| |
| |||||||
Log-Analyse und Auswertung: Win7: Verschlüsselte Dateien - Hinweis auf Bitcoin-ZahlungWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
25.05.2016, 15:10
| #1 |
 |  Win7: Verschlüsselte Dateien - Hinweis auf Bitcoin-Zahlung Hallo. Ich habe seit gestern Abend keinen Zugriff auf meine Dateien (Office, pdf, Musik..). Auf dem Startbildschirm erscheint sofort nach dem Hochfahren eine Bilddatei mit dem Hinweis, dass alle meine Dateien verschlüsselt seien und dass eine Bitcoin-Zahlung notwendig sei. Auch ein Browserfenster öffnet sich automatisch mit dem selben Hinweis. Fast alle Ordner beinhalten eine Textdatei namens 'Recovery'. Die Nachricht tippe ich im Moment am infizierten Computer. Ich habe den Computer mit HitmanPro und Malwarebytes Anti-Malware gescannt. Das Problem ist nicht gelöst. Dann bin ich auf eure Anweisungen gestoßen. Den Systemscan mit FRST habe ich gemacht. Ich hoffe, ihr könnt mir helfen. Danke im Voraus. PS: Gebt mir bitte ganz präzise Anweisungen, denn die Computersprache/-welt ist wirklich nicht mein Ding  HitmanPro Code:
ATTFilter
Code:
ATTFilter Malwarebytes Anti-Malware www.malwarebytes.org Suchlaufdatum: 25.05.2016 Suchlaufzeit: 13:01 Protokolldatei: malware.txt Administrator: Ja Version: 2.2.1.1043 Malware-Datenbank: v2016.05.25.04 Rootkit-Datenbank: v2016.05.20.01 Lizenz: Testversion Malware-Schutz: Aktiviert Schutz vor bösartigen Websites: Aktiviert Selbstschutz: Deaktiviert Betriebssystem: Windows 7 Service Pack 1 CPU: x64 Dateisystem: NTFS Benutzer: turhan Suchlauftyp: Bedrohungssuchlauf Ergebnis: Abgeschlossen Durchsuchte Objekte: 319799 Abgelaufene Zeit: 46 Min., 11 Sek. Speicher: Aktiviert Start: Aktiviert Dateisystem: Aktiviert Archive: Aktiviert Rootkits: Deaktiviert Heuristik: Aktiviert PUP: Aktiviert PUM: Aktiviert Prozesse: 0 (keine bösartigen Elemente erkannt) Module: 0 (keine bösartigen Elemente erkannt) Registrierungsschlüssel: 0 (keine bösartigen Elemente erkannt) Registrierungswerte: 16 PUM.Optional.MSExclusion, HKLM\SOFTWARE\MICROSOFT\MICROSOFT ANTIMALWARE\EXCLUSIONS\EXTENSIONS|*.exe, 0, In Quarantäne, [0e0a2dad5a3fae88505406af63a0d22e] PUM.Optional.MSExclusion, HKLM\SOFTWARE\MICROSOFT\MICROSOFT ANTIMALWARE\EXCLUSIONS\EXTENSIONS|*.tmp, 0, In Quarantäne, [43d5fae06d2c4de93372b10454aff30d] PUM.Optional.MSExclusion, HKLM\SOFTWARE\MICROSOFT\MICROSOFT ANTIMALWARE\EXCLUSIONS\EXTENSIONS|*.dll, 0, In Quarantäne, [c6526b6f2a6f6acc0b981f9660a37b85] PUM.Optional.MSExclusion, HKLM\SOFTWARE\MICROSOFT\MICROSOFT ANTIMALWARE\EXCLUSIONS\PROCESSES|rgjdu.exe, 0, In Quarantäne, [d147f3e7cacfe05602e47e3aa161b14f] PUM.Optional.MSExclusion, HKLM\SOFTWARE\MICROSOFT\MICROSOFT ANTIMALWARE\EXCLUSIONS\PROCESSES|explorer.exe, 0, In Quarantäne, [4ace706ad2c776c03f684f6637cc60a0] PUM.Optional.MSExclusion, HKLM\SOFTWARE\MICROSOFT\MICROSOFT ANTIMALWARE\EXCLUSIONS\PROCESSES|spoolsv.exe, 0, In Quarantäne, [ce4a3d9d435664d2e5c4169ff211a45c] PUM.Optional.MSExclusion, HKLM\SOFTWARE\MICROSOFT\MICROSOFT ANTIMALWARE\EXCLUSIONS\PROCESSES|rundll32.exe, 0, In Quarantäne, [31e78c4ec9d080b6feaa318453b0c739] PUM.Optional.MSExclusion, HKLM\SOFTWARE\MICROSOFT\MICROSOFT ANTIMALWARE\EXCLUSIONS\PROCESSES|svchost.exe, 0, In Quarantäne, [160230aacbce39fdc0eac5f0739027d9] PUM.Optional.MSExclusion, HKLM\SOFTWARE\MICROSOFT\WINDOWS DEFENDER\EXCLUSIONS\EXTENSIONS|*.exe, 0, Löschen bei Neustart, [8197805a6c2dc96d9616b7fe32d1926e] PUM.Optional.MSExclusion, HKLM\SOFTWARE\MICROSOFT\WINDOWS DEFENDER\EXCLUSIONS\EXTENSIONS|*.dll, 0, Löschen bei Neustart, [0711fddd5346181ee5c64b6a63a0e41c] PUM.Optional.MSExclusion, HKLM\SOFTWARE\MICROSOFT\WINDOWS DEFENDER\EXCLUSIONS\EXTENSIONS|*.tmp, 0, Löschen bei Neustart, [4bcddbffaaefad895855f4c1ae5524dc] PUM.Optional.MSExclusion, HKLM\SOFTWARE\MICROSOFT\WINDOWS DEFENDER\EXCLUSIONS\PROCESSES|rgjdu.exe, 0, Löschen bei Neustart, [1800409adfbab28420c811a7c33fb44c] PUM.Optional.MSExclusion, HKLM\SOFTWARE\MICROSOFT\WINDOWS DEFENDER\EXCLUSIONS\PROCESSES|explorer.exe, 0, Löschen bei Neustart, [d93f2eacc3d614222f80b005c142847c] PUM.Optional.MSExclusion, HKLM\SOFTWARE\MICROSOFT\WINDOWS DEFENDER\EXCLUSIONS\PROCESSES|spoolsv.exe, 0, Löschen bei Neustart, [c751c218425784b24b66466fba4903fd] PUM.Optional.MSExclusion, HKLM\SOFTWARE\MICROSOFT\WINDOWS DEFENDER\EXCLUSIONS\PROCESSES|rundll32.exe, 0, Löschen bei Neustart, [c454c3177326f3438927f8bda36031cf] PUM.Optional.MSExclusion, HKLM\SOFTWARE\MICROSOFT\WINDOWS DEFENDER\EXCLUSIONS\PROCESSES|svchost.exe, 0, Löschen bei Neustart, [2bede7f3f4a596a001b1a60fb74c7789] Registrierungsdaten: 0 (keine bösartigen Elemente erkannt) Ordner: 0 (keine bösartigen Elemente erkannt) Dateien: 1 Trojan.Agent.Gen, C:\Users\turhan\AppData\Local\Temp\svchost.exe, In Quarantäne, [fd1ba7334158102681a85bf1e320e21e], Physische Sektoren: 0 (keine bösartigen Elemente erkannt) (end) |
|
25.05.2016, 15:15
| #2 |
| | Win7: Verschlüsselte Dateien - Hinweis auf Bitcoin-Zahlung FRST.txt
__________________Code:
ATTFilter Untersuchungsergebnis von Farbar Recovery Scan Tool (FRST) (x64) Version:24-05-2016 01 durchgeführt von turhan (Administrator) auf TURHAN-PC (25-05-2016 14:30:33) Gestartet von C:\Users\turhan\Downloads Geladene Profile: turhan (Verfügbare Profile: turhan) Platform: Windows 7 Home Premium Service Pack 1 (X64) Sprache: Deutsch (Deutschland) Internet Explorer Version 11 (Standard-Browser: IE) Start-Modus: Normal Anleitung für Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Prozesse (Nicht auf der Ausnahmeliste) ================= (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Prozess geschlossen. Die Datei wird nicht verschoben.) (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgrsa.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgcsrva.exe (Stardock Corporation) C:\Program Files\Dell\DellDock\DockLogin.exe (Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe (Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe (Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe (Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe (Malwarebytes) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe (Malwarebytes) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe (AVG) C:\Program Files (x86)\AVG\AVG PC Tuneup 2011\BoostSpeed.exe (Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\VS7Debug\mdm.exe (Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe (SoftThinks SAS) C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe (Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Malwarebytes) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe (DEVGURU Co., LTD.) C:\Users\turhan\Downloads\USB Drivers\25_escape\conn\ss_conn_service.exe (TomTom) C:\Program Files (x86)\TomTomHOMEService.exe (AVG Technologies) C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesService64.exe (SoftThinks - Dell) C:\Program Files (x86)\Dell DataSafe Local Backup\Toaster.exe (SoftThinks - Dell) C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe () C:\Program Files (x86)\Dell DataSafe Local Backup\Components\scheduler\STService.exe (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgnsa.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgemca.exe (AVG Technologies) C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesApp64.exe (Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE (Intel Corporation) C:\Windows\System32\igfxtray.exe (Intel Corporation) C:\Windows\System32\hkcmd.exe (Intel Corporation) C:\Windows\System32\igfxpers.exe (Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe (Apple Inc.) C:\Program Files\iTunesHelper.exe (InfoWorks Technology Company) C:\Windows\SysWOW64\FCA\FCACheck.exe (Samsung) C:\Program Files (x86)\Samsung\Kies\Kies.exe (Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe (Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe () C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe (CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe (Creative Technology Ltd) C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe (InfoWorks Technology Company) C:\Windows\SysWOW64\FCA\Syslogin.exe () C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe (InfoWorks Technology Company) C:\Windows\SysWOW64\FCA\Syslogin.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgui.exe (Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe (Stardock Corporation) C:\Program Files\Dell\DellDock\DellDock.exe (Dropbox, Inc.) C:\Users\turhan\AppData\Roaming\Dropbox\bin\Dropbox.exe (Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqste08.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe (Hewlett-Packard) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe (Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe (Microsoft Corporation) C:\Windows\System32\rundll32.exe ==================== Registry (Nicht auf der Ausnahmeliste) =========================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt. Die Datei wird nicht verschoben.) HKLM\...\Run: [KiesTrayAgent] => C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe [311616 2015-02-24] (Samsung Electronics Co., Ltd.) HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunesHelper.exe [170256 2015-12-09] (Apple Inc.) HKLM-x32\...\Run: [Dell DataSafe Online] => C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe [1779952 2009-07-07] () HKLM-x32\...\Run: [PDVDDXSrv] => C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe [140520 2010-01-07] (CyberLink Corp.) HKLM-x32\...\Run: [Dell Webcam Central] => C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe [409744 2009-06-24] (Creative Technology Ltd) HKLM-x32\...\Run: [Desktop Disc Tool] => C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe [494064 2009-06-19] () HKLM-x32\...\Run: [FamilyCyberAlert] => C:\Windows\SysWOW64\FCA\Syslogin.exe [1658880 2011-02-02] (InfoWorks Technology Company) HKLM-x32\...\Run: [AVG_UI] => C:\Program Files (x86)\AVG\AVG2013\avgui.exe [4430824 2015-07-10] (AVG Technologies CZ, s.r.o.) HKLM-x32\...\Run: [hpqSRMon] => C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe [150528 2008-07-22] (Hewlett-Packard) HKLM-x32\...\Run: [KiesTrayAgent] => C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe [311616 2015-02-24] (Samsung Electronics Co., Ltd.) HKLM-x32\...\RunOnce: ["C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"] => C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe [559616 2011-10-11] (Dell) Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation) HKU\S-1-5-21-3466485993-4211878275-2006075751-1000\...\Run: [FCACheck] => C:\Windows\SysWOW64\FCA\FCACheck.exe [28672 2009-02-08] (InfoWorks Technology Company) HKU\S-1-5-21-3466485993-4211878275-2006075751-1000\...\Run: [KiesPreload] => C:\Program Files (x86)\Samsung\Kies\Kies.exe [1565504 2015-02-24] (Samsung) HKU\S-1-5-21-3466485993-4211878275-2006075751-1000\...\Run: [Dropbox Update] => C:\Users\turhan\AppData\Local\Dropbox\Update\DropboxUpdate.exe [134512 2015-06-18] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\turhan\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll [2016-05-07] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\turhan\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll [2016-05-07] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\turhan\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll [2016-05-07] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\turhan\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll [2016-05-07] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\turhan\AppData\Roaming\Dropbox\bin\DropboxExt.34.dll [2016-05-07] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\turhan\AppData\Roaming\Dropbox\bin\DropboxExt.34.dll [2016-05-07] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\turhan\AppData\Roaming\Dropbox\bin\DropboxExt.34.dll [2016-05-07] (Dropbox, Inc.) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk [2014-12-06] ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.) Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk [2009-09-28] ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation) Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk [2009-09-28] ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation) Startup: C:\Users\turhan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\C7141F53D056B.lnk [1899-12-30] ShortcutTarget: C7141F53D056B.lnk -> C:\ProgramData\C7141F53D056.bmp (Keine Datei) Startup: C:\Users\turhan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\C7141F53D056H.lnk [1899-12-30] ShortcutTarget: C7141F53D056H.lnk -> C:\ProgramData\C7141F53D056.html () Startup: C:\Users\turhan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk [2009-12-01] ShortcutTarget: Dell Dock.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation) Startup: C:\Users\turhan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2016-05-16] ShortcutTarget: Dropbox.lnk -> C:\Users\turhan\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) BootExecute: autocheck autochk * bootdelete ==================== Internet (Nicht auf der Ausnahmeliste) ==================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Eintrag entfernt oder auf den Standardwert zurückgesetzt, wenn es sich um einen Registryeintrag handelt.) Tcpip\Parameters: [DhcpNameServer] 192.168.178.1 Tcpip\..\Interfaces\{69A7CD9E-AD5F-4FE9-91B2-4E0B633396AD}: [DhcpNameServer] 192.168.178.1 Internet Explorer: ================== HKU\S-1-5-21-3466485993-4211878275-2006075751-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/ HKU\S-1-5-21-3466485993-4211878275-2006075751-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www1.euro.dell.com/content/default.aspx?c=ie&l=en&s=gen URLSearchHook: HKU\S-1-5-21-3466485993-4211878275-2006075751-1000 - (Kein Name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - Keine Datei BHO: AVG Safe Search -> {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} -> Keine Datei BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.) BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-05-04] (Google Inc.) BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2016-04-29] (Microsoft Corporation) BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-09-28] (Sun Microsystems, Inc.) BHO-x32: HP Print Enhancer -> {0347C33E-8762-4905-BF09-768834316C61} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll [2009-09-20] (Hewlett-Packard Co.) BHO-x32: AVG Safe Search -> {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} -> Keine Datei BHO-x32: Microsoft-Konto-Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.) BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2016-05-04] (Google Inc.) BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2016-04-29] (Microsoft Corporation) BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll [2009-09-28] (Sun Microsystems, Inc.) BHO-x32: HP Smart BHO Class -> {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll [2009-09-20] (Hewlett-Packard Co.) Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-05-04] (Google Inc.) Toolbar: HKLM-x32 - Kein Name - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - Keine Datei Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2016-05-04] (Google Inc.) Toolbar: HKU\S-1-5-21-3466485993-4211878275-2006075751-1000 -> Kein Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - Keine Datei DPF: HKLM-x32 {17492023-C23A-453E-A040-C7C580BBF700} hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab DPF: HKLM-x32 {C3F79A2B-B9B4-4A66-B012-3EE46475B072} hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - Keine Datei Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2016-04-29] (Microsoft Corporation) Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2016-04-29] (Microsoft Corporation) FireFox: ======== FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-12] ( Microsoft Corporation) FF Plugin-x32: @ABNAMRO/BECON,version=1.00 -> C:\Program Files (x86)\ABN AMRO e.dentifier2\Mozilla\npBECON.dll [2011-07-07] (ABN AMRO) FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2015-10-14] () FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2013-10-07] (Google) FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-12] ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL [2009-09-26] (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3508.0205 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2013-02-05] (Microsoft Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-12] (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-12] (Google Inc.) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2016-04-23] (Adobe Systems Inc.) FF Plugin ProgramFiles/Appdata: C:\Users\turhan\AppData\Roaming\mozilla\plugins\cgpcfg.dll [2009-08-14] (Citrix Systems, Inc.) FF Plugin ProgramFiles/Appdata: C:\Users\turhan\AppData\Roaming\mozilla\plugins\CgpCore.dll [2009-08-14] (Citrix Systems, Inc.) FF Plugin ProgramFiles/Appdata: C:\Users\turhan\AppData\Roaming\mozilla\plugins\confmgr.dll [2009-08-14] () FF Plugin ProgramFiles/Appdata: C:\Users\turhan\AppData\Roaming\mozilla\plugins\ctxlogging.dll [2009-08-14] () FF Plugin ProgramFiles/Appdata: C:\Users\turhan\AppData\Roaming\mozilla\plugins\ctxmui.dll [2009-08-14] (Citrix Systems, Inc.) FF Plugin ProgramFiles/Appdata: C:\Users\turhan\AppData\Roaming\mozilla\plugins\icafile.dll [2009-08-14] (Citrix Systems, Inc.) FF Plugin ProgramFiles/Appdata: C:\Users\turhan\AppData\Roaming\mozilla\plugins\icalogon.dll [2009-08-14] (Citrix Systems, Inc.) FF Plugin ProgramFiles/Appdata: C:\Users\turhan\AppData\Roaming\mozilla\plugins\msvcm80.dll [2007-03-16] (Microsoft Corporation) FF Plugin ProgramFiles/Appdata: C:\Users\turhan\AppData\Roaming\mozilla\plugins\msvcp80.dll [2007-03-16] (Microsoft Corporation) FF Plugin ProgramFiles/Appdata: C:\Users\turhan\AppData\Roaming\mozilla\plugins\msvcr80.dll [2007-03-16] (Microsoft Corporation) FF Plugin ProgramFiles/Appdata: C:\Users\turhan\AppData\Roaming\mozilla\plugins\npicaN.dll [2009-08-14] () FF Plugin ProgramFiles/Appdata: C:\Users\turhan\AppData\Roaming\mozilla\plugins\sslsdk_b.dll [2009-08-14] (Citrix Systems, Inc.) FF Plugin ProgramFiles/Appdata: C:\Users\turhan\AppData\Roaming\mozilla\plugins\TcpPServ.dll [2009-08-14] (Citrix Systems, Inc.) FF HKLM-x32\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 FF Extension: HP Smart Web Printing - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2014-12-06] [ist nicht signiert] FF HKU\S-1-5-21-3466485993-4211878275-2006075751-1000\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 Chrome: ======= CHR HomePage: Default -> hxxp://www.google.com/ CHR StartupUrls: Default -> "hxxp://www.google.com/" CHR Profile: C:\Users\turhan\AppData\Local\Google\Chrome\User Data\Default CHR Extension: (Google Docs) - C:\Users\turhan\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-02-25] CHR Extension: (Google Drive) - C:\Users\turhan\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-11-29] CHR Extension: (YouTube) - C:\Users\turhan\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-11-29] CHR Extension: (Google-Suche) - C:\Users\turhan\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-11-29] CHR Extension: (Skype Click to Call) - C:\Users\turhan\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2014-02-25] CHR Extension: (Google Wallet) - C:\Users\turhan\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-02-25] CHR Extension: (Google Mail) - C:\Users\turhan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-11-29] CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2016-04-29] ==================== Dienste (Nicht auf der Ausnahmeliste) ======================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.) R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77104 2015-10-07] (Apple Inc.) R2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe [4948456 2015-05-26] (AVG Technologies CZ, s.r.o.) R2 avgwd; C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe [283136 2013-11-20] (AVG Technologies CZ, s.r.o.) R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1433216 2016-04-29] (Microsoft Corporation) R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1773696 2016-04-29] (Microsoft Corporation) R2 DockLoginService; C:\Program Files\Dell\DellDock\DockLogin.exe [155648 2008-12-18] (Stardock Corporation) [Datei ist nicht signiert] R3 hpqcxs08; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll [249344 2009-09-20] (Hewlett-Packard Co.) [Datei ist nicht signiert] R2 hpqddsvc; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll [133120 2009-09-20] (Hewlett-Packard Co.) [Datei ist nicht signiert] R2 HPSLPSVC; C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL [1037824 2009-09-20] (Hewlett-Packard Co.) [Datei ist nicht signiert] R2 MBAMScheduler; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe [1514464 2016-03-10] (Malwarebytes) R2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [1136608 2016-03-10] (Malwarebytes) R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2008-12-03] (Hewlett-Packard) [Datei ist nicht signiert] R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2008-12-03] (Hewlett-Packard) [Datei ist nicht signiert] R2 ss_conn_service; C:\Users\turhan\Downloads\USB Drivers\25_escape\conn\ss_conn_service.exe [743688 2014-10-13] (DEVGURU Co., LTD.) R2 TomTomHOMEService; C:\Program Files (x86)\TomTomHOMEService.exe [93040 2014-12-19] (TomTom) R2 TuneUp.UtilitiesSvc; C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesService64.exe [2604856 2015-02-25] (AVG Technologies) S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation) ===================== Treiber (Nicht auf der Ausnahmeliste) ========================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.) R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [246072 2013-11-25] (AVG Technologies CZ, s.r.o.) R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [158160 2015-05-21] (AVG Technologies CZ, s.r.o.) R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [209720 2014-11-04] (AVG Technologies CZ, s.r.o.) R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [360400 2015-05-21] (AVG Technologies CZ, s.r.o.) R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [204704 2015-07-03] (AVG Technologies CZ, s.r.o.) R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [45880 2013-10-23] (AVG Technologies CZ, s.r.o.) R1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [249296 2015-05-26] (AVG Technologies CZ, s.r.o.) S3 e.dentifier2; C:\Windows\System32\DRIVERS\aabed2.sys [28672 2008-03-20] (Todos Data System AB) S3 ebdrv; C:\Windows\system32\DRIVERS\evbda.sys [3286016 2009-06-10] (Broadcom Corporation) S3 EsgScanner; C:\Windows\System32\DRIVERS\EsgScanner.sys [22704 2016-05-25] () R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [27008 2016-03-10] (Malwarebytes) R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [192216 2016-05-25] (Malwarebytes) R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [64896 2016-03-10] (Malwarebytes Corporation) S3 MHIKEY10; C:\Windows\System32\Drivers\MHIKEY10x64.sys [59136 2008-05-27] (Generic USB smartcard reader) R3 TuneUpUtilitiesDrv; C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesDriver64.sys [14112 2015-01-13] (TuneUp Software) R3 VIACRX64; C:\Windows\System32\DRIVERS\viacr64.sys [100864 2009-07-14] (VIA Technologies, Inc. ) S3 upperdev; system32\DRIVERS\usbser_lowerfltx64.sys [X] ==================== NetSvcs (Nicht auf der Ausnahmeliste) =================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.) ==================== Ein Monat: Erstellte Dateien und Ordner ======== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.) 2016-05-25 14:25 - 2016-05-25 14:25 - 00003795 _____ C:\Users\turhan\Downloads\malware.txt 2016-05-25 12:59 - 2016-05-25 14:15 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2016-05-25 12:59 - 2016-05-25 12:59 - 00001068 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2016-05-25 12:59 - 2016-05-25 12:59 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 2016-05-25 12:58 - 2016-05-25 12:59 - 00000000 ____D C:\Program Files (x86)\ Malwarebytes Anti-Malware 2016-05-25 12:58 - 2016-05-25 12:58 - 00000000 ____D C:\ProgramData\Malwarebytes 2016-05-25 12:58 - 2016-03-10 14:09 - 00064896 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys 2016-05-25 12:58 - 2016-03-10 14:08 - 00140672 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys 2016-05-25 12:58 - 2016-03-10 14:08 - 00027008 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys 2016-05-25 12:55 - 2016-05-25 12:56 - 22851472 _____ (Malwarebytes ) C:\Users\turhan\Downloads\mbam-setup-2.2.1.1043.exe 2016-05-25 12:26 - 2016-05-25 12:26 - 00000000 ____D C:\Program Files\HitmanPro 2016-05-25 11:43 - 2016-05-25 11:46 - 00041682 _____ C:\Users\turhan\Downloads\Addition.txt 2016-05-25 11:42 - 2016-05-25 14:32 - 00024245 _____ C:\Users\turhan\Downloads\FRST.txt 2016-05-25 11:42 - 2016-05-25 14:30 - 00000000 ____D C:\FRST 2016-05-25 11:42 - 2016-05-25 11:42 - 02382848 _____ (Farbar) C:\Users\turhan\Downloads\FRST64.exe 2016-05-25 09:22 - 2016-05-25 09:22 - 00042822 _____ C:\Windows\system32\.crusader 2016-05-25 09:03 - 2016-05-25 09:57 - 00000000 ____D C:\ProgramData\HitmanPro 2016-05-25 09:03 - 2016-05-25 09:04 - 11438608 _____ (SurfRight B.V.) C:\Users\turhan\Desktop\HitmanPro_x64.exe 2016-05-25 09:02 - 2016-05-25 09:03 - 09096848 _____ (SurfRight B.V.) C:\Users\turhan\Desktop\HitmanPro35.exe 2016-05-25 00:42 - 2016-05-25 00:42 - 00022704 _____ C:\Windows\system32\Drivers\EsgScanner.sys 2016-05-25 00:41 - 2016-05-25 00:42 - 03482800 _____ (Enigma Software Group USA, LLC.) C:\Users\turhan\Desktop\SpyHunter-Installer.exe 2016-05-25 00:32 - 2016-05-25 00:32 - 00000000 _____ C:\autoexec.bat 2016-05-25 00:27 - 2016-05-25 00:28 - 03482800 _____ (Enigma Software Group USA, LLC.) C:\Users\turhan\Downloads\SpyHunter-Installer.exe 2016-05-19 15:30 - 2016-04-09 07:49 - 03217408 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys 2016-05-19 15:14 - 2016-04-09 08:58 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll 2016-05-19 15:14 - 2016-04-09 08:54 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll 2016-05-19 14:39 - 2016-04-09 09:01 - 00986344 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys 2016-05-19 14:39 - 2016-04-09 09:01 - 00264936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgmms1.sys 2016-05-19 14:39 - 2016-04-09 08:57 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\cdd.dll 2016-05-19 13:49 - 2016-04-09 09:02 - 00631176 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi 2016-05-19 13:49 - 2016-04-09 09:01 - 05546216 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe 2016-05-19 13:49 - 2016-04-09 09:01 - 00706280 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi 2016-05-19 13:49 - 2016-04-09 09:01 - 00154344 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys 2016-05-19 13:49 - 2016-04-09 09:01 - 00095464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys 2016-05-19 13:49 - 2016-04-09 08:59 - 03998952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe 2016-05-19 13:49 - 2016-04-09 08:59 - 03943144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe 2016-05-19 13:49 - 2016-04-09 08:59 - 01732864 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll 2016-05-19 13:49 - 2016-04-09 08:58 - 01212928 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll 2016-05-19 13:49 - 2016-04-09 08:58 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll 2016-05-19 13:49 - 2016-04-09 08:58 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll 2016-05-19 13:49 - 2016-04-09 08:58 - 00344064 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll 2016-05-19 13:49 - 2016-04-09 08:58 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll 2016-05-19 13:49 - 2016-04-09 08:58 - 00215552 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll 2016-05-19 13:49 - 2016-04-09 08:58 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll 2016-05-19 13:49 - 2016-04-09 08:58 - 00190464 _____ (Microsoft Corporation) C:\Windows\system32\rpchttp.dll 2016-05-19 13:49 - 2016-04-09 08:58 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll 2016-05-19 13:49 - 2016-04-09 08:58 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll 2016-05-19 13:49 - 2016-04-09 08:58 - 00063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll 2016-05-19 13:49 - 2016-04-09 08:58 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll 2016-05-19 13:49 - 2016-04-09 08:58 - 00028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll 2016-05-19 13:49 - 2016-04-09 08:58 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll 2016-05-19 13:49 - 2016-04-09 08:58 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll 2016-05-19 13:49 - 2016-04-09 08:57 - 01464320 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll 2016-05-19 13:49 - 2016-04-09 08:57 - 01314112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll 2016-05-19 13:49 - 2016-04-09 08:57 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll 2016-05-19 13:49 - 2016-04-09 08:57 - 00880640 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll 2016-05-19 13:49 - 2016-04-09 08:57 - 00730624 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll 2016-05-19 13:49 - 2016-04-09 08:57 - 00690688 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll 2016-05-19 13:49 - 2016-04-09 08:57 - 00463872 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll 2016-05-19 13:49 - 2016-04-09 08:57 - 00419840 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll 2016-05-19 13:49 - 2016-04-09 08:57 - 00316416 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll 2016-05-19 13:49 - 2016-04-09 08:57 - 00312320 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll 2016-05-19 13:49 - 2016-04-09 08:57 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll 2016-05-19 13:49 - 2016-04-09 08:57 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll 2016-05-19 13:49 - 2016-04-09 08:57 - 00059904 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll 2016-05-19 13:49 - 2016-04-09 08:57 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll 2016-05-19 13:49 - 2016-04-09 08:57 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll 2016-05-19 13:49 - 2016-04-09 08:57 - 00034816 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll 2016-05-19 13:49 - 2016-04-09 08:57 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll 2016-05-19 13:49 - 2016-04-09 08:57 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll 2016-05-19 13:49 - 2016-04-09 08:57 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll 2016-05-19 13:49 - 2016-04-09 08:57 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll 2016-05-19 13:49 - 2016-04-09 08:57 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll 2016-05-19 13:49 - 2016-04-09 08:57 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll 2016-05-19 13:49 - 2016-04-09 08:57 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll 2016-05-19 13:49 - 2016-04-09 08:57 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll 2016-05-19 13:49 - 2016-04-09 08:57 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll 2016-05-19 13:49 - 2016-04-09 08:57 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll 2016-05-19 13:49 - 2016-04-09 08:57 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll 2016-05-19 13:49 - 2016-04-09 08:57 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll 2016-05-19 13:49 - 2016-04-09 08:57 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll 2016-05-19 13:49 - 2016-04-09 08:57 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll 2016-05-19 13:49 - 2016-04-09 08:57 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll 2016-05-19 13:49 - 2016-04-09 08:57 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll 2016-05-19 13:49 - 2016-04-09 08:57 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll 2016-05-19 13:49 - 2016-04-09 08:57 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll 2016-05-19 13:49 - 2016-04-09 08:57 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll 2016-05-19 13:49 - 2016-04-09 08:57 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll 2016-05-19 13:49 - 2016-04-09 08:57 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll 2016-05-19 13:49 - 2016-04-09 08:57 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll 2016-05-19 13:49 - 2016-04-09 08:57 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll 2016-05-19 13:49 - 2016-04-09 08:57 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll 2016-05-19 13:49 - 2016-04-09 08:57 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll 2016-05-19 13:49 - 2016-04-09 08:57 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll 2016-05-19 13:49 - 2016-04-09 08:57 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll 2016-05-19 13:49 - 2016-04-09 08:57 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll 2016-05-19 13:49 - 2016-04-09 08:57 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll 2016-05-19 13:49 - 2016-04-09 08:57 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll 2016-05-19 13:49 - 2016-04-09 08:57 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll 2016-05-19 13:49 - 2016-04-09 08:54 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll 2016-05-19 13:49 - 2016-04-09 08:54 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll 2016-05-19 13:49 - 2016-04-09 08:54 - 00666112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll 2016-05-19 13:49 - 2016-04-09 08:54 - 00644096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll 2016-05-19 13:49 - 2016-04-09 08:54 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll 2016-05-19 13:49 - 2016-04-09 08:54 - 00342528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll 2016-05-19 13:49 - 2016-04-09 08:54 - 00275456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll 2016-05-19 13:49 - 2016-04-09 08:54 - 00260608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll 2016-05-19 13:49 - 2016-04-09 08:54 - 00251392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll 2016-05-19 13:49 - 2016-04-09 08:54 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll 2016-05-19 13:49 - 2016-04-09 08:54 - 00171520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll 2016-05-19 13:49 - 2016-04-09 08:54 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll 2016-05-19 13:49 - 2016-04-09 08:54 - 00141312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpchttp.dll 2016-05-19 13:49 - 2016-04-09 08:54 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll 2016-05-19 13:49 - 2016-04-09 08:54 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll 2016-05-19 13:49 - 2016-04-09 08:54 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll 2016-05-19 13:49 - 2016-04-09 08:54 - 00050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll 2016-05-19 13:49 - 2016-04-09 08:54 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll 2016-05-19 13:49 - 2016-04-09 08:54 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll 2016-05-19 13:49 - 2016-04-09 08:54 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll 2016-05-19 13:49 - 2016-04-09 08:54 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll 2016-05-19 13:49 - 2016-04-09 08:54 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll 2016-05-19 13:49 - 2016-04-09 08:54 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll 2016-05-19 13:49 - 2016-04-09 08:54 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll 2016-05-19 13:49 - 2016-04-09 08:54 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll 2016-05-19 13:49 - 2016-04-09 08:54 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll 2016-05-19 13:49 - 2016-04-09 08:54 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll 2016-05-19 13:49 - 2016-04-09 08:54 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll 2016-05-19 13:49 - 2016-04-09 08:54 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll 2016-05-19 13:49 - 2016-04-09 08:54 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll 2016-05-19 13:49 - 2016-04-09 08:54 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll 2016-05-19 13:49 - 2016-04-09 08:54 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll 2016-05-19 13:49 - 2016-04-09 08:54 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll 2016-05-19 13:49 - 2016-04-09 08:54 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll 2016-05-19 13:49 - 2016-04-09 08:54 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll 2016-05-19 13:49 - 2016-04-09 08:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll 2016-05-19 13:49 - 2016-04-09 08:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll 2016-05-19 13:49 - 2016-04-09 08:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll 2016-05-19 13:49 - 2016-04-09 08:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll 2016-05-19 13:49 - 2016-04-09 08:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll 2016-05-19 13:49 - 2016-04-09 08:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll 2016-05-19 13:49 - 2016-04-09 08:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll 2016-05-19 13:49 - 2016-04-09 08:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll 2016-05-19 13:49 - 2016-04-09 08:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll 2016-05-19 13:49 - 2016-04-09 08:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll 2016-05-19 13:49 - 2016-04-09 08:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll 2016-05-19 13:49 - 2016-04-09 07:52 - 00148480 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe 2016-05-19 13:49 - 2016-04-09 07:52 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys 2016-05-19 13:49 - 2016-04-09 07:52 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe 2016-05-19 13:49 - 2016-04-09 07:51 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe 2016-05-19 13:49 - 2016-04-09 07:48 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe 2016-05-19 13:49 - 2016-04-09 07:47 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe 2016-05-19 13:49 - 2016-04-09 07:44 - 00291328 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys 2016-05-19 13:49 - 2016-04-09 07:44 - 00159744 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys 2016-05-19 13:49 - 2016-04-09 07:44 - 00129536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys 2016-05-19 13:49 - 2016-04-09 07:43 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe 2016-05-19 13:49 - 2016-04-09 07:43 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe 2016-05-19 13:49 - 2016-04-09 07:42 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe 2016-05-19 13:49 - 2016-04-09 07:38 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe 2016-05-19 13:49 - 2016-04-09 07:38 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll 2016-05-19 13:49 - 2016-04-09 07:38 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe 2016-05-19 13:49 - 2016-04-09 07:38 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe 2016-05-19 13:49 - 2016-04-09 07:37 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll 2016-05-19 13:49 - 2016-04-09 07:37 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll 2016-05-19 13:49 - 2016-04-09 07:37 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll 2016-05-19 13:49 - 2016-04-09 07:37 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll 2016-05-19 13:49 - 2016-04-09 07:37 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll 2016-05-19 13:47 - 2016-04-09 06:20 - 01230848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll 2016-05-19 13:47 - 2016-04-09 05:52 - 01424896 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll 2016-05-19 13:46 - 2016-04-23 19:08 - 00394960 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll 2016-05-19 13:46 - 2016-04-23 18:24 - 00346312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll 2016-05-19 13:46 - 2016-04-23 07:25 - 25816064 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2016-05-19 13:46 - 2016-04-23 07:16 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2016-05-19 13:46 - 2016-04-23 07:16 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll 2016-05-19 13:46 - 2016-04-23 07:01 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll 2016-05-19 13:46 - 2016-04-23 07:00 - 02893312 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2016-05-19 13:46 - 2016-04-23 07:00 - 00571904 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll 2016-05-19 13:46 - 2016-04-23 07:00 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec 2016-05-19 13:46 - 2016-04-23 07:00 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll 2016-05-19 13:46 - 2016-04-23 07:00 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll 2016-05-19 13:46 - 2016-04-23 06:52 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2016-05-19 13:46 - 2016-04-23 06:51 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll 2016-05-19 13:46 - 2016-04-23 06:48 - 00615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2016-05-19 13:46 - 2016-04-23 06:47 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll 2016-05-19 13:46 - 2016-04-23 06:47 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll 2016-05-19 13:46 - 2016-04-23 06:47 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe 2016-05-19 13:46 - 2016-04-23 06:47 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe 2016-05-19 13:46 - 2016-04-23 06:46 - 06052352 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2016-05-19 13:46 - 2016-04-23 06:40 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe 2016-05-19 13:46 - 2016-04-23 06:36 - 00489984 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll 2016-05-19 13:46 - 2016-04-23 06:29 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll 2016-05-19 13:46 - 2016-04-23 06:27 - 00107520 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll 2016-05-19 13:46 - 2016-04-23 06:25 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll 2016-05-19 13:46 - 2016-04-23 06:24 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2016-05-19 13:46 - 2016-04-23 06:21 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll 2016-05-19 13:46 - 2016-04-23 06:20 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2016-05-19 13:46 - 2016-04-23 06:20 - 00152064 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll 2016-05-19 13:46 - 2016-04-23 06:11 - 20350464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2016-05-19 13:46 - 2016-04-23 06:09 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll 2016-05-19 13:46 - 2016-04-23 06:08 - 00497152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll 2016-05-19 13:46 - 2016-04-23 06:08 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll 2016-05-19 13:46 - 2016-04-23 06:08 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll 2016-05-19 13:46 - 2016-04-23 06:07 - 00725504 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2016-05-19 13:46 - 2016-04-23 06:07 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec 2016-05-19 13:46 - 2016-04-23 06:07 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll 2016-05-19 13:46 - 2016-04-23 06:06 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll 2016-05-19 13:46 - 2016-04-23 06:06 - 00806400 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2016-05-19 13:46 - 2016-04-23 06:05 - 02131968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2016-05-19 13:46 - 2016-04-23 06:04 - 02285568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2016-05-19 13:46 - 2016-04-23 06:02 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2016-05-19 13:46 - 2016-04-23 06:01 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll 2016-05-19 13:46 - 2016-04-23 06:00 - 15415808 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2016-05-19 13:46 - 2016-04-23 05:59 - 00476160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2016-05-19 13:46 - 2016-04-23 05:58 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll 2016-05-19 13:46 - 2016-04-23 05:58 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll 2016-05-19 13:46 - 2016-04-23 05:58 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe 2016-05-19 13:46 - 2016-04-23 05:51 - 02596864 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2016-05-19 13:46 - 2016-04-23 05:50 - 00416256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll 2016-05-19 13:46 - 2016-04-23 05:45 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll 2016-05-19 13:46 - 2016-04-23 05:44 - 00091136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll 2016-05-19 13:46 - 2016-04-23 05:43 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll 2016-05-19 13:46 - 2016-04-23 05:41 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll 2016-05-19 13:46 - 2016-04-23 05:40 - 00279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll 2016-05-19 13:46 - 2016-04-23 05:39 - 01547776 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2016-05-19 13:46 - 2016-04-23 05:39 - 00130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll 2016-05-19 13:46 - 2016-04-23 05:36 - 04611072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2016-05-19 13:46 - 2016-04-23 05:33 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll 2016-05-19 13:46 - 2016-04-23 05:31 - 00693248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2016-05-19 13:46 - 2016-04-23 05:30 - 02056192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl 2016-05-19 13:46 - 2016-04-23 05:30 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll 2016-05-19 13:46 - 2016-04-23 05:28 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll 2016-05-19 13:46 - 2016-04-23 05:26 - 13811200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2016-05-19 13:46 - 2016-04-23 05:12 - 02121216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2016-05-19 13:46 - 2016-04-23 05:09 - 01312256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2016-05-19 13:46 - 2016-04-23 05:07 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll 2016-05-19 13:44 - 2016-04-14 15:49 - 00603648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10level9.dll 2016-05-19 13:44 - 2016-04-14 15:21 - 00647680 _____ (Microsoft Corporation) C:\Windows\system32\d3d10level9.dll 2016-05-18 19:10 - 2016-04-09 08:57 - 00405504 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll 2016-05-18 19:10 - 2016-04-09 08:54 - 00312832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll 2016-05-18 19:04 - 2016-04-06 17:27 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\jnwmon.dll 2016-05-18 19:04 - 2016-03-09 20:54 - 00275456 _____ (Microsoft Corporation) C:\Windows\system32\InkEd.dll 2016-05-18 19:04 - 2016-03-09 20:34 - 00216064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\InkEd.dll 2016-05-16 23:19 - 2016-05-16 23:19 - 00000000 ____D C:\Users\turhan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox 2016-05-09 14:10 - 2016-05-09 14:18 - 00024536 ____R C:\Users\turhan\Desktop\Abrechnung-2.doc.crypt 2016-05-04 11:14 - 2016-02-05 20:56 - 00020480 _____ (Microsoft Corporation) C:\Windows\system32\tbs.dll 2016-05-04 11:14 - 2016-02-05 20:54 - 00109568 _____ (Microsoft Corporation) C:\Windows\system32\fveapibase.dll 2016-05-04 11:14 - 2016-02-05 19:33 - 00015360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tbs.dll 2016-05-04 11:14 - 2015-06-03 22:21 - 00451080 _____ (Microsoft Corporation) C:\Windows\system32\fveapi.dll ==================== Ein Monat: Geänderte Dateien und Ordner ======== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.) 2016-05-25 14:34 - 2010-11-11 15:57 - 00000000 ____D C:\ProgramData\TEMP 2016-05-25 14:25 - 2015-06-18 17:13 - 00001228 _____ C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-3466485993-4211878275-2006075751-1000UA.job 2016-05-25 14:24 - 2009-07-14 06:45 - 00022240 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2016-05-25 14:24 - 2009-07-14 06:45 - 00022240 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2016-05-25 14:20 - 2010-12-22 15:25 - 00000000 ___RD C:\Users\turhan\Dropbox 2016-05-25 14:14 - 2011-05-09 16:47 - 00001106 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2016-05-25 14:14 - 2009-12-01 15:02 - 00000000 ____D C:\Users\turhan\AppData\Local\SoftThinks 2016-05-25 14:14 - 2009-09-28 11:23 - 00000000 ____D C:\Users\Default\AppData\Local\SoftThinks 2016-05-25 14:14 - 2009-09-28 11:23 - 00000000 ____D C:\Users\Default User\AppData\Local\SoftThinks 2016-05-25 14:14 - 2009-09-28 10:59 - 00000000 ____D C:\Program Files (x86)\Dell DataSafe Local Backup 2016-05-25 14:13 - 2011-01-03 00:54 - 00000000 ____D C:\Windows\Msagent 2016-05-25 14:13 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT 2016-05-25 14:12 - 2010-03-24 15:13 - 00000000 ____D C:\Users\Public\Documents\SoftGrid Client 2016-05-25 14:05 - 2011-05-09 16:47 - 00001110 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2016-05-25 13:31 - 2010-11-11 15:09 - 00000000 ____D C:\ProgramData\MFAData 2016-05-25 09:58 - 2015-10-23 16:37 - 00558598 _____ C:\Windows\ntbtlog.txt 2016-05-25 09:22 - 2009-12-06 18:05 - 00000000 ____D C:\Program Files (x86)\Yahoo! 2016-05-25 00:30 - 2009-12-01 15:02 - 00000000 ____D C:\Users\turhan 2016-05-25 00:01 - 2012-04-22 21:56 - 00000000 ____D C:\Users\turhan\Downloads\00000001 2016-05-24 23:56 - 2015-12-14 23:04 - 00000000 ____D C:\Users\turhan\Desktop\leinwand 2016-05-24 22:04 - 2012-02-28 12:55 - 00000000 ____D C:\Users\turhan\Seda 2016-05-24 22:04 - 2009-12-25 14:45 - 00000000 ____D C:\Users\turhan\Süreyya 2016-05-24 21:59 - 2011-09-29 14:23 - 00000000 ____D C:\Users\turhan\Documents\Hakan 2016-05-24 21:25 - 2015-06-18 17:13 - 00001176 _____ C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-3466485993-4211878275-2006075751-1000Core.job 2016-05-24 17:32 - 2012-03-15 17:23 - 00000000 ____D C:\Users\turhan\karikatür 2016-05-24 17:32 - 2011-05-11 16:23 - 00000000 ____D C:\Users\turhan\hakan 2016-05-24 17:32 - 2010-04-13 13:23 - 00000000 ____D C:\Users\turhan\ivir zivir 2016-05-24 16:59 - 2012-04-03 14:17 - 00000000 ____D C:\Users\turhan\Downloads\printxml 2016-05-24 16:56 - 2015-12-21 18:24 - 00000000 ___RD C:\Users\turhan\Documents\Scanned Documents 2016-05-24 16:56 - 2012-04-22 21:56 - 00000000 ____D C:\Users\turhan\Downloads\Log 2016-05-24 16:56 - 2010-01-07 21:57 - 00000000 ____D C:\Users\turhan\Downloads\doPDF 7 2016-05-24 16:53 - 2010-06-23 16:35 - 00000000 __RSD C:\Users\turhan\Documents\My Stationery 2016-05-24 16:49 - 2013-03-10 14:01 - 00000000 ____D C:\Users\turhan\Documents\Eigene Scans 2016-05-24 16:49 - 2012-04-25 14:39 - 00000000 ___SD C:\Users\turhan\Documents\Eigene Datenquellen 2016-05-24 16:48 - 2014-09-06 22:47 - 00000000 ____D C:\Users\turhan\Desktop\teyzemler 14 2016-05-24 16:38 - 2012-11-12 17:31 - 00000000 ____D C:\Users\turhan\Desktop\InkscapePortable 2016-05-24 16:35 - 2014-09-13 17:36 - 00000000 ____D C:\Users\turhan\Desktop\gezi 2016-05-24 16:29 - 2016-04-24 18:06 - 00000000 ____D C:\Users\turhan\Desktop\disney 2016-05-24 16:28 - 2015-07-05 20:37 - 00000000 ____D C:\Users\turhan\Desktop\abiball fotos 2016-05-24 15:54 - 2015-07-22 02:32 - 00000000 ____D C:\Users\turhan\Desktop\100DSCIM 2016-05-24 15:53 - 2009-12-25 14:46 - 00000000 ____D C:\Users\turhan\Derya 2016-05-24 15:49 - 2015-04-07 15:51 - 00000000 ____D C:\Users\turhan\AU 2016-05-24 15:42 - 2010-11-24 20:02 - 00000000 ____D C:\0f105e31b782a2f23ac9b8b6176385f7 2016-05-24 15:42 - 2010-04-04 18:17 - 00000000 ____D C:\EViews3 2016-05-24 15:42 - 2010-04-04 18:15 - 00000000 ____D C:\Example Files 2016-05-24 15:42 - 2010-04-04 18:15 - 00000000 ____D C:\Docs 2016-05-20 19:06 - 2015-03-25 13:28 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk 2016-05-20 18:41 - 2009-07-14 06:45 - 00360312 _____ C:\Windows\system32\FNTCACHE.DAT 2016-05-20 18:19 - 2009-07-14 19:58 - 00699876 _____ C:\Windows\system32\perfh007.dat 2016-05-20 18:19 - 2009-07-14 19:58 - 00149758 _____ C:\Windows\system32\perfc007.dat 2016-05-20 18:19 - 2009-07-14 07:13 - 01622260 _____ C:\Windows\system32\PerfStringBackup.INI 2016-05-20 18:19 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\inf 2016-05-20 18:06 - 2014-12-13 18:11 - 00000000 ____D C:\Windows\system32\appraiser 2016-05-20 18:06 - 2009-07-14 20:18 - 00000000 ____D C:\Program Files\Windows Journal 2016-05-18 20:02 - 2013-07-13 02:48 - 00000000 ____D C:\Windows\system32\MRT 2016-05-18 18:37 - 2009-12-16 00:18 - 139319312 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe 2016-05-18 14:05 - 2013-11-28 14:07 - 00002149 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk 2016-05-18 14:05 - 2013-11-28 14:07 - 00002137 _____ C:\Users\Public\Desktop\Google Chrome.lnk 2016-05-18 14:02 - 2015-03-25 13:52 - 00003886 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task 2016-05-16 23:20 - 2010-12-22 15:20 - 00000000 ____D C:\Users\turhan\AppData\Roaming\Dropbox 2016-05-12 16:00 - 2011-05-09 16:47 - 00004106 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA 2016-05-12 16:00 - 2011-05-09 16:47 - 00003854 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore 2016-05-06 18:12 - 2015-04-05 15:53 - 00000000 ___SD C:\Windows\SysWOW64\GWX 2016-05-06 18:12 - 2015-04-05 15:53 - 00000000 ___SD C:\Windows\system32\GWX 2016-05-05 18:03 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\rescache 2016-05-05 17:05 - 2012-10-29 21:01 - 00000000 ___RD C:\Program Files (x86)\Skype ==================== Dateien im Wurzelverzeichnis einiger Verzeichnisse ======= 2015-10-14 23:26 - 2015-10-14 23:26 - 0124133 _____ () C:\Program Files\Acknowledgements.rtf 2015-12-09 16:10 - 2015-12-09 16:10 - 3370128 _____ (Gracenote, Inc.) C:\Program Files\gnsdk_dsp.dll 2015-12-09 16:12 - 2015-12-09 16:12 - 0165520 _____ (Gracenote, Inc.) C:\Program Files\gnsdk_link.dll 2015-12-09 16:11 - 2015-12-09 16:11 - 2199696 _____ (Gracenote, Inc.) C:\Program Files\gnsdk_manager.dll 2015-12-09 16:10 - 2015-12-09 16:10 - 0870544 _____ (Gracenote, Inc.) C:\Program Files\gnsdk_musicid.dll 2015-12-09 16:11 - 2015-12-09 16:11 - 0325776 _____ (Gracenote, Inc.) C:\Program Files\gnsdk_submit.dll 2015-12-09 16:12 - 2015-12-09 16:12 - 2404624 _____ (Apple, Inc) C:\Program Files\iAdCore.dll 2015-12-09 16:12 - 2015-12-09 16:12 - 3082024 _____ (Apple Inc.) C:\Program Files\iPodUpdaterExt.dll 2015-12-09 16:10 - 2015-12-09 16:10 - 3044624 _____ (Apple Inc.) C:\Program Files\iTunes.exe 2015-12-09 16:10 - 2015-12-09 16:10 - 0557328 _____ (Apple Inc.) C:\Program Files\iTunesAdmin.dll 2015-12-09 16:12 - 2015-12-09 16:12 - 37298960 _____ (Apple Inc.) C:\Program Files\iTunesCore.dll 2015-12-09 16:10 - 2015-12-09 16:10 - 0205584 _____ (Apple Inc.) C:\Program Files\iTunesHelper.dll 2015-12-09 16:11 - 2015-12-09 16:11 - 0170256 _____ (Apple Inc.) C:\Program Files\iTunesHelper.exe 2015-12-09 16:11 - 2015-12-09 16:11 - 0155920 _____ (Apple Inc.) C:\Program Files\iTunesMiniPlayer.dll 2014-12-19 09:38 - 2014-12-19 09:38 - 0105312 _____ (TomTom International B.V.) C:\Program Files (x86)\TomTomHOME.exe 2014-12-19 09:38 - 2014-12-19 09:38 - 0248176 _____ (TomTom) C:\Program Files (x86)\TomTomHOMERunner.exe 2014-12-19 09:38 - 2014-12-19 09:38 - 0093040 _____ (TomTom) C:\Program Files (x86)\TomTomHOMEService.exe 2009-12-08 16:42 - 2010-04-24 17:39 - 0000670 _____ () C:\Users\turhan\AppData\Roaming\DataSafeDotNet.exe 2011-02-23 22:44 - 2012-11-20 22:25 - 0000482 _____ () C:\Users\turhan\AppData\Roaming\wklnhst.dat 2011-09-02 23:17 - 2011-09-02 23:17 - 0000000 _____ () C:\Users\turhan\AppData\Local\{038B4C18-0839-4EA2-89AE-F3079537B810} 1601-03-12 15:17 - 1601-03-12 15:17 - 0014193 _____ () C:\ProgramData\C7141F53D056.html Einige Dateien in TEMP: ==================== C:\Users\turhan\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpvmg3p1.dll C:\Users\turhan\AppData\Local\Temp\GUR1B9A.exe C:\Users\turhan\AppData\Local\Temp\HitmanPro.exe Einige mit null Byte Größe Dateien/Ordner: ========================== C:\Windows\javcorain.dll C:\Windows\javcorbin.dll C:\Windows\sntlevel.dll ==================== Bamital & volsnap ================= (Es ist kein automatischer Fix für Dateien vorhanden, die an der Verifikation gescheitert sind.) C:\Windows\system32\winlogon.exe => Datei ist digital signiert C:\Windows\system32\wininit.exe => Datei ist digital signiert C:\Windows\SysWOW64\wininit.exe => Datei ist digital signiert C:\Windows\explorer.exe => Datei ist digital signiert C:\Windows\SysWOW64\explorer.exe => Datei ist digital signiert C:\Windows\system32\svchost.exe => Datei ist digital signiert C:\Windows\SysWOW64\svchost.exe => Datei ist digital signiert C:\Windows\system32\services.exe => Datei ist digital signiert C:\Windows\system32\User32.dll => Datei ist digital signiert C:\Windows\SysWOW64\User32.dll => Datei ist digital signiert C:\Windows\system32\userinit.exe => Datei ist digital signiert C:\Windows\SysWOW64\userinit.exe => Datei ist digital signiert C:\Windows\system32\rpcss.dll => Datei ist digital signiert C:\Windows\system32\dnsapi.dll => Datei ist digital signiert C:\Windows\SysWOW64\dnsapi.dll => Datei ist digital signiert C:\Windows\system32\Drivers\volsnap.sys => Datei ist digital signiert LastRegBack: 2016-05-04 17:43 ==================== Ende von FRST.txt ============================ Addition.txt Code:
ATTFilter Zusätzliches Untersuchungsergebnis von Farbar Recovery Scan Tool (x64) Version:24-05-2016 01
durchgeführt von turhan (2016-05-25 14:34:26)
Gestartet von C:\Users\turhan\Downloads
Windows 7 Home Premium Service Pack 1 (X64) (2009-12-01 13:02:43)
Start-Modus: Normal
==========================================================
==================== Konten: =============================
Administrator (S-1-5-21-3466485993-4211878275-2006075751-500 - Administrator - Disabled)
Gast (S-1-5-21-3466485993-4211878275-2006075751-501 - Limited - Enabled)
HomeGroupUser$ (S-1-5-21-3466485993-4211878275-2006075751-1002 - Limited - Enabled)
turhan (S-1-5-21-3466485993-4211878275-2006075751-1000 - Administrator - Enabled) => C:\Users\turhan
==================== Sicherheits-Center ========================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er entfernt.)
AV: AVG AntiVirus Free Edition 2013 (Enabled - Out of date) {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
AV: AVG update module (Disabled - Up to date) {4D41356F-32AD-7C42-C820-63775EE4F413}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: AVG update module (Disabled - Up to date) {F620D48B-1497-73CC-F290-58052563BEAE}
AS: AVG AntiVirus Free Edition 2013 (Enabled - Out of date) {B5F5C120-2089-702E-0001-553BB0D5A664}
==================== Installierte Programme ======================
(Nur Adware-Programme mit dem Zusatz "Hidden" können in die Fixlist aufgenommen werden, um sie sichtbar zu machen. Die Adware-Programme sollten manuell deinstalliert werden.)
1400 (x32 Version: 130.0.365.000 - Hewlett-Packard) Hidden
1400_Help (x32 Version: 82.0.242.000 - Hewlett-Packard) Hidden
1400Trb (x32 Version: 82.0.242.000 - Hewlett-Packard) Hidden
64 Bit HP CIO Components Installer (Version: 6.2.1 - Hewlett-Packard) Hidden
ABN AMRO e.dentifier2 software (HKLM-x32\...\{55BF7E3E-F00A-4A3D-BB76-09228B35FFD6}) (Version: 02.00 - ABN AMRO BANK)
Adobe Flash Player 17 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 17.0.0.134 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.16) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.16 - Adobe Systems Incorporated)
Advanced Audio FX Engine (HKLM-x32\...\Advanced Audio FX Engine) (Version: 1.12.05 - Creative Technology Ltd)
AIO_CDB_ProductContext (x32 Version: 130.0.365.000 - Hewlett-Packard) Hidden
AIO_CDB_Software (x32 Version: 130.0.365.000 - Hewlett-Packard) Hidden
AIO_Scan (x32 Version: 130.0.421.000 - Hewlett-Packard) Hidden
Apple Application Support (32-Bit) (HKLM-x32\...\{C5815ACF-FD34-4553-8A22-C7411B7E662B}) (Version: 4.1.1 - Apple Inc.)
Apple Application Support (64-Bit) (HKLM\...\{CBF12D2F-CF64-4CB7-858B-2C1F21068E5F}) (Version: 4.1.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{3540181E-340A-4E7A-B409-31663472B2F7}) (Version: 9.1.0.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{FFD1F7F1-1AC9-4BC4-A908-0686D635ABAF}) (Version: 2.1.4.131 - Apple Inc.)
AVG 2013 (HKLM\...\AVG) (Version: 2013.0.3532 - AVG Technologies)
AVG 2013 (Version: 13.0.3532 - AVG Technologies) Hidden
AVG 2013 (Version: 13.0.4365 - AVG Technologies) Hidden
AVG PC Tuneup 2011 (HKLM-x32\...\{50316C0A-CC2A-460A-9EA5-F486E54AC17D}_is1) (Version: 10.0.0.23 - AVG)
AVG PC TuneUp 2015 (de-DE) (x32 Version: 15.0.1001.403 - AVG Technologies) Hidden
AVG PC TuneUp 2015 (HKLM-x32\...\AVG PC TuneUp) (Version: 15.0.1001.403 - AVG Technologies)
AVG PC TuneUp 2015 (x32 Version: 15.0.1001.403 - AVG Technologies) Hidden
AVM FRITZ!Box Dokumentation (HKLM-x32\...\AVMFBox) (Version: - AVM Berlin)
Bewerbungsmuster für Hochschulabsolventen (HKLM-x32\...\Hochschulabsolventen) (Version: - )
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
BufferChm (x32 Version: 130.0.331.000 - Hewlett-Packard) Hidden
Citrix XenApp Web Plugin (HKLM-x32\...\{C0B165DC-F037-483F-B1C9-D89D91529CEB}) (Version: 11.0.150.5357 - Citrix Systems, Inc.)
Compatibility Pack für 2007 Office System (HKLM-x32\...\{90120000-0020-0407-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Conexant HD Audio (HKLM\...\CNXT_AUDIO_HDA) (Version: 4.98.4.60 - Conexant)
Copy (x32 Version: 130.0.428.000 - Hewlett-Packard) Hidden
CS881X & MTM80X Driver(Auto Installation, Safely Remove Feature, Icon Utility) (HKLM-x32\...\{8BD7D8D6-5E89-42B5-A313-5E75128BC144}) (Version: 2.80.0000 - Myson Century, Inc.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Dell DataSafe Local Backup - Support Software (HKLM-x32\...\{A9668246-FB70-4103-A1E3-66C9BC2EFB49}) (Version: 9.4.60 - Dell)
Dell DataSafe Local Backup (HKLM-x32\...\{0ED7EE95-6A97-47AA-AD73-152C08A15B04}) (Version: 9.4.60 - Dell)
Dell DataSafe Online (HKLM-x32\...\{13766F76-6C8C-4E57-A9F3-3212D1C6E0D1}) (Version: 1.1.0029 - Dell, Inc.)
Dell Dock (HKLM\...\{E60B7350-EA5F-41E0-9D6F-E508781E36D2}) (Version: 2.0.0 - Dell)
Dell Edoc Viewer (HKLM\...\{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}) (Version: 1.0.0 - Dell Inc)
Dell Getting Started Guide (HKLM-x32\...\{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}) (Version: 1.00.0000 - Dell Inc.)
Dell Webcam Central (HKLM-x32\...\Dell Webcam Central) (Version: 1.40.05 - Creative Technology Ltd)
Destinations (x32 Version: 130.0.0.0 - Hewlett-Packard) Hidden
DeviceDiscovery (x32 Version: 130.0.465.000 - Hewlett-Packard) Hidden
DocProc (x32 Version: 13.0.0.0 - Hewlett-Packard) Hidden
doPDF 7.0 printer (HKLM\...\doPDF 7 printer_is1) (Version: - Softland)
Dropbox (HKU\S-1-5-21-3466485993-4211878275-2006075751-1000\...\Dropbox) (Version: 3.20.1 - Dropbox, Inc.)
EndNote 9.0.1 Volume License Edition (HKLM-x32\...\{53C020C2-8C1A-11D9-8BDE-F66BAD1E3F3A}) (Version: 9.0.1.1748 - Thomson ResearchSoft)
EViews 3.1 (HKLM-x32\...\EViews 3.1) (Version: - )
Fax (x32 Version: 130.0.418.000 - Hewlett-Packard) Hidden
Fotogalerie (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Free Audio Converter version 5.0.54.1215 (HKLM-x32\...\Free Audio Converter_is1) (Version: 5.0.54.1215 - DVDVideoSoft Ltd.)
Free PDF to Word Converter 1.3 (HKLM-x32\...\Free PDF to Word Converter_is1) (Version: - Free-PDF-to-Word.com)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 50.0.2661.102 - Google Inc.)
Google Earth Plug-in (HKLM-x32\...\{4AB54F11-2F8C-11E3-B09F-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.7619.1252 - Google Inc.)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.30.3 - Google Inc.) Hidden
GPBaseService2 (x32 Version: 130.0.371.000 - Hewlett-Packard) Hidden
Haufe Runtime (HKLM-x32\...\Runtime) (Version: - )
HP Customer Participation Program 13.0 (HKLM\...\HPExtendedCapabilities) (Version: 13.0 - HP)
HP Imaging Device Functions 13.0 (HKLM\...\HP Imaging Device Functions) (Version: 13.0 - HP)
HP Photosmart Essential 3.5 (HKLM\...\HP Photosmart Essential) (Version: 3.5 - HP)
HP Photosmart Officejet and Deskjet All-In-One Driver Software 13.0 Rel. B (HKLM\...\{B61ED343-0B14-4241-999C-490CB1A20DA4}) (Version: 13.0 - HP)
HP Smart Web Printing 4.51 (HKLM\...\HP Smart Web Printing) (Version: 4.51 - HP)
HP Solution Center 13.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 13.0 - HP)
HP Update (HKLM-x32\...\{7059BDA7-E1DB-442C-B7A1-6144596720A4}) (Version: 4.000.011.006 - Hewlett-Packard)
HPPhotoGadget (x32 Version: 130.0.282.000 - Hewlett-Packard) Hidden
HPPhotoSmartDiscLabelContent1 (x32 Version: 2.04.0000 - Hewlett-Packard) Hidden
HPPhotosmartEssential (x32 Version: 2.04.0000 - Hewlett-Packard) Hidden
HPProductAssistant (x32 Version: 130.0.371.000 - Hewlett-Packard) Hidden
HPSSupply (x32 Version: 130.0.371.000 - Hewlett-Packard) Hidden
Intel(R) Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version: - Intel Corporation)
ISI ResearchSoft - Export Helper (HKLM-x32\...\ISI ResearchSoft - Export Helper) (Version: - )
iTunes (HKLM\...\{0D44E3A4-6C3D-45D7-B443-079509E5BE5D}) (Version: 12.3.2.35 - Apple Inc.)
Java(TM) 6 Update 14 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86416014FF}) (Version: 6.0.140 - Sun Microsystems, Inc.)
Java(TM) 6 Update 14 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83216014FF}) (Version: 6.0.140 - Sun Microsystems, Inc.)
Junk Mail filter update (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Lexware Info Service (HKLM-x32\...\{15B2BC56-D179-4450-84B9-7A8D7F4CE1B9}) (Version: 2.70.00.0081 - Haufe-Lexware GmbH & Co.KG)
Live! Cam Avatar Creator (HKLM-x32\...\{65D0C510-D7B6-4438-9FC8-E6B91115AB0D}) (Version: 4.6.3009.1 - Creative Technology Ltd)
Malwarebytes Anti-Malware Version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
MarketResearch (x32 Version: 130.0.374.000 - Hewlett-Packard) Hidden
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Office Click-to-Run 2010 (Beta) (HKLM-x32\...\Office14.Click2Run) (Version: 14.0.4536.1000 - Microsoft Corporation)
Microsoft Office Home and Business 2010 (Beta) - Deutsch (HKLM-x32\...\{20140062-0062-0407-0000-0000000FF1CE}) (Version: 14.0.4545.1000 - Microsoft Corporation)
Microsoft Office Outlook Connector (HKLM-x32\...\{95140000-007A-0407-0000-0000000FF1CE}) (Version: 14.0.5118.5000 - Microsoft Corporation)
Microsoft Office XP Professional mit FrontPage (HKLM-x32\...\{90280407-6000-11D3-8CFE-0050048383C9}) (Version: 10.0.6626.0 - Microsoft Corporation)
Microsoft Outlook Social Connector Provider for Windows Live Messenger 32-bit (HKLM-x32\...\{95140000-007D-0409-0000-0000000FF1CE}) (Version: 14.0.5120.5000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.41212.0 - Microsoft Corporation)
Microsoft SkyDrive (HKU\S-1-5-21-3466485993-4211878275-2006075751-1000\...\SkyDriveSetup.exe) (Version: 16.4.6013.0910 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{052bac4a-6f79-46d4-a024-1ce1b4f73cd4}) (Version: 8.0.58299 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148 (HKLM\...\{EE936C7A-EA40-31D5-9B65-8E3E089C3828}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570 (HKLM\...\{8338783A-0968-3B85-AFC7-BAAE0A63DC50}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM-x32\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{6AFCA4E1-9B78-3640-8F72-A7BF33448200}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{820B6609-4C97-3A2B-B644-573B06A0F0CC}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Works (HKLM-x32\...\{39D0E034-1042-4905-BECB-5502909FCB7C}) (Version: 9.7.0621 - Microsoft Corporation)
Movie Maker (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MyFreeCodec (HKU\S-1-5-21-3466485993-4211878275-2006075751-1000\...\MyFreeCodec) (Version: - )
Network64 (Version: 130.0.572.000 - Hewlett-Packard) Hidden
OCR Software by I.R.I.S. 13.0 (HKLM\...\HPOCR) (Version: 13.0 - HP)
PowerDVD DX (HKLM-x32\...\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}) (Version: 8.3.6107 - CyberLink Corp.)
QuickSteuer 2011 compact (HKLM-x32\...\{C578111E-1D7E-4004-9871-229D93323A7D}) (Version: 17.07.00.0001 - Haufe-Lexware GmbH & Co.KG)
Rossmann Fotowelt Software 4.12.1 (HKLM-x32\...\Rossmann Fotowelt Software) (Version: 4.12.1 - ORWO Net)
Roxio Burn (HKLM-x32\...\{B2E47DE7-800B-40BB-BD1F-9F221C3AEE87}) (Version: 1.0 - Roxio)
Samsung Kies (HKLM-x32\...\InstallShield_{758C8301-2696-4855-AF45-534B1200980A}) (Version: 2.6.3.14123.5 - Samsung Electronics Co., Ltd.)
Samsung Kies (x32 Version: 2.6.3.14123.5 - Samsung Electronics Co., Ltd.) Hidden
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.49.0 - SAMSUNG Electronics Co., Ltd.)
Scan (x32 Version: 13.0.0.0 - Hewlett-Packard) Hidden
Shop for HP Supplies (HKLM\...\Shop for HP Supplies) (Version: 13.0 - HP)
Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 8.1.0.9134 - Microsoft Corporation)
Skype™ 7.0 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.0.102 - Skype Technologies S.A.)
SmartWebPrinting (x32 Version: 130.0.457.000 - Hewlett-Packard) Hidden
SolutionCenter (x32 Version: 130.0.373.000 - Hewlett-Packard) Hidden
Status (x32 Version: 130.0.469.000 - Hewlett-Packard) Hidden
The Moving Man (HKU\S-1-5-21-3466485993-4211878275-2006075751-1000\...\The Moving Man) (Version: - University of Colorado, Department of Physics)
TomTom HOME (HKLM-x32\...\{7A2BB1C8-903D-4585-9F3B-CADD67D07D37}) (Version: 2.9.8 - Ihr Firmenname)
TomTom HOME (HKLM-x32\...\{BB05590A-6602-43F3-A400-77EA0976BC0A}) (Version: 2.9.8 - Ihr Firmenname)
TomTom HOME Visual Studio Merge Modules (HKLM-x32\...\{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}) (Version: 1.0.2 - TomTom International B.V.)
Toolbox (x32 Version: 130.0.648.000 - Hewlett-Packard) Hidden
TrayApp (x32 Version: 130.0.422.000 - Hewlett-Packard) Hidden
UnloadSupport (x32 Version: 11.0.0 - Hewlett-Packard) Hidden
Visual C++ 8.0 Runtime Setup Package (x64) (HKLM-x32\...\{2FDBBCEA-62DB-45F4-B6E5-0E1FB2A1F29D}) (Version: 9.0.0.623 - AVG Technologies CZ, s.r.o.)
Visual Studio 2008 x64 Redistributables (HKLM-x32\...\{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}) (Version: 10.0.0.2 - AVG Technologies)
Visual Studio 2010 x64 Redistributables (HKLM\...\{21B133D6-5979-47F0-BE1C-F6A6B304693F}) (Version: 13.0.0.1 - AVG Technologies)
WebReg (x32 Version: 130.0.132.017 - Hewlett-Packard) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3508.0205 - Microsoft Corporation)
Windows Live Sync (HKLM-x32\...\{B10914FD-8812-47A4-85A1-50FCDE7F1F33}) (Version: 14.0.8117.416 - Microsoft Corporation)
WinRAR archiver (HKLM-x32\...\WinRAR archiver) (Version: - )
==================== Benutzerdefinierte CLSID (Nicht auf der Ausnahmeliste): ==========================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
CustomCLSID: HKU\S-1-5-21-3466485993-4211878275-2006075751-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\turhan\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3466485993-4211878275-2006075751-1000_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Users\turhan\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3466485993-4211878275-2006075751-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\turhan\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3466485993-4211878275-2006075751-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\turhan\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3466485993-4211878275-2006075751-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\turhan\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3466485993-4211878275-2006075751-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\turhan\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3466485993-4211878275-2006075751-1000_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\turhan\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3466485993-4211878275-2006075751-1000_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\turhan\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3466485993-4211878275-2006075751-1000_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\turhan\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3466485993-4211878275-2006075751-1000_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\turhan\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3466485993-4211878275-2006075751-1000_Classes\CLSID\{FBC9D74C-AF55-4309-9FB2-C426E071637F}\InprocServer32 -> C:\Users\turhan\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll (Dropbox, Inc.)
==================== Geplante Aufgaben (Nicht auf der Ausnahmeliste) =============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
Task: {08977614-8FF5-4E55-B72F-5BA813E59DBF} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)
Task: {1E5F56E8-FD42-4EE7-944F-DBBB89095606} - System32\Tasks\{89374A84-2039-41A7-B599-E5CE4F1E084A} => pcalua.exe -a "C:\Users\turhan\Derya\Eviews3.1\disk 1\SETUP.EXE" -d "C:\Users\turhan\Derya\Eviews3.1\disk 1"
Task: {25DFCCB2-0671-4938-9C13-80F06A0056B5} - System32\Tasks\AVG\PC Tuneup 2011\Integrator\Start On Windows Logon => C:\Program Files (x86)\AVG\AVG PC Tuneup 2011\BoostSpeed.exe [2010-10-08] (AVG)
Task: {2B0B6119-8983-4592-87C8-E00164E62BA7} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-04-22] (Adobe Systems Incorporated)
Task: {57B79691-31A6-4AB9-97AB-B14C276A6305} - System32\Tasks\{3F616E94-C145-427D-9718-1303B9BF9DCA} => C:\Users\turhan\Downloads\Microsoft Office\OFFICE11\EXCEL.EXE [2009-10-08] (Microsoft Corporation)
Task: {67657EF4-8D44-48CC-8A08-8BBE747C71AA} - System32\Tasks\{BA490C07-D630-4308-BC3B-4CFB47A06D5C} => C:\Users\turhan\Desktop\Microsoft Office\OFFICE11\WINWORD.EXE
Task: {809DDCD6-9FEC-4281-A6CB-A6B6BB4140D3} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)
Task: {8202AA7E-1EE6-4406-AF66-F5DE1455F380} - System32\Tasks\{FB4B3B32-646D-432E-995A-2266C4626851} => C:\Users\turhan\Desktop\Microsoft Office\Office12\Moc.exe
Task: {945368AD-6531-4A07-83A6-7929F73F3AD7} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-3466485993-4211878275-2006075751-1000Core => C:\Users\turhan\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2015-06-18] (Dropbox, Inc.)
Task: {95D7159C-1A12-4758-ABDF-A23297F47F84} - System32\Tasks\TuneUpUtilities_Task_BkGndMaintenance2013 => C:\Program Files (x86)\AVG\AVG PC TuneUp\OneClick.exe [2015-02-25] (AVG Technologies)
Task: {9A08A805-860A-494E-94E2-0E0C8C8D1AF1} - System32\Tasks\{630576AE-7CCA-45BA-BC8D-4A46D7ADED7F} => C:\Users\turhan\Desktop\Microsoft Office\Office12\excelcnv.exe
Task: {B362C5D7-A028-4282-8723-1B8239D3C413} - System32\Tasks\{B497DEA9-8401-4BC8-98E6-743773EA1C58} => pcalua.exe -a D:\setup.exe -d D:\
Task: {B4BF7062-6F64-4238-BCD0-A5014480D4C8} - System32\Tasks\Games\UpdateCheck_S-1-5-21-3466485993-4211878275-2006075751-1000
Task: {BC28C599-280A-4CC6-AD9E-8956BA3ED892} - System32\Tasks\{CC2E018D-5A73-4B6F-B3CA-1FBD508C8990} => C:\Users\turhan\Desktop\Microsoft Office\Office12\excelcnv.exe
Task: {BD846700-039D-4A9A-9553-260773D259E1} - System32\Tasks\Java(TM) Platform SE 6 U14 => C:\Program Files (x86)\Java\jre6\bin\jusched.exe [2009-09-28] (Sun Microsystems, Inc.)
Task: {C33254DA-CD47-42CE-9EAE-0EBA5A380940} - System32\Tasks\{5022A4FB-2487-4878-9167-5BCBAD1FCA98} => C:\Users\turhan\Desktop\Microsoft Office\Office12\excelcnv.exe
Task: {CFE3FB3D-6F67-4C18-AA64-129918F22649} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-3466485993-4211878275-2006075751-1000UA => C:\Users\turhan\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2015-06-18] (Dropbox, Inc.)
Task: {F50058F7-A99F-42C1-A8E6-0C4C2692C86F} - System32\Tasks\{CB9CD5A8-E4D3-4291-A6EE-2CC4A31344B0} => pcalua.exe -a C:\Users\turhan\Downloads\free-pdf-to-word-converter.exe -d C:\Users\turhan\Downloads
Task: {FF298C64-A403-4FF5-8710-DB154EAEAA31} - System32\Tasks\{96F30807-6411-4A39-B21F-43A8EB2DF57F} => C:\Users\turhan\Downloads\Microsoft Office\OFFICE11\EXCEL.EXE [2009-10-08] (Microsoft Corporation)
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Aufgabe verschoben. Die Datei, die durch die Aufgabe gestartet wird, wird nicht verschoben.)
Task: C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-3466485993-4211878275-2006075751-1000Core.job => C:\Users\turhan\AppData\Local\Dropbox\Update\DropboxUpdate.exe
Task: C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-3466485993-4211878275-2006075751-1000UA.job => C:\Users\turhan\AppData\Local\Dropbox\Update\DropboxUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
==================== Verknüpfungen =============================
(Die Einträge können gelistet werden, um sie zurückzusetzen oder zu entfernen.)
==================== Geladene Module (Nicht auf der Ausnahmeliste) ==============
2015-11-20 15:57 - 2015-11-20 15:57 - 00085800 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2015-11-20 15:57 - 2015-11-20 15:57 - 01328912 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2015-02-25 09:25 - 2015-02-25 09:25 - 00712504 _____ () C:\Program Files (x86)\AVG\AVG PC TuneUp\avgrepliba.dll
2009-09-28 10:59 - 2011-08-18 18:05 - 02751808 _____ () C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE
2015-02-25 09:25 - 2015-02-25 09:25 - 00855864 _____ () C:\Program Files (x86)\AVG\AVG PC TuneUp\tulnga.dll
2009-07-07 17:23 - 2009-07-07 17:23 - 01779952 _____ () C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe
2009-06-19 04:46 - 2009-06-19 04:46 - 00494064 _____ () C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe
2016-05-20 19:11 - 2016-05-20 19:11 - 00472576 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_64\VistaBridgeLibrary\be1b42c38631446b46bbc19e9c3807dd\VistaBridgeLibrary.ni.dll
2010-11-11 15:57 - 2010-10-08 11:21 - 00350024 _____ () C:\Program Files (x86)\AVG\AVG PC Tuneup 2011\madExcept_.bpl
2010-11-11 15:57 - 2010-10-08 11:21 - 00184136 _____ () C:\Program Files (x86)\AVG\AVG PC Tuneup 2011\madBasic_.bpl
2010-11-11 15:57 - 2010-10-08 11:21 - 00050504 _____ () C:\Program Files (x86)\AVG\AVG PC Tuneup 2011\madDisAsm_.bpl
2009-07-07 17:24 - 2009-07-07 17:24 - 00268528 _____ () C:\Program Files (x86)\Dell DataSafe Online\SdbShared.dll
2009-07-07 17:23 - 2009-07-07 17:23 - 00058608 _____ () C:\Program Files (x86)\Dell DataSafe Online\BalloonWindow.dll
2009-07-07 17:24 - 2009-07-07 17:24 - 00095472 _____ () C:\Program Files (x86)\Dell DataSafe Online\SdbUI.dll
2009-07-07 17:24 - 2009-07-07 17:24 - 00046320 _____ () C:\Program Files (x86)\Dell DataSafe Online\de\SdbUI.resources.dll
2009-07-07 17:24 - 2009-07-07 17:24 - 00369904 _____ () C:\Program Files (x86)\Dell DataSafe Online\de\DataSafeOnline.resources.dll
2009-07-07 17:24 - 2009-07-07 17:24 - 00140528 _____ () C:\Program Files (x86)\Dell DataSafe Online\SdbShared.XmlSerializers.dll
2009-07-07 17:23 - 2009-07-07 17:23 - 00017648 _____ () C:\Program Files (x86)\Dell DataSafe Online\cpputils.dll
2009-07-07 17:24 - 2009-07-07 17:24 - 00062704 _____ () C:\Program Files (x86)\Dell DataSafe Online\de\SdbShared.resources.dll
2011-03-01 01:30 - 2008-10-30 12:05 - 00049152 _____ () C:\Windows\SysWOW64\FCA\Infokbl.DLL
2011-03-01 01:30 - 2009-01-04 14:54 - 00057344 _____ () C:\Windows\SysWOW64\FCA\InfoUtil.DLL
2016-05-16 23:18 - 2016-04-19 21:47 - 00034768 _____ () C:\Users\turhan\AppData\Roaming\Dropbox\bin\_multiprocessing.pyd
2016-05-16 23:18 - 2016-04-19 21:48 - 00019408 _____ () C:\Users\turhan\AppData\Roaming\Dropbox\bin\faulthandler.pyd
2016-05-16 23:18 - 2016-04-19 21:47 - 00116688 _____ () C:\Users\turhan\AppData\Roaming\Dropbox\bin\pywintypes27.dll
2016-05-16 23:18 - 2016-04-19 21:47 - 00093640 _____ () C:\Users\turhan\AppData\Roaming\Dropbox\bin\_ctypes.pyd
2016-05-16 23:18 - 2016-04-19 21:47 - 00018376 _____ () C:\Users\turhan\AppData\Roaming\Dropbox\bin\select.pyd
2016-05-16 23:18 - 2016-05-07 00:35 - 00019760 _____ () C:\Users\turhan\AppData\Roaming\Dropbox\bin\tornado.speedups.pyd
2016-05-16 23:18 - 2016-04-19 21:49 - 00105928 _____ () C:\Users\turhan\AppData\Roaming\Dropbox\bin\win32api.pyd
2016-05-16 23:18 - 2016-04-19 21:47 - 00392144 _____ () C:\Users\turhan\AppData\Roaming\Dropbox\bin\pythoncom27.dll
2016-05-16 23:18 - 2016-05-07 00:35 - 00381752 _____ () C:\Users\turhan\AppData\Roaming\Dropbox\bin\win32com.shell.shell.pyd
2016-05-16 23:18 - 2016-04-19 21:47 - 00692688 _____ () C:\Users\turhan\AppData\Roaming\Dropbox\bin\unicodedata.pyd
2016-05-16 23:18 - 2016-05-07 00:34 - 00020816 _____ () C:\Users\turhan\AppData\Roaming\Dropbox\bin\cryptography.hazmat.bindings._constant_time.pyd
2016-05-16 23:18 - 2016-04-19 21:48 - 00121296 _____ () C:\Users\turhan\AppData\Roaming\Dropbox\bin\_cffi_backend.pyd
2016-05-16 23:18 - 2016-05-07 00:34 - 01682760 _____ () C:\Users\turhan\AppData\Roaming\Dropbox\bin\cryptography.hazmat.bindings._openssl.pyd
2016-05-16 23:18 - 2016-05-07 00:34 - 00020808 _____ () C:\Users\turhan\AppData\Roaming\Dropbox\bin\cryptography.hazmat.bindings._padding.pyd
2016-05-16 23:18 - 2016-05-07 00:35 - 00021840 _____ () C:\Users\turhan\AppData\Roaming\Dropbox\bin\_cffi_unicode_environ_win32_x8bf8e68bx9968e850.pyd
2016-05-16 23:18 - 2016-05-07 00:34 - 00038696 _____ () C:\Users\turhan\AppData\Roaming\Dropbox\bin\fastpath.pyd
2016-05-16 23:18 - 2016-04-19 21:49 - 00020936 _____ () C:\Users\turhan\AppData\Roaming\Dropbox\bin\mmapfile.pyd
2016-05-16 23:18 - 2016-04-19 21:49 - 00024528 _____ () C:\Users\turhan\AppData\Roaming\Dropbox\bin\win32event.pyd
2016-05-16 23:18 - 2016-04-19 21:49 - 00114640 _____ () C:\Users\turhan\AppData\Roaming\Dropbox\bin\win32security.pyd
2016-05-16 23:18 - 2016-04-19 21:49 - 00124880 _____ () C:\Users\turhan\AppData\Roaming\Dropbox\bin\win32file.pyd
2016-05-16 23:18 - 2016-05-07 00:35 - 00021832 _____ () C:\Users\turhan\AppData\Roaming\Dropbox\bin\_cffi_pywin_kernel32_x64d8f881xc8c369be.pyd
2016-05-16 23:18 - 2016-04-19 21:49 - 00024016 _____ () C:\Users\turhan\AppData\Roaming\Dropbox\bin\win32clipboard.pyd
2016-05-16 23:18 - 2016-04-19 21:49 - 00175560 _____ () C:\Users\turhan\AppData\Roaming\Dropbox\bin\win32gui.pyd
2016-05-16 23:18 - 2016-04-19 21:49 - 00030160 _____ () C:\Users\turhan\AppData\Roaming\Dropbox\bin\win32pipe.pyd
2016-05-16 23:18 - 2016-04-19 21:49 - 00043472 _____ () C:\Users\turhan\AppData\Roaming\Dropbox\bin\win32process.pyd
2016-05-16 23:18 - 2016-04-19 21:49 - 00028616 _____ () C:\Users\turhan\AppData\Roaming\Dropbox\bin\win32ts.pyd
2016-05-16 23:18 - 2016-04-19 21:49 - 00048592 _____ () C:\Users\turhan\AppData\Roaming\Dropbox\bin\win32service.pyd
2016-05-16 23:18 - 2016-05-07 00:34 - 00026456 _____ () C:\Users\turhan\AppData\Roaming\Dropbox\bin\dropbox.infinite.win.compiled._driverinstallation.pyd
2016-05-16 23:18 - 2016-04-19 21:49 - 00057808 _____ () C:\Users\turhan\AppData\Roaming\Dropbox\bin\win32evtlog.pyd
2016-05-16 23:18 - 2016-04-19 21:49 - 00024016 _____ () C:\Users\turhan\AppData\Roaming\Dropbox\bin\win32profile.pyd
2016-05-16 23:18 - 2016-05-07 00:34 - 00117056 _____ () C:\Users\turhan\AppData\Roaming\Dropbox\bin\breakpad.client.windows.handler.pyd
2016-05-16 23:18 - 2016-05-07 00:34 - 00052024 _____ () C:\Users\turhan\AppData\Roaming\Dropbox\bin\psutil._psutil_windows.pyd
2016-05-16 23:18 - 2016-04-19 21:47 - 00134608 _____ () C:\Users\turhan\AppData\Roaming\Dropbox\bin\_elementtree.pyd
2016-05-16 23:18 - 2016-04-19 21:47 - 00134088 _____ () C:\Users\turhan\AppData\Roaming\Dropbox\bin\pyexpat.pyd
2016-05-16 23:18 - 2016-04-19 21:48 - 00240584 _____ () C:\Users\turhan\AppData\Roaming\Dropbox\bin\jpegtran.pyd
2016-05-16 23:18 - 2016-05-07 00:35 - 00020800 _____ () C:\Users\turhan\AppData\Roaming\Dropbox\bin\winffi.iphlpapi._winffi_iphlpapi.pyd
2016-05-16 23:18 - 2016-05-07 00:35 - 00021824 _____ () C:\Users\turhan\AppData\Roaming\Dropbox\bin\winffi.kernel32._winffi_kernel32.pyd
2016-05-16 23:18 - 2016-05-07 00:35 - 00019776 _____ () C:\Users\turhan\AppData\Roaming\Dropbox\bin\winffi.winerror._winffi_winerror.pyd
2016-05-16 23:18 - 2016-05-07 00:35 - 00020800 _____ () C:\Users\turhan\AppData\Roaming\Dropbox\bin\winffi.wininet._winffi_wininet.pyd
2016-05-16 23:18 - 2016-05-07 00:34 - 00024392 _____ () C:\Users\turhan\AppData\Roaming\Dropbox\bin\librsyncffi.compiled._librsyncffi.pyd
2016-05-16 23:18 - 2016-04-19 21:50 - 00036296 _____ () C:\Users\turhan\AppData\Roaming\Dropbox\bin\librsync.dll
2016-05-16 23:18 - 2016-05-07 00:34 - 00020280 _____ () C:\Users\turhan\AppData\Roaming\Dropbox\bin\cpuid.compiled._cpuid.pyd
2016-05-16 23:18 - 2016-05-07 00:35 - 00023376 _____ () C:\Users\turhan\AppData\Roaming\Dropbox\bin\winscreenshot.compiled._CaptureScreenshot.pyd
2016-05-16 23:18 - 2016-04-19 21:49 - 00350152 _____ () C:\Users\turhan\AppData\Roaming\Dropbox\bin\winxpgui.pyd
2016-05-16 23:18 - 2016-05-07 00:35 - 00022352 _____ () C:\Users\turhan\AppData\Roaming\Dropbox\bin\winverifysignature.compiled._VerifySignature.pyd
2016-05-16 23:18 - 2016-05-07 00:34 - 00084280 _____ () C:\Users\turhan\AppData\Roaming\Dropbox\bin\dropbox_sqlite_ext.DLL
2016-05-16 23:18 - 2016-05-07 00:34 - 01826096 _____ () C:\Users\turhan\AppData\Roaming\Dropbox\bin\PyQt5.QtCore.pyd
2016-05-16 23:18 - 2016-04-19 21:48 - 00083912 _____ () C:\Users\turhan\AppData\Roaming\Dropbox\bin\sip.pyd
2016-05-16 23:18 - 2016-05-07 00:35 - 03928880 _____ () C:\Users\turhan\AppData\Roaming\Dropbox\bin\PyQt5.QtWidgets.pyd
2016-05-16 23:18 - 2016-05-07 00:34 - 01971504 _____ () C:\Users\turhan\AppData\Roaming\Dropbox\bin\PyQt5.QtGui.pyd
2016-05-16 23:18 - 2016-05-07 00:34 - 00531248 _____ () C:\Users\turhan\AppData\Roaming\Dropbox\bin\PyQt5.QtNetwork.pyd
2016-05-16 23:18 - 2016-05-07 00:35 - 00132912 _____ () C:\Users\turhan\AppData\Roaming\Dropbox\bin\PyQt5.QtWebKit.pyd
2016-05-16 23:18 - 2016-05-07 00:35 - 00223544 _____ () C:\Users\turhan\AppData\Roaming\Dropbox\bin\PyQt5.QtWebKitWidgets.pyd
2016-05-16 23:18 - 2016-05-07 00:34 - 00207672 _____ () C:\Users\turhan\AppData\Roaming\Dropbox\bin\PyQt5.QtPrintSupport.pyd
2016-05-16 23:18 - 2016-04-19 21:49 - 00060880 _____ () C:\Users\turhan\AppData\Roaming\Dropbox\bin\win32print.pyd
2016-05-16 23:18 - 2016-05-07 00:35 - 00024904 _____ () C:\Users\turhan\AppData\Roaming\Dropbox\bin\_cffi_wpad_proxy_win_x752e3d61xdcfdcc84.pyd
2016-05-16 23:18 - 2016-05-07 00:35 - 00546096 _____ () C:\Users\turhan\AppData\Roaming\Dropbox\bin\PyQt5.QtQuick.pyd
2016-05-16 23:18 - 2016-05-07 00:35 - 00357680 _____ () C:\Users\turhan\AppData\Roaming\Dropbox\bin\PyQt5.QtQml.pyd
==================== Alternate Data Streams (Nicht auf der Ausnahmeliste) =========
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird nur der ADS entfernt.)
AlternateDataStreams: C:\ProgramData\TEMP:0B4227B4 [286]
AlternateDataStreams: C:\ProgramData\TEMP:8927A071 [446]
==================== Abgesicherter Modus (Nicht auf der Ausnahmeliste) ===================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Der Wert "AlternateShell" wird wiederhergestellt.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcmscsvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MpfService => ""="Service"
==================== Verknüpfungen (Nicht auf der Ausnahmeliste) ===============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt.)
==================== Internet Explorer Vertrauenswürdig/Eingeschränkt ===============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt.)
==================== Hosts Inhalt: ===============================
(Wenn benötigt kann der Hosts: Schalter in die Fixlist aufgenommen werden um die Hosts Datei zurückzusetzen.)
2009-07-14 04:34 - 2009-06-10 23:00 - 00000824 ____N C:\Windows\system32\Drivers\etc\hosts
==================== Andere Bereiche ============================
(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)
HKU\S-1-5-21-3466485993-4211878275-2006075751-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\turhan\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.178.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall ist deaktiviert.
==================== MSCONFIG/TASK MANAGER Deaktivierte Einträge ==
(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)
MSCONFIG\startupreg: LexwareInfoService => C:\Program Files (x86)\Common Files\Lexware\Update Manager\LxUpdateManager.exe /autostart
==================== Firewall Regeln (Nicht auf der Ausnahmeliste) ===============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
FirewallRules: [{C2AE480D-C8D7-4BDE-A114-A21DDD8487CA}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD DX\PowerDVD.exe
FirewallRules: [{5A177453-5747-489E-BE5F-EF78F966AE22}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe
FirewallRules: [{CF83132B-6E03-4FBB-9E88-E63DF01401A8}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
FirewallRules: [{A6F7903A-BA75-4964-9F29-15855290BF77}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqste08.exe
FirewallRules: [{E6A6DA7A-EB82-4537-9317-F42A2FB4ED41}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpofxm08.exe
FirewallRules: [{1937A9C3-693B-44E0-B24D-F1D72D68BA2D}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hposfx08.exe
FirewallRules: [{3BAFF26B-B397-45D9-85E2-92465CFDD9EF}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hposid01.exe
FirewallRules: [{C5DC6CF6-728B-41C3-AC0F-4C93DC216AE3}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqkygrp.exe
FirewallRules: [{7F714FA8-2A90-4BE9-A87E-691F75553334}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcopy2.exe
FirewallRules: [{BE631B14-591A-4F71-9067-CE8EEB5E8A4E}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpfccopy.exe
FirewallRules: [{3EE73C2D-6EEF-4D13-9703-6EDD3283C900}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpzwiz01.exe
FirewallRules: [{07D9479C-7170-4358-90AE-3A7A217D1072}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpoews01.exe
FirewallRules: [{AF8D5101-42AD-4B7A-8D0A-A55C1EC3F140}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqnrs08.exe
FirewallRules: [{B4F20B0F-05DF-41E2-88E1-32A5D4D0016D}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpiscnapp.exe
FirewallRules: [{95E3BD37-99BA-4FBE-A26D-EC77B2647BE1}] => (Allow) C:\Program Files (x86)\common files\hp\digital imaging\bin\hpqphotocrm.exe
FirewallRules: [{D0C2B4A5-4B9A-42ED-9AC1-A59A095CA5B7}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqsudi.exe
FirewallRules: [{0DA50308-8563-40CF-AC9A-98AB9B20C276}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqpsapp.exe
FirewallRules: [{BBF391A3-3CA5-4179-B260-074A74CE53BD}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpofxs08.exe
FirewallRules: [{C9D9864D-D708-4940-A76B-483329DABC46}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqfxt08.exe
FirewallRules: [{5DA7F507-DF6D-4C6C-B2F7-264F1E69DCA7}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqpse.exe
FirewallRules: [{377F8CD3-EB01-41CD-BFEB-015FD7B5A62A}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgplgtupl.exe
FirewallRules: [{46B64647-BEB6-444E-AE34-95D740523449}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
FirewallRules: [{2ADAE8C6-D5EF-4C11-854A-CBC3040B9CA6}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqusgm.exe
FirewallRules: [{6BC446B5-847B-4DFB-AF0C-A1C809CDABDF}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqusgh.exe
FirewallRules: [{6E5CF1E4-5D34-41FF-A7C0-311CADA24554}] => (Allow) C:\Program Files (x86)\HP\hp software update\hpwucli.exe
FirewallRules: [{22A5DB4C-ED0B-40A9-BA2F-4DF040E03A66}] => (Allow) C:\Program Files (x86)\HP\digital imaging\smart web printing\smartwebprintexe.exe
FirewallRules: [TCP Query User{FA677F38-A2E4-4A77-AFFC-B3FA469F4C90}C:\program files (x86)\internet explorer\iexplore.exe] => (Block) C:\program files (x86)\internet explorer\iexplore.exe
FirewallRules: [UDP Query User{B7A00812-C67F-43AE-B780-04F7D210969B}C:\program files (x86)\internet explorer\iexplore.exe] => (Block) C:\program files (x86)\internet explorer\iexplore.exe
FirewallRules: [{D1011E4D-BB35-481C-BE62-C716E590C5AF}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{439A6F7E-BC0C-42FD-A75F-45E6AFB650B2}] => (Allow) C:\Program Files (x86)\Windows Live\Sync\WindowsLiveSync.exe
FirewallRules: [{B0746262-E032-4254-A6D4-09A20DA0165B}] => (Allow) C:\Program Files (x86)\AVG\AVG10\avgmfapx.exe
FirewallRules: [{66C51E1E-856E-4897-B237-155EFE2C8073}] => (Allow) C:\Program Files (x86)\AVG\AVG10\avgmfapx.exe
FirewallRules: [{4D17E4E7-8280-4A02-83DF-06C9265068E7}] => (Allow) C:\Users\turhan\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{F87A8CBE-57E2-43DD-BC94-3AE0844B24B8}] => (Allow) C:\Users\turhan\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [TCP Query User{882DCBB5-B6F9-4C92-8E8C-27F56C5EF364}C:\users\turhan\appdata\roaming\dropbox\bin\dropbox.exe] => (Block) C:\users\turhan\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [UDP Query User{7E99E1B7-79BF-4AC7-8F3B-787CBBE401F3}C:\users\turhan\appdata\roaming\dropbox\bin\dropbox.exe] => (Block) C:\users\turhan\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [TCP Query User{CADEE3E8-FD29-4530-980A-EA9A089F547F}C:\program files (x86)\java\jre6\bin\java.exe] => (Block) C:\program files (x86)\java\jre6\bin\java.exe
FirewallRules: [UDP Query User{CFABC0C7-E952-44B2-AAF1-773CD5F241E4}C:\program files (x86)\java\jre6\bin\java.exe] => (Block) C:\program files (x86)\java\jre6\bin\java.exe
FirewallRules: [{23FF61FB-CE6D-45B5-A490-F06B385A1CAE}] => (Allow) C:\Users\turhan\AppData\Local\Temp\7zS2CA3\hppiw.exe
FirewallRules: [{69F397BC-44FC-4235-A09E-0B04F4E4F541}] => (Allow) C:\Users\turhan\AppData\Local\Temp\7zS2CA3\hppiw.exe
FirewallRules: [{119C4A43-B35B-4DD0-A61D-A6D07D029DE3}] => (Allow) C:\Users\turhan\AppData\Local\Temp\7zS2A84\hppiw.exe
FirewallRules: [{0E3D00C8-DE16-4AA4-9F9C-D3F425A0B477}] => (Allow) C:\Users\turhan\AppData\Local\Temp\7zS2A84\hppiw.exe
FirewallRules: [{529CE819-6B4D-4DED-81F5-01976DB52A35}] => (Allow) C:\Users\turhan\AppData\Local\Temp\7zS4786\hppiw.exe
FirewallRules: [{F305B090-DE1D-4AA1-8522-878395B4B2C9}] => (Allow) C:\Users\turhan\AppData\Local\Temp\7zS4786\hppiw.exe
FirewallRules: [{D33D8B17-17F7-440C-9DD2-D19168FEC4E5}] => (Allow) C:\Users\turhan\AppData\Local\Temp\7zS4895\hppiw.exe
FirewallRules: [{9BC55A0D-B20B-4DD4-8D01-E7622EFE9291}] => (Allow) C:\Users\turhan\AppData\Local\Temp\7zS4895\hppiw.exe
FirewallRules: [{99553629-28AE-479C-9E01-C051D4336639}] => (Allow) C:\Users\turhan\AppData\Local\Temp\7zS4B05\hppiw.exe
FirewallRules: [{9B3C1DA0-3C06-40E2-937D-A18932497884}] => (Allow) C:\Users\turhan\AppData\Local\Temp\7zS4B05\hppiw.exe
FirewallRules: [{080EB8D8-3642-49BC-A6AC-DEB261EAD8F4}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{392D5D11-99D1-4F9B-90F5-881E7A4D7968}] => (Allow) C:\Users\turhan\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe
FirewallRules: [{7D061F93-F3B6-4E2B-B56C-73E1CFA030C9}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{14233CAD-0FAC-4104-A39B-5E8B5F8D3BDC}] => (Allow) LPort=2869
FirewallRules: [{7862761D-262C-420B-96E6-EAB7F7E82E8E}] => (Allow) LPort=1900
FirewallRules: [{5D95774B-6802-45BB-AE4E-7971B4DB2BA5}] => (Allow) C:\Windows\SysWOW64\muzapp.exe
FirewallRules: [{7DFDC606-BF09-4432-8106-170B33908E73}] => (Allow) C:\Windows\SysWOW64\muzapp.exe
FirewallRules: [{75F92C1E-9520-4175-B896-0B9988AD40B3}] => (Allow) C:\Program Files (x86)\AVG\AVG2013\avgnsa.exe
FirewallRules: [{0215037A-BA26-4A8E-BE8B-013780C917D6}] => (Allow) C:\Program Files (x86)\AVG\AVG2013\avgnsa.exe
FirewallRules: [{89827ED2-E2F5-4506-BE3C-ED1F2F404352}] => (Allow) C:\Program Files (x86)\AVG\AVG2013\avgdiagex.exe
FirewallRules: [{62FCE7E4-E2D0-4C6D-8B10-68F2200BC714}] => (Allow) C:\Program Files (x86)\AVG\AVG2013\avgdiagex.exe
FirewallRules: [{DE49D783-5942-432D-A6A4-CF20A4280683}] => (Allow) C:\Program Files (x86)\AVG\AVG2013\avgemca.exe
FirewallRules: [{30B16F5D-991E-4953-B49C-981D27C37821}] => (Allow) C:\Program Files (x86)\AVG\AVG2013\avgemca.exe
FirewallRules: [{5DE9398B-144B-4F6A-9C83-CA7B313A365D}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{7AE07DD8-3355-4EDC-B85D-AB460BB21C91}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{09B8DE8F-46F9-47D6-AFD6-D1DCC5F01898}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{38CFCDF8-E867-434D-AC93-F650034AFDCF}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{9F662CC0-9BA5-41B7-928C-EA4D008C38AC}] => (Allow) C:\Program Files\iTunes.exe
FirewallRules: [{651E2E60-D930-4CC8-921C-B0B1239C2E97}] => (Allow) D:\FSetup.exe
FirewallRules: [{A90BEDEF-A272-4C93-9594-DB5453E0F963}] => (Allow) D:\FSetup.exe
FirewallRules: [{5EA9E79F-6C6E-4910-961B-9F577F37624F}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
==================== Wiederherstellungspunkte =========================
==================== Fehlerhafte Geräte im Gerätemanager =============
==================== Fehlereinträge in der Ereignisanzeige: =========================
Applikationsfehler:
==================
Error: (05/25/2016 02:14:41 PM) (Source: CVHSVC) (EventID: 100) (User: )
Description: Nur zur Information.
Die Aktion kann nicht abgeschlossen werden. Versuchen Sie es erneut. Wenden Sie sich bei Fortbestehen des Problems an den Microsoft-Produktsupport.
Error: (05/25/2016 02:14:41 PM) (Source: CVHSVC) (EventID: 100) (User: )
Description: Nur zur Information.
Die Aktion kann nicht abgeschlossen werden. Versuchen Sie es erneut. Wenden Sie sich bei Fortbestehen des Problems an den Microsoft-Produktsupport.
Error: (05/25/2016 02:14:41 PM) (Source: CVHSVC) (EventID: 100) (User: )
Description: Nur zur Information.
Product registration is corrupted for {20140062-0062-0407-0000-0000000FF1CE}
Error: (05/25/2016 02:14:41 PM) (Source: CVHSVC) (EventID: 100) (User: )
Description: Nur zur Information.
Error: Product {20140062-0062-0407-0000-0000000FF1CE} found in the registry but SoftGrid doesn't know about it, skipping...
Error: (05/25/2016 02:14:41 PM) (Source: CVHSVC) (EventID: 100) (User: )
Description: Nur zur Information.
Product registration is corrupted for {20140062-0062-0407-0000-0000000FF1CE}
Error: (05/25/2016 02:14:41 PM) (Source: CVHSVC) (EventID: 100) (User: )
Description: Nur zur Information.
Error: Product {20140062-0062-0407-0000-0000000FF1CE} found in the registry but SoftGrid doesn't know about it, skipping...
Error: (05/25/2016 12:47:16 PM) (Source: CVHSVC) (EventID: 100) (User: )
Description: Nur zur Information.
Die Aktion kann nicht abgeschlossen werden. Versuchen Sie es erneut. Wenden Sie sich bei Fortbestehen des Problems an den Microsoft-Produktsupport.
Error: (05/25/2016 12:47:16 PM) (Source: CVHSVC) (EventID: 100) (User: )
Description: Nur zur Information.
Die Aktion kann nicht abgeschlossen werden. Versuchen Sie es erneut. Wenden Sie sich bei Fortbestehen des Problems an den Microsoft-Produktsupport.
Error: (05/25/2016 12:47:16 PM) (Source: CVHSVC) (EventID: 100) (User: )
Description: Nur zur Information.
Product registration is corrupted for {20140062-0062-0407-0000-0000000FF1CE}
Error: (05/25/2016 12:47:16 PM) (Source: CVHSVC) (EventID: 100) (User: )
Description: Nur zur Information.
Error: Product {20140062-0062-0407-0000-0000000FF1CE} found in the registry but SoftGrid doesn't know about it, skipping...
Systemfehler:
=============
Error: (05/25/2016 02:42:56 PM) (Source: atapi) (EventID: 11) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Ide\IdePort0 gefunden.
Error: (05/25/2016 02:22:45 PM) (Source: atapi) (EventID: 11) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Ide\IdePort0 gefunden.
Error: (05/25/2016 02:22:07 PM) (Source: atapi) (EventID: 11) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Ide\IdePort0 gefunden.
Error: (05/25/2016 02:21:55 PM) (Source: atapi) (EventID: 11) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Ide\IdePort0 gefunden.
Error: (05/25/2016 02:17:20 PM) (Source: atapi) (EventID: 11) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Ide\IdePort0 gefunden.
Error: (05/25/2016 02:14:24 PM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: Der Aufruf "ScRegSetValueExW" ist für "FailureActions" aufgrund folgenden Fehlers fehlgeschlagen:
%%5
Error: (05/25/2016 02:12:06 PM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: Der Aufruf "ScRegSetValueExW" ist für "FailureActions" aufgrund folgenden Fehlers fehlgeschlagen:
%%5
Error: (05/25/2016 02:11:52 PM) (Source: atapi) (EventID: 11) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Ide\IdePort0 gefunden.
Error: (05/25/2016 02:11:36 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {F9717507-6651-4EDB-BFF7-AE615179BCCF}
Error: (05/25/2016 02:00:47 PM) (Source: atapi) (EventID: 11) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Ide\IdePort0 gefunden.
==================== Speicherinformationen ===========================
Prozessor: Intel(R) Celeron(R) CPU 450 @ 2.20GHz
Prozentuale Nutzung des RAM: 76%
Installierter physikalischer RAM: 3036.8 MB
Verfügbarer physikalischer RAM: 701.5 MB
Summe virtueller Speicher: 6071.79 MB
Verfügbarer virtueller Speicher: 3352.81 MB
==================== Laufwerke ================================
Drive c: (OS) (Fixed) (Total:283.4 GB) (Free:160.13 GB) NTFS
==================== MBR & Partitionstabelle ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 298.1 GB) (Disk ID: 3ABA0743)
Partition 1: (Not Active) - (Size=39 MB) - (Type=DE)
Partition 2: (Active) - (Size=14.6 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=283.4 GB) - (Type=07 NTFS)
==================== Ende von Addition.txt ============================
|
|
25.05.2016, 15:22
| #3 | |
| /// Winkelfunktion /// TB-Süch-Tiger™   | Win7: Verschlüsselte Dateien - Hinweis auf Bitcoin-Zahlung moin
__________________ Zitat:
Eine Bereinigung ist idR kein Problem und so gut wie immer machbar. Aber wenn du Pech hast sind deine Daten weg. Denn du hast bestimmt kein Backup.
__________________ |
|
25.05.2016, 15:27
| #4 |
| | Win7: Verschlüsselte Dateien - Hinweis auf Bitcoin-Zahlung Ja ich habe kein Backup :-( |
|
25.05.2016, 15:41
| #5 | ||
| /// Winkelfunktion /// TB-Süch-Tiger™ | Win7: Verschlüsselte Dateien - Hinweis auf Bitcoin-Zahlung Das ist schön blöd  Backup muss man immer machen, nicht nur wegen Verschlüsselungstrojaner:- Festplatten können abkacken - Dateien können versehentlich gelöscht oder überschrieben werden - hin und wieder kommt es vor, dass man eine ältere Version einer noch vorhandenen Datei benötigt Bevor wir mit der Reinigung anfangen und du danach versuchen kannst, an deine Daten zu kommen, bitte das hier erst klären: Zitat:
Das uralte Java6 Geraffel muss auch runter und: Zitat:
Auch andere Freewareanbieter wie Avira, Avast oder Panda springen auf diesen oder ähnlichen Zügen rauf, basteln Junkware in die Setups, arbeiten mit ASK zusammen etc; so was ist bei Sicherheitssoftware einfach inakzeptabel. Gib Bescheid wenn AVG weg ist; wenn wir hier durch sind, kannst du auf einen anderen Virenscanner umsteigen, Infos folgen dann im Abschlussposting. Bitte JETZT nix mehr ohne Absprache installieren!
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
25.05.2016, 18:17
| #6 |
| | Win7: Verschlüsselte Dateien - Hinweis auf Bitcoin-Zahlung Danke fürs schnelle Antworten. Das uralte Office hatte ich wahrscheinlich irgendwann von meinem uralten Laptop übernommen  Nun sind Office, Java6 und AVG deinstalliert |
|
26.05.2016, 09:29
| #7 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Win7: Verschlüsselte Dateien - Hinweis auf Bitcoin-Zahlung Dann bitte jetzt Combofix ausführen: Scan mit Combofix
__________________ Logfiles bitte immer in CODE-Tags posten |
|
26.05.2016, 12:23
| #8 |
| | Win7: Verschlüsselte Dateien - Hinweis auf Bitcoin-ZahlungCode:
ATTFilter ComboFix 16-05-18.01 - turhan 26.05.2016 12:30:37.1.1 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.49.1031.18.3037.1354 [GMT 2:00]
ausgeführt von:: c:\users\turhan\Desktop\ComboFix.exe
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\Install.exe
c:\programdata\C7141F53D056.html
c:\windows\IsUn0407.exe
.
.
((((((((((((((((((((((( Dateien erstellt von 2016-04-26 bis 2016-05-26 ))))))))))))))))))))))))))))))
.
.
2016-05-26 10:50 . 2016-05-26 10:50 -------- d-----w- c:\users\Default\AppData\Local\temp
2016-05-25 15:18 . 2016-05-19 09:46 11898512 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{DD199FCB-8D12-47DC-A66D-55711662E6FA}\mpengine.dll
2016-05-25 15:18 . 2016-04-21 13:05 453288 ------w- c:\windows\system32\MpSigStub.exe
2016-05-25 15:02 . 2016-05-25 15:50 -------- d-----w- c:\users\turhan\AppData\Local\Avg2013
2016-05-25 10:58 . 2016-05-26 10:22 -------- d-----w- c:\program files (x86)\ Malwarebytes Anti-Malware
2016-05-25 10:58 . 2016-05-25 10:58 -------- d-----w- c:\programdata\Malwarebytes
2016-05-25 10:26 . 2016-05-25 10:26 -------- d-----w- c:\program files\HitmanPro
2016-05-25 09:42 . 2016-05-25 12:43 -------- d-----w- C:\FRST
2016-05-25 07:03 . 2016-05-25 07:57 -------- d-----w- c:\programdata\HitmanPro
2016-05-24 22:42 . 2016-05-24 22:42 22704 ----a-w- c:\windows\system32\drivers\EsgScanner.sys
2016-05-19 13:30 . 2016-04-09 05:49 3217408 ----a-w- c:\windows\system32\win32k.sys
2016-05-19 13:14 . 2016-04-09 06:58 2048 ----a-w- c:\windows\system32\tzres.dll
2016-05-19 13:14 . 2016-04-09 06:54 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2016-05-19 12:39 . 2016-04-09 07:01 986344 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
2016-05-19 12:39 . 2016-04-09 07:01 264936 ----a-w- c:\windows\system32\drivers\dxgmms1.sys
2016-05-19 12:39 . 2016-04-09 06:57 144384 ----a-w- c:\windows\system32\cdd.dll
2016-05-19 11:47 . 2016-04-09 03:52 1424896 ----a-w- c:\windows\system32\WindowsCodecs.dll
2016-05-19 11:47 . 2016-04-09 04:20 1230848 ----a-w- c:\windows\SysWow64\WindowsCodecs.dll
2016-05-19 11:44 . 2016-04-14 13:49 603648 ----a-w- c:\windows\SysWow64\d3d10level9.dll
2016-05-19 11:44 . 2016-04-14 13:21 647680 ----a-w- c:\windows\system32\d3d10level9.dll
2016-05-18 17:10 . 2016-04-09 06:57 405504 ----a-w- c:\windows\system32\gdi32.dll
2016-05-18 17:10 . 2016-04-09 06:54 312832 ----a-w- c:\windows\SysWow64\gdi32.dll
2016-05-04 09:14 . 2015-06-03 20:22 257864 ----a-w- c:\windows\SysWow64\wbem\Win32_Tpm.dll
2016-05-04 09:14 . 2015-06-03 20:21 312600 ----a-w- c:\windows\system32\wbem\Win32_Tpm.dll
2016-05-04 09:14 . 2016-02-05 20:10 8192 ----a-w- c:\windows\system32\drivers\de-DE\tpm.sys.mui
2016-05-04 09:14 . 2016-02-05 18:56 20480 ----a-w- c:\windows\system32\tbs.dll
2016-05-04 09:14 . 2016-02-05 18:54 109568 ----a-w- c:\windows\system32\fveapibase.dll
2016-05-04 09:14 . 2016-02-05 17:33 15360 ----a-w- c:\windows\SysWow64\tbs.dll
2016-05-04 09:14 . 2015-06-03 20:21 451080 ----a-w- c:\windows\system32\fveapi.dll
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2016-05-18 16:37 . 2009-12-15 22:18 139319312 ----a-w- c:\windows\system32\MRT.exe
2016-04-09 06:54 . 2016-05-19 11:49 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2016-04-04 18:14 . 2016-04-24 20:23 38120 ----a-w- c:\windows\system32\CompatTelRunner.exe
2016-04-04 18:02 . 2016-04-24 20:23 1169408 ----a-w- c:\windows\system32\aeinv.dll
2016-04-02 13:08 . 2016-04-24 20:23 1386496 ----a-w- c:\windows\system32\appraiser.dll
2016-03-23 14:02 . 2016-04-24 20:23 215040 ----a-w- c:\windows\system32\aepic.dll
2016-03-17 22:56 . 2016-04-24 20:24 2084864 ----a-w- c:\windows\system32\ole32.dll
2016-03-17 22:28 . 2016-04-24 20:24 1414144 ----a-w- c:\windows\SysWow64\ole32.dll
2016-03-17 18:04 . 2016-04-24 20:23 698368 ----a-w- c:\windows\system32\generaltel.dll
2016-03-17 18:04 . 2016-04-24 20:23 499200 ----a-w- c:\windows\system32\devinv.dll
2016-03-17 18:04 . 2016-04-24 20:23 279040 ----a-w- c:\windows\system32\invagent.dll
2016-03-17 18:04 . 2016-04-24 20:23 76800 ----a-w- c:\windows\system32\acmigration.dll
2016-03-16 18:50 . 2016-04-24 20:27 156672 ----a-w- c:\windows\system32\mtxoci.dll
2016-03-16 18:28 . 2016-04-24 20:27 111616 ----a-w- c:\windows\SysWow64\mtxoci.dll
2016-03-16 18:28 . 2016-04-24 20:27 176128 ----a-w- c:\windows\SysWow64\msorcl32.dll
2016-03-16 00:16 . 2016-04-24 20:23 760320 ----a-w- c:\windows\system32\samsrv.dll
2016-03-16 00:16 . 2016-04-24 20:23 106496 ----a-w- c:\windows\system32\samlib.dll
2016-03-15 23:53 . 2016-04-24 20:23 60416 ----a-w- c:\windows\SysWow64\samlib.dll
2016-03-06 18:53 . 2016-04-24 20:26 2048 ----a-w- c:\windows\system32\msxml3r.dll
2016-03-06 18:53 . 2016-04-24 20:26 1885696 ----a-w- c:\windows\system32\msxml3.dll
2016-03-06 18:38 . 2016-04-24 20:26 2048 ----a-w- c:\windows\SysWow64\msxml3r.dll
2016-03-06 18:38 . 2016-04-24 20:26 1240576 ----a-w- c:\windows\SysWow64\msxml3.dll
2015-12-09 14:12 . 2015-12-09 14:12 37298960 ----a-w- c:\program files\iTunesCore.dll
2015-12-09 14:12 . 2015-12-09 14:12 3082024 ----a-w- c:\program files\iPodUpdaterExt.dll
2015-12-09 14:12 . 2015-12-09 14:12 2404624 ----a-w- c:\program files\iAdCore.dll
2015-12-09 14:12 . 2015-12-09 14:12 165520 ----a-w- c:\program files\gnsdk_link.dll
2015-12-09 14:11 . 2015-12-09 14:11 170256 ----a-w- c:\program files\iTunesHelper.exe
2015-12-09 14:11 . 2015-12-09 14:11 325776 ----a-w- c:\program files\gnsdk_submit.dll
2015-12-09 14:11 . 2015-12-09 14:11 2199696 ----a-w- c:\program files\gnsdk_manager.dll
2015-12-09 14:11 . 2015-12-09 14:11 155920 ----a-w- c:\program files\iTunesMiniPlayer.dll
2015-12-09 14:10 . 2015-12-09 14:10 557328 ----a-w- c:\program files\iTunesAdmin.dll
2015-12-09 14:10 . 2015-12-09 14:10 870544 ----a-w- c:\program files\gnsdk_musicid.dll
2015-12-09 14:10 . 2015-12-09 14:10 3370128 ----a-w- c:\program files\gnsdk_dsp.dll
2015-12-09 14:10 . 2015-12-09 14:10 3044624 ----a-w- c:\program files\iTunes.exe
2015-12-09 14:10 . 2015-12-09 14:10 205584 ----a-w- c:\program files\iTunesHelper.dll
2014-12-19 07:38 . 2014-12-19 07:38 93040 ----a-w- c:\program files (x86)\TomTomHOMEService.exe
2014-12-19 07:38 . 2014-12-19 07:38 248176 ----a-w- c:\program files (x86)\TomTomHOMERunner.exe
2014-12-19 07:38 . 2014-12-19 07:38 105312 ----a-w- c:\program files (x86)\TomTomHOME.exe
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2014-01-01 14:46 220632 ----a-w- c:\users\turhan\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2014-01-01 14:46 220632 ----a-w- c:\users\turhan\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2014-01-01 14:46 220632 ----a-w- c:\users\turhan\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\SkyDriveShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"FCACheck"="c:\windows\SysWOW64\FCA\FCACheck.exe" [2009-02-08 28672]
"KiesPreload"="c:\program files (x86)\Samsung\Kies\Kies.exe" [2015-02-24 1565504]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Dell DataSafe Online"="c:\program files (x86)\Dell DataSafe Online\DataSafeOnline.exe" [2009-07-07 1779952]
"PDVDDXSrv"="c:\program files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2010-01-07 140520]
"Dell Webcam Central"="c:\program files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" [2009-06-24 409744]
"Desktop Disc Tool"="c:\program files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe" [2009-06-19 494064]
"FamilyCyberAlert"="c:\windows\system32\FCA\Syslogin.exe" [2011-02-02 1658880]
"hpqSRMon"="c:\program files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-07-22 150528]
"KiesTrayAgent"="c:\program files (x86)\Samsung\Kies\KiesTrayAgent.exe" [2015-02-24 311616]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce]
"c:\program files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"="c:\program files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe" [2011-10-11 559616]
.
c:\users\turhan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-6-30 1316192]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files (x86)\HP\Digital Imaging\bin\hpqtra08.exe [2009-9-20 270336]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe /firstrun [2009-6-30 1316192]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0bootdelete
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
"SunJavaUpdateSched"="c:\program files (x86)\Java\jre6\bin\jusched.exe"
"HP Software Update"=c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R2 ss_conn_service;SAMSUNG Mobile Connectivity Service;c:\users\turhan\Downloads\USB Drivers\25_escape\conn\ss_conn_service.exe;c:\users\turhan\Downloads\USB Drivers\25_escape\conn\ss_conn_service.exe [x]
R2 TomTomHOMEService;TomTomHOMEService;c:\program files (x86)\TomTomHOMEService.exe;c:\program files (x86)\TomTomHOMEService.exe [x]
R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys;c:\windows\SYSNATIVE\DRIVERS\ssudbus.sys [x]
R3 e.dentifier2;SmartCard Reader ABN AMRO e.dentifier2;c:\windows\system32\DRIVERS\aabed2.sys;c:\windows\SYSNATIVE\DRIVERS\aabed2.sys [x]
R3 EsgScanner;EsgScanner;c:\windows\system32\DRIVERS\EsgScanner.sys;c:\windows\SYSNATIVE\DRIVERS\EsgScanner.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 MHIKEY10;MHIKEY10;c:\windows\system32\Drivers\MHIKEY10x64.sys;c:\windows\SYSNATIVE\Drivers\MHIKEY10x64.sys [x]
R3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys;c:\windows\SYSNATIVE\DRIVERS\ssudmdm.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys;c:\windows\SYSNATIVE\Drivers\PxHlpa64.sys [x]
S2 Apple Mobile Device Service;Apple Mobile Device Service;c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe;c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [x]
S2 c2cautoupdatesvc;Skype Click to Call Updater;c:\program files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe;c:\program files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [x]
S2 c2cpnrsvc;Skype Click to Call PNR Service;c:\program files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe;c:\program files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [x]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [x]
S2 DiagTrack;Diagnostics Tracking Service;c:\windows\System32\svchost.exe;c:\windows\SYSNATIVE\svchost.exe [x]
S2 DockLoginService;Dock Login Service;c:\program files\Dell\DellDock\DockLogin.exe;c:\program files\Dell\DellDock\DockLogin.exe [x]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [x]
S2 SftService;SoftThinks Agent Service;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.exe;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.exe [x]
S3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys;c:\windows\SYSNATIVE\DRIVERS\CtClsFlt.sys [x]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\MBAMSwissArmy.sys;c:\windows\SYSNATIVE\drivers\MBAMSwissArmy.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
S3 sftfs;sftfs;c:\program files (x86)\Microsoft Application Virtualization Client\drivers\sftfslh.sys;c:\program files (x86)\Microsoft Application Virtualization Client\drivers\sftfslh.sys [x]
S3 sftplay;sftplay;c:\program files (x86)\Microsoft Application Virtualization Client\drivers\sftplaylh.sys;c:\program files (x86)\Microsoft Application Virtualization Client\drivers\sftplaylh.sys [x]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftredirlh.sys [x]
S3 sftvol;sftvol;c:\program files (x86)\Microsoft Application Virtualization Client\drivers\sftvollh.sys;c:\program files (x86)\Microsoft Application Virtualization Client\drivers\sftvollh.sys [x]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [x]
S3 VIACRX64;VIACRX64;c:\windows\system32\DRIVERS\viacr64.sys;c:\windows\SYSNATIVE\DRIVERS\viacr64.sys [x]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - MBAMSWISSARMY
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ SSDPSRV upnphost SCardSvr QWAVE wcncsvc
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2016-05-18 11:45 1186968 ----a-w- c:\program files (x86)\Google\Chrome\Application\50.0.2661.102\Installer\chrmstp.exe
.
Inhalt des "geplante Tasks" Ordners
.
2016-05-26 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-05-09 11:04]
.
2016-05-26 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-05-09 11:04]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2014-01-01 14:46 244696 ----a-w- c:\users\turhan\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2014-01-01 14:46 244696 ----a-w- c:\users\turhan\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2014-01-01 14:46 244696 ----a-w- c:\users\turhan\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-08-25 161304]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-08-25 386584]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-08-25 415256]
"KiesTrayAgent"="c:\program files (x86)\Samsung\Kies\KiesTrayAgent.exe" [2015-02-24 311616]
"iTunesHelper"="c:\program files\iTunesHelper.exe" [2015-12-09 170256]
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.de/
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: Google Sidewiki... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html
IE: Nach Microsoft &Excel exportieren - c:\progra~2\MICROS~2\Office10\EXCEL.EXE/3000
IE: Nach Microsoft E&xel exportieren - c:\progra~2\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.178.1
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Toolbar-Locked - (no file)
ShellIconOverlayIdentifiers-{FB314ED9-A251-47B7-93E1-CDD82E34AF8B} - (no file)
ShellIconOverlayIdentifiers-{FB314EDA-A251-47B7-93E1-CDD82E34AF8B} - (no file)
ShellIconOverlayIdentifiers-{FB314EDB-A251-47B7-93E1-CDD82E34AF8B} - (no file)
c:\users\turhan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\C7141F53D056B.lnk - c:\programdata\C7141F53D056.bmp
c:\users\turhan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\C7141F53D056H.lnk - c:\programdata\C7141F53D056.html
SafeBoot-mcmscsvc
SafeBoot-MCODS
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
Toolbar-Locked - (no file)
ShellIconOverlayIdentifiers-{FB314ED9-A251-47B7-93E1-CDD82E34AF8B} - (no file)
ShellIconOverlayIdentifiers-{FB314EDA-A251-47B7-93E1-CDD82E34AF8B} - (no file)
ShellIconOverlayIdentifiers-{FB314EDB-A251-47B7-93E1-CDD82E34AF8B} - (no file)
ShellIconOverlayIdentifiers-{FB314EDC-A251-47B7-93E1-CDD82E34AF8B} - (no file)
AddRemove-Hochschulabsolventen - c:\windows\IsUn0407.exe
AddRemove-Runtime - c:\windows\IsUn0407.exe
AddRemove-The Moving Man - c:\windows\system32\javaws.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_17_0_0_134_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_17_0_0_134_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_17_0_0_134_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_17_0_0_134_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_17_0_0_134.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.17"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_17_0_0_134.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_17_0_0_134.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_17_0_0_134.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet002\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2016-05-26 12:56:21
ComboFix-quarantined-files.txt 2016-05-26 10:56
.
Vor Suchlauf: 21 Verzeichnis(se), 170.456.178.688 Bytes frei
Nach Suchlauf: 25 Verzeichnis(se), 171.435.532.288 Bytes frei
.
- - End Of File - - F106C2891DD45A7DE7D172CCEF3F155C
5C616939100B85E558DA92B899A0FC36
|
|
26.05.2016, 12:44
| #9 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Win7: Verschlüsselte Dateien - Hinweis auf Bitcoin-Zahlung Adware/Junkware/Toolbars entfernen Alte Versionen von adwCleaner und falls vorhanden JRT vorher löschen, danach neu runterladen auf den Desktop! Virenscanner jetzt vor dem Einsatz dieser Tools bitte komplett deaktivieren! 1. Schritt: adwCleaner Downloade Dir bitte  AdwCleaner auf deinen Desktop.
2. Schritt: JRT - Junkware Removal Tool Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
__________________ Logfiles bitte immer in CODE-Tags posten |
|
26.05.2016, 14:06
| #10 |
| | Win7: Verschlüsselte Dateien - Hinweis auf Bitcoin-Zahlung Während der AdwCleaner ausgeführt wurde, habe ich falsch gelesen und den Ordner 'myfree codec' beibehalten. Nachdem ich das in der Logdatei gelsen habe, habe ich 'myfree codec' deinstalliert. AdwCleaner.txt Code:
ATTFilter # AdwCleaner v5.117 - Bericht erstellt am 26/05/2016 um 14:26:23
# Aktualisiert am 15/05/2016 von Xplode
# Datenbank : 2016-05-26.2 [Server]
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (X64)
# Benutzername : turhan - TURHAN-PC
# Gestartet von : C:\Users\turhan\Desktop\AdwCleaner_5.117.exe
# Option : Löschen
# Unterstützung : hxxp://toolslib.net/forum
***** [ Dienste ] *****
***** [ Ordner ] *****
[x] Ordner Nicht gelöscht : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\myfree codec
***** [ Dateien ] *****
***** [ DLLs ] *****
***** [ WMI ] *****
***** [ Verknüpfungen ] *****
***** [ Aufgabenplanung ] *****
***** [ Registrierungsdatenbank ] *****
[-] Schlüssel gelöscht : HKLM\SOFTWARE\Classes\protector_dll.Protector
[-] Schlüssel gelöscht : HKLM\SOFTWARE\Classes\protector_dll.Protector.1
[-] Schlüssel gelöscht : HKLM\SOFTWARE\Classes\protector_dll.ProtectorBho
[-] Schlüssel gelöscht : HKLM\SOFTWARE\Classes\protector_dll.ProtectorLib
[-] Schlüssel gelöscht : HKLM\SOFTWARE\Classes\protector_dll.ProtectorLib.1
[-] Schlüssel gelöscht : HKLM\SOFTWARE\Classes\yt.YToolbarBand.1
[-] Schlüssel gelöscht : HKLM\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
[-] Schlüssel gelöscht : HKLM\SOFTWARE\Classes\CLSID\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
[-] Schlüssel gelöscht : HKLM\SOFTWARE\Classes\CLSID\{5C3B5DAA-0AFF-4808-90FB-0F2F2D760E36}
[-] Schlüssel gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
[-] Schlüssel gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
[-] Schlüssel gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
[-] Schlüssel gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
[-] Wert gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{EF99BD32-C1FB-11D2-892F-0090271D4F88}]
[-] Wert gelöscht : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{21FA44EF-376D-4D53-9B0F-8A89D3229068}]
[-] Wert gelöscht : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{EF99BD32-C1FB-11D2-892F-0090271D4F88}]
[-] Schlüssel gelöscht : HKCU\Software\AVG Nation toolbar
[-] Schlüssel gelöscht : HKCU\Software\Myfree Codec
[-] Schlüssel gelöscht : HKLM\SOFTWARE\AVG Nation toolbar
[-] Schlüssel gelöscht : HKLM\SOFTWARE\AVG Secure Search
[-] Schlüssel gelöscht : HKLM\SOFTWARE\AVG Security Toolbar
[-] Schlüssel gelöscht : HKLM\SOFTWARE\Myfree Codec
[-] Schlüssel gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\MyFreeCodec
***** [ Internetbrowser ] *****
*************************
:: "Tracing" Schlüssel gelöscht
:: Proxy Einstellungen zurückgesetzt
:: Winsock Einstellungen zurückgesetzt
:: Internet Explorer Richtlinien gelöscht
:: Chrome Richtlinien gelöscht
*************************
C:\AdwCleaner\AdwCleaner[C1].txt - [3084 Bytes] - [26/05/2016 14:26:23]
C:\AdwCleaner\AdwCleaner[S1].txt - [378 Bytes] - [26/05/2016 14:03:14]
C:\AdwCleaner\AdwCleaner[S2].txt - [3294 Bytes] - [26/05/2016 14:09:59]
########## EOF - C:\AdwCleaner\AdwCleaner[C1].txt - [3302 Bytes] ##########
Code:
ATTFilter ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.0.6 (04.25.2016)
Operating System: Windows 7 Home Premium x64
Ran by turhan (Administrator) on 26.05.2016 at 14:48:37,62
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
File System: 42
Successfully deleted: C:\Users\turhan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0PS72R2M (Temporary Internet Files Folder)
Successfully deleted: C:\Users\turhan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2AHRRJ0C (Temporary Internet Files Folder)
Successfully deleted: C:\Users\turhan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2IZN5I53 (Temporary Internet Files Folder)
Successfully deleted: C:\Users\turhan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\62AXOPQ5 (Temporary Internet Files Folder)
Successfully deleted: C:\Users\turhan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\9GF0RA9H (Temporary Internet Files Folder)
Successfully deleted: C:\Users\turhan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\9IF8NTIF (Temporary Internet Files Folder)
Successfully deleted: C:\Users\turhan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\AEEXKYRW (Temporary Internet Files Folder)
Successfully deleted: C:\Users\turhan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BP60GH5T (Temporary Internet Files Folder)
Successfully deleted: C:\Users\turhan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\D79JAGX9 (Temporary Internet Files Folder)
Successfully deleted: C:\Users\turhan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FZG8CKJ5 (Temporary Internet Files Folder)
Successfully deleted: C:\Users\turhan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HZX34O6C (Temporary Internet Files Folder)
Successfully deleted: C:\Users\turhan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\IGD59AUQ (Temporary Internet Files Folder)
Successfully deleted: C:\Users\turhan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\J1147PFL (Temporary Internet Files Folder)
Successfully deleted: C:\Users\turhan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LIXMVQOA (Temporary Internet Files Folder)
Successfully deleted: C:\Users\turhan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\QLTWWRIW (Temporary Internet Files Folder)
Successfully deleted: C:\Users\turhan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RLZC3OR0 (Temporary Internet Files Folder)
Successfully deleted: C:\Users\turhan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SKTEC01Q (Temporary Internet Files Folder)
Successfully deleted: C:\Users\turhan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TF7CVXNH (Temporary Internet Files Folder)
Successfully deleted: C:\Users\turhan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UFZEJJM1 (Temporary Internet Files Folder)
Successfully deleted: C:\Users\turhan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\V3FEU6FO (Temporary Internet Files Folder)
Successfully deleted: C:\Users\turhan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VNNFFVCE (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0PS72R2M (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2AHRRJ0C (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2IZN5I53 (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\62AXOPQ5 (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\9GF0RA9H (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\9IF8NTIF (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\AEEXKYRW (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BP60GH5T (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\D79JAGX9 (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FZG8CKJ5 (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HZX34O6C (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\IGD59AUQ (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\J1147PFL (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LIXMVQOA (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\QLTWWRIW (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RLZC3OR0 (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SKTEC01Q (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TF7CVXNH (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UFZEJJM1 (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\V3FEU6FO (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VNNFFVCE (Temporary Internet Files Folder)
Registry: 0
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 26.05.2016 at 14:53:40,13
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
|
|
26.05.2016, 14:10
| #11 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Win7: Verschlüsselte Dateien - Hinweis auf Bitcoin-Zahlung Dann zeig mal frische FRST Logs. Haken setzen bei addition.txt dann auf Untersuchen klicken
__________________ Logfiles bitte immer in CODE-Tags posten |
|
26.05.2016, 14:25
| #12 |
| | Win7: Verschlüsselte Dateien - Hinweis auf Bitcoin-Zahlung FRST.txt Code:
ATTFilter Untersuchungsergebnis von Farbar Recovery Scan Tool (FRST) (x64) Version:25-05-2016 01
durchgeführt von turhan (Administrator) auf TURHAN-PC (26-05-2016 15:19:48)
Gestartet von C:\Users\turhan\Downloads
Geladene Profile: turhan (Verfügbare Profile: turhan)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Sprache: Deutsch (Deutschland)
Internet Explorer Version 11 (Standard-Browser: IE)
Start-Modus: Normal
Anleitung für Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Prozesse (Nicht auf der Ausnahmeliste) =================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Prozess geschlossen. Die Datei wird nicht verschoben.)
(Stardock Corporation) C:\Program Files\Dell\DellDock\DockLogin.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\VS7Debug\mdm.exe
(SoftThinks SAS) C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(DEVGURU Co., LTD.) C:\Users\turhan\Downloads\USB Drivers\25_escape\conn\ss_conn_service.exe
(TomTom) C:\Program Files (x86)\TomTomHOMEService.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\MsSpellCheckingFacility.exe
==================== Registry (Nicht auf der Ausnahmeliste) ===========================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt. Die Datei wird nicht verschoben.)
HKLM\...\Run: [KiesTrayAgent] => C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe [311616 2015-02-24] (Samsung Electronics Co., Ltd.)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunesHelper.exe [170256 2015-12-09] (Apple Inc.)
HKLM-x32\...\Run: [Dell DataSafe Online] => C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe [1779952 2009-07-07] ()
HKLM-x32\...\Run: [PDVDDXSrv] => C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe [140520 2010-01-07] (CyberLink Corp.)
HKLM-x32\...\Run: [Dell Webcam Central] => C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe [409744 2009-06-24] (Creative Technology Ltd)
HKLM-x32\...\Run: [Desktop Disc Tool] => C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe [494064 2009-06-19] ()
HKLM-x32\...\Run: [FamilyCyberAlert] => C:\Windows\SysWOW64\FCA\Syslogin.exe [1658880 2011-02-02] (InfoWorks Technology Company)
HKLM-x32\...\Run: [hpqSRMon] => C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe [150528 2008-07-22] (Hewlett-Packard)
HKLM-x32\...\Run: [KiesTrayAgent] => C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe [311616 2015-02-24] (Samsung Electronics Co., Ltd.)
HKLM-x32\...\RunOnce: ["C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"] => C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe [559616 2011-10-11] (Dell)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-3466485993-4211878275-2006075751-1000\...\Run: [FCACheck] => C:\Windows\SysWOW64\FCA\FCACheck.exe [28672 2009-02-08] (InfoWorks Technology Company)
HKU\S-1-5-21-3466485993-4211878275-2006075751-1000\...\Run: [KiesPreload] => C:\Program Files (x86)\Samsung\Kies\Kies.exe [1565504 2015-02-24] (Samsung)
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => Keine Datei
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => Keine Datei
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => Keine Datei
ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => Keine Datei
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk [2014-12-06]
ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk [2009-09-28]
ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk [2009-09-28]
ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\Users\turhan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk [2009-12-01]
ShortcutTarget: Dell Dock.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
BootExecute: autocheck autochk * bootdelete
==================== Internet (Nicht auf der Ausnahmeliste) ====================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Eintrag entfernt oder auf den Standardwert zurückgesetzt, wenn es sich um einen Registryeintrag handelt.)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
Tcpip\..\Interfaces\{69A7CD9E-AD5F-4FE9-91B2-4E0B633396AD}: [DhcpNameServer] 192.168.178.1
Internet Explorer:
==================
HKU\S-1-5-21-3466485993-4211878275-2006075751-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Beschränkung <======= ACHTUNG
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-3466485993-4211878275-2006075751-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-3466485993-4211878275-2006075751-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
BHO: AVG Safe Search -> {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} -> Keine Datei
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-05-04] (Google Inc.)
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2016-04-29] (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll => Keine Datei
BHO-x32: HP Print Enhancer -> {0347C33E-8762-4905-BF09-768834316C61} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll [2009-09-20] (Hewlett-Packard Co.)
BHO-x32: Microsoft-Konto-Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2016-05-04] (Google Inc.)
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2016-04-29] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll => Keine Datei
BHO-x32: HP Smart BHO Class -> {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll [2009-09-20] (Hewlett-Packard Co.)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-05-04] (Google Inc.)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2016-05-04] (Google Inc.)
DPF: HKLM-x32 {17492023-C23A-453E-A040-C7C580BBF700} hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
DPF: HKLM-x32 {C3F79A2B-B9B4-4A66-B012-3EE46475B072} hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - Keine Datei
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2016-04-29] (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2016-04-29] (Microsoft Corporation)
FireFox:
========
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-12] ( Microsoft Corporation)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2015-10-14] ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2013-10-07] (Google)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-12] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL [2009-09-26] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3508.0205 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2013-02-05] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-12] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-12] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2016-04-23] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\turhan\AppData\Roaming\mozilla\plugins\cgpcfg.dll [2009-08-14] (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\turhan\AppData\Roaming\mozilla\plugins\CgpCore.dll [2009-08-14] (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\turhan\AppData\Roaming\mozilla\plugins\confmgr.dll [2009-08-14] ()
FF Plugin ProgramFiles/Appdata: C:\Users\turhan\AppData\Roaming\mozilla\plugins\ctxlogging.dll [2009-08-14] ()
FF Plugin ProgramFiles/Appdata: C:\Users\turhan\AppData\Roaming\mozilla\plugins\ctxmui.dll [2009-08-14] (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\turhan\AppData\Roaming\mozilla\plugins\icafile.dll [2009-08-14] (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\turhan\AppData\Roaming\mozilla\plugins\icalogon.dll [2009-08-14] (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\turhan\AppData\Roaming\mozilla\plugins\msvcm80.dll [2007-03-16] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Users\turhan\AppData\Roaming\mozilla\plugins\msvcp80.dll [2007-03-16] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Users\turhan\AppData\Roaming\mozilla\plugins\msvcr80.dll [2007-03-16] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Users\turhan\AppData\Roaming\mozilla\plugins\npicaN.dll [2009-08-14] ()
FF Plugin ProgramFiles/Appdata: C:\Users\turhan\AppData\Roaming\mozilla\plugins\sslsdk_b.dll [2009-08-14] (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\turhan\AppData\Roaming\mozilla\plugins\TcpPServ.dll [2009-08-14] (Citrix Systems, Inc.)
FF HKLM-x32\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: HP Smart Web Printing - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2014-12-06] [ist nicht signiert]
FF HKU\S-1-5-21-3466485993-4211878275-2006075751-1000\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
Chrome:
=======
CHR HomePage: Default -> hxxp://www.google.com/
CHR StartupUrls: Default -> "hxxp://www.google.com/"
CHR Profile: C:\Users\turhan\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\turhan\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-02-25]
CHR Extension: (Google Drive) - C:\Users\turhan\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-11-29]
CHR Extension: (YouTube) - C:\Users\turhan\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-11-29]
CHR Extension: (Google-Suche) - C:\Users\turhan\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-11-29]
CHR Extension: (Skype Click to Call) - C:\Users\turhan\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2014-02-25]
CHR Extension: (Google Wallet) - C:\Users\turhan\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-02-25]
CHR Extension: (Google Mail) - C:\Users\turhan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-11-29]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2016-04-29]
==================== Dienste (Nicht auf der Ausnahmeliste) ========================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77104 2015-10-07] (Apple Inc.)
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1433216 2016-04-29] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1773696 2016-04-29] (Microsoft Corporation)
R2 DockLoginService; C:\Program Files\Dell\DellDock\DockLogin.exe [155648 2008-12-18] (Stardock Corporation) [Datei ist nicht signiert]
R3 hpqcxs08; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll [249344 2009-09-20] (Hewlett-Packard Co.) [Datei ist nicht signiert]
R2 hpqddsvc; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll [133120 2009-09-20] (Hewlett-Packard Co.) [Datei ist nicht signiert]
R2 HPSLPSVC; C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL [1037824 2009-09-20] (Hewlett-Packard Co.) [Datei ist nicht signiert]
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2008-12-03] (Hewlett-Packard) [Datei ist nicht signiert]
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2008-12-03] (Hewlett-Packard) [Datei ist nicht signiert]
R2 ss_conn_service; C:\Users\turhan\Downloads\USB Drivers\25_escape\conn\ss_conn_service.exe [743688 2014-10-13] (DEVGURU Co., LTD.)
R2 TomTomHOMEService; C:\Program Files (x86)\TomTomHOMEService.exe [93040 2014-12-19] (TomTom)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
===================== Treiber (Nicht auf der Ausnahmeliste) ==========================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
S3 e.dentifier2; C:\Windows\System32\DRIVERS\aabed2.sys [28672 2008-03-20] (Todos Data System AB)
S3 ebdrv; C:\Windows\system32\DRIVERS\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
S3 EsgScanner; C:\Windows\System32\DRIVERS\EsgScanner.sys [22704 2016-05-25] ()
S3 MHIKEY10; C:\Windows\System32\Drivers\MHIKEY10x64.sys [59136 2008-05-27] (Generic USB smartcard reader)
R3 VIACRX64; C:\Windows\System32\DRIVERS\viacr64.sys [100864 2009-07-14] (VIA Technologies, Inc. )
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 MBAMSwissArmy; \??\C:\Windows\system32\drivers\MBAMSwissArmy.sys [X]
S3 upperdev; system32\DRIVERS\usbser_lowerfltx64.sys [X]
==================== NetSvcs (Nicht auf der Ausnahmeliste) ===================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
==================== Ein Monat: Erstellte Dateien und Ordner ========
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)
2016-05-26 15:19 - 2016-05-26 15:19 - 00000000 ____D C:\Users\turhan\Downloads\FRST-OlderVersion
2016-05-26 14:53 - 2016-05-26 14:53 - 00007465 _____ C:\Users\turhan\Desktop\JRT.txt
2016-05-26 14:47 - 2016-05-26 14:47 - 01610816 _____ (Malwarebytes) C:\Users\turhan\Desktop\JRT.exe
2016-05-26 13:58 - 2016-05-26 14:34 - 00000000 ____D C:\AdwCleaner
2016-05-26 13:56 - 2016-05-26 13:56 - 03651136 _____ C:\Users\turhan\Desktop\AdwCleaner_5.117.exe
2016-05-26 12:56 - 2016-05-26 12:56 - 00024946 _____ C:\ComboFix.txt
2016-05-26 12:26 - 2016-05-26 12:56 - 00000000 ____D C:\Qoobox
2016-05-26 12:26 - 2011-06-26 08:45 - 00256000 _____ C:\Windows\PEV.exe
2016-05-26 12:26 - 2010-11-07 19:20 - 00208896 _____ C:\Windows\MBR.exe
2016-05-26 12:26 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2016-05-26 12:26 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2016-05-26 12:26 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2016-05-26 12:26 - 2000-08-31 02:00 - 00098816 _____ C:\Windows\sed.exe
2016-05-26 12:26 - 2000-08-31 02:00 - 00080412 _____ C:\Windows\grep.exe
2016-05-26 12:26 - 2000-08-31 02:00 - 00068096 _____ C:\Windows\zip.exe
2016-05-26 12:25 - 2016-05-26 12:52 - 00000000 ____D C:\Windows\erdnt
2016-05-26 12:24 - 2016-05-26 12:25 - 05659526 ____R (Swearware) C:\Users\turhan\Desktop\ComboFix.exe
2016-05-25 18:42 - 2016-05-25 18:42 - 00000000 ____D C:\Users\turhan\Downloads\Neuer Ordner
2016-05-25 17:18 - 2016-04-21 15:05 - 00453288 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2016-05-25 17:02 - 2016-05-25 17:50 - 00000000 ____D C:\Users\turhan\AppData\Local\Avg2013
2016-05-25 14:25 - 2016-05-25 14:25 - 00003795 _____ C:\Users\turhan\Downloads\malware.txt
2016-05-25 12:58 - 2016-05-25 12:58 - 00000000 ____D C:\ProgramData\Malwarebytes
2016-05-25 12:55 - 2016-05-25 12:56 - 22851472 _____ (Malwarebytes ) C:\Users\turhan\Downloads\mbam-setup-2.2.1.1043.exe
2016-05-25 12:26 - 2016-05-25 12:26 - 00000000 ____D C:\Program Files\HitmanPro
2016-05-25 11:43 - 2016-05-25 14:43 - 00050059 _____ C:\Users\turhan\Downloads\Addition.txt
2016-05-25 11:42 - 2016-05-26 15:20 - 00017962 _____ C:\Users\turhan\Downloads\FRST.txt
2016-05-25 11:42 - 2016-05-26 15:19 - 02383360 _____ (Farbar) C:\Users\turhan\Downloads\FRST64.exe
2016-05-25 11:42 - 2016-05-26 15:19 - 00000000 ____D C:\FRST
2016-05-25 09:22 - 2016-05-25 09:22 - 00042822 _____ C:\Windows\system32\.crusader
2016-05-25 09:03 - 2016-05-25 09:57 - 00000000 ____D C:\ProgramData\HitmanPro
2016-05-25 09:03 - 2016-05-25 09:04 - 11438608 _____ (SurfRight B.V.) C:\Users\turhan\Desktop\HitmanPro_x64.exe
2016-05-25 00:42 - 2016-05-25 00:42 - 00022704 _____ C:\Windows\system32\Drivers\EsgScanner.sys
2016-05-25 00:32 - 2016-05-25 00:32 - 00000000 _____ C:\autoexec.bat
2016-05-19 15:30 - 2016-04-09 07:49 - 03217408 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2016-05-19 15:14 - 2016-04-09 08:58 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2016-05-19 15:14 - 2016-04-09 08:54 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2016-05-19 14:39 - 2016-04-09 09:01 - 00986344 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2016-05-19 14:39 - 2016-04-09 09:01 - 00264936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgmms1.sys
2016-05-19 14:39 - 2016-04-09 08:57 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\cdd.dll
2016-05-19 13:49 - 2016-04-09 09:02 - 00631176 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2016-05-19 13:49 - 2016-04-09 09:01 - 05546216 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2016-05-19 13:49 - 2016-04-09 09:01 - 00706280 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2016-05-19 13:49 - 2016-04-09 09:01 - 00154344 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2016-05-19 13:49 - 2016-04-09 09:01 - 00095464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2016-05-19 13:49 - 2016-04-09 08:59 - 03998952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2016-05-19 13:49 - 2016-04-09 08:59 - 03943144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2016-05-19 13:49 - 2016-04-09 08:59 - 01732864 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2016-05-19 13:49 - 2016-04-09 08:58 - 01212928 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2016-05-19 13:49 - 2016-04-09 08:58 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2016-05-19 13:49 - 2016-04-09 08:58 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2016-05-19 13:49 - 2016-04-09 08:58 - 00344064 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2016-05-19 13:49 - 2016-04-09 08:58 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2016-05-19 13:49 - 2016-04-09 08:58 - 00215552 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2016-05-19 13:49 - 2016-04-09 08:58 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2016-05-19 13:49 - 2016-04-09 08:58 - 00190464 _____ (Microsoft Corporation) C:\Windows\system32\rpchttp.dll
2016-05-19 13:49 - 2016-04-09 08:58 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2016-05-19 13:49 - 2016-04-09 08:58 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2016-05-19 13:49 - 2016-04-09 08:58 - 00063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2016-05-19 13:49 - 2016-04-09 08:58 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2016-05-19 13:49 - 2016-04-09 08:58 - 00028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2016-05-19 13:49 - 2016-04-09 08:58 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2016-05-19 13:49 - 2016-04-09 08:58 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2016-05-19 13:49 - 2016-04-09 08:57 - 01464320 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2016-05-19 13:49 - 2016-04-09 08:57 - 01314112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2016-05-19 13:49 - 2016-04-09 08:57 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2016-05-19 13:49 - 2016-04-09 08:57 - 00880640 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2016-05-19 13:49 - 2016-04-09 08:57 - 00730624 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2016-05-19 13:49 - 2016-04-09 08:57 - 00690688 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2016-05-19 13:49 - 2016-04-09 08:57 - 00463872 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2016-05-19 13:49 - 2016-04-09 08:57 - 00419840 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2016-05-19 13:49 - 2016-04-09 08:57 - 00316416 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2016-05-19 13:49 - 2016-04-09 08:57 - 00312320 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2016-05-19 13:49 - 2016-04-09 08:57 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2016-05-19 13:49 - 2016-04-09 08:57 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2016-05-19 13:49 - 2016-04-09 08:57 - 00059904 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2016-05-19 13:49 - 2016-04-09 08:57 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2016-05-19 13:49 - 2016-04-09 08:57 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2016-05-19 13:49 - 2016-04-09 08:57 - 00034816 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2016-05-19 13:49 - 2016-04-09 08:57 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2016-05-19 13:49 - 2016-04-09 08:57 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2016-05-19 13:49 - 2016-04-09 08:57 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2016-05-19 13:49 - 2016-04-09 08:57 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2016-05-19 13:49 - 2016-04-09 08:57 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2016-05-19 13:49 - 2016-04-09 08:57 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2016-05-19 13:49 - 2016-04-09 08:57 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2016-05-19 13:49 - 2016-04-09 08:57 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2016-05-19 13:49 - 2016-04-09 08:57 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2016-05-19 13:49 - 2016-04-09 08:57 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2016-05-19 13:49 - 2016-04-09 08:57 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2016-05-19 13:49 - 2016-04-09 08:57 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2016-05-19 13:49 - 2016-04-09 08:57 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2016-05-19 13:49 - 2016-04-09 08:57 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2016-05-19 13:49 - 2016-04-09 08:57 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2016-05-19 13:49 - 2016-04-09 08:57 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2016-05-19 13:49 - 2016-04-09 08:57 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2016-05-19 13:49 - 2016-04-09 08:57 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2016-05-19 13:49 - 2016-04-09 08:57 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2016-05-19 13:49 - 2016-04-09 08:57 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2016-05-19 13:49 - 2016-04-09 08:57 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2016-05-19 13:49 - 2016-04-09 08:57 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2016-05-19 13:49 - 2016-04-09 08:57 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2016-05-19 13:49 - 2016-04-09 08:57 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2016-05-19 13:49 - 2016-04-09 08:57 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2016-05-19 13:49 - 2016-04-09 08:57 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2016-05-19 13:49 - 2016-04-09 08:57 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2016-05-19 13:49 - 2016-04-09 08:57 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2016-05-19 13:49 - 2016-04-09 08:57 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2016-05-19 13:49 - 2016-04-09 08:57 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2016-05-19 13:49 - 2016-04-09 08:57 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2016-05-19 13:49 - 2016-04-09 08:54 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2016-05-19 13:49 - 2016-04-09 08:54 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2016-05-19 13:49 - 2016-04-09 08:54 - 00666112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2016-05-19 13:49 - 2016-04-09 08:54 - 00644096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2016-05-19 13:49 - 2016-04-09 08:54 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2016-05-19 13:49 - 2016-04-09 08:54 - 00342528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2016-05-19 13:49 - 2016-04-09 08:54 - 00275456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2016-05-19 13:49 - 2016-04-09 08:54 - 00260608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2016-05-19 13:49 - 2016-04-09 08:54 - 00251392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2016-05-19 13:49 - 2016-04-09 08:54 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2016-05-19 13:49 - 2016-04-09 08:54 - 00171520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2016-05-19 13:49 - 2016-04-09 08:54 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2016-05-19 13:49 - 2016-04-09 08:54 - 00141312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpchttp.dll
2016-05-19 13:49 - 2016-04-09 08:54 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2016-05-19 13:49 - 2016-04-09 08:54 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2016-05-19 13:49 - 2016-04-09 08:54 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2016-05-19 13:49 - 2016-04-09 08:54 - 00050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll
2016-05-19 13:49 - 2016-04-09 08:54 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2016-05-19 13:49 - 2016-04-09 08:54 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2016-05-19 13:49 - 2016-04-09 08:54 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2016-05-19 13:49 - 2016-04-09 08:54 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2016-05-19 13:49 - 2016-04-09 08:54 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2016-05-19 13:49 - 2016-04-09 08:54 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2016-05-19 13:49 - 2016-04-09 08:54 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2016-05-19 13:49 - 2016-04-09 08:54 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2016-05-19 13:49 - 2016-04-09 08:54 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2016-05-19 13:49 - 2016-04-09 08:54 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2016-05-19 13:49 - 2016-04-09 08:54 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2016-05-19 13:49 - 2016-04-09 08:54 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2016-05-19 13:49 - 2016-04-09 08:54 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2016-05-19 13:49 - 2016-04-09 08:54 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2016-05-19 13:49 - 2016-04-09 08:54 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2016-05-19 13:49 - 2016-04-09 08:54 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2016-05-19 13:49 - 2016-04-09 08:54 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2016-05-19 13:49 - 2016-04-09 08:54 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2016-05-19 13:49 - 2016-04-09 08:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2016-05-19 13:49 - 2016-04-09 08:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2016-05-19 13:49 - 2016-04-09 08:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2016-05-19 13:49 - 2016-04-09 08:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2016-05-19 13:49 - 2016-04-09 08:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2016-05-19 13:49 - 2016-04-09 08:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2016-05-19 13:49 - 2016-04-09 08:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2016-05-19 13:49 - 2016-04-09 08:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2016-05-19 13:49 - 2016-04-09 08:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2016-05-19 13:49 - 2016-04-09 08:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2016-05-19 13:49 - 2016-04-09 08:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2016-05-19 13:49 - 2016-04-09 07:52 - 00148480 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2016-05-19 13:49 - 2016-04-09 07:52 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2016-05-19 13:49 - 2016-04-09 07:52 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2016-05-19 13:49 - 2016-04-09 07:51 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2016-05-19 13:49 - 2016-04-09 07:48 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2016-05-19 13:49 - 2016-04-09 07:47 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2016-05-19 13:49 - 2016-04-09 07:44 - 00291328 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2016-05-19 13:49 - 2016-04-09 07:44 - 00159744 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2016-05-19 13:49 - 2016-04-09 07:44 - 00129536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2016-05-19 13:49 - 2016-04-09 07:43 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2016-05-19 13:49 - 2016-04-09 07:43 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2016-05-19 13:49 - 2016-04-09 07:42 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2016-05-19 13:49 - 2016-04-09 07:38 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2016-05-19 13:49 - 2016-04-09 07:38 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2016-05-19 13:49 - 2016-04-09 07:38 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2016-05-19 13:49 - 2016-04-09 07:38 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2016-05-19 13:49 - 2016-04-09 07:37 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
2016-05-19 13:49 - 2016-04-09 07:37 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2016-05-19 13:49 - 2016-04-09 07:37 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2016-05-19 13:49 - 2016-04-09 07:37 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2016-05-19 13:49 - 2016-04-09 07:37 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2016-05-19 13:47 - 2016-04-09 06:20 - 01230848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2016-05-19 13:47 - 2016-04-09 05:52 - 01424896 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2016-05-19 13:46 - 2016-04-23 19:08 - 00394960 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2016-05-19 13:46 - 2016-04-23 18:24 - 00346312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2016-05-19 13:46 - 2016-04-23 07:25 - 25816064 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2016-05-19 13:46 - 2016-04-23 07:16 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2016-05-19 13:46 - 2016-04-23 07:16 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2016-05-19 13:46 - 2016-04-23 07:01 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2016-05-19 13:46 - 2016-04-23 07:00 - 02893312 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2016-05-19 13:46 - 2016-04-23 07:00 - 00571904 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2016-05-19 13:46 - 2016-04-23 07:00 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2016-05-19 13:46 - 2016-04-23 07:00 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2016-05-19 13:46 - 2016-04-23 07:00 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2016-05-19 13:46 - 2016-04-23 06:52 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2016-05-19 13:46 - 2016-04-23 06:51 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2016-05-19 13:46 - 2016-04-23 06:48 - 00615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2016-05-19 13:46 - 2016-04-23 06:47 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2016-05-19 13:46 - 2016-04-23 06:47 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2016-05-19 13:46 - 2016-04-23 06:47 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2016-05-19 13:46 - 2016-04-23 06:47 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2016-05-19 13:46 - 2016-04-23 06:46 - 06052352 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2016-05-19 13:46 - 2016-04-23 06:40 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2016-05-19 13:46 - 2016-04-23 06:36 - 00489984 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2016-05-19 13:46 - 2016-04-23 06:29 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2016-05-19 13:46 - 2016-04-23 06:27 - 00107520 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2016-05-19 13:46 - 2016-04-23 06:25 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2016-05-19 13:46 - 2016-04-23 06:24 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2016-05-19 13:46 - 2016-04-23 06:21 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2016-05-19 13:46 - 2016-04-23 06:20 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2016-05-19 13:46 - 2016-04-23 06:20 - 00152064 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2016-05-19 13:46 - 2016-04-23 06:11 - 20350464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2016-05-19 13:46 - 2016-04-23 06:09 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2016-05-19 13:46 - 2016-04-23 06:08 - 00497152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2016-05-19 13:46 - 2016-04-23 06:08 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2016-05-19 13:46 - 2016-04-23 06:08 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2016-05-19 13:46 - 2016-04-23 06:07 - 00725504 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2016-05-19 13:46 - 2016-04-23 06:07 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2016-05-19 13:46 - 2016-04-23 06:07 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2016-05-19 13:46 - 2016-04-23 06:06 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2016-05-19 13:46 - 2016-04-23 06:06 - 00806400 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2016-05-19 13:46 - 2016-04-23 06:05 - 02131968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2016-05-19 13:46 - 2016-04-23 06:04 - 02285568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2016-05-19 13:46 - 2016-04-23 06:02 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2016-05-19 13:46 - 2016-04-23 06:01 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2016-05-19 13:46 - 2016-04-23 06:00 - 15415808 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2016-05-19 13:46 - 2016-04-23 05:59 - 00476160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2016-05-19 13:46 - 2016-04-23 05:58 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2016-05-19 13:46 - 2016-04-23 05:58 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2016-05-19 13:46 - 2016-04-23 05:58 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2016-05-19 13:46 - 2016-04-23 05:51 - 02596864 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2016-05-19 13:46 - 2016-04-23 05:50 - 00416256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2016-05-19 13:46 - 2016-04-23 05:45 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2016-05-19 13:46 - 2016-04-23 05:44 - 00091136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2016-05-19 13:46 - 2016-04-23 05:43 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2016-05-19 13:46 - 2016-04-23 05:41 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2016-05-19 13:46 - 2016-04-23 05:40 - 00279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2016-05-19 13:46 - 2016-04-23 05:39 - 01547776 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2016-05-19 13:46 - 2016-04-23 05:39 - 00130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2016-05-19 13:46 - 2016-04-23 05:36 - 04611072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2016-05-19 13:46 - 2016-04-23 05:33 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2016-05-19 13:46 - 2016-04-23 05:31 - 00693248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2016-05-19 13:46 - 2016-04-23 05:30 - 02056192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2016-05-19 13:46 - 2016-04-23 05:30 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2016-05-19 13:46 - 2016-04-23 05:28 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2016-05-19 13:46 - 2016-04-23 05:26 - 13811200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2016-05-19 13:46 - 2016-04-23 05:12 - 02121216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2016-05-19 13:46 - 2016-04-23 05:09 - 01312256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2016-05-19 13:46 - 2016-04-23 05:07 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2016-05-19 13:44 - 2016-04-14 15:49 - 00603648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10level9.dll
2016-05-19 13:44 - 2016-04-14 15:21 - 00647680 _____ (Microsoft Corporation) C:\Windows\system32\d3d10level9.dll
2016-05-18 19:10 - 2016-04-09 08:57 - 00405504 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2016-05-18 19:10 - 2016-04-09 08:54 - 00312832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2016-05-18 19:04 - 2016-04-06 17:27 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\jnwmon.dll
2016-05-18 19:04 - 2016-03-09 20:54 - 00275456 _____ (Microsoft Corporation) C:\Windows\system32\InkEd.dll
2016-05-18 19:04 - 2016-03-09 20:34 - 00216064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\InkEd.dll
2016-05-09 14:10 - 2016-05-09 14:18 - 00024536 ____R C:\Users\turhan\Desktop\Abrechnung-2.doc.crypt
2016-05-04 11:14 - 2016-02-05 20:56 - 00020480 _____ (Microsoft Corporation) C:\Windows\system32\tbs.dll
2016-05-04 11:14 - 2016-02-05 20:54 - 00109568 _____ (Microsoft Corporation) C:\Windows\system32\fveapibase.dll
2016-05-04 11:14 - 2016-02-05 19:33 - 00015360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tbs.dll
2016-05-04 11:14 - 2015-06-03 22:21 - 00451080 _____ (Microsoft Corporation) C:\Windows\system32\fveapi.dll
==================== Ein Monat: Geänderte Dateien und Ordner ========
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)
2016-05-26 15:05 - 2011-05-09 16:47 - 00001110 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-05-26 14:46 - 2009-07-14 06:45 - 00022240 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-05-26 14:46 - 2009-07-14 06:45 - 00022240 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-05-26 14:42 - 2013-12-14 18:52 - 00000000 ____D C:\Users\turhan\Downloads\1.0b beta
2016-05-26 14:37 - 2011-05-09 16:47 - 00001106 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-05-26 14:37 - 2009-12-01 15:02 - 00000000 ____D C:\Users\turhan\AppData\Local\SoftThinks
2016-05-26 14:37 - 2009-09-28 11:23 - 00000000 ____D C:\Users\Default\AppData\Local\SoftThinks
2016-05-26 14:37 - 2009-09-28 11:23 - 00000000 ____D C:\Users\Default User\AppData\Local\SoftThinks
2016-05-26 14:37 - 2009-09-28 10:59 - 00000000 ____D C:\Program Files (x86)\Dell DataSafe Local Backup
2016-05-26 14:36 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-05-26 14:35 - 2010-03-24 15:13 - 00000000 ____D C:\Users\Public\Documents\SoftGrid Client
2016-05-26 14:04 - 2009-07-14 07:08 - 00032632 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2016-05-26 12:56 - 2009-07-14 07:09 - 00000000 ____D C:\Windows\System32\Tasks\WPD
2016-05-26 12:50 - 2009-07-14 04:34 - 00000215 _____ C:\Windows\system.ini
2016-05-25 21:00 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\rescache
2016-05-25 18:58 - 2009-12-01 15:03 - 00084848 _____ C:\Users\turhan\AppData\Local\GDIPFONTCACHEV1.DAT
2016-05-25 18:56 - 2009-07-14 06:45 - 00357456 _____ C:\Windows\system32\FNTCACHE.DAT
2016-05-25 18:48 - 2015-03-31 13:54 - 00000000 ____D C:\Users\turhan\AppData\Roaming\AVG
2016-05-25 18:47 - 2010-11-11 15:57 - 00000000 ____D C:\ProgramData\TEMP
2016-05-25 18:47 - 2010-01-15 15:58 - 00000000 ____D C:\Program Files (x86)\AVG
2016-05-25 18:25 - 2015-06-18 17:13 - 00000000 ____D C:\Users\turhan\AppData\Local\Dropbox
2016-05-25 18:23 - 2010-03-24 15:14 - 00000000 ____D C:\Users\turhan\AppData\Roaming\SoftGrid Client
2016-05-25 18:19 - 2010-12-22 15:20 - 00000000 ____D C:\Users\turhan\AppData\Roaming\Dropbox
2016-05-25 18:18 - 2010-12-22 15:25 - 00000000 ___RD C:\Users\turhan\Dropbox
2016-05-25 18:07 - 2009-09-28 10:53 - 00000000 ____D C:\Program Files (x86)\Microsoft Office
2016-05-25 18:06 - 2009-07-14 20:18 - 00000000 ____D C:\Windows\ShellNew
2016-05-25 18:06 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\Help
2016-05-25 17:50 - 2015-08-10 09:11 - 00000000 ____D C:\Program Files\Common Files\AV
2016-05-25 17:50 - 2010-11-11 15:09 - 00000000 ____D C:\ProgramData\MFAData
2016-05-25 14:13 - 2011-01-03 00:54 - 00000000 ____D C:\Windows\Msagent
2016-05-25 09:58 - 2015-10-23 16:37 - 00558598 _____ C:\Windows\ntbtlog.txt
2016-05-25 09:22 - 2009-12-06 18:05 - 00000000 ____D C:\Program Files (x86)\Yahoo!
2016-05-25 00:30 - 2009-12-01 15:02 - 00000000 ____D C:\Users\turhan
2016-05-25 00:01 - 2012-04-22 21:56 - 00000000 ____D C:\Users\turhan\Downloads\00000001
2016-05-24 23:56 - 2015-12-14 23:04 - 00000000 ____D C:\Users\turhan\Desktop\leinwand
2016-05-24 22:04 - 2012-02-28 12:55 - 00000000 ____D C:\Users\turhan\Seda
2016-05-24 22:04 - 2009-12-25 14:45 - 00000000 ____D C:\Users\turhan\Süreyya
2016-05-24 21:59 - 2011-09-29 14:23 - 00000000 ____D C:\Users\turhan\Documents\Hakan
2016-05-24 17:32 - 2012-03-15 17:23 - 00000000 ____D C:\Users\turhan\karikatür
2016-05-24 17:32 - 2011-05-11 16:23 - 00000000 ____D C:\Users\turhan\hakan
2016-05-24 17:32 - 2010-04-13 13:23 - 00000000 ____D C:\Users\turhan\ivir zivir
2016-05-24 16:59 - 2012-04-03 14:17 - 00000000 ____D C:\Users\turhan\Downloads\printxml
2016-05-24 16:56 - 2015-12-21 18:24 - 00000000 ___RD C:\Users\turhan\Documents\Scanned Documents
2016-05-24 16:56 - 2012-04-22 21:56 - 00000000 ____D C:\Users\turhan\Downloads\Log
2016-05-24 16:56 - 2010-01-07 21:57 - 00000000 ____D C:\Users\turhan\Downloads\doPDF 7
2016-05-24 16:53 - 2010-06-23 16:35 - 00000000 __RSD C:\Users\turhan\Documents\My Stationery
2016-05-24 16:49 - 2013-03-10 14:01 - 00000000 ____D C:\Users\turhan\Documents\Eigene Scans
2016-05-24 16:49 - 2012-04-25 14:39 - 00000000 ___SD C:\Users\turhan\Documents\Eigene Datenquellen
2016-05-24 16:48 - 2014-09-06 22:47 - 00000000 ____D C:\Users\turhan\Desktop\teyzemler 14
2016-05-24 16:38 - 2012-11-12 17:31 - 00000000 ____D C:\Users\turhan\Desktop\InkscapePortable
2016-05-24 16:35 - 2014-09-13 17:36 - 00000000 ____D C:\Users\turhan\Desktop\gezi
2016-05-24 16:29 - 2016-04-24 18:06 - 00000000 ____D C:\Users\turhan\Desktop\disney
2016-05-24 16:28 - 2015-07-05 20:37 - 00000000 ____D C:\Users\turhan\Desktop\abiball fotos
2016-05-24 15:54 - 2015-07-22 02:32 - 00000000 ____D C:\Users\turhan\Desktop\100DSCIM
2016-05-24 15:53 - 2009-12-25 14:46 - 00000000 ____D C:\Users\turhan\Derya
2016-05-24 15:49 - 2015-04-07 15:51 - 00000000 ____D C:\Users\turhan\AU
2016-05-24 15:42 - 2010-11-24 20:02 - 00000000 ____D C:\0f105e31b782a2f23ac9b8b6176385f7
2016-05-24 15:42 - 2010-04-04 18:17 - 00000000 ____D C:\EViews3
2016-05-24 15:42 - 2010-04-04 18:15 - 00000000 ____D C:\Example Files
2016-05-24 15:42 - 2010-04-04 18:15 - 00000000 ____D C:\Docs
2016-05-20 19:06 - 2015-03-25 13:28 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2016-05-20 18:19 - 2009-07-14 19:58 - 00699876 _____ C:\Windows\system32\perfh007.dat
2016-05-20 18:19 - 2009-07-14 19:58 - 00149758 _____ C:\Windows\system32\perfc007.dat
2016-05-20 18:19 - 2009-07-14 07:13 - 01622260 _____ C:\Windows\system32\PerfStringBackup.INI
2016-05-20 18:19 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\inf
2016-05-20 18:06 - 2014-12-13 18:11 - 00000000 ____D C:\Windows\system32\appraiser
2016-05-20 18:06 - 2009-07-14 20:18 - 00000000 ____D C:\Program Files\Windows Journal
2016-05-18 20:02 - 2013-07-13 02:48 - 00000000 ____D C:\Windows\system32\MRT
2016-05-18 18:37 - 2009-12-16 00:18 - 139319312 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2016-05-18 14:05 - 2013-11-28 14:07 - 00002149 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-05-18 14:05 - 2013-11-28 14:07 - 00002137 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2016-05-18 14:02 - 2015-03-25 13:52 - 00003886 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2016-05-12 16:00 - 2011-05-09 16:47 - 00004106 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2016-05-12 16:00 - 2011-05-09 16:47 - 00003854 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2016-05-06 18:12 - 2015-04-05 15:53 - 00000000 ___SD C:\Windows\SysWOW64\GWX
2016-05-06 18:12 - 2015-04-05 15:53 - 00000000 ___SD C:\Windows\system32\GWX
2016-05-05 17:05 - 2012-10-29 21:01 - 00000000 ___RD C:\Program Files (x86)\Skype
==================== Dateien im Wurzelverzeichnis einiger Verzeichnisse =======
2015-10-14 23:26 - 2015-10-14 23:26 - 0124133 _____ () C:\Program Files\Acknowledgements.rtf
2015-12-09 16:10 - 2015-12-09 16:10 - 3370128 _____ (Gracenote, Inc.) C:\Program Files\gnsdk_dsp.dll
2015-12-09 16:12 - 2015-12-09 16:12 - 0165520 _____ (Gracenote, Inc.) C:\Program Files\gnsdk_link.dll
2015-12-09 16:11 - 2015-12-09 16:11 - 2199696 _____ (Gracenote, Inc.) C:\Program Files\gnsdk_manager.dll
2015-12-09 16:10 - 2015-12-09 16:10 - 0870544 _____ (Gracenote, Inc.) C:\Program Files\gnsdk_musicid.dll
2015-12-09 16:11 - 2015-12-09 16:11 - 0325776 _____ (Gracenote, Inc.) C:\Program Files\gnsdk_submit.dll
2015-12-09 16:12 - 2015-12-09 16:12 - 2404624 _____ (Apple, Inc) C:\Program Files\iAdCore.dll
2015-12-09 16:12 - 2015-12-09 16:12 - 3082024 _____ (Apple Inc.) C:\Program Files\iPodUpdaterExt.dll
2015-12-09 16:10 - 2015-12-09 16:10 - 3044624 _____ (Apple Inc.) C:\Program Files\iTunes.exe
2015-12-09 16:10 - 2015-12-09 16:10 - 0557328 _____ (Apple Inc.) C:\Program Files\iTunesAdmin.dll
2015-12-09 16:12 - 2015-12-09 16:12 - 37298960 _____ (Apple Inc.) C:\Program Files\iTunesCore.dll
2015-12-09 16:10 - 2015-12-09 16:10 - 0205584 _____ (Apple Inc.) C:\Program Files\iTunesHelper.dll
2015-12-09 16:11 - 2015-12-09 16:11 - 0170256 _____ (Apple Inc.) C:\Program Files\iTunesHelper.exe
2015-12-09 16:11 - 2015-12-09 16:11 - 0155920 _____ (Apple Inc.) C:\Program Files\iTunesMiniPlayer.dll
2014-12-19 09:38 - 2014-12-19 09:38 - 0105312 _____ (TomTom International B.V.) C:\Program Files (x86)\TomTomHOME.exe
2014-12-19 09:38 - 2014-12-19 09:38 - 0248176 _____ (TomTom) C:\Program Files (x86)\TomTomHOMERunner.exe
2014-12-19 09:38 - 2014-12-19 09:38 - 0093040 _____ (TomTom) C:\Program Files (x86)\TomTomHOMEService.exe
2009-12-08 16:42 - 2010-04-24 17:39 - 0000670 _____ () C:\Users\turhan\AppData\Roaming\DataSafeDotNet.exe
2011-02-23 22:44 - 2012-11-20 22:25 - 0000482 _____ () C:\Users\turhan\AppData\Roaming\wklnhst.dat
2011-09-02 23:17 - 2011-09-02 23:17 - 0000000 _____ () C:\Users\turhan\AppData\Local\{038B4C18-0839-4EA2-89AE-F3079537B810}
2016-05-25 18:14 - 2016-05-25 18:14 - 0000581 _____ () C:\ProgramData\hpzinstall.log
Einige Dateien in TEMP:
====================
C:\Users\turhan\AppData\Local\Temp\libeay32.dll
C:\Users\turhan\AppData\Local\Temp\msvcr120.dll
C:\Users\turhan\AppData\Local\Temp\sqlite3.dll
Einige mit null Byte Größe Dateien/Ordner:
==========================
C:\Windows\javcorain.dll
C:\Windows\javcorbin.dll
C:\Windows\sntlevel.dll
==================== Bamital & volsnap =================
(Es ist kein automatischer Fix für Dateien vorhanden, die an der Verifikation gescheitert sind.)
C:\Windows\system32\winlogon.exe => Datei ist digital signiert
C:\Windows\system32\wininit.exe => Datei ist digital signiert
C:\Windows\SysWOW64\wininit.exe => Datei ist digital signiert
C:\Windows\explorer.exe => Datei ist digital signiert
C:\Windows\SysWOW64\explorer.exe => Datei ist digital signiert
C:\Windows\system32\svchost.exe => Datei ist digital signiert
C:\Windows\SysWOW64\svchost.exe => Datei ist digital signiert
C:\Windows\system32\services.exe => Datei ist digital signiert
C:\Windows\system32\User32.dll => Datei ist digital signiert
C:\Windows\SysWOW64\User32.dll => Datei ist digital signiert
C:\Windows\system32\userinit.exe => Datei ist digital signiert
C:\Windows\SysWOW64\userinit.exe => Datei ist digital signiert
C:\Windows\system32\rpcss.dll => Datei ist digital signiert
C:\Windows\system32\dnsapi.dll => Datei ist digital signiert
C:\Windows\SysWOW64\dnsapi.dll => Datei ist digital signiert
C:\Windows\system32\Drivers\volsnap.sys => Datei ist digital signiert
LastRegBack: 2016-05-04 17:43
==================== Ende von FRST.txt ============================
Code:
ATTFilter Zusätzliches Untersuchungsergebnis von Farbar Recovery Scan Tool (x64) Version:25-05-2016 01
durchgeführt von turhan (2016-05-26 15:20:46)
Gestartet von C:\Users\turhan\Downloads
Windows 7 Home Premium Service Pack 1 (X64) (2009-12-01 13:02:43)
Start-Modus: Normal
==========================================================
==================== Konten: =============================
Administrator (S-1-5-21-3466485993-4211878275-2006075751-500 - Administrator - Disabled)
Gast (S-1-5-21-3466485993-4211878275-2006075751-501 - Limited - Enabled)
HomeGroupUser$ (S-1-5-21-3466485993-4211878275-2006075751-1002 - Limited - Enabled)
turhan (S-1-5-21-3466485993-4211878275-2006075751-1000 - Administrator - Enabled) => C:\Users\turhan
==================== Sicherheits-Center ========================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er entfernt.)
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installierte Programme ======================
(Nur Adware-Programme mit dem Zusatz "Hidden" können in die Fixlist aufgenommen werden, um sie sichtbar zu machen. Die Adware-Programme sollten manuell deinstalliert werden.)
1400 (x32 Version: 130.0.365.000 - Hewlett-Packard) Hidden
1400_Help (x32 Version: 82.0.242.000 - Hewlett-Packard) Hidden
1400Trb (x32 Version: 82.0.242.000 - Hewlett-Packard) Hidden
64 Bit HP CIO Components Installer (Version: 6.2.1 - Hewlett-Packard) Hidden
Adobe Flash Player 17 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 17.0.0.134 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.16) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.16 - Adobe Systems Incorporated)
Advanced Audio FX Engine (HKLM-x32\...\Advanced Audio FX Engine) (Version: 1.12.05 - Creative Technology Ltd)
AIO_CDB_ProductContext (x32 Version: 130.0.365.000 - Hewlett-Packard) Hidden
AIO_CDB_Software (x32 Version: 130.0.365.000 - Hewlett-Packard) Hidden
AIO_Scan (x32 Version: 130.0.421.000 - Hewlett-Packard) Hidden
Apple Application Support (32-Bit) (HKLM-x32\...\{C5815ACF-FD34-4553-8A22-C7411B7E662B}) (Version: 4.1.1 - Apple Inc.)
Apple Application Support (64-Bit) (HKLM\...\{CBF12D2F-CF64-4CB7-858B-2C1F21068E5F}) (Version: 4.1.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{3540181E-340A-4E7A-B409-31663472B2F7}) (Version: 9.1.0.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{FFD1F7F1-1AC9-4BC4-A908-0686D635ABAF}) (Version: 2.1.4.131 - Apple Inc.)
AVM FRITZ!Box Dokumentation (HKLM-x32\...\AVMFBox) (Version: - AVM Berlin)
Bewerbungsmuster für Hochschulabsolventen (HKLM-x32\...\Hochschulabsolventen) (Version: - )
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
BufferChm (x32 Version: 130.0.331.000 - Hewlett-Packard) Hidden
Citrix XenApp Web Plugin (HKLM-x32\...\{C0B165DC-F037-483F-B1C9-D89D91529CEB}) (Version: 11.0.150.5357 - Citrix Systems, Inc.)
Conexant HD Audio (HKLM\...\CNXT_AUDIO_HDA) (Version: 4.98.4.60 - Conexant)
Copy (x32 Version: 130.0.428.000 - Hewlett-Packard) Hidden
CS881X & MTM80X Driver(Auto Installation, Safely Remove Feature, Icon Utility) (HKLM-x32\...\{8BD7D8D6-5E89-42B5-A313-5E75128BC144}) (Version: 2.80.0000 - Myson Century, Inc.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Dell DataSafe Local Backup - Support Software (HKLM-x32\...\{A9668246-FB70-4103-A1E3-66C9BC2EFB49}) (Version: 9.4.60 - Dell)
Dell DataSafe Local Backup (HKLM-x32\...\{0ED7EE95-6A97-47AA-AD73-152C08A15B04}) (Version: 9.4.60 - Dell)
Dell DataSafe Online (HKLM-x32\...\{13766F76-6C8C-4E57-A9F3-3212D1C6E0D1}) (Version: 1.1.0029 - Dell, Inc.)
Dell Dock (HKLM\...\{E60B7350-EA5F-41E0-9D6F-E508781E36D2}) (Version: 2.0.0 - Dell)
Dell Edoc Viewer (HKLM\...\{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}) (Version: 1.0.0 - Dell Inc)
Dell Getting Started Guide (HKLM-x32\...\{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}) (Version: 1.00.0000 - Dell Inc.)
Dell Webcam Central (HKLM-x32\...\Dell Webcam Central) (Version: 1.40.05 - Creative Technology Ltd)
Destinations (x32 Version: 130.0.0.0 - Hewlett-Packard) Hidden
DeviceDiscovery (x32 Version: 130.0.465.000 - Hewlett-Packard) Hidden
DocProc (x32 Version: 13.0.0.0 - Hewlett-Packard) Hidden
doPDF 7.0 printer (HKLM\...\doPDF 7 printer_is1) (Version: - Softland)
EndNote 9.0.1 Volume License Edition (HKLM-x32\...\{53C020C2-8C1A-11D9-8BDE-F66BAD1E3F3A}) (Version: 9.0.1.1748 - Thomson ResearchSoft)
EViews 3.1 (HKLM-x32\...\EViews 3.1) (Version: - )
Fax (x32 Version: 130.0.418.000 - Hewlett-Packard) Hidden
Fotogalerie (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Free Audio Converter version 5.0.54.1215 (HKLM-x32\...\Free Audio Converter_is1) (Version: 5.0.54.1215 - DVDVideoSoft Ltd.)
Free PDF to Word Converter 1.3 (HKLM-x32\...\Free PDF to Word Converter_is1) (Version: - Free-PDF-to-Word.com)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 50.0.2661.102 - Google Inc.)
Google Earth Plug-in (HKLM-x32\...\{4AB54F11-2F8C-11E3-B09F-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.7619.1252 - Google Inc.)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.30.3 - Google Inc.) Hidden
GPBaseService2 (x32 Version: 130.0.371.000 - Hewlett-Packard) Hidden
Haufe Runtime (HKLM-x32\...\Runtime) (Version: - )
HP Customer Participation Program 13.0 (HKLM\...\HPExtendedCapabilities) (Version: 13.0 - HP)
HP Imaging Device Functions 13.0 (HKLM\...\HP Imaging Device Functions) (Version: 13.0 - HP)
HP Photosmart Essential 3.5 (HKLM\...\HP Photosmart Essential) (Version: 3.5 - HP)
HP Photosmart Officejet and Deskjet All-In-One Driver Software 13.0 Rel. B (HKLM\...\{B61ED343-0B14-4241-999C-490CB1A20DA4}) (Version: 13.0 - HP)
HP Smart Web Printing 4.51 (HKLM\...\HP Smart Web Printing) (Version: 4.51 - HP)
HP Solution Center 13.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 13.0 - HP)
HP Update (HKLM-x32\...\{7059BDA7-E1DB-442C-B7A1-6144596720A4}) (Version: 4.000.011.006 - Hewlett-Packard)
HPPhotoGadget (x32 Version: 130.0.282.000 - Hewlett-Packard) Hidden
HPPhotoSmartDiscLabelContent1 (x32 Version: 2.04.0000 - Hewlett-Packard) Hidden
HPPhotosmartEssential (x32 Version: 2.04.0000 - Hewlett-Packard) Hidden
HPProductAssistant (x32 Version: 130.0.371.000 - Hewlett-Packard) Hidden
HPSSupply (x32 Version: 130.0.371.000 - Hewlett-Packard) Hidden
Intel(R) Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version: - Intel Corporation)
ISI ResearchSoft - Export Helper (HKLM-x32\...\ISI ResearchSoft - Export Helper) (Version: - )
iTunes (HKLM\...\{0D44E3A4-6C3D-45D7-B443-079509E5BE5D}) (Version: 12.3.2.35 - Apple Inc.)
Junk Mail filter update (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Lexware Info Service (HKLM-x32\...\{15B2BC56-D179-4450-84B9-7A8D7F4CE1B9}) (Version: 2.70.00.0081 - Haufe-Lexware GmbH & Co.KG)
Live! Cam Avatar Creator (HKLM-x32\...\{65D0C510-D7B6-4438-9FC8-E6B91115AB0D}) (Version: 4.6.3009.1 - Creative Technology Ltd)
MarketResearch (x32 Version: 130.0.374.000 - Hewlett-Packard) Hidden
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Office Click-to-Run 2010 (Beta) (HKLM-x32\...\Office14.Click2Run) (Version: 14.0.4536.1000 - Microsoft Corporation)
Microsoft Office Home and Business 2010 (Beta) - Deutsch (HKLM-x32\...\{20140062-0062-0407-0000-0000000FF1CE}) (Version: 14.0.4545.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.41212.0 - Microsoft Corporation)
Microsoft SkyDrive (HKU\S-1-5-21-3466485993-4211878275-2006075751-1000\...\SkyDriveSetup.exe) (Version: 16.4.6013.0910 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{052bac4a-6f79-46d4-a024-1ce1b4f73cd4}) (Version: 8.0.58299 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148 (HKLM\...\{EE936C7A-EA40-31D5-9B65-8E3E089C3828}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570 (HKLM\...\{8338783A-0968-3B85-AFC7-BAAE0A63DC50}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM-x32\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{6AFCA4E1-9B78-3640-8F72-A7BF33448200}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{820B6609-4C97-3A2B-B644-573B06A0F0CC}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Works (HKLM-x32\...\{39D0E034-1042-4905-BECB-5502909FCB7C}) (Version: 9.7.0621 - Microsoft Corporation)
Movie Maker (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Network64 (Version: 130.0.572.000 - Hewlett-Packard) Hidden
OCR Software by I.R.I.S. 13.0 (HKLM\...\HPOCR) (Version: 13.0 - HP)
PowerDVD DX (HKLM-x32\...\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}) (Version: 8.3.6107 - CyberLink Corp.)
QuickSteuer 2011 compact (HKLM-x32\...\{C578111E-1D7E-4004-9871-229D93323A7D}) (Version: 17.07.00.0001 - Haufe-Lexware GmbH & Co.KG)
Rossmann Fotowelt Software 4.12.1 (HKLM-x32\...\Rossmann Fotowelt Software) (Version: 4.12.1 - ORWO Net)
Roxio Burn (HKLM-x32\...\{B2E47DE7-800B-40BB-BD1F-9F221C3AEE87}) (Version: 1.0 - Roxio)
Samsung Kies (HKLM-x32\...\InstallShield_{758C8301-2696-4855-AF45-534B1200980A}) (Version: 2.6.3.14123.5 - Samsung Electronics Co., Ltd.)
Samsung Kies (x32 Version: 2.6.3.14123.5 - Samsung Electronics Co., Ltd.) Hidden
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.49.0 - SAMSUNG Electronics Co., Ltd.)
Scan (x32 Version: 13.0.0.0 - Hewlett-Packard) Hidden
Shop for HP Supplies (HKLM\...\Shop for HP Supplies) (Version: 13.0 - HP)
Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 8.1.0.9134 - Microsoft Corporation)
Skype™ 7.0 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.0.102 - Skype Technologies S.A.)
SmartWebPrinting (x32 Version: 130.0.457.000 - Hewlett-Packard) Hidden
SolutionCenter (x32 Version: 130.0.373.000 - Hewlett-Packard) Hidden
Status (x32 Version: 130.0.469.000 - Hewlett-Packard) Hidden
TomTom HOME (HKLM-x32\...\{7A2BB1C8-903D-4585-9F3B-CADD67D07D37}) (Version: 2.9.8 - Ihr Firmenname)
TomTom HOME (HKLM-x32\...\{BB05590A-6602-43F3-A400-77EA0976BC0A}) (Version: 2.9.8 - Ihr Firmenname)
TomTom HOME Visual Studio Merge Modules (HKLM-x32\...\{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}) (Version: 1.0.2 - TomTom International B.V.)
Toolbox (x32 Version: 130.0.648.000 - Hewlett-Packard) Hidden
TrayApp (x32 Version: 130.0.422.000 - Hewlett-Packard) Hidden
UnloadSupport (x32 Version: 11.0.0 - Hewlett-Packard) Hidden
Visual C++ 8.0 Runtime Setup Package (x64) (HKLM-x32\...\{2FDBBCEA-62DB-45F4-B6E5-0E1FB2A1F29D}) (Version: 9.0.0.623 - AVG Technologies CZ, s.r.o.)
Visual Studio 2008 x64 Redistributables (HKLM-x32\...\{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}) (Version: 10.0.0.2 - AVG Technologies)
Visual Studio 2010 x64 Redistributables (HKLM\...\{21B133D6-5979-47F0-BE1C-F6A6B304693F}) (Version: 13.0.0.1 - AVG Technologies)
WebReg (x32 Version: 130.0.132.017 - Hewlett-Packard) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3508.0205 - Microsoft Corporation)
Windows Live Sync (HKLM-x32\...\{B10914FD-8812-47A4-85A1-50FCDE7F1F33}) (Version: 14.0.8117.416 - Microsoft Corporation)
WinRAR archiver (HKLM-x32\...\WinRAR archiver) (Version: - )
==================== Benutzerdefinierte CLSID (Nicht auf der Ausnahmeliste): ==========================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
==================== Geplante Aufgaben (Nicht auf der Ausnahmeliste) =============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
Task: {08977614-8FF5-4E55-B72F-5BA813E59DBF} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)
Task: {1E5F56E8-FD42-4EE7-944F-DBBB89095606} - System32\Tasks\{89374A84-2039-41A7-B599-E5CE4F1E084A} => pcalua.exe -a "C:\Users\turhan\Derya\Eviews3.1\disk 1\SETUP.EXE" -d "C:\Users\turhan\Derya\Eviews3.1\disk 1"
Task: {2B0B6119-8983-4592-87C8-E00164E62BA7} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-04-22] (Adobe Systems Incorporated)
Task: {57B79691-31A6-4AB9-97AB-B14C276A6305} - System32\Tasks\{3F616E94-C145-427D-9718-1303B9BF9DCA} => C:\Users\turhan\Downloads\Microsoft Office\OFFICE11\EXCEL.EXE
Task: {67657EF4-8D44-48CC-8A08-8BBE747C71AA} - System32\Tasks\{BA490C07-D630-4308-BC3B-4CFB47A06D5C} => C:\Users\turhan\Desktop\Microsoft Office\OFFICE11\WINWORD.EXE
Task: {809DDCD6-9FEC-4281-A6CB-A6B6BB4140D3} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)
Task: {8202AA7E-1EE6-4406-AF66-F5DE1455F380} - System32\Tasks\{FB4B3B32-646D-432E-995A-2266C4626851} => C:\Users\turhan\Desktop\Microsoft Office\Office12\Moc.exe
Task: {9A08A805-860A-494E-94E2-0E0C8C8D1AF1} - System32\Tasks\{630576AE-7CCA-45BA-BC8D-4A46D7ADED7F} => C:\Users\turhan\Desktop\Microsoft Office\Office12\excelcnv.exe
Task: {B362C5D7-A028-4282-8723-1B8239D3C413} - System32\Tasks\{B497DEA9-8401-4BC8-98E6-743773EA1C58} => pcalua.exe -a D:\setup.exe -d D:\
Task: {B4BF7062-6F64-4238-BCD0-A5014480D4C8} - System32\Tasks\Games\UpdateCheck_S-1-5-21-3466485993-4211878275-2006075751-1000
Task: {BC28C599-280A-4CC6-AD9E-8956BA3ED892} - System32\Tasks\{CC2E018D-5A73-4B6F-B3CA-1FBD508C8990} => C:\Users\turhan\Desktop\Microsoft Office\Office12\excelcnv.exe
Task: {BD846700-039D-4A9A-9553-260773D259E1} - System32\Tasks\Java(TM) Platform SE 6 U14 => C:\Program Files (x86)\Java\jre6\bin\jusched.exe
Task: {C33254DA-CD47-42CE-9EAE-0EBA5A380940} - System32\Tasks\{5022A4FB-2487-4878-9167-5BCBAD1FCA98} => C:\Users\turhan\Desktop\Microsoft Office\Office12\excelcnv.exe
Task: {F50058F7-A99F-42C1-A8E6-0C4C2692C86F} - System32\Tasks\{CB9CD5A8-E4D3-4291-A6EE-2CC4A31344B0} => pcalua.exe -a C:\Users\turhan\Downloads\free-pdf-to-word-converter.exe -d C:\Users\turhan\Downloads
Task: {FF298C64-A403-4FF5-8710-DB154EAEAA31} - System32\Tasks\{96F30807-6411-4A39-B21F-43A8EB2DF57F} => C:\Users\turhan\Downloads\Microsoft Office\OFFICE11\EXCEL.EXE
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Aufgabe verschoben. Die Datei, die durch die Aufgabe gestartet wird, wird nicht verschoben.)
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
==================== Verknüpfungen =============================
(Die Einträge können gelistet werden, um sie zurückzusetzen oder zu entfernen.)
==================== Geladene Module (Nicht auf der Ausnahmeliste) ==============
2015-11-20 15:57 - 2015-11-20 15:57 - 00085800 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2015-11-20 15:57 - 2015-11-20 15:57 - 01328912 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
==================== Alternate Data Streams (Nicht auf der Ausnahmeliste) =========
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird nur der ADS entfernt.)
AlternateDataStreams: C:\ProgramData\TEMP:0B4227B4 [286]
AlternateDataStreams: C:\ProgramData\TEMP:8927A071 [446]
==================== Abgesicherter Modus (Nicht auf der Ausnahmeliste) ===================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Der Wert "AlternateShell" wird wiederhergestellt.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MpfService => ""="Service"
==================== Verknüpfungen (Nicht auf der Ausnahmeliste) ===============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt.)
==================== Internet Explorer Vertrauenswürdig/Eingeschränkt ===============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt.)
==================== Hosts Inhalt: ===============================
(Wenn benötigt kann der Hosts: Schalter in die Fixlist aufgenommen werden um die Hosts Datei zurückzusetzen.)
2009-07-14 04:34 - 2016-05-26 12:50 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 localhost
==================== Andere Bereiche ============================
(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)
HKU\S-1-5-21-3466485993-4211878275-2006075751-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\turhan\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.178.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall ist deaktiviert.
==================== MSCONFIG/TASK MANAGER Deaktivierte Einträge ==
(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)
MSCONFIG\startupreg: LexwareInfoService => C:\Program Files (x86)\Common Files\Lexware\Update Manager\LxUpdateManager.exe /autostart
==================== Firewall Regeln (Nicht auf der Ausnahmeliste) ===============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
FirewallRules: [{C2AE480D-C8D7-4BDE-A114-A21DDD8487CA}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD DX\PowerDVD.exe
FirewallRules: [{5A177453-5747-489E-BE5F-EF78F966AE22}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe
FirewallRules: [{CF83132B-6E03-4FBB-9E88-E63DF01401A8}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
FirewallRules: [{A6F7903A-BA75-4964-9F29-15855290BF77}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqste08.exe
FirewallRules: [{E6A6DA7A-EB82-4537-9317-F42A2FB4ED41}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpofxm08.exe
FirewallRules: [{1937A9C3-693B-44E0-B24D-F1D72D68BA2D}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hposfx08.exe
FirewallRules: [{3BAFF26B-B397-45D9-85E2-92465CFDD9EF}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hposid01.exe
FirewallRules: [{C5DC6CF6-728B-41C3-AC0F-4C93DC216AE3}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqkygrp.exe
FirewallRules: [{7F714FA8-2A90-4BE9-A87E-691F75553334}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcopy2.exe
FirewallRules: [{BE631B14-591A-4F71-9067-CE8EEB5E8A4E}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpfccopy.exe
FirewallRules: [{3EE73C2D-6EEF-4D13-9703-6EDD3283C900}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpzwiz01.exe
FirewallRules: [{07D9479C-7170-4358-90AE-3A7A217D1072}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpoews01.exe
FirewallRules: [{AF8D5101-42AD-4B7A-8D0A-A55C1EC3F140}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqnrs08.exe
FirewallRules: [{B4F20B0F-05DF-41E2-88E1-32A5D4D0016D}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpiscnapp.exe
FirewallRules: [{95E3BD37-99BA-4FBE-A26D-EC77B2647BE1}] => (Allow) C:\Program Files (x86)\common files\hp\digital imaging\bin\hpqphotocrm.exe
FirewallRules: [{D0C2B4A5-4B9A-42ED-9AC1-A59A095CA5B7}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqsudi.exe
FirewallRules: [{0DA50308-8563-40CF-AC9A-98AB9B20C276}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqpsapp.exe
FirewallRules: [{BBF391A3-3CA5-4179-B260-074A74CE53BD}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpofxs08.exe
FirewallRules: [{C9D9864D-D708-4940-A76B-483329DABC46}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqfxt08.exe
FirewallRules: [{5DA7F507-DF6D-4C6C-B2F7-264F1E69DCA7}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqpse.exe
FirewallRules: [{377F8CD3-EB01-41CD-BFEB-015FD7B5A62A}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgplgtupl.exe
FirewallRules: [{46B64647-BEB6-444E-AE34-95D740523449}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
FirewallRules: [{2ADAE8C6-D5EF-4C11-854A-CBC3040B9CA6}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqusgm.exe
FirewallRules: [{6BC446B5-847B-4DFB-AF0C-A1C809CDABDF}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqusgh.exe
FirewallRules: [{6E5CF1E4-5D34-41FF-A7C0-311CADA24554}] => (Allow) C:\Program Files (x86)\HP\hp software update\hpwucli.exe
FirewallRules: [{22A5DB4C-ED0B-40A9-BA2F-4DF040E03A66}] => (Allow) C:\Program Files (x86)\HP\digital imaging\smart web printing\smartwebprintexe.exe
FirewallRules: [TCP Query User{FA677F38-A2E4-4A77-AFFC-B3FA469F4C90}C:\program files (x86)\internet explorer\iexplore.exe] => (Block) C:\program files (x86)\internet explorer\iexplore.exe
FirewallRules: [UDP Query User{B7A00812-C67F-43AE-B780-04F7D210969B}C:\program files (x86)\internet explorer\iexplore.exe] => (Block) C:\program files (x86)\internet explorer\iexplore.exe
FirewallRules: [{D1011E4D-BB35-481C-BE62-C716E590C5AF}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{439A6F7E-BC0C-42FD-A75F-45E6AFB650B2}] => (Allow) C:\Program Files (x86)\Windows Live\Sync\WindowsLiveSync.exe
FirewallRules: [{B0746262-E032-4254-A6D4-09A20DA0165B}] => (Allow) C:\Program Files (x86)\AVG\AVG10\avgmfapx.exe
FirewallRules: [{66C51E1E-856E-4897-B237-155EFE2C8073}] => (Allow) C:\Program Files (x86)\AVG\AVG10\avgmfapx.exe
FirewallRules: [{4D17E4E7-8280-4A02-83DF-06C9265068E7}] => (Allow) C:\Users\turhan\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{F87A8CBE-57E2-43DD-BC94-3AE0844B24B8}] => (Allow) C:\Users\turhan\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [TCP Query User{882DCBB5-B6F9-4C92-8E8C-27F56C5EF364}C:\users\turhan\appdata\roaming\dropbox\bin\dropbox.exe] => (Block) C:\users\turhan\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [UDP Query User{7E99E1B7-79BF-4AC7-8F3B-787CBBE401F3}C:\users\turhan\appdata\roaming\dropbox\bin\dropbox.exe] => (Block) C:\users\turhan\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [TCP Query User{CADEE3E8-FD29-4530-980A-EA9A089F547F}C:\program files (x86)\java\jre6\bin\java.exe] => (Block) C:\program files (x86)\java\jre6\bin\java.exe
FirewallRules: [UDP Query User{CFABC0C7-E952-44B2-AAF1-773CD5F241E4}C:\program files (x86)\java\jre6\bin\java.exe] => (Block) C:\program files (x86)\java\jre6\bin\java.exe
FirewallRules: [{23FF61FB-CE6D-45B5-A490-F06B385A1CAE}] => (Allow) C:\Users\turhan\AppData\Local\Temp\7zS2CA3\hppiw.exe
FirewallRules: [{69F397BC-44FC-4235-A09E-0B04F4E4F541}] => (Allow) C:\Users\turhan\AppData\Local\Temp\7zS2CA3\hppiw.exe
FirewallRules: [{119C4A43-B35B-4DD0-A61D-A6D07D029DE3}] => (Allow) C:\Users\turhan\AppData\Local\Temp\7zS2A84\hppiw.exe
FirewallRules: [{0E3D00C8-DE16-4AA4-9F9C-D3F425A0B477}] => (Allow) C:\Users\turhan\AppData\Local\Temp\7zS2A84\hppiw.exe
FirewallRules: [{529CE819-6B4D-4DED-81F5-01976DB52A35}] => (Allow) C:\Users\turhan\AppData\Local\Temp\7zS4786\hppiw.exe
FirewallRules: [{F305B090-DE1D-4AA1-8522-878395B4B2C9}] => (Allow) C:\Users\turhan\AppData\Local\Temp\7zS4786\hppiw.exe
FirewallRules: [{D33D8B17-17F7-440C-9DD2-D19168FEC4E5}] => (Allow) C:\Users\turhan\AppData\Local\Temp\7zS4895\hppiw.exe
FirewallRules: [{9BC55A0D-B20B-4DD4-8D01-E7622EFE9291}] => (Allow) C:\Users\turhan\AppData\Local\Temp\7zS4895\hppiw.exe
FirewallRules: [{99553629-28AE-479C-9E01-C051D4336639}] => (Allow) C:\Users\turhan\AppData\Local\Temp\7zS4B05\hppiw.exe
FirewallRules: [{9B3C1DA0-3C06-40E2-937D-A18932497884}] => (Allow) C:\Users\turhan\AppData\Local\Temp\7zS4B05\hppiw.exe
FirewallRules: [{080EB8D8-3642-49BC-A6AC-DEB261EAD8F4}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{392D5D11-99D1-4F9B-90F5-881E7A4D7968}] => (Allow) C:\Users\turhan\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe
FirewallRules: [{7D061F93-F3B6-4E2B-B56C-73E1CFA030C9}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{14233CAD-0FAC-4104-A39B-5E8B5F8D3BDC}] => (Allow) LPort=2869
FirewallRules: [{7862761D-262C-420B-96E6-EAB7F7E82E8E}] => (Allow) LPort=1900
FirewallRules: [{5D95774B-6802-45BB-AE4E-7971B4DB2BA5}] => (Allow) C:\Windows\SysWOW64\muzapp.exe
FirewallRules: [{7DFDC606-BF09-4432-8106-170B33908E73}] => (Allow) C:\Windows\SysWOW64\muzapp.exe
FirewallRules: [{5DE9398B-144B-4F6A-9C83-CA7B313A365D}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{7AE07DD8-3355-4EDC-B85D-AB460BB21C91}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{09B8DE8F-46F9-47D6-AFD6-D1DCC5F01898}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{38CFCDF8-E867-434D-AC93-F650034AFDCF}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{9F662CC0-9BA5-41B7-928C-EA4D008C38AC}] => (Allow) C:\Program Files\iTunes.exe
FirewallRules: [{651E2E60-D930-4CC8-921C-B0B1239C2E97}] => (Allow) D:\FSetup.exe
FirewallRules: [{A90BEDEF-A272-4C93-9594-DB5453E0F963}] => (Allow) D:\FSetup.exe
FirewallRules: [{5EA9E79F-6C6E-4910-961B-9F577F37624F}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
==================== Wiederherstellungspunkte =========================
25-05-2016 16:56:08 Removed AVG 2013
25-05-2016 17:02:18 Removed AVG 2013
25-05-2016 17:17:39 Windows Update
25-05-2016 17:51:08 Removed Java(TM) 6 Update 14 (64-bit)
25-05-2016 17:52:52 Removed Java(TM) 6 Update 14
25-05-2016 17:55:22 Removed Java(TM) 6 Update 14
25-05-2016 17:58:34 Removed Java(TM) 6 Update 14
25-05-2016 18:02:37 Removed ABN AMRO e.dentifier2 software.
25-05-2016 18:04:32 Microsoft Office XP Professional mit FrontPage wird entfernt
25-05-2016 18:08:17 Microsoft Office Click-to-Run 2010 (Beta) wird entfernt
25-05-2016 18:09:53 Microsoft Office Outlook Connector wurde entfernt.
25-05-2016 18:12:13 Removed Microsoft Outlook Social Connector Provider for Windows Live Messenger 32-bit
25-05-2016 18:13:11 Compatibility Pack für 2007 Office System wird entfernt
25-05-2016 18:15:33 Microsoft Office Click-to-Run 2010 (Beta) wird entfernt
25-05-2016 18:23:10 Microsoft Office Click-to-Run 2010 (Beta) wird entfernt
25-05-2016 18:49:39 AVG PC TuneUp 2015 wird entfernt
25-05-2016 18:51:16 AVG PC TuneUp 2015 (de-DE) wird entfernt
26-05-2016 14:48:40 JRT Pre-Junkware Removal
==================== Fehlerhafte Geräte im Gerätemanager =============
==================== Fehlereinträge in der Ereignisanzeige: =========================
Applikationsfehler:
==================
Error: (05/26/2016 02:37:07 PM) (Source: CVHSVC) (EventID: 100) (User: )
Description: Nur zur Information.
Die Aktion kann nicht abgeschlossen werden. Versuchen Sie es erneut. Wenden Sie sich bei Fortbestehen des Problems an den Microsoft-Produktsupport.
Error: (05/26/2016 02:37:07 PM) (Source: CVHSVC) (EventID: 100) (User: )
Description: Nur zur Information.
Die Aktion kann nicht abgeschlossen werden. Versuchen Sie es erneut. Wenden Sie sich bei Fortbestehen des Problems an den Microsoft-Produktsupport.
Error: (05/26/2016 02:37:07 PM) (Source: CVHSVC) (EventID: 100) (User: )
Description: Nur zur Information.
Product registration is corrupted for {20140062-0062-0407-0000-0000000FF1CE}
Error: (05/26/2016 02:37:07 PM) (Source: CVHSVC) (EventID: 100) (User: )
Description: Nur zur Information.
Error: Product {20140062-0062-0407-0000-0000000FF1CE} found in the registry but SoftGrid doesn't know about it, skipping...
Error: (05/26/2016 02:37:07 PM) (Source: CVHSVC) (EventID: 100) (User: )
Description: Nur zur Information.
Product registration is corrupted for {20140062-0062-0407-0000-0000000FF1CE}
Error: (05/26/2016 02:37:07 PM) (Source: CVHSVC) (EventID: 100) (User: )
Description: Nur zur Information.
Error: Product {20140062-0062-0407-0000-0000000FF1CE} found in the registry but SoftGrid doesn't know about it, skipping...
Error: (05/26/2016 02:29:34 PM) (Source: CVHSVC) (EventID: 100) (User: )
Description: Nur zur Information.
Die Aktion kann nicht abgeschlossen werden. Versuchen Sie es erneut. Wenden Sie sich bei Fortbestehen des Problems an den Microsoft-Produktsupport.
Error: (05/26/2016 02:29:34 PM) (Source: CVHSVC) (EventID: 100) (User: )
Description: Nur zur Information.
Die Aktion kann nicht abgeschlossen werden. Versuchen Sie es erneut. Wenden Sie sich bei Fortbestehen des Problems an den Microsoft-Produktsupport.
Error: (05/26/2016 02:29:32 PM) (Source: CVHSVC) (EventID: 100) (User: )
Description: Nur zur Information.
Product registration is corrupted for {20140062-0062-0407-0000-0000000FF1CE}
Error: (05/26/2016 02:29:32 PM) (Source: CVHSVC) (EventID: 100) (User: )
Description: Nur zur Information.
Error: Product {20140062-0062-0407-0000-0000000FF1CE} found in the registry but SoftGrid doesn't know about it, skipping...
Systemfehler:
=============
Error: (05/26/2016 02:37:56 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst SftService erreicht.
Error: (05/26/2016 02:37:26 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst SftService erreicht.
Error: (05/26/2016 02:30:25 PM) (Source: atapi) (EventID: 11) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Ide\IdePort0 gefunden.
Error: (05/26/2016 02:29:22 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst SftService erreicht.
Error: (05/26/2016 02:26:52 PM) (Source: Service Control Manager) (EventID: 7032) (User: )
Description: Der Versuch des Dienststeuerungs-Managers, nach dem unerwarteten Beenden des Dienstes "Windows Search" Korrekturmaßnahmen (Neustart des Diensts) durchzuführen, ist fehlgeschlagen. Fehler:
%%1056
Error: (05/26/2016 02:26:24 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Application Virtualization Client" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.
Error: (05/26/2016 02:26:22 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Windows Media Player-Netzwerkfreigabedienst" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 30000 Millisekunden durchgeführt: Neustart des Diensts.
Error: (05/26/2016 02:26:22 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Windows Search" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 30000 Millisekunden durchgeführt: Neustart des Diensts.
Error: (05/26/2016 02:26:22 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "iPod-Dienst" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.
Error: (05/26/2016 02:26:22 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Client Virtualization Handler" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.
CodeIntegrity:
===================================
Date: 2016-05-26 12:49:09.926
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
Date: 2016-05-26 12:49:09.083
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
==================== Speicherinformationen ===========================
Prozessor: Intel(R) Celeron(R) CPU 450 @ 2.20GHz
Prozentuale Nutzung des RAM: 50%
Installierter physikalischer RAM: 3036.8 MB
Verfügbarer physikalischer RAM: 1504.68 MB
Summe virtueller Speicher: 6071.79 MB
Verfügbarer virtueller Speicher: 4528.38 MB
==================== Laufwerke ================================
Drive c: (OS) (Fixed) (Total:283.4 GB) (Free:159.35 GB) NTFS
==================== MBR & Partitionstabelle ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 298.1 GB) (Disk ID: 3ABA0743)
Partition 1: (Not Active) - (Size=39 MB) - (Type=DE)
Partition 2: (Active) - (Size=14.6 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=283.4 GB) - (Type=07 NTFS)
==================== Ende von Addition.txt ============================
|
|
26.05.2016, 14:40
| #13 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Win7: Verschlüsselte Dateien - Hinweis auf Bitcoin-Zahlung FRST-Fix Virenscanner jetzt bitte komplett deaktivieren, damit sichergestellt ist, dass der Fix sauber durchläuft! Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster. Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument Code:
ATTFilter HKU\S-1-5-21-3466485993-4211878275-2006075751-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Beschränkung <======= ACHTUNG
BHO: AVG Safe Search -> {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} -> Keine Datei
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll => Keine Datei
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll => Keine Datei
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - Keine Datei
AlternateDataStreams: C:\ProgramData\TEMP:0B4227B4 [286]
AlternateDataStreams: C:\ProgramData\TEMP:8927A071 [446]
C:\Windows\javcorain.dll
C:\Windows\javcorbin.dll
C:\Windows\sntlevel.dll
C:\Program Files\Java
emptytemp:
Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
__________________ Logfiles bitte immer in CODE-Tags posten |
|
26.05.2016, 15:10
| #14 |
| | Win7: Verschlüsselte Dateien - Hinweis auf Bitcoin-Zahlung Nachdem FRST ausgeführt wurde, gab es einen Hinweis, 'Entfernung vollständig', und es erfolgte ein Neustart des Computers. Fixlog.txt Code:
ATTFilter Entferungsergebnis von Farbar Recovery Scan Tool (x64) Version:25-05-2016 01
durchgeführt von turhan (2016-05-26 15:56:27) Run:1
Gestartet von C:\Users\turhan\Downloads
Geladene Profile: turhan (Verfügbare Profile: turhan)
Start-Modus: Normal
==============================================
fixlist Inhalt:
*****************
HKU\S-1-5-21-3466485993-4211878275-2006075751-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Beschränkung <======= ACHTUNG
BHO: AVG Safe Search -> {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} -> Keine Datei
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll => Keine Datei
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll => Keine Datei
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - Keine Datei
AlternateDataStreams: C:\ProgramData\TEMP:0B4227B4 [286]
AlternateDataStreams: C:\ProgramData\TEMP:8927A071 [446]
C:\Windows\javcorain.dll
C:\Windows\javcorbin.dll
C:\Windows\sntlevel.dll
C:\Program Files\Java
emptytemp:
*****************
"HKU\S-1-5-21-3466485993-4211878275-2006075751-1000\SOFTWARE\Policies\Microsoft\Internet Explorer" => Schlüssel erfolgreich entfernt
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}" => Schlüssel erfolgreich entfernt
"HKCR\CLSID\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}" => Schlüssel erfolgreich entfernt
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}" => Schlüssel erfolgreich entfernt
"HKCR\CLSID\{DBC80044-A445-435b-BC74-9C25C1C588A9}" => Schlüssel erfolgreich entfernt
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}" => Schlüssel erfolgreich entfernt
"HKCR\Wow6432Node\CLSID\{DBC80044-A445-435b-BC74-9C25C1C588A9}" => Schlüssel erfolgreich entfernt
"HKCR\PROTOCOLS\Handler\linkscanner" => Schlüssel erfolgreich entfernt
HKCR\CLSID\{F274614C-63F8-47D5-A4D1-FBDDE494F8D1} => Schlüssel nicht gefunden.
C:\ProgramData\TEMP => ":0B4227B4" ADS erfolgreich entfernt.
C:\ProgramData\TEMP => ":8927A071" ADS erfolgreich entfernt.
C:\Windows\javcorain.dll => erfolgreich verschoben
C:\Windows\javcorbin.dll => erfolgreich verschoben
C:\Windows\sntlevel.dll => erfolgreich verschoben
C:\Program Files\Java => erfolgreich verschoben
EmptyTemp: => 1.3 GB temporäre Dateien entfernt.
Das System musste neu gestartet werden.
==== Ende von Fixlog 15:56:49 ====
|
|
26.05.2016, 15:12
| #15 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Win7: Verschlüsselte Dateien - Hinweis auf Bitcoin-Zahlung Okay, dann Kontrollscans mit (1) MBAM, (2) ESET und (3) SecurityCheck bitte: 1. Schritt: MBAM Downloade Dir bitte  Malwarebytes Anti-Malware
2. Schritt: ESET ESET Online Scanner
3. Schritt: SecurityCheck Downloade Dir bitte  SecurityCheck und:
__________________ Logfiles bitte immer in CODE-Tags posten |
|
| Themen zu Win7: Verschlüsselte Dateien - Hinweis auf Bitcoin-Zahlung |
| antimalware, automatisch, bildschirm, boot, dateien, defender, explorer, infizierte, internet explorer, log, löschen, malwarebytes, microsoft, neustart, office, ordner, pdf, problem, software, temp, verschlüsselung, virus, websites, win7, windows, windows7, yahoo, öffnet |
WARNUNG an die MITLESER: 
Linear-Darstellung
