-08 20:10 - 2016-05-08 20:10 - 00000000 ____D C:\ProgramData\Malwarebytes
2016-05-08 20:10 - 2016-05-08 20:10 - 00000000 ____D C:\Program Files (x86)\ Malwarebytes Anti-Malware
2016-05-08 20:10 - 2016-03-10 14:09 - 00064896 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2016-05-08 20:10 - 2016-03-10 14:08 - 00140672 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys
2016-05-08 20:10 - 2016-03-10 14:08 - 00027008 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2016-05-08 20:01 - 2016-05-08 20:05 - 00000000 ____D C:\AdwCleaner
2016-05-08 19:58 - 2016-05-08 19:58 - 01610816 _____ (Malwarebytes) C:\Users\******\Desktop\JRT.exe
2016-05-08 19:57 - 2016-05-08 20:01 - 22851472 _____ (Malwarebytes ) C:\Users\******\Desktop\mbam-setup-2.2.1.1043.exe
2016-05-08 19:57 - 2016-05-08 19:57 - 03615296 _____ C:\Users\******\Desktop\AdwCleaner_5.115.exe
2016-05-06 19:06 - 2016-05-06 19:06 - 00002041 _____ C:\Users\Public\Desktop\QuickSteuer Deluxe 2015.lnk
2016-05-05 22:15 - 2016-05-06 08:47 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2016-05-05 00:02 - 2016-05-10 11:05 - 00020473 _____ C:\Users\******\Desktop\FRST.txt
2016-05-05 00:02 - 2016-05-06 10:00 - 00043929 _____ C:\Users\******\Desktop\Addition.txt
2016-05-04 16:24 - 2016-05-10 11:05 - 00000000 ____D C:\FRST
2016-05-04 16:24 - 2016-05-10 11:04 - 02381312 _____ (Farbar) C:\Users\******\Desktop\FRST64.exe
2016-05-04 15:36 - 2016-05-04 15:36 - 00000000 ____D C:\Users\******\AppData\Roaming\Geek Uninstaller
2016-05-04 15:23 - 2016-05-04 15:23 - 00000000 ____D C:\Users\******\Desktop\Vorsicht, Virus!
2016-04-29 20:57 - 2016-04-29 20:57 - 00000000 ____D C:\Users\******\AppData\Roaming\JAM Software
2016-04-25 13:23 - 2016-04-25 13:23 - 00000000 ____D C:\Users\******\Desktop\Alte Firefox-Daten
2016-04-15 08:38 - 2016-04-15 08:38 - 00000000 ____D C:\Users\******\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2016-04-13 08:34 - 2016-03-31 21:25 - 00394952 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2016-04-13 08:34 - 2016-03-31 20:41 - 00346320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2016-04-13 08:34 - 2016-03-31 02:54 - 25817600 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2016-04-13 08:34 - 2016-03-31 02:40 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2016-04-13 08:34 - 2016-03-31 02:40 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2016-04-13 08:34 - 2016-03-31 02:31 - 02892800 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2016-04-13 08:34 - 2016-03-31 02:28 - 00571904 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2016-04-13 08:34 - 2016-03-31 02:28 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2016-04-13 08:34 - 2016-03-31 02:27 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2016-04-13 08:34 - 2016-03-31 02:27 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2016-04-13 08:34 - 2016-03-31 02:27 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2016-04-13 08:34 - 2016-03-31 02:25 - 06052352 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2016-04-13 08:34 - 2016-03-31 02:22 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2016-04-13 08:34 - 2016-03-31 02:21 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2016-04-13 08:34 - 2016-03-31 02:19 - 00615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2016-04-13 08:34 - 2016-03-31 02:17 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2016-04-13 08:34 - 2016-03-31 02:17 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2016-04-13 08:34 - 2016-03-31 02:17 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2016-04-13 08:34 - 2016-03-31 02:17 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2016-04-13 08:34 - 2016-03-31 02:11 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2016-04-13 08:34 - 2016-03-31 02:08 - 00489984 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2016-04-13 08:34 - 2016-03-31 02:03 - 20352512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2016-04-13 08:34 - 2016-03-31 02:02 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2016-04-13 08:34 - 2016-03-31 02:00 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2016-04-13 08:34 - 2016-03-31 01:59 - 00107520 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2016-04-13 08:34 - 2016-03-31 01:57 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2016-04-13 08:34 - 2016-03-31 01:56 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2016-04-13 08:34 - 2016-03-31 01:55 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2016-04-13 08:34 - 2016-03-31 01:53 - 00496640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2016-04-13 08:34 - 2016-03-31 01:53 - 00152064 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2016-04-13 08:34 - 2016-03-31 01:52 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2016-04-13 08:34 - 2016-03-31 01:52 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2016-04-13 08:34 - 2016-03-31 01:52 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2016-04-13 08:34 - 2016-03-31 01:52 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2016-04-13 08:34 - 2016-03-31 01:51 - 02285056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2016-04-13 08:34 - 2016-03-31 01:48 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2016-04-13 08:34 - 2016-03-31 01:48 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2016-04-13 08:34 - 2016-03-31 01:46 - 00476160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2016-04-13 08:34 - 2016-03-31 01:45 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2016-04-13 08:34 - 2016-03-31 01:45 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2016-04-13 08:34 - 2016-03-31 01:45 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2016-04-13 08:34 - 2016-03-31 01:45 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2016-04-13 08:34 - 2016-03-31 01:43 - 00806400 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2016-04-13 08:34 - 2016-03-31 01:43 - 00725504 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2016-04-13 08:34 - 2016-03-31 01:42 - 02131968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2016-04-13 08:34 - 2016-03-31 01:42 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2016-04-13 08:34 - 2016-03-31 01:39 - 15415808 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2016-04-13 08:34 - 2016-03-31 01:38 - 00416256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2016-04-13 08:34 - 2016-03-31 01:34 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2016-04-13 08:34 - 2016-03-31 01:33 - 00091136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2016-04-13 08:34 - 2016-03-31 01:31 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2016-04-13 08:34 - 2016-03-31 01:31 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2016-04-13 08:34 - 2016-03-31 01:30 - 04611072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2016-04-13 08:34 - 2016-03-31 01:30 - 02596864 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2016-04-13 08:34 - 2016-03-31 01:30 - 00279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2016-04-13 08:34 - 2016-03-31 01:29 - 00130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2016-04-13 08:34 - 2016-03-31 01:24 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2016-04-13 08:34 - 2016-03-31 01:23 - 02056192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2016-04-13 08:34 - 2016-03-31 01:23 - 00693248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2016-04-13 08:34 - 2016-03-31 01:22 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2016-04-13 08:34 - 2016-03-31 01:21 - 13811712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2016-04-13 08:34 - 2016-03-31 01:18 - 01547264 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2016-04-13 08:34 - 2016-03-31 01:06 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2016-04-13 08:34 - 2016-03-31 01:05 - 02121216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2016-04-13 08:34 - 2016-03-31 01:02 - 01311744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2016-04-13 08:34 - 2016-03-31 01:00 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2016-04-13 08:34 - 2016-03-29 19:53 - 03216896 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2016-04-13 08:34 - 2016-03-18 01:04 - 05551336 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2016-04-13 08:34 - 2016-03-18 01:04 - 00706280 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2016-04-13 08:34 - 2016-03-18 01:04 - 00154344 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2016-04-13 08:34 - 2016-03-18 01:04 - 00095464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2016-04-13 08:34 - 2016-03-18 01:01 - 01732864 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2016-04-13 08:34 - 2016-03-18 01:01 - 00631176 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2016-04-13 08:34 - 2016-03-18 00:58 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2016-04-13 08:34 - 2016-03-18 00:58 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2016-04-13 08:34 - 2016-03-18 00:58 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2016-04-13 08:34 - 2016-03-18 00:58 - 00215552 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2016-04-13 08:34 - 2016-03-18 00:58 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2016-04-13 08:34 - 2016-03-18 00:58 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2016-04-13 08:34 - 2016-03-18 00:58 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2016-04-13 08:34 - 2016-03-18 00:58 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2016-04-13 08:34 - 2016-03-18 00:58 - 00028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2016-04-13 08:34 - 2016-03-18 00:58 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2016-04-13 08:34 - 2016-03-18 00:57 - 01212928 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2016-04-13 08:34 - 2016-03-18 00:57 - 00344064 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2016-04-13 08:34 - 2016-03-18 00:57 - 00190464 _____ (Microsoft Corporation) C:\Windows\system32\rpchttp.dll
2016-04-13 08:34 - 2016-03-18 00:57 - 00063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2016-04-13 08:34 - 2016-03-18 00:57 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2016-04-13 08:34 - 2016-03-18 00:56 - 02084864 _____ (Microsoft Corporation) C:\Windows\system32\ole32.dll
2016-04-13 08:34 - 2016-03-18 00:56 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2016-04-13 08:34 - 2016-03-18 00:54 - 00316416 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2016-04-13 08:34 - 2016-03-18 00:54 - 00312320 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2016-04-13 08:34 - 2016-03-18 00:54 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2016-04-13 08:34 - 2016-03-18 00:54 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2016-04-13 08:34 - 2016-03-18 00:53 - 01464320 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2016-04-13 08:34 - 2016-03-18 00:53 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2016-04-13 08:34 - 2016-03-18 00:53 - 00731136 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2016-04-13 08:34 - 2016-03-18 00:53 - 00419840 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2016-04-13 08:34 - 2016-03-18 00:50 - 00880640 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2016-04-13 08:34 - 2016-03-18 00:50 - 00690688 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2016-04-13 08:34 - 2016-03-18 00:50 - 00463872 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2016-04-13 08:34 - 2016-03-18 00:50 - 00059904 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2016-04-13 08:34 - 2016-03-18 00:50 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2016-04-13 08:34 - 2016-03-18 00:50 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2016-04-13 08:34 - 2016-03-18 00:50 - 00034816 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2016-04-13 08:34 - 2016-03-18 00:50 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2016-04-13 08:34 - 2016-03-18 00:50 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2016-04-13 08:34 - 2016-03-18 00:50 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2016-04-13 08:34 - 2016-03-18 00:50 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2016-04-13 08:34 - 2016-03-18 00:50 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2016-04-13 08:34 - 2016-03-18 00:50 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2016-04-13 08:34 - 2016-03-18 00:50 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2016-04-13 08:34 - 2016-03-18 00:50 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2016-04-13 08:34 - 2016-03-18 00:50 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2016-04-13 08:34 - 2016-03-18 00:50 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2016-04-13 08:34 - 2016-03-18 00:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2016-04-13 08:34 - 2016-03-18 00:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2016-04-13 08:34 - 2016-03-18 00:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2016-04-13 08:34 - 2016-03-18 00:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2016-04-13 08:34 - 2016-03-18 00:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2016-04-13 08:34 - 2016-03-18 00:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2016-04-13 08:34 - 2016-03-18 00:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2016-04-13 08:34 - 2016-03-18 00:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2016-04-13 08:34 - 2016-03-18 00:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2016-04-13 08:34 - 2016-03-18 00:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2016-04-13 08:34 - 2016-03-18 00:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2016-04-13 08:34 - 2016-03-18 00:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2016-04-13 08:34 - 2016-03-18 00:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2016-04-13 08:34 - 2016-03-18 00:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2016-04-13 08:34 - 2016-03-18 00:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2016-04-13 08:34 - 2016-03-18 00:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2016-04-13 08:34 - 2016-03-18 00:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2016-04-13 08:34 - 2016-03-18 00:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2016-04-13 08:34 - 2016-03-18 00:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2016-04-13 08:34 - 2016-03-18 00:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2016-04-13 08:34 - 2016-03-18 00:36 - 03998952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2016-04-13 08:34 - 2016-03-18 00:36 - 03943144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2016-04-13 08:34 - 2016-03-18 00:33 - 01314112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2016-04-13 08:34 - 2016-03-18 00:31 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2016-04-13 08:34 - 2016-03-18 00:31 - 00666112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2016-04-13 08:34 - 2016-03-18 00:31 - 00275456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2016-04-13 08:34 - 2016-03-18 00:31 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2016-04-13 08:34 - 2016-03-18 00:31 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2016-04-13 08:34 - 2016-03-18 00:30 - 00171520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2016-04-13 08:34 - 2016-03-18 00:30 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2016-04-13 08:34 - 2016-03-18 00:30 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2016-04-13 08:34 - 2016-03-18 00:29 - 00251392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2016-04-13 08:34 - 2016-03-18 00:29 - 00141312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpchttp.dll
2016-04-13 08:34 - 2016-03-18 00:29 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2016-04-13 08:34 - 2016-03-18 00:28 - 01414144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ole32.dll
2016-04-13 08:34 - 2016-03-18 00:27 - 00260608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2016-04-13 08:34 - 2016-03-18 00:27 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2016-04-13 08:34 - 2016-03-18 00:27 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2016-04-13 08:34 - 2016-03-18 00:27 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2016-04-13 08:34 - 2016-03-18 00:26 - 00553984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2016-04-13 08:34 - 2016-03-18 00:25 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2016-04-13 08:34 - 2016-03-18 00:24 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2016-04-13 08:34 - 2016-03-18 00:24 - 00644096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2016-04-13 08:34 - 2016-03-18 00:24 - 00342528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2016-04-13 08:34 - 2016-03-18 00:24 - 00050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll
2016-04-13 08:34 - 2016-03-18 00:24 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2016-04-13 08:34 - 2016-03-18 00:24 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2016-04-13 08:34 - 2016-03-18 00:24 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2016-04-13 08:34 - 2016-03-18 00:24 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2016-04-13 08:34 - 2016-03-18 00:24 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2016-04-13 08:34 - 2016-03-18 00:24 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2016-04-13 08:34 - 2016-03-18 00:24 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2016-04-13 08:34 - 2016-03-18 00:24 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2016-04-13 08:34 - 2016-03-18 00:24 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2016-04-13 08:34 - 2016-03-18 00:24 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2016-04-13 08:34 - 2016-03-18 00:24 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2016-04-13 08:34 - 2016-03-18 00:24 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2016-04-13 08:34 - 2016-03-18 00:24 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2016-04-13 08:34 - 2016-03-18 00:24 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2016-04-13 08:34 - 2016-03-18 00:24 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2016-04-13 08:34 - 2016-03-18 00:24 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2016-04-13 08:34 - 2016-03-18 00:24 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2016-04-13 08:34 - 2016-03-18 00:24 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2016-04-13 08:34 - 2016-03-18 00:24 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2016-04-13 08:34 - 2016-03-18 00:24 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2016-04-13 08:34 - 2016-03-18 00:24 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2016-04-13 08:34 - 2016-03-18 00:24 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2016-04-13 08:34 - 2016-03-18 00:24 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2016-04-13 08:34 - 2016-03-18 00:24 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2016-04-13 08:34 - 2016-03-18 00:24 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2016-04-13 08:34 - 2016-03-17 23:53 - 00148480 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2016-04-13 08:34 - 2016-03-17 23:52 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2016-04-13 08:34 - 2016-03-17 23:52 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2016-04-13 08:34 - 2016-03-17 23:51 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2016-04-13 08:34 - 2016-03-17 23:44 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2016-04-13 08:34 - 2016-03-17 23:43 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2016-04-13 08:34 - 2016-03-17 23:41 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2016-04-13 08:34 - 2016-03-17 23:38 - 00159744 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2016-04-13 08:34 - 2016-03-17 23:37 - 00291328 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2016-04-13 08:34 - 2016-03-17 23:37 - 00129536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2016-04-13 08:34 - 2016-03-17 23:35 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2016-04-13 08:34 - 2016-03-17 23:35 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2016-04-13 08:34 - 2016-03-17 23:30 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2016-04-13 08:34 - 2016-03-17 23:30 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2016-04-13 08:34 - 2016-03-17 23:30 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2016-04-13 08:34 - 2016-03-17 23:30 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2016-04-13 08:34 - 2016-03-17 23:29 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
2016-04-13 08:34 - 2016-03-17 23:29 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2016-04-13 08:34 - 2016-03-17 23:29 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2016-04-13 08:34 - 2016-03-17 23:29 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2016-04-13 08:34 - 2016-03-17 23:29 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2016-04-13 08:34 - 2016-03-16 02:16 - 00760320 _____ (Microsoft Corporation) C:\Windows\system32\samsrv.dll
2016-04-13 08:34 - 2016-03-16 02:16 - 00106496 _____ (Microsoft Corporation) C:\Windows\system32\samlib.dll
2016-04-13 08:34 - 2016-03-16 01:53 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\samlib.dll
2016-04-13 08:34 - 2016-03-11 20:57 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2016-04-13 08:34 - 2016-03-11 20:35 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2016-04-13 08:34 - 2016-03-06 20:53 - 01885696 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2016-04-13 08:34 - 2016-03-06 20:53 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2016-04-13 08:34 - 2016-03-06 20:38 - 01240576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2016-04-13 08:34 - 2016-03-06 20:38 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
==================== Ein Monat: Geänderte Dateien und Ordner ========
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)
2016-05-10 11:04 - 2014-09-13 10:55 - 00000000 ____D C:\Users\******\AppData\Roaming\Skype
2016-05-10 11:04 - 2014-07-28 19:13 - 00000000 ____D C:\Users\******\AppData\Roaming\JFritz
2016-05-10 10:40 - 2015-06-01 11:34 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2016-05-10 10:33 - 2015-06-19 10:22 - 00001224 _____ C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-1645918933-1587179398-1173790561-1000UA.job
2016-05-10 07:39 - 2014-07-29 18:58 - 00000000 ____D C:\ProgramData\TEMP
2016-05-10 07:16 - 2014-07-28 09:10 - 00000000 ___RD C:\Users\******\Dropbox
2016-05-10 07:11 - 2009-07-14 06:45 - 00028944 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-05-10 07:11 - 2009-07-14 06:45 - 00028944 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-05-10 07:04 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-05-09 18:33 - 2015-06-19 10:22 - 00001172 _____ C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-1645918933-1587179398-1173790561-1000Core.job
2016-05-08 23:46 - 2014-12-18 10:15 - 00000000 ____D C:\Users\******\AppData\Roaming\Audacity
2016-05-08 23:18 - 2014-07-28 23:48 - 00000000 ____D C:\Users\******\AppData\Roaming\vlc
2016-05-08 17:26 - 2014-07-28 00:03 - 00000000 ____D C:\Users\******\AppData\Local\CrashDumps
2016-05-08 11:24 - 2014-07-30 16:26 - 00001958 _____ C:\Users\******\AppData\Roaming\SAS7_000.DAT
2016-05-06 22:46 - 2014-07-28 23:48 - 00000000 ____D C:\Users\******\AppData\Roaming\dvdcss
2016-05-06 19:06 - 2014-10-04 17:20 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lexware
2016-05-06 08:47 - 2015-06-01 08:42 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2016-05-05 11:10 - 2015-05-08 11:43 - 00000000 ____D C:\Program Files (x86)\TeamViewer
2016-05-04 15:54 - 2015-01-03 12:38 - 00000000 ____D C:\Users\******\AppData\Local\Microsoft Games
2016-05-04 12:36 - 2014-09-13 10:55 - 00000000 ____D C:\ProgramData\Skype
2016-05-01 13:42 - 2015-11-13 17:17 - 00000000 ____D C:\Users\******\AppData\Roaming\MuseScore
2016-05-01 12:23 - 2011-04-12 09:43 - 00702630 _____ C:\Windows\system32\perfh007.dat
2016-05-01 12:23 - 2011-04-12 09:43 - 00150288 _____ C:\Windows\system32\perfc007.dat
2016-05-01 12:23 - 2009-07-14 07:13 - 01628106 _____ C:\Windows\system32\PerfStringBackup.INI
2016-05-01 12:23 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\inf
2016-04-29 21:19 - 2014-07-28 23:54 - 00000000 ____D C:\Users\******\dwhelper
2016-04-28 08:33 - 2014-07-27 17:29 - 00000432 _____ C:\Windows\BRWMARK.INI
2016-04-21 15:05 - 2010-11-21 05:27 - 00453288 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2016-04-21 13:29 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\system32\NDF
2016-04-16 00:26 - 2014-09-12 18:44 - 00000000 ____D C:\Users\******\AppData\LocalLow\Adobe
2016-04-15 12:14 - 2016-02-27 09:11 - 00001310 _____ C:\Users\******\Desktop\Mal-Einführung - Verknüpfung.lnk
2016-04-15 12:14 - 2015-12-23 22:26 - 00001126 _____ C:\Users\******\Desktop\Filmprojekte - Verknüpfung.lnk
2016-04-15 12:14 - 2015-06-22 09:49 - 00001273 _____ C:\Users\******\Desktop\Goldene Hochzeit Schwiegereltern - Verknüpfung.lnk
2016-04-15 08:39 - 2014-07-28 09:08 - 00000000 ____D C:\Users\******\AppData\Roaming\Dropbox
2016-04-15 08:38 - 2015-06-19 10:22 - 00000000 ____D C:\Users\******\AppData\Local\Dropbox
2016-04-14 06:30 - 2009-07-14 06:45 - 01026784 _____ C:\Windows\system32\FNTCACHE.DAT
2016-04-13 23:48 - 2014-07-17 23:18 - 00000000 ____D C:\Windows\system32\MRT
2016-04-13 23:30 - 2014-07-17 23:18 - 135176864 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2016-04-11 14:52 - 2014-07-28 21:06 - 00000000 ____D C:\Users\******\AppData\Local\ElevatedDiagnostics
==================== Dateien im Wurzelverzeichnis einiger Verzeichnisse =======
2014-07-30 16:26 - 2016-05-08 11:24 - 0001958 _____ () C:\Users\******\AppData\Roaming\SAS7_000.DAT
2015-05-26 11:07 - 2015-05-26 11:07 - 0007602 _____ () C:\Users\******\AppData\Local\Resmon.ResmonCfg
Einige Dateien in TEMP:
====================
C:\Users\******\AppData\Local\Temp\libeay32.dll
C:\Users\******\AppData\Local\Temp\msvcr120.dll
C:\Users\******\AppData\Local\Temp\SkypeSetup.exe
C:\Users\******\AppData\Local\Temp\sqlite3.dll
==================== Bamital & volsnap =================
(Es ist kein automatischer Fix für Dateien vorhanden, die an der Verifikation gescheitert sind.)
C:\Windows\system32\winlogon.exe => Datei ist digital signiert
C:\Windows\system32\wininit.exe => Datei ist digital signiert
C:\Windows\SysWOW64\wininit.exe => Datei ist digital signiert
C:\Windows\explorer.exe => Datei ist digital signiert
C:\Windows\SysWOW64\explorer.exe => Datei ist digital signiert
C:\Windows\system32\svchost.exe => Datei ist digital signiert
C:\Windows\SysWOW64\svchost.exe => Datei ist digital signiert
C:\Windows\system32\services.exe => Datei ist digital signiert
C:\Windows\system32\User32.dll => Datei ist digital signiert
C:\Windows\SysWOW64\User32.dll => Datei ist digital signiert
C:\Windows\system32\userinit.exe => Datei ist digital signiert
C:\Windows\SysWOW64\userinit.exe => Datei ist digital signiert
C:\Windows\system32\rpcss.dll => Datei ist digital signiert
C:\Windows\system32\dnsapi.dll => Datei ist digital signiert
C:\Windows\SysWOW64\dnsapi.dll => Datei ist digital signiert
C:\Windows\system32\Drivers\volsnap.sys => Datei ist digital signiert
LastRegBack: 2016-05-08 00:16
==================== Ende von FRST.txt ============================
Und schließlich noch die Addition.txt: Code:
ATTFilter Zusätzliches Untersuchungsergebnis von Farbar Recovery Scan Tool (x64) Version:09-05-2016
durchgeführt von ****** (2016-05-10 11:05:40)
Gestartet von C:\Users\******\Desktop
Windows 7 Home Premium Service Pack 1 (X64) (2014-07-13 15:23:05)
Start-Modus: Normal
==========================================================
==================== Konten: =============================
Administrator (S-1-5-21-1645918933-1587179398-1173790561-500 - Administrator - Enabled) => C:\Users\Administrator
Björn (S-1-5-21-1645918933-1587179398-1173790561-1001 - Limited - Enabled) => C:\Users\Björn
Gast (S-1-5-21-1645918933-1587179398-1173790561-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1645918933-1587179398-1173790561-1004 - Limited - Enabled)
****** (S-1-5-21-1645918933-1587179398-1173790561-1000 - Administrator - Enabled) => C:\Users\******
==================== Sicherheits-Center ========================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er entfernt.)
AV: ESET Smart Security 8.0 (Enabled - Up to date) {19259FAE-8396-A113-46DB-15B0E7DFA289}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: ESET Smart Security 8.0 (Enabled - Up to date) {A2447E4A-A5AC-AE9D-7C6B-2EC29C58E834}
FW: ESET Personal Firewall (Enabled) {211E1E8B-C9F9-A04B-6D84-BC85190CE5F2}
==================== Installierte Programme ======================
(Nur Adware-Programme mit dem Zusatz "Hidden" können in die Fixlist aufgenommen werden, um sie sichtbar zu machen. Die Adware-Programme sollten manuell deinstalliert werden.)
AAVUpdateManager (HKLM-x32\...\{AFA42FE1-A5C3-485F-9180-BFCF5BF1F1C3}) (Version: 18.00.0000 - Wolters Kluwer Deutschland GmbH)
AccountService (Version: 1.1.69 - Essentware) Hidden
Acronis True Image Home (HKLM-x32\...\{C2F1F96A-057E-5819-B52E-FEA1D1D2933B}) (Version: 13.0.5029 - Acronis)
Adobe Acrobat DC (HKLM-x32\...\{AC76BA86-1033-FFFF-7760-0E0F06755100}) (Version: 15.006.30119 - Adobe Systems Incorporated)
Adobe Creative Suite 2 (HKLM-x32\...\{0134A1A1-C283-4A47-91A1-92F19F960372}) (Version: - )
Adobe Flash Player 21 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 21.0.0.213 - Adobe Systems Incorporated)
Adobe Flash Player 21 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 21.0.0.213 - Adobe Systems Incorporated)
Adobe Photoshop Lightroom 5.6 64-bit (HKLM\...\{D19E99C2-6D9D-4075-B446-B4387EAF70A5}) (Version: 5.6.0 - Adobe Systems Incorporated)
Adobe Premiere Pro 2.0 (HKLM-x32\...\Adobe Premiere Pro 2.0) (Version: 2.000.000 - Adobe Systems, Inc.)
Adobe Reader XI (11.0.14) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.14 - Adobe Systems Incorporated)
Adobe SVG Viewer 3.0 (HKLM-x32\...\Adobe SVG Viewer) (Version: 3.0 - Adobe Systems, Inc.)
Ant Renamer (HKLM-x32\...\Ant Renamer 2_is1) (Version: 2.10.0 - Ant Software)
Apple Application Support (HKLM-x32\...\{78002155-F025-4070-85B3-7C0453561701}) (Version: 3.0.6 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{6AF2AC2A-3532-43FD-9F4D-BDC9C0D724C7}) (Version: 7.1.2.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Ashampoo Burning Studio 2014 v.12.0.5 (HKLM-x32\...\{91B33C97-280F-B76D-E27B-E712D7041B76}_is1) (Version: 12.0.5 - Ashampoo GmbH & Co. KG)
Audacity 2.0.2 (HKLM-x32\...\Audacity_is1) (Version: 2.0.2 - Audacity Team)
Audible Download Manager (HKLM-x32\...\AudibleDownloadManager) (Version: 6.6.0.15 - Audible, Inc.)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 3.02 - Piriform)
Compatibility Pack für 2007 Office System (HKLM-x32\...\{90120000-0020-0407-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Dragon NaturallySpeaking 12 (HKLM-x32\...\{D5D422B9-6976-4E98-8DDF-9632CB515D7E}) (Version: 12.50.000 - Nuance Communications Inc.)
Dropbox (HKU\S-1-5-21-1645918933-1587179398-1173790561-1000\...\Dropbox) (Version: 3.18.1 - Dropbox, Inc.)
Druckerdeinstallation für EPSON BX620FWD Series (HKLM\...\EPSON BX620FWD Series) (Version: - SEIKO EPSON Corporation)
DVR-Compress (HKLM-x32\...\{BD61F72D-2F1F-4BE1-9D41-3DF75B2CA59A}) (Version: - Haenlein Software)
DVR-Studio Pro 2 (HKLM-x32\...\{BD60F72D-3F2F-4AE1-9C41-3CF75B2CA59A}) (Version: - Haenlein Software)
EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version: - Seiko Epson Corporation)
EpsonNet Print (HKLM-x32\...\{3E31400D-274E-4647-916C-2CACC3741799}) (Version: 2.6.0 - SEIKO EPSON CORPORATION)
EpsonNet Setup 3.3 (HKLM-x32\...\{C9D8A041-2963-4B31-8FFC-1500F3DB9293}) (Version: 3.3b - SEIKO EPSON CORPORATION)
ESET Smart Security (HKLM\...\{B06E39BF-C72B-446B-9462-1EE31789B3A2}) (Version: 8.0.319.1 - ESET, spol s r. o.)
FFmpeg (Windows) for Audacity Version 2.2.2 (HKLM-x32\...\{9C7E31E3-017F-434C-AC40-24431A354A1E}_is1) (Version: 2.2.2 - )
FileZilla Client 3.11.0.2 (HKLM-x32\...\FileZilla Client) (Version: 3.11.0.2 - Tim Kosse)
Fotogalerie (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Galería de fotos (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Galerie de photos (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 48.0.2564.97 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.29.1 - Google Inc.) Hidden
iTunes (HKLM\...\{77DE5105-D05E-448C-96CB-7FA381903753}) (Version: 11.3.1.2 - Apple Inc.)
Java 8 Update 66 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218066F0}) (Version: 8.0.660.18 - Oracle Corporation)
JFritz 0.7.5 Rev. 1 (HKLM-x32\...\{AF5B3ED5-70D3-48CF-A00F-FC29F5261A37}_is1) (Version: - JFritz Team)
Junk Mail filter update (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
KOBIL drivers x64x86 installation (x32 Version: 1.013.02221 - KOBIL Systems) Hidden
KOBIL Kartenleser Treiber v2.3 (HKLM-x32\...\{3ECA0079-088F-4E69-B66A-65D5E687B092}) (Version: 2.3.03111 - KOBIL Systems)
LAME v3.99.3 (for Windows) (HKLM-x32\...\LAME_is1) (Version: - )
Logitech Harmony Remote Software (HKLM-x32\...\{634F79E1-2A41-4C40-9E8D-89EC740AC9D6}) (Version: 0.6.0201 - Logitech)
Luminance HDR 2.3.1 (HKLM\...\{7020FC34-6E04-4858-924D-354B28CB2402}_is1) (Version: - Luminance HDR Dev Team)
Malwarebytes Anti-Malware Version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
Microsoft .NET Framework 4.5.2 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 (Français) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1036) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft LifeCam (HKLM\...\{5CE7E3F5-9803-4F32-AA89-2D8848A80109}) (Version: 3.60.253.0 - Microsoft Corporation)
Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4454.1510 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Live Add-in 1.5 (HKLM-x32\...\{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}) (Version: 2.0.4024.1 - Microsoft Corporation)
Microsoft Office Professional Edition 2003 (HKLM-x32\...\{91110407-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)
Microsoft Office XP Professional mit FrontPage (HKLM-x32\...\{90280407-6000-11D3-8CFE-0050048383C9}) (Version: 10.0.6626.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.41212.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Movie Maker (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Mozilla Firefox 46.0.1 (x86 de) (HKLM-x32\...\Mozilla Firefox 46.0.1 (x86 de)) (Version: 46.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 46.0.1.5966 - Mozilla)
Mozilla Thunderbird 31.2.0 (x86 de) (HKLM-x32\...\Mozilla Thunderbird 31.2.0 (x86 de)) (Version: 31.2.0 - Mozilla)
Mp3tag v2.71 (HKLM-x32\...\Mp3tag) (Version: v2.71 - Florian Heidenreich)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
MuseScore 1.3 (HKLM-x32\...\MuseScore) (Version: 1.3.0 - Werner Schweer and Others)
MuseScore 2 (HKLM-x32\...\{D0969A82-E79E-45D9-95D2-B2824880F780}) (Version: 2.0.2 - Werner Schweer and Others)
OpenSC (HKLM-x32\...\{33A2BFC1-5465-4284-9377-28493C47840E}) (Version: 0.14.0.0 - OpenSC Project)
PCKAVLang.de (Version: 1.0.0 - Essentware) Hidden
PCKLang.de (Version: 1.0.0 - Essentware) Hidden
Pivot Software (HKLM-x32\...\{0217E1D1-BCEF-4A61-AF6D-F7740F65A066}) (Version: 9.51.003 - Portrait Displays, Inc.)
QuickSteuer Deluxe 2014 (HKLM-x32\...\{F0DDB61B-25D1-4159-8F10-7A5B83B86339}) (Version: 20.04.00.0003 - Haufe-Lexware GmbH & Co.KG)
QuickSteuer Deluxe 2015 (HKLM-x32\...\{49E0E0CA-C817-49C8-861B-B766599BCB96}) (Version: 20.41.174 - Haufe-Lexware GmbH & Co.KG)
QuickTime 7 (HKLM-x32\...\{111EE7DF-FC45-40C7-98A7-753AC46B12FB}) (Version: 7.75.80.95 - Apple Inc.)
Raccolta foto (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Recuva (HKLM\...\Recuva) (Version: 1.51 - Piriform)
Samsung Kies (HKLM-x32\...\InstallShield_{758C8301-2696-4855-AF45-534B1200980A}) (Version: 2.3.3.12085_7 - Samsung Electronics Co., Ltd.)
Samsung Kies (x32 Version: 2.3.3.12085_7 - Samsung Electronics Co., Ltd.) Hidden
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.9.0 - SAMSUNG Electronics Co., Ltd.)
SDK (x32 Version: 2.22.002 - Portrait Displays, Inc.) Hidden
Skype™ 7.22 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.22.109 - Skype Technologies S.A.)
Suite Specific (x32 Version: 2.0.0 - Adobe Systems, Incorporated) Hidden
Sun ODF Plugin for Microsoft Office 3.2 (HKLM-x32\...\{BD136CE7-6666-4273-A056-8D92F8625AAB}) (Version: 3.2.9483 - Sun Microsystems)
TeamViewer 10 (HKLM-x32\...\TeamViewer) (Version: 10.0.47484 - TeamViewer)
TrueType-Font Klee 1.0 (HKLM-x32\...\{17350614-D988-4250-A77A-445361799829}_is1) (Version: 1.0 - Schroedel)
Visual Studio C++ 10.0 Runtime (HKLM-x32\...\{4412F224-3849-4461-A3E9-DEEF8D252790}) (Version: 10.0.0 - TomTom International B.V.)
VLC media player 2.1.4 (HKLM\...\VLC media player) (Version: 2.1.4 - VideoLAN)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
WinRAR 5.10 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 5.10.0 - win.rar GmbH)
==================== Benutzerdefinierte CLSID (Nicht auf der Ausnahmeliste): ==========================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
CustomCLSID: HKU\S-1-5-21-1645918933-1587179398-1173790561-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\******\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1645918933-1587179398-1173790561-1000_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Users\******\AppData\Roaming\Dropbox\bin\DropboxExt64.30.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1645918933-1587179398-1173790561-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\******\AppData\Roaming\Dropbox\bin\DropboxExt64.30.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1645918933-1587179398-1173790561-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\******\AppData\Roaming\Dropbox\bin\DropboxExt64.30.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1645918933-1587179398-1173790561-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\******\AppData\Roaming\Dropbox\bin\DropboxExt64.30.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1645918933-1587179398-1173790561-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\******\AppData\Roaming\Dropbox\bin\DropboxExt64.30.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1645918933-1587179398-1173790561-1000_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\******\AppData\Roaming\Dropbox\bin\DropboxExt64.30.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1645918933-1587179398-1173790561-1000_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\******\AppData\Roaming\Dropbox\bin\DropboxExt64.30.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1645918933-1587179398-1173790561-1000_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\******\AppData\Roaming\Dropbox\bin\DropboxExt64.30.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1645918933-1587179398-1173790561-1000_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\******\AppData\Roaming\Dropbox\bin\DropboxExt64.30.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1645918933-1587179398-1173790561-1000_Classes\CLSID\{FBC9D74C-AF55-4309-9FB2-C426E071637F}\InprocServer32 -> C:\Users\******\AppData\Roaming\Dropbox\bin\DropboxExt64.30.dll (Dropbox, Inc.)
==================== Geplante Aufgaben (Nicht auf der Ausnahmeliste) =============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
Task: {279B454A-2823-4F81-8540-3952AF601CE5} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)
Task: {2D3B2970-54BA-4EB5-9B77-B60EB97D4405} - System32\Tasks\GoogleUpdateTaskMachineUA1d08f945924455e => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)
Task: {3CBDAF57-2B04-4DCC-AF14-CF3DA1D6DFA5} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-12-14] (Adobe Systems Incorporated)
Task: {593164A8-EED5-4248-B1D8-C2C45D6C2347} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)
Task: {6255AF87-11BF-4298-80B3-7D55035ABE7C} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-1645918933-1587179398-1173790561-1000Core => C:\Users\******\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2015-06-19] (Dropbox, Inc.)
Task: {8511D224-037B-45CF-98B2-D9D152321F78} - System32\Tasks\GoogleUpdateTaskMachineCore1d08f945860f54c => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)
Task: {A0E30C18-2F4E-47C1-9D27-6B83DA14761A} - System32\Tasks\{7126B2BC-AE4D-40E9-8A96-6559F674DAF6} => C:\Program Files (x86)\Microsoft Office\OFFICE11\EXCEL.EXE [2013-05-29] (Microsoft Corporation)
Task: {A8DAE3CF-DBBD-43BB-B76B-B4BDCAECEB36} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-1645918933-1587179398-1173790561-1000UA => C:\Users\******\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2015-06-19] (Dropbox, Inc.)
Task: {B0418181-B5AD-434E-93D1-B4E12922DFC9} - System32\Tasks\{883EC3CF-FF72-4ADF-B19F-1BFB58CAFC1C} => E:\Auslagerung besonders großer Dateien\Zwischengeparkt\Adobe\Acrobat pro 7.0\22020134.exe
Task: {B1D2F4F4-5A8F-4F5F-B817-1B694B5188DF} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-04-07] (Adobe Systems Incorporated)
Task: {B3D330B6-B5BC-4244-B5FE-CDA9E91D1194} - System32\Tasks\{BCF9596D-1BB2-4F04-A68C-0AB73F4580A2} => pcalua.exe -a "E:\Auslagerung besonders großer Dateien\Zwischengeparkt\Adobe\Acrobat 8\APRO23_Win_ESD1_WWEFG.exe" -d "E:\Auslagerung besonders großer Dateien\Zwischengeparkt\Adobe\Acrobat 8"
Task: {D23C1F35-0567-47E0-98BB-220DACC5F009} - System32\Tasks\GoogleUpdateTaskMachineUA1d041e11c46c845 => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)
Task: {F83F26F7-6181-4679-853B-B74662F5ED46} - System32\Tasks\GoogleUpdateTaskMachineCore1d041e11ba2e4bf => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Aufgabe verschoben. Die Datei, die durch die Aufgabe gestartet wird, wird nicht verschoben.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-1645918933-1587179398-1173790561-1000Core.job => C:\Users\******\AppData\Local\Dropbox\Update\DropboxUpdate.exe
Task: C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-1645918933-1587179398-1173790561-1000UA.job => C:\Users\******\AppData\Local\Dropbox\Update\DropboxUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore1d041e11ba2e4bf.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore1d08f945860f54c.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA1d041e11c46c845.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA1d08f945924455e.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
==================== Verknüpfungen =============================
(Die Einträge können gelistet werden, um sie zurückzusetzen oder zu entfernen.)
==================== Geladene Module (Nicht auf der Ausnahmeliste) ==============
2008-10-24 16:35 - 2008-10-24 16:35 - 00128296 _____ () C:\Program Files (x86)\Lexware\AAVUpdateManager\aavus.exe
2015-06-02 17:18 - 2015-06-02 17:18 - 00043480 _____ () C:\Program Files (x86)\FileZilla FTP Client\fzshellext_64.dll
2015-12-12 15:33 - 2016-03-21 23:50 - 00034768 _____ () C:\Users\******\AppData\Roaming\Dropbox\bin\_multiprocessing.pyd
2016-04-15 08:37 - 2016-03-21 23:51 - 00019408 _____ () C:\Users\******\AppData\Roaming\Dropbox\bin\faulthandler.pyd
2016-04-15 08:37 - 2016-03-21 23:50 - 00116688 _____ () C:\Users\******\AppData\Roaming\Dropbox\bin\pywintypes27.dll
2015-12-12 15:33 - 2016-03-21 23:50 - 00093640 _____ () C:\Users\******\AppData\Roaming\Dropbox\bin\_ctypes.pyd
2015-12-12 15:33 - 2016-03-21 23:50 - 00018376 _____ () C:\Users\******\AppData\Roaming\Dropbox\bin\select.pyd
2015-12-12 15:33 - 2016-04-08 20:20 - 00019760 _____ () C:\Users\******\AppData\Roaming\Dropbox\bin\tornado.speedups.pyd
2015-12-12 15:33 - 2016-03-21 23:52 - 00105928 _____ () C:\Users\******\AppData\Roaming\Dropbox\bin\win32api.pyd
2016-04-15 08:37 - 2016-03-21 23:50 - 00392144 _____ () C:\Users\******\AppData\Roaming\Dropbox\bin\pythoncom27.dll
2015-12-12 15:33 - 2016-04-08 20:20 - 00381752 _____ () C:\Users\******\AppData\Roaming\Dropbox\bin\win32com.shell.shell.pyd
2015-12-12 15:33 - 2016-03-21 23:50 - 00692688 _____ () C:\Users\******\AppData\Roaming\Dropbox\bin\unicodedata.pyd
2016-04-15 08:37 - 2016-04-08 20:19 - 00020816 _____ () C:\Users\******\AppData\Roaming\Dropbox\bin\cryptography.hazmat.bindings._constant_time.pyd
2015-12-12 15:33 - 2016-03-21 23:51 - 00112592 _____ () C:\Users\******\AppData\Roaming\Dropbox\bin\_cffi_backend.pyd
2016-04-15 08:37 - 2016-04-08 20:19 - 01682760 _____ () C:\Users\******\AppData\Roaming\Dropbox\bin\cryptography.hazmat.bindings._openssl.pyd
2016-04-15 08:37 - 2016-04-08 20:19 - 00020808 _____ () C:\Users\******\AppData\Roaming\Dropbox\bin\cryptography.hazmat.bindings._padding.pyd
2015-12-12 15:33 - 2016-04-08 20:20 - 00021840 _____ () C:\Users\******\AppData\Roaming\Dropbox\bin\_cffi_unicode_environ_win32_x8bf8e68bx9968e850.pyd
2016-04-15 08:37 - 2016-04-08 20:19 - 00038696 _____ () C:\Users\******\AppData\Roaming\Dropbox\bin\fastpath.pyd
2016-04-15 08:37 - 2016-03-21 23:52 - 00020936 _____ () C:\Users\******\AppData\Roaming\Dropbox\bin\mmapfile.pyd
2015-12-12 15:33 - 2016-03-21 23:52 - 00024528 _____ () C:\Users\******\AppData\Roaming\Dropbox\bin\win32event.pyd
2015-12-12 15:33 - 2016-03-21 23:52 - 00114640 _____ () C:\Users\******\AppData\Roaming\Dropbox\bin\win32security.pyd
2015-12-12 15:33 - 2016-03-21 23:52 - 00124880 _____ () C:\Users\******\AppData\Roaming\Dropbox\bin\win32file.pyd
2016-02-12 09:19 - 2016-04-08 20:20 - 00021832 _____ () C:\Users\******\AppData\Roaming\Dropbox\bin\_cffi_pywin_kernel32_x64d8f881xc8c369be.pyd
2015-12-12 15:33 - 2016-03-21 23:52 - 00024016 _____ () C:\Users\******\AppData\Roaming\Dropbox\bin\win32clipboard.pyd
2015-12-12 15:33 - 2016-03-21 23:52 - 00175560 _____ () C:\Users\******\AppData\Roaming\Dropbox\bin\win32gui.pyd
2015-12-12 15:33 - 2016-03-21 23:52 - 00030160 _____ () C:\Users\******\AppData\Roaming\Dropbox\bin\win32pipe.pyd
2015-12-12 15:33 - 2016-03-21 23:52 - 00043472 _____ () C:\Users\******\AppData\Roaming\Dropbox\bin\win32process.pyd
2015-12-12 15:33 - 2016-03-21 23:52 - 00028616 _____ () C:\Users\******\AppData\Roaming\Dropbox\bin\win32ts.pyd
2015-12-12 15:33 - 2016-03-21 23:52 - 00048592 _____ () C:\Users\******\AppData\Roaming\Dropbox\bin\win32service.pyd
2016-04-15 08:37 - 2016-04-08 20:19 - 00026456 _____ () C:\Users\******\AppData\Roaming\Dropbox\bin\dropbox.infinite.win.compiled._driverinstallation.pyd
2015-12-12 15:33 - 2016-03-21 23:52 - 00057808 _____ () C:\Users\******\AppData\Roaming\Dropbox\bin\win32evtlog.pyd
2015-12-12 15:33 - 2016-03-21 23:52 - 00024016 _____ () C:\Users\******\AppData\Roaming\Dropbox\bin\win32profile.pyd
2016-04-15 08:37 - 2016-04-08 20:19 - 00117056 _____ () C:\Users\******\AppData\Roaming\Dropbox\bin\breakpad.client.windows.handler.pyd
2015-12-12 15:33 - 2016-04-08 20:20 - 00023376 _____ () C:\Users\******\AppData\Roaming\Dropbox\bin\winscreenshot.compiled._CaptureScreenshot.pyd
2015-12-12 15:33 - 2016-03-21 23:50 - 00134608 _____ () C:\Users\******\AppData\Roaming\Dropbox\bin\_elementtree.pyd
2016-04-15 08:37 - 2016-03-21 23:50 - 00134088 _____ () C:\Users\******\AppData\Roaming\Dropbox\bin\pyexpat.pyd
2016-04-15 08:37 - 2016-03-21 23:51 - 00240584 _____ () C:\Users\******\AppData\Roaming\Dropbox\bin\jpegtran.pyd
2016-04-15 08:37 - 2016-04-08 20:19 - 00024392 _____ () C:\Users\******\AppData\Roaming\Dropbox\bin\librsyncffi.compiled._librsyncffi.pyd
2016-04-15 08:37 - 2016-03-21 23:52 - 00036296 _____ () C:\Users\******\AppData\Roaming\Dropbox\bin\librsync.dll
2016-04-15 08:37 - 2016-04-08 20:19 - 00052024 _____ () C:\Users\******\AppData\Roaming\Dropbox\bin\psutil._psutil_windows.pyd
2016-02-12 09:19 - 2016-04-08 20:20 - 00020800 _____ () C:\Users\******\AppData\Roaming\Dropbox\bin\winffi.iphlpapi._winffi_iphlpapi.pyd
2016-02-12 09:19 - 2016-04-08 20:20 - 00021824 _____ () C:\Users\******\AppData\Roaming\Dropbox\bin\winffi.kernel32._winffi_kernel32.pyd
2016-02-12 09:19 - 2016-04-08 20:20 - 00019776 _____ () C:\Users\******\AppData\Roaming\Dropbox\bin\winffi.winerror._winffi_winerror.pyd
2016-02-12 09:19 - 2016-04-08 20:20 - 00020800 _____ () C:\Users\******\AppData\Roaming\Dropbox\bin\winffi.wininet._winffi_wininet.pyd
2016-04-15 08:37 - 2016-04-08 20:19 - 00020280 _____ () C:\Users\******\AppData\Roaming\Dropbox\bin\cpuid.compiled._cpuid.pyd
2015-12-12 15:33 - 2016-03-21 23:52 - 00350152 _____ () C:\Users\******\AppData\Roaming\Dropbox\bin\winxpgui.pyd
2016-02-12 09:19 - 2016-04-08 20:20 - 00022352 _____ () C:\Users\******\AppData\Roaming\Dropbox\bin\winverifysignature.compiled._VerifySignature.pyd
2016-04-15 08:37 - 2016-04-08 20:19 - 00084280 _____ () C:\Users\******\AppData\Roaming\Dropbox\bin\dropbox_sqlite_ext.DLL
2016-04-15 08:37 - 2016-04-08 20:20 - 01826096 _____ () C:\Users\******\AppData\Roaming\Dropbox\bin\PyQt5.QtCore.pyd
2015-12-12 15:33 - 2016-03-21 23:51 - 00083912 _____ () C:\Users\******\AppData\Roaming\Dropbox\bin\sip.pyd
2016-04-15 08:37 - 2016-04-08 20:20 - 03928880 _____ () C:\Users\******\AppData\Roaming\Dropbox\bin\PyQt5.QtWidgets.pyd
2016-04-15 08:37 - 2016-04-08 20:20 - 01971504 _____ () C:\Users\******\AppData\Roaming\Dropbox\bin\PyQt5.QtGui.pyd
2016-04-15 08:37 - 2016-04-08 20:20 - 00531248 _____ () C:\Users\******\AppData\Roaming\Dropbox\bin\PyQt5.QtNetwork.pyd
2016-04-15 08:37 - 2016-04-08 20:20 - 00132912 _____ () C:\Users\******\AppData\Roaming\Dropbox\bin\PyQt5.QtWebKit.pyd
2016-04-15 08:37 - 2016-04-08 20:20 - 00223544 _____ () C:\Users\******\AppData\Roaming\Dropbox\bin\PyQt5.QtWebKitWidgets.pyd
2016-04-15 08:37 - 2016-04-08 20:20 - 00207672 _____ () C:\Users\******\AppData\Roaming\Dropbox\bin\PyQt5.QtPrintSupport.pyd
2016-04-15 08:37 - 2016-04-08 20:20 - 00158008 _____ () C:\Users\******\AppData\Roaming\Dropbox\bin\PyQt5.QtWebEngineWidgets.pyd
2016-04-15 08:37 - 2016-04-08 20:20 - 00042808 _____ () C:\Users\******\AppData\Roaming\Dropbox\bin\PyQt5.QtWebChannel.pyd
2016-04-15 08:37 - 2016-03-21 23:54 - 00017864 _____ () C:\Users\******\AppData\Roaming\Dropbox\bin\libEGL.dll
2016-04-15 08:37 - 2016-03-21 23:54 - 01631184 _____ () C:\Users\******\AppData\Roaming\Dropbox\bin\libGLESv2.dll
2015-12-12 15:33 - 2016-04-08 20:20 - 00024904 _____ () C:\Users\******\AppData\Roaming\Dropbox\bin\_cffi_wpad_proxy_win_x752e3d61xdcfdcc84.pyd
2016-04-15 08:37 - 2016-04-08 20:20 - 00546096 _____ () C:\Users\******\AppData\Roaming\Dropbox\bin\PyQt5.QtQuick.pyd
2016-04-15 08:37 - 2016-04-08 20:20 - 00357680 _____ () C:\Users\******\AppData\Roaming\Dropbox\bin\PyQt5.QtQml.pyd
2015-03-04 23:45 - 2016-03-21 23:56 - 00697304 _____ () C:\Users\******\AppData\Roaming\Dropbox\bin\QtQuick\Controls\qtquickcontrolsplugin.dll
==================== Alternate Data Streams (Nicht auf der Ausnahmeliste) =========
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird nur der ADS entfernt.)
AlternateDataStreams: C:\ProgramData\TEMP:0FF263E8 [496]
==================== Abgesicherter Modus (Nicht auf der Ausnahmeliste) ===================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Der Wert "AlternateShell" wird wiederhergestellt.)
==================== Verknüpfungen (Nicht auf der Ausnahmeliste) ===============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt.)
==================== Internet Explorer Vertrauenswürdig/Eingeschränkt ===============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt.)
==================== Hosts Inhalt: ===============================
(Wenn benötigt kann der Hosts: Schalter in die Fixlist aufgenommen werden um die Hosts Datei zurückzusetzen.)
2009-07-14 04:34 - 2009-06-10 23:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
==================== Andere Bereiche ============================
(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)
HKU\S-1-5-21-1645918933-1587179398-1173790561-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\******\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.178.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall ist aktiviert.
==================== MSCONFIG/TASK MANAGER Deaktivierte Einträge ==
(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)
MSCONFIG\Services: Adobe LM Service => 3
MSCONFIG\Services: Adobe Version Cue CS2 => 2
MSCONFIG\Services: AdobeARMservice => 2
MSCONFIG\Services: AGSService => 2
MSCONFIG\Services: Apple Mobile Device => 2
MSCONFIG\Services: Bonjour Service => 2
MSCONFIG\Services: FLEXnet Licensing Service => 3
MSCONFIG\Services: gupdate => 2
MSCONFIG\Services: gupdatem => 3
MSCONFIG\Services: iPod Service => 3
MSCONFIG\Services: SkypeUpdate => 2
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Gamma.lnk => C:\Windows\pss\Adobe Gamma.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Reader Synchronizer.lnk => C:\Windows\pss\Adobe Reader Synchronizer.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Audible Download Manager.lnk => C:\Windows\pss\Audible Download Manager.lnk.CommonStartup
MSCONFIG\startupreg: Acrobat Assistant 8.0 => "C:\Program Files (x86)\Adobe\Acrobat 2015\Acrobat\Acrotray.exe"
MSCONFIG\startupreg: Adobe Acrobat Synchronizer => "C:\Program Files (x86)\Adobe\Acrobat 2015\Acrobat\AdobeCollabSync.exe"
MSCONFIG\startupreg: Adobe Version Cue CS2 => "c:\Program Files x86\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe"
MSCONFIG\startupreg: AdobeAAMUpdater-1.0 => "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
MSCONFIG\startupreg: Dropbox Update => "C:\Users\******\AppData\Local\Dropbox\Update\DropboxUpdate.exe" /c
MSCONFIG\startupreg: ISUSPM => C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe -scheduler
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: KiesAirMessage => C:\Program Files (x86)\Samsung\Kies\KiesAirMessage.exe -startup
MSCONFIG\startupreg: KiesPDLR => C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
MSCONFIG\startupreg: KiesPreload => C:\Program Files (x86)\Samsung\Kies\Kies.exe /preload
MSCONFIG\startupreg: KiesTrayAgent => C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
MSCONFIG\startupreg: PivotSoftware => "C:\Program Files (x86)\Portrait Displays\Pivot Software\Pivot_startup.exe" -delay=10
MSCONFIG\startupreg: QuickTime Task => "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
==================== Firewall Regeln (Nicht auf der Ausnahmeliste) ===============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
FirewallRules: [{DF2EE3A6-84B8-4C3C-A713-7A86BF24A6C2}] => (Allow) C:\Program Files x86\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe
FirewallRules: [{C2192891-89A8-431C-B22E-C2F1BEACFFF8}] => (Allow) C:\Program Files x86\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe
FirewallRules: [{F042E2BE-C14F-4AEC-8626-CBA97C110C5E}] => (Allow) C:\Users\******\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{6DE097DF-7F0C-423F-87F6-7267CACC6AEA}] => (Allow) C:\Users\******\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{EE5004E9-8FA9-4E13-A022-E509095497B5}] => (Allow) LPort=51001
FirewallRules: [{9E58E297-3EAF-4885-B143-DB46CA8C28DD}] => (Allow) C:\Windows\SysWOW64\muzapp.exe
FirewallRules: [{A4CA6657-781C-4578-A9DA-AE0A84F0C7DB}] => (Allow) C:\Windows\SysWOW64\muzapp.exe
FirewallRules: [{F4A42295-D36D-4E74-BEBE-69EBEEB1CF51}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{0A84733A-93F2-4376-930C-E024E4075A0B}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{1801A563-9728-4A2D-9332-5ABA24A4D797}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{ED65E0AE-0706-44E9-A07D-35890A9FE44B}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{6B3E679F-112A-41B4-98FC-AB073FBBF8FF}] => (Allow) C:\Program Files (x86)\iTunes\iTunes.exe
FirewallRules: [{C44790B8-F05D-4B93-A27A-23A5D8E2718F}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{EF9801DA-618B-417F-8ABE-C57597D1B2DE}] => (Allow) LPort=2869
FirewallRules: [{6052F836-803F-44AC-8D4B-2D09C3CABB51}] => (Allow) LPort=1900
FirewallRules: [{29A85D60-2422-461B-B193-8E9B31FA1A1C}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{5B96A6DB-ADD9-4E9B-BA68-4B35FCC7534D}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{EBFCF653-C635-412F-882E-09D49F88DB12}] => (Allow) C:\Program Files (x86)\Microsoft LifeCam\LifeCam.exe
FirewallRules: [{F16D33D4-BE9A-42EF-810D-DB4BCDDA5649}] => (Allow) C:\Program Files (x86)\Microsoft LifeCam\LifeCam.exe
FirewallRules: [{D086F0F5-33A7-4DCB-B619-B7E48C130A28}] => (Allow) C:\Program Files (x86)\Microsoft LifeCam\LifeEnC2.exe
FirewallRules: [{22F7622F-7757-440B-BF4F-A63919EF0FF7}] => (Allow) C:\Program Files (x86)\Microsoft LifeCam\LifeEnC2.exe
FirewallRules: [{3AAB34DA-8D84-4AAF-84CF-493E7C8F2F95}] => (Allow) C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe
FirewallRules: [{76F1D5E6-2D92-44A7-B1F4-F11DCE4C3352}] => (Allow) C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe
FirewallRules: [{75D7B52D-BD49-4684-9EFF-2418EC92BD7E}] => (Allow) C:\Program Files (x86)\Microsoft LifeCam\LifeTray.exe
FirewallRules: [{09D151D1-A570-4CD3-95AC-531DFA9B58C7}] => (Allow) C:\Program Files (x86)\Microsoft LifeCam\LifeTray.exe
FirewallRules: [{6F215490-A04C-4B67-BFBC-22CB8286949D}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{5FB7D8FA-442C-4CDF-836B-3E7460D6BC33}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{5808D095-6CA1-49C1-A0FA-E8560364E53B}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{F332F739-19E7-48AE-BD06-9109A8E7F3BD}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{C01797B0-F674-4CC6-8331-CE40A1DB2124}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{B218D3AE-4239-4DE6-9CE8-09441C44FB82}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{C193489F-447D-4857-B626-12BEE4D2B338}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{76BAD875-778B-47CC-B002-EA78C72928F7}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{A1C4CBFE-0590-4C82-A192-6C1A8DEE6C65}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
==================== Wiederherstellungspunkte =========================
==================== Fehlerhafte Geräte im Gerätemanager =============
==================== Fehlereinträge in der Ereignisanzeige: =========================
Applikationsfehler:
==================
Error: (05/10/2016 07:06:15 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (05/09/2016 06:55:36 PM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: 80004005
Error: (05/09/2016 05:56:08 PM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: 80004005
Error: (05/09/2016 01:12:53 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (05/09/2016 06:34:18 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (05/08/2016 11:53:06 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (05/08/2016 11:42:16 PM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: 80004005
Error: (05/08/2016 10:30:37 PM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: 80004005
Error: (05/08/2016 08:09:34 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (05/08/2016 05:26:06 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: Acrobat Elements.exe, Version: 15.6.30033.2205, Zeitstempel: 0x5507ce6e
Name des fehlerhaften Moduls: MSONSEXT.DLL, Version: 11.0.6715.60, Zeitstempel: 0x43306199
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00053555
ID des fehlerhaften Prozesses: 0x2170
Startzeit der fehlerhaften Anwendung: 0xAcrobat Elements.exe0
Pfad der fehlerhaften Anwendung: Acrobat Elements.exe1
Pfad des fehlerhaften Moduls: Acrobat Elements.exe2
Berichtskennung: Acrobat Elements.exe3
Systemfehler:
=============
Error: (05/09/2016 07:34:45 AM) (Source: volsnap) (EventID: 36) (User: )
Description: Die Schattenkopien von Volume "C:" wurden abgebrochen, weil der Schattenkopiespeicher nicht auf ein benutzerdefiniertes Limit vergrößert werden konnte.
Error: (05/08/2016 08:06:22 PM) (Source: Service Control Manager) (EventID: 7032) (User: )
Description: Der Versuch des Dienststeuerungs-Managers, nach dem unerwarteten Beenden des Dienstes "Windows Search" Korrekturmaßnahmen (Neustart des Diensts) durchzuführen, ist fehlgeschlagen. Fehler:
%%1056
Error: (05/08/2016 08:05:52 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Windows Media Player-Netzwerkfreigabedienst" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 30000 Millisekunden durchgeführt: Neustart des Diensts.
Error: (05/08/2016 08:05:52 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Windows Search" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 30000 Millisekunden durchgeführt: Neustart des Diensts.
Error: (05/08/2016 08:05:51 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "PCKeeper Service" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 0 Millisekunden durchgeführt: Neustart des Diensts.
Error: (05/08/2016 08:05:51 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Windows Live ID Sign-in Assistant" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 10000 Millisekunden durchgeführt: Neustart des Diensts.
Error: (05/08/2016 08:05:51 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Portrait Displays SDK Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.
Error: (05/08/2016 08:05:51 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "PCKeeper Ocf Service" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 0 Millisekunden durchgeführt: Neustart des Diensts.
Error: (05/08/2016 08:05:51 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "PCKeeper Antivirus Service" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 0 Millisekunden durchgeführt: Neustart des Diensts.
Error: (05/08/2016 08:05:51 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "MSCamSvc" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.
==================== Speicherinformationen ===========================
Prozessor: AMD FX(tm)-8320 Eight-Core Processor
Prozentuale Nutzung des RAM: 13%
Installierter physikalischer RAM: 16366.12 MB
Verfügbarer physikalischer RAM: 14079.14 MB
Summe virtueller Speicher: 32730.42 MB
Verfügbarer virtueller Speicher: 30487.14 MB
==================== Laufwerke ================================
Drive a: (System) (Fixed) (Total:0.34 GB) (Free:0.3 GB) NTFS ==>[System mit Startkomponenten (eingeholt von Laufwerk)]
Drive c: (Windows) (Fixed) (Total:137.02 GB) (Free:2.91 GB) NTFS
Drive d: (******) (Fixed) (Total:1714.62 GB) (Free:1007.31 GB) NTFS
Drive e: (Fotoarchiv) (Fixed) (Total:886.45 GB) (Free:198.5 GB) NTFS
Drive f: (Speicher) (Fixed) (Total:976.56 GB) (Free:122.97 GB) NTFS
Drive s: (Sicherheitskopien) (Fixed) (Total:1863.01 GB) (Free:403.31 GB) NTFS
==================== MBR & Partitionstabelle ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 1863 GB) (Disk ID: 4F54BC71)
Partition 1: (Not Active) - (Size=1863 GB) - (Type=07 NTFS)
========================================================
Disk: 1 (MBR Code: Windows XP) (Size: 1863 GB) (Disk ID: 2CFF8DF9)
Partition 1: (Active) - (Size=976.6 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=886.5 GB) - (Type=07 NTFS)
========================================================
Disk: 2 (MBR Code: Windows 7 or 8) (Size: 1863 GB) (Disk ID: 14EBD508)
Partition 1: (Active) - (Size=350 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=137 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=11 GB) - (Type=27)
Partition 4: (Not Active) - (Size=1714.6 GB) - (Type=07 NTFS)
==================== Ende von Addition.txt ============================
LG, Lothar |
|
10.05.2016, 16:43
| #5 |
| /// TB-Ausbilder | Windows 7: PCKeeper ungefragt aufgetaucht, lässt sich nicht deinstallieren Servus, gut gemacht.  Ein paar Reste müssen wir noch aufspüren. Lade dir die passende Version von SystemLook vom folgenden Spiegel herunter und speichere das Tool auf dem Desktop: SystemLook (32 bit) | SystemLook (64 bit)
|
|
11.05.2016, 05:52
| #6 |
| | ...and here are the results of the SystemLook-Jury:Code:
ATTFilter SystemLook 30.07.11 by jpshortstuff
Log created at 01:40 on 11/05/2016 by ******
Administrator - Elevation successful
========== folderfind ==========
Searching for "*Essentware*"
C:\AdwCleaner\FileQuarantine\C\Program Files\Essentware d------ [18:06 08/05/2016]
C:\AdwCleaner\FileQuarantine\C\ProgramData\Essentware d------ [18:06 08/05/2016]
C:\AdwCleaner\FileQuarantine\C\ProgramData\Microsoft\Windows\Start Menu\Programs\Essentware d------ [18:06 08/05/2016]
Searching for "*PCKeeper*"
C:\AdwCleaner\FileQuarantine\C\Program Files\Essentware\PCKeeper d------ [18:06 08/05/2016]
C:\AdwCleaner\FileQuarantine\C\ProgramData\Essentware\PCKeeper d------ [18:06 08/05/2016]
========== regfind ==========
Searching for "Essentware"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0319DE47-F039-45DC-A213-DBB61C6AE509}\InProcServer32]
@="C:\Program Files\Essentware\PCKeeper\PCKObjFactoryPS.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{074BFF31-CA38-43C4-8F25-79213AD708EF}\InProcServer32]
@="C:\Program Files\Essentware\PCKeeper\SharedNativeLibraryPS.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0D838143-D511-4555-8B97-16C3CF5A780D}\InProcServer32]
@="C:\Program Files\Essentware\PCKeeper\WebCamFrameCaptureComponentPS.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{16A94A89-66C4-4990-896C-5FC3E1557FFD}\InprocServer32]
@="C:\Program Files\Essentware\PCKAV\SharedNativeLibrary.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{206E5E13-3B8F-4146-9C21-F18A63A9689B}\InProcServer32]
@="C:\Program Files\Essentware\PCKeeper\OneClickFixServicePS.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2B5E8E95-F503-4530-A340-53DE89F3358F}\InProcServer32]
@="C:\Program Files\Essentware\PCKAV\PCKAVServicePS.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2F8F99FD-7C0E-4150-8DFD-13B1F4FBD916}\InprocServer32]
@="C:\Program Files\Essentware\PCKeeper\WebCamFrameCaptureComponent.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{33B2A2E0-18F6-45CB-8080-04320066A4A1}\InprocServer32]
@="C:\Program Files\Essentware\PCKeeper\RegistryCleanerComponent.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{40B50C00-06BB-415F-8F4E-6DEF53957ABA}\InprocServer32]
@="C:\Program Files\Essentware\PCKAV\PCKAVShellExt64.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{503F82AB-1549-4B08-AF10-289CCCF3BE4B}\InprocServer32]
@="C:\Program Files\Essentware\PCKeeper\SharedNativeLibrary.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6AF595D6-D4A0-4ACA-ADD4-62034EE9FF3A}\LocalServer32]
@=""C:\Program Files\Essentware\PCKeeper\PCKeeperService.exe""
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6AF595D6-D4A0-4ACA-ADD4-62034EE9FF3A}\LocalServer32]
"ServerExecutable"="C:\Program Files\Essentware\PCKeeper\PCKeeperService.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6F09F687-2C4C-4A37-8D7A-2CB76D2B3F71}\InProcServer32]
@="C:\Program Files\Essentware\PCKeeper\RegistryCleanerComponentPS.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{723F0E89-F10C-4D28-A46C-934513EA963A}\InprocServer32]
@="C:\Program Files\Essentware\PCKAV\engine\AvComponent.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7944171A-50CC-479E-A6FC-B1E25E665C25}\InprocServer32]
@="C:\Program Files\Essentware\PCKeeper\SharedNativeLibrary.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7A2BA8C4-F382-4DD1-A6D2-A86C6D66C4F9}\InProcServer32]
@="C:\Program Files\Essentware\PCKAV\SharedNativeLibraryPS.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{80E9CB05-9C8B-4B85-8A66-D81092F5AF60}\LocalServer32]
@=""C:\Program Files\Essentware\PCKAV\PCKAVService.exe""
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{80E9CB05-9C8B-4B85-8A66-D81092F5AF60}\LocalServer32]
"ServerExecutable"="C:\Program Files\Essentware\PCKAV\PCKAVService.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{817BF5D8-380E-44F4-8E61-43E7ECF74B53}\InprocServer32]
@="C:\Program Files\Essentware\PCKeeper\PCKObjFactory.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{828FB706-5749-4255-862F-3D30FCF017E1}\InprocServer32]
@="C:\Program Files\Essentware\PCKeeper\PCKeeperShellExt64.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8888A22B-3380-4C2B-950F-A5B6EC527A4B}\InProcServer32]
@="C:\Program Files\Essentware\PCKAV\engine\AvComponentPS.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9443C19D-B318-4EBD-8A7F-6A50D0472FB4}\InprocServer32]
@="C:\Program Files\Essentware\PCKeeper\DiskCleanerComponent.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{95CAD169-7912-410E-8C8A-7BA1729BD8F7}\InprocServer32]
@="C:\Program Files\Essentware\PCKeeper\DiskCleanerComponent.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{990F7D4F-09EF-47DF-9ABE-BAF2DCCF5C4B}\LocalServer32]
@=""C:\Program Files\Essentware\Common\AccountService.exe""
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{990F7D4F-09EF-47DF-9ABE-BAF2DCCF5C4B}\LocalServer32]
"ServerExecutable"="C:\Program Files\Essentware\Common\AccountService.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B462C1CA-E368-4321-B0B1-0453E4AB6FDB}\InprocServer32]
@="C:\Program Files\Essentware\PCKAV\engine\AvComponent.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CCF68051-721D-40C7-812D-86ED0FDE7411}\InprocServer32]
@="C:\Program Files\Essentware\PCKeeper\RegistryCleanerComponent.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CF6E1E3B-5B36-4A71-9105-DC75B4089D8C}\InprocServer32]
@="C:\Program Files\Essentware\Common\AccountServicePS.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D8F2F7F9-F8F3-4562-9FDA-C1E2DAE60A30}\InProcServer32]
@="C:\Program Files\Essentware\PCKeeper\PCKeeperServicePS.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DEE0443A-95B1-41DF-B50A-409FDEA53644}\InprocServer32]
@="C:\Program Files\Essentware\PCKAV\engine\AvComponent.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F55EA208-E122-4B4E-8483-4404A1CC9569}\LocalServer32]
@=""C:\Program Files\Essentware\PCKeeper\OneClickFixService.exe""
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F55EA208-E122-4B4E-8483-4404A1CC9569}\LocalServer32]
"ServerExecutable"="C:\Program Files\Essentware\PCKeeper\OneClickFixService.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F5950775-5405-49E5-A9B0-24094C206B7A}\LocalServer32]
@=""C:\Program Files\Essentware\PCKeeper\OneClickFixService.exe""
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F5950775-5405-49E5-A9B0-24094C206B7A}\LocalServer32]
"ServerExecutable"="C:\Program Files\Essentware\PCKeeper\OneClickFixService.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F6649783-7559-4772-96C7-02D33BEACD8C}\InProcServer32]
@="C:\Program Files\Essentware\PCKeeper\DiskCleanerComponentPS.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{D062B23B-F8EE-40EC-BF3F-7DB0E9FE1232}\1.0\0\win64]
@="C:\Program Files\Essentware\PCKeeper\PCKObjFactory.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{D062B23B-F8EE-40EC-BF3F-7DB0E9FE1232}\1.0\HELPDIR]
@="C:\Program Files\Essentware\PCKeeper"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{D3F79FC5-65FE-4650-8979-3BF0CCF02C1A}\1.0\0\win32]
@="C:\Program Files\Essentware\PCKAV\PCKAVShellExt32.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{D3F79FC5-65FE-4650-8979-3BF0CCF02C1A}\1.0\0\win64]
@="C:\Program Files\Essentware\PCKAV\PCKAVShellExt64.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{D3F79FC5-65FE-4650-8979-3BF0CCF02C1A}\1.0\HELPDIR]
@="C:\Program Files\Essentware\PCKeeper"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{05562BE7-0EFC-4BD2-BD8F-FAA363E68410}\InprocServer32]
@="C:\Program Files\Essentware\PCKeeper\PCKeeperShellExt32.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B52115B1-936F-4EEA-A363-A535FB1942B7}\InprocServer32]
@="C:\Program Files\Essentware\PCKAV\PCKAVShellExt32.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D062B23B-F8EE-40EC-BF3F-7DB0E9FE1232}\1.0\0\win64]
@="C:\Program Files\Essentware\PCKeeper\PCKObjFactory.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D062B23B-F8EE-40EC-BF3F-7DB0E9FE1232}\1.0\HELPDIR]
@="C:\Program Files\Essentware\PCKeeper"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D3F79FC5-65FE-4650-8979-3BF0CCF02C1A}\1.0\0\win32]
@="C:\Program Files\Essentware\PCKAV\PCKAVShellExt32.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D3F79FC5-65FE-4650-8979-3BF0CCF02C1A}\1.0\0\win64]
@="C:\Program Files\Essentware\PCKAV\PCKAVShellExt64.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D3F79FC5-65FE-4650-8979-3BF0CCF02C1A}\1.0\HELPDIR]
@="C:\Program Files\Essentware\PCKeeper"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files\Essentware\Common\"="1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files\Essentware\"="1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files\Essentware\PCKeeper\"="1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Essentware\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files\Essentware\PCKeeper\de\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files\Essentware\PCKAV\"="1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files\Essentware\PCKAV\engine\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files\Essentware\PCKAV\de\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\051903F9767E3E15CB569DFDC4558528]
"630675D588826C6418C7CC05C5C31E17"="22:\Software\Essentware\PCKeeper\Language"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\051903F9767E3E15CB569DFDC4558528]
"00000000000000000000000000000000"="22:\Software\Essentware\PCKeeper\Language"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0E2949B99ECC29F428890D4A2E9EF93B]
"05830686A5933814BB36EBFCC9C2F489"="C:\Program Files\Essentware\PCKAV\engine\AvComponent.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1A07DDE9AFEC18B48834FA5D82785F8B]
"B205E283BE5EBBD4C9B21E53560FB775"="C:\Program Files\Essentware\PCKeeper\fileHiders.inf"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\25E1A8C07CBADF141B3CF8D8FB3EC508]
"B205E283BE5EBBD4C9B21E53560FB775"="C:\Program Files\Essentware\PCKeeper\AppRemFolder.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\286E56ADC4DD12542AE782E4FAD41FAD]
"05830686A5933814BB36EBFCC9C2F489"="22:\Software\Essentware\PCKAV\Settings\AvPath"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2A9B82DAAC3480A42A24C1C1C0519BB1]
"05830686A5933814BB36EBFCC9C2F489"="C:\Program Files\Essentware\PCKAV\avcfgconsole.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2C33F00D6A382CC5CB971A09EDFD12E4]
"74CF1A602064EBA4CA7D57DD890F36DC"="C:\Program Files\Essentware\PCKAV\de\PCKAV_splash.png"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\39D2B201CC651AB409BC28DC77DF3E86]
"05830686A5933814BB36EBFCC9C2F489"="C:\Program Files\Essentware\PCKAV\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\41BEBB33AB4BF1D45B29875B001926CB]
"05830686A5933814BB36EBFCC9C2F489"="C:\Program Files\Essentware\PCKAV\zeoscanner.sys"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\5145FF48975405942B425016919B5CCF]
"B205E283BE5EBBD4C9B21E53560FB775"="C:\Program Files\Essentware\PCKeeper\PCKeeperService.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\51528DD8580D84F4793A79BB0DBC163D]
"05830686A5933814BB36EBFCC9C2F489"="C:\Program Files\Essentware\PCKAV\PCKAVAccountServiceLibrary.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6AC3D091F04823B44AE2A0B185B716EF]
"B205E283BE5EBBD4C9B21E53560FB775"="C:\Program Files\Essentware\PCKeeper\ZBAnalytics.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6FDC7035DAE542840925F61DBAACFC7B]
"B205E283BE5EBBD4C9B21E53560FB775"="01:\Software\Essentware\PCKeeper\PSI"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\785E5FDE3DA2A56458D43D9836EBCD2F]
"B205E283BE5EBBD4C9B21E53560FB775"="C:\Program Files\Essentware\PCKeeper\System.Data.SQLite.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7DCB506A8FE9F614BA197E0BD754570D]
"2311DC2B5C57F724B860D95A705A2A6B"="C:\Program Files\Essentware\Common\AccountService.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\9701F9427ABB71F4D9107958C227FBAF]
"B205E283BE5EBBD4C9B21E53560FB775"="C:\Program Files\Essentware\PCKeeper\fileHiders.sys"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\9A8C827BB6491354EACFF94B81CFEECC]
"05830686A5933814BB36EBFCC9C2F489"="01:\Software\Essentware\PCKAV\PSI"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\AB4CB43BD446B0D41BBBE9AD85CF72CD]
"B205E283BE5EBBD4C9B21E53560FB775"="C:\Program Files\Essentware\PCKeeper\Microsoft.Expression.Interactions.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B7C7C1ABB197FE24EA36BA9BD9F74D7B]
"05830686A5933814BB36EBFCC9C2F489"="01:\Software\Essentware\PCKAV\DSI"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B7E7FB1677BEC635C889D5C478F6CE15]
"630675D588826C6418C7CC05C5C31E17"="C:\Program Files\Essentware\PCKeeper\de\ImageResources.de.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BCE7E9B9833F7454EAD1FC63A2D93BE9]
"05830686A5933814BB36EBFCC9C2F489"="C:\Program Files\Essentware\PCKAV\PCKAVService.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\C27F6B4CE0170DD5A9E9D93EFBCF3DD5]
"630675D588826C6418C7CC05C5C31E17"="C:\Program Files\Essentware\PCKeeper\de\PCK_splash.png"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DCFB053AB697F8B5AB240AE3EC632018]
"74CF1A602064EBA4CA7D57DD890F36DC"="C:\Program Files\Essentware\PCKAV\de\PCKAVCore.resources.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DE87BD681DE814843A6DCAA2971DE53B]
"05830686A5933814BB36EBFCC9C2F489"="C:\Program Files\Essentware\PCKAV\zeoscanner.inf"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E655748CB13A226538AD5423586AD1D1]
"630675D588826C6418C7CC05C5C31E17"="C:\Program Files\Essentware\PCKeeper\de\PCKeeperCore.resources.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F19E1092143E9C44FBE2DD2470793738]
"B205E283BE5EBBD4C9B21E53560FB775"="C:\Program Files\Essentware\PCKeeper\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F34734E2675A38348BDC36724F02BD03]
"2311DC2B5C57F724B860D95A705A2A6B"="C:\Program Files\Essentware\Common\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F3B41A2D0E2CD4340BB330128B90D7CD]
"05830686A5933814BB36EBFCC9C2F489"="C:\Program Files\Essentware\PCKAV\AppRemFolder.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F77335DBF4958E04680D7E91C9CEA2F1]
"B205E283BE5EBBD4C9B21E53560FB775"="C:\Program Files\Essentware\PCKeeper\AntiTheftServiceLibrary.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\FCF3E13C1F8B67C4CAF7E89CAF31C8EB]
"B205E283BE5EBBD4C9B21E53560FB775"="01:\Software\Essentware\PCKeeper\DSI"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\FE528513C7FFAC3518962CFC15B9691B]
"74CF1A602064EBA4CA7D57DD890F36DC"="22:\Software\Essentware\PCKAV\Language"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\FE528513C7FFAC3518962CFC15B9691B]
"00000000000000000000000000000000"="22:\Software\Essentware\PCKAV\Language"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\05830686A5933814BB36EBFCC9C2F489\InstallProperties]
"InstallLocation"="C:\Program Files\Essentware\PCKAV\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\05830686A5933814BB36EBFCC9C2F489\InstallProperties]
"Publisher"="Essentware"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\2311DC2B5C57F724B860D95A705A2A6B\InstallProperties]
"InstallLocation"="C:\Program Files\Essentware\Common\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\2311DC2B5C57F724B860D95A705A2A6B\InstallProperties]
"Publisher"="Essentware"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\630675D588826C6418C7CC05C5C31E17\InstallProperties]
"InstallLocation"="C:\Program Files\Essentware\PCKeeper\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\630675D588826C6418C7CC05C5C31E17\InstallProperties]
"Publisher"="Essentware"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\74CF1A602064EBA4CA7D57DD890F36DC\InstallProperties]
"InstallLocation"="C:\Program Files\Essentware\PCKAV\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\74CF1A602064EBA4CA7D57DD890F36DC\InstallProperties]
"Publisher"="Essentware"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\B205E283BE5EBBD4C9B21E53560FB775\InstallProperties]
"InstallLocation"="C:\Program Files\Essentware\PCKeeper\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\B205E283BE5EBBD4C9B21E53560FB775\InstallProperties]
"Publisher"="Essentware"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{06A1FC47-4602-4ABE-ACD7-75DD98F063CD}]
"InstallLocation"="C:\Program Files\Essentware\PCKAV\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{06A1FC47-4602-4ABE-ACD7-75DD98F063CD}]
"Publisher"="Essentware"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{5D576036-2888-46C6-817C-CC505C3CE171}]
"InstallLocation"="C:\Program Files\Essentware\PCKeeper\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{5D576036-2888-46C6-817C-CC505C3CE171}]
"Publisher"="Essentware"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{B2CD1132-75C5-427F-8B06-9DA507A5A2B6}]
"InstallLocation"="C:\Program Files\Essentware\Common\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{B2CD1132-75C5-427F-8B06-9DA507A5A2B6}]
"Publisher"="Essentware"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{05562BE7-0EFC-4BD2-BD8F-FAA363E68410}\InprocServer32]
@="C:\Program Files\Essentware\PCKeeper\PCKeeperShellExt32.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{B52115B1-936F-4EEA-A363-A535FB1942B7}\InprocServer32]
@="C:\Program Files\Essentware\PCKAV\PCKAVShellExt32.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\TypeLib\{D062B23B-F8EE-40EC-BF3F-7DB0E9FE1232}\1.0\0\win64]
@="C:\Program Files\Essentware\PCKeeper\PCKObjFactory.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\TypeLib\{D062B23B-F8EE-40EC-BF3F-7DB0E9FE1232}\1.0\HELPDIR]
@="C:\Program Files\Essentware\PCKeeper"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\TypeLib\{D3F79FC5-65FE-4650-8979-3BF0CCF02C1A}\1.0\0\win32]
@="C:\Program Files\Essentware\PCKAV\PCKAVShellExt32.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\TypeLib\{D3F79FC5-65FE-4650-8979-3BF0CCF02C1A}\1.0\0\win64]
@="C:\Program Files\Essentware\PCKAV\PCKAVShellExt64.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\TypeLib\{D3F79FC5-65FE-4650-8979-3BF0CCF02C1A}\1.0\HELPDIR]
@="C:\Program Files\Essentware\PCKeeper"
Searching for "PCKeeper"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\PCKeeperShell32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\PCKeeperShell64]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{56AD7EEE-D6C0-410E-8A7B-811DEA764554}]
"LocalService"="PCKeeperOcfService"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{E8EB2F1F-661E-4A7F-8F9A-77DEB757A906}]
"LocalService"="PCKeeper2Service"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0319DE47-F039-45DC-A213-DBB61C6AE509}\InProcServer32]
@="C:\Program Files\Essentware\PCKeeper\PCKObjFactoryPS.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{074BFF31-CA38-43C4-8F25-79213AD708EF}\InProcServer32]
@="C:\Program Files\Essentware\PCKeeper\SharedNativeLibraryPS.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0D838143-D511-4555-8B97-16C3CF5A780D}\InProcServer32]
@="C:\Program Files\Essentware\PCKeeper\WebCamFrameCaptureComponentPS.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{206E5E13-3B8F-4146-9C21-F18A63A9689B}\InProcServer32]
@="C:\Program Files\Essentware\PCKeeper\OneClickFixServicePS.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2F8F99FD-7C0E-4150-8DFD-13B1F4FBD916}\InprocServer32]
@="C:\Program Files\Essentware\PCKeeper\WebCamFrameCaptureComponent.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{33B2A2E0-18F6-45CB-8080-04320066A4A1}\InprocServer32]
@="C:\Program Files\Essentware\PCKeeper\RegistryCleanerComponent.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{503F82AB-1549-4B08-AF10-289CCCF3BE4B}\InprocServer32]
@="C:\Program Files\Essentware\PCKeeper\SharedNativeLibrary.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6AF595D6-D4A0-4ACA-ADD4-62034EE9FF3A}\LocalServer32]
@=""C:\Program Files\Essentware\PCKeeper\PCKeeperService.exe""
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6AF595D6-D4A0-4ACA-ADD4-62034EE9FF3A}\LocalServer32]
"ServerExecutable"="C:\Program Files\Essentware\PCKeeper\PCKeeperService.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6F09F687-2C4C-4A37-8D7A-2CB76D2B3F71}\InProcServer32]
@="C:\Program Files\Essentware\PCKeeper\RegistryCleanerComponentPS.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7944171A-50CC-479E-A6FC-B1E25E665C25}\InprocServer32]
@="C:\Program Files\Essentware\PCKeeper\SharedNativeLibrary.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{817BF5D8-380E-44F4-8E61-43E7ECF74B53}\InprocServer32]
@="C:\Program Files\Essentware\PCKeeper\PCKObjFactory.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{828FB706-5749-4255-862F-3D30FCF017E1}]
@="PCKeeperShell64 Class"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{828FB706-5749-4255-862F-3D30FCF017E1}\InprocServer32]
@="C:\Program Files\Essentware\PCKeeper\PCKeeperShellExt64.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9443C19D-B318-4EBD-8A7F-6A50D0472FB4}\InprocServer32]
@="C:\Program Files\Essentware\PCKeeper\DiskCleanerComponent.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{95CAD169-7912-410E-8C8A-7BA1729BD8F7}\InprocServer32]
@="C:\Program Files\Essentware\PCKeeper\DiskCleanerComponent.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CCF68051-721D-40C7-812D-86ED0FDE7411}\InprocServer32]
@="C:\Program Files\Essentware\PCKeeper\RegistryCleanerComponent.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D8F2F7F9-F8F3-4562-9FDA-C1E2DAE60A30}\InProcServer32]
@="C:\Program Files\Essentware\PCKeeper\PCKeeperServicePS.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F55EA208-E122-4B4E-8483-4404A1CC9569}\LocalServer32]
@=""C:\Program Files\Essentware\PCKeeper\OneClickFixService.exe""
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F55EA208-E122-4B4E-8483-4404A1CC9569}\LocalServer32]
"ServerExecutable"="C:\Program Files\Essentware\PCKeeper\OneClickFixService.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F5950775-5405-49E5-A9B0-24094C206B7A}\LocalServer32]
@=""C:\Program Files\Essentware\PCKeeper\OneClickFixService.exe""
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F5950775-5405-49E5-A9B0-24094C206B7A}\LocalServer32]
"ServerExecutable"="C:\Program Files\Essentware\PCKeeper\OneClickFixService.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F6649783-7559-4772-96C7-02D33BEACD8C}\InProcServer32]
@="C:\Program Files\Essentware\PCKeeper\DiskCleanerComponentPS.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\Background\shellex\ContextMenuHandlers\PCKeeperShell64]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\PCKeeperShell64]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Drive\shellex\ContextMenuHandlers\PCKeeperShell64]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\ShellEx\ContextMenuHandlers\PCKeeperShell64]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Features\B205E283BE5EBBD4C9B21E53560FB775]
"FeatureShortcutPCKeeperDesktop"="PCKeeperBaseFeature"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Features\B205E283BE5EBBD4C9B21E53560FB775]
"ComponentsW7Feature"="PCKeeperBaseFeature"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Features\B205E283BE5EBBD4C9B21E53560FB775]
"DriversW7Feature"="PCKeeperFeatures"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Features\B205E283BE5EBBD4C9B21E53560FB775]
"PCKeeperFeature"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Features\B205E283BE5EBBD4C9B21E53560FB775]
"PCKeeperBaseFeature"="PCKeeperFeatures"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Features\B205E283BE5EBBD4C9B21E53560FB775]
"PCKeeperFeatures"="PCKeeperFeature"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\05830686A5933814BB36EBFCC9C2F489]
"ProductName"="PCKeeper Antivirus"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\B205E283BE5EBBD4C9B21E53560FB775]
"ProductName"="PCKeeper"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\B205E283BE5EBBD4C9B21E53560FB775]
"ProductIcon"="C:\Windows\Installer\{382E502B-E5EB-4DBB-9C2B-E13565F07B57}\IconPCKeeper.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\lnkfile\shellex\ContextMenuHandlers\PCKeeperShell64]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{D062B23B-F8EE-40EC-BF3F-7DB0E9FE1232}\1.0\0\win64]
@="C:\Program Files\Essentware\PCKeeper\PCKObjFactory.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{D062B23B-F8EE-40EC-BF3F-7DB0E9FE1232}\1.0\HELPDIR]
@="C:\Program Files\Essentware\PCKeeper"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{D3F79FC5-65FE-4650-8979-3BF0CCF02C1A}\1.0\HELPDIR]
@="C:\Program Files\Essentware\PCKeeper"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{05562BE7-0EFC-4BD2-BD8F-FAA363E68410}]
@="PCKeeperShell32 Class"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{05562BE7-0EFC-4BD2-BD8F-FAA363E68410}\InprocServer32]
@="C:\Program Files\Essentware\PCKeeper\PCKeeperShellExt32.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\AppID\{56AD7EEE-D6C0-410E-8A7B-811DEA764554}]
"LocalService"="PCKeeperOcfService"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\AppID\{E8EB2F1F-661E-4A7F-8F9A-77DEB757A906}]
"LocalService"="PCKeeper2Service"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D062B23B-F8EE-40EC-BF3F-7DB0E9FE1232}\1.0\0\win64]
@="C:\Program Files\Essentware\PCKeeper\PCKObjFactory.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D062B23B-F8EE-40EC-BF3F-7DB0E9FE1232}\1.0\HELPDIR]
@="C:\Program Files\Essentware\PCKeeper"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D3F79FC5-65FE-4650-8979-3BF0CCF02C1A}\1.0\HELPDIR]
@="C:\Program Files\Essentware\PCKeeper"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files\Essentware\PCKeeper\"="1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files\Essentware\PCKeeper\de\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\051903F9767E3E15CB569DFDC4558528]
"630675D588826C6418C7CC05C5C31E17"="22:\Software\Essentware\PCKeeper\Language"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\051903F9767E3E15CB569DFDC4558528]
"00000000000000000000000000000000"="22:\Software\Essentware\PCKeeper\Language"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1A07DDE9AFEC18B48834FA5D82785F8B]
"B205E283BE5EBBD4C9B21E53560FB775"="C:\Program Files\Essentware\PCKeeper\fileHiders.inf"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\25E1A8C07CBADF141B3CF8D8FB3EC508]
"B205E283BE5EBBD4C9B21E53560FB775"="C:\Program Files\Essentware\PCKeeper\AppRemFolder.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\5145FF48975405942B425016919B5CCF]
"B205E283BE5EBBD4C9B21E53560FB775"="C:\Program Files\Essentware\PCKeeper\PCKeeperService.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6AC3D091F04823B44AE2A0B185B716EF]
"B205E283BE5EBBD4C9B21E53560FB775"="C:\Program Files\Essentware\PCKeeper\ZBAnalytics.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6FDC7035DAE542840925F61DBAACFC7B]
"B205E283BE5EBBD4C9B21E53560FB775"="01:\Software\Essentware\PCKeeper\PSI"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\785E5FDE3DA2A56458D43D9836EBCD2F]
"B205E283BE5EBBD4C9B21E53560FB775"="C:\Program Files\Essentware\PCKeeper\System.Data.SQLite.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\9701F9427ABB71F4D9107958C227FBAF]
"B205E283BE5EBBD4C9B21E53560FB775"="C:\Program Files\Essentware\PCKeeper\fileHiders.sys"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\AB4CB43BD446B0D41BBBE9AD85CF72CD]
"B205E283BE5EBBD4C9B21E53560FB775"="C:\Program Files\Essentware\PCKeeper\Microsoft.Expression.Interactions.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B7E7FB1677BEC635C889D5C478F6CE15]
"630675D588826C6418C7CC05C5C31E17"="C:\Program Files\Essentware\PCKeeper\de\ImageResources.de.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\C27F6B4CE0170DD5A9E9D93EFBCF3DD5]
"630675D588826C6418C7CC05C5C31E17"="C:\Program Files\Essentware\PCKeeper\de\PCK_splash.png"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E655748CB13A226538AD5423586AD1D1]
"630675D588826C6418C7CC05C5C31E17"="C:\Program Files\Essentware\PCKeeper\de\PCKeeperCore.resources.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F19E1092143E9C44FBE2DD2470793738]
"B205E283BE5EBBD4C9B21E53560FB775"="C:\Program Files\Essentware\PCKeeper\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F77335DBF4958E04680D7E91C9CEA2F1]
"B205E283BE5EBBD4C9B21E53560FB775"="C:\Program Files\Essentware\PCKeeper\AntiTheftServiceLibrary.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\FCF3E13C1F8B67C4CAF7E89CAF31C8EB]
"B205E283BE5EBBD4C9B21E53560FB775"="01:\Software\Essentware\PCKeeper\DSI"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\05830686A5933814BB36EBFCC9C2F489\InstallProperties]
"DisplayName"="PCKeeper Antivirus"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\630675D588826C6418C7CC05C5C31E17\InstallProperties]
"InstallLocation"="C:\Program Files\Essentware\PCKeeper\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\B205E283BE5EBBD4C9B21E53560FB775\Features]
"FeatureShortcutPCKeeperDesktop"="o'Keg@zuX@WsAki'iU8f PCKeeperBaseFeature"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\B205E283BE5EBBD4C9B21E53560FB775\Features]
"ComponentsW7Feature"="l!EhR&rpW?fxP3Gi5O8z PCKeeperBaseFeature"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\B205E283BE5EBBD4C9B21E53560FB775\Features]
"DriversW7Feature"="bG$([jJj=@zE^bm,^sMdv_Nj.G`fKA5pTxR'(1Zy PCKeeperFeatures"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\B205E283BE5EBBD4C9B21E53560FB775\Features]
"PCKeeperFeature"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\B205E283BE5EBBD4C9B21E53560FB775\Features]
"PCKeeperBaseFeature"="Es0qeOF5r8&HeC+P_O$-Q92^b-Rji@exN=o'%Lio,fH'+52B2@v6dc+]1JizzYnPurAy[=X48ATpzf'w[b?31[P7,=2@`Q9iG,9R*,X%'+sl59f~ARUS0g9QGZAcBKUp3?LxTBl}6U)d PCKeeperFeatures"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\B205E283BE5EBBD4C9B21E53560FB775\Features]
"PCKeeperFeatures"=" PCKeeperFeature"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\B205E283BE5EBBD4C9B21E53560FB775\InstallProperties]
"InstallLocation"="C:\Program Files\Essentware\PCKeeper\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\B205E283BE5EBBD4C9B21E53560FB775\InstallProperties]
"DisplayName"="PCKeeper"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]
"{828FB706-5749-4255-862F-3D30FCF017E1}"="PCKeeper shell extension"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{5D576036-2888-46C6-817C-CC505C3CE171}]
"InstallLocation"="C:\Program Files\Essentware\PCKeeper\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]
"{05562BE7-0EFC-4BD2-BD8F-FAA363E68410}"="PCKeeper shell extension"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{05562BE7-0EFC-4BD2-BD8F-FAA363E68410}]
@="PCKeeperShell32 Class"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{05562BE7-0EFC-4BD2-BD8F-FAA363E68410}\InprocServer32]
@="C:\Program Files\Essentware\PCKeeper\PCKeeperShellExt32.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\AppID\{56AD7EEE-D6C0-410E-8A7B-811DEA764554}]
"LocalService"="PCKeeperOcfService"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\AppID\{E8EB2F1F-661E-4A7F-8F9A-77DEB757A906}]
"LocalService"="PCKeeper2Service"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\TypeLib\{D062B23B-F8EE-40EC-BF3F-7DB0E9FE1232}\1.0\0\win64]
@="C:\Program Files\Essentware\PCKeeper\PCKObjFactory.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\TypeLib\{D062B23B-F8EE-40EC-BF3F-7DB0E9FE1232}\1.0\HELPDIR]
@="C:\Program Files\Essentware\PCKeeper"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\TypeLib\{D3F79FC5-65FE-4650-8979-3BF0CCF02C1A}\1.0\HELPDIR]
@="C:\Program Files\Essentware\PCKeeper"
Searching for "AccountService"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{AF85DB83-06F2-4ECF-97CF-C46EDB06BE29}]
"LocalService"="AccountService"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{990F7D4F-09EF-47DF-9ABE-BAF2DCCF5C4B}]
@="AccountServiceClass class"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{990F7D4F-09EF-47DF-9ABE-BAF2DCCF5C4B}\LocalServer32]
@=""C:\Program Files\Essentware\Common\AccountService.exe""
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{990F7D4F-09EF-47DF-9ABE-BAF2DCCF5C4B}\LocalServer32]
"ServerExecutable"="C:\Program Files\Essentware\Common\AccountService.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CF6E1E3B-5B36-4A71-9105-DC75B4089D8C}\InprocServer32]
@="C:\Program Files\Essentware\Common\AccountServicePS.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Features\2311DC2B5C57F724B860D95A705A2A6B]
"AccountServiceFeature"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Features\2311DC2B5C57F724B860D95A705A2A6B]
"AccountServiceBaseFeature"="AccountServiceFeatures"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Features\2311DC2B5C57F724B860D95A705A2A6B]
"AccountServiceFeatures"="AccountServiceFeature"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\2311DC2B5C57F724B860D95A705A2A6B]
"ProductName"="AccountService"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{CF6E1E3B-5B36-4A71-9105-DC75B4089D8C}]
@="IAccountService"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\AppID\{AF85DB83-06F2-4ECF-97CF-C46EDB06BE29}]
"LocalService"="AccountService"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\51528DD8580D84F4793A79BB0DBC163D]
"05830686A5933814BB36EBFCC9C2F489"="C:\Program Files\Essentware\PCKAV\PCKAVAccountServiceLibrary.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7DCB506A8FE9F614BA197E0BD754570D]
"2311DC2B5C57F724B860D95A705A2A6B"="C:\Program Files\Essentware\Common\AccountService.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\2311DC2B5C57F724B860D95A705A2A6B\Features]
"AccountServiceFeature"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\2311DC2B5C57F724B860D95A705A2A6B\Features]
"AccountServiceBaseFeature"="i_VF^qG_%9S1pqa,lp~kMgrr2a7Kd95L*a0Ihcd3 AccountServiceFeatures"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\2311DC2B5C57F724B860D95A705A2A6B\Features]
"AccountServiceFeatures"=" AccountServiceFeature"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\2311DC2B5C57F724B860D95A705A2A6B\InstallProperties]
"DisplayName"="AccountService"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{B2CD1132-75C5-427F-8B06-9DA507A5A2B6}]
"DisplayName"="AccountService"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\AppID\{AF85DB83-06F2-4ECF-97CF-C46EDB06BE29}]
"LocalService"="AccountService"
Searching for "PCKLang.de"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\630675D588826C6418C7CC05C5C31E17]
"ProductName"="PCKLang.de"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\630675D588826C6418C7CC05C5C31E17\SourceList]
"PackageName"="PCKLang.de.x640.msi"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\630675D588826C6418C7CC05C5C31E17\InstallProperties]
"DisplayName"="PCKLang.de"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{5D576036-2888-46C6-817C-CC505C3CE171}]
"DisplayName"="PCKLang.de"
-= EOF =-
|
|
| Themen zu Windows 7: PCKeeper ungefragt aufgetaucht, lässt sich nicht deinstallieren |
| adobe, antivirus, computer, defender, desktop, dnsapi.dll, entfernen, flash player, ftp, google, helper, home, homepage, mozilla, pckeeper, prozesse, registry, rundll, scan, security, services.exe, software, svchost.exe, usb, warnung, windows, windows xp |
Hybrid-Darstellung
